Search in sources :

Example 11 with ProfileManager

use of org.pac4j.core.profile.ProfileManager in project cas by apereo.

the class OAuth20CallbackAuthorizeEndpointController method handleRequestInternal.

/**
     * Handle request.
     *
     * @param request  the request
     * @param response the response
     * @return the model and view
     * @throws Exception the exception
     */
@GetMapping(path = OAuthConstants.BASE_OAUTH20_URL + '/' + OAuthConstants.CALLBACK_AUTHORIZE_URL)
public ModelAndView handleRequestInternal(final HttpServletRequest request, final HttpServletResponse response) throws Exception {
    this.callbackController.callback(request, response);
    final String url = StringUtils.remove(response.getHeader("Location"), "redirect:");
    final J2EContext ctx = WebUtils.getPac4jJ2EContext(request, response);
    final ProfileManager manager = WebUtils.getPac4jProfileManager(request, response);
    return oAuth20CallbackAuthorizeViewResolver.resolve(ctx, manager, url);
}
Also used : ProfileManager(org.pac4j.core.profile.ProfileManager) J2EContext(org.pac4j.core.context.J2EContext) GetMapping(org.springframework.web.bind.annotation.GetMapping)

Example 12 with ProfileManager

use of org.pac4j.core.profile.ProfileManager in project cas by apereo.

the class OAuth20AccessTokenEndpointController method verifyAccessTokenRequest.

/**
     * Verify the access token request.
     *
     * @param request  the HTTP request
     * @param response the HTTP response
     * @return true, if successful
     */
private boolean verifyAccessTokenRequest(final HttpServletRequest request, final HttpServletResponse response) {
    // must have the right grant type
    final String grantType = request.getParameter(OAuthConstants.GRANT_TYPE);
    if (!checkGrantTypes(grantType, OAuth20GrantTypes.AUTHORIZATION_CODE, OAuth20GrantTypes.PASSWORD, OAuth20GrantTypes.REFRESH_TOKEN)) {
        return false;
    }
    // must be authenticated (client or user)
    final J2EContext context = WebUtils.getPac4jJ2EContext(request, response);
    final ProfileManager manager = WebUtils.getPac4jProfileManager(request, response);
    final Optional<UserProfile> profile = manager.get(true);
    if (profile == null || !profile.isPresent()) {
        return false;
    }
    final UserProfile uProfile = profile.get();
    // authorization code grant type
    if (isGrantType(grantType, OAuth20GrantTypes.AUTHORIZATION_CODE)) {
        final String clientId = uProfile.getId();
        final String redirectUri = request.getParameter(OAuthConstants.REDIRECT_URI);
        final OAuthRegisteredService registeredService = OAuthUtils.getRegisteredOAuthService(getServicesManager(), clientId);
        return uProfile instanceof OAuthClientProfile && getValidator().checkParameterExist(request, OAuthConstants.REDIRECT_URI) && getValidator().checkParameterExist(request, OAuthConstants.CODE) && getValidator().checkCallbackValid(registeredService, redirectUri);
    } else if (isGrantType(grantType, OAuth20GrantTypes.REFRESH_TOKEN)) {
        // refresh token grant type
        return uProfile instanceof OAuthClientProfile && getValidator().checkParameterExist(request, OAuthConstants.REFRESH_TOKEN);
    } else {
        final String clientId = request.getParameter(OAuthConstants.CLIENT_ID);
        final OAuthRegisteredService registeredService = OAuthUtils.getRegisteredOAuthService(getServicesManager(), clientId);
        // resource owner password grant type
        return uProfile instanceof OAuthUserProfile && getValidator().checkParameterExist(request, OAuthConstants.CLIENT_ID) && getValidator().checkServiceValid(registeredService);
    }
}
Also used : ProfileManager(org.pac4j.core.profile.ProfileManager) OAuthUserProfile(org.apereo.cas.support.oauth.profile.OAuthUserProfile) UserProfile(org.pac4j.core.profile.UserProfile) OAuthRegisteredService(org.apereo.cas.support.oauth.services.OAuthRegisteredService) OAuthClientProfile(org.apereo.cas.support.oauth.profile.OAuthClientProfile) J2EContext(org.pac4j.core.context.J2EContext) OAuthUserProfile(org.apereo.cas.support.oauth.profile.OAuthUserProfile)

Example 13 with ProfileManager

use of org.pac4j.core.profile.ProfileManager in project cas by apereo.

the class CasConsentReviewController method logout.

/**
 * Endpoint for local logout, no SLO.
 *
 * @param request the request
 * @param response the response
 * @return the logout view
 */
@GetMapping("/logout")
public String logout(final HttpServletRequest request, final HttpServletResponse response) {
    LOGGER.debug("Performing Pac4j logout...");
    final ProfileManager manager = Pac4jUtils.getPac4jProfileManager(request, response);
    manager.logout();
    return CONSENT_LOGOUT_VIEW;
}
Also used : ProfileManager(org.pac4j.core.profile.ProfileManager) GetMapping(org.springframework.web.bind.annotation.GetMapping)

Example 14 with ProfileManager

use of org.pac4j.core.profile.ProfileManager in project cas by apereo.

the class TerminateSessionAction method destroyApplicationSession.

/**
 * Destroy application session.
 * Also kills all delegated authn profiles via pac4j.
 *
 * @param request  the request
 * @param response the response
 */
protected void destroyApplicationSession(final HttpServletRequest request, final HttpServletResponse response) {
    LOGGER.debug("Destroying application session");
    final ProfileManager manager = Pac4jUtils.getPac4jProfileManager(request, response);
    manager.logout();
    final HttpSession session = request.getSession();
    if (session != null) {
        final Object requestedUrl = request.getSession().getAttribute(Pac4jConstants.REQUESTED_URL);
        session.invalidate();
        request.getSession(true).setAttribute(Pac4jConstants.REQUESTED_URL, requestedUrl);
    }
}
Also used : ProfileManager(org.pac4j.core.profile.ProfileManager) HttpSession(javax.servlet.http.HttpSession)

Example 15 with ProfileManager

use of org.pac4j.core.profile.ProfileManager in project cas by apereo.

the class Pac4jUtils method getPac4jAuthenticatedUsername.

/**
 * Return the username of the authenticated user (based on pac4j security).
 *
 * @return the authenticated username.
 */
public static String getPac4jAuthenticatedUsername() {
    final HttpServletRequest request = HttpRequestUtils.getHttpServletRequestFromRequestAttributes();
    final HttpServletResponse response = HttpRequestUtils.getHttpServletResponseFromRequestAttributes();
    if (request != null && response != null) {
        final ProfileManager manager = getPac4jProfileManager(request, response);
        final Optional<UserProfile> profile = manager.get(true);
        if (profile != null && profile.isPresent()) {
            final String id = profile.get().getId();
            if (id != null) {
                return id;
            }
        }
    }
    return PrincipalResolver.UNKNOWN_USER;
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) ProfileManager(org.pac4j.core.profile.ProfileManager) UserProfile(org.pac4j.core.profile.UserProfile) HttpServletResponse(javax.servlet.http.HttpServletResponse)

Aggregations

ProfileManager (org.pac4j.core.profile.ProfileManager)20 J2EContext (org.pac4j.core.context.J2EContext)10 UserProfile (org.pac4j.core.profile.UserProfile)9 OAuthRegisteredService (org.apereo.cas.support.oauth.services.OAuthRegisteredService)5 HttpServletRequest (javax.servlet.http.HttpServletRequest)4 HttpServletResponse (javax.servlet.http.HttpServletResponse)4 UnauthorizedServiceException (org.apereo.cas.services.UnauthorizedServiceException)4 GetMapping (org.springframework.web.bind.annotation.GetMapping)4 Authentication (org.apereo.cas.authentication.Authentication)3 CommonProfile (org.pac4j.core.profile.CommonProfile)3 HttpSession (javax.servlet.http.HttpSession)2 PrincipalException (org.apereo.cas.authentication.PrincipalException)2 Service (org.apereo.cas.authentication.principal.Service)2 OAuthUserProfile (org.apereo.cas.support.oauth.profile.OAuthUserProfile)2 Client (org.pac4j.core.client.Client)2 Clients (org.pac4j.core.client.Clients)2 HttpAction (org.pac4j.core.exception.HttpAction)2 Subject (javax.security.auth.Subject)1 PrimaryPrincipal (org.apache.knox.gateway.security.PrimaryPrincipal)1 CentralAuthenticationService (org.apereo.cas.CentralAuthenticationService)1