Search in sources :

Example 6 with HttpBasedServiceCredential

use of org.apereo.cas.authentication.credential.HttpBasedServiceCredential in project cas by apereo.

the class HttpBasedServiceCredentialTests method verifyEqualsWithTrue.

@Test
public void verifyEqualsWithTrue() throws Exception {
    val registeredService = RegisteredServiceTestUtils.getRegisteredService(CoreAuthenticationTestUtils.CONST_TEST_URL);
    val callbackUrl = new URL(CoreAuthenticationTestUtils.CONST_GOOD_URL);
    val c = new HttpBasedServiceCredential(callbackUrl, registeredService);
    val c2 = new HttpBasedServiceCredential(callbackUrl, registeredService);
    assertEquals(c2, c);
    assertEquals(c, c2);
}
Also used : lombok.val(lombok.val) HttpBasedServiceCredential(org.apereo.cas.authentication.credential.HttpBasedServiceCredential) URL(java.net.URL) Test(org.junit.jupiter.api.Test)

Example 7 with HttpBasedServiceCredential

use of org.apereo.cas.authentication.credential.HttpBasedServiceCredential in project cas by apereo.

the class HttpBasedServiceCredentialTests method verifySerializeAnHttpBasedServiceCredentialToJson.

@Test
public void verifySerializeAnHttpBasedServiceCredentialToJson() throws IOException {
    val credentialMetaDataWritten = new HttpBasedServiceCredential(new URL(CoreAuthenticationTestUtils.CONST_GOOD_URL), RegisteredServiceTestUtils.getRegisteredService(CoreAuthenticationTestUtils.CONST_TEST_URL));
    MAPPER.writeValue(JSON_FILE, credentialMetaDataWritten);
    val credentialMetaDataRead = MAPPER.readValue(JSON_FILE, HttpBasedServiceCredential.class);
    assertEquals(credentialMetaDataWritten, credentialMetaDataRead);
}
Also used : lombok.val(lombok.val) HttpBasedServiceCredential(org.apereo.cas.authentication.credential.HttpBasedServiceCredential) URL(java.net.URL) Test(org.junit.jupiter.api.Test)

Example 8 with HttpBasedServiceCredential

use of org.apereo.cas.authentication.credential.HttpBasedServiceCredential in project cas by apereo.

the class AbstractServiceValidateController method getServiceCredentialsFromRequest.

/**
 * Overrideable method to determine which credentials to use to grant a
 * proxy granting ticket. Default is to use the pgtUrl.
 *
 * @param service the webapp service requesting proxy
 * @param request the HttpServletRequest object.
 * @return the credentials or null if there was an error or no credentials
 * provided.
 */
protected Credential getServiceCredentialsFromRequest(final WebApplicationService service, final HttpServletRequest request) {
    val pgtUrl = request.getParameter(CasProtocolConstants.PARAMETER_PROXY_CALLBACK_URL);
    if (StringUtils.isNotBlank(pgtUrl)) {
        try {
            val registeredService = serviceValidateConfigurationContext.getServicesManager().findServiceBy(service);
            verifyRegisteredServiceProperties(registeredService, service);
            return new HttpBasedServiceCredential(new URL(pgtUrl), registeredService);
        } catch (final Exception e) {
            LOGGER.error("Error constructing [{}]", CasProtocolConstants.PARAMETER_PROXY_CALLBACK_URL);
            LoggingUtils.error(LOGGER, e);
        }
    }
    return null;
}
Also used : lombok.val(lombok.val) HttpBasedServiceCredential(org.apereo.cas.authentication.credential.HttpBasedServiceCredential) URL(java.net.URL) PrincipalException(org.apereo.cas.authentication.PrincipalException) AbstractTicketValidationException(org.apereo.cas.ticket.AbstractTicketValidationException) AuthenticationException(org.apereo.cas.authentication.AuthenticationException) UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException) InvalidTicketException(org.apereo.cas.ticket.InvalidTicketException) UnsatisfiedAuthenticationContextTicketValidationException(org.apereo.cas.ticket.UnsatisfiedAuthenticationContextTicketValidationException) AbstractTicketException(org.apereo.cas.ticket.AbstractTicketException) UnauthorizedProxyingException(org.apereo.cas.services.UnauthorizedProxyingException) UnauthorizedServiceTicketValidationException(org.apereo.cas.validation.UnauthorizedServiceTicketValidationException)

Example 9 with HttpBasedServiceCredential

use of org.apereo.cas.authentication.credential.HttpBasedServiceCredential in project cas by apereo.

the class AbstractServiceValidateController method handleTicketValidation.

