Example 6 with UnauthorizedSsoServiceException
use of org.apereo.cas.services.UnauthorizedSsoServiceException in project cas by apereo.
the class RegisteredServiceAuthenticationPolicyResolver method supports.
@Override
public boolean supports(final AuthenticationTransaction transaction) {
val service = authenticationServiceSelectionPlan.resolveService(transaction.getService());
if (service != null) {
val registeredService = this.servicesManager.findServiceBy(service);
LOGGER.trace("Located registered service definition [{}] for this authentication transaction", registeredService);
if (registeredService == null || !registeredService.getAccessStrategy().isServiceAccessAllowed()) {
LOGGER.warn("Service [{}] is not allowed to use SSO.", service);
throw new UnauthorizedSsoServiceException();
}
val authenticationPolicy = registeredService.getAuthenticationPolicy();
if (authenticationPolicy != null) {
val criteria = authenticationPolicy.getCriteria();
return criteria != null;
}
}
return false;
}
Also used :
lombok.val(lombok.val)
UnauthorizedSsoServiceException(org.apereo.cas.services.UnauthorizedSsoServiceException)
Example 7 with UnauthorizedSsoServiceException
use of org.apereo.cas.services.UnauthorizedSsoServiceException in project cas by apereo.
the class DefaultSecurityTokenServiceTokenFetcher method fetch.
@Override
public Optional<SecurityToken> fetch(final Service service, final String principalId) {
val resolvedService = this.selectionStrategy.resolveServiceFrom(service);
LOGGER.debug("Resolved service as [{}]", resolvedService);
if (resolvedService != null) {
val rp = this.servicesManager.findServiceBy(resolvedService, WSFederationRegisteredService.class);
if (rp == null || !rp.getAccessStrategy().isServiceAccessAllowed()) {
LOGGER.warn("Service [{}] is not allowed to use SSO.", rp);
throw new UnauthorizedSsoServiceException();
}
LOGGER.debug("Building security token service client for registered service [{}]", rp);
val sts = clientBuilder.buildClientForSecurityTokenRequests(rp);
return Optional.ofNullable(invokeSecurityTokenServiceForToken(rp, sts, principalId));
}
return Optional.empty();
}
Also used :
lombok.val(lombok.val)
UnauthorizedSsoServiceException(org.apereo.cas.services.UnauthorizedSsoServiceException)
Aggregations
UnauthorizedSsoServiceException (org.apereo.cas.services.UnauthorizedSsoServiceException)7
lombok.val (lombok.val)4
Service (org.apereo.cas.authentication.principal.Service)3
WSFederationRegisteredService (org.apereo.cas.ws.idp.services.WSFederationRegisteredService)2
AuthenticationException (org.apereo.cas.authentication.AuthenticationException)1
MixedPrincipalException (org.apereo.cas.authentication.exceptions.MixedPrincipalException)1
RegisteredService (org.apereo.cas.services.RegisteredService)1
ServiceContext (org.apereo.cas.services.ServiceContext)1
UnauthorizedProxyingException (org.apereo.cas.services.UnauthorizedProxyingException)1
CasProxyTicketGrantedEvent (org.apereo.cas.support.events.ticket.CasProxyTicketGrantedEvent)1
AbstractTicketException (org.apereo.cas.ticket.AbstractTicketException)1
InvalidTicketException (org.apereo.cas.ticket.InvalidTicketException)1
UnrecognizableServiceForServiceTicketValidationException (org.apereo.cas.ticket.UnrecognizableServiceForServiceTicketValidationException)1
ProxyTicket (org.apereo.cas.ticket.proxy.ProxyTicket)1
Audit (org.apereo.inspektr.audit.annotation.Audit)1
