Examples with Audit org.apereo.inspektr.audit.annotation.Audit used on opensource projects

Search in sources :

Example 26 with Audit

use of org.apereo.inspektr.audit.annotation.Audit in project cas by apereo.

the class OAuth20AuthorizationCodeAuthorizationResponseBuilder method build.

@Audit(action = AuditableActions.OAUTH2_CODE_RESPONSE, actionResolverName = AuditActionResolvers.OAUTH2_CODE_RESPONSE_ACTION_RESOLVER, resourceResolverName = AuditResourceResolvers.OAUTH2_CODE_RESPONSE_RESOURCE_RESOLVER)
@Override
public ModelAndView build(final AccessTokenRequestContext holder) throws Exception {
    val authentication = holder.getAuthentication();
    val factory = (OAuth20CodeFactory) configurationContext.getTicketFactory().get(OAuth20Code.class);
    val code = factory.create(holder.getService(), authentication, holder.getTicketGrantingTicket(), holder.getScopes(), holder.getCodeChallenge(), holder.getCodeChallengeMethod(), holder.getClientId(), holder.getClaims(), holder.getResponseType(), holder.getGrantType());
    LOGGER.debug("Generated OAuth code: [{}]", code);
    configurationContext.getCentralAuthenticationService().addTicket(code);
    val ticketGrantingTicket = holder.getTicketGrantingTicket();
    Optional.ofNullable(ticketGrantingTicket).ifPresent(tgt -> {
        FunctionUtils.doAndHandle(ticket -> {
            configurationContext.getCentralAuthenticationService().updateTicket(ticket);
        }, (CheckedFunction<Throwable, TicketGrantingTicket>) throwable -> {
            LOGGER.error("Unable to update ticket-granting-ticket [{}]", ticketGrantingTicket, throwable);
            return null;
        }).accept(tgt);
    });
    return buildCallbackViewViaRedirectUri(holder, code);
}
Also used : lombok.val(lombok.val) OAuth20Constants(org.apereo.cas.support.oauth.OAuth20Constants) OAuth20ResponseTypes(org.apereo.cas.support.oauth.OAuth20ResponseTypes) OAuth20Utils(org.apereo.cas.support.oauth.util.OAuth20Utils) OAuth20ConfigurationContext(org.apereo.cas.support.oauth.web.endpoints.OAuth20ConfigurationContext) CheckedFunction(org.jooq.lambda.fi.util.function.CheckedFunction) Audit(org.apereo.inspektr.audit.annotation.Audit) OAuth20CodeFactory(org.apereo.cas.ticket.code.OAuth20CodeFactory) lombok.val(lombok.val) StringUtils(org.apache.commons.lang3.StringUtils) AuditActionResolvers(org.apereo.cas.audit.AuditActionResolvers) LinkedHashMap(java.util.LinkedHashMap) ModelAndView(org.springframework.web.servlet.ModelAndView) AccessTokenRequestContext(org.apereo.cas.support.oauth.web.response.accesstoken.ext.AccessTokenRequestContext) FunctionUtils(org.apereo.cas.util.function.FunctionUtils) Slf4j(lombok.extern.slf4j.Slf4j) OAuth20AuthorizationRequest(org.apereo.cas.support.oauth.web.response.OAuth20AuthorizationRequest) AuditResourceResolvers(org.apereo.cas.audit.AuditResourceResolvers) AuditableActions(org.apereo.cas.audit.AuditableActions) Optional(java.util.Optional) OAuth20Code(org.apereo.cas.ticket.code.OAuth20Code) TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket) OAuth20Code(org.apereo.cas.ticket.code.OAuth20Code) OAuth20CodeFactory(org.apereo.cas.ticket.code.OAuth20CodeFactory) CheckedFunction(org.jooq.lambda.fi.util.function.CheckedFunction) Audit(org.apereo.inspektr.audit.annotation.Audit)

Example 27 with Audit

use of org.apereo.inspektr.audit.annotation.Audit in project cas by apereo.

the class AccessTokenGrantAuditableRequestExtractor method execute.

