PageRenderTime 48ms CodeModel.GetById 17ms RepoModel.GetById 0ms app.codeStats 0ms

/support/cas-server-support-okta-authentication/src/main/java/org/apereo/cas/okta/OktaAuthenticationStateHandlerAdapter.java

https://github.com/Jasig/cas
Java | 116 lines | 85 code | 20 blank | 11 comment | 5 complexity | 87ee63d45796b8e48865101438235ea8 MD5 | raw file
    

  1. package org.apereo.cas.okta;
    2. 

  2. 

  3. import org.apereo.cas.authentication.AuthenticationPasswordPolicyHandlingStrategy;
    4. 

  4. import org.apereo.cas.authentication.MessageDescriptor;
    5. 

  5. import org.apereo.cas.authentication.exceptions.AccountPasswordMustChangeException;
    6. 

  6. import org.apereo.cas.authentication.support.password.PasswordPolicyContext;
    7. 

  7. import org.apereo.cas.util.CollectionUtils;
    8. 

  8. import org.apereo.cas.util.LoggingUtils;
    9. 

  9. import org.apereo.cas.util.function.FunctionUtils;
    10. 

  10. 

  11. import com.okta.authn.sdk.AuthenticationStateHandlerAdapter;
    12. 

  12. import com.okta.authn.sdk.resource.AuthenticationResponse;
    13. 

  13. import lombok.Getter;
    14. 

  14. import lombok.RequiredArgsConstructor;
    15. 

  15. import lombok.extern.slf4j.Slf4j;
    16. 

  16. import lombok.val;
    17. 

  17. import org.apache.commons.lang3.StringUtils;
    18. 

  18. 

  19. import javax.security.auth.login.AccountExpiredException;
    20. 

  20. import javax.security.auth.login.AccountLockedException;
    21. 

  21. import javax.security.auth.login.AccountNotFoundException;
    22. 

  22. import javax.security.auth.login.FailedLoginException;
    23. 

  23. 

  24. import java.util.ArrayList;
    25. 

  25. import java.util.HashMap;
    26. 

  26. import java.util.List;
    27. 

  27. import java.util.Map;
    28. 

  28. 

  29. /**
    30. 

  30.  * This is {@link OktaAuthenticationStateHandlerAdapter}.
    31. 

  31.  *
    32. 

  32.  * @author Misagh Moayyed
    33. 

  33.  * @since 6.2.0
    34. 

  34.  */
    35. 

  35. @RequiredArgsConstructor
    36. 

  36. @Slf4j
    37. 

  37. @Getter
    38. 

  38. public class OktaAuthenticationStateHandlerAdapter extends AuthenticationStateHandlerAdapter {
    39. 

  39.     private final AuthenticationPasswordPolicyHandlingStrategy passwordPolicyHandlingStrategy;
    40. 

  40. 

  41.     private final PasswordPolicyContext passwordPolicyConfiguration;
    42. 

  42. 

  43.     private final Map<String, List<Object>> userAttributes = new HashMap<>(0);
    44. 

  44. 

  45.     private String username;
    46. 

  46. 

  47.     private Exception failureException;
    48. 

  48. 

  49.     private List<MessageDescriptor> warnings = new ArrayList<>(0);
    50. 

  50. 

  51.     @Override
    52. 

  52.     public void handleUnknown(final AuthenticationResponse authenticationResponse) {
    53. 

  53.         failureException = new AccountNotFoundException(authenticationResponse.getStatusString());
    54. 

  54.     }
    55. 

  55. 

  56.     @Override
    57. 

  57.     public void handleUnauthenticated(final AuthenticationResponse unauthenticatedResponse) {
    58. 

  58.         failureException = new FailedLoginException(unauthenticatedResponse.getStatusString());
    59. 

  59.     }
    60. 

  60. 

  61.     @Override
    62. 

  62.     public void handleSuccess(final AuthenticationResponse successResponse) {
    63. 

  63.         if (StringUtils.isNotBlank(successResponse.getSessionToken())) {
    64. 

  64.             val user = successResponse.getUser();
    65. 

  65.             this.username = user.getLogin();
    66. 

  66. 

  67.             FunctionUtils.doIfNotNull(successResponse.getSessionToken(), value -> userAttributes.put("oktaSessionToken", CollectionUtils.wrapList(value)));
    68. 

  68.             FunctionUtils.doIfNotNull(successResponse.getStatusString(), value -> userAttributes.put("oktaStatus", CollectionUtils.wrapList(value)));
    69. 

  69.             FunctionUtils.doIfNotNull(successResponse.getType(), value -> userAttributes.put("oktaType", CollectionUtils.wrapList(value)));
    70. 

  70.             FunctionUtils.doIfNotNull(successResponse.getExpiresAt(), value -> userAttributes.put("oktaExpiration", CollectionUtils.wrapList(value)));
    71. 

  71.             FunctionUtils.doIfNotNull(successResponse.getRecoveryType(), value -> userAttributes.put("oktaRecoveryType", CollectionUtils.wrapList(value)));
    72. 

  72.             
    73. 

  73.             user.getProfile().forEach((key, value) -> userAttributes.put(key, CollectionUtils.wrapList(value)));
    74. 

  74.         } else {
    75. 

  75.             handleUnauthenticated(successResponse);
    76. 

  76.         }
    77. 

  77.     }
    78. 

  78. 

  79.     @Override
    80. 

  80.     public void handlePasswordWarning(final AuthenticationResponse passwordWarning) {
    81. 

  81.         try {
    82. 

  82.             if (passwordPolicyHandlingStrategy.supports(passwordWarning)) {
    83. 

  83.                 warnings = passwordPolicyHandlingStrategy.handle(passwordWarning, passwordPolicyConfiguration);
    84. 

  84.             }
    85. 

  85.         } catch (final Exception e) {
    86. 

  86.             LoggingUtils.error(LOGGER, e);
    87. 

  87.         }
    88. 

  88.         handleUnknown(passwordWarning);
    89. 

  89.     }
    90. 

  90. 

  91.     @Override
    92. 

  92.     public void handlePasswordExpired(final AuthenticationResponse passwordExpired) {
    93. 

  93.         failureException = new AccountExpiredException(passwordExpired.getStatusString());
    94. 

  94.     }
    95. 

  95. 

  96.     @Override
    97. 

  97.     public void handlePasswordReset(final AuthenticationResponse passwordReset) {
    98. 

  98.         failureException = new AccountPasswordMustChangeException(passwordReset.getStatusString());
    99. 

  99.     }
    100. 

  100. 

  101.     @Override
    102. 

  102.     public void handleLockedOut(final AuthenticationResponse lockedOut) {
    103. 

  103.         failureException = new AccountLockedException(lockedOut.getStatusString());
    104. 

  104.     }
    105. 

  105. 

  106.     /**
    107. 

  107.      * Throw exception if necessary.
    108. 

  108.      *
    109. 

  109.      * @throws Exception the exception
    110. 

  110.      */
    111. 

  111.     public void throwExceptionIfNecessary() throws Exception {
    112. 

  112.         if (failureException != null) {
    113. 

  113.             throw this.failureException;
    114. 

  114.         }
    115. 

  115.     }
    116. 

  116. }
    117. 

  117.