public void acceptRepresentation(final Representation entity) throws ResourceException {
   final Form form = getRequest().getEntityAsForm();
   final String serviceUrl = form.getFirstValue("serviceTicketUrl");
   try {
     final Assertion authentication =
         this.centralAuthenticationService.validateServiceTicket(
             serviceTicketId, new SimpleWebApplicationServiceImpl(serviceUrl, this.httpClient));
     if (authentication.getChainedAuthentications().size() > 0) {
       // Iterate through each of the ChainedAuthentications and put them into the JSonArray
       JSONArray jsonResult = new JSONArray();
       for (Authentication auth : authentication.getChainedAuthentications()) {
         // Create the principle
         JSONObject principle = createJSONPrinciple(auth);
         JSONObject jsonAuth = new JSONObject();
         jsonAuth.put("authenticated_date", auth.getAuthenticatedDate());
         jsonAuth.put("attributes", principle);
         jsonResult.add(jsonAuth);
       }
       getResponse().setEntity(jsonResult.toJSONString(), MediaType.TEXT_PLAIN);
     } else {
       getResponse()
           .setEntity(
               java.lang.String.format("\"{\"authenticated\":\"false\"}\""), MediaType.TEXT_PLAIN);
     }
   } catch (final TicketException e) {
     log.error(e.getMessage(), e);
     getResponse()
         .setStatus(Status.CLIENT_ERROR_NOT_FOUND, "TicketGrantingTicket could not be found.");
   } catch (final Exception e) {
     log.error(e.getMessage(), e);
     getResponse().setStatus(Status.CLIENT_ERROR_BAD_REQUEST, e.getMessage());
   }
 }
Ejemplo n.º 2
0
  /**
   * {@inheritDoc}
   *
   * @return ModelAndView containing a view name of either <code>casProxyFailureView</code> or
   *     <code>casProxySuccessView</code>
   */
  @Override
  protected ModelAndView handleRequestInternal(
      final HttpServletRequest request, final HttpServletResponse response) throws Exception {
    final String ticket = request.getParameter("pgt");
    final Service targetService = getTargetService(request);

    if (!StringUtils.hasText(ticket) || targetService == null) {
      return generateErrorView("INVALID_REQUEST", "INVALID_REQUEST_PROXY", null);
    }

    try {
      return new ModelAndView(
          CONST_PROXY_SUCCESS,
          MODEL_SERVICE_TICKET,
          this.centralAuthenticationService.grantServiceTicket(ticket, targetService));
    } catch (final TicketException e) {
      return generateErrorView(e.getCode(), e.getCode(), new Object[] {ticket});
    } catch (final UnauthorizedServiceException e) {
      return generateErrorView(
          "UNAUTHORIZED_SERVICE", "UNAUTHORIZED_SERVICE_PROXY", new Object[] {targetService});
    }
  }
  /**
   * Handle the request. Specially, abides by the default behavior specified in the {@link
   * org.jasig.cas.web.ServiceValidateController} and then, invokes the {@link #getCommandClass()}
   * method to delegate the task of spec validation.
   *
   * @param request request object
   * @param response response object
   * @return A {@link ModelAndView} object pointing to either {@link #setSuccessView(String)} or
   *     {@link #setFailureView(String)}
   * @throws Exception In case the authentication method cannot be retrieved by the binder from the
   *     incoming request.
   */
  @Override
  protected final ModelAndView handleRequestInternal(
      final HttpServletRequest request, final HttpServletResponse response) throws Exception {
    final WebApplicationService service = this.argumentExtractor.extractService(request);
    final String serviceTicketId = service != null ? service.getArtifactId() : null;
    final String authnMethod = getAuthenticationMethodFromRequest(request);

    if (service == null || serviceTicketId == null) {
      logger.debug(
          String.format(
              "Could not process request; Service: %s, Service Ticket Id: %s",
              service, serviceTicketId));
      return generateErrorView("INVALID_REQUEST", "INVALID_REQUEST", authnMethod, null);
    }

    try {
      final Credential serviceCredentials = getServiceCredentialsFromRequest(request);
      String proxyGrantingTicketId = null;

