Example 6 with WebContext
use of org.pac4j.core.context.WebContext in project cas by apereo.
the class OidcAuthorizationRequestSupport method getOidcMaxAgeFromAuthorizationRequest.
/**
* Gets oidc max age from authorization request.
*
* @param context the context
* @return the oidc max age from authorization request
*/
public static Optional<Long> getOidcMaxAgeFromAuthorizationRequest(final WebContext context) {
final URIBuilder builderContext = new URIBuilder(context.getFullRequestURL());
final Optional<URIBuilder.BasicNameValuePair> parameter = builderContext.getQueryParams().stream().filter(p -> OidcConstants.MAX_AGE.equals(p.getName())).findFirst();
if (parameter.isPresent()) {
final long maxAge = NumberUtils.toLong(parameter.get().getValue(), -1);
return Optional.of(maxAge);
}
return Optional.empty();
}
Also used :
CasProtocolConstants(org.apereo.cas.CasProtocolConstants)
Arrays(java.util.Arrays)
CasClient(org.pac4j.cas.client.CasClient)
Logger(org.slf4j.Logger)
OidcConstants(org.apereo.cas.oidc.OidcConstants)
ZonedDateTime(java.time.ZonedDateTime)
LoggerFactory(org.slf4j.LoggerFactory)
TicketRegistrySupport(org.apereo.cas.ticket.registry.TicketRegistrySupport)
Set(java.util.Set)
URIBuilder(org.jasig.cas.client.util.URIBuilder)
StringUtils(org.apache.commons.lang3.StringUtils)
ProfileManager(org.pac4j.core.profile.ProfileManager)
Collectors(java.util.stream.Collectors)
WebContext(org.pac4j.core.context.WebContext)
Authentication(org.apereo.cas.authentication.Authentication)
NumberUtils(org.apache.commons.lang3.math.NumberUtils)
CookieRetrievingCookieGenerator(org.apereo.cas.web.support.CookieRetrievingCookieGenerator)
J2EContext(org.pac4j.core.context.J2EContext)
Optional(java.util.Optional)
UserProfile(org.pac4j.core.profile.UserProfile)
WebUtils(org.apereo.cas.web.support.WebUtils)
Assert(org.springframework.util.Assert)
URIBuilder(org.jasig.cas.client.util.URIBuilder)
Example 7 with WebContext
use of org.pac4j.core.context.WebContext in project cas by apereo.
the class DigestAuthenticationAction method constructCredentialsFromRequest.
@Override
protected Credential constructCredentialsFromRequest(final RequestContext requestContext) {
try {
final HttpServletRequest request = WebUtils.getHttpServletRequest(requestContext);
final HttpServletResponse response = WebUtils.getHttpServletResponse(requestContext);
final DigestAuthExtractor extractor = new DigestAuthExtractor(this.getClass().getSimpleName());
final WebContext webContext = WebUtils.getPac4jJ2EContext(request, response);
final DigestCredentials credentials = extractor.extract(webContext);
if (credentials == null) {
response.addHeader(HttpConstants.AUTHENTICATE_HEADER, DigestAuthenticationUtils.createAuthenticateHeader(this.realm, this.authenticationMethod, this.nonce));
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return null;
}
LOGGER.debug("Received digest authentication request from credentials [{}] ", credentials);
final String serverResponse = credentials.calculateServerDigest(true, this.credentialRetriever.findCredential(credentials.getUsername(), this.realm));
final String clientResponse = credentials.getToken();
if (!serverResponse.equals(clientResponse)) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return null;
}
return new DigestCredential(credentials.getUsername(), this.realm, credentials.getToken());
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
}
return null;
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
DigestAuthExtractor(org.pac4j.http.credentials.extractor.DigestAuthExtractor)
DigestCredentials(org.pac4j.http.credentials.DigestCredentials)
WebContext(org.pac4j.core.context.WebContext)
DigestCredential(org.apereo.cas.digest.DigestCredential)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Example 8 with WebContext
use of org.pac4j.core.context.WebContext in project cas by apereo.
the class ECPProfileHandlerController method extractBasicAuthenticationCredential.
private Credential extractBasicAuthenticationCredential(final HttpServletRequest request, final HttpServletResponse response) {
try {
final BasicAuthExtractor extractor = new BasicAuthExtractor(this.getClass().getSimpleName());
final WebContext webContext = WebUtils.getPac4jJ2EContext(request, response);
final UsernamePasswordCredentials credentials = extractor.extract(webContext);
if (credentials != null) {
LOGGER.debug("Received basic authentication ECP request from credentials [{}]", credentials);
return new UsernamePasswordCredential(credentials.getUsername(), credentials.getPassword());
}
} catch (final Exception e) {
LOGGER.warn(e.getMessage(), e);
}
return null;
}
Also used :
BasicAuthExtractor(org.pac4j.core.credentials.extractor.BasicAuthExtractor)
WebContext(org.pac4j.core.context.WebContext)
UsernamePasswordCredential(org.apereo.cas.authentication.UsernamePasswordCredential)
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
UsernamePasswordCredentials(org.pac4j.core.credentials.UsernamePasswordCredentials)
Example 9 with WebContext
use of org.pac4j.core.context.WebContext in project ratpack by ratpack.
the class Pac4jAuthenticator method handle.
