Example 16 with Assertion
use of org.jasig.cas.client.validation.Assertion in project spring-security by spring-projects.
the class CasAuthenticationTokenTests method testEqualsWhenEqual.
@Test
public void testEqualsWhenEqual() {
final Assertion assertion = new AssertionImpl("test");
CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES, makeUserDetails(), assertion);
CasAuthenticationToken token2 = new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES, makeUserDetails(), assertion);
assertThat(token2).isEqualTo(token1);
}
Also used :
AssertionImpl(org.jasig.cas.client.validation.AssertionImpl)
Assertion(org.jasig.cas.client.validation.Assertion)
Test(org.junit.Test)
Example 17 with Assertion
use of org.jasig.cas.client.validation.Assertion in project spring-security by spring-projects.
the class CasAuthenticationTokenTests method testNotEqualsDueToAbstractParentEqualsCheck.
@Test
public void testNotEqualsDueToAbstractParentEqualsCheck() {
final Assertion assertion = new AssertionImpl("test");
CasAuthenticationToken token1 = new CasAuthenticationToken("key", makeUserDetails(), "Password", ROLES, makeUserDetails(), assertion);
CasAuthenticationToken token2 = new CasAuthenticationToken("key", makeUserDetails("OTHER_NAME"), "Password", ROLES, makeUserDetails(), assertion);
assertThat(!token1.equals(token2)).isTrue();
}
Also used :
AssertionImpl(org.jasig.cas.client.validation.AssertionImpl)
Assertion(org.jasig.cas.client.validation.Assertion)
Test(org.junit.Test)
Example 18 with Assertion
use of org.jasig.cas.client.validation.Assertion in project spring-security by spring-projects.
the class CasAuthenticationProvider method authenticateNow.
private CasAuthenticationToken authenticateNow(final Authentication authentication) throws AuthenticationException {
try {
final Assertion assertion = this.ticketValidator.validate(authentication.getCredentials().toString(), getServiceUrl(authentication));
final UserDetails userDetails = loadUserByAssertion(assertion);
userDetailsChecker.check(userDetails);
return new CasAuthenticationToken(this.key, userDetails, authentication.getCredentials(), authoritiesMapper.mapAuthorities(userDetails.getAuthorities()), userDetails, assertion);
} catch (final TicketValidationException e) {
throw new BadCredentialsException(e.getMessage(), e);
}
}
Also used :
Assertion(org.jasig.cas.client.validation.Assertion)
BadCredentialsException(org.springframework.security.authentication.BadCredentialsException)
TicketValidationException(org.jasig.cas.client.validation.TicketValidationException)
Example 19 with Assertion
use of org.jasig.cas.client.validation.Assertion in project spring-security by spring-projects.
the class GrantedAuthorityFromAssertionAttributesUserDetailsServiceTests method correctlyExtractsNamedAttributesFromAssertionAndConvertsThemToAuthorities.
@Test
public void correctlyExtractsNamedAttributesFromAssertionAndConvertsThemToAuthorities() {
GrantedAuthorityFromAssertionAttributesUserDetailsService uds = new GrantedAuthorityFromAssertionAttributesUserDetailsService(new String[] { "a", "b", "c", "d" });
uds.setConvertToUpperCase(false);
Assertion assertion = mock(Assertion.class);
AttributePrincipal principal = mock(AttributePrincipal.class);
Map<String, Object> attributes = new HashMap<String, Object>();
attributes.put("a", Arrays.asList("role_a1", "role_a2"));
attributes.put("b", "role_b");
attributes.put("c", "role_c");
attributes.put("d", null);
attributes.put("someother", "unused");
when(assertion.getPrincipal()).thenReturn(principal);
when(principal.getAttributes()).thenReturn(attributes);
when(principal.getName()).thenReturn("somebody");
CasAssertionAuthenticationToken token = new CasAssertionAuthenticationToken(assertion, "ticket");
UserDetails user = uds.loadUserDetails(token);
Set<String> roles = AuthorityUtils.authorityListToSet(user.getAuthorities());
assertThat(roles.size()).isEqualTo(4);
assertThat(roles).contains("role_a1");
assertThat(roles).contains("role_a2");
assertThat(roles).contains("role_b");
assertThat(roles).contains("role_c");
}
Also used :
UserDetails(org.springframework.security.core.userdetails.UserDetails)
HashMap(java.util.HashMap)
Assertion(org.jasig.cas.client.validation.Assertion)
CasAssertionAuthenticationToken(org.springframework.security.cas.authentication.CasAssertionAuthenticationToken)
AttributePrincipal(org.jasig.cas.client.authentication.AttributePrincipal)
Test(org.junit.Test)
Example 20 with Assertion
use of org.jasig.cas.client.validation.Assertion in project ddf by codice.
the class WebSSOTokenValidator method validateToken.
