Example 1 with AuthenticationAwareTicket
use of org.apereo.cas.ticket.AuthenticationAwareTicket in project cas by apereo.
the class DelegatingExpirationPolicyTests method verifyOperation.
@Test
public void verifyOperation() {
val policy = new BaseDelegatingExpirationPolicy() {
private static final long serialVersionUID = -5896270899735612574L;
@Override
protected String getExpirationPolicyNameFor(final AuthenticationAwareTicket ticketState) {
if (ticketState.getAuthentication().getPrincipal().getId().equals("expired")) {
return AlwaysExpiresExpirationPolicy.class.getSimpleName();
}
return POLICY_NAME_DEFAULT;
}
};
policy.addPolicy(BaseDelegatingExpirationPolicy.POLICY_NAME_DEFAULT, new AlwaysExpiresExpirationPolicy());
policy.addPolicy(new NeverExpiresExpirationPolicy());
var ticketState = mock(TicketGrantingTicketAwareTicket.class);
when(ticketState.getAuthentication()).thenReturn(CoreAuthenticationTestUtils.getAuthentication("cas"));
assertTrue(policy.isExpired(ticketState));
assertEquals((long) policy.getTimeToLive(ticketState), 0);
assertEquals((long) policy.getTimeToLive(), 0);
assertEquals((long) policy.getTimeToIdle(), 0);
ticketState = mock(TicketGrantingTicketAwareTicket.class);
when(ticketState.getAuthentication()).thenReturn(CoreAuthenticationTestUtils.getAuthentication("expired"));
assertFalse(policy.isExpired(ticketState));
assertEquals((long) policy.getTimeToLive(ticketState), 0);
assertNotNull(policy.toString());
}
Also used :
lombok.val(lombok.val)
TicketGrantingTicketAwareTicket(org.apereo.cas.ticket.TicketGrantingTicketAwareTicket)
AuthenticationAwareTicket(org.apereo.cas.ticket.AuthenticationAwareTicket)
Test(org.junit.jupiter.api.Test)
Example 2 with AuthenticationAwareTicket
use of org.apereo.cas.ticket.AuthenticationAwareTicket in project cas by apereo.
the class DelegatedAuthenticationSingleSignOnParticipationStrategy method isParticipating.
@Override
public boolean isParticipating(final SingleSignOnParticipationRequest ssoRequest) {
val registeredService = getRegisteredService(ssoRequest);
if (registeredService == null) {
return true;
}
val accessStrategy = registeredService.getAccessStrategy();
if (accessStrategy == null || accessStrategy.getDelegatedAuthenticationPolicy() == null) {
return true;
}
val ticketGrantingTicketId = getTicketGrantingTicketId(ssoRequest);
if (ticketGrantingTicketId.isEmpty()) {
return true;
}
val ca = AuthenticationCredentialsThreadLocalBinder.getCurrentAuthentication();
try {
val authentication = getTicketState(ssoRequest).map(AuthenticationAwareTicket.class::cast).map(AuthenticationAwareTicket::getAuthentication).orElseThrow();
AuthenticationCredentialsThreadLocalBinder.bindCurrent(authentication);
val policy = accessStrategy.getDelegatedAuthenticationPolicy();
val attributes = authentication.getAttributes();
if (attributes.containsKey(ClientCredential.AUTHENTICATION_ATTRIBUTE_CLIENT_NAME)) {
val clientNameAttr = attributes.get(ClientCredential.AUTHENTICATION_ATTRIBUTE_CLIENT_NAME);
val value = CollectionUtils.firstElement(clientNameAttr);
if (value.isPresent()) {
val client = value.get().toString();
LOGGER.debug("Evaluating delegated access strategy for client [{}] and service [{}]", client, registeredService);
return policy.isProviderAllowed(client, registeredService);
}
return false;
}
return !policy.isProviderRequired();
} finally {
AuthenticationCredentialsThreadLocalBinder.bindCurrent(ca);
}
}
Also used :
lombok.val(lombok.val)
AuthenticationAwareTicket(org.apereo.cas.ticket.AuthenticationAwareTicket)
Example 3 with AuthenticationAwareTicket
use of org.apereo.cas.ticket.AuthenticationAwareTicket in project cas by apereo.
the class JpaTicketEntityFactory method fromTicket.
/**
* From.
