org.jasig.cas.CasProtocolConstants Java Examples
The following examples show how to use
org.jasig.cas.CasProtocolConstants.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: Cas30ResponseView.java From springboot-shiro-cas-mybatis with MIT License | 6 votes |
@Override protected void prepareMergedOutputModel(final Map<String, Object> model, final HttpServletRequest request, final HttpServletResponse response) throws Exception { super.prepareMergedOutputModel(model, request, response); final Service service = super.getServiceFrom(model); final RegisteredService registeredService = this.servicesManager.findServiceBy(service); final Map<String, Object> attributes = new HashMap<>(getPrincipalAttributesAsMultiValuedAttributes(model)); attributes.put(CasProtocolConstants.VALIDATION_CAS_MODEL_ATTRIBUTE_NAME_AUTHENTICATION_DATE, Collections.singleton(getAuthenticationDate(model))); attributes.put(CasProtocolConstants.VALIDATION_CAS_MODEL_ATTRIBUTE_NAME_FROM_NEW_LOGIN, Collections.singleton(isAssertionBackedByNewLogin(model))); attributes.put(CasProtocolConstants.VALIDATION_REMEMBER_ME_ATTRIBUTE_NAME, Collections.singleton(isRememberMeAuthentication(model))); decideIfCredentialPasswordShouldBeReleasedAsAttribute(attributes, model, registeredService); decideIfProxyGrantingTicketShouldBeReleasedAsAttribute(attributes, model, registeredService); super.putIntoModel(model, CasProtocolConstants.VALIDATION_CAS_MODEL_ATTRIBUTE_NAME_ATTRIBUTES, this.casAttributeEncoder.encodeAttributes(attributes, getServiceFrom(model))); }
Example #2
Source File: SendTicketGrantingTicketAction.java From springboot-shiro-cas-mybatis with MIT License | 6 votes |
/** * Tries to determine if authentication was created as part of a "renew" event. * Renewed authentications can occur if the service is not allowed to participate * in SSO or if a "renew" request parameter is specified. * * @param ctx the request context * @return true if renewed */ private boolean isAuthenticationRenewed(final RequestContext ctx) { if (ctx.getRequestParameters().contains(CasProtocolConstants.PARAMETER_RENEW)) { LOGGER.debug("[{}] is specified for the request. The authentication session will be considered renewed.", CasProtocolConstants.PARAMETER_RENEW); return true; } final Service service = WebUtils.getService(ctx); if (service != null) { final RegisteredService registeredService = this.servicesManager.findServiceBy(service); if (registeredService != null) { final boolean isAllowedForSso = registeredService.getAccessStrategy().isServiceAccessAllowedForSso(); LOGGER.debug("Located [{}] in registry. Service access to participate in SSO is set to [{}]", registeredService.getServiceId(), isAllowedForSso); return !isAllowedForSso; } } return false; }
Example #3
Source File: Cas30ResponseViewTests.java From springboot-shiro-cas-mybatis with MIT License | 6 votes |
private Map<?, ?> renderView() throws Exception{ final ModelAndView modelAndView = this.getModelAndViewUponServiceValidationWithSecurePgtUrl(); final JstlView v = (JstlView) resolver.resolveViewName(modelAndView.getViewName(), Locale.getDefault()); final MockHttpServletRequest req = new MockHttpServletRequest(new MockServletContext()); v.setServletContext(req.getServletContext()); req.setAttribute(RequestContext.WEB_APPLICATION_CONTEXT_ATTRIBUTE, new GenericWebApplicationContext(req.getServletContext())); final Cas30ResponseView view = new Cas30ResponseView(v); view.setServicesManager(this.servicesManager); view.setCasAttributeEncoder(new DefaultCasAttributeEncoder(this.servicesManager)); final MockHttpServletResponse resp = new MockHttpServletResponse(); view.render(modelAndView.getModel(), req, resp); return (Map<?, ?>) req.getAttribute(CasProtocolConstants.VALIDATION_CAS_MODEL_ATTRIBUTE_NAME_ATTRIBUTES); }
Example #4
Source File: Cas20ResponseViewTests.java From springboot-shiro-cas-mybatis with MIT License | 6 votes |
