Search in sources :

Example 1 with IndirectClient

use of org.pac4j.core.client.IndirectClient in project cas by apereo.

the class DelegatedClientAuthenticationAction method prepareForLoginPage.

/**
     * Prepare the data for the login page.
     *
     * @param context The current webflow context
     * @throws HttpAction the http action
     */
protected void prepareForLoginPage(final RequestContext context) throws HttpAction {
    final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
    final HttpServletResponse response = WebUtils.getHttpServletResponse(context);
    final HttpSession session = request.getSession();
    // web context
    final WebContext webContext = WebUtils.getPac4jJ2EContext(request, response);
    // save parameters in web session
    final WebApplicationService service = WebUtils.getService(context);
    LOGGER.debug("save service: [{}]", service);
    session.setAttribute(CasProtocolConstants.PARAMETER_SERVICE, service);
    saveRequestParameter(request, session, this.themeParamName);
    saveRequestParameter(request, session, this.localParamName);
    saveRequestParameter(request, session, CasProtocolConstants.PARAMETER_METHOD);
    final Set<ProviderLoginPageConfiguration> urls = new LinkedHashSet<>();
    this.clients.findAllClients().forEach(client -> {
        try {
            final IndirectClient indirectClient = (IndirectClient) client;
            final String name = client.getName().replaceAll("Client\\d*", "");
            final String redirectionUrl = indirectClient.getRedirectAction(webContext).getLocation();
            LOGGER.debug("[{}] -> [{}]", name, redirectionUrl);
            urls.add(new ProviderLoginPageConfiguration(name, redirectionUrl, name.toLowerCase()));
        } catch (final HttpAction e) {
            if (e.getCode() == HttpStatus.UNAUTHORIZED.value()) {
                LOGGER.debug("Authentication request was denied from the provider [{}]", client.getName());
            } else {
                LOGGER.warn(e.getMessage(), e);
            }
        } catch (final Exception e) {
            LOGGER.error("Cannot process client [{}]", client, e);
        }
    });
    if (!urls.isEmpty()) {
        context.getFlowScope().put(PAC4J_URLS, urls);
    } else if (response.getStatus() != HttpStatus.UNAUTHORIZED.value()) {
        LOGGER.warn("No clients could be determined based on the provided configuration");
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) LinkedHashSet(java.util.LinkedHashSet) WebApplicationService(org.apereo.cas.authentication.principal.WebApplicationService) WebContext(org.pac4j.core.context.WebContext) HttpSession(javax.servlet.http.HttpSession) HttpServletResponse(javax.servlet.http.HttpServletResponse) IndirectClient(org.pac4j.core.client.IndirectClient) HttpAction(org.pac4j.core.exception.HttpAction)

Example 2 with IndirectClient

use of org.pac4j.core.client.IndirectClient in project pac4j by pac4j.

the class DefaultCallbackLogicTests method testCallbackNoRenew.

@Test
public void testCallbackNoRenew() {
    final String originalSessionId = request.getSession().getId();
    request.setParameter(Pac4jConstants.DEFAULT_CLIENT_NAME_PARAMETER, NAME);
    final CommonProfile profile = new CommonProfile();
    final IndirectClient indirectClient = new MockIndirectClient(NAME, null, new MockCredentials(), profile);
    config.setClients(new Clients(CALLBACK_URL, indirectClient));
    renewSession = false;
    config.getClients().init();
    call();
    final HttpSession session = request.getSession();
    final String newSessionId = session.getId();
    final LinkedHashMap<String, CommonProfile> profiles = (LinkedHashMap<String, CommonProfile>) session.getAttribute(Pac4jConstants.USER_PROFILES);
    assertTrue(profiles.containsValue(profile));
    assertEquals(1, profiles.size());
    assertEquals(newSessionId, originalSessionId);
    assertEquals(302, response.getStatus());
    assertEquals(Pac4jConstants.DEFAULT_URL_VALUE, response.getRedirectedUrl());
}
Also used : CommonProfile(org.pac4j.core.profile.CommonProfile) MockIndirectClient(org.pac4j.core.client.MockIndirectClient) MockCredentials(org.pac4j.core.credentials.MockCredentials) HttpSession(javax.servlet.http.HttpSession) MockIndirectClient(org.pac4j.core.client.MockIndirectClient) IndirectClient(org.pac4j.core.client.IndirectClient) Clients(org.pac4j.core.client.Clients) LinkedHashMap(java.util.LinkedHashMap) Test(org.junit.Test)

Example 3 with IndirectClient

use of org.pac4j.core.client.IndirectClient in project cas by apereo.

the class DefaultDelegatedClientFactory method configureSamlClient.

