use of org.apereo.cas.services.RegisteredService in project cas by apereo.
the class PersonDirectoryAttributeResolutionController method releasePrincipalAttributes.
/**
* Release principal attributes map.
*
* @param username the username
* @param password the password
* @param service the service
* @param request the request
* @param response the response
* @return the map
* @throws Exception the exception
*/
@PostMapping(value = "/releaseattrs")
@ResponseBody
public Map<String, Object> releasePrincipalAttributes(@RequestParam final String username, @RequestParam final String password, @RequestParam final String service, final HttpServletRequest request, final HttpServletResponse response) throws Exception {
ensureEndpointAccessIsAuthorized(request, response);
final Map<String, Object> resValidation = new HashMap<>();
final Service selectedService = this.serviceFactory.createService(service);
final RegisteredService registeredService = this.servicesManager.findServiceBy(selectedService);
final UsernamePasswordCredential credential = new UsernamePasswordCredential(username, password);
final AuthenticationResult result = this.authenticationSystemSupport.handleAndFinalizeSingleAuthenticationTransaction(selectedService, credential);
final Authentication authentication = result.getAuthentication();
final Principal principal = authentication.getPrincipal();
final Map<String, Object> attributesToRelease = registeredService.getAttributeReleasePolicy().getAttributes(principal, selectedService, registeredService);
final String principalId = registeredService.getUsernameAttributeProvider().resolveUsername(principal, selectedService, registeredService);
final Principal modifiedPrincipal = this.principalFactory.createPrincipal(principalId, attributesToRelease);
final AuthenticationBuilder builder = DefaultAuthenticationBuilder.newInstance(authentication);
builder.setPrincipal(modifiedPrincipal);
final Authentication finalAuthentication = builder.build();
final Assertion assertion = new DefaultAssertionBuilder(finalAuthentication).with(selectedService).with(CollectionUtils.wrap(finalAuthentication)).build();
final Map<String, Object> model = new LinkedHashMap<>();
model.put(CasViewConstants.MODEL_ATTRIBUTE_NAME_ASSERTION, assertion);
model.put(CasViewConstants.MODEL_ATTRIBUTE_NAME_SERVICE, selectedService);
resValidation.put("registeredService", registeredService);
String copy = renderViewAndGetResult(this.cas1ServiceSuccessView, model, request, response).getKey().getCopy();
resValidation.put("cas1Response", StringEscapeUtils.escapeXml11(copy));
if (casProperties.getView().getCas2().isV3ForwardCompatible()) {
copy = renderViewAndGetResult(this.cas3ServiceSuccessView, model, request, response).getKey().getCopy();
} else {
copy = renderViewAndGetResult(this.cas2ServiceSuccessView, model, request, response).getKey().getCopy();
}
resValidation.put("cas2Response", StringEscapeUtils.escapeXml11(copy));
copy = renderViewAndGetResult(this.cas3ServiceSuccessView, model, request, response).getKey().getCopy();
resValidation.put("cas3XmlResponse", StringEscapeUtils.escapeXml11(copy));
copy = renderViewAndGetResult(this.cas3ServiceJsonView, model, request, response).getValue().getStringCopy();
resValidation.put("cas3JsonResponse", copy);
response.reset();
return resValidation;
}
use of org.apereo.cas.services.RegisteredService in project cas by apereo.
the class JWTServiceTicketResourceEntityResponseFactory method grantServiceTicket.
@Override
protected String grantServiceTicket(final String ticketGrantingTicket, final Service service, final AuthenticationResult authenticationResult) {
final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
LOGGER.debug("Located registered service [{}] for [{}]", registeredService, service);
RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(service, registeredService);
final boolean tokenAsResponse = RegisteredServiceProperty.RegisteredServiceProperties.TOKEN_AS_RESPONSE.isAssignedTo(registeredService) || RegisteredServiceProperty.RegisteredServiceProperties.TOKEN_AS_SERVICE_TICKET.isAssignedTo(registeredService);
if (!tokenAsResponse) {
LOGGER.debug("Service [{}] does not require JWTs as tickets", service);
return super.grantServiceTicket(ticketGrantingTicket, service, authenticationResult);
}
final String serviceTicket = super.grantServiceTicket(ticketGrantingTicket, service, authenticationResult);
final String jwt = this.tokenTicketBuilder.build(serviceTicket, service);
LOGGER.debug("Generated JWT [{}] for service [{}]", jwt, service);
return jwt;
}
use of org.apereo.cas.services.RegisteredService in project cas by apereo.
the class CoreAuthenticationTestUtils method getRegisteredService.
public static RegisteredService getRegisteredService(final String url) {
final RegisteredService service = mock(RegisteredService.class);
when(service.getServiceId()).thenReturn(url);
when(service.getName()).thenReturn("service name");
when(service.getId()).thenReturn(Long.MAX_VALUE);
when(service.getDescription()).thenReturn("service description");
final RegisteredServiceAccessStrategy access = mock(RegisteredServiceAccessStrategy.class);
when(access.isServiceAccessAllowed()).thenReturn(true);
when(service.getAccessStrategy()).thenReturn(access);
return service;
}
use of org.apereo.cas.services.RegisteredService in project cas by apereo.
the class CoreAttributesTestUtils method getRegisteredService.
public static RegisteredService getRegisteredService() {
final RegisteredService service = mock(RegisteredService.class);
when(service.getServiceId()).thenReturn(CONST_TEST_URL);
when(service.getName()).thenReturn("service");
when(service.getId()).thenReturn(Long.MAX_VALUE);
when(service.getDescription()).thenReturn("description");
final RegisteredServiceAccessStrategy access = mock(RegisteredServiceAccessStrategy.class);
when(access.isServiceAccessAllowed()).thenReturn(true);
when(service.getAccessStrategy()).thenReturn(access);
return service;
}
use of org.apereo.cas.services.RegisteredService in project cas by apereo.
the class AbstractServiceValidateController method validateAuthenticationContext.
/**
* Validate authentication context pair.
*
* @param assertion the assertion
* @param request the request
* @return the pair
*/
protected Pair<Boolean, Optional<MultifactorAuthenticationProvider>> validateAuthenticationContext(final Assertion assertion, final HttpServletRequest request) {
LOGGER.debug("Locating the primary authentication associated with this service request [{}]", assertion.getService());
final RegisteredService service = this.servicesManager.findServiceBy(assertion.getService());
RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(assertion.getService(), service);
final Map<String, MultifactorAuthenticationProvider> providers = this.applicationContext.getBeansOfType(MultifactorAuthenticationProvider.class, false, true);
final Authentication authentication = assertion.getPrimaryAuthentication();
final Optional<String> requestedContext = this.multifactorTriggerSelectionStrategy.resolve(providers.values(), request, service, authentication);
if (!requestedContext.isPresent()) {
LOGGER.debug("No particular authentication context is required for this request");
return Pair.of(Boolean.TRUE, Optional.empty());
}
return this.authenticationContextValidator.validate(authentication, requestedContext.get(), service);
}
Aggregations