use of org.springframework.webflow.execution.RequestContext in project cas by apereo.
the class OneTimeTokenAccountCheckRegistrationAction method doExecute.
@Override
protected Event doExecute(final RequestContext requestContext) throws Exception {
final RequestContext context = RequestContextHolder.getRequestContext();
final String uid = WebUtils.getAuthentication(context).getPrincipal().getId();
final String secretKey = repository.getSecret(uid);
if (StringUtils.isBlank(secretKey)) {
final OneTimeTokenAccount keyAccount = this.repository.create(uid);
final String keyUri = "otpauth://totp/" + this.label + ':' + uid + "?secret=" + keyAccount.getSecretKey() + "&issuer=" + this.issuer;
requestContext.getFlowScope().put("key", keyAccount);
requestContext.getFlowScope().put("keyUri", keyUri);
LOGGER.debug("Registration key URI is [{}]", keyUri);
return new EventFactorySupport().event(this, "register");
}
return success();
}
use of org.springframework.webflow.execution.RequestContext in project cas by apereo.
the class CasWebflowContextConfigurationTests method verifyFlowExecutorByServerSession.
@Test
public void verifyFlowExecutorByServerSession() {
final RequestContext ctx = getMockRequestContext();
final LocalAttributeMap map = new LocalAttributeMap<>();
flowExecutorViaServerSessionBindingExecution.launchExecution("login", map, ctx.getExternalContext());
}
use of org.springframework.webflow.execution.RequestContext in project cas by apereo.
the class RadiusTokenAuthenticationHandler method doAuthentication.
@Override
protected HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
try {
final RadiusTokenCredential radiusCredential = (RadiusTokenCredential) credential;
final String password = radiusCredential.getToken();
final RequestContext context = RequestContextHolder.getRequestContext();
final String username = WebUtils.getAuthentication(context).getPrincipal().getId();
final Pair<Boolean, Optional<Map<String, Object>>> result = RadiusUtils.authenticate(username, password, this.servers, this.failoverOnAuthenticationFailure, this.failoverOnException);
if (result.getKey()) {
return createHandlerResult(credential, this.principalFactory.createPrincipal(username, result.getValue().get()), new ArrayList<>());
}
throw new FailedLoginException("Radius authentication failed for user " + username);
} catch (final Exception e) {
throw new FailedLoginException("Radius authentication failed " + e.getMessage());
}
}
use of org.springframework.webflow.execution.RequestContext in project cas by apereo.
the class OidcAuthenticationContextWebflowEventEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
if (service == null || authentication == null) {
LOGGER.debug("No service or authentication is available to determine event for principal");
return null;
}
String acr = request.getParameter(OAuthConstants.ACR_VALUES);
if (StringUtils.isBlank(acr)) {
final URIBuilder builderContext = new URIBuilder(StringUtils.trimToEmpty(context.getFlowExecutionUrl()));
final Optional<URIBuilder.BasicNameValuePair> parameter = builderContext.getQueryParams().stream().filter(p -> p.getName().equals(OAuthConstants.ACR_VALUES)).findFirst();
if (parameter.isPresent()) {
acr = parameter.get().getValue();
}
}
if (StringUtils.isBlank(acr)) {
LOGGER.debug("No ACR provided in the authentication request");
return null;
}
final Set<String> values = org.springframework.util.StringUtils.commaDelimitedListToSet(acr);
if (values.isEmpty()) {
LOGGER.debug("No ACR provided in the authentication request");
return null;
}
final Map<String, MultifactorAuthenticationProvider> providerMap = WebUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap == null || providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context to handle [{}]", values);
throw new AuthenticationException();
}
final Collection<MultifactorAuthenticationProvider> flattenedProviders = flattenProviders(providerMap.values());
final Optional<MultifactorAuthenticationProvider> provider = flattenedProviders.stream().filter(v -> values.contains(v.getId())).findAny();
if (provider.isPresent()) {
return Collections.singleton(new Event(this, provider.get().getId()));
}
LOGGER.warn("The requested authentication class [{}] cannot be satisfied by any of the MFA providers available", values);
throw new AuthenticationException();
}
use of org.springframework.webflow.execution.RequestContext in project cas by apereo.
the class YubiKeyAuthenticationHandler method doAuthentication.
@Override
protected HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
final YubiKeyCredential yubiKeyCredential = (YubiKeyCredential) credential;
final String otp = yubiKeyCredential.getToken();
if (!YubicoClient.isValidOTPFormat(otp)) {
LOGGER.debug("Invalid OTP format [{}]", otp);
throw new AccountNotFoundException("OTP format is invalid");
}
final RequestContext context = RequestContextHolder.getRequestContext();
final String uid = WebUtils.getAuthentication(context).getPrincipal().getId();
final String publicId = YubicoClient.getPublicId(otp);
if (this.registry != null && !this.registry.isYubiKeyRegisteredFor(uid, publicId)) {
LOGGER.debug("YubiKey public id [{}] is not registered for user [{}]", publicId, uid);
throw new AccountNotFoundException("YubiKey id is not recognized in registry");
}
try {
final VerificationResponse response = this.client.verify(otp);
final ResponseStatus status = response.getStatus();
if (status.compareTo(ResponseStatus.OK) == 0) {
LOGGER.debug("YubiKey response status [{}] at [{}]", status, response.getTimestamp());
return createHandlerResult(yubiKeyCredential, this.principalFactory.createPrincipal(uid), null);
}
throw new FailedLoginException("Authentication failed with status: " + status);
} catch (final YubicoVerificationException | YubicoValidationFailure e) {
LOGGER.error(e.getMessage(), e);
throw new FailedLoginException("YubiKey validation failed: " + e.getMessage());
}
}
Aggregations