Search in sources :

Example 1 with AuthenticationPolicyProperties

use of org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties in project cas by apereo.

the class CasCoreAuthenticationPolicyConfiguration method authenticationPolicyExecutionPlanConfigurer.

@ConditionalOnMissingBean(name = "authenticationPolicyExecutionPlanConfigurer")
@Bean
public AuthenticationEventExecutionPlanConfigurer authenticationPolicyExecutionPlanConfigurer() {
    return plan -> {
        final AuthenticationPolicyProperties police = casProperties.getAuthn().getPolicy();
        if (police.getReq().isEnabled()) {
            LOGGER.debug("Activating authentication policy [{}]", RequiredHandlerAuthenticationPolicy.class.getSimpleName());
            plan.registerAuthenticationPolicy(new RequiredHandlerAuthenticationPolicy(police.getReq().getHandlerName(), police.getReq().isTryAll()));
        } else if (police.getAll().isEnabled()) {
            LOGGER.debug("Activating authentication policy [{}]", AllAuthenticationPolicy.class.getSimpleName());
            plan.registerAuthenticationPolicy(new AllAuthenticationPolicy());
        } else if (police.getNotPrevented().isEnabled()) {
            LOGGER.debug("Activating authentication policy [{}]", NotPreventedAuthenticationPolicy.class.getSimpleName());
            plan.registerAuthenticationPolicy(notPreventedAuthenticationPolicy());
        } else if (police.getUniquePrincipal().isEnabled()) {
            LOGGER.debug("Activating authentication policy [{}]", UniquePrincipalAuthenticationPolicy.class.getSimpleName());
            plan.registerAuthenticationPolicy(new UniquePrincipalAuthenticationPolicy(ticketRegistry.getIfAvailable()));
        } else if (!police.getGroovy().isEmpty()) {
            LOGGER.debug("Activating authentication policy [{}]", GroovyScriptAuthenticationPolicy.class.getSimpleName());
            police.getGroovy().forEach(groovy -> plan.registerAuthenticationPolicy(new GroovyScriptAuthenticationPolicy(resourceLoader, groovy.getScript())));
        } else if (!police.getRest().isEmpty()) {
            LOGGER.debug("Activating authentication policy [{}]", RestfulAuthenticationPolicy.class.getSimpleName());
            police.getRest().forEach(r -> plan.registerAuthenticationPolicy(new RestfulAuthenticationPolicy(new RestTemplate(), r.getEndpoint())));
        } else if (police.getAny().isEnabled()) {
            LOGGER.debug("Activating authentication policy [{}]", AnyAuthenticationPolicy.class.getSimpleName());
            plan.registerAuthenticationPolicy(new AnyAuthenticationPolicy(police.getAny().isTryAll()));
        }
    };
}
Also used : CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties) AuthenticationPolicy(org.apereo.cas.authentication.AuthenticationPolicy) GeoLocationService(org.apereo.cas.authentication.adaptive.geo.GeoLocationService) Autowired(org.springframework.beans.factory.annotation.Autowired) ObjectProvider(org.springframework.beans.factory.ObjectProvider) TicketRegistry(org.apereo.cas.ticket.registry.TicketRegistry) NotPreventedAuthenticationPolicy(org.apereo.cas.authentication.policy.NotPreventedAuthenticationPolicy) EnableConfigurationProperties(org.springframework.boot.context.properties.EnableConfigurationProperties) Qualifier(org.springframework.beans.factory.annotation.Qualifier) DefaultAdaptiveAuthenticationPolicy(org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy) RestTemplate(org.springframework.web.client.RestTemplate) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) UniquePrincipalAuthenticationPolicy(org.apereo.cas.authentication.policy.UniquePrincipalAuthenticationPolicy) ResourceLoader(org.springframework.core.io.ResourceLoader) RequiredHandlerAuthenticationPolicyFactory(org.apereo.cas.authentication.policy.RequiredHandlerAuthenticationPolicyFactory) AnyAuthenticationPolicy(org.apereo.cas.authentication.policy.AnyAuthenticationPolicy) GroovyScriptAuthenticationPolicy(org.apereo.cas.authentication.policy.GroovyScriptAuthenticationPolicy) AuthenticationPolicyProperties(org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties) ApplicationContext(org.springframework.context.ApplicationContext) AllAuthenticationPolicy(org.apereo.cas.authentication.policy.AllAuthenticationPolicy) Configuration(org.springframework.context.annotation.Configuration) Slf4j(lombok.extern.slf4j.Slf4j) ContextualAuthenticationPolicyFactory(org.apereo.cas.authentication.ContextualAuthenticationPolicyFactory) RequiredHandlerAuthenticationPolicy(org.apereo.cas.authentication.policy.RequiredHandlerAuthenticationPolicy) Bean(org.springframework.context.annotation.Bean) AuthenticationEventExecutionPlanConfigurer(org.apereo.cas.authentication.AuthenticationEventExecutionPlanConfigurer) RestfulAuthenticationPolicy(org.apereo.cas.authentication.policy.RestfulAuthenticationPolicy) AdaptiveAuthenticationPolicy(org.apereo.cas.authentication.adaptive.AdaptiveAuthenticationPolicy) AnyAuthenticationPolicy(org.apereo.cas.authentication.policy.AnyAuthenticationPolicy) RequiredHandlerAuthenticationPolicy(org.apereo.cas.authentication.policy.RequiredHandlerAuthenticationPolicy) RestTemplate(org.springframework.web.client.RestTemplate) GroovyScriptAuthenticationPolicy(org.apereo.cas.authentication.policy.GroovyScriptAuthenticationPolicy) RestfulAuthenticationPolicy(org.apereo.cas.authentication.policy.RestfulAuthenticationPolicy) AuthenticationPolicyProperties(org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties) UniquePrincipalAuthenticationPolicy(org.apereo.cas.authentication.policy.UniquePrincipalAuthenticationPolicy) AllAuthenticationPolicy(org.apereo.cas.authentication.policy.AllAuthenticationPolicy) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) Bean(org.springframework.context.annotation.Bean)

