Example 6 with Event
use of org.springframework.webflow.execution.Event in project cas by apereo.
the class AdaptiveMultifactorAuthenticationPolicyEventResolver method buildEvent.
private Set<Event> buildEvent(final RequestContext context, final RegisteredService service, final Authentication authentication, final MultifactorAuthenticationProvider provider) {
if (provider.isAvailable(service)) {
LOGGER.debug("Attempting to build an event based on the authentication provider [{}] and service [{}]", provider, service.getName());
final Event event = validateEventIdForMatchingTransitionInContext(provider.getId(), context, buildEventAttributeMap(authentication.getPrincipal(), service, provider));
return Collections.singleton(event);
}
LOGGER.warn("Located multifactor provider [{}], yet the provider cannot be reached or verified", provider);
return null;
}
Also used :
Event(org.springframework.webflow.execution.Event)
Example 7 with Event
use of org.springframework.webflow.execution.Event in project cas by apereo.
the class RequestParameterMultifactorAuthenticationPolicyEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
if (service == null || authentication == null) {
LOGGER.debug("No service or authentication is available to determine event for principal");
return null;
}
if (StringUtils.isBlank(mfaRequestParameter)) {
LOGGER.debug("No request parameter is defined to trigger multifactor authentication.");
return null;
}
final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
final String[] values = request.getParameterValues(mfaRequestParameter);
if (values != null && values.length > 0) {
LOGGER.debug("Received request parameter [{}] as [{}]", mfaRequestParameter, values);
final Map<String, MultifactorAuthenticationProvider> providerMap = WebUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap == null || providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context to satisfy [{}]", (Object[]) values);
throw new AuthenticationException();
}
final Optional<MultifactorAuthenticationProvider> providerFound = resolveProvider(providerMap, values[0]);
if (providerFound.isPresent()) {
final MultifactorAuthenticationProvider provider = providerFound.get();
if (provider.isAvailable(service)) {
LOGGER.debug("Attempting to build an event based on the authentication provider [{}] and service [{}]", provider, service.getName());
final Event event = validateEventIdForMatchingTransitionInContext(provider.getId(), context, buildEventAttributeMap(authentication.getPrincipal(), service, provider));
return Collections.singleton(event);
}
LOGGER.warn("Located multifactor provider [{}], yet the provider cannot be reached or verified", providerFound.get());
return null;
} else {
LOGGER.warn("No multifactor provider could be found for request parameter [{}]", (Object[]) values);
throw new AuthenticationException();
}
}
LOGGER.debug("No value could be found for request parameter [{}]", mfaRequestParameter);
return null;
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
RegisteredService(org.apereo.cas.services.RegisteredService)
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
Authentication(org.apereo.cas.authentication.Authentication)
Event(org.springframework.webflow.execution.Event)
MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)
Example 8 with Event
use of org.springframework.webflow.execution.Event in project cas by apereo.
the class LogoutAction method doInternalExecute.
@Override
protected Event doInternalExecute(final HttpServletRequest request, final HttpServletResponse response, final RequestContext context) throws Exception {
boolean needFrontSlo = false;
final List<LogoutRequest> logoutRequests = WebUtils.getLogoutRequests(context);
if (logoutRequests != null) {
// if some logout request must still be attempted
needFrontSlo = logoutRequests.stream().anyMatch(logoutRequest -> logoutRequest.getStatus() == LogoutRequestStatus.NOT_ATTEMPTED);
}
final String paramName = StringUtils.defaultIfEmpty(logoutProperties.getRedirectParameter(), CasProtocolConstants.PARAMETER_SERVICE);
LOGGER.debug("Using parameter name [{}] to detect destination service, if any", paramName);
final String service = request.getParameter(paramName);
LOGGER.debug("Located target service [{}] for redirection after logout", paramName);
if (logoutProperties.isFollowServiceRedirects() && StringUtils.isNotBlank(service)) {
final Service webAppService = webApplicationServiceFactory.createService(service);
final RegisteredService rService = this.servicesManager.findServiceBy(webAppService);
if (rService != null && rService.getAccessStrategy().isServiceAccessAllowed()) {
LOGGER.debug("Redirecting to service [{}]", service);
WebUtils.putLogoutRedirectUrl(context, service);
} else {
LOGGER.warn("Cannot redirect to [{}] given the service is unauthorized to use CAS. " + "Ensure the service is registered with CAS and is enabled to allowed access", service);
}
} else {
LOGGER.debug("No target service is located for redirection after logout, or CAS is not allowed to follow redirects after logout");
}
// there are some front services to logout, perform front SLO
if (needFrontSlo) {
LOGGER.debug("Proceeding forward with front-channel single logout");
return new Event(this, FRONT_EVENT);
}
LOGGER.debug("Moving forward to finish the logout process");
return new Event(this, FINISH_EVENT);
}
Also used :
CasProtocolConstants(org.apereo.cas.CasProtocolConstants)
LogoutRequest(org.apereo.cas.logout.LogoutRequest)
Logger(org.slf4j.Logger)
LoggerFactory(org.slf4j.LoggerFactory)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
LogoutRequestStatus(org.apereo.cas.logout.LogoutRequestStatus)
LogoutProperties(org.apereo.cas.configuration.model.core.logout.LogoutProperties)
StringUtils(org.apache.commons.lang3.StringUtils)
RequestContext(org.springframework.webflow.execution.RequestContext)
RegisteredService(org.apereo.cas.services.RegisteredService)
WebApplicationService(org.apereo.cas.authentication.principal.WebApplicationService)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
List(java.util.List)
Service(org.apereo.cas.authentication.principal.Service)
WebUtils(org.apereo.cas.web.support.WebUtils)
ServiceFactory(org.apereo.cas.authentication.principal.ServiceFactory)
Event(org.springframework.webflow.execution.Event)
ServicesManager(org.apereo.cas.services.ServicesManager)
RegisteredService(org.apereo.cas.services.RegisteredService)
RegisteredService(org.apereo.cas.services.RegisteredService)
WebApplicationService(org.apereo.cas.authentication.principal.WebApplicationService)
Service(org.apereo.cas.authentication.principal.Service)
Event(org.springframework.webflow.execution.Event)
LogoutRequest(org.apereo.cas.logout.LogoutRequest)
Example 9 with Event
use of org.springframework.webflow.execution.Event in project cas by apereo.
