preAuthenticationChecks.check(user); additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication); user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication); preAuthenticationChecks.check(user); additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication); postAuthenticationChecks.check(user);
@Test public void authenticateWhenPostAuthenticationChecksFail() { when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(this.user)); doThrow(new LockedException("account is locked")).when(this.postAuthenticationChecks).check(any()); when(this.encoder.matches(any(), any())).thenReturn(true); this.manager.setPasswordEncoder(this.encoder); this.manager.setPostAuthenticationChecks(this.postAuthenticationChecks); assertThatExceptionOfType(LockedException.class) .isThrownBy(() -> this.manager.authenticate(new UsernamePasswordAuthenticationToken(this.user, this.user.getPassword())).block()) .withMessage("account is locked"); verify(this.postAuthenticationChecks).check(eq(this.user)); }
preAuthenticationChecks.check(user); additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication); user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication); preAuthenticationChecks.check(user); additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication); postAuthenticationChecks.check(user);
private CasAuthenticationToken authenticateNow(final Authentication authentication) throws AuthenticationException { try { final Assertion assertion = this.ticketValidator.validate(authentication .getCredentials().toString(), getServiceUrl(authentication)); final UserDetails userDetails = loadUserByAssertion(assertion); userDetailsChecker.check(userDetails); return new CasAuthenticationToken(this.key, userDetails, authentication.getCredentials(), authoritiesMapper.mapAuthorities(userDetails.getAuthorities()), userDetails, assertion); } catch (final TicketValidationException e) { throw new BadCredentialsException(e.getMessage(), e); } }
this.userDetailsChecker.check(targetUser);
public RunAsUserToken create( String key, UserDetails userDetails, Class<? extends Authentication> originalAuthentication) { userDetailsChecker.check(userDetails); return new RunAsUserToken( key, userDetails.getUsername(), userDetails.getPassword(), userDetails.getAuthorities(), originalAuthentication); } }
preAuthenticationChecks.check(user); additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication); } catch (AuthenticationException exception) { preAuthenticationChecks.check(user); additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication); } else { postAuthenticationChecks.check(user);
.loadUserDetails((PreAuthenticatedAuthenticationToken) authentication); userDetailsChecker.check(ud);
preAuthenticationChecks.check(user); additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication); user = retrieveUser(username, (UsernamePasswordAuthenticationToken) authentication); preAuthenticationChecks.check(user); additionalAuthenticationChecks(user, (UsernamePasswordAuthenticationToken) authentication); postAuthenticationChecks.check(user);
preAuthenticationChecks.check( userDetails ); additionalAuthenticationChecks( userDetails, (UsernamePasswordAuthenticationToken) authentication ); preAuthenticationChecks.check( userDetails ); additionalAuthenticationChecks( userDetails, (UsernamePasswordAuthenticationToken) authentication ); postAuthenticationChecks.check( userDetails );
String[] cookieTokens = decodeCookie(rememberMeCookie); user = processAutoLoginCookie(cookieTokens, request, response); userDetailsChecker.check(user);
private CasAuthenticationToken authenticateNow(final Authentication authentication) throws AuthenticationException { try { final Assertion assertion = this.ticketValidator.validate(authentication .getCredentials().toString(), getServiceUrl(authentication)); final UserDetails userDetails = loadUserByAssertion(assertion); userDetailsChecker.check(userDetails); return new CasAuthenticationToken(this.key, userDetails, authentication.getCredentials(), authoritiesMapper.mapAuthorities(userDetails.getAuthorities()), userDetails, assertion); } catch (final TicketValidationException e) { throw new BadCredentialsException(e.getMessage(), e); } }
@Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { if (!(authentication instanceof BearerAuthenticationToken)) { return null; } String bearerToken = (String) authentication.getCredentials(); User user; Jws<Claims> jws; try { jws = tokenAuthenticationService.parse(bearerToken); user = tokenAuthenticationService.verify(jws); } catch (ExpiredJwtException e) { throw new CredentialsExpiredException("JWT token expired", e); } catch (UnsupportedJwtException | MalformedJwtException | IllegalArgumentException e) { // assume that this is not a JWT, allow the next AuthenticationProvider to process it return null; } catch (SignatureException | MissingClaimException | IncorrectClaimException e) { throw new BadCredentialsException("JWT signature verification error or claim incorrect", e); } catch (NotFoundException e) { throw new BadCredentialsException("Invalid username", e); } catch (Exception e) { throw new InternalAuthenticationServiceException("Error authenticating with JWT token", e); } userDetailsChecker.check(user); if (log.isDebugEnabled()) { log.debug("Successfully authenticated user using JWT token, header: " + jws.getHeader() + ", body: " + jws.getBody()); } return new JwtAuthentication(user, bearerToken, jws, user.getAuthorities()); }