@Audit(action = AuditableActions.OAUTH2_ACCESS_TOKEN_REQUEST, actionResolverName = AuditActionResolvers.OAUTH2_ACCESS_TOKEN_REQUEST_ACTION_RESOLVER, resourceResolverName = AuditResourceResolvers.OAUTH2_ACCESS_TOKEN_REQUEST_RESOURCE_RESOLVER)
@Override
public AuditableExecutionResult execute(final AuditableContext auditableContext) {
    val request = (HttpServletRequest) auditableContext.getRequest().orElseThrow();
    val response = (HttpServletResponse) auditableContext.getResponse().orElseThrow();
    val context = new JEEContext(request, response);
    val result = this.accessTokenGrantRequestExtractors.stream().filter(ext -> ext.supports(context)).findFirst().orElseThrow(() -> new UnsupportedOperationException("Access token request is not supported")).extract(context);
    return AuditableExecutionResult.builder().executionResult(result).build();
}
Also used : lombok.val(lombok.val) HttpServletRequest(javax.servlet.http.HttpServletRequest) AuditableExecutionResult(org.apereo.cas.audit.AuditableExecutionResult) AuditableContext(org.apereo.cas.audit.AuditableContext) Audit(org.apereo.inspektr.audit.annotation.Audit) Collection(java.util.Collection) RequiredArgsConstructor(lombok.RequiredArgsConstructor) lombok.val(lombok.val) HttpServletResponse(javax.servlet.http.HttpServletResponse) BaseAuditableExecution(org.apereo.cas.audit.BaseAuditableExecution) AuditActionResolvers(org.apereo.cas.audit.AuditActionResolvers) HttpServletRequest(javax.servlet.http.HttpServletRequest) AuditResourceResolvers(org.apereo.cas.audit.AuditResourceResolvers) AuditableActions(org.apereo.cas.audit.AuditableActions) JEEContext(org.pac4j.core.context.JEEContext) JEEContext(org.pac4j.core.context.JEEContext) HttpServletResponse(javax.servlet.http.HttpServletResponse) Audit(org.apereo.inspektr.audit.annotation.Audit)

Example 28 with Audit

use of org.apereo.inspektr.audit.annotation.Audit in project cas by apereo.

the class DefaultCentralAuthenticationService method createTicketGrantingTicket.

@Audit(action = AuditableActions.TICKET_GRANTING_TICKET, actionResolverName = AuditActionResolvers.CREATE_TICKET_GRANTING_TICKET_RESOLVER, resourceResolverName = AuditResourceResolvers.CREATE_TICKET_GRANTING_TICKET_RESOURCE_RESOLVER)
@Override
public TicketGrantingTicket createTicketGrantingTicket(final AuthenticationResult authenticationResult) throws AuthenticationException, AbstractTicketException {
    val authentication = authenticationResult.getAuthentication();
    var service = authenticationResult.getService();
    AuthenticationCredentialsThreadLocalBinder.bindCurrent(authentication);
    if (service != null) {
        service = resolveServiceFromAuthenticationRequest(service);
        LOGGER.debug("Resolved service [{}] from the authentication request", service);
        val registeredService = configurationContext.getServicesManager().findServiceBy(service);
        enforceRegisteredServiceAccess(authentication, service, registeredService);
    }
    val factory = (TicketGrantingTicketFactory) configurationContext.getTicketFactory().get(TicketGrantingTicket.class);
    val ticketGrantingTicket = factory.create(authentication, service, TicketGrantingTicket.class);
    FunctionUtils.doUnchecked(s -> {
        configurationContext.getTicketRegistry().addTicket(ticketGrantingTicket);
        doPublishEvent(new CasTicketGrantingTicketCreatedEvent(this, ticketGrantingTicket));
    });
    return ticketGrantingTicket;
}
Also used : lombok.val(lombok.val) CasTicketGrantingTicketCreatedEvent(org.apereo.cas.support.events.ticket.CasTicketGrantingTicketCreatedEvent) TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket) TicketGrantingTicketFactory(org.apereo.cas.ticket.TicketGrantingTicketFactory) Audit(org.apereo.inspektr.audit.annotation.Audit)

