Search in sources :

Example 86 with JEEContext

use of org.pac4j.core.context.JEEContext in project cas by apereo.

the class AbstractSamlIdPProfileHandlerController method storeAuthenticationRequest.

/**
 * Store authentication request.
 *
 * @param request  the request
 * @param response the response
 * @param context  the pair
 * @throws Exception the exception
 */
@Synchronized
protected void storeAuthenticationRequest(final HttpServletRequest request, final HttpServletResponse response, final Pair<? extends SignableSAMLObject, MessageContext> context) throws Exception {
    val webContext = new JEEContext(request, response);
    SamlIdPUtils.storeSamlRequest(webContext, configurationContext.getOpenSamlConfigBean(), configurationContext.getSessionStore(), context);
}
Also used : lombok.val(lombok.val) JEEContext(org.pac4j.core.context.JEEContext) Synchronized(lombok.Synchronized)

Example 87 with JEEContext

use of org.pac4j.core.context.JEEContext in project cas by apereo.

the class BasicAuthenticationAction method constructCredentialsFromRequest.

@Override
protected Credential constructCredentialsFromRequest(final RequestContext requestContext) {
    try {
        val request = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
        val response = WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext);
        val extractor = new BasicAuthExtractor();
        val webContext = new JEEContext(request, response);
        val credentialsResult = extractor.extract(webContext, JEESessionStore.INSTANCE);
        if (credentialsResult.isPresent()) {
            val credentials = (UsernamePasswordCredentials) credentialsResult.get();
            LOGGER.debug("Received basic authentication request from credentials [{}]", credentials);
            return new UsernamePasswordCredential(credentials.getUsername(), credentials.getPassword());
        }
    } catch (final Exception e) {
        LoggingUtils.warn(LOGGER, e);
    }
    return null;
}
Also used : lombok.val(lombok.val) BasicAuthExtractor(org.pac4j.core.credentials.extractor.BasicAuthExtractor) JEEContext(org.pac4j.core.context.JEEContext) UsernamePasswordCredential(org.apereo.cas.authentication.credential.UsernamePasswordCredential) UsernamePasswordCredentials(org.pac4j.core.credentials.UsernamePasswordCredentials)

Example 88 with JEEContext

use of org.pac4j.core.context.JEEContext in project cas by apereo.

the class OAuth20AccessTokenSecurityLogicTests method verifyOperation.

@Test
public void verifyOperation() throws Exception {
    val request = new MockHttpServletRequest();
    val response = new MockHttpServletResponse();
    request.addParameter(OAuth20Constants.CLIENT_ID, CLIENT_ID);
    val logic = new DefaultSecurityLogic();
    logic.setLoadProfilesFromSession(false);
    val mockClient = mock(DirectClient.class);
    when(mockClient.getName()).thenReturn("MockIndirectClient");
    when(mockClient.isInitialized()).thenReturn(true);
    when(mockClient.getCredentials(any(), any())).thenReturn(Optional.of(new UsernamePasswordCredentials("casuser", "Mellon")));
    val profile = new CommonProfile();
    profile.setId(UUID.randomUUID().toString());
    when(mockClient.getUserProfile(any(), any(), any())).thenReturn(Optional.of(profile));
    val context = new JEEContext(request, response);
    val profileManager = new ProfileManager(context, JEESessionStore.INSTANCE);
    profileManager.save(true, profile, false);
    val result = (UserProfile) logic.perform(context, JEESessionStore.INSTANCE, new Config(mockClient), (webContext, sessionStore, collection, objects) -> collection.iterator().next(), JEEHttpActionAdapter.INSTANCE, "MockIndirectClient", DefaultAuthorizers.IS_FULLY_AUTHENTICATED, DefaultMatchers.SECURITYHEADERS);
    assertNotNull(result);
    assertEquals(1, profileManager.getProfiles().size());
}
Also used : lombok.val(lombok.val) ProfileManager(org.pac4j.core.profile.ProfileManager) UsernamePasswordCredentials(org.pac4j.core.credentials.UsernamePasswordCredentials) DefaultAuthorizers(org.pac4j.core.authorization.authorizer.DefaultAuthorizers) OAuth20Constants(org.apereo.cas.support.oauth.OAuth20Constants) CommonProfile(org.pac4j.core.profile.CommonProfile) DirectClient(org.pac4j.core.client.DirectClient) lombok.val(lombok.val) DefaultSecurityLogic(org.pac4j.core.engine.DefaultSecurityLogic) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) UUID(java.util.UUID) ProfileManager(org.pac4j.core.profile.ProfileManager) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test) Mockito(org.mockito.Mockito) JEEHttpActionAdapter(org.pac4j.core.http.adapter.JEEHttpActionAdapter) Assertions(org.junit.jupiter.api.Assertions) Config(org.pac4j.core.config.Config) Optional(java.util.Optional) Tag(org.junit.jupiter.api.Tag) DefaultMatchers(org.pac4j.core.matching.matcher.DefaultMatchers) UserProfile(org.pac4j.core.profile.UserProfile) AbstractOAuth20Tests(org.apereo.cas.AbstractOAuth20Tests) JEEContext(org.pac4j.core.context.JEEContext) JEESessionStore(org.pac4j.core.context.session.JEESessionStore) UserProfile(org.pac4j.core.profile.UserProfile) CommonProfile(org.pac4j.core.profile.CommonProfile) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Config(org.pac4j.core.config.Config) DefaultSecurityLogic(org.pac4j.core.engine.DefaultSecurityLogic) JEEContext(org.pac4j.core.context.JEEContext) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) UsernamePasswordCredentials(org.pac4j.core.credentials.UsernamePasswordCredentials) Test(org.junit.jupiter.api.Test)

