use of org.apereo.inspektr.audit.annotation.Audit in project cas by apereo.
the class RegisteredServiceDelegatedAuthenticationPolicyAuditableEnforcer method execute.
@Audit(action = AuditableActions.DELEGATED_CLIENT, actionResolverName = AuditActionResolvers.DELEGATED_CLIENT_ACTION_RESOLVER, resourceResolverName = AuditResourceResolvers.DELEGATED_CLIENT_RESOURCE_RESOLVER)
@Override
public AuditableExecutionResult execute(final AuditableContext context) {
val result = AuditableExecutionResult.of(context);
if (context.getRegisteredService().isPresent() && context.getProperties().containsKey(Client.class.getSimpleName())) {
val registeredService = context.getRegisteredService().orElseThrow();
val clientName = context.getProperties().get(Client.class.getSimpleName()).toString();
LOGGER.trace("Checking delegated access strategy of [{}] for client [{}]", registeredService, clientName);
val policy = registeredService.getAccessStrategy().getDelegatedAuthenticationPolicy();
if (policy != null) {
if (!policy.isProviderAllowed(clientName, registeredService)) {
LOGGER.debug("Delegated access strategy for [{}] does not permit client [{}]", registeredService, clientName);
val e = new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE, StringUtils.EMPTY);
result.setException(e);
}
}
}
return result;
}
Aggregations