Example 21 with Audit
use of org.apereo.inspektr.audit.annotation.Audit in project cas by apereo.
the class DefaultConsentEngine method storeConsentDecision.
@Audit(action = AuditableActions.SAVE_CONSENT, actionResolverName = AuditActionResolvers.SAVE_CONSENT_ACTION_RESOLVER, resourceResolverName = AuditResourceResolvers.SAVE_CONSENT_RESOURCE_RESOLVER)
@Override
public ConsentDecision storeConsentDecision(final Service service, final RegisteredService registeredService, final Authentication authentication, final long reminder, final ChronoUnit reminderTimeUnit, final ConsentReminderOptions options) throws Exception {
val attributes = resolveConsentableAttributesFrom(authentication, service, registeredService);
attributes.replaceAll((key, value) -> {
var attr = CasConsentableAttribute.builder().name(key).values(value).build();
for (val builder : this.consentableAttributeBuilders) {
LOGGER.trace("Preparing to build consentable attribute [{}] via [{}]", attr, builder.getName());
attr = builder.build(attr);
LOGGER.trace("Finalized consentable attribute [{}]", attr);
}
return attr.getValues();
});
val principalId = authentication.getPrincipal().getId();
val decisionFound = findConsentDecision(service, registeredService, authentication);
val supplier = FunctionUtils.doIfNull(decisionFound, () -> consentDecisionBuilder.build(service, registeredService, principalId, attributes), () -> consentDecisionBuilder.update(decisionFound, attributes));
val decision = supplier.get();
decision.setOptions(options);
decision.setReminder(reminder);
decision.setReminderTimeUnit(reminderTimeUnit);
return consentRepository.storeConsentDecision(decision);
}
Also used :
lombok.val(lombok.val)
Audit(org.apereo.inspektr.audit.annotation.Audit)
Example 22 with Audit
use of org.apereo.inspektr.audit.annotation.Audit in project cas by apereo.
the class BaseSamlProfileSamlResponseBuilder method build.
@Audit(action = AuditableActions.SAML2_RESPONSE, actionResolverName = AuditActionResolvers.SAML2_RESPONSE_ACTION_RESOLVER, resourceResolverName = AuditResourceResolvers.SAML2_RESPONSE_RESOURCE_RESOLVER)
@Override
public T build(final SamlProfileBuilderContext context) throws Exception {
val assertion = buildSamlAssertion(context);
val finalResponse = buildResponse(assertion, context);
return encodeFinalResponse(context, finalResponse);
}
Also used :
lombok.val(lombok.val)
Audit(org.apereo.inspektr.audit.annotation.Audit)
Example 23 with Audit
use of org.apereo.inspektr.audit.annotation.Audit in project cas by apereo.
the class ChainingAccountRegistrationProvisioner method provision.
@Audit(action = AuditableActions.ACCOUNT_REGISTRATION, actionResolverName = AuditActionResolvers.ACCOUNT_REGISTRATION_PROVISIONING_ACTION_RESOLVER, resourceResolverName = AuditResourceResolvers.ACCOUNT_REGISTRATION_PROVISIONING_RESOURCE_RESOLVER)
@Override
public AccountRegistrationResponse provision(final AccountRegistrationRequest request) throws Exception {
val aggregate = new AccountRegistrationResponse();
provisioners.forEach(Unchecked.consumer(p -> aggregate.collect(p.provision(request))));
return aggregate;
}
Also used :
lombok.val(lombok.val)
List(java.util.List)
Unchecked(org.jooq.lambda.Unchecked)
AccountRegistrationRequest(org.apereo.cas.acct.AccountRegistrationRequest)
AccountRegistrationResponse(org.apereo.cas.acct.AccountRegistrationResponse)
Audit(org.apereo.inspektr.audit.annotation.Audit)
RequiredArgsConstructor(lombok.RequiredArgsConstructor)
lombok.val(lombok.val)
AuditResourceResolvers(org.apereo.cas.audit.AuditResourceResolvers)
AuditableActions(org.apereo.cas.audit.AuditableActions)
AuditActionResolvers(org.apereo.cas.audit.AuditActionResolvers)
AccountRegistrationResponse(org.apereo.cas.acct.AccountRegistrationResponse)
Audit(org.apereo.inspektr.audit.annotation.Audit)
Example 24 with Audit
use of org.apereo.inspektr.audit.annotation.Audit in project cas by apereo.
the class DefaultAuthenticationRiskEvaluator method eval.
@Audit(action = AuditableActions.EVALUATE_RISKY_AUTHENTICATION, actionResolverName = AuditActionResolvers.ADAPTIVE_RISKY_AUTHENTICATION_ACTION_RESOLVER, resourceResolverName = AuditResourceResolvers.ADAPTIVE_RISKY_AUTHENTICATION_RESOURCE_RESOLVER)
@Override
public AuthenticationRiskScore eval(final Authentication authentication, final RegisteredService service, final HttpServletRequest request) {
val activeCalculators = this.calculators.stream().filter(BeanSupplier::isNotProxy).collect(Collectors.toList());
if (activeCalculators.isEmpty()) {
return new AuthenticationRiskScore(AuthenticationRequestRiskCalculator.HIGHEST_RISK_SCORE);
}
val scores = activeCalculators.stream().map(r -> r.calculate(authentication, service, request)).filter(Objects::nonNull).collect(Collectors.toList());
val sum = scores.stream().map(AuthenticationRiskScore::getScore).filter(Objects::nonNull).reduce(BigDecimal.ZERO, BigDecimal::add);
val score = sum.divide(BigDecimal.valueOf(activeCalculators.size()), 2, RoundingMode.UP);
return new AuthenticationRiskScore(score);
}
Also used :
lombok.val(lombok.val)
AuthenticationRiskScore(org.apereo.cas.api.AuthenticationRiskScore)
BigDecimal(java.math.BigDecimal)
Audit(org.apereo.inspektr.audit.annotation.Audit)
Example 25 with Audit
use of org.apereo.inspektr.audit.annotation.Audit in project cas by apereo.
the class RegisteredServiceAccessStrategyAuditableEnforcer method execute.
@Override
@Audit(action = AuditableActions.SERVICE_ACCESS_ENFORCEMENT, actionResolverName = AuditActionResolvers.SERVICE_ACCESS_ENFORCEMENT_ACTION_RESOLVER, resourceResolverName = AuditResourceResolvers.SERVICE_ACCESS_ENFORCEMENT_RESOURCE_RESOLVER)
public AuditableExecutionResult execute(final AuditableContext context) {
return byExternalGroovyScript(context).or(() -> byServiceTicketAndAuthnResultAndRegisteredService(context)).or(() -> byServiceAndRegisteredServiceAndTicketGrantingTicket(context)).or(() -> byServiceAndRegisteredServiceAndPrincipal(context)).or(() -> byServiceAndRegisteredServiceAndAuthentication(context)).or(() -> byServiceAndRegisteredService(context)).or(() -> byRegisteredService(context)).orElseGet(() -> {
val result = AuditableExecutionResult.builder().build();
result.setException(new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, "Service unauthorized"));
return result;
});
}
Also used :
lombok.val(lombok.val)
Audit(org.apereo.inspektr.audit.annotation.Audit)
Aggregations
Audit (org.apereo.inspektr.audit.annotation.Audit)31
lombok.val (lombok.val)21
Counted (com.codahale.metrics.annotation.Counted)4
Metered (com.codahale.metrics.annotation.Metered)4
Timed (com.codahale.metrics.annotation.Timed)4
Principal (org.apereo.cas.authentication.principal.Principal)4
TicketGrantingTicket (org.apereo.cas.ticket.TicketGrantingTicket)4
HashMap (java.util.HashMap)3
AuditActionResolvers (org.apereo.cas.audit.AuditActionResolvers)3
AuditResourceResolvers (org.apereo.cas.audit.AuditResourceResolvers)3
AuditableActions (org.apereo.cas.audit.AuditableActions)3
UnresolvedPrincipalException (org.apereo.cas.authentication.exceptions.UnresolvedPrincipalException)3
NullPrincipal (org.apereo.cas.authentication.principal.NullPrincipal)3
ServiceContext (org.apereo.cas.services.ServiceContext)3
InvalidTicketException (org.apereo.cas.ticket.InvalidTicketException)3
RequiredArgsConstructor (lombok.RequiredArgsConstructor)2
AuditableContext (org.apereo.cas.audit.AuditableContext)2
AuditableExecutionResult (org.apereo.cas.audit.AuditableExecutionResult)2
UsernamePasswordCredential (org.apereo.cas.authentication.UsernamePasswordCredential)2
UnauthorizedProxyingException (org.apereo.cas.services.UnauthorizedProxyingException)2
