Example 6 with SessionStore
use of org.pac4j.core.context.session.SessionStore in project cas by apereo.
the class SamlIdPUtils method retrieveSamlRequest.
/**
* Retrieve authn request authn request.
*
* @param context the context
* @param sessionStore the session store
* @param openSamlConfigBean the open saml config bean
* @param clazz the clazz
* @return the request
*/
public static Optional<Pair<? extends RequestAbstractType, MessageContext>> retrieveSamlRequest(final WebContext context, final SessionStore sessionStore, final OpenSamlConfigBean openSamlConfigBean, final Class<? extends RequestAbstractType> clazz) {
LOGGER.trace("Retrieving authentication request from scope");
val authnContext = sessionStore.get(context, SamlProtocolConstants.PARAMETER_SAML_REQUEST).map(String.class::cast).map(value -> retrieveSamlRequest(openSamlConfigBean, clazz, value)).flatMap(authnRequest -> sessionStore.get(context, MessageContext.class.getName()).map(String.class::cast).map(result -> SamlIdPAuthenticationContext.decode(result).toMessageContext(authnRequest)));
return authnContext.map(ctx -> Pair.of((AuthnRequest) ctx.getMessage(), ctx));
}
Also used :
lombok.val(lombok.val)
MessageContext(org.opensaml.messaging.context.MessageContext)
SneakyThrows(lombok.SneakyThrows)
Inflater(java.util.zip.Inflater)
SamlIdPAuthenticationContext(org.apereo.cas.support.saml.authentication.SamlIdPAuthenticationContext)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
StringUtils(org.apache.commons.lang3.StringUtils)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
StatusResponseType(org.opensaml.saml.saml2.core.StatusResponseType)
FunctionUtils(org.apereo.cas.util.function.FunctionUtils)
SAMLBindingSupport(org.opensaml.saml.common.binding.SAMLBindingSupport)
Pair(org.apache.commons.lang3.tuple.Pair)
ByteArrayInputStream(java.io.ByteArrayInputStream)
AssertionConsumerServiceBuilder(org.opensaml.saml.saml2.metadata.impl.AssertionConsumerServiceBuilder)
Unchecked(org.jooq.lambda.Unchecked)
SignableSAMLObject(org.opensaml.saml.common.SignableSAMLObject)
AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService)
Base64Support(net.shibboleth.utilities.java.support.codec.Base64Support)
MetadataResolver(org.opensaml.saml.metadata.resolver.MetadataResolver)
RequestAbstractType(org.opensaml.saml.saml2.core.RequestAbstractType)
SessionStore(org.pac4j.core.context.session.SessionStore)
Collectors(java.util.stream.Collectors)
StandardCharsets(java.nio.charset.StandardCharsets)
Objects(java.util.Objects)
Slf4j(lombok.extern.slf4j.Slf4j)
SAMLObject(org.opensaml.saml.common.SAMLObject)
SamlRegisteredServiceServiceProviderMetadataFacade(org.apereo.cas.support.saml.services.idp.metadata.SamlRegisteredServiceServiceProviderMetadataFacade)
CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet)
SAMLPeerEntityContext(org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext)
Optional(java.util.Optional)
EncodingUtils(org.apereo.cas.util.EncodingUtils)
InflaterInputStream(java.util.zip.InflaterInputStream)
SamlRegisteredServiceCachingMetadataResolver(org.apereo.cas.support.saml.services.idp.metadata.cache.SamlRegisteredServiceCachingMetadataResolver)
XMLObjectSupport(org.opensaml.core.xml.util.XMLObjectSupport)
UtilityClass(lombok.experimental.UtilityClass)
WebContext(org.pac4j.core.context.WebContext)
SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService)
SamlIdPSamlRegisteredServiceCriterion(org.apereo.cas.support.saml.idp.metadata.locator.SamlIdPSamlRegisteredServiceCriterion)
Assertion(org.opensaml.saml.saml2.core.Assertion)
RoleDescriptorResolver(org.opensaml.saml.metadata.resolver.RoleDescriptorResolver)
IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor)
JEEContext(org.pac4j.core.context.JEEContext)
ServicesManager(org.apereo.cas.services.ServicesManager)
lombok.val(lombok.val)
PredicateRoleDescriptorResolver(org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver)
Endpoint(org.opensaml.saml.saml2.metadata.Endpoint)
EvaluableEntityRoleEntityDescriptorCriterion(org.opensaml.saml.metadata.criteria.entity.impl.EvaluableEntityRoleEntityDescriptorCriterion)
SAMLEndpointContext(org.opensaml.saml.common.messaging.context.SAMLEndpointContext)
ChainingMetadataResolver(org.opensaml.saml.metadata.resolver.ChainingMetadataResolver)
NameIDPolicy(org.opensaml.saml.saml2.core.NameIDPolicy)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
Example 7 with SessionStore
use of org.pac4j.core.context.session.SessionStore in project pac4j by pac4j.
the class DefaultAuthorizationCheckerTests method testCsrfCheckPostTokenParameter.
