Examples with UnauthorizedServiceException org.apereo.cas.services.UnauthorizedServiceException used on opensource projects

Example 11 with UnauthorizedServiceException

use of org.apereo.cas.services.UnauthorizedServiceException in project cas by apereo.

the class TokenAuthenticationHandler method getRegisteredServiceJwtSecret.

/**
     * Gets registered service jwt secret.
     *
     * @param service  the service
     * @param propName the prop name
     * @return the registered service jwt secret
     */
protected String getRegisteredServiceJwtSecret(final RegisteredService service, final String propName) {
    if (service == null || !service.getAccessStrategy().isServiceAccessAllowed()) {
        LOGGER.debug("Service is not defined/found or its access is disabled in the registry");
        throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE);
    }
    if (service.getProperties().containsKey(propName)) {
        final RegisteredServiceProperty propSigning = service.getProperties().get(propName);
        final String tokenSigningSecret = propSigning.getValue();
        if (StringUtils.isNotBlank(tokenSigningSecret)) {
            LOGGER.debug("Found the secret value [{}] for service [{}]", propName, service.getServiceId());
            return tokenSigningSecret;
        }
    }
    LOGGER.warn("Service [{}] does not define a property [{}] in the registry", service.getServiceId(), propName);
    return null;
}

Example 12 with UnauthorizedServiceException

use of org.apereo.cas.services.UnauthorizedServiceException in project cas by apereo.

the class SamlIdPMetadataUIAction method doExecute.

@Override
protected Event doExecute(final RequestContext requestContext) throws Exception {
    final Service service = this.serviceSelectionStrategy.resolveService(WebUtils.getService(requestContext));
    final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
    RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(service, registeredService);
    if (registeredService instanceof SamlRegisteredService) {
        final SamlRegisteredService samlService = SamlRegisteredService.class.cast(registeredService);
        final Optional<SamlRegisteredServiceServiceProviderMetadataFacade> adaptor = SamlRegisteredServiceServiceProviderMetadataFacade.get(resolver, samlService, service.getId());
        if (!adaptor.isPresent()) {
            throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, "Cannot find metadata linked to " + service.getId());
        }
        final SamlMetadataUIInfo mdui = MetadataUIUtils.locateMetadataUserInterfaceForEntityId(adaptor.get().getEntityDescriptor(), service.getId(), registeredService);
        WebUtils.putServiceUserInterfaceMetadata(requestContext, mdui);
    }
    return success();
}

Example 13 with UnauthorizedServiceException

use of org.apereo.cas.services.UnauthorizedServiceException in project cas by apereo.

the class AbstractSamlProfileHandlerController method verifySamlAuthenticationRequest.

/**
     * Verify saml authentication request.
     *
     * @param authenticationContext the pair
     * @param request               the request
     * @return the pair
     * @throws Exception the exception
     */
protected Pair<SamlRegisteredService, SamlRegisteredServiceServiceProviderMetadataFacade> verifySamlAuthenticationRequest(final Pair<? extends SignableSAMLObject, MessageContext> authenticationContext, final HttpServletRequest request) throws Exception {
    final AuthnRequest authnRequest = AuthnRequest.class.cast(authenticationContext.getKey());
    final String issuer = SamlIdPUtils.getIssuerFromSamlRequest(authnRequest);
    final SamlRegisteredService registeredService = verifySamlRegisteredService(issuer);
    LOGGER.debug("Fetching saml metadata adaptor for [{}]", issuer);
    final Optional<SamlRegisteredServiceServiceProviderMetadataFacade> adaptor = SamlRegisteredServiceServiceProviderMetadataFacade.get(this.samlRegisteredServiceCachingMetadataResolver, registeredService, authnRequest);
    if (!adaptor.isPresent()) {
        throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, "Cannot find metadata linked to " + issuer);
    }
    verifyAuthenticationContextSignature(authenticationContext, request, authnRequest, adaptor.get());
    SamlUtils.logSamlObject(this.configBean, authnRequest);
    return Pair.of(registeredService, adaptor.get());
}

Example 14 with UnauthorizedServiceException

use of org.apereo.cas.services.UnauthorizedServiceException in project cas by apereo.

the class AbstractSamlProfileHandlerController method verifySamlRegisteredService.

/**
     * Gets registered service and verify.
     *
     * @param serviceId the service id
     * @return the registered service and verify
     */
protected SamlRegisteredService verifySamlRegisteredService(final String serviceId) {
    if (StringUtils.isBlank(serviceId)) {
        throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, "Could not verify/locate SAML registered service since no serviceId is provided");
    }
    LOGGER.debug("Checking service access in CAS service registry for [{}]", serviceId);
    final RegisteredService registeredService = this.servicesManager.findServiceBy(this.webApplicationServiceFactory.createService(serviceId));
    if (registeredService == null || !registeredService.getAccessStrategy().isServiceAccessAllowed()) {
        LOGGER.warn("[{}] is not found in the registry or service access is denied. Ensure service is registered in service registry", serviceId);
        throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE);
    }
    if (registeredService instanceof SamlRegisteredService) {
        final SamlRegisteredService samlRegisteredService = (SamlRegisteredService) registeredService;
        LOGGER.debug("Located SAML service in the registry as [{}] with the metadata location of [{}]", samlRegisteredService.getServiceId(), samlRegisteredService.getMetadataLocation());
        return samlRegisteredService;
    }
    LOGGER.error("CAS has found a match for service [{}] in registry but the match is not defined as a SAML service", serviceId);
    throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE);
}

Example 15 with UnauthorizedServiceException

use of org.apereo.cas.services.UnauthorizedServiceException in project cas by apereo.

the class SamlMetadataUIParserAction method doExecute.

@Override
public Event doExecute(final RequestContext requestContext) throws Exception {
    final HttpServletRequest request = WebUtils.getHttpServletRequest(requestContext);
    final String entityId = request.getParameter(this.entityIdParameterName);
    if (StringUtils.isBlank(entityId)) {
        LOGGER.debug("No entity id found for parameter [{}]", this.entityIdParameterName);
        return success();
    }
    final WebApplicationService service = this.serviceFactory.createService(entityId);
    final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
    if (registeredService == null || !registeredService.getAccessStrategy().isServiceAccessAllowed()) {
        LOGGER.debug("Entity id [{}] is not recognized/allowed by the CAS service registry", entityId);
        if (registeredService != null) {
            WebUtils.putUnauthorizedRedirectUrlIntoFlowScope(requestContext, registeredService.getAccessStrategy().getUnauthorizedRedirectUrl());
        }
        throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, "Entity [" + entityId + "] not recognized");
    }
    final SamlMetadataUIInfo mdui = MetadataUIUtils.locateMetadataUserInterfaceForEntityId(this.metadataAdapter, entityId, registeredService);
    WebUtils.putServiceUserInterfaceMetadata(requestContext, mdui);
    return success();
}