use of org.pac4j.core.exception.HttpAction in project pac4j by pac4j.
the class DefaultLogoutLogic method perform.
@Override
public R perform(final C context, final Config config, final HttpActionAdapter<R, C> httpActionAdapter, final String defaultUrl, final String inputLogoutUrlPattern, final Boolean inputLocalLogout, final Boolean inputDestroySession, final Boolean inputCentralLogout) {
logger.debug("=== LOGOUT ===");
HttpAction action;
try {
// default values
final String logoutUrlPattern;
if (inputLogoutUrlPattern == null) {
logoutUrlPattern = Pac4jConstants.DEFAULT_LOGOUT_URL_PATTERN_VALUE;
} else {
logoutUrlPattern = inputLogoutUrlPattern;
}
final boolean localLogout;
if (inputLocalLogout == null) {
localLogout = true;
} else {
localLogout = inputLocalLogout;
}
final boolean destroySession;
if (inputDestroySession == null) {
destroySession = false;
} else {
destroySession = inputDestroySession;
}
final boolean centralLogout;
if (inputCentralLogout == null) {
centralLogout = false;
} else {
centralLogout = inputCentralLogout;
}
// checks
assertNotNull("context", context);
assertNotNull("config", config);
assertNotNull("httpActionAdapter", httpActionAdapter);
assertNotBlank(Pac4jConstants.LOGOUT_URL_PATTERN, logoutUrlPattern);
final Clients configClients = config.getClients();
assertNotNull("configClients", configClients);
// logic
final ProfileManager manager = getProfileManager(context, config);
final List<CommonProfile> profiles = manager.getAll(true);
// compute redirection URL
final String url = context.getRequestParameter(Pac4jConstants.URL);
String redirectUrl = defaultUrl;
if (url != null && Pattern.matches(logoutUrlPattern, url)) {
redirectUrl = url;
}
logger.debug("redirectUrl: {}", redirectUrl);
if (redirectUrl != null) {
action = HttpAction.redirect(context, redirectUrl);
} else {
action = HttpAction.noContent(context);
}
// local logout if requested or multiple profiles
if (localLogout || profiles.size() > 1) {
logger.debug("Performing application logout");
manager.logout();
if (destroySession) {
final SessionStore sessionStore = context.getSessionStore();
if (sessionStore != null) {
final boolean removed = sessionStore.destroySession(context);
if (!removed) {
logger.error("Unable to destroy the web session. The session store may not support this feature");
}
} else {
logger.error("No session store available for this web context");
}
}
}
// central logout
if (centralLogout) {
logger.debug("Performing central logout");
for (final CommonProfile profile : profiles) {
logger.debug("Profile: {}", profile);
final String clientName = profile.getClientName();
if (clientName != null) {
final Client client = configClients.findClient(clientName);
if (client != null) {
final String targetUrl;
if (redirectUrl != null && (redirectUrl.startsWith(HttpConstants.SCHEME_HTTP) || redirectUrl.startsWith(HttpConstants.SCHEME_HTTPS))) {
targetUrl = redirectUrl;
} else {
targetUrl = null;
}
final RedirectAction logoutAction = client.getLogoutAction(context, profile, targetUrl);
logger.debug("Logout action: {}", logoutAction);
if (logoutAction != null) {
action = logoutAction.perform(context);
break;
}
}
}
}
}
} catch (final RuntimeException e) {
return handleException(e, httpActionAdapter, context);
}
return httpActionAdapter.adapt(action.getCode(), context);
}
use of org.pac4j.core.exception.HttpAction in project pac4j by pac4j.
the class DefaultSecurityLogic method perform.
@Override
public R perform(final C context, final Config config, final SecurityGrantedAccessAdapter<R, C> securityGrantedAccessAdapter, final HttpActionAdapter<R, C> httpActionAdapter, final String clients, final String authorizers, final String matchers, final Boolean inputMultiProfile, final Object... parameters) {
logger.debug("=== SECURITY ===");
HttpAction action;
try {
// default value
final boolean multiProfile;
if (inputMultiProfile == null) {
multiProfile = false;
} else {
multiProfile = inputMultiProfile;
}
// checks
assertNotNull("context", context);
assertNotNull("config", config);
assertNotNull("httpActionAdapter", httpActionAdapter);
assertNotNull("clientFinder", clientFinder);
assertNotNull("authorizationChecker", authorizationChecker);
assertNotNull("matchingChecker", matchingChecker);
assertNotNull("profileStorageDecision", profileStorageDecision);
final Clients configClients = config.getClients();
assertNotNull("configClients", configClients);
// logic
logger.debug("url: {}", context.getFullRequestURL());
logger.debug("matchers: {}", matchers);
if (matchingChecker.matches(context, matchers, config.getMatchers())) {
logger.debug("clients: {}", clients);
final List<Client> currentClients = clientFinder.find(configClients, context, clients);
logger.debug("currentClients: {}", currentClients);
final boolean loadProfilesFromSession = profileStorageDecision.mustLoadProfilesFromSession(context, currentClients);
logger.debug("loadProfilesFromSession: {}", loadProfilesFromSession);
final ProfileManager manager = getProfileManager(context, config);
List<CommonProfile> profiles = manager.getAll(loadProfilesFromSession);
logger.debug("profiles: {}", profiles);
// no profile and some current clients
if (isEmpty(profiles) && isNotEmpty(currentClients)) {
boolean updated = false;
// loop on all clients searching direct ones to perform authentication
