org.springframework.security.authentication.AccountStatusException Java Examples

The following examples show how to use org.springframework.security.authentication.AccountStatusException. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: PhonePasswordTokenGranter.java    From spring-cloud-shop with MIT License 8 votes vote down vote up
@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {

    Map<String, String> parameters = new LinkedHashMap<>(tokenRequest.getRequestParameters());
    String username = parameters.get("phone");
    String password = parameters.get("password");
    // Protect from downstream leaks of password
    parameters.remove("password");

    Authentication userAuth = new UsernamePasswordAuthenticationToken(username, password);
    ((AbstractAuthenticationToken) userAuth).setDetails(parameters);
    try {
        userAuth = authenticationManager.authenticate(userAuth);
    } catch (AccountStatusException | BadCredentialsException ase) {
        //covers expired, locked, disabled cases (mentioned in section 5.2, draft 31)
        throw new InvalidGrantException(ase.getMessage());
    } // If the username/password are wrong the spec says we should send 400/invalid grant

    if (userAuth == null || !userAuth.isAuthenticated()) {
        throw new InvalidGrantException("Could not authenticate user: " + username);
    }

    return new OAuth2Authentication(getRequestFactory().createOAuth2Request(client, tokenRequest), userAuth);
}
 
Example #2
Source File: OpenIdTokenGranter.java    From cola with MIT License 6 votes vote down vote up
@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
	Map<String, String> parameters = new LinkedHashMap<String, String>(tokenRequest.getRequestParameters());
	String openId = parameters.get("openid");
	String provider = parameters.get("provider");

	Authentication userAuth = new OpenIdAuthenticationToken(openId,provider);
	((AbstractAuthenticationToken) userAuth).setDetails(parameters);
	try {
		userAuth = authenticationManager.authenticate(userAuth);
	} catch (AccountStatusException | BadCredentialsException ase) {
		//covers expired, locked, disabled cases (mentioned in section 5.2, draft 31)
		throw new InvalidGrantException(ase.getMessage());
	}
	if (userAuth == null || !userAuth.isAuthenticated()) {
		throw new InvalidGrantException("Could not authenticate user: " + openId);
	}

	OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest);
	return new OAuth2Authentication(storedOAuth2Request, userAuth);
}
 
Example #3
Source File: AcTokenGranter.java    From cola with MIT License 6 votes vote down vote up
@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
	Map<String, String> parameters = new LinkedHashMap<String, String>(tokenRequest.getRequestParameters());
	String authorizationCode = parameters.get("authorizationCode");
	String provider = parameters.get("provider");

	Authentication userAuth = new AcAuthenticationToken(authorizationCode, provider);
	((AbstractAuthenticationToken) userAuth).setDetails(parameters);
	try {
		userAuth = authenticationManager.authenticate(userAuth);
	} catch (AccountStatusException | BadCredentialsException ase) {
		//covers expired, locked, disabled cases (mentioned in section 5.2, draft 31)
		throw new InvalidGrantException(ase.getMessage());
	}
	if (userAuth == null || !userAuth.isAuthenticated()) {
		throw new InvalidGrantException("Could not authenticate user: " + authorizationCode);
	}

	OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest);
	return new OAuth2Authentication(storedOAuth2Request, userAuth);
}
 
Example #4
Source File: SmsTokenGranter.java    From cola with MIT License 6 votes vote down vote up
@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
	Map<String, String> parameters = new LinkedHashMap<String, String>(tokenRequest.getRequestParameters());
	String phoneNumber = parameters.get("phoneNumber");
	String credential = parameters.get("credential");
	String token = parameters.get("token");

	Authentication userAuth = new SmsAuthenticationToken(phoneNumber, credential, token);
	((AbstractAuthenticationToken) userAuth).setDetails(parameters);
	try {
		userAuth = authenticationManager.authenticate(userAuth);
	} catch (AccountStatusException | BadCredentialsException ase) {
		//covers expired, locked, disabled cases (mentioned in section 5.2, draft 31)
		throw new InvalidGrantException(ase.getMessage());
	}
	if (userAuth == null || !userAuth.isAuthenticated()) {
		throw new InvalidGrantException("Could not authenticate user: " + phoneNumber);
	}

	OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest);
	return new OAuth2Authentication(storedOAuth2Request, userAuth);
}
 
Example #5
Source File: ResourceOwnerPasswordTokenGranter.java    From MaxKey with Apache License 2.0 5 votes vote down vote up
@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {

	Map<String, String> parameters = new LinkedHashMap<String, String>(tokenRequest.getRequestParameters());
	String username = parameters.get("username");
	String password = parameters.get("password");
	// Protect from downstream leaks of password
	parameters.remove("password");

	Authentication userAuth = new UsernamePasswordAuthenticationToken(username, password);
	try {
		userAuth = authenticationManager.authenticate(userAuth);
	}
	catch (AccountStatusException ase) {
		//covers expired, locked, disabled cases (mentioned in section 5.2, draft 31)
		throw new InvalidGrantException(ase.getMessage());
	}
	catch (BadCredentialsException e) {
		// If the username/password are wrong the spec says we should send 400/invlid grant
		throw new InvalidGrantException(e.getMessage());
	}
	if (userAuth == null || !userAuth.isAuthenticated()) {
		throw new InvalidGrantException("Could not authenticate user: " + username);
	}
	
	OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest);		
	return new OAuth2Authentication(storedOAuth2Request, userAuth);
}
 
