From 3b05daf371557b60534a5c4244fb52b9ef8b18d8 Mon Sep 17 00:00:00 2001
From: Zbynek Konecny <zbynek@geogebra.org>
Date: Thu, 14 May 2026 00:32:41 +0200
Subject: [PATCH] Throw checked exception when password authentication fails

---
 .../java/org/jenkinsci/plugins/GitLabSecurityRealm.java     | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/jenkinsci/plugins/GitLabSecurityRealm.java b/src/main/java/org/jenkinsci/plugins/GitLabSecurityRealm.java
index 11a15bb..941d49d 100644
--- a/src/main/java/org/jenkinsci/plugins/GitLabSecurityRealm.java
+++ b/src/main/java/org/jenkinsci/plugins/GitLabSecurityRealm.java
@@ -470,16 +470,14 @@ public Authentication authenticate(Authentication authentication) throws Authent
                         if (authentication instanceof GitLabAuthenticationToken) {
                             return authentication;
                         }
-                        if (authentication instanceof UsernamePasswordAuthenticationToken) {
+                        if (authentication instanceof UsernamePasswordAuthenticationToken token) {
                             try {
-                                UsernamePasswordAuthenticationToken token =
-                                        (UsernamePasswordAuthenticationToken) authentication;
                                 GitLabAuthenticationToken gitlab = new GitLabAuthenticationToken(
                                         token.getCredentials().toString(), getGitlabApiUri(), TokenType.PRIVATE);
                                 SecurityContextHolder.getContext().setAuthentication(gitlab);
                                 return gitlab;
                             } catch (GitLabApiException e) {
-                                throw new RuntimeException(e);
+                                throw new BadCredentialsException("Authentication failed", e);
                             }
                         }
                         throw new BadCredentialsException("Unexpected authentication type: " + authentication);