private CasAuthenticationToken authenticateNow(final Authentication authentication) throws AuthenticationException { try { final Assertion assertion = this.ticketValidator.validate(authentication .getCredentials().toString(), getServiceUrl(authentication)); final UserDetails userDetails = loadUserByAssertion(assertion); userDetailsChecker.check(userDetails); return new CasAuthenticationToken(this.key, userDetails, authentication.getCredentials(), authoritiesMapper.mapAuthorities(userDetails.getAuthorities()), userDetails, assertion); } catch (final TicketValidationException e) { throw new BadCredentialsException(e.getMessage(), e); } }
protected Assertion parseResponseFromServer(final String response) throws TicketValidationException { if (!response.startsWith("yes")) { throw new TicketValidationException("CAS Server could not validate ticket."); } try { final BufferedReader reader = new BufferedReader(new StringReader(response)); reader.readLine(); final String name = reader.readLine(); return new AssertionImpl(name); } catch (final IOException e) { throw new TicketValidationException("Unable to parse response.", e); } } }
protected Assertion parseResponseFromServer(final String response) throws TicketValidationException { if (!response.startsWith("yes")) { throw new TicketValidationException("CAS Server could not validate ticket."); } try { final BufferedReader reader = new BufferedReader(new StringReader( response)); reader.readLine(); final String name = reader.readLine(); return new AssertionImpl(name); } catch (final IOException e) { throw new TicketValidationException("Unable to parse response.", e); } } }
protected Assertion getCASAssertion(HttpServletRequest request) { String ticket = request.getParameter(GeoServerCasConstants.ARTIFACT_PARAMETER); if (ticket == null) return null; if ((ticket.startsWith(GeoServerCasConstants.PROXY_TICKET_PREFIX) || ticket.startsWith(GeoServerCasConstants.SERVICE_TICKET_PREFIX)) == false) return null; try { String service = retrieveService(request); return validator.validate(ticket, service); } catch (TicketValidationException e) { LOGGER.warning(e.getMessage()); } return null; }
public final Assertion validate(final String ticket, final String service) throws TicketValidationException { final String validationUrl = constructValidationUrl(ticket, service); logger.debug("Constructing validation url: {}", validationUrl); try { logger.debug("Retrieving response from server."); final String serverResponse = retrieveResponseFromServer(new URL(validationUrl), ticket); if (serverResponse == null) { throw new TicketValidationException("The CAS server returned no response."); } logger.debug("Server response: {}", serverResponse); return parseResponseFromServer(serverResponse); } catch (final MalformedURLException e) { throw new TicketValidationException(e); } }
protected Assertion getCASAssertion(HttpServletRequest request) { String ticket = request.getParameter(GeoServerCasConstants.ARTIFACT_PARAMETER); if (ticket==null) return null; if ((ticket.startsWith(GeoServerCasConstants.PROXY_TICKET_PREFIX) || ticket.startsWith(GeoServerCasConstants.SERVICE_TICKET_PREFIX))==false) return null; try { String service = retrieveService(request); return validator.validate(ticket,service ); } catch (TicketValidationException e) { LOGGER.warning(e.getMessage()); } return null; }
public Assertion validate(final String ticket, final String service) throws TicketValidationException { final String validationUrl = constructValidationUrl(ticket, service); if (log.isDebugEnabled()) { log.debug("Constructing validation url: " + validationUrl); } try { log.debug("Retrieving response from server."); final String serverResponse = retrieveResponseFromServer(new URL(validationUrl), ticket); if (serverResponse == null) { throw new TicketValidationException("The CAS server returned no response."); } if (log.isDebugEnabled()) { log.debug("Server response: " + serverResponse); } return parseResponseFromServer(serverResponse); } catch (final MalformedURLException e) { throw new TicketValidationException(e); } }
logger.debug(e.getMessage(), e); response.sendError(HttpServletResponse.SC_FORBIDDEN, e.getMessage());
XPATH_ASSERTION_DATE_END.evaluateAsString(document)); if (!isValidAssertion(assertionValidityStart, assertionValidityEnd)) { throw new TicketValidationException("Invalid SAML assertion"); throw new TicketValidationException("SAML assertion does not contain NameIdentifier element"); Collections.singletonMap(AUTH_METHOD_ATTRIBUTE, (Object) authMethod)); } catch (final Exception e) { throw new TicketValidationException("Error processing SAML response", e);
setUnauthorized(response, e.getMessage()); return null;
@Override protected Assertion parseResponseFromServer(final String response) throws TicketValidationException { try { final TicketValidationJsonResponse json = new JsonValidationResponseParser().parse(response); return json.getAssertion(getProxyGrantingTicketStorage(), getProxyRetriever()); } catch (final JsonProcessingException e) { logger.warn("Unable parse the JSON response. Falling back to XML", e); return super.parseResponseFromServer(response); } catch (final IOException e) { throw new TicketValidationException(e.getMessage(), e); } }
setUnauthorized(response, e.getMessage()); return null;
XPATH_ASSERTION_DATE_END.evaluateAsString(document)); if (!isValidAssertion(assertionValidityStart, assertionValidityEnd)) { throw new TicketValidationException("Invalid SAML assertion"); throw new TicketValidationException("SAML assertion does not contain NameIdentifier element"); Collections.singletonMap(AUTH_METHOD_ATTRIBUTE, (Object) authMethod)); } catch (final Exception e) { throw new TicketValidationException("Error processing SAML response", e);
