use of org.pac4j.core.context.J2EContext in project cas by apereo.
the class LdapAuthenticationProvider method authenticate.
@Override
public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
try {
final String username = authentication.getPrincipal().toString();
final Object credentials = authentication.getCredentials();
final String password = credentials == null ? null : credentials.toString();
LOGGER.debug("Preparing LDAP authentication request for user [{}]", username);
final AuthenticationRequest request = new AuthenticationRequest(username, new org.ldaptive.Credential(password), ReturnAttributes.ALL.value());
final Authenticator authenticator = LdapUtils.newLdaptiveAuthenticator(adminPagesSecurityProperties.getLdap());
LOGGER.debug("Executing LDAP authentication request for user [{}]", username);
final AuthenticationResponse response = authenticator.authenticate(request);
LOGGER.debug("LDAP response: [{}]", response);
if (response.getResult()) {
final LdapEntry entry = response.getLdapEntry();
final CommonProfile profile = new CommonProfile();
profile.setId(username);
entry.getAttributes().forEach(a -> profile.addAttribute(a.getName(), a.getStringValues()));
LOGGER.debug("Collected user profile [{}]", profile);
this.authorizationGenerator.generate(Pac4jUtils.getPac4jJ2EContext(), profile);
LOGGER.debug("Assembled user profile with roles after generating authorization claims [{}]", profile);
final Collection<GrantedAuthority> authorities = new ArrayList<>();
authorities.addAll(profile.getRoles().stream().map(SimpleGrantedAuthority::new).collect(Collectors.toList()));
LOGGER.debug("List of authorities remapped from profile roles are [{}]", authorities);
final RequireAnyRoleAuthorizer authorizer = new RequireAnyRoleAuthorizer(adminPagesSecurityProperties.getAdminRoles());
LOGGER.debug("Executing authorization for expected admin roles [{}]", authorizer.getElements());
final J2EContext context = Pac4jUtils.getPac4jJ2EContext();
if (authorizer.isAllAuthorized(context, CollectionUtils.wrap(profile))) {
return new UsernamePasswordAuthenticationToken(username, password, authorities);
}
LOGGER.warn("User [{}] is not authorized to access the requested resource allowed to roles [{}]", username, authorizer.getElements());
} else {
LOGGER.warn("LDAP authentication response produced no results for [{}]", username);
}
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
throw new InsufficientAuthenticationException("Unexpected LDAP error", e);
}
throw new BadCredentialsException("Could not authenticate provided credentials");
}
use of org.pac4j.core.context.J2EContext in project pac4j by pac4j.
the class PostSAML2ClientTests method testSetComparisonTypeWithPostBinding.
@Test
public void testSetComparisonTypeWithPostBinding() {
final SAML2Client client = getClient();
client.getConfiguration().setComparisonType(AuthnContextComparisonTypeEnumeration.EXACT.toString());
final WebContext context = new J2EContext(new MockHttpServletRequest(), new MockHttpServletResponse());
final RedirectAction action = client.getRedirectAction(context);
assertTrue(getDecodedAuthnRequest(action.getContent()).contains("Comparison=\"exact\""));
}
use of org.pac4j.core.context.J2EContext in project pac4j by pac4j.
the class RedirectSAML2ClientTests method testForceAuthIsSetForRedirectBinding.
@Test
public void testForceAuthIsSetForRedirectBinding() {
final SAML2Client client = getClient();
client.getConfiguration().setForceAuth(true);
final WebContext context = new J2EContext(new MockHttpServletRequest(), new MockHttpServletResponse());
final RedirectAction action = client.getRedirectAction(context);
assertTrue(getInflatedAuthnRequest(action.getLocation()).contains("ForceAuthn=\"true\""));
}
use of org.pac4j.core.context.J2EContext in project pac4j by pac4j.
the class RedirectSAML2ClientTests method testRelayState.
@Test
public void testRelayState() {
final SAML2Client client = getClient();
final WebContext context = new J2EContext(new MockHttpServletRequest(), new MockHttpServletResponse());
context.getSessionStore().set(context, SAML2Client.SAML_RELAY_STATE_ATTRIBUTE, "relayState");
final RedirectAction action = client.getRedirectAction(context);
assertTrue(action.getLocation().contains("RelayState=relayState"));
}
use of org.pac4j.core.context.J2EContext in project pac4j by pac4j.
the class RedirectSAML2ClientTests method testNameIdPolicyFormat.
@Test
public void testNameIdPolicyFormat() {
final SAML2Client client = getClient();
client.getConfiguration().setNameIdPolicyFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
final WebContext context = new J2EContext(new MockHttpServletRequest(), new MockHttpServletResponse());
final RedirectAction action = client.getRedirectAction(context);
final String loc = action.getLocation();
assertTrue(getInflatedAuthnRequest(loc).contains("<saml2p:NameIDPolicy AllowCreate=\"true\" " + "Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\"/></saml2p:AuthnRequest>"));
}
Aggregations