org.springframework.security.web.WebAttributes Java Examples

The following examples show how to use org.springframework.security.web.WebAttributes. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ResponsiveIdentificationPanel.java    From artifact-listener with Apache License 2.0 6 votes vote down vote up
@Override
protected void onInitialize() {
	super.onInitialize();
	
	// Vérification des retours d'auth pac4J
	HttpServletRequest request = ((ServletWebRequest) RequestCycle.get().getRequest()).getContainerRequest();
	Exception exception = (Exception) request.getSession().getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
	if (exception != null) {
		if (exception instanceof DisabledException) {
			getSession().error(getString("home.identification.classic.error.userDisabled"));
		} else if (exception instanceof AuthenticationServiceException) {
			LOGGER.error("Authentication failed", exception);
			getSession().error(getString("home.identification.error.badCredentials") + exception.getMessage());
		} else {
			LOGGER.error("An unknown error occurred during the authentication process", exception);
			getSession().error(getString("home.identification.error.unknown"));
		}
		request.getSession().removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
	}
}
 
Example #2
Source File: IdentificationPopoverPanel.java    From artifact-listener with Apache License 2.0 6 votes vote down vote up
@Override
protected void onInitialize() {
	super.onInitialize();
	
	// Vérification des retours d'auth pac4J
	HttpServletRequest request = ((ServletWebRequest) RequestCycle.get().getRequest()).getContainerRequest();
	Exception exception = (Exception) request.getSession().getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
	if (exception != null) {
		if (exception instanceof DisabledException) {
			getSession().error(getString("home.identification.classic.error.userDisabled"));
		} else if (exception instanceof AuthenticationServiceException) {
			LOGGER.error("Authentication failed", exception);
			getSession().error(getString("home.identification.error.badCredentials") + exception.getMessage());
		} else {
			LOGGER.error("An unknown error occurred during the authentication process", exception);
			getSession().error(getString("home.identification.error.unknown"));
		}
		request.getSession().removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
	}
}
 
Example #3
Source File: ConfigAwareAccessDeniedHandler.java    From engine with GNU General Public License v3.0 6 votes vote down vote up
@Override
public void handle(HttpServletRequest request, HttpServletResponse response,
                   AccessDeniedException accessDeniedException) throws IOException,
    ServletException {
    if (!response.isCommitted()) {
        String errorPage = getErrorPage();
        if (StringUtils.isNotEmpty(errorPage)) {
            // Put exception into request scope (perhaps of use to a view)
            request.setAttribute(WebAttributes.ACCESS_DENIED_403,
                accessDeniedException);

            // Set the 403 status code.
            response.setStatus(HttpServletResponse.SC_FORBIDDEN);

            // forward to error page.
            RequestDispatcher dispatcher = request.getRequestDispatcher(errorPage);
            dispatcher.forward(request, response);
        }
        else {
            response.sendError(HttpServletResponse.SC_FORBIDDEN,
                accessDeniedException.getMessage());
        }
    }
}
 
Example #4
Source File: MolgenisLoginController.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@GetMapping(params = "error")
public String getLoginErrorPage(Model model, HttpServletRequest request) {
  String errorMessage;
  Object attribute = request.getSession().getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
  if (attribute != null) {
    if (attribute instanceof BadCredentialsException) {
      errorMessage = ERROR_MESSAGE_BAD_CREDENTIALS;
    } else if (attribute instanceof SessionAuthenticationException) {
      errorMessage = ERROR_MESSAGE_SESSION_AUTHENTICATION;
    } else {
      if (!determineErrorMessagesFromInternalAuthenticationExceptions(attribute).isEmpty()) {
        errorMessage = determineErrorMessagesFromInternalAuthenticationExceptions(attribute);
      } else {
        errorMessage = ERROR_MESSAGE_UNKNOWN;
      }
    }
  } else {
    errorMessage = ERROR_MESSAGE_UNKNOWN;
  }

  model.addAttribute(ERROR_MESSAGE_ATTRIBUTE, errorMessage);
  return VIEW_LOGIN;
}
 
Example #5
Source File: SocialSignOnEndpoint.java    From MaxKey with Apache License 2.0 6 votes vote down vote up
public boolean socialSignOn(SocialsAssociate socialSignOnUserToken){
	
	socialSignOnUserToken=this.socialsAssociateService.get(socialSignOnUserToken);
	
