Examples with InvalidCookieException org.apereo.cas.web.support.InvalidCookieException used on opensource projects

Search in sources :

Example 1 with InvalidCookieException

use of org.apereo.cas.web.support.InvalidCookieException in project cas by apereo.

the class InvalidTicketExceptionTests method verifyCodeWithCause.

@Test
public void verifyCodeWithCause() {
    val cause = new InvalidCookieException("forbidden");
    val t = new InvalidTicketException(cause, "InvalidTicketId");
    assertEquals(cause.getCode(), t.getCode());
}
Also used : lombok.val(lombok.val) InvalidCookieException(org.apereo.cas.web.support.InvalidCookieException) Test(org.junit.jupiter.api.Test)

Example 2 with InvalidCookieException

use of org.apereo.cas.web.support.InvalidCookieException in project cas by apereo.

the class DefaultCasCookieValueManager method obtainValueFromCompoundCookie.

@Override
protected String obtainValueFromCompoundCookie(final String value, final HttpServletRequest request) {
    val cookieParts = Splitter.on(String.valueOf(COOKIE_FIELD_SEPARATOR)).splitToList(value);
    val cookieValue = cookieParts.get(0);
    if (!cookieProperties.isPinToSession()) {
        LOGGER.trace("Cookie session-pinning is disabled. Returning cookie value as it was provided");
        return cookieValue;
    }
    if (cookieParts.size() != COOKIE_FIELDS_LENGTH) {
        throw new InvalidCookieException("Invalid cookie. Required fields are missing");
    }
    val cookieIpAddress = cookieParts.get(1);
    val cookieUserAgent = cookieParts.get(2);
    if (Stream.of(cookieValue, cookieIpAddress, cookieUserAgent).anyMatch(StringUtils::isBlank)) {
        throw new InvalidCookieException("Invalid cookie. Required fields are empty");
    }
    val clientInfo = ClientInfoHolder.getClientInfo();
    if (clientInfo == null) {
        throw new InvalidCookieException("Unable to match required remote address " + cookieIpAddress + " because client ip at time of cookie creation is unknown");
    }
    if (!cookieIpAddress.equals(clientInfo.getClientIpAddress())) {
        if (StringUtils.isBlank(cookieProperties.getAllowedIpAddressesPattern()) || !RegexUtils.find(cookieProperties.getAllowedIpAddressesPattern(), clientInfo.getClientIpAddress())) {
            throw new InvalidCookieException("Invalid cookie. Required remote address " + cookieIpAddress + " does not match " + clientInfo.getClientIpAddress());
        }
        LOGGER.debug("Required remote address [{}] does not match [{}], but it's authorized proceed", cookieIpAddress, clientInfo.getClientIpAddress());
    }
    val agent = HttpRequestUtils.getHttpServletRequestUserAgent(request);
    if (!cookieUserAgent.equals(agent)) {
        throw new InvalidCookieException("Invalid cookie. Required user-agent " + cookieUserAgent + " does not match " + agent);
    }
    return cookieValue;
}
Also used : lombok.val(lombok.val) InvalidCookieException(org.apereo.cas.web.support.InvalidCookieException) StringUtils(org.apache.commons.lang3.StringUtils)

Example 3 with InvalidCookieException

use of org.apereo.cas.web.support.InvalidCookieException in project cas by apereo.

the class CookieRetrievingCookieGenerator method retrieveCookieValue.

@Override
public String retrieveCookieValue(final HttpServletRequest request) {
    try {
        if (StringUtils.isBlank(getCookieName())) {
            throw new InvalidCookieException("Cookie name is undefined");
        }
        var cookie = org.springframework.web.util.WebUtils.getCookie(request, Objects.requireNonNull(getCookieName()));
        if (cookie == null) {
            val cookieValue = request.getHeader(getCookieName());
            if (StringUtils.isNotBlank(cookieValue)) {
                LOGGER.trace("Found cookie [{}] under header name [{}]", cookieValue, getCookieName());
                cookie = createCookie(cookieValue);
            }
        }
        if (cookie == null) {
            val cookieValue = request.getParameter(getCookieName());
            if (StringUtils.isNotBlank(cookieValue)) {
                LOGGER.trace("Found cookie [{}] under request parameter name [{}]", cookieValue, getCookieName());
                cookie = createCookie(cookieValue);
            }
        }
        return Optional.ofNullable(cookie).map(ck -> this.casCookieValueManager.obtainCookieValue(ck, request)).orElse(null);
    } catch (final Exception e) {
        LoggingUtils.warn(LOGGER, e);
    }
    return null;
}
Also used : lombok.val(lombok.val) Arrays(java.util.Arrays) Getter(lombok.Getter) CookieSameSitePolicy(org.apereo.cas.web.cookie.CookieSameSitePolicy) RememberMeCredential(org.apereo.cas.authentication.RememberMeCredential) StringUtils(org.apache.commons.lang3.StringUtils) RequestContext(org.springframework.webflow.execution.RequestContext) InvalidCookieException(org.apereo.cas.web.support.InvalidCookieException) LoggingUtils(org.apereo.cas.util.LoggingUtils) FunctionUtils(org.apereo.cas.util.function.FunctionUtils) HttpServletRequest(javax.servlet.http.HttpServletRequest) CasCookieBuilder(org.apereo.cas.web.cookie.CasCookieBuilder) CookieGenerator(org.springframework.web.util.CookieGenerator) Cookie(javax.servlet.http.Cookie) CookieGenerationContext(org.apereo.cas.web.cookie.CookieGenerationContext) NonNull(lombok.NonNull) lombok.val(lombok.val) HttpServletResponse(javax.servlet.http.HttpServletResponse) NoOpCookieValueManager(org.apereo.cas.web.support.mgmr.NoOpCookieValueManager) CookieValueManager(org.apereo.cas.web.cookie.CookieValueManager) Serializable(java.io.Serializable) Objects(java.util.Objects) Slf4j(lombok.extern.slf4j.Slf4j) Stream(java.util.stream.Stream) Optional(java.util.Optional) CoreAuthenticationUtils(org.apereo.cas.authentication.CoreAuthenticationUtils) WebUtils(org.apereo.cas.web.support.WebUtils) InvalidCookieException(org.apereo.cas.web.support.InvalidCookieException) InvalidCookieException(org.apereo.cas.web.support.InvalidCookieException)

Aggregations

lombok.val (lombok.val)3 InvalidCookieException (org.apereo.cas.web.support.InvalidCookieException)3 StringUtils (org.apache.commons.lang3.StringUtils)2 Serializable (java.io.Serializable)1 Arrays (java.util.Arrays)1 Objects (java.util.Objects)1 Optional (java.util.Optional)1 Stream (java.util.stream.Stream)1 Cookie (javax.servlet.http.Cookie)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 Getter (lombok.Getter)1 NonNull (lombok.NonNull)1 Slf4j (lombok.extern.slf4j.Slf4j)1 CoreAuthenticationUtils (org.apereo.cas.authentication.CoreAuthenticationUtils)1 RememberMeCredential (org.apereo.cas.authentication.RememberMeCredential)1 LoggingUtils (org.apereo.cas.util.LoggingUtils)1 FunctionUtils (org.apereo.cas.util.function.FunctionUtils)1 CasCookieBuilder (org.apereo.cas.web.cookie.CasCookieBuilder)1 CookieGenerationContext (org.apereo.cas.web.cookie.CookieGenerationContext)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial