Search in sources :

Example 1 with AllCredentialsValidatedAuthenticationPolicy

use of org.apereo.cas.authentication.policy.AllCredentialsValidatedAuthenticationPolicy in project cas by apereo.

the class CoreAuthenticationUtils method newAuthenticationPolicy.

/**
 * New authentication policy collection.
 *
 * @param policyProps the policy props
 * @return the collection
 */
public static Collection<AuthenticationPolicy> newAuthenticationPolicy(final AuthenticationPolicyProperties policyProps) {
    if (policyProps.getReq().isEnabled()) {
        LOGGER.trace("Activating authentication policy [{}]", RequiredAuthenticationHandlerAuthenticationPolicy.class.getSimpleName());
        val requiredHandlerNames = org.springframework.util.StringUtils.commaDelimitedListToSet(policyProps.getReq().getHandlerName());
        var policy = new RequiredAuthenticationHandlerAuthenticationPolicy(requiredHandlerNames, policyProps.getReq().isTryAll());
        return CollectionUtils.wrapList(policy);
    }
    if (policyProps.getAllHandlers().isEnabled()) {
        LOGGER.trace("Activating authentication policy [{}]", AllAuthenticationHandlersSucceededAuthenticationPolicy.class.getSimpleName());
        return CollectionUtils.wrapList(new AllAuthenticationHandlersSucceededAuthenticationPolicy());
    }
    if (policyProps.getAll().isEnabled()) {
        LOGGER.trace("Activating authentication policy [{}]", AllCredentialsValidatedAuthenticationPolicy.class.getSimpleName());
        return CollectionUtils.wrapList(new AllCredentialsValidatedAuthenticationPolicy());
    }
    if (policyProps.getNotPrevented().isEnabled()) {
        LOGGER.trace("Activating authentication policy [{}]", NotPreventedAuthenticationPolicy.class.getSimpleName());
        return CollectionUtils.wrapList(new NotPreventedAuthenticationPolicy());
    }
    if (!policyProps.getGroovy().isEmpty()) {
        LOGGER.trace("Activating authentication policy [{}]", GroovyScriptAuthenticationPolicy.class.getSimpleName());
        return policyProps.getGroovy().stream().map(groovy -> new GroovyScriptAuthenticationPolicy(groovy.getScript())).collect(Collectors.toList());
    }
    if (!policyProps.getRest().isEmpty()) {
        LOGGER.trace("Activating authentication policy [{}]", RestfulAuthenticationPolicy.class.getSimpleName());
        return policyProps.getRest().stream().map(RestfulAuthenticationPolicy::new).collect(Collectors.toList());
    }
    if (policyProps.getAny().isEnabled()) {
        LOGGER.trace("Activating authentication policy [{}]", AtLeastOneCredentialValidatedAuthenticationPolicy.class.getSimpleName());
        return CollectionUtils.wrapList(new AtLeastOneCredentialValidatedAuthenticationPolicy(policyProps.getAny().isTryAll()));
    }
    return new ArrayList<>();
}
Also used : RequiredAuthenticationHandlerAuthenticationPolicy(org.apereo.cas.authentication.policy.RequiredAuthenticationHandlerAuthenticationPolicy) lombok.val(lombok.val) ArrayListMultimap(com.google.common.collect.ArrayListMultimap) Arrays(java.util.Arrays) ReplacingAttributeAdder(org.apereo.services.persondir.support.merger.ReplacingAttributeAdder) GroovyPasswordPolicyHandlingStrategy(org.apereo.cas.authentication.support.password.GroovyPasswordPolicyHandlingStrategy) Assertion(org.apereo.cas.validation.Assertion) GroovyIPAddressIntelligenceService(org.apereo.cas.authentication.adaptive.intel.GroovyIPAddressIntelligenceService) Beans(org.apereo.cas.configuration.support.Beans) StringUtils(org.apache.commons.lang3.StringUtils) IPersonAttributeDao(org.apereo.services.persondir.IPersonAttributeDao) ClassUtils(org.apache.commons.lang3.ClassUtils) PrincipalFactory(org.apereo.cas.authentication.principal.PrincipalFactory) Pair(org.apache.commons.lang3.tuple.Pair) Map(java.util.Map) Splitter(com.google.common.base.Splitter) DefaultIPAddressIntelligenceService(org.apereo.cas.authentication.adaptive.intel.DefaultIPAddressIntelligenceService) Unchecked(org.jooq.lambda.Unchecked) Predicate(java.util.function.Predicate) Collection(java.util.Collection) PrincipalResolver(org.apereo.cas.authentication.principal.PrincipalResolver) IAttributeMerger(org.apereo.services.persondir.support.merger.IAttributeMerger) Set(java.util.Set) MultivaluedAttributeMerger(org.apereo.services.persondir.support.merger.MultivaluedAttributeMerger) AuthenticationPolicyProperties(org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties) Collectors(java.util.stream.Collectors) PasswordPolicyProperties(org.apereo.cas.configuration.model.core.authentication.PasswordPolicyProperties) IPersonAttributeDaoFilter(org.apereo.services.persondir.IPersonAttributeDaoFilter) StandardCharsets(java.nio.charset.StandardCharsets) RejectResultCodePasswordPolicyHandlingStrategy(org.apereo.cas.authentication.support.password.RejectResultCodePasswordPolicyHandlingStrategy) IOUtils(org.apache.commons.io.IOUtils) AllCredentialsValidatedAuthenticationPolicy(org.apereo.cas.authentication.policy.AllCredentialsValidatedAuthenticationPolicy) Slf4j(lombok.extern.slf4j.Slf4j) List(java.util.List) IPAddressIntelligenceService(org.apereo.cas.authentication.adaptive.intel.IPAddressIntelligenceService) Optional(java.util.Optional) Principal(org.apereo.cas.authentication.principal.Principal) PrincipalResolutionContext(org.apereo.cas.authentication.principal.resolvers.PrincipalResolutionContext) Pattern(java.util.regex.Pattern) GroovyClassLoader(groovy.lang.GroovyClassLoader) AtLeastOneCredentialValidatedAuthenticationPolicy(org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy) RequiredAuthenticationHandlerAuthenticationPolicy(org.apereo.cas.authentication.policy.RequiredAuthenticationHandlerAuthenticationPolicy) AllAuthenticationHandlersSucceededAuthenticationPolicy(org.apereo.cas.authentication.policy.AllAuthenticationHandlersSucceededAuthenticationPolicy) ArrayUtils(org.apache.commons.lang3.ArrayUtils) HashMap(java.util.HashMap) RestfulIPAddressIntelligenceService(org.apereo.cas.authentication.adaptive.intel.RestfulIPAddressIntelligenceService) Multimap(com.google.common.collect.Multimap) PersonDirectoryPrincipalResolverProperties(org.apereo.cas.configuration.model.core.authentication.PersonDirectoryPrincipalResolverProperties) NoncollidingAttributeAdder(org.apereo.services.persondir.support.merger.NoncollidingAttributeAdder) ArrayList(java.util.ArrayList) UtilityClass(lombok.experimental.UtilityClass) LinkedHashMap(java.util.LinkedHashMap) NotPreventedAuthenticationPolicy(org.apereo.cas.authentication.policy.NotPreventedAuthenticationPolicy) DefaultResourceLoader(org.springframework.core.io.DefaultResourceLoader) CollectionUtils(org.apereo.cas.util.CollectionUtils) ChainingPrincipalNameTransformer(org.apereo.cas.util.transforms.ChainingPrincipalNameTransformer) PersonDirectoryPrincipalResolver(org.apereo.cas.authentication.principal.resolvers.PersonDirectoryPrincipalResolver) BaseAdditiveAttributeMerger(org.apereo.services.persondir.support.merger.BaseAdditiveAttributeMerger) lombok.val(lombok.val) GroovyScriptAuthenticationPolicy(org.apereo.cas.authentication.policy.GroovyScriptAuthenticationPolicy) CompilerConfiguration(org.codehaus.groovy.control.CompilerConfiguration) ApplicationContext(org.springframework.context.ApplicationContext) AdaptiveAuthenticationProperties(org.apereo.cas.configuration.model.core.authentication.AdaptiveAuthenticationProperties) TriStateBoolean(org.apereo.cas.util.model.TriStateBoolean) PrincipalNameTransformerUtils(org.apereo.cas.authentication.principal.PrincipalNameTransformerUtils) DefaultPasswordPolicyHandlingStrategy(org.apereo.cas.authentication.support.password.DefaultPasswordPolicyHandlingStrategy) PrincipalAttributesCoreProperties(org.apereo.cas.configuration.model.core.authentication.PrincipalAttributesCoreProperties) RestfulAuthenticationPolicy(org.apereo.cas.authentication.policy.RestfulAuthenticationPolicy) Collections(java.util.Collections) AtLeastOneCredentialValidatedAuthenticationPolicy(org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy) AllAuthenticationHandlersSucceededAuthenticationPolicy(org.apereo.cas.authentication.policy.AllAuthenticationHandlersSucceededAuthenticationPolicy) AllCredentialsValidatedAuthenticationPolicy(org.apereo.cas.authentication.policy.AllCredentialsValidatedAuthenticationPolicy) ArrayList(java.util.ArrayList) NotPreventedAuthenticationPolicy(org.apereo.cas.authentication.policy.NotPreventedAuthenticationPolicy) GroovyScriptAuthenticationPolicy(org.apereo.cas.authentication.policy.GroovyScriptAuthenticationPolicy) RestfulAuthenticationPolicy(org.apereo.cas.authentication.policy.RestfulAuthenticationPolicy)