/**
 * Handle ticket validation model and view.
 *
 * @param request         the request
 * @param response        the response
 * @param service         the service
 * @param serviceTicketId the service ticket id
 * @return the model and view
 */
protected ModelAndView handleTicketValidation(final HttpServletRequest request, final HttpServletResponse response, final WebApplicationService service, final String serviceTicketId) {
    var proxyGrantingTicketId = (ProxyGrantingTicket) null;
    val serviceCredential = getServiceCredentialsFromRequest(service, request);
    if (serviceCredential != null) {
        try {
            proxyGrantingTicketId = handleProxyGrantingTicketDelivery(serviceTicketId, serviceCredential);
        } catch (final AuthenticationException e) {
            LOGGER.warn("Failed to authenticate service credential [{}]", serviceCredential);
            val description = getTicketValidationErrorDescription(CasProtocolConstants.ERROR_CODE_INVALID_PROXY_CALLBACK, new Object[] { serviceCredential.getId() }, request);
            return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_PROXY_CALLBACK, description, request, service);
        } catch (final InvalidTicketException e) {
            LOGGER.error("Failed to create proxy granting ticket due to an invalid ticket for [{}]", serviceCredential);
            LoggingUtils.error(LOGGER, e);
            val description = getTicketValidationErrorDescription(e.getCode(), new Object[] { serviceTicketId }, request);
            return generateErrorView(e.getCode(), description, request, service);
        } catch (final AbstractTicketException e) {
            LOGGER.error("Failed to create proxy granting ticket for [{}]", serviceCredential);
            LoggingUtils.error(LOGGER, e);
            val description = getTicketValidationErrorDescription(e.getCode(), new Object[] { serviceCredential.getId() }, request);
            return generateErrorView(e.getCode(), description, request, service);
        }
    }
    val assertion = validateServiceTicket(service, serviceTicketId);
    if (!validateAssertion(request, serviceTicketId, assertion, service)) {
        val description = getTicketValidationErrorDescription(CasProtocolConstants.ERROR_CODE_INVALID_TICKET, new Object[] { serviceTicketId }, request);
        return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_TICKET, description, request, service);
    }
    val ctxResult = serviceValidateConfigurationContext.getRequestedContextValidator().validateAuthenticationContext(assertion, request, response);
    if (!ctxResult.isSuccess()) {
        throw new UnsatisfiedAuthenticationContextTicketValidationException(assertion.getService());
    }
    var proxyIou = StringUtils.EMPTY;
    val proxyHandler = serviceValidateConfigurationContext.getProxyHandler();
    if (serviceCredential != null && proxyHandler != null && proxyHandler.canHandle(serviceCredential)) {
        val registeredService = ((HttpBasedServiceCredential) serviceCredential).getService();
        val authorizedToReleaseProxyGrantingTicket = registeredService.getAttributeReleasePolicy().isAuthorizedToReleaseProxyGrantingTicket();
        if (!authorizedToReleaseProxyGrantingTicket) {
            LOGGER.debug("Service [{}] is not authorized to release the PGT directly, make a proxy callback", registeredService);
            proxyIou = handleProxyIouDelivery(serviceCredential, proxyGrantingTicketId);
            if (StringUtils.isEmpty(proxyIou)) {
                val description = getTicketValidationErrorDescription(CasProtocolConstants.ERROR_CODE_INVALID_PROXY_CALLBACK, new Object[] { serviceCredential.getId() }, request);
                return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_PROXY_CALLBACK, description, request, service);
            }
        } else {
            LOGGER.debug("Service [{}] is authorized to release the PGT directly, skip the proxy callback", registeredService);
        }
    } else {
        LOGGER.debug("No service credentials specified, and/or the proxy handler [{}] cannot handle credentials", proxyHandler);
    }
    onSuccessfulValidation(serviceTicketId, assertion);
    LOGGER.debug("Successfully validated service ticket [{}] for service [{}]", serviceTicketId, service.getId());
    return generateSuccessView(assertion, proxyIou, service, request, ctxResult.getContextId(), proxyGrantingTicketId);
}
Also used : lombok.val(lombok.val) HttpBasedServiceCredential(org.apereo.cas.authentication.credential.HttpBasedServiceCredential) AuthenticationException(org.apereo.cas.authentication.AuthenticationException) InvalidTicketException(org.apereo.cas.ticket.InvalidTicketException) ProxyGrantingTicket(org.apereo.cas.ticket.proxy.ProxyGrantingTicket) AbstractTicketException(org.apereo.cas.ticket.AbstractTicketException) UnsatisfiedAuthenticationContextTicketValidationException(org.apereo.cas.ticket.UnsatisfiedAuthenticationContextTicketValidationException)

