Search in sources :

Example 1 with BaseOidcScopeAttributeReleasePolicy

use of org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy in project cas by apereo.

the class OidcProfileScopeToAttributesFilter method reconcile.

@Override
public void reconcile(final RegisteredService service) {
    if (!(service instanceof OidcRegisteredService)) {
        super.reconcile(service);
        return;
    }
    final List<String> otherScopes = new ArrayList<>();
    final ChainingAttributeReleasePolicy policy = new ChainingAttributeReleasePolicy();
    final OidcRegisteredService oidc = OidcRegisteredService.class.cast(service);
    oidc.getScopes().forEach(s -> {
        switch(s.trim().toLowerCase()) {
            case OidcConstants.EMAIL:
                policy.getPolicies().add(new OidcEmailScopeAttributeReleasePolicy());
                break;
            case OidcConstants.ADDRESS:
                policy.getPolicies().add(new OidcAddressScopeAttributeReleasePolicy());
                break;
            case OidcConstants.PROFILE:
                policy.getPolicies().add(new OidcProfileScopeAttributeReleasePolicy());
                break;
            case OidcConstants.PHONE:
                policy.getPolicies().add(new OidcPhoneScopeAttributeReleasePolicy());
                break;
            case OidcConstants.OFFLINE_ACCESS:
                oidc.setGenerateRefreshToken(true);
                break;
            case OidcCustomScopeAttributeReleasePolicy.SCOPE_CUSTOM:
                otherScopes.add(s.trim());
                break;
            default:
                final BaseOidcScopeAttributeReleasePolicy userPolicy = userScopes.stream().filter(t -> t.getScopeName().equals(s.trim())).findFirst().orElse(null);
                if (userPolicy != null) {
                    policy.getPolicies().add(userPolicy);
                }
        }
    });
    otherScopes.remove(OidcConstants.OPENID);
    if (!otherScopes.isEmpty()) {
        policy.getPolicies().add(new OidcCustomScopeAttributeReleasePolicy(otherScopes));
    }
    if (policy.getPolicies().isEmpty()) {
        oidc.setAttributeReleasePolicy(new DenyAllAttributeReleasePolicy());
    } else {
        oidc.setAttributeReleasePolicy(policy);
    }
    this.servicesManager.save(oidc);
}
Also used : DenyAllAttributeReleasePolicy(org.apereo.cas.services.DenyAllAttributeReleasePolicy) OidcProfileScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcProfileScopeAttributeReleasePolicy) OidcCustomScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcCustomScopeAttributeReleasePolicy) BaseOidcScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy) OidcRegisteredService(org.apereo.cas.services.OidcRegisteredService) ArrayList(java.util.ArrayList) ChainingAttributeReleasePolicy(org.apereo.cas.services.ChainingAttributeReleasePolicy) OidcPhoneScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcPhoneScopeAttributeReleasePolicy) OidcAddressScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcAddressScopeAttributeReleasePolicy) OidcEmailScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcEmailScopeAttributeReleasePolicy)

Example 2 with BaseOidcScopeAttributeReleasePolicy

use of org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy in project cas by apereo.

the class OidcProfileScopeToAttributesFilter method filterAttributesByScope.

private void filterAttributesByScope(final Collection<String> stream, final Map<String, Object> attributes, final Principal principal, final RegisteredService registeredService) {
    stream.stream().distinct().filter(s -> this.filters.containsKey(s)).forEach(s -> {
        final BaseOidcScopeAttributeReleasePolicy policy = filters.get(s);
        attributes.putAll(policy.getAttributes(principal, registeredService));
    });
}
Also used : OidcProfileScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcProfileScopeAttributeReleasePolicy) LoggerFactory(org.slf4j.LoggerFactory) OAuthUtils(org.apereo.cas.support.oauth.util.OAuthUtils) OidcCustomScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcCustomScopeAttributeReleasePolicy) HashMap(java.util.HashMap) Reflections(org.reflections.Reflections) OidcEmailScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcEmailScopeAttributeReleasePolicy) ArrayList(java.util.ArrayList) BaseOidcScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy) PrincipalFactory(org.apereo.cas.authentication.principal.PrincipalFactory) DefaultOAuth20ProfileScopeToAttributesFilter(org.apereo.cas.support.oauth.profile.DefaultOAuth20ProfileScopeToAttributesFilter) FilterBuilder(org.reflections.util.FilterBuilder) Map(java.util.Map) OidcAddressScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcAddressScopeAttributeReleasePolicy) ConfigurationBuilder(org.reflections.util.ConfigurationBuilder) ChainingAttributeReleasePolicy(org.apereo.cas.services.ChainingAttributeReleasePolicy) ServicesManager(org.apereo.cas.services.ServicesManager) Unchecked(org.jooq.lambda.Unchecked) Logger(org.slf4j.Logger) OidcConstants(org.apereo.cas.oidc.OidcConstants) Collection(java.util.Collection) OidcPhoneScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcPhoneScopeAttributeReleasePolicy) Set(java.util.Set) DenyAllAttributeReleasePolicy(org.apereo.cas.services.DenyAllAttributeReleasePolicy) RegisteredService(org.apereo.cas.services.RegisteredService) ClasspathHelper(org.reflections.util.ClasspathHelper) SubTypesScanner(org.reflections.scanners.SubTypesScanner) List(java.util.List) OidcRegisteredService(org.apereo.cas.services.OidcRegisteredService) Service(org.apereo.cas.authentication.principal.Service) J2EContext(org.pac4j.core.context.J2EContext) Principal(org.apereo.cas.authentication.principal.Principal) BaseOidcScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy)

Aggregations

ArrayList (java.util.ArrayList)2 BaseOidcScopeAttributeReleasePolicy (org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy)2 OidcAddressScopeAttributeReleasePolicy (org.apereo.cas.oidc.claims.OidcAddressScopeAttributeReleasePolicy)2 OidcCustomScopeAttributeReleasePolicy (org.apereo.cas.oidc.claims.OidcCustomScopeAttributeReleasePolicy)2 OidcEmailScopeAttributeReleasePolicy (org.apereo.cas.oidc.claims.OidcEmailScopeAttributeReleasePolicy)2 OidcPhoneScopeAttributeReleasePolicy (org.apereo.cas.oidc.claims.OidcPhoneScopeAttributeReleasePolicy)2 OidcProfileScopeAttributeReleasePolicy (org.apereo.cas.oidc.claims.OidcProfileScopeAttributeReleasePolicy)2 ChainingAttributeReleasePolicy (org.apereo.cas.services.ChainingAttributeReleasePolicy)2 DenyAllAttributeReleasePolicy (org.apereo.cas.services.DenyAllAttributeReleasePolicy)2 OidcRegisteredService (org.apereo.cas.services.OidcRegisteredService)2 Collection (java.util.Collection)1 HashMap (java.util.HashMap)1 List (java.util.List)1 Map (java.util.Map)1 Set (java.util.Set)1 Principal (org.apereo.cas.authentication.principal.Principal)1 PrincipalFactory (org.apereo.cas.authentication.principal.PrincipalFactory)1 Service (org.apereo.cas.authentication.principal.Service)1 OidcConstants (org.apereo.cas.oidc.OidcConstants)1 RegisteredService (org.apereo.cas.services.RegisteredService)1