Search in sources :

Example 26 with Principal

use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.

the class RestEndpointMultifactorAuthenticationPolicyEventResolver method resolveInternal.

@Override
public Set<Event> resolveInternal(final RequestContext context) {
    final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
    final Authentication authentication = WebUtils.getAuthentication(context);
    if (service == null || authentication == null) {
        LOGGER.debug("No service or authentication is available to determine event for principal");
        return null;
    }
    final Principal principal = authentication.getPrincipal();
    if (StringUtils.isBlank(restEndpoint)) {
        LOGGER.debug("Rest endpoint to determine event is not configured for [{}]", principal.getId());
        return null;
    }
    final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    if (providerMap == null || providerMap.isEmpty()) {
        LOGGER.error("No multifactor authentication providers are available in the application context");
        return null;
    }
    final Collection<MultifactorAuthenticationProvider> flattenedProviders = flattenProviders(providerMap.values());
    LOGGER.debug("Contacting [{}] to inquire about [{}]", restEndpoint, principal.getId());
    final String results = callRestEndpointForMultifactor(principal, context);
    if (StringUtils.isNotBlank(results)) {
        return resolveMultifactorEventViaRestResult(results, flattenedProviders);
    }
    LOGGER.debug("No providers are available to match rest endpoint results");
    return new HashSet<>(0);
}
Also used : RegisteredService(org.apereo.cas.services.RegisteredService) Authentication(org.apereo.cas.authentication.Authentication) MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider) Principal(org.apereo.cas.authentication.principal.Principal) HashSet(java.util.HashSet)

Example 27 with Principal

use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.

the class DefaultCentralAuthenticationService method grantServiceTicket.

@Audit(action = "SERVICE_TICKET", actionResolverName = "GRANT_SERVICE_TICKET_RESOLVER", resourceResolverName = "GRANT_SERVICE_TICKET_RESOURCE_RESOLVER")
@Timed(name = "GRANT_SERVICE_TICKET_TIMER")
@Metered(name = "GRANT_SERVICE_TICKET_METER")
@Counted(name = "GRANT_SERVICE_TICKET_COUNTER", monotonic = true)
@Override
public ServiceTicket grantServiceTicket(final String ticketGrantingTicketId, final Service service, final AuthenticationResult authenticationResult) throws AuthenticationException, AbstractTicketException {
    final boolean credentialProvided = authenticationResult != null && authenticationResult.isCredentialProvided();
    final TicketGrantingTicket ticketGrantingTicket = getTicket(ticketGrantingTicketId, TicketGrantingTicket.class);
    final Service selectedService = resolveServiceFromAuthenticationRequest(service);
    final RegisteredService registeredService = this.servicesManager.findServiceBy(selectedService);
    final AuditableContext audit = AuditableContext.builder().service(selectedService).ticketGrantingTicket(ticketGrantingTicket).registeredService(registeredService).retrievePrincipalAttributesFromReleasePolicy(Boolean.FALSE).build();
    final AuditableExecutionResult accessResult = this.registeredServiceAccessStrategyEnforcer.execute(audit);
    accessResult.throwExceptionIfNeeded();
    final Authentication currentAuthentication = evaluatePossibilityOfMixedPrincipals(authenticationResult, ticketGrantingTicket);
    RegisteredServiceAccessStrategyUtils.ensureServiceSsoAccessIsAllowed(registeredService, selectedService, ticketGrantingTicket, credentialProvided);
    evaluateProxiedServiceIfNeeded(selectedService, ticketGrantingTicket, registeredService);
    // Perform security policy check by getting the authentication that satisfies the configured policy
    getAuthenticationSatisfiedByPolicy(currentAuthentication, new ServiceContext(selectedService, registeredService));
    final Authentication latestAuthentication = ticketGrantingTicket.getRoot().getAuthentication();
    AuthenticationCredentialsThreadLocalBinder.bindCurrent(latestAuthentication);
    final Principal principal = latestAuthentication.getPrincipal();
    final ServiceTicketFactory factory = (ServiceTicketFactory) this.ticketFactory.get(ServiceTicket.class);
    final ServiceTicket serviceTicket = factory.create(ticketGrantingTicket, service, credentialProvided, ServiceTicket.class);
    this.ticketRegistry.updateTicket(ticketGrantingTicket);
    this.ticketRegistry.addTicket(serviceTicket);
    LOGGER.info("Granted ticket [{}] for service [{}] and principal [{}]", serviceTicket.getId(), DigestUtils.abbreviate(service.getId()), principal.getId());
    doPublishEvent(new CasServiceTicketGrantedEvent(this, ticketGrantingTicket, serviceTicket));
    return serviceTicket;
}
Also used : AuditableContext(org.apereo.cas.audit.AuditableContext) RegisteredService(org.apereo.cas.services.RegisteredService) ServiceTicketFactory(org.apereo.cas.ticket.ServiceTicketFactory) CasServiceTicketGrantedEvent(org.apereo.cas.support.events.ticket.CasServiceTicketGrantedEvent) TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket) Authentication(org.apereo.cas.authentication.Authentication) ServiceContext(org.apereo.cas.services.ServiceContext) RegisteredService(org.apereo.cas.services.RegisteredService) Service(org.apereo.cas.authentication.principal.Service) ServiceTicket(org.apereo.cas.ticket.ServiceTicket) AuditableExecutionResult(org.apereo.cas.audit.AuditableExecutionResult) Principal(org.apereo.cas.authentication.principal.Principal) Audit(org.apereo.inspektr.audit.annotation.Audit) Counted(com.codahale.metrics.annotation.Counted) Metered(com.codahale.metrics.annotation.Metered) Timed(com.codahale.metrics.annotation.Timed)

Example 28 with Principal

use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.

the class AbstractPrincipalAttributeAcceptableUsagePolicyRepository method verify.