	_logger.debug("callback SocialSignOn User Token : "+socialSignOnUserToken);
	if(null !=socialSignOnUserToken){

		_logger.debug("Social Sign On from "+socialSignOnUserToken.getProvider()+" mapping to user "+socialSignOnUserToken.getUsername());
		
		if(WebContext.setAuthentication(socialSignOnUserToken.getUsername(), ConstantsLoginType.SOCIALSIGNON,this.socialSignOnProvider.getProviderName(),"xe00000004","success")){
			//socialSignOnUserToken.setAccessToken(JsonUtils.object2Json(this.accessToken));
			socialSignOnUserToken.setSocialUserInfo(accountJsonString);
			//socialSignOnUserToken.setExAttribute(JsonUtils.object2Json(accessToken.getResponseObject()));
			
			this.socialsAssociateService.update(socialSignOnUserToken);
		}
		
	}else{
		WebContext.getRequest().getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, new BadCredentialsException(WebContext.getI18nValue("login.error.social")));
	}
	return true;
}
 
Example #6
Source File: AjaxAuthenticationFilter.java    From quartz-manager with Apache License 2.0 5 votes vote down vote up
/**
 * Removes temporary authentication-related data which may have been stored
 * in the session during the authentication process.
 */
protected final void clearAuthenticationAttributes(HttpServletRequest request) {
	HttpSession session = request.getSession(false);

	if (session == null)
		return;

	session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example #7
Source File: Pac4jExceptionFilter.java    From artifact-listener with Apache License 2.0 5 votes vote down vote up
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
		ServletException {
	try {
		chain.doFilter(request, response);
	} catch (final TechnicalException e) {
		HttpServletRequest httpRequest = (HttpServletRequest) request;
		HttpServletResponse httpResponse = (HttpServletResponse) response;
		
		httpRequest.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, e);
		getRedirectStrategy().sendRedirect(httpRequest, httpResponse, Pac4jAuthenticationUtils.LOGIN_FAILURE_URL);
	}
}
 
Example #8
Source File: MySimpleUrlAuthenticationSuccessHandler.java    From tutorials with MIT License 5 votes vote down vote up
protected void clearAuthenticationAttributes(HttpServletRequest request) {
    HttpSession session = request.getSession(false);
    if (session == null) {
        return;
    }
    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example #9
Source File: MySimpleUrlAuthenticationSuccessHandler.java    From tutorials with MIT License 5 votes vote down vote up
/**
 * Removes temporary authentication-related data which may have been stored in the session
 * during the authentication process.
 */
protected final void clearAuthenticationAttributes(final HttpServletRequest request) {
    final HttpSession session = request.getSession(false);

    if (session == null) {
        return;
    }

    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example #10
Source File: MySimpleUrlAuthenticationSuccessHandler.java    From tutorials with MIT License 5 votes vote down vote up
/**
 * Removes temporary authentication-related data which may have been stored in the session
 * during the authentication process.
 */
protected final void clearAuthenticationAttributes(final HttpServletRequest request) {
    final HttpSession session = request.getSession(false);

    if (session == null) {
        return;
    }

    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example #11
Source File: MySimpleUrlAuthenticationSuccessHandler.java    From tutorials with MIT License 5 votes vote down vote up
/**
 * Removes temporary authentication-related data which may have been stored in the session
 * during the authentication process.
 */
protected final void clearAuthenticationAttributes(final HttpServletRequest request) {
    final HttpSession session = request.getSession(false);

    if (session == null) {
        return;
    }

    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example #12
Source File: AuthenticationController.java    From springboot-angular-atmosphere-quickstart with Apache License 2.0 5 votes vote down vote up
private String getAuthenticationExceptionMessage(HttpSession session) {
  if (session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION) instanceof Exception) {
    Exception ex = (Exception) session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
    return ex.getMessage();
  }
  return "Unknown login issue.";
}
 
