use of org.apereo.inspektr.audit.annotation.Audit in project cas by apereo.
the class AbstractAuthenticationManager method authenticate.
@Override
@Audit(action = "AUTHENTICATION", actionResolverName = "AUTHENTICATION_RESOLVER", resourceResolverName = "AUTHENTICATION_RESOURCE_RESOLVER")
@Timed(name = "AUTHENTICATE_TIMER")
@Metered(name = "AUTHENTICATE_METER")
@Counted(name = "AUTHENTICATE_COUNT", monotonic = true)
public Authentication authenticate(final AuthenticationTransaction transaction) throws AuthenticationException {
AuthenticationCredentialsLocalBinder.bindCurrent(transaction.getCredentials());
final AuthenticationBuilder builder = authenticateInternal(transaction);
authenticationEventExecutionPlan.getAuthenticationPostProcessors().forEach(p -> {
LOGGER.info("Invoking authentication post processor [{}]", p);
p.process(transaction, builder);
});
final Authentication authentication = builder.build();
final Principal principal = authentication.getPrincipal();
if (principal instanceof NullPrincipal) {
throw new UnresolvedPrincipalException(authentication);
}
addAuthenticationMethodAttribute(builder, authentication);
LOGGER.info("Authenticated principal [{}] with attributes [{}] via credentials [{}].", principal.getId(), principal.getAttributes(), transaction.getCredentials());
populateAuthenticationMetadataAttributes(builder, transaction.getCredentials());
final Authentication a = builder.build();
AuthenticationCredentialsLocalBinder.bindCurrent(a);
return a;
}
use of org.apereo.inspektr.audit.annotation.Audit in project cas by apereo.
the class DefaultCentralAuthenticationService method destroyTicketGrantingTicket.
@Audit(action = "TICKET_GRANTING_TICKET_DESTROYED", actionResolverName = "DESTROY_TICKET_GRANTING_TICKET_RESOLVER", resourceResolverName = "DESTROY_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER")
@Timed(name = "DESTROY_TICKET_GRANTING_TICKET_TIMER")
@Metered(name = "DESTROY_TICKET_GRANTING_TICKET_METER")
@Counted(name = "DESTROY_TICKET_GRANTING_TICKET_COUNTER", monotonic = true)
@Override
public List<LogoutRequest> destroyTicketGrantingTicket(final String ticketGrantingTicketId) {
try {
LOGGER.debug("Removing ticket [{}] from registry...", ticketGrantingTicketId);
final TicketGrantingTicket ticket = getTicket(ticketGrantingTicketId, TicketGrantingTicket.class);
LOGGER.debug("Ticket found. Processing logout requests and then deleting the ticket...");
AuthenticationCredentialsThreadLocalBinder.bindCurrent(ticket.getAuthentication());
final List<LogoutRequest> logoutRequests = this.logoutManager.performLogout(ticket);
deleteTicket(ticketGrantingTicketId);
doPublishEvent(new CasTicketGrantingTicketDestroyedEvent(this, ticket));
return logoutRequests;
} catch (final InvalidTicketException e) {
LOGGER.debug("TicketGrantingTicket [{}] cannot be found in the ticket registry.", ticketGrantingTicketId);
}
return new ArrayList<>(0);
}
use of org.apereo.inspektr.audit.annotation.Audit in project cas by apereo.
the class DefaultCentralAuthenticationService method grantServiceTicket.
