use of org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy in project cas by apereo.
the class LdapServiceRegistryDaoTests method verifyUpdatingServices.
@Test
public void verifyUpdatingServices() {
this.dao.save(getRegexRegisteredService());
final List<RegisteredService> services = this.dao.load();
final AbstractRegisteredService rs = (AbstractRegisteredService) this.dao.findServiceById(services.get(0).getId());
assertNotNull(rs);
rs.setEvaluationOrder(9999);
rs.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
rs.setName("Another Test Service");
rs.setDescription("The new description");
rs.setServiceId("https://hello.world");
rs.setProxyPolicy(new RegexMatchingRegisteredServiceProxyPolicy("https"));
rs.setAttributeReleasePolicy(new ReturnAllowedAttributeReleasePolicy());
assertNotNull(this.dao.save(rs));
final RegisteredService rs3 = this.dao.findServiceById(rs.getId());
assertEquals(rs3.getName(), rs.getName());
assertEquals(rs3.getDescription(), rs.getDescription());
assertEquals(rs3.getEvaluationOrder(), rs.getEvaluationOrder());
assertEquals(rs3.getUsernameAttributeProvider(), rs.getUsernameAttributeProvider());
assertEquals(rs3.getProxyPolicy(), rs.getProxyPolicy());
assertEquals(rs3.getUsernameAttributeProvider(), rs.getUsernameAttributeProvider());
assertEquals(rs3.getServiceId(), rs.getServiceId());
}
use of org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy in project cas by apereo.
the class DefaultProxyPolicyMapper method toProxyPolicy.
@Override
public RegisteredServiceProxyPolicy toProxyPolicy(final RegisteredServiceEditBean.ServiceData data) {
final RegisteredServiceProxyPolicyBean proxyPolicy = data.getProxyPolicy();
final RegisteredServiceProxyPolicyBean.Types type = proxyPolicy.getType();
if (type == RegisteredServiceProxyPolicyBean.Types.REGEX) {
final String value = proxyPolicy.getValue();
if (StringUtils.isNotBlank(value) && RegexUtils.isValidRegex(value)) {
return new RegexMatchingRegisteredServiceProxyPolicy(value);
} else {
throw new IllegalArgumentException("Invalid regex pattern specified for proxy policy: " + value);
}
} else if (type == RegisteredServiceProxyPolicyBean.Types.REFUSE) {
return new RefuseRegisteredServiceProxyPolicy();
}
return null;
}
use of org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy in project cas by apereo.
the class CasRegisteredServicesTestConfiguration method inMemoryRegisteredServices.
@Bean
public List inMemoryRegisteredServices() {
final List l = new ArrayList();
AbstractRegisteredService svc = RegisteredServiceTestUtils.getRegisteredService("testencryption$");
final ReturnAllowedAttributeReleasePolicy policy = new ReturnAllowedAttributeReleasePolicy();
policy.setAuthorizedToReleaseCredentialPassword(true);
policy.setAuthorizedToReleaseProxyGrantingTicket(true);
final RegisteredServicePublicKeyImpl publicKey = new RegisteredServicePublicKeyImpl();
publicKey.setLocation("classpath:keys/RSA1024Public.key");
svc.setPublicKey(publicKey);
svc.setAttributeReleasePolicy(policy);
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("testDefault");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("https://example\\.com/normal/.*");
svc.setEvaluationOrder(10);
svc.setAttributeReleasePolicy(new ReturnAllAttributeReleasePolicy());
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("https://example\\.com/high/.*");
svc.setEvaluationOrder(20);
svc.setAttributeReleasePolicy(new ReturnAllAttributeReleasePolicy());
final HashSet handlers = CollectionUtils.wrapHashSet(AcceptUsersAuthenticationHandler.class.getSimpleName(), TestOneTimePasswordAuthenticationHandler.class.getSimpleName());
svc.setRequiredHandlers(handlers);
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("(https://)*google.com$");
svc.setEvaluationOrder(1);
svc.setProxyPolicy(new RegexMatchingRegisteredServiceProxyPolicy(".+"));
svc.setPublicKey(new RegisteredServicePublicKeyImpl("classpath:keys/RSA4096Public.key", "RSA"));
final ReturnAllowedAttributeReleasePolicy policy1 = new ReturnAllowedAttributeReleasePolicy();
policy1.setAuthorizedToReleaseCredentialPassword(true);
policy1.setAuthorizedToReleaseProxyGrantingTicket(true);
svc.setAttributeReleasePolicy(policy1);
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("eduPersonTest");
svc.setUsernameAttributeProvider(new PrincipalAttributeRegisteredServiceUsernameProvider("eduPersonAffiliation"));
svc.setAttributeReleasePolicy(new ReturnAllAttributeReleasePolicy());
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("testencryption$");
final ReturnAllowedAttributeReleasePolicy policy2 = new ReturnAllowedAttributeReleasePolicy();
policy2.setAuthorizedToReleaseCredentialPassword(true);
policy2.setAuthorizedToReleaseProxyGrantingTicket(true);
svc.setAttributeReleasePolicy(policy2);
svc.setPublicKey(new RegisteredServicePublicKeyImpl("classpath:keys/RSA1024Public.key", "RSA"));
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("^TestServiceAttributeForAuthzFails");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(CollectionUtils.wrap("cn", CollectionUtils.wrapSet("cnValue"), "givenName", CollectionUtils.wrapSet("gnameValue"))));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("^TestSsoFalse");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(true, false));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("TestServiceAttributeForAuthzPasses");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(CollectionUtils.wrap("groupMembership", CollectionUtils.wrapSet("adopters"))));
svc.setAttributeReleasePolicy(new ReturnAllAttributeReleasePolicy());
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("eduPersonTestInvalid");
svc.setUsernameAttributeProvider(new PrincipalAttributeRegisteredServiceUsernameProvider("nonExistentAttributeName"));
svc.setAttributeReleasePolicy(new ReturnAllowedAttributeReleasePolicy(CollectionUtils.wrap("groupMembership")));
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("testAnonymous");
svc.setUsernameAttributeProvider(new AnonymousRegisteredServiceUsernameAttributeProvider());
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("^http://www.jasig.org.+");
svc.setProxyPolicy(new RegexMatchingRegisteredServiceProxyPolicy(".+"));
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("usernameAttributeProviderService");
svc.setUsernameAttributeProvider(new PrincipalAttributeRegisteredServiceUsernameProvider("cn"));
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("proxyService");
svc.setProxyPolicy(new RegexMatchingRegisteredServiceProxyPolicy("^https://.+"));
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("^test.*");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
svc.setEvaluationOrder(1000);
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("https://localhost.*");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
svc.setEvaluationOrder(100);
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("https://carmenwiki.osu.edu.*");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
svc.setEvaluationOrder(99);
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("jwtservice");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
final DefaultRegisteredServiceProperty prop = new DefaultRegisteredServiceProperty();
prop.setValues(CollectionUtils.wrapSet(Boolean.TRUE.toString()));
svc.getProperties().put(RegisteredServiceProperty.RegisteredServiceProperties.TOKEN_AS_SERVICE_TICKET.getPropertyName(), prop);
svc.setEvaluationOrder(2000);
l.add(svc);
return l;
}
use of org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy in project cas by apereo.
the class CasAddonsRegisteredServicesJsonSerializer method convertServiceProperties.
private RegisteredService convertServiceProperties(final Map serviceDataMap) {
final RegexRegisteredService service = new RegexRegisteredService();
service.setId(Long.parseLong(serviceDataMap.get("id").toString()));
service.setName(serviceDataMap.get("name").toString());
service.setDescription(serviceDataMap.getOrDefault("description", StringUtils.EMPTY).toString());
service.setServiceId(serviceDataMap.get("serviceId").toString().replace("**", ".*"));
service.setTheme(serviceDataMap.getOrDefault("theme", StringUtils.EMPTY).toString());
service.setEvaluationOrder(Integer.parseInt(serviceDataMap.getOrDefault("evaluationOrder", Integer.MAX_VALUE).toString()));
final boolean allowedProxy = Boolean.parseBoolean(serviceDataMap.getOrDefault("allowedToProxy", Boolean.FALSE).toString());
final boolean enabled = Boolean.parseBoolean(serviceDataMap.getOrDefault("enabled", Boolean.TRUE).toString());
final boolean ssoEnabled = Boolean.parseBoolean(serviceDataMap.getOrDefault("ssoEnabled", Boolean.TRUE).toString());
final boolean anonymousAccess = Boolean.parseBoolean(serviceDataMap.getOrDefault("anonymousAccess", Boolean.TRUE).toString());
if (allowedProxy) {
service.setProxyPolicy(new RegexMatchingRegisteredServiceProxyPolicy(".+"));
}
service.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(enabled, ssoEnabled));
if (anonymousAccess) {
service.setUsernameAttributeProvider(new AnonymousRegisteredServiceUsernameAttributeProvider());
}
final List<String> attributes = (List<String>) serviceDataMap.getOrDefault("allowedAttributes", new ArrayList<>());
service.setAttributeReleasePolicy(new ReturnAllowedAttributeReleasePolicy(attributes));
return service;
}
use of org.apereo.cas.services.RegexMatchingRegisteredServiceProxyPolicy in project cas by apereo.
the class BaseLdapServiceRegistryTests method verifyUpdatingServices.
@Test
public void verifyUpdatingServices() {
this.dao.save(getRegexRegisteredService());
final List<RegisteredService> services = this.dao.load();
final AbstractRegisteredService rs = (AbstractRegisteredService) this.dao.findServiceById(services.get(0).getId());
assertNotNull(rs);
rs.setEvaluationOrder(9999);
rs.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
rs.setName("Another Test Service");
rs.setDescription("The new description");
rs.setServiceId("https://hello.world");
rs.setProxyPolicy(new RegexMatchingRegisteredServiceProxyPolicy("https"));
rs.setAttributeReleasePolicy(new ReturnAllowedAttributeReleasePolicy());
assertNotNull(this.dao.save(rs));
final RegisteredService rs3 = this.dao.findServiceById(rs.getId());
assertEquals(rs3.getName(), rs.getName());
assertEquals(rs3.getDescription(), rs.getDescription());
assertEquals(rs3.getEvaluationOrder(), rs.getEvaluationOrder());
assertEquals(rs3.getUsernameAttributeProvider(), rs.getUsernameAttributeProvider());
assertEquals(rs3.getProxyPolicy(), rs.getProxyPolicy());
assertEquals(rs3.getUsernameAttributeProvider(), rs.getUsernameAttributeProvider());
assertEquals(rs3.getServiceId(), rs.getServiceId());
}
Aggregations