Example 1 with CasRiskBasedAuthenticationEvaluationStartedEvent
use of org.apereo.cas.support.events.authentication.adaptive.CasRiskBasedAuthenticationEvaluationStartedEvent in project cas by apereo.
the class RiskAwareAuthenticationWebflowEventResolver method handlePossibleSuspiciousAttempt.
/**
* Handle possible suspicious attempt.
*
* @param request the request
* @param authentication the authentication
* @param service the service
* @return the set
*/
protected Set<Event> handlePossibleSuspiciousAttempt(final HttpServletRequest request, final Authentication authentication, final RegisteredService service) {
this.eventPublisher.publishEvent(new CasRiskBasedAuthenticationEvaluationStartedEvent(this, authentication, service));
LOGGER.debug("Evaluating possible suspicious authentication attempt for [{}]", authentication.getPrincipal());
final AuthenticationRiskScore score = authenticationRiskEvaluator.eval(authentication, service, request);
if (score.isRiskGreaterThan(threshold)) {
this.eventPublisher.publishEvent(new CasRiskyAuthenticationDetectedEvent(this, authentication, service, score));
LOGGER.debug("Calculated risk score [{}] for authentication request by [{}] is above the risk threshold [{}].", score.getScore(), authentication.getPrincipal(), threshold);
this.eventPublisher.publishEvent(new CasRiskBasedAuthenticationMitigationStartedEvent(this, authentication, service, score));
final AuthenticationRiskContingencyResponse res = authenticationRiskMitigator.mitigate(authentication, service, score, request);
this.eventPublisher.publishEvent(new CasRiskyAuthenticationMitigatedEvent(this, authentication, service, res));
return CollectionUtils.wrapSet(res.getResult());
}
LOGGER.debug("Authentication request for [{}] is below the risk threshold", authentication.getPrincipal());
return null;
}
Also used :
AuthenticationRiskScore(org.apereo.cas.api.AuthenticationRiskScore)
AuthenticationRiskContingencyResponse(org.apereo.cas.api.AuthenticationRiskContingencyResponse)
CasRiskBasedAuthenticationMitigationStartedEvent(org.apereo.cas.support.events.authentication.adaptive.CasRiskBasedAuthenticationMitigationStartedEvent)
CasRiskBasedAuthenticationEvaluationStartedEvent(org.apereo.cas.support.events.authentication.adaptive.CasRiskBasedAuthenticationEvaluationStartedEvent)
CasRiskyAuthenticationMitigatedEvent(org.apereo.cas.support.events.authentication.adaptive.CasRiskyAuthenticationMitigatedEvent)
CasRiskyAuthenticationDetectedEvent(org.apereo.cas.support.events.authentication.adaptive.CasRiskyAuthenticationDetectedEvent)
Aggregations
AuthenticationRiskContingencyResponse (org.apereo.cas.api.AuthenticationRiskContingencyResponse)1
AuthenticationRiskScore (org.apereo.cas.api.AuthenticationRiskScore)1
CasRiskBasedAuthenticationEvaluationStartedEvent (org.apereo.cas.support.events.authentication.adaptive.CasRiskBasedAuthenticationEvaluationStartedEvent)1
CasRiskBasedAuthenticationMitigationStartedEvent (org.apereo.cas.support.events.authentication.adaptive.CasRiskBasedAuthenticationMitigationStartedEvent)1
CasRiskyAuthenticationDetectedEvent (org.apereo.cas.support.events.authentication.adaptive.CasRiskyAuthenticationDetectedEvent)1
CasRiskyAuthenticationMitigatedEvent (org.apereo.cas.support.events.authentication.adaptive.CasRiskyAuthenticationMitigatedEvent)1
