Example 1 with Credentials
use of org.pac4j.core.credentials.Credentials in project cas by apereo.
the class ClientAuthenticationHandler method doAuthentication.
@Override
protected AuthenticationHandlerExecutionResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
try {
final ClientCredential clientCredentials = (ClientCredential) credential;
LOGGER.debug("Located client credentials as [{}]", clientCredentials);
final Credentials credentials = clientCredentials.getCredentials();
LOGGER.debug("Client name: [{}]", clientCredentials.getClientName());
// get client
final Client client = this.clients.findClient(clientCredentials.getClientName());
LOGGER.debug("Delegated client is: [{}]", client);
final HttpServletRequest request = WebUtils.getHttpServletRequestFromExternalWebflowContext();
final HttpServletResponse response = WebUtils.getHttpServletResponseFromExternalWebflowContext();
final WebContext webContext = Pac4jUtils.getPac4jJ2EContext(request, response);
final UserProfile userProfile = client.getUserProfile(credentials, webContext);
LOGGER.debug("Final user profile is: [{}]", userProfile);
return createResult(clientCredentials, userProfile);
} catch (final HttpAction e) {
throw new PreventedException(e);
}
}
Also used :
ClientCredential(org.apereo.cas.authentication.principal.ClientCredential)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
WebContext(org.pac4j.core.context.WebContext)
UserProfile(org.pac4j.core.profile.UserProfile)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
PreventedException(org.apereo.cas.authentication.PreventedException)
Client(org.pac4j.core.client.Client)
Credentials(org.pac4j.core.credentials.Credentials)
HttpAction(org.pac4j.core.exception.HttpAction)
Example 2 with Credentials
use of org.pac4j.core.credentials.Credentials in project pac4j by pac4j.
the class BaseClientTests method testDirectClient.
@Test
public void testDirectClient() {
final MockIndirectClient client = new MockIndirectClient(TYPE, RedirectAction.redirect(LOGIN_URL), (Credentials) null, new CommonProfile());
client.setCallbackUrl(CALLBACK_URL);
final MockWebContext context = MockWebContext.create();
client.redirect(context);
final String redirectionUrl = context.getResponseLocation();
assertEquals(LOGIN_URL, redirectionUrl);
final Credentials credentials = client.getCredentials(context);
assertNull(credentials);
}
Also used :
MockWebContext(org.pac4j.core.context.MockWebContext)
CommonProfile(org.pac4j.core.profile.CommonProfile)
Credentials(org.pac4j.core.credentials.Credentials)
Test(org.junit.Test)
Example 3 with Credentials
use of org.pac4j.core.credentials.Credentials in project pac4j by pac4j.
the class DefaultCallbackLogic method perform.
@Override
public R perform(final C context, final Config config, final HttpActionAdapter<R, C> httpActionAdapter, final String inputDefaultUrl, final Boolean inputSaveInSession, final Boolean inputMultiProfile, final Boolean inputRenewSession, final String client) {
logger.debug("=== CALLBACK ===");
HttpAction action;
try {
// default values
final String defaultUrl;
if (inputDefaultUrl == null) {
defaultUrl = Pac4jConstants.DEFAULT_URL_VALUE;
} else {
defaultUrl = inputDefaultUrl;
}
final boolean saveInSession;
if (inputSaveInSession == null) {
saveInSession = true;
} else {
saveInSession = inputSaveInSession;
}
final boolean multiProfile;
if (inputMultiProfile == null) {
multiProfile = false;
} else {
multiProfile = inputMultiProfile;
}
final boolean renewSession;
if (inputRenewSession == null) {
renewSession = true;
} else {
renewSession = inputRenewSession;
}
// checks
assertNotNull("clientFinder", clientFinder);
assertNotNull("context", context);
assertNotNull("config", config);
assertNotNull("httpActionAdapter", httpActionAdapter);
assertNotBlank(Pac4jConstants.DEFAULT_URL, defaultUrl);
