public final Authentication autoLogin(HttpServletRequest request, HttpServletResponse response) {
String apiKey = obtainApiKey(request);
if (apiKey == null) {
return null;
}
UserDetails user = null;
try {
user = userDetailsService.loadUserByUsername(apiKey);
userDetailsChecker.check(user);
return createSuccessfulAuthentication(request, user);
} catch (AccountStatusException statusInvalid) {
logger.debug("Invalid UserDetails: " + statusInvalid.getMessage());
}
return null;
}
java类org.springframework.security.authentication.AccountStatusException的实例源码
ApiKeyServices.java 文件源码
项目:artsholland-platform
阅读 27
收藏 0
点赞 0
评论 0
ResourceOwnerPasswordTokenGranter.java 文件源码
项目:oauth-client-master
阅读 26
收藏 0
点赞 0
评论 0
@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client, TokenRequest tokenRequest) {
Map<String, String> parameters = tokenRequest.getRequestParameters();
String username = parameters.get("username");
String password = parameters.get("password");
Authentication userAuth = new UsernamePasswordAuthenticationToken(username, password);
try {
userAuth = authenticationManager.authenticate(userAuth);
}
catch (AccountStatusException ase) {
//covers expired, locked, disabled cases (mentioned in section 5.2, draft 31)
throw new InvalidGrantException(ase.getMessage());
}
catch (BadCredentialsException e) {
// If the username/password are wrong the spec says we should send 400/invlid grant
throw new InvalidGrantException(e.getMessage());
}
if (userAuth == null || !userAuth.isAuthenticated()) {
throw new InvalidGrantException("Could not authenticate user: " + username);
}
OAuth2Request storedOAuth2Request = getRequestFactory().createOAuth2Request(client, tokenRequest);
return new OAuth2Authentication(storedOAuth2Request, userAuth);
}
CustomResourceOwnerPasswordTokenGranter.java 文件源码
项目:spring-auth-example
阅读 34
收藏 0
点赞 0
评论 0
@Override
protected OAuth2Authentication getOAuth2Authentication(ClientDetails client,
TokenRequest tokenRequest) {
Map<String, String> parameters = new LinkedHashMap<String, String>(
tokenRequest.getRequestParameters());
String username = parameters.get("username");
String password = parameters.get("password");
String clientId = client.getClientId();
// Protect from downstream leaks of password
parameters.remove("password");
Authentication userAuth;
if ("foo_app".equalsIgnoreCase(clientId)) {
userAuth = new FooUsernamePasswordAuthenticationToken(username,
password);
} else if ("bar_app".equalsIgnoreCase(clientId)) {
userAuth = new BarUsernamePasswordAuthenticationToken(username,
password);
} else {
throw new InvalidGrantException("Unknown client: " + clientId);
}
((AbstractAuthenticationToken) userAuth).setDetails(parameters);
try {
userAuth = authenticationManager.authenticate(userAuth);
} catch (AccountStatusException ase) {
//covers expired, locked, disabled cases (mentioned in section 5.2, draft 31)
throw new InvalidGrantException(ase.getMessage());
} catch (BadCredentialsException e) {
// If the username/password are wrong the spec says we should send 400/invalid grant
throw new InvalidGrantException(e.getMessage());
}
if (userAuth == null || !userAuth.isAuthenticated()) {
throw new InvalidGrantException(
"Could not authenticate user: " + username);
}
OAuth2Request storedOAuth2Request = getRequestFactory()
.createOAuth2Request(client, tokenRequest);
return new OAuth2Authentication(storedOAuth2Request, userAuth);
}
