Examples with Service org.apereo.cas.authentication.principal.Service used on opensource projects

Example 6 with Service

use of org.apereo.cas.authentication.principal.Service in project cas by apereo.

the class CentralAuthenticationServiceImplTests method authenticateTwiceWithRenew.

/**
     * This test simulates :
     * - a first authentication for a default service
     * - a second authentication with the renew parameter and the same service (and same credentials)
     * - a validation of the second ticket.
     * When supplemental authentications were returned with the chained authentications, the validation specification
     * failed as it only expects one authentication. Thus supplemental authentications should not be returned in the
     * chained authentications. Both concepts are orthogonal.
     */
@Test
public void authenticateTwiceWithRenew() throws AbstractTicketException, AuthenticationException {
    final CentralAuthenticationService cas = getCentralAuthenticationService();
    final Service svc = getService("testDefault");
    final UsernamePasswordCredential goodCredential = CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword();
    final AuthenticationResult ctx = CoreAuthenticationTestUtils.getAuthenticationResult(getAuthenticationSystemSupport(), svc);
    final TicketGrantingTicket tgtId = cas.createTicketGrantingTicket(ctx);
    cas.grantServiceTicket(tgtId.getId(), svc, ctx);
    // simulate renew with new good same credentials
    final ServiceTicket st2Id = cas.grantServiceTicket(tgtId.getId(), svc, ctx);
    final Assertion assertion = cas.validateServiceTicket(st2Id.getId(), svc);
    final ValidationSpecification validationSpecification = new Cas20WithoutProxyingValidationSpecification();
    assertTrue(validationSpecification.isSatisfiedBy(assertion, new MockHttpServletRequest()));
}

Example 7 with Service

use of org.apereo.cas.authentication.principal.Service in project cas by apereo.

the class InitialFlowSetupAction method configureWebflowContextForService.

private void configureWebflowContextForService(final RequestContext context) {
    final Service service = WebUtils.getService(this.argumentExtractors, context);
    if (service != null) {
        LOGGER.debug("Placing service in context scope: [{}]", service.getId());
        final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
        if (registeredService != null && registeredService.getAccessStrategy().isServiceAccessAllowed()) {
            LOGGER.debug("Placing registered service [{}] with id [{}] in context scope", registeredService.getServiceId(), registeredService.getId());
            WebUtils.putRegisteredService(context, registeredService);
            final RegisteredServiceAccessStrategy accessStrategy = registeredService.getAccessStrategy();
            if (accessStrategy.getUnauthorizedRedirectUrl() != null) {
                LOGGER.debug("Placing registered service's unauthorized redirect url [{}] with id [{}] in context scope", accessStrategy.getUnauthorizedRedirectUrl(), registeredService.getServiceId());
                WebUtils.putUnauthorizedRedirectUrl(context, accessStrategy.getUnauthorizedRedirectUrl());
            }
        }
    } else if (!casProperties.getSso().isMissingService()) {
        LOGGER.warn("No service authentication request is available at [{}]. CAS is configured to disable the flow.", WebUtils.getHttpServletRequest(context).getRequestURL());
        throw new NoSuchFlowExecutionException(context.getFlowExecutionContext().getKey(), new UnauthorizedServiceException("screen.service.required.message", "Service is required"));
    }
    WebUtils.putService(context, service);
}

Example 8 with Service

use of org.apereo.cas.authentication.principal.Service in project cas by apereo.

the class LogoutAction method doInternalExecute.

