Search in sources :

Example 16 with Principal

use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.

the class DefaultPrincipalElectionStrategy method nominate.

@Override
public Principal nominate(final Collection<Authentication> authentications, final Map<String, Object> principalAttributes) {
    final Principal principal = authentications.iterator().next().getPrincipal();
    final Principal finalPrincipal = this.principalFactory.createPrincipal(principal.getId(), principalAttributes);
    LOGGER.debug("Nominated [{}] as the primary principal", finalPrincipal);
    return finalPrincipal;
}
Also used : Principal(org.apereo.cas.authentication.principal.Principal)

Example 17 with Principal

use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.

the class JaasAuthenticationHandler method authenticateUsernamePasswordInternal.

@Override
protected AuthenticationHandlerExecutionResult authenticateUsernamePasswordInternal(final UsernamePasswordCredential credential, final String originalPassword) throws GeneralSecurityException {
    if (this.kerberosKdcSystemProperty != null) {
        LOGGER.debug("Configured kerberos system property [{}] to [{}]", SYS_PROP_KERB5_KDC, this.kerberosKdcSystemProperty);
        System.setProperty(SYS_PROP_KERB5_KDC, this.kerberosKdcSystemProperty);
    }
    if (this.kerberosRealmSystemProperty != null) {
        LOGGER.debug("Setting kerberos system property [{}] to [{}]", SYS_PROP_KRB5_REALM, this.kerberosRealmSystemProperty);
        System.setProperty(SYS_PROP_KRB5_REALM, this.kerberosRealmSystemProperty);
    }
    final String username = credential.getUsername();
    final String password = credential.getPassword();
    Principal principal = null;
    final LoginContext lc = new LoginContext(this.realm, new UsernamePasswordCallbackHandler(username, password));
    try {
        LOGGER.debug("Attempting authentication for: [{}]", username);
        lc.login();
        final Set<java.security.Principal> principals = lc.getSubject().getPrincipals();
        LOGGER.debug("JAAS principals extracted from subject are [{}}", principals);
        if (principals != null && !principals.isEmpty()) {
            final java.security.Principal secPrincipal = principals.iterator().next();
            LOGGER.debug("JAAS principal detected from subject login context is [{}}", secPrincipal.getName());
            principal = this.principalFactory.createPrincipal(secPrincipal.getName());
        }
    } finally {
        lc.logout();
    }
    return createHandlerResult(credential, principal);
}
Also used : LoginContext(javax.security.auth.login.LoginContext) Principal(org.apereo.cas.authentication.principal.Principal)

Example 18 with Principal

use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.

the class RestfulAuthenticationPolicy method isSatisfiedBy.

@Override
public boolean isSatisfiedBy(final Authentication authentication) throws Exception {
    try {
        final HttpHeaders acceptHeaders = new HttpHeaders();
        acceptHeaders.setAccept(CollectionUtils.wrap(MediaType.APPLICATION_JSON));
        final HttpEntity<Principal> entity = new HttpEntity<>(authentication.getPrincipal(), acceptHeaders);
        LOGGER.warn("Checking authentication policy for [{}] via POST at [{}]", authentication.getPrincipal(), this.endpoint);
        final ResponseEntity<String> resp = restTemplate.exchange(this.endpoint, HttpMethod.POST, entity, String.class);
        if (resp == null) {
            LOGGER.warn("[{}] returned no responses", this.endpoint);
            throw new GeneralSecurityException("No response returned from REST endpoint to determine authentication policy");
        }
        if (resp.getStatusCode() != HttpStatus.OK) {
            final Exception ex = handleResponseStatusCode(resp.getStatusCode(), authentication.getPrincipal());
            throw new GeneralSecurityException(ex);
        }
        return true;
    } catch (final HttpClientErrorException e) {
        final Exception ex = handleResponseStatusCode(e.getStatusCode(), authentication.getPrincipal());
        throw new GeneralSecurityException(ex);
    }
}
Also used : HttpHeaders(org.springframework.http.HttpHeaders) HttpClientErrorException(org.springframework.web.client.HttpClientErrorException) HttpEntity(org.springframework.http.HttpEntity) GeneralSecurityException(java.security.GeneralSecurityException) Principal(org.apereo.cas.authentication.principal.Principal) AccountLockedException(javax.security.auth.login.AccountLockedException) AccountDisabledException(org.apereo.cas.authentication.exceptions.AccountDisabledException) AccountExpiredException(javax.security.auth.login.AccountExpiredException) HttpClientErrorException(org.springframework.web.client.HttpClientErrorException) AccountNotFoundException(javax.security.auth.login.AccountNotFoundException) GeneralSecurityException(java.security.GeneralSecurityException) FailedLoginException(javax.security.auth.login.FailedLoginException) AccountPasswordMustChangeException(org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException)

Example 19 with Principal

use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.

the class UniquePrincipalAuthenticationPolicy method isSatisfiedBy.

