Example 1 with WsGetGroupsResult
use of edu.internet2.middleware.grouperClient.ws.beans.WsGetGroupsResult in project cas by apereo.
the class GrouperFacade method getGroupsForSubjectId.
/**
* Gets groups for subject id.
*
* @param subjectId the principal
* @return the groups for subject id
*/
public static Collection<WsGetGroupsResult> getGroupsForSubjectId(final String subjectId) {
try {
final GcGetGroups groupsClient = new GcGetGroups().addSubjectId(subjectId);
final WsGetGroupsResult[] results = groupsClient.execute().getResults();
if (results == null || results.length == 0) {
LOGGER.warn("Subject id [{}] could not be located.", subjectId);
return new ArrayList<>(0);
}
LOGGER.debug("Found [{}] groups for [{}]", results.length, subjectId);
return CollectionUtils.wrapList(results);
} catch (final Exception e) {
LOGGER.warn("Grouper WS did not respond successfully. Ensure your credentials are correct " + ", the url endpoint for Grouper WS is correctly configured and the subject [{}] exists in Grouper.", subjectId, e);
}
return new ArrayList<>(0);
}
Also used :
WsGetGroupsResult(edu.internet2.middleware.grouperClient.ws.beans.WsGetGroupsResult)
GcGetGroups(edu.internet2.middleware.grouperClient.api.GcGetGroups)
ArrayList(java.util.ArrayList)
Example 2 with WsGetGroupsResult
use of edu.internet2.middleware.grouperClient.ws.beans.WsGetGroupsResult in project cas by apereo.
the class GrouperMultifactorAuthenticationPolicyEventResolver method resolveInternal.
@Override
public Set<Event> resolveInternal(final RequestContext context) {
final RegisteredService service = resolveRegisteredServiceInRequestContext(context);
final Authentication authentication = WebUtils.getAuthentication(context);
if (StringUtils.isBlank(grouperField)) {
LOGGER.debug("No group field is defined to process for Grouper multifactor trigger");
return null;
}
if (authentication == null || service == null) {
LOGGER.debug("No authentication or service is available to determine event for principal");
return null;
}
final Principal principal = authentication.getPrincipal();
final Collection<WsGetGroupsResult> results = GrouperFacade.getGroupsForSubjectId(principal.getId());
if (results.isEmpty()) {
LOGGER.debug("No groups could be found for [{}] to resolve events for MFA", principal);
return null;
}
final Map<String, MultifactorAuthenticationProvider> providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap == null || providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context");
throw new AuthenticationException();
}
final GrouperGroupField groupField = GrouperGroupField.valueOf(grouperField);
final Set<String> values = results.stream().map(wsGetGroupsResult -> Stream.of(wsGetGroupsResult.getWsGroups())).flatMap(Function.identity()).map(g -> GrouperFacade.getGrouperGroupAttribute(groupField, g)).collect(Collectors.toSet());
final Optional<MultifactorAuthenticationProvider> providerFound = resolveProvider(providerMap, values);
if (providerFound.isPresent()) {
final MultifactorAuthenticationProvider provider = providerFound.get();
if (provider.isAvailable(service)) {
LOGGER.debug("Attempting to build event based on the authentication provider [{}] and service [{}]", provider, service.getName());
final Event event = validateEventIdForMatchingTransitionInContext(provider.getId(), context, buildEventAttributeMap(authentication.getPrincipal(), service, provider));
return CollectionUtils.wrapSet(event);
}
LOGGER.warn("Located multifactor provider [{}], yet the provider cannot be reached or verified", providerFound.get());
return null;
}
LOGGER.debug("No multifactor provider could be found based on [{}]'s Grouper groups", principal.getId());
return null;
}
Also used :
CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties)
WsGetGroupsResult(edu.internet2.middleware.grouperClient.ws.beans.WsGetGroupsResult)
