Search in sources :

Example 11 with AuthenticationHandler

use of org.apereo.cas.authentication.AuthenticationHandler in project cas by apereo.

the class LdapAuthenticationConfiguration method ldapAuthenticationHandlers.

@Bean
public Collection<AuthenticationHandler> ldapAuthenticationHandlers() {
    final Collection<AuthenticationHandler> handlers = new HashSet<>();
    casProperties.getAuthn().getLdap().stream().filter(ldapInstanceConfigurationPredicate()).forEach(l -> {
        final Map<String, String> attributes = Beans.transformPrincipalAttributesListIntoMap(l.getPrincipalAttributeList());
        LOGGER.debug("Created and mapped principal attributes [{}] for [{}]...", attributes, l.getLdapUrl());
        LOGGER.debug("Creating ldap authenticator for [{}] and baseDn [{}]", l.getLdapUrl(), l.getBaseDn());
        final Authenticator authenticator = Beans.newLdaptiveAuthenticator(l);
        authenticator.setReturnAttributes(attributes.keySet().toArray(new String[] {}));
        LOGGER.debug("Ldap authenticator configured with return attributes [{}] for [{}] and baseDn [{}]", attributes.keySet(), l.getLdapUrl(), l.getBaseDn());
        LOGGER.debug("Creating ldap authentication handler for [{}]", l.getLdapUrl());
        final LdapAuthenticationHandler handler = new LdapAuthenticationHandler(l.getName(), servicesManager, ldapPrincipalFactory(), l.getOrder(), authenticator);
        final List<String> additionalAttrs = l.getAdditionalAttributes();
        if (StringUtils.isNotBlank(l.getPrincipalAttributeId())) {
            additionalAttrs.add(l.getPrincipalAttributeId());
        }
        handler.setAdditionalAttributes(additionalAttrs);
        handler.setAllowMultiplePrincipalAttributeValues(l.isAllowMultiplePrincipalAttributeValues());
        handler.setAllowMissingPrincipalAttributeValue(l.isAllowMissingPrincipalAttributeValue());
        handler.setPasswordEncoder(Beans.newPasswordEncoder(l.getPasswordEncoder()));
        handler.setPrincipalNameTransformer(Beans.newPrincipalNameTransformer(l.getPrincipalTransformation()));
        if (StringUtils.isNotBlank(l.getCredentialCriteria())) {
            LOGGER.debug("Ldap authentication for [{}] is filtering credentials by [{}]", l.getLdapUrl(), l.getCredentialCriteria());
            final Predicate<String> predicate = Pattern.compile(l.getCredentialCriteria()).asPredicate();
            handler.setCredentialSelectionPredicate(credential -> predicate.test(credential.getId()));
        }
        handler.setPrincipalAttributeMap(attributes);
        if (StringUtils.isBlank(l.getPrincipalAttributeId())) {
            LOGGER.debug("No principal id attribute is found for ldap authentication via [{}]", l.getLdapUrl());
        } else {
            handler.setPrincipalIdAttribute(l.getPrincipalAttributeId());
            LOGGER.debug("Using principal id attribute [{}] for ldap authentication via [{}]", l.getPrincipalAttributeId(), l.getLdapUrl());
        }
        if (l.getPasswordPolicy().isEnabled()) {
            LOGGER.debug("Password policy is enabled for [{}]. Constructing password policy configuration", l.getLdapUrl());
            handler.setPasswordPolicyConfiguration(createLdapPasswordPolicyConfiguration(l, authenticator));
        }
        LOGGER.debug("Initializing ldap authentication handler for [{}]", l.getLdapUrl());
        handler.initialize();
        handlers.add(handler);
    });
    return handlers;
}
Also used : AuthenticationHandler(org.apereo.cas.authentication.AuthenticationHandler) LdapAuthenticationHandler(org.apereo.cas.authentication.LdapAuthenticationHandler) LdapAuthenticationHandler(org.apereo.cas.authentication.LdapAuthenticationHandler) Authenticator(org.ldaptive.auth.Authenticator) HashSet(java.util.HashSet) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) Bean(org.springframework.context.annotation.Bean)

Aggregations

AuthenticationHandler (org.apereo.cas.authentication.AuthenticationHandler)11 Test (org.junit.Test)6 MockJcifsAuthentication (org.apereo.cas.support.spnego.MockJcifsAuthentication)4 SpnegoCredential (org.apereo.cas.support.spnego.authentication.principal.SpnegoCredential)4 UsernamePasswordCredential (org.apereo.cas.authentication.UsernamePasswordCredential)3 HashSet (java.util.HashSet)2 AcceptUsersAuthenticationHandler (org.apereo.cas.authentication.AcceptUsersAuthenticationHandler)2 AuthenticationTransaction (org.apereo.cas.authentication.AuthenticationTransaction)2 BasicCredentialMetaData (org.apereo.cas.authentication.BasicCredentialMetaData)2 CredentialMetaData (org.apereo.cas.authentication.CredentialMetaData)2 DefaultAuthenticationBuilder (org.apereo.cas.authentication.DefaultAuthenticationBuilder)2 DefaultHandlerResult (org.apereo.cas.authentication.DefaultHandlerResult)2 RegisteredServiceAuthenticationHandlerResolver (org.apereo.cas.authentication.RegisteredServiceAuthenticationHandlerResolver)2 SimpleTestUsernamePasswordAuthenticationHandler (org.apereo.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler)2 ConditionalOnMissingBean (org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)2 Bean (org.springframework.context.annotation.Bean)2 GeneralSecurityException (java.security.GeneralSecurityException)1 ArrayList (java.util.ArrayList)1 Collections (java.util.Collections)1 HashMap (java.util.HashMap)1