use of org.springframework.webflow.execution.Event in project cas by apereo.
the class TicketGrantingTicketCheckActionTests method verifyValidTicket.
@Test
public void verifyValidTicket() throws Exception {
final MockRequestContext ctx = new MockRequestContext();
final AuthenticationResult ctxAuthN = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport());
final TicketGrantingTicket tgt = this.getCentralAuthenticationService().createTicketGrantingTicket(ctxAuthN);
WebUtils.putTicketGrantingTicketInScopes(ctx, tgt);
final TicketGrantingTicketCheckAction action = new TicketGrantingTicketCheckAction(this.getCentralAuthenticationService());
final Event event = action.doExecute(ctx);
assertEquals(event.getId(), TicketGrantingTicketCheckAction.VALID);
}
use of org.springframework.webflow.execution.Event in project cas by apereo.
the class TicketGrantingTicketCheckActionTests method verifyInvalidTicket.
@Test
public void verifyInvalidTicket() throws Exception {
final MockRequestContext ctx = new MockRequestContext();
final MockTicketGrantingTicket tgt = new MockTicketGrantingTicket("user");
WebUtils.putTicketGrantingTicketInScopes(ctx, tgt);
final TicketGrantingTicketCheckAction action = new TicketGrantingTicketCheckAction(this.getCentralAuthenticationService());
final Event event = action.doExecute(ctx);
assertEquals(event.getId(), TicketGrantingTicketCheckAction.INVALID);
}
use of org.springframework.webflow.execution.Event in project cas by apereo.
the class GrouperMultifactorAuthenticationPolicyEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
if (StringUtils.isBlank(grouperField)) {
LOGGER.debug("No group field is defined to process for Grouper multifactor trigger");
return null;
}
if (authentication == null) {
LOGGER.debug("No authentication is available to determine event for principal");
return null;
}
final Principal principal = authentication.getPrincipal();
final List<WsGetGroupsResult> results = GrouperFacade.getGroupsForSubjectId(principal.getId());
if (results.isEmpty()) {
LOGGER.debug("No groups could be found for [{}] to resolve events for MFA", principal);
return null;
}
final Map<String, MultifactorAuthenticationProvider> providerMap = WebUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap == null || providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context");
throw new AuthenticationException();
}
final GrouperGroupField groupField = GrouperGroupField.valueOf(grouperField);
final Set<String> values = results.stream().map(wsGetGroupsResult -> Stream.of(wsGetGroupsResult.getWsGroups())).flatMap(Function.identity()).map(g -> GrouperFacade.getGrouperGroupAttribute(groupField, g)).collect(Collectors.toSet());
final Optional<MultifactorAuthenticationProvider> providerFound = resolveProvider(providerMap, values);
if (providerFound.isPresent()) {
if (providerFound.get().isAvailable(service)) {
LOGGER.debug("Attempting to build event based on the authentication provider [{}] and service [{}]", providerFound.get(), service.getName());
final Event event = validateEventIdForMatchingTransitionInContext(providerFound.get().getId(), context, buildEventAttributeMap(authentication.getPrincipal(), service, providerFound.get()));
return Collections.singleton(event);
}
LOGGER.warn("Located multifactor provider [{}], yet the provider cannot be reached or verified", providerFound.get());
return null;
}
LOGGER.debug("No multifactor provider could be found based on [{}]'s Grouper groups", principal.getId());
return null;
}
use of org.springframework.webflow.execution.Event in project cas by apereo.
the class DelegatedClientAuthenticationActionTests method verifyStartAuthentication.
