Beispiel #1
0
 /**
  * Get the user profile from the credentials.
  *
  * @param credentials
  * @return the user profile
  */
 @Override
 protected CasProfile retrieveUserProfile(
     final CasCredentials credentials, final WebContext context) {
   final String ticket = credentials.getServiceTicket();
   try {
     final String contextualCallbackUrl = getContextualCallbackUrl(context);
     final Assertion assertion = this.ticketValidator.validate(ticket, contextualCallbackUrl);
     final AttributePrincipal principal = assertion.getPrincipal();
     logger.debug("principal : {}", principal);
     final CasProfile casProfile;
     if (this.casProxyReceptor != null) {
       casProfile = new CasProxyProfile();
     } else {
       casProfile = new CasProfile();
     }
     casProfile.setId(principal.getName());
     casProfile.addAttributes(principal.getAttributes());
     if (this.casProxyReceptor != null) {
       ((CasProxyProfile) casProfile).setPrincipal(principal);
     }
     logger.debug("casProfile : {}", casProfile);
     return casProfile;
   } catch (final TicketValidationException e) {
     logger.error("cannot validate CAS ticket : {} / {}", ticket, e);
     throw new TechnicalException(e);
   }
 }
  /**
   * This method verify the ticket.
   *
   * @param ticket String, ticket to validate
   * @param userId String, user id
   * @return String
   * @throws SecurityException the security exception
   */
  public void validateTicket(String ticket, String userId) throws SecurityException {
    logger.debug("IN");
    ConfigSingleton config = ConfigSingleton.getInstance();
    String validateUrl = null;
    String validateService = null;
    if (config != null) {
      // only server side...
      validateUrl = SingletonConfig.getInstance().getConfigValue("CAS_SSO.VALIDATE-USER.URL");
      logger.debug("Read validateUrl=" + validateUrl);
      validateService =
          SingletonConfig.getInstance().getConfigValue("CAS_SSO.VALIDATE-USER.SERVICE");
      logger.debug("Read validateService=" + validateService);
    }
    logger.debug("userId:" + userId);
    try {
      AttributePrincipal principal = null;
      Cas20ProxyTicketValidator sv = new Cas20ProxyTicketValidator(validateUrl);
      sv.setAcceptAnyProxy(true);

      Assertion a = sv.validate(ticket, validateService);
      principal = a.getPrincipal();
      logger.debug("Ticket is VALID, username="******"An exception occured while validating the cas token");
      throw new SecurityException("An exception occured while validating the cas token", e);
    } catch (Throwable e) {
      logger.error("An exception occured while validating the cas token");
      throw new SecurityException("An exception occured while validating the cas token", e);
    } finally {
      logger.debug("OUT");
    }
  }
  /**
   * 过滤逻辑:首先判断单点登录的账户是否已经存在本系统中, 如果不存在使用用户查询接口查询出用户对象并设置在Session中
   *
   * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
   */
  public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
      throws IOException, ServletException {
    // TODO Auto-generated method stub
    HttpServletRequest httpRequest = (HttpServletRequest) request;

    // _const_cas_assertion_是CAS中存放登录用户名的session标志
    Object object = httpRequest.getSession().getAttribute("_const_cas_assertion_");
    if (object != null) {
      Assertion assertion = (Assertion) object;
      String loginName = assertion.getPrincipal().getName();
      // 第一次登录系统
      if (httpRequest.getSession().getAttribute("userid") == null) {
        System.out.println(loginName + "第一次登录");
        UserOBJ visitor = Authentication.checkUser(loginName);
        HttpSession session = httpRequest.getSession();
        session.setAttribute("userid", loginName); // 用户ID
        session.setAttribute("username", visitor.username); // 姓名
        session.setAttribute("groupid", visitor.groupid); // 机构ID
        session.setAttribute("groupname", visitor.groupname); // 机构名称
        session.setAttribute("pid", visitor.pid); // 上级机构ID
        session.setAttribute("pname", visitor.pname); // 上级机构名称
        session.setAttribute("jgcode", visitor.jgcode); // 营销机构代码
        session.setAttribute("station", visitor.station); // 银保机构代码
        session.setAttribute("mobile", visitor.mobile); // 手机号码
        session.setAttribute("phone", visitor.phone); // 座机电话
      }
    }

