protected Event doExecute(final RequestContext context) {
    final String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(context);
    final String ticketGrantingTicketValueFromCookie =
        (String) context.getFlowScope().get("ticketGrantingTicketId");

    if (ticketGrantingTicketId == null) {
      return success();
    }

    this.ticketGrantingTicketCookieGenerator.addCookie(
        WebUtils.getHttpServletRequest(context),
        WebUtils.getHttpServletResponse(context),
        ticketGrantingTicketId);

    // add by yikeke 2015-08-13
    String logineduserid = (String) context.getRequestScope().get("logineduserid");

    this.loginedUserCookieGenerator.addCookie(
        WebUtils.getHttpServletRequest(context),
        WebUtils.getHttpServletResponse(context),
        logineduserid);
    logger.debug("now addCookie for loginedUserCookieGenerator value=" + logineduserid);
    // end add
    if (ticketGrantingTicketValueFromCookie != null
        && !ticketGrantingTicketId.equals(ticketGrantingTicketValueFromCookie)) {
      this.centralAuthenticationService.destroyTicketGrantingTicket(
          ticketGrantingTicketValueFromCookie);
    }

    return success();
  }
  @Override
  protected Set<Event> resolveInternal(final RequestContext context) {
    final RegisteredService service = WebUtils.getRegisteredService(context);
    final Authentication authentication = WebUtils.getAuthentication(context);

    if (service == null || authentication == null) {
      logger.debug("No service or authentication is available to determine event for principal");
      return null;
    }
    final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
    final String[] values = request.getParameterValues(this.parameterName);
    if (values != null && values.length > 0) {
      logger.debug("Received request parameter {} as {}", this.parameterName, values);

      final Map<String, MultifactorAuthenticationProvider> providerMap =
          getAllMultifactorAuthenticationProvidersFromApplicationContext();
      if (providerMap == null || providerMap.isEmpty()) {
        logger.warn(
            "No multifactor authentication providers are available in the application context");
        throw new AuthenticationException();
      }

      final Optional<MultifactorAuthenticationProvider> providerFound =
          providerMap
              .values()
              .stream()
              .filter(provider -> provider.getId().equals(values[0]))
              .findFirst();

      if (providerFound.isPresent()) {
        if (providerFound.get().verify(service)) {
          logger.debug(
              "Attempting to build an event based on the authentication provider [{}] and service [{}]",
              providerFound.get(),
              service.getName());
          final Event event =
              validateEventIdForMatchingTransitionInContext(
                  providerFound.get().getId(),
                  context,
                  buildEventAttributeMap(
                      authentication.getPrincipal(), service, providerFound.get()));
          return ImmutableSet.of(event);
        }
        logger.warn(
            "Located multifactor provider {}, yet the provider cannot be reached or verified",
            providerFound.get());
        return null;
      } else {
        logger.warn("No multifactor provider could be found for request parameter {}", values);
        throw new AuthenticationException();
      }
    }
    logger.debug("No value could be found for request parameter {}", this.parameterName);
    return null;
  }
 @Override
 protected Event doExecute(RequestContext context) throws Exception {
   final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
   if ((request.getParameter("get-lt") != null)
       && request.getParameter("get-lt").equalsIgnoreCase("true")) {
     final String loginTicket = this.ticketIdGenerator.getNewTicketId(PREFIX);
     logger.debug("--------------Generated remote login ticket :" + loginTicket);
     WebUtils.putLoginTicket(context, loginTicket);
     return result("loginTicketRequested");
   }
   return result("continue");
 }
  @Override
  protected Event doExecute(final RequestContext context) throws Exception {
    final Service service = WebUtils.getService(context);
    // No service == plain /login request. Return success indicating transition to the login form
    if (service == null) {
      return success();
    }
    final RegisteredService registeredService = this.servicesManager.findServiceBy(service);

    if (registeredService == null) {
      logger.warn(
          "Unauthorized Service Access for Service: [ {} ] - service is not defined in the service registry.",
          service.getId());
      throw new UnauthorizedServiceException();
    } else if (!registeredService.isEnabled()) {
      logger.warn(
          "Unauthorized Service Access for Service: [ {} ] - service is not enabled in the service registry.",
          service.getId());
      if (registeredService instanceof RegisteredServiceWithAttributes) {
        String disabledServiceUrl =
            (String)
                RegisteredServiceWithAttributes.class
                    .cast(registeredService)
                    .getExtraAttributes()
                    .get(DISABLED_SERVICE_URL_ATTRIBUTE);
        if (disabledServiceUrl != null) {
          context.getRequestScope().put(DISABLED_SERVICE_URL_ATTRIBUTE, disabledServiceUrl);
          return no();
        }
      }
      throw new UnauthorizedServiceException();
    }
    return success();
  }
  @Override
  protected Event doExecute(final RequestContext context) throws Exception {
    final Service service = WebUtils.getService(context);

