Search in sources :

Example 6 with Clients

use of org.pac4j.core.client.Clients in project pac4j by pac4j.

the class DefaultSecurityLogic method perform.

@Override
public R perform(final C context, final Config config, final SecurityGrantedAccessAdapter<R, C> securityGrantedAccessAdapter, final HttpActionAdapter<R, C> httpActionAdapter, final String clients, final String authorizers, final String matchers, final Boolean inputMultiProfile, final Object... parameters) {
    logger.debug("=== SECURITY ===");
    HttpAction action;
    try {
        // default value
        final boolean multiProfile;
        if (inputMultiProfile == null) {
            multiProfile = false;
        } else {
            multiProfile = inputMultiProfile;
        }
        // checks
        assertNotNull("context", context);
        assertNotNull("config", config);
        assertNotNull("httpActionAdapter", httpActionAdapter);
        assertNotNull("clientFinder", clientFinder);
        assertNotNull("authorizationChecker", authorizationChecker);
        assertNotNull("matchingChecker", matchingChecker);
        assertNotNull("profileStorageDecision", profileStorageDecision);
        final Clients configClients = config.getClients();
        assertNotNull("configClients", configClients);
        // logic
        logger.debug("url: {}", context.getFullRequestURL());
        logger.debug("matchers: {}", matchers);
        if (matchingChecker.matches(context, matchers, config.getMatchers())) {
            logger.debug("clients: {}", clients);
            final List<Client> currentClients = clientFinder.find(configClients, context, clients);
            logger.debug("currentClients: {}", currentClients);
            final boolean loadProfilesFromSession = profileStorageDecision.mustLoadProfilesFromSession(context, currentClients);
            logger.debug("loadProfilesFromSession: {}", loadProfilesFromSession);
            final ProfileManager manager = getProfileManager(context, config);
            List<CommonProfile> profiles = manager.getAll(loadProfilesFromSession);
            logger.debug("profiles: {}", profiles);
            // no profile and some current clients
            if (isEmpty(profiles) && isNotEmpty(currentClients)) {
                boolean updated = false;
                // loop on all clients searching direct ones to perform authentication
                for (final Client currentClient : currentClients) {
                    if (currentClient instanceof DirectClient) {
                        logger.debug("Performing authentication for direct client: {}", currentClient);
                        final Credentials credentials = currentClient.getCredentials(context);
                        logger.debug("credentials: {}", credentials);
                        final CommonProfile profile = currentClient.getUserProfile(credentials, context);
                        logger.debug("profile: {}", profile);
                        if (profile != null) {
                            final boolean saveProfileInSession = profileStorageDecision.mustSaveProfileInSession(context, currentClients, (DirectClient) currentClient, profile);
                            logger.debug("saveProfileInSession: {} / multiProfile: {}", saveProfileInSession, multiProfile);
                            manager.save(saveProfileInSession, profile, multiProfile);
                            updated = true;
                            if (!multiProfile) {
                                break;
                            }
                        }
                    }
                }
                if (updated) {
                    profiles = manager.getAll(loadProfilesFromSession);
                    logger.debug("new profiles: {}", profiles);
                }
            }
            // we have profile(s) -> check authorizations
            if (isNotEmpty(profiles)) {
                logger.debug("authorizers: {}", authorizers);
                if (authorizationChecker.isAuthorized(context, profiles, authorizers, config.getAuthorizers())) {
                    logger.debug("authenticated and authorized -> grant access");
                    return securityGrantedAccessAdapter.adapt(context, profiles, parameters);
                } else {
                    logger.debug("forbidden");
                    action = forbidden(context, currentClients, profiles, authorizers);
                }
            } else {
                if (startAuthentication(context, currentClients)) {
                    logger.debug("Starting authentication");
                    saveRequestedUrl(context, currentClients);
                    action = redirectToIdentityProvider(context, currentClients);
                } else {
                    logger.debug("unauthorized");
                    action = unauthorized(context, currentClients);
                }
            }
        } else {
            logger.debug("no matching for this request -> grant access");
            return securityGrantedAccessAdapter.adapt(context, Arrays.asList(), parameters);
        }
    } catch (final Exception e) {
        return handleException(e, httpActionAdapter, context);
    }
    return httpActionAdapter.adapt(action.getCode(), context);
}
Also used : ProfileManager(org.pac4j.core.profile.ProfileManager) DirectClient(org.pac4j.core.client.DirectClient) CommonProfile(org.pac4j.core.profile.CommonProfile) Clients(org.pac4j.core.client.Clients) DirectClient(org.pac4j.core.client.DirectClient) Client(org.pac4j.core.client.Client) IndirectClient(org.pac4j.core.client.IndirectClient) HttpAction(org.pac4j.core.exception.HttpAction) Credentials(org.pac4j.core.credentials.Credentials)

Example 7 with Clients

use of org.pac4j.core.client.Clients in project pac4j by pac4j.

the class DefaultLogoutLogicTests method testCentralLogoutWithRelativeUrl.