    // pass the request along the filter chain
    chain.doFilter(request, response);
  }
 /**
  * Read user id.
  *
  * @param session HttpSession
  * @return String
  */
 public String readUserIdentifier(HttpServletRequest request) {
   HttpSession session = request.getSession();
   Assertion assertion = (Assertion) session.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);
   String userInSession = assertion.getPrincipal().getName();
   // String user=(String)request.getRemoteUser();
   // logger.debug("CAS user in HttpServletRequest:"+user);
   logger.debug("CAS user in HttpSession:" + userInSession);
   return userInSession;
 }
 public CasProfile validateServiceTicket(final String serviceURL, final TokenCredentials ticket) {
   try {
     final Assertion assertion =
         getCasRestAuthenticator().getTicketValidator().validate(ticket.getToken(), serviceURL);
     final AttributePrincipal principal = assertion.getPrincipal();
     final CasProfile casProfile = new CasProfile();
     casProfile.setId(principal.getName());
     casProfile.addAttributes(principal.getAttributes());
     return casProfile;
   } catch (final TicketValidationException e) {
     throw new TechnicalException(e);
   }
 }
  public final String getCasServiceToken(final String target)
      throws CasProxyTicketAcquisitionException {
    if (log.isTraceEnabled()) {
      log.trace(
          "Attempting to retrieve proxy ticket for target ["
              + target
              + "] by using CAS Assertion ["
              + assertion
              + "]");
    }

    if (this.assertion == null) {
      if (log.isDebugEnabled()) {
        log.debug("No Assertion found for user.  Returning null Proxy Ticket.");
      }
      return null;
    }

    final String proxyTicket = this.assertion.getPrincipal().getProxyTicketFor(target);

    if (proxyTicket == null) {
      log.error(
          "Failed to retrieve proxy ticket for assertion ["
              + assertion
              + "].  Is the PGT still valid?");
      throw new CasProxyTicketAcquisitionException(target, assertion.getPrincipal());
    }

    if (log.isTraceEnabled()) {
      log.trace("Returning from Proxy Ticket Request with ticket [" + proxyTicket + "]");
    }

    return proxyTicket;
  }
  /**
   * Get a new ticket.
   *
   * @param session HttpSession
   * @return String
   * @throws IOException Signals that an I/O exception has occurred.
   */
  public String readTicket(HttpSession session) throws IOException {
    logger.debug("IN");
    String ticket = null;
    String spagoBiServerURL = EnginConf.getInstance().getSpagoBiServerUrl();
    logger.debug("Read spagoBiServerURL=" + spagoBiServerURL);
    SourceBean engineConfig = EnginConf.getInstance().getConfig();
    SourceBean sourceBeanConf = (SourceBean) engineConfig.getAttribute("FILTER_RECEIPT");
    String filterReceipt = (String) sourceBeanConf.getCharacters();
    logger.debug("Read filterReceipt=" + filterReceipt);
    filterReceipt = spagoBiServerURL + filterReceipt;

    Assertion assertion = (Assertion) session.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);
    ticket = assertion.getPrincipal().getProxyTicketFor(filterReceipt);

    logger.debug("OUT.ticket=" + ticket);
    return ticket;
  }
Beispiel #8
0
  /**
   * Authenticates a user and retrieves its information.
   *
   * @param token the authentication token
   * @throws AuthenticationException if there is an error during authentication.
   */
  @Override
  @SuppressWarnings("unchecked")
  protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token)
      throws AuthenticationException {
    CasToken casToken = (CasToken) token;
    if (token == null) {
      return null;
    }

    String ticket = (String) casToken.getCredentials();
    if (!StringUtils.hasText(ticket)) {
      return null;
    }

    TicketValidator ticketValidator = ensureTicketValidator();

    try {
      // contact CAS server to validate service ticket
      Assertion casAssertion = ticketValidator.validate(ticket, getCasService());
      // get principal, user id and attributes
      AttributePrincipal casPrincipal = casAssertion.getPrincipal();
      String userId = casPrincipal.getName();
      log.debug(
          "Validate ticket : {} in CAS server : {} to retrieve user : {}",
          new Object[] {ticket, getCasServerUrlPrefix(), userId});