private FederationAuthenticationToken authenticateNow(final Authentication authentication) throws AuthenticationException { try { FedizRequest wfReq = (FedizRequest)authentication.getCredentials(); FedizContext fedContext = federationConfig.getFedizContext(); FedizProcessor wfProc = FedizProcessorFactory.newFedizProcessor(fedContext.getProtocol()); FedizResponse wfRes = wfProc.processRequest(wfReq, fedContext); final UserDetails userDetails = loadUserByFederationResponse(wfRes); userDetailsChecker.check(userDetails); return new FederationAuthenticationToken(userDetails, authentication.getCredentials(), authoritiesMapper.mapAuthorities(userDetails.getAuthorities()), userDetails, wfRes); } catch (Exception e) { LOG.error("Failed to validate SignIn request", e); throw new BadCredentialsException(e.getMessage(), e); } }
private FederationAuthenticationToken authenticateNow(final Authentication authentication) throws AuthenticationException { try { FedizRequest wfReq = (FedizRequest)authentication.getCredentials(); FedizContext fedContext = federationConfig.getFedizContext(); FedizProcessor wfProc = FedizProcessorFactory.newFedizProcessor(fedContext.getProtocol()); FedizResponse wfRes = wfProc.processRequest(wfReq, fedContext); final UserDetails userDetails = loadUserByFederationResponse(wfRes); userDetailsChecker.check(userDetails); return new FederationAuthenticationToken(userDetails, authentication.getCredentials(), authoritiesMapper.mapAuthorities(userDetails.getAuthorities()), userDetails, wfRes); } catch (Exception e) { LOG.error("Failed to validate SignIn request", e); throw new BadCredentialsException(e.getMessage(), e); } }
@Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { KerberosServiceRequestToken auth = (KerberosServiceRequestToken) authentication; byte[] token = auth.getToken(); LOG.debug("Try to validate Kerberos Token"); KerberosTicketValidation ticketValidation = m_kerberosTicketValidator.validateTicket(token); LOG.debug("Succesfully validated " + ticketValidation.username()); /* * The incoming username will be in the form of a Kerberos user principal name, * e.g. user@EXAMPLE.ORG. We typically need to strip off the realm name before * doing any LDAP operations with the username. */ String validatedUsername = trimRealmFromUsername(ticketValidation.username()); DirContextOperations ldapUserEntry = m_ldapUserSearch.searchForUser(validatedUsername); Collection<? extends GrantedAuthority> grantedAuthorities = m_ldapAuthoritiesPopulator.getGrantedAuthorities(ldapUserEntry, validatedUsername); UserDetails userDetails = new User(validatedUsername, "notUsed", true, true, true, true, grantedAuthorities); m_userDetailsChecker.check(userDetails); additionalAuthenticationChecks(userDetails, auth); KerberosServiceRequestToken responseAuth = new KerberosServiceRequestToken(userDetails, ticketValidation, userDetails.getAuthorities(), token); return responseAuth; }
private CasAuthenticationToken authenticateNow(final Authentication authentication) throws AuthenticationException { try { final Assertion assertion = this.ticketValidator.validate(authentication .getCredentials().toString(), getServiceUrl(authentication)); final UserDetails userDetails = loadUserByAssertion(assertion); userDetailsChecker.check(userDetails); return new CasAuthenticationToken(this.key, userDetails, authentication.getCredentials(), authoritiesMapper.mapAuthorities(userDetails.getAuthorities()), userDetails, assertion); } catch (final TicketValidationException e) { throw new BadCredentialsException(e.getMessage(), e); } }
@Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { KerberosServiceRequestToken auth = (KerberosServiceRequestToken) authentication; byte[] token = auth.getToken(); LOG.debug("Try to validate Kerberos Token"); KerberosTicketValidation ticketValidation = this.ticketValidator.validateTicket(token); LOG.debug("Succesfully validated " + ticketValidation.username()); UserDetails userDetails = this.userDetailsService.loadUserByUsername(ticketValidation.username()); userDetailsChecker.check(userDetails); additionalAuthenticationChecks(userDetails, auth); KerberosServiceRequestToken responseAuth = new KerberosServiceRequestToken( userDetails, ticketValidation, userDetails.getAuthorities(), token); responseAuth.setDetails(authentication.getDetails()); return responseAuth; }
@Override @RunAsSystem public Authentication authenticate(Authentication authentication) { if (!supports(authentication.getClass())) throw new IllegalArgumentException("Only RestAuthenticationToken is supported"); RestAuthenticationToken authToken = (RestAuthenticationToken) authentication; if (authToken.getToken() != null) { UserDetails userDetails = tokenService.findUserByToken(authToken.getToken()); // Throws UnknownTokenException userDetailsChecker.check(userDetails); // if token is invalid authToken = new RestAuthenticationToken( userDetails, userDetails.getPassword(), userDetails.getAuthorities(), authToken.getToken()); } return authToken; }
this.userDetailsChecker.check(user); } catch (CredentialsExpiredException e) { if (newPassword == null) {