Example 2 with AuthenticationPolicyProperties

use of org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties in project cas by apereo.

the class CoreAuthenticationUtils method newAuthenticationPolicy.

/**
 * New authentication policy collection.
 *
 * @param policyProps the policy props
 * @return the collection
 */
public static Collection<AuthenticationPolicy> newAuthenticationPolicy(final AuthenticationPolicyProperties policyProps) {
    if (policyProps.getReq().isEnabled()) {
        LOGGER.trace("Activating authentication policy [{}]", RequiredAuthenticationHandlerAuthenticationPolicy.class.getSimpleName());
        val requiredHandlerNames = org.springframework.util.StringUtils.commaDelimitedListToSet(policyProps.getReq().getHandlerName());
        var policy = new RequiredAuthenticationHandlerAuthenticationPolicy(requiredHandlerNames, policyProps.getReq().isTryAll());
        return CollectionUtils.wrapList(policy);
    }
    if (policyProps.getAllHandlers().isEnabled()) {
        LOGGER.trace("Activating authentication policy [{}]", AllAuthenticationHandlersSucceededAuthenticationPolicy.class.getSimpleName());
        return CollectionUtils.wrapList(new AllAuthenticationHandlersSucceededAuthenticationPolicy());
    }
    if (policyProps.getAll().isEnabled()) {
        LOGGER.trace("Activating authentication policy [{}]", AllCredentialsValidatedAuthenticationPolicy.class.getSimpleName());
        return CollectionUtils.wrapList(new AllCredentialsValidatedAuthenticationPolicy());
    }
    if (policyProps.getNotPrevented().isEnabled()) {
        LOGGER.trace("Activating authentication policy [{}]", NotPreventedAuthenticationPolicy.class.getSimpleName());
        return CollectionUtils.wrapList(new NotPreventedAuthenticationPolicy());
    }
    if (!policyProps.getGroovy().isEmpty()) {
        LOGGER.trace("Activating authentication policy [{}]", GroovyScriptAuthenticationPolicy.class.getSimpleName());
        return policyProps.getGroovy().stream().map(groovy -> new GroovyScriptAuthenticationPolicy(groovy.getScript())).collect(Collectors.toList());
    }
    if (!policyProps.getRest().isEmpty()) {
        LOGGER.trace("Activating authentication policy [{}]", RestfulAuthenticationPolicy.class.getSimpleName());
        return policyProps.getRest().stream().map(RestfulAuthenticationPolicy::new).collect(Collectors.toList());
    }
    if (policyProps.getAny().isEnabled()) {
        LOGGER.trace("Activating authentication policy [{}]", AtLeastOneCredentialValidatedAuthenticationPolicy.class.getSimpleName());
        return CollectionUtils.wrapList(new AtLeastOneCredentialValidatedAuthenticationPolicy(policyProps.getAny().isTryAll()));
    }
    return new ArrayList<>();
}
Also used : RequiredAuthenticationHandlerAuthenticationPolicy(org.apereo.cas.authentication.policy.RequiredAuthenticationHandlerAuthenticationPolicy) lombok.val(lombok.val) ArrayListMultimap(com.google.common.collect.ArrayListMultimap) Arrays(java.util.Arrays) ReplacingAttributeAdder(org.apereo.services.persondir.support.merger.ReplacingAttributeAdder) GroovyPasswordPolicyHandlingStrategy(org.apereo.cas.authentication.support.password.GroovyPasswordPolicyHandlingStrategy) Assertion(org.apereo.cas.validation.Assertion) GroovyIPAddressIntelligenceService(org.apereo.cas.authentication.adaptive.intel.GroovyIPAddressIntelligenceService) Beans(org.apereo.cas.configuration.support.Beans) StringUtils(org.apache.commons.lang3.StringUtils) IPersonAttributeDao(org.apereo.services.persondir.IPersonAttributeDao) ClassUtils(org.apache.commons.lang3.ClassUtils) PrincipalFactory(org.apereo.cas.authentication.principal.PrincipalFactory) Pair(org.apache.commons.lang3.tuple.Pair) Map(java.util.Map) Splitter(com.google.common.base.Splitter) DefaultIPAddressIntelligenceService(org.apereo.cas.authentication.adaptive.intel.DefaultIPAddressIntelligenceService) Unchecked(org.jooq.lambda.Unchecked) Predicate(java.util.function.Predicate) Collection(java.util.Collection) PrincipalResolver(org.apereo.cas.authentication.principal.PrincipalResolver) IAttributeMerger(org.apereo.services.persondir.support.merger.IAttributeMerger) Set(java.util.Set) MultivaluedAttributeMerger(org.apereo.services.persondir.support.merger.MultivaluedAttributeMerger) AuthenticationPolicyProperties