Example 1 with ClientInfo
use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.
the class AdaptiveMultifactorAuthenticationPolicyEventResolver method checkRequireMultifactorProvidersForRequest.
private Set<Event> checkRequireMultifactorProvidersForRequest(final RequestContext context, final RegisteredService service, final Authentication authentication) {
final ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
final String clientIp = clientInfo.getClientIpAddress();
LOGGER.debug("Located client IP address as [{}]", clientIp);
final String agent = WebUtils.getHttpServletRequestUserAgent();
final Map<String, MultifactorAuthenticationProvider> providerMap = WebUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
final Set<Map.Entry> entries = multifactorMap.entrySet();
for (final Map.Entry entry : entries) {
final String mfaMethod = entry.getKey().toString();
final String pattern = entry.getValue().toString();
final Optional<MultifactorAuthenticationProvider> providerFound = resolveProvider(providerMap, mfaMethod);
if (!providerFound.isPresent()) {
LOGGER.error("Adaptive authentication is configured to require [{}] for [{}], yet [{}] is absent in the configuration.", mfaMethod, pattern, mfaMethod);
throw new AuthenticationException();
}
if (checkUserAgentOrClientIp(clientIp, agent, mfaMethod, pattern)) {
return buildEvent(context, service, authentication, providerFound.get());
}
if (checkRequestGeoLocation(clientIp, mfaMethod, pattern)) {
return buildEvent(context, service, authentication, providerFound.get());
}
}
return null;
}
Also used :
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
ClientInfo(org.apereo.inspektr.common.web.ClientInfo)
MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)
Map(java.util.Map)
Example 2 with ClientInfo
use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.
the class SendTicketGrantingTicketActionTests method verifyTgtToSet.
@Test
public void verifyTgtToSet() throws Exception {
final MockHttpServletRequest request = new MockHttpServletRequest();
request.setRemoteAddr(LOCALHOST_IP);
request.setLocalAddr(LOCALHOST_IP);
ClientInfoHolder.setClientInfo(new ClientInfo(request));
final MockHttpServletResponse response = new MockHttpServletResponse();
request.addHeader("User-Agent", "Test");
final TicketGrantingTicket tgt = mock(TicketGrantingTicket.class);
when(tgt.getId()).thenReturn(TEST_STRING);
WebUtils.putTicketGrantingTicketInScopes(this.context, tgt);
this.context.setExternalContext(new ServletExternalContext(new MockServletContext(), request, response));
assertEquals(SUCCESS, this.action.execute(this.context).getId());
request.setCookies(response.getCookies());
assertEquals(tgt.getId(), this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request));
}
Also used :
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket)
ServletExternalContext(org.springframework.webflow.context.servlet.ServletExternalContext)
ClientInfo(org.apereo.inspektr.common.web.ClientInfo)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
MockServletContext(org.springframework.mock.web.MockServletContext)
Test(org.junit.Test)
Example 3 with ClientInfo
use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.
the class InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter method recordThrottle.
@Override
protected void recordThrottle(final HttpServletRequest request) {
if (this.dataSource != null && this.jdbcTemplate != null) {
super.recordThrottle(request);
final String userToUse = constructUsername(request, getUsernameParameter());
final ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
final AuditPointRuntimeInfo auditPointRuntimeInfo = new AuditPointRuntimeInfo() {
private static final long serialVersionUID = 1L;
@Override
public String asString() {
return String.format("%s.recordThrottle()", this.getClass().getName());
}
};
final AuditActionContext context = new AuditActionContext(userToUse, userToUse, INSPEKTR_ACTION, this.applicationCode, DateTimeUtils.dateOf(ZonedDateTime.now(ZoneOffset.UTC)), clientInfo.getClientIpAddress(), clientInfo.getServerIpAddress(), auditPointRuntimeInfo);
this.auditTrailManager.record(context);
} else {
LOGGER.warn("No data source is defined for [{}]. Ignoring audit record-keeping", this.getName());
}
}
Also used :
AuditActionContext(org.apereo.inspektr.audit.AuditActionContext)
AuditPointRuntimeInfo(org.apereo.inspektr.audit.AuditPointRuntimeInfo)
ClientInfo(org.apereo.inspektr.common.web.ClientInfo)
Example 4 with ClientInfo
use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.
the class InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapterTests method loginUnsuccessfully.