the class ServiceWarningAction method doExecute.
@Override
protected Event doExecute(final RequestContext context) throws Exception {
final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
final HttpServletResponse response = WebUtils.getHttpServletResponse(context);
final Service service = WebUtils.getService(context);
final String ticketGrantingTicket = WebUtils.getTicketGrantingTicketId(context);
final Authentication authentication = this.ticketRegistrySupport.getAuthenticationFrom(ticketGrantingTicket);
if (authentication == null) {
throw new InvalidTicketException(new AuthenticationException("No authentication found for ticket " + ticketGrantingTicket), ticketGrantingTicket);
}
final Credential credential = WebUtils.getCredential(context);
final AuthenticationResultBuilder authenticationResultBuilder = authenticationSystemSupport.establishAuthenticationContextFromInitial(authentication, credential);
final AuthenticationResult authenticationResult = authenticationResultBuilder.build(service);
final ServiceTicket serviceTicketId = this.centralAuthenticationService.grantServiceTicket(ticketGrantingTicket, service, authenticationResult);
WebUtils.putServiceTicketInRequestScope(context, serviceTicketId);
if (request.getParameterMap().containsKey("ignorewarn")) {
if (Boolean.valueOf(request.getParameter("ignorewarn").toString())) {
this.warnCookieGenerator.removeCookie(response);
}
}
return new Event(this, CasWebflowConstants.STATE_ID_REDIRECT);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Credential(org.apereo.cas.authentication.Credential)
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
Authentication(org.apereo.cas.authentication.Authentication)
InvalidTicketException(org.apereo.cas.ticket.InvalidTicketException)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
CentralAuthenticationService(org.apereo.cas.CentralAuthenticationService)
Service(org.apereo.cas.authentication.principal.Service)
Event(org.springframework.webflow.execution.Event)
ServiceTicket(org.apereo.cas.ticket.ServiceTicket)
AuthenticationResultBuilder(org.apereo.cas.authentication.AuthenticationResultBuilder)
AuthenticationResult(org.apereo.cas.authentication.AuthenticationResult)
Example 10 with Event
use of org.springframework.webflow.execution.Event in project cas by apereo.
the class TicketGrantingTicketCheckAction method doExecute.
/**
* Determines whether the TGT in the flow request context is valid.
*
* @param requestContext Flow request context.
*
* @throws Exception in case ticket cannot be retrieved from the service layer
* @return {@link #NOT_EXISTS}, {@link #INVALID}, or {@link #VALID}.
*/
@Override
protected Event doExecute(final RequestContext requestContext) throws Exception {
final String tgtId = WebUtils.getTicketGrantingTicketId(requestContext);
if (!StringUtils.hasText(tgtId)) {
return new Event(this, NOT_EXISTS);
}
String eventId = INVALID;
try {
final Ticket ticket = this.centralAuthenticationService.getTicket(tgtId, Ticket.class);
if (ticket != null && !ticket.isExpired()) {
eventId = VALID;
}
} catch (final AbstractTicketException e) {
LOGGER.trace("Could not retrieve ticket id [{}] from registry.", e.getMessage());
}
return new Event(this, eventId);
}
Also used :
Ticket(org.apereo.cas.ticket.Ticket)
Event(org.springframework.webflow.execution.Event)
AbstractTicketException(org.apereo.cas.ticket.AbstractTicketException)
Aggregations
Event (org.springframework.webflow.execution.Event)56
Test (org.junit.Test)26
MockRequestContext (org.springframework.webflow.test.MockRequestContext)20
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)15
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)15
Authentication (org.apereo.cas.authentication.Authentication)13
AuthenticationException (org.apereo.cas.authentication.AuthenticationException)13
ServletExternalContext (org.springframework.webflow.context.servlet.ServletExternalContext)13
RegisteredService (org.apereo.cas.services.RegisteredService)12
MultifactorAuthenticationProvider (org.apereo.cas.services.MultifactorAuthenticationProvider)11
MockServletContext (org.springframework.mock.web.MockServletContext)11
HttpServletRequest (javax.servlet.http.HttpServletRequest)9
CentralAuthenticationService (org.apereo.cas.CentralAuthenticationService)8
LogoutProperties (org.apereo.cas.configuration.model.core.logout.LogoutProperties)8
WebUtils (org.apereo.cas.web.support.WebUtils)8
EventFactorySupport (org.springframework.webflow.action.EventFactorySupport)8
RequestContext (org.springframework.webflow.execution.RequestContext)8
Logger (org.slf4j.Logger)7
LoggerFactory (org.slf4j.LoggerFactory)7
Map (java.util.Map)6