/**
 * Configure saml client.
 *
 * @param properties the properties
 */
protected void configureSamlClient(final Collection<IndirectClient> properties) {
    val pac4jProperties = casProperties.getAuthn().getPac4j();
    val index = new AtomicInteger();
    pac4jProperties.getSaml().stream().filter(saml -> saml.isEnabled() && StringUtils.isNotBlank(saml.getKeystorePath()) && StringUtils.isNotBlank(saml.getIdentityProviderMetadataPath()) && StringUtils.isNotBlank(saml.getServiceProviderEntityId()) && StringUtils.isNotBlank(saml.getServiceProviderMetadataPath())).forEach(saml -> {
        val cfg = new SAML2Configuration(saml.getKeystorePath(), saml.getKeystorePassword(), saml.getPrivateKeyPassword(), saml.getIdentityProviderMetadataPath());
        cfg.setForceKeystoreGeneration(saml.isForceKeystoreGeneration());
        if (saml.getCertificateExpirationDays() > 0) {
            cfg.setCertificateExpirationPeriod(Period.ofDays(saml.getCertificateExpirationDays()));
        }
        FunctionUtils.doIfNotNull(saml.getCertificateSignatureAlg(), cfg::setCertificateSignatureAlg);
        cfg.setCertificateNameToAppend(StringUtils.defaultIfBlank(saml.getCertificateNameToAppend(), saml.getClientName()));
        cfg.setMaximumAuthenticationLifetime(Beans.newDuration(saml.getMaximumAuthenticationLifetime()).toSeconds());
        cfg.setServiceProviderEntityId(saml.getServiceProviderEntityId());
        cfg.setServiceProviderMetadataPath(saml.getServiceProviderMetadataPath());
        cfg.setAuthnRequestBindingType(saml.getDestinationBinding());
        cfg.setForceAuth(saml.isForceAuth());
        cfg.setPassive(saml.isPassive());
        cfg.setSignMetadata(saml.isSignServiceProviderMetadata());
        cfg.setMetadataSigner(new XMLSecSAML2MetadataSigner(cfg));
        cfg.setAuthnRequestSigned(saml.isSignAuthnRequest());
        cfg.setSpLogoutRequestSigned(saml.isSignServiceProviderLogoutRequest());
        cfg.setAcceptedSkew(Beans.newDuration(saml.getAcceptedSkew()).toSeconds());
        cfg.setSslSocketFactory(casSSLContext.getSslContext().getSocketFactory());
        cfg.setHostnameVerifier(casSSLContext.getHostnameVerifier());
        if (StringUtils.isNotBlank(saml.getPrincipalIdAttribute())) {
            cfg.setAttributeAsId(saml.getPrincipalIdAttribute());
        }
        cfg.setWantsAssertionsSigned(saml.isWantsAssertionsSigned());
        cfg.setWantsResponsesSigned(saml.isWantsResponsesSigned());
        cfg.setAllSignatureValidationDisabled(saml.isAllSignatureValidationDisabled());
        cfg.setUseNameQualifier(saml.isUseNameQualifier());
        cfg.setAttributeConsumingServiceIndex(saml.getAttributeConsumingServiceIndex());
        if (applicationContext.containsBean(DelegatedClientFactory.BEAN_NAME_SAML2_CLIENT_MESSAGE_FACTORY)) {
            val factory = applicationContext.getBean(DelegatedClientFactory.BEAN_NAME_SAML2_CLIENT_MESSAGE_FACTORY, SAMLMessageStoreFactory.class);
            cfg.setSamlMessageStoreFactory(factory);
        } else {
            FunctionUtils.doIf(saml.getMessageStoreFactory().equalsIgnoreCase("EMPTY"), ig -> cfg.setSamlMessageStoreFactory(new EmptyStoreFactory())).accept(saml);
            FunctionUtils.doIf(saml.getMessageStoreFactory().equalsIgnoreCase("SESSION"), ig -> cfg.setSamlMessageStoreFactory(new HttpSessionStoreFactory())).accept(saml);
            if (saml.getMessageStoreFactory().contains(".")) {
                Unchecked.consumer(ig -> {
                    val clazz = ClassUtils.getClass(DefaultDelegatedClientFactory.class.getClassLoader(), saml.getMessageStoreFactory());
