use of org.apereo.cas.authentication.Authentication in project cas by apereo.
the class RedirectToServiceAction method doExecute.
@Override
protected Event doExecute(final RequestContext requestContext) {
final WebApplicationService service = WebUtils.getService(requestContext);
LOGGER.debug("Located service [{}] from the context", service);
final Authentication auth = WebUtils.getAuthentication(requestContext);
LOGGER.debug("Located authentication [{}] from the context", auth);
final String serviceTicketId = WebUtils.getServiceTicketFromRequestScope(requestContext);
LOGGER.debug("Located service ticket [{}] from the context", serviceTicketId);
final ResponseBuilder builder = responseBuilderLocator.locate(service);
LOGGER.debug("Located service response builder [{}] for [{}]", builder, service);
final Response response = builder.build(service, serviceTicketId, auth);
LOGGER.debug("Built response [{}] for [{}]", response, service);
return finalizeResponseEvent(requestContext, service, response);
}
use of org.apereo.cas.authentication.Authentication in project cas by apereo.
the class InitialAuthenticationAttemptWebflowEventResolver method determineRegisteredServiceForEvent.
private RegisteredService determineRegisteredServiceForEvent(final RequestContext context, final Service service) {
RegisteredService registeredService = null;
if (service != null) {
LOGGER.debug("Locating service [{}] in service registry to determine authentication policy", service);
registeredService = this.servicesManager.findServiceBy(service);
LOGGER.debug("Locating authentication event in the request context...");
final Authentication authn = WebUtils.getAuthentication(context);
LOGGER.debug("Enforcing access strategy policies for registered service [{}] and principal [{}]", registeredService, authn.getPrincipal());
final AuditableContext audit = AuditableContext.builder().service(service).authentication(authn).registeredService(registeredService).retrievePrincipalAttributesFromReleasePolicy(Boolean.FALSE).build();
final AuditableExecutionResult result = this.registeredServiceAccessStrategyEnforcer.execute(audit);
result.throwExceptionIfNeeded();
}
return registeredService;
}
use of org.apereo.cas.authentication.Authentication in project cas by apereo.
the class ServiceTicketRequestWebflowEventResolver method grantServiceTicket.
/**
* Grant service ticket for the given credential based on the service and tgt
* that are found in the request context.
*
* @param context the context
* @return the resulting event. Warning, authentication failure or error.
* @since 4.1.0
*/
protected Event grantServiceTicket(final RequestContext context) {
final String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(context);
final Credential credential = getCredentialFromContext(context);
try {
final Service service = WebUtils.getService(context);
final Authentication authn = ticketRegistrySupport.getAuthenticationFrom(ticketGrantingTicketId);
final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
if (authn != null && registeredService != null) {
LOGGER.debug("Enforcing access strategy policies for registered service [{}] and principal [{}]", registeredService, authn.getPrincipal());
final AuditableContext audit = AuditableContext.builder().service(service).authentication(authn).registeredService(registeredService).retrievePrincipalAttributesFromReleasePolicy(Boolean.TRUE).build();
final AuditableExecutionResult accessResult = this.registeredServiceAccessStrategyEnforcer.execute(audit);
accessResult.throwExceptionIfNeeded();
}
final AuthenticationResult authenticationResult = this.authenticationSystemSupport.handleAndFinalizeSingleAuthenticationTransaction(service, credential);
final ServiceTicket serviceTicketId = this.centralAuthenticationService.grantServiceTicket(ticketGrantingTicketId, service, authenticationResult);
WebUtils.putServiceTicketInRequestScope(context, serviceTicketId);
WebUtils.putWarnCookieIfRequestParameterPresent(this.warnCookieGenerator, context);
return newEvent(CasWebflowConstants.TRANSITION_ID_WARN);
} catch (final AuthenticationException | AbstractTicketException e) {
return newEvent(CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE, e);
}
}
use of org.apereo.cas.authentication.Authentication in project cas by apereo.
the class AuthenticationAttributeMultifactorAuthenticationPolicyEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
if (authentication == null) {
LOGGER.debug("No authentication is available to determine event for principal");
return null;
}
if (attributeNames.isEmpty()) {
LOGGER.debug("Authentication attribute name to determine event is not configured");
return null;
}
final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap == null || providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context");
return null;
}
final Collection<MultifactorAuthenticationProvider> providers = flattenProviders(providerMap.values());
if (providers.size() == 1 && StringUtils.isNotBlank(globalAuthenticationAttributeValueRegex)) {
final MultifactorAuthenticationProvider provider = providers.iterator().next();
LOGGER.debug("Found a single multifactor provider [{}] in the application context", provider);
return resolveEventViaAuthenticationAttribute(authentication, attributeNames, service, context, providers, input -> input != null && input.matches(globalAuthenticationAttributeValueRegex));
}
return resolveEventViaAuthenticationAttribute(authentication, attributeNames, service, context, providers, input -> providers.stream().filter(provider -> input != null && provider.matches(input)).count() > 0);
}
use of org.apereo.cas.authentication.Authentication in project cas by apereo.
the class GlobalMultifactorAuthenticationPolicyEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
if (authentication == null) {
LOGGER.debug("No authentication is available to determine event for principal");
return null;
}
if (StringUtils.isBlank(globalProviderId)) {
LOGGER.debug("No value could be found for request parameter [{}]", globalProviderId);
return null;
}
LOGGER.debug("Attempting to globally activate [{}]", globalProviderId);
final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap == null || providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context to handle [{}]", globalProviderId);
throw new AuthenticationException();
}
final Optional<MultifactorAuthenticationProvider> providerFound = resolveProvider(providerMap, globalProviderId);
if (providerFound.isPresent()) {
final MultifactorAuthenticationProvider provider = providerFound.get();
if (provider.isAvailable(service)) {
LOGGER.debug("Attempting to build an event based on the authentication provider [{}] and service [{}]", provider, service);
final Map<String, Object> attributes = buildEventAttributeMap(authentication.getPrincipal(), service, provider);
final Event event = validateEventIdForMatchingTransitionInContext(provider.getId(), context, attributes);
return CollectionUtils.wrapSet(event);
}
LOGGER.warn("Located multifactor provider [{}], yet the provider cannot be reached or verified", provider);
return null;
}
LOGGER.warn("No multifactor provider could be found for [{}]", globalProviderId);
throw new AuthenticationException();
}
Aggregations