Search in sources :

Example 6 with HttpAction

use of org.pac4j.core.exception.HttpAction in project pac4j by pac4j.

the class DefaultLogoutLogic method perform.

@Override
public R perform(final C context, final Config config, final HttpActionAdapter<R, C> httpActionAdapter, final String defaultUrl, final String inputLogoutUrlPattern, final Boolean inputLocalLogout, final Boolean inputDestroySession, final Boolean inputCentralLogout) {
    logger.debug("=== LOGOUT ===");
    HttpAction action;
    try {
        // default values
        final String logoutUrlPattern;
        if (inputLogoutUrlPattern == null) {
            logoutUrlPattern = Pac4jConstants.DEFAULT_LOGOUT_URL_PATTERN_VALUE;
        } else {
            logoutUrlPattern = inputLogoutUrlPattern;
        }
        final boolean localLogout;
        if (inputLocalLogout == null) {
            localLogout = true;
        } else {
            localLogout = inputLocalLogout;
        }
        final boolean destroySession;
        if (inputDestroySession == null) {
            destroySession = false;
        } else {
            destroySession = inputDestroySession;
        }
        final boolean centralLogout;
        if (inputCentralLogout == null) {
            centralLogout = false;
        } else {
            centralLogout = inputCentralLogout;
        }
        // checks
        assertNotNull("context", context);
        assertNotNull("config", config);
        assertNotNull("httpActionAdapter", httpActionAdapter);
        assertNotBlank(Pac4jConstants.LOGOUT_URL_PATTERN, logoutUrlPattern);
        final Clients configClients = config.getClients();
        assertNotNull("configClients", configClients);
        // logic
        final ProfileManager manager = getProfileManager(context, config);
        final List<CommonProfile> profiles = manager.getAll(true);
        // compute redirection URL
        final String url = context.getRequestParameter(Pac4jConstants.URL);
        String redirectUrl = defaultUrl;
        if (url != null && Pattern.matches(logoutUrlPattern, url)) {
            redirectUrl = url;
        }
        logger.debug("redirectUrl: {}", redirectUrl);
        if (redirectUrl != null) {
            action = HttpAction.redirect(context, redirectUrl);
        } else {
            action = HttpAction.noContent(context);
        }
        // local logout if requested or multiple profiles
        if (localLogout || profiles.size() > 1) {
            logger.debug("Performing application logout");
            manager.logout();
            if (destroySession) {
                final SessionStore sessionStore = context.getSessionStore();
                if (sessionStore != null) {
                    final boolean removed = sessionStore.destroySession(context);
                    if (!removed) {
                        logger.error("Unable to destroy the web session. The session store may not support this feature");
                    }
                } else {
                    logger.error("No session store available for this web context");
                }
            }
        }
        // central logout
        if (centralLogout) {
            logger.debug("Performing central logout");
            for (final CommonProfile profile : profiles) {
                logger.debug("Profile: {}", profile);
                final String clientName = profile.getClientName();
                if (clientName != null) {
                    final Client client = configClients.findClient(clientName);
                    if (client != null) {
                        final String targetUrl;
                        if (redirectUrl != null && (redirectUrl.startsWith(HttpConstants.SCHEME_HTTP) || redirectUrl.startsWith(HttpConstants.SCHEME_HTTPS))) {
                            targetUrl = redirectUrl;
                        } else {
                            targetUrl = null;
                        }
                        final RedirectAction logoutAction = client.getLogoutAction(context, profile, targetUrl);
                        logger.debug("Logout action: {}", logoutAction);
                        if (logoutAction != null) {
                            action = logoutAction.perform(context);
                            break;
                        }
                    }
                }
            }
        }
    } catch (final RuntimeException e) {
        return handleException(e, httpActionAdapter, context);
    }
    return httpActionAdapter.adapt(action.getCode(), context);
}
Also used : ProfileManager(org.pac4j.core.profile.ProfileManager) SessionStore(org.pac4j.core.context.session.SessionStore) CommonProfile(org.pac4j.core.profile.CommonProfile) Clients(org.pac4j.core.client.Clients) Client(org.pac4j.core.client.Client) HttpAction(org.pac4j.core.exception.HttpAction) RedirectAction(org.pac4j.core.redirect.RedirectAction)

Example 7 with HttpAction

use of org.pac4j.core.exception.HttpAction in project pac4j by pac4j.

the class DefaultSecurityLogic method perform.

@Override
public R perform(final C context, final Config config, final SecurityGrantedAccessAdapter<R, C> securityGrantedAccessAdapter, final HttpActionAdapter<R, C> httpActionAdapter, final String clients, final String authorizers, final String matchers, final Boolean inputMultiProfile, final Object... parameters) {
    logger.debug("=== SECURITY ===");
    HttpAction action;
    try {
        // default value
        final boolean multiProfile;
        if (inputMultiProfile == null) {
            multiProfile = false;
        } else {
            multiProfile = inputMultiProfile;
        }
        // checks
        assertNotNull("context", context);
        assertNotNull("config", config);
        assertNotNull("httpActionAdapter", httpActionAdapter);
        assertNotNull("clientFinder", clientFinder);
        assertNotNull("authorizationChecker", authorizationChecker);
        assertNotNull("matchingChecker", matchingChecker);
        assertNotNull("profileStorageDecision", profileStorageDecision);
        final Clients configClients = config.getClients();
        assertNotNull("configClients", configClients);
        // logic
        logger.debug("url: {}", context.getFullRequestURL());
        logger.debug("matchers: {}", matchers);
        if (matchingChecker.matches(context, matchers, config.getMatchers())) {
            logger.debug("clients: {}", clients);
            final List<Client> currentClients = clientFinder.find(configClients, context, clients);
            logger.debug("currentClients: {}", currentClients);
            final boolean loadProfilesFromSession = profileStorageDecision.mustLoadProfilesFromSession(context, currentClients);
            logger.debug("loadProfilesFromSession: {}", loadProfilesFromSession);
            final ProfileManager manager = getProfileManager(context, config);
            List<CommonProfile> profiles = manager.getAll(loadProfilesFromSession);
            logger.debug("profiles: {}", profiles);
            // no profile and some current clients
            if (isEmpty(profiles) && isNotEmpty(currentClients)) {
                boolean updated = false;
                // loop on all clients searching direct ones to perform authentication
                for (final Client currentClient : currentClients) {
                    if (currentClient instanceof DirectClient) {
                        logger.debug("Performing authentication for direct client: {}", currentClient);
                        final Credentials credentials = currentClient.getCredentials(context);
                        logger.debug("credentials: {}", credentials);
                        final CommonProfile profile = currentClient.getUserProfile(credentials, context);
                        logger.debug("profile: {}", profile);
                        if (profile != null) {
                            final boolean saveProfileInSession = profileStorageDecision.mustSaveProfileInSession(context, currentClients, (DirectClient) currentClient, profile);
                            logger.debug("saveProfileInSession: {} / multiProfile: {}", saveProfileInSession, multiProfile);
                            manager.save(saveProfileInSession, profile, multiProfile);
                            updated = true;
                            if (!multiProfile) {
                                break;
                            }
                        }
                    }
                }
                if (updated) {
                    profiles = manager.getAll(loadProfilesFromSession);
                    logger.debug("new profiles: {}", profiles);
                }
            }
            // we have profile(s) -> check authorizations
            if (isNotEmpty(profiles)) {
                logger.debug("authorizers: {}", authorizers);
                if (authorizationChecker.isAuthorized(context, profiles, authorizers, config.getAuthorizers())) {
                    logger.debug("authenticated and authorized -> grant access");
                    return securityGrantedAccessAdapter.adapt(context, profiles, parameters);
                } else {
                    logger.debug("forbidden");
                    action = forbidden(context, currentClients, profiles, authorizers);
                }
            } else {
                if (startAuthentication(context, currentClients)) {
                    logger.debug("Starting authentication");
                    saveRequestedUrl(context, currentClients);
                    action = redirectToIdentityProvider(context, currentClients);
                } else {
                    logger.debug("unauthorized");
                    action = unauthorized(context, currentClients);
                }
            }
        } else {
            logger.debug("no matching for this request -> grant access");
            return securityGrantedAccessAdapter.adapt(context, Arrays.asList(), parameters);
        }
    } catch (final Exception e) {
        return handleException(e, httpActionAdapter, context);
    }
    return httpActionAdapter.adapt(action.getCode(), context);
}
Also used : ProfileManager(org.pac4j.core.profile.ProfileManager) DirectClient(org.pac4j.core.client.DirectClient) CommonProfile(org.pac4j.core.profile.CommonProfile) Clients(org.pac4j.core.client.Clients) DirectClient(org.pac4j.core.client.DirectClient) Client(org.pac4j.core.client.Client) IndirectClient(org.pac4j.core.client.IndirectClient) HttpAction(org.pac4j.core.exception.HttpAction) Credentials(org.pac4j.core.credentials.Credentials)

Example 8 with HttpAction

use of org.pac4j.core.exception.HttpAction in project pac4j by pac4j.

the class CasClientTests method testFrontLogoutWithRelayState.

@Test
public void testFrontLogoutWithRelayState() {
    final CasConfiguration configuration = new CasConfiguration();
    configuration.setLoginUrl(LOGIN_URL);
    final CasClient casClient = new CasClient(configuration);
    casClient.setCallbackUrl(CALLBACK_URL);
    casClient.init();
    final MockWebContext context = MockWebContext.create().addRequestParameter(CasConfiguration.LOGOUT_REQUEST_PARAMETER, deflateAndBase64(LOGOUT_MESSAGE)).addRequestParameter(CasConfiguration.RELAY_STATE_PARAMETER, VALUE).setRequestMethod(HTTP_METHOD.GET.name());
    final HttpAction action = (HttpAction) TestsHelper.expectException(() -> casClient.getCredentials(context));
    assertEquals(TEMP_REDIRECT, action.getCode());
}
Also used : MockWebContext(org.pac4j.core.context.MockWebContext) CasConfiguration(org.pac4j.cas.config.CasConfiguration) HttpAction(org.pac4j.core.exception.HttpAction) Test(org.junit.Test)

Example 9 with HttpAction

use of org.pac4j.core.exception.HttpAction in project pac4j by pac4j.

the class CasProxyReceptorTests method testMissingPgt.