@Test public void verifyView() throws Exception { final ModelAndView modelAndView = this.getModelAndViewUponServiceValidationWithSecurePgtUrl(); final JstlView v = (JstlView) resolver.resolveViewName(modelAndView.getViewName(), Locale.getDefault()); final MockHttpServletRequest req = new MockHttpServletRequest(new MockServletContext()); v.setServletContext(req.getServletContext()); req.setAttribute(RequestContext.WEB_APPLICATION_CONTEXT_ATTRIBUTE, new GenericWebApplicationContext(req.getServletContext())); final Cas20ResponseView view = new Cas20ResponseView(v); final MockHttpServletResponse resp = new MockHttpServletResponse(); view.render(modelAndView.getModel(), req, resp); assertNotNull(req.getAttribute(CasViewConstants.MODEL_ATTRIBUTE_NAME_CHAINED_AUTHENTICATIONS)); assertNotNull(req.getAttribute(CasViewConstants.MODEL_ATTRIBUTE_NAME_PRIMARY_AUTHENTICATION)); assertNotNull(req.getAttribute(CasViewConstants.MODEL_ATTRIBUTE_NAME_PRINCIPAL)); assertNotNull(req.getAttribute(CasProtocolConstants.VALIDATION_CAS_MODEL_PROXY_GRANTING_TICKET_IOU)); }
Example #5
Source File: SendTicketGrantingTicketActionTests.java From springboot-shiro-cas-mybatis with MIT License | 6 votes |
@Test public void verifySsoSessionCookieOnRenewAsParameter() throws Exception { final MockHttpServletResponse response = new MockHttpServletResponse(); final MockHttpServletRequest request = new MockHttpServletRequest(); request.addParameter(CasProtocolConstants.PARAMETER_RENEW, "true"); final TicketGrantingTicket tgt = mock(TicketGrantingTicket.class); when(tgt.getId()).thenReturn("test"); request.setCookies(new Cookie("TGT", "test5")); WebUtils.putTicketGrantingTicketInScopes(this.context, tgt); this.context.setExternalContext(new ServletExternalContext(new MockServletContext(), request, response)); this.action.setCreateSsoSessionCookieOnRenewAuthentications(false); assertEquals("success", this.action.execute(this.context).getId()); assertEquals(0, response.getCookies().length); }
Example #6
Source File: AuthenticationViaFormAction.java From taoshop with Apache License 2.0 | 5 votes |
/** * Is request asking for service ticket? * * @param context the context * @return true, if both service and tgt are found, and the request is not asking to renew. * @since 4.1.0 */ protected boolean isRequestAskingForServiceTicket(final RequestContext context) { final String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(context); final Service service = WebUtils.getService(context); return (StringUtils.isNotBlank(context.getRequestParameters().get(CasProtocolConstants.PARAMETER_RENEW)) && ticketGrantingTicketId != null && service != null); }
Example #7
Source File: Saml10SuccessResponseViewTests.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
@Test public void verifyResponseWithoutAuthMethod() throws Exception { final Map<String, Object> model = new HashMap<>(); final Map<String, Object> attributes = new HashMap<>(); attributes.put("testAttribute", "testValue"); final Principal principal = new DefaultPrincipalFactory().createPrincipal("testPrincipal", attributes); final Map<String, Object> authnAttributes = new HashMap<>(); authnAttributes.put("authnAttribute1", "authnAttrbuteV1"); authnAttributes.put("authnAttribute2", "authnAttrbuteV2"); authnAttributes.put(RememberMeCredential.AUTHENTICATION_ATTRIBUTE_REMEMBER_ME, Boolean.TRUE); final Authentication primary = TestUtils.getAuthentication(principal, authnAttributes); final Assertion assertion = new ImmutableAssertion( primary, Collections.singletonList(primary), TestUtils.getService(), true); model.put("assertion", assertion); final MockHttpServletResponse servletResponse = new MockHttpServletResponse(); this.response.renderMergedOutputModel(model, new MockHttpServletRequest(), servletResponse); final String written = servletResponse.getContentAsString(); assertTrue(written.contains("testPrincipal")); assertTrue(written.contains("testAttribute")); assertTrue(written.contains("testValue")); assertTrue(written.contains("authnAttribute1")); assertTrue(written.contains("authnAttribute2")); assertTrue(written.contains(CasProtocolConstants.VALIDATION_REMEMBER_ME_ATTRIBUTE_NAME)); assertTrue(written.contains("urn:oasis:names:tc:SAML:1.0:am:unspecified")); }
