Example 1 with RequestContext
use of org.springframework.webflow.execution.RequestContext in project cas by apereo.
the class AuthyAuthenticationHandler method doAuthentication.
@Override
protected HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
final AuthyTokenCredential tokenCredential = (AuthyTokenCredential) credential;
final RequestContext context = RequestContextHolder.getRequestContext();
final Principal principal = WebUtils.getAuthentication(context).getPrincipal();
final User user = instance.getOrCreateUser(principal);
if (!user.isOk()) {
throw new FailedLoginException(AuthyClientInstance.getErrorMessage(user.getError()));
}
final Map<String, String> options = new HashMap<>(1);
options.put("force", this.forceVerification.toString());
final Token verification = this.instance.getAuthyTokens().verify(user.getId(), tokenCredential.getToken(), options);
if (!verification.isOk()) {
throw new FailedLoginException(AuthyClientInstance.getErrorMessage(verification.getError()));
}
return createHandlerResult(tokenCredential, principal, new ArrayList<>());
}
Also used :
User(com.authy.api.User)
FailedLoginException(javax.security.auth.login.FailedLoginException)
HashMap(java.util.HashMap)
Token(com.authy.api.Token)
RequestContext(org.springframework.webflow.execution.RequestContext)
Principal(org.apereo.cas.authentication.principal.Principal)
Example 2 with RequestContext
use of org.springframework.webflow.execution.RequestContext in project cas by apereo.
the class LogoutAction method doInternalExecute.
@Override
protected Event doInternalExecute(final HttpServletRequest request, final HttpServletResponse response, final RequestContext context) throws Exception {
boolean needFrontSlo = false;
final List<LogoutRequest> logoutRequests = WebUtils.getLogoutRequests(context);
if (logoutRequests != null) {
// if some logout request must still be attempted
needFrontSlo = logoutRequests.stream().anyMatch(logoutRequest -> logoutRequest.getStatus() == LogoutRequestStatus.NOT_ATTEMPTED);
}
final String paramName = StringUtils.defaultIfEmpty(logoutProperties.getRedirectParameter(), CasProtocolConstants.PARAMETER_SERVICE);
LOGGER.debug("Using parameter name [{}] to detect destination service, if any", paramName);
final String service = request.getParameter(paramName);
LOGGER.debug("Located target service [{}] for redirection after logout", paramName);
if (logoutProperties.isFollowServiceRedirects() && StringUtils.isNotBlank(service)) {
final Service webAppService = webApplicationServiceFactory.createService(service);
final RegisteredService rService = this.servicesManager.findServiceBy(webAppService);
if (rService != null && rService.getAccessStrategy().isServiceAccessAllowed()) {
LOGGER.debug("Redirecting to service [{}]", service);
WebUtils.putLogoutRedirectUrl(context, service);
} else {
LOGGER.warn("Cannot redirect to [{}] given the service is unauthorized to use CAS. " + "Ensure the service is registered with CAS and is enabled to allowed access", service);
}
} else {
LOGGER.debug("No target service is located for redirection after logout, or CAS is not allowed to follow redirects after logout");
}
// there are some front services to logout, perform front SLO
if (needFrontSlo) {
LOGGER.debug("Proceeding forward with front-channel single logout");
return new Event(this, FRONT_EVENT);
}
LOGGER.debug("Moving forward to finish the logout process");
return new Event(this, FINISH_EVENT);
}
Also used :
CasProtocolConstants(org.apereo.cas.CasProtocolConstants)
LogoutRequest(org.apereo.cas.logout.LogoutRequest)
Logger(org.slf4j.Logger)
LoggerFactory(org.slf4j.LoggerFactory)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
LogoutRequestStatus(org.apereo.cas.logout.LogoutRequestStatus)
LogoutProperties(org.apereo.cas.configuration.model.core.logout.LogoutProperties)
StringUtils(org.apache.commons.lang3.StringUtils)
RequestContext(org.springframework.webflow.execution.RequestContext)
RegisteredService(org.apereo.cas.services.RegisteredService)
WebApplicationService(org.apereo.cas.authentication.principal.WebApplicationService)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
List(java.util.List)
Service(org.apereo.cas.authentication.principal.Service)
WebUtils(org.apereo.cas.web.support.WebUtils)
ServiceFactory(org.apereo.cas.authentication.principal.ServiceFactory)
Event(org.springframework.webflow.execution.Event)
ServicesManager(org.apereo.cas.services.ServicesManager)
RegisteredService(org.apereo.cas.services.RegisteredService)
RegisteredService(org.apereo.cas.services.RegisteredService)
WebApplicationService(org.apereo.cas.authentication.principal.WebApplicationService)
Service(org.apereo.cas.authentication.principal.Service)
Event(org.springframework.webflow.execution.Event)
LogoutRequest(org.apereo.cas.logout.LogoutRequest)
Example 3 with RequestContext
use of org.springframework.webflow.execution.RequestContext in project cas by apereo.
the class FrontChannelLogoutAction method doInternalExecute.
@Override
protected Event doInternalExecute(final HttpServletRequest request, final HttpServletResponse response, final RequestContext context) throws Exception {
final List<LogoutRequest> logoutRequests = WebUtils.getLogoutRequests(context);
final Map<LogoutRequest, LogoutHttpMessage> logoutUrls = new HashMap<>();
if (logoutRequests != null) {
logoutRequests.stream().filter(r -> r.getStatus() == LogoutRequestStatus.NOT_ATTEMPTED).forEach(r -> {
LOGGER.debug("Using logout url [{}] for front-channel logout requests", r.getLogoutUrl().toExternalForm());
final String logoutMessage = this.logoutManager.createFrontChannelLogoutMessage(r);
LOGGER.debug("Front-channel logout message to send is [{}]", logoutMessage);
final LogoutHttpMessage msg = new LogoutHttpMessage(r.getLogoutUrl(), logoutMessage, true);
logoutUrls.put(r, msg);
r.setStatus(LogoutRequestStatus.SUCCESS);
r.getService().setLoggedOutAlready(true);
});
if (!logoutUrls.isEmpty()) {
context.getFlowScope().put("logoutUrls", logoutUrls);
return new EventFactorySupport().event(this, "propagate");
}
}
return new EventFactorySupport().event(this, FINISH_EVENT);
}
Also used :
LogoutManager(org.apereo.cas.logout.LogoutManager)
LogoutRequest(org.apereo.cas.logout.LogoutRequest)
Logger(org.slf4j.Logger)
LoggerFactory(org.slf4j.LoggerFactory)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
LogoutRequestStatus(org.apereo.cas.logout.LogoutRequestStatus)
HashMap(java.util.HashMap)
EventFactorySupport(org.springframework.webflow.action.EventFactorySupport)
RequestContext(org.springframework.webflow.execution.RequestContext)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
List(java.util.List)
Map(java.util.Map)
LogoutHttpMessage(org.apereo.cas.logout.LogoutHttpMessage)
WebUtils(org.apereo.cas.web.support.WebUtils)
Event(org.springframework.webflow.execution.Event)
HashMap(java.util.HashMap)
LogoutHttpMessage(org.apereo.cas.logout.LogoutHttpMessage)
LogoutRequest(org.apereo.cas.logout.LogoutRequest)
EventFactorySupport(org.springframework.webflow.action.EventFactorySupport)
Example 4 with RequestContext
use of org.springframework.webflow.execution.RequestContext in project cas by apereo.
the class DuoAuthenticationHandler method getDuoAuthenticationService.
private DuoAuthenticationService getDuoAuthenticationService() {
final RequestContext requestContext = RequestContextHolder.getRequestContext();
if (requestContext == null) {
throw new IllegalArgumentException("No request context is held to locate the Duo authentication service");
}
final Collection<MultifactorAuthenticationProvider> col = WebUtils.getResolvedMultifactorAuthenticationProviders(requestContext);
if (col.isEmpty()) {
throw new IllegalArgumentException("No multifactor providers are found in the current request context");
}
final MultifactorAuthenticationProvider pr = col.iterator().next();
return provider.findProvider(pr.getId(), DuoMultifactorAuthenticationProvider.class).getDuoAuthenticationService();
}
Also used :
RequestContext(org.springframework.webflow.execution.RequestContext)
MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)
VariegatedMultifactorAuthenticationProvider(org.apereo.cas.services.VariegatedMultifactorAuthenticationProvider)
Example 5 with RequestContext
use of org.springframework.webflow.execution.RequestContext in project cas by apereo.
the class GrouperMultifactorAuthenticationPolicyEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
if (StringUtils.isBlank(grouperField)) {
LOGGER.debug("No group field is defined to process for Grouper multifactor trigger");
return null;
}
if (authentication == null) {
LOGGER.debug("No authentication is available to determine event for principal");
return null;
}
final Principal principal = authentication.getPrincipal();
final List<WsGetGroupsResult> results = GrouperFacade.getGroupsForSubjectId(principal.getId());
if (results.isEmpty()) {
LOGGER.debug("No groups could be found for [{}] to resolve events for MFA", principal);
return null;
}
final Map<String, MultifactorAuthenticationProvider> providerMap = WebUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap == null || providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context");
throw new AuthenticationException();
}
final GrouperGroupField groupField = GrouperGroupField.valueOf(grouperField);
final Set<String> values = results.stream().map(wsGetGroupsResult -> Stream.of(wsGetGroupsResult.getWsGroups())).flatMap(Function.identity()).map(g -> GrouperFacade.getGrouperGroupAttribute(groupField, g)).collect(Collectors.toSet());
final Optional<MultifactorAuthenticationProvider> providerFound = resolveProvider(providerMap, values);
if (providerFound.isPresent()) {
if (providerFound.get().isAvailable(service)) {
LOGGER.debug("Attempting to build event based on the authentication provider [{}] and service [{}]", providerFound.get(), service.getName());
final Event event = validateEventIdForMatchingTransitionInContext(providerFound.get().getId(), context, buildEventAttributeMap(authentication.getPrincipal(), service, providerFound.get()));
return Collections.singleton(event);
}
LOGGER.warn("Located multifactor provider [{}], yet the provider cannot be reached or verified", providerFound.get());
return null;
}
LOGGER.debug("No multifactor provider could be found based on [{}]'s Grouper groups", principal.getId());
return null;
}
Also used :
CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties)
WsGetGroupsResult(edu.internet2.middleware.grouperClient.ws.beans.WsGetGroupsResult)
MultifactorAuthenticationProviderSelector(org.apereo.cas.services.MultifactorAuthenticationProviderSelector)
LoggerFactory(org.slf4j.LoggerFactory)
CentralAuthenticationService(org.apereo.cas.CentralAuthenticationService)
TicketRegistrySupport(org.apereo.cas.ticket.registry.TicketRegistrySupport)
RequestContext(org.springframework.webflow.execution.RequestContext)
Function(java.util.function.Function)
Authentication(org.apereo.cas.authentication.Authentication)
Map(java.util.Map)
AuthenticationSystemSupport(org.apereo.cas.authentication.AuthenticationSystemSupport)
GrouperFacade(org.apereo.cas.grouper.GrouperFacade)
CookieGenerator(org.springframework.web.util.CookieGenerator)
ServicesManager(org.apereo.cas.services.ServicesManager)
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)
Logger(org.slf4j.Logger)
StringUtils(edu.internet2.middleware.grouperClientExt.org.apache.commons.lang3.StringUtils)
GrouperGroupField(org.apereo.cas.grouper.GrouperGroupField)
Audit(org.apereo.inspektr.audit.annotation.Audit)
AuthenticationServiceSelectionPlan(org.apereo.cas.authentication.AuthenticationServiceSelectionPlan)
Set(java.util.Set)
Collectors(java.util.stream.Collectors)
RegisteredService(org.apereo.cas.services.RegisteredService)
BaseMultifactorAuthenticationProviderEventResolver(org.apereo.cas.web.flow.authentication.BaseMultifactorAuthenticationProviderEventResolver)
List(java.util.List)
Stream(java.util.stream.Stream)
Optional(java.util.Optional)
Principal(org.apereo.cas.authentication.principal.Principal)
WebUtils(org.apereo.cas.web.support.WebUtils)
Collections(java.util.Collections)
Event(org.springframework.webflow.execution.Event)
RegisteredService(org.apereo.cas.services.RegisteredService)
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)
WsGetGroupsResult(edu.internet2.middleware.grouperClient.ws.beans.WsGetGroupsResult)
Authentication(org.apereo.cas.authentication.Authentication)
GrouperGroupField(org.apereo.cas.grouper.GrouperGroupField)
Event(org.springframework.webflow.execution.Event)
Principal(org.apereo.cas.authentication.principal.Principal)
Aggregations
RequestContext (org.springframework.webflow.execution.RequestContext)24
WebUtils (org.apereo.cas.web.support.WebUtils)8
Event (org.springframework.webflow.execution.Event)8
RegisteredService (org.apereo.cas.services.RegisteredService)7
Logger (org.slf4j.Logger)7
LoggerFactory (org.slf4j.LoggerFactory)7
Map (java.util.Map)6
HttpServletRequest (javax.servlet.http.HttpServletRequest)6
Authentication (org.apereo.cas.authentication.Authentication)6
FailedLoginException (javax.security.auth.login.FailedLoginException)5
Principal (org.apereo.cas.authentication.principal.Principal)5
MultifactorAuthenticationProvider (org.apereo.cas.services.MultifactorAuthenticationProvider)5
ServicesManager (org.apereo.cas.services.ServicesManager)5
Optional (java.util.Optional)4
Set (java.util.Set)4
HttpServletResponse (javax.servlet.http.HttpServletResponse)4
StringUtils (org.apache.commons.lang3.StringUtils)4
CentralAuthenticationService (org.apereo.cas.CentralAuthenticationService)4
AuthenticationServiceSelectionPlan (org.apereo.cas.authentication.AuthenticationServiceSelectionPlan)4
AuthenticationSystemSupport (org.apereo.cas.authentication.AuthenticationSystemSupport)4
