Search in sources :

Example 26 with J2EContext

use of org.pac4j.core.context.J2EContext in project cas by apereo.

the class LdapAuthenticationProvider method authenticate.

@Override
public Authentication authenticate(final Authentication authentication) throws AuthenticationException {
    try {
        final String username = authentication.getPrincipal().toString();
        final Object credentials = authentication.getCredentials();
        final String password = credentials == null ? null : credentials.toString();
        LOGGER.debug("Preparing LDAP authentication request for user [{}]", username);
        final AuthenticationRequest request = new AuthenticationRequest(username, new org.ldaptive.Credential(password), ReturnAttributes.ALL.value());
        final Authenticator authenticator = LdapUtils.newLdaptiveAuthenticator(adminPagesSecurityProperties.getLdap());
        LOGGER.debug("Executing LDAP authentication request for user [{}]", username);
        final AuthenticationResponse response = authenticator.authenticate(request);
        LOGGER.debug("LDAP response: [{}]", response);
        if (response.getResult()) {
            final LdapEntry entry = response.getLdapEntry();
            final CommonProfile profile = new CommonProfile();
            profile.setId(username);
            entry.getAttributes().forEach(a -> profile.addAttribute(a.getName(), a.getStringValues()));
            LOGGER.debug("Collected user profile [{}]", profile);
            this.authorizationGenerator.generate(Pac4jUtils.getPac4jJ2EContext(), profile);
            LOGGER.debug("Assembled user profile with roles after generating authorization claims [{}]", profile);
            final Collection<GrantedAuthority> authorities = new ArrayList<>();
            authorities.addAll(profile.getRoles().stream().map(SimpleGrantedAuthority::new).collect(Collectors.toList()));
            LOGGER.debug("List of authorities remapped from profile roles are [{}]", authorities);
            final RequireAnyRoleAuthorizer authorizer = new RequireAnyRoleAuthorizer(adminPagesSecurityProperties.getAdminRoles());
            LOGGER.debug("Executing authorization for expected admin roles [{}]", authorizer.getElements());
            final J2EContext context = Pac4jUtils.getPac4jJ2EContext();
            if (authorizer.isAllAuthorized(context, CollectionUtils.wrap(profile))) {
                return new UsernamePasswordAuthenticationToken(username, password, authorities);
            }
            LOGGER.warn("User [{}] is not authorized to access the requested resource allowed to roles [{}]", username, authorizer.getElements());
        } else {
            LOGGER.warn("LDAP authentication response produced no results for [{}]", username);
        }
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
        throw new InsufficientAuthenticationException("Unexpected LDAP error", e);
    }
    throw new BadCredentialsException("Could not authenticate provided credentials");
}
Also used : SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) GrantedAuthority(org.springframework.security.core.GrantedAuthority) ArrayList(java.util.ArrayList) LdapEntry(org.ldaptive.LdapEntry) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) J2EContext(org.pac4j.core.context.J2EContext) InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) AuthenticationResponse(org.ldaptive.auth.AuthenticationResponse) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) AuthenticationException(org.springframework.security.core.AuthenticationException) InsufficientAuthenticationException(org.springframework.security.authentication.InsufficientAuthenticationException) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) CommonProfile(org.pac4j.core.profile.CommonProfile) AuthenticationRequest(org.ldaptive.auth.AuthenticationRequest) Authenticator(org.ldaptive.auth.Authenticator) RequireAnyRoleAuthorizer(org.pac4j.core.authorization.authorizer.RequireAnyRoleAuthorizer)

Example 27 with J2EContext

use of org.pac4j.core.context.J2EContext in project pac4j by pac4j.

the class PostSAML2ClientTests method testSetComparisonTypeWithPostBinding.

@Test
public void testSetComparisonTypeWithPostBinding() {
    final SAML2Client client = getClient();
    client.getConfiguration().setComparisonType(AuthnContextComparisonTypeEnumeration.EXACT.toString());
    final WebContext context = new J2EContext(new MockHttpServletRequest(), new MockHttpServletResponse());
    final RedirectAction action = client.getRedirectAction(context);
    assertTrue(getDecodedAuthnRequest(action.getContent()).contains("Comparison=\"exact\""));
}
Also used : WebContext(org.pac4j.core.context.WebContext) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) J2EContext(org.pac4j.core.context.J2EContext) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) RedirectAction(org.pac4j.core.redirect.RedirectAction) Test(org.junit.Test)

Example 28 with J2EContext

use of org.pac4j.core.context.J2EContext in project pac4j by pac4j.

the class RedirectSAML2ClientTests method testForceAuthIsSetForRedirectBinding.

