ServiceAuthorizationCheckWithCustomView.java example

Explorer

cas-addons-master
- src
  - main
    - java
      - net
        unicon
        cas
        addons
        authentication
        AuthenticationSupport.java
        PasswordExpirationStatusPolicy.java
        handler
        EmailAddressToPrincipalNameTransformer.java
        ShiroHashServicePasswordEncoder.java
        StormpathAuthenticationHandler.java
        package-info.java
        internal
        DefaultAuthenticationSupport.java
        package-info.java
        package-info.java
        principal
        EmailAddressPasswordCredentialsToPrincipalResolver.java
        StormpathPrincipal.java
        StormpathPrincipalResolver.java
        package-info.java
        util
        PrincipalUtils.java
        package-info.java
        strong
        AdditionalAuthenticationFactorPolicy.java
        oath
        totp
        TOTP.java
        TOTPUtils.java
        TotpAuthenticationHandler.java
        TotpOathDetailsSource.java
        package-info.java
        package-info.java
        yubikey
        YubiKeyAccountRegistry.java
        YubiKeyAuthenticationHandler.java
        package-info.java
        support
        Assertions.java
        PasswordExpirationStatusPolicySupport.java
        package-info.java
        config
        CasNamespaceHandler.java
        package-info.java
        info
        CasServerVersionInfoEmitter.java
        SingleSignOnSessionsReport.java
        SingleSignOnSessionsReportResource.java
        events
        AbstractCasServiceAccessEvent.java
        AbstractCasSsoEvent.java
        CasServiceTicketGrantedEvent.java
        CasServiceTicketValidatedEvent.java
        CasSsoSessionDestroyedEvent.java
        CasSsoSessionEstablishedEvent.java
        CentralAuthenticationServiceEventsPublishingAspect.java
        listeners
        RedisStatsRecorderForServiceTicketValidatedEvents.java
        RedisStatsRecorderForSsoSessionEstablishedEvents.java
        package-info.java
        package-info.java
        internal
        DefaultSingleSignOnSessionsReport.java
        package-info.java
        package-info.java
        persondir
        GrouperPersonAttributeDao.java
        JsonBackedComplexStubPersonAttributeDao.java
        NamedStubPersonAttributeDao.java
        package-info.java
        response
        ServiceValidateFailureJsonView.java
        ServiceValidateSuccessJsonView.java
        TicketValidationJsonResponse.java
        package-info.java
        view
        saml
        NoSamlNamespaceAbstractSaml10ResponseView.java
        Saml10SuccessResponseView.java
        package-info.java
        serviceregistry
        JsonServiceRegistryDao.java
        ReadWriteJsonServiceRegistryDao.java
        RegexRegisteredServiceWithAttributes.java
        RegisteredServiceWithAttributes.java
        RegisteredServiceWithAttributesImpl.java
        RegisteredServicesReloadDisablingBeanFactoryPostProcessor.java
        mongodb
        MongoServiceRegistryDao.java
        package-info.java
        package-info.java
        services
        RegisteredServicesPolicies.java
        authorization
        RegisteredServiceAuthorizer.java
        RoleBasedServiceAuthorizationException.java
        ServiceAuthorizationAction.java
        package-info.java
        internal
        DefaultRegisteredServicesPolicies.java
        package-info.java
        package-info.java
        support
        GuardedBy.java
        Immutable.java
        NotThreadSafe.java
        ResourceChangeDetectingEventNotifier.java
        ThreadSafe.java
        TimingAspectRemovingBeanFactoryPostProcessor.java
        package-info.java
        ticket
        BulkRetrievalOfTicketsNotSupportedException.java
        TicketSupport.java
        expiration
        CompositeTicketGrantingTicketExpirationPolicy.java
        IpAddressBasedExpirationPolicyEvaluator.java
        TicketExpirationPolicyEvaluator.java
        package-info.java
        internal
        DefaultTicketSupport.java
        HostNameBasedUniqueTicketIdGenerator.java
        package-info.java
        package-info.java
        registry
        HazelcastTicketRegistry.java
        package-info.java
        web
        flow
        InMemoryServiceRedirectionByClientIpAddressAdvisor.java
        ServiceAuthorizationCheckWithCustomView.java
        ServiceRedirectionAction.java
        ServiceRedirectionAdvisor.java
        package-info.java
        support
        ServiceInitiatingWebSsoAwareCookieGenerator.java
        SsoDestroyingServiceValidateController.java
        package-info.java
        view
        CasLoginViewSelector.java
        RequestParameterCasLoginViewSelector.java
        package-info.java
  - test
    - java
      - net
        unicon
        cas
        addons
        config
        CasNamespaceAuthenticationManagerWithAcceptUsersHandlerParserTests.java
        CasNamespaceAuthenticationManagerWithBindLdapHandlerParserTests.java
        CasNamespaceEventsRedisRecorderBeanDefinitionParserTests.java
        CasNamespaceHazelcastTicketRegistryParserTests.java
        CasNamespaceParsersTests.java
        CasNamespaceReadWriteJsonServiceRegistryDaoParserTests.java
        ticket
        registry
        HazelcastTicketRegistryTests.java

package net.unicon.cas.addons.web.flow;

import net.unicon.cas.addons.serviceregistry.RegisteredServiceWithAttributes;
import org.jasig.cas.authentication.principal.Service;
import org.jasig.cas.services.RegisteredService;
import org.jasig.cas.services.ServicesManager;
import org.jasig.cas.services.UnauthorizedServiceException;
import org.jasig.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

import javax.validation.constraints.NotNull;

/**
 * Performs a basic check if an authentication request for a provided service is authorized to proceed
 * based on the registered services registry configuration (or lack thereof).
 * <p/>
 * Adds an additional support for a custom <i>unauthorizedUrl</i> attribute in case of a registered service is
 * not enabled.
 *
 * @author Dmitriy Kopylenko
 * @author Unicon, inc.
 * @since 1.0.2
 */
public final class ServiceAuthorizationCheckWithCustomView extends AbstractAction {

	@NotNull
	private final ServicesManager servicesManager;

	private final Logger logger = LoggerFactory.getLogger(this.getClass());

	private static final String DISABLED_SERVICE_URL_ATTRIBUTE = "disabledServiceUrl";

	public ServiceAuthorizationCheckWithCustomView(final ServicesManager servicesManager) {
		this.servicesManager = servicesManager;
	}

	@Override
	protected Event doExecute(final RequestContext context) throws Exception {
		final Service service = WebUtils.getService(context);
		//No service == plain /login request. Return success indicating transition to the login form
		if (service == null) {
			return success();
		}
		final RegisteredService registeredService = this.servicesManager.findServiceBy(service);

		if (registeredService == null) {
			logger.warn("Unauthorized Service Access for Service: [ {} ] - service is not defined in the service registry.", service.getId());
			throw new UnauthorizedServiceException();
		}
		else if (!registeredService.isEnabled()) {
			logger.warn("Unauthorized Service Access for Service: [ {} ] - service is not enabled in the service registry.", service.getId());
			if (registeredService instanceof RegisteredServiceWithAttributes) {
				String disabledServiceUrl = (String) RegisteredServiceWithAttributes.class.cast(registeredService).getExtraAttributes().get(DISABLED_SERVICE_URL_ATTRIBUTE);
				if (disabledServiceUrl != null) {
					context.getRequestScope().put(DISABLED_SERVICE_URL_ATTRIBUTE, disabledServiceUrl);
					return no();
				}
			}
			throw new UnauthorizedServiceException();
		}
		return success();
	}
}