org.springframework.webflow.execution.Event Java Examples

The following examples show how to use org.springframework.webflow.execution.Event. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AllSpnegoKnownClientSystemsFilterActionTest.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
@Test
public void ensureHostnameAndIpShouldDoSpnego() {
    final HostNameSpnegoKnownClientSystemsFilterAction action =
            new HostNameSpnegoKnownClientSystemsFilterAction("\\w+\\.\\w+\\.\\w+");
    action.setIpsToCheckPattern("74\\..+");

    final MockRequestContext ctx = new MockRequestContext();
    final MockHttpServletRequest req = new MockHttpServletRequest();
    req.setRemoteAddr("74.125.136.102");
    final ServletExternalContext extCtx = new ServletExternalContext(
            new MockServletContext(), req,
            new MockHttpServletResponse());
    ctx.setExternalContext(extCtx);

    final Event ev = action.doExecute(ctx);
    assertEquals(ev.getId(), new EventFactorySupport().yes(this).getId());

}
 
Example #2
Source File: FrontChannelLogoutActionTests.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
@Test
public void verifyLogoutUrlForServiceIsUsed() throws Exception {
    final RegisteredService svc = getRegisteredService();
    when(this.servicesManager.findServiceBy(any(SingleLogoutService.class))).thenReturn(svc);

    final SingleLogoutService service = mock(SingleLogoutService.class);
    when(service.getId()).thenReturn(svc.getServiceId());
    when(service.getOriginalUrl()).thenReturn(svc.getServiceId());

    final MockTicketGrantingTicket tgt = new MockTicketGrantingTicket("test");
    tgt.getServices().put("service", service);
    final Event event = getLogoutEvent(this.logoutManager.performLogout(tgt));
    assertEquals(FrontChannelLogoutAction.REDIRECT_APP_EVENT, event.getId());
    final List<LogoutRequest> list = WebUtils.getLogoutRequests(this.requestContext);
    assertEquals(1, list.size());
    final String url = (String) event.getAttributes().get(FrontChannelLogoutAction.DEFAULT_FLOW_ATTRIBUTE_LOGOUT_URL);
    assertTrue(url.startsWith(svc.getLogoutUrl().toExternalForm()));

}
 
Example #3
Source File: FrontChannelLogoutActionTests.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
@Test
public void verifyLogoutOneLogoutRequestNotAttempted() throws Exception {
    final LogoutRequest logoutRequest = new DefaultLogoutRequest(TICKET_ID,
            new SimpleWebApplicationServiceImpl(TEST_URL),
            new URL(TEST_URL));
    final Event event = getLogoutEvent(Arrays.asList(logoutRequest));

    assertEquals(FrontChannelLogoutAction.REDIRECT_APP_EVENT, event.getId());
    final List<LogoutRequest> list = WebUtils.getLogoutRequests(this.requestContext);
    assertEquals(1, list.size());
    final String url = (String) event.getAttributes().get(FrontChannelLogoutAction.DEFAULT_FLOW_ATTRIBUTE_LOGOUT_URL);
    assertTrue(url.startsWith(TEST_URL + "?" + FrontChannelLogoutAction.DEFAULT_LOGOUT_PARAMETER + "="));
    final byte[] samlMessage = CompressionUtils.decodeBase64ToByteArray(
            URLDecoder.decode(StringUtils.substringAfter(url, "?" + FrontChannelLogoutAction.DEFAULT_LOGOUT_PARAMETER + "="), "UTF-8"));
    final Inflater decompresser = new Inflater();
    decompresser.setInput(samlMessage);
    final byte[] result = new byte[1000];
    decompresser.inflate(result);
    decompresser.end();
    final String message = new String(result);
    assertTrue(message.startsWith("<samlp:LogoutRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" ID=\""));
    assertTrue(message.contains("<samlp:SessionIndex>" + TICKET_ID + "</samlp:SessionIndex>"));
}
 
Example #4
Source File: ValidateLoginCaptchaAction.java    From sso with MIT License 6 votes vote down vote up
@Override
protected Event doExecute(RequestContext context) throws Exception {
    Credential credential = WebUtils.getCredential(context);
    //系统信息不为空才检测校验码
    if(credential instanceof UsernamePasswordSysCredential && ((UsernamePasswordSysCredential) credential).getSystem() != null) {
        if (isEnable()) {
            LOGGER.debug("开始校验登录校验码");
            HttpServletRequest request = WebUtils.getHttpServletRequest();
            HttpSession httpSession = request.getSession();
            //校验码
            String inCode = request.getParameter(CODE_PARAM);
            //校验码失败跳转到登录页
            if(!this.captchaResultProvider.validate(httpSession, inCode)) {
                return getError(context);
            }
        }
    }
    return null;
}
 
Example #5
Source File: SendTicketGrantingTicketAction.java    From cas4.0.x-server-wechat with Apache License 2.0 6 votes vote down vote up
@Override
protected Event doExecute(final RequestContext context) {
    final String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(context);
    final String ticketGrantingTicketValueFromCookie = (String) context.getFlowScope().get("ticketGrantingTicketId");

    if (ticketGrantingTicketId == null) {
        return success();
    }

    this.ticketGrantingTicketCookieGenerator.addCookie(WebUtils.getHttpServletRequest(context), WebUtils
        .getHttpServletResponse(context), ticketGrantingTicketId);

    if (ticketGrantingTicketValueFromCookie != null && !ticketGrantingTicketId.equals(ticketGrantingTicketValueFromCookie)) {
        this.centralAuthenticationService
            .destroyTicketGrantingTicket(ticketGrantingTicketValueFromCookie);
    }

    return success();
}
 
Example #6
Source File: TerminateSessionAction.java    From cas4.0.x-server-wechat with Apache License 2.0 6 votes vote down vote up
/**
 * Terminates the CAS SSO session by destroying the TGT (if any) and removing cookies related to the SSO session.
 *
 * @param context Request context.
 *
 * @return "success"
 */
public Event terminate(final RequestContext context) {
    // in login's webflow : we can get the value from context as it has already been stored
    String tgtId = WebUtils.getTicketGrantingTicketId(context);
    // for logout, we need to get the cookie's value
    if (tgtId == null) {
        final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
        tgtId = this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request);
    }
    if (tgtId != null) {
        WebUtils.putLogoutRequests(context, this.centralAuthenticationService.destroyTicketGrantingTicket(tgtId));
    }
    final HttpServletResponse response = WebUtils.getHttpServletResponse(context);
    this.ticketGrantingTicketCookieGenerator.removeCookie(response);
    this.warnCookieGenerator.removeCookie(response);
    return this.eventFactorySupport.success(this);
}
 
Example #7
Source File: InspektrThrottledSubmissionByIpAddressAndUsernameHandlerInterceptorAdapterTests.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
@Override
protected MockHttpServletResponse loginUnsuccessfully(final String username, final String fromAddress)
        throws Exception {
    final MockHttpServletRequest request = new MockHttpServletRequest();
    final MockHttpServletResponse response = new MockHttpServletResponse();
    request.setMethod("POST");
    request.setParameter("username", username);
    request.setRemoteAddr(fromAddress);
    final MockRequestContext context = new MockRequestContext();
    context.setCurrentEvent(new Event("", "error"));
    request.setAttribute("flowRequestContext", context);
    ClientInfoHolder.setClientInfo(new ClientInfo(request));

    getThrottle().preHandle(request, response, null);

    try {
        authenticationManager.authenticate(badCredentials(username));
    } catch (final AuthenticationException e) {
        getThrottle().postHandle(request, response, null, null);
        return response;
    }
    fail("Expected AuthenticationException");
    return null;
}
 
Example #8
Source File: AllSpnegoKnownClientSystemsFilterActionTest.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
@Test
public void ensureRemoteIpShouldNotBeChecked() {
    final BaseSpnegoKnownClientSystemsFilterAction action =
            new BaseSpnegoKnownClientSystemsFilterAction("^192\\.158\\..+");

    final MockRequestContext ctx = new MockRequestContext();
    final MockHttpServletRequest req = new MockHttpServletRequest();
    req.setRemoteAddr("193.158.5.781");
    final ServletExternalContext extCtx = new ServletExternalContext(
            new MockServletContext(), req,
            new MockHttpServletResponse());
    ctx.setExternalContext(extCtx);

    final Event ev = action.doExecute(ctx);
    assertNotEquals(ev.getId(), new EventFactorySupport().yes(this).getId());
}
 
