Example 16 with ProfileManager
use of org.pac4j.core.profile.ProfileManager in project cas by apereo.
the class OidcIdTokenGeneratorService method generate.
/**
* Generate string.
*
* @param request the request
* @param response the response
* @param accessTokenId the access token id
* @param timeout the timeout
* @param responseType the response type
* @param registeredService the registered service
* @return the string
* @throws Exception the exception
*/
public String generate(final HttpServletRequest request, final HttpServletResponse response, final AccessToken accessTokenId, final long timeout, final OAuth20ResponseTypes responseType, final OAuthRegisteredService registeredService) throws Exception {
if (!(registeredService instanceof OidcRegisteredService)) {
throw new IllegalArgumentException("Registered service instance is not an OIDC service");
}
final OidcRegisteredService oidcRegisteredService = (OidcRegisteredService) registeredService;
final J2EContext context = Pac4jUtils.getPac4jJ2EContext(request, response);
final ProfileManager manager = Pac4jUtils.getPac4jProfileManager(request, response);
final Optional<UserProfile> profile = manager.get(true);
LOGGER.debug("Attempting to produce claims for the id token [{}]", accessTokenId);
final JwtClaims claims = produceIdTokenClaims(request, accessTokenId, timeout, oidcRegisteredService, profile.get(), context, responseType);
LOGGER.debug("Produce claims for the id token [{}] as [{}]", accessTokenId, claims);
return this.signingService.encode(oidcRegisteredService, claims);
}
Also used :
ProfileManager(org.pac4j.core.profile.ProfileManager)
UserProfile(org.pac4j.core.profile.UserProfile)
JwtClaims(org.jose4j.jwt.JwtClaims)
OidcRegisteredService(org.apereo.cas.services.OidcRegisteredService)
J2EContext(org.pac4j.core.context.J2EContext)
Example 17 with ProfileManager
use of org.pac4j.core.profile.ProfileManager in project cas by apereo.
the class OidcSecurityInterceptor method preHandle.
@Override
public boolean preHandle(final HttpServletRequest request, final HttpServletResponse response, final Object handler) throws Exception {
final J2EContext ctx = Pac4jUtils.getPac4jJ2EContext(request, response);
final ProfileManager manager = Pac4jUtils.getPac4jProfileManager(request, response);
boolean clearCreds = false;
final Optional<Authentication> authentication = authorizationRequestSupport.isCasAuthenticationAvailable(ctx);
if (!authentication.isPresent()) {
clearCreds = true;
}
final Optional<UserProfile> auth = authorizationRequestSupport.isAuthenticationProfileAvailable(ctx);
if (auth.isPresent()) {
final Optional<Long> maxAge = authorizationRequestSupport.getOidcMaxAgeFromAuthorizationRequest(ctx);
if (maxAge.isPresent()) {
clearCreds = authorizationRequestSupport.isCasAuthenticationOldForMaxAgeAuthorizationRequest(ctx, auth.get());
}
}
final Set<String> prompts = authorizationRequestSupport.getOidcPromptFromAuthorizationRequest(ctx);
if (!clearCreds) {
clearCreds = prompts.contains(OidcConstants.PROMPT_LOGIN);
}
if (clearCreds) {
clearCreds = !prompts.contains(OidcConstants.PROMPT_NONE);
}
if (clearCreds) {
manager.remove(true);
}
return super.preHandle(request, response, handler);
}
Also used :
ProfileManager(org.pac4j.core.profile.ProfileManager)
UserProfile(org.pac4j.core.profile.UserProfile)
Authentication(org.apereo.cas.authentication.Authentication)
J2EContext(org.pac4j.core.context.J2EContext)
Example 18 with ProfileManager
use of org.pac4j.core.profile.ProfileManager in project cas by apereo.
the class BaseOAuth20TokenRequestValidator method validate.
@Override
public boolean validate(final J2EContext context) {
final HttpServletRequest request = context.getRequest();
final HttpServletResponse response = context.getResponse();
final String grantType = request.getParameter(OAuth20Constants.GRANT_TYPE);
if (!isGrantTypeSupported(grantType, OAuth20GrantTypes.values())) {
LOGGER.warn("Grant type is not supported: [{}]", grantType);
return false;
}
final ProfileManager manager = Pac4jUtils.getPac4jProfileManager(request, response);
final Optional<UserProfile> profile = manager.get(true);
if (profile == null || !profile.isPresent()) {
LOGGER.warn("Could not locate authenticated profile for this request");
return false;
}
final UserProfile uProfile = profile.get();
if (uProfile == null) {
LOGGER.warn("Could not locate authenticated profile for this request as null");
return false;
}
return validateInternal(context, grantType, manager, uProfile);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
ProfileManager(org.pac4j.core.profile.ProfileManager)
UserProfile(org.pac4j.core.profile.UserProfile)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Example 19 with ProfileManager
use of org.pac4j.core.profile.ProfileManager in project cas by apereo.
the class OAuth20AuthorizeEndpointController method handleRequest.
/**
* Handle request via GET.
*
* @param request the request
* @param response the response
* @return the model and view
* @throws Exception the exception
*/
@GetMapping(path = OAuth20Constants.BASE_OAUTH20_URL + '/' + OAuth20Constants.AUTHORIZE_URL)
public ModelAndView handleRequest(final HttpServletRequest request, final HttpServletResponse response) throws Exception {
final J2EContext context = Pac4jUtils.getPac4jJ2EContext(request, response);
final ProfileManager manager = Pac4jUtils.getPac4jProfileManager(request, response);
if (!verifyAuthorizeRequest(context) || !isRequestAuthenticated(manager, context)) {
LOGGER.error("Authorize request verification failed. Either the authorization request is missing required parameters, " + "or the request is not authenticated and contains no authenticated profile/principal.");
return OAuth20Utils.produceUnauthorizedErrorView();
}
final String clientId = context.getRequestParameter(OAuth20Constants.CLIENT_ID);
final OAuthRegisteredService registeredService = getRegisteredServiceByClientId(clientId);
try {
RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(clientId, registeredService);
} catch (final Exception e) {
LOGGER.error(e.getMessage(), e);
return OAuth20Utils.produceUnauthorizedErrorView();
}
final ModelAndView mv = this.consentApprovalViewResolver.resolve(context, registeredService);
if (!mv.isEmpty() && mv.hasView()) {
return mv;
}
return redirectToCallbackRedirectUrl(manager, registeredService, context, clientId);
}
Also used :
ProfileManager(org.pac4j.core.profile.ProfileManager)
OAuthRegisteredService(org.apereo.cas.support.oauth.services.OAuthRegisteredService)
ModelAndView(org.springframework.web.servlet.ModelAndView)
J2EContext(org.pac4j.core.context.J2EContext)
PrincipalException(org.apereo.cas.authentication.PrincipalException)
UnauthorizedServiceException(org.apereo.cas.services.UnauthorizedServiceException)
GetMapping(org.springframework.web.bind.annotation.GetMapping)
Example 20 with ProfileManager
use of org.pac4j.core.profile.ProfileManager in project cas by apereo.
the class OAuth20CallbackAuthorizeEndpointController method handleRequest.
/**
* Handle request.
*
* @param request the request
* @param response the response
* @return the model and view
*/
@GetMapping(path = OAuth20Constants.BASE_OAUTH20_URL + '/' + OAuth20Constants.CALLBACK_AUTHORIZE_URL)
public ModelAndView handleRequest(final HttpServletRequest request, final HttpServletResponse response) {
final J2EContext context = new J2EContext(request, response, this.oauthConfig.getSessionStore());
final DefaultCallbackLogic callback = new DefaultCallbackLogic();
callback.perform(context, oauthConfig, J2ENopHttpActionAdapter.INSTANCE, null, true, false, false, Authenticators.CAS_OAUTH_CLIENT);
final String url = StringUtils.remove(response.getHeader("Location"), "redirect:");
final ProfileManager manager = Pac4jUtils.getPac4jProfileManager(request, response);
return oAuth20CallbackAuthorizeViewResolver.resolve(context, manager, url);
}
Also used :
ProfileManager(org.pac4j.core.profile.ProfileManager)
J2EContext(org.pac4j.core.context.J2EContext)
DefaultCallbackLogic(org.pac4j.core.engine.DefaultCallbackLogic)
GetMapping(org.springframework.web.bind.annotation.GetMapping)
Aggregations
ProfileManager (org.pac4j.core.profile.ProfileManager)20
J2EContext (org.pac4j.core.context.J2EContext)10
UserProfile (org.pac4j.core.profile.UserProfile)9
OAuthRegisteredService (org.apereo.cas.support.oauth.services.OAuthRegisteredService)5
HttpServletRequest (javax.servlet.http.HttpServletRequest)4
HttpServletResponse (javax.servlet.http.HttpServletResponse)4
UnauthorizedServiceException (org.apereo.cas.services.UnauthorizedServiceException)4
GetMapping (org.springframework.web.bind.annotation.GetMapping)4
Authentication (org.apereo.cas.authentication.Authentication)3
CommonProfile (org.pac4j.core.profile.CommonProfile)3
HttpSession (javax.servlet.http.HttpSession)2
PrincipalException (org.apereo.cas.authentication.PrincipalException)2
Service (org.apereo.cas.authentication.principal.Service)2
OAuthUserProfile (org.apereo.cas.support.oauth.profile.OAuthUserProfile)2
Client (org.pac4j.core.client.Client)2
Clients (org.pac4j.core.client.Clients)2
HttpAction (org.pac4j.core.exception.HttpAction)2
Subject (javax.security.auth.Subject)1
PrimaryPrincipal (org.apache.knox.gateway.security.PrimaryPrincipal)1
CentralAuthenticationService (org.apereo.cas.CentralAuthenticationService)1
