use of org.apereo.cas.services.RegisteredService in project cas by apereo.
the class OidcAuthenticationContextWebflowEventEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
final HttpServletRequest request = WebUtils.getHttpServletRequestFromExternalWebflowContext(context);
if (service == null || authentication == null) {
LOGGER.debug("No service or authentication is available to determine event for principal");
return null;
}
String acr = request.getParameter(OAuth20Constants.ACR_VALUES);
if (StringUtils.isBlank(acr)) {
final URIBuilder builderContext = new URIBuilder(StringUtils.trimToEmpty(context.getFlowExecutionUrl()));
final Optional<URIBuilder.BasicNameValuePair> parameter = builderContext.getQueryParams().stream().filter(p -> p.getName().equals(OAuth20Constants.ACR_VALUES)).findFirst();
if (parameter.isPresent()) {
acr = parameter.get().getValue();
}
}
if (StringUtils.isBlank(acr)) {
LOGGER.debug("No ACR provided in the authentication request");
return null;
}
final Set<String> values = org.springframework.util.StringUtils.commaDelimitedListToSet(acr);
if (values.isEmpty()) {
LOGGER.debug("No ACR provided in the authentication request");
return null;
}
final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap == null || providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context to handle [{}]", values);
throw new AuthenticationException();
}
final Collection<MultifactorAuthenticationProvider> flattenedProviders = flattenProviders(providerMap.values());
final Optional<MultifactorAuthenticationProvider> provider = flattenedProviders.stream().filter(v -> values.contains(v.getId())).findAny();
if (provider.isPresent()) {
return CollectionUtils.wrapSet(new Event(this, provider.get().getId()));
}
LOGGER.warn("The requested authentication class [{}] cannot be satisfied by any of the MFA providers available", values);
throw new AuthenticationException();
}
use of org.apereo.cas.services.RegisteredService in project cas by apereo.
the class OidcRegisteredServiceUIAction method doExecute.
@Override
protected Event doExecute(final RequestContext requestContext) {
Service service = WebUtils.getService(requestContext);
if (service != null) {
service = serviceSelectionStrategy.resolveServiceFrom(service);
final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(service, registeredService);
if (registeredService instanceof OidcRegisteredService) {
final OidcRegisteredService oauthService = OidcRegisteredService.class.cast(registeredService);
WebUtils.putServiceUserInterfaceMetadata(requestContext, new DefaultRegisteredServiceUserInterfaceInfo(oauthService));
}
}
return success();
}
use of org.apereo.cas.services.RegisteredService in project cas by apereo.
the class CasServerProfileRegistrar method locateRegisteredServiceTypesSupported.
private Map<String, Class> locateRegisteredServiceTypesSupported() {
final Function<Class, Object> mapper = c -> {
try {
return (RegisteredService) c.getDeclaredConstructor().newInstance();
} catch (final Exception e) {
return null;
}
};
final Collector collector = Collectors.toMap(RegisteredService::getFriendlyName, RegisteredService::getClass);
return (Map) locateSubtypesByReflection(mapper, collector, AbstractRegisteredService.class, Predicates.alwaysTrue(), CentralAuthenticationService.NAMESPACE);
}
use of org.apereo.cas.services.RegisteredService in project cas by apereo.
the class DateTimeAuthenticationRequestRiskCalculator method calculateScore.
@Override
protected BigDecimal calculateScore(final HttpServletRequest request, final Authentication authentication, final RegisteredService service, final Collection<CasEvent> events) {
final ZonedDateTime timestamp = ZonedDateTime.now(ZoneOffset.UTC);
LOGGER.debug("Filtering authentication events for timestamp [{}]", timestamp);
final int hoursFromNow = timestamp.plusHours(windowInHours).getHour();
final int hoursBeforeNow = timestamp.minusHours(windowInHours).getHour();
final long count = events.stream().map(time -> {
final Instant instant = ChronoZonedDateTime.from(time.getCreationTime()).toInstant();
final ZonedDateTime zdt = ZonedDateTime.ofInstant(instant, ZoneOffset.UTC);
return zdt.getHour();
}).filter(hour -> hour <= hoursFromNow && hour >= hoursBeforeNow).count();
LOGGER.debug("Total authentication events found for [{}] in a [{}]h window: [{}]", timestamp, windowInHours, count);
if (count == events.size()) {
LOGGER.debug("Principal [{}] has always authenticated from [{}]", authentication.getPrincipal(), timestamp);
return LOWEST_RISK_SCORE;
}
return getFinalAveragedScore(count, events.size());
}
use of org.apereo.cas.services.RegisteredService in project cas by apereo.
the class DateTimeAuthenticationRequestRiskCalculatorTests method verifyTestWhenAuthnEventsFoundForUser.
@Test
public void verifyTestWhenAuthnEventsFoundForUser() {
final Authentication authentication = CoreAuthenticationTestUtils.getAuthentication("casuser");
final RegisteredService service = RegisteredServiceTestUtils.getRegisteredService("test");
final MockHttpServletRequest request = new MockHttpServletRequest();
final AuthenticationRiskScore score = authenticationRiskEvaluator.eval(authentication, service, request);
assertTrue(score.isLowestRisk());
}
Aggregations