(org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties) Collectors(java.util.stream.Collectors) PasswordPolicyProperties(org.apereo.cas.configuration.model.core.authentication.PasswordPolicyProperties) IPersonAttributeDaoFilter(org.apereo.services.persondir.IPersonAttributeDaoFilter) StandardCharsets(java.nio.charset.StandardCharsets) RejectResultCodePasswordPolicyHandlingStrategy(org.apereo.cas.authentication.support.password.RejectResultCodePasswordPolicyHandlingStrategy) IOUtils(org.apache.commons.io.IOUtils) AllCredentialsValidatedAuthenticationPolicy(org.apereo.cas.authentication.policy.AllCredentialsValidatedAuthenticationPolicy) Slf4j(lombok.extern.slf4j.Slf4j) List(java.util.List) IPAddressIntelligenceService(org.apereo.cas.authentication.adaptive.intel.IPAddressIntelligenceService) Optional(java.util.Optional) Principal(org.apereo.cas.authentication.principal.Principal) PrincipalResolutionContext(org.apereo.cas.authentication.principal.resolvers.PrincipalResolutionContext) Pattern(java.util.regex.Pattern) GroovyClassLoader(groovy.lang.GroovyClassLoader) AtLeastOneCredentialValidatedAuthenticationPolicy(org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy) RequiredAuthenticationHandlerAuthenticationPolicy(org.apereo.cas.authentication.policy.RequiredAuthenticationHandlerAuthenticationPolicy) AllAuthenticationHandlersSucceededAuthenticationPolicy(org.apereo.cas.authentication.policy.AllAuthenticationHandlersSucceededAuthenticationPolicy) ArrayUtils(org.apache.commons.lang3.ArrayUtils) HashMap(java.util.HashMap) RestfulIPAddressIntelligenceService(org.apereo.cas.authentication.adaptive.intel.RestfulIPAddressIntelligenceService) Multimap(com.google.common.collect.Multimap) PersonDirectoryPrincipalResolverProperties(org.apereo.cas.configuration.model.core.authentication.PersonDirectoryPrincipalResolverProperties) NoncollidingAttributeAdder(org.apereo.services.persondir.support.merger.NoncollidingAttributeAdder) ArrayList(java.util.ArrayList) UtilityClass(lombok.experimental.UtilityClass) LinkedHashMap(java.util.LinkedHashMap) NotPreventedAuthenticationPolicy(org.apereo.cas.authentication.policy.NotPreventedAuthenticationPolicy) DefaultResourceLoader(org.springframework.core.io.DefaultResourceLoader) CollectionUtils(org.apereo.cas.util.CollectionUtils) ChainingPrincipalNameTransformer(org.apereo.cas.util.transforms.ChainingPrincipalNameTransformer) PersonDirectoryPrincipalResolver(org.apereo.cas.authentication.principal.resolvers.PersonDirectoryPrincipalResolver) BaseAdditiveAttributeMerger(org.apereo.services.persondir.support.merger.BaseAdditiveAttributeMerger) lombok.val(lombok.val) GroovyScriptAuthenticationPolicy(org.apereo.cas.authentication.policy.GroovyScriptAuthenticationPolicy) CompilerConfiguration(org.codehaus.groovy.control.CompilerConfiguration) ApplicationContext(org.springframework.context.ApplicationContext) AdaptiveAuthenticationProperties(org.apereo.cas.configuration.model.core.authentication.AdaptiveAuthenticationProperties) TriStateBoolean(org.apereo.cas.util.model.TriStateBoolean) PrincipalNameTransformerUtils(org.apereo.cas.authentication.principal.PrincipalNameTransformerUtils) DefaultPasswordPolicyHandlingStrategy(org.apereo.cas.authentication.support.password.DefaultPasswordPolicyHandlingStrategy) PrincipalAttributesCoreProperties(org.apereo.cas.configuration.model.core.authentication.PrincipalAttributesCoreProperties) RestfulAuthenticationPolicy(org.apereo.cas.authentication.policy.RestfulAuthenticationPolicy) Collections(java.util.Collections) AtLeastOneCredentialValidatedAuthenticationPolicy(org.apereo.cas.authentication.policy.AtLeastOneCredentialValidatedAuthenticationPolicy) AllAuthenticationHandlersSucceededAuthenticationPolicy(org.apereo.cas.authentication.policy.AllAuthenticationHandlersSucceededAuthenticationPolicy) AllCredentialsValidatedAuthenticationPolicy(org.apereo.cas.authentication.policy.AllCredentialsValidatedAuthenticationPolicy) ArrayList(java.util.ArrayList) NotPreventedAuthenticationPolicy(org.apereo.cas.authentication.policy.NotPreventedAuthenticationPolicy) GroovyScriptAuthenticationPolicy(org.apereo.cas.authentication.policy.GroovyScriptAuthenticationPolicy) RestfulAuthenticationPolicy(org.apereo.cas.authentication.policy.RestfulAuthenticationPolicy)

