@Override public String getToken(final HttpServletRequest request, final HttpServletResponse response) { final Cookie tokenCookie = WebUtils.getCookie(request, COOKIE_KEY); if (tokenCookie != null && tokenCookie.getValue() != null) { logger.debug("Detected profile token from cookie: {}", tokenCookie.getValue()); return tokenCookie.getValue(); } final String token = UUID.randomUUID().toString(); final CookieGenerator g = new CookieGenerator(); g.setCookieMaxAge(Integer.MAX_VALUE); g.setCookiePath("/"); g.setCookieName(COOKIE_KEY); g.addCookie(response, token); logger.debug("Generated a new token: {}", token); return token; }
@Before public void onSetUp() throws Exception { this.action = new AuthenticationViaFormAction(); this.warnCookieGenerator = new CookieGenerator(); this.warnCookieGenerator.setCookieName("WARN"); this.warnCookieGenerator.setCookieName("TGT"); this.warnCookieGenerator.setCookieDomain("/"); this.warnCookieGenerator.setCookiePath("/"); this.action.setCentralAuthenticationService(getCentralAuthenticationService()); this.action.setAuthenticationSystemSupport(getAuthenticationSystemSupport()); this.action.setWarnCookieGenerator(this.warnCookieGenerator); }
/** * Put warn cookie if request parameter present. * * @param warnCookieGenerator the warn cookie generator * @param context the context */ public static void putWarnCookieIfRequestParameterPresent(final CookieGenerator warnCookieGenerator, final RequestContext context) { if (warnCookieGenerator != null) { LOGGER.debug("Evaluating request to determine if warning cookie should be generated"); final HttpServletResponse response = WebUtils.getHttpServletResponse(context); if (StringUtils.isNotBlank(context.getExternalContext().getRequestParameterMap().get("warn"))) { warnCookieGenerator.addCookie(response, "true"); } else { warnCookieGenerator.removeCookie(response); } } else { LOGGER.debug("No warning cookie generator is defined"); } }
@Before public void onSetUp() throws Exception { this.action = new AuthenticationViaFormAction(); this.warnCookieGenerator = new CookieGenerator(); this.warnCookieGenerator.setCookieName("WARN"); this.warnCookieGenerator.setCookieName("TGT"); this.warnCookieGenerator.setCookieDomain("/"); this.warnCookieGenerator.setCookiePath("/"); this.action.setCentralAuthenticationService(getCentralAuthenticationService()); this.action.setWarnCookieGenerator(this.warnCookieGenerator); }
public RadiusAuthenticationWebflowEventResolver(final AuthenticationSystemSupport authenticationSystemSupport, final CentralAuthenticationService centralAuthenticationService, final ServicesManager servicesManager, final TicketRegistrySupport ticketRegistrySupport, final CookieGenerator warnCookieGenerator, final AuthenticationServiceSelectionPlan authenticationSelectionStrategies, final MultifactorAuthenticationProviderSelector selector) { super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, warnCookieGenerator, authenticationSelectionStrategies, selector); }
public GrouperMultifactorAuthenticationPolicyEventResolver(final AuthenticationSystemSupport authenticationSystemSupport, final CentralAuthenticationService centralAuthenticationService, final ServicesManager servicesManager, final TicketRegistrySupport ticketRegistrySupport, final CookieGenerator warnCookieGenerator, final AuthenticationServiceSelectionPlan authenticationSelectionStrategies, final MultifactorAuthenticationProviderSelector selector, final CasConfigurationProperties casProperties) { super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, warnCookieGenerator, authenticationSelectionStrategies, selector); grouperField = casProperties.getAuthn().getMfa().getGrouperGroupField().toUpperCase(); }
public RiskAwareAuthenticationWebflowEventResolver(final AuthenticationSystemSupport authenticationSystemSupport, final CentralAuthenticationService centralAuthenticationService, final ServicesManager servicesManager, final TicketRegistrySupport ticketRegistrySupport, final CookieGenerator warnCookieGenerator, final AuthenticationServiceSelectionPlan authenticationSelectionStrategies, final MultifactorAuthenticationProviderSelector selector, final AuthenticationRiskEvaluator authenticationRiskEvaluator, final AuthenticationRiskMitigator authenticationRiskMitigator, final CasConfigurationProperties casProperties) { super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, warnCookieGenerator, authenticationSelectionStrategies, selector); this.authenticationRiskEvaluator = authenticationRiskEvaluator; this.authenticationRiskMitigator = authenticationRiskMitigator; threshold = casProperties.getAuthn().getAdaptive().getRisk().getThreshold(); }
public YubiKeyAuthenticationWebflowEventResolver(final AuthenticationSystemSupport authenticationSystemSupport, final CentralAuthenticationService centralAuthenticationService, final ServicesManager servicesManager, final TicketRegistrySupport ticketRegistrySupport, final CookieGenerator warnCookieGenerator, final AuthenticationServiceSelectionPlan authenticationSelectionStrategies, final MultifactorAuthenticationProviderSelector selector) { super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, warnCookieGenerator, authenticationSelectionStrategies, selector); }
public OidcAuthenticationContextWebflowEventEventResolver(final AuthenticationSystemSupport authenticationSystemSupport, final CentralAuthenticationService centralAuthenticationService, final ServicesManager servicesManager, final TicketRegistrySupport ticketRegistrySupport, final CookieGenerator warnCookieGenerator, final AuthenticationServiceSelectionPlan authenticationSelectionStrategies, final MultifactorAuthenticationProviderSelector selector) { super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, warnCookieGenerator, authenticationSelectionStrategies, selector); }
public OneTimeTokenAuthenticationWebflowEventResolver(final AuthenticationSystemSupport authenticationSystemSupport, final CentralAuthenticationService centralAuthenticationService, final ServicesManager servicesManager, final TicketRegistrySupport ticketRegistrySupport, final CookieGenerator warnCookieGenerator, final AuthenticationServiceSelectionPlan authenticationSelectionStrategies, final MultifactorAuthenticationProviderSelector selector) { super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, warnCookieGenerator, authenticationSelectionStrategies, selector); }
public AuthyAuthenticationWebflowEventResolver(final AuthenticationSystemSupport authenticationSystemSupport, final CentralAuthenticationService centralAuthenticationService, final ServicesManager servicesManager, final TicketRegistrySupport ticketRegistrySupport, final CookieGenerator warnCookieGenerator, final AuthenticationServiceSelectionPlan authenticationSelectionStrategies, final MultifactorAuthenticationProviderSelector selector) { super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, warnCookieGenerator, authenticationSelectionStrategies, selector); }
public SurrogateWebflowEventResolver(final AuthenticationSystemSupport authenticationSystemSupport, final CentralAuthenticationService centralAuthenticationService, final ServicesManager servicesManager, final TicketRegistrySupport ticketRegistrySupport, final CookieGenerator warnCookieGenerator, final AuthenticationServiceSelectionPlan authenticationSelectionStrategies, final MultifactorAuthenticationProviderSelector selector, final SurrogateAuthenticationService surrogateService) { super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, warnCookieGenerator, authenticationSelectionStrategies, selector); this.surrogateService = surrogateService; }
public DuoAuthenticationWebflowEventResolver(final AuthenticationSystemSupport authenticationSystemSupport, final CentralAuthenticationService centralAuthenticationService, final ServicesManager servicesManager, final TicketRegistrySupport ticketRegistrySupport, final CookieGenerator warnCookieGenerator, final AuthenticationServiceSelectionPlan authenticationSelectionStrategies, final MultifactorAuthenticationProviderSelector selector) { super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, warnCookieGenerator, authenticationSelectionStrategies, selector); }
public U2FAuthenticationWebflowEventResolver(final AuthenticationSystemSupport authenticationSystemSupport, final CentralAuthenticationService centralAuthenticationService, final ServicesManager servicesManager, final TicketRegistrySupport ticketRegistrySupport, final CookieGenerator warnCookieGenerator, final AuthenticationServiceSelectionPlan authenticationSelectionStrategies, final MultifactorAuthenticationProviderSelector selector) { super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, warnCookieGenerator, authenticationSelectionStrategies, selector); }
public BaseMultifactorAuthenticationProviderEventResolver(final AuthenticationSystemSupport authenticationSystemSupport, final CentralAuthenticationService centralAuthenticationService, final ServicesManager servicesManager, final TicketRegistrySupport ticketRegistrySupport, final CookieGenerator warnCookieGenerator, final AuthenticationServiceSelectionPlan authenticationSelectionStrategies, final MultifactorAuthenticationProviderSelector selector) { super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, warnCookieGenerator, authenticationSelectionStrategies, selector); }
