Examples with AuthenticationResult org.apereo.cas.authentication.AuthenticationResult used on opensource projects

Search in sources :

Example 41 with AuthenticationResult

use of org.apereo.cas.authentication.AuthenticationResult in project cas by apereo.

the class AbstractServiceValidateControllerTests method verifyValidServiceTicketWithInvalidPgt.

@Test
public void verifyValidServiceTicketWithInvalidPgt() throws Exception {
    final AuthenticationResult ctx = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), SERVICE);
    final TicketGrantingTicket tId = getCentralAuthenticationService().createTicketGrantingTicket(ctx);
    final ServiceTicket sId = getCentralAuthenticationService().grantServiceTicket(tId.getId(), SERVICE, ctx);
    final MockHttpServletRequest request = new MockHttpServletRequest();
    request.addParameter(CasProtocolConstants.PARAMETER_SERVICE, SERVICE.getId());
    request.addParameter(CasProtocolConstants.PARAMETER_TICKET, sId.getId());
    request.addParameter(CasProtocolConstants.PARAMETER_PROXY_GRANTING_TICKET_URL, "duh");
    this.serviceValidateController.setProxyHandler(new Cas10ProxyHandler());
    final ModelAndView modelAndView = this.serviceValidateController.handleRequestInternal(request, new MockHttpServletResponse());
    assertTrue(modelAndView.getView().toString().contains(SUCCESS));
    assertNull(modelAndView.getModel().get(CasProtocolConstants.PARAMETER_PROXY_GRANTING_TICKET_IOU));
}
Also used : TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) ModelAndView(org.springframework.web.servlet.ModelAndView) Cas10ProxyHandler(org.apereo.cas.ticket.proxy.support.Cas10ProxyHandler) ServiceTicket(org.apereo.cas.ticket.ServiceTicket) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) AuthenticationResult(org.apereo.cas.authentication.AuthenticationResult) Test(org.junit.Test)

Example 42 with AuthenticationResult

use of org.apereo.cas.authentication.AuthenticationResult in project cas by apereo.

the class AbstractServiceValidateControllerTests method verifyValidServiceTicketWithValidPgtAndProxyHandlerFailing.

@Test
public void verifyValidServiceTicketWithValidPgtAndProxyHandlerFailing() throws Exception {
    final AuthenticationResult ctx = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), SERVICE);
    final TicketGrantingTicket tId = getCentralAuthenticationService().createTicketGrantingTicket(ctx);
    final ServiceTicket sId = getCentralAuthenticationService().grantServiceTicket(tId.getId(), SERVICE, ctx);
    final MockHttpServletRequest request = new MockHttpServletRequest();
    request.addParameter(CasProtocolConstants.PARAMETER_SERVICE, SERVICE.getId());
    request.addParameter(CasProtocolConstants.PARAMETER_TICKET, sId.getId());
    request.addParameter(CasProtocolConstants.PARAMETER_PROXY_GRANTING_TICKET_URL, SERVICE.getId());
    this.serviceValidateController.setProxyHandler((credential, proxyGrantingTicketId) -> null);
    final ModelAndView modelAndView = this.serviceValidateController.handleRequestInternal(request, new MockHttpServletResponse());
    assertFalse(modelAndView.getView().toString().contains(SUCCESS));
    assertNull(modelAndView.getModel().get(CasProtocolConstants.PARAMETER_PROXY_GRANTING_TICKET_IOU));
}
Also used : TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) ModelAndView(org.springframework.web.servlet.ModelAndView) ServiceTicket(org.apereo.cas.ticket.ServiceTicket) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) AuthenticationResult(org.apereo.cas.authentication.AuthenticationResult) Test(org.junit.Test)

Example 43 with AuthenticationResult

use of org.apereo.cas.authentication.AuthenticationResult in project cas by apereo.

the class DelegatedClientAuthenticationAction method doExecute.

