Examples of org.springframework.security.authentication.BadCredentialsException

• org.springframework.security.authentication.BadCredentialsException
  Thrown if an authentication request is rejected because the credentials are invalid. For this exception to be thrown, it means the account is neither locked nor disabled. @author Ben Alex

    super.afterPropertiesSet();
    setAuthenticationFailureHandler(new AuthenticationFailureHandler() {
      public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
          AuthenticationException exception) throws IOException, ServletException {
        if (exception instanceof BadCredentialsException) {
          exception = new BadCredentialsException(exception.getMessage(), new BadClientCredentialsException());
        }
        authenticationEntryPoint.commence(request, response, exception);
      }
    });
    setAuthenticationSuccessHandler(new AuthenticationSuccessHandler() {

    if (authentication != null && authentication.isAuthenticated()) {
      return authentication;
    }

    if (clientId == null) {
      throw new BadCredentialsException("No client credentials presented");
    }

    if (clientSecret == null) {
      clientSecret = "";
    }

    public Authentication doAuthentication(Authentication authentication)
        throws AuthenticationException {
        if (grantAccess) {
          return new TestingAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), authorities);
        } else {
            throw new BadCredentialsException(
                "MockAuthenticationManager instructed to deny access");
        }
    }

  @Test(expected = InvalidGrantException.class)
  public void testBadCredentials() {
    ResourceOwnerPasswordTokenGranter granter = new ResourceOwnerPasswordTokenGranter(new AuthenticationManager() {
      public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        throw new BadCredentialsException("test");
      }
    }, providerTokenServices, clientDetailsService, requestFactory);
    granter.grant("password", tokenRequest);
  }

  }

  @Test
  public void testCommenceWithJson() throws Exception {
    request.addHeader("Accept", MediaType.APPLICATION_JSON_VALUE);
    entryPoint.commence(request, response, new BadCredentialsException("Bad"));
    assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getStatus());
    assertEquals("{\"error\":\"unauthorized\",\"error_description\":\"Bad\"}", response.getContentAsString());
    assertEquals(MediaType.APPLICATION_JSON_VALUE, response.getContentType());
    assertEquals(null, response.getErrorMessage());
  }

  }

  @Test
  public void testCommenceWithOAuth2Exception() throws Exception {
    request.addHeader("Accept", MediaType.APPLICATION_JSON_VALUE);
    entryPoint.commence(request, response, new BadCredentialsException("Bad", new InvalidClientException(
        "Bad client")));
    assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getStatus());
    assertEquals("{\"error\":\"invalid_client\",\"error_description\":\"Bad client\"}", response.getContentAsString());
    assertEquals(MediaType.APPLICATION_JSON_VALUE, response.getContentType());
    assertEquals(null, response.getErrorMessage());

  }

  @Test
  public void testCommenceWithXml() throws Exception {
    request.addHeader("Accept", MediaType.APPLICATION_XML_VALUE);
    entryPoint.commence(request, response, new BadCredentialsException("Bad"));
    assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getStatus());
    assertEquals("<oauth><error_description>Bad</error_description><error>unauthorized</error></oauth>",
        response.getContentAsString());
    assertEquals(MediaType.APPLICATION_XML_VALUE, response.getContentType());
    assertEquals(null, response.getErrorMessage());

  }

  @Test
  public void testTypeName() throws Exception {
    entryPoint.setTypeName("Foo");
    entryPoint.commence(request, response, new BadCredentialsException("Bad"));
    assertEquals("Foo realm=\"foo\", error=\"unauthorized\", error_description=\"Bad\"",
        response.getHeader("WWW-Authenticate"));
  }

        response.getHeader("WWW-Authenticate"));
  }

  @Test
  public void testCommenceWithEmptyAccept() throws Exception {
    entryPoint.commence(request, response, new BadCredentialsException("Bad"));
    assertEquals(HttpServletResponse.SC_UNAUTHORIZED, response.getStatus());
    assertEquals("{\"error\":\"unauthorized\",\"error_description\":\"Bad\"}", response.getContentAsString());
    assertTrue(MediaType.APPLICATION_JSON.isCompatibleWith(MediaType.valueOf(response.getContentType())));
    assertEquals(null, response.getErrorMessage());
  }

  }

  @Test
  public void testCommenceWithHtmlAccept() throws Exception {
    request.addHeader("Accept", MediaType.TEXT_HTML_VALUE);
    entryPoint.commence(request, response, new BadCredentialsException("Bad"));
    // TODO: maybe use forward / redirect for HTML content?
    assertEquals(HttpServletResponse.SC_NOT_ACCEPTABLE, response.getStatus());
    assertEquals("", response.getContentAsString());
    assertEquals(null, response.getErrorMessage());
  }