public PrincipalAttributeMultifactorAuthenticationPolicyEventResolver(final AuthenticationSystemSupport authenticationSystemSupport, final CentralAuthenticationService centralAuthenticationService, final ServicesManager servicesManager, final TicketRegistrySupport ticketRegistrySupport, final CookieGenerator warnCookieGenerator, final AuthenticationServiceSelectionPlan authSelectionStrategies, final MultifactorAuthenticationProviderSelector selector, final CasConfigurationProperties casProperties) { super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, warnCookieGenerator, authSelectionStrategies, selector); globalPrincipalAttributeValueRegex = casProperties.getAuthn().getMfa().getGlobalPrincipalAttributeValueRegex(); attributeNames = commaDelimitedListToSet(casProperties.getAuthn().getMfa().getGlobalPrincipalAttributeNameTriggers()); }
public RegisteredServicePrincipalAttributeMultifactorAuthenticationPolicyEventResolver( final AuthenticationSystemSupport authenticationSystemSupport, final CentralAuthenticationService centralAuthenticationService, final ServicesManager servicesManager, final TicketRegistrySupport ticketRegistrySupport, final CookieGenerator warnCookieGenerator, final AuthenticationServiceSelectionPlan authenticationSelectionStrategies, final MultifactorAuthenticationProviderSelector selector) { super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, warnCookieGenerator, authenticationSelectionStrategies, selector); }
public PredicatedPrincipalAttributeMultifactorAuthenticationPolicyEventResolver(final AuthenticationSystemSupport authenticationSystemSupport, final CentralAuthenticationService centralAuthenticationService, final ServicesManager servicesManager, final TicketRegistrySupport ticketRegistrySupport, final CookieGenerator warnCookieGenerator, final AuthenticationServiceSelectionPlan authSelectionStrategies, final MultifactorAuthenticationProviderSelector selector, final CasConfigurationProperties casProperties) { super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, warnCookieGenerator, authSelectionStrategies, selector, casProperties); predicateResource = casProperties.getAuthn().getMfa().getGlobalPrincipalAttributePredicate(); }
public AuthenticationAttributeMultifactorAuthenticationPolicyEventResolver(final AuthenticationSystemSupport authenticationSystemSupport, final CentralAuthenticationService centralAuthenticationService, final ServicesManager servicesManager, final TicketRegistrySupport ticketRegistrySupport, final CookieGenerator warnCookieGenerator, final AuthenticationServiceSelectionPlan selectionStrategies, final MultifactorAuthenticationProviderSelector selector, final CasConfigurationProperties casProperties) { super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, warnCookieGenerator, selectionStrategies, selector); globalAuthenticationAttributeValueRegex = casProperties.getAuthn().getMfa().getGlobalAuthenticationAttributeValueRegex(); attributeNames = commaDelimitedListToSet(casProperties.getAuthn().getMfa().getGlobalAuthenticationAttributeNameTriggers()); }
public RestEndpointMultifactorAuthenticationPolicyEventResolver(final AuthenticationSystemSupport authenticationSystemSupport, final CentralAuthenticationService centralAuthenticationService, final ServicesManager servicesManager, final TicketRegistrySupport ticketRegistrySupport, final CookieGenerator warnCookieGenerator, final AuthenticationServiceSelectionPlan authSelectionStrategies, final MultifactorAuthenticationProviderSelector selector, final CasConfigurationProperties casProperties) { super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, warnCookieGenerator, authSelectionStrategies, selector); this.restEndpoint = casProperties.getAuthn().getMfa().getRestEndpoint(); }
public GlobalMultifactorAuthenticationPolicyEventResolver(final AuthenticationSystemSupport authenticationSystemSupport, final CentralAuthenticationService centralAuthenticationService, final ServicesManager servicesManager, final TicketRegistrySupport ticketRegistrySupport, final CookieGenerator warnCookieGenerator, final AuthenticationServiceSelectionPlan authenticationSelectionStrategies, final MultifactorAuthenticationProviderSelector selector, final CasConfigurationProperties casProperties) { super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, warnCookieGenerator, authenticationSelectionStrategies, selector); globalProviderId = casProperties.getAuthn().getMfa().getGlobalProviderId(); }
public GroovyScriptMultifactorAuthenticationPolicyEventResolver(final AuthenticationSystemSupport authenticationSystemSupport, final CentralAuthenticationService centralAuthenticationService, final ServicesManager servicesManager, final TicketRegistrySupport ticketRegistrySupport, final CookieGenerator warnCookieGenerator, final AuthenticationServiceSelectionPlan authenticationSelectionStrategies, final MultifactorAuthenticationProviderSelector selector, final CasConfigurationProperties casProperties) { super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, warnCookieGenerator, authenticationSelectionStrategies, selector); groovyScript = casProperties.getAuthn().getMfa().getGroovyScript(); }
public RequestParameterMultifactorAuthenticationPolicyEventResolver(final AuthenticationSystemSupport authenticationSystemSupport, final CentralAuthenticationService centralAuthenticationService, final ServicesManager servicesManager, final TicketRegistrySupport ticketRegistrySupport, final CookieGenerator warnCookieGenerator, final AuthenticationServiceSelectionPlan authenticationStrategies, final MultifactorAuthenticationProviderSelector selector, final CasConfigurationProperties casProperties) { super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, warnCookieGenerator, authenticationStrategies, selector); mfaRequestParameter = casProperties.getAuthn().getMfa().getRequestParameter(); }
public RegisteredServiceMultifactorAuthenticationPolicyEventResolver(final AuthenticationSystemSupport authenticationSystemSupport, final CentralAuthenticationService centralAuthenticationService, final ServicesManager servicesManager, final TicketRegistrySupport ticketRegistrySupport, final CookieGenerator warnCookieGenerator, final AuthenticationServiceSelectionPlan authSelectionStrategies, final MultifactorAuthenticationProviderSelector selector) { super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, warnCookieGenerator, authSelectionStrategies, selector); }
public InitialAuthenticationAttemptWebflowEventResolver(final AuthenticationSystemSupport authenticationSystemSupport, final CentralAuthenticationService centralAuthenticationService, final ServicesManager servicesManager, final TicketRegistrySupport ticketRegistrySupport, final CookieGenerator warnCookieGenerator, final AuthenticationServiceSelectionPlan authenticationSelectionStrategies, final MultifactorAuthenticationProviderSelector selector) { super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, warnCookieGenerator, authenticationSelectionStrategies, selector); }
public ServiceTicketRequestWebflowEventResolver(final AuthenticationSystemSupport authenticationSystemSupport, final CentralAuthenticationService centralAuthenticationService, final ServicesManager servicesManager, final TicketRegistrySupport ticketRegistrySupport, final CookieGenerator warnCookieGenerator, final AuthenticationServiceSelectionPlan authenticationSelectionStrategies, final MultifactorAuthenticationProviderSelector selector) { super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, warnCookieGenerator, authenticationSelectionStrategies, selector); }
public AdaptiveMultifactorAuthenticationPolicyEventResolver(final AuthenticationSystemSupport authenticationSystemSupport, final CentralAuthenticationService centralAuthenticationService, final ServicesManager servicesManager, final TicketRegistrySupport ticketRegistrySupport, final CookieGenerator warnCookieGenerator, final AuthenticationServiceSelectionPlan authenticationSelectionStrategies, final MultifactorAuthenticationProviderSelector selector, final CasConfigurationProperties casProperties, final GeoLocationService geoLocationService) { super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, warnCookieGenerator, authenticationSelectionStrategies, selector); multifactorMap = casProperties.getAuthn().getAdaptive().getRequireMultifactor(); this.geoLocationService = geoLocationService; }
public NoOpCasWebflowEventResolver(final AuthenticationSystemSupport authenticationSystemSupport, final CentralAuthenticationService centralAuthenticationService, final ServicesManager servicesManager, final TicketRegistrySupport ticketRegistrySupport, final CookieGenerator warnCookieGenerator, final AuthenticationServiceSelectionPlan authenticationSelectionStrategies, final MultifactorAuthenticationProviderSelector selector) { super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, warnCookieGenerator, authenticationSelectionStrategies, selector); }
public RankedAuthenticationProviderWebflowEventResolver(final AuthenticationSystemSupport authenticationSystemSupport, final CentralAuthenticationService centralAuthenticationService, final ServicesManager servicesManager, final TicketRegistrySupport ticketRegistrySupport, final CookieGenerator warnCookieGenerator, final AuthenticationServiceSelectionPlan authenticationSelectionStrategies, final MultifactorAuthenticationProviderSelector selector, final AuthenticationContextValidator authenticationContextValidator, final CasDelegatingWebflowEventResolver casDelegatingWebflowEventResolver) { super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, warnCookieGenerator, authenticationSelectionStrategies, selector); this.authenticationContextValidator = authenticationContextValidator; this.initialAuthenticationAttemptWebflowEventResolver = casDelegatingWebflowEventResolver; }
public SelectiveAuthenticationProviderWebflowEventEventResolver(final AuthenticationSystemSupport authenticationSystemSupport, final CentralAuthenticationService centralAuthenticationService, final ServicesManager servicesManager, final TicketRegistrySupport ticketRegistrySupport, final CookieGenerator warnCookieGenerator, final AuthenticationServiceSelectionPlan authenticationSelectionStrategies, final MultifactorAuthenticationProviderSelector selector) { super(authenticationSystemSupport, centralAuthenticationService, servicesManager, ticketRegistrySupport, warnCookieGenerator, authenticationSelectionStrategies, selector); }
public AbstractCasWebflowEventResolver(final AuthenticationSystemSupport authenticationSystemSupport, final CentralAuthenticationService centralAuthenticationService, final ServicesManager servicesManager, final TicketRegistrySupport ticketRegistrySupport, final CookieGenerator warnCookieGenerator, final AuthenticationServiceSelectionPlan authenticationSelectionStrategies, final MultifactorAuthenticationProviderSelector selector) { this.authenticationSystemSupport = authenticationSystemSupport; this.centralAuthenticationService = centralAuthenticationService; this.servicesManager = servicesManager; this.ticketRegistrySupport = ticketRegistrySupport; this.warnCookieGenerator = warnCookieGenerator; authenticationRequestServiceSelectionStrategies = authenticationSelectionStrategies; multifactorAuthenticationProviderSelector = selector; }
/** * Put warn cookie if request parameter present. * * @param warnCookieGenerator the warn cookie generator * @param context the context */ public static void putWarnCookieIfRequestParameterPresent(final CookieGenerator warnCookieGenerator, final RequestContext context) { if (warnCookieGenerator != null) { LOGGER.debug("Evaluating request to determine if warning cookie should be generated"); final HttpServletResponse response = WebUtils.getHttpServletResponse(context); if (StringUtils.isNotBlank(context.getExternalContext().getRequestParameterMap().get("warn"))) { warnCookieGenerator.addCookie(response, "true"); } } else { LOGGER.debug("No warning cookie generator is defined"); } }
/** * checks if a session with data exists and puts all its data into a session data cookie which is added to the response. * * @param httpServletRequest * @param httpServletResponse * @throws IOException */ protected void addCookieToResponseIfSessionDataExists(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException { if (sessionExists(httpServletRequest)) { LOG.debug("OUT: session exists."); Map<String, Object> sessionData = retrieveSessionDataFromSession(httpServletRequest.getSession(false)); if (!sessionData.isEmpty()) { LOG.debug("OUT: sessiondata exists: " + sessionData); byte[] cookiePayload = getCookiePayload(sessionData); CookieGenerator cookieGenerator = getSessionDataCookieGenerator(); LOG.debug("OUT: will add session data cookie to response. value: " + new String(cookiePayload)); cookieGenerator.addCookie(httpServletResponse, new String(cookiePayload)); } } }
/** * if you need to customize the cookie (timeout, http-only and so on), you * may overwrite this. It makes sense to make this cookie a session cookie * btw, since it contains session information :) * * @param cookieGenerator */ protected void customizeSessionDataCookie(CookieGenerator cookieGenerator) { cookieGenerator.setCookieName(SESSIONDATACOOKIENAME); // since the cookie contains encrypted data, it is not supposed to be // read by scripts. cookieGenerator.setCookieHttpOnly(true); // set this cookie to be a session cookie. If you think you need more // here, rather use proper cookies for persisting things to the client. cookieGenerator.setCookieMaxAge(-1); // this kind of cookies should be on a https endpoint... // TODO: think on how we could make sure this is enabled for production, maybe use profiles? // cookieGenerator.setCookieSecure(true); }
@Before public void onSetUp() throws Exception { this.action = new AuthenticationViaFormAction(); this.warnCookieGenerator = new CookieGenerator(); this.warnCookieGenerator.setCookieName("WARN"); this.warnCookieGenerator.setCookieName("TGT"); this.warnCookieGenerator.setCookieDomain("/"); this.warnCookieGenerator.setCookiePath("/"); this.action .setCentralAuthenticationService(getCentralAuthenticationService()); this.action.setWarnCookieGenerator(this.warnCookieGenerator); // this.action.afterPropertiesSet(); }