use of org.apereo.cas.services.DenyAllAttributeReleasePolicy in project cas by apereo.
the class DefaultAttributeReleasePolicyMapper method toAttributeReleasePolicy.
@Override
public RegisteredServiceAttributeReleasePolicy toAttributeReleasePolicy(final RegisteredServiceEditBean.ServiceData data) {
final RegisteredServiceAttributeReleasePolicyEditBean attrRelease = data.getAttrRelease();
final RegisteredServiceAttributeReleasePolicyStrategyEditBean policyBean = attrRelease.getAttrPolicy();
final String policyType = policyBean.getType();
final AbstractRegisteredServiceAttributeReleasePolicy policy;
if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.SCRIPT.toString())) {
policy = new ScriptedRegisteredServiceAttributeReleasePolicy(policyBean.getScriptFile());
} else if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.GROOVY.toString())) {
policy = new GroovyScriptAttributeReleasePolicy(policyBean.getScriptFile());
} else if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.ALL.toString())) {
policy = new ReturnAllAttributeReleasePolicy();
} else if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.ALLOWED.toString())) {
policy = new ReturnAllowedAttributeReleasePolicy((List) policyBean.getAttributes());
} else if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.MAPPED.toString())) {
policy = new ReturnMappedAttributeReleasePolicy((Map) policyBean.getAttributes());
} else if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.DENY.toString())) {
policy = new DenyAllAttributeReleasePolicy();
} else {
policy = new ReturnAllowedAttributeReleasePolicy();
}
policy.setAuthorizedToReleaseCredentialPassword(attrRelease.isReleasePassword());
policy.setAuthorizedToReleaseProxyGrantingTicket(attrRelease.isReleaseTicket());
policy.setExcludeDefaultAttributes(attrRelease.isExcludeDefault());
final RegisteredServiceAttributeFilter filter = this.attributeFilterMapper.toAttributeFilter(data);
if (filter != null) {
policy.setAttributeFilter(filter);
}
final PrincipalAttributesRepository principalRepository = this.principalAttributesRepositoryMapper.toPrincipalRepository(data);
if (principalRepository != null) {
policy.setPrincipalAttributesRepository(principalRepository);
}
return policy;
}
use of org.apereo.cas.services.DenyAllAttributeReleasePolicy in project cas by apereo.
the class DefaultAttributeReleasePolicyMapper method mapAttributeReleasePolicy.
@Override
public void mapAttributeReleasePolicy(final RegisteredServiceAttributeReleasePolicy policy, final RegisteredServiceViewBean bean) {
if (policy instanceof AbstractRegisteredServiceAttributeReleasePolicy) {
final AbstractRegisteredServiceAttributeReleasePolicy attrPolicy = (AbstractRegisteredServiceAttributeReleasePolicy) policy;
final RegisteredServiceAttributeReleasePolicyViewBean attrPolicyBean = bean.getAttrRelease();
attrPolicyBean.setReleasePassword(attrPolicy.isAuthorizedToReleaseCredentialPassword());
attrPolicyBean.setReleaseTicket(attrPolicy.isAuthorizedToReleaseProxyGrantingTicket());
attrPolicyBean.setExcludeDefault(attrPolicy.isExcludeDefaultAttributes());
if (attrPolicy instanceof ScriptedRegisteredServiceAttributeReleasePolicy) {
attrPolicyBean.setAttrPolicy(AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.SCRIPT.toString());
} else if (attrPolicy instanceof GroovyScriptAttributeReleasePolicy) {
attrPolicyBean.setAttrPolicy(AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.GROOVY.toString());
} else if (attrPolicy instanceof ReturnAllAttributeReleasePolicy) {
attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.ALL.toString());
} else if (attrPolicy instanceof ReturnAllowedAttributeReleasePolicy) {
final ReturnAllowedAttributeReleasePolicy attrPolicyAllowed = (ReturnAllowedAttributeReleasePolicy) attrPolicy;
if (attrPolicyAllowed.getAllowedAttributes().isEmpty()) {
attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.NONE.toString());
} else {
attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.ALLOWED.toString());
}
} else if (attrPolicy instanceof ReturnMappedAttributeReleasePolicy) {
final ReturnMappedAttributeReleasePolicy attrPolicyAllowed = (ReturnMappedAttributeReleasePolicy) attrPolicy;
if (attrPolicyAllowed.getAllowedAttributes().isEmpty()) {
attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.NONE.toString());
} else {
attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.MAPPED.toString());
}
} else if (attrPolicy instanceof DenyAllAttributeReleasePolicy) {
attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.DENY.toString());
}
}
}
use of org.apereo.cas.services.DenyAllAttributeReleasePolicy in project cas by apereo.
the class OidcProfileScopeToAttributesFilter method reconcile.