@Override
protected Event doExecute(final RequestContext context) throws Exception {
    final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
    final HttpServletResponse response = WebUtils.getHttpServletResponse(context);
    final HttpSession session = request.getSession();
    // web context
    final WebContext webContext = WebUtils.getPac4jJ2EContext(request, response);
    // get client
    final String clientName = request.getParameter(this.clients.getClientNameParameter());
    LOGGER.debug("clientName: [{}]", clientName);
    if (hasDelegationRequestFailed(request, response.getStatus()).isPresent()) {
        return stopWebflow();
    }
    // it's an authentication
    if (StringUtils.isNotBlank(clientName)) {
        // get client
        final BaseClient<Credentials, CommonProfile> client = (BaseClient<Credentials, CommonProfile>) this.clients.findClient(clientName);
        LOGGER.debug("Client: [{}]", client);
        // get credentials
        final Credentials credentials;
        try {
            credentials = client.getCredentials(webContext);
            LOGGER.debug("Retrieved credentials: [{}]", credentials);
        } catch (final Exception e) {
            LOGGER.debug("The request requires http action", e);
            return stopWebflow();
        }
        // retrieve parameters from web session
        final Service service = (Service) session.getAttribute(CasProtocolConstants.PARAMETER_SERVICE);
        context.getFlowScope().put(CasProtocolConstants.PARAMETER_SERVICE, service);
        LOGGER.debug("Retrieve service: [{}]", service);
        if (service != null) {
            request.setAttribute(CasProtocolConstants.PARAMETER_SERVICE, service.getId());
        }
        restoreRequestAttribute(request, session, this.themeParamName);
        restoreRequestAttribute(request, session, this.localParamName);
        restoreRequestAttribute(request, session, CasProtocolConstants.PARAMETER_METHOD);
        // credentials not null -> try to authenticate
        if (credentials != null) {
            final AuthenticationResult authenticationResult = this.authenticationSystemSupport.handleAndFinalizeSingleAuthenticationTransaction(service, new ClientCredential(credentials));
            final TicketGrantingTicket tgt = this.centralAuthenticationService.createTicketGrantingTicket(authenticationResult);
            WebUtils.putTicketGrantingTicketInScopes(context, tgt);
            return success();
        }
    }
    // no or aborted authentication : go to login page
    prepareForLoginPage(context);
    if (response.getStatus() == HttpStatus.UNAUTHORIZED.value()) {
        return stopWebflow();
    }
    if (this.autoRedirect) {
        final Set<ProviderLoginPageConfiguration> urls = context.getFlowScope().get(PAC4J_URLS, Set.class);
        if (urls != null && urls.size() == 1) {
            final ProviderLoginPageConfiguration cfg = urls.stream().findFirst().get();
            LOGGER.debug("Auto-redirecting to client url [{}]", cfg.getRedirectUrl());
            response.sendRedirect(cfg.getRedirectUrl());
            final ExternalContext externalContext = context.getExternalContext();
            externalContext.recordResponseComplete();
            return stopWebflow();
        }
    }
    return error();
}
Also used : WebContext(org.pac4j.core.context.WebContext) HttpSession(javax.servlet.http.HttpSession) TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket) HttpServletResponse(javax.servlet.http.HttpServletResponse) CentralAuthenticationService(org.apereo.cas.CentralAuthenticationService) WebApplicationService(org.apereo.cas.authentication.principal.WebApplicationService) Service(org.apereo.cas.authentication.principal.Service) BaseClient(org.pac4j.core.client.BaseClient) AuthenticationResult(org.apereo.cas.authentication.AuthenticationResult) HttpServletRequest(javax.servlet.http.HttpServletRequest) ClientCredential(org.apereo.cas.authentication.principal.ClientCredential) CommonProfile(org.pac4j.core.profile.CommonProfile) ExternalContext(org.springframework.webflow.context.ExternalContext) Credentials(org.pac4j.core.credentials.Credentials)

Example 44 with AuthenticationResult

use of org.apereo.cas.authentication.AuthenticationResult in project cas by apereo.

the class WsFederationAction method doExecute.

