Search in sources :

Example 1 with X509Properties

use of org.apereo.cas.configuration.model.support.x509.X509Properties in project cas by apereo.

the class X509AuthenticationConfiguration method x509CredentialsAuthenticationHandler.

@Bean
@RefreshScope
public AuthenticationHandler x509CredentialsAuthenticationHandler() {
    final X509Properties x509 = casProperties.getAuthn().getX509();
    final RevocationChecker revChecker;
    switch(x509.getRevocationChecker().trim().toLowerCase()) {
        case "resource":
            revChecker = resourceCrlRevocationChecker();
            break;
        case "crl":
            revChecker = crlDistributionPointRevocationChecker();
            break;
        case "none":
        default:
            revChecker = noOpRevocationChecker();
            break;
    }
    return new X509CredentialsAuthenticationHandler(x509.getName(), servicesManager, x509PrincipalFactory(), StringUtils.isNotBlank(x509.getRegExTrustedIssuerDnPattern()) ? RegexUtils.createPattern(x509.getRegExTrustedIssuerDnPattern()) : null, x509.getMaxPathLength(), x509.isMaxPathLengthAllowUnspecified(), x509.isCheckKeyUsage(), x509.isRequireKeyUsage(), StringUtils.isNotBlank(x509.getRegExSubjectDnPattern()) ? RegexUtils.createPattern(x509.getRegExSubjectDnPattern()) : null, revChecker);
}
Also used : X509CredentialsAuthenticationHandler(org.apereo.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler) RevocationChecker(org.apereo.cas.adaptors.x509.authentication.revocation.checker.RevocationChecker) CRLDistributionPointRevocationChecker(org.apereo.cas.adaptors.x509.authentication.revocation.checker.CRLDistributionPointRevocationChecker) ResourceCRLRevocationChecker(org.apereo.cas.adaptors.x509.authentication.revocation.checker.ResourceCRLRevocationChecker) NoOpRevocationChecker(org.apereo.cas.adaptors.x509.authentication.revocation.checker.NoOpRevocationChecker) X509Properties(org.apereo.cas.configuration.model.support.x509.X509Properties) RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) Bean(org.springframework.context.annotation.Bean)

Example 2 with X509Properties

use of org.apereo.cas.configuration.model.support.x509.X509Properties in project cas by apereo.

the class X509AuthenticationConfiguration method x509SerialNumberPrincipalResolver.

@Bean
@RefreshScope
public PrincipalResolver x509SerialNumberPrincipalResolver() {
    final X509Properties x509 = casProperties.getAuthn().getX509();
    final X509SerialNumberPrincipalResolver r = new X509SerialNumberPrincipalResolver();
    r.setAttributeRepository(attributeRepository);
    r.setPrincipalAttributeName(x509.getPrincipal().getPrincipalAttribute());
    r.setReturnNullIfNoAttributes(x509.getPrincipal().isReturnNull());
    r.setPrincipalFactory(x509PrincipalFactory());
    return r;
}
Also used : X509Properties(org.apereo.cas.configuration.model.support.x509.X509Properties) X509SerialNumberPrincipalResolver(org.apereo.cas.adaptors.x509.authentication.principal.X509SerialNumberPrincipalResolver) RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) Bean(org.springframework.context.annotation.Bean)

Example 3 with X509Properties

use of org.apereo.cas.configuration.model.support.x509.X509Properties in project cas by apereo.

the class X509AuthenticationConfiguration method x509SubjectDNPrincipalResolver.

@Bean
@RefreshScope
public PrincipalResolver x509SubjectDNPrincipalResolver() {
    final X509Properties x509 = casProperties.getAuthn().getX509();
    final X509SubjectDNPrincipalResolver r = new X509SubjectDNPrincipalResolver();
    r.setAttributeRepository(attributeRepository);
    r.setPrincipalAttributeName(x509.getPrincipal().getPrincipalAttribute());
    r.setReturnNullIfNoAttributes(x509.getPrincipal().isReturnNull());
    r.setPrincipalFactory(x509PrincipalFactory());
    return r;
}
Also used : X509SubjectDNPrincipalResolver(org.apereo.cas.adaptors.x509.authentication.principal.X509SubjectDNPrincipalResolver) X509Properties(org.apereo.cas.configuration.model.support.x509.X509Properties) RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) Bean(org.springframework.context.annotation.Bean)

Example 4 with X509Properties

use of org.apereo.cas.configuration.model.support.x509.X509Properties in project cas by apereo.

the class X509AuthenticationConfiguration method x509SubjectAlternativeNameUPNPrincipalResolver.

@Bean
@RefreshScope
public PrincipalResolver x509SubjectAlternativeNameUPNPrincipalResolver() {
    final X509Properties x509 = casProperties.getAuthn().getX509();
    final X509SubjectAlternativeNameUPNPrincipalResolver r = new X509SubjectAlternativeNameUPNPrincipalResolver();
    r.setAttributeRepository(attributeRepository);
    r.setPrincipalAttributeName(x509.getPrincipal().getPrincipalAttribute());
    r.setReturnNullIfNoAttributes(x509.getPrincipal().isReturnNull());
    r.setPrincipalFactory(x509PrincipalFactory());
    return r;
}
Also used : X509SubjectAlternativeNameUPNPrincipalResolver(org.apereo.cas.adaptors.x509.authentication.principal.X509SubjectAlternativeNameUPNPrincipalResolver) X509Properties(org.apereo.cas.configuration.model.support.x509.X509Properties) RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) Bean(org.springframework.context.annotation.Bean)

Example 5 with X509Properties

use of org.apereo.cas.configuration.model.support.x509.X509Properties in project cas by apereo.

the class X509AuthenticationConfiguration method resourceCrlRevocationChecker.

@Bean
public RevocationChecker resourceCrlRevocationChecker() {
    final X509Properties x509 = casProperties.getAuthn().getX509();
    final Set<Resource> x509CrlResources = x509.getCrlResources().stream().map(s -> this.resourceLoader.getResource(s)).collect(Collectors.toSet());
    return new ResourceCRLRevocationChecker(x509.isCheckAll(), getRevocationPolicy(x509.getCrlResourceUnavailablePolicy()), getRevocationPolicy(x509.getCrlResourceExpiredPolicy()), x509.getRefreshIntervalSeconds(), crlFetcher(), x509CrlResources);
}
Also used : CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties) X509SubjectAlternativeNameUPNPrincipalResolver(org.apereo.cas.adaptors.x509.authentication.principal.X509SubjectAlternativeNameUPNPrincipalResolver) X509SubjectPrincipalResolver(org.apereo.cas.adaptors.x509.authentication.principal.X509SubjectPrincipalResolver) RevocationPolicy(org.apereo.cas.adaptors.x509.authentication.revocation.policy.RevocationPolicy) X509SerialNumberAndIssuerDNPrincipalResolver(org.apereo.cas.adaptors.x509.authentication.principal.X509SerialNumberAndIssuerDNPrincipalResolver) Autowired(org.springframework.beans.factory.annotation.Autowired) Beans(org.apereo.cas.configuration.support.Beans) StringUtils(org.apache.commons.lang3.StringUtils) AuthenticationEventExecutionPlan(org.apereo.cas.authentication.AuthenticationEventExecutionPlan) IPersonAttributeDao(org.apereo.services.persondir.IPersonAttributeDao) RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope) AuthenticationHandler(org.apereo.cas.authentication.AuthenticationHandler) PrincipalFactory(org.apereo.cas.authentication.principal.PrincipalFactory) RevocationChecker(org.apereo.cas.adaptors.x509.authentication.revocation.checker.RevocationChecker) EnableConfigurationProperties(org.springframework.boot.context.properties.EnableConfigurationProperties) Qualifier(org.springframework.beans.factory.annotation.Qualifier) X509SubjectDNPrincipalResolver(org.apereo.cas.adaptors.x509.authentication.principal.X509SubjectDNPrincipalResolver) ServicesManager(org.apereo.cas.services.ServicesManager) Resource(org.springframework.core.io.Resource) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) ResourceLoader(org.springframework.core.io.ResourceLoader) CRLFetcher(org.apereo.cas.adaptors.x509.authentication.CRLFetcher) X509SerialNumberPrincipalResolver(org.apereo.cas.adaptors.x509.authentication.principal.X509SerialNumberPrincipalResolver) PrincipalResolver(org.apereo.cas.authentication.principal.PrincipalResolver) Set(java.util.Set) UUID(java.util.UUID) Collectors(java.util.stream.Collectors) AuthenticationEventExecutionPlanConfigurer(org.apereo.cas.config.support.authentication.AuthenticationEventExecutionPlanConfigurer) CRLDistributionPointRevocationChecker(org.apereo.cas.adaptors.x509.authentication.revocation.checker.CRLDistributionPointRevocationChecker) ResourceCRLRevocationChecker(org.apereo.cas.adaptors.x509.authentication.revocation.checker.ResourceCRLRevocationChecker) RegexUtils(org.apereo.cas.util.RegexUtils) Configuration(org.springframework.context.annotation.Configuration) DenyRevocationPolicy(org.apereo.cas.adaptors.x509.authentication.revocation.policy.DenyRevocationPolicy) ThresholdExpiredCRLRevocationPolicy(org.apereo.cas.adaptors.x509.authentication.revocation.policy.ThresholdExpiredCRLRevocationPolicy) X509Properties(org.apereo.cas.configuration.model.support.x509.X509Properties) AllowRevocationPolicy(org.apereo.cas.adaptors.x509.authentication.revocation.policy.AllowRevocationPolicy) NoOpRevocationChecker(org.apereo.cas.adaptors.x509.authentication.revocation.checker.NoOpRevocationChecker) ResourceCRLFetcher(org.apereo.cas.adaptors.x509.authentication.ResourceCRLFetcher) LdaptiveResourceCRLFetcher(org.apereo.cas.adaptors.x509.authentication.ldap.LdaptiveResourceCRLFetcher) Bean(org.springframework.context.annotation.Bean) Cache(net.sf.ehcache.Cache) X509CredentialsAuthenticationHandler(org.apereo.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler) DefaultPrincipalFactory(org.apereo.cas.authentication.principal.DefaultPrincipalFactory) ResourceCRLRevocationChecker(org.apereo.cas.adaptors.x509.authentication.revocation.checker.ResourceCRLRevocationChecker) Resource(org.springframework.core.io.Resource) X509Properties(org.apereo.cas.configuration.model.support.x509.X509Properties) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) Bean(org.springframework.context.annotation.Bean)

