Search in sources :

Example 1 with AtLeastOneCredentialValidatedAuthenticationPolicy

use of org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy in project cas by apereo.

the class CoreAuthenticationUtils method newAuthenticationPolicy.

/**
 * New authentication policy collection.
 *
 * @param policyProps the policy props
 * @return the collection
 */
public static Collection<AuthenticationPolicy> newAuthenticationPolicy(final AuthenticationPolicyProperties policyProps) {
    if (policyProps.getReq().isEnabled()) {
        LOGGER.trace("Activating authentication policy [{}]", RequiredAuthenticationHandlerAuthenticationPolicy.class.getSimpleName());
        val requiredHandlerNames = org.springframework.util.StringUtils.commaDelimitedListToSet(policyProps.getReq().getHandlerName());
        var policy = new RequiredAuthenticationHandlerAuthenticationPolicy(requiredHandlerNames, policyProps.getReq().isTryAll());
        return CollectionUtils.wrapList(policy);
    }
    if (policyProps.getAllHandlers().isEnabled()) {
        LOGGER.trace("Activating authentication policy [{}]", AllAuthenticationHandlersSucceededAuthenticationPolicy.class.getSimpleName());
        return CollectionUtils.wrapList(new AllAuthenticationHandlersSucceededAuthenticationPolicy());
    }
    if (policyProps.getAll().isEnabled()) {
        LOGGER.trace("Activating authentication policy [{}]", AllCredentialsValidatedAuthenticationPolicy.class.getSimpleName());
        return CollectionUtils.wrapList(new AllCredentialsValidatedAuthenticationPolicy());
    }
    if (policyProps.getNotPrevented().isEnabled()) {
        LOGGER.trace("Activating authentication policy [{}]", NotPreventedAuthenticationPolicy.class.getSimpleName());
        return CollectionUtils.wrapList(new NotPreventedAuthenticationPolicy());
    }
    if (!policyProps.getGroovy().isEmpty()) {
        LOGGER.trace("Activating authentication policy [{}]", GroovyScriptAuthenticationPolicy.class.getSimpleName());
        return policyProps.getGroovy().stream().map(groovy -> new GroovyScriptAuthenticationPolicy(groovy.getScript())).collect(Collectors.toList());
    }
    if (!policyProps.getRest().isEmpty()) {
        LOGGER.trace("Activating authentication policy [{}]", RestfulAuthenticationPolicy.class.getSimpleName());
        return policyProps.getRest().stream().map(RestfulAuthenticationPolicy::new).collect(Collectors.toList());
    }
    if (policyProps.getAny().isEnabled()) {
        LOGGER.trace("Activating authentication policy [{}]", AtLeastOneCredentialValidatedAuthenticationPolicy.class.getSimpleName());
        return CollectionUtils.wrapList(new AtLeastOneCredentialValidatedAuthenticationPolicy(policyProps.getAny().isTryAll()));
    }
    return new ArrayList<>();
}
Also used : RequiredAuthenticationHandlerAuthenticationPolicy(org.apereo.cas.authentication.policy.RequiredAuthenticationHandlerAuthenticationPolicy) lombok.val(lombok.val) ArrayListMultimap(com.google.common.collect.ArrayListMultimap) Arrays(java.util.Arrays) ReplacingAttributeAdder(org.apereo.services.persondir.support.merger.ReplacingAttributeAdder) GroovyPasswordPolicyHandlingStrategy(org.apereo.cas.authentication.support.password.GroovyPasswordPolicyHandlingStrategy) Assertion(org.apereo.cas.validation.Assertion) GroovyIPAddressIntelligenceService(org.apereo.cas.authentication.adaptive.intel.GroovyIPAddressIntelligenceService) Beans(org.apereo.cas.configuration.support.Beans) StringUtils(org.apache.commons.lang3.StringUtils) IPersonAttributeDao(org.apereo.services.persondir.IPersonAttributeDao) ClassUtils(org.apache.commons.lang3.ClassUtils) PrincipalFactory(org.apereo.cas.authentication.principal.PrincipalFactory) Pair(org.apache.commons.lang3.tuple.Pair) Map(java.util.Map) Splitter(com.google.common.base.Splitter) DefaultIPAddressIntelligenceService(org.apereo.cas.authentication.adaptive.intel.DefaultIPAddressIntelligenceService) Unchecked(org.jooq.lambda.Unchecked) Predicate(java.util.function.Predicate) Collection(java.util.Collection) PrincipalResolver(org.apereo.cas.authentication.principal.PrincipalResolver) IAttributeMerger(org.apereo.services.persondir.support.merger.IAttributeMerger) Set(java.util.Set) MultivaluedAttributeMerger(org.apereo.services.persondir.support.merger.MultivaluedAttributeMerger) AuthenticationPolicyProperties(org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties) Collectors(java.util.stream.Collectors) PasswordPolicyProperties(org.apereo.cas.configuration.model.core.authentication.PasswordPolicyProperties) IPersonAttributeDaoFilter(org.apereo.services.persondir.IPersonAttributeDaoFilter) StandardCharsets(java.nio.charset.StandardCharsets) RejectResultCodePasswordPolicyHandlingStrategy(org.apereo.cas.authentication.support.password.RejectResultCodePasswordPolicyHandlingStrategy) IOUtils(org.apache.commons.io.IOUtils) AllCredentialsValidatedAuthenticationPolicy(org.apereo.cas.authentication.policy.AllCredentialsValidatedAuthenticationPolicy) Slf4j(lombok.extern.slf4j.Slf4j) List(java.util.List) IPAddressIntelligenceService(org.apereo.cas.authentication.adaptive.intel.IPAddressIntelligenceService) Optional(java.util.Optional) Principal(org.apereo.cas.authentication.principal.Principal) PrincipalResolutionContext(org.apereo.cas.authentication.principal.resolvers.PrincipalResolutionContext) Pattern(java.util.regex.Pattern) GroovyClassLoader(groovy.lang.GroovyClassLoader) AtLeastOneCredentialValidatedAuthenticationPolicy(org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy) RequiredAuthenticationHandlerAuthenticationPolicy(org.apereo.cas.authentication.policy.RequiredAuthenticationHandlerAuthenticationPolicy) AllAuthenticationHandlersSucceededAuthenticationPolicy(org.apereo.cas.authentication.policy.AllAuthenticationHandlersSucceededAuthenticationPolicy) ArrayUtils(org.apache.commons.lang3.ArrayUtils) HashMap(java.util.HashMap) RestfulIPAddressIntelligenceService(org.apereo.cas.authentication.adaptive.intel.RestfulIPAddressIntelligenceService) Multimap(com.google.common.collect.Multimap) PersonDirectoryPrincipalResolverProperties(org.apereo.cas.configuration.model.core.authentication.PersonDirectoryPrincipalResolverProperties) NoncollidingAttributeAdder(org.apereo.services.persondir.support.merger.NoncollidingAttributeAdder) ArrayList(java.util.ArrayList) UtilityClass(lombok.experimental.UtilityClass) LinkedHashMap(java.util.LinkedHashMap) NotPreventedAuthenticationPolicy(org.apereo.cas.authentication.policy.NotPreventedAuthenticationPolicy) DefaultResourceLoader(org.springframework.core.io.DefaultResourceLoader) CollectionUtils(org.apereo.cas.util.CollectionUtils) ChainingPrincipalNameTransformer(org.apereo.cas.util.transforms.ChainingPrincipalNameTransformer) PersonDirectoryPrincipalResolver(org.apereo.cas.authentication.principal.resolvers.PersonDirectoryPrincipalResolver) BaseAdditiveAttributeMerger(org.apereo.services.persondir.support.merger.BaseAdditiveAttributeMerger) lombok.val(lombok.val) GroovyScriptAuthenticationPolicy(org.apereo.cas.authentication.policy.GroovyScriptAuthenticationPolicy) CompilerConfiguration(org.codehaus.groovy.control.CompilerConfiguration) ApplicationContext(org.springframework.context.ApplicationContext) AdaptiveAuthenticationProperties(org.apereo.cas.configuration.model.core.authentication.AdaptiveAuthenticationProperties) TriStateBoolean(org.apereo.cas.util.model.TriStateBoolean) PrincipalNameTransformerUtils(org.apereo.cas.authentication.principal.PrincipalNameTransformerUtils) DefaultPasswordPolicyHandlingStrategy(org.apereo.cas.authentication.support.password.DefaultPasswordPolicyHandlingStrategy) PrincipalAttributesCoreProperties(org.apereo.cas.configuration.model.core.authentication.PrincipalAttributesCoreProperties) RestfulAuthenticationPolicy(org.apereo.cas.authentication.policy.RestfulAuthenticationPolicy) Collections(java.util.Collections) AtLeastOneCredentialValidatedAuthenticationPolicy(org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy) AllAuthenticationHandlersSucceededAuthenticationPolicy(org.apereo.cas.authentication.policy.AllAuthenticationHandlersSucceededAuthenticationPolicy) AllCredentialsValidatedAuthenticationPolicy(org.apereo.cas.authentication.policy.AllCredentialsValidatedAuthenticationPolicy) ArrayList(java.util.ArrayList) NotPreventedAuthenticationPolicy(org.apereo.cas.authentication.policy.NotPreventedAuthenticationPolicy) GroovyScriptAuthenticationPolicy(org.apereo.cas.authentication.policy.GroovyScriptAuthenticationPolicy) RestfulAuthenticationPolicy(org.apereo.cas.authentication.policy.RestfulAuthenticationPolicy)

