use of org.pac4j.core.context.J2EContext in project cas by apereo.
the class RegisteredServiceResource method authenticateRequest.
private Authentication authenticateRequest(final HttpServletRequest request, final HttpServletResponse response) {
final BasicAuthExtractor extractor = new BasicAuthExtractor();
final WebContext webContext = new J2EContext(request, response);
final UsernamePasswordCredentials credentials = extractor.extract(webContext);
if (credentials != null) {
LOGGER.debug("Received basic authentication request from credentials [{}]", credentials);
final Credential c = new UsernamePasswordCredential(credentials.getUsername(), credentials.getPassword());
final Service serviceRequest = this.serviceFactory.createService(request);
final AuthenticationResult result = authenticationSystemSupport.handleAndFinalizeSingleAuthenticationTransaction(serviceRequest, c);
return result.getAuthentication();
}
throw new BadRestRequestException("Could not authenticate request");
}
use of org.pac4j.core.context.J2EContext in project cas by apereo.
the class OAuth20AccessTokenEndpointController method handleRequest.
/**
* Handle request internal model and view.
*
* @param request the request
* @param response the response
* @throws Exception the exception
*/
@PostMapping(path = { OAuth20Constants.BASE_OAUTH20_URL + '/' + OAuth20Constants.ACCESS_TOKEN_URL, OAuth20Constants.BASE_OAUTH20_URL + '/' + OAuth20Constants.TOKEN_URL })
@SneakyThrows
public void handleRequest(final HttpServletRequest request, final HttpServletResponse response) throws Exception {
response.setContentType(MediaType.TEXT_PLAIN_VALUE);
try {
if (!verifyAccessTokenRequest(request, response)) {
throw new IllegalArgumentException("Access token validation failed");
}
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
OAuth20Utils.writeTextError(response, OAuth20Constants.INVALID_REQUEST);
return;
}
final AccessTokenRequestDataHolder requestHolder;
try {
requestHolder = examineAndExtractAccessTokenGrantRequest(request, response);
LOGGER.debug("Creating access token for [{}]", requestHolder);
} catch (final Exception e) {
LOGGER.error("Could not identify and extract access token request", e);
OAuth20Utils.writeTextError(response, OAuth20Constants.INVALID_GRANT);
return;
}
final J2EContext context = Pac4jUtils.getPac4jJ2EContext(request, response);
final Pair<AccessToken, RefreshToken> accessToken = accessTokenGenerator.generate(requestHolder);
LOGGER.debug("Access token generated is: [{}]. Refresh token generated is [{}]", accessToken.getKey(), accessToken.getValue());
generateAccessTokenResponse(request, response, requestHolder, context, accessToken.getKey(), accessToken.getValue());
response.setStatus(HttpServletResponse.SC_OK);
}
use of org.pac4j.core.context.J2EContext in project cas by apereo.
the class OAuth20AuthorizeEndpointController method handleRequest.
/**
* Handle request via GET.
*
* @param request the request
* @param response the response
* @return the model and view
* @throws Exception the exception
*/
@GetMapping(path = OAuth20Constants.BASE_OAUTH20_URL + '/' + OAuth20Constants.AUTHORIZE_URL)
public ModelAndView handleRequest(final HttpServletRequest request, final HttpServletResponse response) throws Exception {
final J2EContext context = Pac4jUtils.getPac4jJ2EContext(request, response);
final ProfileManager manager = Pac4jUtils.getPac4jProfileManager(request, response);
if (!verifyAuthorizeRequest(context) || !isRequestAuthenticated(manager, context)) {
LOGGER.error("Authorize request verification failed. Either the authorization request is missing required parameters, " + "or the request is not authenticated and contains no authenticated profile/principal.");
return OAuth20Utils.produceUnauthorizedErrorView();
}
final String clientId = context.getRequestParameter(OAuth20Constants.CLIENT_ID);
final OAuthRegisteredService registeredService = getRegisteredServiceByClientId(clientId);
try {
RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(clientId, registeredService);
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
return OAuth20Utils.produceUnauthorizedErrorView();
}
final ModelAndView mv = this.consentApprovalViewResolver.resolve(context, registeredService);
if (!mv.isEmpty() && mv.hasView()) {
return mv;
}
return redirectToCallbackRedirectUrl(manager, registeredService, context, clientId);
}
use of org.pac4j.core.context.J2EContext in project cas by apereo.
the class OAuth20CallbackAuthorizeEndpointController method handleRequest.
