@ResponseStatus(HttpStatus.UNAUTHORIZED) // 401 @ExceptionHandler(LockedException.class) @ResponseBody public ErrorInfo handleLockedUser(LockedException e) { ErrorInfo result = new ErrorInfo(e.getMessage()); result.setMessageKey(INACTIVE_USER_MESSAGE_KEY); return result; }
@Override public Authentication authenticate(T authenticationToken) throws AuthenticationException { if (authenticationToken == null) { throw new InvalidTokenException("Null authentication token"); } org.springframework.security.core.Authentication authentication = getAuthentication(authenticationToken); if (authentication == null) { throw new InvalidTokenException("Invalid authentication token: missing Spring Security Authentication"); } try { authentication = authenticationManager.authenticate(authentication); } catch (UsernameNotFoundException e) { throw new UnknownAccountException(e.getMessage()); } catch (BadCredentialsException e) { throw new InvalidCredentialsException(e.getMessage()); } catch (CredentialsExpiredException | AccountExpiredException e) { throw new ExpiredCredentialsException(e.getMessage()); } catch (DisabledException e) { throw new DisabledAccountException(e.getMessage()); } catch (LockedException e) { throw new LockedAccountException(e.getMessage()); } catch (Exception e) { throw new UnexpectedAuthenticationException(e.getMessage(), e); } return SpringSecurityAuthentication.create(authentication); }