Search in sources :

Example 21 with DefaultChainingMultifactorAuthenticationBypassProvider

use of org.apereo.cas.authentication.bypass.DefaultChainingMultifactorAuthenticationBypassProvider in project cas by apereo.

the class DuoSecurityMultifactorProviderBypassConfiguration method duoSecurityCredentialMultifactorAuthenticationProviderBypass.

@Bean
@RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
@ConditionalOnMissingBean(name = "duoSecurityCredentialMultifactorAuthenticationProviderBypass")
public MultifactorAuthenticationProviderBypassEvaluator duoSecurityCredentialMultifactorAuthenticationProviderBypass(final ConfigurableApplicationContext applicationContext, final CasConfigurationProperties casProperties) {
    return BeanSupplier.of(MultifactorAuthenticationProviderBypassEvaluator.class).when(DuoSecurityAuthenticationService.CONDITION.given(applicationContext.getEnvironment())).supply(() -> {
        val duoProps = casProperties.getAuthn().getMfa().getDuo();
        val bypass = new DefaultChainingMultifactorAuthenticationBypassProvider();
        duoProps.stream().filter(duo -> StringUtils.isNotBlank(duo.getBypass().getCredentialClassType())).forEach(duo -> bypass.addMultifactorAuthenticationProviderBypassEvaluator(new CredentialMultifactorAuthenticationProviderBypassEvaluator(duo.getBypass(), duo.getId())));
        if (bypass.isEmpty()) {
            return NeverAllowMultifactorAuthenticationProviderBypassEvaluator.getInstance();
        }
        return bypass;
    }).otherwiseProxy().get();
}
Also used : lombok.val(lombok.val) CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties) HttpRequestMultifactorAuthenticationProviderBypassEvaluator(org.apereo.cas.authentication.bypass.HttpRequestMultifactorAuthenticationProviderBypassEvaluator) MultifactorAuthenticationProviderBypassEvaluator(org.apereo.cas.authentication.bypass.MultifactorAuthenticationProviderBypassEvaluator) GroovyMultifactorAuthenticationProviderBypassEvaluator(org.apereo.cas.authentication.bypass.GroovyMultifactorAuthenticationProviderBypassEvaluator) DuoSecurityAuthenticationService(org.apereo.cas.adaptors.duo.authn.DuoSecurityAuthenticationService) StringUtils(org.apache.commons.lang3.StringUtils) BeanSupplier(org.apereo.cas.util.spring.beans.BeanSupplier) RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope) RestMultifactorAuthenticationProviderBypassEvaluator(org.apereo.cas.authentication.bypass.RestMultifactorAuthenticationProviderBypassEvaluator) RegisteredServiceMultifactorAuthenticationProviderBypassEvaluator(org.apereo.cas.authentication.bypass.RegisteredServiceMultifactorAuthenticationProviderBypassEvaluator) EnableConfigurationProperties(org.springframework.boot.context.properties.EnableConfigurationProperties) ConfigurableApplicationContext(org.springframework.context.ConfigurableApplicationContext) Qualifier(org.springframework.beans.factory.annotation.Qualifier) ChainingMultifactorAuthenticationProviderBypassEvaluator(org.apereo.cas.authentication.bypass.ChainingMultifactorAuthenticationProviderBypassEvaluator) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) RegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator(org.apereo.cas.authentication.bypass.RegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator) lombok.val(lombok.val) ScopedProxyMode(org.springframework.context.annotation.ScopedProxyMode) ConditionalOnFeature(org.apereo.cas.util.spring.boot.ConditionalOnFeature) AuthenticationMultifactorAuthenticationProviderBypassEvaluator(org.apereo.cas.authentication.bypass.AuthenticationMultifactorAuthenticationProviderBypassEvaluator) Configuration(org.springframework.context.annotation.Configuration) CasFeatureModule(org.apereo.cas.configuration.support.CasFeatureModule) DefaultChainingMultifactorAuthenticationBypassProvider(org.apereo.cas.authentication.bypass.DefaultChainingMultifactorAuthenticationBypassProvider) PrincipalMultifactorAuthenticationProviderBypassEvaluator(org.apereo.cas.authentication.bypass.PrincipalMultifactorAuthenticationProviderBypassEvaluator) Bean(org.springframework.context.annotation.Bean) NeverAllowMultifactorAuthenticationProviderBypassEvaluator(org.apereo.cas.authentication.bypass.NeverAllowMultifactorAuthenticationProviderBypassEvaluator) CredentialMultifactorAuthenticationProviderBypassEvaluator(org.apereo.cas.authentication.bypass.CredentialMultifactorAuthenticationProviderBypassEvaluator) CredentialMultifactorAuthenticationProviderBypassEvaluator(org.apereo.cas.authentication.bypass.CredentialMultifactorAuthenticationProviderBypassEvaluator) DefaultChainingMultifactorAuthenticationBypassProvider(org.apereo.cas.authentication.bypass.DefaultChainingMultifactorAuthenticationBypassProvider) RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) Bean(org.springframework.context.annotation.Bean)

