Search in sources :

Example 56 with Authentication

use of org.apereo.cas.authentication.Authentication in project cas by apereo.

the class RedirectToServiceAction method doExecute.

@Override
protected Event doExecute(final RequestContext requestContext) {
    final WebApplicationService service = WebUtils.getService(requestContext);
    LOGGER.debug("Located service [{}] from the context", service);
    final Authentication auth = WebUtils.getAuthentication(requestContext);
    LOGGER.debug("Located authentication [{}] from the context", auth);
    final String serviceTicketId = WebUtils.getServiceTicketFromRequestScope(requestContext);
    LOGGER.debug("Located service ticket [{}] from the context", serviceTicketId);
    final ResponseBuilder builder = responseBuilderLocator.locate(service);
    LOGGER.debug("Located service response builder [{}] for [{}]", builder, service);
    final Response response = builder.build(service, serviceTicketId, auth);
    LOGGER.debug("Built response [{}] for [{}]", response, service);
    return finalizeResponseEvent(requestContext, service, response);
}
Also used : Response(org.apereo.cas.authentication.principal.Response) WebApplicationService(org.apereo.cas.authentication.principal.WebApplicationService) Authentication(org.apereo.cas.authentication.Authentication) ResponseBuilder(org.apereo.cas.authentication.principal.ResponseBuilder)

Example 57 with Authentication

use of org.apereo.cas.authentication.Authentication in project cas by apereo.

the class InitialAuthenticationAttemptWebflowEventResolver method determineRegisteredServiceForEvent.

private RegisteredService determineRegisteredServiceForEvent(final RequestContext context, final Service service) {
    RegisteredService registeredService = null;
    if (service != null) {
        LOGGER.debug("Locating service [{}] in service registry to determine authentication policy", service);
        registeredService = this.servicesManager.findServiceBy(service);
        LOGGER.debug("Locating authentication event in the request context...");
        final Authentication authn = WebUtils.getAuthentication(context);
        LOGGER.debug("Enforcing access strategy policies for registered service [{}] and principal [{}]", registeredService, authn.getPrincipal());
        final AuditableContext audit = AuditableContext.builder().service(service).authentication(authn).registeredService(registeredService).retrievePrincipalAttributesFromReleasePolicy(Boolean.FALSE).build();
        final AuditableExecutionResult result = this.registeredServiceAccessStrategyEnforcer.execute(audit);
        result.throwExceptionIfNeeded();
    }
    return registeredService;
}
Also used : AuditableContext(org.apereo.cas.audit.AuditableContext) RegisteredService(org.apereo.cas.services.RegisteredService) Authentication(org.apereo.cas.authentication.Authentication) AuditableExecutionResult(org.apereo.cas.audit.AuditableExecutionResult)

Example 58 with Authentication

use of org.apereo.cas.authentication.Authentication in project cas by apereo.

the class ServiceTicketRequestWebflowEventResolver method grantServiceTicket.

