Examples with AuthenticationException org.apereo.cas.authentication.AuthenticationException used on opensource projects

Example 16 with AuthenticationException

use of org.apereo.cas.authentication.AuthenticationException in project cas by apereo.

the class ServiceTicketRequestWebflowEventResolver method grantServiceTicket.

/**
 * Grant service ticket for the given credential based on the service and tgt
 * that are found in the request context.
 *
 * @param context the context
 * @return the resulting event. Warning, authentication failure or error.
 * @since 4.1.0
 */
protected Event grantServiceTicket(final RequestContext context) {
    final String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(context);
    final Credential credential = getCredentialFromContext(context);
    try {
        final Service service = WebUtils.getService(context);
        final Authentication authn = ticketRegistrySupport.getAuthenticationFrom(ticketGrantingTicketId);
        final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
        if (authn != null && registeredService != null) {
            LOGGER.debug("Enforcing access strategy policies for registered service [{}] and principal [{}]", registeredService, authn.getPrincipal());
            final AuditableContext audit = AuditableContext.builder().service(service).authentication(authn).registeredService(registeredService).retrievePrincipalAttributesFromReleasePolicy(Boolean.TRUE).build();
            final AuditableExecutionResult accessResult = this.registeredServiceAccessStrategyEnforcer.execute(audit);
            accessResult.throwExceptionIfNeeded();
        }
        final AuthenticationResult authenticationResult = this.authenticationSystemSupport.handleAndFinalizeSingleAuthenticationTransaction(service, credential);
        final ServiceTicket serviceTicketId = this.centralAuthenticationService.grantServiceTicket(ticketGrantingTicketId, service, authenticationResult);
        WebUtils.putServiceTicketInRequestScope(context, serviceTicketId);
        WebUtils.putWarnCookieIfRequestParameterPresent(this.warnCookieGenerator, context);
        return newEvent(CasWebflowConstants.TRANSITION_ID_WARN);
    } catch (final AuthenticationException | AbstractTicketException e) {
        return newEvent(CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE, e);
    }
}

Example 17 with AuthenticationException

use of org.apereo.cas.authentication.AuthenticationException in project cas by apereo.

the class GlobalMultifactorAuthenticationPolicyEventResolver method resolveInternal.

@Override
public Set<Event> resolveInternal(final RequestContext context) {
    final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
    final Authentication authentication = WebUtils.getAuthentication(context);
    if (authentication == null) {
        LOGGER.debug("No authentication is available to determine event for principal");
        return null;
    }
    if (StringUtils.isBlank(globalProviderId)) {
        LOGGER.debug("No value could be found for request parameter [{}]", globalProviderId);
        return null;
    }
    LOGGER.debug("Attempting to globally activate [{}]", globalProviderId);
    final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    if (providerMap == null || providerMap.isEmpty()) {
        LOGGER.error("No multifactor authentication providers are available in the application context to handle [{}]", globalProviderId);
        throw new AuthenticationException();
    }
    final Optional<MultifactorAuthenticationProvider> providerFound = resolveProvider(providerMap, globalProviderId);
    if (providerFound.isPresent()) {
        final MultifactorAuthenticationProvider provider = providerFound.get();
        if (provider.isAvailable(service)) {
            LOGGER.debug("Attempting to build an event based on the authentication provider [{}] and service [{}]", provider, service);
            final Map<String, Object> attributes = buildEventAttributeMap(authentication.getPrincipal(), service, provider);
            final Event event = validateEventIdForMatchingTransitionInContext(provider.getId(), context, attributes);
            return CollectionUtils.wrapSet(event);
        }
        LOGGER.warn("Located multifactor provider [{}], yet the provider cannot be reached or verified", provider);
        return null;
    }
    LOGGER.warn("No multifactor provider could be found for [{}]", globalProviderId);
    throw new AuthenticationException();
}

Example 18 with AuthenticationException

use of org.apereo.cas.authentication.AuthenticationException in project cas by apereo.

the class GroovyScriptMultifactorAuthenticationPolicyEventResolver method resolveInternal.

