/** {@inheritDoc} */ @Override @Nullable public Boolean apply(@Nullable final AuthenticationContext input) { if (input != null && input.getAuthenticationResult() != null) { return input.getAuthenticationResult().isPreviousResult(); } else { return null; } }
/** {@inheritDoc} */ @Override @Nullable public String apply(@Nullable final ProfileRequestContext input) { final AuthenticationContext authnCtx = input.getSubcontext(AuthenticationContext.class); if (authnCtx != null && authnCtx.getAuthenticationResult() != null) { return authnCtx.getAuthenticationResult().getAuthenticationFlowId(); } return null; }
/** {@inheritDoc} */ @Override @Nullable public T apply(@Nullable final ProfileRequestContext input) { final AuthenticationContext ac = authnContextLookupStrategy.apply(input); if (ac == null || ac.getAuthenticationResult() == null) { return defaultPrincipal; } final Set<T> principals = ac.getAuthenticationResult().getSupportedPrincipals(principalType); if (principals.isEmpty()) { return defaultPrincipal; } else if (principals.size() == 1 || weightMap.isEmpty()) { return principals.iterator().next(); } final Object[] principalArray = principals.toArray(); Arrays.sort(principalArray, new WeightedComparator()); return (T) principalArray[principalArray.length - 1]; }
/** {@inheritDoc} */ @Override protected boolean doPreExecute(@Nonnull final ProfileRequestContext profileRequestContext, @Nonnull final AuthenticationContext authenticationContext) { if (super.doPreExecute(profileRequestContext, authenticationContext) && authenticationContext.getAuthenticationResult() != null) { subjectCtx = subjectContextLookupStrategy.apply(profileRequestContext); sessionCtx = sessionContextCreationStrategy.apply(profileRequestContext); if (sessionCtx == null) { log.error("{} SessionContext creation failed", getLogPrefix()); ActionSupport.buildEvent(profileRequestContext, EventIds.INVALID_PROFILE_CTX); return false; } // We can only do work if a session exists or a non-empty SubjectContext exists. return sessionCtx.getIdPSession() != null || (subjectCtx != null && subjectCtx.getPrincipalName() != null); } return false; }
/** * Update an existing session. * * <p>If the result is the product of an attempted flow, then it's added to the session. * If reused, its last activity time is updated.</p> * * @param authenticationContext current authentication context * @param session session to update * @throws SessionException if an error occurs updating the session */ private void updateIdPSession(@Nonnull final AuthenticationContext authenticationContext, @Nonnull final IdPSession session) throws SessionException { if (authenticationContext.getAttemptedFlow() != null) { if (authenticationContext.isResultCacheable()) { log.debug("{} Adding new AuthenticationResult for flow {} to existing session {}", getLogPrefix(), authenticationContext.getAuthenticationResult().getAuthenticationFlowId(), session.getId()); session.addAuthenticationResult(authenticationContext.getAuthenticationResult()); } } else { log.debug("{} Updating activity time on reused AuthenticationResult for flow {} in existing session {}", getLogPrefix(), authenticationContext.getAuthenticationResult().getAuthenticationFlowId(), session.getId()); session.updateAuthenticationResultActivity(authenticationContext.getAuthenticationResult()); } }
/** * Gets authentication date time. * * @return the authentication date time */ private static DateTime getAuthenticationDateTime(final ProfileRequestContext profileRequestContext) { final AuthenticationContext ctx = profileRequestContext.getSubcontext(AuthenticationContext.class); if (ctx != null && ctx.getAuthenticationResult() != null) { return new DateTime(ctx.getAuthenticationResult().getAuthenticationInstant()); } final SessionContext ctxSession = profileRequestContext.getSubcontext(SessionContext.class); if (ctxSession != null && ctxSession.getIdPSession() != null) { return new DateTime(ctxSession.getIdPSession().getCreationInstant()); } throw new OIDCException("Could not determine authentication time based on authentication or session context"); } }
authenticationResult = authenticationContext.getAuthenticationResult(); if (authenticationResult == null) { log.debug("{} No AuthenticationResult in current authentication context", getLogPrefix());
: authenticationContext.getAuthenticationResult().getSupportedPrincipals(p.getClass())) { if (predicate.apply(new PrincipalSupportingComponent() { public <T extends Principal> Set<T> getSupportedPrincipals(final Class<T> c) {
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext, @Nonnull final AuthenticationContext authenticationContext) { if (canonicalPrincipalName != null) { final SubjectContext sc = profileRequestContext.getSubcontext(SubjectContext.class, true); // Check for an existing value. if (sc.getPrincipalName() != null && !canonicalPrincipalName.equals(sc.getPrincipalName())) { log.warn("{} Result of authentication ({}) does not match existing subject in context ({})", getLogPrefix(), canonicalPrincipalName, sc.getPrincipalName()); ActionSupport.buildEvent(profileRequestContext, IdPEventIds.INVALID_SUBJECT_CTX); return; } sc.setPrincipalName(canonicalPrincipalName); final Map scResults = sc.getAuthenticationResults(); scResults.putAll(authenticationContext.getActiveResults()); final AuthenticationResult latest = authenticationContext.getAuthenticationResult(); if (latest != null && !scResults.containsKey(latest.getAuthenticationFlowId())) { scResults.put(latest.getAuthenticationFlowId(), latest); } } authenticationContext.setCompletionInstant(); }
/** * Create a new session and populate the SessionContext. * * @param authenticationContext current authentication context * @throws SessionException if an error occurs creating the session */ private void createIdPSession(@Nonnull final AuthenticationContext authenticationContext) throws SessionException { log.debug("{} Creating new session for principal {}", getLogPrefix(), subjectCtx.getPrincipalName()); sessionCtx.setIdPSession(sessionManager.createSession(subjectCtx.getPrincipalName())); if (authenticationContext.isResultCacheable()) { sessionCtx.getIdPSession().addAuthenticationResult(authenticationContext.getAuthenticationResult()); } } }
authorities.add(new SimpleGrantedAuthority(authority.toString())); if (authCtx.getAuthenticationResult() != null) { final AuthenticationMethodRefAuthority authority = new AuthenticationMethodRefAuthority( authCtx.getAuthenticationResult().getAuthenticationFlowId()); LOG.debug("Adding authority {}", authority.getAuthority()); authorities.add(new SimpleGrantedAuthority(authority.toString()));
final AuthenticationResult result = authenticationContext.getAuthenticationResult(); if (null != result) { resolutionContext.setPrincipalAuthenticationMethod(result.getAuthenticationFlowId());
final AuthenticationResult result = authenticationContext.getAuthenticationResult(); if (null != result) { filterContext.setPrincipalAuthenticationMethod(result.getAuthenticationFlowId());
/** {@inheritDoc} */ @Override protected void doExecute(@Nonnull final ProfileRequestContext profileRequestContext) { final AuthenticationContext authnCtx = new AuthenticationContext(); if (authnRequest != null) { authnCtx.setForceAuthn(authnRequest.isForceAuthn()); authnCtx.setIsPassive(authnRequest.isPassive()); } final AuthenticationContext initialAuthnContext = profileRequestContext.getSubcontext(AuthenticationContext.class); if (initialAuthnContext != null) { authnCtx.setInitialAuthenticationResult(initialAuthnContext.getAuthenticationResult()); } if (!authnCtx.isForceAuthn()) { authnCtx.setForceAuthn(forceAuthnPredicate.apply(profileRequestContext)); } profileRequestContext.addSubcontext(authnCtx, true); log.debug("{} Created authentication context: {}", getLogPrefix(), authnCtx); }
@Nonnull @Override protected Event doExecute(@Nonnull final RequestContext springRequestContext, @Nonnull final ProfileRequestContext profileRequestContext){ final AuthenticationContext ac = new AuthenticationContext(); ac.setForceAuthn(getCASRequest(profileRequestContext).isRenew()); ac.setIsPassive(false); if (!ac.isForceAuthn()) { final LoginConfiguration config = configLookupFunction.apply(profileRequestContext); if (config != null) { ac.setForceAuthn(config.getForceAuthnPredicate().apply(profileRequestContext)); } } final AuthenticationContext initialAuthnContext = profileRequestContext.getSubcontext(AuthenticationContext.class); if (initialAuthnContext != null) { ac.setInitialAuthenticationResult(initialAuthnContext.getAuthenticationResult()); } profileRequestContext.addSubcontext(ac, true); profileRequestContext.setBrowserProfile(true); return null; }
final AuthenticationResult result = authenticationContext.getAuthenticationResult(); if (result != null) { if (EventIds.PROCEED_EVENT_ID.equals(previousEvent)) {
authenticationContext.getSubcontext(RequestedPrincipalContext.class); if (requestedPrincipalCtx != null) { final AuthenticationResult latest = authenticationContext.getAuthenticationResult(); if (latest == null) { log.warn("{} Authentication result missing from context?", getLogPrefix());
if (authenticationContext.getAuthenticationResult() != null) { if (extContext.getAuthnInstant() != null) { authenticationContext.getAuthenticationResult().setAuthenticationInstant( extContext.getAuthnInstant().getMillis()); authenticationContext.getAuthenticationResult().setPreviousResult(true);
final AuthenticationResult authnResult; if (authnCtx != null) { authnResult = authnCtx.getAuthenticationResult(); } else { authnResult = getLatestAuthenticationResult(session);