Search in sources :

Example 71 with Principal

use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.

the class OidcProfileScopeToAttributesFilter method filterAttributesByScope.

private void filterAttributesByScope(final Collection<String> stream, final Map<String, Object> attributes, final Principal principal, final RegisteredService registeredService) {
    stream.stream().distinct().filter(s -> this.filters.containsKey(s)).forEach(s -> {
        final BaseOidcScopeAttributeReleasePolicy policy = filters.get(s);
        attributes.putAll(policy.getAttributes(principal, registeredService));
    });
}
Also used : OidcProfileScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcProfileScopeAttributeReleasePolicy) LoggerFactory(org.slf4j.LoggerFactory) OAuthUtils(org.apereo.cas.support.oauth.util.OAuthUtils) OidcCustomScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcCustomScopeAttributeReleasePolicy) HashMap(java.util.HashMap) Reflections(org.reflections.Reflections) OidcEmailScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcEmailScopeAttributeReleasePolicy) ArrayList(java.util.ArrayList) BaseOidcScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy) PrincipalFactory(org.apereo.cas.authentication.principal.PrincipalFactory) DefaultOAuth20ProfileScopeToAttributesFilter(org.apereo.cas.support.oauth.profile.DefaultOAuth20ProfileScopeToAttributesFilter) FilterBuilder(org.reflections.util.FilterBuilder) Map(java.util.Map) OidcAddressScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcAddressScopeAttributeReleasePolicy) ConfigurationBuilder(org.reflections.util.ConfigurationBuilder) ChainingAttributeReleasePolicy(org.apereo.cas.services.ChainingAttributeReleasePolicy) ServicesManager(org.apereo.cas.services.ServicesManager) Unchecked(org.jooq.lambda.Unchecked) Logger(org.slf4j.Logger) OidcConstants(org.apereo.cas.oidc.OidcConstants) Collection(java.util.Collection) OidcPhoneScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcPhoneScopeAttributeReleasePolicy) Set(java.util.Set) DenyAllAttributeReleasePolicy(org.apereo.cas.services.DenyAllAttributeReleasePolicy) RegisteredService(org.apereo.cas.services.RegisteredService) ClasspathHelper(org.reflections.util.ClasspathHelper) SubTypesScanner(org.reflections.scanners.SubTypesScanner) List(java.util.List) OidcRegisteredService(org.apereo.cas.services.OidcRegisteredService) Service(org.apereo.cas.authentication.principal.Service) J2EContext(org.pac4j.core.context.J2EContext) Principal(org.apereo.cas.authentication.principal.Principal) BaseOidcScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy)

Example 72 with Principal

use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.

the class OidcProfileScopeToAttributesFilter method filter.

@Override
public Principal filter(final Service service, final Principal profile, final RegisteredService registeredService, final J2EContext context) {
    final Principal principal = super.filter(service, profile, registeredService, context);
    final OidcRegisteredService oidcService = (OidcRegisteredService) registeredService;
    final Collection<String> scopes = new ArrayList<>(OAuthUtils.getRequestedScopes(context));
    scopes.addAll(oidcService.getScopes());
    if (!scopes.contains(OidcConstants.OPENID)) {
        LOGGER.debug("Request does not indicate a scope [{}] that can identify OpenID Connect", scopes);
        return principal;
    }
    final Map<String, Object> attributes = new HashMap<>();
    filterAttributesByScope(scopes, attributes, principal, oidcService);
    return this.principalFactory.createPrincipal(profile.getId(), attributes);
}
Also used : HashMap(java.util.HashMap) OidcRegisteredService(org.apereo.cas.services.OidcRegisteredService) ArrayList(java.util.ArrayList) Principal(org.apereo.cas.authentication.principal.Principal)

Example 73 with Principal

use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.

the class AuthenticationRiskTwilioSmsNotifier method publish.

