Search in sources :

Example 76 with JEEContext

use of org.pac4j.core.context.JEEContext in project cas by apereo.

the class SamlIdPMultifactorAuthenticationTrigger method isActivated.

@Override
public Optional<MultifactorAuthenticationProvider> isActivated(final Authentication authentication, final RegisteredService registeredService, final HttpServletRequest request, final HttpServletResponse response, final Service service) {
    val context = new JEEContext(request, response);
    val result = SamlIdPUtils.retrieveSamlRequest(context, distributedSessionStore, openSamlConfigBean, AuthnRequest.class);
    val mappings = getAuthenticationContextMappings();
    return result.map(pair -> (AuthnRequest) pair.getLeft()).flatMap(authnRequest -> authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs().stream().filter(Objects::nonNull).filter(ref -> StringUtils.isNotBlank(ref.getURI())).filter(ref -> {
        val clazz = ref.getURI();
        return mappings.containsKey(clazz);
    }).findFirst().map(mapped -> mappings.get(mapped.getURI()))).flatMap(id -> {
        val providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(applicationContext);
        return MultifactorAuthenticationUtils.resolveProvider(providerMap, id);
    });
}
Also used : lombok.val(lombok.val) CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties) RequiredArgsConstructor(lombok.RequiredArgsConstructor) lombok.val(lombok.val) HttpServletResponse(javax.servlet.http.HttpServletResponse) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) MultifactorAuthenticationProvider(org.apereo.cas.authentication.MultifactorAuthenticationProvider) MultifactorAuthenticationTrigger(org.apereo.cas.authentication.MultifactorAuthenticationTrigger) StringUtils(org.apache.commons.lang3.StringUtils) SessionStore(org.pac4j.core.context.session.SessionStore) ApplicationContext(org.springframework.context.ApplicationContext) RegisteredService(org.apereo.cas.services.RegisteredService) SamlIdPUtils(org.apereo.cas.support.saml.SamlIdPUtils) OpenSamlConfigBean(org.apereo.cas.support.saml.OpenSamlConfigBean) HttpRequestUtils(org.apereo.cas.util.HttpRequestUtils) Objects(java.util.Objects) HttpServletRequest(javax.servlet.http.HttpServletRequest) Authentication(org.apereo.cas.authentication.Authentication) Service(org.apereo.cas.authentication.principal.Service) Map(java.util.Map) CollectionUtils(org.apereo.cas.util.CollectionUtils) Optional(java.util.Optional) MultifactorAuthenticationUtils(org.apereo.cas.authentication.MultifactorAuthenticationUtils) JEEContext(org.pac4j.core.context.JEEContext) JEEContext(org.pac4j.core.context.JEEContext) Objects(java.util.Objects)

Example 77 with JEEContext

use of org.pac4j.core.context.JEEContext in project cas by apereo.

the class SamlIdPMultifactorAuthenticationTrigger method supports.

@Override
public boolean supports(final HttpServletRequest request, final RegisteredService registeredService, final Authentication authentication, final Service service) {
    if (!getAuthenticationContextMappings().isEmpty()) {
        val response = HttpRequestUtils.getHttpServletResponseFromRequestAttributes();
        val context = new JEEContext(request, response);
        val result = SamlIdPUtils.retrieveSamlRequest(context, distributedSessionStore, openSamlConfigBean, AuthnRequest.class);
        if (result.isPresent()) {
            val authnRequest = (AuthnRequest) result.get().getLeft();
            return authnRequest.getRequestedAuthnContext() != null && authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs() != null && !authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs().isEmpty();
        }
    }
    return false;
}
Also used : lombok.val(lombok.val) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) JEEContext(org.pac4j.core.context.JEEContext)

Example 78 with JEEContext

use of org.pac4j.core.context.JEEContext in project cas by apereo.

the class DefaultDelegatedClientAuthenticationWebflowManager method storeDelegatedClientAuthenticationRequest.

