use of org.apereo.cas.services.RegisteredServiceDelegatedAuthenticationPolicy in project cas by apereo.
the class Pac4jServiceTicketValidationAuthorizer method authorize.
@Override
public void authorize(final HttpServletRequest request, final Service service, final Assertion assertion) {
final RegisteredService registeredService = this.servicesManager.findServiceBy(service);
RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(service, registeredService);
LOGGER.debug("Evaluating service [{}] for delegated authentication policy", service);
final RegisteredServiceDelegatedAuthenticationPolicy policy = registeredService.getAccessStrategy().getDelegatedAuthenticationPolicy();
if (policy != null) {
final Map<String, Object> attributes = assertion.getPrimaryAuthentication().getAttributes();
if (attributes.containsKey(ClientCredential.AUTHENTICATION_ATTRIBUTE_CLIENT_NAME)) {
final Object clientNameAttr = attributes.get(ClientCredential.AUTHENTICATION_ATTRIBUTE_CLIENT_NAME);
final Optional<Object> value = CollectionUtils.firstElement(clientNameAttr);
if (value.isPresent()) {
final String client = value.get().toString();
LOGGER.debug("Evaluating delegated authentication policy [{}] for client [{}] and service [{}]", policy, client, registeredService);
final AuditableContext context = AuditableContext.builder().registeredService(registeredService).properties(CollectionUtils.wrap(Client.class.getSimpleName(), client)).build();
final AuditableExecutionResult result = delegatedAuthenticationPolicyEnforcer.execute(context);
result.throwExceptionIfNeeded();
}
}
}
}
Aggregations