Search in sources :

Example 1 with UsernamePasswordCredentials

use of org.pac4j.core.credentials.UsernamePasswordCredentials in project cas by apereo.

the class ECPProfileHandlerController method extractBasicAuthenticationCredential.

private Credential extractBasicAuthenticationCredential(final HttpServletRequest request, final HttpServletResponse response) {
    try {
        final BasicAuthExtractor extractor = new BasicAuthExtractor();
        final WebContext webContext = Pac4jUtils.getPac4jJ2EContext(request, response);
        final UsernamePasswordCredentials credentials = extractor.extract(webContext);
        if (credentials != null) {
            LOGGER.debug("Received basic authentication ECP request from credentials [{}]", credentials);
            return new UsernamePasswordCredential(credentials.getUsername(), credentials.getPassword());
        }
    } catch (final Exception e) {
        LOGGER.warn(e.getMessage(), e);
    }
    return null;
}
Also used : BasicAuthExtractor(org.pac4j.core.credentials.extractor.BasicAuthExtractor) WebContext(org.pac4j.core.context.WebContext) UsernamePasswordCredential(org.apereo.cas.authentication.UsernamePasswordCredential) AuthenticationException(org.apereo.cas.authentication.AuthenticationException) UsernamePasswordCredentials(org.pac4j.core.credentials.UsernamePasswordCredentials)

Example 2 with UsernamePasswordCredentials

use of org.pac4j.core.credentials.UsernamePasswordCredentials in project cas by apereo.

the class OidcRevocationEndpointController method handleRequestInternal.

/**
 * Handle request for revocation.
 *
 * @param request  the request
 * @param response the response
 * @return the jwk set
 */
@GetMapping(value = '/' + OidcConstants.BASE_OIDC_URL + '/' + OidcConstants.REVOCATION_URL)
public ResponseEntity<String> handleRequestInternal(final HttpServletRequest request, final HttpServletResponse response) {
    try {
        final CredentialsExtractor<UsernamePasswordCredentials> authExtractor = new BasicAuthExtractor();
        final UsernamePasswordCredentials credentials = authExtractor.extract(Pac4jUtils.getPac4jJ2EContext(request, response));
        if (credentials == null) {
            throw new IllegalArgumentException("No credentials are provided to verify introspection on the access token");
        }
        final OAuthRegisteredService service = OAuth20Utils.getRegisteredOAuthServiceByClientId(this.servicesManager, credentials.getUsername());
        if (this.validator.checkServiceValid(service) && this.validator.checkParameterExist(request, OAuth20Constants.ACCESS_TOKEN) && this.validator.checkClientSecret(service, credentials.getPassword())) {
            final String token = request.getParameter(OidcConstants.TOKEN);
            if (StringUtils.isNotBlank(token)) {
                this.ticketRegistry.deleteTicket(token);
            }
        }
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
    }
    return new ResponseEntity<>(HttpStatus.OK);
}
Also used : BasicAuthExtractor(org.pac4j.core.credentials.extractor.BasicAuthExtractor) ResponseEntity(org.springframework.http.ResponseEntity) OAuthRegisteredService(org.apereo.cas.support.oauth.services.OAuthRegisteredService) UsernamePasswordCredentials(org.pac4j.core.credentials.UsernamePasswordCredentials) GetMapping(org.springframework.web.bind.annotation.GetMapping)

Example 3 with UsernamePasswordCredentials

use of org.pac4j.core.credentials.UsernamePasswordCredentials in project pac4j by pac4j.

the class LdapProfileServiceTests method authentSuccessSingleAttribute.

@Test
public void authentSuccessSingleAttribute() {
    final LdapProfileService ldapProfileService = new LdapProfileService(connectionFactory, authenticator, LdapServer.SN, LdapServer.BASE_PEOPLE_DN);
    ldapProfileService.setUsernameAttribute(LdapServer.CN);
    final UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(GOOD_USERNAME, PASSWORD);
    ldapProfileService.validate(credentials, null);
    final CommonProfile profile = credentials.getUserProfile();
    assertNotNull(profile);
    assertTrue(profile instanceof LdapProfile);
    final LdapProfile ldapProfile = (LdapProfile) profile;
    assertEquals(GOOD_USERNAME, ldapProfile.getId());
    assertEquals(1, ldapProfile.getAttributes().size());
    assertEquals(FIRSTNAME_VALUE, ldapProfile.getAttribute(LdapServer.SN));
}
Also used : CommonProfile(org.pac4j.core.profile.CommonProfile) LdapProfile(org.pac4j.ldap.profile.LdapProfile) UsernamePasswordCredentials(org.pac4j.core.credentials.UsernamePasswordCredentials) Test(org.junit.Test)

Example 4 with UsernamePasswordCredentials

use of org.pac4j.core.credentials.UsernamePasswordCredentials in project pac4j by pac4j.

the class LdapProfileServiceTests method authentSuccessMultiAttribute.

@Test
public void authentSuccessMultiAttribute() {
    final LdapProfileService ldapProfileService = new LdapProfileService(connectionFactory, authenticator, LdapServer.SN + "," + LdapServer.ROLE, LdapServer.BASE_PEOPLE_DN);
    ldapProfileService.setUsernameAttribute(LdapServer.CN);
    final UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(GOOD_USERNAME2, PASSWORD);
    ldapProfileService.validate(credentials, null);
    final CommonProfile profile = credentials.getUserProfile();
    assertNotNull(profile);
    assertTrue(profile instanceof LdapProfile);
    final LdapProfile ldapProfile = (LdapProfile) profile;
    assertEquals(GOOD_USERNAME2, ldapProfile.getId());
    assertEquals(1, ldapProfile.getAttributes().size());
    assertNull(ldapProfile.getAttribute(LdapServer.SN));
    final Collection<String> attributes = (Collection<String>) ldapProfile.getAttribute(LdapServer.ROLE);
    assertEquals(2, attributes.size());
    assertTrue(attributes.contains(LdapServer.ROLE1));
    assertTrue(attributes.contains(LdapServer.ROLE2));
}
Also used : CommonProfile(org.pac4j.core.profile.CommonProfile) Collection(java.util.Collection) LdapProfile(org.pac4j.ldap.profile.LdapProfile) UsernamePasswordCredentials(org.pac4j.core.credentials.UsernamePasswordCredentials) Test(org.junit.Test)

Example 5 with UsernamePasswordCredentials

use of org.pac4j.core.credentials.UsernamePasswordCredentials in project pac4j by pac4j.

the class LdapProfileServiceTests method testCreateUpdateFindDelete.

@Test
public void testCreateUpdateFindDelete() {
    final LdapProfile profile = new LdapProfile();
    profile.setId(LDAP_ID);
    profile.setLinkedId(LDAP_LINKED_ID);
    profile.addAttribute(USERNAME, LDAP_USER);
    final LdapProfileService ldapProfileService = new LdapProfileService(connectionFactory, authenticator, LdapServer.BASE_PEOPLE_DN);
    ldapProfileService.setIdAttribute(LdapServer.CN);
    ldapProfileService.setUsernameAttribute(LdapServer.SN);
    ldapProfileService.setPasswordAttribute("userPassword");
    // create
    ldapProfileService.create(profile, LDAP_PASS);
    // check credentials
    final UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(LDAP_ID, LDAP_PASS);
    ldapProfileService.validate(credentials, null);
    final CommonProfile profile1 = credentials.getUserProfile();
    assertNotNull(profile1);
    // check data
    final List<Map<String, Object>> results = getData(ldapProfileService, LDAP_ID);
    assertEquals(1, results.size());
    final Map<String, Object> result = results.get(0);
    assertEquals(4, result.size());
    assertEquals(LDAP_ID, result.get(LdapServer.CN));
    assertEquals(LDAP_LINKED_ID, result.get(AbstractProfileService.LINKEDID));
    assertNotNull(result.get(AbstractProfileService.SERIALIZED_PROFILE));
    assertEquals(LDAP_USER, result.get(LdapServer.SN));
    // findById
    final LdapProfile profile2 = ldapProfileService.findById(LDAP_ID);
    assertEquals(LDAP_ID, profile2.getId());
    assertEquals(LDAP_LINKED_ID, profile2.getLinkedId());
    assertEquals(LDAP_USER, profile2.getUsername());
    assertEquals(1, profile2.getAttributes().size());
    // update
    profile.addAttribute(USERNAME, LDAP_USER2);
    ldapProfileService.update(profile, LDAP_PASS2);
    final List<Map<String, Object>> results2 = getData(ldapProfileService, LDAP_ID);
    assertEquals(1, results2.size());
    final Map<String, Object> result2 = results2.get(0);
    assertEquals(4, result2.size());
    assertEquals(LDAP_ID, result2.get(LdapServer.CN));
    assertEquals(LDAP_LINKED_ID, result2.get(AbstractProfileService.LINKEDID));
    assertNotNull(result2.get(AbstractProfileService.SERIALIZED_PROFILE));
    assertEquals(LDAP_USER2, result2.get(LdapServer.SN));
    // check credentials
    final UsernamePasswordCredentials credentials2 = new UsernamePasswordCredentials(LDAP_ID, LDAP_PASS2);
    ldapProfileService.validate(credentials2, null);
    final CommonProfile profile3 = credentials.getUserProfile();
    assertNotNull(profile3);
    // remove
    ldapProfileService.remove(profile);
    final List<Map<String, Object>> results3 = getData(ldapProfileService, LDAP_ID);
    assertEquals(0, results3.size());
}
Also used : CommonProfile(org.pac4j.core.profile.CommonProfile) LdapProfile(org.pac4j.ldap.profile.LdapProfile) Map(java.util.Map) UsernamePasswordCredentials(org.pac4j.core.credentials.UsernamePasswordCredentials) Test(org.junit.Test)

Aggregations

UsernamePasswordCredentials (org.pac4j.core.credentials.UsernamePasswordCredentials)80 lombok.val (lombok.val)34 JEEContext (org.pac4j.core.context.JEEContext)24 CommonProfile (org.pac4j.core.profile.CommonProfile)22 Test (org.junit.Test)21 Test (org.junit.jupiter.api.Test)21 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)20 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)20 MockTicketGrantingTicket (org.apereo.cas.mock.MockTicketGrantingTicket)10 BasicAuthExtractor (org.pac4j.core.credentials.extractor.BasicAuthExtractor)9 OAuth20DefaultCode (org.apereo.cas.ticket.code.OAuth20DefaultCode)8 HardTimeoutExpirationPolicy (org.apereo.cas.ticket.expiration.HardTimeoutExpirationPolicy)8 HashMap (java.util.HashMap)7 SimpleTestUsernamePasswordAuthenticator (org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator)6 Map (java.util.Map)5 MockWebContext (org.pac4j.core.context.MockWebContext)5 UsernamePasswordCredential (org.apereo.cas.authentication.credential.UsernamePasswordCredential)4 CredentialsException (org.pac4j.core.exception.CredentialsException)4 ArrayList (java.util.ArrayList)3 WebContext (org.pac4j.core.context.WebContext)3