Example 22 with DefaultChainingMultifactorAuthenticationBypassProvider

use of org.apereo.cas.authentication.bypass.DefaultChainingMultifactorAuthenticationBypassProvider in project cas by apereo.

the class DuoSecurityMultifactorProviderBypassConfiguration method duoSecurityPrincipalMultifactorAuthenticationProviderBypass.

@Bean
@ConditionalOnMissingBean(name = "duoSecurityPrincipalMultifactorAuthenticationProviderBypass")
@RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
public MultifactorAuthenticationProviderBypassEvaluator duoSecurityPrincipalMultifactorAuthenticationProviderBypass(final ConfigurableApplicationContext applicationContext, final CasConfigurationProperties casProperties) {
    return BeanSupplier.of(MultifactorAuthenticationProviderBypassEvaluator.class).when(DuoSecurityAuthenticationService.CONDITION.given(applicationContext.getEnvironment())).supply(() -> {
        val duoProps = casProperties.getAuthn().getMfa().getDuo();
        val bypass = new DefaultChainingMultifactorAuthenticationBypassProvider();
        duoProps.stream().filter(duo -> StringUtils.isNotBlank(duo.getBypass().getPrincipalAttributeName())).forEach(duo -> bypass.addMultifactorAuthenticationProviderBypassEvaluator(new PrincipalMultifactorAuthenticationProviderBypassEvaluator(duo.getBypass(), duo.getId())));
        if (bypass.isEmpty()) {
            return NeverAllowMultifactorAuthenticationProviderBypassEvaluator.getInstance();
        }
        return bypass;
    }).otherwiseProxy().get();
}
Also used : lombok.val(lombok.val) CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties) HttpRequestMultifactorAuthenticationProviderBypassEvaluator(org.apereo.cas.authentication.bypass.HttpRequestMultifactorAuthenticationProviderBypassEvaluator) MultifactorAuthenticationProviderBypassEvaluator(org.apereo.cas.authentication.bypass.MultifactorAuthenticationProviderBypassEvaluator) GroovyMultifactorAuthenticationProviderBypassEvaluator(org.apereo.cas.authentication.bypass.GroovyMultifactorAuthenticationProviderBypassEvaluator) DuoSecurityAuthenticationService(org.apereo.cas.adaptors.duo.authn.DuoSecurityAuthenticationService) StringUtils(org.apache.commons.lang3.StringUtils) BeanSupplier(org.apereo.cas.util.spring.beans.BeanSupplier) RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope) RestMultifactorAuthenticationProviderBypassEvaluator(org.apereo.cas.authentication.bypass.RestMultifactorAuthenticationProviderBypassEvaluator) RegisteredServiceMultifactorAuthenticationProviderBypassEvaluator(org.apereo.cas.authentication.bypass.RegisteredServiceMultifactorAuthenticationProviderBypassEvaluator) EnableConfigurationProperties(org.springframework.boot.context.properties.EnableConfigurationProperties) ConfigurableApplicationContext(org.springframework.context.ConfigurableApplicationContext) Qualifier(org.springframework.beans.factory.annotation.Qualifier) ChainingMultifactorAuthenticationProviderBypassEvaluator(org.apereo.cas.authentication.bypass.ChainingMultifactorAuthenticationProviderBypassEvaluator) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) RegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator(org.apereo.cas.authentication.bypass.RegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator) lombok.val(lombok.val) ScopedProxyMode(org.springframework.context.annotation.ScopedProxyMode) ConditionalOnFeature(org.apereo.cas.util.spring.boot.ConditionalOnFeature) AuthenticationMultifactorAuthenticationProviderBypassEvaluator(org.apereo.cas.authentication.bypass.AuthenticationMultifactorAuthenticationProviderBypassEvaluator) Configuration(org.springframework.context.annotation.Configuration) CasFeatureModule(org.apereo.cas.configuration.support.CasFeatureModule) DefaultChainingMultifactorAuthenticationBypassProvider(org.apereo.cas.authentication.bypass.DefaultChainingMultifactorAuthenticationBypassProvider) PrincipalMultifactorAuthenticationProviderBypassEvaluator(org.apereo.cas.authentication.bypass.PrincipalMultifactorAuthenticationProviderBypassEvaluator) Bean(org.springframework.context.annotation.Bean) NeverAllowMultifactorAuthenticationProviderBypassEvaluator(org.apereo.cas.authentication.bypass.NeverAllowMultifactorAuthenticationProviderBypassEvaluator) CredentialMultifactorAuthenticationProviderBypassEvaluator(org.apereo.cas.authentication.bypass.CredentialMultifactorAuthenticationProviderBypassEvaluator) DefaultChainingMultifactorAuthenticationBypassProvider(org.apereo.cas.authentication.bypass.DefaultChainingMultifactorAuthenticationBypassProvider) PrincipalMultifactorAuthenticationProviderBypassEvaluator(org.apereo.cas.authentication.bypass.PrincipalMultifactorAuthenticationProviderBypassEvaluator) RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) Bean(org.springframework.context.annotation.Bean)

Example 23 with DefaultChainingMultifactorAuthenticationBypassProvider

use of org.apereo.cas.authentication.bypass.DefaultChainingMultifactorAuthenticationBypassProvider in project cas by apereo.

the class SwivelAuthenticationMultifactorProviderBypassConfiguration method swivelBypassEvaluator.

@ConditionalOnMissingBean(name = "swivelBypassEvaluator")
@Bean
@RefreshScope(proxyMode = ScopedProxyMode.DEFAULT)
public MultifactorAuthenticationProviderBypassEvaluator swivelBypassEvaluator(final CasConfigurationProperties casProperties, @Qualifier("swivelPrincipalMultifactorAuthenticationProviderBypass") final MultifactorAuthenticationProviderBypassEvaluator swivelPrincipalMultifactorAuthenticationProviderBypass, @Qualifier("swivelRegisteredServiceMultifactorAuthenticationProviderBypass") final MultifactorAuthenticationProviderBypassEvaluator swivelRegisteredServiceMultifactorAuthenticationProviderBypass, @Qualifier("swivelRegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator") final MultifactorAuthenticationProviderBypassEvaluator swivelRegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator, @Qualifier("swivelAuthenticationMultifactorAuthenticationProviderBypass") final MultifactorAuthenticationProviderBypassEvaluator swivelAuthenticationMultifactorAuthenticationProviderBypass, @Qualifier("swivelCredentialMultifactorAuthenticationProviderBypass") final MultifactorAuthenticationProviderBypassEvaluator swivelCredentialMultifactorAuthenticationProviderBypass, @Qualifier("swivelHttpRequestMultifactorAuthenticationProviderBypass") final MultifactorAuthenticationProviderBypassEvaluator swivelHttpRequestMultifactorAuthenticationProviderBypass, @Qualifier("swivelGroovyMultifactorAuthenticationProviderBypass") final MultifactorAuthenticationProviderBypassEvaluator swivelGroovyMultifactorAuthenticationProviderBypass, @Qualifier("swivelRestMultifactorAuthenticationProviderBypass") final MultifactorAuthenticationProviderBypassEvaluator swivelRestMultifactorAuthenticationProviderBypass) {
    val bypass = new DefaultChainingMultifactorAuthenticationBypassProvider();
    val props = casProperties.getAuthn().getMfa().getSwivel().getBypass();
    if (StringUtils.isNotBlank(props.getPrincipalAttributeName())) {
        bypass.addMultifactorAuthenticationProviderBypassEvaluator(swivelPrincipalMultifactorAuthenticationProviderBypass);
    }
    bypass.addMultifactorAuthenticationProviderBypassEvaluator(swivelRegisteredServiceMultifactorAuthenticationProviderBypass);
    bypass.addMultifactorAuthenticationProviderBypassEvaluator(swivelRegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator);
    if (StringUtils.isNotBlank(props.getAuthenticationAttributeName()) || StringUtils.isNotBlank(props.getAuthenticationHandlerName()) || StringUtils.isNotBlank(props.getAuthenticationMethodName())) {
        bypass.addMultifactorAuthenticationProviderBypassEvaluator(swivelAuthenticationMultifactorAuthenticationProviderBypass);
    }
    if (StringUtils.isNotBlank(props.getCredentialClassType())) {
        bypass.addMultifactorAuthenticationProviderBypassEvaluator(swivelCredentialMultifactorAuthenticationProviderBypass);
    }
    if (StringUtils.isNotBlank(props.getHttpRequestHeaders()) || StringUtils.isNotBlank(props.getHttpRequestRemoteAddress())) {
        bypass.addMultifactorAuthenticationProviderBypassEvaluator(swivelHttpRequestMultifactorAuthenticationProviderBypass);
    }
    if (props.getGroovy().getLocation() != null) {
        bypass.addMultifactorAuthenticationProviderBypassEvaluator(swivelGroovyMultifactorAuthenticationProviderBypass);
    }
    if (StringUtils.isNotBlank(props.getRest().getUrl())) {
        bypass.addMultifactorAuthenticationProviderBypassEvaluator(swivelRestMultifactorAuthenticationProviderBypass);
    }
    return bypass;
}
Also used : lombok.val(lombok.val) DefaultChainingMultifactorAuthenticationBypassProvider(org.apereo.cas.authentication.bypass.DefaultChainingMultifactorAuthenticationBypassProvider) RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) Bean(org.springframework.context.annotation.Bean)

