Example 16 with Principal
use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.
the class DefaultPrincipalElectionStrategy method nominate.
@Override
public Principal nominate(final Collection<Authentication> authentications, final Map<String, Object> principalAttributes) {
final Principal principal = authentications.iterator().next().getPrincipal();
final Principal finalPrincipal = this.principalFactory.createPrincipal(principal.getId(), principalAttributes);
LOGGER.debug("Nominated [{}] as the primary principal", finalPrincipal);
return finalPrincipal;
}
Also used :
Principal(org.apereo.cas.authentication.principal.Principal)
Example 17 with Principal
use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.
the class JaasAuthenticationHandler method authenticateUsernamePasswordInternal.
@Override
protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential, final String originalPassword) throws GeneralSecurityException {
if (this.kerberosKdcSystemProperty != null) {
LOGGER.debug("Configured kerberos system property [{}] to [{}]", SYS_PROP_KERB5_KDC, this.kerberosKdcSystemProperty);
System.setProperty(SYS_PROP_KERB5_KDC, this.kerberosKdcSystemProperty);
}
if (this.kerberosRealmSystemProperty != null) {
LOGGER.debug("Setting kerberos system property [{}] to [{}]", SYS_PROP_KRB5_REALM, this.kerberosRealmSystemProperty);
System.setProperty(SYS_PROP_KRB5_REALM, this.kerberosRealmSystemProperty);
}
final String username = credential.getUsername();
final String password = credential.getPassword();
Principal principal = null;
final LoginContext lc = new LoginContext(this.realm, new UsernamePasswordCallbackHandler(username, password));
try {
LOGGER.debug("Attempting authentication for: [{}]", username);
lc.login();
final Set<java.security.Principal> principals = lc.getSubject().getPrincipals();
LOGGER.debug("JAAS principals extracted from subject are [{}}", principals);
if (principals != null && !principals.isEmpty()) {
final java.security.Principal secPrincipal = principals.iterator().next();
LOGGER.debug("JAAS principal detected from subject login context is [{}}", secPrincipal.getName());
principal = this.principalFactory.createPrincipal(secPrincipal.getName());
}
} finally {
lc.logout();
}
return createHandlerResult(credential, principal);
}
Also used :
LoginContext(javax.security.auth.login.LoginContext)
Principal(org.apereo.cas.authentication.principal.Principal)
Example 18 with Principal
use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.
the class RestfulAuthenticationPolicy method isSatisfiedBy.
@Override
public boolean isSatisfiedBy(final Authentication authentication) throws Exception {
try {
final HttpHeaders acceptHeaders = new HttpHeaders();
acceptHeaders.setAccept(CollectionUtils.wrap(MediaType.APPLICATION_JSON));
final HttpEntity<Principal> entity = new HttpEntity<>(authentication.getPrincipal(), acceptHeaders);
LOGGER.warn("Checking authentication policy for [{}] via POST at [{}]", authentication.getPrincipal(), this.endpoint);
final ResponseEntity<String> resp = restTemplate.exchange(this.endpoint, HttpMethod.POST, entity, String.class);
if (resp == null) {
LOGGER.warn("[{}] returned no responses", this.endpoint);
throw new GeneralSecurityException("No response returned from REST endpoint to determine authentication policy");
}
if (resp.getStatusCode() != HttpStatus.OK) {
final Exception ex = handleResponseStatusCode(resp.getStatusCode(), authentication.getPrincipal());
throw new GeneralSecurityException(ex);
}
return true;
} catch (final HttpClientErrorException e) {
final Exception ex = handleResponseStatusCode(e.getStatusCode(), authentication.getPrincipal());
throw new GeneralSecurityException(ex);
}
}
Also used :
HttpHeaders(org.springframework.http.HttpHeaders)
HttpClientErrorException(org.springframework.web.client.HttpClientErrorException)
HttpEntity(org.springframework.http.HttpEntity)
GeneralSecurityException(java.security.GeneralSecurityException)
Principal(org.apereo.cas.authentication.principal.Principal)
AccountLockedException(javax.security.auth.login.AccountLockedException)
AccountDisabledException(org.apereo.cas.authentication.exceptions.AccountDisabledException)
AccountExpiredException(javax.security.auth.login.AccountExpiredException)
HttpClientErrorException(org.springframework.web.client.HttpClientErrorException)
AccountNotFoundException(javax.security.auth.login.AccountNotFoundException)
GeneralSecurityException(java.security.GeneralSecurityException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
AccountPasswordMustChangeException(org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException)
Example 19 with Principal
use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.
the class UniquePrincipalAuthenticationPolicy method isSatisfiedBy.