/**
 * Store delegated client authentication request.
 *
 * @param webContext the web context
 * @return the transient session ticket
 * @throws Exception the exception
 */
protected TransientSessionTicket storeDelegatedClientAuthenticationRequest(final JEEContext webContext) throws Exception {
    val properties = buildTicketProperties(webContext);
    val originalService = configContext.getArgumentExtractor().extractService(webContext.getNativeRequest());
    val service = configContext.getAuthenticationRequestServiceSelectionStrategies().resolveService(originalService);
    properties.put(CasProtocolConstants.PARAMETER_SERVICE, originalService);
    properties.put(CasProtocolConstants.PARAMETER_TARGET_SERVICE, service);
    val registeredService = configContext.getServicesManager().findServiceBy(service);
    webContext.getRequestParameter(RedirectionActionBuilder.ATTRIBUTE_FORCE_AUTHN).or(() -> Optional.of(Boolean.toString(RegisteredServiceProperties.DELEGATED_AUTHN_FORCE_AUTHN.isAssignedTo(registeredService)))).filter(value -> StringUtils.equalsIgnoreCase(value, "true")).ifPresent(attr -> properties.put(RedirectionActionBuilder.ATTRIBUTE_FORCE_AUTHN, true));
    webContext.getRequestParameter(RedirectionActionBuilder.ATTRIBUTE_PASSIVE).or(() -> Optional.of(Boolean.toString(RegisteredServiceProperties.DELEGATED_AUTHN_PASSIVE_AUTHN.isAssignedTo(registeredService)))).filter(value -> StringUtils.equalsIgnoreCase(value, "true")).ifPresent(attr -> properties.put(RedirectionActionBuilder.ATTRIBUTE_PASSIVE, true));
    val transientFactory = (TransientSessionTicketFactory) configContext.getTicketFactory().get(TransientSessionTicket.class);
    val ticket = transientFactory.create(originalService, properties);
    LOGGER.debug("Storing delegated authentication request ticket [{}] for service [{}] with properties [{}]", ticket.getId(), ticket.getService(), ticket.getProperties());
    configContext.getCentralAuthenticationService().addTicket(ticket);
    webContext.setRequestAttribute(PARAMETER_CLIENT_ID, ticket.getId());
    if (properties.containsKey(RedirectionActionBuilder.ATTRIBUTE_FORCE_AUTHN)) {
        webContext.setRequestAttribute(RedirectionActionBuilder.ATTRIBUTE_FORCE_AUTHN, true);
    }
    if (properties.containsKey(RedirectionActionBuilder.ATTRIBUTE_PASSIVE)) {
        webContext.setRequestAttribute(RedirectionActionBuilder.ATTRIBUTE_PASSIVE, true);
    }
    return ticket;
}
Also used : lombok.val(lombok.val) CasClient(org.pac4j.cas.client.CasClient) Getter(lombok.Getter) RegisteredServiceProperties(org.apereo.cas.services.RegisteredServiceProperty.RegisteredServiceProperties) RequiredArgsConstructor(lombok.RequiredArgsConstructor) SAML2Client(org.pac4j.saml.client.SAML2Client) HashMap(java.util.HashMap) DelegatedClientAuthenticationWebflowManager(org.apereo.cas.web.flow.DelegatedClientAuthenticationWebflowManager) StringUtils(org.apache.commons.lang3.StringUtils) RequestContext(org.springframework.webflow.execution.RequestContext) SAML2StateGenerator(org.pac4j.saml.state.SAML2StateGenerator) WebContext(org.pac4j.core.context.WebContext) TransientSessionTicketFactory(org.apereo.cas.ticket.TransientSessionTicketFactory) OidcClient(org.pac4j.oidc.client.OidcClient) Client(org.pac4j.core.client.Client) Map(java.util.Map) JEEContext(org.pac4j.core.context.JEEContext) RedirectionActionBuilder(org.pac4j.core.redirect.RedirectionActionBuilder) CasProtocolConstants(org.apereo.cas.CasProtocolConstants) TransientSessionTicket(org.apereo.cas.ticket.TransientSessionTicket) UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException) lombok.val(lombok.val) Serializable(java.io.Serializable) SamlProtocolConstants(org.apereo.cas.support.saml.SamlProtocolConstants) Slf4j(lombok.extern.slf4j.Slf4j) OAuth10Client(org.pac4j.oauth.client.OAuth10Client) Service(org.apereo.cas.authentication.principal.Service) DelegatedClientAuthenticationConfigurationContext(org.apereo.cas.web.flow.DelegatedClientAuthenticationConfigurationContext) Optional(java.util.Optional) WebUtils(org.apereo.cas.web.support.WebUtils) OAuth20Client(org.pac4j.oauth.client.OAuth20Client) Transactional(org.springframework.transaction.annotation.Transactional) TransientSessionTicket(org.apereo.cas.ticket.TransientSessionTicket) TransientSessionTicketFactory(org.apereo.cas.ticket.TransientSessionTicketFactory)

Example 79 with JEEContext

use of org.pac4j.core.context.JEEContext in project cas by apereo.

the class DelegatedClientAuthenticationActionTests method verifySaml2LogoutResponse.

