Search in sources :

Example 1 with URIBuilder

use of org.jasig.cas.client.util.URIBuilder in project cas by apereo.

the class OidcAuthenticationContextWebflowEventEventResolver method resolveInternal.

@Override
public Set<Event> resolveInternal(final RequestContext context) {
    final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
    final Authentication authentication = WebUtils.getAuthentication(context);
    final HttpServletRequest request = WebUtils.getHttpServletRequestFromExternalWebflowContext(context);
    if (service == null || authentication == null) {
        LOGGER.debug("No service or authentication is available to determine event for principal");
        return null;
    }
    String acr = request.getParameter(OAuth20Constants.ACR_VALUES);
    if (StringUtils.isBlank(acr)) {
        final URIBuilder builderContext = new URIBuilder(StringUtils.trimToEmpty(context.getFlowExecutionUrl()));
        final Optional<URIBuilder.BasicNameValuePair> parameter = builderContext.getQueryParams().stream().filter(p -> p.getName().equals(OAuth20Constants.ACR_VALUES)).findFirst();
        if (parameter.isPresent()) {
            acr = parameter.get().getValue();
        }
    }
    if (StringUtils.isBlank(acr)) {
        LOGGER.debug("No ACR provided in the authentication request");
        return null;
    }
    final Set<String> values = org.springframework.util.StringUtils.commaDelimitedListToSet(acr);
    if (values.isEmpty()) {
        LOGGER.debug("No ACR provided in the authentication request");
        return null;
    }
    final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    if (providerMap == null || providerMap.isEmpty()) {
        LOGGER.error("No multifactor authentication providers are available in the application context to handle [{}]", values);
        throw new AuthenticationException();
    }
    final Collection<MultifactorAuthenticationProvider> flattenedProviders = flattenProviders(providerMap.values());
    final Optional<MultifactorAuthenticationProvider> provider = flattenedProviders.stream().filter(v -> values.contains(v.getId())).findAny();
    if (provider.isPresent()) {
        return CollectionUtils.wrapSet(new Event(this, provider.get().getId()));
    }
    LOGGER.warn("The requested authentication class [{}] cannot be satisfied by any of the MFA providers available", values);
    throw new AuthenticationException();
}
Also used : MultifactorAuthenticationProviderSelector(org.apereo.cas.services.MultifactorAuthenticationProviderSelector) CentralAuthenticationService(org.apereo.cas.CentralAuthenticationService) TicketRegistrySupport(org.apereo.cas.ticket.registry.TicketRegistrySupport) URIBuilder(org.jasig.cas.client.util.URIBuilder) StringUtils(org.apache.commons.lang3.StringUtils) RequestContext(org.springframework.webflow.execution.RequestContext) HttpServletRequest(javax.servlet.http.HttpServletRequest) Authentication(org.apereo.cas.authentication.Authentication) Map(java.util.Map) CollectionUtils(org.apereo.cas.util.CollectionUtils) AuthenticationSystemSupport(org.apereo.cas.authentication.AuthenticationSystemSupport) MultifactorAuthenticationUtils(org.apereo.cas.authentication.MultifactorAuthenticationUtils) CookieGenerator(org.springframework.web.util.CookieGenerator) ServicesManager(org.apereo.cas.services.ServicesManager) AuthenticationException(org.apereo.cas.authentication.AuthenticationException) MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider) OAuth20Constants(org.apereo.cas.support.oauth.OAuth20Constants) Collection(java.util.Collection) AuthenticationServiceSelectionPlan(org.apereo.cas.authentication.AuthenticationServiceSelectionPlan) Set(java.util.Set) RegisteredService(org.apereo.cas.services.RegisteredService) BaseMultifactorAuthenticationProviderEventResolver(org.apereo.cas.web.flow.authentication.BaseMultifactorAuthenticationProviderEventResolver) Slf4j(lombok.extern.slf4j.Slf4j) Optional(java.util.Optional) WebUtils(org.apereo.cas.web.support.WebUtils) Event(org.springframework.webflow.execution.Event) RegisteredService(org.apereo.cas.services.RegisteredService) AuthenticationException(org.apereo.cas.authentication.AuthenticationException) MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider) URIBuilder(org.jasig.cas.client.util.URIBuilder) HttpServletRequest(javax.servlet.http.HttpServletRequest) Authentication(org.apereo.cas.authentication.Authentication) Event(org.springframework.webflow.execution.Event)

Example 2 with URIBuilder

use of org.jasig.cas.client.util.URIBuilder in project cas by apereo.

the class OidcAuthorizationRequestSupport method getOidcMaxAgeFromAuthorizationRequest.