@Override
public boolean isSatisfiedBy(final Authentication authentication) throws Exception {
    try {
        final Principal authPrincipal = authentication.getPrincipal();
        final long count = this.ticketRegistry.getTickets(t -> {
            boolean pass = TicketGrantingTicket.class.isInstance(t) && !t.isExpired();
            if (pass) {
                final Principal principal = TicketGrantingTicket.class.cast(t).getAuthentication().getPrincipal();
                pass = principal.getId().equalsIgnoreCase(authPrincipal.getId());
            }
            return pass;
        }).count();
        if (count == 0) {
            LOGGER.debug("Authentication policy is satisfied with [{}]", authPrincipal.getId());
            return true;
        }
        LOGGER.warn("Authentication policy cannot be satisfied for principal [{}] because [{}] sessions currently exist", authPrincipal.getId(), count);
        return false;
    } catch (final Exception e) {
        throw new GeneralSecurityException(e);
    }
}
Also used : AuthenticationPolicy(org.apereo.cas.authentication.AuthenticationPolicy) Slf4j(lombok.extern.slf4j.Slf4j) TicketRegistry(org.apereo.cas.ticket.registry.TicketRegistry) GeneralSecurityException(java.security.GeneralSecurityException) Authentication(org.apereo.cas.authentication.Authentication) Principal(org.apereo.cas.authentication.principal.Principal) AllArgsConstructor(lombok.AllArgsConstructor) TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket) TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket) GeneralSecurityException(java.security.GeneralSecurityException) Principal(org.apereo.cas.authentication.principal.Principal) GeneralSecurityException(java.security.GeneralSecurityException)

Example 20 with Principal

use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.

the class WSFederationClaimsReleasePolicy method getAttributesInternal.

@Override
public Map<String, Object> getAttributesInternal(final Principal principal, final Map<String, Object> attrs, final RegisteredService service) {
    final Map<String, Object> resolvedAttributes = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
    resolvedAttributes.putAll(attrs);
    final Map<String, Object> attributesToRelease = new HashMap<>(resolvedAttributes.size());
    getAllowedAttributes().entrySet().stream().filter(entry -> WSFederationClaims.contains(entry.getKey().toUpperCase())).forEach(entry -> {
        final String claimName = entry.getKey();
        final String attributeName = entry.getValue();
        final WSFederationClaims claim = WSFederationClaims.valueOf(claimName.toUpperCase());
        LOGGER.debug("Evaluating claimName [{}] mapped to attribute name [{}]", claim.getUri(), attributeName);
        final Object value = resolvedAttributes.get(attributeName);
        if (value != null) {
            LOGGER.debug("Adding claimName [{}] to the collection of released attributes", claim.getUri());
            attributesToRelease.put(claim.getUri(), value);
        }
    });
    return attributesToRelease;
}
Also used : AbstractRegisteredServiceAttributeReleasePolicy(org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy) Slf4j(lombok.extern.slf4j.Slf4j) Setter(lombok.Setter) TreeMap(java.util.TreeMap) Getter(lombok.Getter) Map(java.util.Map) HashMap(java.util.HashMap) Principal(org.apereo.cas.authentication.principal.Principal) RegisteredService(org.apereo.cas.services.RegisteredService) WSFederationClaims(org.apereo.cas.ws.idp.WSFederationClaims) HashMap(java.util.HashMap) WSFederationClaims(org.apereo.cas.ws.idp.WSFederationClaims) TreeMap(java.util.TreeMap)

Aggregations

Principal (org.apereo.cas.authentication.principal.Principal)114 HashMap (java.util.HashMap)33 RegisteredService (org.apereo.cas.services.RegisteredService)31 Test (org.junit.Test)29 Authentication (org.apereo.cas.authentication.Authentication)26 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)26 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)26 OAuthRegisteredService (org.apereo.cas.support.oauth.services.OAuthRegisteredService)25 Map (java.util.Map)23 Slf4j (lombok.extern.slf4j.Slf4j)23 lombok.val (lombok.val)19 List (java.util.List)15 StringUtils (org.apache.commons.lang3.StringUtils)15 OAuthCode (org.apereo.cas.ticket.code.OAuthCode)15 CollectionUtils (org.apereo.cas.util.CollectionUtils)15 ArrayList (java.util.ArrayList)14 Optional (java.util.Optional)14 Service (org.apereo.cas.authentication.principal.Service)14 Collection (java.util.Collection)11 Collectors (java.util.stream.Collectors)10