public void acceptRepresentation(final Representation entity) throws ResourceException { final Form form = getRequest().getEntityAsForm(); final String serviceUrl = form.getFirstValue("serviceTicketUrl"); try { final Assertion authentication = this.centralAuthenticationService.validateServiceTicket( serviceTicketId, new SimpleWebApplicationServiceImpl(serviceUrl, this.httpClient)); if (authentication.getChainedAuthentications().size() > 0) { // Iterate through each of the ChainedAuthentications and put them into the JSonArray JSONArray jsonResult = new JSONArray(); for (Authentication auth : authentication.getChainedAuthentications()) { // Create the principle JSONObject principle = createJSONPrinciple(auth); JSONObject jsonAuth = new JSONObject(); jsonAuth.put("authenticated_date", auth.getAuthenticatedDate()); jsonAuth.put("attributes", principle); jsonResult.add(jsonAuth); } getResponse().setEntity(jsonResult.toJSONString(), MediaType.TEXT_PLAIN); } else { getResponse() .setEntity( java.lang.String.format("\"{\"authenticated\":\"false\"}\""), MediaType.TEXT_PLAIN); } } catch (final TicketException e) { log.error(e.getMessage(), e); getResponse() .setStatus(Status.CLIENT_ERROR_NOT_FOUND, "TicketGrantingTicket could not be found."); } catch (final Exception e) { log.error(e.getMessage(), e); getResponse().setStatus(Status.CLIENT_ERROR_BAD_REQUEST, e.getMessage()); } }
/** * {@inheritDoc} * * @return ModelAndView containing a view name of either <code>casProxyFailureView</code> or * <code>casProxySuccessView</code> */ @Override protected ModelAndView handleRequestInternal( final HttpServletRequest request, final HttpServletResponse response) throws Exception { final String ticket = request.getParameter("pgt"); final Service targetService = getTargetService(request); if (!StringUtils.hasText(ticket) || targetService == null) { return generateErrorView("INVALID_REQUEST", "INVALID_REQUEST_PROXY", null); } try { return new ModelAndView( CONST_PROXY_SUCCESS, MODEL_SERVICE_TICKET, this.centralAuthenticationService.grantServiceTicket(ticket, targetService)); } catch (final TicketException e) { return generateErrorView(e.getCode(), e.getCode(), new Object[] {ticket}); } catch (final UnauthorizedServiceException e) { return generateErrorView( "UNAUTHORIZED_SERVICE", "UNAUTHORIZED_SERVICE_PROXY", new Object[] {targetService}); } }
/** * Handle the request. Specially, abides by the default behavior specified in the {@link * org.jasig.cas.web.ServiceValidateController} and then, invokes the {@link #getCommandClass()} * method to delegate the task of spec validation. * * @param request request object * @param response response object * @return A {@link ModelAndView} object pointing to either {@link #setSuccessView(String)} or * {@link #setFailureView(String)} * @throws Exception In case the authentication method cannot be retrieved by the binder from the * incoming request. */ @Override protected final ModelAndView handleRequestInternal( final HttpServletRequest request, final HttpServletResponse response) throws Exception { final WebApplicationService service = this.argumentExtractor.extractService(request); final String serviceTicketId = service != null ? service.getArtifactId() : null; final String authnMethod = getAuthenticationMethodFromRequest(request); if (service == null || serviceTicketId == null) { logger.debug( String.format( "Could not process request; Service: %s, Service Ticket Id: %s", service, serviceTicketId)); return generateErrorView("INVALID_REQUEST", "INVALID_REQUEST", authnMethod, null); } try { final Credential serviceCredentials = getServiceCredentialsFromRequest(request); String proxyGrantingTicketId = null; if (serviceCredentials != null) { try { proxyGrantingTicketId = this.centralAuthenticationService.delegateTicketGrantingTicket( serviceTicketId, serviceCredentials); } catch (final TicketException e) { logger.error("TicketException generating ticket for: " + serviceCredentials, e); } } final Assertion assertion = this.centralAuthenticationService.validateServiceTicket(serviceTicketId, service); final AbstractMultiFactorAuthenticationProtocolValidationSpecification validationSpecification = this.getCommandClass(); final ServletRequestDataBinder binder = new ServletRequestDataBinder(validationSpecification, "validationSpecification"); initBinder(request, binder); binder.bind(request); /** * The binder does not support field aliases. This means that the request parameter names must * exactly match the validation spec fields, or the match fails. Since the validation request * per the modified protocol will use 'authn_method', we could either create a matching field * inside the validation object, create a custom data binder object that does the conversion, * or simply bind the parameter manually. * * <p>This implementation opts for the latter choice. */ validationSpecification.setAuthenticationMethod(authnMethod); try { if (!validationSpecification.isSatisfiedBy(assertion)) { logger.debug( "ServiceTicket [" + serviceTicketId + "] does not satisfy validation specification."); return generateErrorView("INVALID_TICKET", "INVALID_TICKET_SPEC", authnMethod, null); } } catch (final UnrecognizedMultiFactorAuthenticationMethodException e) { logger.debug(e.getMessage(), e); return generateErrorView( e.getCode(), e.getMessage(), authnMethod, new Object[] {e.getAuthenticationMethod()}); } catch (final UnacceptableMultiFactorAuthenticationMethodException e) { logger.debug(e.getMessage(), e); return generateErrorView( e.getCode(), e.getMessage(), authnMethod, new Object[] {serviceTicketId, e.getAuthenticationMethod()}); } onSuccessfulValidation(serviceTicketId, assertion); final