use of org.apereo.inspektr.audit.annotation.Audit in project cas by apereo.
the class DefaultConsentEngine method storeConsentDecision.
@Audit(action = AuditableActions.SAVE_CONSENT, actionResolverName = AuditActionResolvers.SAVE_CONSENT_ACTION_RESOLVER, resourceResolverName = AuditResourceResolvers.SAVE_CONSENT_RESOURCE_RESOLVER)
@Override
public ConsentDecision storeConsentDecision(final Service service, final RegisteredService registeredService, final Authentication authentication, final long reminder, final ChronoUnit reminderTimeUnit, final ConsentReminderOptions options) throws Exception {
val attributes = resolveConsentableAttributesFrom(authentication, service, registeredService);
attributes.replaceAll((key, value) -> {
var attr = CasConsentableAttribute.builder().name(key).values(value).build();
for (val builder : this.consentableAttributeBuilders) {
LOGGER.trace("Preparing to build consentable attribute [{}] via [{}]", attr, builder.getName());
attr = builder.build(attr);
LOGGER.trace("Finalized consentable attribute [{}]", attr);
}
return attr.getValues();
});
val principalId = authentication.getPrincipal().getId();
val decisionFound = findConsentDecision(service, registeredService, authentication);
val supplier = FunctionUtils.doIfNull(decisionFound, () -> consentDecisionBuilder.build(service, registeredService, principalId, attributes), () -> consentDecisionBuilder.update(decisionFound, attributes));
val decision = supplier.get();
decision.setOptions(options);
decision.setReminder(reminder);
decision.setReminderTimeUnit(reminderTimeUnit);
return consentRepository.storeConsentDecision(decision);
}
use of org.apereo.inspektr.audit.annotation.Audit in project cas by apereo.
the class BaseSamlProfileSamlResponseBuilder method build.
@Audit(action = AuditableActions.SAML2_RESPONSE, actionResolverName = AuditActionResolvers.SAML2_RESPONSE_ACTION_RESOLVER, resourceResolverName = AuditResourceResolvers.SAML2_RESPONSE_RESOURCE_RESOLVER)
@Override
public T build(final SamlProfileBuilderContext context) throws Exception {
val assertion = buildSamlAssertion(context);
val finalResponse = buildResponse(assertion, context);
return encodeFinalResponse(context, finalResponse);
}
use of org.apereo.inspektr.audit.annotation.Audit in project cas by apereo.
the class ChainingAccountRegistrationProvisioner method provision.
@Audit(action = AuditableActions.ACCOUNT_REGISTRATION, actionResolverName = AuditActionResolvers.ACCOUNT_REGISTRATION_PROVISIONING_ACTION_RESOLVER, resourceResolverName = AuditResourceResolvers.ACCOUNT_REGISTRATION_PROVISIONING_RESOURCE_RESOLVER)
@Override
public AccountRegistrationResponse provision(final AccountRegistrationRequest request) throws Exception {
val aggregate = new AccountRegistrationResponse();
provisioners.forEach(Unchecked.consumer(p -> aggregate.collect(p.provision(request))));
return aggregate;
}
use of org.apereo.inspektr.audit.annotation.Audit in project cas by apereo.
the class DefaultAuthenticationRiskEvaluator method eval.
@Audit(action = AuditableActions.EVALUATE_RISKY_AUTHENTICATION, actionResolverName = AuditActionResolvers.ADAPTIVE_RISKY_AUTHENTICATION_ACTION_RESOLVER, resourceResolverName = AuditResourceResolvers.ADAPTIVE_RISKY_AUTHENTICATION_RESOURCE_RESOLVER)
@Override
public AuthenticationRiskScore eval(final Authentication authentication, final RegisteredService service, final HttpServletRequest request) {
val activeCalculators = this.calculators.stream().filter(BeanSupplier::isNotProxy).collect(Collectors.toList());
if (activeCalculators.isEmpty()) {
return new AuthenticationRiskScore(AuthenticationRequestRiskCalculator.HIGHEST_RISK_SCORE);
}
val scores = activeCalculators.stream().map(r -> r.calculate(authentication, service, request)).filter(Objects::nonNull).collect(Collectors.toList());
val sum = scores.stream().map(AuthenticationRiskScore::getScore).filter(Objects::nonNull).reduce(BigDecimal.ZERO, BigDecimal::add);
val score = sum.divide(BigDecimal.valueOf(activeCalculators.size()), 2, RoundingMode.UP);
return new AuthenticationRiskScore(score);
}
use of org.apereo.inspektr.audit.annotation.Audit in project cas by apereo.
the class RegisteredServiceAccessStrategyAuditableEnforcer method execute.
@Override
@Audit(action = AuditableActions.SERVICE_ACCESS_ENFORCEMENT, actionResolverName = AuditActionResolvers.SERVICE_ACCESS_ENFORCEMENT_ACTION_RESOLVER, resourceResolverName = AuditResourceResolvers.SERVICE_ACCESS_ENFORCEMENT_RESOURCE_RESOLVER)
public AuditableExecutionResult execute(final AuditableContext context) {
return byExternalGroovyScript(context).or(() -> byServiceTicketAndAuthnResultAndRegisteredService(context)).or(() -> byServiceAndRegisteredServiceAndTicketGrantingTicket(context)).or(() -> byServiceAndRegisteredServiceAndPrincipal(context)).or(() -> byServiceAndRegisteredServiceAndAuthentication(context)).or(() -> byServiceAndRegisteredService(context)).or(() -> byRegisteredService(context)).orElseGet(() -> {
val result = AuditableExecutionResult.builder().build();
result.setException(new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, "Service unauthorized"));
return result;
});
}
Aggregations