Search in sources :

Example 16 with UsernamePasswordCredential

use of org.apereo.cas.authentication.UsernamePasswordCredential in project cas by apereo.

the class SearchModeSearchDatabaseAuthenticationHandlerTests method verifyFoundUser.

@Test
public void verifyFoundUser() throws Exception {
    final UsernamePasswordCredential c = CoreAuthenticationTestUtils.getCredentialsWithDifferentUsernameAndPassword("user3", "psw3");
    assertNotNull(this.handler.authenticate(c));
}
Also used : UsernamePasswordCredential(org.apereo.cas.authentication.UsernamePasswordCredential) Test(org.junit.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Example 17 with UsernamePasswordCredential

use of org.apereo.cas.authentication.UsernamePasswordCredential in project cas by apereo.

the class SamlAuthenticationMetaDataPopulatorTests method newAuthenticationBuilder.

private static AuthenticationBuilder newAuthenticationBuilder(final Principal principal) {
    final CredentialMetaData meta = new BasicCredentialMetaData(new UsernamePasswordCredential());
    final AuthenticationHandler handler = new SimpleTestUsernamePasswordAuthenticationHandler();
    return new DefaultAuthenticationBuilder(principal).addCredential(meta).addSuccess("test", new DefaultHandlerResult(handler, meta));
}
Also used : DefaultAuthenticationBuilder(org.apereo.cas.authentication.DefaultAuthenticationBuilder) SimpleTestUsernamePasswordAuthenticationHandler(org.apereo.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler) SimpleTestUsernamePasswordAuthenticationHandler(org.apereo.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler) AuthenticationHandler(org.apereo.cas.authentication.AuthenticationHandler) BasicCredentialMetaData(org.apereo.cas.authentication.BasicCredentialMetaData) CredentialMetaData(org.apereo.cas.authentication.CredentialMetaData) DefaultHandlerResult(org.apereo.cas.authentication.DefaultHandlerResult) UsernamePasswordCredential(org.apereo.cas.authentication.UsernamePasswordCredential) BasicCredentialMetaData(org.apereo.cas.authentication.BasicCredentialMetaData)

Example 18 with UsernamePasswordCredential

use of org.apereo.cas.authentication.UsernamePasswordCredential in project cas by apereo.

the class SamlAuthenticationMetaDataPopulatorTests method verifyAuthenticationTypeFound.

@Test
public void verifyAuthenticationTypeFound() {
    final UsernamePasswordCredential credentials = new UsernamePasswordCredential();
    final AuthenticationBuilder builder = newAuthenticationBuilder(CoreAuthenticationTestUtils.getPrincipal());
    this.populator.populateAttributes(builder, credentials);
    final Authentication auth = builder.build();
    assertEquals(auth.getAttributes().get(SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD), SamlAuthenticationMetaDataPopulator.AUTHN_METHOD_PASSWORD);
}
Also used : DefaultAuthenticationBuilder(org.apereo.cas.authentication.DefaultAuthenticationBuilder) AuthenticationBuilder(org.apereo.cas.authentication.AuthenticationBuilder) Authentication(org.apereo.cas.authentication.Authentication) UsernamePasswordCredential(org.apereo.cas.authentication.UsernamePasswordCredential) Test(org.junit.Test)

Example 19 with UsernamePasswordCredential

use of org.apereo.cas.authentication.UsernamePasswordCredential in project cas by apereo.

the class RestAuthenticationHandler method authenticateUsernamePasswordInternal.

@Override
protected HandlerResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential c, final String originalPassword) throws GeneralSecurityException, PreventedException {
    try {
        final UsernamePasswordCredential creds = new UsernamePasswordCredential(c.getUsername(), c.getPassword());
        final ResponseEntity<SimplePrincipal> authenticationResponse = api.authenticate(creds);
        if (authenticationResponse.getStatusCode() == HttpStatus.OK) {
            final SimplePrincipal principalFromRest = authenticationResponse.getBody();
            if (principalFromRest == null || StringUtils.isBlank(principalFromRest.getId())) {
                throw new FailedLoginException("Could not determine authentication response from rest endpoint for " + c.getUsername());
            }
            return createHandlerResult(c, this.principalFactory.createPrincipal(principalFromRest.getId(), principalFromRest.getAttributes()), new ArrayList<>());
        }
    } catch (final HttpClientErrorException e) {
        if (e.getStatusCode() == HttpStatus.FORBIDDEN) {
            throw new AccountDisabledException("Could not authenticate forbidden account for " + c.getUsername());
        }
        if (e.getStatusCode() == HttpStatus.UNAUTHORIZED) {
            throw new FailedLoginException("Could not authenticate account for " + c.getUsername());
        }
        if (e.getStatusCode() == HttpStatus.NOT_FOUND) {
            throw new AccountNotFoundException("Could not locate account for " + c.getUsername());
        }
        if (e.getStatusCode() == HttpStatus.LOCKED) {
            throw new AccountLockedException("Could not authenticate locked account for " + c.getUsername());
        }
        if (e.getStatusCode() == HttpStatus.PRECONDITION_REQUIRED) {
            throw new AccountExpiredException("Could not authenticate expired account for " + c.getUsername());
        }
        throw new FailedLoginException("Rest endpoint returned an unknown status code " + e.getStatusCode() + " for " + c.getUsername());
    }
    throw new FailedLoginException("Rest endpoint returned an unknown response for " + c.getUsername());
}
Also used : AccountLockedException(javax.security.auth.login.AccountLockedException) FailedLoginException(javax.security.auth.login.FailedLoginException) HttpClientErrorException(org.springframework.web.client.HttpClientErrorException) AccountExpiredException(javax.security.auth.login.AccountExpiredException) UsernamePasswordCredential(org.apereo.cas.authentication.UsernamePasswordCredential) AccountNotFoundException(javax.security.auth.login.AccountNotFoundException) SimplePrincipal(org.apereo.cas.authentication.principal.SimplePrincipal) AccountDisabledException(org.apereo.cas.authentication.exceptions.AccountDisabledException)

Example 20 with UsernamePasswordCredential

use of org.apereo.cas.authentication.UsernamePasswordCredential in project cas by apereo.

the class X509CredentialsAuthenticationHandlerTests method getTestParameters.

/**
     * Gets the unit test parameters.
     *
     * @return Test parameter data.
     * @throws Exception On test data setup errors.
     */
@Parameters
public static Collection<Object[]> getTestParameters() throws Exception {
    final Collection<Object[]> params = new ArrayList<>();
    X509CredentialsAuthenticationHandler handler;
    X509CertificateCredential credential;
    // Test case #1: Unsupported credential type
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"));
    params.add(new Object[] { handler, new UsernamePasswordCredential(), false, null });
    // Test case #2:Valid certificate
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"));
    credential = new X509CertificateCredential(createCertificates(USER_VALID_CRT));
    params.add(new Object[] { handler, credential, true, new DefaultHandlerResult(handler, credential, new DefaultPrincipalFactory().createPrincipal(credential.getId())) });
    // Test case #3: Expired certificate
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"));
    params.add(new Object[] { handler, new X509CertificateCredential(createCertificates("user-expired.crt")), true, new CertificateExpiredException() });
    // Test case #4: Untrusted issuer
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern("CN=\\w+,OU=CAS,O=Jasig,L=Westminster,ST=Colorado,C=US"), true, false, false);
    params.add(new Object[] { handler, new X509CertificateCredential(createCertificates("snake-oil.crt")), true, new FailedLoginException() });
    // Test case #5: Disallowed subject
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), true, RegexUtils.createPattern("CN=\\w+,OU=CAS,O=Jasig,L=Westminster,ST=Colorado,C=US"));
    params.add(new Object[] { handler, new X509CertificateCredential(createCertificates("snake-oil.crt")), true, new FailedLoginException() });
    // Test case #6: Check key usage on a cert without keyUsage extension
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, true, false);
    credential = new X509CertificateCredential(createCertificates(USER_VALID_CRT));
    params.add(new Object[] { handler, credential, true, new DefaultHandlerResult(handler, credential, new DefaultPrincipalFactory().createPrincipal(credential.getId())) });
    // Test case #7: Require key usage on a cert without keyUsage extension
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, true, true);
    params.add(new Object[] { handler, new X509CertificateCredential(createCertificates(USER_VALID_CRT)), true, new FailedLoginException() });
    // Test case #8: Require key usage on a cert with acceptable keyUsage extension values
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, true, true);
    credential = new X509CertificateCredential(createCertificates("user-valid-keyUsage.crt"));
    params.add(new Object[] { handler, credential, true, new DefaultHandlerResult(handler, credential, new DefaultPrincipalFactory().createPrincipal(credential.getId())) });
    // Test case #9: Require key usage on a cert with unacceptable keyUsage extension values
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), false, true, true);
    params.add(new Object[] { handler, new X509CertificateCredential(createCertificates("user-invalid-keyUsage.crt")), true, new FailedLoginException() });
    //===================================
    // Revocation tests
    //===================================
    ResourceCRLRevocationChecker checker;
    // Test case #10: Valid certificate with CRL checking
    checker = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-valid.crl"));
    checker.init();
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), checker);
    credential = new X509CertificateCredential(createCertificates(USER_VALID_CRT));
    params.add(new Object[] { handler, new X509CertificateCredential(createCertificates(USER_VALID_CRT)), true, new DefaultHandlerResult(handler, credential, new DefaultPrincipalFactory().createPrincipal(credential.getId())) });
    // Test case #11: Revoked end user certificate
    checker = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-valid.crl"));
    checker.init();
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), checker);
    params.add(new Object[] { handler, new X509CertificateCredential(createCertificates("user-revoked.crt")), true, new RevokedCertificateException(ZonedDateTime.now(ZoneOffset.UTC), null) });
    // Test case #12: Valid certificate on expired CRL data
    final ThresholdExpiredCRLRevocationPolicy zeroThresholdPolicy = new ThresholdExpiredCRLRevocationPolicy(0);
    checker = new ResourceCRLRevocationChecker(new ClassPathResource("userCA-expired.crl"), null, zeroThresholdPolicy);
    checker.init();
    handler = new X509CredentialsAuthenticationHandler(RegexUtils.createPattern(".*"), checker);
    params.add(new Object[] { handler, new X509CertificateCredential(createCertificates(USER_VALID_CRT)), true, new ExpiredCRLException(null, ZonedDateTime.now(ZoneOffset.UTC)) });
    return params;
}
Also used : RevokedCertificateException(org.apereo.cas.adaptors.x509.authentication.revocation.RevokedCertificateException) CertificateExpiredException(java.security.cert.CertificateExpiredException) ArrayList(java.util.ArrayList) DefaultPrincipalFactory(org.apereo.cas.authentication.principal.DefaultPrincipalFactory) ClassPathResource(org.springframework.core.io.ClassPathResource) ThresholdExpiredCRLRevocationPolicy(org.apereo.cas.adaptors.x509.authentication.revocation.policy.ThresholdExpiredCRLRevocationPolicy) ExpiredCRLException(org.apereo.cas.adaptors.x509.authentication.ExpiredCRLException) FailedLoginException(javax.security.auth.login.FailedLoginException) X509CertificateCredential(org.apereo.cas.adaptors.x509.authentication.principal.X509CertificateCredential) ResourceCRLRevocationChecker(org.apereo.cas.adaptors.x509.authentication.revocation.checker.ResourceCRLRevocationChecker) DefaultHandlerResult(org.apereo.cas.authentication.DefaultHandlerResult) UsernamePasswordCredential(org.apereo.cas.authentication.UsernamePasswordCredential) Parameters(org.junit.runners.Parameterized.Parameters)

Aggregations

UsernamePasswordCredential (org.apereo.cas.authentication.UsernamePasswordCredential)61 Test (org.junit.Test)40 TicketGrantingTicket (org.apereo.cas.ticket.TicketGrantingTicket)14 Credential (org.apereo.cas.authentication.Credential)10 HttpBasedServiceCredential (org.apereo.cas.authentication.HttpBasedServiceCredential)9 MockTicketGrantingTicket (org.apereo.cas.mock.MockTicketGrantingTicket)9 Authentication (org.apereo.cas.authentication.Authentication)7 ServiceTicket (org.apereo.cas.ticket.ServiceTicket)7 AuthenticationResult (org.apereo.cas.authentication.AuthenticationResult)6 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)6 HashMap (java.util.HashMap)5 DefaultHandlerResult (org.apereo.cas.authentication.DefaultHandlerResult)5 Service (org.apereo.cas.authentication.principal.Service)5 Assertion (org.apereo.cas.validation.Assertion)5 ClassPathResource (org.springframework.core.io.ClassPathResource)5 LinkedHashMap (java.util.LinkedHashMap)4 FailedLoginException (javax.security.auth.login.FailedLoginException)4 BasicCredentialMetaData (org.apereo.cas.authentication.BasicCredentialMetaData)4 DefaultAuthenticationBuilder (org.apereo.cas.authentication.DefaultAuthenticationBuilder)4 AbstractWebApplicationService (org.apereo.cas.authentication.principal.AbstractWebApplicationService)4