/**
* Handle request.
*
* @param request the request
* @param response the response
* @return the model and view
*/
@GetMapping(path = OAuth20Constants.BASE_OAUTH20_URL + '/' + OAuth20Constants.CALLBACK_AUTHORIZE_URL)
public ModelAndView handleRequest(final HttpServletRequest request, final HttpServletResponse response) {
final J2EContext context = new J2EContext(request, response, this.oauthConfig.getSessionStore());
final DefaultCallbackLogic callback = new DefaultCallbackLogic();
callback.perform(context, oauthConfig, J2ENopHttpActionAdapter.INSTANCE, null, true, false, false, Authenticators.CAS_OAUTH_CLIENT);
final String url = StringUtils.remove(response.getHeader("Location"), "redirect:");
final ProfileManager manager = Pac4jUtils.getPac4jProfileManager(request, response);
return oAuth20CallbackAuthorizeViewResolver.resolve(context, manager, url);
}
use of org.pac4j.core.context.J2EContext in project cas by apereo.
the class OAuth20UserProfileEndpointController method handleRequest.
/**
* Handle request internal response entity.
*
* @param request the request
* @param response the response
* @return the response entity
* @throws Exception the exception
*/
@GetMapping(path = OAuth20Constants.BASE_OAUTH20_URL + '/' + OAuth20Constants.PROFILE_URL, produces = MediaType.APPLICATION_JSON_VALUE)
public ResponseEntity<String> handleRequest(final HttpServletRequest request, final HttpServletResponse response) throws Exception {
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
final J2EContext context = Pac4jUtils.getPac4jJ2EContext(request, response);
final String accessToken = getAccessTokenFromRequest(request);
if (StringUtils.isBlank(accessToken)) {
LOGGER.error("Missing [{}] from the request", OAuth20Constants.ACCESS_TOKEN);
return buildUnauthorizedResponseEntity(OAuth20Constants.MISSING_ACCESS_TOKEN);
}
final AccessToken accessTokenTicket = this.ticketRegistry.getTicket(accessToken, AccessToken.class);
if (accessTokenTicket == null) {
LOGGER.error("Access token [{}] cannot be found in the ticket registry.", accessToken);
return buildUnauthorizedResponseEntity(OAuth20Constants.EXPIRED_ACCESS_TOKEN);
}
if (accessTokenTicket.isExpired()) {
LOGGER.error("Access token [{}] has expired and will be removed from the ticket registry", accessToken);
this.ticketRegistry.deleteTicket(accessToken);
return buildUnauthorizedResponseEntity(OAuth20Constants.EXPIRED_ACCESS_TOKEN);
}
if (casProperties.getLogout().isRemoveDescendantTickets()) {
final TicketGrantingTicket ticketGrantingTicket = accessTokenTicket.getTicketGrantingTicket();
if (ticketGrantingTicket == null || ticketGrantingTicket.isExpired()) {
LOGGER.error("Ticket granting ticket [{}] parenting access token [{}] has expired or is not found", ticketGrantingTicket, accessTokenTicket);
this.ticketRegistry.deleteTicket(accessToken);
return buildUnauthorizedResponseEntity(OAuth20Constants.EXPIRED_ACCESS_TOKEN);
}
}
updateAccessTokenUsage(accessTokenTicket);
final Map<String, Object> map = this.userProfileDataCreator.createFrom(accessTokenTicket, context);
final String value = this.userProfileViewRenderer.render(map, accessTokenTicket);
return new ResponseEntity<>(value, HttpStatus.OK);
}
Aggregations