@Override
public Pair<Boolean, Principal> verify(final RequestContext requestContext, final Credential credential) {
    final Principal principal = WebUtils.getPrincipalFromRequestContext(requestContext, this.ticketRegistrySupport);
    if (isUsagePolicyAcceptedBy(principal)) {
        LOGGER.debug("Usage policy has been accepted by [{}]", principal.getId());
        return Pair.of(Boolean.TRUE, principal);
    }
    LOGGER.warn("Usage policy has not been accepted by [{}]", principal.getId());
    return Pair.of(Boolean.FALSE, principal);
}
Also used : Principal(org.apereo.cas.authentication.principal.Principal)

Example 29 with Principal

use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.

the class RegisteredServiceAccessStrategyUtils method ensurePrincipalAccessIsAllowedForService.

/**
 * Ensure service access is allowed.
 *
 * @param service                                      the service
 * @param registeredService                            the registered service
 * @param authentication                               the authentication
 * @param retrievePrincipalAttributesFromReleasePolicy retrieve attributes from release policy or simply rely on the principal attributes
 *                                                     already collected. Setting this value to false bears the assumption that the policy
 *                                                     has run already.
 * @throws UnauthorizedServiceException the unauthorized service exception
 * @throws PrincipalException           the principal exception
 */
static void ensurePrincipalAccessIsAllowedForService(final Service service, final RegisteredService registeredService, final Authentication authentication, final boolean retrievePrincipalAttributesFromReleasePolicy) throws UnauthorizedServiceException, PrincipalException {
    ensureServiceAccessIsAllowed(service, registeredService);
    final Principal principal = authentication.getPrincipal();
    final Map<String, Object> principalAttrs;
    if (retrievePrincipalAttributesFromReleasePolicy && registeredService != null && registeredService.getAttributeReleasePolicy() != null) {
        principalAttrs = registeredService.getAttributeReleasePolicy().getAttributes(principal, service, registeredService);
    } else {
        principalAttrs = authentication.getPrincipal().getAttributes();
    }
    final Map<String, Object> attributes = new LinkedHashMap<>(principalAttrs);
    attributes.putAll(authentication.getAttributes());
    ensurePrincipalAccessIsAllowedForService(service, registeredService, principal.getId(), attributes);
}
Also used : Principal(org.apereo.cas.authentication.principal.Principal) LinkedHashMap(java.util.LinkedHashMap)

Example 30 with Principal

use of org.apereo.cas.authentication.principal.Principal in project cas by apereo.

the class AbstractRegisteredServiceTests method verifyServiceAttributeFilterAllowedAttributes.

@Test
public void verifyServiceAttributeFilterAllowedAttributes() {
    prepareService();
    final ReturnAllowedAttributeReleasePolicy policy = new ReturnAllowedAttributeReleasePolicy();
    policy.setAllowedAttributes(Arrays.asList(ATTR_1, ATTR_3));
    this.r.setAttributeReleasePolicy(policy);
    final Principal p = mock(Principal.class);
    final Map<String, Object> map = new HashMap<>();
    map.put(ATTR_1, "value1");
    map.put(ATTR_2, "value2");
    map.put(ATTR_3, Arrays.asList("v3", "v4"));
    when(p.getAttributes()).thenReturn(map);
    when(p.getId()).thenReturn("principalId");
    final Map<String, Object> attr = this.r.getAttributeReleasePolicy().getAttributes(p, RegisteredServiceTestUtils.getService(), RegisteredServiceTestUtils.getRegisteredService(SERVICE_ID));
    assertEquals(2, attr.size());
    assertTrue(attr.containsKey(ATTR_1));
    assertTrue(attr.containsKey(ATTR_3));
}
Also used : HashMap(java.util.HashMap) Principal(org.apereo.cas.authentication.principal.Principal) Test(org.junit.Test)

Aggregations

Principal (org.apereo.cas.authentication.principal.Principal)114 HashMap (java.util.HashMap)33 RegisteredService (org.apereo.cas.services.RegisteredService)31 Test (org.junit.Test)29 Authentication (org.apereo.cas.authentication.Authentication)26 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)26 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)26 OAuthRegisteredService (org.apereo.cas.support.oauth.services.OAuthRegisteredService)25 Map (java.util.Map)23 Slf4j (lombok.extern.slf4j.Slf4j)23 lombok.val (lombok.val)19 List (java.util.List)15 StringUtils (org.apache.commons.lang3.StringUtils)15 OAuthCode (org.apereo.cas.ticket.code.OAuthCode)15 CollectionUtils (org.apereo.cas.util.CollectionUtils)15 ArrayList (java.util.ArrayList)14 Optional (java.util.Optional)14 Service (org.apereo.cas.authentication.principal.Service)14 Collection (java.util.Collection)11 Collectors (java.util.stream.Collectors)10