Example 29 with Audit

use of org.apereo.inspektr.audit.annotation.Audit in project cas by apereo.

the class DefaultCentralAuthenticationService method createProxyGrantingTicket.

@Audit(action = AuditableActions.PROXY_GRANTING_TICKET, actionResolverName = AuditActionResolvers.CREATE_PROXY_GRANTING_TICKET_RESOLVER, resourceResolverName = AuditResourceResolvers.CREATE_PROXY_GRANTING_TICKET_RESOURCE_RESOLVER)
@Override
public ProxyGrantingTicket createProxyGrantingTicket(final String serviceTicketId, final AuthenticationResult authenticationResult) throws AuthenticationException, AbstractTicketException {
    AuthenticationCredentialsThreadLocalBinder.bindCurrent(authenticationResult.getAuthentication());
    val serviceTicket = configurationContext.getTicketRegistry().getTicket(serviceTicketId, ServiceTicket.class);
    if (serviceTicket == null || serviceTicket.isExpired()) {
        LOGGER.debug("ServiceTicket [{}] has expired or cannot be found in the ticket registry", serviceTicketId);
        throw new InvalidTicketException(serviceTicketId);
    }
    val registeredService = configurationContext.getServicesManager().findServiceBy(serviceTicket.getService());
    val ctx = AuditableContext.builder().serviceTicket(serviceTicket).authenticationResult(authenticationResult).registeredService(registeredService).build();
    val result = configurationContext.getRegisteredServiceAccessStrategyEnforcer().execute(ctx);
    result.throwExceptionIfNeeded();
    if (!registeredService.getProxyPolicy().isAllowedToProxy()) {
        LOGGER.warn("Service [{}] attempted to proxy, but is not allowed.", serviceTicket.getService().getId());
        throw new UnauthorizedProxyingException();
    }
    return configurationContext.getLockRepository().execute(serviceTicket.getId(), Unchecked.supplier(() -> {
        val authentication = authenticationResult.getAuthentication();
        val factory = (ProxyGrantingTicketFactory) configurationContext.getTicketFactory().get(ProxyGrantingTicket.class);
        val proxyGrantingTicket = factory.create(serviceTicket, authentication, ProxyGrantingTicket.class);
        LOGGER.debug("Generated proxy granting ticket [{}] based off of [{}]", proxyGrantingTicket, serviceTicketId);
        configurationContext.getTicketRegistry().addTicket(proxyGrantingTicket);
        doPublishEvent(new CasProxyGrantingTicketCreatedEvent(this, proxyGrantingTicket));
        return proxyGrantingTicket;
    })).orElseThrow(UnauthorizedProxyingException::new);
}
Also used : lombok.val(lombok.val) InvalidTicketException(org.apereo.cas.ticket.InvalidTicketException) ProxyGrantingTicket(org.apereo.cas.ticket.proxy.ProxyGrantingTicket) CasProxyGrantingTicketCreatedEvent(org.apereo.cas.support.events.ticket.CasProxyGrantingTicketCreatedEvent) UnauthorizedProxyingException(org.apereo.cas.services.UnauthorizedProxyingException) ProxyGrantingTicketFactory(org.apereo.cas.ticket.proxy.ProxyGrantingTicketFactory) Audit(org.apereo.inspektr.audit.annotation.Audit)

Example 30 with Audit

use of org.apereo.inspektr.audit.annotation.Audit in project cas by apereo.

the class SurrogateSelectionAction method doExecute.

