Search in sources :

Example 61 with Service

use of org.apereo.cas.authentication.principal.Service in project cas by apereo.

the class GatewayServicesManagementCheck method doExecute.

@Override
protected Event doExecute(final RequestContext context) {
    final Service service = WebUtils.getService(context);
    final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
    if (registeredService == null) {
        final String msg = String.format("Service Management: Unauthorized Service Access. " + "Service [%s] does not match entries in service registry.", service.getId());
        LOGGER.warn(msg);
        throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, msg);
    }
    if (!registeredService.getAccessStrategy().isServiceAccessAllowed()) {
        final String msg = String.format("Service Management: Access to service [%s] " + "is disabled by the service registry.", service.getId());
        LOGGER.warn(msg);
        WebUtils.putUnauthorizedRedirectUrlIntoFlowScope(context, registeredService.getAccessStrategy().getUnauthorizedRedirectUrl());
        throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, msg);
    }
    return success();
}
Also used : RegisteredService(org.apereo.cas.services.RegisteredService) Service(org.apereo.cas.authentication.principal.Service) RegisteredService(org.apereo.cas.services.RegisteredService) UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException)

Example 62 with Service

use of org.apereo.cas.authentication.principal.Service in project cas by apereo.

the class GenericSuccessViewAction method doExecute.

@Override
protected Event doExecute(final RequestContext requestContext) {
    if (StringUtils.isNotBlank(this.redirectUrl)) {
        final Service service = this.serviceFactory.createService(this.redirectUrl);
        final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
        RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(service, registeredService);
        requestContext.getExternalContext().requestExternalRedirect(service.getId());
    } else {
        final String tgt = WebUtils.getTicketGrantingTicketId(requestContext);
        WebUtils.putPrincipal(requestContext, getAuthenticationPrincipal(tgt));
    }
    return success();
}
Also used : RegisteredService(org.apereo.cas.services.RegisteredService) CentralAuthenticationService(org.apereo.cas.CentralAuthenticationService) RegisteredService(org.apereo.cas.services.RegisteredService) Service(org.apereo.cas.authentication.principal.Service)

Example 63 with Service

use of org.apereo.cas.authentication.principal.Service in project cas by apereo.

the class LogoutAction method doInternalExecute.

@Override
protected Event doInternalExecute(final HttpServletRequest request, final HttpServletResponse response, final RequestContext context) {
    boolean needFrontSlo = false;
    final List<LogoutRequest> logoutRequests = WebUtils.getLogoutRequests(context);
    if (logoutRequests != null) {
        needFrontSlo = logoutRequests.stream().anyMatch(logoutRequest -> logoutRequest.getStatus() == LogoutRequestStatus.NOT_ATTEMPTED);
    }
    final String paramName = StringUtils.defaultIfEmpty(logoutProperties.getRedirectParameter(), CasProtocolConstants.PARAMETER_SERVICE);
    LOGGER.debug("Using parameter name [{}] to detect destination service, if any", paramName);
    final String service = request.getParameter(paramName);
    LOGGER.debug("Located target service [{}] for redirection after logout", paramName);
    if (logoutProperties.isFollowServiceRedirects() && StringUtils.isNotBlank(service)) {
        final Service webAppService = webApplicationServiceFactory.createService(service);
        final RegisteredService rService = this.servicesManager.findServiceBy(webAppService);
        if (rService != null && rService.getAccessStrategy().isServiceAccessAllowed()) {
            LOGGER.debug("Redirecting to service [{}]", service);
            WebUtils.putLogoutRedirectUrl(context, service);
        } else {
            LOGGER.warn("Cannot redirect to [{}] given the service is unauthorized to use CAS. " + "Ensure the service is registered with CAS and is enabled to allowed access", service);
        }
    } else {
        LOGGER.debug("No target service is located for redirection after logout, or CAS is not allowed to follow redirects after logout");
    }
    // there are some front services to logout, perform front SLO
    if (needFrontSlo) {
        LOGGER.debug("Proceeding forward with front-channel single logout");
        return new Event(this, CasWebflowConstants.TRANSITION_ID_FRONT);
    }
    LOGGER.debug("Moving forward to finish the logout process");
    return new Event(this, CasWebflowConstants.TRANSITION_ID_FINISH);
}
Also used : CasProtocolConstants(org.apereo.cas.CasProtocolConstants) LogoutRequest(org.apereo.cas.logout.LogoutRequest) HttpServletResponse(javax.servlet.http.HttpServletResponse) LogoutRequestStatus(org.apereo.cas.logout.LogoutRequestStatus) LogoutProperties(org.apereo.cas.configuration.model.core.logout.LogoutProperties) StringUtils(org.apache.commons.lang3.StringUtils) RequestContext(org.springframework.webflow.execution.RequestContext) RegisteredService(org.apereo.cas.services.RegisteredService) WebApplicationService(org.apereo.cas.authentication.principal.WebApplicationService) Slf4j(lombok.extern.slf4j.Slf4j) HttpServletRequest(javax.servlet.http.HttpServletRequest) List(java.util.List) CasWebflowConstants(org.apereo.cas.web.flow.CasWebflowConstants) Service(org.apereo.cas.authentication.principal.Service) AllArgsConstructor(lombok.AllArgsConstructor) WebUtils(org.apereo.cas.web.support.WebUtils) ServiceFactory(org.apereo.cas.authentication.principal.ServiceFactory) Event(org.springframework.webflow.execution.Event) ServicesManager(org.apereo.cas.services.ServicesManager) RegisteredService(org.apereo.cas.services.RegisteredService) RegisteredService(org.apereo.cas.services.RegisteredService) WebApplicationService(org.apereo.cas.authentication.principal.WebApplicationService) Service(org.apereo.cas.authentication.principal.Service) Event(org.springframework.webflow.execution.Event) LogoutRequest(org.apereo.cas.logout.LogoutRequest)

