Example 6 with BasicCredentialMetaData
use of org.apereo.cas.authentication.metadata.BasicCredentialMetaData in project cas by apereo.
the class TokenCredentialTests method verifyTokenFromParameter.
@Test
public void verifyTokenFromParameter() {
val credential = new TokenCredential("tokenid", RegisteredServiceTestUtils.getService());
val metadata = new BasicCredentialMetaData(credential);
assertNotNull(metadata.getCredentialClass());
}
Also used :
lombok.val(lombok.val)
TokenCredential(org.apereo.cas.token.authentication.TokenCredential)
BasicCredentialMetaData(org.apereo.cas.authentication.metadata.BasicCredentialMetaData)
Test(org.junit.jupiter.api.Test)
Example 7 with BasicCredentialMetaData
use of org.apereo.cas.authentication.metadata.BasicCredentialMetaData in project cas by apereo.
the class JcifsSpnegoAuthenticationHandler method doAuthentication.
@Override
@Synchronized
protected AuthenticationHandlerExecutionResult doAuthentication(final Credential credential) throws GeneralSecurityException {
val spnegoCredential = (SpnegoCredential) credential;
if (!this.ntlmAllowed && spnegoCredential.isNtlm()) {
throw new FailedLoginException("NTLM not allowed");
}
var principal = (java.security.Principal) null;
var nextToken = (byte[]) null;
val it = this.authentications.iterator();
while (nextToken == null && it.hasNext()) {
try {
val authentication = it.next();
authentication.reset();
LOGGER.debug("Processing SPNEGO authentication");
authentication.process(spnegoCredential.getInitToken());
principal = authentication.getPrincipal();
LOGGER.debug("Authenticated SPNEGO principal [{}]. Retrieving the next token for authentication...", Optional.ofNullable(principal).map(java.security.Principal::getName).orElse(null));
nextToken = authentication.getNextToken();
} catch (final jcifs.spnego.AuthenticationException e) {
LOGGER.debug("Processing SPNEGO authentication failed with exception", e);
throw new FailedLoginException(e.getMessage());
}
}
if (nextToken != null) {
LOGGER.debug("Setting nextToken in credential");
spnegoCredential.setNextToken(nextToken);
} else {
LOGGER.debug("nextToken is null");
}
var success = false;
if (principal != null) {
if (spnegoCredential.isNtlm()) {
LOGGER.debug("NTLM Credential is valid for user [{}]", principal.getName());
} else {
LOGGER.debug("Kerberos Credential is valid for user [{}]", principal.getName());
}
spnegoCredential.setPrincipal(getPrincipal(principal.getName(), spnegoCredential.isNtlm()));
success = true;
}
if (!success) {
throw new FailedLoginException("Principal is null, the processing of the SPNEGO Token failed");
}
return new DefaultAuthenticationHandlerExecutionResult(this, new BasicCredentialMetaData(credential), spnegoCredential.getPrincipal());
}
Also used :
lombok.val(lombok.val)
SpnegoCredential(org.apereo.cas.support.spnego.authentication.principal.SpnegoCredential)
FailedLoginException(javax.security.auth.login.FailedLoginException)
DefaultAuthenticationHandlerExecutionResult(org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult)
Principal(org.apereo.cas.authentication.principal.Principal)
BasicCredentialMetaData(org.apereo.cas.authentication.metadata.BasicCredentialMetaData)
Synchronized(lombok.Synchronized)
Example 8 with BasicCredentialMetaData
use of org.apereo.cas.authentication.metadata.BasicCredentialMetaData in project cas by apereo.
the class NtlmAuthenticationHandler method doAuthentication.
@Override
protected AuthenticationHandlerExecutionResult doAuthentication(final Credential credential) throws GeneralSecurityException {
val ntlmCredential = (SpnegoCredential) credential;
val src = ntlmCredential.getInitToken();
var success = false;
try {
val dc = getUniAddress();
val challenge = SmbSession.getChallenge(dc);
switch(src[NTLM_TOKEN_TYPE_FIELD_INDEX]) {
case NTLM_TOKEN_TYPE_ONE:
LOGGER.debug("Type 1 received");
val type1 = new Type1Message(src);
val type2 = new Type2Message(type1, challenge, null);
LOGGER.debug("Type 2 returned. Setting next token.");
ntlmCredential.setNextToken(type2.toByteArray());
break;
case NTLM_TOKEN_TYPE_THREE:
LOGGER.debug("Type 3 received");
val type3 = new Type3Message(src);
val lmResponse = type3.getLMResponse() == null ? ArrayUtils.EMPTY_BYTE_ARRAY : type3.getLMResponse();
val ntResponse = type3.getNTResponse() == null ? ArrayUtils.EMPTY_BYTE_ARRAY : type3.getNTResponse();
val ntlm = new NtlmPasswordAuthentication(type3.getDomain(), type3.getUser(), challenge, lmResponse, ntResponse);
LOGGER.debug("Trying to authenticate [{}] with domain controller", type3.getUser());
try {
SmbSession.logon(dc, ntlm);
ntlmCredential.setPrincipal(this.principalFactory.createPrincipal(type3.getUser()));
success = true;
} catch (final SmbAuthException sae) {
throw new FailedLoginException(sae.getMessage());
}
break;
default:
LOGGER.debug("Unknown type: [{}]", src[NTLM_TOKEN_TYPE_FIELD_INDEX]);
}
} catch (final Exception e) {
throw new FailedLoginException(e.getMessage());
}
if (!success) {
throw new FailedLoginException();
}
return new DefaultAuthenticationHandlerExecutionResult(this, new BasicCredentialMetaData(ntlmCredential), ntlmCredential.getPrincipal());
}
Also used :
lombok.val(lombok.val)
Type1Message(jcifs.ntlmssp.Type1Message)
SpnegoCredential(org.apereo.cas.support.spnego.authentication.principal.SpnegoCredential)
SmbAuthException(jcifs.smb.SmbAuthException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
NtlmPasswordAuthentication(jcifs.smb.NtlmPasswordAuthentication)
Type2Message(jcifs.ntlmssp.Type2Message)
Type3Message(jcifs.ntlmssp.Type3Message)
DefaultAuthenticationHandlerExecutionResult(org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult)
GeneralSecurityException(java.security.GeneralSecurityException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
SmbAuthException(jcifs.smb.SmbAuthException)
BasicCredentialMetaData(org.apereo.cas.authentication.metadata.BasicCredentialMetaData)
Example 9 with BasicCredentialMetaData
use of org.apereo.cas.authentication.metadata.BasicCredentialMetaData in project cas by apereo.