/**
     * Executes the webflow action.
     *
     * @param context the context
     * @return the event
     * @throws Exception all unhandled exceptions
     */
@Override
protected Event doExecute(final RequestContext context) throws Exception {
    try {
        final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
        final HttpSession session = request.getSession();
        final String wa = request.getParameter(WA);
        // it's an authentication
        if (StringUtils.isNotBlank(wa) && wa.equalsIgnoreCase(WSIGNIN)) {
            final String wResult = request.getParameter(WRESULT);
            LOGGER.debug("Parameter [{}] received: [{}]", WRESULT, wResult);
            if (StringUtils.isBlank(wResult)) {
                LOGGER.error("No [{}] parameter is found", WRESULT);
                return error();
            }
            // create credentials
            LOGGER.debug("Attempting to create an assertion from the token parameter");
            final Assertion assertion = this.wsFederationHelper.parseTokenFromString(wResult, configuration);
            if (assertion == null) {
                LOGGER.error("Could not validate assertion via parsing the token from [{}]", WRESULT);
                return error();
            }
            LOGGER.debug("Attempting to validate the signature on the assertion");
            if (!this.wsFederationHelper.validateSignature(assertion, this.configuration)) {
                LOGGER.error("WS Requested Security Token is blank or the signature is not valid.");
                return error();
            }
            try {
                final Service service = (Service) session.getAttribute(SERVICE);
                LOGGER.debug("Creating credential based on the provided assertion");
                final WsFederationCredential credential = this.wsFederationHelper.createCredentialFromToken(assertion);
                final String rpId = getRelyingPartyIdentifier(service);
                if (credential != null && credential.isValid(rpId, this.configuration.getIdentityProviderIdentifier(), this.configuration.getTolerance())) {
                    LOGGER.debug("Validated assertion for the created credential successfully");
                    if (this.configuration.getAttributeMutator() != null) {
                        LOGGER.debug("Modifying credential attributes based on [{}]", this.configuration.getAttributeMutator().getClass().getSimpleName());
                        this.configuration.getAttributeMutator().modifyAttributes(credential.getAttributes());
                    }
                } else {
                    LOGGER.warn("SAML assertions are blank or no longer valid based on RP identifier [{}] and IdP identifier [{}]", rpId, this.configuration.getIdentityProviderIdentifier());
                    final String url = authorizationUrl + rpId;
                    context.getFlowScope().put(PROVIDERURL, url);
                    LOGGER.warn("Created authentication url [{}] and returning error", url);
                    return error();
                }
                context.getFlowScope().put(SERVICE, service);
                restoreRequestAttribute(request, session, THEME);
                restoreRequestAttribute(request, session, LOCALE);
                restoreRequestAttribute(request, session, METHOD);
                LOGGER.debug("Creating final authentication result based on the given credential");
                final AuthenticationResult authenticationResult = this.authenticationSystemSupport.handleAndFinalizeSingleAuthenticationTransaction(service, credential);
                LOGGER.debug("Attempting to create a ticket-granting ticket for the authentication result");
                WebUtils.putTicketGrantingTicketInScopes(context, this.centralAuthenticationService.createTicketGrantingTicket(authenticationResult));
                LOGGER.info("Token validated and new [{}] created: [{}]", credential.getClass().getName(), credential);
                return success();
            } catch (final AbstractTicketException e) {
                LOGGER.error(e.getMessage(), e);
                return error();
            }
        } else {
            // no authentication : go to login page. save parameters in web session
            final Service service = (Service) context.getFlowScope().get(SERVICE);
            if (service != null) {
                session.setAttribute(SERVICE, service);
            }
            saveRequestParameter(request, session, THEME);
            saveRequestParameter(request, session, LOCALE);
            saveRequestParameter(request, session, METHOD);
            final String url = authorizationUrl + getRelyingPartyIdentifier(service);
            LOGGER.info("Preparing to redirect to the IdP [{}]", url);
            context.getFlowScope().put(PROVIDERURL, url);
        }
        LOGGER.debug("Returning error event");
        return error();
    } catch (final Exception ex) {
        LOGGER.error(ex.getMessage(), ex);
        return error();
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpSession(javax.servlet.http.HttpSession) Assertion(org.opensaml.saml.saml1.core.Assertion) CentralAuthenticationService(org.apereo.cas.CentralAuthenticationService) RegisteredService(org.apereo.cas.services.RegisteredService) Service(org.apereo.cas.authentication.principal.Service) AbstractTicketException(org.apereo.cas.ticket.AbstractTicketException) AbstractTicketException(org.apereo.cas.ticket.AbstractTicketException) WsFederationCredential(org.apereo.cas.support.wsfederation.authentication.principal.WsFederationCredential) AuthenticationResult(org.apereo.cas.authentication.AuthenticationResult)

Example 45 with AuthenticationResult

use of org.apereo.cas.authentication.AuthenticationResult in project cas by apereo.

the class ECPProfileHandlerController method authenticateEcpRequest.

/**
     * Authenticate ecp request.
     *
     * @param credential   the credential
     * @param authnRequest the authn request
     * @return the authentication
     */
protected Authentication authenticateEcpRequest(final Credential credential, final Pair<AuthnRequest, MessageContext> authnRequest) {
    final Service service = webApplicationServiceFactory.createService(SamlIdPUtils.getIssuerFromSamlRequest(authnRequest.getKey()));
    final AuthenticationResult authenticationResult = authenticationSystemSupport.handleAndFinalizeSingleAuthenticationTransaction(service, credential);
    return authenticationResult.getAuthentication();
}
Also used : WebApplicationService(org.apereo.cas.authentication.principal.WebApplicationService) SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService) RegisteredService(org.apereo.cas.services.RegisteredService) Service(org.apereo.cas.authentication.principal.Service) AuthenticationResult(org.apereo.cas.authentication.AuthenticationResult)

Aggregations

AuthenticationResult (org.apereo.cas.authentication.AuthenticationResult)92 TicketGrantingTicket (org.apereo.cas.ticket.TicketGrantingTicket)66 Test (org.junit.Test)66 ServiceTicket (org.apereo.cas.ticket.ServiceTicket)47 Service (org.apereo.cas.authentication.principal.Service)41 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)21 Authentication (org.apereo.cas.authentication.Authentication)17 AbstractWebApplicationService (org.apereo.cas.authentication.principal.AbstractWebApplicationService)16 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)15 Credential (org.apereo.cas.authentication.Credential)13 Assertion (org.apereo.cas.validation.Assertion)12 CentralAuthenticationService (org.apereo.cas.CentralAuthenticationService)11 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)11 UsernamePasswordCredential (org.apereo.cas.authentication.UsernamePasswordCredential)9 RegisteredService (org.apereo.cas.services.RegisteredService)8 AuthenticationException (org.apereo.cas.authentication.AuthenticationException)7 ModelAndView (org.springframework.web.servlet.ModelAndView)7 AuthenticationResultBuilder (org.apereo.cas.authentication.AuthenticationResultBuilder)5 PostMapping (org.springframework.web.bind.annotation.PostMapping)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)4
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial