Example 6 with Client
use of org.pac4j.core.client.Client in project pac4j by pac4j.
the class DefaultLogoutLogic method perform.
@Override
public R perform(final C context, final Config config, final HttpActionAdapter<R, C> httpActionAdapter, final String defaultUrl, final String inputLogoutUrlPattern, final Boolean inputLocalLogout, final Boolean inputDestroySession, final Boolean inputCentralLogout) {
logger.debug("=== LOGOUT ===");
HttpAction action;
try {
// default values
final String logoutUrlPattern;
if (inputLogoutUrlPattern == null) {
logoutUrlPattern = Pac4jConstants.DEFAULT_LOGOUT_URL_PATTERN_VALUE;
} else {
logoutUrlPattern = inputLogoutUrlPattern;
}
final boolean localLogout;
if (inputLocalLogout == null) {
localLogout = true;
} else {
localLogout = inputLocalLogout;
}
final boolean destroySession;
if (inputDestroySession == null) {
destroySession = false;
} else {
destroySession = inputDestroySession;
}
final boolean centralLogout;
if (inputCentralLogout == null) {
centralLogout = false;
} else {
centralLogout = inputCentralLogout;
}
// checks
assertNotNull("context", context);
assertNotNull("config", config);
assertNotNull("httpActionAdapter", httpActionAdapter);
assertNotBlank(Pac4jConstants.LOGOUT_URL_PATTERN, logoutUrlPattern);
final Clients configClients = config.getClients();
assertNotNull("configClients", configClients);
// logic
final ProfileManager manager = getProfileManager(context, config);
final List<CommonProfile> profiles = manager.getAll(true);
// compute redirection URL
final String url = context.getRequestParameter(Pac4jConstants.URL);
String redirectUrl = defaultUrl;
if (url != null && Pattern.matches(logoutUrlPattern, url)) {
redirectUrl = url;
}
logger.debug("redirectUrl: {}", redirectUrl);
if (redirectUrl != null) {
action = HttpAction.redirect(context, redirectUrl);
} else {
action = HttpAction.noContent(context);
}
// local logout if requested or multiple profiles
if (localLogout || profiles.size() > 1) {
logger.debug("Performing application logout");
manager.logout();
if (destroySession) {
final SessionStore sessionStore = context.getSessionStore();
if (sessionStore != null) {
final boolean removed = sessionStore.destroySession(context);
if (!removed) {
logger.error("Unable to destroy the web session. The session store may not support this feature");
}
} else {
logger.error("No session store available for this web context");
}
}
}
// central logout
if (centralLogout) {
logger.debug("Performing central logout");
for (final CommonProfile profile : profiles) {
logger.debug("Profile: {}", profile);
final String clientName = profile.getClientName();
if (clientName != null) {
final Client client = configClients.findClient(clientName);
if (client != null) {
final String targetUrl;
if (redirectUrl != null && (redirectUrl.startsWith(HttpConstants.SCHEME_HTTP) || redirectUrl.startsWith(HttpConstants.SCHEME_HTTPS))) {
targetUrl = redirectUrl;
} else {
targetUrl = null;
}
final RedirectAction logoutAction = client.getLogoutAction(context, profile, targetUrl);
logger.debug("Logout action: {}", logoutAction);
if (logoutAction != null) {
action = logoutAction.perform(context);
break;
}
}
}
}
}
} catch (final RuntimeException e) {
return handleException(e, httpActionAdapter, context);
}
return httpActionAdapter.adapt(action.getCode(), context);
}
Also used :
ProfileManager(org.pac4j.core.profile.ProfileManager)
SessionStore(org.pac4j.core.context.session.SessionStore)
CommonProfile(org.pac4j.core.profile.CommonProfile)
Clients(org.pac4j.core.client.Clients)
Client(org.pac4j.core.client.Client)
HttpAction(org.pac4j.core.exception.HttpAction)
RedirectAction(org.pac4j.core.redirect.RedirectAction)
Example 7 with Client
use of org.pac4j.core.client.Client in project pac4j by pac4j.
the class DefaultSecurityLogic method perform.
