Search in sources :

Example 1 with ClientInfo

use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.

the class AdaptiveMultifactorAuthenticationPolicyEventResolver method checkRequireMultifactorProvidersForRequest.

private Set<Event> checkRequireMultifactorProvidersForRequest(final RequestContext context, final RegisteredService service, final Authentication authentication) {
    final ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
    final String clientIp = clientInfo.getClientIpAddress();
    LOGGER.debug("Located client IP address as [{}]", clientIp);
    final String agent = WebUtils.getHttpServletRequestUserAgent();
    final Map<String, MultifactorAuthenticationProvider> providerMap = WebUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    final Set<Map.Entry> entries = multifactorMap.entrySet();
    for (final Map.Entry entry : entries) {
        final String mfaMethod = entry.getKey().toString();
        final String pattern = entry.getValue().toString();
        final Optional<MultifactorAuthenticationProvider> providerFound = resolveProvider(providerMap, mfaMethod);
        if (!providerFound.isPresent()) {
            LOGGER.error("Adaptive authentication is configured to require [{}] for [{}], yet [{}] is absent in the configuration.", mfaMethod, pattern, mfaMethod);
            throw new AuthenticationException();
        }
        if (checkUserAgentOrClientIp(clientIp, agent, mfaMethod, pattern)) {
            return buildEvent(context, service, authentication, providerFound.get());
        }
        if (checkRequestGeoLocation(clientIp, mfaMethod, pattern)) {
            return buildEvent(context, service, authentication, providerFound.get());
        }
    }
    return null;
}
Also used : AuthenticationException(org.apereo.cas.authentication.AuthenticationException) ClientInfo(org.apereo.inspektr.common.web.ClientInfo) MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider) Map(java.util.Map)

Example 2 with ClientInfo

use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.

the class SendTicketGrantingTicketActionTests method verifyTgtToSet.

@Test
public void verifyTgtToSet() throws Exception {
    final MockHttpServletRequest request = new MockHttpServletRequest();
    request.setRemoteAddr(LOCALHOST_IP);
    request.setLocalAddr(LOCALHOST_IP);
    ClientInfoHolder.setClientInfo(new ClientInfo(request));
    final MockHttpServletResponse response = new MockHttpServletResponse();
    request.addHeader("User-Agent", "Test");
    final TicketGrantingTicket tgt = mock(TicketGrantingTicket.class);
    when(tgt.getId()).thenReturn(TEST_STRING);
    WebUtils.putTicketGrantingTicketInScopes(this.context, tgt);
    this.context.setExternalContext(new ServletExternalContext(new MockServletContext(), request, response));
    assertEquals(SUCCESS, this.action.execute(this.context).getId());
    request.setCookies(response.getCookies());
    assertEquals(tgt.getId(), this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request));
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket) ServletExternalContext(org.springframework.webflow.context.servlet.ServletExternalContext) ClientInfo(org.apereo.inspektr.common.web.ClientInfo) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) MockServletContext(org.springframework.mock.web.MockServletContext) Test(org.junit.Test)

Example 3 with ClientInfo

use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.

the class InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter method recordThrottle.

@Override
protected void recordThrottle(final HttpServletRequest request) {
    if (this.dataSource != null && this.jdbcTemplate != null) {
        super.recordThrottle(request);
        final String userToUse = constructUsername(request, getUsernameParameter());
        final ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
        final AuditPointRuntimeInfo auditPointRuntimeInfo = new AuditPointRuntimeInfo() {

            private static final long serialVersionUID = 1L;

            @Override
            public String asString() {
                return String.format("%s.recordThrottle()", this.getClass().getName());
            }
        };
        final AuditActionContext context = new AuditActionContext(userToUse, userToUse, INSPEKTR_ACTION, this.applicationCode, DateTimeUtils.dateOf(ZonedDateTime.now(ZoneOffset.UTC)), clientInfo.getClientIpAddress(), clientInfo.getServerIpAddress(), auditPointRuntimeInfo);
        this.auditTrailManager.record(context);
    } else {
        LOGGER.warn("No data source is defined for [{}]. Ignoring audit record-keeping", this.getName());
    }
}
Also used : AuditActionContext(org.apereo.inspektr.audit.AuditActionContext) AuditPointRuntimeInfo(org.apereo.inspektr.audit.AuditPointRuntimeInfo) ClientInfo(org.apereo.inspektr.common.web.ClientInfo)

Example 4 with ClientInfo

use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.

the class InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapterTests method loginUnsuccessfully.

@Override
protected MockHttpServletResponse loginUnsuccessfully(final String username, final String fromAddress) throws Exception {
    final MockHttpServletRequest request = new MockHttpServletRequest();
    final MockHttpServletResponse response = new MockHttpServletResponse();
    request.setMethod("POST");
    request.setParameter("username", username);
    request.setRemoteAddr(fromAddress);
    final MockRequestContext context = new MockRequestContext();
    context.setCurrentEvent(new Event(StringUtils.EMPTY, "error"));
    request.setAttribute("flowRequestContext", context);
    ClientInfoHolder.setClientInfo(new ClientInfo(request));
    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
    throttle.preHandle(request, response, null);
    try {
        authenticationManager.authenticate(AuthenticationTransaction.wrap(CoreAuthenticationTestUtils.getService(), badCredentials(username)));
    } catch (final AuthenticationException e) {
        throttle.postHandle(request, response, null, null);
        return response;
    }
    fail("Expected AbstractAuthenticationException");
    return null;
}
Also used : AuthenticationException(org.apereo.cas.authentication.AuthenticationException) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Event(org.springframework.webflow.execution.Event) MockRequestContext(org.springframework.webflow.test.MockRequestContext) ClientInfo(org.apereo.inspektr.common.web.ClientInfo) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)

Example 5 with ClientInfo

use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.

the class DefaultCasCookieValueManager method obtainCookieValue.

@Override
public String obtainCookieValue(final Cookie cookie, final HttpServletRequest request) {
    final String cookieValue = this.cipherExecutor.decode(cookie.getValue()).toString();
    LOGGER.debug("Decoded cookie value is [{}]", cookieValue);
    if (StringUtils.isBlank(cookieValue)) {
        LOGGER.debug("Retrieved decoded cookie value is blank. Failed to decode cookie [{}]", cookie.getName());
        return null;
    }
    final List<String> cookieParts = Splitter.on(String.valueOf(COOKIE_FIELD_SEPARATOR)).splitToList(cookieValue);
    if (cookieParts.size() != COOKIE_FIELDS_LENGTH) {
        throw new IllegalStateException("Invalid cookie. Required fields are missing");
    }
    final String value = cookieParts.get(0);
    final String remoteAddr = cookieParts.get(1);
    final String userAgent = cookieParts.get(2);
    if (StringUtils.isBlank(value) || StringUtils.isBlank(remoteAddr) || StringUtils.isBlank(userAgent)) {
        throw new IllegalStateException("Invalid cookie. Required fields are empty");
    }
    final ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
    if (!remoteAddr.equals(clientInfo.getClientIpAddress())) {
        throw new IllegalStateException("Invalid cookie. Required remote address " + remoteAddr + " does not match " + clientInfo.getClientIpAddress());
    }
    final String agent = HttpRequestUtils.getHttpServletRequestUserAgent(request);
    if (!userAgent.equals(agent)) {
        throw new IllegalStateException("Invalid cookie. Required user-agent " + userAgent + " does not match " + agent);
    }
    return value;
}
Also used : ClientInfo(org.apereo.inspektr.common.web.ClientInfo)

Aggregations

ClientInfo (org.apereo.inspektr.common.web.ClientInfo)82 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)69 lombok.val (lombok.val)65 Test (org.junit.jupiter.api.Test)42 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)36 MockRequestContext (org.springframework.webflow.test.MockRequestContext)35 ServletExternalContext (org.springframework.webflow.context.servlet.ServletExternalContext)31 MockServletContext (org.springframework.mock.web.MockServletContext)29 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)14 MockWebServer (org.apereo.cas.util.MockWebServer)13 ByteArrayResource (org.springframework.core.io.ByteArrayResource)13 BeforeEach (org.junit.jupiter.api.BeforeEach)12 BeforeAll (org.junit.jupiter.api.BeforeAll)6 AuthenticationException (org.apereo.cas.authentication.AuthenticationException)5 GeoLocationRequest (org.apereo.cas.authentication.adaptive.geo.GeoLocationRequest)5 ClassPathResource (org.springframework.core.io.ClassPathResource)5 LDAPConnection (com.unboundid.ldap.sdk.LDAPConnection)4 Cookie (javax.servlet.http.Cookie)4 GeoLocationResponse (org.apereo.cas.authentication.adaptive.geo.GeoLocationResponse)4 AdaptiveAuthenticationProperties (org.apereo.cas.configuration.model.core.authentication.AdaptiveAuthenticationProperties)4