                    val factory = SAMLMessageStoreFactory.class.cast(clazz.getDeclaredConstructor().newInstance());
                    cfg.setSamlMessageStoreFactory(factory);
                }).accept(saml);
            }
        }
        if (saml.getAssertionConsumerServiceIndex() >= 0) {
            cfg.setAssertionConsumerServiceIndex(saml.getAssertionConsumerServiceIndex());
        }
        if (!saml.getAuthnContextClassRef().isEmpty()) {
            cfg.setComparisonType(saml.getAuthnContextComparisonType().toUpperCase());
            cfg.setAuthnContextClassRefs(saml.getAuthnContextClassRef());
        }
        if (StringUtils.isNotBlank(saml.getKeystoreAlias())) {
            cfg.setKeystoreAlias(saml.getKeystoreAlias());
        }
        if (StringUtils.isNotBlank(saml.getNameIdPolicyFormat())) {
            cfg.setNameIdPolicyFormat(saml.getNameIdPolicyFormat());
        }
        if (!saml.getRequestedAttributes().isEmpty()) {
            saml.getRequestedAttributes().stream().map(attribute -> new SAML2ServiceProviderRequestedAttribute(attribute.getName(), attribute.getFriendlyName(), attribute.getNameFormat(), attribute.isRequired())).forEach(attribute -> cfg.getRequestedServiceProviderAttributes().add(attribute));
        }
        if (!saml.getBlockedSignatureSigningAlgorithms().isEmpty()) {
            cfg.setBlackListedSignatureSigningAlgorithms(saml.getBlockedSignatureSigningAlgorithms());
        }
        if (!saml.getSignatureAlgorithms().isEmpty()) {
            cfg.setSignatureAlgorithms(saml.getSignatureAlgorithms());
        }
        if (!saml.getSignatureReferenceDigestMethods().isEmpty()) {
            cfg.setSignatureReferenceDigestMethods(saml.getSignatureReferenceDigestMethods());
        }
        if (!StringUtils.isNotBlank(saml.getSignatureCanonicalizationAlgorithm())) {
            cfg.setSignatureCanonicalizationAlgorithm(saml.getSignatureCanonicalizationAlgorithm());
        }
        cfg.setProviderName(saml.getProviderName());
        cfg.setNameIdPolicyAllowCreate(saml.getNameIdPolicyAllowCreate().toBoolean());
        val mappedAttributes = saml.getMappedAttributes();
        if (!mappedAttributes.isEmpty()) {
            cfg.setMappedAttributes(CollectionUtils.convertDirectedListToMap(mappedAttributes));
        }
        val client = new SAML2Client(cfg);
        if (StringUtils.isBlank(saml.getClientName())) {
            val count = index.intValue();
            client.setName(client.getClass().getSimpleName() + count);
        }
        configureClient(client, saml);
        index.incrementAndGet();
        LOGGER.debug("Created delegated client [{}]", client);
        properties.add(client);
    });
}
Also used : lombok.val(lombok.val) CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties) Pac4jBaseClientProperties(org.apereo.cas.configuration.model.support.pac4j.Pac4jBaseClientProperties) RandomUtils(org.apereo.cas.util.RandomUtils) CasConfiguration(org.pac4j.cas.config.CasConfiguration) CasClient(org.pac4j.cas.client.CasClient) SneakyThrows(lombok.SneakyThrows) Google2Client(org.pac4j.oauth.client.Google2Client) OidcConfiguration(org.pac4j.oidc.config.OidcConfiguration) RequiredArgsConstructor(lombok.RequiredArgsConstructor) SAML2Client(org.pac4j.saml.client.SAML2Client) HttpSessionStoreFactory(org.pac4j.saml.store.HttpSessionStoreFactory) Beans(org.apereo.cas.configuration.support.Beans) StringUtils(org.apache.commons.lang3.StringUtils) PrivateKeyFactoryBean(org.apereo.cas.util.crypto.PrivateKeyFactoryBean) YahooClient(org.pac4j.oauth.client.YahooClient) AzureAdOidcConfiguration(org.pac4j.oidc.config.AzureAdOidcConfiguration) ClassUtils(org.apache.commons.lang3.ClassUtils) FunctionUtils(org.apereo.cas.util.function.FunctionUtils) LinkedIn2Client(org.pac4j.oauth.client.LinkedIn2Client) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) HiOrgServerClient(org.pac4j.oauth.client.HiOrgServerClient) IndirectClient(org.pac4j.core.client.IndirectClient) Pac4jOidcClientProperties(org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jOidcClientProperties) Synchronized(lombok.Synchronized) ResourceUtils(org.apereo.cas.util.ResourceUtils) Unchecked(org.jooq.lambda.Unchecked) Verb(com.github.scribejava.core.model.Verb) Collection(java.util.Collection) Set(java.util.Set) JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm) BasePac4jOidcClientProperties(org.apereo.cas.configuration.model.support.pac4j.oidc.BasePac4jOidcClientProperties) EmptyStoreFactory(org.pac4j.saml.store.EmptyStoreFactory) Slf4j(lombok.extern.slf4j.Slf4j) ClientCustomPropertyConstants(org.apereo.cas.authentication.principal.ClientCustomPropertyConstants) QueryParameterCallbackUrlResolver(org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver) XMLSecSAML2MetadataSigner(org.pac4j.saml.metadata.XMLSecSAML2MetadataSigner) DisposableBean(org.springframework.beans.factory.DisposableBean) CasSSLContext(org.apereo.cas.authentication.CasSSLContext) CasWebflowConfigurer(org.apereo.cas.web.flow.CasWebflowConfigurer) CasProtocol(org.pac4j.cas.config.CasProtocol) FoursquareClient(org.pac4j.oauth.client.FoursquareClient) GitHubClient(org.pac4j.oauth.client.GitHubClient) SAML2Configuration(org.pac4j.saml.config.SAML2Configuration) Pattern(java.util.regex.Pattern) PathParameterCallbackUrlResolver(org.pac4j.core.http.callback.PathParameterCallbackUrlResolver) WindowsLiveClient(org.pac4j.oauth.client.WindowsLiveClient) AzureAdClient(org.pac4j.oidc.client.AzureAdClient) Getter(lombok.Getter) BitbucketClient(org.pac4j.oauth.client.BitbucketClient) WordPressClient(org.pac4j.oauth.client.WordPressClient) SAML2ServiceProviderRequestedAttribute(org.pac4j.saml.metadata.SAML2ServiceProviderRequestedAttribute) OidcClient(org.pac4j.oidc.client.OidcClient) CollectionUtils(org.apereo.cas.util.CollectionUtils) PayPalClient(org.pac4j.oauth.client.PayPalClient) ECPrivateKey(java.security.interfaces.ECPrivateKey) LinkedHashSet(java.util.LinkedHashSet) NoParameterCallbackUrlResolver(org.pac4j.core.http.callback.NoParameterCallbackUrlResolver) Period(java.time.Period) GoogleOidcClient(org.pac4j.oidc.client.GoogleOidcClient) FacebookClient(org.pac4j.oauth.client.FacebookClient) KeycloakOidcClient(org.pac4j.oidc.client.KeycloakOidcClient) lombok.val(lombok.val) ApplicationContext(org.springframework.context.ApplicationContext) AppleOidcConfiguration(org.pac4j.oidc.config.AppleOidcConfiguration) GenericOAuth20Client(org.pac4j.oauth.client.GenericOAuth20Client) AppleClient(org.pac4j.oidc.client.AppleClient) TwitterClient(org.pac4j.oauth.client.TwitterClient) SAMLMessageStoreFactory(org.pac4j.saml.store.SAMLMessageStoreFactory) KeycloakOidcConfiguration(org.pac4j.oidc.config.KeycloakOidcConfiguration) DropBoxClient(org.pac4j.oauth.client.DropBoxClient) HttpSessionStoreFactory(org.pac4j.saml.store.HttpSessionStoreFactory) EmptyStoreFactory(org.pac4j.saml.store.EmptyStoreFactory) SAMLMessageStoreFactory(org.pac4j.saml.store.SAMLMessageStoreFactory) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) SAML2Configuration(org.pac4j.saml.config.SAML2Configuration) SAML2ServiceProviderRequestedAttribute(org.pac4j.saml.metadata.SAML2ServiceProviderRequestedAttribute) SAML2Client(org.pac4j.saml.client.SAML2Client) XMLSecSAML2MetadataSigner(org.pac4j.saml.metadata.XMLSecSAML2MetadataSigner)

