Examples of org.springframework.security.authentication.UsernamePasswordAuthenticationToken

• org.springframework.security.authentication.UsernamePasswordAuthenticationToken
  An {@link org.springframework.security.core.Authentication} implementation that is designed for simple presentationof a username and password.

  The principal and credentials should be set with an Object that provides the respective property via its Object.toString() method. The simplest such Object to use is String. @author Ben Alex

        Assert.notNull(mutableAclService, "mutableAclService required");
        Assert.notNull(template, "dataSource required");
        Assert.notNull(tt, "platformTransactionManager required");

        // Set a user account that will initially own all the created data
        Authentication authRequest = new UsernamePasswordAuthenticationToken("rod", "koala",
                AuthorityUtils.createAuthorityList("ROLE_IGNORED"));
        SecurityContextHolder.getContext().setAuthentication(authRequest);

        try {
            template.execute("DROP TABLE CONTACTS");

    public SecurityContext createSecurityContext(WithUserDetails withUser) {
        String username = withUser.value();
        Assert.hasLength(username, "value() must be non empty String");
        UserDetails principal = userDetailsService.loadUserByUsername(username);
        Authentication authentication = new UsernamePasswordAuthenticationToken(principal, principal.getPassword(), principal.getAuthorities());
        SecurityContext context = SecurityContextHolder.createEmptyContext();
        context.setAuthentication(authentication);
        return context;
    }

                throw new IllegalArgumentException("roles cannot start with ROLE_ Got " + role);
            }
            authorities.add(new SimpleGrantedAuthority("ROLE_"+role));
        }
        User principal = new User(username, withUser.password(), true, true, true, true, authorities);
        Authentication authentication = new UsernamePasswordAuthenticationToken(principal, principal.getPassword(), principal.getAuthorities());
        SecurityContext context = SecurityContextHolder.createEmptyContext();
        context.setAuthentication(authentication);
        return context;
    }

  public SecurityContext createSecurityContext(WithMockCustomUser customUser) {
    SecurityContext context = SecurityContextHolder.createEmptyContext();

    CustomUserDetails principal = new CustomUserDetails(customUser.name(), customUser.username());
    Authentication auth =
      new UsernamePasswordAuthenticationToken(principal, "password", principal.getAuthorities());
    context.setAuthentication(auth);
    return context;
  }

    //~ Methods ========================================================================================================

    @Before
    public void setUp() throws Exception {
        SecurityContextHolder.clearContext();
        UsernamePasswordAuthenticationToken rodRequest = new UsernamePasswordAuthenticationToken("rod", "koala");
        rodRequest.setDetails(new WebAuthenticationDetails(new MockHttpServletRequest()));
        Authentication rod =
            new UsernamePasswordAuthenticationToken("rod", "koala", AuthorityUtils.createAuthorityList("ROLE_1"));

        manager = mock(AuthenticationManager.class);
        when(manager.authenticate(rodRequest)).thenReturn(rod);
        when(manager.authenticate(not(eq(rodRequest)))).thenThrow(new BadCredentialsException(""));

            provider.authenticate(joe);
            fail("Expected BadCredentialsException for user with no domain information");
        } catch (BadCredentialsException expected) {
        }

        provider.authenticate(new UsernamePasswordAuthenticationToken("joe@mydomain.eu", "password"));
    }

    }

    // SEC-2500
    @Test(expected = BadCredentialsException.class)
    public void sec2500PreventAnonymousBind() {
        provider.authenticate(new UsernamePasswordAuthenticationToken("rwinch", ""));
    }

        when(dirCtx.search(eq("cn=Bob,ou=people"),
                            eq("(userPassword={0})"),
                            any(Object[].class),
                            any(SearchControls.class))).thenReturn(searchResults);

        authenticator.authenticate(new UsernamePasswordAuthenticationToken("Bob","bobspassword"));
    }

    public void testEmptyOrNullUserNameThrowsException() {
        LdapAuthenticationProvider ldapProvider = new LdapAuthenticationProvider(new MockAuthenticator(),
                new MockAuthoritiesPopulator());

        try {
            ldapProvider.authenticate(new UsernamePasswordAuthenticationToken(null, "password"));
            fail("Expected BadCredentialsException for empty username");
        } catch (BadCredentialsException expected) {}

        try {
            ldapProvider.authenticate(new UsernamePasswordAuthenticationToken("", "bobspassword"));
            fail("Expected BadCredentialsException for null username");
        } catch (BadCredentialsException expected) {}
    }

    }

    @Test(expected=BadCredentialsException.class)
    public void usernameNotFoundExceptionIsHiddenByDefault() {
        final LdapAuthenticator authenticator = mock(LdapAuthenticator.class);
        final UsernamePasswordAuthenticationToken joe = new UsernamePasswordAuthenticationToken("joe", "password");
        when(authenticator.authenticate(joe)).thenThrow(new UsernameNotFoundException("nobody"));

        LdapAuthenticationProvider provider = new LdapAuthenticationProvider(authenticator);
        provider.authenticate(joe);
    }