Example 2 with AllCredentialsValidatedAuthenticationPolicy

use of org.apereo.cas.authentication.policy.AllCredentialsValidatedAuthenticationPolicy in project cas by apereo.

the class AuthenticationPolicyAwareServiceTicketValidationAuthorizerTests method verifyAllCredentialsValidatedAuthenticationPolicy.

@Test
public void verifyAllCredentialsValidatedAuthenticationPolicy() {
    val handlers = List.of(getTestOtpAuthenticationHandler(), getAcceptUsersAuthenticationHandler(), getSimpleTestAuthenticationHandler());
    val service = CoreAuthenticationTestUtils.getService("https://example.com/high/");
    val authz = getAuthorizer(new AllCredentialsValidatedAuthenticationPolicy(), handlers);
    val map = (Map) Map.of(new UsernamePasswordCredential(), getAcceptUsersAuthenticationHandler(), getOtpCredential(), getTestOtpAuthenticationHandler());
    val assertion = getAssertion(map);
    assertDoesNotThrow(new Executable() {

        @Override
        public void execute() {
            authz.authorize(new MockHttpServletRequest(), service, assertion);
        }
    });
}
Also used : lombok.val(lombok.val) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) AllCredentialsValidatedAuthenticationPolicy(org.apereo.cas.authentication.policy.AllCredentialsValidatedAuthenticationPolicy) Executable(org.junit.jupiter.api.function.Executable) Map(java.util.Map) UsernamePasswordCredential(org.apereo.cas.authentication.credential.UsernamePasswordCredential) Test(org.junit.jupiter.api.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Example 3 with AllCredentialsValidatedAuthenticationPolicy

use of org.apereo.cas.authentication.policy.AllCredentialsValidatedAuthenticationPolicy in project cas by apereo.

the class DefaultAuthenticationManagerTests method verifyAuthenticateAllFailure.

