@Override public Set<Event> resolveInternal(final RequestContext context) { val resolvedEvents = getResolvedEventsAsAttribute(context); val authentication = WebUtils.getAuthentication(context); val registeredService = resolveRegisteredServiceInRequestContext(context); val request = WebUtils.getHttpServletRequestFromExternalWebflowContext(context); return resolveEventsInternal(resolvedEvents, authentication, registeredService, request, context); }
@Override public Set<Event> resolveInternal(final RequestContext context) { if (isRequestAskingForServiceTicket(context)) { LOGGER.debug("Authentication request is asking for service tickets"); return CollectionUtils.wrapSet(grantServiceTicket(context)); } return null; }
@Audit(action = "AUTHENTICATION_EVENT", actionResolverName = "AUTHENTICATION_EVENT_ACTION_RESOLVER", resourceResolverName = "AUTHENTICATION_EVENT_RESOURCE_RESOLVER") @Override public Event resolveSingle(final RequestContext context) { return super.resolveSingle(context); }
@Override public Set<Event> resolveInternal(final RequestContext context) { try { val credential = getCredentialFromContext(context); val service = WebUtils.getService(context); if (credential != null) { val registeredService = determineRegisteredServiceForEvent(context, service); LOGGER.debug("Attempting to resolve candidate authentication events for service [{}]", service); val resolvedEvents = resolveCandidateAuthenticationEvents(context, service, registeredService); if (!resolvedEvents.isEmpty()) { LOGGER.debug("The set of authentication events resolved for [{}] are [{}]. Beginning to select the final event...", service, resolvedEvents); putResolvedEventsAsAttribute(context, resolvedEvents); val finalResolvedEvent = this.selectiveResolver.resolveSingle(context); LOGGER.debug("The final authentication event resolved for [{}] is [{}]", service, finalResolvedEvent); throw new IllegalArgumentException("No authentication result builder can be located in the context"); return CollectionUtils.wrapSet(grantTicketGrantingTicketToAuthenticationResult(context, builder, service)); } catch (final Exception e) { var event = returnAuthenticationExceptionEventIfNeeded(e); if (event == null) { LOGGER.warn(e.getMessage(), e); event = newEvent(CasWebflowConstants.TRANSITION_ID_ERROR, e);
@ConditionalOnMissingBean(name = "initialAuthenticationAttemptWebflowEventResolver") @Bean @RefreshScope public CasDelegatingWebflowEventResolver initialAuthenticationAttemptWebflowEventResolver() { val r = new DefaultCasDelegatingWebflowEventResolver( authenticationSystemSupport.getIfAvailable(), centralAuthenticationService.getIfAvailable(), servicesManager.getIfAvailable(), ticketRegistrySupport.getIfAvailable(), warnCookieGenerator.getIfAvailable(), authenticationServiceSelectionPlan.getIfAvailable(), registeredServiceAccessStrategyEnforcer.getIfAvailable(), applicationEventPublisher, applicationContext); r.addDelegate(adaptiveAuthenticationPolicyWebflowEventResolver()); r.addDelegate(timedAuthenticationPolicyWebflowEventResolver()); r.addDelegate(globalAuthenticationPolicyWebflowEventResolver()); r.addDelegate(httpRequestAuthenticationPolicyWebflowEventResolver()); r.addDelegate(restEndpointAuthenticationPolicyWebflowEventResolver()); r.addDelegate(groovyScriptAuthenticationPolicyWebflowEventResolver()); r.addDelegate(registeredServicePrincipalAttributeAuthenticationPolicyWebflowEventResolver()); r.addDelegate(predicatedPrincipalAttributeMultifactorAuthenticationPolicyEventResolver()); r.addDelegate(principalAttributeAuthenticationPolicyWebflowEventResolver()); r.addDelegate(authenticationAttributeAuthenticationPolicyWebflowEventResolver()); r.addDelegate(registeredServiceAuthenticationPolicyWebflowEventResolver()); r.setSelectiveResolver(selectiveAuthenticationProviderWebflowEventResolver()); return r; }
/** * Handle authentication transaction and grant ticket granting ticket. * * @param context the context * @return the set */ protected Set<Event> handleAuthenticationTransactionAndGrantTicketGrantingTicket(final RequestContext context) { val response = WebUtils.getHttpServletResponseFromExternalWebflowContext(context); try { val credential = getCredentialFromContext(context); val builderResult = WebUtils.getAuthenticationResultBuilder(context); LOGGER.debug("Handling authentication transaction for credential [{}]", credential); val service = WebUtils.getService(context); val builder = this.authenticationSystemSupport.handleAuthenticationTransaction(service, builderResult, credential); LOGGER.debug("Issuing ticket-granting tickets for service [{}]", service); return CollectionUtils.wrapSet(grantTicketGrantingTicketToAuthenticationResult(context, builder, service)); } catch (final Exception e) { LOGGER.error(e.getMessage(), e); val messageContext = context.getMessageContext(); messageContext.addMessage(new MessageBuilder() .error() .code(DEFAULT_MESSAGE_BUNDLE_PREFIX.concat(e.getClass().getSimpleName())) .build()); response.setStatus(HttpStatus.UNAUTHORIZED.value()); return CollectionUtils.wrapSet(getAuthenticationFailureErrorEvent(context)); } }
@Override public Set<Event> resolve(final RequestContext context) { LOGGER.trace("Attempting to resolve authentication event using resolver [{}]", getName()); WebUtils.putWarnCookieIfRequestParameterPresent(this.warnCookieGenerator, context); WebUtils.putPublicWorkstationToFlowIfRequestParameterPresent(context); return resolveInternal(context); }
val credential = getCredentialFromContext(context); WebUtils.putServiceTicketInRequestScope(context, serviceTicketId); WebUtils.putWarnCookieIfRequestParameterPresent(this.warnCookieGenerator, context); return newEvent(CasWebflowConstants.TRANSITION_ID_WARN); return newEvent(CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE, e);
