Java源码示例:org.pac4j.core.profile.CommonProfile
示例1
/**
* Initializes the authentication and authorization of NNA.
*
* @param appConf the security configuration
* @param jwtAuth the JWT authentication object
* @param jwtGen the JWT generator object
* @param ldapAuthenticator ldap authenticator
*/
public void init(
ApplicationConfiguration appConf,
JwtAuthenticator jwtAuth,
JwtGenerator<CommonProfile> jwtGen,
LdapAuthenticator ldapAuthenticator) {
this.applicationConfiguration = appConf;
this.jwtAuthenticator = jwtAuth;
this.jwtGenerator = jwtGen;
this.ldapAuthenticator = ldapAuthenticator;
this.adminUsers = new UserSet(appConf.getAdminUsers());
this.writeUsers = new UserSet(appConf.getWriteUsers());
this.readOnlyUsers = new UserSet(appConf.getReadOnlyUsers());
this.cacheReaderUsers = new UserSet(appConf.getCacheReaderUsers());
this.localOnlyUsers = new UserPasswordSet(appConf.getLocalOnlyUsers());
this.init = true;
}
示例2
private boolean localLogin(
HttpServletRequest request, HttpServletResponse response, String username, String password)
throws AuthenticationException {
if (localOnlyUsers.allows(username)) {
if (localOnlyUsers.authenticate(username, password)) {
LOG.debug("Login success via [LOCAL] for: {} at {}", username, request.getRemoteAddr());
CommonProfile profile = new CommonProfile();
profile.setId(username);
String generate = jwtGenerator.generate(profile);
response.addHeader("Set-Cookie", "nna-jwt-token=" + generate);
currentUser.set(username);
return true;
} else {
LOG.info("Login failed via [LOCAL] for: {}", request.getRemoteAddr());
throw new BadCredentialsException("Invalid credentials for: " + username);
}
}
return false;
}
示例3
@Override
public int readFromBuffer(int pos, Buffer buffer) {
int posLocal = super.readFromBuffer(pos, buffer);
final int jsonByteCount = buffer.getInt(posLocal);
posLocal += 4;
final byte[] jsonBytes = buffer.getBytes(posLocal, posLocal + jsonByteCount);
posLocal += jsonByteCount;
final String json = new String(jsonBytes, StandardCharsets.UTF_8);
final JsonObject profiles = new JsonObject(json);
final Map<String, CommonProfile> decodedUserProfiles = profiles.stream()
.filter(e -> e.getValue() instanceof JsonObject)
.map(e -> new MappedPair<>(e.getKey(),
(CommonProfile) DefaultJsonConverter.getInstance().decodeObject(e.getValue())))
.collect(toMap(e -> e.key, e -> e.value));
setUserProfiles(decodedUserProfiles);
return posLocal;
}
示例4
private boolean ldapLogin(
HttpServletRequest request, HttpServletResponse response, String username, String password)
throws HttpAction {
if (ldapAuthenticator != null) {
RuntimeException authFailedEx = null;
Set<String> ldapBaseDns = applicationConfiguration.getLdapBaseDn();
for (String ldapBaseDn : ldapBaseDns) {
String ldapDnRegexd = ldapBaseDn.replaceAll("%u", username);
ldapAuthenticator.getLdapAuthenticator().setDnResolver(new FormatDnResolver(ldapDnRegexd));
UsernamePasswordCredentials credentials =
new UsernamePasswordCredentials(username, password, request.getRemoteAddr());
try {
ldapAuthenticator.validate(credentials, new J2EContext(request, response));
} catch (RuntimeException e) {
authFailedEx = e;
continue;
}
LOG.debug("Login success via [LDAP] for: {} at {}", username, request.getRemoteAddr());
CommonProfile profile = credentials.getUserProfile();
profile.setId(username);
String generate = jwtGenerator.generate(profile);
response.addHeader("Set-Cookie", "nna-jwt-token=" + generate);
currentUser.set(username);
return true;
}
if (authFailedEx != null) {
LOG.info("Login failed via [LDAP] for: {}", request.getRemoteAddr());
throw authFailedEx;
}
}
return false;
}
示例5
/**
* Perform logout of authenticated web session.
