use of org.jasig.cas.client.util.URIBuilder in project cas by apereo.
the class OidcAuthenticationContextWebflowEventEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
final HttpServletRequest request = WebUtils.getHttpServletRequestFromExternalWebflowContext(context);
if (service == null || authentication == null) {
LOGGER.debug("No service or authentication is available to determine event for principal");
return null;
}
String acr = request.getParameter(OAuth20Constants.ACR_VALUES);
if (StringUtils.isBlank(acr)) {
final URIBuilder builderContext = new URIBuilder(StringUtils.trimToEmpty(context.getFlowExecutionUrl()));
final Optional<URIBuilder.BasicNameValuePair> parameter = builderContext.getQueryParams().stream().filter(p -> p.getName().equals(OAuth20Constants.ACR_VALUES)).findFirst();
if (parameter.isPresent()) {
acr = parameter.get().getValue();
}
}
if (StringUtils.isBlank(acr)) {
LOGGER.debug("No ACR provided in the authentication request");
return null;
}
final Set<String> values = org.springframework.util.StringUtils.commaDelimitedListToSet(acr);
if (values.isEmpty()) {
LOGGER.debug("No ACR provided in the authentication request");
return null;
}
final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap == null || providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context to handle [{}]", values);
throw new AuthenticationException();
}
final Collection<MultifactorAuthenticationProvider> flattenedProviders = flattenProviders(providerMap.values());
final Optional<MultifactorAuthenticationProvider> provider = flattenedProviders.stream().filter(v -> values.contains(v.getId())).findAny();
if (provider.isPresent()) {
return CollectionUtils.wrapSet(new Event(this, provider.get().getId()));
}
LOGGER.warn("The requested authentication class [{}] cannot be satisfied by any of the MFA providers available", values);
throw new AuthenticationException();
}
use of org.jasig.cas.client.util.URIBuilder in project cas by apereo.
the class OidcAuthorizationRequestSupport method getOidcMaxAgeFromAuthorizationRequest.
/**
* Gets oidc max age from authorization request.
*
* @param context the context
* @return the oidc max age from authorization request
*/
public static Optional<Long> getOidcMaxAgeFromAuthorizationRequest(final WebContext context) {
final URIBuilder builderContext = new URIBuilder(context.getFullRequestURL());
final Optional<URIBuilder.BasicNameValuePair> parameter = builderContext.getQueryParams().stream().filter(p -> OidcConstants.MAX_AGE.equals(p.getName())).findFirst();
if (parameter.isPresent()) {
final long maxAge = NumberUtils.toLong(parameter.get().getValue(), -1);
return Optional.of(maxAge);
}
return Optional.empty();
}
use of org.jasig.cas.client.util.URIBuilder in project cas by apereo.
the class DelegatedClientNavigationController method redirectToProvider.
/**
* Redirect to provider. Receive the client name from the request and then try to determine and build the endpoint url
* for the redirection. The redirection data/url must contain a delegated client ticket id so that the request be can
* restored on the trip back. SAML clients use the relay-state session attribute while others use request parameters.
*
* @param request the request
* @param response the response
* @return the view
*/
@GetMapping(ENDPOINT_REDIRECT)
public View redirectToProvider(final HttpServletRequest request, final HttpServletResponse response) {
final String clientName = request.getParameter(Pac4jConstants.DEFAULT_CLIENT_NAME_PARAMETER);
try {
final IndirectClient client = (IndirectClient<Credentials, CommonProfile>) this.clients.findClient(clientName);
final J2EContext webContext = Pac4jUtils.getPac4jJ2EContext(request, response);
final Ticket ticket = delegatedClientWebflowManager.store(webContext, client);
final View result;
final RedirectAction action = client.getRedirectAction(webContext);
if (RedirectAction.RedirectType.SUCCESS.equals(action.getType())) {
result = new DynamicHtmlView(action.getContent());
} else {
final URIBuilder builder = new URIBuilder(action.getLocation());
final String url = builder.toString();
LOGGER.debug("Redirecting client [{}] to [{}] based on identifier [{}]", client.getName(), url, ticket.getId());
result = new RedirectView(url);
}
this.delegatedSessionCookieManager.store(webContext);
return result;
} catch (final HttpAction e) {
if (e.getCode() == HttpStatus.UNAUTHORIZED.value()) {
LOGGER.debug("Authentication request was denied from the provider [{}]", clientName, e);
} else {
LOGGER.warn(e.getMessage(), e);
}
throw new UnauthorizedServiceException(e.getMessage(), e);
}
}
use of org.jasig.cas.client.util.URIBuilder in project cas by apereo.
the class SamlIdPEntityIdAuthenticationServiceSelectionStrategy method getEntityIdAsParameter.
/**
* Gets entity id as parameter.
*
* @param service the service
* @return the entity id as parameter
*/
protected static Optional<URIBuilder.BasicNameValuePair> getEntityIdAsParameter(final Service service) {
final URIBuilder builder = new URIBuilder(service.getId());
final Optional<URIBuilder.BasicNameValuePair> param = builder.getQueryParams().stream().filter(p -> p.getName().equals(SamlProtocolConstants.PARAMETER_ENTITY_ID)).findFirst();
return param;
}
use of org.jasig.cas.client.util.URIBuilder in project cas by apereo.
the class OAuth20CasCallbackUrlResolver method compute.
@Override
public String compute(final String url, final WebContext context) {
if (url.startsWith(callbackUrl)) {
final URIBuilder builder = new URIBuilder(url, true);
Optional<URIBuilder.BasicNameValuePair> parameter = getQueryParameter(context, OAuth20Constants.CLIENT_ID);
parameter.ifPresent(basicNameValuePair -> builder.addParameter(basicNameValuePair.getName(), basicNameValuePair.getValue()));
parameter = getQueryParameter(context, OAuth20Constants.REDIRECT_URI);
parameter.ifPresent(basicNameValuePair -> builder.addParameter(basicNameValuePair.getName(), basicNameValuePair.getValue()));
parameter = getQueryParameter(context, OAuth20Constants.ACR_VALUES);
parameter.ifPresent(basicNameValuePair -> builder.addParameter(basicNameValuePair.getName(), basicNameValuePair.getValue()));
parameter = getQueryParameter(context, OAuth20Constants.RESPONSE_TYPE);
parameter.ifPresent(basicNameValuePair -> builder.addParameter(basicNameValuePair.getName(), basicNameValuePair.getValue()));
parameter = getQueryParameter(context, OAuth20Constants.GRANT_TYPE);
parameter.ifPresent(basicNameValuePair -> builder.addParameter(basicNameValuePair.getName(), basicNameValuePair.getValue()));
final String callbackResolved = builder.build().toString();
LOGGER.debug("Final resolved callback URL is [{}]", callbackResolved);
return callbackResolved;
}
return url;
}
Aggregations