use of org.apereo.cas.authentication.principal.Service in project cas by apereo.
the class GatewayServicesManagementCheck method doExecute.
@Override
protected Event doExecute(final RequestContext context) {
final Service service = WebUtils.getService(context);
final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
if (registeredService == null) {
final String msg = String.format("Service Management: Unauthorized Service Access. " + "Service [%s] does not match entries in service registry.", service.getId());
LOGGER.warn(msg);
throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, msg);
}
if (!registeredService.getAccessStrategy().isServiceAccessAllowed()) {
final String msg = String.format("Service Management: Access to service [%s] " + "is disabled by the service registry.", service.getId());
LOGGER.warn(msg);
WebUtils.putUnauthorizedRedirectUrlIntoFlowScope(context, registeredService.getAccessStrategy().getUnauthorizedRedirectUrl());
throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, msg);
}
return success();
}
use of org.apereo.cas.authentication.principal.Service in project cas by apereo.
the class GenericSuccessViewAction method doExecute.
@Override
protected Event doExecute(final RequestContext requestContext) {
if (StringUtils.isNotBlank(this.redirectUrl)) {
final Service service = this.serviceFactory.createService(this.redirectUrl);
final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(service, registeredService);
requestContext.getExternalContext().requestExternalRedirect(service.getId());
} else {
final String tgt = WebUtils.getTicketGrantingTicketId(requestContext);
WebUtils.putPrincipal(requestContext, getAuthenticationPrincipal(tgt));
}
return success();
}
use of org.apereo.cas.authentication.principal.Service in project cas by apereo.
the class LogoutAction method doInternalExecute.
@Override
protected Event doInternalExecute(final HttpServletRequest request, final HttpServletResponse response, final RequestContext context) {
boolean needFrontSlo = false;
final List<LogoutRequest> logoutRequests = WebUtils.getLogoutRequests(context);
if (logoutRequests != null) {
needFrontSlo = logoutRequests.stream().anyMatch(logoutRequest -> logoutRequest.getStatus() == LogoutRequestStatus.NOT_ATTEMPTED);
}
final String paramName = StringUtils.defaultIfEmpty(logoutProperties.getRedirectParameter(), CasProtocolConstants.PARAMETER_SERVICE);
LOGGER.debug("Using parameter name [{}] to detect destination service, if any", paramName);
final String service = request.getParameter(paramName);
LOGGER.debug("Located target service [{}] for redirection after logout", paramName);
if (logoutProperties.isFollowServiceRedirects() && StringUtils.isNotBlank(service)) {
final Service webAppService = webApplicationServiceFactory.createService(service);
final RegisteredService rService = this.servicesManager.findServiceBy(webAppService);
if (rService != null && rService.getAccessStrategy().isServiceAccessAllowed()) {
LOGGER.debug("Redirecting to service [{}]", service);
WebUtils.putLogoutRedirectUrl(context, service);
} else {
LOGGER.warn("Cannot redirect to [{}] given the service is unauthorized to use CAS. " + "Ensure the service is registered with CAS and is enabled to allowed access", service);
}
} else {
LOGGER.debug("No target service is located for redirection after logout, or CAS is not allowed to follow redirects after logout");
}
// there are some front services to logout, perform front SLO
if (needFrontSlo) {
LOGGER.debug("Proceeding forward with front-channel single logout");
return new Event(this, CasWebflowConstants.TRANSITION_ID_FRONT);
}
LOGGER.debug("Moving forward to finish the logout process");
return new Event(this, CasWebflowConstants.TRANSITION_ID_FINISH);
}
use of org.apereo.cas.authentication.principal.Service in project cas by apereo.
the class RestConsentRepositoryTests method verifyConsentDecisionIsFound.
@Test
public void verifyConsentDecisionIsFound() throws Exception {
final ObjectMapper mapper = new ObjectMapper().findAndRegisterModules();
final DefaultConsentDecisionBuilder builder = new DefaultConsentDecisionBuilder(CipherExecutor.noOpOfSerializableToString());
final AbstractRegisteredService regSvc = RegisteredServiceTestUtils.getRegisteredService("test");
final Service svc = RegisteredServiceTestUtils.getService();
final ConsentDecision decision = builder.build(svc, regSvc, "casuser", CollectionUtils.wrap("attribute", "value"));
final String body = mapper.writeValueAsString(decision);
server.expect(manyTimes(), requestTo("/consent")).andExpect(method(HttpMethod.GET)).andRespond(withSuccess(body, MediaType.APPLICATION_JSON));
final RestConsentRepository repo = new RestConsentRepository(this.restTemplate, "/consent");
final ConsentDecision d = repo.findConsentDecision(svc, regSvc, CoreAuthenticationTestUtils.getAuthentication());
assertNotNull(d);
assertEquals("casuser", d.getPrincipal());
server.verify();
}
use of org.apereo.cas.authentication.principal.Service in project cas by apereo.
the class CheckConsentRequiredAction method determineConsentEvent.
/**
* Determine consent event string.
*
* @param requestContext the request context
* @return the string
*/
protected String determineConsentEvent(final RequestContext requestContext) {
final Service service = this.authenticationRequestServiceSelectionStrategies.resolveService(WebUtils.getService(requestContext));
if (service == null) {
return null;
}
final RegisteredService registeredService = getRegisteredServiceForConsent(requestContext, service);
final Authentication authentication = WebUtils.getAuthentication(requestContext);
if (authentication == null) {
return null;
}
return isConsentRequired(service, registeredService, authentication, requestContext);
}
Aggregations