Examples with HttpAction org.pac4j.core.exception.HttpAction used on opensource projects

Example 1 with HttpAction

use of org.pac4j.core.exception.HttpAction in project cas by apereo.

the class DelegatedClientAuthenticationAction method prepareForLoginPage.

/**
     * Prepare the data for the login page.
     *
     * @param context The current webflow context
     * @throws HttpAction the http action
     */
protected void prepareForLoginPage(final RequestContext context) throws HttpAction {
    final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
    final HttpServletResponse response = WebUtils.getHttpServletResponse(context);
    final HttpSession session = request.getSession();
    // web context
    final WebContext webContext = WebUtils.getPac4jJ2EContext(request, response);
    // save parameters in web session
    final WebApplicationService service = WebUtils.getService(context);
    LOGGER.debug("save service: [{}]", service);
    session.setAttribute(CasProtocolConstants.PARAMETER_SERVICE, service);
    saveRequestParameter(request, session, this.themeParamName);
    saveRequestParameter(request, session, this.localParamName);
    saveRequestParameter(request, session, CasProtocolConstants.PARAMETER_METHOD);
    final Set<ProviderLoginPageConfiguration> urls = new LinkedHashSet<>();
    this.clients.findAllClients().forEach(client -> {
        try {
            final IndirectClient indirectClient = (IndirectClient) client;
            final String name = client.getName().replaceAll("Client\\d*", "");
            final String redirectionUrl = indirectClient.getRedirectAction(webContext).getLocation();
            LOGGER.debug("[{}] -> [{}]", name, redirectionUrl);
            urls.add(new ProviderLoginPageConfiguration(name, redirectionUrl, name.toLowerCase()));
        } catch (final HttpAction e) {
            if (e.getCode() == HttpStatus.UNAUTHORIZED.value()) {
                LOGGER.debug("Authentication request was denied from the provider [{}]", client.getName());
            } else {
                LOGGER.warn(e.getMessage(), e);
            }
        } catch (final Exception e) {
            LOGGER.error("Cannot process client [{}]", client, e);
        }
    });
    if (!urls.isEmpty()) {
        context.getFlowScope().put(PAC4J_URLS, urls);
    } else if (response.getStatus() != HttpStatus.UNAUTHORIZED.value()) {
        LOGGER.warn("No clients could be determined based on the provided configuration");
    }
}

Example 2 with HttpAction

use of org.pac4j.core.exception.HttpAction in project cas by apereo.

the class ClientAuthenticationHandler method doAuthentication.

@Override
protected AuthenticationHandlerExecutionResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
    try {
        final ClientCredential clientCredentials = (ClientCredential) credential;
        LOGGER.debug("Located client credentials as [{}]", clientCredentials);
        final Credentials credentials = clientCredentials.getCredentials();
        LOGGER.debug("Client name: [{}]", clientCredentials.getClientName());
        // get client
        final Client client = this.clients.findClient(clientCredentials.getClientName());
        LOGGER.debug("Delegated client is: [{}]", client);
        final HttpServletRequest request = WebUtils.getHttpServletRequestFromExternalWebflowContext();
        final HttpServletResponse response = WebUtils.getHttpServletResponseFromExternalWebflowContext();
        final WebContext webContext = Pac4jUtils.getPac4jJ2EContext(request, response);
        final UserProfile userProfile = client.getUserProfile(credentials, webContext);
        LOGGER.debug("Final user profile is: [{}]", userProfile);
        return createResult(clientCredentials, userProfile);
    } catch (final HttpAction e) {
        throw new PreventedException(e);
    }
}

Example 3 with HttpAction

use of org.pac4j.core.exception.HttpAction in project pac4j by pac4j.

the class BaseClientTests method testAlreadyTried.

@Test
public void testAlreadyTried() {
    final MockIndirectClient client = new MockIndirectClient(TYPE, RedirectAction.redirect(LOGIN_URL), (Credentials) null, new CommonProfile());
    client.setCallbackUrl(CALLBACK_URL);
    final MockWebContext context = MockWebContext.create();
    context.getSessionStore().set(context, client.getName() + IndirectClient.ATTEMPTED_AUTHENTICATION_SUFFIX, "true");
    final HttpAction e = (HttpAction) TestsHelper.expectException(() -> client.redirect(context));
    assertEquals(401, e.getCode());
    assertEquals(401, context.getResponseStatus());
}

Example 4 with HttpAction

use of org.pac4j.core.exception.HttpAction in project pac4j by pac4j.

the class BaseClientTests method testAjaxRequest.

@Test
public void testAjaxRequest() {
    final MockIndirectClient client = new MockIndirectClient(TYPE, RedirectAction.redirect(LOGIN_URL), (Credentials) null, new CommonProfile());
    client.setCallbackUrl(CALLBACK_URL);
    final MockWebContext context = MockWebContext.create().addRequestHeader(HttpConstants.AJAX_HEADER_NAME, HttpConstants.AJAX_HEADER_VALUE);
    final HttpAction e = (HttpAction) TestsHelper.expectException(() -> client.redirect(context));
    assertEquals(401, e.getCode());
    assertEquals(401, context.getResponseStatus());
}

Example 5 with HttpAction

use of org.pac4j.core.exception.HttpAction in project pac4j by pac4j.

the class DefaultCallbackLogic method perform.

@Override
public R perform(final C context, final Config config, final HttpActionAdapter<R, C> httpActionAdapter, final String inputDefaultUrl, final Boolean inputSaveInSession, final Boolean inputMultiProfile, final Boolean inputRenewSession, final String client) {
    logger.debug("=== CALLBACK ===");
    HttpAction action;
    try {
        // default values
        final String defaultUrl;
        if (inputDefaultUrl == null) {
            defaultUrl = Pac4jConstants.DEFAULT_URL_VALUE;
        } else {
            defaultUrl = inputDefaultUrl;
        }
        final boolean saveInSession;
        if (inputSaveInSession == null) {
            saveInSession = true;
        } else {
            saveInSession = inputSaveInSession;
        }
        final boolean multiProfile;
        if (inputMultiProfile == null) {
            multiProfile = false;
        } else {
            multiProfile = inputMultiProfile;
        }
        final boolean renewSession;
        if (inputRenewSession == null) {
            renewSession = true;
        } else {
            renewSession = inputRenewSession;
        }
        // checks
        assertNotNull("clientFinder", clientFinder);
        assertNotNull("context", context);
        assertNotNull("config", config);
        assertNotNull("httpActionAdapter", httpActionAdapter);
        assertNotBlank(Pac4jConstants.DEFAULT_URL, defaultUrl);
        final Clients clients = config.getClients();
        assertNotNull("clients", clients);
        // logic
        final List<Client> foundClients = clientFinder.find(clients, context, client);
        assertTrue(foundClients != null && foundClients.size() == 1, "unable to find one indirect client for the callback: check the callback URL for a client name parameter or suffix path" + " or ensure that your configuration defaults to one indirect client");
        final Client foundClient = foundClients.get(0);
        logger.debug("foundClient: {}", foundClient);
        assertNotNull("foundClient", foundClient);
        final Credentials credentials = foundClient.getCredentials(context);
        logger.debug("credentials: {}", credentials);
        final CommonProfile profile = foundClient.getUserProfile(credentials, context);
        logger.debug("profile: {}", profile);
        saveUserProfile(context, config, profile, saveInSession, multiProfile, renewSession);
        action = redirectToOriginallyRequestedUrl(context, defaultUrl);
    } catch (final RuntimeException e) {
        return handleException(e, httpActionAdapter, context);
    }
    return httpActionAdapter.adapt(action.getCode(), context);
}