Examples with GeoLocationRequest org.apereo.cas.authentication.adaptive.geo.GeoLocationRequest used on opensource projects

Example 11 with GeoLocationRequest

use of org.apereo.cas.authentication.adaptive.geo.GeoLocationRequest in project cas by apereo.

the class GeoLocationAuthenticationRequestRiskCalculator method calculateScore.

@Override
protected BigDecimal calculateScore(final HttpServletRequest request, final Authentication authentication, final RegisteredService service, final Supplier<Stream<? extends CasEvent>> events) {
    val loc = WebUtils.getHttpServletRequestGeoLocation(request);
    if (loc != null && loc.isValid()) {
        LOGGER.debug("Filtering authentication events for geolocation [{}]", loc);
        val count = events.get().filter(e -> e.getGeoLocation().equals(loc)).count();
        LOGGER.debug("Total authentication events found for [{}]: [{}]", loc, count);
        return calculateScoreBasedOnEventsCount(authentication, events, count);
    }
    val remoteAddr = ClientInfoHolder.getClientInfo().getClientIpAddress();
    LOGGER.debug("Filtering authentication events for location based on ip [{}]", remoteAddr);
    val response = this.geoLocationService.locate(remoteAddr);
    if (response != null) {
        val count = events.get().filter(e -> e.getGeoLocation().equals(new GeoLocationRequest(response.getLatitude(), response.getLongitude()))).count();
        LOGGER.debug("Total authentication events found for location of [{}]: [{}]", remoteAddr, count);
        return calculateScoreBasedOnEventsCount(authentication, events, count);
    }
    LOGGER.debug("Request does not contain enough geolocation data");
    return HIGHEST_RISK_SCORE;
}

Example 12 with GeoLocationRequest

use of org.apereo.cas.authentication.adaptive.geo.GeoLocationRequest in project cas by apereo.

the class AdaptiveMultifactorAuthenticationPolicyEventResolver method checkRequestGeoLocation.

private boolean checkRequestGeoLocation(final String clientIp, final String mfaMethod, final String pattern) {
    if (this.geoLocationService != null) {
        final GeoLocationRequest location = WebUtils.getHttpServletRequestGeoLocation();
        final GeoLocationResponse loc = this.geoLocationService.locate(clientIp, location);
        if (loc != null) {
            final String address = loc.build();
            if (address.matches(pattern)) {
                LOGGER.debug("Current address [{}] at [{}] matches the provided pattern [{}] for " + "adaptive authentication and is required to use [{}]", address, clientIp, pattern, mfaMethod);
                return true;
            }
        }
    }
    return false;
}

Example 13 with GeoLocationRequest

use of org.apereo.cas.authentication.adaptive.geo.GeoLocationRequest in project cas by apereo.

the class WebUtils method getHttpServletRequestGeoLocation.

/**
     * Gets http servlet request geo location.
     *
     * @param request the request
     * @return the http servlet request geo location
     */
public static GeoLocationRequest getHttpServletRequestGeoLocation(final HttpServletRequest request) {
    final int latIndex = 0;
    final int longIndex = 1;
    final int accuracyIndex = 2;
    final int timeIndex = 3;
    final GeoLocationRequest loc = new GeoLocationRequest();
    if (request != null) {
        final String geoLocationParam = request.getParameter("geolocation");
        if (StringUtils.isNotBlank(geoLocationParam)) {
            final String[] geoLocation = geoLocationParam.split(",");
            loc.setLatitude(geoLocation[latIndex]);
            loc.setLongitude(geoLocation[longIndex]);
            loc.setAccuracy(geoLocation[accuracyIndex]);
            loc.setTimestamp(geoLocation[timeIndex]);
        }
    }
    return loc;
}

Example 14 with GeoLocationRequest

use of org.apereo.cas.authentication.adaptive.geo.GeoLocationRequest in project cas by apereo.

the class AbstractAuthenticationAction method doExecute.

@Override
protected Event doExecute(final RequestContext requestContext) throws Exception {
    final String agent = WebUtils.getHttpServletRequestUserAgent();
    final GeoLocationRequest geoLocation = WebUtils.getHttpServletRequestGeoLocation();
    if (!adaptiveAuthenticationPolicy.apply(agent, geoLocation)) {
        final String msg = "Adaptive authentication policy does not allow this request for " + agent + " and " + geoLocation;
        final Map<String, Class<? extends Exception>> map = Collections.singletonMap(UnauthorizedAuthenticationException.class.getSimpleName(), UnauthorizedAuthenticationException.class);
        final AuthenticationException error = new AuthenticationException(msg, map, Collections.emptyMap());
        return new Event(this, CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE, new LocalAttributeMap(CasWebflowConstants.TRANSITION_ID_ERROR, error));
    }
    final Event serviceTicketEvent = this.serviceTicketRequestWebflowEventResolver.resolveSingle(requestContext);
    if (serviceTicketEvent != null) {
        fireEventHooks(serviceTicketEvent, requestContext);
        return serviceTicketEvent;
    }
    final Event finalEvent = this.initialAuthenticationAttemptWebflowEventResolver.resolveSingle(requestContext);
    fireEventHooks(finalEvent, requestContext);
    return finalEvent;
}

Example 15 with GeoLocationRequest

use of org.apereo.cas.authentication.adaptive.geo.GeoLocationRequest in project cas by apereo.

the class GeoLocationAuthenticationRequestRiskCalculator method calculateScore.

@Override
protected BigDecimal calculateScore(final HttpServletRequest request, final Authentication authentication, final RegisteredService service, final Collection<CasEvent> events) {
    final GeoLocationRequest loc = WebUtils.getHttpServletRequestGeoLocation(request);
    if (loc != null && loc.isValid()) {
        LOGGER.debug("Filtering authentication events for geolocation [{}]", loc);
        final long count = events.stream().filter(e -> e.getGeoLocation().equals(loc)).count();
        LOGGER.debug("Total authentication events found for [{}]: [{}]", loc, count);
        if (count == events.size()) {
            LOGGER.debug("Principal [{}] has always authenticated from [{}]", authentication.getPrincipal(), loc);
            return LOWEST_RISK_SCORE;
        }
        return getFinalAveragedScore(count, events.size());
    }
    final String remoteAddr = ClientInfoHolder.getClientInfo().getClientIpAddress();
    LOGGER.debug("Filtering authentication events for location based on ip [{}]", remoteAddr);
    final GeoLocationResponse response = this.geoLocationService.locate(remoteAddr);
    if (response != null) {
        final long count = events.stream().filter(e -> e.getGeoLocation().equals(new GeoLocationRequest(response.getLatitude(), response.getLongitude()))).count();
        LOGGER.debug("Total authentication events found for location of [{}]: [{}]", remoteAddr, count);
        if (count == events.size()) {
            LOGGER.debug("Principal [{}] has always authenticated from [{}]", authentication.getPrincipal(), loc);
            return LOWEST_RISK_SCORE;
        }
        return getFinalAveragedScore(count, events.size());
    }
    LOGGER.debug("Request does not contain enough geolocation data");
    return HIGHEST_RISK_SCORE;
}