Example 10 with HttpBasedServiceCredential

use of org.apereo.cas.authentication.credential.HttpBasedServiceCredential in project cas by apereo.

the class Cas20ProxyHandlerTests method verifyNonValidProxyTicket.

@Test
public void verifyNonValidProxyTicket() throws Exception {
    val clientFactory = new SimpleHttpClientFactoryBean();
    clientFactory.setAcceptableCodes(CollectionUtils.wrapList(900));
    this.handler = new Cas20ProxyHandler(clientFactory.getObject(), new DefaultUniqueTicketIdGenerator());
    assertNull(this.handler.handle(new HttpBasedServiceCredential(new URL("http://www.rutgers.edu"), CoreAuthenticationTestUtils.getRegisteredService("https://some.app.edu")), proxyGrantingTicket));
}
Also used : lombok.val(lombok.val) SimpleHttpClientFactoryBean(org.apereo.cas.util.http.SimpleHttpClientFactoryBean) HttpBasedServiceCredential(org.apereo.cas.authentication.credential.HttpBasedServiceCredential) URL(java.net.URL) DefaultUniqueTicketIdGenerator(org.apereo.cas.util.DefaultUniqueTicketIdGenerator) Test(org.junit.jupiter.api.Test)

Aggregations

lombok.val (lombok.val)10 HttpBasedServiceCredential (org.apereo.cas.authentication.credential.HttpBasedServiceCredential)10 URL (java.net.URL)7 Test (org.junit.jupiter.api.Test)6 AuthenticationException (org.apereo.cas.authentication.AuthenticationException)2 AbstractTicketException (org.apereo.cas.ticket.AbstractTicketException)2 InvalidTicketException (org.apereo.cas.ticket.InvalidTicketException)2 UnsatisfiedAuthenticationContextTicketValidationException (org.apereo.cas.ticket.UnsatisfiedAuthenticationContextTicketValidationException)2 MalformedURLException (java.net.MalformedURLException)1 FailedLoginException (javax.security.auth.login.FailedLoginException)1 DefaultAuthenticationHandlerExecutionResult (org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult)1 PrincipalException (org.apereo.cas.authentication.PrincipalException)1 UnauthorizedProxyingException (org.apereo.cas.services.UnauthorizedProxyingException)1 UnauthorizedServiceException (org.apereo.cas.services.UnauthorizedServiceException)1 AbstractTicketValidationException (org.apereo.cas.ticket.AbstractTicketValidationException)1 ProxyGrantingTicket (org.apereo.cas.ticket.proxy.ProxyGrantingTicket)1 DefaultUniqueTicketIdGenerator (org.apereo.cas.util.DefaultUniqueTicketIdGenerator)1 SimpleHttpClientFactoryBean (org.apereo.cas.util.http.SimpleHttpClientFactoryBean)1 UnauthorizedServiceTicketValidationException (org.apereo.cas.validation.UnauthorizedServiceTicketValidationException)1