Example 6 with PasswordManagementProperties
use of org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties in project cas by apereo.
the class VerifySecurityQuestionsAction method doExecute.
@Override
protected Event doExecute(final RequestContext requestContext) throws Exception {
final HttpServletRequest request = WebUtils.getHttpServletRequest(requestContext);
final String username = requestContext.getFlowScope().getString("username");
final PasswordManagementProperties pm = casProperties.getAuthn().getPm();
if (!pm.getReset().isSecurityQuestionsEnabled()) {
LOGGER.debug("Security questions are not enabled");
return success();
}
final Map<String, String> questions = passwordManagementService.getSecurityQuestions(username);
final AtomicInteger i = new AtomicInteger(0);
final long c = questions.values().stream().filter(v -> {
final String answer = request.getParameter("q" + i.getAndIncrement());
return answer.equals(v);
}).count();
if (c == questions.size()) {
return success();
}
return error();
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties)
PasswordManagementProperties(org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties)
Logger(org.slf4j.Logger)
AbstractAction(org.springframework.webflow.action.AbstractAction)
LoggerFactory(org.slf4j.LoggerFactory)
Autowired(org.springframework.beans.factory.annotation.Autowired)
RequestContext(org.springframework.webflow.execution.RequestContext)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
PasswordManagementService(org.apereo.cas.pm.PasswordManagementService)
Map(java.util.Map)
WebUtils(org.apereo.cas.web.support.WebUtils)
Event(org.springframework.webflow.execution.Event)
PasswordManagementProperties(org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties)
AtomicInteger(java.util.concurrent.atomic.AtomicInteger)
Example 7 with PasswordManagementProperties
use of org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties in project cas by apereo.
the class PasswordManagementConfiguration method passwordChangeService.
@ConditionalOnMissingBean(name = "passwordChangeService")
@RefreshScope
@Bean
public PasswordManagementService passwordChangeService() {
final PasswordManagementProperties pm = casProperties.getAuthn().getPm();
if (pm.isEnabled()) {
final Resource location = pm.getJson().getLocation();
if (location != null) {
LOGGER.debug("Configuring password management based on JSON resource [{}]", location);
return new JsonResourcePasswordManagementService(passwordManagementCipherExecutor(), casProperties.getServer().getPrefix(), casProperties.getAuthn().getPm(), location);
}
LOGGER.warn("No storage service (LDAP, Database, etc) is configured to handle the account update and password service operations. " + "Password management functionality will have no effect and will be disabled until a storage service is configured. " + "To explicitly disable the password management functionality, add 'cas.authn.pm.enabled=false' to the CAS configuration");
} else {
LOGGER.debug("Password management is disabled. To enable the password management functionality, " + "add 'cas.authn.pm.enabled=true' to the CAS configuration and then configure storage options for account updates");
}
return new NoOpPasswordManagementService(passwordManagementCipherExecutor(), casProperties.getServer().getPrefix(), casProperties.getAuthn().getPm());
}
Also used :
PasswordManagementProperties(org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties)
NoOpPasswordManagementService(org.apereo.cas.pm.impl.NoOpPasswordManagementService)
Resource(org.springframework.core.io.Resource)
JsonResourcePasswordManagementService(org.apereo.cas.pm.impl.JsonResourcePasswordManagementService)
RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope)
ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)
ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)
Bean(org.springframework.context.annotation.Bean)
Aggregations
PasswordManagementProperties (org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties)7
HttpServletRequest (javax.servlet.http.HttpServletRequest)3
lombok.val (lombok.val)2
Test (org.junit.jupiter.api.Test)2
ConditionalOnMissingBean (org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)2
RefreshScope (org.springframework.cloud.context.config.annotation.RefreshScope)2
Bean (org.springframework.context.annotation.Bean)2
Map (java.util.Map)1
AtomicInteger (java.util.concurrent.atomic.AtomicInteger)1
CasConfigurationProperties (org.apereo.cas.configuration.CasConfigurationProperties)1
EncryptionJwtSigningJwtCryptographyProperties (org.apereo.cas.configuration.model.core.util.EncryptionJwtSigningJwtCryptographyProperties)1
PasswordChangeRequest (org.apereo.cas.pm.PasswordChangeRequest)1
PasswordManagementService (org.apereo.cas.pm.PasswordManagementService)1
PasswordResetTokenCipherExecutor (org.apereo.cas.pm.PasswordResetTokenCipherExecutor)1
JsonResourcePasswordManagementService (org.apereo.cas.pm.impl.JsonResourcePasswordManagementService)1
NoOpPasswordManagementService (org.apereo.cas.pm.impl.NoOpPasswordManagementService)1
WebUtils (org.apereo.cas.web.support.WebUtils)1
ClientInfo (org.apereo.inspektr.common.web.ClientInfo)1
JwtClaims (org.jose4j.jwt.JwtClaims)1
Logger (org.slf4j.Logger)1
