Examples with Credential org.apereo.cas.authentication.Credential used on opensource projects

Example 26 with Credential

use of org.apereo.cas.authentication.Credential in project cas by apereo.

the class KryoTranscoderTests method verifyEncodeDecodeTGTWithUnmodifiableMap.

@Test
public void verifyEncodeDecodeTGTWithUnmodifiableMap() throws Exception {
    final Credential userPassCredential = new UsernamePasswordCredential(USERNAME, PASSWORD);
    final TicketGrantingTicket expectedTGT = new MockTicketGrantingTicket(TGT_ID, userPassCredential, new HashMap<>(this.principalAttributes));
    expectedTGT.grantServiceTicket(ST_ID, null, null, false, true);
    assertEquals(expectedTGT, transcoder.decode(transcoder.encode(expectedTGT)));
}

Example 27 with Credential

use of org.apereo.cas.authentication.Credential in project cas by apereo.

the class SpnegoCredentialsAction method setResponseHeader.

/**
     * Sets the response header based on the retrieved token.
     *
     * @param context    the context
     */
private void setResponseHeader(final RequestContext context) {
    final Credential credential = WebUtils.getCredential(context);
    if (credential == null) {
        LOGGER.debug("No credential was provided. No response header set.");
        return;
    }
    final HttpServletResponse response = WebUtils.getHttpServletResponse(context);
    final SpnegoCredential spnegoCredentials = (SpnegoCredential) credential;
    final byte[] nextToken = spnegoCredentials.getNextToken();
    if (nextToken != null) {
        LOGGER.debug("Obtained output token: [{}]", new String(nextToken, Charset.defaultCharset()));
        response.setHeader(SpnegoConstants.HEADER_AUTHENTICATE, (this.ntlm ? SpnegoConstants.NTLM : SpnegoConstants.NEGOTIATE) + ' ' + EncodingUtils.encodeBase64(nextToken));
    } else {
        LOGGER.debug("Unable to obtain the output token required.");
    }
    if (spnegoCredentials.getPrincipal() == null && this.send401OnAuthenticationFailure) {
        LOGGER.debug("Setting HTTP Status to 401");
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
    }
}

Example 28 with Credential

use of org.apereo.cas.authentication.Credential in project cas by apereo.

the class ChainingPrincipalResolver method resolve.

/**
     * {@inheritDoc}
     * Resolves a credential by delegating to each of the configured resolvers in sequence. Note that the
     * final principal is taken from the first resolved principal in the chain, yet attributes are merged.
     *
     * @param credential Authenticated credential.
     * @param principal  Authenticated principal, if any.
     * @return The principal from the last configured resolver in the chain.
     */
@Override
public Principal resolve(final Credential credential, final Principal principal, final AuthenticationHandler handler) {
    final List<Principal> principals = new ArrayList<>();
    chain.stream().filter(resolver -> resolver.supports(credential)).forEach(resolver -> {
        LOGGER.debug("Invoking principal resolver [{}]", resolver);
        final Principal p = resolver.resolve(credential, principal, handler);
        if (p != null) {
            principals.add(p);
        }
    });
    if (principals.isEmpty()) {
        LOGGER.warn("None of the principal resolvers in the chain were able to produce a principal");
        return NullPrincipal.getInstance();
    }
    final Map<String, Object> attributes = new HashMap<>();
    principals.forEach(p -> {
        if (p != null) {
            LOGGER.debug("Resolved principal [{}]", p);
            if (p.getAttributes() != null && !p.getAttributes().isEmpty()) {
                LOGGER.debug("Adding attributes [{}] for the final principal", p.getAttributes());
                attributes.putAll(p.getAttributes());
            }
        }
    });
    final long count = principals.stream().map(p -> p.getId().trim().toLowerCase()).distinct().collect(Collectors.toSet()).size();
    if (count > 1) {
        throw new PrincipalException("Resolved principals by the chain are not unique because principal resolvers have produced CAS principals " + "with different identifiers which typically is the result of a configuration issue.", Collections.emptyMap(), Collections.emptyMap());
    }
    final String principalId = principal != null ? principal.getId() : principals.iterator().next().getId();
    final Principal finalPrincipal = this.principalFactory.createPrincipal(principalId, attributes);
    LOGGER.debug("Final principal constructed by the chain of resolvers is [{}]", finalPrincipal);
    return finalPrincipal;
}

Example 29 with Credential

use of org.apereo.cas.authentication.Credential in project cas by apereo.

the class TicketOrCredentialPrincipalResolverTests method verifyResolverServiceTicket.

@Test
public void verifyResolverServiceTicket() throws Exception {
    final Credential c = CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword();
    final AuthenticationResult ctx = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), c);
    final TicketGrantingTicket ticketId = getCentralAuthenticationService().createTicketGrantingTicket(ctx);
    final ServiceTicket st = getCentralAuthenticationService().grantServiceTicket(ticketId.getId(), CoreAuthenticationTestUtils.getService(), ctx);
    final TicketOrCredentialPrincipalResolver res = new TicketOrCredentialPrincipalResolver(getCentralAuthenticationService());
    final JoinPoint jp = mock(JoinPoint.class);
    when(jp.getArgs()).thenReturn(new Object[] { st.getId() });
    final String result = res.resolveFrom(jp, null);
    assertNotNull(result);
    assertEquals(result, c.getId());
}

Example 30 with Credential

use of org.apereo.cas.authentication.Credential in project cas by apereo.

the class TicketOrCredentialPrincipalResolver method resolveArgument.

/**
     * Resolve the join point argument.
     *
     * @param arg1 the arg
     * @return the resolved string
     */
private String resolveArgument(final Object arg1) {
    LOGGER.debug("Resolving argument [{}] for audit", arg1.getClass().getSimpleName());
    if (arg1 instanceof AuthenticationTransaction) {
        final AuthenticationTransaction transaction = AuthenticationTransaction.class.cast(arg1);
        return resolveArguments(new StringBuilder(), transaction.getCredentials());
    }
    if (arg1 instanceof Credential) {
        return arg1.toString();
    }
    if (arg1 instanceof String) {
        try {
            final Ticket ticket = this.centralAuthenticationService.getTicket((String) arg1, Ticket.class);
            Authentication authentication = null;
            if (ticket instanceof ServiceTicket) {
                authentication = ServiceTicket.class.cast(ticket).getGrantingTicket().getAuthentication();
            } else if (ticket instanceof TicketGrantingTicket) {
                authentication = TicketGrantingTicket.class.cast(ticket).getAuthentication();
            }
            return this.principalIdProvider.getPrincipalIdFrom(authentication);
        } catch (final InvalidTicketException e) {
            LOGGER.trace(e.getMessage(), e);
        }
        LOGGER.debug("Could not locate ticket [{}] in the registry", arg1);
    }
    return WebUtils.getAuthenticatedUsername();
}