/**
 * Gets oidc max age from authorization request.
 *
 * @param context the context
 * @return the oidc max age from authorization request
 */
public static Optional<Long> getOidcMaxAgeFromAuthorizationRequest(final WebContext context) {
    final URIBuilder builderContext = new URIBuilder(context.getFullRequestURL());
    final Optional<URIBuilder.BasicNameValuePair> parameter = builderContext.getQueryParams().stream().filter(p -> OidcConstants.MAX_AGE.equals(p.getName())).findFirst();
    if (parameter.isPresent()) {
        final long maxAge = NumberUtils.toLong(parameter.get().getValue(), -1);
        return Optional.of(maxAge);
    }
    return Optional.empty();
}
Also used : CasProtocolConstants(org.apereo.cas.CasProtocolConstants) Arrays(java.util.Arrays) CasClient(org.pac4j.cas.client.CasClient) NonNull(lombok.NonNull) OidcConstants(org.apereo.cas.oidc.OidcConstants) ZonedDateTime(java.time.ZonedDateTime) TicketRegistrySupport(org.apereo.cas.ticket.registry.TicketRegistrySupport) Set(java.util.Set) URIBuilder(org.jasig.cas.client.util.URIBuilder) StringUtils(org.apache.commons.lang3.StringUtils) ProfileManager(org.pac4j.core.profile.ProfileManager) Collectors(java.util.stream.Collectors) Pac4jUtils(org.apereo.cas.util.Pac4jUtils) WebContext(org.pac4j.core.context.WebContext) Slf4j(lombok.extern.slf4j.Slf4j) Authentication(org.apereo.cas.authentication.Authentication) NumberUtils(org.apache.commons.lang3.math.NumberUtils) CookieRetrievingCookieGenerator(org.apereo.cas.web.support.CookieRetrievingCookieGenerator) J2EContext(org.pac4j.core.context.J2EContext) Optional(java.util.Optional) UserProfile(org.pac4j.core.profile.UserProfile) AllArgsConstructor(lombok.AllArgsConstructor) URIBuilder(org.jasig.cas.client.util.URIBuilder)

Example 3 with URIBuilder

use of org.jasig.cas.client.util.URIBuilder in project cas by apereo.

the class DelegatedClientNavigationController method redirectToProvider.

/**
 * Redirect to provider. Receive the client name from the request and then try to determine and build the endpoint url
 * for the redirection. The redirection data/url must contain a delegated client ticket id so that the request be can
 * restored on the trip back. SAML clients use the relay-state session attribute while others use request parameters.
 *
 * @param request  the request
 * @param response the response
 * @return the view
 */
@GetMapping(ENDPOINT_REDIRECT)
public View redirectToProvider(final HttpServletRequest request, final HttpServletResponse response) {
    final String clientName = request.getParameter(Pac4jConstants.DEFAULT_CLIENT_NAME_PARAMETER);
    try {
        final IndirectClient client = (IndirectClient<Credentials, CommonProfile>) this.clients.findClient(clientName);
        final J2EContext webContext = Pac4jUtils.getPac4jJ2EContext(request, response);
        final Ticket ticket = delegatedClientWebflowManager.store(webContext, client);
        final View result;
        final RedirectAction action = client.getRedirectAction(webContext);
        if (RedirectAction.RedirectType.SUCCESS.equals(action.getType())) {
            result = new DynamicHtmlView(action.getContent());
        } else {
            final URIBuilder builder = new URIBuilder(action.getLocation());
            final String url = builder.toString();
            LOGGER.debug("Redirecting client [{}] to [{}] based on identifier [{}]", client.getName(), url, ticket.getId());
            result = new RedirectView(url);
        }
        this.delegatedSessionCookieManager.store(webContext);
        return result;
    } catch (final HttpAction e) {
        if (e.getCode() == HttpStatus.UNAUTHORIZED.value()) {
            LOGGER.debug("Authentication request was denied from the provider [{}]", clientName, e);
        } else {
            LOGGER.warn(e.getMessage(), e);
        }
        throw new UnauthorizedServiceException(e.getMessage(), e);
    }
}
Also used : Ticket(org.apereo.cas.ticket.Ticket) RedirectView(org.springframework.web.servlet.view.RedirectView) IndirectClient(org.pac4j.core.client.IndirectClient) UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException) J2EContext(org.pac4j.core.context.J2EContext) View(org.springframework.web.servlet.View) DynamicHtmlView(org.apereo.cas.web.view.DynamicHtmlView) RedirectView(org.springframework.web.servlet.view.RedirectView) DynamicHtmlView(org.apereo.cas.web.view.DynamicHtmlView) HttpAction(org.pac4j.core.exception.HttpAction) RedirectAction(org.pac4j.core.redirect.RedirectAction) URIBuilder(org.jasig.cas.client.util.URIBuilder) GetMapping(org.springframework.web.bind.annotation.GetMapping)

Example 4 with URIBuilder

use of org.jasig.cas.client.util.URIBuilder in project cas by apereo.

the class SamlIdPEntityIdAuthenticationServiceSelectionStrategy method getEntityIdAsParameter.