      if (serviceCredentials != null) {
        try {
          proxyGrantingTicketId =
              this.centralAuthenticationService.delegateTicketGrantingTicket(
                  serviceTicketId, serviceCredentials);
        } catch (final TicketException e) {
          logger.error("TicketException generating ticket for: " + serviceCredentials, e);
        }
      }

      final Assertion assertion =
          this.centralAuthenticationService.validateServiceTicket(serviceTicketId, service);
      final AbstractMultiFactorAuthenticationProtocolValidationSpecification
          validationSpecification = this.getCommandClass();
      final ServletRequestDataBinder binder =
          new ServletRequestDataBinder(validationSpecification, "validationSpecification");
      initBinder(request, binder);
      binder.bind(request);

      /**
       * The binder does not support field aliases. This means that the request parameter names must
       * exactly match the validation spec fields, or the match fails. Since the validation request
       * per the modified protocol will use 'authn_method', we could either create a matching field
       * inside the validation object, create a custom data binder object that does the conversion,
       * or simply bind the parameter manually.
       *
       * <p>This implementation opts for the latter choice.
       */
      validationSpecification.setAuthenticationMethod(authnMethod);

      try {
        if (!validationSpecification.isSatisfiedBy(assertion)) {
          logger.debug(
              "ServiceTicket [" + serviceTicketId + "] does not satisfy validation specification.");
          return generateErrorView("INVALID_TICKET", "INVALID_TICKET_SPEC", authnMethod, null);
        }
      } catch (final UnrecognizedMultiFactorAuthenticationMethodException e) {
        logger.debug(e.getMessage(), e);
        return generateErrorView(
            e.getCode(), e.getMessage(), authnMethod, new Object[] {e.getAuthenticationMethod()});
      } catch (final UnacceptableMultiFactorAuthenticationMethodException e) {
        logger.debug(e.getMessage(), e);
        return generateErrorView(
            e.getCode(),
            e.getMessage(),
            authnMethod,
            new Object[] {serviceTicketId, e.getAuthenticationMethod()});
      }

      onSuccessfulValidation(serviceTicketId, assertion);

      final ModelAndView success = new ModelAndView(this.successView);
      success.addObject(MODEL_ASSERTION, assertion);

      if (serviceCredentials != null && proxyGrantingTicketId != null) {
        final String proxyIou = this.proxyHandler.handle(serviceCredentials, proxyGrantingTicketId);
        success.addObject(MODEL_PROXY_GRANTING_TICKET_IOU, proxyIou);
      }

      final String authnMethods =
          MultiFactorUtils.getFulfilledAuthenticationMethodsAsString(assertion);
      if (StringUtils.isNotBlank(authnMethods)) {
        success.addObject(MODEL_AUTHN_METHOD, authnMethods);
      }
      logger.debug(String.format("Successfully validated service ticket: %s", serviceTicketId));

      return success;
    } catch (final TicketValidationException e) {
      return generateErrorView(
          e.getCode(),
          e.getCode(),
          authnMethod,
          new Object[] {serviceTicketId, e.getOriginalService().getId(), service.getId()});
    } catch (final TicketException te) {
      return generateErrorView(
          te.getCode(), te.getCode(), authnMethod, new Object[] {serviceTicketId});
    } catch (final UnauthorizedServiceException e) {
      return generateErrorView(e.getMessage(), e.getMessage(), authnMethod, null);
    }
  }
Ejemplo n.º 4
0
  protected final ModelAndView handleRequestInternal(
      final HttpServletRequest request, final HttpServletResponse response) throws Exception {
    final WebApplicationService service = this.argumentExtractor.extractService(request);
    final String serviceTicketId = service != null ? service.getArtifactId() : null;

    if (service == null || serviceTicketId == null) {
      logger.debug(
          String.format(
              "Could not process request; Service: %s, Service Ticket Id: %s",
              service, serviceTicketId));
      return generateErrorView("INVALID_REQUEST", "INVALID_REQUEST", null);
    }

    try {
      final Credentials serviceCredentials = getServiceCredentialsFromRequest(request);
      String proxyGrantingTicketId = null;