@Override
public void publish() {
    final SmsProperties sms = casProperties.getAuthn().getAdaptive().getRisk().getResponse().getSms();
    final Principal principal = authentication.getPrincipal();
    if (StringUtils.isBlank(sms.getText()) || StringUtils.isBlank(sms.getFrom()) || !principal.getAttributes().containsKey(sms.getAttributeName())) {
        LOGGER.debug("Could not send sms [{}] because either no phones could be found or sms settings are not configured.", principal.getId());
        return;
    }
    communicationsManager.sms(sms.getFrom(), principal.getAttributes().get(sms.getAttributeName()).toString(), sms.getText());
}
Also used : SmsProperties(org.apereo.cas.configuration.model.support.sms.SmsProperties) Principal(org.apereo.cas.authentication.principal.Principal)

Example 74 with Principal

use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.

the class BasicDuoAuthenticationService method authenticateDuoCredentialDirect.

private Pair<Boolean, String> authenticateDuoCredentialDirect(final Credential crds) {
    try {
        final DuoDirectCredential credential = DuoDirectCredential.class.cast(crds);
        final Principal p = credential.getAuthentication().getPrincipal();
        final Http request = buildHttpPostAuthRequest();
        signHttpAuthRequest(request, p.getId());
        final JSONObject result = (JSONObject) request.executeRequest();
        LOGGER.debug("Duo authentication response: [{}]", result);
        if ("allow".equalsIgnoreCase(result.getString("result"))) {
            return Pair.of(Boolean.TRUE, crds.getId());
        }
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
    }
    return Pair.of(Boolean.FALSE, crds.getId());
}
Also used : JSONObject(org.json.JSONObject) Http(com.duosecurity.client.Http) Principal(org.apereo.cas.authentication.principal.Principal)

Example 75 with Principal

use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.

the class AbstractAuthenticationManager method resolvePrincipal.

/**
     * Resolve principal.
     *
     * @param handler    the handler name
     * @param resolver   the resolver
     * @param credential the credential
     * @param principal  the current authenticated principal from a handler, if any.
     * @return the principal
     */
protected Principal resolvePrincipal(final AuthenticationHandler handler, final PrincipalResolver resolver, final Credential credential, final Principal principal) {
    if (resolver.supports(credential)) {
        try {
            final Principal p = resolver.resolve(credential, principal, handler);
            LOGGER.debug("[{}] resolved [{}] from [{}]", resolver, p, credential);
            return p;
        } catch (final Exception e) {
            LOGGER.error("[{}] failed to resolve principal from [{}]", resolver, credential, e);
        }
    } else {
        LOGGER.warn("[{}] is configured to use [{}] but it does not support [{}], which suggests a configuration problem.", handler.getName(), resolver, credential);
    }
    return null;
}
Also used : NullPrincipal(org.apereo.cas.authentication.principal.NullPrincipal) Principal(org.apereo.cas.authentication.principal.Principal) UnresolvedPrincipalException(org.apereo.cas.authentication.exceptions.UnresolvedPrincipalException) GeneralSecurityException(java.security.GeneralSecurityException)

Aggregations

Principal (org.apereo.cas.authentication.principal.Principal)114 HashMap (java.util.HashMap)33 RegisteredService (org.apereo.cas.services.RegisteredService)31 Test (org.junit.Test)29 Authentication (org.apereo.cas.authentication.Authentication)26 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)26 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)26 OAuthRegisteredService (org.apereo.cas.support.oauth.services.OAuthRegisteredService)25 Map (java.util.Map)23 Slf4j (lombok.extern.slf4j.Slf4j)23 lombok.val (lombok.val)19 List (java.util.List)15 StringUtils (org.apache.commons.lang3.StringUtils)15 OAuthCode (org.apereo.cas.ticket.code.OAuthCode)15 CollectionUtils (org.apereo.cas.util.CollectionUtils)15 ArrayList (java.util.ArrayList)14 Optional (java.util.Optional)14 Service (org.apereo.cas.authentication.principal.Service)14 Collection (java.util.Collection)11 Collectors (java.util.stream.Collectors)10