@Test
public void testMissingPgt() {
    final CasProxyReceptor client = new CasProxyReceptor();
    client.setCallbackUrl(CALLBACK_URL);
    final MockWebContext context = MockWebContext.create();
    try {
        client.getCredentials(context.addRequestParameter(CasProxyReceptor.PARAM_PROXY_GRANTING_TICKET, VALUE));
    } catch (final HttpAction e) {
        assertEquals(200, context.getResponseStatus());
        assertEquals("", context.getResponseContent());
    }
}
Also used : MockWebContext(org.pac4j.core.context.MockWebContext) HttpAction(org.pac4j.core.exception.HttpAction) Test(org.junit.Test)

Example 10 with HttpAction

use of org.pac4j.core.exception.HttpAction in project cas by apereo.

the class DelegatedClientNavigationController method redirectToProvider.

/**
 * Redirect to provider. Receive the client name from the request and then try to determine and build the endpoint url
 * for the redirection. The redirection data/url must contain a delegated client ticket id so that the request be can
 * restored on the trip back. SAML clients use the relay-state session attribute while others use request parameters.
 *
 * @param request  the request
 * @param response the response
 * @return the view
 */
@GetMapping(ENDPOINT_REDIRECT)
public View redirectToProvider(final HttpServletRequest request, final HttpServletResponse response) {
    final String clientName = request.getParameter(Pac4jConstants.DEFAULT_CLIENT_NAME_PARAMETER);
    try {
        final IndirectClient client = (IndirectClient<Credentials, CommonProfile>) this.clients.findClient(clientName);
        final J2EContext webContext = Pac4jUtils.getPac4jJ2EContext(request, response);
        final Ticket ticket = delegatedClientWebflowManager.store(webContext, client);
        final View result;
        final RedirectAction action = client.getRedirectAction(webContext);
        if (RedirectAction.RedirectType.SUCCESS.equals(action.getType())) {
            result = new DynamicHtmlView(action.getContent());
        } else {
            final URIBuilder builder = new URIBuilder(action.getLocation());
            final String url = builder.toString();
            LOGGER.debug("Redirecting client [{}] to [{}] based on identifier [{}]", client.getName(), url, ticket.getId());
            result = new RedirectView(url);
        }
        this.delegatedSessionCookieManager.store(webContext);
        return result;
    } catch (final HttpAction e) {
        if (e.getCode() == HttpStatus.UNAUTHORIZED.value()) {
            LOGGER.debug("Authentication request was denied from the provider [{}]", clientName, e);
        } else {
            LOGGER.warn(e.getMessage(), e);
        }
        throw new UnauthorizedServiceException(e.getMessage(), e);
    }
}
Also used : Ticket(org.apereo.cas.ticket.Ticket) RedirectView(org.springframework.web.servlet.view.RedirectView) IndirectClient(org.pac4j.core.client.IndirectClient) UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException) J2EContext(org.pac4j.core.context.J2EContext) View(org.springframework.web.servlet.View) DynamicHtmlView(org.apereo.cas.web.view.DynamicHtmlView) RedirectView(org.springframework.web.servlet.view.RedirectView) DynamicHtmlView(org.apereo.cas.web.view.DynamicHtmlView) HttpAction(org.pac4j.core.exception.HttpAction) RedirectAction(org.pac4j.core.redirect.RedirectAction) URIBuilder(org.jasig.cas.client.util.URIBuilder) GetMapping(org.springframework.web.bind.annotation.GetMapping)

Aggregations

HttpAction (org.pac4j.core.exception.HttpAction)11 Test (org.junit.Test)5 MockWebContext (org.pac4j.core.context.MockWebContext)5 CommonProfile (org.pac4j.core.profile.CommonProfile)5 Client (org.pac4j.core.client.Client)4 Clients (org.pac4j.core.client.Clients)3 IndirectClient (org.pac4j.core.client.IndirectClient)3 Credentials (org.pac4j.core.credentials.Credentials)3 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 HttpServletResponse (javax.servlet.http.HttpServletResponse)2 CasConfiguration (org.pac4j.cas.config.CasConfiguration)2 WebContext (org.pac4j.core.context.WebContext)2 ProfileManager (org.pac4j.core.profile.ProfileManager)2 RedirectAction (org.pac4j.core.redirect.RedirectAction)2 LinkedHashSet (java.util.LinkedHashSet)1 HttpSession (javax.servlet.http.HttpSession)1 PreventedException (org.apereo.cas.authentication.PreventedException)1 ClientCredential (org.apereo.cas.authentication.principal.ClientCredential)1 WebApplicationService (org.apereo.cas.authentication.principal.WebApplicationService)1 UnauthorizedServiceException (org.apereo.cas.services.UnauthorizedServiceException)1