Example #8
Source File: AuthenticationViaFormAction.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
/** * Is request asking for service ticket? * * @param context the context * @return true, if both service and tgt are found, and the request is not asking to renew. * @since 4.1.0 */ protected boolean isRequestAskingForServiceTicket(final RequestContext context) { final String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(context); final Service service = WebUtils.getService(context); return (StringUtils.isNotBlank(context.getRequestParameters().get(CasProtocolConstants.PARAMETER_RENEW)) && ticketGrantingTicketId != null && service != null); }
Example #9
Source File: ServiceValidateController.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
/** * Overrideable method to determine which credentials to use to grant a * proxy granting ticket. Default is to use the pgtUrl. * * @param service the webapp service requesting proxy * @param request the HttpServletRequest object. * @return the credentials or null if there was an error or no credentials * provided. */ protected Credential getServiceCredentialsFromRequest(final WebApplicationService service, final HttpServletRequest request) { final String pgtUrl = request.getParameter(CasProtocolConstants.PARAMETER_PROXY_CALLBACK_URL); if (StringUtils.hasText(pgtUrl)) { try { final RegisteredService registeredService = this.servicesManager.findServiceBy(service); verifyRegisteredServiceProperties(registeredService, service); return new HttpBasedServiceCredential(new URL(pgtUrl), registeredService); } catch (final Exception e) { logger.error("Error constructing pgtUrl", e); } } return null; }
Example #10
Source File: Cas30ResponseViewTests.java From springboot-shiro-cas-mybatis with MIT License | 5 votes |
@Test public void verifyViewAuthnAttributes() throws Exception { final Map<?, ?> attributes = renderView(); assertTrue(attributes.containsKey(CasProtocolConstants.VALIDATION_CAS_MODEL_ATTRIBUTE_NAME_AUTHENTICATION_DATE)); assertTrue(attributes.containsKey(CasProtocolConstants.VALIDATION_CAS_MODEL_ATTRIBUTE_NAME_FROM_NEW_LOGIN)); assertTrue(attributes.containsKey(CasProtocolConstants.VALIDATION_REMEMBER_ME_ATTRIBUTE_NAME)); }
Example #11
Source File: Cas30ResponseView.java From cas-mfa with Apache License 2.0 | 5 votes |
@Override protected void prepareMergedOutputModel(final Map<String, Object> model, final HttpServletRequest request, final HttpServletResponse response) throws Exception { super.prepareMergedOutputModel(model, request, response); final Service service = super.getServiceFrom(model); final RegisteredService registeredService = this.servicesManager.findServiceBy(service); final Map<String, Object> attributes = new HashMap<>(getPrincipalAttributesAsMultiValuedAttributes(model)); attributes.put(CasProtocolConstants.VALIDATION_CAS_MODEL_ATTRIBUTE_NAME_AUTHENTICATION_DATE, Collections.singleton(getAuthenticationDate(model))); attributes.put(CasProtocolConstants.VALIDATION_CAS_MODEL_ATTRIBUTE_NAME_FROM_NEW_LOGIN, Collections.singleton(isAssertionBackedByNewLogin(model))); attributes.put(CasProtocolConstants.VALIDATION_REMEMBER_ME_ATTRIBUTE_NAME, Collections.singleton(isRememberMeAuthentication(model))); decideIfCredentialPasswordShouldBeReleasedAsAttribute(attributes, model, registeredService); decideIfProxyGrantingTicketShouldBeReleasedAsAttribute(attributes, model, registeredService); attributes.put(this.authenticationMethodResponseAttribute, getAuthenticationAttribute(model, MultiFactorAuthenticationSupportingWebApplicationService.CONST_PARAM_AUTHN_METHOD)); super.putIntoModel(model, CasProtocolConstants.VALIDATION_CAS_MODEL_ATTRIBUTE_NAME_ATTRIBUTES, this.casAttributeEncoder.encodeAttributes(attributes, getServiceFrom(model))); }