@Test
public void verifyStartAuthentication() throws Exception {
final MockHttpServletResponse mockResponse = new MockHttpServletResponse();
final MockHttpServletRequest mockRequest = new MockHttpServletRequest();
mockRequest.setParameter(ThemeChangeInterceptor.DEFAULT_PARAM_NAME, MY_THEME);
mockRequest.setParameter(LocaleChangeInterceptor.DEFAULT_PARAM_NAME, MY_LOCALE);
mockRequest.setParameter(CasProtocolConstants.PARAMETER_METHOD, MY_METHOD);
final MockHttpSession mockSession = new MockHttpSession();
mockRequest.setSession(mockSession);
final ServletExternalContext servletExternalContext = mock(ServletExternalContext.class);
when(servletExternalContext.getNativeRequest()).thenReturn(mockRequest);
when(servletExternalContext.getNativeResponse()).thenReturn(mockResponse);
final MockRequestContext mockRequestContext = new MockRequestContext();
mockRequestContext.setExternalContext(servletExternalContext);
mockRequestContext.getFlowScope().put(CasProtocolConstants.PARAMETER_SERVICE, RegisteredServiceTestUtils.getService(MY_SERVICE));
final FacebookClient facebookClient = new FacebookClient(MY_KEY, MY_SECRET);
final TwitterClient twitterClient = new TwitterClient("3nJPbVTVRZWAyUgoUKQ8UA", "h6LZyZJmcW46Vu8R47MYfeXTSYGI30EqnWaSwVhFkbA");
final Clients clients = new Clients(MY_LOGIN_URL, facebookClient, twitterClient);
final DelegatedClientAuthenticationAction action = new DelegatedClientAuthenticationAction(clients, null, mock(CentralAuthenticationService.class), "theme", "locale", false);
final Event event = action.execute(mockRequestContext);
assertEquals("error", event.getId());
assertEquals(MY_THEME, mockSession.getAttribute(ThemeChangeInterceptor.DEFAULT_PARAM_NAME));
assertEquals(MY_LOCALE, mockSession.getAttribute(LocaleChangeInterceptor.DEFAULT_PARAM_NAME));
assertEquals(MY_METHOD, mockSession.getAttribute(CasProtocolConstants.PARAMETER_METHOD));
final MutableAttributeMap flowScope = mockRequestContext.getFlowScope();
final Set<DelegatedClientAuthenticationAction.ProviderLoginPageConfiguration> urls = (Set<DelegatedClientAuthenticationAction.ProviderLoginPageConfiguration>) flowScope.get(DelegatedClientAuthenticationAction.PAC4J_URLS);
assertFalse(urls.isEmpty());
assertSame(2, urls.size());
}
use of org.springframework.webflow.execution.Event in project cas by apereo.
the class OidcAuthenticationContextWebflowEventEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
if (service == null || authentication == null) {
LOGGER.debug("No service or authentication is available to determine event for principal");
return null;
}
String acr = request.getParameter(OAuthConstants.ACR_VALUES);
if (StringUtils.isBlank(acr)) {
final URIBuilder builderContext = new URIBuilder(StringUtils.trimToEmpty(context.getFlowExecutionUrl()));
final Optional<URIBuilder.BasicNameValuePair> parameter = builderContext.getQueryParams().stream().filter(p -> p.getName().equals(OAuthConstants.ACR_VALUES)).findFirst();
if (parameter.isPresent()) {
acr = parameter.get().getValue();
}
}
if (StringUtils.isBlank(acr)) {
LOGGER.debug("No ACR provided in the authentication request");
return null;
}
final Set<String> values = org.springframework.util.StringUtils.commaDelimitedListToSet(acr);
if (values.isEmpty()) {
LOGGER.debug("No ACR provided in the authentication request");
return null;
}
final Map<String, MultifactorAuthenticationProvider> providerMap = WebUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap == null || providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context to handle [{}]", values);
throw new AuthenticationException();
}
final Collection<MultifactorAuthenticationProvider> flattenedProviders = flattenProviders(providerMap.values());
final Optional<MultifactorAuthenticationProvider> provider = flattenedProviders.stream().filter(v -> values.contains(v.getId())).findAny();
if (provider.isPresent()) {
return Collections.singleton(new Event(this, provider.get().getId()));
}
LOGGER.warn("The requested authentication class [{}] cannot be satisfied by any of the MFA providers available", values);
throw new AuthenticationException();
}
Aggregations