@Test
public void testCsrfCheckPostTokenParameter() {
final var context = MockWebContext.create().setRequestMethod(HttpConstants.HTTP_METHOD.POST.name());
final var generator = new DefaultCsrfTokenGenerator();
final SessionStore sessionStore = new MockSessionStore();
final var token = generator.get(context, sessionStore);
context.addRequestParameter(Pac4jConstants.CSRF_TOKEN, token);
sessionStore.set(context, Pac4jConstants.CSRF_TOKEN, token);
sessionStore.set(context, Pac4jConstants.CSRF_TOKEN_EXPIRATION_DATE, new Date().getTime() + 1000 * generator.getTtlInSeconds());
assertTrue(checker.isAuthorized(context, sessionStore, profiles, DefaultAuthorizers.CSRF_CHECK, new HashMap<>(), new ArrayList<>()));
}
Also used :
MockSessionStore(org.pac4j.core.context.session.MockSessionStore)
SessionStore(org.pac4j.core.context.session.SessionStore)
DefaultCsrfTokenGenerator(org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator)
MockSessionStore(org.pac4j.core.context.session.MockSessionStore)
Test(org.junit.Test)
Example 8 with SessionStore
use of org.pac4j.core.context.session.SessionStore in project pac4j by pac4j.
the class CsrfAuthorizerTests method testParameterExpiredDate.
@Test
public void testParameterExpiredDate() {
final var expiredDate = new Date().getTime() - 1000;
final WebContext context = MockWebContext.create().addRequestParameter(Pac4jConstants.CSRF_TOKEN, VALUE);
final SessionStore sessionStore = new MockSessionStore();
sessionStore.set(context, Pac4jConstants.CSRF_TOKEN, VALUE);
sessionStore.set(context, Pac4jConstants.CSRF_TOKEN_EXPIRATION_DATE, expiredDate);
Assert.assertFalse(authorizer.isAuthorized(context, sessionStore, null));
}
Also used :
MockSessionStore(org.pac4j.core.context.session.MockSessionStore)
SessionStore(org.pac4j.core.context.session.SessionStore)
WebContext(org.pac4j.core.context.WebContext)
MockWebContext(org.pac4j.core.context.MockWebContext)
MockSessionStore(org.pac4j.core.context.session.MockSessionStore)
Date(java.util.Date)
Test(org.junit.Test)
Example 9 with SessionStore
use of org.pac4j.core.context.session.SessionStore in project pac4j by pac4j.
the class CsrfAuthorizerTests method testHeaderOkNewName.
@Test
public void testHeaderOkNewName() {
final WebContext context = MockWebContext.create().addRequestHeader(NAME, VALUE);
final SessionStore sessionStore = new MockSessionStore();
sessionStore.set(context, Pac4jConstants.CSRF_TOKEN, VALUE);
sessionStore.set(context, Pac4jConstants.CSRF_TOKEN_EXPIRATION_DATE, expirationDate);
authorizer.setHeaderName(NAME);
Assert.assertTrue(authorizer.isAuthorized(context, sessionStore, null));
}
Also used :
MockSessionStore(org.pac4j.core.context.session.MockSessionStore)
SessionStore(org.pac4j.core.context.session.SessionStore)
WebContext(org.pac4j.core.context.WebContext)
MockWebContext(org.pac4j.core.context.MockWebContext)
MockSessionStore(org.pac4j.core.context.session.MockSessionStore)
Test(org.junit.Test)
Example 10 with SessionStore
use of org.pac4j.core.context.session.SessionStore in project pac4j by pac4j.
the class CsrfAuthorizerTests method internalTestNoTokenRequest.
private void internalTestNoTokenRequest(final HttpConstants.HTTP_METHOD method) {
final var context = MockWebContext.create();
final SessionStore sessionStore = new MockSessionStore();
sessionStore.set(context, Pac4jConstants.CSRF_TOKEN, VALUE);
sessionStore.set(context, Pac4jConstants.CSRF_TOKEN_EXPIRATION_DATE, expirationDate);
context.setRequestMethod(method.name());
Assert.assertFalse(authorizer.isAuthorized(context, sessionStore, null));
}
Also used :
MockSessionStore(org.pac4j.core.context.session.MockSessionStore)
SessionStore(org.pac4j.core.context.session.SessionStore)
MockSessionStore(org.pac4j.core.context.session.MockSessionStore)
Aggregations
SessionStore (org.pac4j.core.context.session.SessionStore)32
MockSessionStore (org.pac4j.core.context.session.MockSessionStore)22
Test (org.junit.Test)20
WebContext (org.pac4j.core.context.WebContext)18
MockWebContext (org.pac4j.core.context.MockWebContext)13
FoundAction (org.pac4j.core.exception.http.FoundAction)6
CommonProfile (org.pac4j.core.profile.CommonProfile)5
Slf4j (lombok.extern.slf4j.Slf4j)3
lombok.val (lombok.val)3
Client (org.pac4j.core.client.Client)3
Date (java.util.Date)2
Optional (java.util.Optional)2
SneakyThrows (lombok.SneakyThrows)2
ServicesManager (org.apereo.cas.services.ServicesManager)2
Unchecked (org.jooq.lambda.Unchecked)2
HttpAction (org.pac4j.core.exception.http.HttpAction)2
Algorithm (com.nimbusds.jose.Algorithm)1
JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
MalformedURLException (java.net.MalformedURLException)1
