@Override public void onAuthenticationFailure(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException exception) throws IOException, ServletException { setDefaultFailureUrl("/signin?error"); super.onAuthenticationFailure(request, response, exception); String errorMessage = webUI.getMessage(GENERIC_AUTHENTICATION_ERROR_KEY); User user = userService.getUserByUsername(request.getParameter(USERNAME)); if (user != null) { String notYetApprovedMessage = webUI.getMessage(NOT_YET_USER_VERIFIED_ERROR_KEY, user.getUsername(), user.getEmail()); if (exception.getMessage().equalsIgnoreCase((USER_IS_DISABLED))) { if (user.getUserData().getApprovedDatetime() == null) errorMessage = notYetApprovedMessage; } } request.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, errorMessage); }
/** * Configures custom messages upon Spring Security authentication errors. * * @author Ant Kaynak - Github/Exercon * */ @Override public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException { setDefaultFailureUrl("/login?error"); super.onAuthenticationFailure(request, response, exception); String errorMessage = "Invalid username and/or password!"; if (exception.getMessage().equalsIgnoreCase("User is disabled")) { errorMessage = "User account is disabled! Check user e-mail to activate the account."; } else if (exception.getMessage().equalsIgnoreCase("User account has expired")) { errorMessage = "User account has expired. Please contact our support team."; }else if (exception.getMessage().equalsIgnoreCase("User account is locked")){ errorMessage = "User account is banned. Please contact our support team."; } request.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, errorMessage); }
@Override protected void onConfigure() { super.onConfigure(); ServletWebRequest req = (ServletWebRequest) RequestCycle.get().getRequest(); HttpServletRequest httpReq = req.getContainerRequest(); HttpSession httpSession = httpReq.getSession(); Exception ex = (Exception) httpSession.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); if (ex == null) { return; } String key = ex.getMessage() != null ? ex.getMessage() : "web.security.provider.unavailable"; error(getString(key)); httpSession.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); clearBreadcrumbs(); }
@Override public void onAuthenticationFailure(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException exception) throws IOException, ServletException { setDefaultFailureUrl("/login?error=true"); super.onAuthenticationFailure(request, response, exception); final Locale locale = localeResolver.resolveLocale(request); String errorMessage = messages.getMessage("message.badCredentials", null, locale); if (exception.getMessage().equalsIgnoreCase("User is disabled")) { errorMessage = messages.getMessage("auth.message.disabled", null, locale); } else if (exception.getMessage().equalsIgnoreCase("User account has expired")) { errorMessage = messages.getMessage("auth.message.expired", null, locale); } else if (exception.getMessage().equalsIgnoreCase("blocked")) { errorMessage = messages.getMessage("auth.message.blocked", null, locale); } request.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, errorMessage); }
/** * {@inheritDoc} Send an SC_UNATHORIZED Error if the request has been send by AJAX */ @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { HttpServletRequest httpRequest = request; HttpServletResponse httpResponse = response; if (isAjaxRequest(httpRequest)) { // if its an ajax request do not forward to entry point, send 401 and remove saved // request for further processing httpRequest.getSession().removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED); SessionHandler.instance().resetOverriddenCurrentUserLocale(httpRequest); } else { super.commence(request, response, authException); } }
@RequestMapping(method = RequestMethod.GET, value = SecurityActionsUrlsProviderDefaultImpl.LOGIN_FAILED) public String handleLoginFailed(Model model, HttpServletRequest request) { Exception lastException = (Exception) request.getSession().getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); if (lastException != null) { log.info("Login failed due to exception", lastException); model.addAttribute("lastExceptionMessage", exceptionTranslatorSimplified.buildUserMessage(lastException)); // Delete it from session to avoid excessive memory consumption request.getSession().removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); } model.addAttribute("loginError", true); // Add validation errors FieldValidationException validationErrors = ExceptionUtils.findExceptionOfType(lastException, FieldValidationException.class); if (validationErrors != null) { for (ValidationError error : validationErrors.getErrors()) { model.addAttribute("ve_" + error.getFieldToken(), msg(error.getMessageCode(), error.getMessageArgs())); } } // add login failed message return getLoginForm(model); }