@Override
public Set<Event> resolveInternal(final RequestContext context) {
    final Service service = resolveServiceFromAuthenticationRequest(context);
    final RegisteredService registeredService = resolveRegisteredServiceInRequestContext(context);
    final Authentication authentication = WebUtils.getAuthentication(context);
    if (groovyScript == null) {
        LOGGER.debug("No groovy script is configured for multifactor authentication");
        return null;
    }
    if (!ResourceUtils.doesResourceExist(groovyScript)) {
        LOGGER.warn("No groovy script is found at [{}] for multifactor authentication", groovyScript);
        return null;
    }
    if (authentication == null) {
        LOGGER.debug("No authentication is available to determine event for principal");
        return null;
    }
    if (registeredService == null || service == null) {
        LOGGER.debug("No registered service is available to determine event for principal [{}]", authentication.getPrincipal());
        return null;
    }
    final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    if (providerMap == null || providerMap.isEmpty()) {
        LOGGER.error("No multifactor authentication providers are available in the application context");
        throw new AuthenticationException();
    }
    try {
        final Object[] args = { service, registeredService, authentication, LOGGER };
        final String provider = ScriptingUtils.executeGroovyScript(groovyScript, args, String.class);
        LOGGER.debug("Groovy script run for [{}] returned the provider id [{}]", service, provider);
        if (StringUtils.isBlank(provider)) {
            return null;
        }
        final Optional<MultifactorAuthenticationProvider> providerFound = resolveProvider(providerMap, provider);
        if (providerFound.isPresent()) {
            final MultifactorAuthenticationProvider multifactorAuthenticationProvider = providerFound.get();
            if (multifactorAuthenticationProvider.isAvailable(registeredService)) {
                final Event event = validateEventIdForMatchingTransitionInContext(multifactorAuthenticationProvider.getId(), context, buildEventAttributeMap(authentication.getPrincipal(), registeredService, multifactorAuthenticationProvider));
                return CollectionUtils.wrapSet(event);
            }
            LOGGER.warn("Located multifactor provider [{}], yet the provider cannot be reached or verified", multifactorAuthenticationProvider);
            return null;
        }
        LOGGER.warn("No multifactor provider could be found for [{}]", provider);
        throw new AuthenticationException();
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
    }
    return null;
}

Example 19 with AuthenticationException

use of org.apereo.cas.authentication.AuthenticationException in project cas by apereo.

the class AdaptiveMultifactorAuthenticationPolicyEventResolver method checkRequireMultifactorProvidersForRequest.

private Set<Event> checkRequireMultifactorProvidersForRequest(final RequestContext context, final RegisteredService service, final Authentication authentication) {
    final ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
    final String clientIp = clientInfo.getClientIpAddress();
    LOGGER.debug("Located client IP address as [{}]", clientIp);
    final String agent = WebUtils.getHttpServletRequestUserAgentFromRequestContext();
    final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    final Set<Map.Entry<String, String>> entries = multifactorMap.entrySet();
    for (final Map.Entry entry : entries) {
        final String mfaMethod = entry.getKey().toString();
        final String pattern = entry.getValue().toString();
        final Optional<MultifactorAuthenticationProvider> providerFound = resolveProvider(providerMap, mfaMethod);
        if (!providerFound.isPresent()) {
            LOGGER.error("Adaptive authentication is configured to require [{}] for [{}], yet [{}] is absent in the configuration.", mfaMethod, pattern, mfaMethod);
            throw new AuthenticationException();
        }
        if (checkUserAgentOrClientIp(clientIp, agent, mfaMethod, pattern)) {
            return buildEvent(context, service, authentication, providerFound.get());
        }
        if (checkRequestGeoLocation(clientIp, mfaMethod, pattern)) {
            return buildEvent(context, service, authentication, providerFound.get());
        }
    }
    return null;
}

Example 20 with AuthenticationException

use of org.apereo.cas.authentication.AuthenticationException in project cas by apereo.

the class AdaptiveMultifactorAuthenticationPolicyEventResolver method resolveInternal.

@Override
public Set<Event> resolveInternal(final RequestContext context) {
    final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
    final Authentication authentication = WebUtils.getAuthentication(context);
    if (service == null || authentication == null) {
        LOGGER.debug("No service or authentication is available to determine event for principal");
        return null;
    }
    if (multifactorMap == null || multifactorMap.isEmpty()) {
        LOGGER.debug("Adaptive authentication is not configured to require multifactor authentication");
        return null;
    }
    final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    if (providerMap == null || providerMap.isEmpty()) {
        LOGGER.error("No multifactor authentication providers are available in the application context");
        throw new AuthenticationException();
    }
    final Set<Event> providerFound = checkRequireMultifactorProvidersForRequest(context, service, authentication);
    if (providerFound != null && !providerFound.isEmpty()) {
        LOGGER.warn("Found multifactor authentication providers [{}] required for this authentication event", providerFound);
        return providerFound;
    }
    return null;
}