Aggregations

X509Properties (org.apereo.cas.configuration.model.support.x509.X509Properties)7 ConditionalOnMissingBean (org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)7 Bean (org.springframework.context.annotation.Bean)7 RefreshScope (org.springframework.cloud.context.config.annotation.RefreshScope)6 CRLDistributionPointRevocationChecker (org.apereo.cas.adaptors.x509.authentication.revocation.checker.CRLDistributionPointRevocationChecker)3 Cache (net.sf.ehcache.Cache)2 X509CredentialsAuthenticationHandler (org.apereo.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler)2 X509SerialNumberPrincipalResolver (org.apereo.cas.adaptors.x509.authentication.principal.X509SerialNumberPrincipalResolver)2 X509SubjectAlternativeNameUPNPrincipalResolver (org.apereo.cas.adaptors.x509.authentication.principal.X509SubjectAlternativeNameUPNPrincipalResolver)2 X509SubjectDNPrincipalResolver (org.apereo.cas.adaptors.x509.authentication.principal.X509SubjectDNPrincipalResolver)2 X509SubjectPrincipalResolver (org.apereo.cas.adaptors.x509.authentication.principal.X509SubjectPrincipalResolver)2 NoOpRevocationChecker (org.apereo.cas.adaptors.x509.authentication.revocation.checker.NoOpRevocationChecker)2 ResourceCRLRevocationChecker (org.apereo.cas.adaptors.x509.authentication.revocation.checker.ResourceCRLRevocationChecker)2 RevocationChecker (org.apereo.cas.adaptors.x509.authentication.revocation.checker.RevocationChecker)2 Set (java.util.Set)1 UUID (java.util.UUID)1 Collectors (java.util.stream.Collectors)1 StringUtils (org.apache.commons.lang3.StringUtils)1 CRLFetcher (org.apereo.cas.adaptors.x509.authentication.CRLFetcher)1 ResourceCRLFetcher (org.apereo.cas.adaptors.x509.authentication.ResourceCRLFetcher)1