      // XXX should be able to validate AND THEN use
      if (serviceCredentials != null) {
        try {
          proxyGrantingTicketId =
              this.centralAuthenticationService.delegateTicketGrantingTicket(
                  serviceTicketId, serviceCredentials);
        } catch (final TicketException e) {
          logger.error("TicketException generating ticket for: " + serviceCredentials, e);
        }
      }

      final Assertion assertion =
          this.centralAuthenticationService.validateServiceTicket(serviceTicketId, service);

      final ValidationSpecification validationSpecification = this.getCommandClass();
      final ServletRequestDataBinder binder =
          new ServletRequestDataBinder(validationSpecification, "validationSpecification");
      initBinder(request, binder);
      binder.bind(request);

      if (!validationSpecification.isSatisfiedBy(assertion)) {
        if (logger.isDebugEnabled()) {
          logger.debug(
              "ServiceTicket [" + serviceTicketId + "] does not satisfy validation specification.");
        }
        return generateErrorView("INVALID_TICKET", "INVALID_TICKET_SPEC", null);
      }

      onSuccessfulValidation(serviceTicketId, assertion);

      final ModelAndView success = new ModelAndView(this.successView);
      success.addObject(MODEL_ASSERTION, assertion);

      if (serviceCredentials != null && proxyGrantingTicketId != null) {
        final String proxyIou = this.proxyHandler.handle(serviceCredentials, proxyGrantingTicketId);
        success.addObject(MODEL_PROXY_GRANTING_TICKET_IOU, proxyIou);
      }

      if (logger.isDebugEnabled()) {
        logger.debug(
            String.format(
                "Successfully validated service ticket [%s] for service [%s]",
                serviceTicketId, service.getId()));
      }

      return success;
    } catch (final TicketValidationException e) {
      return generateErrorView(
          e.getCode(),
          e.getCode(),
          new Object[] {serviceTicketId, e.getOriginalService().getId(), service.getId()});
    } catch (final TicketException te) {
      return generateErrorView(te.getCode(), te.getCode(), new Object[] {serviceTicketId});
    } catch (final UnauthorizedServiceException e) {
      return generateErrorView(e.getMessage(), e.getMessage(), null);
    }
  }
Ejemplo n.º 5
0
  @Override
  protected Event doExecute(RequestContext context) throws Exception {

    HttpServletRequest request = WebUtils.getHttpServletRequest(context);
    HttpSession session = request.getSession();

    // get provider type
    String providerType = request.getParameter(OAUTH_PROVIDER);
    logger.debug("providerType : {}", providerType);
    // System.out.println("OAuthAction "+providerType+" "+StringUtils.isNotBlank(providerType));
    // it's an authentication
    if (StringUtils.isNotBlank(providerType)) {
      // get provider
      OAuthProvider provider = null;
      for (OAuthProvider aProvider : providers) {
        if (StringUtils.equals(providerType, aProvider.getType())) {
          provider = aProvider;
          break;
        }
      }
      logger.info("provider : {}", provider);

      // get credential
      System.out.println("Params " + request.getParameterMap());
      @SuppressWarnings("unchecked")
      OAuthCredential credential = provider.getCredential(request.getParameterMap());
      logger.info("credential : {}", credential);

      // retrieve service from session and put it into webflow
      Service service = (Service) session.getAttribute("service");
      context.getFlowScope().put("service", service);

      // create credentials
      Credentials credentials = new OAuthCredentials(credential);

      try {
        WebUtils.putTicketGrantingTicketInRequestScope(
            context, this.centralAuthenticationService.createTicketGrantingTicket(credentials));
        return success();
      } catch (final TicketException e) {
        e.printStackTrace();
        return error();
      }
    } else {
      // no authentication : go to login page

      // put service in session from flow scope
      Service service = (Service) context.getFlowScope().get("service");
      session.setAttribute("service", service);

      // for all providers, generate authorization urls
      for (OAuthProvider provider : providers) {
        String key = provider.getType() + "Url";
        String authorizatonUrl = provider.getAuthorizationUrl(new HttpUserSession(session));
        logger.debug("{} -> {}", key, authorizatonUrl);
        request.setAttribute(key, authorizatonUrl);
      }
    }

    return error();
  }