Examples with AuthenticationException org.apereo.cas.authentication.AuthenticationException used on opensource projects

Example 26 with AuthenticationException

use of org.apereo.cas.authentication.AuthenticationException in project cas by apereo.

the class TicketGrantingTicketResourceTests method configureCasMockTGTCreationToThrowAuthenticationException.

private void configureCasMockTGTCreationToThrowAuthenticationException() {
    final Map<String, Throwable> handlerErrors = new HashMap<>(1);
    handlerErrors.put("TestCaseAuthenticationHandler", new LoginException("Login failed"));
    when(this.casMock.createTicketGrantingTicket(any(AuthenticationResult.class))).thenThrow(new AuthenticationException(handlerErrors));
}

Example 27 with AuthenticationException

use of org.apereo.cas.authentication.AuthenticationException in project cas by apereo.

the class AbstractServiceValidateController method handleTicketValidation.

/**
 * Handle ticket validation model and view.
 *
 * @param request         the request
 * @param service         the service
 * @param serviceTicketId the service ticket id
 * @return the model and view
 */
protected ModelAndView handleTicketValidation(final HttpServletRequest request, final WebApplicationService service, final String serviceTicketId) {
    TicketGrantingTicket proxyGrantingTicketId = null;
    final Credential serviceCredential = getServiceCredentialsFromRequest(service, request);
    if (serviceCredential != null) {
        try {
            proxyGrantingTicketId = handleProxyGrantingTicketDelivery(serviceTicketId, serviceCredential);
        } catch (final AuthenticationException e) {
            LOGGER.warn("Failed to authenticate service credential [{}]", serviceCredential);
            return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_PROXY_CALLBACK, new Object[] { serviceCredential.getId() }, request, service);
        } catch (final InvalidTicketException e) {
            LOGGER.error("Failed to create proxy granting ticket due to an invalid ticket for [{}]", serviceCredential, e);
            return generateErrorView(e.getCode(), new Object[] { serviceTicketId }, request, service);
        } catch (final AbstractTicketException e) {
            LOGGER.error("Failed to create proxy granting ticket for [{}]", serviceCredential, e);
            return generateErrorView(e.getCode(), new Object[] { serviceCredential.getId() }, request, service);
        }
    }
    final Assertion assertion = this.centralAuthenticationService.validateServiceTicket(serviceTicketId, service);
    if (!validateAssertion(request, serviceTicketId, assertion, service)) {
        return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_TICKET, new Object[] { serviceTicketId }, request, service);
    }
    final Pair<Boolean, Optional<MultifactorAuthenticationProvider>> ctxResult = validateAuthenticationContext(assertion, request);
    if (!ctxResult.getKey()) {
        throw new UnsatisfiedAuthenticationContextTicketValidationException(assertion.getService());
    }
    String proxyIou = null;
    if (serviceCredential != null && this.proxyHandler != null && this.proxyHandler.canHandle(serviceCredential)) {
        proxyIou = handleProxyIouDelivery(serviceCredential, proxyGrantingTicketId);
        if (StringUtils.isEmpty(proxyIou)) {
            return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_PROXY_CALLBACK, new Object[] { serviceCredential.getId() }, request, service);
        }
    } else {
        LOGGER.debug("No service credentials specified, and/or the proxy handler [{}] cannot handle credentials", this.proxyHandler);
    }
    onSuccessfulValidation(serviceTicketId, assertion);
    LOGGER.debug("Successfully validated service ticket [{}] for service [{}]", serviceTicketId, service.getId());
    return generateSuccessView(assertion, proxyIou, service, request, ctxResult.getValue(), proxyGrantingTicketId);
}

Example 28 with AuthenticationException

use of org.apereo.cas.authentication.AuthenticationException in project cas by apereo.

the class TicketsResourceTests method configureCasMockTGTCreationToThrowAuthenticationException.

private void configureCasMockTGTCreationToThrowAuthenticationException() throws Throwable {
    final Map<String, Class<? extends Exception>> handlerErrors = new HashMap<>(1);
    handlerErrors.put("TestCaseAuthenticationHander", LoginException.class);
    when(this.casMock.createTicketGrantingTicket(any(AuthenticationResult.class))).thenThrow(new AuthenticationException(handlerErrors));
}

Example 29 with AuthenticationException

use of org.apereo.cas.authentication.AuthenticationException in project cas by apereo.

the class GlobalMultifactorAuthenticationPolicyEventResolver method resolveInternal.

@Override
public Set<Event> resolveInternal(final RequestContext context) {
    final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
    final Authentication authentication = WebUtils.getAuthentication(context);
    if (authentication == null) {
        LOGGER.debug("No authentication is available to determine event for principal");
        return null;
    }
    final String mfaId = globalProviderId;
    if (StringUtils.isBlank(mfaId)) {
        LOGGER.debug("No value could be found for request parameter [{}]", mfaId);
        return null;
    }
    LOGGER.debug("Attempting to globally activate [{}]", mfaId);
    final Map<String, MultifactorAuthenticationProvider> providerMap = WebUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    if (providerMap == null || providerMap.isEmpty()) {
        LOGGER.error("No multifactor authentication providers are available in the application context to handle " + mfaId);
        throw new AuthenticationException();
    }
    final Optional<MultifactorAuthenticationProvider> providerFound = resolveProvider(providerMap, mfaId);
    if (providerFound.isPresent()) {
        if (providerFound.get().isAvailable(service)) {
            LOGGER.debug("Attempting to build an event based on the authentication provider [{}] and service [{}]", providerFound.get(), service.getName());
            final Event event = validateEventIdForMatchingTransitionInContext(providerFound.get().getId(), context, buildEventAttributeMap(authentication.getPrincipal(), service, providerFound.get()));
            return Collections.singleton(event);
        }
        LOGGER.warn("Located multifactor provider [{}], yet the provider cannot be reached or verified", providerFound.get());
        return null;
    }
    LOGGER.warn("No multifactor provider could be found for [{}]", mfaId);
    throw new AuthenticationException();
}

Example 30 with AuthenticationException

use of org.apereo.cas.authentication.AuthenticationException in project cas by apereo.

the class AbstractAuthenticationAction method doExecute.

@Override
protected Event doExecute(final RequestContext requestContext) throws Exception {
    final String agent = WebUtils.getHttpServletRequestUserAgent();
    final GeoLocationRequest geoLocation = WebUtils.getHttpServletRequestGeoLocation();
    if (!adaptiveAuthenticationPolicy.apply(agent, geoLocation)) {
        final String msg = "Adaptive authentication policy does not allow this request for " + agent + " and " + geoLocation;
        final Map<String, Class<? extends Exception>> map = Collections.singletonMap(UnauthorizedAuthenticationException.class.getSimpleName(), UnauthorizedAuthenticationException.class);
        final AuthenticationException error = new AuthenticationException(msg, map, Collections.emptyMap());
        return new Event(this, CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE, new LocalAttributeMap(CasWebflowConstants.TRANSITION_ID_ERROR, error));
    }
    final Event serviceTicketEvent = this.serviceTicketRequestWebflowEventResolver.resolveSingle(requestContext);
    if (serviceTicketEvent != null) {
        fireEventHooks(serviceTicketEvent, requestContext);
        return serviceTicketEvent;
    }
    final Event finalEvent = this.initialAuthenticationAttemptWebflowEventResolver.resolveSingle(requestContext);
    fireEventHooks(finalEvent, requestContext);
    return finalEvent;
}