Search in sources :

Example 6 with RequestContext

use of org.springframework.webflow.execution.RequestContext in project cas by apereo.

the class OneTimeTokenAccountCheckRegistrationAction method doExecute.

@Override
protected Event doExecute(final RequestContext requestContext) throws Exception {
    final RequestContext context = RequestContextHolder.getRequestContext();
    final String uid = WebUtils.getAuthentication(context).getPrincipal().getId();
    final String secretKey = repository.getSecret(uid);
    if (StringUtils.isBlank(secretKey)) {
        final OneTimeTokenAccount keyAccount = this.repository.create(uid);
        final String keyUri = "otpauth://totp/" + this.label + ':' + uid + "?secret=" + keyAccount.getSecretKey() + "&issuer=" + this.issuer;
        requestContext.getFlowScope().put("key", keyAccount);
        requestContext.getFlowScope().put("keyUri", keyUri);
        LOGGER.debug("Registration key URI is [{}]", keyUri);
        return new EventFactorySupport().event(this, "register");
    }
    return success();
}
Also used : OneTimeTokenAccount(org.apereo.cas.otp.repository.credentials.OneTimeTokenAccount) RequestContext(org.springframework.webflow.execution.RequestContext) EventFactorySupport(org.springframework.webflow.action.EventFactorySupport)

Example 7 with RequestContext

use of org.springframework.webflow.execution.RequestContext in project cas by apereo.

the class CasWebflowContextConfigurationTests method verifyFlowExecutorByServerSession.

@Test
public void verifyFlowExecutorByServerSession() {
    final RequestContext ctx = getMockRequestContext();
    final LocalAttributeMap map = new LocalAttributeMap<>();
    flowExecutorViaServerSessionBindingExecution.launchExecution("login", map, ctx.getExternalContext());
}
Also used : LocalAttributeMap(org.springframework.webflow.core.collection.LocalAttributeMap) MockRequestContext(org.springframework.webflow.test.MockRequestContext) RequestContext(org.springframework.webflow.execution.RequestContext) Test(org.junit.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Example 8 with RequestContext

use of org.springframework.webflow.execution.RequestContext in project cas by apereo.

the class RadiusTokenAuthenticationHandler method doAuthentication.

@Override
protected HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
    try {
        final RadiusTokenCredential radiusCredential = (RadiusTokenCredential) credential;
        final String password = radiusCredential.getToken();
        final RequestContext context = RequestContextHolder.getRequestContext();
        final String username = WebUtils.getAuthentication(context).getPrincipal().getId();
        final Pair<Boolean, Optional<Map<String, Object>>> result = RadiusUtils.authenticate(username, password, this.servers, this.failoverOnAuthenticationFailure, this.failoverOnException);
        if (result.getKey()) {
            return createHandlerResult(credential, this.principalFactory.createPrincipal(username, result.getValue().get()), new ArrayList<>());
        }
        throw new FailedLoginException("Radius authentication failed for user " + username);
    } catch (final Exception e) {
        throw new FailedLoginException("Radius authentication failed " + e.getMessage());
    }
}
Also used : FailedLoginException(javax.security.auth.login.FailedLoginException) Optional(java.util.Optional) RequestContext(org.springframework.webflow.execution.RequestContext) TimeoutException(net.jradius.exception.TimeoutException) GeneralSecurityException(java.security.GeneralSecurityException) SocketTimeoutException(java.net.SocketTimeoutException) FailedLoginException(javax.security.auth.login.FailedLoginException) PreventedException(org.apereo.cas.authentication.PreventedException)

Example 9 with RequestContext

use of org.springframework.webflow.execution.RequestContext in project cas by apereo.

the class OidcAuthenticationContextWebflowEventEventResolver method resolveInternal.

