Example 6 with HttpAction
use of org.pac4j.core.exception.HttpAction in project pac4j by pac4j.
the class DefaultLogoutLogic method perform.
@Override
public R perform(final C context, final Config config, final HttpActionAdapter<R, C> httpActionAdapter, final String defaultUrl, final String inputLogoutUrlPattern, final Boolean inputLocalLogout, final Boolean inputDestroySession, final Boolean inputCentralLogout) {
logger.debug("=== LOGOUT ===");
HttpAction action;
try {
// default values
final String logoutUrlPattern;
if (inputLogoutUrlPattern == null) {
logoutUrlPattern = Pac4jConstants.DEFAULT_LOGOUT_URL_PATTERN_VALUE;
} else {
logoutUrlPattern = inputLogoutUrlPattern;
}
final boolean localLogout;
if (inputLocalLogout == null) {
localLogout = true;
} else {
localLogout = inputLocalLogout;
}
final boolean destroySession;
if (inputDestroySession == null) {
destroySession = false;
} else {
destroySession = inputDestroySession;
}
final boolean centralLogout;
if (inputCentralLogout == null) {
centralLogout = false;
} else {
centralLogout = inputCentralLogout;
}
// checks
assertNotNull("context", context);
assertNotNull("config", config);
assertNotNull("httpActionAdapter", httpActionAdapter);
assertNotBlank(Pac4jConstants.LOGOUT_URL_PATTERN, logoutUrlPattern);
final Clients configClients = config.getClients();
assertNotNull("configClients", configClients);
// logic
final ProfileManager manager = getProfileManager(context, config);
final List<CommonProfile> profiles = manager.getAll(true);
// compute redirection URL
final String url = context.getRequestParameter(Pac4jConstants.URL);
String redirectUrl = defaultUrl;
if (url != null && Pattern.matches(logoutUrlPattern, url)) {
redirectUrl = url;
}
logger.debug("redirectUrl: {}", redirectUrl);
if (redirectUrl != null) {
action = HttpAction.redirect(context, redirectUrl);
} else {
action = HttpAction.noContent(context);
}
// local logout if requested or multiple profiles
if (localLogout || profiles.size() > 1) {
logger.debug("Performing application logout");
manager.logout();
if (destroySession) {
final SessionStore sessionStore = context.getSessionStore();
if (sessionStore != null) {
final boolean removed = sessionStore.destroySession(context);
if (!removed) {
logger.error("Unable to destroy the web session. The session store may not support this feature");
}
} else {
logger.error("No session store available for this web context");
}
}
}
// central logout
if (centralLogout) {
logger.debug("Performing central logout");
for (final CommonProfile profile : profiles) {
logger.debug("Profile: {}", profile);
final String clientName = profile.getClientName();
if (clientName != null) {
final Client client = configClients.findClient(clientName);
if (client != null) {
final String targetUrl;
if (redirectUrl != null && (redirectUrl.startsWith(HttpConstants.SCHEME_HTTP) || redirectUrl.startsWith(HttpConstants.SCHEME_HTTPS))) {
targetUrl = redirectUrl;
} else {
targetUrl = null;
}
final RedirectAction logoutAction = client.getLogoutAction(context, profile, targetUrl);
logger.debug("Logout action: {}", logoutAction);
if (logoutAction != null) {
action = logoutAction.perform(context);
break;
}
}
}
}
}
} catch (final RuntimeException e) {
return handleException(e, httpActionAdapter, context);
}
return httpActionAdapter.adapt(action.getCode(), context);
}
Also used :
ProfileManager(org.pac4j.core.profile.ProfileManager)
SessionStore(org.pac4j.core.context.session.SessionStore)
CommonProfile(org.pac4j.core.profile.CommonProfile)
Clients(org.pac4j.core.client.Clients)
Client(org.pac4j.core.client.Client)
HttpAction(org.pac4j.core.exception.HttpAction)
RedirectAction(org.pac4j.core.redirect.RedirectAction)
Example 7 with HttpAction
use of org.pac4j.core.exception.HttpAction in project pac4j by pac4j.
the class DefaultSecurityLogic method perform.
