use of org.pac4j.core.context.WebContext in project cas by apereo.
the class DelegatedClientAuthenticationAction method prepareForLoginPage.
/**
* Prepare the data for the login page.
*
* @param context The current webflow context
* @throws HttpAction the http action
*/
protected void prepareForLoginPage(final RequestContext context) throws HttpAction {
final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
final HttpServletResponse response = WebUtils.getHttpServletResponse(context);
final HttpSession session = request.getSession();
// web context
final WebContext webContext = WebUtils.getPac4jJ2EContext(request, response);
// save parameters in web session
final WebApplicationService service = WebUtils.getService(context);
LOGGER.debug("save service: [{}]", service);
session.setAttribute(CasProtocolConstants.PARAMETER_SERVICE, service);
saveRequestParameter(request, session, this.themeParamName);
saveRequestParameter(request, session, this.localParamName);
saveRequestParameter(request, session, CasProtocolConstants.PARAMETER_METHOD);
final Set<ProviderLoginPageConfiguration> urls = new LinkedHashSet<>();
this.clients.findAllClients().forEach(client -> {
try {
final IndirectClient indirectClient = (IndirectClient) client;
final String name = client.getName().replaceAll("Client\\d*", "");
final String redirectionUrl = indirectClient.getRedirectAction(webContext).getLocation();
LOGGER.debug("[{}] -> [{}]", name, redirectionUrl);
urls.add(new ProviderLoginPageConfiguration(name, redirectionUrl, name.toLowerCase()));
} catch (final HttpAction e) {
if (e.getCode() == HttpStatus.UNAUTHORIZED.value()) {
LOGGER.debug("Authentication request was denied from the provider [{}]", client.getName());
} else {
LOGGER.warn(e.getMessage(), e);
}
} catch (final Exception e) {
LOGGER.error("Cannot process client [{}]", client, e);
}
});
if (!urls.isEmpty()) {
context.getFlowScope().put(PAC4J_URLS, urls);
} else if (response.getStatus() != HttpStatus.UNAUTHORIZED.value()) {
LOGGER.warn("No clients could be determined based on the provided configuration");
}
}
use of org.pac4j.core.context.WebContext in project cas by apereo.
the class ECPProfileHandlerController method extractBasicAuthenticationCredential.
private Credential extractBasicAuthenticationCredential(final HttpServletRequest request, final HttpServletResponse response) {
try {
final BasicAuthExtractor extractor = new BasicAuthExtractor();
final WebContext webContext = Pac4jUtils.getPac4jJ2EContext(request, response);
final UsernamePasswordCredentials credentials = extractor.extract(webContext);
if (credentials != null) {
LOGGER.debug("Received basic authentication ECP request from credentials [{}]", credentials);
return new UsernamePasswordCredential(credentials.getUsername(), credentials.getPassword());
}
} catch (final Exception e) {
LOGGER.warn(e.getMessage(), e);
}
return null;
}
use of org.pac4j.core.context.WebContext in project cas by apereo.
the class ClientAuthenticationHandler method doAuthentication.
@Override
protected AuthenticationHandlerExecutionResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
try {
final ClientCredential clientCredentials = (ClientCredential) credential;
LOGGER.debug("Located client credentials as [{}]", clientCredentials);
final Credentials credentials = clientCredentials.getCredentials();
LOGGER.debug("Client name: [{}]", clientCredentials.getClientName());
// get client
final Client client = this.clients.findClient(clientCredentials.getClientName());
LOGGER.debug("Delegated client is: [{}]", client);
final HttpServletRequest request = WebUtils.getHttpServletRequestFromExternalWebflowContext();
final HttpServletResponse response = WebUtils.getHttpServletResponseFromExternalWebflowContext();
final WebContext webContext = Pac4jUtils.getPac4jJ2EContext(request, response);
final UserProfile userProfile = client.getUserProfile(credentials, webContext);
LOGGER.debug("Final user profile is: [{}]", userProfile);
return createResult(clientCredentials, userProfile);
} catch (final HttpAction e) {
throw new PreventedException(e);
}
}
use of org.pac4j.core.context.WebContext in project pac4j by pac4j.
the class CsrfAuthorizerTests method testNoToken.
@Test
public void testNoToken() {
final WebContext context = MockWebContext.create().addSessionAttribute(Pac4jConstants.CSRF_TOKEN, VALUE);
Assert.assertFalse(authorizer.isAuthorized(context, null));
}
use of org.pac4j.core.context.WebContext in project pac4j by pac4j.
the class CsrfAuthorizerTests method testHeaderOkButNoTokenInSession.
@Test
public void testHeaderOkButNoTokenInSession() {
final WebContext context = MockWebContext.create().addRequestHeader(Pac4jConstants.CSRF_TOKEN, VALUE);
Assert.assertFalse(authorizer.isAuthorized(context, null));
}
Aggregations