for (final Client currentClient : currentClients) {
if (currentClient instanceof DirectClient) {
logger.debug("Performing authentication for direct client: {}", currentClient);
final Credentials credentials = currentClient.getCredentials(context);
logger.debug("credentials: {}", credentials);
final CommonProfile profile = currentClient.getUserProfile(credentials, context);
logger.debug("profile: {}", profile);
if (profile != null) {
final boolean saveProfileInSession = profileStorageDecision.mustSaveProfileInSession(context, currentClients, (DirectClient) currentClient, profile);
logger.debug("saveProfileInSession: {} / multiProfile: {}", saveProfileInSession, multiProfile);
manager.save(saveProfileInSession, profile, multiProfile);
updated = true;
if (!multiProfile) {
break;
}
}
}
}
if (updated) {
profiles = manager.getAll(loadProfilesFromSession);
logger.debug("new profiles: {}", profiles);
}
}
// we have profile(s) -> check authorizations
if (isNotEmpty(profiles)) {
logger.debug("authorizers: {}", authorizers);
if (authorizationChecker.isAuthorized(context, profiles, authorizers, config.getAuthorizers())) {
logger.debug("authenticated and authorized -> grant access");
return securityGrantedAccessAdapter.adapt(context, profiles, parameters);
} else {
logger.debug("forbidden");
action = forbidden(context, currentClients, profiles, authorizers);
}
} else {
if (startAuthentication(context, currentClients)) {
logger.debug("Starting authentication");
saveRequestedUrl(context, currentClients);
action = redirectToIdentityProvider(context, currentClients);
} else {
logger.debug("unauthorized");
action = unauthorized(context, currentClients);
}
}
} else {
logger.debug("no matching for this request -> grant access");
return securityGrantedAccessAdapter.adapt(context, Arrays.asList(), parameters);
}
} catch (final Exception e) {
return handleException(e, httpActionAdapter, context);
}
return httpActionAdapter.adapt(action.getCode(), context);
}
use of org.pac4j.core.exception.HttpAction in project pac4j by pac4j.
the class CasClientTests method testFrontLogoutWithRelayState.
@Test
public void testFrontLogoutWithRelayState() {
final CasConfiguration configuration = new CasConfiguration();
configuration.setLoginUrl(LOGIN_URL);
final CasClient casClient = new CasClient(configuration);
casClient.setCallbackUrl(CALLBACK_URL);
casClient.init();
final MockWebContext context = MockWebContext.create().addRequestParameter(CasConfiguration.LOGOUT_REQUEST_PARAMETER, deflateAndBase64(LOGOUT_MESSAGE)).addRequestParameter(CasConfiguration.RELAY_STATE_PARAMETER, VALUE).setRequestMethod(HTTP_METHOD.GET.name());
final HttpAction action = (HttpAction) TestsHelper.expectException(() -> casClient.getCredentials(context));
assertEquals(TEMP_REDIRECT, action.getCode());
}
use of org.pac4j.core.exception.HttpAction in project pac4j by pac4j.
the class CasProxyReceptorTests method testMissingPgt.
@Test
public void testMissingPgt() {
final CasProxyReceptor client = new CasProxyReceptor();
client.setCallbackUrl(CALLBACK_URL);
final MockWebContext context = MockWebContext.create();
try {
client.getCredentials(context.addRequestParameter(CasProxyReceptor.PARAM_PROXY_GRANTING_TICKET, VALUE));
} catch (final HttpAction e) {
assertEquals(200, context.getResponseStatus());
assertEquals("", context.getResponseContent());
}
}
use of org.pac4j.core.exception.HttpAction in project cas by apereo.
the class DelegatedClientNavigationController method redirectToProvider.
/**
* Redirect to provider. Receive the client name from the request and then try to determine and build the endpoint url
* for the redirection. The redirection data/url must contain a delegated client ticket id so that the request be can
* restored on the trip back. SAML clients use the relay-state session attribute while others use request parameters.
*
* @param request the request
* @param response the response
* @return the view
*/
@GetMapping(ENDPOINT_REDIRECT)
public View redirectToProvider(final HttpServletRequest request, final HttpServletResponse response) {
final String clientName = request.getParameter(Pac4jConstants.DEFAULT_CLIENT_NAME_PARAMETER);
try {
final IndirectClient client = (IndirectClient<Credentials, CommonProfile>) this.clients.findClient(clientName);
final J2EContext webContext = Pac4jUtils.getPac4jJ2EContext(request, response);
final Ticket ticket = delegatedClientWebflowManager.store(webContext, client);
final View result;
final RedirectAction action = client.getRedirectAction(webContext);
if (RedirectAction.RedirectType.SUCCESS.equals(action.getType())) {
result = new DynamicHtmlView(action.getContent());
} else {
final URIBuilder builder = new URIBuilder(action.getLocation());
final String url = builder.toString();
LOGGER.debug("Redirecting client [{}] to [{}] based on identifier [{}]", client.getName(), url, ticket.getId());
result = new RedirectView(url);
}
this.delegatedSessionCookieManager.store(webContext);
return result;
} catch (final HttpAction e) {
if (e.getCode() == HttpStatus.UNAUTHORIZED.value()) {
LOGGER.debug("Authentication request was denied from the provider [{}]", clientName, e);
} else {
LOGGER.warn(e.getMessage(), e);
}
throw new UnauthorizedServiceException(e.getMessage(), e);
}
}
Aggregations