use of org.apereo.cas.services.RegisteredService in project cas by apereo.
the class LogoutAction method doInternalExecute.
@Override
protected Event doInternalExecute(final HttpServletRequest request, final HttpServletResponse response, final RequestContext context) throws Exception {
boolean needFrontSlo = false;
final List<LogoutRequest> logoutRequests = WebUtils.getLogoutRequests(context);
if (logoutRequests != null) {
// if some logout request must still be attempted
needFrontSlo = logoutRequests.stream().anyMatch(logoutRequest -> logoutRequest.getStatus() == LogoutRequestStatus.NOT_ATTEMPTED);
}
final String paramName = StringUtils.defaultIfEmpty(logoutProperties.getRedirectParameter(), CasProtocolConstants.PARAMETER_SERVICE);
LOGGER.debug("Using parameter name [{}] to detect destination service, if any", paramName);
final String service = request.getParameter(paramName);
LOGGER.debug("Located target service [{}] for redirection after logout", paramName);
if (logoutProperties.isFollowServiceRedirects() && StringUtils.isNotBlank(service)) {
final Service webAppService = webApplicationServiceFactory.createService(service);
final RegisteredService rService = this.servicesManager.findServiceBy(webAppService);
if (rService != null && rService.getAccessStrategy().isServiceAccessAllowed()) {
LOGGER.debug("Redirecting to service [{}]", service);
WebUtils.putLogoutRedirectUrl(context, service);
} else {
LOGGER.warn("Cannot redirect to [{}] given the service is unauthorized to use CAS. " + "Ensure the service is registered with CAS and is enabled to allowed access", service);
}
} else {
LOGGER.debug("No target service is located for redirection after logout, or CAS is not allowed to follow redirects after logout");
}
// there are some front services to logout, perform front SLO
if (needFrontSlo) {
LOGGER.debug("Proceeding forward with front-channel single logout");
return new Event(this, FRONT_EVENT);
}
LOGGER.debug("Moving forward to finish the logout process");
return new Event(this, FINISH_EVENT);
}
use of org.apereo.cas.services.RegisteredService in project cas by apereo.
the class SendTicketGrantingTicketAction method isAuthenticationRenewed.
/**
* Tries to determine if authentication was created as part of a "renew" event.
* Renewed authentications can occur if the service is not allowed to participate
* in SSO or if a "renew" request parameter is specified.
*
* @param ctx the request context
* @return true if renewed
*/
private boolean isAuthenticationRenewed(final RequestContext ctx) {
if (ctx.getRequestParameters().contains(CasProtocolConstants.PARAMETER_RENEW)) {
LOGGER.debug("[{}] is specified for the request. The authentication session will be considered renewed.", CasProtocolConstants.PARAMETER_RENEW);
return true;
}
final Service service = WebUtils.getService(ctx);
if (service != null) {
final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
if (registeredService != null) {
final boolean isAllowedForSso = registeredService.getAccessStrategy().isServiceAccessAllowedForSso();
LOGGER.debug("Located [{}] in registry. Service access to participate in SSO is set to [{}]", registeredService.getServiceId(), isAllowedForSso);
return !isAllowedForSso;
}
}
return false;
}
use of org.apereo.cas.services.RegisteredService in project cas by apereo.
the class GatewayServicesManagementCheck method doExecute.
@Override
protected Event doExecute(final RequestContext context) throws Exception {
final Service service = WebUtils.getService(context);
final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
if (registeredService == null) {
final String msg = String.format("Service Management: Unauthorized Service Access. " + "Service [%s] does not match entries in service registry.", service.getId());
LOGGER.warn(msg);
throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, msg);
}
if (!registeredService.getAccessStrategy().isServiceAccessAllowed()) {
final String msg = String.format("Service Management: Access to service [%s] " + "is disabled by the service registry.", service.getId());
LOGGER.warn(msg);
WebUtils.putUnauthorizedRedirectUrlIntoFlowScope(context, registeredService.getAccessStrategy().getUnauthorizedRedirectUrl());
throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, msg);
}
return success();
}
use of org.apereo.cas.services.RegisteredService in project cas by apereo.
the class ServiceAuthorizationCheckTests method setUpMocks.
@Before
public void setUpMocks() {
final RegexRegisteredService authorizedRegisteredService = new RegexRegisteredService();
final RegexRegisteredService unauthorizedRegisteredService = new RegexRegisteredService();
unauthorizedRegisteredService.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(false, false));
final List<RegisteredService> list = new ArrayList<>();
list.add(authorizedRegisteredService);
list.add(unauthorizedRegisteredService);
when(this.servicesManager.findServiceBy(this.authorizedService)).thenReturn(authorizedRegisteredService);
when(this.servicesManager.findServiceBy(this.unauthorizedService)).thenReturn(unauthorizedRegisteredService);
when(this.servicesManager.findServiceBy(this.undefinedService)).thenReturn(null);
when(this.servicesManager.getAllServices()).thenReturn(list);
this.serviceAuthorizationCheck = new ServiceAuthorizationCheck(this.servicesManager);
}
use of org.apereo.cas.services.RegisteredService in project cas by apereo.
the class CentralAuthenticationServiceImplWithMockitoTests method createMockRegisteredService.
private static RegisteredService createMockRegisteredService(final String svcId, final boolean enabled, final RegisteredServiceProxyPolicy proxy) {
final RegisteredService mockRegSvc = mock(RegisteredService.class);
when(mockRegSvc.getServiceId()).thenReturn(svcId);
when(mockRegSvc.getProxyPolicy()).thenReturn(proxy);
when(mockRegSvc.getName()).thenReturn(svcId);
when(mockRegSvc.matches(argThat(new VerifyServiceByIdMatcher(svcId)))).thenReturn(true);
when(mockRegSvc.getAttributeReleasePolicy()).thenReturn(new ReturnAllAttributeReleasePolicy());
when(mockRegSvc.getUsernameAttributeProvider()).thenReturn(new DefaultRegisteredServiceUsernameProvider());
when(mockRegSvc.getAccessStrategy()).thenReturn(new DefaultRegisteredServiceAccessStrategy(enabled, true));
return mockRegSvc;
}
Aggregations