Example 1 with Audit
use of org.apereo.inspektr.audit.annotation.Audit in project cas by apereo.
the class AbstractAuthenticationManager method authenticate.
@Override
@Audit(action = "AUTHENTICATION", actionResolverName = "AUTHENTICATION_RESOLVER", resourceResolverName = "AUTHENTICATION_RESOURCE_RESOLVER")
@Timed(name = "AUTHENTICATE_TIMER")
@Metered(name = "AUTHENTICATE_METER")
@Counted(name = "AUTHENTICATE_COUNT", monotonic = true)
public Authentication authenticate(final AuthenticationTransaction transaction) throws AuthenticationException {
AuthenticationCredentialsLocalBinder.bindCurrent(transaction.getCredentials());
final AuthenticationBuilder builder = authenticateInternal(transaction);
authenticationEventExecutionPlan.getAuthenticationPostProcessors().forEach(p -> {
LOGGER.info("Invoking authentication post processor [{}]", p);
p.process(transaction, builder);
});
final Authentication authentication = builder.build();
final Principal principal = authentication.getPrincipal();
if (principal instanceof NullPrincipal) {
throw new UnresolvedPrincipalException(authentication);
}
addAuthenticationMethodAttribute(builder, authentication);
LOGGER.info("Authenticated principal [{}] with attributes [{}] via credentials [{}].", principal.getId(), principal.getAttributes(), transaction.getCredentials());
populateAuthenticationMetadataAttributes(builder, transaction.getCredentials());
final Authentication a = builder.build();
AuthenticationCredentialsLocalBinder.bindCurrent(a);
return a;
}
Also used :
NullPrincipal(org.apereo.cas.authentication.principal.NullPrincipal)
UnresolvedPrincipalException(org.apereo.cas.authentication.exceptions.UnresolvedPrincipalException)
NullPrincipal(org.apereo.cas.authentication.principal.NullPrincipal)
Principal(org.apereo.cas.authentication.principal.Principal)
Audit(org.apereo.inspektr.audit.annotation.Audit)
Counted(com.codahale.metrics.annotation.Counted)
Metered(com.codahale.metrics.annotation.Metered)
Timed(com.codahale.metrics.annotation.Timed)
Example 2 with Audit
use of org.apereo.inspektr.audit.annotation.Audit in project cas by apereo.
the class DefaultCentralAuthenticationService method destroyTicketGrantingTicket.
@Audit(action = "TICKET_GRANTING_TICKET_DESTROYED", actionResolverName = "DESTROY_TICKET_GRANTING_TICKET_RESOLVER", resourceResolverName = "DESTROY_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER")
@Timed(name = "DESTROY_TICKET_GRANTING_TICKET_TIMER")
@Metered(name = "DESTROY_TICKET_GRANTING_TICKET_METER")
@Counted(name = "DESTROY_TICKET_GRANTING_TICKET_COUNTER", monotonic = true)
@Override
public List<LogoutRequest> destroyTicketGrantingTicket(final String ticketGrantingTicketId) {
try {
LOGGER.debug("Removing ticket [{}] from registry...", ticketGrantingTicketId);
final TicketGrantingTicket ticket = getTicket(ticketGrantingTicketId, TicketGrantingTicket.class);
LOGGER.debug("Ticket found. Processing logout requests and then deleting the ticket...");
AuthenticationCredentialsThreadLocalBinder.bindCurrent(ticket.getAuthentication());
final List<LogoutRequest> logoutRequests = this.logoutManager.performLogout(ticket);
deleteTicket(ticketGrantingTicketId);
doPublishEvent(new CasTicketGrantingTicketDestroyedEvent(this, ticket));
return logoutRequests;
} catch (final InvalidTicketException e) {
LOGGER.debug("TicketGrantingTicket [{}] cannot be found in the ticket registry.", ticketGrantingTicketId);
}
return new ArrayList<>(0);
}
Also used :
TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket)
InvalidTicketException(org.apereo.cas.ticket.InvalidTicketException)
ArrayList(java.util.ArrayList)
CasTicketGrantingTicketDestroyedEvent(org.apereo.cas.support.events.ticket.CasTicketGrantingTicketDestroyedEvent)
LogoutRequest(org.apereo.cas.logout.LogoutRequest)
Audit(org.apereo.inspektr.audit.annotation.Audit)
Counted(com.codahale.metrics.annotation.Counted)
Metered(com.codahale.metrics.annotation.Metered)
Timed(com.codahale.metrics.annotation.Timed)
Example 3 with Audit
use of org.apereo.inspektr.audit.annotation.Audit in project cas by apereo.
the class DefaultCentralAuthenticationService method grantServiceTicket.