    final boolean match = this.servicesManager.matchesExistingService(service);

    if (match) {
      return success();
    }

    throw new UnauthorizedServiceException(
        String.format("Service [%s] is not authorized to use CAS.", service.getId()));
  }
Esempio n. 6
0
 @Override
 protected Event doExecute(RequestContext context) throws Exception {
   final String userId = context.getFlowScope().getString(S.NICK);
   LOGGER.info("user id is:" + userId);
   try {
     WebUtils.putTicketGrantingTicketInRequestScope(
         context,
         centralAuthenticationService.createTicketGrantingTicket(creatCredentials(userId)));
   } catch (TicketException e) {
     LOGGER.error(e);
     return error();
   }
   return success();
 }
  @Override
  protected Event doExecute(final RequestContext context) throws Exception {
    final Service service = WebUtils.getService(context);

    if (service == null) {
      logger.debug("No service found in the request context, so resuming normally.");
      return success();
    }

    final RegisteredService registeredService = this.servicesManager.findServiceBy(service);

    if (registeredService == null) {
      logger.warn(
          "Unauthorized Service Access for Service: [{}] - service is not defined in the service registry.",
          service.getId());
      throw new UnauthorizedServiceException();
    }

    if (!registeredService.isEnabled()) {
      logger.warn(
          "Unauthorized Service Access for Service: [{}] - service is not enabled in the service registry.",
          service.getId());
      throw new UnauthorizedServiceException();
    }

    if (registeredService instanceof RegisteredServiceWithAttributes) {
      final RegisteredServiceWithAttributes regSvcWithAttr =
          RegisteredServiceWithAttributes.class.cast(registeredService);

      final String redirectToUrl =
          (String) regSvcWithAttr.getExtraAttributes().get(REDIRECT_TO_URL_ATTRIBUTE);
      if (redirectToUrl != null
          && this.redirectionAdvisor.shouldRedirectServiceRequest(
              context, regSvcWithAttr, redirectToUrl)) {
        logger.info("Redirecting to url [{}] for service [{}]", redirectToUrl, service.getId());
        context.getRequestScope().put(REDIRECT_TO_URL_ATTRIBUTE, redirectToUrl);
        return yes();
      }
    }

    logger.debug(
        "No redirect url is configured, or redirection for service [{}] is not needed",
        service.getId());
    return success();
  }
 public final String generate(final RequestContext context) {
   final String loginTicket = this.ticketIdGenerator.getNewTicketId(PREFIX);
   this.logger.debug("Generated remote login ticket " + loginTicket);
   WebUtils.putLoginTicket(context, loginTicket);
   return "generated";
 }
Esempio n. 9
0
  @Override
  protected Event doExecute(RequestContext context) throws Exception {

    HttpServletRequest request = WebUtils.getHttpServletRequest(context);
    HttpSession session = request.getSession();

    // get provider type
    String providerType = request.getParameter(OAUTH_PROVIDER);
    logger.debug("providerType : {}", providerType);
    // System.out.println("OAuthAction "+providerType+" "+StringUtils.isNotBlank(providerType));
    // it's an authentication
    if (StringUtils.isNotBlank(providerType)) {
      // get provider
      OAuthProvider provider = null;
      for (OAuthProvider aProvider : providers) {
        if (StringUtils.equals(providerType, aProvider.getType())) {
          provider = aProvider;
          break;
        }
      }
      logger.info("provider : {}", provider);

      // get credential
      System.out.println("Params " + request.getParameterMap());
      @SuppressWarnings("unchecked")
      OAuthCredential credential = provider.getCredential(request.getParameterMap());
      logger.info("credential : {}", credential);

      // retrieve service from session and put it into webflow
      Service service = (Service) session.getAttribute("service");
      context.getFlowScope().put("service", service);

      // create credentials
      Credentials credentials = new OAuthCredentials(credential);

      try {
        WebUtils.putTicketGrantingTicketInRequestScope(
            context, this.centralAuthenticationService.createTicketGrantingTicket(credentials));
        return success();
      } catch (final TicketException e) {
        e.printStackTrace();
        return error();
      }
    } else {
      // no authentication : go to login page

      // put service in session from flow scope
      Service service = (Service) context.getFlowScope().get("service");
      session.setAttribute("service", service);

      // for all providers, generate authorization urls
      for (OAuthProvider provider : providers) {
        String key = provider.getType() + "Url";
        String authorizatonUrl = provider.getAuthorizationUrl(new HttpUserSession(session));
        logger.debug("{} -> {}", key, authorizatonUrl);
        request.setAttribute(key, authorizatonUrl);
      }
    }

    return error();
  }