Examples with RegisteredService org.apereo.cas.services.RegisteredService used on opensource projects

Example 61 with RegisteredService

use of org.apereo.cas.services.RegisteredService in project cas by apereo.

the class DefaultSingleSignOnParticipationStrategy method isParticipating.

@Override
public boolean isParticipating(final RequestContext ctx) {
    if (renewEnabled && ctx.getRequestParameters().contains(CasProtocolConstants.PARAMETER_RENEW)) {
        LOGGER.debug("[{}] is specified for the request. The authentication session will be considered renewed.", CasProtocolConstants.PARAMETER_RENEW);
        return this.createSsoSessionCookieOnRenewAuthentications;
    }
    final Authentication authentication = WebUtils.getAuthentication(ctx);
    final Service service = WebUtils.getService(ctx);
    if (service != null) {
        final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
        if (registeredService != null) {
            final Authentication ca = AuthenticationCredentialsThreadLocalBinder.getCurrentAuthentication();
            try {
                AuthenticationCredentialsThreadLocalBinder.bindCurrent(authentication);
                final boolean isAllowedForSso = registeredService.getAccessStrategy().isServiceAccessAllowedForSso();
                LOGGER.debug("Located [{}] in registry. Service access to participate in SSO is set to [{}]", registeredService.getServiceId(), isAllowedForSso);
                return isAllowedForSso;
            } finally {
                AuthenticationCredentialsThreadLocalBinder.bindCurrent(ca);
            }
        }
    }
    return true;
}

Example 62 with RegisteredService

use of org.apereo.cas.services.RegisteredService in project cas by apereo.

the class InitialAuthenticationAttemptWebflowEventResolver method determineRegisteredServiceForEvent.

private RegisteredService determineRegisteredServiceForEvent(final RequestContext context, final Service service) {
    RegisteredService registeredService = null;
    if (service != null) {
        LOGGER.debug("Locating service [{}] in service registry to determine authentication policy", service);
        registeredService = this.servicesManager.findServiceBy(service);
        LOGGER.debug("Locating authentication event in the request context...");
        final Authentication authn = WebUtils.getAuthentication(context);
        LOGGER.debug("Enforcing access strategy policies for registered service [{}] and principal [{}]", registeredService, authn.getPrincipal());
        final AuditableContext audit = AuditableContext.builder().service(service).authentication(authn).registeredService(registeredService).retrievePrincipalAttributesFromReleasePolicy(Boolean.FALSE).build();
        final AuditableExecutionResult result = this.registeredServiceAccessStrategyEnforcer.execute(audit);
        result.throwExceptionIfNeeded();
    }
    return registeredService;
}

Example 63 with RegisteredService

use of org.apereo.cas.services.RegisteredService in project cas by apereo.

the class ServiceTicketRequestWebflowEventResolver method grantServiceTicket.

/**
 * Grant service ticket for the given credential based on the service and tgt
 * that are found in the request context.
 *
 * @param context the context
 * @return the resulting event. Warning, authentication failure or error.
 * @since 4.1.0
 */
protected Event grantServiceTicket(final RequestContext context) {
    final String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(context);
    final Credential credential = getCredentialFromContext(context);
    try {
        final Service service = WebUtils.getService(context);
        final Authentication authn = ticketRegistrySupport.getAuthenticationFrom(ticketGrantingTicketId);
        final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
        if (authn != null && registeredService != null) {
            LOGGER.debug("Enforcing access strategy policies for registered service [{}] and principal [{}]", registeredService, authn.getPrincipal());
            final AuditableContext audit = AuditableContext.builder().service(service).authentication(authn).registeredService(registeredService).retrievePrincipalAttributesFromReleasePolicy(Boolean.TRUE).build();
            final AuditableExecutionResult accessResult = this.registeredServiceAccessStrategyEnforcer.execute(audit);
            accessResult.throwExceptionIfNeeded();
        }
        final AuthenticationResult authenticationResult = this.authenticationSystemSupport.handleAndFinalizeSingleAuthenticationTransaction(service, credential);
        final ServiceTicket serviceTicketId = this.centralAuthenticationService.grantServiceTicket(ticketGrantingTicketId, service, authenticationResult);
        WebUtils.putServiceTicketInRequestScope(context, serviceTicketId);
        WebUtils.putWarnCookieIfRequestParameterPresent(this.warnCookieGenerator, context);
        return newEvent(CasWebflowConstants.TRANSITION_ID_WARN);
    } catch (final AuthenticationException | AbstractTicketException e) {
        return newEvent(CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE, e);
    }
}