@Override
protected Event doInternalExecute(final HttpServletRequest request, final HttpServletResponse response, final RequestContext context) throws Exception {
    boolean needFrontSlo = false;
    final List<LogoutRequest> logoutRequests = WebUtils.getLogoutRequests(context);
    if (logoutRequests != null) {
        // if some logout request must still be attempted
        needFrontSlo = logoutRequests.stream().anyMatch(logoutRequest -> logoutRequest.getStatus() == LogoutRequestStatus.NOT_ATTEMPTED);
    }
    final String paramName = StringUtils.defaultIfEmpty(logoutProperties.getRedirectParameter(), CasProtocolConstants.PARAMETER_SERVICE);
    LOGGER.debug("Using parameter name [{}] to detect destination service, if any", paramName);
    final String service = request.getParameter(paramName);
    LOGGER.debug("Located target service [{}] for redirection after logout", paramName);
    if (logoutProperties.isFollowServiceRedirects() && StringUtils.isNotBlank(service)) {
        final Service webAppService = webApplicationServiceFactory.createService(service);
        final RegisteredService rService = this.servicesManager.findServiceBy(webAppService);
        if (rService != null && rService.getAccessStrategy().isServiceAccessAllowed()) {
            LOGGER.debug("Redirecting to service [{}]", service);
            WebUtils.putLogoutRedirectUrl(context, service);
        } else {
            LOGGER.warn("Cannot redirect to [{}] given the service is unauthorized to use CAS. " + "Ensure the service is registered with CAS and is enabled to allowed access", service);
        }
    } else {
        LOGGER.debug("No target service is located for redirection after logout, or CAS is not allowed to follow redirects after logout");
    }
    // there are some front services to logout, perform front SLO
    if (needFrontSlo) {
        LOGGER.debug("Proceeding forward with front-channel single logout");
        return new Event(this, FRONT_EVENT);
    }
    LOGGER.debug("Moving forward to finish the logout process");
    return new Event(this, FINISH_EVENT);
}

Example 9 with Service

use of org.apereo.cas.authentication.principal.Service in project cas by apereo.

the class SendTicketGrantingTicketAction method isAuthenticationRenewed.

/**
     * Tries to determine if authentication was created as part of a "renew" event.
     * Renewed authentications can occur if the service is not allowed to participate
     * in SSO or if a "renew" request parameter is specified.
     *
     * @param ctx the request context
     * @return true if renewed
     */
private boolean isAuthenticationRenewed(final RequestContext ctx) {
    if (ctx.getRequestParameters().contains(CasProtocolConstants.PARAMETER_RENEW)) {
        LOGGER.debug("[{}] is specified for the request. The authentication session will be considered renewed.", CasProtocolConstants.PARAMETER_RENEW);
        return true;
    }
    final Service service = WebUtils.getService(ctx);
    if (service != null) {
        final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
        if (registeredService != null) {
            final boolean isAllowedForSso = registeredService.getAccessStrategy().isServiceAccessAllowedForSso();
            LOGGER.debug("Located [{}] in registry. Service access to participate in SSO is set to [{}]", registeredService.getServiceId(), isAllowedForSso);
            return !isAllowedForSso;
        }
    }
    return false;
}

Example 10 with Service

use of org.apereo.cas.authentication.principal.Service in project cas by apereo.

the class ServiceWarningAction method doExecute.

@Override
protected Event doExecute(final RequestContext context) throws Exception {
    final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
    final HttpServletResponse response = WebUtils.getHttpServletResponse(context);
    final Service service = WebUtils.getService(context);
    final String ticketGrantingTicket = WebUtils.getTicketGrantingTicketId(context);
    final Authentication authentication = this.ticketRegistrySupport.getAuthenticationFrom(ticketGrantingTicket);
    if (authentication == null) {
        throw new InvalidTicketException(new AuthenticationException("No authentication found for ticket " + ticketGrantingTicket), ticketGrantingTicket);
    }
    final Credential credential = WebUtils.getCredential(context);
    final AuthenticationResultBuilder authenticationResultBuilder = authenticationSystemSupport.establishAuthenticationContextFromInitial(authentication, credential);
    final AuthenticationResult authenticationResult = authenticationResultBuilder.build(service);
    final ServiceTicket serviceTicketId = this.centralAuthenticationService.grantServiceTicket(ticketGrantingTicket, service, authenticationResult);
    WebUtils.putServiceTicketInRequestScope(context, serviceTicketId);
    if (request.getParameterMap().containsKey("ignorewarn")) {
        if (Boolean.valueOf(request.getParameter("ignorewarn").toString())) {
            this.warnCookieGenerator.removeCookie(response);
        }
    }
    return new Event(this, CasWebflowConstants.STATE_ID_REDIRECT);
}