@Test
public void verifyAuthenticateAllFailure() {
    val map = new LinkedHashMap<AuthenticationHandler, PrincipalResolver>();
    map.put(newMockHandler(false), null);
    map.put(newMockHandler(false), null);
    val authenticationExecutionPlan = getAuthenticationExecutionPlan(map);
    authenticationExecutionPlan.registerAuthenticationPolicy(new AllCredentialsValidatedAuthenticationPolicy());
    val manager = new DefaultAuthenticationManager(authenticationExecutionPlan, false, applicationContext);
    assertThrows(AuthenticationException.class, () -> manager.authenticate(transaction));
}
Also used : lombok.val(lombok.val) AllCredentialsValidatedAuthenticationPolicy(org.apereo.cas.authentication.policy.AllCredentialsValidatedAuthenticationPolicy) LinkedHashMap(java.util.LinkedHashMap) Test(org.junit.jupiter.api.Test)

Example 4 with AllCredentialsValidatedAuthenticationPolicy

use of org.apereo.cas.authentication.policy.AllCredentialsValidatedAuthenticationPolicy in project cas by apereo.

the class DefaultAuthenticationEventExecutionPlanTests method verifyOperation.

@Test
public void verifyOperation() {
    val context = PrincipalResolutionContext.builder().attributeRepository(CoreAuthenticationTestUtils.getAttributeRepository()).principalFactory(PrincipalFactoryUtils.newPrincipalFactory()).returnNullIfNoAttributes(false).principalNameTransformer(formUserId -> formUserId).useCurrentPrincipalId(false).resolveAttributes(true).attributeMerger(CoreAuthenticationUtils.getAttributeMerger(PrincipalAttributesCoreProperties.MergingStrategyTypes.REPLACE)).activeAttributeRepositoryIdentifiers(CollectionUtils.wrapSet(IPersonAttributeDao.WILDCARD)).build();
    val plan = new DefaultAuthenticationEventExecutionPlan();
    plan.registerAuthenticationPreProcessor(transaction -> false);
    plan.registerAuthenticationMetadataPopulators(Set.of(new RememberMeAuthenticationMetaDataPopulator(new RememberMeAuthenticationProperties())));
    plan.registerAuthenticationHandlerWithPrincipalResolvers(Set.of(new SimpleTestUsernamePasswordAuthenticationHandler()), new PersonDirectoryPrincipalResolver(context));
    plan.registerAuthenticationPolicy(new AllCredentialsValidatedAuthenticationPolicy());
    plan.registerAuthenticationPolicyResolver(transaction -> Set.of(new AllCredentialsValidatedAuthenticationPolicy()));
    assertFalse(plan.getAuthenticationPolicies(new DefaultAuthenticationTransactionFactory().newTransaction(CoreAuthenticationTestUtils.getCredentialsWithSameUsernameAndPassword())).isEmpty());
}
Also used : lombok.val(lombok.val) RememberMeAuthenticationMetaDataPopulator(org.apereo.cas.authentication.metadata.RememberMeAuthenticationMetaDataPopulator) PersonDirectoryPrincipalResolver(org.apereo.cas.authentication.principal.resolvers.PersonDirectoryPrincipalResolver) SimpleTestUsernamePasswordAuthenticationHandler(org.apereo.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler) RememberMeAuthenticationProperties(org.apereo.cas.configuration.model.core.ticket.RememberMeAuthenticationProperties) PrincipalFactoryUtils(org.apereo.cas.authentication.principal.PrincipalFactoryUtils) lombok.val(lombok.val) Set(java.util.Set) IPersonAttributeDao(org.apereo.services.persondir.IPersonAttributeDao) Test(org.junit.jupiter.api.Test) Mockito(org.mockito.Mockito) AllCredentialsValidatedAuthenticationPolicy(org.apereo.cas.authentication.policy.AllCredentialsValidatedAuthenticationPolicy) List(java.util.List) CollectionUtils(org.apereo.cas.util.CollectionUtils) Assertions(org.junit.jupiter.api.Assertions) PrincipalAttributesCoreProperties(org.apereo.cas.configuration.model.core.authentication.PrincipalAttributesCoreProperties) PrincipalResolutionContext(org.apereo.cas.authentication.principal.resolvers.PrincipalResolutionContext) Tag(org.junit.jupiter.api.Tag) PersonDirectoryPrincipalResolver(org.apereo.cas.authentication.principal.resolvers.PersonDirectoryPrincipalResolver) RememberMeAuthenticationMetaDataPopulator(org.apereo.cas.authentication.metadata.RememberMeAuthenticationMetaDataPopulator) SimpleTestUsernamePasswordAuthenticationHandler(org.apereo.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler) AllCredentialsValidatedAuthenticationPolicy(org.apereo.cas.authentication.policy.AllCredentialsValidatedAuthenticationPolicy) RememberMeAuthenticationProperties(org.apereo.cas.configuration.model.core.ticket.RememberMeAuthenticationProperties) Test(org.junit.jupiter.api.Test)

