org.springframework.webflow.execution.RequestContext Java Examples

The following examples show how to use org.springframework.webflow.execution.RequestContext. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: IdpTokenExpiredAction.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
public boolean isTokenExpired(String homeRealm, RequestContext context)
    throws Exception {

    SecurityToken idpToken =
        (SecurityToken) WebUtils.getAttributeFromExternalContext(context, homeRealm);
    if (idpToken == null) {
        return true;
    }

    if (tokenExpirationValidation && idpToken.isExpired()) {
        LOG.info("[IDP_TOKEN=" + idpToken.getId() + "] is expired.");
        return true;
    }

    return false;
}
 
Example #2
Source File: InitializeLoginAction.java    From shibboleth-oidc with Apache License 2.0 6 votes vote down vote up
@Nonnull
@Override
protected Event doExecute(@Nonnull final RequestContext springRequestContext,
                          @Nonnull final ProfileRequestContext profileRequestContext) {
    log.debug("{} Initializing login action", getLogPrefix());
    final HttpServletRequest request = OIDCUtils.getHttpServletRequest(springRequestContext);
    if (request == null) {
        throw new OIDCException("HttpServletRequest cannot be null");
    }

    final HttpServletResponse response = OIDCUtils.getHttpServletResponse(springRequestContext);
    if (response == null) {
        throw new OIDCException("HttpServletRequest cannot be null");
    }
    HttpServletRequestResponseContext.loadCurrent(request, response);
    return Events.Success.event(this);
}
 
Example #3
Source File: ClientAction.java    From oxTrust with MIT License 6 votes vote down vote up
/**
 * Prepare the data for the login page
 * 
 * @param context The current webflow context
 * @param webContext The current web context
 */
protected void prepareForLoginPage(final RequestContext context, final WebContext webContext) {
	// Save parameters in web session
	final Service service = (Service) context.getFlowScope().get(SERVICE);
	if (service != null) {
		webContext.setSessionAttribute(SERVICE, service);
	}
	saveRequestParameter(webContext, THEME);
	saveRequestParameter(webContext, LOCALE);
	saveRequestParameter(webContext, METHOD);

	final String keyRedirectionUrl = this.client.getName() + "Url";
	final String redirectionUrl = this.client.getRedirectionUrl(webContext);
	logger.debug("Generated redirection Url", redirectionUrl);

	context.getFlowScope().put(keyRedirectionUrl, redirectionUrl);

	final String keyAuthMethod = this.client.getName() + "OpenIdDefaultAuthenticator";
	final Boolean keyAuthMethodValue = this.client.isOpenIdDefaultAuthenticator();
	logger.debug("OpenIdDefaultAuthenticator", keyAuthMethodValue);

	context.getFlowScope().put(keyAuthMethod, keyAuthMethodValue);
}
 
Example #4
Source File: SpnegoCredentialsAction.java    From cas4.0.x-server-wechat with Apache License 2.0 6 votes vote down vote up
private void setResponseHeader(final RequestContext context,
        final Credential credential) {
    if (credential == null) {
        return;
    }

    final HttpServletResponse response = WebUtils
            .getHttpServletResponse(context);
    final SpnegoCredential spnegoCredentials = (SpnegoCredential) credential;
    final byte[] nextToken = spnegoCredentials.getNextToken();
    if (nextToken != null) {
        if (logger.isDebugEnabled()) {
            logger.debug("Obtained output token: " + new String(nextToken));
        }
        response.setHeader(SpnegoConstants.HEADER_AUTHENTICATE, (this.ntlm
                ? SpnegoConstants.NTLM : SpnegoConstants.NEGOTIATE)
                + " " + Base64.encode(nextToken));
    } else {
        logger.debug("Unable to obtain the output token required.");
    }

    if (spnegoCredentials.getPrincipal() == null && send401OnAuthenticationFailure) {
        logger.debug("Setting HTTP Status to 401");
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
    }
}
 
Example #5
Source File: AuthnRequestParser.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
public String retrieveRequestId(RequestContext context) {
    SAMLAbstractRequest request =
        (SAMLAbstractRequest)WebUtils.getAttributeFromFlowScope(context, IdpConstants.SAML_AUTHN_REQUEST);
    if (request == null) {
        request = (SAMLAbstractRequest)WebUtils.getAttributeFromFlowScope(context,
                                                                          IdpConstants.SAML_LOGOUT_REQUEST);
    }

    if (request != null && request.getRequestId() != null) {
        String id = request.getRequestId();
        LOG.debug("Parsed SAML Request Id: {}", id);
        return id;
    }