@Test
public void testCentralLogoutWithRelativeUrl() {
    final CommonProfile profile = new CommonProfile();
    profile.setClientName(NAME);
    final MockIndirectClient client = new MockIndirectClient(NAME);
    client.setCallbackUrl(PAC4J_BASE_URL);
    client.setLogoutActionBuilder((ctx, p, targetUrl) -> RedirectAction.redirect(CALLBACK_URL + "?p=" + targetUrl));
    config.setClients(new Clients(client));
    profiles.put(NAME, profile);
    addProfilesToContext();
    centralLogout = true;
    context.addRequestParameter(Pac4jConstants.URL, PATH);
    call();
    assertEquals(302, context.getResponseStatus());
    assertEquals(CALLBACK_URL + "?p=null", context.getResponseLocation());
    expectedNProfiles(0);
}
Also used : CommonProfile(org.pac4j.core.profile.CommonProfile) MockIndirectClient(org.pac4j.core.client.MockIndirectClient) Clients(org.pac4j.core.client.Clients) Test(org.junit.Test)

Example 8 with Clients

use of org.pac4j.core.client.Clients in project pac4j by pac4j.

the class DefaultSecurityClientFinderTests method testBlankClientRequested.

@Test
public void testBlankClientRequested() {
    final MockIndirectClient client1 = new MockIndirectClient(NAME, RedirectAction.redirect(LOGIN_URL), (Credentials) null, new CommonProfile());
    final Clients clients = new Clients(client1);
    final List<Client> result = finder.find(clients, MockWebContext.create(), "");
    assertEquals(0, result.size());
}
Also used : MockIndirectClient(org.pac4j.core.client.MockIndirectClient) CommonProfile(org.pac4j.core.profile.CommonProfile) Clients(org.pac4j.core.client.Clients) Client(org.pac4j.core.client.Client) MockIndirectClient(org.pac4j.core.client.MockIndirectClient) Test(org.junit.Test)

Example 9 with Clients

use of org.pac4j.core.client.Clients in project pac4j by pac4j.

the class DefaultSecurityClientFinderTests method testDefaultSecurityClients.

@Test
public void testDefaultSecurityClients() {
    final MockIndirectClient client1 = new MockIndirectClient(NAME, RedirectAction.redirect(LOGIN_URL), (Credentials) null, new CommonProfile());
    final MockIndirectClient client2 = new MockIndirectClient(CLIENT_NAME, RedirectAction.redirect(LOGIN_URL), (Credentials) null, new CommonProfile());
    final Clients clients = new Clients(client1, client2);
    clients.setDefaultSecurityClients(CLIENT_NAME);
    final List<Client> result = finder.find(clients, MockWebContext.create(), null);
    assertEquals(1, result.size());
    assertEquals(client2, result.get(0));
}
Also used : MockIndirectClient(org.pac4j.core.client.MockIndirectClient) CommonProfile(org.pac4j.core.profile.CommonProfile) Clients(org.pac4j.core.client.Clients) Client(org.pac4j.core.client.Client) MockIndirectClient(org.pac4j.core.client.MockIndirectClient) Test(org.junit.Test)

Example 10 with Clients

use of org.pac4j.core.client.Clients in project pac4j by pac4j.

the class DefaultSecurityClientFinderTests method testNoClientOnRequestBadDefaultClient.

@Test
public void testNoClientOnRequestBadDefaultClient() {
    final MockIndirectClient client1 = new MockIndirectClient(NAME, RedirectAction.redirect(LOGIN_URL), (Credentials) null, new CommonProfile());
    final MockIndirectClient client2 = new MockIndirectClient(CLIENT_NAME, RedirectAction.redirect(LOGIN_URL), (Credentials) null, new CommonProfile());
    final Clients clients = new Clients(client1, client2);
    final WebContext context = MockWebContext.create();
    TestsHelper.expectException(() -> finder.find(clients, context, FAKE_VALUE), TechnicalException.class, "No client found for name: " + FAKE_VALUE);
}
Also used : WebContext(org.pac4j.core.context.WebContext) MockWebContext(org.pac4j.core.context.MockWebContext) MockIndirectClient(org.pac4j.core.client.MockIndirectClient) CommonProfile(org.pac4j.core.profile.CommonProfile) Clients(org.pac4j.core.client.Clients) Test(org.junit.Test)

Aggregations

Clients (org.pac4j.core.client.Clients)33 Test (org.junit.Test)19 CommonProfile (org.pac4j.core.profile.CommonProfile)19 MockIndirectClient (org.pac4j.core.client.MockIndirectClient)16 Client (org.pac4j.core.client.Client)13 WebContext (org.pac4j.core.context.WebContext)10 MockWebContext (org.pac4j.core.context.MockWebContext)7 FacebookClient (org.pac4j.oauth.client.FacebookClient)6 Credentials (org.pac4j.core.credentials.Credentials)5 IndirectClient (org.pac4j.core.client.IndirectClient)4 MockCredentials (org.pac4j.core.credentials.MockCredentials)4 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)4 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)4 ServletExternalContext (org.springframework.webflow.context.servlet.ServletExternalContext)4 LinkedHashMap (java.util.LinkedHashMap)3 List (java.util.List)3 HttpSession (javax.servlet.http.HttpSession)3 CentralAuthenticationService (org.apereo.cas.CentralAuthenticationService)3 BaseClient (org.pac4j.core.client.BaseClient)3 Config (org.pac4j.core.config.Config)3