@SuppressWarnings("deprecation")
@Override
public void onAuthenticationFailure(
HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
throws IOException, ServletException {
if (exception.getClass().isAssignableFrom(UnverifiedUserException.class)) {
System.out.println(exception.getExtraInformation());
getRedirectStrategy()
.sendRedirect(
request,
response,
"/login/unverified?email="
+ exception.getAuthentication().getName()
+ "&status="
+ ((FingraphUser) exception.getExtraInformation()).getStatus());
} else if (exception.getClass().isAssignableFrom(PasswordMissmatchUserException.class)) {
System.out.println(exception.getExtraInformation());
getRedirectStrategy().sendRedirect(request, response, "/login/form?error=100");
} else if (exception.getClass().isAssignableFrom(UnapprovalUserException.class)) {
System.out.println(exception.getExtraInformation());
getRedirectStrategy().sendRedirect(request, response, "/login/form?error=200");
} else {
super.onAuthenticationFailure(request, response, exception);
}
}
@Override
public void commence(
HttpServletRequest request,
HttpServletResponse response,
AuthenticationException authException)
throws IOException, ServletException {
if (authException == null) {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
} else {
final String exceptionCode =
authenticationFailureHandler.getExceptionCode(authException.getClass());
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, exceptionCode);
}
}
@Override
public void onAuthenticationFailure(
HttpServletRequest request, HttpServletResponse response, AuthenticationException ae)
throws IOException, ServletException {
logger.info(" onAuthenticationFailure");
logger.info("classes " + ae.getClass());
// org.springframework.security.web.authentication.session.SessionAuthenticationException
@SuppressWarnings("deprecation")
UsernamePasswordAuthenticationToken user =
(UsernamePasswordAuthenticationToken) ae.getAuthentication();
logger.info("xxxxxxxxx1 " + ae.getMessage());
logger.info("xxxxxxxxx2 " + ae.hashCode());
logger.info("xxxxxxxxx3 " + ae.toString());
// user contains required data
// login/duplicate ==> Session exceeded
// login/failure ==> invalid username or password
if (user != null) response.sendRedirect("login/failure");
else response.sendRedirect("login/duplicate");
// Session exceeded
/* onAuthenticationFailure
xxxxxxxxx1 Maximum sessions of 1 for this principal exceeded
xxxxxxxxx2 109033592
xxxxxxxxx3 org.springframework.security.web.authentication.session.SessionAuthenticationException: Maximum sessions of 1 for this principal exceeded
user null*/
// invalid username or password
/*onAuthenticationFailure
xxxxxxxxx1 java.lang.NullPointerException
xxxxxxxxx2 1637300018
xxxxxxxxx3 org.springframework.security.authentication.AuthenticationServiceException: java.lang.NullPointerException
user org.springframework.security.authentication.UsernamePasswordAuthenticationToken@5b97ec2: Principal: sdsd; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 127.0.0.1; SessionId: C602C7B2DFF3458815F9640ACC750D7F; Not granted any authorities
*/
// invalid password Only
/*onAuthenticationFailure
xxxxxxxxx1 Bad credentials
xxxxxxxxx2 405682457
xxxxxxxxx3 org.springframework.security.authentication.BadCredentialsException: Bad credentials
user org.springframework.security.authentication.UsernamePasswordAuthenticationToken@8b9d3a1a: Principal: MCA000049; Credentials: [PROTECTED]; Authenticated: false; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 127.0.0.1; SessionId: C602C7B2DFF3458815F9640ACC750D7F; Not granted any authorities
*/
}
@Override
public void onAuthenticationFailure(
HttpServletRequest request,
HttpServletResponse response,
AuthenticationException authenticationException)
throws IOException, ServletException {
logger.debug(
"commencing RealAuthenticationFailureHandler because of {}",
authenticationException.getClass());
AuthnRequestInfo authnRequestInfo =
(AuthnRequestInfo) request.getSession().getAttribute(AuthnRequestInfo.class.getName());
if (authnRequestInfo == null) {
logger.warn(
"Could not find AuthnRequestInfo on the request. Delegating to nonSSOAuthnFailureHandler.");
nonSSOAuthnFailureHandler.onAuthenticationFailure(request, response, authenticationException);
return;
}
logger.debug("AuthnRequestInfo is {}", authnRequestInfo);
request
.getSession()
.setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, authenticationException);
CriteriaSet criteriaSet = new CriteriaSet();
criteriaSet.add(new EntityIDCriteria(idpConfiguration.getEntityID()));
criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
Credential signingCredential = null;
try {
signingCredential = credentialResolver.resolveSingle(criteriaSet);
} catch (org.opensaml.xml.security.SecurityException e) {
logger.warn("Unable to resolve signing credential for entityId", e);
return;
}
Validate.notNull(signingCredential);
AuthnResponseGenerator authnResponseGenerator =
new AuthnResponseGenerator(
signingCredential,
idpConfiguration.getEntityID(),
timeService,
idService,
idpConfiguration);
EndpointGenerator endpointGenerator = new EndpointGenerator();
Response authResponse =
authnResponseGenerator.generateAuthnResponseFailure(
authnRequestInfo.getAssertionConsumerURL(),
authnRequestInfo.getAuthnRequestID(),
authenticationException);
Endpoint endpoint =
endpointGenerator.generateEndpoint(
AssertionConsumerService.DEFAULT_ELEMENT_NAME,
authnRequestInfo.getAssertionConsumerURL(),
null);
request.getSession().removeAttribute(AuthnRequestInfo.class.getName());
String relayState = request.getParameter("RelayState");
try {
bindingAdapter.sendSAMLMessage(
authResponse, endpoint, response, relayState, signingCredential);
} catch (MessageEncodingException mee) {
logger.error("Exception encoding SAML message", mee);
response.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE);
}
}