/** * New event based on the id, which contains an error attribute referring to the exception occurred. * * @param id the id * @param error the error * @return the event */ protected Event newEvent(final String id, final Throwable error) { return newEvent(id, new LocalAttributeMap(CasWebflowConstants.TRANSITION_ID_ERROR, error)); }
/** * Resolve service from authentication request service. * * @param context the context * @return the service */ protected Service resolveServiceFromAuthenticationRequest(final RequestContext context) { val ctxService = WebUtils.getService(context); return resolveServiceFromAuthenticationRequest(ctxService); }
private Event returnAuthenticationExceptionEventIfNeeded(final Exception e) { if (e instanceof AuthenticationException || e instanceof AbstractTicketException) { LOGGER.debug(e.getMessage(), e); return newEvent(CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE, e); } if (e.getCause() instanceof AuthenticationException || e.getCause() instanceof AbstractTicketException) { val ex = e.getCause(); LOGGER.debug(ex.getMessage(), ex); return newEvent(CasWebflowConstants.TRANSITION_ID_AUTHENTICATION_FAILURE, ex); } return null; } }
@Override public Event resolveSingle(final RequestContext context) { val events = resolve(context); if (events == null || events.isEmpty()) { return null; } val event = events.iterator().next(); LOGGER.debug("Resolved single event [{}] via [{}] for this context", event.getId(), event.getSource().getClass().getName()); return event; }
/** * Resolve events internal set. Implementation may filter events from the collection * to only return the one that is appropriate for this request. The default * implementation returns the entire collection. * * @param resolveEvents the resolve events * @param authentication the authentication * @param registeredService the registered service * @param request the request * @param context the request context * @return the set of resolved events */ protected Set<Event> resolveEventsInternal(final Set<Event> resolveEvents, final Authentication authentication, final RegisteredService registeredService, final HttpServletRequest request, final RequestContext context) { if (!resolveEvents.isEmpty()) { LOGGER.trace("Collection of resolved events for this authentication sequence are:"); resolveEvents.forEach(e -> LOGGER.trace("Event id [{}] resolved from [{}]", e.getId(), e.getSource().getClass().getName())); } else { LOGGER.trace("No events could be resolved for this authentication transaction [{}] and service [{}]", authentication, registeredService); } val pair = filterEventsByMultifactorAuthenticationProvider(resolveEvents, authentication, registeredService, request); WebUtils.putResolvedMultifactorAuthenticationProviders(context, pair.getValue()); return pair.getKey(); }
@ConditionalOnMissingBean(name = "serviceTicketRequestWebflowEventResolver") @Bean @RefreshScope public CasWebflowEventResolver serviceTicketRequestWebflowEventResolver() { return new ServiceTicketRequestWebflowEventResolver(authenticationSystemSupport.getIfAvailable(), centralAuthenticationService.getIfAvailable(), servicesManager.getIfAvailable(), ticketRegistrySupport.getIfAvailable(), warnCookieGenerator.getIfAvailable(), authenticationServiceSelectionPlan.getIfAvailable(), registeredServiceAccessStrategyEnforcer.getIfAvailable(), casProperties, applicationEventPublisher, applicationContext); }
@ConditionalOnMissingBean(name = "selectiveAuthenticationProviderWebflowEventResolver") @Bean @RefreshScope public CasWebflowEventResolver selectiveAuthenticationProviderWebflowEventResolver() { return new SelectiveMultifactorAuthenticationProviderWebflowEventEventResolver( authenticationSystemSupport.getIfAvailable(), centralAuthenticationService.getIfAvailable(), servicesManager.getIfAvailable(), ticketRegistrySupport.getIfAvailable(), warnCookieGenerator.getIfAvailable(), authenticationServiceSelectionPlan.getIfAvailable(), multifactorAuthenticationProviderSelector(), applicationEventPublisher, applicationContext); }
@ConditionalOnMissingBean(name = "rankedAuthenticationProviderWebflowEventResolver") @Bean @RefreshScope public CasDelegatingWebflowEventResolver rankedAuthenticationProviderWebflowEventResolver() { return new RankedMultifactorAuthenticationProviderWebflowEventResolver( authenticationSystemSupport.getIfAvailable(), centralAuthenticationService.getIfAvailable(), servicesManager.getIfAvailable(), ticketRegistrySupport.getIfAvailable(), warnCookieGenerator.getIfAvailable(), authenticationServiceSelectionPlan.getIfAvailable(), multifactorAuthenticationProviderSelector(), authenticationContextValidator.getIfAvailable(), initialAuthenticationAttemptWebflowEventResolver(), applicationEventPublisher, applicationContext); }
return resumeFlow(); return resumeFlow(); return resumeFlow(); if (event == null) { LOGGER.trace("Request does not indicate a requirement for authentication policy; proceed with flow normally."); return resumeFlow(); return resumeFlow();
/** * New event event. * * @param id the id * @return the event */ protected Event newEvent(final String id) { return newEvent(id, new LocalAttributeMap<>()); }
/** * Grant ticket granting ticket. * * @param context the context * @param authenticationResultBuilder the authentication result builder * @param service the service * @return the event */ protected Event grantTicketGrantingTicketToAuthenticationResult(final RequestContext context, final AuthenticationResultBuilder authenticationResultBuilder, final Service service) { WebUtils.putAuthenticationResultBuilder(authenticationResultBuilder, context); WebUtils.putServiceIntoFlowScope(context, service); return newEvent(CasWebflowConstants.TRANSITION_ID_SUCCESS); }