the class BasicCredentialMetaDataTests method verifySerializeABasicCredentialMetaDataToJson.
@Test
public void verifySerializeABasicCredentialMetaDataToJson() throws Exception {
val credentialMetaDataWritten = new BasicCredentialMetaData(new UsernamePasswordCredential());
MAPPER.writeValue(JSON_FILE, credentialMetaDataWritten);
val credentialMetaDataRead = MAPPER.readValue(JSON_FILE, BasicCredentialMetaData.class);
assertEquals(credentialMetaDataWritten, credentialMetaDataRead);
}
Also used :
lombok.val(lombok.val)
UsernamePasswordCredential(org.apereo.cas.authentication.credential.UsernamePasswordCredential)
BasicCredentialMetaData(org.apereo.cas.authentication.metadata.BasicCredentialMetaData)
Test(org.junit.jupiter.api.Test)
Example 10 with BasicCredentialMetaData
use of org.apereo.cas.authentication.metadata.BasicCredentialMetaData in project cas by apereo.
the class OAuth20UserProfileEndpointControllerTests method getAuthentication.
protected static Authentication getAuthentication(final Principal principal) {
val metadata = new BasicCredentialMetaData(new BasicIdentifiableCredential(principal.getId()));
val handlerResult = new DefaultAuthenticationHandlerExecutionResult(principal.getClass().getCanonicalName(), metadata, principal, new ArrayList<>());
return DefaultAuthenticationBuilder.newInstance().setPrincipal(principal).addCredential(metadata).setAuthenticationDate(ZonedDateTime.now(ZoneId.systemDefault())).addSuccess(principal.getClass().getCanonicalName(), handlerResult).build();
}
Also used :
lombok.val(lombok.val)
BasicIdentifiableCredential(org.apereo.cas.authentication.credential.BasicIdentifiableCredential)
DefaultAuthenticationHandlerExecutionResult(org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult)
BasicCredentialMetaData(org.apereo.cas.authentication.metadata.BasicCredentialMetaData)
Aggregations
lombok.val (lombok.val)21
BasicCredentialMetaData (org.apereo.cas.authentication.metadata.BasicCredentialMetaData)21
DefaultAuthenticationHandlerExecutionResult (org.apereo.cas.authentication.DefaultAuthenticationHandlerExecutionResult)12
UsernamePasswordCredential (org.apereo.cas.authentication.credential.UsernamePasswordCredential)8
SimpleTestUsernamePasswordAuthenticationHandler (org.apereo.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler)7
FailedLoginException (javax.security.auth.login.FailedLoginException)6
Test (org.junit.jupiter.api.Test)6
GeneralSecurityException (java.security.GeneralSecurityException)3
HashMap (java.util.HashMap)3
DefaultAuthenticationBuilder (org.apereo.cas.authentication.DefaultAuthenticationBuilder)3
BasicIdentifiableCredential (org.apereo.cas.authentication.credential.BasicIdentifiableCredential)3
DefaultMessageDescriptor (org.apereo.cas.DefaultMessageDescriptor)2
SpnegoCredential (org.apereo.cas.support.spnego.authentication.principal.SpnegoCredential)2
LinkedHashMap (java.util.LinkedHashMap)1
LinkedHashSet (java.util.LinkedHashSet)1
AccountNotFoundException (javax.security.auth.login.AccountNotFoundException)1
Type1Message (jcifs.ntlmssp.Type1Message)1
Type2Message (jcifs.ntlmssp.Type2Message)1
Type3Message (jcifs.ntlmssp.Type3Message)1
NtlmPasswordAuthentication (jcifs.smb.NtlmPasswordAuthentication)1