Aggregations

lombok.val (lombok.val)23 DefaultChainingMultifactorAuthenticationBypassProvider (org.apereo.cas.authentication.bypass.DefaultChainingMultifactorAuthenticationBypassProvider)23 ConditionalOnMissingBean (org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)19 RefreshScope (org.springframework.cloud.context.config.annotation.RefreshScope)19 Bean (org.springframework.context.annotation.Bean)19 HttpRequestMultifactorAuthenticationProviderBypassEvaluator (org.apereo.cas.authentication.bypass.HttpRequestMultifactorAuthenticationProviderBypassEvaluator)8 RegisteredServiceMultifactorAuthenticationProviderBypassEvaluator (org.apereo.cas.authentication.bypass.RegisteredServiceMultifactorAuthenticationProviderBypassEvaluator)8 StringUtils (org.apache.commons.lang3.StringUtils)7 DuoSecurityAuthenticationService (org.apereo.cas.adaptors.duo.authn.DuoSecurityAuthenticationService)7 AuthenticationMultifactorAuthenticationProviderBypassEvaluator (org.apereo.cas.authentication.bypass.AuthenticationMultifactorAuthenticationProviderBypassEvaluator)7 ChainingMultifactorAuthenticationProviderBypassEvaluator (org.apereo.cas.authentication.bypass.ChainingMultifactorAuthenticationProviderBypassEvaluator)7 CredentialMultifactorAuthenticationProviderBypassEvaluator (org.apereo.cas.authentication.bypass.CredentialMultifactorAuthenticationProviderBypassEvaluator)7 GroovyMultifactorAuthenticationProviderBypassEvaluator (org.apereo.cas.authentication.bypass.GroovyMultifactorAuthenticationProviderBypassEvaluator)7 MultifactorAuthenticationProviderBypassEvaluator (org.apereo.cas.authentication.bypass.MultifactorAuthenticationProviderBypassEvaluator)7 NeverAllowMultifactorAuthenticationProviderBypassEvaluator (org.apereo.cas.authentication.bypass.NeverAllowMultifactorAuthenticationProviderBypassEvaluator)7 PrincipalMultifactorAuthenticationProviderBypassEvaluator (org.apereo.cas.authentication.bypass.PrincipalMultifactorAuthenticationProviderBypassEvaluator)7 RegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator (org.apereo.cas.authentication.bypass.RegisteredServicePrincipalAttributeMultifactorAuthenticationProviderBypassEvaluator)7 RestMultifactorAuthenticationProviderBypassEvaluator (org.apereo.cas.authentication.bypass.RestMultifactorAuthenticationProviderBypassEvaluator)7 CasConfigurationProperties (org.apereo.cas.configuration.CasConfigurationProperties)7 CasFeatureModule (org.apereo.cas.configuration.support.CasFeatureModule)7