Example 4 with IndirectClient

use of org.pac4j.core.client.IndirectClient in project cas by apereo.

the class DefaultDelegatedClientFactory method configureOAuth20Client.

/**
 * Configure OAuth client.
 *
 * @param properties the properties
 */
protected void configureOAuth20Client(final Collection<IndirectClient> properties) {
    val pac4jProperties = casProperties.getAuthn().getPac4j();
    val index = new AtomicInteger();
    pac4jProperties.getOauth2().stream().filter(oauth -> oauth.isEnabled() && StringUtils.isNotBlank(oauth.getId()) && StringUtils.isNotBlank(oauth.getSecret())).forEach(oauth -> {
        val client = new GenericOAuth20Client();
        client.setProfileId(StringUtils.defaultIfBlank(oauth.getPrincipalAttributeId(), pac4jProperties.getCore().getPrincipalAttributeId()));
        client.setKey(oauth.getId());
        client.setSecret(oauth.getSecret());
        client.setProfileAttrs(oauth.getProfileAttrs());
        client.setProfileNodePath(oauth.getProfilePath());
        client.setProfileUrl(oauth.getProfileUrl());
        client.setProfileVerb(Verb.valueOf(oauth.getProfileVerb().toUpperCase()));
        client.setTokenUrl(oauth.getTokenUrl());
        client.setAuthUrl(oauth.getAuthUrl());
        client.setScope(oauth.getScope());
        client.setCustomParams(oauth.getCustomParams());
        client.getConfiguration().setResponseType(oauth.getResponseType());
        if (StringUtils.isBlank(oauth.getClientName())) {
            val count = index.intValue();
            client.setName(client.getClass().getSimpleName() + count);
        }
        configureClient(client, oauth);
        index.incrementAndGet();
        LOGGER.debug("Created client [{}]", client);
        properties.add(client);
    });
}
Also used : lombok.val(lombok.val) CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties) Pac4jBaseClientProperties(org.apereo.cas.configuration.model.support.pac4j.Pac4jBaseClientProperties) RandomUtils(org.apereo.cas.util.RandomUtils) CasConfiguration(org.pac4j.cas.config.CasConfiguration) CasClient(org.pac4j.cas.client.CasClient) SneakyThrows(lombok.SneakyThrows) Google2Client(org.pac4j.oauth.client.Google2Client) OidcConfiguration(org.pac4j.oidc.config.OidcConfiguration) RequiredArgsConstructor(lombok.RequiredArgsConstructor) SAML2Client(org.pac4j.saml.client.SAML2Client) HttpSessionStoreFactory(org.pac4j.saml.store.HttpSessionStoreFactory) Beans(org.apereo.cas.configuration.support.Beans) StringUtils(org.apache.commons.lang3.StringUtils) PrivateKeyFactoryBean(org.apereo.cas.util.crypto.PrivateKeyFactoryBean) YahooClient(org.pac4j.oauth.client.YahooClient) AzureAdOidcConfiguration(org.pac4j.oidc.config.AzureAdOidcConfiguration) ClassUtils(org.apache.commons.lang3.ClassUtils) FunctionUtils(org.apereo.cas.util.function.FunctionUtils) LinkedIn2Client(org.pac4j.oauth.client.LinkedIn2Client) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) HiOrgServerClient(org.pac4j.oauth.client.HiOrgServerClient) IndirectClient(org.pac4j.core.client.IndirectClient) Pac4jOidcClientProperties(