*
* @param ticket the ticket
* @return the jpa ticket entity
*/
@SneakyThrows
public BaseTicketEntity fromTicket(final Ticket ticket) {
val jsonBody = getTicketSerializationManager().serializeTicket(ticket);
val authentication = ticket instanceof AuthenticationAwareTicket ? ((AuthenticationAwareTicket) ticket).getAuthentication() : null;
val parentTicket = ticket instanceof TicketGrantingTicketAwareTicket ? ((TicketGrantingTicketAwareTicket) ticket).getTicketGrantingTicket() : null;
val entity = getEntityClass().getDeclaredConstructor().newInstance();
return entity.setId(ticket.getId()).setParentId(Optional.ofNullable(parentTicket).map(Ticket::getId).orElse(null)).setBody(jsonBody).setType(ticket.getClass().getName()).setPrincipalId(Optional.ofNullable(authentication).map(Authentication::getPrincipal).map(Principal::getId).orElse(null)).setCreationTime(ObjectUtils.defaultIfNull(ticket.getCreationTime(), ZonedDateTime.now(Clock.systemUTC())));
}
Also used :
lombok.val(lombok.val)
AuthenticationAwareTicket(org.apereo.cas.ticket.AuthenticationAwareTicket)
TicketGrantingTicketAwareTicket(org.apereo.cas.ticket.TicketGrantingTicketAwareTicket)
Ticket(org.apereo.cas.ticket.Ticket)
Authentication(org.apereo.cas.authentication.Authentication)
TicketGrantingTicketAwareTicket(org.apereo.cas.ticket.TicketGrantingTicketAwareTicket)
AuthenticationAwareTicket(org.apereo.cas.ticket.AuthenticationAwareTicket)
SneakyThrows(lombok.SneakyThrows)
Example 4 with AuthenticationAwareTicket
use of org.apereo.cas.ticket.AuthenticationAwareTicket in project cas by apereo.
the class DefaultSingleSignOnParticipationStrategy method isParticipating.
@Override
public boolean isParticipating(final SingleSignOnParticipationRequest ssoRequest) {
if (properties.isRenewAuthnEnabled() && ssoRequest.isRequestingRenewAuthentication()) {
LOGGER.debug("The authentication session is considered renewed.");
return false;
}
val registeredService = getRegisteredService(ssoRequest);
if (registeredService == null) {
return properties.isSsoEnabled();
}
val authentication = getAuthenticationFrom(ssoRequest);
val ca = AuthenticationCredentialsThreadLocalBinder.getCurrentAuthentication();
try {
AuthenticationCredentialsThreadLocalBinder.bindCurrent(authentication);
val isAllowedForSso = registeredService.getAccessStrategy().isServiceAccessAllowedForSso();
LOGGER.trace("Located [{}] in registry. Service access to participate in SSO is set to [{}]", registeredService.getServiceId(), isAllowedForSso);
if (!isAllowedForSso) {
LOGGER.debug("Service [{}] is not authorized to participate in SSO", registeredService.getServiceId());
return false;
}
val ssoPolicy = registeredService.getSingleSignOnParticipationPolicy();
if (ssoPolicy != null) {
val ticketState = getTicketState(ssoRequest);
if (ticketState.isPresent()) {
return ssoPolicy.shouldParticipateInSso(registeredService, (AuthenticationAwareTicket) ticketState.get());
}
}
val tgtPolicy = registeredService.getTicketGrantingTicketExpirationPolicy();
if (tgtPolicy != null) {
val ticketState = getTicketState(ssoRequest);
return tgtPolicy.toExpirationPolicy().map(policy -> !policy.isExpired((TicketGrantingTicketAwareTicket) ticketState.get())).orElse(Boolean.TRUE);
}
} finally {
AuthenticationCredentialsThreadLocalBinder.bindCurrent(ca);
}
return true;
}
Also used :
lombok.val(lombok.val)
Ordered(org.springframework.core.Ordered)
Setter(lombok.Setter)
Getter(lombok.Getter)
lombok.val(lombok.val)
AuthenticationServiceSelectionPlan(org.apereo.cas.authentication.AuthenticationServiceSelectionPlan)
TicketRegistrySupport(org.apereo.cas.ticket.registry.TicketRegistrySupport)
AuthenticationAwareTicket(org.apereo.cas.ticket.AuthenticationAwareTicket)
AuthenticationCredentialsThreadLocalBinder(org.apereo.cas.authentication.AuthenticationCredentialsThreadLocalBinder)
Slf4j(lombok.extern.slf4j.Slf4j)
TicketGrantingTicketAwareTicket(org.apereo.cas.ticket.TicketGrantingTicketAwareTicket)
TriStateBoolean(org.apereo.cas.util.model.TriStateBoolean)
SingleSignOnProperties(org.apereo.cas.configuration.model.core.sso.SingleSignOnProperties)
ServicesManager(org.apereo.cas.services.ServicesManager)
TicketGrantingTicketAwareTicket(org.apereo.cas.ticket.TicketGrantingTicketAwareTicket)
Example 5 with AuthenticationAwareTicket
use of org.apereo.cas.ticket.AuthenticationAwareTicket in project cas by apereo.
the class RegisteredServiceAuthenticationPolicySingleSignOnParticipationStrategy method isParticipating.
