@Override public HandlerResult authenticate(final Credential credential) throws GeneralSecurityException { logger.debug("Trusting credential for: {}", credential); return new DefaultHandlerResult( this, (PrincipalBearingCredential) credential, this.principalFactory.createPrincipal(credential.getId())); }
/** * Helper method to construct a handler result * on successful authentication events. * * @param credential the credential on which the authentication was successfully performed. * Note that this credential instance may be different from what was originally provided * as transformation of the username may have occurred, if one is in fact defined. * @param principal the resolved principal * @param warnings the warnings * @return the constructed handler result */ protected final HandlerResult createHandlerResult(final Credential credential, final Principal principal, final List<MessageDescriptor> warnings) { return new DefaultHandlerResult(this, new BasicCredentialMetaData(credential), principal, warnings); } }
@Override public HandlerResult authenticate(final Credential credential) throws GeneralSecurityException, PreventedException { try { if (this.legacyHandler.authenticate(credentialsAdapter.convert(credential))) { final CredentialMetaData md; if (credential instanceof CredentialMetaData) { md = (CredentialMetaData) credential; } else { md = new BasicCredentialMetaData(credential); } return new DefaultHandlerResult(this, md); } else { throw new FailedLoginException( String.format("%s failed to authenticate %s", this.getName(), credential)); } } catch (final org.jasig.cas.authentication.handler.AuthenticationException e) { throw new GeneralSecurityException( String.format("%s failed to authenticate %s", this.getName(), credential), e); } }
@Override public HandlerResult authenticate(final Credential credential) throws GeneralSecurityException { final RemoteAddressCredential c = (RemoteAddressCredential) credential; if (this.inetNetmask != null && this.inetNetwork != null) { try { final InetAddress inetAddress = InetAddress.getByName(c.getRemoteAddress().trim()); if (containsAddress(this.inetNetwork, this.inetNetmask, inetAddress)) { return new DefaultHandlerResult(this, c, this.principalFactory.createPrincipal(c.getId())); } } catch (final UnknownHostException e) { logger.debug("Unknown host {}", c.getRemoteAddress()); } } throw new FailedLoginException(c.getRemoteAddress() + " not in allowed range."); }
throw new FailedLoginException("Principal is null, the processing of the SPNEGO Token failed"); return new DefaultHandlerResult(this, new BasicCredentialMetaData(credential), spnegoCredential.getPrincipal());
@Override protected final HandlerResult doAuthentication(final Credential credential) throws GeneralSecurityException, PreventedException { final X509CertificateCredential x509Credential = (X509CertificateCredential) credential; final X509Certificate[] certificates = x509Credential.getCertificates(); X509Certificate clientCert = null; boolean hasTrustedIssuer = false; for (int i = certificates.length - 1; i >= 0; i--) { final X509Certificate certificate = certificates[i]; logger.debug("Evaluating {}", CertUtils.toString(certificate)); validate(certificate); if (!hasTrustedIssuer) { hasTrustedIssuer = isCertificateFromTrustedIssuer(certificate); } // getBasicConstraints returns pathLenContraint which is generally // >=0 when this is a CA cert and -1 when it's not final int pathLength = certificate.getBasicConstraints(); if (pathLength < 0) { logger.debug("Found valid client certificate"); clientCert = certificate; } else { logger.debug("Found valid CA certificate"); } } if (hasTrustedIssuer && clientCert != null) { x509Credential.setCertificate(clientCert); return new DefaultHandlerResult(this, x509Credential, this.principalFactory.createPrincipal(x509Credential.getId())); } throw new FailedLoginException(); }
@Override public HandlerResult authenticate(final Credential credential) throws GeneralSecurityException { final HttpBasedServiceCredential httpCredential = (HttpBasedServiceCredential) credential; if (!httpCredential.getService().getProxyPolicy().isAllowedProxyCallbackUrl(httpCredential.getCallbackUrl())) { logger.warn("Proxy policy for service [{}] cannot authorize the requested callback url [{}].", httpCredential.getService().getServiceId(), httpCredential.getCallbackUrl()); throw new FailedLoginException(httpCredential.getCallbackUrl() + " cannot be authorized"); } logger.debug("Attempting to authenticate {}", httpCredential); final URL callbackUrl = httpCredential.getCallbackUrl(); if (!this.httpClient.isValidEndPoint(callbackUrl)) { throw new FailedLoginException(callbackUrl.toExternalForm() + " sent an unacceptable response status code"); } return new DefaultHandlerResult(this, httpCredential, this.principalFactory.createPrincipal(httpCredential.getId())); }
@Override public HandlerResult authenticate(final Credential credential) throws GeneralSecurityException { final OpenIdCredential c = (OpenIdCredential) credential; final TicketGrantingTicket t = this.ticketRegistry.getTicket(c.getTicketGrantingTicketId(), TicketGrantingTicket.class); if (t == null || t.isExpired()) { throw new FailedLoginException("TGT is null or expired."); } final Principal principal = t.getAuthentication().getPrincipal(); if (!principal.getId().equals(c.getUsername())) { throw new FailedLoginException("Principal ID mismatch"); } return new DefaultHandlerResult(this, new BasicCredentialMetaData(c), principal); }
/** * Build the handler result. * * @param credentials the provided credentials * @param profile the retrieved user profile * @return the built handler result * @throws GeneralSecurityException On authentication failure. * @throws PreventedException On the indeterminate case when authentication is prevented. */ protected HandlerResult createResult(final ClientCredential credentials, final UserProfile profile) throws GeneralSecurityException, PreventedException { if (profile != null) { final String id; if (typedIdUsed) { id = profile.getTypedId(); } else { id = profile.getId(); } if (StringUtils.isNotBlank(id)) { credentials.setUserProfile(profile); credentials.setTypedIdUsed(typedIdUsed); return new DefaultHandlerResult( this, new BasicCredentialMetaData(credentials), this.principalFactory.createPrincipal(id, profile.getAttributes())); } throw new FailedLoginException("No identifier found for this user profile: " + profile); } throw new FailedLoginException("Authentication did not produce a user profile for: " + credentials); }
throw new FailedLoginException(); return new DefaultHandlerResult(this, new BasicCredentialMetaData(ntlmCredential), ntlmCredential.getPrincipal());