Examples with AuthenticationException org.apereo.cas.authentication.AuthenticationException used on opensource projects

Example 31 with AuthenticationException

use of org.apereo.cas.authentication.AuthenticationException in project cas by apereo.

the class GenerateServiceTicketAction method doExecute.

/**
 * {@inheritDoc}
 * <p>
 * In the initial primary authentication flow, credentials are cached and available.
 * Since they are authenticated as part of submission first, there is no need to doubly
 * authenticate and verify credentials.
 * <p>
 * In subsequent authentication flows where a TGT is available and only an ST needs to be
 * created, there are no cached copies of the credential, since we do have a TGT available.
 * So we will simply grab the available authentication and produce the final result based on that.
 */
@Override
protected Event doExecute(final RequestContext context) {
    final Service service = WebUtils.getService(context);
    LOGGER.debug("Service asking for service ticket is [{}]", service);
    final String ticketGrantingTicket = WebUtils.getTicketGrantingTicketId(context);
    LOGGER.debug("Ticket-granting ticket found in the context is [{}]", ticketGrantingTicket);
    try {
        final Authentication authentication = this.ticketRegistrySupport.getAuthenticationFrom(ticketGrantingTicket);
        if (authentication == null) {
            throw new InvalidTicketException(new AuthenticationException("No authentication found for ticket " + ticketGrantingTicket), ticketGrantingTicket);
        }
        final Service selectedService = authenticationRequestServiceSelectionStrategies.resolveService(service);
        final RegisteredService registeredService = servicesManager.findServiceBy(selectedService);
        LOGGER.debug("Registered service asking for service ticket is [{}]", registeredService);
        WebUtils.putRegisteredService(context, registeredService);
        WebUtils.putService(context, service);
        if (registeredService != null) {
            final URI url = registeredService.getAccessStrategy().getUnauthorizedRedirectUrl();
            if (url != null) {
                LOGGER.debug("Registered service may redirect to [{}] for unauthorized access requests", url);
            }
            WebUtils.putUnauthorizedRedirectUrlIntoFlowScope(context, url);
        }
        if (WebUtils.getWarningCookie(context)) {
            LOGGER.debug("Warning cookie is present in the request context. Routing result to [{}] state", CasWebflowConstants.STATE_ID_WARN);
            return result(CasWebflowConstants.STATE_ID_WARN);
        }
        final Credential credential = WebUtils.getCredential(context);
        final AuthenticationResultBuilder builder = this.authenticationSystemSupport.establishAuthenticationContextFromInitial(authentication, credential);
        final AuthenticationResult authenticationResult = builder.build(service);
        LOGGER.debug("Built the final authentication result [{}] to grant service ticket to [{}]", authenticationResult, service);
        final ServiceTicket serviceTicketId = this.centralAuthenticationService.grantServiceTicket(ticketGrantingTicket, service, authenticationResult);
        WebUtils.putServiceTicketInRequestScope(context, serviceTicketId);
        LOGGER.debug("Granted service ticket [{}] and added it to the request scope", serviceTicketId);
        return success();
    } catch (final AbstractTicketException e) {
        if (e instanceof InvalidTicketException) {
            LOGGER.debug("CAS has determined ticket-granting ticket [{}] is invalid and must be destroyed", ticketGrantingTicket);
            this.centralAuthenticationService.destroyTicketGrantingTicket(ticketGrantingTicket);
        }
        if (isGatewayPresent(context)) {
            LOGGER.debug("Request indicates that it is gateway. Routing result to [{}] state", CasWebflowConstants.STATE_ID_GATEWAY);
            return result(CasWebflowConstants.STATE_ID_GATEWAY);
        }
        LOGGER.warn("Could not grant service ticket [{}]. Routing to [{}]", e.getMessage(), CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE);
        return newEvent(CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE, e);
    }
}

Example 32 with AuthenticationException

use of org.apereo.cas.authentication.AuthenticationException in project cas by apereo.

the class ServiceWarningAction method doExecute.