Example #6
Source File: PasswordTokenGranter.java    From oauth2-server with MIT License 4 votes vote down vote up
@Override
public Map<String, Object> grant(OauthClient client, String grantType, Map<String, String> parameters) {

    Map<String, Object> result = new HashMap<>();
    result.put("status", 0);

    String username = parameters.get("username");
    String password = parameters.get("password");
    String clientId = parameters.get("client_id");
    String scope = parameters.get("scope");

    if (!GRANT_TYPE.equals(grantType)) {
        return result;
    }

    Authentication userAuth = new UsernamePasswordAuthenticationToken(username, password);
    ((AbstractAuthenticationToken) userAuth).setDetails(parameters);
    try {
        userAuth = authenticationManager.authenticate(userAuth);
    } catch (AccountStatusException ase) {
        //covers expired, locked, disabled cases (mentioned in section 5.2, draft 31)
        throw new OAuth2Exception(ase.getMessage(), HttpStatus.UNAUTHORIZED, "invalid_request");
    } catch (BadCredentialsException e) {
        // If the username/password are wrong the spec says we should send 400/invalid grant
        throw new OAuth2Exception(e.getMessage(), HttpStatus.UNAUTHORIZED, "invalid_request");
    }
    if (userAuth == null || !userAuth.isAuthenticated()) {
        throw new OAuth2Exception("Could not authenticate user: " + username, HttpStatus.UNAUTHORIZED, "invalid_request");
    }
    Date now = new Date();
    Date tokenExpiration = Date.from(LocalDateTime.now().plusSeconds(client.getAccessTokenValidity()).atZone(ZoneId.systemDefault()).toInstant());
    Date refreshTokenExpiration = Date.from(LocalDateTime.now().plusSeconds(client.getAccessTokenValidity()).atZone(ZoneId.systemDefault()).toInstant());

    UserInfo userInfo = (UserInfo) userAuth.getPrincipal();
    String tokenId = UUID.randomUUID().toString();
    String accessToken = Jwts.builder()
        .setHeaderParam("alg", "HS256")
        .setHeaderParam("typ", "JWT")
        .claim("accountOpenCode", userInfo.getAccountOpenCode())
        .setIssuer(issuer)
        .setSubject(userInfo.getUsername())
        .setAudience(clientId)
        .claim("roles", userInfo.getAuthorities().stream().map(e -> e.getAuthority()).collect(Collectors.toList()))
        .setExpiration(tokenExpiration)
        .setNotBefore(now)
        .setIssuedAt(now)
        .setId(tokenId)
        .signWith(keyPair.getPrivate())
        .compact();

    String refreshToken = Jwts.builder()
        .setHeaderParam("alg", "HS256")
        .setHeaderParam("typ", "JWT")
        .claim("accountOpenCode", userInfo.getAccountOpenCode())
        .claim("jti", tokenId)
        .setIssuer(issuer)
        .setSubject(userInfo.getUsername())
        .setAudience(clientId)
        .claim("roles", userInfo.getAuthorities().stream().map(e -> e.getAuthority()).collect(Collectors.toList()))
        .setExpiration(refreshTokenExpiration)
        .setNotBefore(now)
        .setIssuedAt(now)
        .setId(UUID.randomUUID().toString())
        .signWith(keyPair.getPrivate())
        .compact();

    result.put("access_token", accessToken);
    result.put("token_type", "bearer");
    result.put("refresh_token", refreshToken);
    result.put("expires_in", client.getAccessTokenValidity() - 1);
    result.put("accountOpenCode", userInfo.getAccountOpenCode());
    result.put("scope", scope);
    result.put("jti", tokenId);
    result.put("status", 1);
    return result;
}
 
Example #7
Source File: CustomResourceOwnerPasswordTokenGranter.java    From spring-auth-example with MIT License 4 votes vote down vote up
@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client,
    TokenRequest tokenRequest) {

  Map<String, String> parameters = new LinkedHashMap<String, String>(
      tokenRequest.getRequestParameters());
  String username = parameters.get("username");
  String password = parameters.get("password");
  String clientId = client.getClientId();
  // Protect from downstream leaks of password
  parameters.remove("password");

  Authentication userAuth;
  if ("foo_app".equalsIgnoreCase(clientId)) {
    userAuth = new FooUsernamePasswordAuthenticationToken(username,
        password);
  } else if ("bar_app".equalsIgnoreCase(clientId)) {
    userAuth = new BarUsernamePasswordAuthenticationToken(username,
        password);
  } else {
    throw new InvalidGrantException("Unknown client: " + clientId);
  }

  ((AbstractAuthenticationToken) userAuth).setDetails(parameters);
  try {
    userAuth = authenticationManager.authenticate(userAuth);
  } catch (AccountStatusException ase) {
    //covers expired, locked, disabled cases (mentioned in section 5.2, draft 31)
    throw new InvalidGrantException(ase.getMessage());
  } catch (BadCredentialsException e) {
    // If the username/password are wrong the spec says we should send 400/invalid grant
    throw new InvalidGrantException(e.getMessage());
  }
  if (userAuth == null || !userAuth.isAuthenticated()) {
    throw new InvalidGrantException(
        "Could not authenticate user: " + username);
  }

  OAuth2Request storedOAuth2Request = getRequestFactory()
      .createOAuth2Request(client, tokenRequest);
  return new OAuth2Authentication(storedOAuth2Request, userAuth);
}