Example 2 with AtLeastOneCredentialValidatedAuthenticationPolicy

use of org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy in project cas by apereo.

the class AuthenticationPolicyAwareServiceTicketValidationAuthorizerTests method verifyOperationWithHandlersAndAtLeastOneCredentialMustTryAll.

@Test
public void verifyOperationWithHandlersAndAtLeastOneCredentialMustTryAll() {
    val handlers = List.of(getTestOtpAuthenticationHandler(), getAcceptUsersAuthenticationHandler(), getSimpleTestAuthenticationHandler());
    val service = CoreAuthenticationTestUtils.getService("https://example.com/high/");
    val authz = getAuthorizer(new AtLeastOneCredentialValidatedAuthenticationPolicy(true), handlers);
    val map = (Map) Map.of(new UsernamePasswordCredential(), getAcceptUsersAuthenticationHandler(), getOtpCredential(), getTestOtpAuthenticationHandler());
    val assertion = getAssertion(map);
    assertDoesNotThrow(new Executable() {

        @Override
        public void execute() {
            authz.authorize(new MockHttpServletRequest(), service, assertion);
        }
    });
}
Also used : lombok.val(lombok.val) AtLeastOneCredentialValidatedAuthenticationPolicy(org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Executable(org.junit.jupiter.api.function.Executable) Map(java.util.Map) UsernamePasswordCredential(org.apereo.cas.authentication.credential.UsernamePasswordCredential) Test(org.junit.jupiter.api.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Example 3 with AtLeastOneCredentialValidatedAuthenticationPolicy

use of org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy in project cas by apereo.

the class AuthenticationPolicyAwareServiceTicketValidationAuthorizerTests method verifyOperationWithHandlersAndAtLeastOneCredential.

@Test
public void verifyOperationWithHandlersAndAtLeastOneCredential() {
    val handlers = List.of(getTestOtpAuthenticationHandler(), getAcceptUsersAuthenticationHandler(), getSimpleTestAuthenticationHandler());
    val service = CoreAuthenticationTestUtils.getService("https://example.com/high/");
    val authz = getAuthorizer(new AtLeastOneCredentialValidatedAuthenticationPolicy(), handlers);
    val map = (Map) Map.of(new UsernamePasswordCredential(), getAcceptUsersAuthenticationHandler(), getOtpCredential(), getTestOtpAuthenticationHandler());
    val assertion = getAssertion(map);
    assertDoesNotThrow(new Executable() {