@Override protected void onConfigure() { super.onConfigure(); ServletWebRequest req = (ServletWebRequest) RequestCycle.get().getRequest(); HttpServletRequest httpReq = req.getContainerRequest(); HttpSession httpSession = httpReq.getSession(); Exception ex = (Exception) httpSession.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); if (ex == null) { return; } String msg = ex.getMessage(); if (StringUtils.isEmpty(msg)) { msg = "web.security.provider.unavailable"; } msg = getLocalizationService().translate(msg, null, getLocale(), msg); error(msg); httpSession.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); clearBreadcrumbs(); }
@RequestMapping(value = "/login", method = RequestMethod.GET) public ModelAndView login( @RequestParam(value = "logout", required = false, defaultValue = "false") String logout, @RequestParam(value = "registered", required = false, defaultValue = "false") String registered, HttpServletRequest request ) { // In our simple case i decided to use standard parameters AuthenticationFailureHandler // but we can create our handler ModelAndView model = new ModelAndView("login"); HttpSession session = request.getSession(false); if (session != null && session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION) != null) { logger.error(session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION).toString()); model.addObject("error", ((AuthenticationException) session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION)).getMessage()); } if (registered != null && registered.equals("true")) { model.addObject("registered", "You`ve been successfully registered. Please activate your account."); } if (logout != null && logout.equals("true")) { model.addObject("logout", "You've been logged out successfully."); } return model; }
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws ServletException, IOException { SavedRequest savedRequest = new HttpSessionRequestCache().getRequest(request, response); if (savedRequest == null) { return; } HttpSession session = request.getSession(); session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); // Use the DefaultSavedRequest URL String targetUrl = savedRequest.getRedirectUrl(); logger.debug("Redirecting to DefaultSavedRequest Url: " + targetUrl); response.sendRedirect(targetUrl); }
@Override protected void onInitialize() { super.onInitialize(); // Vérification des retours d'auth pac4J HttpServletRequest request = ((ServletWebRequest) RequestCycle.get().getRequest()).getContainerRequest(); Exception exception = (Exception) request.getSession().getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); if (exception != null) { if (exception instanceof DisabledException) { getSession().error(getString("home.identification.classic.error.userDisabled")); } else if (exception instanceof AuthenticationServiceException) { LOGGER.error("Authentication failed", exception); getSession().error(getString("home.identification.error.badCredentials") + exception.getMessage()); } else { LOGGER.error("An unknown error occurred during the authentication process", exception); getSession().error(getString("home.identification.error.unknown")); } request.getSession().removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); } }
private void clearAuthenticationAttributes(HttpServletRequest request) { HttpSession session = request.getSession(false); if (session == null) { return; } session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); }
@GetMapping(params = ERROR_PARAMETER_NAME) public String getLoginErrorForm(WebRequest request, Model model) { AuthenticationException error = (AuthenticationException) request .getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, RequestAttributes.SCOPE_SESSION); model.addAttribute(ERROR_PARAMETER_NAME, error != null ? error.getMessage() : DEFAULT_ERROR_MESSAGE); return getLoginForm(request, model); }
@Override public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException { AuthenticationException ae = (AuthenticationException) httpServletRequest.getSession().getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); if(ae==null){ HttpHelper.setResponseJsonData(httpServletResponse, JSON.toJSONString( JsonUtil.getFailJsonObject())); }else{ HttpHelper.setResponseJsonData(httpServletResponse, JSON.toJSONString( JsonUtil.getFailJsonObject(ae.getMessage()))); } }
/** * Removes temporary authentication-related data which may have been stored * in the session during the authentication process.. * */ protected final void clearAuthenticationAttributes(HttpServletRequest request) { HttpSession session = request.getSession(false); if (session == null) { return; } session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); }
protected void clearAuthenticationAttributes(HttpServletRequest request) { HttpSession session = request.getSession(false); if (session == null) { return; } session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); }
/** * Removes temporary authentication-related data which may have been stored in the * session during the authentication process. */ private final void clearAuthenticationAttributes(HttpServletRequest request) { HttpSession session = request.getSession(false); if (session == null) { return; } session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); }