@Audit(action = "SERVICE_TICKET", actionResolverName = "GRANT_SERVICE_TICKET_RESOLVER", resourceResolverName = "GRANT_SERVICE_TICKET_RESOURCE_RESOLVER")
@Timed(name = "GRANT_SERVICE_TICKET_TIMER")
@Metered(name = "GRANT_SERVICE_TICKET_METER")
@Counted(name = "GRANT_SERVICE_TICKET_COUNTER", monotonic = true)
@Override
public ServiceTicket grantServiceTicket(final String ticketGrantingTicketId, final Service service, final AuthenticationResult authenticationResult) throws AuthenticationException, AbstractTicketException {
final boolean credentialProvided = authenticationResult != null && authenticationResult.isCredentialProvided();
final TicketGrantingTicket ticketGrantingTicket = getTicket(ticketGrantingTicketId, TicketGrantingTicket.class);
final Service selectedService = resolveServiceFromAuthenticationRequest(service);
final RegisteredService registeredService = this.servicesManager.findServiceBy(selectedService);
final AuditableContext audit = AuditableContext.builder().service(selectedService).ticketGrantingTicket(ticketGrantingTicket).registeredService(registeredService).retrievePrincipalAttributesFromReleasePolicy(Boolean.FALSE).build();
final AuditableExecutionResult accessResult = this.registeredServiceAccessStrategyEnforcer.execute(audit);
accessResult.throwExceptionIfNeeded();
final Authentication currentAuthentication = evaluatePossibilityOfMixedPrincipals(authenticationResult, ticketGrantingTicket);
RegisteredServiceAccessStrategyUtils.ensureServiceSsoAccessIsAllowed(registeredService, selectedService, ticketGrantingTicket, credentialProvided);
evaluateProxiedServiceIfNeeded(selectedService, ticketGrantingTicket, registeredService);
// Perform security policy check by getting the authentication that satisfies the configured policy
getAuthenticationSatisfiedByPolicy(currentAuthentication, new ServiceContext(selectedService, registeredService));
final Authentication latestAuthentication = ticketGrantingTicket.getRoot().getAuthentication();
AuthenticationCredentialsThreadLocalBinder.bindCurrent(latestAuthentication);
final Principal principal = latestAuthentication.getPrincipal();
final ServiceTicketFactory factory = (ServiceTicketFactory) this.ticketFactory.get(ServiceTicket.class);
final ServiceTicket serviceTicket = factory.create(ticketGrantingTicket, service, credentialProvided, ServiceTicket.class);
this.ticketRegistry.updateTicket(ticketGrantingTicket);
this.ticketRegistry.addTicket(serviceTicket);
LOGGER.info("Granted ticket [{}] for service [{}] and principal [{}]", serviceTicket.getId(), DigestUtils.abbreviate(service.getId()), principal.getId());
doPublishEvent(new CasServiceTicketGrantedEvent(this, ticketGrantingTicket, serviceTicket));
return serviceTicket;
}
Also used :
AuditableContext(org.apereo.cas.audit.AuditableContext)
RegisteredService(org.apereo.cas.services.RegisteredService)
ServiceTicketFactory(org.apereo.cas.ticket.ServiceTicketFactory)
CasServiceTicketGrantedEvent(org.apereo.cas.support.events.ticket.CasServiceTicketGrantedEvent)
TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket)
Authentication(org.apereo.cas.authentication.Authentication)
ServiceContext(org.apereo.cas.services.ServiceContext)
RegisteredService(org.apereo.cas.services.RegisteredService)
Service(org.apereo.cas.authentication.principal.Service)
ServiceTicket(org.apereo.cas.ticket.ServiceTicket)
AuditableExecutionResult(org.apereo.cas.audit.AuditableExecutionResult)
Principal(org.apereo.cas.authentication.principal.Principal)
Audit(org.apereo.inspektr.audit.annotation.Audit)
Counted(com.codahale.metrics.annotation.Counted)
Metered(com.codahale.metrics.annotation.Metered)
Timed(com.codahale.metrics.annotation.Timed)
Example 4 with Audit
use of org.apereo.inspektr.audit.annotation.Audit in project cas by apereo.
the class DefaultTicketGrantingTicketResourceEntityResponseFactory method build.