Example #9
Source File: AllSpnegoKnownClientSystemsFilterActionTest.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
@Test
public void ensureAltRemoteIpHeaderShouldBeChecked() {
    final BaseSpnegoKnownClientSystemsFilterAction action =
            new BaseSpnegoKnownClientSystemsFilterAction("^74\\.125\\..+", "alternateRemoteIp");

    final MockRequestContext ctx = new MockRequestContext();
    final MockHttpServletRequest req = new MockHttpServletRequest();
    req.setRemoteAddr("555.555.555.555");
    req.addHeader("alternateRemoteIp", "74.125.136.102");
    final ServletExternalContext extCtx = new ServletExternalContext(
            new MockServletContext(), req,
            new MockHttpServletResponse());
    ctx.setExternalContext(extCtx);

    final Event ev = action.doExecute(ctx);
    assertEquals(ev.getId(), new EventFactorySupport().yes(this).getId());
}
 
Example #10
Source File: AllSpnegoKnownClientSystemsFilterActionTest.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
@Test
public void ensureHostnameShouldDoSpnego() {
    final HostNameSpnegoKnownClientSystemsFilterAction action =
            new HostNameSpnegoKnownClientSystemsFilterAction("\\w+\\.\\w+\\.\\w+");

    final MockRequestContext ctx = new MockRequestContext();
    final MockHttpServletRequest req = new MockHttpServletRequest();
    req.setRemoteAddr("74.125.136.102");
    final ServletExternalContext extCtx = new ServletExternalContext(
            new MockServletContext(), req,
            new MockHttpServletResponse());
    ctx.setExternalContext(extCtx);

    final Event ev = action.doExecute(ctx);
    assertEquals(ev.getId(), new EventFactorySupport().yes(this).getId());

}
 
Example #11
Source File: AllSpnegoKnownClientSystemsFilterActionTest.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
@Test
public void verifyIpMismatchWhenCheckingHostnameForSpnego() {
    final HostNameSpnegoKnownClientSystemsFilterAction action =
            new HostNameSpnegoKnownClientSystemsFilterAction("\\w+\\.\\w+\\.\\w+");
    action.setIpsToCheckPattern("14\\..+");

    final MockRequestContext ctx = new MockRequestContext();
    final MockHttpServletRequest req = new MockHttpServletRequest();
    req.setRemoteAddr("74.125.136.102");
    final ServletExternalContext extCtx = new ServletExternalContext(
            new MockServletContext(), req,
            new MockHttpServletResponse());
    ctx.setExternalContext(extCtx);

    final Event ev = action.doExecute(ctx);
    assertEquals(ev.getId(), new EventFactorySupport().no(this).getId());

}
 
Example #12
Source File: FrontChannelLogoutActionTests.java    From cas4.0.x-server-wechat with Apache License 2.0 6 votes vote down vote up
@Test
public void testLogoutOneLogoutRequestNotAttempted() throws Exception {
    final String FAKE_URL = "http://url";
    LogoutRequest logoutRequest = new LogoutRequest(TICKET_ID, new SimpleWebApplicationServiceImpl(FAKE_URL));
    WebUtils.putLogoutRequests(this.requestContext, Arrays.asList(logoutRequest));
    this.requestContext.getFlowScope().put(FrontChannelLogoutAction.LOGOUT_INDEX, 0);
    final Event event = this.frontChannelLogoutAction.doExecute(this.requestContext);
    assertEquals(FrontChannelLogoutAction.REDIRECT_APP_EVENT, event.getId());
    List<LogoutRequest> list = WebUtils.getLogoutRequests(this.requestContext);
    assertEquals(1, list.size());
    final String url = (String) event.getAttributes().get("logoutUrl");
    assertTrue(url.startsWith(FAKE_URL + "?SAMLRequest="));
    final byte[] samlMessage = Base64.decodeBase64(URLDecoder.decode(StringUtils.substringAfter(url,  "?SAMLRequest="), "UTF-8"));
    final Inflater decompresser = new Inflater();
    decompresser.setInput(samlMessage);
    final byte[] result = new byte[1000];
    decompresser.inflate(result);
    decompresser.end();
    final String message = new String(result);
    assertTrue(message.startsWith("<samlp:LogoutRequest xmlns:samlp=\"urn:oasis:names:tc:SAML:2.0:protocol\" ID=\""));
    assertTrue(message.indexOf("<samlp:SessionIndex>" + TICKET_ID + "</samlp:SessionIndex>") >= 0);
}
 
