Examples with UnauthorizedServiceException org.apereo.cas.services.UnauthorizedServiceException used on opensource projects

Search in sources :

Example 16 with UnauthorizedServiceException

use of org.apereo.cas.services.UnauthorizedServiceException in project cas by apereo.

the class ServiceAuthorizationCheck method doExecute.

@Override
protected Event doExecute(final RequestContext context) throws Exception {
    final Service service = WebUtils.getService(context);
    //No service == plain /login request. Return success indicating transition to the login form
    if (service == null) {
        return success();
    }
    if (this.servicesManager.getAllServices().isEmpty()) {
        final String msg = String.format("No service definitions are found in the service manager. " + "Service [%s] will not be automatically authorized to request authentication.", service.getId());
        LOGGER.warn(msg);
        throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_EMPTY_SVC_MGMR, msg);
    }
    final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
    if (registeredService == null) {
        final String msg = String.format("Service Management: missing service. " + "Service [%s] is not found in service registry.", service.getId());
        LOGGER.warn(msg);
        throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, msg);
    }
    if (!registeredService.getAccessStrategy().isServiceAccessAllowed()) {
        final String msg = String.format("Service Management: Unauthorized Service Access. " + "Service [%s] is not allowed access via the service registry.", service.getId());
        LOGGER.warn(msg);
        WebUtils.putUnauthorizedRedirectUrlIntoFlowScope(context, registeredService.getAccessStrategy().getUnauthorizedRedirectUrl());
        throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, msg);
    }
    return success();
}
Also used : RegisteredService(org.apereo.cas.services.RegisteredService) Service(org.apereo.cas.authentication.principal.Service) RegisteredService(org.apereo.cas.services.RegisteredService) UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException)

Example 17 with UnauthorizedServiceException

use of org.apereo.cas.services.UnauthorizedServiceException in project cas by apereo.

the class BaseWSFederationRequestController method findAndValidateFederationRequestForRegisteredService.

/**
     * Gets ws federation registered service.
     *
     * @param response   the response
     * @param request    the request
     * @param fedRequest the fed request
     * @return the ws federation registered service
     */
protected WSFederationRegisteredService findAndValidateFederationRequestForRegisteredService(final HttpServletResponse response, final HttpServletRequest request, final WSFederationRequest fedRequest) {
    final String serviceUrl = constructServiceUrl(request, response, fedRequest);
    final Service targetService = this.serviceSelectionStrategy.resolveServiceFrom(this.webApplicationServiceFactory.createService(serviceUrl));
    final WSFederationRegisteredService svc = getWsFederationRegisteredService(targetService);
    final WsFederationProperties.IdentityProvider idp = casProperties.getAuthn().getWsfedIdP().getIdp();
    if (StringUtils.isBlank(fedRequest.getWtrealm()) || !StringUtils.equals(fedRequest.getWtrealm(), svc.getRealm())) {
        LOGGER.warn("Realm [{}] is not authorized for matching service [{}]", fedRequest.getWtrealm(), svc);
        throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, StringUtils.EMPTY);
    }
    if (!StringUtils.equals(idp.getRealm(), svc.getRealm())) {
        LOGGER.warn("Realm [{}] is not authorized for the identity provider realm [{}]", fedRequest.getWtrealm(), idp.getRealm());
        throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, StringUtils.EMPTY);
    }
    return svc;
}
Also used : WsFederationProperties(org.apereo.cas.configuration.model.support.wsfed.WsFederationProperties) WSFederationRegisteredService(org.apereo.cas.ws.idp.services.WSFederationRegisteredService) RegexRegisteredService(org.apereo.cas.services.RegexRegisteredService) WebApplicationService(org.apereo.cas.authentication.principal.WebApplicationService) WSFederationRegisteredService(org.apereo.cas.ws.idp.services.WSFederationRegisteredService) Service(org.apereo.cas.authentication.principal.Service) UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException)

Example 18 with UnauthorizedServiceException

use of org.apereo.cas.services.UnauthorizedServiceException in project cas by apereo.

the class ProxyController method handleRequestInternal.