final Clients clients = config.getClients();
assertNotNull("clients", clients);
// logic
final List<Client> foundClients = clientFinder.find(clients, context, client);
assertTrue(foundClients != null && foundClients.size() == 1, "unable to find one indirect client for the callback: check the callback URL for a client name parameter or suffix path" + " or ensure that your configuration defaults to one indirect client");
final Client foundClient = foundClients.get(0);
logger.debug("foundClient: {}", foundClient);
assertNotNull("foundClient", foundClient);
final Credentials credentials = foundClient.getCredentials(context);
logger.debug("credentials: {}", credentials);
final CommonProfile profile = foundClient.getUserProfile(credentials, context);
logger.debug("profile: {}", profile);
saveUserProfile(context, config, profile, saveInSession, multiProfile, renewSession);
action = redirectToOriginallyRequestedUrl(context, defaultUrl);
} catch (final RuntimeException e) {
return handleException(e, httpActionAdapter, context);
}
return httpActionAdapter.adapt(action.getCode(), context);
}
Also used :
CommonProfile(org.pac4j.core.profile.CommonProfile)
Clients(org.pac4j.core.client.Clients)
BaseClient(org.pac4j.core.client.BaseClient)
Client(org.pac4j.core.client.Client)
HttpAction(org.pac4j.core.exception.HttpAction)
Credentials(org.pac4j.core.credentials.Credentials)
Example 4 with Credentials
use of org.pac4j.core.credentials.Credentials in project pac4j by pac4j.
the class DefaultSecurityLogic method perform.
@Override
public R perform(final C context, final Config config, final SecurityGrantedAccessAdapter<R, C> securityGrantedAccessAdapter, final HttpActionAdapter<R, C> httpActionAdapter, final String clients, final String authorizers, final String matchers, final Boolean inputMultiProfile, final Object... parameters) {
logger.debug("=== SECURITY ===");
HttpAction action;
try {
// default value
final boolean multiProfile;
if (inputMultiProfile == null) {
multiProfile = false;
} else {
multiProfile = inputMultiProfile;
}
// checks
assertNotNull("context", context);
assertNotNull("config", config);
assertNotNull("httpActionAdapter", httpActionAdapter);
assertNotNull("clientFinder", clientFinder);
assertNotNull("authorizationChecker", authorizationChecker);
assertNotNull("matchingChecker", matchingChecker);
assertNotNull("profileStorageDecision", profileStorageDecision);
final Clients configClients = config.getClients();
assertNotNull("configClients", configClients);
// logic
logger.debug("url: {}", context.getFullRequestURL());
logger.debug("matchers: {}", matchers);
if (matchingChecker.matches(context, matchers, config.getMatchers())) {
logger.debug("clients: {}", clients);
final List<Client> currentClients = clientFinder.find(configClients, context, clients);
logger.debug("currentClients: {}", currentClients);
final boolean loadProfilesFromSession = profileStorageDecision.mustLoadProfilesFromSession(context, currentClients);
logger.debug("loadProfilesFromSession: {}", loadProfilesFromSession);
final ProfileManager manager = getProfileManager(context, config);
List<CommonProfile> profiles = manager.getAll(loadProfilesFromSession);
logger.debug("profiles: {}", profiles);
// no profile and some current clients
if (isEmpty(profiles) && isNotEmpty(currentClients)) {
boolean updated = false;
// loop on all clients searching direct ones to perform authentication
for (final Client currentClient : currentClients) {
if (currentClient instanceof DirectClient) {
logger.debug("Performing authentication for direct client: {}", currentClient);
final Credentials credentials = currentClient.getCredentials(context);
logger.debug("credentials: {}", credentials);
final CommonProfile profile = currentClient.getUserProfile(credentials, context);
logger.debug("profile: {}", profile);
if (profile != null) {
final boolean saveProfileInSession = profileStorageDecision.mustSaveProfileInSession(context, currentClients, (DirectClient) currentClient, profile);
logger.debug("saveProfileInSession: {} / multiProfile: {}", saveProfileInSession, multiProfile);
manager.save(saveProfileInSession, profile, multiProfile);
updated = true;
if (!multiProfile) {
break;
}
}
}
}
if (updated) {
profiles = manager.getAll(loadProfilesFromSession);
logger.debug("new profiles: {}", profiles);
}
}
// we have profile(s) -> check authorizations
if (isNotEmpty(profiles)) {
logger.debug("authorizers: {}", authorizers);
if (authorizationChecker.isAuthorized(context, profiles, authorizers, config.getAuthorizers())) {
logger.debug("authenticated and authorized -> grant access");
return securityGrantedAccessAdapter.adapt(context, profiles, parameters);
} else {
logger.debug("forbidden");
action = forbidden(context, currentClients, profiles, authorizers);
}
} else {
if (startAuthentication(context, currentClients)) {
logger.debug("Starting authentication");
saveRequestedUrl(context, currentClients);
action = redirectToIdentityProvider(context, currentClients);
} else {
logger.debug("unauthorized");
action = unauthorized(context, currentClients);
}
}
} else {
logger.debug("no matching for this request -> grant access");
return securityGrantedAccessAdapter.adapt(context, Arrays.asList(), parameters);
}
} catch (final Exception e) {
return handleException(e, httpActionAdapter, context);
}
return httpActionAdapter.adapt(action.getCode(), context);
}
Also used :
ProfileManager(org.pac4j.core.profile.ProfileManager)
DirectClient(org.pac4j.core.client.DirectClient)
CommonProfile(org.pac4j.core.profile.CommonProfile)
Clients(org.pac4j.core.client.Clients)
DirectClient(org.pac4j.core.client.DirectClient)
Client(org.pac4j.core.client.Client)
IndirectClient(org.pac4j.core.client.IndirectClient)
HttpAction(org.pac4j.core.exception.HttpAction)
Credentials(org.pac4j.core.credentials.Credentials)
Example 5 with Credentials
use of org.pac4j.core.credentials.Credentials in project pac4j by pac4j.
the class AuthenticatorProfileCreatorTests method testReturnProfile.
@Test
public void testReturnProfile() {
final CommonProfile profile = new CommonProfile();
final Credentials credentials = new TokenCredentials(TOKEN);
credentials.setUserProfile(profile);
final CommonProfile profile2 = AuthenticatorProfileCreator.INSTANCE.create(credentials, null);
assertEquals(profile, profile2);
}
Also used :
CommonProfile(org.pac4j.core.profile.CommonProfile)
Credentials(org.pac4j.core.credentials.Credentials)
TokenCredentials(org.pac4j.core.credentials.TokenCredentials)
TokenCredentials(org.pac4j.core.credentials.TokenCredentials)
Test(org.junit.Test)
Aggregations
Credentials (org.pac4j.core.credentials.Credentials)12
CommonProfile (org.pac4j.core.profile.CommonProfile)7
Client (org.pac4j.core.client.Client)4
Clients (org.pac4j.core.client.Clients)4
WebContext (org.pac4j.core.context.WebContext)4
ClientCredential (org.apereo.cas.authentication.principal.ClientCredential)3
Test (org.junit.Test)3
BaseClient (org.pac4j.core.client.BaseClient)3
HttpAction (org.pac4j.core.exception.HttpAction)3
Optional (java.util.Optional)2
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
CentralAuthenticationService (org.apereo.cas.CentralAuthenticationService)2
Service (org.apereo.cas.authentication.principal.Service)2
WebApplicationService (org.apereo.cas.authentication.principal.WebApplicationService)2
IndirectClient (org.pac4j.core.client.IndirectClient)2
MockWebContext (org.pac4j.core.context.MockWebContext)2
UsernamePasswordCredentials (org.pac4j.core.credentials.UsernamePasswordCredentials)2
UserProfile (org.pac4j.core.profile.UserProfile)2
ImmutableList (com.google.common.collect.ImmutableList)1