@Test
public void verifySaml2LogoutResponse() throws Exception {
    val client = builtClients.findClient("SAML2Client").get();
    val request = new MockHttpServletRequest();
    request.setParameter(Pac4jConstants.DEFAULT_CLIENT_NAME_PARAMETER, client.getName());
    val webContext = new JEEContext(request, new MockHttpServletResponse());
    request.setMethod("POST");
    val logoutResponse = getLogoutResponse();
    request.setContent(EncodingUtils.encodeBase64(logoutResponse).getBytes(StandardCharsets.UTF_8));
    val service = RegisteredServiceTestUtils.getService(UUID.randomUUID().toString());
    servicesManager.save(RegisteredServiceTestUtils.getRegisteredService(service.getId(), Map.of()));
    request.addParameter(CasProtocolConstants.PARAMETER_SERVICE, service.getId());
    val ticket = delegatedClientAuthenticationWebflowManager.store(webContext, client);
    request.addParameter(DefaultDelegatedClientAuthenticationWebflowManager.PARAMETER_CLIENT_ID, ticket.getId());
    request.addParameter(Pac4jConstants.LOGOUT_ENDPOINT_PARAMETER, "https://httpbin.org/post");
    val context = new MockRequestContext();
    val response = new MockHttpServletResponse();
    context.setExternalContext(new ServletExternalContext(new MockServletContext(), request, response));
    setRequestContext(context);
    setExternalContext(context.getExternalContext());
    val event = delegatedAuthenticationAction.execute(context);
    assertEquals(CasWebflowConstants.TRANSITION_ID_ERROR, event.getId());
}
Also used : lombok.val(lombok.val) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) ServletExternalContext(org.springframework.webflow.context.servlet.ServletExternalContext) JEEContext(org.pac4j.core.context.JEEContext) MockRequestContext(org.springframework.webflow.test.MockRequestContext) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) MockServletContext(org.apereo.cas.util.MockServletContext) Test(org.junit.jupiter.api.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Example 80 with JEEContext

use of org.pac4j.core.context.JEEContext in project cas by apereo.

the class DelegatedClientAuthenticationActionTests method verifySsoAuthenticationWithInvalidTicketFails.

@Test
public void verifySsoAuthenticationWithInvalidTicketFails() throws Exception {
    val context = new MockRequestContext();
    val request = new MockHttpServletRequest();
    request.addParameter("error_message", "Auth+failed");
    val response = new MockHttpServletResponse();
    val client = builtClients.findClient("FacebookClient").get();
    val webContext = new JEEContext(request, new MockHttpServletResponse());
    val ticket = delegatedClientAuthenticationWebflowManager.store(webContext, client);
    request.addParameter(DefaultDelegatedClientAuthenticationWebflowManager.PARAMETER_CLIENT_ID, ticket.getId());
    request.setParameter(Pac4jConstants.DEFAULT_CLIENT_NAME_PARAMETER, "FacebookClient");
    val service = CoreAuthenticationTestUtils.getService("https://delegated2.example.org");
    servicesManager.save(RegisteredServiceTestUtils.getRegisteredService(service.getId(), Map.of()));
    request.addParameter(CasProtocolConstants.PARAMETER_SERVICE, service.getId());
    context.setExternalContext(new ServletExternalContext(new MockServletContext(), request, response));
    setRequestContext(context);
    setExternalContext(context.getExternalContext());
    val tgt = new MockTicketGrantingTicket("casuser");
    centralAuthenticationService.addTicket(tgt);
    WebUtils.putTicketGrantingTicketInScopes(context, new MockTicketGrantingTicket("otheruser"));
    assertEquals(CasWebflowConstants.TRANSITION_ID_STOP, delegatedAuthenticationAction.execute(context).getId());
}
Also used : lombok.val(lombok.val) MockTicketGrantingTicket(org.apereo.cas.mock.MockTicketGrantingTicket) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) ServletExternalContext(org.springframework.webflow.context.servlet.ServletExternalContext) JEEContext(org.pac4j.core.context.JEEContext) MockRequestContext(org.springframework.webflow.test.MockRequestContext) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) MockServletContext(org.apereo.cas.util.MockServletContext) Test(org.junit.jupiter.api.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Aggregations

JEEContext (org.pac4j.core.context.JEEContext)222 lombok.val (lombok.val)215 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)158 Test (org.junit.jupiter.api.Test)157 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)155 MockTicketGrantingTicket (org.apereo.cas.mock.MockTicketGrantingTicket)34 ProfileManager (org.pac4j.core.profile.ProfileManager)27 UsernamePasswordCredentials (org.pac4j.core.credentials.UsernamePasswordCredentials)24 CommonProfile (org.pac4j.core.profile.CommonProfile)21 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)16 HashMap (java.util.HashMap)15 RedirectView (org.springframework.web.servlet.view.RedirectView)14 HttpServletRequest (javax.servlet.http.HttpServletRequest)13 HttpServletResponse (javax.servlet.http.HttpServletResponse)13 CasProfile (org.pac4j.cas.profile.CasProfile)13 ServletExternalContext (org.springframework.webflow.context.servlet.ServletExternalContext)13 MockRequestContext (org.springframework.webflow.test.MockRequestContext)13 GetMapping (org.springframework.web.bind.annotation.GetMapping)11 Map (java.util.Map)10 Slf4j (lombok.extern.slf4j.Slf4j)10