/**
 * Grant service ticket for the given credential based on the service and tgt
 * that are found in the request context.
 *
 * @param context the context
 * @return the resulting event. Warning, authentication failure or error.
 * @since 4.1.0
 */
protected Event grantServiceTicket(final RequestContext context) {
    final String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(context);
    final Credential credential = getCredentialFromContext(context);
    try {
        final Service service = WebUtils.getService(context);
        final Authentication authn = ticketRegistrySupport.getAuthenticationFrom(ticketGrantingTicketId);
        final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
        if (authn != null && registeredService != null) {
            LOGGER.debug("Enforcing access strategy policies for registered service [{}] and principal [{}]", registeredService, authn.getPrincipal());
            final AuditableContext audit = AuditableContext.builder().service(service).authentication(authn).registeredService(registeredService).retrievePrincipalAttributesFromReleasePolicy(Boolean.TRUE).build();
            final AuditableExecutionResult accessResult = this.registeredServiceAccessStrategyEnforcer.execute(audit);
            accessResult.throwExceptionIfNeeded();
        }
        final AuthenticationResult authenticationResult = this.authenticationSystemSupport.handleAndFinalizeSingleAuthenticationTransaction(service, credential);
        final ServiceTicket serviceTicketId = this.centralAuthenticationService.grantServiceTicket(ticketGrantingTicketId, service, authenticationResult);
        WebUtils.putServiceTicketInRequestScope(context, serviceTicketId);
        WebUtils.putWarnCookieIfRequestParameterPresent(this.warnCookieGenerator, context);
        return newEvent(CasWebflowConstants.TRANSITION_ID_WARN);
    } catch (final AuthenticationException | AbstractTicketException e) {
        return newEvent(CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE, e);
    }
}
Also used : AuditableContext(org.apereo.cas.audit.AuditableContext) Credential(org.apereo.cas.authentication.Credential) RegisteredService(org.apereo.cas.services.RegisteredService) AuthenticationException(org.apereo.cas.authentication.AuthenticationException) Authentication(org.apereo.cas.authentication.Authentication) CentralAuthenticationService(org.apereo.cas.CentralAuthenticationService) RegisteredService(org.apereo.cas.services.RegisteredService) Service(org.apereo.cas.authentication.principal.Service) ServiceTicket(org.apereo.cas.ticket.ServiceTicket) AbstractTicketException(org.apereo.cas.ticket.AbstractTicketException) AuditableExecutionResult(org.apereo.cas.audit.AuditableExecutionResult) AuthenticationResult(org.apereo.cas.authentication.AuthenticationResult)

Example 59 with Authentication

use of org.apereo.cas.authentication.Authentication in project cas by apereo.

the class AuthenticationAttributeMultifactorAuthenticationPolicyEventResolver method resolveInternal.

@Override
public Set<Event> resolveInternal(final RequestContext context) {
    final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
    final Authentication authentication = WebUtils.getAuthentication(context);
    if (authentication == null) {
        LOGGER.debug("No authentication is available to determine event for principal");
        return null;
    }
    if (attributeNames.isEmpty()) {
        LOGGER.debug("Authentication attribute name to determine event is not configured");
        return null;
    }
    final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    if (providerMap == null || providerMap.isEmpty()) {
        LOGGER.error("No multifactor authentication providers are available in the application context");
        return null;
    }
    final Collection<MultifactorAuthenticationProvider> providers = flattenProviders(providerMap.values());
    if (providers.size() == 1 && StringUtils.isNotBlank(globalAuthenticationAttributeValueRegex)) {
        final MultifactorAuthenticationProvider provider = providers.iterator().next();
        LOGGER.debug("Found a single multifactor provider [{}] in the application context", provider);
        return resolveEventViaAuthenticationAttribute(authentication, attributeNames, service, context, providers, input -> input != null && input.matches(globalAuthenticationAttributeValueRegex));
    }
    return resolveEventViaAuthenticationAttribute(authentication, attributeNames, service, context, providers, input -> providers.stream().filter(provider -> input != null && provider.matches(input)).count() > 0);
}
Also used : CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties) MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider) Audit(org.apereo.inspektr.audit.annotation.Audit) Collection(java.util.Collection) MultifactorAuthenticationProviderSelector(org.apereo.cas.services.MultifactorAuthenticationProviderSelector) CentralAuthenticationService(org.apereo.cas.CentralAuthenticationService) AuthenticationServiceSelectionPlan(org.apereo.cas.authentication.AuthenticationServiceSelectionPlan) TicketRegistrySupport(org.apereo.cas.ticket.registry.TicketRegistrySupport) Set(java.util.Set) StringUtils(org.apache.commons.lang3.StringUtils) RequestContext(org.springframework.webflow.execution.RequestContext) RegisteredService(org.apereo.cas.services.RegisteredService) BaseMultifactorAuthenticationProviderEventResolver(org.apereo.cas.web.flow.authentication.BaseMultifactorAuthenticationProviderEventResolver) Slf4j(lombok.extern.slf4j.Slf4j) Authentication(org.apereo.cas.authentication.Authentication) StringUtils.commaDelimitedListToSet(org.springframework.util.StringUtils.commaDelimitedListToSet) Map(java.util.Map) AuthenticationSystemSupport(org.apereo.cas.authentication.AuthenticationSystemSupport) MultifactorAuthenticationUtils(org.apereo.cas.authentication.MultifactorAuthenticationUtils) WebUtils(org.apereo.cas.web.support.WebUtils) CookieGenerator(org.springframework.web.util.CookieGenerator) Event(org.springframework.webflow.execution.Event) ServicesManager(org.apereo.cas.services.ServicesManager) RegisteredService(org.apereo.cas.services.RegisteredService) Authentication(org.apereo.cas.authentication.Authentication) MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)