@Test
public void testForceAuthIsSetForRedirectBinding() {
    final SAML2Client client = getClient();
    client.getConfiguration().setForceAuth(true);
    final WebContext context = new J2EContext(new MockHttpServletRequest(), new MockHttpServletResponse());
    final RedirectAction action = client.getRedirectAction(context);
    assertTrue(getInflatedAuthnRequest(action.getLocation()).contains("ForceAuthn=\"true\""));
}
Also used : WebContext(org.pac4j.core.context.WebContext) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) J2EContext(org.pac4j.core.context.J2EContext) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) RedirectAction(org.pac4j.core.redirect.RedirectAction) Test(org.junit.Test)

Example 29 with J2EContext

use of org.pac4j.core.context.J2EContext in project pac4j by pac4j.

the class RedirectSAML2ClientTests method testRelayState.

@Test
public void testRelayState() {
    final SAML2Client client = getClient();
    final WebContext context = new J2EContext(new MockHttpServletRequest(), new MockHttpServletResponse());
    context.getSessionStore().set(context, SAML2Client.SAML_RELAY_STATE_ATTRIBUTE, "relayState");
    final RedirectAction action = client.getRedirectAction(context);
    assertTrue(action.getLocation().contains("RelayState=relayState"));
}
Also used : WebContext(org.pac4j.core.context.WebContext) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) J2EContext(org.pac4j.core.context.J2EContext) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) RedirectAction(org.pac4j.core.redirect.RedirectAction) Test(org.junit.Test)

Example 30 with J2EContext

use of org.pac4j.core.context.J2EContext in project pac4j by pac4j.

the class RedirectSAML2ClientTests method testNameIdPolicyFormat.

@Test
public void testNameIdPolicyFormat() {
    final SAML2Client client = getClient();
    client.getConfiguration().setNameIdPolicyFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
    final WebContext context = new J2EContext(new MockHttpServletRequest(), new MockHttpServletResponse());
    final RedirectAction action = client.getRedirectAction(context);
    final String loc = action.getLocation();
    assertTrue(getInflatedAuthnRequest(loc).contains("<saml2p:NameIDPolicy AllowCreate=\"true\" " + "Format=\"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\"/></saml2p:AuthnRequest>"));
}
Also used : WebContext(org.pac4j.core.context.WebContext) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) J2EContext(org.pac4j.core.context.J2EContext) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) RedirectAction(org.pac4j.core.redirect.RedirectAction) Test(org.junit.Test)

Aggregations

J2EContext (org.pac4j.core.context.J2EContext)32 RedirectAction (org.pac4j.core.redirect.RedirectAction)13 Test (org.junit.Test)11 WebContext (org.pac4j.core.context.WebContext)11 ProfileManager (org.pac4j.core.profile.ProfileManager)11 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)11 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)11 HttpServletRequest (javax.servlet.http.HttpServletRequest)6 HttpServletResponse (javax.servlet.http.HttpServletResponse)6 UnauthorizedServiceException (org.apereo.cas.services.UnauthorizedServiceException)6 OAuthRegisteredService (org.apereo.cas.support.oauth.services.OAuthRegisteredService)6 UserProfile (org.pac4j.core.profile.UserProfile)6 GetMapping (org.springframework.web.bind.annotation.GetMapping)6 Service (org.apereo.cas.authentication.principal.Service)5 Authentication (org.apereo.cas.authentication.Authentication)4 AccessToken (org.apereo.cas.ticket.accesstoken.AccessToken)4 TicketGrantingTicket (org.apereo.cas.ticket.TicketGrantingTicket)3 CentralAuthenticationService (org.apereo.cas.CentralAuthenticationService)2 AuthenticationResult (org.apereo.cas.authentication.AuthenticationResult)2 PrincipalException (org.apereo.cas.authentication.PrincipalException)2