use of org.pac4j.core.context.J2EContext in project cas by apereo.
the class OidcIdTokenGeneratorService method generate.
/**
* Generate string.
*
* @param request the request
* @param response the response
* @param accessTokenId the access token id
* @param timeout the timeout
* @param responseType the response type
* @param registeredService the registered service
* @return the string
* @throws Exception the exception
*/
public String generate(final HttpServletRequest request, final HttpServletResponse response, final AccessToken accessTokenId, final long timeout, final OAuth20ResponseTypes responseType, final OAuthRegisteredService registeredService) throws Exception {
if (!(registeredService instanceof OidcRegisteredService)) {
throw new IllegalArgumentException("Registered service instance is not an OIDC service");
}
final OidcRegisteredService oidcRegisteredService = (OidcRegisteredService) registeredService;
final J2EContext context = Pac4jUtils.getPac4jJ2EContext(request, response);
final ProfileManager manager = Pac4jUtils.getPac4jProfileManager(request, response);
final Optional<UserProfile> profile = manager.get(true);
LOGGER.debug("Attempting to produce claims for the id token [{}]", accessTokenId);
final JwtClaims claims = produceIdTokenClaims(request, accessTokenId, timeout, oidcRegisteredService, profile.get(), context, responseType);
LOGGER.debug("Produce claims for the id token [{}] as [{}]", accessTokenId, claims);
return this.signingService.encode(oidcRegisteredService, claims);
}
use of org.pac4j.core.context.J2EContext in project cas by apereo.
the class OidcSecurityInterceptor method preHandle.
@Override
public boolean preHandle(final HttpServletRequest request, final HttpServletResponse response, final Object handler) throws Exception {
final J2EContext ctx = Pac4jUtils.getPac4jJ2EContext(request, response);
final ProfileManager manager = Pac4jUtils.getPac4jProfileManager(request, response);
boolean clearCreds = false;
final Optional<Authentication> authentication = authorizationRequestSupport.isCasAuthenticationAvailable(ctx);
if (!authentication.isPresent()) {
clearCreds = true;
}
final Optional<UserProfile> auth = authorizationRequestSupport.isAuthenticationProfileAvailable(ctx);
if (auth.isPresent()) {
final Optional<Long> maxAge = authorizationRequestSupport.getOidcMaxAgeFromAuthorizationRequest(ctx);
if (maxAge.isPresent()) {
clearCreds = authorizationRequestSupport.isCasAuthenticationOldForMaxAgeAuthorizationRequest(ctx, auth.get());
}
}
final Set<String> prompts = authorizationRequestSupport.getOidcPromptFromAuthorizationRequest(ctx);
if (!clearCreds) {
clearCreds = prompts.contains(OidcConstants.PROMPT_LOGIN);
}
if (clearCreds) {
clearCreds = !prompts.contains(OidcConstants.PROMPT_NONE);
}
if (clearCreds) {
manager.remove(true);
}
return super.preHandle(request, response, handler);
}
use of org.pac4j.core.context.J2EContext in project cas by apereo.
the class DelegatedClientNavigationController method redirectToProvider.
/**
* Redirect to provider. Receive the client name from the request and then try to determine and build the endpoint url
* for the redirection. The redirection data/url must contain a delegated client ticket id so that the request be can
* restored on the trip back. SAML clients use the relay-state session attribute while others use request parameters.