MultifactorAuthenticationProviderSelector(org.apereo.cas.services.MultifactorAuthenticationProviderSelector)
CentralAuthenticationService(org.apereo.cas.CentralAuthenticationService)
TicketRegistrySupport(org.apereo.cas.ticket.registry.TicketRegistrySupport)
RequestContext(org.springframework.webflow.execution.RequestContext)
Function(java.util.function.Function)
Authentication(org.apereo.cas.authentication.Authentication)
Map(java.util.Map)
CollectionUtils(org.apereo.cas.util.CollectionUtils)
AuthenticationSystemSupport(org.apereo.cas.authentication.AuthenticationSystemSupport)
GrouperFacade(org.apereo.cas.grouper.GrouperFacade)
MultifactorAuthenticationUtils(org.apereo.cas.authentication.MultifactorAuthenticationUtils)
CookieGenerator(org.springframework.web.util.CookieGenerator)
ServicesManager(org.apereo.cas.services.ServicesManager)
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)
StringUtils(edu.internet2.middleware.grouperClientExt.org.apache.commons.lang3.StringUtils)
GrouperGroupField(org.apereo.cas.grouper.GrouperGroupField)
Audit(org.apereo.inspektr.audit.annotation.Audit)
Collection(java.util.Collection)
AuthenticationServiceSelectionPlan(org.apereo.cas.authentication.AuthenticationServiceSelectionPlan)
Set(java.util.Set)
Collectors(java.util.stream.Collectors)
RegisteredService(org.apereo.cas.services.RegisteredService)
BaseMultifactorAuthenticationProviderEventResolver(org.apereo.cas.web.flow.authentication.BaseMultifactorAuthenticationProviderEventResolver)
Slf4j(lombok.extern.slf4j.Slf4j)
Stream(java.util.stream.Stream)
Optional(java.util.Optional)
Principal(org.apereo.cas.authentication.principal.Principal)
WebUtils(org.apereo.cas.web.support.WebUtils)
Event(org.springframework.webflow.execution.Event)
RegisteredService(org.apereo.cas.services.RegisteredService)
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
MultifactorAuthenticationProvider(org.apereo.cas.services.MultifactorAuthenticationProvider)
WsGetGroupsResult(edu.internet2.middleware.grouperClient.ws.beans.WsGetGroupsResult)
Authentication(org.apereo.cas.authentication.Authentication)
GrouperGroupField(org.apereo.cas.grouper.GrouperGroupField)
Event(org.springframework.webflow.execution.Event)
Principal(org.apereo.cas.authentication.principal.Principal)
Example 3 with WsGetGroupsResult
use of edu.internet2.middleware.grouperClient.ws.beans.WsGetGroupsResult in project uhgroupings by uhawaii-system-its-ti-iam.
the class GrouperFactoryServiceImplLocal method makeWsGetGroupsResults.
@Override
public WsGetGroupsResults makeWsGetGroupsResults(String username, WsStemLookup stemLookup, StemScope stemScope) {
WsGetGroupsResults wsGetGroupsResults = new WsGetGroupsResults();
WsGetGroupsResult wsGetGroupsResult = new WsGetGroupsResult();
WsGroup[] groups;
List<WsGroup> wsGroupList = new ArrayList<>();
List<Group> groupList = groupRepository.findByMembersUsername(username);
for (Group group : groupList) {
WsGroup g = new WsGroup();
g.setName(group.getPath());
wsGroupList.add(g);
}
groups = wsGroupList.toArray(new WsGroup[wsGroupList.size()]);
wsGetGroupsResult.setWsGroups(groups);
wsGetGroupsResults.setResults(new WsGetGroupsResult[] { wsGetGroupsResult });
return wsGetGroupsResults;
}
Also used :
WsGroup(edu.internet2.middleware.grouperClient.ws.beans.WsGroup)
Group(edu.hawaii.its.api.type.Group)
WsGetGroupsResult(edu.internet2.middleware.grouperClient.ws.beans.WsGetGroupsResult)
WsGetGroupsResults(edu.internet2.middleware.grouperClient.ws.beans.WsGetGroupsResults)
ArrayList(java.util.ArrayList)
WsGroup(edu.internet2.middleware.grouperClient.ws.beans.WsGroup)
Example 4 with WsGetGroupsResult
use of edu.internet2.middleware.grouperClient.ws.beans.WsGetGroupsResult in project cas by apereo.
the class GrouperMultifactorAuthenticationTrigger method isActivated.
