protected Event doExecute(final RequestContext context) {
final String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(context);
final String ticketGrantingTicketValueFromCookie =
(String) context.getFlowScope().get("ticketGrantingTicketId");
if (ticketGrantingTicketId == null) {
return success();
}
this.ticketGrantingTicketCookieGenerator.addCookie(
WebUtils.getHttpServletRequest(context),
WebUtils.getHttpServletResponse(context),
ticketGrantingTicketId);
// add by yikeke 2015-08-13
String logineduserid = (String) context.getRequestScope().get("logineduserid");
this.loginedUserCookieGenerator.addCookie(
WebUtils.getHttpServletRequest(context),
WebUtils.getHttpServletResponse(context),
logineduserid);
logger.debug("now addCookie for loginedUserCookieGenerator value=" + logineduserid);
// end add
if (ticketGrantingTicketValueFromCookie != null
&& !ticketGrantingTicketId.equals(ticketGrantingTicketValueFromCookie)) {
this.centralAuthenticationService.destroyTicketGrantingTicket(
ticketGrantingTicketValueFromCookie);
}
return success();
}
@Override
protected Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = WebUtils.getRegisteredService(context);
final Authentication authentication = WebUtils.getAuthentication(context);
if (service == null || authentication == null) {
logger.debug("No service or authentication is available to determine event for principal");
return null;
}
final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
final String[] values = request.getParameterValues(this.parameterName);
if (values != null && values.length > 0) {
logger.debug("Received request parameter {} as {}", this.parameterName, values);
final Map<String, MultifactorAuthenticationProvider> providerMap =
getAllMultifactorAuthenticationProvidersFromApplicationContext();
if (providerMap == null || providerMap.isEmpty()) {
logger.warn(
"No multifactor authentication providers are available in the application context");
throw new AuthenticationException();
}
final Optional<MultifactorAuthenticationProvider> providerFound =
providerMap
.values()
.stream()
.filter(provider -> provider.getId().equals(values[0]))
.findFirst();
if (providerFound.isPresent()) {
if (providerFound.get().verify(service)) {
logger.debug(
"Attempting to build an event based on the authentication provider [{}] and service [{}]",
providerFound.get(),
service.getName());
final Event event =
validateEventIdForMatchingTransitionInContext(
providerFound.get().getId(),
context,
buildEventAttributeMap(
authentication.getPrincipal(), service, providerFound.get()));
return ImmutableSet.of(event);
}
logger.warn(
"Located multifactor provider {}, yet the provider cannot be reached or verified",
providerFound.get());
return null;
} else {
logger.warn("No multifactor provider could be found for request parameter {}", values);
throw new AuthenticationException();
}
}
logger.debug("No value could be found for request parameter {}", this.parameterName);
return null;
}
@Override
protected Event doExecute(RequestContext context) throws Exception {
final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
if ((request.getParameter("get-lt") != null)
&& request.getParameter("get-lt").equalsIgnoreCase("true")) {
final String loginTicket = this.ticketIdGenerator.getNewTicketId(PREFIX);
logger.debug("--------------Generated remote login ticket :" + loginTicket);
WebUtils.putLoginTicket(context, loginTicket);
return result("loginTicketRequested");
}
return result("continue");
}
@Override
protected Event doExecute(final RequestContext context) throws Exception {
final Service service = WebUtils.getService(context);
// No service == plain /login request. Return success indicating transition to the login form
if (service == null) {
return success();
}
final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
if (registeredService == null) {
logger.warn(
"Unauthorized Service Access for Service: [ {} ] - service is not defined in the service registry.",
service.getId());
throw new UnauthorizedServiceException();
} else if (!registeredService.isEnabled()) {
logger.warn(
"Unauthorized Service Access for Service: [ {} ] - service is not enabled in the service registry.",
service.getId());
if (registeredService instanceof RegisteredServiceWithAttributes) {
String disabledServiceUrl =
(String)
RegisteredServiceWithAttributes.class
.cast(registeredService)
.getExtraAttributes()
.get(DISABLED_SERVICE_URL_ATTRIBUTE);
if (disabledServiceUrl != null) {
context.getRequestScope().put(DISABLED_SERVICE_URL_ATTRIBUTE, disabledServiceUrl);
return no();
}
}
throw new UnauthorizedServiceException();
}
return success();
}
@Override
protected Event doExecute(final RequestContext context) throws Exception {
final Service service = WebUtils.getService(context);
final boolean match = this.servicesManager.matchesExistingService(service);
if (match) {
return success();
}
throw new UnauthorizedServiceException(
String.format("Service [%s] is not authorized to use CAS.", service.getId()));
}
@Override
protected Event doExecute(RequestContext context) throws Exception {
final String userId = context.getFlowScope().getString(S.NICK);
LOGGER.info("user id is:" + userId);
try {
WebUtils.putTicketGrantingTicketInRequestScope(
context,
centralAuthenticationService.createTicketGrantingTicket(creatCredentials(userId)));
} catch (TicketException e) {
LOGGER.error(e);
return error();
}
return success();
}
@Override
protected Event doExecute(final RequestContext context) throws Exception {
final Service service = WebUtils.getService(context);
if (service == null) {
logger.debug("No service found in the request context, so resuming normally.");
return success();
}
final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
if (registeredService == null) {
logger.warn(
"Unauthorized Service Access for Service: [{}] - service is not defined in the service registry.",
service.getId());
throw new UnauthorizedServiceException();
}
if (!registeredService.isEnabled()) {
logger.warn(
"Unauthorized Service Access for Service: [{}] - service is not enabled in the service registry.",
service.getId());
throw new UnauthorizedServiceException();
}
if (registeredService instanceof RegisteredServiceWithAttributes) {
final RegisteredServiceWithAttributes regSvcWithAttr =
RegisteredServiceWithAttributes.class.cast(registeredService);
final String redirectToUrl =
(String) regSvcWithAttr.getExtraAttributes().get(REDIRECT_TO_URL_ATTRIBUTE);
if (redirectToUrl != null
&& this.redirectionAdvisor.shouldRedirectServiceRequest(
context, regSvcWithAttr, redirectToUrl)) {
logger.info("Redirecting to url [{}] for service [{}]", redirectToUrl, service.getId());
context.getRequestScope().put(REDIRECT_TO_URL_ATTRIBUTE, redirectToUrl);
return yes();
}
}
logger.debug(
"No redirect url is configured, or redirection for service [{}] is not needed",
service.getId());
return success();
}
public final String generate(final RequestContext context) {
final String loginTicket = this.ticketIdGenerator.getNewTicketId(PREFIX);
this.logger.debug("Generated remote login ticket " + loginTicket);
WebUtils.putLoginTicket(context, loginTicket);
return "generated";
}
@Override
protected Event doExecute(RequestContext context) throws Exception {
HttpServletRequest request = WebUtils.getHttpServletRequest(context);
HttpSession session = request.getSession();
// get provider type
String providerType = request.getParameter(OAUTH_PROVIDER);
logger.debug("providerType : {}", providerType);
// System.out.println("OAuthAction "+providerType+" "+StringUtils.isNotBlank(providerType));
// it's an authentication
if (StringUtils.isNotBlank(providerType)) {
// get provider
OAuthProvider provider = null;
for (OAuthProvider aProvider : providers) {
if (StringUtils.equals(providerType, aProvider.getType())) {
provider = aProvider;
break;
}
}
logger.info("provider : {}", provider);
// get credential
System.out.println("Params " + request.getParameterMap());
@SuppressWarnings("unchecked")
OAuthCredential credential = provider.getCredential(request.getParameterMap());
logger.info("credential : {}", credential);
// retrieve service from session and put it into webflow
Service service = (Service) session.getAttribute("service");
context.getFlowScope().put("service", service);
// create credentials
Credentials credentials = new OAuthCredentials(credential);
try {
WebUtils.putTicketGrantingTicketInRequestScope(
context, this.centralAuthenticationService.createTicketGrantingTicket(credentials));
return success();
} catch (final TicketException e) {
e.printStackTrace();
return error();
}
} else {
// no authentication : go to login page
// put service in session from flow scope
Service service = (Service) context.getFlowScope().get("service");
session.setAttribute("service", service);
// for all providers, generate authorization urls
for (OAuthProvider provider : providers) {
String key = provider.getType() + "Url";
String authorizatonUrl = provider.getAuthorizationUrl(new HttpUserSession(session));
logger.debug("{} -> {}", key, authorizatonUrl);
request.setAttribute(key, authorizatonUrl);
}
}
return error();
}