Example 89 with JEEContext

use of org.pac4j.core.context.JEEContext in project cas by apereo.

the class OAuth20HandlerInterceptorAdapterTests method verifyAuthorizationAuth.

@Test
public void verifyAuthorizationAuth() throws Exception {
    val request = new MockHttpServletRequest();
    val response = new MockHttpServletResponse();
    val context = new JEEContext(request, response);
    request.setRequestURI('/' + OAuth20Constants.AUTHORIZE_URL);
    request.setParameter(OAuth20Constants.CLIENT_ID, CLIENT_ID);
    request.setParameter(OAuth20Constants.REDIRECT_URI, "https://oauth.example.org");
    request.setParameter(OAuth20Constants.RESPONSE_TYPE, OAuth20ResponseTypes.CODE.getType());
    val service = getRegisteredService("https://oauth.example.org", CLIENT_ID, CLIENT_SECRET);
    servicesManager.save(service);
    assertFalse(oauthHandlerInterceptorAdapter.preHandle(request, response, new Object()));
    assertFalse(context.getRequestAttribute(OAuth20Constants.ERROR).isPresent());
    request.removeAllParameters();
    assertTrue(oauthHandlerInterceptorAdapter.preHandle(request, response, new Object()));
    assertTrue(context.getRequestAttribute(OAuth20Constants.ERROR).isPresent());
    assertEquals(context.getRequestAttribute(OAuth20Constants.ERROR).get().toString(), OAuth20Constants.INVALID_REQUEST);
}
Also used : lombok.val(lombok.val) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) JEEContext(org.pac4j.core.context.JEEContext) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 90 with JEEContext

use of org.pac4j.core.context.JEEContext in project cas by apereo.

the class OAuth20TicketGrantingTicketAwareSecurityLogicTests method verifyLoadWithValidTicket.

@Test
public void verifyLoadWithValidTicket() {
    when(centralAuthenticationService.getTicket(anyString(), any())).thenReturn(new MockTicketGrantingTicket("casuser"));
    val request = new MockHttpServletRequest();
    val response = new MockHttpServletResponse();
    val context = new JEEContext(request, response);
    val profileManager = new ProfileManager(context, JEESessionStore.INSTANCE);
    profileManager.save(true, new BasicUserProfile(), false);
    JEESessionStore.INSTANCE.set(context, WebUtils.PARAMETER_TICKET_GRANTING_TICKET_ID, UUID.randomUUID().toString());
    val logic = new OAuth20TicketGrantingTicketAwareSecurityLogic(ticketGrantingTicketCookieGenerator, ticketRegistry, centralAuthenticationService);
    assertFalse(logic.loadProfiles(profileManager, context, JEESessionStore.INSTANCE, List.of()).isEmpty());
}
Also used : MockTicketGrantingTicket(org.apereo.cas.mock.MockTicketGrantingTicket) lombok.val(lombok.val) ProfileManager(org.pac4j.core.profile.ProfileManager) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) JEEContext(org.pac4j.core.context.JEEContext) BasicUserProfile(org.pac4j.core.profile.BasicUserProfile) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Aggregations

JEEContext (org.pac4j.core.context.JEEContext)222 lombok.val (lombok.val)215 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)158 Test (org.junit.jupiter.api.Test)157 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)155 MockTicketGrantingTicket (org.apereo.cas.mock.MockTicketGrantingTicket)34 ProfileManager (org.pac4j.core.profile.ProfileManager)27 UsernamePasswordCredentials (org.pac4j.core.credentials.UsernamePasswordCredentials)24 CommonProfile (org.pac4j.core.profile.CommonProfile)21 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)16 HashMap (java.util.HashMap)15 RedirectView (org.springframework.web.servlet.view.RedirectView)14 HttpServletRequest (javax.servlet.http.HttpServletRequest)13 HttpServletResponse (javax.servlet.http.HttpServletResponse)13 CasProfile (org.pac4j.cas.profile.CasProfile)13 ServletExternalContext (org.springframework.webflow.context.servlet.ServletExternalContext)13 MockRequestContext (org.springframework.webflow.test.MockRequestContext)13 GetMapping (org.springframework.web.bind.annotation.GetMapping)11 Map (java.util.Map)10 Slf4j (lombok.extern.slf4j.Slf4j)10