Example 3 with AuthenticationPolicyProperties

use of org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties in project cas by apereo.

the class CoreAuthenticationUtilsTests method verifyAuthnPolicyGroovy.

@Test
public void verifyAuthnPolicyGroovy() throws Exception {
    val props = new AuthenticationPolicyProperties();
    props.getGroovy().add(new GroovyAuthenticationPolicyProperties().setScript("classpath:example.groovy"));
    val policy = CoreAuthenticationUtils.newAuthenticationPolicy(props);
    verifySerialization(policy);
}
Also used : lombok.val(lombok.val) GroovyAuthenticationPolicyProperties(org.apereo.cas.configuration.model.core.authentication.GroovyAuthenticationPolicyProperties) RestAuthenticationPolicyProperties(org.apereo.cas.configuration.model.core.authentication.RestAuthenticationPolicyProperties) AuthenticationPolicyProperties(org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties) GroovyAuthenticationPolicyProperties(org.apereo.cas.configuration.model.core.authentication.GroovyAuthenticationPolicyProperties) Test(org.junit.jupiter.api.Test)

Example 4 with AuthenticationPolicyProperties

use of org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties in project cas by apereo.

the class CoreAuthenticationUtilsTests method verifyAuthnPolicyAny.

@Test
public void verifyAuthnPolicyAny() throws Exception {
    val props = new AuthenticationPolicyProperties();
    props.getAny().setEnabled(true);
    val policy = CoreAuthenticationUtils.newAuthenticationPolicy(props);
    verifySerialization(policy);
}
Also used : lombok.val(lombok.val) RestAuthenticationPolicyProperties(org.apereo.cas.configuration.model.core.authentication.RestAuthenticationPolicyProperties) AuthenticationPolicyProperties(org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties) GroovyAuthenticationPolicyProperties(org.apereo.cas.configuration.model.core.authentication.GroovyAuthenticationPolicyProperties) Test(org.junit.jupiter.api.Test)

Example 5 with AuthenticationPolicyProperties

use of org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties in project cas by apereo.

the class CoreAuthenticationUtilsTests method verifyAuthnPolicyAll.

@Test
public void verifyAuthnPolicyAll() throws Exception {
    val props = new AuthenticationPolicyProperties();
    props.getAll().setEnabled(true);
    val policy = CoreAuthenticationUtils.newAuthenticationPolicy(props);
    verifySerialization(policy);
}
Also used : lombok.val(lombok.val) RestAuthenticationPolicyProperties(org.apereo.cas.configuration.model.core.authentication.RestAuthenticationPolicyProperties) AuthenticationPolicyProperties(org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties) GroovyAuthenticationPolicyProperties(org.apereo.cas.configuration.model.core.authentication.GroovyAuthenticationPolicyProperties) Test(org.junit.jupiter.api.Test)

Aggregations

AuthenticationPolicyProperties (org.apereo.cas.configuration.model.core.authentication.AuthenticationPolicyProperties)10 lombok.val (lombok.val)9 GroovyAuthenticationPolicyProperties (org.apereo.cas.configuration.model.core.authentication.GroovyAuthenticationPolicyProperties)8 RestAuthenticationPolicyProperties (org.apereo.cas.configuration.model.core.authentication.RestAuthenticationPolicyProperties)8 Test (org.junit.jupiter.api.Test)8 Slf4j (lombok.extern.slf4j.Slf4j)2 GroovyScriptAuthenticationPolicy (org.apereo.cas.authentication.policy.GroovyScriptAuthenticationPolicy)2 NotPreventedAuthenticationPolicy (org.apereo.cas.authentication.policy.NotPreventedAuthenticationPolicy)2 RestfulAuthenticationPolicy (org.apereo.cas.authentication.policy.RestfulAuthenticationPolicy)2 ApplicationContext (org.springframework.context.ApplicationContext)2 Splitter (com.google.common.base.Splitter)1 ArrayListMultimap (com.google.common.collect.ArrayListMultimap)1 Multimap (com.google.common.collect.Multimap)1 GroovyClassLoader (groovy.lang.GroovyClassLoader)1 StandardCharsets (java.nio.charset.StandardCharsets)1 ArrayList (java.util.ArrayList)1 Arrays (java.util.Arrays)1 Collection (java.util.Collection)1 Collections (java.util.Collections)1 HashMap (java.util.HashMap)1