Example 1 with HttpAction
use of org.pac4j.core.exception.http.HttpAction in project cas by apereo.
the class DelegatedAuthenticationClientFinishLogoutAction method doExecute.
@Override
protected Event doExecute(final RequestContext requestContext) {
val request = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
val response = WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext);
val context = new JEEContext(request, response);
var clientName = WebUtils.getDelegatedAuthenticationClientName(requestContext);
if (clientName == null) {
clientName = requestContext.getRequestParameters().get(SamlProtocolConstants.PARAMETER_SAML_RELAY_STATE);
if (StringUtils.isNotBlank(clientName)) {
clients.findClient(clientName).filter(client -> client instanceof SAML2Client).map(SAML2Client.class::cast).ifPresent(client -> {
try {
LOGGER.debug("Located client from relay-state: [{}]", client);
val samlContext = client.getContextProvider().buildContext(client, context, this.sessionStore);
client.getLogoutProfileHandler().receive(samlContext);
} catch (final HttpAction action) {
LOGGER.debug("Adapting logout response via [{}]", action.toString());
JEEHttpActionAdapter.INSTANCE.adapt(action, context);
} catch (final Exception e) {
LoggingUtils.error(LOGGER, e);
}
});
}
} else {
clients.findClient(clientName).filter(client -> client instanceof SAML2Client).map(SAML2Client.class::cast).ifPresent(client -> {
LOGGER.debug("Located client from webflow state: [{}]", client);
val logoutRedirect = WebUtils.getLogoutRedirectUrl(requestContext, String.class);
if (logoutRedirect != null) {
val validator = client.getLogoutValidator();
validator.setPostLogoutURL(logoutRedirect);
LOGGER.debug("Captured post logout url: [{}]", logoutRedirect);
WebUtils.putLogoutRedirectUrl(requestContext, null);
}
});
}
return null;
}
Also used :
lombok.val(lombok.val)
JEEContext(org.pac4j.core.context.JEEContext)
SAML2Client(org.pac4j.saml.client.SAML2Client)
HttpAction(org.pac4j.core.exception.http.HttpAction)
Example 2 with HttpAction
use of org.pac4j.core.exception.http.HttpAction in project cas by apereo.
the class DelegatedClientAuthenticationAction method doExecute.
@Override
public Event doExecute(final RequestContext context) {
val request = WebUtils.getHttpServletRequestFromExternalWebflowContext(context);
val response = WebUtils.getHttpServletResponseFromExternalWebflowContext(context);
val webContext = new JEEContext(request, response);
try {
val clientName = retrieveClientName(webContext);
LOGGER.trace("Delegated authentication is handled by client name [{}]", clientName);
var service = (Service) null;
if (!isLogoutRequest(request) && singleSignOnSessionExists(context) && StringUtils.isNotBlank(clientName)) {
LOGGER.trace("Found existing single sign-on session");
service = populateContextWithService(context, webContext, clientName);
if (singleSignOnSessionAuthorizedForService(context)) {
val providers = configContext.getDelegatedClientIdentityProvidersProducer().produce(context);
LOGGER.debug("Skipping delegation and routing back to CAS authentication flow with providers [{}]", providers);
return super.doExecute(context);
}
val resolvedService = resolveServiceFromRequestContext(context);
LOGGER.debug("Single sign-on session in unauthorized for service [{}]", resolvedService);
val tgt = WebUtils.getTicketGrantingTicketId(context);
configContext.getCentralAuthenticationService().deleteTicket(tgt);
}
if (hasDelegationRequestFailed(request, response.getStatus()).isPresent()) {
throw new IllegalArgumentException("Delegated authentication has failed with client " + clientName);
}
if (StringUtils.isNotBlank(clientName)) {
if (service == null) {
service = populateContextWithService(context, webContext, clientName);
}
val client = findDelegatedClientByName(request, clientName, service);
WebUtils.putDelegatedAuthenticationClientName(context, client.getName());
populateContextWithClientCredential(client, webContext, context);
return super.doExecute(context);
}
produceDelegatedAuthenticationClientsForContext(context);
} catch (final HttpAction e) {
FunctionUtils.doIf(LOGGER.isDebugEnabled(), o -> LOGGER.debug(e.getMessage(), e), o -> LOGGER.info(e.getMessage())).accept(e);
JEEHttpActionAdapter.INSTANCE.adapt(e, webContext);
return isLogoutRequest(request) ? error() : success();
} catch (final UnauthorizedServiceException e) {
LOGGER.warn(e.getMessage(), e);
throw e;
} catch (final Exception e) {
LoggingUtils.error(LOGGER, e);
return stopWebflow(e, context);
}
return error();
}
Also used :
lombok.val(lombok.val)
JEEContext(org.pac4j.core.context.JEEContext)
Service(org.apereo.cas.authentication.principal.Service)
UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException)
HttpAction(org.pac4j.core.exception.http.HttpAction)
UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException)
AbstractTicketException(org.apereo.cas.ticket.AbstractTicketException)
UnauthorizedAuthenticationException(org.apereo.cas.authentication.adaptive.UnauthorizedAuthenticationException)
Example 3 with HttpAction
use of org.pac4j.core.exception.http.HttpAction in project cas by apereo.
the class DelegatedAuthenticationClientLogoutAction method doExecute.
@Override
protected Event doExecute(final RequestContext requestContext) {
val request = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
val response = WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext);
val context = new JEEContext(request, response);
val currentProfile = findCurrentProfile(context);
val clientResult = currentProfile == null ? Optional.<Client>empty() : clients.findClient(currentProfile.getClientName());
if (clientResult.isPresent()) {
val client = clientResult.get();
LOGGER.trace("Located client [{}]", client);
val service = WebUtils.getService(requestContext);
val targetUrl = service != null ? service.getId() : null;
LOGGER.debug("Logout target url based on service [{}] is [{}]", service, targetUrl);
val actionResult = client.getLogoutAction(context, sessionStore, currentProfile, targetUrl);
if (actionResult.isPresent()) {
val action = (HttpAction) actionResult.get();
LOGGER.debug("Adapting logout action [{}] for client [{}]", action, client);
JEEHttpActionAdapter.INSTANCE.adapt(action, context);
}
} else {
LOGGER.debug("The current client cannot be found; No logout action can execute");
}
return null;
}
Also used :
lombok.val(lombok.val)
JEEContext(org.pac4j.core.context.JEEContext)
HttpAction(org.pac4j.core.exception.http.HttpAction)
Aggregations
lombok.val (lombok.val)3
JEEContext (org.pac4j.core.context.JEEContext)3
HttpAction (org.pac4j.core.exception.http.HttpAction)3
UnauthorizedAuthenticationException (org.apereo.cas.authentication.adaptive.UnauthorizedAuthenticationException)1
Service (org.apereo.cas.authentication.principal.Service)1
UnauthorizedServiceException (org.apereo.cas.services.UnauthorizedServiceException)1
AbstractTicketException (org.apereo.cas.ticket.AbstractTicketException)1
SAML2Client (org.pac4j.saml.client.SAML2Client)1