@Override
protected Event doExecute(final RequestContext context) {
    final HttpServletRequest request = WebUtils.getHttpServletRequestFromExternalWebflowContext(context);
    final HttpServletResponse response = WebUtils.getHttpServletResponseFromExternalWebflowContext(context);
    final Service service = WebUtils.getService(context);
    final String ticketGrantingTicket = WebUtils.getTicketGrantingTicketId(context);
    final Authentication authentication = this.ticketRegistrySupport.getAuthenticationFrom(ticketGrantingTicket);
    if (authentication == null) {
        throw new InvalidTicketException(new AuthenticationException("No authentication found for ticket " + ticketGrantingTicket), ticketGrantingTicket);
    }
    final Credential credential = WebUtils.getCredential(context);
    final AuthenticationResultBuilder authenticationResultBuilder = authenticationSystemSupport.establishAuthenticationContextFromInitial(authentication, credential);
    final AuthenticationResult authenticationResult = authenticationResultBuilder.build(service);
    final ServiceTicket serviceTicketId = this.centralAuthenticationService.grantServiceTicket(ticketGrantingTicket, service, authenticationResult);
    WebUtils.putServiceTicketInRequestScope(context, serviceTicketId);
    if (request.getParameterMap().containsKey("ignorewarn")) {
        if (Boolean.parseBoolean(request.getParameter("ignorewarn"))) {
            this.warnCookieGenerator.removeCookie(response);
        }
    }
    return new Event(this, CasWebflowConstants.STATE_ID_REDIRECT);
}

Example 33 with AuthenticationException

use of org.apereo.cas.authentication.AuthenticationException in project cas by apereo.

the class AuthenticationExceptionHandlerAction method handle.

/**
 * Maps an authentication exception onto a state name.
 * Also sets an ERROR severity message in the message context.
 *
 * @param e              Authentication error to handle.
 * @param requestContext the spring  context
 * @return Name of next flow state to transition to or {@value #UNKNOWN}
 */
public String handle(final Exception e, final RequestContext requestContext) {
    final MessageContext messageContext = requestContext.getMessageContext();
    if (e instanceof AuthenticationException) {
        return handleAuthenticationException((AuthenticationException) e, requestContext);
    }
    if (e instanceof AbstractTicketException) {
        return handleAbstractTicketException((AbstractTicketException) e, requestContext);
    }
    LOGGER.trace("Unable to translate errors of the authentication exception [{}]. Returning [{}]", e, UNKNOWN);
    final String messageCode = this.messageBundlePrefix + UNKNOWN;
    messageContext.addMessage(new MessageBuilder().error().code(messageCode).build());
    return UNKNOWN;
}

Example 34 with AuthenticationException

use of org.apereo.cas.authentication.AuthenticationException in project cas by apereo.

the class TimedMultifactorAuthenticationPolicyEventResolver method resolveInternal.

@Override
public Set<Event> resolveInternal(final RequestContext context) {
    final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
    final Authentication authentication = WebUtils.getAuthentication(context);
    if (service == null || authentication == null) {
        LOGGER.debug("No service or authentication is available to determine event for principal");
        return null;
    }
    if (timedMultifactor == null || timedMultifactor.isEmpty()) {
        LOGGER.debug("Adaptive authentication is not configured to require multifactor authentication by time");
        return null;
    }
    final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    if (providerMap == null || providerMap.isEmpty()) {
        LOGGER.error("No multifactor authentication providers are available in the application context");
        throw new AuthenticationException();
    }
    final Set<Event> providerFound = checkTimedMultifactorProvidersForRequest(context, service, authentication);
    if (providerFound != null && !providerFound.isEmpty()) {
        LOGGER.warn("Found multifactor authentication providers [{}] required for this authentication event", providerFound);
        return providerFound;
    }
    return null;
}

Example 35 with AuthenticationException

use of org.apereo.cas.authentication.AuthenticationException in project cas by apereo.

the class AuthenticationExceptionHandlerActionTests method handleAccountNotFoundExceptionByDefault.

@Test
public void handleAccountNotFoundExceptionByDefault() {
    final AuthenticationExceptionHandlerAction handler = new AuthenticationExceptionHandlerAction(CollectionUtils.wrapSet(AccountLockedException.class, AccountNotFoundException.class));
    final RequestContext req = getMockRequestContext();
    final Map<String, Throwable> map = new HashMap<>();
    map.put("notFound", new AccountNotFoundException());
    final String id = handler.handle(new AuthenticationException(map), req);
    assertEquals(AccountNotFoundException.class.getSimpleName(), id);
}