/* * oxTrust is available under the MIT License (2008). See http://opensource.org/licenses/MIT for full text. * * Copyright (c) 2014, Gluu */ package org.gluu.oxauth.cas.auth.login.flow; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.validation.constraints.NotNull; import org.gluu.oxauth.cas.auth.client.AuthClient; import org.gluu.oxauth.cas.auth.principal.ClientCredential; import org.gluu.oxauth.client.auth.principal.OpenIdCredentials; import org.jasig.cas.CentralAuthenticationService; import org.jasig.cas.authentication.principal.Service; import org.jasig.cas.web.support.WebUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.webflow.action.AbstractAction; import org.springframework.webflow.execution.Event; import org.springframework.webflow.execution.RequestContext; import org.gluu.context.J2EContext; import org.gluu.context.WebContext; /** * This class represents an action to do oxAuth authentication in CAS * * @author Yuriy Movchan 11/13/2014 */ public final class ClientAction extends AbstractAction { private final Logger logger = LoggerFactory.getLogger(ClientAction.class); public final static String DEFAULT_CLIENT_NAME_PARAMETER = "client_name"; /** * Constants to store request parameters */ public static final String SERVICE = "service"; public static final String THEME = "theme"; public static final String LOCALE = "locale"; public static final String METHOD = "method"; @NotNull private final AuthClient client; @NotNull private final CentralAuthenticationService centralAuthenticationService; /** * Build the action * * @param theCentralAuthenticationService * The service for CAS authentication * @param theClients * The clients for authentication */ public ClientAction(final AuthClient client, final CentralAuthenticationService centralAuthenticationService) { this.client = client; this.centralAuthenticationService = centralAuthenticationService; } /** * {@InheritDoc} */ @Override protected Event doExecute(final RequestContext context) throws Exception { final HttpServletRequest request = WebUtils.getHttpServletRequest(context); final HttpServletResponse response = WebUtils.getHttpServletResponse(context); // Web context final WebContext webContext = new J2EContext(request, response); // It's an authentication if (client.isAuthorizationResponse(webContext)) { logger.info("Procession authentication request"); // Check if oxAuth request state is correct if (!client.isValidRequestState(webContext)) { logger.warn("The state in session and in request are not equals"); // Reinit login page prepareForLoginPage(context, webContext); return new Event(this, "stop"); } // Try to authenticate final ClientCredential credentials = getClientCrendentials(context, webContext); if (credentials != null) { WebUtils.putTicketGrantingTicketInRequestScope(context, this.centralAuthenticationService.createTicketGrantingTicket(credentials)); return success(); } } // Go to login page prepareForLoginPage(context, webContext); return error(); } /** * Build client credenatils from incomming request * * @param context The current webflow context * @param webContext The current web context * @return client credentials */ private ClientCredential getClientCrendentials(final RequestContext context, final WebContext webContext) { final OpenIdCredentials openIdCredentials = client.getCredentials(webContext); final ClientCredential credentials = new ClientCredential(openIdCredentials); // Retrieve parameters from web session final Service service = (Service) webContext.getSessionAttribute(SERVICE); if (service != null) { webContext.setRequestAttribute(SERVICE, service.getId()); } context.getFlowScope().put(SERVICE, service); restoreRequestAttribute(webContext, THEME); restoreRequestAttribute(webContext, LOCALE); restoreRequestAttribute(webContext, METHOD); return credentials; } /** * Prepare the data for the login page * * @param context The current webflow context * @param webContext The current web context */ protected void prepareForLoginPage(final RequestContext context, final WebContext webContext) { // Save parameters in web session final Service service = (Service) context.getFlowScope().get(SERVICE); if (service != null) { webContext.setSessionAttribute(SERVICE, service); } saveRequestParameter(webContext, THEME); saveRequestParameter(webContext, LOCALE); saveRequestParameter(webContext, METHOD); final String keyRedirectionUrl = this.client.getName() + "Url"; final String redirectionUrl = this.client.getRedirectionUrl(webContext); logger.debug("Generated redirection Url", redirectionUrl); context.getFlowScope().put(keyRedirectionUrl, redirectionUrl); final String keyAuthMethod = this.client.getName() + "OpenIdDefaultAuthenticator"; final Boolean keyAuthMethodValue = this.client.isOpenIdDefaultAuthenticator(); logger.debug("OpenIdDefaultAuthenticator", keyAuthMethodValue); context.getFlowScope().put(keyAuthMethod, keyAuthMethodValue); } /** * Restore an attribute in web session as an attribute in request * * @param webContext The current web context * @param name The name of the parameter */ private void restoreRequestAttribute(final WebContext context, final String name) { final String value = (String) context.getSessionAttribute(name); context.setRequestAttribute(name, value); } /** * Save a request parameter in the web session * * @param webContext The current web context * @param name The name of the parameter */ private void saveRequestParameter(final WebContext context, final String name) { final String value = context.getRequestParameter(name); if (value != null) { context.setSessionAttribute(name, value); } } }