Example 64 with Service

use of org.apereo.cas.authentication.principal.Service in project cas by apereo.

the class RestConsentRepositoryTests method verifyConsentDecisionIsFound.

@Test
public void verifyConsentDecisionIsFound() throws Exception {
    final ObjectMapper mapper = new ObjectMapper().findAndRegisterModules();
    final DefaultConsentDecisionBuilder builder = new DefaultConsentDecisionBuilder(CipherExecutor.noOpOfSerializableToString());
    final AbstractRegisteredService regSvc = RegisteredServiceTestUtils.getRegisteredService("test");
    final Service svc = RegisteredServiceTestUtils.getService();
    final ConsentDecision decision = builder.build(svc, regSvc, "casuser", CollectionUtils.wrap("attribute", "value"));
    final String body = mapper.writeValueAsString(decision);
    server.expect(manyTimes(), requestTo("/consent")).andExpect(method(HttpMethod.GET)).andRespond(withSuccess(body, MediaType.APPLICATION_JSON));
    final RestConsentRepository repo = new RestConsentRepository(this.restTemplate, "/consent");
    final ConsentDecision d = repo.findConsentDecision(svc, regSvc, CoreAuthenticationTestUtils.getAuthentication());
    assertNotNull(d);
    assertEquals("casuser", d.getPrincipal());
    server.verify();
}
Also used : AbstractRegisteredService(org.apereo.cas.services.AbstractRegisteredService) Service(org.apereo.cas.authentication.principal.Service) AbstractRegisteredService(org.apereo.cas.services.AbstractRegisteredService) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Test(org.junit.Test)

Example 65 with Service

use of org.apereo.cas.authentication.principal.Service in project cas by apereo.

the class CheckConsentRequiredAction method determineConsentEvent.

/**
 * Determine consent event string.
 *
 * @param requestContext the request context
 * @return the string
 */
protected String determineConsentEvent(final RequestContext requestContext) {
    final Service service = this.authenticationRequestServiceSelectionStrategies.resolveService(WebUtils.getService(requestContext));
    if (service == null) {
        return null;
    }
    final RegisteredService registeredService = getRegisteredServiceForConsent(requestContext, service);
    final Authentication authentication = WebUtils.getAuthentication(requestContext);
    if (authentication == null) {
        return null;
    }
    return isConsentRequired(service, registeredService, authentication, requestContext);
}
Also used : RegisteredService(org.apereo.cas.services.RegisteredService) Authentication(org.apereo.cas.authentication.Authentication) RegisteredService(org.apereo.cas.services.RegisteredService) Service(org.apereo.cas.authentication.principal.Service)

Aggregations

Service (org.apereo.cas.authentication.principal.Service)173 RegisteredService (org.apereo.cas.services.RegisteredService)67 Test (org.junit.Test)61 Authentication (org.apereo.cas.authentication.Authentication)47 TicketGrantingTicket (org.apereo.cas.ticket.TicketGrantingTicket)44 AuthenticationResult (org.apereo.cas.authentication.AuthenticationResult)42 ServiceTicket (org.apereo.cas.ticket.ServiceTicket)35 CentralAuthenticationService (org.apereo.cas.CentralAuthenticationService)32 WebApplicationService (org.apereo.cas.authentication.principal.WebApplicationService)29 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)21 AbstractWebApplicationService (org.apereo.cas.authentication.principal.AbstractWebApplicationService)18 HttpServletRequest (javax.servlet.http.HttpServletRequest)16 UnauthorizedServiceException (org.apereo.cas.services.UnauthorizedServiceException)15 OAuthRegisteredService (org.apereo.cas.support.oauth.services.OAuthRegisteredService)15 Credential (org.apereo.cas.authentication.Credential)13 Principal (org.apereo.cas.authentication.principal.Principal)13 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)13 MockTicketGrantingTicket (org.apereo.cas.mock.MockTicketGrantingTicket)12 TicketGrantingTicketImpl (org.apereo.cas.ticket.TicketGrantingTicketImpl)12 NeverExpiresExpirationPolicy (org.apereo.cas.ticket.support.NeverExpiresExpirationPolicy)12