Search in sources :

Example 46 with ClientInfo

use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.

the class CasSupportJdbcAuditConfigurationTests method setUp.

@BeforeClass
public static void setUp() {
    final MockHttpServletRequest request = new MockHttpServletRequest();
    request.setRemoteAddr("1.2.3.4");
    request.setLocalAddr("7.8.9.0");
    ClientInfoHolder.setClientInfo(new ClientInfo(request));
}
Also used : MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) ClientInfo(org.apereo.inspektr.common.web.ClientInfo) BeforeClass(org.junit.BeforeClass)

Example 47 with ClientInfo

use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.

the class InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter method exceedsThreshold.

@Override
public boolean exceedsThreshold(final HttpServletRequest request) {
    if (this.dataSource != null && this.jdbcTemplate != null) {
        final String userToUse = constructUsername(request, getUsernameParameter());
        final ZonedDateTime cutoff = ZonedDateTime.now(ZoneOffset.UTC).minusSeconds(getFailureRangeInSeconds());
        final ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
        final String remoteAddress = clientInfo.getClientIpAddress();
        final List<Timestamp> failures = this.jdbcTemplate.query(this.sqlQueryAudit, new Object[] { remoteAddress, userToUse, this.authenticationFailureCode, this.applicationCode, DateTimeUtils.timestampOf(cutoff) }, new int[] { Types.VARCHAR, Types.VARCHAR, Types.VARCHAR, Types.VARCHAR, Types.TIMESTAMP }, (resultSet, i) -> resultSet.getTimestamp(1));
        if (failures.size() < 2) {
            return false;
        }
        // Compute rate in submissions/sec between last two authn failures and compare with threshold
        return NUMBER_OF_MILLISECONDS_IN_SECOND / (failures.get(0).getTime() - failures.get(1).getTime()) > getThresholdRate();
    }
    LOGGER.warn("No data source is defined for [{}]. Ignoring threshold checking", this.getName());
    return false;
}
Also used : ZonedDateTime(java.time.ZonedDateTime) ClientInfo(org.apereo.inspektr.common.web.ClientInfo) Timestamp(java.sql.Timestamp)

Example 48 with ClientInfo

use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.

the class SendTicketGrantingTicketActionTests method verifyTgtToSetRemovingOldTgt.

@Test
public void verifyTgtToSetRemovingOldTgt() throws Exception {
    final MockHttpServletRequest request = new MockHttpServletRequest();
    request.setRemoteAddr(LOCALHOST_IP);
    request.setLocalAddr(LOCALHOST_IP);
    ClientInfoHolder.setClientInfo(new ClientInfo(request));
    final MockHttpServletResponse response = new MockHttpServletResponse();
    request.addHeader("User-Agent", "Test");
    final TicketGrantingTicket tgt = mock(TicketGrantingTicket.class);
    when(tgt.getId()).thenReturn(TEST_STRING);
    request.setCookies(new Cookie("TGT", "test5"));
    WebUtils.putTicketGrantingTicketInScopes(this.context, tgt);
    this.context.setExternalContext(new ServletExternalContext(new MockServletContext(), request, response));
    assertEquals(SUCCESS, this.action.execute(this.context).getId());
    request.setCookies(response.getCookies());
    assertEquals(tgt.getId(), this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request));
}
Also used : Cookie(javax.servlet.http.Cookie) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) TicketGrantingTicket(org.apereo.cas.ticket.TicketGrantingTicket) ServletExternalContext(org.springframework.webflow.context.servlet.ServletExternalContext) ClientInfo(org.apereo.inspektr.common.web.ClientInfo) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) MockServletContext(org.springframework.mock.web.MockServletContext) Test(org.junit.Test)

Example 49 with ClientInfo

use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.

the class DefaultAdaptiveAuthenticationPolicy method apply.

@Override
public boolean apply(final String userAgent, final GeoLocationRequest location) {
    final ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
    if (clientInfo == null || StringUtils.isBlank(userAgent)) {
        LOGGER.warn("No client IP or user-agent was provided. Skipping adaptive authentication policy...");
        return true;
    }
    final String clientIp = clientInfo.getClientIpAddress();
    LOGGER.debug("Located client IP address as [{}]", clientIp);
    if (isClientIpAddressRejected(clientIp)) {
        LOGGER.warn("Client IP [{}] is rejected for authentication", clientIp);
        return false;
    }
    if (isUserAgentRejected(userAgent)) {
        LOGGER.warn("User agent [{}] is rejected for authentication", userAgent);
        return false;
    }
    LOGGER.debug("User agent [{}] is authorized to proceed", userAgent);
    if (this.geoLocationService != null && location != null && StringUtils.isNotBlank(clientIp) && StringUtils.isNotBlank(this.adaptiveAuthenticationProperties.getRejectCountries())) {
        final GeoLocationResponse loc = this.geoLocationService.locate(clientIp, location);
        if (loc != null) {
            LOGGER.debug("Determined geolocation to be [{}]", loc);
            if (isGeoLocationCountryRejected(loc)) {
                LOGGER.warn("Client [{}] is rejected for authentication", clientIp);
                return false;
            }
        } else {
            LOGGER.info("Could not determine geolocation for [{}]", clientIp);
        }
    }
    LOGGER.debug("Adaptive authentication policy has authorized client [{}] to proceed.", clientIp);
    return true;
}
Also used : GeoLocationResponse(org.apereo.cas.authentication.adaptive.geo.GeoLocationResponse) ClientInfo(org.apereo.inspektr.common.web.ClientInfo)

Example 50 with ClientInfo

use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.

the class DefaultCasCookieValueManager method buildCookieValue.

@Override
public String buildCookieValue(final String givenCookieValue, final HttpServletRequest request) {
    final ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
    final StringBuilder builder = new StringBuilder(givenCookieValue).append(COOKIE_FIELD_SEPARATOR).append(clientInfo.getClientIpAddress());
    final String userAgent = HttpRequestUtils.getHttpServletRequestUserAgent(request);
    if (StringUtils.isBlank(userAgent)) {
        throw new IllegalStateException("Request does not specify a user-agent");
    }
    builder.append(COOKIE_FIELD_SEPARATOR).append(userAgent);
    final String res = builder.toString();
    LOGGER.debug("Encoding cookie value [{}]", res);
    return this.cipherExecutor.encode(res).toString();
}
Also used : ClientInfo(org.apereo.inspektr.common.web.ClientInfo)

Aggregations

ClientInfo (org.apereo.inspektr.common.web.ClientInfo)82 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)69 lombok.val (lombok.val)65 Test (org.junit.jupiter.api.Test)42 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)36 MockRequestContext (org.springframework.webflow.test.MockRequestContext)35 ServletExternalContext (org.springframework.webflow.context.servlet.ServletExternalContext)31 MockServletContext (org.springframework.mock.web.MockServletContext)29 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)14 MockWebServer (org.apereo.cas.util.MockWebServer)13 ByteArrayResource (org.springframework.core.io.ByteArrayResource)13 BeforeEach (org.junit.jupiter.api.BeforeEach)12 BeforeAll (org.junit.jupiter.api.BeforeAll)6 AuthenticationException (org.apereo.cas.authentication.AuthenticationException)5 GeoLocationRequest (org.apereo.cas.authentication.adaptive.geo.GeoLocationRequest)5 ClassPathResource (org.springframework.core.io.ClassPathResource)5 LDAPConnection (com.unboundid.ldap.sdk.LDAPConnection)4 Cookie (javax.servlet.http.Cookie)4 GeoLocationResponse (org.apereo.cas.authentication.adaptive.geo.GeoLocationResponse)4 AdaptiveAuthenticationProperties (org.apereo.cas.configuration.model.core.authentication.AdaptiveAuthenticationProperties)4