use of org.pac4j.core.context.JEEContext in project cas by apereo.
the class AbstractSamlIdPProfileHandlerController method storeAuthenticationRequest.
/**
* Store authentication request.
*
* @param request the request
* @param response the response
* @param context the pair
* @throws Exception the exception
*/
@Synchronized
protected void storeAuthenticationRequest(final HttpServletRequest request, final HttpServletResponse response, final Pair<? extends SignableSAMLObject, MessageContext> context) throws Exception {
val webContext = new JEEContext(request, response);
SamlIdPUtils.storeSamlRequest(webContext, configurationContext.getOpenSamlConfigBean(), configurationContext.getSessionStore(), context);
}
use of org.pac4j.core.context.JEEContext in project cas by apereo.
the class BasicAuthenticationAction method constructCredentialsFromRequest.
@Override
protected Credential constructCredentialsFromRequest(final RequestContext requestContext) {
try {
val request = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
val response = WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext);
val extractor = new BasicAuthExtractor();
val webContext = new JEEContext(request, response);
val credentialsResult = extractor.extract(webContext, JEESessionStore.INSTANCE);
if (credentialsResult.isPresent()) {
val credentials = (UsernamePasswordCredentials) credentialsResult.get();
LOGGER.debug("Received basic authentication request from credentials [{}]", credentials);
return new UsernamePasswordCredential(credentials.getUsername(), credentials.getPassword());
}
} catch (final Exception e) {
LoggingUtils.warn(LOGGER, e);
}
return null;
}
use of org.pac4j.core.context.JEEContext in project cas by apereo.
the class OAuth20AccessTokenSecurityLogicTests method verifyOperation.
@Test
public void verifyOperation() throws Exception {
val request = new MockHttpServletRequest();
val response = new MockHttpServletResponse();
request.addParameter(OAuth20Constants.CLIENT_ID, CLIENT_ID);
val logic = new DefaultSecurityLogic();
logic.setLoadProfilesFromSession(false);
val mockClient = mock(DirectClient.class);
when(mockClient.getName()).thenReturn("MockIndirectClient");
when(mockClient.isInitialized()).thenReturn(true);
when(mockClient.getCredentials(any(), any())).thenReturn(Optional.of(new UsernamePasswordCredentials("casuser", "Mellon")));
val profile = new CommonProfile();
profile.setId(UUID.randomUUID().toString());
when(mockClient.getUserProfile(any(), any(), any())).thenReturn(Optional.of(profile));
val context = new JEEContext(request, response);
val profileManager = new ProfileManager(context, JEESessionStore.INSTANCE);
profileManager.save(true, profile, false);
val result = (UserProfile) logic.perform(context, JEESessionStore.INSTANCE, new Config(mockClient), (webContext, sessionStore, collection, objects) -> collection.iterator().next(), JEEHttpActionAdapter.INSTANCE, "MockIndirectClient", DefaultAuthorizers.IS_FULLY_AUTHENTICATED, DefaultMatchers.SECURITYHEADERS);
assertNotNull(result);
assertEquals(1, profileManager.getProfiles().size());
}
use of org.pac4j.core.context.JEEContext in project cas by apereo.
the class OAuth20HandlerInterceptorAdapterTests method verifyAuthorizationAuth.
@Test
public void verifyAuthorizationAuth() throws Exception {
val request = new MockHttpServletRequest();
val response = new MockHttpServletResponse();
val context = new JEEContext(request, response);
request.setRequestURI('/' + OAuth20Constants.AUTHORIZE_URL);
request.setParameter(OAuth20Constants.CLIENT_ID, CLIENT_ID);
request.setParameter(OAuth20Constants.REDIRECT_URI, "https://oauth.example.org");
request.setParameter(OAuth20Constants.RESPONSE_TYPE, OAuth20ResponseTypes.CODE.getType());
val service = getRegisteredService("https://oauth.example.org", CLIENT_ID, CLIENT_SECRET);
servicesManager.save(service);
assertFalse(oauthHandlerInterceptorAdapter.preHandle(request, response, new Object()));
assertFalse(context.getRequestAttribute(OAuth20Constants.ERROR).isPresent());
request.removeAllParameters();
assertTrue(oauthHandlerInterceptorAdapter.preHandle(request, response, new Object()));
assertTrue(context.getRequestAttribute(OAuth20Constants.ERROR).isPresent());
assertEquals(context.getRequestAttribute(OAuth20Constants.ERROR).get().toString(), OAuth20Constants.INVALID_REQUEST);
}
use of org.pac4j.core.context.JEEContext in project cas by apereo.
the class OAuth20TicketGrantingTicketAwareSecurityLogicTests method verifyLoadWithValidTicket.
@Test
public void verifyLoadWithValidTicket() {
when(centralAuthenticationService.getTicket(anyString(), any())).thenReturn(new MockTicketGrantingTicket("casuser"));
val request = new MockHttpServletRequest();
val response = new MockHttpServletResponse();
val context = new JEEContext(request, response);
val profileManager = new ProfileManager(context, JEESessionStore.INSTANCE);
profileManager.save(true, new BasicUserProfile(), false);
JEESessionStore.INSTANCE.set(context, WebUtils.PARAMETER_TICKET_GRANTING_TICKET_ID, UUID.randomUUID().toString());
val logic = new OAuth20TicketGrantingTicketAwareSecurityLogic(ticketGrantingTicketCookieGenerator, ticketRegistry, centralAuthenticationService);
assertFalse(logic.loadProfiles(profileManager, context, JEESessionStore.INSTANCE, List.of()).isEmpty());
}
Aggregations