Examples of InsufficientAuthenticationException

• org.acegisecurity.InsufficientAuthenticationException
  Thrown if an authentication request is rejected because the credentials are not sufficiently trusted.

  { {@link org.acegisecurity.vote.AccessDecisionVoter}s will typically throw this exception if they are dissatisfied with the level of the authentication, such as if performed using a remember-me mechanism or anonymously. The commonly used {@link org.acegisecurity.ui.ExceptionTranslationFilter} will thus cause the AuthenticationEntryPointto be called, allowing the principal to authenticate with a stronger level of authentication.}

  @author Ben Alex @version $Id: InsufficientAuthenticationException.java 1496 2006-05-23 13:38:33Z benalex $
• org.springframework.security.InsufficientAuthenticationException
• org.springframework.security.authentication.InsufficientAuthenticationException
  Thrown if an authentication request is rejected because the credentials are not sufficiently trusted.

  {@link org.springframework.security.access.AccessDecisionVoter}s will typically throw this exception if they are dissatisfied with the level of the authentication, such as if performed using a remember-me mechanism or anonymously. The {@code ExceptionTranslationFilter} will then typically cause the {@code AuthenticationEntryPoint}to be called, allowing the principal to authenticate with a stronger level of authentication. @author Ben Alex

Examples of org.springframework.security.authentication.InsufficientAuthenticationException

                if (logger.isDebugEnabled()) {
                    logger.debug("Access is denied (user is anonymous); redirecting to authentication entry point",
                            exception);
                }

                sendStartAuthentication(request, response, chain, new InsufficientAuthenticationException(
                        "Full authentication is required to access this resource"));
            }
            else {
                if (logger.isDebugEnabled()) {
                    logger.debug("Access is denied (user is not anonymous); delegating to AccessDeniedHandler",

Examples of org.springframework.security.authentication.InsufficientAuthenticationException

      if (debug) {
        logger.debug("Authentication request failed: " + failed);
      }

      authenticationEntryPoint.commence(request, response,
          new InsufficientAuthenticationException(failed.getMessage(), failed));

      return;
    }

    chain.doFilter(request, response);

Examples of org.springframework.security.authentication.InsufficientAuthenticationException

  @RequestMapping(value = "/oauth/token")
  public ResponseEntity<OAuth2AccessToken> getAccessToken(Principal principal, @RequestParam
  Map<String, String> parameters) {

    if (!(principal instanceof Authentication)) {
      throw new InsufficientAuthenticationException(
          "There is no client authentication. Try adding an appropriate authentication filter.");
    }

    String clientId = getClientId(principal);
    ClientDetails authenticatedClient = getClientDetailsService().loadClientByClientId(clientId);

Examples of org.springframework.security.authentication.InsufficientAuthenticationException

   * @return a client id if there is one in the principal
   */
  protected String getClientId(Principal principal) {
    Authentication client = (Authentication) principal;
    if (!client.isAuthenticated()) {
      throw new InsufficientAuthenticationException("The client is not authenticated.");
    }
    String clientId = client.getName();
    if (client instanceof OAuth2Authentication) {
      // Might be a client and user combined authentication
      clientId = ((OAuth2Authentication) client).getOAuth2Request().getClientId();

Examples of org.springframework.security.authentication.InsufficientAuthenticationException

    OAuth2AccessToken existingToken = null;
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();

    if (auth instanceof AnonymousAuthenticationToken) {
      if (!resource.isClientOnly()) {
        throw new InsufficientAuthenticationException(
            "Authentication is required to obtain an access token (anonymous not allowed)");
      }
    }

    if (resource.isClientOnly() || (auth != null && auth.isAuthenticated())) {

Examples of org.springframework.security.authentication.InsufficientAuthenticationException

  @Override
  protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest clientToken) {

    Authentication userAuth = SecurityContextHolder.getContext().getAuthentication();
    if (userAuth==null || !userAuth.isAuthenticated()) {
      throw new InsufficientAuthenticationException("There is no currently logged in user");
    }
    Assert.state(clientToken instanceof ImplicitTokenRequest, "An ImplicitTokenRequest is required here. Caller needs to wrap the TokenRequest.");

    OAuth2Request requestForStorage = ((ImplicitTokenRequest)clientToken).getOAuth2Request();

Examples of org.springframework.security.authentication.InsufficientAuthenticationException

    }

    try {

      if (!(principal instanceof Authentication) || !((Authentication) principal).isAuthenticated()) {
        throw new InsufficientAuthenticationException(
            "User must be authenticated with Spring Security before authorization can be completed.");
      }

      ClientDetails client = getClientDetailsService().loadClientByClientId(authorizationRequest.getClientId());

Examples of org.springframework.security.authentication.InsufficientAuthenticationException

  public View approveOrDeny(@RequestParam Map<String, String> approvalParameters, Map<String, ?> model,
      SessionStatus sessionStatus, Principal principal) {

    if (!(principal instanceof Authentication)) {
      sessionStatus.setComplete();
      throw new InsufficientAuthenticationException(
          "User must be authenticated with Spring Security before authorizing an access token.");
    }

    AuthorizationRequest authorizationRequest = (AuthorizationRequest) model.get("authorizationRequest");

Examples of org.springframework.security.authentication.InsufficientAuthenticationException

    Set<String> accessTokenDeps = getAccessTokenDependencies(request, response, chain);
    if (!accessTokenDeps.isEmpty()) {
      Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
      if (isRequireAuthenticated() && !authentication.isAuthenticated()) {
        throw new InsufficientAuthenticationException("An authenticated principal must be present.");
      }

      OAuthSecurityContext context = OAuthSecurityContextHolder.getContext();
      if (context == null) {
        throw new IllegalStateException("No OAuth security context has been established. Unable to access resources.");

Examples of org.springframework.security.authentication.InsufficientAuthenticationException

      request.setAttribute(CALLBACK_ATTRIBUTE, callbackURL);
    }

    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    if (authentication == null || !authentication.isAuthenticated()) {
      throw new InsufficientAuthenticationException("User must be authenticated before authorizing a request token.");
    }
    String verifier = getVerifierServices().createVerifier();
    request.setAttribute(VERIFIER_ATTRIBUTE, verifier);
    getTokenServices().authorizeRequestToken(requestToken, verifier, authentication);
    return authentication;