Example 60 with Authentication

use of org.apereo.cas.authentication.Authentication in project cas by apereo.

the class GlobalMultifactorAuthenticationPolicyEventResolver method resolveInternal.

@Override
public Set<Event> resolveInternal(final RequestContext context) {
    final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
    final Authentication authentication = WebUtils.getAuthentication(context);
    if (authentication == null) {
        LOGGER.debug("No authentication is available to determine event for principal");
        return null;
    }
    if (StringUtils.isBlank(globalProviderId)) {
        LOGGER.debug("No value could be found for request parameter [{}]", globalProviderId);
        return null;
    }
    LOGGER.debug("Attempting to globally activate [{}]", globalProviderId);
    final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    if (providerMap == null || providerMap.isEmpty()) {
        LOGGER.error("No multifactor authentication providers are available in the application context to handle [{}]", globalProviderId);
        throw new AuthenticationException();
    }
    final Optional<MultifactorAuthenticationProvider> providerFound = resolveProvider(providerMap, globalProviderId);
    if (providerFound.isPresent()) {
        final MultifactorAuthenticationProvider provider = providerFound.get();
        if (provider.isAvailable(service)) {
            LOGGER.debug("Attempting to build an event based on the authentication provider [{}] and service [{}]", provider, service);
            final Map<String, Object> attributes = buildEventAttributeMap(authentication.getPrincipal(), service, provider);
            final Event event = validateEventIdForMatchingTransitionInContext(provider.getId(), context, attributes);
            return CollectionUtils.wrapSet(event);
        }
        LOGGER.warn("Located multifactor provider [{}], yet the provider cannot be reached or verified", provider);
        return null;
    }
    LOGGER.warn("No multifactor provider could be found for [{}]", globalProviderId);
    throw new AuthenticationException();
}
Also used : RegisteredService(org.apereo.cas.services.RegisteredService) AuthenticationException(org.apereo.cas.authentication.AuthenticationException) Authentication(org.apereo.cas.authentication.Authentication) Event(org.springframework.webflow.execution.Event) MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)

Aggregations

Authentication (org.apereo.cas.authentication.Authentication)144 RegisteredService (org.apereo.cas.services.RegisteredService)61 Test (org.junit.Test)48 Service (org.apereo.cas.authentication.principal.Service)44 Principal (org.apereo.cas.authentication.principal.Principal)38 TicketGrantingTicket (org.apereo.cas.ticket.TicketGrantingTicket)24 MultifactorAuthenticationProvider (org.apereo.cas.services.MultifactorAuthenticationProvider)21 ServiceTicket (org.apereo.cas.ticket.ServiceTicket)21 Event (org.springframework.webflow.execution.Event)20 AuthenticationException (org.apereo.cas.authentication.AuthenticationException)18 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)18 AuthenticationResult (org.apereo.cas.authentication.AuthenticationResult)17 HttpServletRequest (javax.servlet.http.HttpServletRequest)15 CentralAuthenticationService (org.apereo.cas.CentralAuthenticationService)15 HashMap (java.util.HashMap)14 Assertion (org.apereo.cas.validation.Assertion)14 NeverExpiresExpirationPolicy (org.apereo.cas.ticket.support.NeverExpiresExpirationPolicy)13 MockTicketGrantingTicket (org.apereo.cas.mock.MockTicketGrantingTicket)12 Collection (java.util.Collection)11 AuditableExecutionResult (org.apereo.cas.audit.AuditableExecutionResult)11