Example #12
Source File: ValidateInitialMultiFactorAuthenticationRequestAction.java From cas-mfa with Apache License 2.0 | 4 votes |
@Override protected Event doExecute(final RequestContext context) throws Exception { final MultiFactorAuthenticationTransactionContext mfaTx = MultiFactorRequestContextUtils.getMfaTransaction(context); if (mfaTx == null) { return new Event(this, EVENT_ID_REQUIRE_TGT); } final MultiFactorAuthenticationSupportingWebApplicationService mfaService = this.authnMethodRankingStrategy.computeHighestRankingAuthenticationMethod(mfaTx); final String requestedAuthenticationMethod = mfaService != null ? mfaService.getAuthenticationMethod() : null; final String tgt = MultiFactorRequestContextUtils.getTicketGrantingTicketId(context); /* * If the TGT is blank i.e. there is no existing SSO session, proceed with normal login flow * (Note that flow may need interrupted later if the CAS-using service requires an authentication method * not fulfilled by the normal login flow) */ if (StringUtils.isBlank(tgt)) { logger.trace("TGT is blank; proceed flow normally."); return new Event(this, EVENT_ID_REQUIRE_TGT); } /* * If the authentication method the CAS-using service has specified is blank, * proceed with the normal login flow. */ if (StringUtils.isBlank(requestedAuthenticationMethod)) { logger.trace("Since required authentication method is blank, proceed flow normally."); return new Event(this, EVENT_ID_REQUIRE_TGT); } logger.trace("Service [{}] requires authentication method [{}]", mfaTx.getTargetServiceId(), requestedAuthenticationMethod); final Authentication authentication = this.authenticationSupport.getAuthenticationFrom(tgt); /* * If somehow the TGT were to have no authentication, then interpret as an existing SSO session insufficient * to fulfill the requirements of this service, and branch to fulfill the authentication requirement. */ if (authentication == null) { logger.warn("TGT had no Authentication, which is odd. " + "Proceeding as if additional authentication required."); //Place the ranked mfa service into the flow scope to be available in the actual mfa subflows MultiFactorRequestContextUtils.setMultifactorWebApplicationService(context, mfaService); return new Event(this, getMultiFactorEventIdByAuthenticationMethod(requestedAuthenticationMethod)); } final Set<String> previouslyAchievedAuthenticationMethods = MultiFactorUtils.getSatisfiedAuthenticationMethods(authentication); /* * If any of the recorded authentication methods from the prior Authentication are 'stronger' * than the authentication method requested to access the CAS-using service, proceed with the normal authentication flow. */ if (this.authnMethodRankingStrategy .anyPreviouslyAchievedAuthenticationMethodsStrongerThanRequestedOne(previouslyAchievedAuthenticationMethods, requestedAuthenticationMethod)) { logger.trace("Authentication method [{}] is EQUAL -- OR -- WEAKER than any previously fulfilled methods [{}]; " + "proceeding with flow normally...", requestedAuthenticationMethod, previouslyAchievedAuthenticationMethods); return new Event(this, EVENT_ID_REQUIRE_TGT); } if (context.getRequestParameters().get(CasProtocolConstants.PARAMETER_RENEW) != null) { return new Event(this, EVENT_ID_REQUIRE_TGT); } logger.trace("Authentication method [{}] is STRONGER than any previously fulfilled methods [{}]; " + "branching to prompt for required authentication method.", requestedAuthenticationMethod, previouslyAchievedAuthenticationMethods); //Place the ranked mfa service into the flow scope to be available in the actual mfa subflows MultiFactorRequestContextUtils.setMultifactorWebApplicationService(context, mfaService); return new Event(this, getMultiFactorEventIdByAuthenticationMethod(requestedAuthenticationMethod)); }