/** * Enumerates the list of available principals in the authentication chain * and ensures that the newly given and provided principal is compliant * and equals the rest of the principals in the chain. The match * is explicitly controlled by {@link Principal#equals(Object)} * implementation. * * @param authentication the authentication object whose principal is compared against the chain * @return true if no mismatch is found; false otherwise. */ private boolean doesPrincipalMatchAuthenticationChain(final Authentication authentication) { for (final Authentication authn : this.chainedAuthentication) { final Principal currentPrincipal = authn.getPrincipal(); final Principal newPrincipal = authentication.getPrincipal(); if (!currentPrincipal.equals(newPrincipal)) { return false; } } return true; }
@Override public Principal getAuthenticatedPrincipalFrom(final String ticketGrantingTicketId) throws RuntimeException { final Authentication auth = getAuthenticationFrom(ticketGrantingTicketId); return auth == null ? null : auth.getPrincipal(); }
@Override /** {@inheritDoc} */ public Principal getAuthenticatedPrincipalFrom(final String ticketGrantingTicketId) throws RuntimeException { final Authentication auth = getAuthenticationFrom(ticketGrantingTicketId); return auth == null ? null : auth.getPrincipal(); }
/** * Gets the principal from the model. * * @param model the model * @return the assertion from * @since 4.1.0 */ protected final Principal getPrincipal(final Map<String, Object> model) { return getPrimaryAuthenticationFrom(model).getPrincipal(); }
/** * Provides the ability to access the resolved * and primary principal based on the authentication context. * @return the primary principal. */ public final Principal getPrincipal() { final Authentication auth = this.getAuthentication(); if (auth != null) { return auth.getPrincipal(); } return null; }
@Override /** {@inheritDoc} */ public Principal getAuthenticatedPrincipalFrom(String ticketGrantingTicketId) throws RuntimeException { Authentication auth = getAuthenticationFrom(ticketGrantingTicketId); return auth == null ? null : auth.getPrincipal(); }
/** * Extracts an authenticated ${@link Principal} from a provided ${@link Assertion} instance. * <p/> * It is a caller's of this method responsibility to ensure that provided ${@link Assertion} instance is not null * to avoid NPE at runtime. * * @param assertion instance to retrieve ${@link Principal} from * @return Authenticated Principal * @throws NullPointerException if provided Assertion is <i>null</i> */ public static Principal getAuthenticatedPrincipalFrom(Assertion assertion) { final List<Authentication> chain = assertion.getChainedAuthentications(); final Principal principal = chain.get(chain.size() - 1).getPrincipal(); return principal; }
@Override public Principal nominate(final Collection<Authentication> authentications, final Map<String, Object> principalAttributes) { final Principal principal = authentications.iterator().next().getPrincipal(); final Principal finalPrincipal = this.principalFactory.createPrincipal(principal.getId(), principalAttributes); LOGGER.debug("Nominated [{}] as the primary principal", finalPrincipal); return finalPrincipal; }
/** * Add the authentication to the chain, having verified * that the resolved principal of the new authentication * matches what has been remembered and collected as the principal. * @param authentication authentication context to add to the chain */ public final void addAuthenticationToChain(final Authentication authentication) { if (!doesPrincipalMatchAuthenticationChain(authentication)) { LOGGER.warn("The provided principal [{}] does not match the authentication chain. CAS has no record of " + "this principal ever having authenticated in the active authentication context.", authentication.getPrincipal()); throw new UnknownPrincipalMatchException(authentication); } this.chainedAuthentication.add(authentication); }
@Override protected void renderMergedOutputModel(final Map<String, Object> model, final HttpServletRequest request, final HttpServletResponse response) throws Exception { final Authentication authentication = getAssertionFrom(model).getChainedAuthentications().get(0); final Principal principal = authentication.getPrincipal(); this.jacksonObjectMapper.writeValue(response.getWriter(), new TicketValidationJsonResponse(authentication, principal)); } }
@Override public void addTicket(final Ticket ticket) { if (ticket instanceof TicketGrantingTicket) { final TicketGrantingTicket ticketGrantingTicket = (TicketGrantingTicket) ticket; final String ticketId = ticketGrantingTicket.getId(); final String userName = ticketGrantingTicket.getAuthentication().getPrincipal().getId().toLowerCase(); logger.debug("Creating mapping ticket {} to user name {}", ticketId, userName); this.cache.put(ticketId, userName); } this.ticketRegistry.addTicket(ticket); }
@Override public void populateAttributes(final AuthenticationBuilder builder, final Credential credential) { final UsernamePasswordCredential c = (UsernamePasswordCredential) credential; final Authentication authentication = builder.build(); this.credentialCache.put(authentication.getPrincipal().getId(), c.getPassword()); }
@Override public Collection<Map<String, Object>> getActiveSsoSessions() throws BulkRetrievalOfTicketsNotSupportedException { final List<Map<String, Object>> activeSessions = new ArrayList<Map<String, Object>>(); for(TicketGrantingTicket tgt : this.ticketSupport.getNonExpiredTicketGrantingTickets()) { final Map<String, Object> sso = new HashMap<String, Object>(3); sso.put(SsoSessionAttributeKeys.AUTHENTICATED_PRINCIPAL.toString(), tgt.getAuthentication().getPrincipal().getId()); sso.put(SsoSessionAttributeKeys.AUTHENTICATION_DATE.toString(), tgt.getAuthentication().getAuthenticatedDate()); sso.put(SsoSessionAttributeKeys.NUMBER_OF_USES.toString(), tgt.getCountOfUses()); activeSessions.add(Collections.unmodifiableMap(sso)); } return Collections.unmodifiableCollection(activeSessions); } }
@Override public boolean equals(final Object obj) { if (!(obj instanceof Authentication)) { return false; } if (obj == this) { return true; } final Authentication other = (Authentication) obj; final EqualsBuilder builder = new EqualsBuilder(); builder.append(this.principal, other.getPrincipal()); builder.append(this.credentials, other.getCredentials()); builder.append(this.successes, other.getSuccesses()); builder.append(this.authenticationDate, other.getAuthenticationDate()); builder.append(wrap(this.attributes), other.getAttributes()); builder.append(wrap(this.failures), other.getFailures()); return builder.isEquals(); }
/** * Determine identity. * * @param service the service * @param assertion the assertion * @return the string */ protected String determineIdentity(final OpenIdService service, final Assertion assertion) { final String id; if (assertion != null && OpenIdProtocolConstants.OPENID_IDENTIFIERSELECT.equals(service.getIdentity())) { id = this.openIdPrefixUrl + '/' + assertion.getPrimaryAuthentication().getPrincipal().getId(); } else { id = service.getIdentity(); } return id; }
private AuthenticationStatement newAuthenticationStatement(final Authentication authentication) { final String authenticationMethod = (String) authentication.getAttributes().get( SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD); final AuthenticationStatement authnStatement = newSamlObject(AuthenticationStatement.class); authnStatement.setAuthenticationInstant(new DateTime(authentication.getAuthenticatedDate())); authnStatement.setAuthenticationMethod(authenticationMethod != null ? authenticationMethod : SamlAuthenticationMetaDataPopulator.AUTHN_METHOD_UNSPECIFIED); authnStatement.setSubject(newSubject(authentication.getPrincipal().getId())); return authnStatement; }
@Override public HandlerResult authenticate(final Credential credential) throws GeneralSecurityException { final OpenIdCredential c = (OpenIdCredential) credential; final TicketGrantingTicket t = this.ticketRegistry.getTicket(c.getTicketGrantingTicketId(), TicketGrantingTicket.class); if (t == null || t.isExpired()) { throw new FailedLoginException("TGT is null or expired."); } final Principal principal = t.getAuthentication().getPrincipal(); if (!principal.getId().equals(c.getUsername())) { throw new FailedLoginException("Principal ID mismatch"); } return new DefaultHandlerResult(this, new BasicCredentialMetaData(c), principal); }
@Override protected void prepareResponse(final Response response, final Map<String, Object> model) { final Authentication authentication = getAssertionFrom(model).getChainedAuthentications().get(0); final DateTime issuedAt = response.getIssueInstant(); final Service service = getAssertionFrom(model).getService(); final Object o = authentication.getAttributes().get(RememberMeCredentials.AUTHENTICATION_ATTRIBUTE_REMEMBER_ME); final boolean isRemembered = o == Boolean.TRUE && !getAssertionFrom(model).isFromNewLogin(); // Build up the SAML assertion containing AuthenticationStatement and AttributeStatement final Assertion assertion = newSamlObject(Assertion.class); assertion.setID(generateId()); assertion.setIssueInstant(issuedAt); assertion.setIssuer(this.issuer); assertion.setConditions(newConditions(issuedAt, service.getId())); final AuthenticationStatement authnStatement = newAuthenticationStatement(authentication); assertion.getAuthenticationStatements().add(authnStatement); final Map<String, Object> attributes = authentication.getPrincipal().getAttributes(); if (!attributes.isEmpty() || isRemembered) { assertion.getAttributeStatements().add( newAttributeStatement(newSubject(authentication.getPrincipal().getId()), attributes, isRemembered)); } response.setStatus(newStatus(StatusCode.SUCCESS, null)); response.getAssertions().add(assertion); }
@Override @Audit( action="AUTHENTICATION", actionResolverName="AUTHENTICATION_RESOLVER", resourceResolverName="AUTHENTICATION_RESOURCE_RESOLVER") @Timed(name="AUTHENTICATE_TIMED") @Metered(name="AUTHENTICATE_METER") @Counted(name="AUTHENTICATE_COUNT", monotonic=true) public Authentication authenticate(final AuthenticationTransaction transaction) throws AuthenticationException { final AuthenticationBuilder builder = authenticateInternal(transaction.getCredentials()); final Authentication authentication = builder.build(); final Principal principal = authentication.getPrincipal(); if (principal instanceof NullPrincipal) { throw new UnresolvedPrincipalException(authentication); } addAuthenticationMethodAttribute(builder, authentication); logger.info("Authenticated {} with credentials {}.", principal, transaction.getCredentials()); logger.debug("Attribute map for {}: {}", principal.getId(), principal.getAttributes()); populateAuthenticationMetadataAttributes(builder, transaction.getCredentials()); return builder.build(); }
/** * Creates a new builder initialized with data from the given authentication source. * * @param source Authentication source. * * @return New builder instance initialized with all fields in the given authentication source. */ public static AuthenticationBuilder newInstance(final Authentication source) { final DefaultAuthenticationBuilder builder = new DefaultAuthenticationBuilder(source.getPrincipal()); builder.setAuthenticationDate(source.getAuthenticationDate()); builder.setCredentials(source.getCredentials()); builder.setSuccesses(source.getSuccesses()); builder.setFailures(source.getFailures()); builder.setAttributes(source.getAttributes()); return builder; }