@Override
@SneakyThrows
public boolean isParticipating(final SingleSignOnParticipationRequest ssoRequest) {
val registeredService = getRegisteredService(ssoRequest);
if (registeredService == null) {
return true;
}
val authenticationPolicy = registeredService.getAuthenticationPolicy();
if (authenticationPolicy == null) {
return true;
}
val ticketGrantingTicketId = getTicketGrantingTicketId(ssoRequest);
if (ticketGrantingTicketId.isEmpty()) {
return true;
}
val ca = AuthenticationCredentialsThreadLocalBinder.getCurrentAuthentication();
try {
val authentication = getTicketState(ssoRequest).map(AuthenticationAwareTicket.class::cast).map(AuthenticationAwareTicket::getAuthentication).orElseThrow();
AuthenticationCredentialsThreadLocalBinder.bindCurrent(authentication);
if (authentication != null) {
val successfulHandlerNames = CollectionUtils.toCollection(authentication.getAttributes().get(AuthenticationHandler.SUCCESSFUL_AUTHENTICATION_HANDLERS));
val assertedHandlers = authenticationEventExecutionPlan.getAuthenticationHandlers().stream().filter(handler -> successfulHandlerNames.contains(handler.getName())).collect(Collectors.toSet());
LOGGER.debug("Asserted authentication handlers are [{}]", assertedHandlers);
val criteria = authenticationPolicy.getCriteria();
if (criteria != null) {
val policy = criteria.toAuthenticationPolicy(registeredService);
val result = policy.isSatisfiedBy(authentication, assertedHandlers, applicationContext, Optional.empty());
return result.isSuccess();
}
}
} finally {
AuthenticationCredentialsThreadLocalBinder.bindCurrent(ca);
}
return true;
}
Also used :
lombok.val(lombok.val)
SneakyThrows(lombok.SneakyThrows)
lombok.val(lombok.val)
AuthenticationServiceSelectionPlan(org.apereo.cas.authentication.AuthenticationServiceSelectionPlan)
TicketRegistrySupport(org.apereo.cas.ticket.registry.TicketRegistrySupport)
AuthenticationAwareTicket(org.apereo.cas.ticket.AuthenticationAwareTicket)
AuthenticationEventExecutionPlan(org.apereo.cas.authentication.AuthenticationEventExecutionPlan)
Collectors(java.util.stream.Collectors)
AuthenticationCredentialsThreadLocalBinder(org.apereo.cas.authentication.AuthenticationCredentialsThreadLocalBinder)
Slf4j(lombok.extern.slf4j.Slf4j)
AuthenticationHandler(org.apereo.cas.authentication.AuthenticationHandler)
ConfigurableApplicationContext(org.springframework.context.ConfigurableApplicationContext)
CollectionUtils(org.apereo.cas.util.CollectionUtils)
BaseSingleSignOnParticipationStrategy(org.apereo.cas.web.flow.BaseSingleSignOnParticipationStrategy)
Optional(java.util.Optional)
ServicesManager(org.apereo.cas.services.ServicesManager)
SingleSignOnParticipationRequest(org.apereo.cas.web.flow.SingleSignOnParticipationRequest)
AuthenticationAwareTicket(org.apereo.cas.ticket.AuthenticationAwareTicket)
SneakyThrows(lombok.SneakyThrows)
Aggregations
lombok.val (lombok.val)5
AuthenticationAwareTicket (org.apereo.cas.ticket.AuthenticationAwareTicket)5
TicketGrantingTicketAwareTicket (org.apereo.cas.ticket.TicketGrantingTicketAwareTicket)3
SneakyThrows (lombok.SneakyThrows)2
Slf4j (lombok.extern.slf4j.Slf4j)2
AuthenticationCredentialsThreadLocalBinder (org.apereo.cas.authentication.AuthenticationCredentialsThreadLocalBinder)2
AuthenticationServiceSelectionPlan (org.apereo.cas.authentication.AuthenticationServiceSelectionPlan)2
ServicesManager (org.apereo.cas.services.ServicesManager)2
TicketRegistrySupport (org.apereo.cas.ticket.registry.TicketRegistrySupport)2
Optional (java.util.Optional)1
Collectors (java.util.stream.Collectors)1
Getter (lombok.Getter)1
Setter (lombok.Setter)1
Authentication (org.apereo.cas.authentication.Authentication)1
AuthenticationEventExecutionPlan (org.apereo.cas.authentication.AuthenticationEventExecutionPlan)1
AuthenticationHandler (org.apereo.cas.authentication.AuthenticationHandler)1
SingleSignOnProperties (org.apereo.cas.configuration.model.core.sso.SingleSignOnProperties)1
Ticket (org.apereo.cas.ticket.Ticket)1
CollectionUtils (org.apereo.cas.util.CollectionUtils)1
TriStateBoolean (org.apereo.cas.util.model.TriStateBoolean)1