/**
* Validate a Token using the given TokenValidatorParameters.
*/
@Override
public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
LOGGER.debug("Validating SSO Token");
STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
Crypto sigCrypto = stsProperties.getSignatureCrypto();
CallbackHandler callbackHandler = stsProperties.getCallbackHandler();
RequestData requestData = new RequestData();
requestData.setSigVerCrypto(sigCrypto);
WSSConfig wssConfig = WSSConfig.getNewInstance();
requestData.setWssConfig(wssConfig);
requestData.setCallbackHandler(callbackHandler);
LOGGER.debug("Setting validate state to invalid before check.");
TokenValidatorResponse response = new TokenValidatorResponse();
ReceivedToken validateTarget = tokenParameters.getToken();
validateTarget.setState(STATE.INVALID);
response.setToken(validateTarget);
if (!validateTarget.isBinarySecurityToken()) {
LOGGER.debug("Validate target is not a binary security token, returning invalid response.");
return response;
}
LOGGER.debug("Getting binary security token from validate target");
BinarySecurityTokenType binarySecurityToken = (BinarySecurityTokenType) validateTarget.getToken();
//
// Decode the token
//
LOGGER.debug("Decoding binary security token.");
String base64Token = binarySecurityToken.getValue();
String ticket = null;
String service = null;
try {
byte[] token = Base64.getDecoder().decode(base64Token);
if (token == null || token.length == 0) {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "Binary security token NOT successfully decoded, is empty or null.");
}
String decodedToken = new String(token, Charset.forName("UTF-8"));
if (StringUtils.isNotBlank(decodedToken)) {
LOGGER.debug("Binary security token successfully decoded: {}", decodedToken);
// Token is in the format ticket|service
String[] parts = StringUtils.split(decodedToken, CAS_BST_SEP);
if (parts.length == 2) {
ticket = parts[0];
service = parts[1];
} else {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "Was not able to parse out BST propertly. Should be in ticket|service format.");
}
} else {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "Binary security token NOT successfully decoded, is empty or null.");
}
} catch (WSSecurityException wsse) {
String msg = "Unable to decode BST into ticket and service for validation to CAS.";
LOGGER.info(msg, wsse);
return response;
}
//
try {
LOGGER.debug("Validating ticket [{}] for service [{}].", ticket, service);
// validate either returns an assertion or throws an exception
Assertion assertion = validate(ticket, service);
AttributePrincipal principal = assertion.getPrincipal();
LOGGER.debug("User name retrieved from CAS: {}", principal.getName());
response.setPrincipal(principal);
LOGGER.debug("CAS ticket successfully validated, setting state to valid.");
validateTarget.setState(STATE.VALID);
} catch (TicketValidationException e) {
LOGGER.debug("Unable to validate CAS token.", e);
}
return response;
}
Also used :
CallbackHandler(javax.security.auth.callback.CallbackHandler)
Assertion(org.jasig.cas.client.validation.Assertion)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Crypto(org.apache.wss4j.common.crypto.Crypto)
STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean)
WSSConfig(org.apache.wss4j.dom.engine.WSSConfig)
BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)
RequestData(org.apache.wss4j.dom.handler.RequestData)
TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
AttributePrincipal(org.jasig.cas.client.authentication.AttributePrincipal)
TicketValidationException(org.jasig.cas.client.validation.TicketValidationException)
Aggregations
Assertion (org.jasig.cas.client.validation.Assertion)22
AssertionImpl (org.jasig.cas.client.validation.AssertionImpl)12
Test (org.junit.Test)10
AttributePrincipal (org.jasig.cas.client.authentication.AttributePrincipal)3
Cas30ServiceTicketValidator (org.jasig.cas.client.validation.Cas30ServiceTicketValidator)3
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
TicketValidationException (org.jasig.cas.client.validation.TicketValidationException)2
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)2
CasAuthenticationToken (org.springframework.security.cas.authentication.CasAuthenticationToken)2
SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)2
User (org.springframework.security.core.userdetails.User)2
GetMapping (org.springframework.web.bind.annotation.GetMapping)2
JWTClaimsSet (com.nimbusds.jwt.JWTClaimsSet)1
IOException (java.io.IOException)1
ZonedDateTime (java.time.ZonedDateTime)1
ArrayList (java.util.ArrayList)1
HashMap (java.util.HashMap)1
CallbackHandler (javax.security.auth.callback.CallbackHandler)1
ServletException (javax.servlet.ServletException)1
HttpSession (javax.servlet.http.HttpSession)1