Example #13
Source File: LdapSpnegoKnownClientSystemsFilterActionTests.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
@Test
public void ensureLdapAttributeShouldDoSpnego() {
    final LdapSpnegoKnownClientSystemsFilterAction action =
            new LdapSpnegoKnownClientSystemsFilterAction(this.connectionFactory,
            this.searchRequest, "mail");
    final MockRequestContext ctx = new MockRequestContext();
    final MockHttpServletRequest req = new MockHttpServletRequest();
    req.setRemoteAddr("localhost");
    final ServletExternalContext extCtx = new ServletExternalContext(
            new MockServletContext(), req,
            new MockHttpServletResponse());
    ctx.setExternalContext(extCtx);

    final Event ev = action.doExecute(ctx);
    assertEquals(ev.getId(), new EventFactorySupport().yes(this).getId());
}
 
Example #14
Source File: TerminateSessionAction.java    From springboot-shiro-cas-mybatis with MIT License 6 votes vote down vote up
/**
 * Terminates the CAS SSO session by destroying the TGT (if any) and removing cookies related to the SSO session.
 *
 * @param context Request context.
 *
 * @return "success"
 */
public Event terminate(final RequestContext context) {
    // in login's webflow : we can get the value from context as it has already been stored
    String tgtId = WebUtils.getTicketGrantingTicketId(context);
    // for logout, we need to get the cookie's value
    if (tgtId == null) {
        final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
        tgtId = this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request);
    }
    if (tgtId != null) {
        WebUtils.putLogoutRequests(context, this.centralAuthenticationService.destroyTicketGrantingTicket(tgtId));
    }
    final HttpServletResponse response = WebUtils.getHttpServletResponse(context);
    this.ticketGrantingTicketCookieGenerator.removeCookie(response);
    this.warnCookieGenerator.removeCookie(response);
    return this.eventFactorySupport.success(this);
}
 
Example #15
Source File: LogoutActionTests.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Test
public void testLogoutRequestBack() throws Exception {
    final Cookie cookie = new Cookie(COOKIE_TGC_ID, "test");
    this.request.setCookies(new Cookie[] {cookie});
    LogoutRequest logoutRequest = new LogoutRequest("", null);
    logoutRequest.setStatus(LogoutRequestStatus.SUCCESS);
    WebUtils.putLogoutRequests(this.requestContext, Arrays.asList(logoutRequest));
    final Event event = this.logoutAction.doExecute(this.requestContext);
    assertEquals(LogoutAction.FINISH_EVENT, event.getId());
}
 
Example #16
Source File: ClientActionTests.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Test
public void testStartAuthentication() throws Exception {
    final MockHttpServletRequest mockRequest = new MockHttpServletRequest();
    mockRequest.setParameter(ClientAction.THEME, MY_THEME);
    mockRequest.setParameter(ClientAction.LOCALE, MY_LOCALE);
    mockRequest.setParameter(ClientAction.METHOD, MY_METHOD);

    final MockHttpSession mockSession = new MockHttpSession();
    mockRequest.setSession(mockSession);

    final ServletExternalContext servletExternalContext = mock(ServletExternalContext.class);
    when(servletExternalContext.getNativeRequest()).thenReturn(mockRequest);

    final MockRequestContext mockRequestContext = new MockRequestContext();
    mockRequestContext.setExternalContext(servletExternalContext);
    mockRequestContext.getFlowScope().put(ClientAction.SERVICE, new SimpleWebApplicationServiceImpl(MY_SERVICE));

    final FacebookClient facebookClient = new FacebookClient(MY_KEY, MY_SECRET);
    final TwitterClient twitterClient = new TwitterClient(MY_KEY, MY_SECRET);
    final Clients clients = new Clients(MY_LOGIN_URL, facebookClient, twitterClient);
    final ClientAction action = new ClientAction(mock(CentralAuthenticationService.class), clients);

    final Event event = action.execute(mockRequestContext);
    assertEquals("error", event.getId());
    assertEquals(MY_THEME, mockSession.getAttribute(ClientAction.THEME));
    assertEquals(MY_LOCALE, mockSession.getAttribute(ClientAction.LOCALE));
    assertEquals(MY_METHOD, mockSession.getAttribute(ClientAction.METHOD));
    final MutableAttributeMap flowScope = mockRequestContext.getFlowScope();
    assertTrue(((String) flowScope.get("FacebookClientUrl"))
            .startsWith("https://www.facebook.com/v2.2/dialog/oauth?client_id=my_key&redirect_uri=http%3A%2F%2Fcasserver%2Flogin%3F"
                    + Clients.DEFAULT_CLIENT_NAME_PARAMETER + "%3DFacebookClient&state="));
    assertEquals(MY_LOGIN_URL + "?" + Clients.DEFAULT_CLIENT_NAME_PARAMETER
            + "=TwitterClient&needs_client_redirection=true", flowScope.get("TwitterClientUrl"));
}
 
Example #17
Source File: LogoutActionTests.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Test
public void logoutForServiceWithFollowRedirectsNoAllowedService() throws Exception {
    this.request.addParameter("service", "TestService");
    final RegisteredServiceImpl impl = new RegisteredServiceImpl();
    impl.setServiceId("http://FooBar");
    impl.setName("FooBar");
    this.serviceManager.save(impl);
    this.logoutAction.setFollowServiceRedirects(true);
    final Event event = this.logoutAction.doExecute(this.requestContext);
    assertEquals(LogoutAction.FINISH_EVENT, event.getId());
    assertNull(this.requestContext.getFlowScope().get("logoutRedirectUrl"));
}
 
Example #18
Source File: ClientActionTests.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Test
public void testFinishAuthentication() throws Exception {
    final MockHttpServletRequest mockRequest = new MockHttpServletRequest();
    mockRequest.setParameter(Clients.DEFAULT_CLIENT_NAME_PARAMETER, "FacebookClient");

    final MockHttpSession mockSession = new MockHttpSession();
    mockSession.setAttribute(ClientAction.THEME, MY_THEME);
    mockSession.setAttribute(ClientAction.LOCALE, MY_LOCALE);
    mockSession.setAttribute(ClientAction.METHOD, MY_METHOD);
    final Service service = new SimpleWebApplicationServiceImpl(MY_SERVICE);
    mockSession.setAttribute(ClientAction.SERVICE, service);
    mockRequest.setSession(mockSession);

    final ServletExternalContext servletExternalContext = mock(ServletExternalContext.class);
    when(servletExternalContext.getNativeRequest()).thenReturn(mockRequest);

    final MockRequestContext mockRequestContext = new MockRequestContext();
    mockRequestContext.setExternalContext(servletExternalContext);

    final FacebookClient facebookClient = new MockFacebookClient();
    final Clients clients = new Clients(MY_LOGIN_URL, facebookClient);

    final ClientAction action = new ClientAction(mock(CentralAuthenticationService.class), clients);
    final Event event = action.execute(mockRequestContext);
    assertEquals("success", event.getId());
    assertEquals(MY_THEME, mockRequest.getAttribute(ClientAction.THEME));
    assertEquals(MY_LOCALE, mockRequest.getAttribute(ClientAction.LOCALE));
    assertEquals(MY_METHOD, mockRequest.getAttribute(ClientAction.METHOD));
    final MutableAttributeMap flowScope = mockRequestContext.getFlowScope();
    assertEquals(service, flowScope.get(ClientAction.SERVICE));
}
 
Example #19
Source File: OpenIdSingleSignOnActionTests.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Test
public void testNoService() throws Exception {
    final MockRequestContext context = new MockRequestContext();
    final MockHttpServletRequest request = new MockHttpServletRequest();
    context.setExternalContext(new ServletExternalContext(
            new MockServletContext(), request,
            new MockHttpServletResponse()));
    Event event = this.action.execute(context);

    assertNotNull(event);

    assertEquals("error", this.action.execute(context).getId());
}
 
Example #20
Source File: AssembleOrderAction.java    From pizzeria with MIT License 5 votes vote down vote up
@Override
protected Event doExecute(RequestContext context) throws Exception {
    Customer customer = context.getFlowScope().get("customer", Customer.class);
    DeliveryAddress deliveryAddress = context.getFlowScope().get("deliveryAddress", DeliveryAddress.class);

    Order order = new Order();
    order.setOrderItems(ImmutableList.copyOf(cart.getOrderItems()));
    order.getOrderItems().forEach(orderItem -> orderItem.setOrder(order));
    order.setCustomer(customer);
    customer.getOrders().add(order);

    OrderEvent orderEvent = new OrderEvent();
    orderEvent.setOrderEventType(OrderEventType.CREATED);
    orderEvent.setOccurredOn(Instant.now());
    order.getOrderEvents().add(orderEvent);

    Boolean deliveryRequired = context.getFlowScope().getBoolean("deliveryRequired");

    if (deliveryRequired) {
        Delivery delivery = new Delivery();
        delivery.setDeliveryAddress(deliveryAddress);
        delivery.setOrder(order);
        delivery.setStatus(DeliveryStatus.PENDING);

        order.setDelivery(delivery);
    }

    context.getFlowScope().put("order", order);

    return success();
}
 
Example #21
Source File: GatewayServicesManagementCheck.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Override
protected Event doExecute(final RequestContext context) throws Exception {
    final Service service = WebUtils.getService(context);

    final boolean match = this.servicesManager.matchesExistingService(service);

    if (match) {
        return success();
    }

    final String msg = String.format("ServiceManagement: Unauthorized Service Access. "
            + "Service [%s] does not match entries in service registry.", service.getId());
    logger.warn(msg);
    throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, msg);
}
 
Example #22
Source File: AbstractLogoutAction.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Override
protected final Event doExecute(final RequestContext context) throws Exception {
    final HttpServletRequest request = WebUtils.getHttpServletRequest(context);
    final HttpServletResponse response = WebUtils.getHttpServletResponse(context);

    preventCaching(response);

    return doInternalExecute(request, response, context);
}
 
Example #23
Source File: InitialFlowSetupAction.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Override
protected Event doExecute(final RequestContext context) throws Exception {
    final HttpServletRequest request = WebUtils.getHttpServletRequest(context);

    final String contextPath = context.getExternalContext().getContextPath();
    final String cookiePath = StringUtils.hasText(contextPath) ? contextPath + '/' : "/";

    if (!StringUtils.hasText(warnCookieGenerator.getCookiePath())) {
        logger.info("Setting path for cookies for warn cookie generator to: " + cookiePath);
        this.warnCookieGenerator.setCookiePath(cookiePath);
    } else {
        logger.debug("Warning cookie domain is set to " + warnCookieGenerator.getCookieDomain()
                + " and path " +  warnCookieGenerator.getCookiePath());
    }
    if (!StringUtils.hasText(ticketGrantingTicketCookieGenerator.getCookiePath())) {
        logger.info("Setting path for cookies for TGC cookie generator to: " + cookiePath);
        this.ticketGrantingTicketCookieGenerator.setCookiePath(cookiePath);
    } else {
        logger.debug("TGC cookie domain is set to " + ticketGrantingTicketCookieGenerator.getCookieDomain()
                + " and path " +  ticketGrantingTicketCookieGenerator.getCookiePath());
    }

    context.getFlowScope().put(
        "ticketGrantingTicketId", this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request));
    context.getFlowScope().put(
        "warnCookieValue",
        Boolean.valueOf(this.warnCookieGenerator.retrieveCookieValue(request)));

    final Service service = WebUtils.getService(this.argumentExtractors,
        context);

    if (service != null && logger.isDebugEnabled()) {
        logger.debug("Placing service in FlowScope: " + service.getId());
    }

    context.getFlowScope().put("service", service);

    return result("success");
}
 
Example #24
Source File: SendTicketGrantingTicketAction.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Override
protected Event doExecute(final RequestContext context) {
    final String ticketGrantingTicketId = WebUtils.getTicketGrantingTicketId(context);
    final String ticketGrantingTicketValueFromCookie = (String) context.getFlowScope().get("ticketGrantingTicketId");

    if (ticketGrantingTicketId == null) {
        return success();
    }

    if (isAuthenticatingAtPublicWorkstation(context))  {
        LOGGER.info("Authentication is at a public workstation. "
                + "SSO cookie will not be generated. Subsequent requests will be challenged for authentication.");
    } else if (!this.createSsoSessionCookieOnRenewAuthentications && isAuthenticationRenewed(context)) {
        LOGGER.info("Authentication session is renewed but CAS is not configured to create the SSO session. "
                + "SSO cookie will not be generated. Subsequent requests will be challenged for authentication.");
    } else {
        this.ticketGrantingTicketCookieGenerator.addCookie(WebUtils.getHttpServletRequest(context), WebUtils
            .getHttpServletResponse(context), ticketGrantingTicketId);
    }

    if (ticketGrantingTicketValueFromCookie != null && !ticketGrantingTicketId.equals(ticketGrantingTicketValueFromCookie)) {
        this.centralAuthenticationService
            .destroyTicketGrantingTicket(ticketGrantingTicketValueFromCookie);
    }

    return success();
}
 
Example #25
Source File: ServiceAuthorizationCheckTests.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Test
public void authorizedServiceProvided() throws Exception {
    MockRequestContext mockRequestContext = new MockRequestContext();
    mockRequestContext.getFlowScope().put("service", this.authorizedService);
    Event event = this.serviceAuthorizationCheck.doExecute(mockRequestContext);
    assertEquals("success", event.getId());
}
 
Example #26
Source File: InitialFlowSetupActionTests.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Test
public void testServiceFound() throws Exception {
    final MockRequestContext context = new MockRequestContext();
    final MockHttpServletRequest request = new MockHttpServletRequest();
    request.setParameter("service", "test");
    context.setExternalContext(new ServletExternalContext(new MockServletContext(), request, new MockHttpServletResponse()));

    final Event event = this.action.execute(context);

    assertEquals("test", WebUtils.getService(context).getId());
    assertEquals("success", event.getId());
}
 
Example #27
Source File: LogoutActionTests.java    From cas4.0.x-server-wechat with Apache License 2.0 5 votes vote down vote up
@Test
public void testLogoutCookie() throws Exception {
    Cookie cookie = new Cookie(COOKIE_TGC_ID, "test");
    this.request.setCookies(new Cookie[] {cookie});
    final Event event = this.logoutAction.doExecute(this.requestContext);
    assertEquals(LogoutAction.FINISH_EVENT, event.getId());
}
 
Example #28
Source File: ServiceAuthorizationCheckTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Test
public void noServiceProvided() throws Exception {
    final MockRequestContext mockRequestContext = new MockRequestContext();
    final Event event = this.serviceAuthorizationCheck.doExecute(mockRequestContext);
    assertEquals("success", event.getId());

}
 
Example #29
Source File: InitialFlowSetupActionTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Test
public void verifyNoServiceFound() throws Exception {
    final MockRequestContext context = new MockRequestContext();
    context.setExternalContext(new ServletExternalContext(new MockServletContext(), new MockHttpServletRequest(),
            new MockHttpServletResponse()));

    final Event event = this.action.execute(context);

    assertNull(WebUtils.getService(context));

    assertEquals("success", event.getId());
}
 
Example #30
Source File: InitialFlowSetupActionTests.java    From springboot-shiro-cas-mybatis with MIT License 5 votes vote down vote up
@Test
public void verifyServiceFound() throws Exception {
    final MockRequestContext context = new MockRequestContext();
    final MockHttpServletRequest request = new MockHttpServletRequest();
    request.setParameter("service", "test");
    context.setExternalContext(new ServletExternalContext(new MockServletContext(), request, new MockHttpServletResponse()));

    final Event event = this.action.execute(context);

    assertEquals("test", WebUtils.getService(context).getId());
    assertNotNull(WebUtils.getRegisteredService(context));
    assertEquals("success", event.getId());
}