/**
 * Gets entity id as parameter.
 *
 * @param service the service
 * @return the entity id as parameter
 */
protected static Optional<URIBuilder.BasicNameValuePair> getEntityIdAsParameter(final Service service) {
    final URIBuilder builder = new URIBuilder(service.getId());
    final Optional<URIBuilder.BasicNameValuePair> param = builder.getQueryParams().stream().filter(p -> p.getName().equals(SamlProtocolConstants.PARAMETER_ENTITY_ID)).findFirst();
    return param;
}
Also used : AuthenticationServiceSelectionStrategy(org.apereo.cas.authentication.AuthenticationServiceSelectionStrategy) SamlProtocolConstants(org.apereo.cas.support.saml.SamlProtocolConstants) Ordered(org.springframework.core.Ordered) Slf4j(lombok.extern.slf4j.Slf4j) Service(org.apereo.cas.authentication.principal.Service) Optional(java.util.Optional) URIBuilder(org.jasig.cas.client.util.URIBuilder) ServiceFactory(org.apereo.cas.authentication.principal.ServiceFactory) URIBuilder(org.jasig.cas.client.util.URIBuilder)

Example 5 with URIBuilder

use of org.jasig.cas.client.util.URIBuilder in project cas by apereo.

the class OAuth20CasCallbackUrlResolver method compute.

@Override
public String compute(final String url, final WebContext context) {
    if (url.startsWith(callbackUrl)) {
        final URIBuilder builder = new URIBuilder(url, true);
        Optional<URIBuilder.BasicNameValuePair> parameter = getQueryParameter(context, OAuth20Constants.CLIENT_ID);
        parameter.ifPresent(basicNameValuePair -> builder.addParameter(basicNameValuePair.getName(), basicNameValuePair.getValue()));
        parameter = getQueryParameter(context, OAuth20Constants.REDIRECT_URI);
        parameter.ifPresent(basicNameValuePair -> builder.addParameter(basicNameValuePair.getName(), basicNameValuePair.getValue()));
        parameter = getQueryParameter(context, OAuth20Constants.ACR_VALUES);
        parameter.ifPresent(basicNameValuePair -> builder.addParameter(basicNameValuePair.getName(), basicNameValuePair.getValue()));
        parameter = getQueryParameter(context, OAuth20Constants.RESPONSE_TYPE);
        parameter.ifPresent(basicNameValuePair -> builder.addParameter(basicNameValuePair.getName(), basicNameValuePair.getValue()));
        parameter = getQueryParameter(context, OAuth20Constants.GRANT_TYPE);
        parameter.ifPresent(basicNameValuePair -> builder.addParameter(basicNameValuePair.getName(), basicNameValuePair.getValue()));
        final String callbackResolved = builder.build().toString();
        LOGGER.debug("Final resolved callback URL is [{}]", callbackResolved);
        return callbackResolved;
    }
    return url;
}
Also used : URIBuilder(org.jasig.cas.client.util.URIBuilder)

Aggregations

URIBuilder (org.jasig.cas.client.util.URIBuilder)5 Optional (java.util.Optional)3 Slf4j (lombok.extern.slf4j.Slf4j)3 Set (java.util.Set)2 StringUtils (org.apache.commons.lang3.StringUtils)2 Authentication (org.apereo.cas.authentication.Authentication)2 TicketRegistrySupport (org.apereo.cas.ticket.registry.TicketRegistrySupport)2 J2EContext (org.pac4j.core.context.J2EContext)2 ZonedDateTime (java.time.ZonedDateTime)1 Arrays (java.util.Arrays)1 Collection (java.util.Collection)1 Map (java.util.Map)1 Collectors (java.util.stream.Collectors)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 AllArgsConstructor (lombok.AllArgsConstructor)1 NonNull (lombok.NonNull)1 NumberUtils (org.apache.commons.lang3.math.NumberUtils)1 CasProtocolConstants (org.apereo.cas.CasProtocolConstants)1 CentralAuthenticationService (org.apereo.cas.CentralAuthenticationService)1 AuthenticationException (org.apereo.cas.authentication.AuthenticationException)1