use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.
the class DefaultPrincipalElectionStrategy method nominate.
@Override
public Principal nominate(final Collection<Authentication> authentications, final Map<String, Object> principalAttributes) {
final Principal principal = authentications.iterator().next().getPrincipal();
final Principal finalPrincipal = this.principalFactory.createPrincipal(principal.getId(), principalAttributes);
LOGGER.debug("Nominated [{}] as the primary principal", finalPrincipal);
return finalPrincipal;
}
use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.
the class JaasAuthenticationHandler method authenticateUsernamePasswordInternal.
@Override
protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential, final String originalPassword) throws GeneralSecurityException {
if (this.kerberosKdcSystemProperty != null) {
LOGGER.debug("Configured kerberos system property [{}] to [{}]", SYS_PROP_KERB5_KDC, this.kerberosKdcSystemProperty);
System.setProperty(SYS_PROP_KERB5_KDC, this.kerberosKdcSystemProperty);
}
if (this.kerberosRealmSystemProperty != null) {
LOGGER.debug("Setting kerberos system property [{}] to [{}]", SYS_PROP_KRB5_REALM, this.kerberosRealmSystemProperty);
System.setProperty(SYS_PROP_KRB5_REALM, this.kerberosRealmSystemProperty);
}
final String username = credential.getUsername();
final String password = credential.getPassword();
Principal principal = null;
final LoginContext lc = new LoginContext(this.realm, new UsernamePasswordCallbackHandler(username, password));
try {
LOGGER.debug("Attempting authentication for: [{}]", username);
lc.login();
final Set<java.security.Principal> principals = lc.getSubject().getPrincipals();
LOGGER.debug("JAAS principals extracted from subject are [{}}", principals);
if (principals != null && !principals.isEmpty()) {
final java.security.Principal secPrincipal = principals.iterator().next();
LOGGER.debug("JAAS principal detected from subject login context is [{}}", secPrincipal.getName());
principal = this.principalFactory.createPrincipal(secPrincipal.getName());
}
} finally {
lc.logout();
}
return createHandlerResult(credential, principal);
}
use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.
the class RestfulAuthenticationPolicy method isSatisfiedBy.
@Override
public boolean isSatisfiedBy(final Authentication authentication) throws Exception {
try {
final HttpHeaders acceptHeaders = new HttpHeaders();
acceptHeaders.setAccept(CollectionUtils.wrap(MediaType.APPLICATION_JSON));
final HttpEntity<Principal> entity = new HttpEntity<>(authentication.getPrincipal(), acceptHeaders);
LOGGER.warn("Checking authentication policy for [{}] via POST at [{}]", authentication.getPrincipal(), this.endpoint);
final ResponseEntity<String> resp = restTemplate.exchange(this.endpoint, HttpMethod.POST, entity, String.class);
if (resp == null) {
LOGGER.warn("[{}] returned no responses", this.endpoint);
throw new GeneralSecurityException("No response returned from REST endpoint to determine authentication policy");
}
if (resp.getStatusCode() != HttpStatus.OK) {
final Exception ex = handleResponseStatusCode(resp.getStatusCode(), authentication.getPrincipal());
throw new GeneralSecurityException(ex);
}
return true;
} catch (final HttpClientErrorException e) {
final Exception ex = handleResponseStatusCode(e.getStatusCode(), authentication.getPrincipal());
throw new GeneralSecurityException(ex);
}
}
use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.
the class UniquePrincipalAuthenticationPolicy method isSatisfiedBy.
@Override
public boolean isSatisfiedBy(final Authentication authentication) throws Exception {
try {
final Principal authPrincipal = authentication.getPrincipal();
final long count = this.ticketRegistry.getTickets(t -> {
boolean pass = TicketGrantingTicket.class.isInstance(t) && !t.isExpired();
if (pass) {
final Principal principal = TicketGrantingTicket.class.cast(t).getAuthentication().getPrincipal();
pass = principal.getId().equalsIgnoreCase(authPrincipal.getId());
}
return pass;
}).count();
if (count == 0) {
LOGGER.debug("Authentication policy is satisfied with [{}]", authPrincipal.getId());
return true;
}
LOGGER.warn("Authentication policy cannot be satisfied for principal [{}] because [{}] sessions currently exist", authPrincipal.getId(), count);
return false;
} catch (final Exception e) {
throw new GeneralSecurityException(e);
}
}
use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.
the class WSFederationClaimsReleasePolicy method getAttributesInternal.
@Override
public Map<String, Object> getAttributesInternal(final Principal principal, final Map<String, Object> attrs, final RegisteredService service) {
final Map<String, Object> resolvedAttributes = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
resolvedAttributes.putAll(attrs);
final Map<String, Object> attributesToRelease = new HashMap<>(resolvedAttributes.size());
getAllowedAttributes().entrySet().stream().filter(entry -> WSFederationClaims.contains(entry.getKey().toUpperCase())).forEach(entry -> {
final String claimName = entry.getKey();
final String attributeName = entry.getValue();
final WSFederationClaims claim = WSFederationClaims.valueOf(claimName.toUpperCase());
LOGGER.debug("Evaluating claimName [{}] mapped to attribute name [{}]", claim.getUri(), attributeName);
final Object value = resolvedAttributes.get(attributeName);
if (value != null) {
LOGGER.debug("Adding claimName [{}] to the collection of released attributes", claim.getUri());
attributesToRelease.put(claim.getUri(), value);
}
});
return attributesToRelease;
}
Aggregations