@Override
public Optional<MultifactorAuthenticationProvider> isActivated(final Authentication authentication, final RegisteredService registeredService, final HttpServletRequest request, final HttpServletResponse response, final Service service) {
val grouperField = casProperties.getAuthn().getMfa().getTriggers().getGrouper().getGrouperGroupField();
if (StringUtils.isBlank(grouperField)) {
LOGGER.debug("No group field is defined to process for Grouper multifactor trigger");
return Optional.empty();
}
if (authentication == null || registeredService == null) {
LOGGER.debug("No authentication or service is available to determine event for principal");
return Optional.empty();
}
val providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(this.applicationContext);
if (providerMap.isEmpty()) {
LOGGER.error("No multifactor authentication providers are available in the application context");
throw new AuthenticationException();
}
val principal = authentication.getPrincipal();
val results = grouperFacade.getGroupsForSubjectId(principal.getId());
if (results.isEmpty()) {
LOGGER.debug("No groups could be found for [{}] to resolve events for MFA", principal);
return Optional.empty();
}
val groupField = GrouperGroupField.valueOf(grouperField);
val values = results.stream().map(wsGetGroupsResult -> Stream.of(wsGetGroupsResult.getWsGroups())).flatMap(Function.identity()).map(g -> GrouperFacade.getGrouperGroupAttribute(groupField, g)).collect(Collectors.toSet());
return MultifactorAuthenticationUtils.resolveProvider(providerMap, values);
}
Also used :
lombok.val(lombok.val)
CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties)
Ordered(org.springframework.core.Ordered)
Setter(lombok.Setter)
Getter(lombok.Getter)
RequiredArgsConstructor(lombok.RequiredArgsConstructor)
MultifactorAuthenticationProvider(org.apereo.cas.authentication.MultifactorAuthenticationProvider)
MultifactorAuthenticationTrigger(org.apereo.cas.authentication.MultifactorAuthenticationTrigger)
Function(java.util.function.Function)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
Authentication(org.apereo.cas.authentication.Authentication)
GrouperFacade(org.apereo.cas.grouper.GrouperFacade)
MultifactorAuthenticationUtils(org.apereo.cas.authentication.MultifactorAuthenticationUtils)
MultifactorAuthenticationProviderResolver(org.apereo.cas.authentication.MultifactorAuthenticationProviderResolver)
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
GrouperGroupField(org.apereo.cas.grouper.GrouperGroupField)
StringUtils(edu.internet2.middleware.grouperClientExt.org.apache.commons.lang3.StringUtils)
lombok.val(lombok.val)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ApplicationContext(org.springframework.context.ApplicationContext)
Collectors(java.util.stream.Collectors)
RegisteredService(org.apereo.cas.services.RegisteredService)
Slf4j(lombok.extern.slf4j.Slf4j)
Stream(java.util.stream.Stream)
Service(org.apereo.cas.authentication.principal.Service)
Optional(java.util.Optional)
AuthenticationException(org.apereo.cas.authentication.AuthenticationException)
Example 5 with WsGetGroupsResult
use of edu.internet2.middleware.grouperClient.ws.beans.WsGetGroupsResult in project cas by apereo.
the class GrouperRegisteredServiceAccessStrategyTests method checkGrouperNoGroups.
@Test
public void checkGrouperNoGroups() {
val strategy = new GrouperRegisteredServiceAccessStrategy() {
private static final long serialVersionUID = 8533229193475808261L;
@Override
protected Collection<WsGetGroupsResult> fetchWsGetGroupsResults(final String principal) {
return List.of();
}
};
val attrs = (Map) RegisteredServiceTestUtils.getTestAttributes("banderson");
assertFalse(strategy.doPrincipalAttributesAllowServiceAccess("banderson", attrs));
}
Also used :
lombok.val(lombok.val)
WsGetGroupsResult(edu.internet2.middleware.grouperClient.ws.beans.WsGetGroupsResult)
HashMap(java.util.HashMap)
Map(java.util.Map)
Test(org.junit.jupiter.api.Test)
Aggregations
WsGetGroupsResult (edu.internet2.middleware.grouperClient.ws.beans.WsGetGroupsResult)11
lombok.val (lombok.val)7
WsGroup (edu.internet2.middleware.grouperClient.ws.beans.WsGroup)5
Test (org.junit.jupiter.api.Test)5
ArrayList (java.util.ArrayList)4
Map (java.util.Map)4
WsGetGroupsResults (edu.internet2.middleware.grouperClient.ws.beans.WsGetGroupsResults)3
HashMap (java.util.HashMap)3
Collectors (java.util.stream.Collectors)3
Slf4j (lombok.extern.slf4j.Slf4j)3
GrouperFacade (org.apereo.cas.grouper.GrouperFacade)3
GrouperGroupField (org.apereo.cas.grouper.GrouperGroupField)3
GcGetGroups (edu.internet2.middleware.grouperClient.api.GcGetGroups)2
WsStemLookup (edu.internet2.middleware.grouperClient.ws.beans.WsStemLookup)2
StringUtils (edu.internet2.middleware.grouperClientExt.org.apache.commons.lang3.StringUtils)2
Collection (java.util.Collection)2
Optional (java.util.Optional)2
Set (java.util.Set)2
Function (java.util.function.Function)2
Stream (java.util.stream.Stream)2