@Override
public Set<Event> resolveInternal(final RequestContext context) {
    final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
    final Authentication authentication = WebUtils.getAuthentication(context);
    final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
    if (service == null || authentication == null) {
        LOGGER.debug("No service or authentication is available to determine event for principal");
        return null;
    }
    String acr = request.getParameter(OAuthConstants.ACR_VALUES);
    if (StringUtils.isBlank(acr)) {
        final URIBuilder builderContext = new URIBuilder(StringUtils.trimToEmpty(context.getFlowExecutionUrl()));
        final Optional<URIBuilder.BasicNameValuePair> parameter = builderContext.getQueryParams().stream().filter(p -> p.getName().equals(OAuthConstants.ACR_VALUES)).findFirst();
        if (parameter.isPresent()) {
            acr = parameter.get().getValue();
        }
    }
    if (StringUtils.isBlank(acr)) {
        LOGGER.debug("No ACR provided in the authentication request");
        return null;
    }
    final Set<String> values = org.springframework.util.StringUtils.commaDelimitedListToSet(acr);
    if (values.isEmpty()) {
        LOGGER.debug("No ACR provided in the authentication request");
        return null;
    }
    final Map<String, MultifactorAuthenticationProvider> providerMap = WebUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
    if (providerMap == null || providerMap.isEmpty()) {
        LOGGER.error("No multifactor authentication providers are available in the application context to handle [{}]", values);
        throw new AuthenticationException();
    }
    final Collection<MultifactorAuthenticationProvider> flattenedProviders = flattenProviders(providerMap.values());
    final Optional<MultifactorAuthenticationProvider> provider = flattenedProviders.stream().filter(v -> values.contains(v.getId())).findAny();
    if (provider.isPresent()) {
        return Collections.singleton(new Event(this, provider.get().getId()));
    }
    LOGGER.warn("The requested authentication class [{}] cannot be satisfied by any of the MFA providers available", values);
    throw new AuthenticationException();
}
Also used : MultifactorAuthenticationProviderSelector(org.apereo.cas.services.MultifactorAuthenticationProviderSelector) LoggerFactory(org.slf4j.LoggerFactory) CentralAuthenticationService(org.apereo.cas.CentralAuthenticationService) TicketRegistrySupport(org.apereo.cas.ticket.registry.TicketRegistrySupport) URIBuilder(org.jasig.cas.client.util.URIBuilder) StringUtils(org.apache.commons.lang3.StringUtils) RequestContext(org.springframework.webflow.execution.RequestContext) HttpServletRequest(javax.servlet.http.HttpServletRequest) Authentication(org.apereo.cas.authentication.Authentication) Map(java.util.Map) AuthenticationSystemSupport(org.apereo.cas.authentication.AuthenticationSystemSupport) CookieGenerator(org.springframework.web.util.CookieGenerator) ServicesManager(org.apereo.cas.services.ServicesManager) AuthenticationException(org.apereo.cas.authentication.AuthenticationException) MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider) Logger(org.slf4j.Logger) Collection(java.util.Collection) OAuthConstants(org.apereo.cas.support.oauth.OAuthConstants) AuthenticationServiceSelectionPlan(org.apereo.cas.authentication.AuthenticationServiceSelectionPlan) Set(java.util.Set) RegisteredService(org.apereo.cas.services.RegisteredService) BaseMultifactorAuthenticationProviderEventResolver(org.apereo.cas.web.flow.authentication.BaseMultifactorAuthenticationProviderEventResolver) Optional(java.util.Optional) WebUtils(org.apereo.cas.web.support.WebUtils) Collections(java.util.Collections) Event(org.springframework.webflow.execution.Event) RegisteredService(org.apereo.cas.services.RegisteredService) AuthenticationException(org.apereo.cas.authentication.AuthenticationException) MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider) URIBuilder(org.jasig.cas.client.util.URIBuilder) HttpServletRequest(javax.servlet.http.HttpServletRequest) Authentication(org.apereo.cas.authentication.Authentication) Event(org.springframework.webflow.execution.Event)

Example 10 with RequestContext

use of org.springframework.webflow.execution.RequestContext in project cas by apereo.

the class YubiKeyAuthenticationHandler method doAuthentication.

@Override
protected HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException {
    final YubiKeyCredential yubiKeyCredential = (YubiKeyCredential) credential;
    final String otp = yubiKeyCredential.getToken();
    if (!YubicoClient.isValidOTPFormat(otp)) {
        LOGGER.debug("Invalid OTP format [{}]", otp);
        throw new AccountNotFoundException("OTP format is invalid");
    }
    final RequestContext context = RequestContextHolder.getRequestContext();
    final String uid = WebUtils.getAuthentication(context).getPrincipal().getId();
    final String publicId = YubicoClient.getPublicId(otp);
    if (this.registry != null && !this.registry.isYubiKeyRegisteredFor(uid, publicId)) {
        LOGGER.debug("YubiKey public id [{}] is not registered for user [{}]", publicId, uid);
        throw new AccountNotFoundException("YubiKey id is not recognized in registry");
    }
    try {
        final VerificationResponse response = this.client.verify(otp);
        final ResponseStatus status = response.getStatus();
        if (status.compareTo(ResponseStatus.OK) == 0) {
            LOGGER.debug("YubiKey response status [{}] at [{}]", status, response.getTimestamp());
            return createHandlerResult(yubiKeyCredential, this.principalFactory.createPrincipal(uid), null);
        }
        throw new FailedLoginException("Authentication failed with status: " + status);
    } catch (final YubicoVerificationException | YubicoValidationFailure e) {
        LOGGER.error(e.getMessage(), e);
        throw new FailedLoginException("YubiKey validation failed: " + e.getMessage());
    }
}
Also used : VerificationResponse(com.yubico.client.v2.VerificationResponse) FailedLoginException(javax.security.auth.login.FailedLoginException) ResponseStatus(com.yubico.client.v2.ResponseStatus) RequestContext(org.springframework.webflow.execution.RequestContext) AccountNotFoundException(javax.security.auth.login.AccountNotFoundException) YubicoValidationFailure(com.yubico.client.v2.exceptions.YubicoValidationFailure) YubicoVerificationException(com.yubico.client.v2.exceptions.YubicoVerificationException)

Aggregations

RequestContext (org.springframework.webflow.execution.RequestContext)24 WebUtils (org.apereo.cas.web.support.WebUtils)8 Event (org.springframework.webflow.execution.Event)8 RegisteredService (org.apereo.cas.services.RegisteredService)7 Logger (org.slf4j.Logger)7 LoggerFactory (org.slf4j.LoggerFactory)7 Map (java.util.Map)6 HttpServletRequest (javax.servlet.http.HttpServletRequest)6 Authentication (org.apereo.cas.authentication.Authentication)6 FailedLoginException (javax.security.auth.login.FailedLoginException)5 Principal (org.apereo.cas.authentication.principal.Principal)5 MultifactorAuthenticationProvider (org.apereo.cas.services.MultifactorAuthenticationProvider)5 ServicesManager (org.apereo.cas.services.ServicesManager)5 Optional (java.util.Optional)4 Set (java.util.Set)4 HttpServletResponse (javax.servlet.http.HttpServletResponse)4 StringUtils (org.apache.commons.lang3.StringUtils)4 CentralAuthenticationService (org.apereo.cas.CentralAuthenticationService)4 AuthenticationServiceSelectionPlan (org.apereo.cas.authentication.AuthenticationServiceSelectionPlan)4 AuthenticationSystemSupport (org.apereo.cas.authentication.AuthenticationSystemSupport)4