@Audit(action = "SERVICE_TICKET", actionResolverName = "GRANT_SERVICE_TICKET_RESOLVER", resourceResolverName = "GRANT_SERVICE_TICKET_RESOURCE_RESOLVER")
@Timed(name = "GRANT_SERVICE_TICKET_TIMER")
@Metered(name = "GRANT_SERVICE_TICKET_METER")
@Counted(name = "GRANT_SERVICE_TICKET_COUNTER", monotonic = true)
@Override
public ServiceTicket grantServiceTicket(final String ticketGrantingTicketId, final Service service, final AuthenticationResult authenticationResult) throws AuthenticationException, AbstractTicketException {
final boolean credentialProvided = authenticationResult != null && authenticationResult.isCredentialProvided();
final TicketGrantingTicket ticketGrantingTicket = getTicket(ticketGrantingTicketId, TicketGrantingTicket.class);
final Service selectedService = resolveServiceFromAuthenticationRequest(service);
final RegisteredService registeredService = this.servicesManager.findServiceBy(selectedService);
final AuditableContext audit = AuditableContext.builder().service(selectedService).ticketGrantingTicket(ticketGrantingTicket).registeredService(registeredService).retrievePrincipalAttributesFromReleasePolicy(Boolean.FALSE).build();
final AuditableExecutionResult accessResult = this.registeredServiceAccessStrategyEnforcer.execute(audit);
accessResult.throwExceptionIfNeeded();
final Authentication currentAuthentication = evaluatePossibilityOfMixedPrincipals(authenticationResult, ticketGrantingTicket);
RegisteredServiceAccessStrategyUtils.ensureServiceSsoAccessIsAllowed(registeredService, selectedService, ticketGrantingTicket, credentialProvided);
evaluateProxiedServiceIfNeeded(selectedService, ticketGrantingTicket, registeredService);
// Perform security policy check by getting the authentication that satisfies the configured policy
getAuthenticationSatisfiedByPolicy(currentAuthentication, new ServiceContext(selectedService, registeredService));
final Authentication latestAuthentication = ticketGrantingTicket.getRoot().getAuthentication();
AuthenticationCredentialsThreadLocalBinder.bindCurrent(latestAuthentication);
final Principal principal = latestAuthentication.getPrincipal();
final ServiceTicketFactory factory = (ServiceTicketFactory) this.ticketFactory.get(ServiceTicket.class);
final ServiceTicket serviceTicket = factory.create(ticketGrantingTicket, service, credentialProvided, ServiceTicket.class);
this.ticketRegistry.updateTicket(ticketGrantingTicket);
this.ticketRegistry.addTicket(serviceTicket);
LOGGER.info("Granted ticket [{}] for service [{}] and principal [{}]", serviceTicket.getId(), DigestUtils.abbreviate(service.getId()), principal.getId());
doPublishEvent(new CasServiceTicketGrantedEvent(this, ticketGrantingTicket, serviceTicket));
return serviceTicket;
}
use of org.apereo.inspektr.audit.annotation.Audit in project cas by apereo.
the class DefaultTicketGrantingTicketResourceEntityResponseFactory method build.
@Audit(action = AuditableActions.REST_API_TICKET_GRANTING_TICKET, actionResolverName = AuditActionResolvers.REST_API_TICKET_GRANTING_TICKET_ACTION_RESOLVER, resourceResolverName = AuditResourceResolvers.REST_API_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER)
@Override
@SuppressWarnings("JdkObsolete")
public ResponseEntity<String> build(final TicketGrantingTicket ticketGrantingTicket, final HttpServletRequest request) throws Exception {
val ticketReference = new URI(request.getRequestURL().toString() + '/' + ticketGrantingTicket.getId());
val headers = new HttpHeaders();
headers.setLocation(ticketReference);
val response = getResponse(ticketGrantingTicket, request, ticketReference, headers);
val entity = new ResponseEntity<>(response, headers, HttpStatus.CREATED);
LOGGER.debug("Created response entity [{}]", entity);
return entity;
}
use of org.apereo.inspektr.audit.annotation.Audit in project cas by apereo.
the class DefaultOAuth20UserProfileDataCreator method createFrom.
@Override
@Audit(action = AuditableActions.OAUTH2_USER_PROFILE, actionResolverName = AuditActionResolvers.OAUTH2_USER_PROFILE_ACTION_RESOLVER, resourceResolverName = AuditResourceResolvers.OAUTH2_USER_PROFILE_RESOURCE_RESOLVER)
public Map<String, Object> createFrom(final OAuth20AccessToken accessToken, final JEEContext context) {
val registeredService = OAuth20Utils.getRegisteredOAuthServiceByClientId(this.servicesManager, accessToken.getClientId());
val principal = getAccessTokenAuthenticationPrincipal(accessToken, context, registeredService);
val map = new HashMap<String, Object>();
map.put(OAuth20UserProfileViewRenderer.MODEL_ATTRIBUTE_ID, principal.getId());
map.put(OAuth20UserProfileViewRenderer.MODEL_ATTRIBUTE_CLIENT_ID, accessToken.getClientId());
val attributes = principal.getAttributes();
map.put(OAuth20UserProfileViewRenderer.MODEL_ATTRIBUTE_ATTRIBUTES, attributes);
finalizeProfileResponse(accessToken, map, principal, registeredService);
return map;
}
Aggregations