use of javax.servlet.http.HttpServletRequest in project cas by apereo.
the class ServiceWarningAction method doExecute.
@Override
protected Event doExecute(final RequestContext context) throws Exception {
final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
final HttpServletResponse response = WebUtils.getHttpServletResponse(context);
final Service service = WebUtils.getService(context);
final String ticketGrantingTicket = WebUtils.getTicketGrantingTicketId(context);
final Authentication authentication = this.ticketRegistrySupport.getAuthenticationFrom(ticketGrantingTicket);
if (authentication == null) {
throw new InvalidTicketException(new AuthenticationException("No authentication found for ticket " + ticketGrantingTicket), ticketGrantingTicket);
}
final Credential credential = WebUtils.getCredential(context);
final AuthenticationResultBuilder authenticationResultBuilder = authenticationSystemSupport.establishAuthenticationContextFromInitial(authentication, credential);
final AuthenticationResult authenticationResult = authenticationResultBuilder.build(service);
final ServiceTicket serviceTicketId = this.centralAuthenticationService.grantServiceTicket(ticketGrantingTicket, service, authenticationResult);
WebUtils.putServiceTicketInRequestScope(context, serviceTicketId);
if (request.getParameterMap().containsKey("ignorewarn")) {
if (Boolean.valueOf(request.getParameter("ignorewarn").toString())) {
this.warnCookieGenerator.removeCookie(response);
}
}
return new Event(this, CasWebflowConstants.STATE_ID_REDIRECT);
}
use of javax.servlet.http.HttpServletRequest in project cas by apereo.
the class BasicAuthenticationAction method constructCredentialsFromRequest.
@Override
protected Credential constructCredentialsFromRequest(final RequestContext requestContext) {
try {
final HttpServletRequest request = WebUtils.getHttpServletRequest(requestContext);
final HttpServletResponse response = WebUtils.getHttpServletResponse(requestContext);
final BasicAuthExtractor extractor = new BasicAuthExtractor(this.getClass().getSimpleName());
final WebContext webContext = WebUtils.getPac4jJ2EContext(request, response);
final UsernamePasswordCredentials credentials = extractor.extract(webContext);
if (credentials != null) {
LOGGER.debug("Received basic authentication request from credentials [{}]", credentials);
return new UsernamePasswordCredential(credentials.getUsername(), credentials.getPassword());
}
} catch (final Exception e) {
LOGGER.warn(e.getMessage(), e);
}
return null;
}
use of javax.servlet.http.HttpServletRequest in project cas by apereo.
the class ValidateCaptchaAction method doExecute.
@Override
protected Event doExecute(final RequestContext requestContext) throws Exception {
final HttpServletRequest request = WebUtils.getHttpServletRequest(requestContext);
final String gRecaptchaResponse = request.getParameter("g-recaptcha-response");
if (StringUtils.isBlank(gRecaptchaResponse)) {
LOGGER.warn("Recaptcha response is missing from the request");
return getError(requestContext);
}
try {
final URL obj = new URL(recaptchaProperties.getVerifyUrl());
final HttpsURLConnection con = (HttpsURLConnection) obj.openConnection();
con.setRequestMethod("POST");
con.setRequestProperty("User-Agent", WebUtils.getHttpServletRequestUserAgent());
con.setRequestProperty("Accept-Language", "en-US,en;q=0.5");
final String postParams = "secret=" + recaptchaProperties.getSecret() + "&response=" + gRecaptchaResponse;
LOGGER.debug("Sending 'POST' request to URL: [{}]", obj);
con.setDoOutput(true);
try (DataOutputStream wr = new DataOutputStream(con.getOutputStream())) {
wr.writeBytes(postParams);
wr.flush();
}
final int responseCode = con.getResponseCode();
LOGGER.debug("Response Code: [{}]", responseCode);
if (responseCode == HttpStatus.OK.value()) {
try (BufferedReader in = new BufferedReader(new InputStreamReader(con.getInputStream(), StandardCharsets.UTF_8))) {
final String response = in.lines().collect(Collectors.joining());
LOGGER.debug("Google captcha response received: [{}]", response);
final JsonNode node = READER.readTree(response);
if (node.has("success") && node.get("success").booleanValue()) {
return null;
}
}
}
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
}
return getError(requestContext);
}
use of javax.servlet.http.HttpServletRequest in project cas by apereo.
the class FrontChannelLogoutAction method doInternalExecute.
@Override
protected Event doInternalExecute(final HttpServletRequest request, final HttpServletResponse response, final RequestContext context) throws Exception {
final List<LogoutRequest> logoutRequests = WebUtils.getLogoutRequests(context);
final Map<LogoutRequest, LogoutHttpMessage> logoutUrls = new HashMap<>();
if (logoutRequests != null) {
logoutRequests.stream().filter(r -> r.getStatus() == LogoutRequestStatus.NOT_ATTEMPTED).forEach(r -> {
LOGGER.debug("Using logout url [{}] for front-channel logout requests", r.getLogoutUrl().toExternalForm());
final String logoutMessage = this.logoutManager.createFrontChannelLogoutMessage(r);
LOGGER.debug("Front-channel logout message to send is [{}]", logoutMessage);
final LogoutHttpMessage msg = new LogoutHttpMessage(r.getLogoutUrl(), logoutMessage, true);
logoutUrls.put(r, msg);
r.setStatus(LogoutRequestStatus.SUCCESS);
r.getService().setLoggedOutAlready(true);
});
if (!logoutUrls.isEmpty()) {
context.getFlowScope().put("logoutUrls", logoutUrls);
return new EventFactorySupport().event(this, "propagate");
}
}
return new EventFactorySupport().event(this, FINISH_EVENT);
}
use of javax.servlet.http.HttpServletRequest in project cas by apereo.
the class DateTimeAuthenticationRequestRiskCalculator method calculateScore.
@Override
protected BigDecimal calculateScore(final HttpServletRequest request, final Authentication authentication, final RegisteredService service, final Collection<CasEvent> events) {
final ZonedDateTime timestamp = ZonedDateTime.now();
LOGGER.debug("Filtering authentication events for timestamp [{}]", timestamp);
final long count = events.stream().filter(e -> e.getCreationTime().getHour() == timestamp.getHour() || e.getCreationTime().plusHours(windowInHours).getHour() == timestamp.getHour() || e.getCreationTime().minusHours(windowInHours).getHour() == timestamp.getHour()).count();
LOGGER.debug("Total authentication events found for [{}]: [{}]", timestamp, count);
if (count == events.size()) {
LOGGER.debug("Principal [{}] has always authenticated from [{}]", authentication.getPrincipal(), timestamp);
return LOWEST_RISK_SCORE;
}
return getFinalAveragedScore(count, events.size());
}
Aggregations