@Test
public void testCreateProxyWrapper() {
AuthenticationException wrappedObject =
new S4AuthenticationExceptionProxyCreatorForTest().create(mockAuthenticationException);
Assert.assertNotNull(wrappedObject);
Assert.assertNotNull(wrappedObject.getAuthentication());
Assert.assertTrue(wrappedObject.getAuthentication().getPrincipal().equals(MOCK_PRINCIPAL));
Assert.assertTrue(
wrappedObject.getAuthentication().isAuthenticated() == MOCK_PRINCIPAL_IS_AUTHENTICATED);
}
private boolean openIdAuthenticationSuccesfullButUserIsNotRegistered(
AuthenticationException exception) {
return exception instanceof UsernameNotFoundException
&& exception.getAuthentication() instanceof OpenIDAuthenticationToken
&& OpenIDAuthenticationStatus.SUCCESS.equals(
(getOpenIdAuthenticationToken(exception)).getStatus());
}
@SuppressWarnings("deprecation")
@Override
public void onAuthenticationFailure(
HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
throws IOException, ServletException {
if (exception.getClass().isAssignableFrom(UnverifiedUserException.class)) {
System.out.println(exception.getExtraInformation());
getRedirectStrategy()
.sendRedirect(
request,
response,
"/login/unverified?email="
+ exception.getAuthentication().getName()
+ "&status="
+ ((FingraphUser) exception.getExtraInformation()).getStatus());
} else if (exception.getClass().isAssignableFrom(PasswordMissmatchUserException.class)) {
System.out.println(exception.getExtraInformation());
getRedirectStrategy().sendRedirect(request, response, "/login/form?error=100");
} else if (exception.getClass().isAssignableFrom(UnapprovalUserException.class)) {
System.out.println(exception.getExtraInformation());
getRedirectStrategy().sendRedirect(request, response, "/login/form?error=200");
} else {
super.onAuthenticationFailure(request, response, exception);
}
}
@Override
@Transactional
public void onAuthenticationFailure(
HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
throws IOException, ServletException {
// Wrong password or username
if (exception instanceof BadCredentialsException) {
MotechUser motechUser =
motechUsersDao.findByUserName(exception.getAuthentication().getName());
int failureLoginLimit = settingService.getFailureLoginLimit();
if (motechUser != null && failureLoginLimit > 0) {
int failureLoginCounter = motechUser.getFailureLoginCounter();
failureLoginCounter++;
if (failureLoginCounter > failureLoginLimit && motechUser.isActive()) {
motechUser.setUserStatus(UserStatus.BLOCKED);
failureLoginCounter = 0;
LOGGER.debug("User {} has been blocked", motechUser.getUserName());
}
motechUser.setFailureLoginCounter(failureLoginCounter);
motechUsersDao.update(motechUser);
}
if (motechUser != null && !motechUser.isActive()) {
LOGGER.debug("Redirecting to " + userBlockedUrl);
redirectStrategy.sendRedirect(request, response, userBlockedUrl);
return;
}
}
super.onAuthenticationFailure(request, response, exception);
}
@Override
public void onAuthenticationFailure(
HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
throws IOException, ServletException {
Authentication auth = exception.getAuthentication();
if (auth != null) {
logger.info("username: " + auth.getName());
}
super.onAuthenticationFailure(request, response, exception);
}
@Before
public void setUp() throws NoSuchMethodException {
mockAuthentication = mock(Authentication.class);
when(mockAuthentication.getPrincipal()).thenReturn(MOCK_PRINCIPAL);
when(mockAuthentication.isAuthenticated()).thenReturn(MOCK_PRINCIPAL_IS_AUTHENTICATED);
mockAuthenticationException = mock(AuthenticationException.class);
when(mockAuthenticationException.getAuthentication()).thenReturn(mockAuthentication);
}
@Override
public void onAuthenticationFailure(
HttpServletRequest request, HttpServletResponse response, AuthenticationException ae)
throws IOException, ServletException {
logger.info(" onAuthenticationFailure");
logger.info("classes " + ae.getClass());
// org.springframework.security.web.authentication.session.SessionAuthenticationException
@SuppressWarnings("deprecation")
UsernamePasswordAuthenticationToken user =
(UsernamePasswordAuthenticationToken) ae.getAuthentication();
logger.info("xxxxxxxxx1 " + ae.getMessage());
logger.info("xxxxxxxxx2 " + ae.hashCode());
logger.info("xxxxxxxxx3 " + ae.toString());
// user contains required data
// login/duplicate ==> Session exceeded
// login/failure ==> invalid username or password
if (user != null) response.sendRedirect("login/failure");
else response.sendRedirect("login/duplicate");
// Session exceeded
/* onAuthenticationFailure
xxxxxxxxx1 Maximum sessions of 1 for this principal exceeded
xxxxxxxxx2 109033592
xxxxxxxxx3 org.springframework.security.web.authentication.session.SessionAuthenticationException: Maximum sessions of 1 for this principal exceeded
user null*/
// invalid username or password
/*onAuthenticationFailure
xxxxxxxxx1 java.lang.NullPointerException
xxxxxxxxx2 1637300018
xxxxxxxxx3 org.springframework.security.authentication.AuthenticationServiceException: java.lang.NullPointerException
user org.springframework.security.authentication.UsernamePasswordAuthenticationToken@5b97ec2: Principal: sdsd; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 127.0.0.1; SessionId: C602C7B2DFF3458815F9640ACC750D7F; Not granted any authorities
*/
// invalid password Only
/*onAuthenticationFailure
xxxxxxxxx1 Bad credentials
xxxxxxxxx2 405682457
xxxxxxxxx3 org.springframework.security.authentication.BadCredentialsException: Bad credentials
user org.springframework.security.authentication.UsernamePasswordAuthenticationToken@8b9d3a1a: Principal: MCA000049; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 127.0.0.1; SessionId: C602C7B2DFF3458815F9640ACC750D7F; Not granted any authorities
*/
}
private OpenIDAuthenticationToken getOpenIdAuthenticationToken(
AuthenticationException exception) {
return ((OpenIDAuthenticationToken) exception.getAuthentication());
}