@Override
public R perform(final C context, final Config config, final SecurityGrantedAccessAdapter<R, C> securityGrantedAccessAdapter, final HttpActionAdapter<R, C> httpActionAdapter, final String clients, final String authorizers, final String matchers, final Boolean inputMultiProfile, final Object... parameters) {
logger.debug("=== SECURITY ===");
HttpAction action;
try {
// default value
final boolean multiProfile;
if (inputMultiProfile == null) {
multiProfile = false;
} else {
multiProfile = inputMultiProfile;
}
// checks
assertNotNull("context", context);
assertNotNull("config", config);
assertNotNull("httpActionAdapter", httpActionAdapter);
assertNotNull("clientFinder", clientFinder);
assertNotNull("authorizationChecker", authorizationChecker);
assertNotNull("matchingChecker", matchingChecker);
assertNotNull("profileStorageDecision", profileStorageDecision);
final Clients configClients = config.getClients();
assertNotNull("configClients", configClients);
// logic
logger.debug("url: {}", context.getFullRequestURL());
logger.debug("matchers: {}", matchers);
if (matchingChecker.matches(context, matchers, config.getMatchers())) {
logger.debug("clients: {}", clients);
final List<Client> currentClients = clientFinder.find(configClients, context, clients);
logger.debug("currentClients: {}", currentClients);
final boolean loadProfilesFromSession = profileStorageDecision.mustLoadProfilesFromSession(context, currentClients);
logger.debug("loadProfilesFromSession: {}", loadProfilesFromSession);
final ProfileManager manager = getProfileManager(context, config);
List<CommonProfile> profiles = manager.getAll(loadProfilesFromSession);
logger.debug("profiles: {}", profiles);
// no profile and some current clients
if (isEmpty(profiles) && isNotEmpty(currentClients)) {
boolean updated = false;
// loop on all clients searching direct ones to perform authentication
for (final Client currentClient : currentClients) {
if (currentClient instanceof DirectClient) {
logger.debug("Performing authentication for direct client: {}", currentClient);
final Credentials credentials = currentClient.getCredentials(context);
logger.debug("credentials: {}", credentials);
final CommonProfile profile = currentClient.getUserProfile(credentials, context);
logger.debug("profile: {}", profile);
if (profile != null) {
final boolean saveProfileInSession = profileStorageDecision.mustSaveProfileInSession(context, currentClients, (DirectClient) currentClient, profile);
logger.debug("saveProfileInSession: {} / multiProfile: {}", saveProfileInSession, multiProfile);
manager.save(saveProfileInSession, profile, multiProfile);
updated = true;
if (!multiProfile) {
break;
}
}
}
}
if (updated) {
profiles = manager.getAll(loadProfilesFromSession);
logger.debug("new profiles: {}", profiles);
}
}
// we have profile(s) -> check authorizations
if (isNotEmpty(profiles)) {
logger.debug("authorizers: {}", authorizers);
if (authorizationChecker.isAuthorized(context, profiles, authorizers, config.getAuthorizers())) {
logger.debug("authenticated and authorized -> grant access");
return securityGrantedAccessAdapter.adapt(context, profiles, parameters);
} else {
logger.debug("forbidden");
action = forbidden(context, currentClients, profiles, authorizers);
}
} else {
if (startAuthentication(context, currentClients)) {
logger.debug("Starting authentication");
saveRequestedUrl(context, currentClients);
action = redirectToIdentityProvider(context, currentClients);
} else {
logger.debug("unauthorized");
action = unauthorized(context, currentClients);
}
}
} else {
logger.debug("no matching for this request -> grant access");
return securityGrantedAccessAdapter.adapt(context, Arrays.asList(), parameters);
}
} catch (final Exception e) {
return handleException(e, httpActionAdapter, context);
}
return httpActionAdapter.adapt(action.getCode(), context);
}
Also used :
ProfileManager(org.pac4j.core.profile.ProfileManager)
DirectClient(org.pac4j.core.client.DirectClient)
CommonProfile(org.pac4j.core.profile.CommonProfile)
Clients(org.pac4j.core.client.Clients)
DirectClient(org.pac4j.core.client.DirectClient)
Client(org.pac4j.core.client.Client)
IndirectClient(org.pac4j.core.client.IndirectClient)
HttpAction(org.pac4j.core.exception.HttpAction)
Credentials(org.pac4j.core.credentials.Credentials)
Example 8 with Client
use of org.pac4j.core.client.Client in project pac4j by pac4j.
the class DefaultSecurityClientFinderTests method testBlankClientRequested.
