Examples of org.acegisecurity.providers.UsernamePasswordAuthenticationToken

• org.acegisecurity.providers.UsernamePasswordAuthenticationToken
  An {@link org.acegisecurity.Authentication} implementation that is designed for simple presentation of ausername and password.

  The principal and credentials should be set with an Object that provides the respective property via its Object.toString() method. The simplest such Object to use is String.

  @author Ben Alex @version $Id: UsernamePasswordAuthenticationToken.java 1784 2007-02-24 21:00:24Z luke_t $

        if (context != null) {
            Authentication auth = context.getAuthentication();

            if ((auth != null) && auth instanceof UsernamePasswordAuthenticationToken) {
                UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) auth;
                bAuthenticated = token.isAuthenticated();
            }
        }

        // if true is returned then authentication will be attempted.
        boolean bAttemptAuthentication = (uri.endsWith(request.getContextPath() + getFilterProcessesUrl()))

                username = token.substring(0, delim);
                password = token.substring(delim + 1);
            }

            if (authenticationIsRequired(username)) {
                UsernamePasswordAuthenticationToken authRequest =
                        new UsernamePasswordAuthenticationToken(username, password);
                authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));

                Authentication authResult;

                try {
                    authResult = authenticationManager.authenticate(authRequest);

            if (logger.isDebugEnabled()) {
                logger.debug("Authentication success for user: '" + username + "' with response: '" + responseDigest
                        + "'");
            }

            UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(user,
                    user.getPassword());

            authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));

            SecurityContextHolder.getContext().setAuthentication(authRequest);
        }

        chain.doFilter(request, response);

            password = "";
        }

        username = username.trim();

        UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);

        // Place the last username attempted into HttpSession for views
        request.getSession().setAttribute(ACEGI_SECURITY_LAST_USERNAME_KEY, username);

        // Allow subclasses to set the "details" property

        Assert.notNull(this.authenticationManager, "authenticationManager is required");
    }

    public GrantedAuthority[] attemptAuthentication(String username, String password)
        throws RemoteAuthenticationException {
        UsernamePasswordAuthenticationToken request = new UsernamePasswordAuthenticationToken(username, password);

        try {
            return authenticationManager.authenticate(request).getAuthorities();
        } catch (AuthenticationException authEx) {
            throw new RemoteAuthenticationException(authEx.getMessage());

        throws AuthenticationException {
        String username = authentication.getPrincipal().toString();
        String password = authentication.getCredentials().toString();
        GrantedAuthority[] authorities = remoteAuthenticationManager.attemptAuthentication(username, password);

        return new UsernamePasswordAuthenticationToken(username, password, authorities);
    }

     *         thrown, should the loginContext.login() method fail.
     */
    public Authentication authenticate(Authentication auth)
        throws AuthenticationException {
        if (auth instanceof UsernamePasswordAuthenticationToken) {
            UsernamePasswordAuthenticationToken request = (UsernamePasswordAuthenticationToken) auth;

            try {
                //Create the LoginContext object, and pass our InternallCallbackHandler
                LoginContext loginContext = new LoginContext(loginContextName, new InternalCallbackHandler(auth));

                //Attempt to login the user, the LoginContext will call our InternalCallbackHandler at this point.
                loginContext.login();

                //create a set to hold the authorities, and add any that have already been applied.
                Set authorities = new HashSet();

                if (request.getAuthorities() != null) {
                    authorities.addAll(Arrays.asList(request.getAuthorities()));
                }

                //get the subject principals and pass them to each of the AuthorityGranters
                Set principals = loginContext.getSubject().getPrincipals();

                for (Iterator iterator = principals.iterator(); iterator.hasNext();) {
                    Principal principal = (Principal) iterator.next();

                    for (int i = 0; i < authorityGranters.length; i++) {
                        AuthorityGranter granter = authorityGranters[i];
                        Set roles = granter.grant(principal);

                        //If the granter doesn't wish to grant any authorities, it should return null.
                        if ((roles != null) && !roles.isEmpty()) {
                            for (Iterator roleIterator = roles.iterator(); roleIterator.hasNext();) {
                                String role = roleIterator.next().toString();
                                authorities.add(new JaasGrantedAuthority(role, principal));
                            }
                        }
                    }
                }

                //Convert the authorities set back to an array and apply it to the token.
                JaasAuthenticationToken result = new JaasAuthenticationToken(request.getPrincipal(),
                        request.getCredentials(),
                        (GrantedAuthority[]) authorities.toArray(new GrantedAuthority[authorities.size()]), loginContext);

                //Publish the success event
                publishSuccessEvent(result);

        UserDetails user) {
        // Ensure we return the original credentials the user supplied,
        // so subsequent attempts are successful even with encoded passwords.
        // Also ensure we return the original getDetails(), so that future
        // authentication events after cache expiry contain the details
        UsernamePasswordAuthenticationToken result = new UsernamePasswordAuthenticationToken(principal,
                authentication.getCredentials(), user.getAuthorities());
        result.setDetails(authentication.getDetails());

        return result;
    }

        if (password == null) {
            password = "";
        }

        UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(username, password);

        authRequest.setDetails(authenticationDetailsSource.buildDetails((HttpServletRequest) request));

        return this.getAuthenticationManager().authenticate(authRequest);
    }

     * @throws AccountExpiredException If the target user account is expired.
     * @throws CredentialsExpiredException If the target user credentials are expired.
     */
    protected Authentication attemptSwitchUser(HttpServletRequest request)
        throws AuthenticationException {
        UsernamePasswordAuthenticationToken targetUserRequest = null;

        String username = request.getParameter(ACEGI_SECURITY_SWITCH_USERNAME_KEY);

        if (username == null) {
            username = "";