@Override
public R perform(final C context, final Config config, final SecurityGrantedAccessAdapter<R, C> securityGrantedAccessAdapter, final HttpActionAdapter<R, C> httpActionAdapter, final String clients, final String authorizers, final String matchers, final Boolean inputMultiProfile, final Object... parameters) {
logger.debug("=== SECURITY ===");
HttpAction action;
try {
// default value
final boolean multiProfile;
if (inputMultiProfile == null) {
multiProfile = false;
} else {
multiProfile = inputMultiProfile;
}
// checks
assertNotNull("context", context);
assertNotNull("config", config);
assertNotNull("httpActionAdapter", httpActionAdapter);
assertNotNull("clientFinder", clientFinder);
assertNotNull("authorizationChecker", authorizationChecker);
assertNotNull("matchingChecker", matchingChecker);
assertNotNull("profileStorageDecision", profileStorageDecision);
final Clients configClients = config.getClients();
assertNotNull("configClients", configClients);
// logic
logger.debug("url: {}", context.getFullRequestURL());
logger.debug("matchers: {}", matchers);
if (matchingChecker.matches(context, matchers, config.getMatchers())) {
logger.debug("clients: {}", clients);
final List<Client> currentClients = clientFinder.find(configClients, context, clients);
logger.debug("currentClients: {}", currentClients);
final boolean loadProfilesFromSession = profileStorageDecision.mustLoadProfilesFromSession(context, currentClients);
logger.debug("loadProfilesFromSession: {}", loadProfilesFromSession);
final ProfileManager manager = getProfileManager(context, config);
List<CommonProfile> profiles = manager.getAll(loadProfilesFromSession);
logger.debug("profiles: {}", profiles);
// no profile and some current clients
if (isEmpty(profiles) && isNotEmpty(currentClients)) {
boolean updated = false;
// loop on all clients searching direct ones to perform authentication
for (final Client currentClient : currentClients) {
if (currentClient instanceof DirectClient) {
logger.debug("Performing authentication for direct client: {}", currentClient);
final Credentials credentials = currentClient.getCredentials(context);
logger.debug("credentials: {}", credentials);
final CommonProfile profile = currentClient.getUserProfile(credentials, context);
logger.debug("profile: {}", profile);
if (profile != null) {
final boolean saveProfileInSession = profileStorageDecision.mustSaveProfileInSession(context, currentClients, (DirectClient) currentClient, profile);
logger.debug("saveProfileInSession: {} / multiProfile: {}", saveProfileInSession, multiProfile);
manager.save(saveProfileInSession, profile, multiProfile);
updated = true;
if (!multiProfile) {
break;
}
}
}
}
if (updated) {
profiles = manager.getAll(loadProfilesFromSession);
logger.debug("new profiles: {}", profiles);
}
}
// we have profile(s) -> check authorizations
if (isNotEmpty(profiles)) {
logger.debug("authorizers: {}", authorizers);
if (authorizationChecker.isAuthorized(context, profiles, authorizers, config.getAuthorizers())) {
logger.debug("authenticated and authorized -> grant access");
return securityGrantedAccessAdapter.adapt(context, profiles, parameters);
} else {
logger.debug("forbidden");
action = forbidden(context, currentClients, profiles, authorizers);
}
} else {
if (startAuthentication(context, currentClients)) {
logger.debug("Starting authentication");
saveRequestedUrl(context, currentClients);
action = redirectToIdentityProvider(context, currentClients);
} else {
logger.debug("unauthorized");
action = unauthorized(context, currentClients);
}
}
} else {
logger.debug("no matching for this request -> grant access");
return securityGrantedAccessAdapter.adapt(context, Arrays.asList(), parameters);
}
} catch (final Exception e) {
return handleException(e, httpActionAdapter, context);
}
return httpActionAdapter.adapt(action.getCode(), context);
}
Also used :
ProfileManager(org.pac4j.core.profile.ProfileManager)
DirectClient(org.pac4j.core.client.DirectClient)
CommonProfile(org.pac4j.core.profile.CommonProfile)
Clients(org.pac4j.core.client.Clients)
DirectClient(org.pac4j.core.client.DirectClient)
Client(org.pac4j.core.client.Client)
IndirectClient(org.pac4j.core.client.IndirectClient)
HttpAction(org.pac4j.core.exception.HttpAction)
Credentials(org.pac4j.core.credentials.Credentials)
Example 8 with HttpAction
use of org.pac4j.core.exception.HttpAction in project pac4j by pac4j.
the class CasClientTests method testFrontLogoutWithRelayState.
@Test
public void testFrontLogoutWithRelayState() {
final CasConfiguration configuration = new CasConfiguration();
configuration.setLoginUrl(LOGIN_URL);
final CasClient casClient = new CasClient(configuration);
casClient.setCallbackUrl(CALLBACK_URL);
casClient.init();
final MockWebContext context = MockWebContext.create().addRequestParameter(CasConfiguration.LOGOUT_REQUEST_PARAMETER, deflateAndBase64(LOGOUT_MESSAGE)).addRequestParameter(CasConfiguration.RELAY_STATE_PARAMETER, VALUE).setRequestMethod(HTTP_METHOD.GET.name());
final HttpAction action = (HttpAction) TestsHelper.expectException(() -> casClient.getCredentials(context));
assertEquals(TEMP_REDIRECT, action.getCode());
}
Also used :
MockWebContext(org.pac4j.core.context.MockWebContext)
CasConfiguration(org.pac4j.cas.config.CasConfiguration)
HttpAction(org.pac4j.core.exception.HttpAction)
Test(org.junit.Test)
Example 9 with HttpAction
use of org.pac4j.core.exception.HttpAction in project pac4j by pac4j.
the class CasProxyReceptorTests method testMissingPgt.
@Test
public void testMissingPgt() {
final CasProxyReceptor client = new CasProxyReceptor();
client.setCallbackUrl(CALLBACK_URL);
final MockWebContext context = MockWebContext.create();
try {
client.getCredentials(context.addRequestParameter(CasProxyReceptor.PARAM_PROXY_GRANTING_TICKET, VALUE));
} catch (final HttpAction e) {
assertEquals(200, context.getResponseStatus());
assertEquals("", context.getResponseContent());
}
}
Also used :
MockWebContext(org.pac4j.core.context.MockWebContext)
HttpAction(org.pac4j.core.exception.HttpAction)
Test(org.junit.Test)
Example 10 with HttpAction
use of org.pac4j.core.exception.HttpAction in project cas by apereo.
the class DelegatedClientNavigationController method redirectToProvider.
/**
* Redirect to provider. Receive the client name from the request and then try to determine and build the endpoint url
* for the redirection. The redirection data/url must contain a delegated client ticket id so that the request be can
* restored on the trip back. SAML clients use the relay-state session attribute while others use request parameters.
*
* @param request the request
* @param response the response
* @return the view
*/
@GetMapping(ENDPOINT_REDIRECT)
public View redirectToProvider(final HttpServletRequest request, final HttpServletResponse response) {
final String clientName = request.getParameter(Pac4jConstants.DEFAULT_CLIENT_NAME_PARAMETER);
try {
final IndirectClient client = (IndirectClient<Credentials, CommonProfile>) this.clients.findClient(clientName);
final J2EContext webContext = Pac4jUtils.getPac4jJ2EContext(request, response);
final Ticket ticket = delegatedClientWebflowManager.store(webContext, client);
final View result;
final RedirectAction action = client.getRedirectAction(webContext);
if (RedirectAction.RedirectType.SUCCESS.equals(action.getType())) {
result = new DynamicHtmlView(action.getContent());
} else {
final URIBuilder builder = new URIBuilder(action.getLocation());
final String url = builder.toString();
LOGGER.debug("Redirecting client [{}] to [{}] based on identifier [{}]", client.getName(), url, ticket.getId());
result = new RedirectView(url);
}
this.delegatedSessionCookieManager.store(webContext);
return result;
} catch (final HttpAction e) {
if (e.getCode() == HttpStatus.UNAUTHORIZED.value()) {
LOGGER.debug("Authentication request was denied from the provider [{}]", clientName, e);
} else {
LOGGER.warn(e.getMessage(), e);
}
throw new UnauthorizedServiceException(e.getMessage(), e);
}
}
Also used :
Ticket(org.apereo.cas.ticket.Ticket)
RedirectView(org.springframework.web.servlet.view.RedirectView)
IndirectClient(org.pac4j.core.client.IndirectClient)
UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException)
J2EContext(org.pac4j.core.context.J2EContext)
View(org.springframework.web.servlet.View)
DynamicHtmlView(org.apereo.cas.web.view.DynamicHtmlView)
RedirectView(org.springframework.web.servlet.view.RedirectView)
DynamicHtmlView(org.apereo.cas.web.view.DynamicHtmlView)
HttpAction(org.pac4j.core.exception.HttpAction)
RedirectAction(org.pac4j.core.redirect.RedirectAction)
URIBuilder(org.jasig.cas.client.util.URIBuilder)
GetMapping(org.springframework.web.bind.annotation.GetMapping)
Aggregations
HttpAction (org.pac4j.core.exception.HttpAction)11
Test (org.junit.Test)5
MockWebContext (org.pac4j.core.context.MockWebContext)5
CommonProfile (org.pac4j.core.profile.CommonProfile)5
Client (org.pac4j.core.client.Client)4
Clients (org.pac4j.core.client.Clients)3
IndirectClient (org.pac4j.core.client.IndirectClient)3
Credentials (org.pac4j.core.credentials.Credentials)3
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
CasConfiguration (org.pac4j.cas.config.CasConfiguration)2
WebContext (org.pac4j.core.context.WebContext)2
ProfileManager (org.pac4j.core.profile.ProfileManager)2
RedirectAction (org.pac4j.core.redirect.RedirectAction)2
LinkedHashSet (java.util.LinkedHashSet)1
HttpSession (javax.servlet.http.HttpSession)1
PreventedException (org.apereo.cas.authentication.PreventedException)1
ClientCredential (org.apereo.cas.authentication.principal.ClientCredential)1
WebApplicationService (org.apereo.cas.authentication.principal.WebApplicationService)1
UnauthorizedServiceException (org.apereo.cas.services.UnauthorizedServiceException)1