*
* @param request the request
* @param response the response
* @return the view
*/
@GetMapping(ENDPOINT_REDIRECT)
public View redirectToProvider(final HttpServletRequest request, final HttpServletResponse response) {
final String clientName = request.getParameter(Pac4jConstants.DEFAULT_CLIENT_NAME_PARAMETER);
try {
final IndirectClient client = (IndirectClient<Credentials, CommonProfile>) this.clients.findClient(clientName);
final J2EContext webContext = Pac4jUtils.getPac4jJ2EContext(request, response);
final Ticket ticket = delegatedClientWebflowManager.store(webContext, client);
final View result;
final RedirectAction action = client.getRedirectAction(webContext);
if (RedirectAction.RedirectType.SUCCESS.equals(action.getType())) {
result = new DynamicHtmlView(action.getContent());
} else {
final URIBuilder builder = new URIBuilder(action.getLocation());
final String url = builder.toString();
LOGGER.debug("Redirecting client [{}] to [{}] based on identifier [{}]", client.getName(), url, ticket.getId());
result = new RedirectView(url);
}
this.delegatedSessionCookieManager.store(webContext);
return result;
} catch (final HttpAction e) {
if (e.getCode() == HttpStatus.UNAUTHORIZED.value()) {
LOGGER.debug("Authentication request was denied from the provider [{}]", clientName, e);
} else {
LOGGER.warn(e.getMessage(), e);
}
throw new UnauthorizedServiceException(e.getMessage(), e);
}
}
use of org.pac4j.core.context.J2EContext in project cas by apereo.
the class DelegatedClientAuthenticationAction method doExecute.
@Override
protected Event doExecute(final RequestContext context) {
final HttpServletRequest request = WebUtils.getHttpServletRequestFromExternalWebflowContext(context);
final HttpServletResponse response = WebUtils.getHttpServletResponseFromExternalWebflowContext(context);
final String clientName = request.getParameter(Pac4jConstants.DEFAULT_CLIENT_NAME_PARAMETER);
LOGGER.debug("Delegated authentication is handled by client name [{}]", clientName);
if (hasDelegationRequestFailed(request, response.getStatus()).isPresent()) {
return stopWebflow();
}
final J2EContext webContext = Pac4jUtils.getPac4jJ2EContext(request, response);
if (StringUtils.isNotBlank(clientName)) {
final Service service = restoreAuthenticationRequestInContext(context, webContext, clientName);
final BaseClient<Credentials, CommonProfile> client = findDelegatedClientByName(request, clientName, service);
final Credentials credentials;
try {
credentials = client.getCredentials(webContext);
LOGGER.debug("Retrieved credentials from client as [{}]", credentials);
if (credentials == null) {
throw new IllegalArgumentException("Unable to determine credentials from the context with client " + client.getName());
}
} catch (final Exception e) {
LOGGER.debug(e.getMessage(), e);
return stopWebflow();
}
if (credentials != null) {
return establishDelegatedAuthenticationSession(context, service, credentials, client);
}
}
prepareForLoginPage(context);
if (response.getStatus() == HttpStatus.UNAUTHORIZED.value()) {
return stopWebflow();
}
return error();
}
use of org.pac4j.core.context.J2EContext in project cas by apereo.
the class SAML2ClientLogoutAction method doExecute.
@Override
protected Event doExecute(final RequestContext requestContext) {
try {
final HttpServletRequest request = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
final HttpServletResponse response = WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext);
final J2EContext context = Pac4jUtils.getPac4jJ2EContext(request, response);
Client<?, ?> client;
try {
final String currentClientName = findCurrentClientName(context);
client = (currentClientName == null) ? null : clients.findClient(currentClientName);
} catch (final TechnicalException e) {
LOGGER.debug("No SAML2 client found: " + e.getMessage(), e);
client = null;
}
if (client instanceof SAML2Client) {
final SAML2Client saml2Client = (SAML2Client) client;
LOGGER.debug("Located SAML2 client [{}]", saml2Client);
final RedirectAction action = saml2Client.getLogoutAction(context, null, null);
LOGGER.debug("Preparing logout message to send is [{}]", action.getLocation());
action.perform(context);
} else {
LOGGER.debug("The current client is not a SAML2 client or it cannot be found at all, no logout action will be executed.");
}
} catch (final Exception e) {
LOGGER.warn(e.getMessage(), e);
}
return null;
}
Aggregations