Search in sources :

Example 1 with WebContext

use of org.pac4j.core.context.WebContext in project cas by apereo.

the class DelegatedClientAuthenticationAction method prepareForLoginPage.

/**
     * Prepare the data for the login page.
     *
     * @param context The current webflow context
     * @throws HttpAction the http action
     */
protected void prepareForLoginPage(final RequestContext context) throws HttpAction {
    final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
    final HttpServletResponse response = WebUtils.getHttpServletResponse(context);
    final HttpSession session = request.getSession();
    // web context
    final WebContext webContext = WebUtils.getPac4jJ2EContext(request, response);
    // save parameters in web session
    final WebApplicationService service = WebUtils.getService(context);
    LOGGER.debug("save service: [{}]", service);
    session.setAttribute(CasProtocolConstants.PARAMETER_SERVICE, service);
    saveRequestParameter(request, session, this.themeParamName);
    saveRequestParameter(request, session, this.localParamName);
    saveRequestParameter(request, session, CasProtocolConstants.PARAMETER_METHOD);
    final Set<ProviderLoginPageConfiguration> urls = new LinkedHashSet<>();
    this.clients.findAllClients().forEach(client -> {
        try {
            final IndirectClient indirectClient = (IndirectClient) client;
            final String name = client.getName().replaceAll("Client\\d*", "");
            final String redirectionUrl = indirectClient.getRedirectAction(webContext).getLocation();
            LOGGER.debug("[{}] -> [{}]", name, redirectionUrl);
            urls.add(new ProviderLoginPageConfiguration(name, redirectionUrl, name.toLowerCase()));
        } catch (final HttpAction e) {
            if (e.getCode() == HttpStatus.UNAUTHORIZED.value()) {
                LOGGER.debug("Authentication request was denied from the provider [{}]", client.getName());
            } else {
                LOGGER.warn(e.getMessage(), e);
            }
        } catch (final Exception e) {
            LOGGER.error("Cannot process client [{}]", client, e);
        }
    });
    if (!urls.isEmpty()) {
        context.getFlowScope().put(PAC4J_URLS, urls);
    } else if (response.getStatus() != HttpStatus.UNAUTHORIZED.value()) {
        LOGGER.warn("No clients could be determined based on the provided configuration");
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) LinkedHashSet(java.util.LinkedHashSet) WebApplicationService(org.apereo.cas.authentication.principal.WebApplicationService) WebContext(org.pac4j.core.context.WebContext) HttpSession(javax.servlet.http.HttpSession) HttpServletResponse(javax.servlet.http.HttpServletResponse) IndirectClient(org.pac4j.core.client.IndirectClient) HttpAction(org.pac4j.core.exception.HttpAction)

Example 2 with WebContext

use of org.pac4j.core.context.WebContext in project cas by apereo.

the class ECPProfileHandlerController method extractBasicAuthenticationCredential.

private Credential extractBasicAuthenticationCredential(final HttpServletRequest request, final HttpServletResponse response) {
    try {
        final BasicAuthExtractor extractor = new BasicAuthExtractor();
        final WebContext webContext = Pac4jUtils.getPac4jJ2EContext(request, response);
        final UsernamePasswordCredentials credentials = extractor.extract(webContext);
        if (credentials != null) {
            LOGGER.debug("Received basic authentication ECP request from credentials [{}]", credentials);
            return new UsernamePasswordCredential(credentials.getUsername(), credentials.getPassword());
        }
    } catch (final Exception e) {
        LOGGER.warn(e.getMessage(), e);
    }
    return null;
}
Also used : BasicAuthExtractor(org.pac4j.core.credentials.extractor.BasicAuthExtractor) WebContext(org.pac4j.core.context.WebContext) UsernamePasswordCredential(org.apereo.cas.authentication.UsernamePasswordCredential) AuthenticationException(org.apereo.cas.authentication.AuthenticationException) UsernamePasswordCredentials(org.pac4j.core.credentials.UsernamePasswordCredentials)

Example 3 with WebContext

use of org.pac4j.core.context.WebContext in project cas by apereo.

the class ClientAuthenticationHandler method doAuthentication.