        @Override
        public void execute() {
            authz.authorize(new MockHttpServletRequest(), service, assertion);
        }
    });
}
Also used : lombok.val(lombok.val) AtLeastOneCredentialValidatedAuthenticationPolicy(org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Executable(org.junit.jupiter.api.function.Executable) Map(java.util.Map) UsernamePasswordCredential(org.apereo.cas.authentication.credential.UsernamePasswordCredential) Test(org.junit.jupiter.api.Test) SpringBootTest(org.springframework.boot.test.context.SpringBootTest)

Example 4 with AtLeastOneCredentialValidatedAuthenticationPolicy

use of org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy in project cas by apereo.

the class DefaultAuthenticationManagerTests method verifyAuthenticateAnyButTryAllSuccess.

@Test
public void verifyAuthenticateAnyButTryAllSuccess() {
    val map = new HashMap<AuthenticationHandler, PrincipalResolver>();
    map.put(newMockHandler(true), null);
    map.put(newMockHandler(false), null);
    val authenticationExecutionPlan = getAuthenticationExecutionPlan(map);
    authenticationExecutionPlan.registerAuthenticationPolicy(new AtLeastOneCredentialValidatedAuthenticationPolicy(true));
    val manager = new DefaultAuthenticationManager(authenticationExecutionPlan, false, applicationContext);
    val auth = manager.authenticate(transaction);
    assertEquals(1, auth.getSuccesses().size());
    assertEquals(1, auth.getFailures().size());
    assertEquals(2, map.size());
}
Also used : lombok.val(lombok.val) AtLeastOneCredentialValidatedAuthenticationPolicy(org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) Test(org.junit.jupiter.api.Test)

Example 5 with AtLeastOneCredentialValidatedAuthenticationPolicy

use of org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy in project cas by apereo.

the class DefaultAuthenticationManagerTests method verifyAuthenticateAnySuccess.

@Test
public void verifyAuthenticateAnySuccess() {
    val map = new HashMap<AuthenticationHandler, PrincipalResolver>();
    map.put(newMockHandler(true), null);
    map.put(newMockHandler(false), null);
    val authenticationExecutionPlan = getAuthenticationExecutionPlan(map);
    authenticationExecutionPlan.registerAuthenticationPolicy(new AtLeastOneCredentialValidatedAuthenticationPolicy());
    val manager = new DefaultAuthenticationManager(authenticationExecutionPlan, false, applicationContext);
    val auth = manager.authenticate(transaction);
    assertEquals(1, auth.getSuccesses().size());
    assertEquals(2, auth.getCredentials().size());
}
Also used : lombok.val(lombok.val) AtLeastOneCredentialValidatedAuthenticationPolicy(org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) Test(org.junit.jupiter.api.Test)

Aggregations

lombok.val (lombok.val)9 AtLeastOneCredentialValidatedAuthenticationPolicy (org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy)9 Test (org.junit.jupiter.api.Test)8 LinkedHashMap (java.util.LinkedHashMap)5 HashMap (java.util.HashMap)3 Map (java.util.Map)3 DefaultAuthenticationServiceSelectionPlan (org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionPlan)2 DefaultAuthenticationServiceSelectionStrategy (org.apereo.cas.authentication.DefaultAuthenticationServiceSelectionStrategy)2 DefaultAuthenticationTransactionFactory (org.apereo.cas.authentication.DefaultAuthenticationTransactionFactory)2 UsernamePasswordCredential (org.apereo.cas.authentication.credential.UsernamePasswordCredential)2 RegisteredServiceAuthenticationPolicyResolver (org.apereo.cas.authentication.policy.RegisteredServiceAuthenticationPolicyResolver)2 Executable (org.junit.jupiter.api.function.Executable)2 SpringBootTest (org.springframework.boot.test.context.SpringBootTest)2 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2 Splitter (com.google.common.base.Splitter)1 ArrayListMultimap (com.google.common.collect.ArrayListMultimap)1 Multimap (com.google.common.collect.Multimap)1 GroovyClassLoader (groovy.lang.GroovyClassLoader)1 StandardCharsets (java.nio.charset.StandardCharsets)1 ArrayList (java.util.ArrayList)1