      Map<String, Object> attributes = casPrincipal.getAttributes();
      // refresh authentication token (user id + remember me)
      casToken.setUserId(userId);
      String rememberMeAttributeName = getRememberMeAttributeName();
      String rememberMeStringValue = (String) attributes.get(rememberMeAttributeName);
      boolean isRemembered =
          rememberMeStringValue != null && Boolean.parseBoolean(rememberMeStringValue);
      if (isRemembered) {
        casToken.setRememberMe(true);
      }
      // create simple authentication info
      List<Object> principals = CollectionUtils.asList(userId, attributes);
      PrincipalCollection principalCollection =
          new SimplePrincipalCollection(principals, getName());
      return new SimpleAuthenticationInfo(principalCollection, ticket);
    } catch (TicketValidationException e) {
      throw new CasAuthenticationException("Unable to validate ticket [" + ticket + "]", e);
    }
  }
Beispiel #9
0
  public void validateTicket(HttpServletRequest httpRequest, String ticket) throws Exception {
    Cas20ProxyTicketValidator ticketValidator = new Cas20ProxyTicketValidator(casServerUrl);
    ticketValidator.setRenew(this.renewTicket);

    // String serviceUrl = "http://"+ httpRequest.getServerName() +":" + httpRequest.getServerPort()
    // +
    // httpRequest.getContextPath() +"/private/classic";
    Assertion assertion = ticketValidator.validate(ticket, this.casServiceUrl);

    log.debug(
        "------------------------------------------------------------------------------------");
    log.debug("Service: " + this.casServiceUrl);
    log.debug("Principal: " + assertion.getPrincipal().getName());
    log.debug(
        "------------------------------------------------------------------------------------");

    String principal = assertion.getPrincipal().getName();
    this.saveSSOCredentials(principal, httpRequest);
  }
  @SuppressWarnings("unchecked")
  @Override
  protected UserDetails loadUserDetails(final Assertion assertion) {
    final List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();

    for (final String attribute : this.attributes) {
      final Object value = assertion.getPrincipal().getAttributes().get(attribute);

      if (value == null) {
        continue;
      }

      if (value instanceof List) {
        final List list = (List) value;

        for (final Object o : list) {
          grantedAuthorities.add(
              new SimpleGrantedAuthority(
                  this.convertToUpperCase ? o.toString().toUpperCase() : o.toString()));
        }

      } else {
        grantedAuthorities.add(
            new SimpleGrantedAuthority(
                this.convertToUpperCase ? value.toString().toUpperCase() : value.toString()));
      }
    }

    return new User(
        assertion.getPrincipal().getName(),
        NON_EXISTENT_PASSWORD_VALUE,
        true,
        true,
        true,
        true,
        grantedAuthorities);
  }
  /** @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response) */
  protected void doGet(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setStatus(200);
    PrintWriter pw = new PrintWriter(response.getWriter());
    pw.write("Hello World - This is the proxied application speaking (Backend)\n");
    if (request.getUserPrincipal() != null) {
      pw.write(
          "Request.getUserPrincipal().getName(): " + request.getUserPrincipal().getName() + "\n");
    }
    pw.write("Request.getRemoteUser(): " + request.getRemoteUser() + "\n");

    for (Cookie cookie : request.getCookies()) {
      pw.write(
          "Cookie - Name: "
              + cookie.getName()
              + " Domain: "
              + cookie.getDomain()
              + " Path: "
              + cookie.getPath()
              + " Value: "
              + cookie.getValue()
              + "\n");
    }

    Assertion assertion = AssertionHolder.getAssertion();
    if (assertion != null) {
      pw.write("\n");
      pw.write("Assertion: " + assertion.getPrincipal().getName());
      for (Object key : assertion.getPrincipal().getAttributes().keySet()) {
        String value = (String) assertion.getPrincipal().getAttributes().get(key);
        pw.write("Attribute: " + key + " " + value + "\n");
      }
    } else {
      pw.write("Assertion is null\n");
    }
  }
 private AuthenticationInfo createAuthnInfo(final Assertion assertion) {
   AuthenticationInfo authnInfo;
   String username = assertion.getPrincipal().getName();
   authnInfo = new AuthenticationInfo(AUTH_TYPE, username);
   return authnInfo;
 }
Beispiel #13
0
  @Override
  protected void processFilter(
      HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
      throws Exception {

    HttpSession session = request.getSession();

    long companyId = PortalUtil.getCompanyId(request);

    String pathInfo = request.getPathInfo();

    Object forceLogout = session.getAttribute(WebKeys.CAS_FORCE_LOGOUT);

    if (forceLogout != null) {
      session.removeAttribute(WebKeys.CAS_FORCE_LOGOUT);

      String logoutUrl =
          PrefsPropsUtil.getString(companyId, PropsKeys.CAS_LOGOUT_URL, PropsValues.CAS_LOGOUT_URL);

      response.sendRedirect(logoutUrl);

      return;
    }

    if (pathInfo.indexOf("/portal/logout") != -1) {
      session.invalidate();

