use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.
the class BaseAcceptableUsagePolicyRepository method getPolicyMessageBundleCode.
/**
* Gets policy message bundle code.
*
* @param requestContext the request context
* @return the policy message bundle code
*/
protected String getPolicyMessageBundleCode(final RequestContext requestContext) {
val registeredService = WebUtils.getRegisteredService(requestContext);
if (registeredService != null && registeredService.getAcceptableUsagePolicy() != null && StringUtils.isNotBlank(registeredService.getAcceptableUsagePolicy().getMessageCode())) {
return registeredService.getAcceptableUsagePolicy().getMessageCode();
}
if (StringUtils.isBlank(aupProperties.getCore().getAupPolicyTermsAttributeName())) {
return null;
}
val principal = WebUtils.getAuthentication(requestContext).getPrincipal();
val attributes = principal.getAttributes();
if (!attributes.containsKey(aupProperties.getCore().getAupPolicyTermsAttributeName())) {
LOGGER.trace("No attribute for policy terms is defined");
return null;
}
val value = CollectionUtils.firstElement(attributes.get(aupProperties.getCore().getAupPolicyTermsAttributeName()));
return value.map(v -> String.format("%s.%s", AcceptableUsagePolicyTerms.CODE, value.get())).orElse(null);
}
use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.
the class JcifsSpnegoAuthenticationHandler method doAuthentication.
@Override
@Synchronized
protected AuthenticationHandlerExecutionResult doAuthentication(final Credential credential) throws GeneralSecurityException {
val spnegoCredential = (SpnegoCredential) credential;
if (!this.ntlmAllowed && spnegoCredential.isNtlm()) {
throw new FailedLoginException("NTLM not allowed");
}
var principal = (java.security.Principal) null;
var nextToken = (byte[]) null;
val it = this.authentications.iterator();
while (nextToken == null && it.hasNext()) {
try {
val authentication = it.next();
authentication.reset();
LOGGER.debug("Processing SPNEGO authentication");
authentication.process(spnegoCredential.getInitToken());
principal = authentication.getPrincipal();
LOGGER.debug("Authenticated SPNEGO principal [{}]. Retrieving the next token for authentication...", Optional.ofNullable(principal).map(java.security.Principal::getName).orElse(null));
nextToken = authentication.getNextToken();
} catch (final jcifs.spnego.AuthenticationException e) {
LOGGER.debug("Processing SPNEGO authentication failed with exception", e);
throw new FailedLoginException(e.getMessage());
}
}
if (nextToken != null) {
LOGGER.debug("Setting nextToken in credential");
spnegoCredential.setNextToken(nextToken);
} else {
LOGGER.debug("nextToken is null");
}
var success = false;
if (principal != null) {
if (spnegoCredential.isNtlm()) {
LOGGER.debug("NTLM Credential is valid for user [{}]", principal.getName());
} else {
LOGGER.debug("Kerberos Credential is valid for user [{}]", principal.getName());
}
spnegoCredential.setPrincipal(getPrincipal(principal.getName(), spnegoCredential.isNtlm()));
success = true;
}
if (!success) {
throw new FailedLoginException("Principal is null, the processing of the SPNEGO Token failed");
}
return new DefaultAuthenticationHandlerExecutionResult(this, new BasicCredentialMetaData(credential), spnegoCredential.getPrincipal());
}
use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.
the class OidcProfileScopeToAttributesFilter method filterAttributesByScope.
/**
* Filter attributes by scope map.
*
* @param scopes the scopes
* @param principal the principal
* @param service the service
* @param registeredService the registered service
* @param accessToken the access token
* @return the map
*/
protected Map<String, List<Object>> filterAttributesByScope(final Collection<String> scopes, final Principal principal, final Service service, final RegisteredService registeredService, final OAuth20AccessToken accessToken) {
if (scopes.isEmpty()) {
val attributes = principal.getAttributes();
LOGGER.trace("No defined scopes are available to instruct attribute release policies for [{}]. " + "CAS will authorize the collection of resolved attributes [{}] for release to [{}]", registeredService.getServiceId(), attributes, service.getId());
return attributes;
}
val attributes = new LinkedHashMap<String, List<Object>>();
scopes.stream().distinct().filter(this.attributeReleasePolicies::containsKey).map(s -> {
val policy = attributeReleasePolicies.get(s);
val releasePolicyContext = RegisteredServiceAttributeReleasePolicyContext.builder().registeredService(registeredService).service(service).principal(principal).build();
val policyAttr = policy.getAttributes(releasePolicyContext);
LOGGER.debug("Calculated attributes [{}] via attribute release policy [{}]", policyAttr, policy.getName());
return policyAttr;
}).forEach(attributes::putAll);
return attributes;
}
use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.
the class SendForgotUsernameInstructionsAction method sendForgotUsernameEmailToAccount.
/**
* Send forgot username email to account.
*
* @param query the query
* @param requestContext the request context
* @return the boolean
*/
protected boolean sendForgotUsernameEmailToAccount(final PasswordManagementQuery query, final RequestContext requestContext) {
val parameters = CollectionUtils.<String, Object>wrap("email", query.getEmail());
val credential = new BasicIdentifiableCredential();
credential.setId(query.getUsername());
val person = principalResolver.resolve(credential);
FunctionUtils.doIf(person != null && !person.getClass().equals(NullPrincipal.class), principal -> {
parameters.put("principal", principal);
requestContext.getFlashScope().put(Principal.class.getName(), person);
}).accept(person);
val reset = casProperties.getAuthn().getPm().getForgotUsername().getMail();
val request = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
val body = EmailMessageBodyBuilder.builder().properties(reset).locale(Optional.ofNullable(request.getLocale())).parameters(parameters).build().produce();
return this.communicationsManager.email(reset, query.getEmail(), body);
}
use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.
the class SurrogatePrincipalElectionStrategyTests method verifyOperation.
@Test
public void verifyOperation() {
val strategy = new SurrogatePrincipalElectionStrategy();
val attributes = CollectionUtils.wrap("formalName", CollectionUtils.wrapSet("cas"), "theName", CollectionUtils.wrapSet("user"), "sysuser", CollectionUtils.wrapSet("casuser"), "firstName", CollectionUtils.wrapSet("cas-first"), "lastName", CollectionUtils.wrapSet("cas-last"));
val authentications = new ArrayList<Authentication>();
val primaryAuth = CoreAuthenticationTestUtils.getAuthentication("casuser");
authentications.add(primaryAuth);
val attributeRepository = CoreAuthenticationTestUtils.getAttributeRepository();
val surrogatePrincipal = buildSurrogatePrincipal("cas-surrogate", primaryAuth, attributeRepository);
authentications.add(CoreAuthenticationTestUtils.getAuthentication(surrogatePrincipal));
val principal = strategy.nominate(authentications, (Map) attributes);
assertNotNull(principal);
assertEquals("cas-surrogate", principal.getId());
assertEquals(attributeRepository.getBackingMap().size(), principal.getAttributes().size());
val result = attributeRepository.getBackingMap().keySet().stream().filter(key -> !principal.getAttributes().containsKey(key)).findAny();
if (result.isPresent()) {
fail();
}
}
Aggregations