ModelAndView success = new ModelAndView(this.successView); success.addObject(MODEL_ASSERTION, assertion); if (serviceCredentials != null && proxyGrantingTicketId != null) { final String proxyIou = this.proxyHandler.handle(serviceCredentials, proxyGrantingTicketId); success.addObject(MODEL_PROXY_GRANTING_TICKET_IOU, proxyIou); } final String authnMethods = MultiFactorUtils.getFulfilledAuthenticationMethodsAsString(assertion); if (StringUtils.isNotBlank(authnMethods)) { success.addObject(MODEL_AUTHN_METHOD, authnMethods); } logger.debug(String.format("Successfully validated service ticket: %s", serviceTicketId)); return success; } catch (final TicketValidationException e) { return generateErrorView( e.getCode(), e.getCode(), authnMethod, new Object[] {serviceTicketId, e.getOriginalService().getId(), service.getId()}); } catch (final TicketException te) { return generateErrorView( te.getCode(), te.getCode(), authnMethod, new Object[] {serviceTicketId}); } catch (final UnauthorizedServiceException e) { return generateErrorView(e.getMessage(), e.getMessage(), authnMethod, null); } }
protected final ModelAndView handleRequestInternal( final HttpServletRequest request, final HttpServletResponse response) throws Exception { final WebApplicationService service = this.argumentExtractor.extractService(request); final String serviceTicketId = service != null ? service.getArtifactId() : null; if (service == null || serviceTicketId == null) { logger.debug( String.format( "Could not process request; Service: %s, Service Ticket Id: %s", service, serviceTicketId)); return generateErrorView("INVALID_REQUEST", "INVALID_REQUEST", null); } try { final Credentials serviceCredentials = getServiceCredentialsFromRequest(request); String proxyGrantingTicketId = null; // XXX should be able to validate AND THEN use if (serviceCredentials != null) { try { proxyGrantingTicketId = this.centralAuthenticationService.delegateTicketGrantingTicket( serviceTicketId, serviceCredentials); } catch (final TicketException e) { logger.error("TicketException generating ticket for: " + serviceCredentials, e); } } final Assertion assertion = this.centralAuthenticationService.validateServiceTicket(serviceTicketId, service); final ValidationSpecification validationSpecification = this.getCommandClass(); final ServletRequestDataBinder binder = new ServletRequestDataBinder(validationSpecification, "validationSpecification"); initBinder(request, binder); binder.bind(request); if (!validationSpecification.isSatisfiedBy(assertion)) { if (logger.isDebugEnabled()) { logger.debug( "ServiceTicket [" + serviceTicketId + "] does not satisfy validation specification."); } return generateErrorView("INVALID_TICKET", "INVALID_TICKET_SPEC", null); } onSuccessfulValidation(serviceTicketId, assertion); final ModelAndView success = new ModelAndView(this.successView); success.addObject(MODEL_ASSERTION, assertion); if (serviceCredentials != null && proxyGrantingTicketId != null) { final String proxyIou = this.proxyHandler.handle(serviceCredentials, proxyGrantingTicketId); success.addObject(MODEL_PROXY_GRANTING_TICKET_IOU, proxyIou); } if (logger.isDebugEnabled()) { logger.debug( String.format( "Successfully validated service ticket [%s] for service [%s]", serviceTicketId, service.getId())); } return success; } catch (final TicketValidationException e) { return generateErrorView( e.getCode(), e.getCode(), new Object[] {serviceTicketId, e.getOriginalService().getId(), service.getId()}); } catch (final TicketException te) { return generateErrorView(te.getCode(), te.getCode(), new Object[] {serviceTicketId}); } catch (final UnauthorizedServiceException e) { return generateErrorView(e.getMessage(), e.getMessage(), null); } }
@Override protected Event doExecute(RequestContext context) throws Exception { HttpServletRequest request = WebUtils.getHttpServletRequest(context); HttpSession session = request.getSession(); // get provider type String providerType = request.getParameter(OAUTH_PROVIDER); logger.debug("providerType : {}", providerType); // System.out.println("OAuthAction "+providerType+" "+StringUtils.isNotBlank(providerType)); // it's an authentication if (StringUtils.isNotBlank(providerType)) { // get provider OAuthProvider provider = null; for (OAuthProvider aProvider : providers) { if (StringUtils.equals(providerType, aProvider.getType())) { provider = aProvider; break; } } logger.info("provider : {}", provider); // get credential System.out.println("Params " + request.getParameterMap()); @SuppressWarnings("unchecked") OAuthCredential credential = provider.getCredential(request.getParameterMap()); logger.info("credential : {}", credential); // retrieve service from session and put it into webflow Service service = (Service) session.getAttribute("service"); context.getFlowScope().put("service", service); // create credentials Credentials credentials = new OAuthCredentials(credential); try { WebUtils.putTicketGrantingTicketInRequestScope( context, this.centralAuthenticationService.createTicketGrantingTicket(credentials)); return success(); } catch (final TicketException e) { e.printStackTrace(); return error(); } } else { // no authentication : go to login page // put service in session from flow scope Service service = (Service) context.getFlowScope().get("service"); session.setAttribute("service", service); // for all providers, generate authorization urls for (OAuthProvider provider : providers) { String key = provider.getType() + "Url"; String authorizatonUrl = provider.getAuthorizationUrl(new HttpUserSession(session)); logger.debug("{} -> {}", key, authorizatonUrl); request.setAttribute(key, authorizatonUrl); } } return error(); }