@Override
public void handle(Context ctx) throws Exception {
PathBinding pathBinding = ctx.getPathBinding();
String pastBinding = pathBinding.getPastBinding();
if (pastBinding.equals(path)) {
RatpackWebContext.from(ctx, true).flatMap(webContext -> {
SessionData sessionData = webContext.getSession();
return createClients(ctx, pathBinding).map(clients -> clients.findClient(webContext)).map(Types::<Client<Credentials, UserProfile>>cast).flatMap(client -> getProfile(webContext, client)).map(profile -> {
if (profile != null) {
sessionData.set(Pac4jSessionKeys.USER_PROFILE, profile);
}
Optional<String> originalUrl = sessionData.get(Pac4jSessionKeys.REQUESTED_URL);
sessionData.remove(Pac4jSessionKeys.REQUESTED_URL);
return originalUrl;
}).onError(t -> {
if (t instanceof RequiresHttpAction) {
webContext.sendResponse((RequiresHttpAction) t);
} else {
ctx.error(new TechnicalException("Failed to get user profile", t));
}
});
}).then(originalUrlOption -> {
ctx.redirect(originalUrlOption.orElse("/"));
});
} else {
createClients(ctx, pathBinding).then(clients -> {
Registry registry = Registry.singleLazy(Clients.class, () -> uncheck(() -> clients));
ctx.next(registry);
});
}
}
Also used :
Types(ratpack.util.Types)
Context(ratpack.handling.Context)
RatpackPac4j(ratpack.pac4j.RatpackPac4j)
Exceptions.uncheck(ratpack.util.Exceptions.uncheck)
Promise(ratpack.exec.Promise)
PublicAddress(ratpack.server.PublicAddress)
Blocking(ratpack.exec.Blocking)
RequiresHttpAction(org.pac4j.core.exception.RequiresHttpAction)
WebContext(org.pac4j.core.context.WebContext)
List(java.util.List)
ImmutableList(com.google.common.collect.ImmutableList)
Clients(org.pac4j.core.client.Clients)
Client(org.pac4j.core.client.Client)
Handler(ratpack.handling.Handler)
Registry(ratpack.registry.Registry)
Optional(java.util.Optional)
PathBinding(ratpack.path.PathBinding)
TechnicalException(org.pac4j.core.exception.TechnicalException)
UserProfile(org.pac4j.core.profile.UserProfile)
SessionData(ratpack.session.SessionData)
Credentials(org.pac4j.core.credentials.Credentials)
Types(ratpack.util.Types)
RequiresHttpAction(org.pac4j.core.exception.RequiresHttpAction)
TechnicalException(org.pac4j.core.exception.TechnicalException)
UserProfile(org.pac4j.core.profile.UserProfile)
SessionData(ratpack.session.SessionData)
Registry(ratpack.registry.Registry)
PathBinding(ratpack.path.PathBinding)
Credentials(org.pac4j.core.credentials.Credentials)
Aggregations
WebContext (org.pac4j.core.context.WebContext)9
HttpServletRequest (javax.servlet.http.HttpServletRequest)5
HttpServletResponse (javax.servlet.http.HttpServletResponse)5
Credentials (org.pac4j.core.credentials.Credentials)3
UserProfile (org.pac4j.core.profile.UserProfile)3
Optional (java.util.Optional)2
HttpSession (javax.servlet.http.HttpSession)2
CentralAuthenticationService (org.apereo.cas.CentralAuthenticationService)2
Authentication (org.apereo.cas.authentication.Authentication)2
AuthenticationResult (org.apereo.cas.authentication.AuthenticationResult)2
UsernamePasswordCredential (org.apereo.cas.authentication.UsernamePasswordCredential)2
ClientCredential (org.apereo.cas.authentication.principal.ClientCredential)2
Service (org.apereo.cas.authentication.principal.Service)2
WebApplicationService (org.apereo.cas.authentication.principal.WebApplicationService)2
TicketGrantingTicket (org.apereo.cas.ticket.TicketGrantingTicket)2
Clients (org.pac4j.core.client.Clients)2
HttpAction (org.pac4j.core.exception.HttpAction)2
ImmutableList (com.google.common.collect.ImmutableList)1
ZonedDateTime (java.time.ZonedDateTime)1
Arrays (java.util.Arrays)1
