use of org.pac4j.core.context.JEEContext in project cas by apereo.
the class ECPSamlIdPProfileHandlerController method extractBasicAuthenticationCredential.
private Credential extractBasicAuthenticationCredential(final HttpServletRequest request, final HttpServletResponse response) {
val extractor = new BasicAuthExtractor();
val webContext = new JEEContext(request, response);
val credentialsResult = extractor.extract(webContext, configurationContext.getSessionStore());
if (credentialsResult.isPresent()) {
val credentials = (UsernamePasswordCredentials) credentialsResult.get();
LOGGER.debug("Received basic authentication ECP request from credentials [{}]", credentials);
return new UsernamePasswordCredential(credentials.getUsername(), credentials.getPassword());
}
return null;
}
use of org.pac4j.core.context.JEEContext in project cas by apereo.
the class SamlIdPMultifactorAuthenticationTrigger method isActivated.
@Override
public Optional<MultifactorAuthenticationProvider> isActivated(final Authentication authentication, final RegisteredService registeredService, final HttpServletRequest request, final HttpServletResponse response, final Service service) {
val context = new JEEContext(request, response);
val result = SamlIdPUtils.retrieveSamlRequest(context, distributedSessionStore, openSamlConfigBean, AuthnRequest.class);
val mappings = getAuthenticationContextMappings();
return result.map(pair -> (AuthnRequest) pair.getLeft()).flatMap(authnRequest -> authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs().stream().filter(Objects::nonNull).filter(ref -> StringUtils.isNotBlank(ref.getURI())).filter(ref -> {
val clazz = ref.getURI();
return mappings.containsKey(clazz);
}).findFirst().map(mapped -> mappings.get(mapped.getURI()))).flatMap(id -> {
val providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(applicationContext);
return MultifactorAuthenticationUtils.resolveProvider(providerMap, id);
});
}
use of org.pac4j.core.context.JEEContext in project cas by apereo.
the class SamlIdPMultifactorAuthenticationTrigger method supports.
@Override
public boolean supports(final HttpServletRequest request, final RegisteredService registeredService, final Authentication authentication, final Service service) {
if (!getAuthenticationContextMappings().isEmpty()) {
val response = HttpRequestUtils.getHttpServletResponseFromRequestAttributes();
val context = new JEEContext(request, response);
val result = SamlIdPUtils.retrieveSamlRequest(context, distributedSessionStore, openSamlConfigBean, AuthnRequest.class);
if (result.isPresent()) {
val authnRequest = (AuthnRequest) result.get().getLeft();
return authnRequest.getRequestedAuthnContext() != null && authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs() != null && !authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs().isEmpty();
}
}
return false;
}
use of org.pac4j.core.context.JEEContext in project cas by apereo.
the class OAuth20AuthorizeEndpointController method prepareAccessTokenRequestContext.
/**
* Build access token request context.
*
* @param authzRequest the authz request
* @param registeredService the registered service
* @param context the context
* @param service the service
* @param authentication the authentication
* @return the access token request context
* @throws Exception the exception
*/
protected AccessTokenRequestContext prepareAccessTokenRequestContext(final OAuth20AuthorizationRequest authzRequest, final OAuthRegisteredService registeredService, final JEEContext context, final Service service, final Authentication authentication) throws Exception {
var payloadBuilder = AccessTokenRequestContext.builder();
if (authzRequest.isSingleSignOnSessionRequired()) {
val tgt = getConfigurationContext().fetchTicketGrantingTicketFrom(context);
payloadBuilder = payloadBuilder.ticketGrantingTicket(tgt);
}
val redirectUri = OAuth20Utils.getRequestParameter(context, OAuth20Constants.REDIRECT_URI).map(String::valueOf).orElse(StringUtils.EMPTY);
val grantType = context.getRequestParameter(OAuth20Constants.GRANT_TYPE).map(String::valueOf).orElseGet(OAuth20GrantTypes.AUTHORIZATION_CODE::getType).toUpperCase();
val scopes = OAuth20Utils.parseRequestScopes(context);
val codeChallenge = context.getRequestParameter(OAuth20Constants.CODE_CHALLENGE).map(String::valueOf).orElse(StringUtils.EMPTY);
val codeChallengeMethod = context.getRequestParameter(OAuth20Constants.CODE_CHALLENGE_METHOD).map(String::valueOf).orElse(StringUtils.EMPTY).toUpperCase();
val userProfile = OAuth20Utils.getAuthenticatedUserProfile(context, getConfigurationContext().getSessionStore());
val claims = OAuth20Utils.parseRequestClaims(context);
val holder = payloadBuilder.service(service).authentication(authentication).registeredService(registeredService).grantType(OAuth20Utils.getGrantType(context)).responseType(OAuth20Utils.getResponseType(context)).codeChallenge(codeChallenge).codeChallengeMethod(codeChallengeMethod).scopes(scopes).clientId(authzRequest.getClientId()).redirectUri(redirectUri).userProfile(userProfile).claims(claims).responseMode(OAuth20Utils.getResponseModeType(context)).build();
context.getRequestParameters().keySet().forEach(key -> context.getRequestParameter(key).ifPresent(value -> holder.getParameters().put(key, value)));
LOGGER.debug("Building authorization response for grant type [{}] with scopes [{}] for client id [{}]", grantType, scopes, authzRequest.getClientId());
return holder;
}
use of org.pac4j.core.context.JEEContext in project cas by apereo.
the class OAuth20AuthorizeEndpointController method buildAuthorizationForRequest.
/**
* Build callback url for request string.
*
* @param registeredService the registered service
* @param context the context
* @param service the service
* @param authentication the authentication
* @return the model and view
*/
protected ModelAndView buildAuthorizationForRequest(final OAuthRegisteredService registeredService, final JEEContext context, final Service service, final Authentication authentication) {
val registeredBuilders = getConfigurationContext().getOauthAuthorizationResponseBuilders().getObject();
val authzRequest = registeredBuilders.stream().sorted(OrderComparator.INSTANCE).map(builder -> toAuthorizationRequest(registeredService, context, service, authentication, builder)).filter(Objects::nonNull).filter(Optional::isPresent).findFirst().orElseThrow(() -> new IllegalArgumentException("Unable to build authorization request")).get().build();
val payload = Optional.ofNullable(authzRequest.getAccessTokenRequest()).orElseGet(Unchecked.supplier(() -> prepareAccessTokenRequestContext(authzRequest, registeredService, context, service, authentication)));
return registeredBuilders.stream().sorted(OrderComparator.INSTANCE).filter(b -> b.supports(authzRequest)).findFirst().map(Unchecked.function(builder -> {
if (authzRequest.isSingleSignOnSessionRequired() && payload.getTicketGrantingTicket() == null) {
val message = String.format("Missing ticket-granting-ticket for client id [%s] and service [%s]", authzRequest.getClientId(), registeredService.getName());
LOGGER.error(message);
return OAuth20Utils.produceErrorView(new PreventedException(message));
}
return builder.build(payload);
})).orElseGet(() -> OAuth20Utils.produceErrorView(new PreventedException("Could not build the callback response")));
}
Aggregations