*
* @param request - The HTTP request.
* @param response - The HTTP response.
*/
public void logout(HttpServletRequest request, HttpServletResponse response) throws IOException {
boolean authenticationEnabled = isAuthenticationEnabled();
ProfileManager<CommonProfile> manager = new ProfileManager<>(new J2EContext(request, response));
Optional<CommonProfile> profile = manager.get(false);
if (authenticationEnabled && profile.isPresent()) {
manager.logout();
HttpSession session = request.getSession();
if (session != null) {
session.invalidate();
}
Cookie cookie = new Cookie("nna-jwt-token", "");
cookie.setMaxAge(0);
response.addCookie(cookie);
response.addHeader("Cache-Control", "no-cache, no-store, must-revalidate");
response.addHeader("Pragma", "no-cache");
response.addHeader("Expires", "0");
response.setStatus(HttpStatus.SC_OK);
try (Writer writer = response.getWriter()) {
writer.write("You have been logged out.");
}
} else {
response.setStatus(HttpStatus.SC_BAD_REQUEST);
try (Writer writer = response.getWriter()) {
writer.write("No login session.");
}
}
}
示例6
@Override
protected Factory<?> createValueFactory(Parameter parameter) {
if (parameter.isAnnotationPresent(Pac4JProfileManager.class)) {
if (ProfileManager.class.isAssignableFrom(parameter.getRawType())) {
return manager.get();
}
throw new IllegalStateException("Cannot inject a Pac4J profile manager into a parameter of type "
+ parameter.getRawType().getName());
}
if (parameter.isAnnotationPresent(Pac4JProfile.class)) {
if (CommonProfile.class.isAssignableFrom(parameter.getRawType())) {
return profile.get();
}
if (Optional.class.isAssignableFrom(parameter.getRawType())) {
List<ClassTypePair> ctps = ReflectionHelper.getTypeArgumentAndClass(parameter.getRawType());
ClassTypePair ctp = (ctps.size() == 1) ? ctps.get(0) : null;
if (ctp == null || CommonProfile.class.isAssignableFrom(ctp.rawClass())) {
return optProfile.get();
}
}
throw new IllegalStateException(
"Cannot inject a Pac4J profile into a parameter of type " + parameter.getRawType().getName());
}
return null;
}
示例7
@Override
public CommonProfile provide() {
return new RequestCommonProfile(new RequestPac4JSecurityContext(getContainerRequest())).profile()
.orElseThrow(() -> {
LOG.debug("Cannot inject a Pac4j profile into an unauthenticated request, responding with 401");
return new WebApplicationException(401);
});
}
示例8
@Override
protected Function<ContainerRequest, ?> createValueProvider(Parameter parameter) {
if (parameter.isAnnotationPresent(Pac4JProfileManager.class)) {
if (ProfileManager.class.isAssignableFrom(parameter.getRawType())) {
return manager.get();
}
throw new IllegalStateException("Cannot inject a Pac4J profile manager into a parameter of type "
+ parameter.getRawType().getName());
}
if (parameter.isAnnotationPresent(Pac4JProfile.class)) {
if (CommonProfile.class.isAssignableFrom(parameter.getRawType())) {
return profile.get();
}
if (Optional.class.isAssignableFrom(parameter.getRawType())) {
List<ClassTypePair> ctps = ReflectionHelper.getTypeArgumentAndClass(parameter.getRawType());
ClassTypePair ctp = (ctps.size() == 1) ? ctps.get(0) : null;
if (ctp == null || CommonProfile.class.isAssignableFrom(ctp.rawClass())) {
return optProfile.get();
}
}
throw new IllegalStateException(
"Cannot inject a Pac4J profile into a parameter of type " + parameter.getRawType().getName());
}
return null;
}
示例9
@Override
public CommonProfile apply(ContainerRequest containerRequest) {
return optionalProfile(containerRequest)
.orElseThrow(() -> {
LOG.debug("Cannot inject a Pac4j profile into an unauthenticated request, responding with 401");
return new WebApplicationException(401);
});
}
示例10
@Override
protected Function<ContainerRequest, ?> createValueProvider(Parameter parameter) {
if (parameter.isAnnotationPresent(Pac4JProfileManager.class)) {
if (ProfileManager.class.isAssignableFrom(parameter.getRawType())) {
return manager.get();
}
throw new IllegalStateException("Cannot inject a Pac4J profile manager into a parameter of type "
+ parameter.getRawType().getName());
}
if (parameter.isAnnotationPresent(Pac4JProfile.class)) {
if (CommonProfile.class.isAssignableFrom(parameter.getRawType())) {
return profile.get();
}
if (Optional.class.isAssignableFrom(parameter.getRawType())) {
List<ClassTypePair> ctps = ReflectionHelper.getTypeArgumentAndClass(parameter.getRawType());
ClassTypePair ctp = (ctps.size() == 1) ? ctps.get(0) : null;
if (ctp == null || CommonProfile.class.isAssignableFrom(ctp.rawClass())) {
return optProfile.get();
}
}
throw new IllegalStateException(
"Cannot inject a Pac4J profile into a parameter of type " + parameter.getRawType().getName());
}
return null;
}
示例11
@Override
public CommonProfile apply(ContainerRequest containerRequest) {
return optionalProfile(containerRequest)
.orElseThrow(() -> {
LOG.debug("Cannot inject a Pac4j profile into an unauthenticated request, responding with 401");
return new WebApplicationException(401);
});
}
示例12
@POST
@Path("directInject")
@Pac4JSecurity(clients = "DirectFormClient", authorizers = DefaultAuthorizers.IS_AUTHENTICATED)
public String directInject(@Pac4JProfile CommonProfile profile) {
if (profile != null) {
return "ok";
} else {
return "error";
}
}
示例13
@GET
@Path("directInjectNoAuth")
public String directInjectNoAuth(@Pac4JProfile CommonProfile profile) {
if (profile != null) {
return "ok";
} else {
return "error";
}
}
示例14
@POST
@Path("directInjectManager")
@Pac4JSecurity(clients = "DirectFormClient", authorizers = DefaultAuthorizers.IS_AUTHENTICATED, skipResponse = true)
public String directInjectManager(@Pac4JProfileManager ProfileManager<CommonProfile> pm) throws HttpAction {
if (pm != null) {
// pm.isAuthorized is relying on the session...
if (IS_AUTHENTICATED_AUTHORIZER.isAuthorized(null, pm.getAll(false))) {
return "ok";
} else {
return "fail";
}
} else {
return "error";
}
}
示例15
@POST
@Path("directInjectSkip")
@Pac4JSecurity(clients = "DirectFormClient", authorizers = DefaultAuthorizers.IS_AUTHENTICATED, skipResponse = true)
public String directInjectSkip(@Pac4JProfile Optional<CommonProfile> profile) {
if (profile.isPresent()) {
return "ok";
} else {
return "fail";
}
}
示例16
@GET
@Path("/inject")
@Pac4JSecurity(clients = "FormClient", authorizers = DefaultAuthorizers.IS_AUTHENTICATED)
public String inject(@Pac4JProfile CommonProfile profile) {
if (profile != null) {
return "ok";
} else {
return "error";
}
}
示例17
public Pac4JSecurityContext(SecurityContext original, JaxRsContext context,
Collection<CommonProfile> profiles) {
this.original = original;
this.context = context;
this.profiles = profiles;
this.principal = ProfileHelper.flatIntoOneProfile(profiles).map(Pac4JPrincipal::new).orElse(null);
}
示例18
public Optional<Collection<CommonProfile>> getProfiles() {
if (principal != null) {
return Optional.of(Collections.unmodifiableCollection(profiles));
} else if (original instanceof Pac4JSecurityContext) {
return ((Pac4JSecurityContext) original).getProfiles();
} else {
return Optional.empty();
}
}
示例19
protected List<CommonProfile> isAuthenticated(final boolean readFromSession) {
final List<CommonProfile> profiles = profileManager.getAll(readFromSession);
if (!IS_AUTHENTICATED_AUTHORIZER.isAuthorized(webContext, profiles)) {
throw UnauthorizedAction.INSTANCE;
}
return profiles;
}
示例20
protected void requireAnyRole(final boolean readFromSession, final String... roles) {
final List<CommonProfile> profiles = isAuthenticated(readFromSession);
final RequireAnyRoleAuthorizer<CommonProfile> authorizer = new RequireAnyRoleAuthorizer<>(roles);
if (!authorizer.isAuthorized(webContext, profiles)) {
throw ForbiddenAction.INSTANCE;
}
}
示例21
protected void requireAllRoles(final boolean readFromSession, final String... roles) {
final List<CommonProfile> profiles = isAuthenticated(readFromSession);
final RequireAllRolesAuthorizer<CommonProfile> authorizer = new RequireAllRolesAuthorizer<>(roles);
if (!authorizer.isAuthorized(webContext, profiles)) {
throw ForbiddenAction.INSTANCE;
}
}
示例22
@Override
protected void saveAll(final LinkedHashMap<String, CommonProfile> profiles, final boolean saveInSession) {
super.saveAll(profiles, saveInSession);
final Pac4jUser vertxUser = Optional.ofNullable(vertxWebContext.getVertxUser()).orElse(new Pac4jUser());
vertxUser.setUserProfiles(profiles);
vertxWebContext.setVertxUser(vertxUser);
}
示例23
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain)
throws IOException, ServletException {
final HttpServletRequest request = (HttpServletRequest) servletRequest;
final HttpServletResponse response = (HttpServletResponse) servletResponse;
final J2EContext context = new J2EContext(request, response,
((Config)request.getAttribute(PAC4J_CONFIG)).getSessionStore());
final ProfileManager<CommonProfile> manager = new ProfileManager<>(context);
final Optional<CommonProfile> optional = manager.get(true);
if (optional.isPresent()) {
CommonProfile profile = optional.get();
logger.debug("User authenticated as: {}", profile);
manager.remove(true);
String id = null;
if (idAttribute != null) {
Object attribute = profile.getAttribute(idAttribute);
if (attribute != null) {
id = attribute.toString();
}
if (id == null) {
logger.error("Invalid attribute_id: {} configured to be used as principal"
+ " falling back to default id", idAttribute);
}
}
if (id == null) {
id = profile.getId();
}
testIdentifier = id;
PrimaryPrincipal pp = new PrimaryPrincipal(id);
Subject subject = new Subject();
subject.getPrincipals().add(pp);
auditService.getContext().setUsername(id);
String sourceUri = (String)request.getAttribute( AbstractGatewayFilter.SOURCE_REQUEST_CONTEXT_URL_ATTRIBUTE_NAME );
auditor.audit(Action.AUTHENTICATION, sourceUri, ResourceType.URI, ActionOutcome.SUCCESS);
doAs(request, response, chain, subject);
}
}
示例24
public RegisterPage(PageParameters parameters) {
super(parameters);
if (AuthenticatedWebSession.exists() && AuthenticatedWebSession.get().isSignedIn()) {
redirect(DashboardPage.class);
return;
}
HttpServletRequest request = ((ServletWebRequest) RequestCycle.get().getRequest()).getContainerRequest();
ClientAuthenticationToken token = (ClientAuthenticationToken) request.getSession().getAttribute(Pac4jAuthenticationUtils.AUTH_TOKEN_ATTRIBUTE);
IModel<User> userModel = new GenericEntityModel<Long, User>(new User());
if (token != null && token.getUserProfile() != null) {
CommonProfile profile = (CommonProfile) token.getUserProfile();
if (profile.getEmail() != null) {
User user = userService.getByUserName(profile.getEmail());
if (user != null) {
LOGGER.warn("This email address is already used by another user");
getSession().warn(getString("register.userName.notUnique"));
}
}
userModel.getObject().setEmail(profile.getEmail());
userModel.getObject().setFullName(profile.getDisplayName());
userModel.getObject().setRemoteIdentifier(profile.getId());
}
addBreadCrumbElement(new BreadCrumbElement(new ResourceModel("register.pageTitle"), RegisterPage.linkDescriptor()));
add(new Label("pageTitle", new ResourceModel("register.pageTitle")));
add(new RegisterFormPanel("registerFormPanel", userModel));
}
示例25
@Override
public UserDetails loadUserDetails(ClientAuthenticationToken token) throws UsernameNotFoundException {
CommonProfile commonProfile = (CommonProfile) token.getUserProfile();
IGroupedUser<?> person = userService.getByRemoteIdentifier(commonProfile.getId());
if (person == null) {
throw new UsernameNotFoundException("User not found for: " + token.getPrincipal());
}
if (!person.isActive()) {
throw new DisabledException("User is disabled");
}
Set<GrantedAuthority> grantedAuthorities = new HashSet<GrantedAuthority>();
addAuthorities(grantedAuthorities, person.getAuthorities());
for (IUserGroup personGroup : person.getGroups()) {
addAuthorities(grantedAuthorities, personGroup.getAuthorities());
}
User userDetails = new User(person.getUserName(), person.getPasswordHash(), person.isActive(), true, true, true,
roleHierarchy.getReachableGrantedAuthorities(grantedAuthorities));
return userDetails;
}
示例26
/**
* Ensures that user request has proper authentication token / credentials.
*
* @param request the HTTP request
* @param response the HTTP response
* @throws AuthenticationException error with authentication
* @throws HttpAction error with HTTP call
*/
public void handleAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException, HttpAction {
if (!init) {
LOG.info("Request occurred before initialized from: {}", request.getRemoteAddr());
throw new AuthenticationException("Please wait for initialization.");
}
if (isLoginAttempt(request)) {
return;
}
boolean authenticationEnabled = isAuthenticationEnabled();
if (!authenticationEnabled) {
String proxyUsername = request.getParameter("proxy");
if (proxyUsername != null && !proxyUsername.isEmpty()) {
currentUser.set(proxyUsername);
}
return;
}
// Allow basic authentication for simple applications.
String basic = request.getHeader("Authorization");
if (basic != null && basic.startsWith("Basic ")) {
String b64Credentials = basic.substring("Basic ".length()).trim();
String nameAndPassword =
new String(Base64.getDecoder().decode(b64Credentials), Charset.defaultCharset());
String[] split = nameAndPassword.split(":");
String username = split[0];
String password = (split.length == 1) ? "" : split[1];
// Perform local authentication if found.
if (localLogin(request, response, username, password)) {
return;
}
// Perform LDAP authentication if found.
if (ldapLogin(request, response, username, password)) {
return;
}
LOG.info("Login failed via [BASIC] for: {}", request.getRemoteAddr());
throw new AuthenticationException("Authentication required.");
}
// JWT authentication for end users whom have logged in.
String token = null;
Cookie[] cookies = request.getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
if (cookie.getName().equals("nna-jwt-token")) {
token = cookie.getValue();
break;
}
}
}
ProfileManager<CommonProfile> manager = new ProfileManager<>(new J2EContext(request, response));
CommonProfile userProfile;
if (token != null) {
try {
userProfile = jwtAuthenticator.validateToken(token);
userProfile.removeAttribute("iat");
String generate = jwtGenerator.generate(userProfile);
response.addHeader("Set-Cookie", "nna-jwt-token=" + generate);
manager.save(true, userProfile, false);
String profileId = userProfile.getId();
LOG.debug("Login success via [TOKEN] for: {} at {}", profileId, request.getRemoteAddr());
currentUser.set(profileId);
return;
} catch (Exception e) {
LOG.info("Login failed via [TOKEN] for: {}", request.getRemoteAddr());
throw new AuthenticationException(e);
}
}
LOG.info("Login failed via [NULL] for: {}", request.getRemoteAddr());
throw new AuthenticationException("Authentication required.");
}
示例27
/**
* {@inheritDoc}
*/
@Override
protected Event doExecute(final RequestContext context) throws Exception {
final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
final HttpServletResponse response = WebUtils.getHttpServletResponse(context);
final HttpSession session = request.getSession();
// web context
final WebContext webContext = new J2EContext(request, response);
// get client
final String clientName = request.getParameter(this.clients.getClientNameParameter());
logger.debug("clientName: {}", clientName);
// it's an authentication
if (StringUtils.isNotBlank(clientName)) {
// get client
final BaseClient<Credentials, CommonProfile> client =
(BaseClient<Credentials, CommonProfile>) this.clients
.findClient(clientName);
logger.debug("client: {}", client);
// Only supported protocols
final Mechanism mechanism = client.getMechanism();
if (!SUPPORTED_PROTOCOLS.contains(mechanism)) {
throw new TechnicalException("Only CAS, OAuth, OpenID and SAML protocols are supported: " + client);
}
// get credentials
final Credentials credentials;
try {
credentials = client.getCredentials(webContext);
logger.debug("credentials: {}", credentials);
} catch (final RequiresHttpAction e) {
logger.debug("requires http action: {}", e);
response.flushBuffer();
final ExternalContext externalContext = ExternalContextHolder.getExternalContext();
externalContext.recordResponseComplete();
return new Event(this, "stop");
}
// retrieve parameters from web session
final Service service = (Service) session.getAttribute(SERVICE);
context.getFlowScope().put(SERVICE, service);
logger.debug("retrieve service: {}", service);
if (service != null) {
request.setAttribute(SERVICE, service.getId());
}
restoreRequestAttribute(request, session, THEME);
restoreRequestAttribute(request, session, LOCALE);
restoreRequestAttribute(request, session, METHOD);
// credentials not null -> try to authenticate
if (credentials != null) {
final TicketGrantingTicket tgt =
this.centralAuthenticationService.createTicketGrantingTicket(new ClientCredential(credentials));
WebUtils.putTicketGrantingTicketInScopes(context, tgt);
return success();
}
}
// no or aborted authentication : go to login page
prepareForLoginPage(context);
return error();
}
示例28
/**
* {@inheritDoc}
*/
@Override
protected Event doExecute(final RequestContext context) throws Exception {
final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
final HttpServletResponse response = WebUtils.getHttpServletResponse(context);
final HttpSession session = request.getSession();
// web context
final WebContext webContext = new J2EContext(request, response);
// get client
//final String clientName = request.getParameter(this.clients.getClientNameParameter());
final String clientName = request.getParameter("state");
//logger.debug("clientName : {}", clientName);
logger.info("clientName : {}", clientName);
// it's an authentication
if (StringUtils.isNotBlank(clientName)) {
// get client
final BaseClient<Credentials, CommonProfile> client =
(BaseClient<Credentials, CommonProfile>) this.clients
.findClient(clientName);
logger.info("client : {}", client);
// Only supported protocols
final Mechanism mechanism = client.getMechanism();
logger.info("mechanism == " + mechanism.name());
if (!SUPPORTED_PROTOCOLS.contains(mechanism)) {
throw new TechnicalException("Only CAS, OAuth, OpenID and SAML protocols are supported: " + client);
}
// get credentials
final Credentials credentials;
try {
credentials = client.getCredentials(webContext);
logger.info("credentials : {}", credentials);
} catch (final RequiresHttpAction e) {
logger.info("requires http action : {}", e);
response.flushBuffer();
ExternalContext externalContext = ExternalContextHolder.getExternalContext();
externalContext.recordResponseComplete();
return new Event(this, "stop");
}
// retrieve parameters from web session
final Service service = (Service) session.getAttribute(SERVICE);
context.getFlowScope().put(SERVICE, service);
logger.info("retrieve service: {}", service);
if (service != null) {
request.setAttribute(SERVICE, service.getId());
}
restoreRequestAttribute(request, session, THEME);
restoreRequestAttribute(request, session, LOCALE);
restoreRequestAttribute(request, session, METHOD);
// credentials not null -> try to authenticate
if (credentials != null) {
logger.info("credentials is not null : {}", credentials);
WebUtils.putTicketGrantingTicketInRequestScope(context,
this.centralAuthenticationService.createTicketGrantingTicket(new ClientCredential(credentials)));
return success();
}
}
// no or aborted authentication : go to login page
prepareForLoginPage(context);
return error();
}
示例29
@Override
default void dispose(Optional<CommonProfile> instance) {
// do nothing
}
示例30
@Override
default void dispose(CommonProfile instance) {
// do nothing
}
