org.apereo.cas.validation.Assertion类的使用及代码示例

x33g5p2x  于2022-01-17 转载在 其他  
字(8.4k)|赞(0)|评价(0)|浏览(130)

本文整理了Java中org.apereo.cas.validation.Assertion类的一些代码示例,展示了Assertion类的具体用法。这些代码示例主要来源于Github/Stackoverflow/Maven等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。Assertion类的具体详情如下:
包路径:org.apereo.cas.validation.Assertion
类名称:Assertion

Assertion介绍

[英]Represents a security assertion obtained from a successfully validated ticket.
[中]表示从成功验证的票证中获取的安全断言。

代码示例

代码示例来源:origin: org.apereo.cas/cas-server-core-authentication-mfa-api

@Override
  public Pair<Boolean, Optional<MultifactorAuthenticationProvider>> validateAuthenticationContext(final Assertion assertion, final HttpServletRequest request) {
    LOGGER.debug("Locating the primary authentication associated with this service request [{}]", assertion.getService());
    val registeredService = servicesManager.findServiceBy(assertion.getService());
    val authentication = assertion.getPrimaryAuthentication();

    val requestedContext = multifactorTriggerSelectionStrategy.resolve(request, registeredService, authentication, assertion.getService());
    if (requestedContext.isEmpty()) {
      LOGGER.debug("No particular authentication context is required for this request");
      return Pair.of(Boolean.TRUE, Optional.empty());
    }

    return authenticationContextValidator.validate(authentication, requestedContext.get(), registeredService);
  }
}

代码示例来源:origin: org.apereo.cas/cas-server-core-authentication-api

/**
 * Is remember me authentication?
 * looks at the authentication object to find {@link RememberMeCredential#AUTHENTICATION_ATTRIBUTE_REMEMBER_ME}
 * and expects the assertion to also note a new login session.
 *
 * @param model     the model
 * @param assertion the assertion
 * @return true if remember-me, false if otherwise.
 */
public static boolean isRememberMeAuthentication(final Authentication model, final Assertion assertion) {
  val authnAttributes = convertAttributeValuesToMultiValuedObjects(model.getAttributes());
  val authnMethod = (Collection) authnAttributes.get(RememberMeCredential.AUTHENTICATION_ATTRIBUTE_REMEMBER_ME);
  return authnMethod != null && authnMethod.contains(Boolean.TRUE) && assertion.isFromNewLogin();
}

代码示例来源:origin: org.apereo.cas/cas-server-core-validation-api

@Override
  protected boolean isSatisfiedByInternal(final Assertion assertion) {
    LOGGER.trace("Number of chained authentications in the assertion [{}]", assertion.getChainedAuthentications().size());
    return assertion.getChainedAuthentications().size() == 1;
  }
}

代码示例来源:origin: org.apereo.cas/cas-server-core-web-api

/**
 * Gets the authentication from the model.
 *
 * @param model the model
 * @return the assertion from
 * @since 4.1.0
 */
protected Authentication getPrimaryAuthenticationFrom(final Map<String, Object> model) {
  return getAssertionFrom(model).getPrimaryAuthentication();
}

代码示例来源:origin: org.apereo.cas/cas-server-core-validation

@Bean
  @ConditionalOnMissingBean(name = "requestedContextValidator")
  public RequestedContextValidator requestedContextValidator() {
    return (assertion, request) -> {
      LOGGER.debug("Locating the primary authentication associated with this service request [{}]", assertion.getService());
      val service = servicesManager.getIfAvailable().findServiceBy(assertion.getService());
      RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(assertion.getService(), service);
      return Pair.of(Boolean.TRUE, Optional.empty());
    };
  }
}

代码示例来源:origin: org.apereo.cas/cas-server-support-openid

/**
 * Determine identity.
 *
 * @param service   the service
 * @param assertion the assertion
 * @return the string
 */
protected String determineIdentity(final OpenIdService service, final Assertion assertion) {
  if (assertion != null && OpenIdProtocolConstants.OPENID_IDENTIFIERSELECT.equals(service.getIdentity())) {
    return this.openIdPrefixUrl + '/' + assertion.getPrimaryAuthentication().getPrincipal().getId();
  }
  return service.getIdentity();
}

代码示例来源:origin: org.apereo.cas/cas-server-support-saml

val service = getAssertionFrom(model).getService();
LOGGER.debug("Preparing SAML response for service [{}]", service);

代码示例来源:origin: org.apereo.cas/cas-server-core-validation-api

@Override
  public void authorize(final HttpServletRequest request, final Service service, final Assertion assertion) {
    val registeredService = this.servicesManager.findServiceBy(service);
    RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(service, registeredService);

    if (registeredService.getRequiredHandlers() != null && !registeredService.getRequiredHandlers().isEmpty()) {
      LOGGER.debug("Evaluating service [{}] to ensure required authentication handlers can satisfy assertion", service);
      val attributes = assertion.getPrimaryAuthentication().getAttributes();
      if (attributes.containsKey(AuthenticationHandler.SUCCESSFUL_AUTHENTICATION_HANDLERS)) {
        val assertedHandlers = CollectionUtils.toCollection(
          attributes.get(AuthenticationHandler.SUCCESSFUL_AUTHENTICATION_HANDLERS));
        val matchesAll = assertedHandlers.containsAll(registeredService.getRequiredHandlers());
        if (!matchesAll) {
          throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, StringUtils.EMPTY);
        }
      }
    }
  }
}

代码示例来源:origin: org.apereo.cas/cas-server-support-validation

throw new UnsatisfiedAuthenticationContextTicketValidationException(assertion.getService());

代码示例来源:origin: org.apereo.cas/cas-server-core-validation-api

@Override
public boolean isSatisfiedBy(final Assertion assertion, final HttpServletRequest request) {
  LOGGER.trace("Is validation specification set to enforce [{}] protocol behavior? [{}]. Is assertion issued from a new login? [{}]",
    CasProtocolConstants.PARAMETER_RENEW, BooleanUtils.toStringYesNo(this.renew),
    BooleanUtils.toStringYesNo(assertion.isFromNewLogin()));
  var satisfied = isSatisfiedByInternal(assertion);
  if (!satisfied) {
    LOGGER.warn("[{}] is not internally satisfied by the produced assertion", getClass().getSimpleName());
    return false;
  }
  satisfied = !this.renew || assertion.isFromNewLogin();
  if (!satisfied) {
    LOGGER.warn("[{}] is to enforce the [{}] CAS protocol behavior, yet the assertion is not issued from a new login", getClass().getSimpleName(),
      CasProtocolConstants.PARAMETER_RENEW);
    return false;
  }
  LOGGER.trace("Validation specification is satisfied by the produced assertion");
  return true;
}

代码示例来源:origin: org.apereo.cas/cas-server-core-validation-api

@Override
  protected boolean isSatisfiedByInternal(final Assertion assertion) {
    LOGGER.trace("Number of chained authentications in the assertion [{}]", assertion.getChainedAuthentications().size());
    return assertion.getChainedAuthentications().size() == 1;
  }
}

代码示例来源:origin: org.apereo.cas/cas-server-support-pac4j-core

@Override
  public void authorize(final HttpServletRequest request, final Service service, final Assertion assertion) {
    val registeredService = this.servicesManager.findServiceBy(service);
    RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(service, registeredService);
    LOGGER.debug("Evaluating service [{}] for delegated authentication policy", service);
    val policy = registeredService.getAccessStrategy().getDelegatedAuthenticationPolicy();
    if (policy != null) {
      val attributes = assertion.getPrimaryAuthentication().getAttributes();

      if (attributes.containsKey(ClientCredential.AUTHENTICATION_ATTRIBUTE_CLIENT_NAME)) {
        val clientNameAttr = attributes.get(ClientCredential.AUTHENTICATION_ATTRIBUTE_CLIENT_NAME);
        val value = CollectionUtils.firstElement(clientNameAttr);
        if (value.isPresent()) {
          val client = value.get().toString();
          LOGGER.debug("Evaluating delegated authentication policy [{}] for client [{}] and service [{}]", policy, client, registeredService);

          val context = AuditableContext.builder()
            .registeredService(registeredService)
            .properties(CollectionUtils.wrap(Client.class.getSimpleName(), client))
            .build();
          val result = delegatedAuthenticationPolicyEnforcer.execute(context);
          result.throwExceptionIfNeeded();
        }
      }
    }
  }
}

代码示例来源:origin: org.apereo.cas/cas-server-core-authentication-attributes

attrs.put(CasProtocolConstants.VALIDATION_CAS_MODEL_ATTRIBUTE_NAME_FROM_NEW_LOGIN, CollectionUtils.wrap(assertion.isFromNewLogin()));

代码示例来源:origin: org.apereo.cas/cas-server-core-web-api

/**
 * Gets chained authentications.
 * Note that the last index in the list always describes the primary authentication
 * event. All others in the chain should denote proxies. Per the CAS protocol,
 * when authentication has proceeded through multiple proxies,
 * the order in which the proxies were traversed MUST be reflected in the response.
 * The most recently-visited proxy MUST be the first proxy listed, and all the
 * other proxies MUST be shifted down as new proxies are added.
 *
 * @param model the model
 * @return the chained authentications
 */
protected Collection<Authentication> getChainedAuthentications(final Map<String, Object> model) {
  val assertion = getAssertionFrom(model);
  val chainedAuthentications = assertion.getChainedAuthentications();
  return chainedAuthentications.stream().limit(chainedAuthentications.size() - 1).collect(Collectors.toList());
}

相关文章