Example 1 with ClientCredential
use of org.apereo.cas.authentication.principal.ClientCredential in project cas by apereo.
the class DelegatedClientAuthenticationAction method establishDelegatedAuthenticationSession.
private Event establishDelegatedAuthenticationSession(final RequestContext context, final Service service, final Credentials credentials, final BaseClient client) {
final ClientCredential clientCredential = new ClientCredential(credentials, client.getName());
final AuthenticationResult authenticationResult = this.authenticationSystemSupport.handleAndFinalizeSingleAuthenticationTransaction(service, clientCredential);
final TicketGrantingTicket tgt = this.centralAuthenticationService.createTicketGrantingTicket(authenticationResult);
WebUtils.putTicketGrantingTicketInScopes(context, tgt);
return success();
}
Also used :
ClientCredential(org.apereo.cas.authentication.principal.ClientCredential)
TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket)
AuthenticationResult(org.apereo.cas.authentication.AuthenticationResult)
Example 2 with ClientCredential
use of org.apereo.cas.authentication.principal.ClientCredential in project cas by apereo.
the class AbstractWrapperAuthenticationHandler method doAuthentication.
@Override
protected AuthenticationHandlerExecutionResult doAuthentication(final Credential credential) throws GeneralSecurityException {
final C credentials = convertToPac4jCredentials((I) credential);
LOGGER.debug("credentials: [{}]", credentials);
try {
@NonNull final Authenticator authenticator = getAuthenticator(credential);
if (authenticator instanceof InitializableObject) {
((InitializableObject) authenticator).init();
}
authenticator.validate(credentials, getWebContext());
final UserProfile profile = this.profileCreator.create(credentials, getWebContext());
LOGGER.debug("profile: [{}]", profile);
return createResult(new ClientCredential(credentials, authenticator.getClass().getSimpleName()), profile);
} catch (final Exception e) {
LOGGER.error("Failed to validate credentials", e);
throw new FailedLoginException("Failed to validate credentials: " + e.getMessage());
}
}
Also used :
ClientCredential(org.apereo.cas.authentication.principal.ClientCredential)
FailedLoginException(javax.security.auth.login.FailedLoginException)
UserProfile(org.pac4j.core.profile.UserProfile)
NonNull(lombok.NonNull)
InitializableObject(org.pac4j.core.util.InitializableObject)
Authenticator(org.pac4j.core.credentials.authenticator.Authenticator)
GeneralSecurityException(java.security.GeneralSecurityException)
FailedLoginException(javax.security.auth.login.FailedLoginException)
Example 3 with ClientCredential
use of org.apereo.cas.authentication.principal.ClientCredential in project cas by apereo.
the class ClientAuthenticationHandler method doAuthentication.
@Override
protected AuthenticationHandlerExecutionResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
try {
final ClientCredential clientCredentials = (ClientCredential) credential;
LOGGER.debug("Located client credentials as [{}]", clientCredentials);
final Credentials credentials = clientCredentials.getCredentials();
LOGGER.debug("Client name: [{}]", clientCredentials.getClientName());
// get client
final Client client = this.clients.findClient(clientCredentials.getClientName());
LOGGER.debug("Delegated client is: [{}]", client);
final HttpServletRequest request = WebUtils.getHttpServletRequestFromExternalWebflowContext();
final HttpServletResponse response = WebUtils.getHttpServletResponseFromExternalWebflowContext();
final WebContext webContext = Pac4jUtils.getPac4jJ2EContext(request, response);
final UserProfile userProfile = client.getUserProfile(credentials, webContext);
LOGGER.debug("Final user profile is: [{}]", userProfile);
return createResult(clientCredentials, userProfile);
} catch (final HttpAction e) {
throw new PreventedException(e);
}
}
Also used :
ClientCredential(org.apereo.cas.authentication.principal.ClientCredential)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
WebContext(org.pac4j.core.context.WebContext)
UserProfile(org.pac4j.core.profile.UserProfile)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
PreventedException(org.apereo.cas.authentication.PreventedException)
Client(org.pac4j.core.client.Client)
Credentials(org.pac4j.core.credentials.Credentials)
HttpAction(org.pac4j.core.exception.HttpAction)
Example 4 with ClientCredential
use of org.apereo.cas.authentication.principal.ClientCredential in project cas by apereo.
the class DelegatedClientAuthenticationAction method doExecute.