org.apereo.cas.configuration.model.support.pac4j.oidc.Pac4jOidcClientProperties) Synchronized(lombok.Synchronized) ResourceUtils(org.apereo.cas.util.ResourceUtils) Unchecked(org.jooq.lambda.Unchecked) Verb(com.github.scribejava.core.model.Verb) Collection(java.util.Collection) Set(java.util.Set) JWSAlgorithm(com.nimbusds.jose.JWSAlgorithm) BasePac4jOidcClientProperties(org.apereo.cas.configuration.model.support.pac4j.oidc.BasePac4jOidcClientProperties) EmptyStoreFactory(org.pac4j.saml.store.EmptyStoreFactory) Slf4j(lombok.extern.slf4j.Slf4j) ClientCustomPropertyConstants(org.apereo.cas.authentication.principal.ClientCustomPropertyConstants) QueryParameterCallbackUrlResolver(org.pac4j.core.http.callback.QueryParameterCallbackUrlResolver) XMLSecSAML2MetadataSigner(org.pac4j.saml.metadata.XMLSecSAML2MetadataSigner) DisposableBean(org.springframework.beans.factory.DisposableBean) CasSSLContext(org.apereo.cas.authentication.CasSSLContext) CasWebflowConfigurer(org.apereo.cas.web.flow.CasWebflowConfigurer) CasProtocol(org.pac4j.cas.config.CasProtocol) FoursquareClient(org.pac4j.oauth.client.FoursquareClient) GitHubClient(org.pac4j.oauth.client.GitHubClient) SAML2Configuration(org.pac4j.saml.config.SAML2Configuration) Pattern(java.util.regex.Pattern) PathParameterCallbackUrlResolver(org.pac4j.core.http.callback.PathParameterCallbackUrlResolver) WindowsLiveClient(org.pac4j.oauth.client.WindowsLiveClient) AzureAdClient(org.pac4j.oidc.client.AzureAdClient) Getter(lombok.Getter) BitbucketClient(org.pac4j.oauth.client.BitbucketClient) WordPressClient(org.pac4j.oauth.client.WordPressClient) SAML2ServiceProviderRequestedAttribute(org.pac4j.saml.metadata.SAML2ServiceProviderRequestedAttribute) OidcClient(org.pac4j.oidc.client.OidcClient) CollectionUtils(org.apereo.cas.util.CollectionUtils) PayPalClient(org.pac4j.oauth.client.PayPalClient) ECPrivateKey(java.security.interfaces.ECPrivateKey) LinkedHashSet(java.util.LinkedHashSet) NoParameterCallbackUrlResolver(org.pac4j.core.http.callback.NoParameterCallbackUrlResolver) Period(java.time.Period) GoogleOidcClient(org.pac4j.oidc.client.GoogleOidcClient) FacebookClient(org.pac4j.oauth.client.FacebookClient) KeycloakOidcClient(org.pac4j.oidc.client.KeycloakOidcClient) lombok.val(lombok.val) ApplicationContext(org.springframework.context.ApplicationContext) AppleOidcConfiguration(org.pac4j.oidc.config.AppleOidcConfiguration) GenericOAuth20Client(org.pac4j.oauth.client.GenericOAuth20Client) AppleClient(org.pac4j.oidc.client.AppleClient) TwitterClient(org.pac4j.oauth.client.TwitterClient) SAMLMessageStoreFactory(org.pac4j.saml.store.SAMLMessageStoreFactory) KeycloakOidcConfiguration(org.pac4j.oidc.config.KeycloakOidcConfiguration) DropBoxClient(org.pac4j.oauth.client.DropBoxClient) GenericOAuth20Client(org.pac4j.oauth.client.GenericOAuth20Client) AtomicInteger(java.util.concurrent.atomic.AtomicInteger)

Example 5 with IndirectClient

use of org.pac4j.core.client.IndirectClient in project cas by apereo.

the class DefaultDelegatedClientIdentityProviderConfigurationProducer method produce.