Example #13
Source File: ExtrAuthenticationSuccessHandler.java    From ExamStack with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Removes temporary authentication-related data which may have been stored in the session
 * during the authentication process.
 */
protected final void clearAuthenticationAttributes(HttpServletRequest request) {
    HttpSession session = request.getSession(false);

    if (session == null) {
        return;
    }

    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example #14
Source File: ExtrAuthenticationSuccessHandler.java    From ExamStack with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Removes temporary authentication-related data which may have been stored in the session
 * during the authentication process.
 */
protected final void clearAuthenticationAttributes(HttpServletRequest request) {
    HttpSession session = request.getSession(false);

    if (session == null) {
        return;
    }

    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example #15
Source File: HttpHeaderAuthenticationFilter.java    From herd with Apache License 2.0 5 votes vote down vote up
/**
 * Ensures the authentication object in the secure context is set to null when authentication fails.
 *
 * @param servletRequest the servlet request.
 * @param authenticationException the authentication exception.
 */
protected void unsuccessfulAuthentication(HttpServletRequest servletRequest, AuthenticationException authenticationException)
{
    LOGGER.debug("Authentication failure: ", authenticationException);
    invalidateUser(servletRequest, false);
    servletRequest.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, authenticationException);
}
 
Example #16
Source File: RestAwareAuthenticationSuccessHandler.java    From IOT-Technical-Guide with Apache License 2.0 5 votes vote down vote up
/**
 * Removes temporary authentication-related dao which may have been stored
 * in the session during the authentication process..
 *
 */
protected final void clearAuthenticationAttributes(HttpServletRequest request) {
    HttpSession session = request.getSession(false);

    if (session == null) {
        return;
    }

    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example #17
Source File: RestAwareAuthenticationSuccessHandler.java    From iotplatform with Apache License 2.0 5 votes vote down vote up
/**
 * Removes temporary authentication-related data which may have been stored in
 * the session during the authentication process..
 *
 */
protected final void clearAuthenticationAttributes(HttpServletRequest request) {
  HttpSession session = request.getSession(false);

  if (session == null) {
    return;
  }

  session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example #18
Source File: DefaultController.java    From messaging-app with Apache License 2.0 5 votes vote down vote up
@GetMapping(path = "/login", params = "error")
public String loginError(@SessionAttribute(WebAttributes.AUTHENTICATION_EXCEPTION) AuthenticationException authEx,
											Map<String, Object> model) {
	String errorMessage = authEx != null ? authEx.getMessage() : "[unknown error]";
	model.put("errorMessage", errorMessage);
	return "error";
}
 
Example #19
Source File: DefaultController.java    From oauth2-protocol-patterns with Apache License 2.0 5 votes vote down vote up
@GetMapping(path = "/login", params = "error")
public String loginError(@SessionAttribute(WebAttributes.AUTHENTICATION_EXCEPTION) AuthenticationException authEx,
											Map<String, Object> model) {
	String errorMessage = authEx != null ? authEx.getMessage() : "[unknown error]";
	model.put("errorMessage", errorMessage);
	return "error";
}
 
Example #20
Source File: OAuth2AuthenticationSuccessHandler.java    From okta-jhipster-microservices-oauth-example with Apache License 2.0 5 votes vote down vote up
private void clearAuthenticationAttributes(HttpServletRequest request) {
    HttpSession session = request.getSession(false);
    if (session == null) {
        return;
    }
    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example #21
Source File: LoginController.java    From production-ready-microservices-starter with MIT License 5 votes vote down vote up
/**
 * Removes temporary authentication-related data which may have been stored
 * in the session during the authentication process..
 *
 * @param request the request
 */
protected final void clearAuthenticationAttributes(HttpServletRequest request) {

    HttpSession session = request.getSession(false);
    if (session == null) {
        return;
    }
    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example #22
Source File: RestAwareAuthenticationSuccessHandler.java    From Groza with Apache License 2.0 5 votes vote down vote up
/**
 * Removes temporary authentication-related data which may have been stored
 * in the session during the authentication process..
 *
 */
protected final void clearAuthenticationAttributes(HttpServletRequest request) {
    HttpSession session = request.getSession(false);

    if (session == null) {
        return;
    }

    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example #23
Source File: LoginAttemptService.java    From zhcet-web with Apache License 2.0 5 votes vote down vote up
public void addErrors(Model model, HttpServletRequest request) {
    String message = "Username or Password is incorrect!";