@Audit(action = AuditableActions.SURROGATE_AUTHENTICATION_ELIGIBILITY_SELECTION, actionResolverName = AuditActionResolvers.SURROGATE_AUTHENTICATION_ELIGIBILITY_SELECTION_ACTION_RESOLVER, resourceResolverName = AuditResourceResolvers.SURROGATE_AUTHENTICATION_ELIGIBILITY_SELECTION_RESOURCE_RESOLVER)
@Override
protected Event doExecute(final RequestContext requestContext) {
    val resultMap = new HashMap<String, Object>();
    try {
        val credential = WebUtils.getCredential(requestContext);
        if (credential instanceof UsernamePasswordCredential) {
            val target = requestContext.getExternalContext().getRequestParameterMap().get(PARAMETER_NAME_SURROGATE_TARGET);
            LOGGER.debug("Located surrogate target as [{}]", target);
            if (StringUtils.isNotBlank(target)) {
                val currentAuth = WebUtils.getAuthentication(requestContext);
                AuthenticationCredentialsThreadLocalBinder.bindCurrent(currentAuth);
                resultMap.put(PARAMETER_NAME_SURROGATE_TARGET, target);
                val registeredService = WebUtils.getRegisteredService(requestContext);
                val builder = WebUtils.getAuthenticationResultBuilder(requestContext);
                val result = surrogatePrincipalBuilder.buildSurrogateAuthenticationResult(builder, credential, target, registeredService);
                result.ifPresent(bldr -> WebUtils.putAuthenticationResultBuilder(bldr, requestContext));
            } else {
                LOGGER.warn("No surrogate identifier was selected or provided");
            }
            resultMap.put("primary", credential.getId());
        } else {
            LOGGER.debug("Current credential in the webflow is not one of [{}]", UsernamePasswordCredential.class.getName());
        }
        return success(resultMap);
    } catch (final Exception e) {
        WebUtils.addErrorMessageToContext(requestContext, "screen.surrogates.account.selection.error", "Unable to accept or authorize selection");
        LoggingUtils.error(LOGGER, e);
        return error(e);
    }
}
Also used : lombok.val(lombok.val) HashMap(java.util.HashMap) UsernamePasswordCredential(org.apereo.cas.authentication.credential.UsernamePasswordCredential) Audit(org.apereo.inspektr.audit.annotation.Audit)

Aggregations

Audit (org.apereo.inspektr.audit.annotation.Audit)31 lombok.val (lombok.val)21 Counted (com.codahale.metrics.annotation.Counted)4 Metered (com.codahale.metrics.annotation.Metered)4 Timed (com.codahale.metrics.annotation.Timed)4 Principal (org.apereo.cas.authentication.principal.Principal)4 TicketGrantingTicket (org.apereo.cas.ticket.TicketGrantingTicket)4 HashMap (java.util.HashMap)3 AuditActionResolvers (org.apereo.cas.audit.AuditActionResolvers)3 AuditResourceResolvers (org.apereo.cas.audit.AuditResourceResolvers)3 AuditableActions (org.apereo.cas.audit.AuditableActions)3 UnresolvedPrincipalException (org.apereo.cas.authentication.exceptions.UnresolvedPrincipalException)3 NullPrincipal (org.apereo.cas.authentication.principal.NullPrincipal)3 ServiceContext (org.apereo.cas.services.ServiceContext)3 InvalidTicketException (org.apereo.cas.ticket.InvalidTicketException)3 RequiredArgsConstructor (lombok.RequiredArgsConstructor)2 AuditableContext (org.apereo.cas.audit.AuditableContext)2 AuditableExecutionResult (org.apereo.cas.audit.AuditableExecutionResult)2 UsernamePasswordCredential (org.apereo.cas.authentication.UsernamePasswordCredential)2 UnauthorizedProxyingException (org.apereo.cas.services.UnauthorizedProxyingException)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial