public void acceptRepresentation(final Representation entity) throws ResourceException {
final Form form = getRequest().getEntityAsForm();
final String serviceUrl = form.getFirstValue("serviceTicketUrl");
try {
final Assertion authentication =
this.centralAuthenticationService.validateServiceTicket(
serviceTicketId, new SimpleWebApplicationServiceImpl(serviceUrl, this.httpClient));
if (authentication.getChainedAuthentications().size() > 0) {
// Iterate through each of the ChainedAuthentications and put them into the JSonArray
JSONArray jsonResult = new JSONArray();
for (Authentication auth : authentication.getChainedAuthentications()) {
// Create the principle
JSONObject principle = createJSONPrinciple(auth);
JSONObject jsonAuth = new JSONObject();
jsonAuth.put("authenticated_date", auth.getAuthenticatedDate());
jsonAuth.put("attributes", principle);
jsonResult.add(jsonAuth);
}
getResponse().setEntity(jsonResult.toJSONString(), MediaType.TEXT_PLAIN);
} else {
getResponse()
.setEntity(
java.lang.String.format("\"{\"authenticated\":\"false\"}\""), MediaType.TEXT_PLAIN);
}
} catch (final TicketException e) {
log.error(e.getMessage(), e);
getResponse()
.setStatus(Status.CLIENT_ERROR_NOT_FOUND, "TicketGrantingTicket could not be found.");
} catch (final Exception e) {
log.error(e.getMessage(), e);
getResponse().setStatus(Status.CLIENT_ERROR_BAD_REQUEST, e.getMessage());
}
}
/**
* {@inheritDoc}
*
* @return ModelAndView containing a view name of either <code>casProxyFailureView</code> or
* <code>casProxySuccessView</code>
*/
@Override
protected ModelAndView handleRequestInternal(
final HttpServletRequest request, final HttpServletResponse response) throws Exception {
final String ticket = request.getParameter("pgt");
final Service targetService = getTargetService(request);
if (!StringUtils.hasText(ticket) || targetService == null) {
return generateErrorView("INVALID_REQUEST", "INVALID_REQUEST_PROXY", null);
}
try {
return new ModelAndView(
CONST_PROXY_SUCCESS,
MODEL_SERVICE_TICKET,
this.centralAuthenticationService.grantServiceTicket(ticket, targetService));
} catch (final TicketException e) {
return generateErrorView(e.getCode(), e.getCode(), new Object[] {ticket});
} catch (final UnauthorizedServiceException e) {
return generateErrorView(
"UNAUTHORIZED_SERVICE", "UNAUTHORIZED_SERVICE_PROXY", new Object[] {targetService});
}
}
/**
* Handle the request. Specially, abides by the default behavior specified in the {@link
* org.jasig.cas.web.ServiceValidateController} and then, invokes the {@link #getCommandClass()}
* method to delegate the task of spec validation.
*
* @param request request object
* @param response response object
* @return A {@link ModelAndView} object pointing to either {@link #setSuccessView(String)} or
* {@link #setFailureView(String)}
* @throws Exception In case the authentication method cannot be retrieved by the binder from the
* incoming request.
*/
@Override
protected final ModelAndView handleRequestInternal(
final HttpServletRequest request, final HttpServletResponse response) throws Exception {
final WebApplicationService service = this.argumentExtractor.extractService(request);
final String serviceTicketId = service != null ? service.getArtifactId() : null;
final String authnMethod = getAuthenticationMethodFromRequest(request);
if (service == null || serviceTicketId == null) {
logger.debug(
String.format(
"Could not process request; Service: %s, Service Ticket Id: %s",
service, serviceTicketId));
return generateErrorView("INVALID_REQUEST", "INVALID_REQUEST", authnMethod, null);
}
try {
final Credential serviceCredentials = getServiceCredentialsFromRequest(request);
String proxyGrantingTicketId = null;
if (serviceCredentials != null) {
try {
proxyGrantingTicketId =
this.centralAuthenticationService.delegateTicketGrantingTicket(
serviceTicketId, serviceCredentials);
} catch (final TicketException e) {
logger.error("TicketException generating ticket for: " + serviceCredentials, e);
}
}
final Assertion assertion =
this.centralAuthenticationService.validateServiceTicket(serviceTicketId, service);
final AbstractMultiFactorAuthenticationProtocolValidationSpecification
validationSpecification = this.getCommandClass();
final ServletRequestDataBinder binder =
new ServletRequestDataBinder(validationSpecification, "validationSpecification");
initBinder(request, binder);
binder.bind(request);
/**
* The binder does not support field aliases. This means that the request parameter names must
* exactly match the validation spec fields, or the match fails. Since the validation request
* per the modified protocol will use 'authn_method', we could either create a matching field
* inside the validation object, create a custom data binder object that does the conversion,
* or simply bind the parameter manually.
*
* <p>This implementation opts for the latter choice.
*/
validationSpecification.setAuthenticationMethod(authnMethod);
try {
if (!validationSpecification.isSatisfiedBy(assertion)) {
logger.debug(
"ServiceTicket [" + serviceTicketId + "] does not satisfy validation specification.");
return generateErrorView("INVALID_TICKET", "INVALID_TICKET_SPEC", authnMethod, null);
}
} catch (final UnrecognizedMultiFactorAuthenticationMethodException e) {
logger.debug(e.getMessage(), e);
return generateErrorView(
e.getCode(), e.getMessage(), authnMethod, new Object[] {e.getAuthenticationMethod()});
} catch (final UnacceptableMultiFactorAuthenticationMethodException e) {
logger.debug(e.getMessage(), e);
return generateErrorView(
e.getCode(),
e.getMessage(),
authnMethod,
new Object[] {serviceTicketId, e.getAuthenticationMethod()});
}
onSuccessfulValidation(serviceTicketId, assertion);
final ModelAndView success = new ModelAndView(this.successView);
success.addObject(MODEL_ASSERTION, assertion);
if (serviceCredentials != null && proxyGrantingTicketId != null) {
final String proxyIou = this.proxyHandler.handle(serviceCredentials, proxyGrantingTicketId);
success.addObject(MODEL_PROXY_GRANTING_TICKET_IOU, proxyIou);
}
final String authnMethods =
MultiFactorUtils.getFulfilledAuthenticationMethodsAsString(assertion);
if (StringUtils.isNotBlank(authnMethods)) {
success.addObject(MODEL_AUTHN_METHOD, authnMethods);
}
logger.debug(String.format("Successfully validated service ticket: %s", serviceTicketId));
return success;
} catch (final TicketValidationException e) {
return generateErrorView(
e.getCode(),
e.getCode(),
authnMethod,
new Object[] {serviceTicketId, e.getOriginalService().getId(), service.getId()});
} catch (final TicketException te) {
return generateErrorView(
te.getCode(), te.getCode(), authnMethod, new Object[] {serviceTicketId});
} catch (final UnauthorizedServiceException e) {
return generateErrorView(e.getMessage(), e.getMessage(), authnMethod, null);
}
}
protected final ModelAndView handleRequestInternal(
final HttpServletRequest request, final HttpServletResponse response) throws Exception {
final WebApplicationService service = this.argumentExtractor.extractService(request);
final String serviceTicketId = service != null ? service.getArtifactId() : null;
if (service == null || serviceTicketId == null) {
logger.debug(
String.format(
"Could not process request; Service: %s, Service Ticket Id: %s",
service, serviceTicketId));
return generateErrorView("INVALID_REQUEST", "INVALID_REQUEST", null);
}
try {
final Credentials serviceCredentials = getServiceCredentialsFromRequest(request);
String proxyGrantingTicketId = null;
// XXX should be able to validate AND THEN use
if (serviceCredentials != null) {
try {
proxyGrantingTicketId =
this.centralAuthenticationService.delegateTicketGrantingTicket(
serviceTicketId, serviceCredentials);
} catch (final TicketException e) {
logger.error("TicketException generating ticket for: " + serviceCredentials, e);
}
}
final Assertion assertion =
this.centralAuthenticationService.validateServiceTicket(serviceTicketId, service);
final ValidationSpecification validationSpecification = this.getCommandClass();
final ServletRequestDataBinder binder =
new ServletRequestDataBinder(validationSpecification, "validationSpecification");
initBinder(request, binder);
binder.bind(request);
if (!validationSpecification.isSatisfiedBy(assertion)) {
if (logger.isDebugEnabled()) {
logger.debug(
"ServiceTicket [" + serviceTicketId + "] does not satisfy validation specification.");
}
return generateErrorView("INVALID_TICKET", "INVALID_TICKET_SPEC", null);
}
onSuccessfulValidation(serviceTicketId, assertion);
final ModelAndView success = new ModelAndView(this.successView);
success.addObject(MODEL_ASSERTION, assertion);
if (serviceCredentials != null && proxyGrantingTicketId != null) {
final String proxyIou = this.proxyHandler.handle(serviceCredentials, proxyGrantingTicketId);
success.addObject(MODEL_PROXY_GRANTING_TICKET_IOU, proxyIou);
}
if (logger.isDebugEnabled()) {
logger.debug(
String.format(
"Successfully validated service ticket [%s] for service [%s]",
serviceTicketId, service.getId()));
}
return success;
} catch (final TicketValidationException e) {
return generateErrorView(
e.getCode(),
e.getCode(),
new Object[] {serviceTicketId, e.getOriginalService().getId(), service.getId()});
} catch (final TicketException te) {
return generateErrorView(te.getCode(), te.getCode(), new Object[] {serviceTicketId});
} catch (final UnauthorizedServiceException e) {
return generateErrorView(e.getMessage(), e.getMessage(), null);
}
}
@Override
protected Event doExecute(RequestContext context) throws Exception {
HttpServletRequest request = WebUtils.getHttpServletRequest(context);
HttpSession session = request.getSession();
// get provider type
String providerType = request.getParameter(OAUTH_PROVIDER);
logger.debug("providerType : {}", providerType);
// System.out.println("OAuthAction "+providerType+" "+StringUtils.isNotBlank(providerType));
// it's an authentication
if (StringUtils.isNotBlank(providerType)) {
// get provider
OAuthProvider provider = null;
for (OAuthProvider aProvider : providers) {
if (StringUtils.equals(providerType, aProvider.getType())) {
provider = aProvider;
break;
}
}
logger.info("provider : {}", provider);
// get credential
System.out.println("Params " + request.getParameterMap());
@SuppressWarnings("unchecked")
OAuthCredential credential = provider.getCredential(request.getParameterMap());
logger.info("credential : {}", credential);
// retrieve service from session and put it into webflow
Service service = (Service) session.getAttribute("service");
context.getFlowScope().put("service", service);
// create credentials
Credentials credentials = new OAuthCredentials(credential);
try {
WebUtils.putTicketGrantingTicketInRequestScope(
context, this.centralAuthenticationService.createTicketGrantingTicket(credentials));
return success();
} catch (final TicketException e) {
e.printStackTrace();
return error();
}
} else {
// no authentication : go to login page
// put service in session from flow scope
Service service = (Service) context.getFlowScope().get("service");
session.setAttribute("service", service);
// for all providers, generate authorization urls
for (OAuthProvider provider : providers) {
String key = provider.getType() + "Url";
String authorizatonUrl = provider.getAuthorizationUrl(new HttpUserSession(session));
logger.debug("{} -> {}", key, authorizatonUrl);
request.setAttribute(key, authorizatonUrl);
}
}
return error();
}