    LOG.debug("No AuthnRequest/LogoutRequest available to be parsed");
    return null;
}
 
Example #6
Source File: FrontChannelLogoutActionTests.java    From cas4.0.x-server-wechat with Apache License 2.0 6 votes vote down vote up
@Before
public void onSetUp() throws Exception {
    final LogoutManager logoutManager = new LogoutManagerImpl(mock(ServicesManager.class),
            new SimpleHttpClient(), new SamlCompliantLogoutMessageCreator());
    this.frontChannelLogoutAction = new FrontChannelLogoutAction(logoutManager);

    this.request = new MockHttpServletRequest();
    this.response = new MockHttpServletResponse();
    this.requestContext = mock(RequestContext.class);
    final ServletExternalContext servletExternalContext = mock(ServletExternalContext.class);
    when(this.requestContext.getExternalContext()).thenReturn(servletExternalContext);
    when(servletExternalContext.getNativeRequest()).thenReturn(request);
    when(servletExternalContext.getNativeResponse()).thenReturn(response);
    final LocalAttributeMap flowScope = new LocalAttributeMap();
    when(this.requestContext.getFlowScope()).thenReturn(flowScope);
    final MockFlowExecutionKey mockFlowExecutionKey = new MockFlowExecutionKey(FLOW_EXECUTION_KEY);
    final MockFlowExecutionContext mockFlowExecutionContext = new MockFlowExecutionContext();
    mockFlowExecutionContext.setKey(mockFlowExecutionKey);
    when(this.requestContext.getFlowExecutionContext()).thenReturn(mockFlowExecutionContext);
}
 
Example #7
Source File: TerminateSessionAction.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
/**
 * Terminates the CAS SSO session by destroying the TGT (if any) and removing cookies related to the SSO session.
 *
 * @param context Request context.
 *
 * @return "success"
 */
public Event terminate(final RequestContext context) {
    // in login's webflow : we can get the value from context as it has already been stored
    String tgtId = WebUtils.getTicketGrantingTicketId(context);
    // for logout, we need to get the cookie's value
    if (tgtId == null) {
        final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
        tgtId = this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request);
    }
    if (tgtId != null) {
        WebUtils.putLogoutRequests(context, this.centralAuthenticationService.destroyTicketGrantingTicket(tgtId));
    }
    final HttpServletResponse response = WebUtils.getHttpServletResponse(context);
    this.ticketGrantingTicketCookieGenerator.removeCookie(response);
    this.warnCookieGenerator.removeCookie(response);
    return this.eventFactorySupport.success(this);
}
 
Example #8
Source File: TrustedIdpProtocolAction.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
public String mapSignInRequest(RequestContext requestContext, String trustedIdpRealm) {
    LOG.info("Prepare redirect to Trusted IDP '{}'", trustedIdpRealm);

    Idp idpConfig = (Idp) WebUtils.getAttributeFromFlowScope(requestContext, IDP_CONFIG);

    TrustedIdp trustedIdp = idpConfig.findTrustedIdp(trustedIdpRealm);
    if (trustedIdp == null) {
        LOG.error("TrustedIdp '{}' not configured", trustedIdpRealm);
        throw new IllegalStateException("TrustedIdp '" + trustedIdpRealm + "'");
    }

    String protocol = trustedIdp.getProtocol();
    LOG.debug("TrustedIdp '{}' supports protocol {}", trustedIdpRealm, protocol);

    TrustedIdpProtocolHandler protocolHandler = trustedIdpProtocolHandlers.getProtocolHandler(protocol);
    if (protocolHandler == null) {
        LOG.error("No ProtocolHandler found for {}", protocol);
        throw new IllegalStateException("No ProtocolHandler found for '" + protocol + "'");
    }
    URL redirectUrl = protocolHandler.mapSignInRequest(requestContext, idpConfig, trustedIdp);
    LOG.info("Redirect url {}", redirectUrl.toString());
    return redirectUrl.toString();
}
 
Example #9
Source File: ClientAction.java    From cas4.0.x-server-wechat with Apache License 2.0 6 votes vote down vote up
/**
 * Prepare the data for the login page.
 *
 * @param context The current webflow context
 */
protected void prepareForLoginPage(final RequestContext context) {
    final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
    final HttpServletResponse response = WebUtils.getHttpServletResponse(context);
    final HttpSession session = request.getSession();

    // web context
    final WebContext webContext = new J2EContext(request, response);

