Examples of org.springframework.security.authentication.InsufficientAuthenticationException

• org.springframework.security.authentication.InsufficientAuthenticationException
  Thrown if an authentication request is rejected because the credentials are not sufficiently trusted.

  {@link org.springframework.security.access.AccessDecisionVoter}s will typically throw this exception if they are dissatisfied with the level of the authentication, such as if performed using a remember-me mechanism or anonymously. The {@code ExceptionTranslationFilter} will then typically cause the {@code AuthenticationEntryPoint}to be called, allowing the principal to authenticate with a stronger level of authentication. @author Ben Alex

                if (logger.isDebugEnabled()) {
                    logger.debug("Access is denied (user is anonymous); redirecting to authentication entry point",
                                    exception);
                }

                sendStartAuthentication(request, response, chain, new InsufficientAuthenticationException(
                                "Full authentication is required to access this resource"));
            } else {
                if (logger.isDebugEnabled()) {
                    logger.debug("Access is denied (user is not anonymous); delegating to AccessDeniedHandler",
                                    exception);

        else if (exception instanceof AccessDeniedException) {
            if (authenticationTrustResolver.isAnonymous(SecurityContextHolder.getContext().getAuthentication())) {
                logger.debug("Access is denied (user is anonymous); redirecting to authentication entry point",
                            exception);

                sendStartAuthentication(request, response, chain, new InsufficientAuthenticationException(
                        "Full authentication is required to access this resource"));
            }
            else {
                logger.debug("Access is denied (user is not anonymous); delegating to AccessDeniedHandler", exception);

                if (logger.isDebugEnabled()) {
                    logger.debug("Access is denied (user is anonymous); redirecting to authentication entry point",
                            exception);
                }

                sendStartAuthentication(request, response, chain, new InsufficientAuthenticationException(
                        "Full authentication is required to access this resource"));
            }
            else {
                if (logger.isDebugEnabled()) {
                    logger.debug("Access is denied (user is not anonymous); delegating to AccessDeniedHandler",

      if (debug) {
        logger.debug("Authentication request failed: " + failed);
      }

      authenticationEntryPoint.commence(request, response,
          new InsufficientAuthenticationException(failed.getMessage(), failed));

      return;
    }

    chain.doFilter(request, response);

  @RequestMapping(value = "/oauth/token")
  public ResponseEntity<OAuth2AccessToken> getAccessToken(Principal principal, @RequestParam
  Map<String, String> parameters) {

    if (!(principal instanceof Authentication)) {
      throw new InsufficientAuthenticationException(
          "There is no client authentication. Try adding an appropriate authentication filter.");
    }

    String clientId = getClientId(principal);
    ClientDetails authenticatedClient = getClientDetailsService().loadClientByClientId(clientId);

   * @return a client id if there is one in the principal
   */
  protected String getClientId(Principal principal) {
    Authentication client = (Authentication) principal;
    if (!client.isAuthenticated()) {
      throw new InsufficientAuthenticationException("The client is not authenticated.");
    }
    String clientId = client.getName();
    if (client instanceof OAuth2Authentication) {
      // Might be a client and user combined authentication
      clientId = ((OAuth2Authentication) client).getOAuth2Request().getClientId();

    OAuth2AccessToken existingToken = null;
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();

    if (auth instanceof AnonymousAuthenticationToken) {
      if (!resource.isClientOnly()) {
        throw new InsufficientAuthenticationException(
            "Authentication is required to obtain an access token (anonymous not allowed)");
      }
    }

    if (resource.isClientOnly() || (auth != null && auth.isAuthenticated())) {

  @Override
  protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest clientToken) {

    Authentication userAuth = SecurityContextHolder.getContext().getAuthentication();
    if (userAuth==null || !userAuth.isAuthenticated()) {
      throw new InsufficientAuthenticationException("There is no currently logged in user");
    }
    Assert.state(clientToken instanceof ImplicitTokenRequest, "An ImplicitTokenRequest is required here. Caller needs to wrap the TokenRequest.");

    OAuth2Request requestForStorage = ((ImplicitTokenRequest)clientToken).getOAuth2Request();

    }

    try {

      if (!(principal instanceof Authentication) || !((Authentication) principal).isAuthenticated()) {
        throw new InsufficientAuthenticationException(
            "User must be authenticated with Spring Security before authorization can be completed.");
      }

      ClientDetails client = getClientDetailsService().loadClientByClientId(authorizationRequest.getClientId());

  public View approveOrDeny(@RequestParam Map<String, String> approvalParameters, Map<String, ?> model,
      SessionStatus sessionStatus, Principal principal) {

    if (!(principal instanceof Authentication)) {
      sessionStatus.setComplete();
      throw new InsufficientAuthenticationException(
          "User must be authenticated with Spring Security before authorizing an access token.");
    }

    AuthorizationRequest authorizationRequest = (AuthorizationRequest) model.get("authorizationRequest");