private String getAuthenticationExceptionMessage(){ Exception exp=(Exception)ContextHolder.getHttpSession().getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); if(exp==null){ exp=(Exception)ContextHolder.getRequest().getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); } if(exp!=null){ if (logger.isDebugEnabled()){ logger.trace(exp.getMessage(), exp.getCause()); } return exp.getMessage(); } return null; }
/** * Removes any temporary authentication-related data which may have been * stored in the session during the authentication process. * * @param request http request. */ private void clearAuthenticationAttributes(HttpServletRequest request) { // Don't create new session. HttpSession session = request.getSession(false); if (session == null) { return; } session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); }
/** * Removes temporary authentication-related data which may have been stored in * the session during the authentication process.. * */ protected final void clearAuthenticationAttributes(HttpServletRequest request) { HttpSession session = request.getSession(false); if (session == null) { return; } session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); }
/** * Caches the {@code AuthenticationException} for use in view rendering. * <p> * If {@code forwardToDestination} is set to true, request scope will be used, otherwise it will attempt to store * the exception in the session. If there is no session and {@code allowSessionCreation} is {@code true} a session * will be created. Otherwise the exception will not be stored. */ protected final void saveException(HttpServletRequest request, AuthenticationException exception) { if (forwardToDestination) { request.setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, exception); } else { HttpSession session = request.getSession(false); if (session != null || allowSessionCreation) { request.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, exception); } } }
protected void clearAuthenticationAttributes(final HttpServletRequest request) { final HttpSession session = request.getSession(false); if (session == null) { return; } session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); }
/** * Removes temporary authentication-related data which may have been stored * in the session during the authentication process. */ protected final void clearAuthenticationAttributes( HttpServletRequest request) { HttpSession session = request.getSession(false); if (session == null) { return; } session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); }
/** * Removes temporary authentication-related data which may have been stored in the session * during the authentication process. */ protected final void clearAuthenticationAttributes(HttpServletRequest request) { HttpSession session = request.getSession(false); if (session == null) { return; } session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); }
/** * <p>clearAuthenticationAttributes.</p> * * @param request a {@link javax.servlet.http.HttpServletRequest} object. */ protected void clearAuthenticationAttributes(final HttpServletRequest request) { final HttpSession session = request.getSession(false); if (session == null) { return; } session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); }
@Override public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException { WebUtils.setSessionAttribute(request, WebAttributes.AUTHENTICATION_EXCEPTION, exception); Message message = new Message(); message.setCode(-500); message.setText(exception.getMessage()); response.setCharacterEncoding("UTF-8"); response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE); try (PrintWriter out = response.getWriter()) { out.append(objectMapper.writeValueAsString(message)); } }
/** * {@inheritDoc} */ @Override protected ModelAndView handleRequestInternal(HttpServletRequest request, HttpServletResponse response) throws Exception { ModelAndView mav = null; Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if (SecurityHelper.getCurrentUserId() != null && authentication != null) { /** * if an authenticated user got that far handle it as authentication success (which some * authentication filters do themselves) * * this handle will redirect to the home page or to the target url if provided */ authenticationSuccessHandler.onAuthenticationSuccess(request, response, authentication); } else { HttpSession session = request.getSession(false); if (session != null && session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION) != null) { // remove attribute for further calls session.removeAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); mav = new ModelAndView(getLoginFailedView()); } else { mav = new ModelAndView(getLoginView()); } } return mav; }
@RequestMapping(value = "/error/403", method = RequestMethod.GET) public ModelAndView denied(HttpServletRequest request) { ModelAndView mv = view("views/error/403"); mv.addObject("type", "failed"); Object o = request.getSession().getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); if (o != null && o instanceof RuntimeException) { RuntimeException ex = (RuntimeException) o; mv.addObject("message", ex.getMessage()); } return mv; }