@Override
protected Event doExecute(final RequestContext context) throws Exception {
final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
final HttpServletResponse response = WebUtils.getHttpServletResponse(context);
final HttpSession session = request.getSession();
// web context
final WebContext webContext = WebUtils.getPac4jJ2EContext(request, response);
// get client
final String clientName = request.getParameter(this.clients.getClientNameParameter());
LOGGER.debug("clientName: [{}]", clientName);
if (hasDelegationRequestFailed(request, response.getStatus()).isPresent()) {
return stopWebflow();
}
// it's an authentication
if (StringUtils.isNotBlank(clientName)) {
// get client
final BaseClient<Credentials, CommonProfile> client = (BaseClient<Credentials, CommonProfile>) this.clients.findClient(clientName);
LOGGER.debug("Client: [{}]", client);
// get credentials
final Credentials credentials;
try {
credentials = client.getCredentials(webContext);
LOGGER.debug("Retrieved credentials: [{}]", credentials);
} catch (final Exception e) {
LOGGER.debug("The request requires http action", e);
return stopWebflow();
}
// retrieve parameters from web session
final Service service = (Service) session.getAttribute(CasProtocolConstants.PARAMETER_SERVICE);
context.getFlowScope().put(CasProtocolConstants.PARAMETER_SERVICE, service);
LOGGER.debug("Retrieve service: [{}]", service);
if (service != null) {
request.setAttribute(CasProtocolConstants.PARAMETER_SERVICE, service.getId());
}
restoreRequestAttribute(request, session, this.themeParamName);
restoreRequestAttribute(request, session, this.localParamName);
restoreRequestAttribute(request, session, CasProtocolConstants.PARAMETER_METHOD);
// credentials not null -> try to authenticate
if (credentials != null) {
final AuthenticationResult authenticationResult = this.authenticationSystemSupport.handleAndFinalizeSingleAuthenticationTransaction(service, new ClientCredential(credentials));
final TicketGrantingTicket tgt = this.centralAuthenticationService.createTicketGrantingTicket(authenticationResult);
WebUtils.putTicketGrantingTicketInScopes(context, tgt);
return success();
}
}
// no or aborted authentication : go to login page
prepareForLoginPage(context);
if (response.getStatus() == HttpStatus.UNAUTHORIZED.value()) {
return stopWebflow();
}
if (this.autoRedirect) {
final Set<ProviderLoginPageConfiguration> urls = context.getFlowScope().get(PAC4J_URLS, Set.class);
if (urls != null && urls.size() == 1) {
final ProviderLoginPageConfiguration cfg = urls.stream().findFirst().get();
LOGGER.debug("Auto-redirecting to client url [{}]", cfg.getRedirectUrl());
response.sendRedirect(cfg.getRedirectUrl());
final ExternalContext externalContext = context.getExternalContext();
externalContext.recordResponseComplete();
return stopWebflow();
}
}
return error();
}
Also used :
WebContext(org.pac4j.core.context.WebContext)
HttpSession(javax.servlet.http.HttpSession)
TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
CentralAuthenticationService(org.apereo.cas.CentralAuthenticationService)
WebApplicationService(org.apereo.cas.authentication.principal.WebApplicationService)
Service(org.apereo.cas.authentication.principal.Service)
BaseClient(org.pac4j.core.client.BaseClient)
AuthenticationResult(org.apereo.cas.authentication.AuthenticationResult)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ClientCredential(org.apereo.cas.authentication.principal.ClientCredential)
CommonProfile(org.pac4j.core.profile.CommonProfile)
ExternalContext(org.springframework.webflow.context.ExternalContext)
Credentials(org.pac4j.core.credentials.Credentials)
Example 5 with ClientCredential
use of org.apereo.cas.authentication.principal.ClientCredential in project cas by apereo.
the class ClientAuthenticationMetaDataPopulator method populateAttributes.
@Override
public void populateAttributes(final AuthenticationBuilder builder, final Credential credential) {
final ClientCredential clientCredential = (ClientCredential) credential;
builder.addAttribute(CLIENT_NAME, clientCredential.getCredentials().getClientName());
}
Also used :
ClientCredential(org.apereo.cas.authentication.principal.ClientCredential)
Aggregations
ClientCredential (org.apereo.cas.authentication.principal.ClientCredential)7
Credentials (org.pac4j.core.credentials.Credentials)3
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
AuthenticationResult (org.apereo.cas.authentication.AuthenticationResult)2
TicketGrantingTicket (org.apereo.cas.ticket.TicketGrantingTicket)2
WebContext (org.pac4j.core.context.WebContext)2
UserProfile (org.pac4j.core.profile.UserProfile)2
GeneralSecurityException (java.security.GeneralSecurityException)1
FailedLoginException (javax.security.auth.login.FailedLoginException)1
HttpSession (javax.servlet.http.HttpSession)1
NonNull (lombok.NonNull)1
CentralAuthenticationService (org.apereo.cas.CentralAuthenticationService)1
PreventedException (org.apereo.cas.authentication.PreventedException)1
Service (org.apereo.cas.authentication.principal.Service)1
WebApplicationService (org.apereo.cas.authentication.principal.WebApplicationService)1
Before (org.junit.Before)1
BaseClient (org.pac4j.core.client.BaseClient)1
Client (org.pac4j.core.client.Client)1
Clients (org.pac4j.core.client.Clients)1