@Override
public boolean isSatisfiedBy(final Authentication authentication) throws Exception {
try {
final Principal authPrincipal = authentication.getPrincipal();
final long count = this.ticketRegistry.getTickets(t -> {
boolean pass = TicketGrantingTicket.class.isInstance(t) && !t.isExpired();
if (pass) {
final Principal principal = TicketGrantingTicket.class.cast(t).getAuthentication().getPrincipal();
pass = principal.getId().equalsIgnoreCase(authPrincipal.getId());
}
return pass;
}).count();
if (count == 0) {
LOGGER.debug("Authentication policy is satisfied with [{}]", authPrincipal.getId());
return true;
}
LOGGER.warn("Authentication policy cannot be satisfied for principal [{}] because [{}] sessions currently exist", authPrincipal.getId(), count);
return false;
} catch (final Exception e) {
throw new GeneralSecurityException(e);
}
}
Also used :
AuthenticationPolicy(org.apereo.cas.authentication.AuthenticationPolicy)
Slf4j(lombok.extern.slf4j.Slf4j)
TicketRegistry(org.apereo.cas.ticket.registry.TicketRegistry)
GeneralSecurityException(java.security.GeneralSecurityException)
Authentication(org.apereo.cas.authentication.Authentication)
Principal(org.apereo.cas.authentication.principal.Principal)
AllArgsConstructor(lombok.AllArgsConstructor)
TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket)
TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket)
GeneralSecurityException(java.security.GeneralSecurityException)
Principal(org.apereo.cas.authentication.principal.Principal)
GeneralSecurityException(java.security.GeneralSecurityException)
Example 20 with Principal
use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.
the class WSFederationClaimsReleasePolicy method getAttributesInternal.
@Override
public Map<String, Object> getAttributesInternal(final Principal principal, final Map<String, Object> attrs, final RegisteredService service) {
final Map<String, Object> resolvedAttributes = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
resolvedAttributes.putAll(attrs);
final Map<String, Object> attributesToRelease = new HashMap<>(resolvedAttributes.size());
getAllowedAttributes().entrySet().stream().filter(entry -> WSFederationClaims.contains(entry.getKey().toUpperCase())).forEach(entry -> {
final String claimName = entry.getKey();
final String attributeName = entry.getValue();
final WSFederationClaims claim = WSFederationClaims.valueOf(claimName.toUpperCase());
LOGGER.debug("Evaluating claimName [{}] mapped to attribute name [{}]", claim.getUri(), attributeName);
final Object value = resolvedAttributes.get(attributeName);
if (value != null) {
LOGGER.debug("Adding claimName [{}] to the collection of released attributes", claim.getUri());
attributesToRelease.put(claim.getUri(), value);
}
});
return attributesToRelease;
}
Also used :
AbstractRegisteredServiceAttributeReleasePolicy(org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy)
Slf4j(lombok.extern.slf4j.Slf4j)
Setter(lombok.Setter)
TreeMap(java.util.TreeMap)
Getter(lombok.Getter)
Map(java.util.Map)
HashMap(java.util.HashMap)
Principal(org.apereo.cas.authentication.principal.Principal)
RegisteredService(org.apereo.cas.services.RegisteredService)
WSFederationClaims(org.apereo.cas.ws.idp.WSFederationClaims)
HashMap(java.util.HashMap)
WSFederationClaims(org.apereo.cas.ws.idp.WSFederationClaims)
TreeMap(java.util.TreeMap)
Aggregations
Principal (org.apereo.cas.authentication.principal.Principal)114
HashMap (java.util.HashMap)33
RegisteredService (org.apereo.cas.services.RegisteredService)31
Test (org.junit.Test)29
Authentication (org.apereo.cas.authentication.Authentication)26
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)26
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)26
OAuthRegisteredService (org.apereo.cas.support.oauth.services.OAuthRegisteredService)25
Map (java.util.Map)23
Slf4j (lombok.extern.slf4j.Slf4j)23
lombok.val (lombok.val)19
List (java.util.List)15
StringUtils (org.apache.commons.lang3.StringUtils)15
OAuthCode (org.apereo.cas.ticket.code.OAuthCode)15
CollectionUtils (org.apereo.cas.util.CollectionUtils)15
ArrayList (java.util.ArrayList)14
Optional (java.util.Optional)14
Service (org.apereo.cas.authentication.principal.Service)14
Collection (java.util.Collection)11
Collectors (java.util.stream.Collectors)10