/**
     * Handle request internal.
     *
     * @param request  the request
     * @param response the response
     * @return ModelAndView containing a view name of either
     * {@code casProxyFailureView} or {@code casProxySuccessView}
     */
@GetMapping(path = "/proxy")
protected ModelAndView handleRequestInternal(final HttpServletRequest request, final HttpServletResponse response) {
    final String proxyGrantingTicket = request.getParameter(CasProtocolConstants.PARAMETER_PROXY_GRANTING_TICKET);
    final Service targetService = getTargetService(request);
    if (!StringUtils.hasText(proxyGrantingTicket) || targetService == null) {
        return generateErrorView(CasProtocolConstants.ERROR_CODE_INVALID_REQUEST_PROXY, null, request);
    }
    try {
        final ProxyTicket proxyTicket = this.centralAuthenticationService.grantProxyTicket(proxyGrantingTicket, targetService);
        return new ModelAndView(CONST_PROXY_SUCCESS, MODEL_SERVICE_TICKET, proxyTicket);
    } catch (final AbstractTicketException e) {
        return generateErrorView(e.getCode(), new Object[] { proxyGrantingTicket }, request);
    } catch (final UnauthorizedServiceException e) {
        return generateErrorView(CasProtocolConstants.ERROR_CODE_UNAUTHORIZED_SERVICE_PROXY, new Object[] { targetService }, request);
    }
}
Also used : ModelAndView(org.springframework.web.servlet.ModelAndView) CentralAuthenticationService(org.apereo.cas.CentralAuthenticationService) WebApplicationService(org.apereo.cas.authentication.principal.WebApplicationService) Service(org.apereo.cas.authentication.principal.Service) UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException) AbstractTicketException(org.apereo.cas.ticket.AbstractTicketException) ProxyTicket(org.apereo.cas.ticket.proxy.ProxyTicket) GetMapping(org.springframework.web.bind.annotation.GetMapping)

Example 19 with UnauthorizedServiceException

use of org.apereo.cas.services.UnauthorizedServiceException in project cas by apereo.

the class WSFederationValidateRequestCallbackController method validateSecurityTokenInAssertion.

private SecurityToken validateSecurityTokenInAssertion(final Assertion assertion, final HttpServletRequest request, final HttpServletResponse response) {
    LOGGER.debug("Validating security token in CAS assertion...");
    final AttributePrincipal principal = assertion.getPrincipal();
    if (!principal.getAttributes().containsKey(WSFederationConstants.SECURITY_TOKEN_ATTRIBUTE)) {
        throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE);
    }
    final String token = (String) principal.getAttributes().get(WSFederationConstants.SECURITY_TOKEN_ATTRIBUTE);
    final byte[] securityTokenBin = EncodingUtils.decodeBase64(token);
    return SerializationUtils.deserialize(securityTokenBin);
}
Also used : UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException) AttributePrincipal(org.jasig.cas.client.authentication.AttributePrincipal)

Aggregations

UnauthorizedServiceException (org.apereo.cas.services.UnauthorizedServiceException)19 Service (org.apereo.cas.authentication.principal.Service)8 WebApplicationService (org.apereo.cas.authentication.principal.WebApplicationService)7 RegisteredService (org.apereo.cas.services.RegisteredService)7 SamlRegisteredService (org.apereo.cas.support.saml.services.SamlRegisteredService)5 SamlRegisteredServiceServiceProviderMetadataFacade (org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)4 Authentication (org.apereo.cas.authentication.Authentication)2 RegexRegisteredService (org.apereo.cas.services.RegexRegisteredService)2 OAuthRegisteredService (org.apereo.cas.support.oauth.services.OAuthRegisteredService)2 SamlMetadataUIInfo (org.apereo.cas.support.saml.mdui.SamlMetadataUIInfo)2 AbstractTicketException (org.apereo.cas.ticket.AbstractTicketException)2 AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)2 UserProfile (org.pac4j.core.profile.UserProfile)2 GetMapping (org.springframework.web.bind.annotation.GetMapping)2 ByteSource (com.google.common.io.ByteSource)1 StringWriter (java.io.StringWriter)1 SecureRandom (java.security.SecureRandom)1 ZonedDateTime (java.time.ZonedDateTime)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 CentralAuthenticationService (org.apereo.cas.CentralAuthenticationService)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial