Example 21 with SessionStore
use of org.pac4j.core.context.session.SessionStore in project pac4j by pac4j.
the class DefaultCasLogoutHandler method destroySessionFront.
@Override
public void destroySessionFront(final C context, final String ticket) {
store.remove(ticket);
final SessionStore sessionStore = context.getSessionStore();
if (sessionStore == null) {
logger.error("No session store available for this web context");
} else {
final String currentSessionId = sessionStore.getOrCreateSessionId(context);
logger.debug("currentSessionId: {}", currentSessionId);
final String sessionToTicket = (String) store.get(currentSessionId);
logger.debug("-> ticket: {}", ticket);
store.remove(currentSessionId);
if (CommonHelper.areEquals(ticket, sessionToTicket)) {
destroy(context, sessionStore, "front");
} else {
logger.error("The user profiles (and session) can not be destroyed for CAS front channel logout because the provided " + "ticket is not the same as the one linked to the current session");
}
}
}
Also used :
SessionStore(org.pac4j.core.context.session.SessionStore)
Example 22 with SessionStore
use of org.pac4j.core.context.session.SessionStore in project ddf by codice.
the class OidcTokenValidatorTest method getWebContext.
private WebContext getWebContext() {
WebContext context = mock(WebContext.class);
SessionStore sessionStore = mock(SessionStore.class);
when(sessionStore.get(context, NONCE_SESSION_ATTRIBUTE)).thenReturn(Optional.of("myNonce"));
when(context.getSessionStore()).thenReturn(sessionStore);
return context;
}
Also used :
SessionStore(org.pac4j.core.context.session.SessionStore)
WebContext(org.pac4j.core.context.WebContext)
Example 23 with SessionStore
use of org.pac4j.core.context.session.SessionStore in project cas by apereo.
the class OidcAuthenticationAuthorizeSecurityLogic method loadProfiles.
@Override
protected List<UserProfile> loadProfiles(final ProfileManager manager, final WebContext context, final SessionStore sessionStore, final List<Client> clients) {
val prompts = OidcRequestSupport.getOidcPromptFromAuthorizationRequest(context);
LOGGER.debug("Located OpenID Connect prompts from request as [{}]", prompts);
val tooOld = OidcRequestSupport.getOidcMaxAgeFromAuthorizationRequest(context).map(maxAge -> manager.getProfile(BasicUserProfile.class).stream().anyMatch(profile -> OidcRequestSupport.isCasAuthenticationOldForMaxAgeAuthorizationRequest(context, profile))).orElse(Boolean.FALSE);
return tooOld || prompts.contains(OidcConstants.PROMPT_LOGIN) ? new ArrayList<>(0) : super.loadProfiles(manager, context, sessionStore, clients);
}
Also used :
lombok.val(lombok.val)
OidcConstants(org.apereo.cas.oidc.OidcConstants)
lombok.val(lombok.val)
CentralAuthenticationService(org.apereo.cas.CentralAuthenticationService)
BasicUserProfile(org.pac4j.core.profile.BasicUserProfile)
SessionStore(org.pac4j.core.context.session.SessionStore)
ProfileManager(org.pac4j.core.profile.ProfileManager)
ArrayList(java.util.ArrayList)
OAuth20TicketGrantingTicketAwareSecurityLogic(org.apereo.cas.support.oauth.web.OAuth20TicketGrantingTicketAwareSecurityLogic)
WebContext(org.pac4j.core.context.WebContext)
OidcRequestSupport(org.apereo.cas.oidc.util.OidcRequestSupport)
Slf4j(lombok.extern.slf4j.Slf4j)
List(java.util.List)
TicketRegistry(org.apereo.cas.ticket.registry.TicketRegistry)
CasCookieBuilder(org.apereo.cas.web.cookie.CasCookieBuilder)
Client(org.pac4j.core.client.Client)
UserProfile(org.pac4j.core.profile.UserProfile)
Example 24 with SessionStore
use of org.pac4j.core.context.session.SessionStore in project pac4j by pac4j.
the class DefaultMatchingCheckerTests method testCsrfTokenDefaultButSessionAlreadyExists.
@Test
public void testCsrfTokenDefaultButSessionAlreadyExists() {
final var context = MockWebContext.create();
final SessionStore sessionStore = new MockSessionStore();
sessionStore.getSessionId(context, true);
assertTrue(checker.matches(context, sessionStore, "", new HashMap<>(), new ArrayList<>()));
assertTrue(context.getRequestAttribute(Pac4jConstants.CSRF_TOKEN).isPresent());
assertNotNull(WebContextHelper.getCookie(context.getResponseCookies(), Pac4jConstants.CSRF_TOKEN));
}
Also used :
MockSessionStore(org.pac4j.core.context.session.MockSessionStore)
SessionStore(org.pac4j.core.context.session.SessionStore)
MockSessionStore(org.pac4j.core.context.session.MockSessionStore)
Test(org.junit.Test)
Example 25 with SessionStore
use of org.pac4j.core.context.session.SessionStore in project pac4j by pac4j.
the class RunClient method run.
public void run() {
final var client = getClient();
final var context = MockWebContext.create();
final SessionStore sessionStore = new MockSessionStore();
final var url = ((FoundAction) client.getRedirectionAction(context, sessionStore).get()).getLocation();
logger.warn("Redirect to: \n{}", url);
if (CommonHelper.isNotBlank(getLogin()) && CommonHelper.isNotBlank(getPassword())) {
logger.warn("Use credentials: {} / {}", getLogin(), getPassword());
} else {
logger.warn("Use your own personal credentials");
}
if (canCancel()) {
logger.warn("You can CANCEL the authentication.");
}
logger.warn("Returned url (copy/paste the fragment starting before the question mark of the query string):");
final var scanner = new Scanner(System.in, StandardCharsets.UTF_8.name());
final var returnedUrl = scanner.nextLine().trim();
populateContextWithUrl(context, returnedUrl);
final var credentials = client.getCredentials(context, sessionStore);
if (credentials.isPresent()) {
final var profile = client.getUserProfile(credentials.get(), context, sessionStore);
logger.debug("userProfile: {}", profile);
if (profile.isPresent() || !canCancel()) {
verifyProfile((CommonProfile) profile.get());
logger.warn("## Java serialization");
final var javaSerializer = new JavaSerializer();
var bytes = javaSerializer.serializeToBytes(profile.get());
final var profile2 = (CommonProfile) javaSerializer.deserializeFromBytes(bytes);
verifyProfile(profile2);
}
}
logger.warn("################");
logger.warn("Test successful!");
}
Also used :
MockSessionStore(org.pac4j.core.context.session.MockSessionStore)
SessionStore(org.pac4j.core.context.session.SessionStore)
MockSessionStore(org.pac4j.core.context.session.MockSessionStore)
FoundAction(org.pac4j.core.exception.http.FoundAction)
JavaSerializer(org.pac4j.core.util.serializer.JavaSerializer)
Aggregations
SessionStore (org.pac4j.core.context.session.SessionStore)32
MockSessionStore (org.pac4j.core.context.session.MockSessionStore)22
Test (org.junit.Test)20
WebContext (org.pac4j.core.context.WebContext)18
MockWebContext (org.pac4j.core.context.MockWebContext)13
FoundAction (org.pac4j.core.exception.http.FoundAction)6
CommonProfile (org.pac4j.core.profile.CommonProfile)5
Slf4j (lombok.extern.slf4j.Slf4j)3
lombok.val (lombok.val)3
Client (org.pac4j.core.client.Client)3
Date (java.util.Date)2
Optional (java.util.Optional)2
SneakyThrows (lombok.SneakyThrows)2
ServicesManager (org.apereo.cas.services.ServicesManager)2
Unchecked (org.jooq.lambda.Unchecked)2
HttpAction (org.pac4j.core.exception.http.HttpAction)2
Algorithm (com.nimbusds.jose.Algorithm)1
JWSAlgorithm (com.nimbusds.jose.JWSAlgorithm)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
MalformedURLException (java.net.MalformedURLException)1