    // save parameters in web session
    final Service service = (Service) context.getFlowScope().get(SERVICE);
    logger.info("save service: {}", service);
    session.setAttribute(SERVICE, service);
    saveRequestParameter(request, session, THEME);
    saveRequestParameter(request, session, LOCALE);
    saveRequestParameter(request, session, METHOD);

    // for all clients, generate redirection urls
    for (final Client client : this.clients.findAllClients()) {
        final String key = client.getName() + "Url";
        final BaseClient baseClient = (BaseClient) client;
        final String redirectionUrl = baseClient.getRedirectionUrl(webContext);
        logger.info("{} -> {}", key, redirectionUrl);
        context.getFlowScope().put(key, redirectionUrl);
    }
}
 
Example #10
Source File: SendTicketGrantingTicketAction.java    From cas-mfa with Apache License 2.0 6 votes vote down vote up
@Override
protected Event doExecute(final RequestContext context) {

    final MultiFactorCredentials mfa = MultiFactorRequestContextUtils.getMfaCredentials(context);

    final String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(context);
    final String ticketGrantingTicketValueFromCookie = (String) context.getFlowScope().get("ticketGrantingTicketId");

    if (ticketGrantingTicketId == null) {
        return success();
    }

    this.ticketGrantingTicketCookieGenerator.addCookie(WebUtils.getHttpServletRequest(context), WebUtils
            .getHttpServletResponse(context), ticketGrantingTicketId);

    if ((mfa == null || this.destroyPreviousSSOSession)
            && ticketGrantingTicketValueFromCookie != null
            && !ticketGrantingTicketId.equals(ticketGrantingTicketValueFromCookie)) {
        logger.debug("Destroying the previous SSO session mapped to [{}] because, this is not an MFA request,"
                + " or configuration dictated destroying the SSO session.", ticketGrantingTicketValueFromCookie);
        this.centralAuthenticationService.destroyTicketGrantingTicket(ticketGrantingTicketValueFromCookie);
    }

    return success();
}
 
Example #11
Source File: OpenIdSingleSignOnAction.java    From cas4.0.x-server-wechat with Apache License 2.0 6 votes vote down vote up
@Override
protected Credential constructCredentialsFromRequest(final RequestContext context) {
    final String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(context);
    final String userName = this.extractor
            .extractLocalUsernameFromUri(context.getRequestParameters()
                    .get("openid.identity"));
    final Service service = WebUtils.getService(context);

    context.getExternalContext().getSessionMap().put("openIdLocalId", userName);

    // clear the service because otherwise we can fake the username
    if (service instanceof OpenIdService && userName == null) {
        context.getFlowScope().remove("service");
    }

    if (ticketGrantingTicketId == null || userName == null) {
        return null;
    }

    return new OpenIdCredential(
            ticketGrantingTicketId, userName);
}
 
Example #12
Source File: SendTicketGrantingTicketAction.java    From cas4.0.x-server-wechat with Apache License 2.0 6 votes vote down vote up
@Override
protected Event doExecute(final RequestContext context) {
    final String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(context);
    final String ticketGrantingTicketValueFromCookie = (String) context.getFlowScope().get("ticketGrantingTicketId");

    if (ticketGrantingTicketId == null) {
        return success();
    }

    this.ticketGrantingTicketCookieGenerator.addCookie(WebUtils.getHttpServletRequest(context), WebUtils
        .getHttpServletResponse(context), ticketGrantingTicketId);

    if (ticketGrantingTicketValueFromCookie != null && !ticketGrantingTicketId.equals(ticketGrantingTicketValueFromCookie)) {
        this.centralAuthenticationService
            .destroyTicketGrantingTicket(ticketGrantingTicketValueFromCookie);
    }

    return success();
}
 
Example #13
Source File: X509CertificateCredentialsNonInteractiveAction.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
@Override
protected Credential constructCredentialsFromRequest(final RequestContext context) {
    final X509Certificate[] certificates = (X509Certificate[]) context
            .getExternalContext().getRequestMap().get(
                    CERTIFICATE_REQUEST_ATTRIBUTE);

    if (certificates == null || certificates.length == 0) {
        if (logger.isDebugEnabled()) {
            logger.debug("Certificates not found in request.");
        }
        return null;
    }

    if (logger.isDebugEnabled()) {
        logger.debug("Certificate found in request.");
    }
    return new X509CertificateCredential(certificates);
}
 
Example #14
Source File: TerminateSessionAction.java    From cas4.0.x-server-wechat with Apache License 2.0 6 votes vote down vote up
/**
 * Terminates the CAS SSO session by destroying the TGT (if any) and removing cookies related to the SSO session.
 *
 * @param context Request context.
 *
 * @return "success"
 */
public Event terminate(final RequestContext context) {
    // in login's webflow : we can get the value from context as it has already been stored
    String tgtId = WebUtils.getTicketGrantingTicketId(context);
    // for logout, we need to get the cookie's value
    if (tgtId == null) {
        final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
        tgtId = this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request);
    }
    if (tgtId != null) {
        WebUtils.putLogoutRequests(context, this.centralAuthenticationService.destroyTicketGrantingTicket(tgtId));
    }
    final HttpServletResponse response = WebUtils.getHttpServletResponse(context);
    this.ticketGrantingTicketCookieGenerator.removeCookie(response);
    this.warnCookieGenerator.removeCookie(response);
    return this.eventFactorySupport.success(this);
}
 
Example #15
Source File: TrustedIdpProtocolAction.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
public SecurityToken mapSignInResponse(RequestContext requestContext, String trustedIdpRealm) {
    LOG.info("Prepare validate SignInResponse of Trusted IDP '{}'", trustedIdpRealm);

    Idp idpConfig = (Idp) WebUtils.getAttributeFromFlowScope(requestContext, IDP_CONFIG);

    TrustedIdp trustedIdp = idpConfig.findTrustedIdp(trustedIdpRealm);
    if (trustedIdp == null) {
        LOG.error("TrustedIdp '{}' not configured", trustedIdpRealm);
        throw new IllegalStateException("TrustedIdp '" + trustedIdpRealm + "'");
    }

    String protocol = trustedIdp.getProtocol();
    LOG.debug("TrustedIdp '{}' supports protocol {}", trustedIdpRealm, protocol);

    TrustedIdpProtocolHandler protocolHandler = trustedIdpProtocolHandlers.getProtocolHandler(protocol);
    if (protocolHandler == null) {
        LOG.error("No ProtocolHandler found for {}", protocol);
        throw new IllegalStateException("No ProtocolHandler found for '" + protocol + "'");
    }
    SecurityToken token = protocolHandler.mapSignInResponse(requestContext, idpConfig, trustedIdp);
    if (token != null) {
        LOG.info("SignInResponse successfully validated and SecurityToken created");
    }
    return token;
}
 
Example #16
Source File: AuthenticationViaFormAction.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
/**
 * Put public workstation into the flow if request parameter present.
 *
 * @param context the context
 */
private void putPublicWorkstationToFlowIfRequestParameterPresent(final RequestContext context) {
    if (StringUtils.isNotBlank(context.getExternalContext()
            .getRequestParameterMap().get(PUBLIC_WORKSTATION_ATTRIBUTE))) {
        context.getFlowScope().put(PUBLIC_WORKSTATION_ATTRIBUTE, Boolean.TRUE);
    }
}
 
Example #17
Source File: TicketGrantingTicketCheckAction.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
/**
 * Determines whether the TGT in the flow request context is valid.
 *
 * @param requestContext Flow request context.
 *
 * @return {@link #NOT_EXISTS}, {@link #INVALID}, or {@link #VALID}.
 */
public Event checkValidity(final RequestContext requestContext) {

    final String tgtId = WebUtils.getTicketGrantingTicketId(requestContext);
    if (!StringUtils.hasText(tgtId)) {
        return new Event(this, NOT_EXISTS);
    }

    final Ticket ticket = this.ticketRegistry.getTicket(tgtId);
    return new Event(this, ticket != null && !ticket.isExpired() ? VALID : INVALID);
}
 
Example #18
Source File: AbstractLogoutAction.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Override
protected final Event doExecute(final RequestContext context) throws Exception {
    final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
    final HttpServletResponse response = WebUtils.getHttpServletResponse(context);

    preventCaching(response);

    return doInternalExecute(request, response, context);
}
 
Example #19
Source File: AuthnRequestParser.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
private void checkDestination(RequestContext context, RequestAbstractType request) throws ProcessingException {
    // Check destination
    String destination = request.getDestination();
    LOG.debug("Validating destination: {}", destination);

    String localAddr = WebUtils.getHttpServletRequest(context).getRequestURL().toString();
    if (destination == null || !localAddr.startsWith(destination)) {
        LOG.debug("The destination {} does not match the local address {}", destination, localAddr);
        throw new ProcessingException(TYPE.BAD_REQUEST);
    }
}
 
Example #20
Source File: WebUtils.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
public static HttpServletResponse getHttpServletResponse(
        final RequestContext context) {
    Object response =  context.getExternalContext().getNativeResponse();
    Assert.isInstanceOf(HttpServletResponse.class,
            response,
            "Cannot obtain HttpServletResponse from event of type: "
                    + context.getExternalContext().getClass().getName());
    return (HttpServletResponse) response;
}
 
Example #21
Source File: WebUtils.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
public static void addCookie(
        final RequestContext context, final String cookieName, final String cookieValue) {
    HttpServletResponse httpServletResponse = getHttpServletResponse(context);
    Cookie cookie = new Cookie(cookieName, cookieValue);
    cookie.setSecure(true);
    cookie.setMaxAge(-1);
    cookie.setHttpOnly(true);
    cookie.setPath("/fediz-idp");
    httpServletResponse.addCookie(cookie);
}
 
Example #22
Source File: InitialFlowSetupAction.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Override
protected Event doExecute(final RequestContext context) throws Exception {
    final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
    if (!this.pathPopulated) {
        final String contextPath = context.getExternalContext().getContextPath();
        final String cookiePath = StringUtils.hasText(contextPath) ? contextPath + '/' : "/";
        logger.info("Setting path for cookies to: {} ", cookiePath);
        this.warnCookieGenerator.setCookiePath(cookiePath);
        this.ticketGrantingTicketCookieGenerator.setCookiePath(cookiePath);
        this.pathPopulated = true;
    }

    WebUtils.putTicketGrantingTicketInScopes(context,
            this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request));

    WebUtils.putWarningCookie(context,
            Boolean.valueOf(this.warnCookieGenerator.retrieveCookieValue(request)));

    final Service service = WebUtils.getService(this.argumentExtractors, context);


    if (service != null) {
        logger.debug("Placing service in context scope: [{}]", service.getId());

        final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
        if (registeredService != null && registeredService.getAccessStrategy().isServiceAccessAllowed()) {
            logger.debug("Placing registered service [{}] with id [{}] in context scope",
                    registeredService.getServiceId(),
                    registeredService.getId());
            WebUtils.putRegisteredService(context, registeredService);
        }
    } else if (!this.enableFlowOnAbsentServiceRequest) {
        logger.warn("No service authentication request is available at [{}]. CAS is configured to disable the flow.",
                WebUtils.getHttpServletRequest(context).getRequestURL());
        throw new NoSuchFlowExecutionException(context.getFlowExecutionContext().getKey(),
                new UnauthorizedServiceException("screen.service.required.message", "Service is required"));
    }
    WebUtils.putService(context, service);
    return result("success");
}
 
Example #23
Source File: AuthenticationViaFormAction.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
private void putWarnCookieIfRequestParameterPresent(final RequestContext context) {
    final HttpServletResponse response = WebUtils.getHttpServletResponse(context);

    if (StringUtils.hasText(context.getExternalContext().getRequestParameterMap().get("warn"))) {
        this.warnCookieGenerator.addCookie(response, "true");
    } else {
        this.warnCookieGenerator.removeCookie(response);
    }
}
 
Example #24
Source File: OpenIdSingleSignOnAction.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Override
protected Credential constructCredentialsFromRequest(final RequestContext context) {
    final String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(context);
    final String openidIdentityParameter = context.getRequestParameters().get(OpenIdConstants.OPENID_IDENTITY);
    String userName = null;
    if (OpenIdConstants.OPENID_IDENTIFIERSELECT.equals(openidIdentityParameter)) {
        userName = OpenIdConstants.OPENID_IDENTIFIERSELECT;
        context.getExternalContext().getSessionMap().remove(OpenIdConstants.OPENID_LOCALID);
        // already authenticated: retrieve the username from the authentication
        if (ticketGrantingTicketId != null) {
            try {
                final TicketGrantingTicket tgt = getCentralAuthenticationService()
                        .getTicket(ticketGrantingTicketId, TicketGrantingTicket.class);
                userName = tgt.getAuthentication().getPrincipal().getId();
            } catch (final InvalidTicketException e) {
                logger.error("Cannot get TGT", e);
            }
        }
    } else {
        userName = this.extractor.extractLocalUsernameFromUri(openidIdentityParameter);
        context.getExternalContext().getSessionMap().put(OpenIdConstants.OPENID_LOCALID, userName);
    }
    final Service service = WebUtils.getService(context);

    // clear the service because otherwise we can fake the username
    if (service instanceof OpenIdService && userName == null) {
        context.getFlowScope().remove("service");
    }

    if (ticketGrantingTicketId == null || userName == null) {
        return null;
    }

    return new OpenIdCredential(
            ticketGrantingTicketId, userName);
}
 
Example #25
Source File: FrontChannelLogoutAction.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Override
protected Event doInternalExecute(final HttpServletRequest request, final HttpServletResponse response,
        final RequestContext context) throws Exception {

    final List<LogoutRequest> logoutRequests = WebUtils.getLogoutRequests(context);
    final Integer startIndex = getLogoutIndex(context);
    if (logoutRequests != null) {
        for (int i = startIndex; i < logoutRequests.size(); i++) {
            final LogoutRequest logoutRequest = logoutRequests.get(i);
            if (logoutRequest.getStatus() == LogoutRequestStatus.NOT_ATTEMPTED) {
                // assume it has been successful
                logoutRequest.setStatus(LogoutRequestStatus.SUCCESS);

                // save updated index
                putLogoutIndex(context, i + 1);

                final String logoutUrl = logoutRequest.getLogoutUrl().toExternalForm();
                LOGGER.debug("Using logout url [{}] for front-channel logout requests", logoutUrl);

                final String logoutMessage = logoutManager.createFrontChannelLogoutMessage(logoutRequest);
                LOGGER.debug("Front-channel logout message to send under [{}] is [{}]",
                        this.logoutRequestParameter, logoutMessage);

                // redirect to application with SAML logout message
                final UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(logoutUrl);
                builder.queryParam(this.logoutRequestParameter, URLEncoder.encode(logoutMessage, "UTF-8"));

                return result(REDIRECT_APP_EVENT, DEFAULT_FLOW_ATTRIBUTE_LOGOUT_URL, builder.build().toUriString());
            }
        }
    }

    // no new service with front-channel logout -> finish logout
    return new Event(this, FINISH_EVENT);
}
 
Example #26
Source File: WebUtils.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
public static String getTicketGrantingTicketId(
    final RequestContext context) {
    final String tgtFromRequest = (String) context.getRequestScope().get("ticketGrantingTicketId");
    final String tgtFromFlow = (String) context.getFlowScope().get("ticketGrantingTicketId");

    return tgtFromRequest != null ? tgtFromRequest : tgtFromFlow;

}
 
Example #27
Source File: AuthenticationViaFormAction.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
/**
 * Put warn cookie if request parameter present.
 *
 * @param context the context
 */
private void putWarnCookieIfRequestParameterPresent(final RequestContext context) {
    final HttpServletResponse response = WebUtils.getHttpServletResponse(context);

    if (StringUtils.isNotBlank(context.getExternalContext().getRequestParameterMap().get("warn"))) {
        this.warnCookieGenerator.addCookie(response, "true");
    } else {
        this.warnCookieGenerator.removeCookie(response);
    }
}
 
Example #28
Source File: RemoveHostnameInContextAction.java    From cas-mfa with Apache License 2.0 5 votes vote down vote up
@Override
protected Event doExecute(final RequestContext context) throws Exception {
    final MultiFactorAuthenticationSupportingWebApplicationService svc =
            MultiFactorRequestContextUtils.getMultifactorWebApplicationService(context);
    if (svc != null && svc.getId().equals(this.hostname)) {
        MultiFactorRequestContextUtils.setMultifactorWebApplicationService(context, null);
    }

    return null;
}
 
Example #29
Source File: WebUtils.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
/**
 * Gets credential from the context.
 *
 * @param context the context
 * @return the credential, or null if it cant be found in the context or if it has no id.
 */
public static Credential getCredential(@NotNull final RequestContext context) {
    final Credential cFromRequest = (Credential) context.getRequestScope().get("credential");
    final Credential cFromFlow = (Credential) context.getFlowScope().get("credential");

    final Credential credential = cFromRequest != null ? cFromRequest : cFromFlow;
    if (credential != null && StringUtils.isBlank(credential.getId())) {
        return null;
    }
    return credential;
}
 
Example #30
Source File: STSClientAction.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
private void processWsdlLocation(RequestContext context) {
    if (!isPortSet) {
        String updatedUrl = LocalServerResolver.resolve(this.wsdlLocation, context);
        setSTSWsdlUrl(updatedUrl);
        LOG.info("STS WSDL URL updated to {}", updatedUrl);
    }
}