use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.
the class CasSupportJdbcAuditConfigurationTests method setUp.
@BeforeClass
public static void setUp() {
final MockHttpServletRequest request = new MockHttpServletRequest();
request.setRemoteAddr("1.2.3.4");
request.setLocalAddr("7.8.9.0");
ClientInfoHolder.setClientInfo(new ClientInfo(request));
}
use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.
the class InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapter method exceedsThreshold.
@Override
public boolean exceedsThreshold(final HttpServletRequest request) {
if (this.dataSource != null && this.jdbcTemplate != null) {
final String userToUse = constructUsername(request, getUsernameParameter());
final ZonedDateTime cutoff = ZonedDateTime.now(ZoneOffset.UTC).minusSeconds(getFailureRangeInSeconds());
final ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
final String remoteAddress = clientInfo.getClientIpAddress();
final List<Timestamp> failures = this.jdbcTemplate.query(this.sqlQueryAudit, new Object[] { remoteAddress, userToUse, this.authenticationFailureCode, this.applicationCode, DateTimeUtils.timestampOf(cutoff) }, new int[] { Types.VARCHAR, Types.VARCHAR, Types.VARCHAR, Types.VARCHAR, Types.TIMESTAMP }, (resultSet, i) -> resultSet.getTimestamp(1));
if (failures.size() < 2) {
return false;
}
// Compute rate in submissions/sec between last two authn failures and compare with threshold
return NUMBER_OF_MILLISECONDS_IN_SECOND / (failures.get(0).getTime() - failures.get(1).getTime()) > getThresholdRate();
}
LOGGER.warn("No data source is defined for [{}]. Ignoring threshold checking", this.getName());
return false;
}
use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.
the class SendTicketGrantingTicketActionTests method verifyTgtToSetRemovingOldTgt.
@Test
public void verifyTgtToSetRemovingOldTgt() throws Exception {
final MockHttpServletRequest request = new MockHttpServletRequest();
request.setRemoteAddr(LOCALHOST_IP);
request.setLocalAddr(LOCALHOST_IP);
ClientInfoHolder.setClientInfo(new ClientInfo(request));
final MockHttpServletResponse response = new MockHttpServletResponse();
request.addHeader("User-Agent", "Test");
final TicketGrantingTicket tgt = mock(TicketGrantingTicket.class);
when(tgt.getId()).thenReturn(TEST_STRING);
request.setCookies(new Cookie("TGT", "test5"));
WebUtils.putTicketGrantingTicketInScopes(this.context, tgt);
this.context.setExternalContext(new ServletExternalContext(new MockServletContext(), request, response));
assertEquals(SUCCESS, this.action.execute(this.context).getId());
request.setCookies(response.getCookies());
assertEquals(tgt.getId(), this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request));
}
use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.
the class DefaultAdaptiveAuthenticationPolicy method apply.
@Override
public boolean apply(final String userAgent, final GeoLocationRequest location) {
final ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
if (clientInfo == null || StringUtils.isBlank(userAgent)) {
LOGGER.warn("No client IP or user-agent was provided. Skipping adaptive authentication policy...");
return true;
}
final String clientIp = clientInfo.getClientIpAddress();
LOGGER.debug("Located client IP address as [{}]", clientIp);
if (isClientIpAddressRejected(clientIp)) {
LOGGER.warn("Client IP [{}] is rejected for authentication", clientIp);
return false;
}
if (isUserAgentRejected(userAgent)) {
LOGGER.warn("User agent [{}] is rejected for authentication", userAgent);
return false;
}
LOGGER.debug("User agent [{}] is authorized to proceed", userAgent);
if (this.geoLocationService != null && location != null && StringUtils.isNotBlank(clientIp) && StringUtils.isNotBlank(this.adaptiveAuthenticationProperties.getRejectCountries())) {
final GeoLocationResponse loc = this.geoLocationService.locate(clientIp, location);
if (loc != null) {
LOGGER.debug("Determined geolocation to be [{}]", loc);
if (isGeoLocationCountryRejected(loc)) {
LOGGER.warn("Client [{}] is rejected for authentication", clientIp);
return false;
}
} else {
LOGGER.info("Could not determine geolocation for [{}]", clientIp);
}
}
LOGGER.debug("Adaptive authentication policy has authorized client [{}] to proceed.", clientIp);
return true;
}
use of org.apereo.inspektr.common.web.ClientInfo in project cas by apereo.
the class DefaultCasCookieValueManager method buildCookieValue.
@Override
public String buildCookieValue(final String givenCookieValue, final HttpServletRequest request) {
final ClientInfo clientInfo = ClientInfoHolder.getClientInfo();
final StringBuilder builder = new StringBuilder(givenCookieValue).append(COOKIE_FIELD_SEPARATOR).append(clientInfo.getClientIpAddress());
final String userAgent = HttpRequestUtils.getHttpServletRequestUserAgent(request);
if (StringUtils.isBlank(userAgent)) {
throw new IllegalStateException("Request does not specify a user-agent");
}
builder.append(COOKIE_FIELD_SEPARATOR).append(userAgent);
final String res = builder.toString();
LOGGER.debug("Encoding cookie value [{}]", res);
return this.cipherExecutor.encode(res).toString();
}
Aggregations