@Override
protected AuthenticationHandlerExecutionResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
    try {
        final ClientCredential clientCredentials = (ClientCredential) credential;
        LOGGER.debug("Located client credentials as [{}]", clientCredentials);
        final Credentials credentials = clientCredentials.getCredentials();
        LOGGER.debug("Client name: [{}]", clientCredentials.getClientName());
        // get client
        final Client client = this.clients.findClient(clientCredentials.getClientName());
        LOGGER.debug("Delegated client is: [{}]", client);
        final HttpServletRequest request = WebUtils.getHttpServletRequestFromExternalWebflowContext();
        final HttpServletResponse response = WebUtils.getHttpServletResponseFromExternalWebflowContext();
        final WebContext webContext = Pac4jUtils.getPac4jJ2EContext(request, response);
        final UserProfile userProfile = client.getUserProfile(credentials, webContext);
        LOGGER.debug("Final user profile is: [{}]", userProfile);
        return createResult(clientCredentials, userProfile);
    } catch (final HttpAction e) {
        throw new PreventedException(e);
    }
}
Also used : ClientCredential(org.apereo.cas.authentication.principal.ClientCredential) HttpServletRequest(javax.servlet.http.HttpServletRequest) WebContext(org.pac4j.core.context.WebContext) UserProfile(org.pac4j.core.profile.UserProfile) HttpServletResponse(javax.servlet.http.HttpServletResponse) PreventedException(org.apereo.cas.authentication.PreventedException) Client(org.pac4j.core.client.Client) Credentials(org.pac4j.core.credentials.Credentials) HttpAction(org.pac4j.core.exception.HttpAction)

Example 4 with WebContext

use of org.pac4j.core.context.WebContext in project pac4j by pac4j.

the class CsrfAuthorizerTests method testNoToken.

@Test
public void testNoToken() {
    final WebContext context = MockWebContext.create().addSessionAttribute(Pac4jConstants.CSRF_TOKEN, VALUE);
    Assert.assertFalse(authorizer.isAuthorized(context, null));
}
Also used : WebContext(org.pac4j.core.context.WebContext) MockWebContext(org.pac4j.core.context.MockWebContext) Test(org.junit.Test)

Example 5 with WebContext

use of org.pac4j.core.context.WebContext in project pac4j by pac4j.

the class CsrfAuthorizerTests method testHeaderOkButNoTokenInSession.

@Test
public void testHeaderOkButNoTokenInSession() {
    final WebContext context = MockWebContext.create().addRequestHeader(Pac4jConstants.CSRF_TOKEN, VALUE);
    Assert.assertFalse(authorizer.isAuthorized(context, null));
}
Also used : WebContext(org.pac4j.core.context.WebContext) MockWebContext(org.pac4j.core.context.MockWebContext) Test(org.junit.Test)

Aggregations

WebContext (org.pac4j.core.context.WebContext)57 Test (org.junit.Test)30 MockWebContext (org.pac4j.core.context.MockWebContext)15 Slf4j (lombok.extern.slf4j.Slf4j)11 J2EContext (org.pac4j.core.context.J2EContext)11 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)11 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)11 lombok.val (lombok.val)10 RedirectAction (org.pac4j.core.redirect.RedirectAction)10 Optional (java.util.Optional)9 Clients (org.pac4j.core.client.Clients)9 CommonProfile (org.pac4j.core.profile.CommonProfile)9 SessionStore (org.pac4j.core.context.session.SessionStore)8 JWT (com.nimbusds.jwt.JWT)7 HttpServletRequest (javax.servlet.http.HttpServletRequest)7 Client (org.pac4j.core.client.Client)7 MockIndirectClient (org.pac4j.core.client.MockIndirectClient)7 UserProfile (org.pac4j.core.profile.UserProfile)7 SignedJWT (com.nimbusds.jwt.SignedJWT)6 StringUtils (org.apache.commons.lang3.StringUtils)6