use of org.apereo.cas.authentication.AuthenticationException in project cas by apereo.
the class AdaptiveMultifactorAuthenticationPolicyEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
if (service == null || authentication == null) {
LOGGER.debug("No service or authentication is available to determine event for principal");
return null;
}
if (multifactorMap == null || multifactorMap.isEmpty()) {
LOGGER.debug("Adaptive authentication is not configured to require multifactor authentication");
return null;
}
final Map<String, MultifactorAuthenticationProvider> providerMap = WebUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap == null || providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context");
throw new AuthenticationException();
}
final Set<Event> providerFound = checkRequireMultifactorProvidersForRequest(context, service, authentication);
if (providerFound != null && !providerFound.isEmpty()) {
LOGGER.warn("Found multifactor authentication providers [{}] required for this authentication event", providerFound);
return providerFound;
}
return null;
}
use of org.apereo.cas.authentication.AuthenticationException in project cas by apereo.
the class AdaptiveMultifactorAuthenticationPolicyEventResolver method checkRequireMultifactorProvidersForRequest.
private Set<Event> checkRequireMultifactorProvidersForRequest(final RequestContext context, final RegisteredService service, final Authentication authentication) {
final ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
final String clientIp = clientInfo.getClientIpAddress();
LOGGER.debug("Located client IP address as [{}]", clientIp);
final String agent = WebUtils.getHttpServletRequestUserAgent();
final Map<String, MultifactorAuthenticationProvider> providerMap = WebUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
final Set<Map.Entry> entries = multifactorMap.entrySet();
for (final Map.Entry entry : entries) {
final String mfaMethod = entry.getKey().toString();
final String pattern = entry.getValue().toString();
final Optional<MultifactorAuthenticationProvider> providerFound = resolveProvider(providerMap, mfaMethod);
if (!providerFound.isPresent()) {
LOGGER.error("Adaptive authentication is configured to require [{}] for [{}], yet [{}] is absent in the configuration.", mfaMethod, pattern, mfaMethod);
throw new AuthenticationException();
}
if (checkUserAgentOrClientIp(clientIp, agent, mfaMethod, pattern)) {
return buildEvent(context, service, authentication, providerFound.get());
}
if (checkRequestGeoLocation(clientIp, mfaMethod, pattern)) {
return buildEvent(context, service, authentication, providerFound.get());
}
}
return null;
}
use of org.apereo.cas.authentication.AuthenticationException in project cas by apereo.
the class InitialAuthenticationAttemptWebflowEventResolver method returnAuthenticationExceptionEventIfNeeded.
private Event returnAuthenticationExceptionEventIfNeeded(final Exception e) {
final Exception ex;
if (e instanceof AuthenticationException || e instanceof AbstractTicketException) {
ex = e;
} else if (e.getCause() instanceof AuthenticationException || e.getCause() instanceof AbstractTicketException) {
ex = (Exception) e.getCause();
} else {
return null;
}
LOGGER.debug(ex.getMessage(), ex);
return newEvent(CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE, ex);
}
use of org.apereo.cas.authentication.AuthenticationException in project cas by apereo.
the class RequestParameterMultifactorAuthenticationPolicyEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
if (service == null || authentication == null) {
LOGGER.debug("No service or authentication is available to determine event for principal");
return null;
}
if (StringUtils.isBlank(mfaRequestParameter)) {
LOGGER.debug("No request parameter is defined to trigger multifactor authentication.");
return null;
}
final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
final String[] values = request.getParameterValues(mfaRequestParameter);
if (values != null && values.length > 0) {
LOGGER.debug("Received request parameter [{}] as [{}]", mfaRequestParameter, values);
final Map<String, MultifactorAuthenticationProvider> providerMap = WebUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap == null || providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context to satisfy [{}]", (Object[]) values);
throw new AuthenticationException();
}
final Optional<MultifactorAuthenticationProvider> providerFound = resolveProvider(providerMap, values[0]);
if (providerFound.isPresent()) {
final MultifactorAuthenticationProvider provider = providerFound.get();
if (provider.isAvailable(service)) {
LOGGER.debug("Attempting to build an event based on the authentication provider [{}] and service [{}]", provider, service.getName());
final Event event = validateEventIdForMatchingTransitionInContext(provider.getId(), context, buildEventAttributeMap(authentication.getPrincipal(), service, provider));
return Collections.singleton(event);
}
LOGGER.warn("Located multifactor provider [{}], yet the provider cannot be reached or verified", providerFound.get());
return null;
} else {
LOGGER.warn("No multifactor provider could be found for request parameter [{}]", (Object[]) values);
throw new AuthenticationException();
}
}
LOGGER.debug("No value could be found for request parameter [{}]", mfaRequestParameter);
return null;
}
use of org.apereo.cas.authentication.AuthenticationException in project cas by apereo.
the class ServiceWarningAction method doExecute.
@Override
protected Event doExecute(final RequestContext context) throws Exception {
final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
final HttpServletResponse response = WebUtils.getHttpServletResponse(context);
final Service service = WebUtils.getService(context);
final String ticketGrantingTicket = WebUtils.getTicketGrantingTicketId(context);
final Authentication authentication = this.ticketRegistrySupport.getAuthenticationFrom(ticketGrantingTicket);
if (authentication == null) {
throw new InvalidTicketException(new AuthenticationException("No authentication found for ticket " + ticketGrantingTicket), ticketGrantingTicket);
}
final Credential credential = WebUtils.getCredential(context);
final AuthenticationResultBuilder authenticationResultBuilder = authenticationSystemSupport.establishAuthenticationContextFromInitial(authentication, credential);
final AuthenticationResult authenticationResult = authenticationResultBuilder.build(service);
final ServiceTicket serviceTicketId = this.centralAuthenticationService.grantServiceTicket(ticketGrantingTicket, service, authenticationResult);
WebUtils.putServiceTicketInRequestScope(context, serviceTicketId);
if (request.getParameterMap().containsKey("ignorewarn")) {
if (Boolean.valueOf(request.getParameter("ignorewarn").toString())) {
this.warnCookieGenerator.removeCookie(response);
}
}
return new Event(this, CasWebflowConstants.STATE_ID_REDIRECT);
}
Aggregations