@Override
protected MockHttpServletResponse loginUnsuccessfully(final String username, final String fromAddress) throws Exception {
final MockHttpServletRequest request = new MockHttpServletRequest();
final MockHttpServletResponse response = new MockHttpServletResponse();
request.setMethod("POST");
request.setParameter("username", username);
request.setRemoteAddr(fromAddress);
final MockRequestContext context = new MockRequestContext();
context.setCurrentEvent(new Event(StringUtils.EMPTY, "error"));
request.setAttribute("flowRequestContext", context);
ClientInfoHolder.setClientInfo(new ClientInfo(request));
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
throttle.preHandle(request, response, null);
try {
authenticationManager.authenticate(AuthenticationTransaction.wrap(CoreAuthenticationTestUtils.getService(), badCredentials(username)));
} catch (final AuthenticationException e) {
throttle.postHandle(request, response, null, null);
return response;
}
fail("Expected AbstractAuthenticationException");
return null;
}
Also used :
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
Event(org.springframework.webflow.execution.Event)
MockRequestContext(org.springframework.webflow.test.MockRequestContext)
ClientInfo(org.apereo.inspektr.common.web.ClientInfo)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Example 5 with ClientInfo
use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.
the class DefaultCasCookieValueManager method obtainCookieValue.
@Override
public String obtainCookieValue(final Cookie cookie, final HttpServletRequest request) {
final String cookieValue = this.cipherExecutor.decode(cookie.getValue()).toString();
LOGGER.debug("Decoded cookie value is [{}]", cookieValue);
if (StringUtils.isBlank(cookieValue)) {
LOGGER.debug("Retrieved decoded cookie value is blank. Failed to decode cookie [{}]", cookie.getName());
return null;
}
final List<String> cookieParts = Splitter.on(String.valueOf(COOKIE_FIELD_SEPARATOR)).splitToList(cookieValue);
if (cookieParts.size() != COOKIE_FIELDS_LENGTH) {
throw new IllegalStateException("Invalid cookie. Required fields are missing");
}
final String value = cookieParts.get(0);
final String remoteAddr = cookieParts.get(1);
final String userAgent = cookieParts.get(2);
if (StringUtils.isBlank(value) || StringUtils.isBlank(remoteAddr) || StringUtils.isBlank(userAgent)) {
throw new IllegalStateException("Invalid cookie. Required fields are empty");
}
final ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
if (!remoteAddr.equals(clientInfo.getClientIpAddress())) {
throw new IllegalStateException("Invalid cookie. Required remote address " + remoteAddr + " does not match " + clientInfo.getClientIpAddress());
}
final String agent = HttpRequestUtils.getHttpServletRequestUserAgent(request);
if (!userAgent.equals(agent)) {
throw new IllegalStateException("Invalid cookie. Required user-agent " + userAgent + " does not match " + agent);
}
return value;
}
Also used :
ClientInfo(org.apereo.inspektr.common.web.ClientInfo)
Aggregations
ClientInfo (org.apereo.inspektr.common.web.ClientInfo)82
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)69
lombok.val (lombok.val)65
Test (org.junit.jupiter.api.Test)42
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)36
MockRequestContext (org.springframework.webflow.test.MockRequestContext)35
ServletExternalContext (org.springframework.webflow.context.servlet.ServletExternalContext)31
MockServletContext (org.springframework.mock.web.MockServletContext)29
SpringBootTest (org.springframework.boot.test.context.SpringBootTest)14
MockWebServer (org.apereo.cas.util.MockWebServer)13
ByteArrayResource (org.springframework.core.io.ByteArrayResource)13
BeforeEach (org.junit.jupiter.api.BeforeEach)12
BeforeAll (org.junit.jupiter.api.BeforeAll)6
AuthenticationException (org.apereo.cas.authentication.AuthenticationException)5
GeoLocationRequest (org.apereo.cas.authentication.adaptive.geo.GeoLocationRequest)5
ClassPathResource (org.springframework.core.io.ClassPathResource)5
LDAPConnection (com.unboundid.ldap.sdk.LDAPConnection)4
Cookie (javax.servlet.http.Cookie)4
GeoLocationResponse (org.apereo.cas.authentication.adaptive.geo.GeoLocationResponse)4
AdaptiveAuthenticationProperties (org.apereo.cas.configuration.model.core.authentication.AdaptiveAuthenticationProperties)4
