@Override public boolean equals(final Object obj) { if (!(obj instanceof Authentication)) { return false; } if (obj == this) { return true; } final Authentication other = (Authentication) obj; final EqualsBuilder builder = new EqualsBuilder(); builder.append(this.principal, other.getPrincipal()); builder.append(this.credentials, other.getCredentials()); builder.append(this.successes, other.getSuccesses()); builder.append(this.authenticationDate, other.getAuthenticationDate()); builder.append(wrap(this.attributes), other.getAttributes()); builder.append(wrap(this.failures), other.getFailures()); return builder.isEquals(); }
/** * Creates a new instance from an authentication event that was successful prior to principal resolution. * * @param authentication Authentication event. */ public UnresolvedPrincipalException(final Authentication authentication) { super(UNRESOLVED_PRINCIPAL, authentication.getFailures(), authentication.getSuccesses()); }
@Override public boolean isSatisfiedBy(final Authentication authn) { return authn.getSuccesses().size() == authn.getCredentials().size(); } }
@Override public boolean isSatisfiedBy(final Authentication authn) { if (this.tryAll) { return authn.getCredentials().size() == authn.getSuccesses().size() + authn.getFailures().size(); } return !authn.getSuccesses().isEmpty(); } }
/** * Enumerates the list of available principals in the authentication chain * and ensures that the newly given and provided principal is compliant * and equals the rest of the principals in the chain. The match * is explicitly controlled by {@link Principal#equals(Object)} * implementation. * * @param authentication the authentication object whose principal is compared against the chain * @return true if no mismatch is found; false otherwise. */ private boolean doesPrincipalMatchAuthenticationChain(final Authentication authentication) { for (final Authentication authn : this.chainedAuthentication) { final Principal currentPrincipal = authn.getPrincipal(); final Principal newPrincipal = authentication.getPrincipal(); if (!currentPrincipal.equals(newPrincipal)) { return false; } } return true; }
final Principal principal = authentication.getPrincipal(); sso.put(SsoSessionAttributeKeys.AUTHENTICATION_DATE.toString(), authentication.getAuthenticationDate()); sso.put(SsoSessionAttributeKeys.AUTHENTICATION_DATE_FORMATTED.toString(), dateFormat.format(authentication.getAuthenticationDate())); sso.put(SsoSessionAttributeKeys.NUMBER_OF_USES.toString(), tgt.getCountOfUses()); sso.put(SsoSessionAttributeKeys.TICKET_GRANTING_TICKET.toString(), tgt.getId()); sso.put(SsoSessionAttributeKeys.PRINCIPAL_ATTRIBUTES.toString(), principal.getAttributes()); sso.put(SsoSessionAttributeKeys.AUTHENTICATION_ATTRIBUTES.toString(), authentication.getAttributes());
private AuthenticationStatement newAuthenticationStatement(final Authentication authentication) { final String authenticationMethod = (String) authentication.getAttributes().get( SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD); final AuthenticationStatement authnStatement = newSamlObject(AuthenticationStatement.class); authnStatement.setAuthenticationInstant(new DateTime(authentication.getAuthenticatedDate())); authnStatement.setAuthenticationMethod(authenticationMethod != null ? authenticationMethod : SamlAuthenticationMetaDataPopulator.AUTHN_METHOD_UNSPECIFIED); authnStatement.setSubject(newSubject(authentication.getPrincipal().getId())); return authnStatement; }
@Override protected void prepareResponse(final Response response, final Map<String, Object> model) { final Authentication authentication = getAssertionFrom(model).getChainedAuthentications().get(0); final DateTime issuedAt = response.getIssueInstant(); final Service service = getAssertionFrom(model).getService(); final Object o = authentication.getAttributes().get(RememberMeCredentials.AUTHENTICATION_ATTRIBUTE_REMEMBER_ME); final boolean isRemembered = o == Boolean.TRUE && !getAssertionFrom(model).isFromNewLogin(); // Build up the SAML assertion containing AuthenticationStatement and AttributeStatement final Assertion assertion = newSamlObject(Assertion.class); assertion.setID(generateId()); assertion.setIssueInstant(issuedAt); assertion.setIssuer(this.issuer); assertion.setConditions(newConditions(issuedAt, service.getId())); final AuthenticationStatement authnStatement = newAuthenticationStatement(authentication); assertion.getAuthenticationStatements().add(authnStatement); final Map<String, Object> attributes = authentication.getPrincipal().getAttributes(); if (!attributes.isEmpty() || isRemembered) { assertion.getAttributeStatements().add( newAttributeStatement(newSubject(authentication.getPrincipal().getId()), attributes, isRemembered)); } response.setStatus(newStatus(StatusCode.SUCCESS, null)); response.getAssertions().add(assertion); }
/** * Gets an authentication attribute from the primary authentication object. * * @param model the model * @param attributeName the attribute name * @return the authentication attribute */ protected final String getAuthenticationAttribute(final Map<String, Object> model, final String attributeName) { final Authentication authn = getPrimaryAuthenticationFrom(model); return (String) authn.getAttributes().get(attributeName); } /**
@Override public Collection<Map<String, Object>> getActiveSsoSessions() throws BulkRetrievalOfTicketsNotSupportedException { final List<Map<String, Object>> activeSessions = new ArrayList<Map<String, Object>>(); for(TicketGrantingTicket tgt : this.ticketSupport.getNonExpiredTicketGrantingTickets()) { final Map<String, Object> sso = new HashMap<String, Object>(3); sso.put(SsoSessionAttributeKeys.AUTHENTICATED_PRINCIPAL.toString(), tgt.getAuthentication().getPrincipal().getId()); sso.put(SsoSessionAttributeKeys.AUTHENTICATION_DATE.toString(), tgt.getAuthentication().getAuthenticatedDate()); sso.put(SsoSessionAttributeKeys.NUMBER_OF_USES.toString(), tgt.getCountOfUses()); activeSessions.add(Collections.unmodifiableMap(sso)); } return Collections.unmodifiableCollection(activeSessions); } }
@Override protected void prepareResponse(final Response response, final Map<String, Object> model) { final DateTime issuedAt = response.getIssueInstant(); final Service service = getAssertionFrom(model).getService(); final Authentication authentication = getPrimaryAuthenticationFrom(model); final String authenticationMethod = (String) authentication.getAttributes().get( SamlAuthenticationMetaDataPopulator.ATTRIBUTE_AUTHENTICATION_METHOD); final AuthenticationStatement authnStatement = this.samlObjectBuilder.newAuthenticationStatement( authentication.getAuthenticationDate().toDate(), authenticationMethod, getPrincipal(model).getId()); final Assertion assertion = this.samlObjectBuilder.newAssertion(authnStatement, this.issuer, issuedAt, this.samlObjectBuilder.generateSecureRandomId()); final Conditions conditions = this.samlObjectBuilder.newConditions(issuedAt, service.getId(), this.issueLength); assertion.setConditions(conditions); final Subject subject = this.samlObjectBuilder.newSubject(getPrincipal(model).getId()); final Map<String, Object> attributesToSend = prepareSamlAttributes(model, service); if (!attributesToSend.isEmpty()) { assertion.getAttributeStatements().add(this.samlObjectBuilder.newAttributeStatement( subject, attributesToSend, VALIDATION_SAML_ATTRIBUTE_NAMESPACE)); } response.setStatus(this.samlObjectBuilder.newStatus(StatusCode.SUCCESS, null)); response.getAssertions().add(assertion); }
/** * Gets authentication date. * * @param model the model * @return the authentication date * @since 4.1.0 */ protected final DateTime getAuthenticationDate(final Map<String, Object> model) { return getPrimaryAuthenticationFrom(model).getAuthenticationDate(); }
@Override public boolean isSatisfiedBy(final Authentication authentication) { for (final String required : context.getRegisteredService().getRequiredHandlers()) { if (!authentication.getSuccesses().containsKey(required)) { return false; } } return true; } };
@Override public boolean isSatisfiedBy(final Authentication authentication) { for (final String handler : authentication.getFailures().keySet()) { if (authentication.getFailures().get(handler).isAssignableFrom(PreventedException.class)) { return false; } } return super.isSatisfiedBy(authentication); } }
@Override public Principal getAuthenticatedPrincipalFrom(final String ticketGrantingTicketId) throws RuntimeException { final Authentication auth = getAuthenticationFrom(ticketGrantingTicketId); return auth == null ? null : auth.getPrincipal(); }
/** * Retrieves the collection of authentication methods available in the list * of authentication attributes. The authentication attribute that refers to the set of methods satisfied is * by the name of {@link MultiFactorAuthenticationSupportingWebApplicationService#CONST_PARAM_AUTHN_METHOD}. * * @param authentication the authentication that houses the methods. * @return collection of fulfilled authentication methods */ public static Set<String> getSatisfiedAuthenticationMethods(final Authentication authentication) { if (authentication.getAttributes().containsKey(MultiFactorAuthenticationSupportingWebApplicationService.CONST_PARAM_AUTHN_METHOD)) { final Object methods = authentication.getAttributes().get( MultiFactorAuthenticationSupportingWebApplicationService.CONST_PARAM_AUTHN_METHOD); if (methods != null) { final Set<Object> valuesAsACollection = convertValueToCollection(methods); return new HashSet<>(Arrays.asList(valuesAsACollection.toArray(new String[]{}))); } } return Collections.emptySet(); }
@Override public boolean isSatisfiedBy(final Authentication authn) { boolean credsOk = true; if (this.tryAll) { credsOk = authn.getCredentials().size() == authn.getSuccesses().size() + authn.getFailures().size(); } return credsOk && StringUtils.isNotBlank(this.requiredHandlerName) && authn.getSuccesses().containsKey(this.requiredHandlerName); } }
/** * Creates a new instance from what would otherwise have been a successful authentication event and the two * disparate principals resolved. * * @param authentication Authentication event. * @param a First resolved principal. * @param b Second resolved principal. */ public MixedPrincipalException(final Authentication authentication, final Principal a, final Principal b) { super(a + " != " + b, authentication.getFailures(), authentication.getSuccesses()); this.first = a; this.second = b; }
/** * Add authentication method attribute. * * @param builder the builder * @param authentication the authentication */ private void addAuthenticationMethodAttribute(final AuthenticationBuilder builder, final Authentication authentication) { for (final HandlerResult result : authentication.getSuccesses().values()) { builder.addAttribute(AUTHENTICATION_METHOD_ATTRIBUTE, result.getHandlerName()); } }
/** * Creates a new builder initialized with data from the given authentication source. * * @param source Authentication source. * * @return New builder instance initialized with all fields in the given authentication source. */ public static AuthenticationBuilder newInstance(final Authentication source) { final DefaultAuthenticationBuilder builder = new DefaultAuthenticationBuilder(source.getPrincipal()); builder.setAuthenticationDate(source.getAuthenticationDate()); builder.setCredentials(source.getCredentials()); builder.setSuccesses(source.getSuccesses()); builder.setFailures(source.getFailures()); builder.setAttributes(source.getAttributes()); return builder; }