Example 64 with RegisteredService

use of org.apereo.cas.services.RegisteredService in project cas by apereo.

the class AuthenticationAttributeMultifactorAuthenticationPolicyEventResolver method resolveInternal.

@Override
public Set<Event> resolveInternal(final RequestContext context) {
    final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
    final Authentication authentication = WebUtils.getAuthentication(context);
    if (authentication == null) {
        LOGGER.debug("No authentication is available to determine event for principal");
        return null;
    }
    if (attributeNames.isEmpty()) {
        LOGGER.debug("Authentication attribute name to determine event is not configured");
        return null;
    }
    final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    if (providerMap == null || providerMap.isEmpty()) {
        LOGGER.error("No multifactor authentication providers are available in the application context");
        return null;
    }
    final Collection<MultifactorAuthenticationProvider> providers = flattenProviders(providerMap.values());
    if (providers.size() == 1 && StringUtils.isNotBlank(globalAuthenticationAttributeValueRegex)) {
        final MultifactorAuthenticationProvider provider = providers.iterator().next();
        LOGGER.debug("Found a single multifactor provider [{}] in the application context", provider);
        return resolveEventViaAuthenticationAttribute(authentication, attributeNames, service, context, providers, input -> input != null && input.matches(globalAuthenticationAttributeValueRegex));
    }
    return resolveEventViaAuthenticationAttribute(authentication, attributeNames, service, context, providers, input -> providers.stream().filter(provider -> input != null && provider.matches(input)).count() > 0);
}

Example 65 with RegisteredService

use of org.apereo.cas.services.RegisteredService in project cas by apereo.

the class GlobalMultifactorAuthenticationPolicyEventResolver method resolveInternal.

@Override
public Set<Event> resolveInternal(final RequestContext context) {
    final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
    final Authentication authentication = WebUtils.getAuthentication(context);
    if (authentication == null) {
        LOGGER.debug("No authentication is available to determine event for principal");
        return null;
    }
    if (StringUtils.isBlank(globalProviderId)) {
        LOGGER.debug("No value could be found for request parameter [{}]", globalProviderId);
        return null;
    }
    LOGGER.debug("Attempting to globally activate [{}]", globalProviderId);
    final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    if (providerMap == null || providerMap.isEmpty()) {
        LOGGER.error("No multifactor authentication providers are available in the application context to handle [{}]", globalProviderId);
        throw new AuthenticationException();
    }
    final Optional<MultifactorAuthenticationProvider> providerFound = resolveProvider(providerMap, globalProviderId);
    if (providerFound.isPresent()) {
        final MultifactorAuthenticationProvider provider = providerFound.get();
        if (provider.isAvailable(service)) {
            LOGGER.debug("Attempting to build an event based on the authentication provider [{}] and service [{}]", provider, service);
            final Map<String, Object> attributes = buildEventAttributeMap(authentication.getPrincipal(), service, provider);
            final Event event = validateEventIdForMatchingTransitionInContext(provider.getId(), context, attributes);
            return CollectionUtils.wrapSet(event);
        }
        LOGGER.warn("Located multifactor provider [{}], yet the provider cannot be reached or verified", provider);
        return null;
    }
    LOGGER.warn("No multifactor provider could be found for [{}]", globalProviderId);
    throw new AuthenticationException();
}