private CasAuthenticationToken authenticateNow(final Authentication authentication) throws AuthenticationException { try { final Assertion assertion = this.ticketValidator.validate(authentication .getCredentials().toString(), getServiceUrl(authentication)); final UserDetails userDetails = loadUserByAssertion(assertion); userDetailsChecker.check(userDetails); return new CasAuthenticationToken(this.key, userDetails, authentication.getCredentials(), authoritiesMapper.mapAuthorities(userDetails.getAuthorities()), userDetails, assertion); } catch (final TicketValidationException e) { throw new BadCredentialsException(e.getMessage(), e); } }
throw new TicketValidationException("No assertions found."); throw new TicketValidationException("No AuthentiationStatement found in SAML Assertion."); throw new TicketValidationException("No Subject found in SAML Assertion."); throw new TicketValidationException(e); throw new TicketValidationException("No Assertion found within valid time range. Either there's a replay of the ticket or there's clock drift. Check tolerance range, or server/client synchronization.");
private CasAuthenticationToken authenticateNow(final Authentication authentication) throws AuthenticationException { try { final Assertion assertion = this.ticketValidator.validate(authentication .getCredentials().toString(), getServiceUrl(authentication)); final UserDetails userDetails = loadUserByAssertion(assertion); userDetailsChecker.check(userDetails); return new CasAuthenticationToken(this.key, userDetails, authentication.getCredentials(), authoritiesMapper.mapAuthorities(userDetails.getAuthorities()), userDetails, assertion); } catch (final TicketValidationException e) { throw new BadCredentialsException(e.getMessage(), e); } }
public TicketValidationJsonResponse parse(final String response) throws TicketValidationException, IOException { if (CommonUtils.isBlank(response)) { throw new TicketValidationException("Invalid JSON response; The response is empty"); } final TicketValidationJsonResponse json = this.objectMapper.readValue(response, TicketValidationJsonResponse.class); final TicketValidationJsonResponse.CasServiceResponseAuthentication serviceResponse = json.getServiceResponse(); if (serviceResponse.getAuthenticationFailure() != null && serviceResponse.getAuthenticationSuccess() != null) { throw new TicketValidationException("Invalid JSON response; It indicates both a success " + "and a failure event, which is indicative of a server error. The actual response is " + response); } if (serviceResponse.getAuthenticationFailure() != null) { final String error = json.getServiceResponse().getAuthenticationFailure().getCode() + " - " + serviceResponse.getAuthenticationFailure().getDescription(); throw new TicketValidationException(error); } final String principal = json.getServiceResponse().getAuthenticationSuccess().getUser(); if (CommonUtils.isEmpty(principal)) { throw new TicketValidationException("No principal was found in the response from the CAS server."); } return json; } }
protected final Assertion parseResponseFromServer(final String response) throws TicketValidationException { final String error = XmlUtils.getTextForElement(response, "authenticationFailure"); if (CommonUtils.isNotBlank(error)) { throw new TicketValidationException(error); } final String principal = XmlUtils.getTextForElement(response, "user"); final String proxyGrantingTicketIou = XmlUtils.getTextForElement( response, "proxyGrantingTicket"); final String proxyGrantingTicket = this.proxyGrantingTicketStorage != null ? this.proxyGrantingTicketStorage.retrieve(proxyGrantingTicketIou) : null; if (CommonUtils.isEmpty(principal)) { throw new TicketValidationException("No principal was found in the response from the CAS server."); } final Assertion assertion; final Map attributes = extractCustomAttributes(response); if (CommonUtils.isNotBlank(proxyGrantingTicket)) { final AttributePrincipal attributePrincipal = new AttributePrincipalImpl(principal, attributes, proxyGrantingTicket, this.proxyRetriever); assertion = new AssertionImpl(attributePrincipal); } else { assertion = new AssertionImpl(new AttributePrincipalImpl(principal, attributes)); } customParseResponse(response, assertion); return assertion; }
protected Assertion parseResponseFromServer(final String response) throws TicketValidationException { final String error = parseAuthenticationFailureFromResponse(response); if (CommonUtils.isNotBlank(error)) { throw new TicketValidationException(error); } final String principal = parsePrincipalFromResponse(response); final String proxyGrantingTicketIou = parseProxyGrantingTicketFromResponse(response); final String proxyGrantingTicket; if (CommonUtils.isBlank(proxyGrantingTicketIou) || this.proxyGrantingTicketStorage == null) { proxyGrantingTicket = null; } else { proxyGrantingTicket = this.proxyGrantingTicketStorage.retrieve(proxyGrantingTicketIou); } if (CommonUtils.isEmpty(principal)) { throw new TicketValidationException("No principal was found in the response from the CAS server."); } final Assertion assertion; final Map<String, Object> attributes = extractCustomAttributes(response); if (CommonUtils.isNotBlank(proxyGrantingTicket)) { final AttributePrincipal attributePrincipal = new AttributePrincipalImpl(principal, attributes, proxyGrantingTicket, this.proxyRetriever); assertion = new AssertionImpl(attributePrincipal); } else { assertion = new AssertionImpl(new AttributePrincipalImpl(principal, attributes)); } customParseResponse(response, assertion); return assertion; }