Example 5 with AllCredentialsValidatedAuthenticationPolicy

use of org.apereo.cas.authentication.policy.AllCredentialsValidatedAuthenticationPolicy in project cas by apereo.

the class DefaultAuthenticationManagerTests method verifyAuthenticateAllSuccess.

@Test
public void verifyAuthenticateAllSuccess() {
    val map = new LinkedHashMap<AuthenticationHandler, PrincipalResolver>();
    map.put(newMockHandler(true), null);
    map.put(newMockHandler(true), null);
    val authenticationExecutionPlan = getAuthenticationExecutionPlan(map);
    authenticationExecutionPlan.registerAuthenticationPolicy(new AllCredentialsValidatedAuthenticationPolicy());
    val manager = new DefaultAuthenticationManager(authenticationExecutionPlan, false, applicationContext);
    val auth = manager.authenticate(transaction);
    assertEquals(2, auth.getSuccesses().size());
    assertEquals(0, auth.getFailures().size());
    assertEquals(2, auth.getCredentials().size());
}
Also used : lombok.val(lombok.val) AllCredentialsValidatedAuthenticationPolicy(org.apereo.cas.authentication.policy.AllCredentialsValidatedAuthenticationPolicy) LinkedHashMap(java.util.LinkedHashMap) Test(org.junit.jupiter.api.Test)

Aggregations

lombok.val (lombok.val)5 AllCredentialsValidatedAuthenticationPolicy (org.apereo.cas.authentication.policy.AllCredentialsValidatedAuthenticationPolicy)5 Test (org.junit.jupiter.api.Test)4 LinkedHashMap (java.util.LinkedHashMap)3 List (java.util.List)2 Map (java.util.Map)2 Set (java.util.Set)2 PersonDirectoryPrincipalResolver (org.apereo.cas.authentication.principal.resolvers.PersonDirectoryPrincipalResolver)2 PrincipalResolutionContext (org.apereo.cas.authentication.principal.resolvers.PrincipalResolutionContext)2 PrincipalAttributesCoreProperties (org.apereo.cas.configuration.model.core.authentication.PrincipalAttributesCoreProperties)2 CollectionUtils (org.apereo.cas.util.CollectionUtils)2 IPersonAttributeDao (org.apereo.services.persondir.IPersonAttributeDao)2 Splitter (com.google.common.base.Splitter)1 ArrayListMultimap (com.google.common.collect.ArrayListMultimap)1 Multimap (com.google.common.collect.Multimap)1 GroovyClassLoader (groovy.lang.GroovyClassLoader)1 StandardCharsets (java.nio.charset.StandardCharsets)1 ArrayList (java.util.ArrayList)1 Arrays (java.util.Arrays)1 Collection (java.util.Collection)1