@Test
public void testBlankClientRequested() {
final MockIndirectClient client1 = new MockIndirectClient(NAME, RedirectAction.redirect(LOGIN_URL), (Credentials) null, new CommonProfile());
final Clients clients = new Clients(client1);
final List<Client> result = finder.find(clients, MockWebContext.create(), "");
assertEquals(0, result.size());
}
Also used :
MockIndirectClient(org.pac4j.core.client.MockIndirectClient)
CommonProfile(org.pac4j.core.profile.CommonProfile)
Clients(org.pac4j.core.client.Clients)
Client(org.pac4j.core.client.Client)
MockIndirectClient(org.pac4j.core.client.MockIndirectClient)
Test(org.junit.Test)
Example 9 with Client
use of org.pac4j.core.client.Client in project pac4j by pac4j.
the class DefaultSecurityClientFinderTests method testDefaultSecurityClients.
@Test
public void testDefaultSecurityClients() {
final MockIndirectClient client1 = new MockIndirectClient(NAME, RedirectAction.redirect(LOGIN_URL), (Credentials) null, new CommonProfile());
final MockIndirectClient client2 = new MockIndirectClient(CLIENT_NAME, RedirectAction.redirect(LOGIN_URL), (Credentials) null, new CommonProfile());
final Clients clients = new Clients(client1, client2);
clients.setDefaultSecurityClients(CLIENT_NAME);
final List<Client> result = finder.find(clients, MockWebContext.create(), null);
assertEquals(1, result.size());
assertEquals(client2, result.get(0));
}
Also used :
MockIndirectClient(org.pac4j.core.client.MockIndirectClient)
CommonProfile(org.pac4j.core.profile.CommonProfile)
Clients(org.pac4j.core.client.Clients)
Client(org.pac4j.core.client.Client)
MockIndirectClient(org.pac4j.core.client.MockIndirectClient)
Test(org.junit.Test)
Example 10 with Client
use of org.pac4j.core.client.Client in project pac4j by pac4j.
the class DefaultSecurityClientFinderTests method testNoClientOnRequest.
@Test
public void testNoClientOnRequest() {
final MockIndirectClient client1 = new MockIndirectClient(NAME, RedirectAction.redirect(LOGIN_URL), (Credentials) null, new CommonProfile());
final MockIndirectClient client2 = new MockIndirectClient(CLIENT_NAME, RedirectAction.redirect(LOGIN_URL), (Credentials) null, new CommonProfile());
final Clients clients = new Clients(client1, client2);
final WebContext context = MockWebContext.create();
final List<Client> currentClients = finder.find(clients, context, CLIENT_NAME);
assertEquals(1, currentClients.size());
assertEquals(client2, currentClients.get(0));
}
Also used :
WebContext(org.pac4j.core.context.WebContext)
MockWebContext(org.pac4j.core.context.MockWebContext)
MockIndirectClient(org.pac4j.core.client.MockIndirectClient)
CommonProfile(org.pac4j.core.profile.CommonProfile)
Clients(org.pac4j.core.client.Clients)
Client(org.pac4j.core.client.Client)
MockIndirectClient(org.pac4j.core.client.MockIndirectClient)
Test(org.junit.Test)
Aggregations
Client (org.pac4j.core.client.Client)25
Clients (org.pac4j.core.client.Clients)14
CommonProfile (org.pac4j.core.profile.CommonProfile)9
WebContext (org.pac4j.core.context.WebContext)8
MockIndirectClient (org.pac4j.core.client.MockIndirectClient)7
lombok.val (lombok.val)6
Test (org.junit.Test)5
Credentials (org.pac4j.core.credentials.Credentials)5
List (java.util.List)4
Optional (java.util.Optional)4
IndirectClient (org.pac4j.core.client.IndirectClient)4
HttpAction (org.pac4j.core.exception.HttpAction)4
UserProfile (org.pac4j.core.profile.UserProfile)4
ArrayList (java.util.ArrayList)3
HashMap (java.util.HashMap)3
Slf4j (lombok.extern.slf4j.Slf4j)3
SessionStore (org.pac4j.core.context.session.SessionStore)3
ProfileManager (org.pac4j.core.profile.ProfileManager)3
ImmutableList (com.google.common.collect.ImmutableList)2
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