@Override
public Optional<DelegatedClientIdentityProviderConfiguration> produce(final RequestContext requestContext, final IndirectClient client) {
    val request = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
    val response = WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext);
    val webContext = new JEEContext(request, response);
    val currentService = WebUtils.getService(requestContext);
    LOGGER.debug("Initializing client [{}] with request parameters [{}] and service [{}]", client, requestContext.getRequestParameters(), currentService);
    client.init();
    if (delegatedClientAuthenticationRequestCustomizers.isEmpty() || delegatedClientAuthenticationRequestCustomizers.stream().anyMatch(c -> c.isAuthorized(webContext, client, currentService))) {
        return DelegatedClientIdentityProviderConfigurationFactory.builder().client(client).webContext(webContext).service(currentService).casProperties(casProperties).build().resolve();
    }
    return Optional.empty();
}
Also used : lombok.val(lombok.val) CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties) DelegatedClientIdentityProviderRedirectionStrategy(org.apereo.cas.pac4j.client.DelegatedClientIdentityProviderRedirectionStrategy) RequiredArgsConstructor(lombok.RequiredArgsConstructor) DelegatedClientIdentityProviderConfiguration(org.apereo.cas.web.DelegatedClientIdentityProviderConfiguration) RequestContext(org.springframework.webflow.execution.RequestContext) WebApplicationService(org.apereo.cas.authentication.principal.WebApplicationService) HashSet(java.util.HashSet) LoggingUtils(org.apereo.cas.util.LoggingUtils) HttpServletRequest(javax.servlet.http.HttpServletRequest) Clients(org.pac4j.core.client.Clients) Client(org.pac4j.core.client.Client) IndirectClient(org.pac4j.core.client.IndirectClient) JEEContext(org.pac4j.core.context.JEEContext) DelegatedClientIdentityProviderConfigurationFactory(org.apereo.cas.web.DelegatedClientIdentityProviderConfigurationFactory) LinkedHashSet(java.util.LinkedHashSet) DelegatedClientAuthenticationRequestCustomizer(org.apereo.cas.pac4j.client.DelegatedClientAuthenticationRequestCustomizer) lombok.val(lombok.val) AuthenticationServiceSelectionPlan(org.apereo.cas.authentication.AuthenticationServiceSelectionPlan) Set(java.util.Set) HttpStatus(org.springframework.http.HttpStatus) Slf4j(lombok.extern.slf4j.Slf4j) List(java.util.List) DelegatedAuthenticationAccessStrategyHelper(org.apereo.cas.validation.DelegatedAuthenticationAccessStrategyHelper) Service(org.apereo.cas.authentication.principal.Service) Optional(java.util.Optional) WebUtils(org.apereo.cas.web.support.WebUtils) JEEContext(org.pac4j.core.context.JEEContext)

Aggregations

IndirectClient (org.pac4j.core.client.IndirectClient)15 LinkedHashSet (java.util.LinkedHashSet)7 lombok.val (lombok.val)7 RequiredArgsConstructor (lombok.RequiredArgsConstructor)6 Slf4j (lombok.extern.slf4j.Slf4j)6 Getter (lombok.Getter)5 CasConfigurationProperties (org.apereo.cas.configuration.CasConfigurationProperties)5 Clients (org.pac4j.core.client.Clients)5 Set (java.util.Set)4 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 HttpSession (javax.servlet.http.HttpSession)4 Verb (com.github.scribejava.core.model.Verb)3 JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)3 ECPrivateKey (java.security.interfaces.ECPrivateKey)3 Period (java.time.Period)3 Collection (java.util.Collection)3 AtomicInteger (java.util.concurrent.atomic.AtomicInteger)3 Pattern (java.util.regex.Pattern)3 LinkedHashMap (java.util.LinkedHashMap)2 Optional (java.util.Optional)2