@Audit(action = AuditableActions.REST_API_TICKET_GRANTING_TICKET, actionResolverName = AuditActionResolvers.REST_API_TICKET_GRANTING_TICKET_ACTION_RESOLVER, resourceResolverName = AuditResourceResolvers.REST_API_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER)
@Override
@SuppressWarnings("JdkObsolete")
public ResponseEntity<String> build(final TicketGrantingTicket ticketGrantingTicket, final HttpServletRequest request) throws Exception {
val ticketReference = new URI(request.getRequestURL().toString() + '/' + ticketGrantingTicket.getId());
val headers = new HttpHeaders();
headers.setLocation(ticketReference);
val response = getResponse(ticketGrantingTicket, request, ticketReference, headers);
val entity = new ResponseEntity<>(response, headers, HttpStatus.CREATED);
LOGGER.debug("Created response entity [{}]", entity);
return entity;
}
Also used :
lombok.val(lombok.val)
HttpHeaders(org.springframework.http.HttpHeaders)
ResponseEntity(org.springframework.http.ResponseEntity)
URI(java.net.URI)
Audit(org.apereo.inspektr.audit.annotation.Audit)
Example 5 with Audit
use of org.apereo.inspektr.audit.annotation.Audit in project cas by apereo.
the class DefaultOAuth20UserProfileDataCreator method createFrom.
@Override
@Audit(action = AuditableActions.OAUTH2_USER_PROFILE, actionResolverName = AuditActionResolvers.OAUTH2_USER_PROFILE_ACTION_RESOLVER, resourceResolverName = AuditResourceResolvers.OAUTH2_USER_PROFILE_RESOURCE_RESOLVER)
public Map<String, Object> createFrom(final OAuth20AccessToken accessToken, final JEEContext context) {
val registeredService = OAuth20Utils.getRegisteredOAuthServiceByClientId(this.servicesManager, accessToken.getClientId());
val principal = getAccessTokenAuthenticationPrincipal(accessToken, context, registeredService);
val map = new HashMap<String, Object>();
map.put(OAuth20UserProfileViewRenderer.MODEL_ATTRIBUTE_ID, principal.getId());
map.put(OAuth20UserProfileViewRenderer.MODEL_ATTRIBUTE_CLIENT_ID, accessToken.getClientId());
val attributes = principal.getAttributes();
map.put(OAuth20UserProfileViewRenderer.MODEL_ATTRIBUTE_ATTRIBUTES, attributes);
finalizeProfileResponse(accessToken, map, principal, registeredService);
return map;
}
Also used :
lombok.val(lombok.val)
HashMap(java.util.HashMap)
Audit(org.apereo.inspektr.audit.annotation.Audit)
Aggregations
Audit (org.apereo.inspektr.audit.annotation.Audit)31
lombok.val (lombok.val)21
Counted (com.codahale.metrics.annotation.Counted)4
Metered (com.codahale.metrics.annotation.Metered)4
Timed (com.codahale.metrics.annotation.Timed)4
Principal (org.apereo.cas.authentication.principal.Principal)4
TicketGrantingTicket (org.apereo.cas.ticket.TicketGrantingTicket)4
HashMap (java.util.HashMap)3
AuditActionResolvers (org.apereo.cas.audit.AuditActionResolvers)3
AuditResourceResolvers (org.apereo.cas.audit.AuditResourceResolvers)3
AuditableActions (org.apereo.cas.audit.AuditableActions)3
UnresolvedPrincipalException (org.apereo.cas.authentication.exceptions.UnresolvedPrincipalException)3
NullPrincipal (org.apereo.cas.authentication.principal.NullPrincipal)3
ServiceContext (org.apereo.cas.services.ServiceContext)3
InvalidTicketException (org.apereo.cas.ticket.InvalidTicketException)3
RequiredArgsConstructor (lombok.RequiredArgsConstructor)2
AuditableContext (org.apereo.cas.audit.AuditableContext)2
AuditableExecutionResult (org.apereo.cas.audit.AuditableExecutionResult)2
UsernamePasswordCredential (org.apereo.cas.authentication.UsernamePasswordCredential)2
UnauthorizedProxyingException (org.apereo.cas.services.UnauthorizedProxyingException)2