      String logoutUrl =
          PrefsPropsUtil.getString(companyId, PropsKeys.CAS_LOGOUT_URL, PropsValues.CAS_LOGOUT_URL);

      response.sendRedirect(logoutUrl);

      return;
    } else {
      String login = (String) session.getAttribute(WebKeys.CAS_LOGIN);

      String serverName =
          PrefsPropsUtil.getString(
              companyId, PropsKeys.CAS_SERVER_NAME, PropsValues.CAS_SERVER_NAME);

      String serviceUrl =
          PrefsPropsUtil.getString(
              companyId, PropsKeys.CAS_SERVICE_URL, PropsValues.CAS_SERVICE_URL);

      if (Validator.isNull(serviceUrl)) {
        serviceUrl =
            CommonUtils.constructServiceUrl(
                request, response, serviceUrl, serverName, "ticket", false);
      }

      String ticket = ParamUtil.getString(request, "ticket");

      if (Validator.isNull(ticket)) {
        if (Validator.isNotNull(login)) {
          processFilter(CASFilter.class, request, response, filterChain);
        } else {
          String loginUrl =
              PrefsPropsUtil.getString(
                  companyId, PropsKeys.CAS_LOGIN_URL, PropsValues.CAS_LOGIN_URL);

          loginUrl = HttpUtil.addParameter(loginUrl, "service", serviceUrl);

          response.sendRedirect(loginUrl);
        }

        return;
      }

      TicketValidator ticketValidator = getTicketValidator(companyId);

      Assertion assertion = ticketValidator.validate(ticket, serviceUrl);

      if (assertion != null) {
        AttributePrincipal attributePrincipal = assertion.getPrincipal();

        login = attributePrincipal.getName();

        session.setAttribute(WebKeys.CAS_LOGIN, login);
      }
    }

    processFilter(CASFilter.class, request, response, filterChain);
  }
  @Override
  public final void authenticate() throws PortalSecurityException {
    if (log.isTraceEnabled()) {
      log.trace("Authenticating user via CAS.");
    }

    this.isauth = false;
    this.assertion = AssertionHolder.getAssertion();

    if (this.assertion != null) {

      final String usernameFromCas = assertion.getPrincipal().getName();

      if (null == usernameFromCas) {
        throw new IllegalStateException(
            "Non-null CAS assertion unexpectedly had null principal name.");
      }

      this.myPrincipal.setUID(usernameFromCas);

      // verify that the principal UID was successfully set
      final String uidAsSetInThePrincipal = this.myPrincipal.getUID();

      if (!usernameFromCas.equals(uidAsSetInThePrincipal)) {
        final String logMessage =
            "Attempted to set portal principal username to ["
                + usernameFromCas
                + "] as read from the CAS assertion, but uid as set in the principal is instead ["
                + uidAsSetInThePrincipal
                + "].  This may be an attempt to exploit CVE-2014-5059 / UP-4192 .";
        log.error(logMessage);
        throw new IllegalStateException(logMessage);
      }

      this.isauth = true;
      log.debug(
          "CASContext authenticated ["
              + this.myPrincipal.getUID()
              + "] using assertion ["
              + this.assertion
              + "]");

      /* Patch needed for Shibboleth + Proxy CAS Authentication here */
      /*
            //this.myPrincipal.setUID(assertion.getPrincipal().getName());
            //this.isauth = true;
            //log.debug("CASContext authenticated [" + this.myPrincipal.getUID() + "] using assertion [" + this.assertion + "]");
            log.info("patch RUNN - No real CAS Authentication : CASContext authenticated using assertion " + this.assertion);
            this.myPrincipal.setUID(assertion.getPrincipal().getName());
            this.isauth = true;
            log.debug("CASContext authenticated [" + this.myPrincipal.getUID() + "] using assertion [" + this.assertion + "]");
      */

      postAuthenticate(assertion);
    }

    this.myAdditionalDescriptor = null; // no additional descriptor from CAS
    super.authenticate();
    if (log.isTraceEnabled()) {
      log.trace("Finished CAS Authentication");
    }
  }
 /**
  * Read user id.
  *
  * @param session PortletSession
  * @return String
  */
 public String readUserIdentifier(PortletSession session) {
   Assertion assertion = (Assertion) session.getAttribute(AbstractCasFilter.CONST_CAS_ASSERTION);
   String user = assertion.getPrincipal().getName();
   logger.debug("CAS user in PortletSession:" + user);
   return user;
 }