Пример #1
0
 protected Result redirectToOriginallyRequestedUrl(final WebContext context) {
   final String requestedUrl = (String) context.getSessionAttribute(Pac4jConstants.REQUESTED_URL);
   logger.debug("requestedUrl: {}", requestedUrl);
   if (CommonHelper.isNotBlank(requestedUrl)) {
     context.setSessionAttribute(Pac4jConstants.REQUESTED_URL, null);
     return redirect(requestedUrl);
   } else {
     return redirect(this.defaultUrl);
   }
 }
Пример #2
0
 @Override
 protected boolean hasBeenCancelled(final WebContext context) {
   final String error = context.getRequestParameter(OAuthCredentialsException.ERROR);
   final String errorReason = context.getRequestParameter(OAuthCredentialsException.ERROR_REASON);
   // user has denied permissions
   if ("access_denied".equals(error) && "user_denied".equals(errorReason)) {
     return true;
   } else {
     return false;
   }
 }
Пример #3
0
 @Test
 public void testRelayState() throws HttpAction {
   final SAML2Client client = getClient();
   final WebContext context =
       new J2EContext(new MockHttpServletRequest(), new MockHttpServletResponse());
   context.setSessionAttribute(SAML2Client.SAML_RELAY_STATE_ATTRIBUTE, "relayState");
   final RedirectAction action = client.getRedirectAction(context);
   assertTrue(
       action
           .getContent()
           .contains("<input type=\"hidden\" name=\"RelayState\" value=\"relayState\"/>"));
 }
Пример #4
0
 @Override
 protected boolean hasBeenCancelled(final WebContext context) {
   final String error = context.getRequestParameter(OAuthCredentialsException.ERROR);
   final String errorDescription =
       context.getRequestParameter(OAuthCredentialsException.ERROR_DESCRIPTION);
   // user has denied permissions
   if ("access_denied".equals(error) && "the+user+denied+your+request".equals(errorDescription)) {
     return true;
   } else {
     return false;
   }
 }
Пример #5
0
  @Override
  public boolean isAuthorized(final WebContext context, final UserProfile profile) {
    CommonHelper.assertNotNull("pattern", pattern);

    final String ip = context.getRemoteAddr();
    return this.pattern.matcher(ip).matches();
  }
Пример #6
0
  /**
   * Get the credentials from the web context.
   *
   * @param context the web context
   * @return the credentials
   * @throws RequiresHttpAction requires an extra HTTP action
   */
  @Override
  protected CasCredentials retrieveCredentials(final WebContext context) throws RequiresHttpAction {

    // like the SingleSignOutFilter from CAS client :
    if (this.logoutHandler.isTokenRequest(context)) {
      final String ticket = context.getRequestParameter(SERVICE_TICKET_PARAMETER);
      this.logoutHandler.recordSession(context, ticket);
      final CasCredentials casCredentials = new CasCredentials(ticket, getName());
      logger.debug("casCredentials : {}", casCredentials);
      return casCredentials;
    }

    if (this.logoutHandler.isLogoutRequest(context)) {
      this.logoutHandler.destroySession(context);
      final String message = "logout request : no credential returned";
      logger.debug(message);
      throw RequiresHttpAction.ok(message, context);
    }

    if (this.gateway) {
      logger.info("No credential found in this gateway round-trip");
      return null;
    }
    final String message = "No ticket or logout request";
    throw new CredentialsException(message);
  }
Пример #7
0
  /**
   * Extracts digest Authorization header components. As per RFC 2617 : username is the user's name
   * in the specified realm qop is quality of protection uri is the request uri response is the
   * client response nonce is a server-specified data string which should be uniquely generated each
   * time a 401 response is made cnonce is the client nonce nc is the nonce count If in the
   * Authorization header it is not specified a username and response, we throw CredentialsException
   * because the client uses an username and a password to authenticate. response is just a MD5
   * encoded value based on user provided password and RFC 2617 digest authentication encoding rules
   *
   * @param context the current web context
   * @return the Digest credentials
   */
  @Override
  public DigestCredentials extract(WebContext context) throws HttpAction {
    final TokenCredentials credentials = this.extractor.extract(context);

    if (credentials == null) {
      return null;
    }

    String token = credentials.getToken();
    Map<String, String> valueMap = parseTokenValue(token);
    String username = valueMap.get("username");
    String response = valueMap.get("response");

    if (CommonHelper.isBlank(username) || CommonHelper.isBlank(response)) {
      throw new CredentialsException("Bad format of the digest auth header");
    }
    String realm = valueMap.get("realm");
    String nonce = valueMap.get("nonce");
    String uri = valueMap.get("uri");
    String cnonce = valueMap.get("cnonce");
    String nc = valueMap.get("nc");
    String qop = valueMap.get("qop");
    String method = context.getRequestMethod();

    return new DigestCredentials(
        response, method, clientName, username, realm, nonce, uri, cnonce, nc, qop);
  }
Пример #8
0
 @Override
 protected boolean hasBeenCancelled(final WebContext context) {
   final String denied = context.getRequestParameter("denied");
   if (CommonHelper.isNotBlank(denied)) {
     return true;
   } else {
     return false;
   }
 }
 @Override
 protected String retrieveAuthorizationUrl(WebContext context) {
   // Intentional override of this since the test doesn't need to care about actually
   // getting a request token so let's not create an endpoint to do so
   Token token = new Token(TEST_REQUEST_TOKEN, TEST_SECRET);
   context.setSessionAttribute(getRequestTokenSessionAttributeName(), token);
   final String authorizationUrl = getAuthorizationUrl(token);
   logger.debug("authorizationUrl : {}", authorizationUrl);
   return authorizationUrl;
 }
Пример #10
0
 @Override
 protected String getStateParameter(WebContext webContext) {
   String relayState = (String) webContext.getSessionAttribute(SAML_RELAY_STATE_ATTRIBUTE);
   return (relayState == null) ? getContextualCallbackUrl(webContext) : relayState;
 }
Пример #11
0
 @Override
 public boolean isAuthorized(final WebContext context, final List<CommonProfile> profiles)
     throws RequiresHttpAction {
   context.setResponseHeader("X-Frame-Options", "DENY");
   return true;
 }