Examples of org.springframework.security.authentication.BadCredentialsException

• org.springframework.security.authentication.BadCredentialsException
  Thrown if an authentication request is rejected because the credentials are invalid. For this exception to be thrown, it means the account is neither locked nor disabled. @author Ben Alex

    @Test
    public void defaultTargetUrlIsUsedIfNoMappingExists() throws Exception {
        ExceptionMappingAuthenticationFailureHandler fh = new ExceptionMappingAuthenticationFailureHandler();
        fh.setDefaultFailureUrl("/failed");
        MockHttpServletResponse response = new MockHttpServletResponse();
        fh.onAuthenticationFailure(new MockHttpServletRequest(), response, new BadCredentialsException(""));

        assertEquals("/failed", response.getRedirectedUrl());
    }

        HashMap<String, String> mapping = new HashMap<String, String>();
        mapping.put("org.springframework.security.authentication.BadCredentialsException", "/badcreds");
        fh.setExceptionMappings(mapping);
        fh.setDefaultFailureUrl("/failed");
        MockHttpServletResponse response = new MockHttpServletResponse();
        fh.onAuthenticationFailure(new MockHttpServletRequest(), response, new BadCredentialsException(""));

        assertEquals("/badcreds", response.getRedirectedUrl());
    }

        public MockAuthenticationFilter(boolean grantAccess) {
            this();
            setRememberMeServices(new NullRememberMeServices());
            this.grantAccess = grantAccess;
            this.exceptionToThrow = new BadCredentialsException("Mock requested to do so");
        }

        request.setContextPath("/mycontext");
        request.setRequestURI("/mycontext/secure/page.html");

        // Setup the FilterChain to thrown an authentication failure exception
        FilterChain fc = mock(FilterChain.class);
        doThrow(new BadCredentialsException("")).when(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));

        // Test
        ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
        filter.setAuthenticationEntryPoint(mockEntryPoint);
        filter.afterPropertiesSet();

        request.setContextPath("/mycontext");
        request.setRequestURI("/mycontext/secure/page.html");

        // Setup the FilterChain to thrown an authentication failure exception
        FilterChain fc = mock(FilterChain.class);
        doThrow(new BadCredentialsException("")).when(fc).doFilter(any(HttpServletRequest.class), any(HttpServletResponse.class));

        // Test
        ExceptionTranslationFilter filter = new ExceptionTranslationFilter();
        filter.setAuthenticationEntryPoint(mockEntryPoint);
        HttpSessionRequestCache requestCache = new HttpSessionRequestCache();

        request.addParameter("login_error", "true");
        MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
        String message = messages.getMessage(
                "AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials", Locale.KOREA);
        System.out.println("Message: " + message);
        request.getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, new BadCredentialsException(message));

        filter.doFilter(request, new MockHttpServletResponse(), chain);
    }

                super.onUnsuccessfulAuthentication(request, response, failed);
                SecurityContextHolder.getContext().setAuthentication(failedAuth);
            }
        };
        AuthenticationManager am = mock(AuthenticationManager.class);
        when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
        filter.setAuthenticationManager(am);
        filter.setRememberMeServices(new MockRememberMeServices(remembered));
        filter.setApplicationEventPublisher(mock(ApplicationEventPublisher.class));
        filter.afterPropertiesSet();

    }

    @Test
    public void filterChainProceedsOnFailedAuthenticationByDefault() throws Exception {
        AuthenticationManager am = mock(AuthenticationManager.class);
        when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
        filter.setAuthenticationManager(am);
        filter.afterPropertiesSet();
        filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(FilterChain.class));
        assertNull(SecurityContextHolder.getContext().getAuthentication());
    }

    /* SEC-881 */
    @Test(expected=BadCredentialsException.class)
    public void exceptionIsThrownOnFailedAuthenticationIfContinueFilterChainOnUnsuccessfulAuthenticationSetToFalse() throws Exception {
        AuthenticationManager am = mock(AuthenticationManager.class);
        when(am.authenticate(any(Authentication.class))).thenThrow(new BadCredentialsException(""));
        filter.setContinueFilterChainOnUnsuccessfulAuthentication(false);
        filter.setAuthenticationManager(am);
        filter.afterPropertiesSet();
        filter.doFilter(new MockHttpServletRequest(), new MockHttpServletResponse(), mock(FilterChain.class));
        assertNull(SecurityContextHolder.getContext().getAuthentication());

        Authentication rod =
            new UsernamePasswordAuthenticationToken("rod", "koala", AuthorityUtils.createAuthorityList("ROLE_1"));

        manager = mock(AuthenticationManager.class);
        when(manager.authenticate(rodRequest)).thenReturn(rod);
        when(manager.authenticate(not(eq(rodRequest)))).thenThrow(new BadCredentialsException(""));

        filter = new BasicAuthenticationFilter();
        filter.setAuthenticationManager(manager);
        filter.setAuthenticationEntryPoint(new BasicAuthenticationEntryPoint());
    }