    Object exception = request.getSession().getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
    Object rawUsername = request.getSession().getAttribute(UsernameAuthenticationFailureHandler.USERNAME);

    // If exception is null, show default message
    if (exception != null && rawUsername instanceof String) {
        String coolDownPeriod = getBlockDuration() + " " + LoginAttemptService.TIME_UNIT;

        String username = (String) rawUsername;
        if (exception instanceof LockedException || isBlocked(username)) {
            message = "User blocked for <strong>" + coolDownPeriod + "</strong> since last wrong login attempt";
        } else if (exception instanceof BadCredentialsException) {
            String tries = String.format("%d out of %d tries left!", triesLeft(username), getMaxRetries());
            String coolDown = "User will be blocked for " + coolDownPeriod + " after all tries are exhausted";

            String errorMessage = extractMessage((BadCredentialsException) exception, message);

            // If the error is about OTP, tell frontend that OTP is required
            if (errorMessage.toLowerCase().contains("otp")) {
                model.addAttribute("otp_required", true);
            }

            message = errorMessage + "<br><strong>" + tries + "</strong> " + coolDown;
        } else if (exception instanceof DisabledException) {
            message = "User is disabled from site";
        }
    }

    model.addAttribute("login_error", message);
}
 
Example #24
Source File: AjaxAwareAuthenticationSuccessHandler.java    From OpenLRW with Educational Community License v2.0 5 votes vote down vote up
/**
 * Removes temporary authentication-related data which may have been stored
 * in the session during the authentication process..
 * 
 */
protected final void clearAuthenticationAttributes(HttpServletRequest request) {
    HttpSession session = request.getSession(false);

    if (session == null) {
        return;
    }

    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example #25
Source File: LoginSuccessHandler.java    From secrets-proxy with Apache License 2.0 5 votes vote down vote up
/**
 * Removes any temporary authentication-related data which may have been stored in the session
 * during the authentication process.
 *
 * @param request http request.
 */
private void clearAuthenticationAttributes(HttpServletRequest request) {
  // Don't create new session.
  HttpSession session = request.getSession(false);
  if (session == null) {
    return;
  }
  session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example #26
Source File: PlatformAuthenticationSuccessHandler.java    From abixen-platform with GNU Lesser General Public License v2.1 5 votes vote down vote up
protected void clearAuthenticationAttributes(HttpServletRequest request) {
    HttpSession session = request.getSession(false);
    if (session == null) {
        return;
    }
    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example #27
Source File: SecurityContextVarsInitializer.java    From bdf3 with Apache License 2.0 5 votes vote down vote up
@Override
public void initializeContext(Map<String, Object> vars) throws Exception {
	vars.put("loginUsername", ContextUtils.getLoginUsername());
	vars.put("loginUser", ContextUtils.getLoginUser());
	AuthenticationException ex = (AuthenticationException) DoradoContext.getAttachedRequest().getSession()
			.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
	String errorMsg = ex != null ? ex.getMessage() : "none";
	vars.put("authenticationErrorMsg", errorMsg);

}
 
Example #28
Source File: MySimpleUrlAuthenticationSuccessHandler.java    From spring-boot with Apache License 2.0 5 votes vote down vote up
protected void clearAuthenticationAttributes(final HttpServletRequest request) {
    final HttpSession session = request.getSession(false);
    if (session == null) {
        return;
    }
    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example #29
Source File: AjaxAwareAuthenticationSuccessHandler.java    From springboot-security-jwt with MIT License 5 votes vote down vote up
/**
 * Removes temporary authentication-related data which may have been stored
 * in the session during the authentication process..
 * 
 */
protected final void clearAuthenticationAttributes(HttpServletRequest request) {
    HttpSession session = request.getSession(false);

    if (session == null) {
        return;
    }

    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}
 
Example #30
Source File: ExtrAuthenticationSuccessHandler.java    From ExamStack with GNU General Public License v2.0 5 votes vote down vote up
/**
 * Removes temporary authentication-related data which may have been stored in the session
 * during the authentication process.
 */
protected final void clearAuthenticationAttributes(HttpServletRequest request) {
    HttpSession session = request.getSession(false);

    if (session == null) {
        return;
    }

    session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
}