Search in sources :

Example 1 with HttpAction

use of org.pac4j.core.exception.http.HttpAction in project cas by apereo.

the class DelegatedAuthenticationClientFinishLogoutAction method doExecute.

@Override
protected Event doExecute(final RequestContext requestContext) {
    val request = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
    val response = WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext);
    val context = new JEEContext(request, response);
    var clientName = WebUtils.getDelegatedAuthenticationClientName(requestContext);
    if (clientName == null) {
        clientName = requestContext.getRequestParameters().get(SamlProtocolConstants.PARAMETER_SAML_RELAY_STATE);
        if (StringUtils.isNotBlank(clientName)) {
            clients.findClient(clientName).filter(client -> client instanceof SAML2Client).map(SAML2Client.class::cast).ifPresent(client -> {
                try {
                    LOGGER.debug("Located client from relay-state: [{}]", client);
                    val samlContext = client.getContextProvider().buildContext(client, context, this.sessionStore);
                    client.getLogoutProfileHandler().receive(samlContext);
                } catch (final HttpAction action) {
                    LOGGER.debug("Adapting logout response via [{}]", action.toString());
                    JEEHttpActionAdapter.INSTANCE.adapt(action, context);
                } catch (final Exception e) {
                    LoggingUtils.error(LOGGER, e);
                }
            });
        }
    } else {
        clients.findClient(clientName).filter(client -> client instanceof SAML2Client).map(SAML2Client.class::cast).ifPresent(client -> {
            LOGGER.debug("Located client from webflow state: [{}]", client);
            val logoutRedirect = WebUtils.getLogoutRedirectUrl(requestContext, String.class);
            if (logoutRedirect != null) {
                val validator = client.getLogoutValidator();
                validator.setPostLogoutURL(logoutRedirect);
                LOGGER.debug("Captured post logout url: [{}]", logoutRedirect);
                WebUtils.putLogoutRedirectUrl(requestContext, null);
            }
        });
    }
    return null;
}
Also used : lombok.val(lombok.val) JEEContext(org.pac4j.core.context.JEEContext) SAML2Client(org.pac4j.saml.client.SAML2Client) HttpAction(org.pac4j.core.exception.http.HttpAction)

Example 2 with HttpAction

use of org.pac4j.core.exception.http.HttpAction in project cas by apereo.

the class DelegatedClientAuthenticationAction method doExecute.

@Override
public Event doExecute(final RequestContext context) {
    val request = WebUtils.getHttpServletRequestFromExternalWebflowContext(context);
    val response = WebUtils.getHttpServletResponseFromExternalWebflowContext(context);
    val webContext = new JEEContext(request, response);
    try {
        val clientName = retrieveClientName(webContext);
        LOGGER.trace("Delegated authentication is handled by client name [{}]", clientName);
        var service = (Service) null;
        if (!isLogoutRequest(request) && singleSignOnSessionExists(context) && StringUtils.isNotBlank(clientName)) {
            LOGGER.trace("Found existing single sign-on session");
            service = populateContextWithService(context, webContext, clientName);
            if (singleSignOnSessionAuthorizedForService(context)) {
                val providers = configContext.getDelegatedClientIdentityProvidersProducer().produce(context);
                LOGGER.debug("Skipping delegation and routing back to CAS authentication flow with providers [{}]", providers);
                return super.doExecute(context);
            }
            val resolvedService = resolveServiceFromRequestContext(context);
            LOGGER.debug("Single sign-on session in unauthorized for service [{}]", resolvedService);
            val tgt = WebUtils.getTicketGrantingTicketId(context);
            configContext.getCentralAuthenticationService().deleteTicket(tgt);
        }
        if (hasDelegationRequestFailed(request, response.getStatus()).isPresent()) {
            throw new IllegalArgumentException("Delegated authentication has failed with client " + clientName);
        }
        if (StringUtils.isNotBlank(clientName)) {
            if (service == null) {
                service = populateContextWithService(context, webContext, clientName);
            }
            val client = findDelegatedClientByName(request, clientName, service);
            WebUtils.putDelegatedAuthenticationClientName(context, client.getName());
            populateContextWithClientCredential(client, webContext, context);
            return super.doExecute(context);
        }
        produceDelegatedAuthenticationClientsForContext(context);
    } catch (final HttpAction e) {
        FunctionUtils.doIf(LOGGER.isDebugEnabled(), o -> LOGGER.debug(e.getMessage(), e), o -> LOGGER.info(e.getMessage())).accept(e);
        JEEHttpActionAdapter.INSTANCE.adapt(e, webContext);
        return isLogoutRequest(request) ? error() : success();
    } catch (final UnauthorizedServiceException e) {
        LOGGER.warn(e.getMessage(), e);
        throw e;
    } catch (final Exception e) {
        LoggingUtils.error(LOGGER, e);
        return stopWebflow(e, context);
    }
    return error();
}
Also used : lombok.val(lombok.val) JEEContext(org.pac4j.core.context.JEEContext) Service(org.apereo.cas.authentication.principal.Service) UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException) HttpAction(org.pac4j.core.exception.http.HttpAction) UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException) AbstractTicketException(org.apereo.cas.ticket.AbstractTicketException) UnauthorizedAuthenticationException(org.apereo.cas.authentication.adaptive.UnauthorizedAuthenticationException)

Example 3 with HttpAction

use of org.pac4j.core.exception.http.HttpAction in project cas by apereo.

the class DelegatedAuthenticationClientLogoutAction method doExecute.

@Override
protected Event doExecute(final RequestContext requestContext) {
    val request = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
    val response = WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext);
    val context = new JEEContext(request, response);
    val currentProfile = findCurrentProfile(context);
    val clientResult = currentProfile == null ? Optional.<Client>empty() : clients.findClient(currentProfile.getClientName());
    if (clientResult.isPresent()) {
        val client = clientResult.get();
        LOGGER.trace("Located client [{}]", client);
        val service = WebUtils.getService(requestContext);
        val targetUrl = service != null ? service.getId() : null;
        LOGGER.debug("Logout target url based on service [{}] is [{}]", service, targetUrl);
        val actionResult = client.getLogoutAction(context, sessionStore, currentProfile, targetUrl);
        if (actionResult.isPresent()) {
            val action = (HttpAction) actionResult.get();
            LOGGER.debug("Adapting logout action [{}] for client [{}]", action, client);
            JEEHttpActionAdapter.INSTANCE.adapt(action, context);
        }
    } else {
        LOGGER.debug("The current client cannot be found; No logout action can execute");
    }
    return null;
}
Also used : lombok.val(lombok.val) JEEContext(org.pac4j.core.context.JEEContext) HttpAction(org.pac4j.core.exception.http.HttpAction)

Aggregations

lombok.val (lombok.val)3 JEEContext (org.pac4j.core.context.JEEContext)3 HttpAction (org.pac4j.core.exception.http.HttpAction)3 UnauthorizedAuthenticationException (org.apereo.cas.authentication.adaptive.UnauthorizedAuthenticationException)1 Service (org.apereo.cas.authentication.principal.Service)1 UnauthorizedServiceException (org.apereo.cas.services.UnauthorizedServiceException)1 AbstractTicketException (org.apereo.cas.ticket.AbstractTicketException)1 SAML2Client (org.pac4j.saml.client.SAML2Client)1