use of org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy in project cas by apereo.
the class CoreAuthenticationUtils method newAuthenticationPolicy.
/**
* New authentication policy collection.
*
* @param policyProps the policy props
* @return the collection
*/
public static Collection<AuthenticationPolicy> newAuthenticationPolicy(final AuthenticationPolicyProperties policyProps) {
if (policyProps.getReq().isEnabled()) {
LOGGER.trace("Activating authentication policy [{}]", RequiredAuthenticationHandlerAuthenticationPolicy.class.getSimpleName());
val requiredHandlerNames = org.springframework.util.StringUtils.commaDelimitedListToSet(policyProps.getReq().getHandlerName());
var policy = new RequiredAuthenticationHandlerAuthenticationPolicy(requiredHandlerNames, policyProps.getReq().isTryAll());
return CollectionUtils.wrapList(policy);
}
if (policyProps.getAllHandlers().isEnabled()) {
LOGGER.trace("Activating authentication policy [{}]", AllAuthenticationHandlersSucceededAuthenticationPolicy.class.getSimpleName());
return CollectionUtils.wrapList(new AllAuthenticationHandlersSucceededAuthenticationPolicy());
}
if (policyProps.getAll().isEnabled()) {
LOGGER.trace("Activating authentication policy [{}]", AllCredentialsValidatedAuthenticationPolicy.class.getSimpleName());
return CollectionUtils.wrapList(new AllCredentialsValidatedAuthenticationPolicy());
}
if (policyProps.getNotPrevented().isEnabled()) {
LOGGER.trace("Activating authentication policy [{}]", NotPreventedAuthenticationPolicy.class.getSimpleName());
return CollectionUtils.wrapList(new NotPreventedAuthenticationPolicy());
}
if (!policyProps.getGroovy().isEmpty()) {
LOGGER.trace("Activating authentication policy [{}]", GroovyScriptAuthenticationPolicy.class.getSimpleName());
return policyProps.getGroovy().stream().map(groovy -> new GroovyScriptAuthenticationPolicy(groovy.getScript())).collect(Collectors.toList());
}
if (!policyProps.getRest().isEmpty()) {
LOGGER.trace("Activating authentication policy [{}]", RestfulAuthenticationPolicy.class.getSimpleName());
return policyProps.getRest().stream().map(RestfulAuthenticationPolicy::new).collect(Collectors.toList());
}
if (policyProps.getAny().isEnabled()) {
LOGGER.trace("Activating authentication policy [{}]", AtLeastOneCredentialValidatedAuthenticationPolicy.class.getSimpleName());
return CollectionUtils.wrapList(new AtLeastOneCredentialValidatedAuthenticationPolicy(policyProps.getAny().isTryAll()));
}
return new ArrayList<>();
}
use of org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy in project cas by apereo.
the class AuthenticationPolicyAwareServiceTicketValidationAuthorizerTests method verifyOperationWithHandlersAndAtLeastOneCredentialMustTryAll.
@Test
public void verifyOperationWithHandlersAndAtLeastOneCredentialMustTryAll() {
val handlers = List.of(getTestOtpAuthenticationHandler(), getAcceptUsersAuthenticationHandler(), getSimpleTestAuthenticationHandler());
val service = CoreAuthenticationTestUtils.getService("https://example.com/high/");
val authz = getAuthorizer(new AtLeastOneCredentialValidatedAuthenticationPolicy(true), handlers);
val map = (Map) Map.of(new UsernamePasswordCredential(), getAcceptUsersAuthenticationHandler(), getOtpCredential(), getTestOtpAuthenticationHandler());
val assertion = getAssertion(map);
assertDoesNotThrow(new Executable() {
@Override
public void execute() {
authz.authorize(new MockHttpServletRequest(), service, assertion);
}
});
}
use of org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy in project cas by apereo.
the class AuthenticationPolicyAwareServiceTicketValidationAuthorizerTests method verifyOperationWithHandlersAndAtLeastOneCredential.
@Test
public void verifyOperationWithHandlersAndAtLeastOneCredential() {
val handlers = List.of(getTestOtpAuthenticationHandler(), getAcceptUsersAuthenticationHandler(), getSimpleTestAuthenticationHandler());
val service = CoreAuthenticationTestUtils.getService("https://example.com/high/");
val authz = getAuthorizer(new AtLeastOneCredentialValidatedAuthenticationPolicy(), handlers);
val map = (Map) Map.of(new UsernamePasswordCredential(), getAcceptUsersAuthenticationHandler(), getOtpCredential(), getTestOtpAuthenticationHandler());
val assertion = getAssertion(map);
assertDoesNotThrow(new Executable() {
@Override
public void execute() {
authz.authorize(new MockHttpServletRequest(), service, assertion);
}
});
}
use of org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy in project cas by apereo.
the class DefaultAuthenticationManagerTests method verifyAuthenticateAnyButTryAllSuccess.
@Test
public void verifyAuthenticateAnyButTryAllSuccess() {
val map = new HashMap<AuthenticationHandler, PrincipalResolver>();
map.put(newMockHandler(true), null);
map.put(newMockHandler(false), null);
val authenticationExecutionPlan = getAuthenticationExecutionPlan(map);
authenticationExecutionPlan.registerAuthenticationPolicy(new AtLeastOneCredentialValidatedAuthenticationPolicy(true));
val manager = new DefaultAuthenticationManager(authenticationExecutionPlan, false, applicationContext);
val auth = manager.authenticate(transaction);
assertEquals(1, auth.getSuccesses().size());
assertEquals(1, auth.getFailures().size());
assertEquals(2, map.size());
}
use of org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy in project cas by apereo.
the class DefaultAuthenticationManagerTests method verifyAuthenticateAnySuccess.
@Test
public void verifyAuthenticateAnySuccess() {
val map = new HashMap<AuthenticationHandler, PrincipalResolver>();
map.put(newMockHandler(true), null);
map.put(newMockHandler(false), null);
val authenticationExecutionPlan = getAuthenticationExecutionPlan(map);
authenticationExecutionPlan.registerAuthenticationPolicy(new AtLeastOneCredentialValidatedAuthenticationPolicy());
val manager = new DefaultAuthenticationManager(authenticationExecutionPlan, false, applicationContext);
val auth = manager.authenticate(transaction);
assertEquals(1, auth.getSuccesses().size());
assertEquals(2, auth.getCredentials().size());
}
Aggregations