@Override
public void reconcile(final RegisteredService service) {
if (!(service instanceof OidcRegisteredService)) {
super.reconcile(service);
return;
}
final List<String> otherScopes = new ArrayList<>();
final ChainingAttributeReleasePolicy policy = new ChainingAttributeReleasePolicy();
final OidcRegisteredService oidc = OidcRegisteredService.class.cast(service);
oidc.getScopes().forEach(s -> {
switch(s.trim().toLowerCase()) {
case OidcConstants.EMAIL:
policy.getPolicies().add(new OidcEmailScopeAttributeReleasePolicy());
break;
case OidcConstants.ADDRESS:
policy.getPolicies().add(new OidcAddressScopeAttributeReleasePolicy());
break;
case OidcConstants.PROFILE:
policy.getPolicies().add(new OidcProfileScopeAttributeReleasePolicy());
break;
case OidcConstants.PHONE:
policy.getPolicies().add(new OidcPhoneScopeAttributeReleasePolicy());
break;
case OidcConstants.OFFLINE_ACCESS:
oidc.setGenerateRefreshToken(true);
break;
case OidcCustomScopeAttributeReleasePolicy.SCOPE_CUSTOM:
otherScopes.add(s.trim());
break;
default:
final BaseOidcScopeAttributeReleasePolicy userPolicy = userScopes.stream().filter(t -> t.getScopeName().equals(s.trim())).findFirst().orElse(null);
if (userPolicy != null) {
policy.getPolicies().add(userPolicy);
}
}
});
otherScopes.remove(OidcConstants.OPENID);
if (!otherScopes.isEmpty()) {
policy.getPolicies().add(new OidcCustomScopeAttributeReleasePolicy(otherScopes));
}
if (policy.getPolicies().isEmpty()) {
oidc.setAttributeReleasePolicy(new DenyAllAttributeReleasePolicy());
} else {
oidc.setAttributeReleasePolicy(policy);
}
this.servicesManager.save(oidc);
}
use of org.apereo.cas.services.DenyAllAttributeReleasePolicy in project cas by apereo.
the class SamlRegisteredServiceTests method verifySavingInCommonSamlService.
@Test
public void verifySavingInCommonSamlService() throws Exception {
final SamlRegisteredService service = new SamlRegisteredService();
service.setName(SAML_SERVICE);
service.setServiceId("http://mmoayyed.unicon.net");
service.setMetadataLocation(METADATA_LOCATION);
final InCommonRSAttributeReleasePolicy policy = new InCommonRSAttributeReleasePolicy();
final ChainingAttributeReleasePolicy chain = new ChainingAttributeReleasePolicy();
chain.setPolicies(Arrays.asList(policy, new DenyAllAttributeReleasePolicy()));
service.setAttributeReleasePolicy(chain);
final JsonServiceRegistryDao dao = new JsonServiceRegistryDao(RESOURCE, false, mock(ApplicationEventPublisher.class));
dao.save(service);
dao.load();
}
use of org.apereo.cas.services.DenyAllAttributeReleasePolicy in project cas by apereo.
the class DefaultAttributeReleasePolicyMapper method mapAttributeReleasePolicy.
@Override
public void mapAttributeReleasePolicy(final RegisteredServiceAttributeReleasePolicy policy, final RegisteredServiceEditBean.ServiceData bean) {
if (policy instanceof AbstractRegisteredServiceAttributeReleasePolicy) {
final AbstractRegisteredServiceAttributeReleasePolicy attrPolicy = (AbstractRegisteredServiceAttributeReleasePolicy) policy;
final RegisteredServiceAttributeReleasePolicyEditBean attrPolicyBean = bean.getAttrRelease();
attrPolicyBean.setReleasePassword(attrPolicy.isAuthorizedToReleaseCredentialPassword());
attrPolicyBean.setReleaseTicket(attrPolicy.isAuthorizedToReleaseProxyGrantingTicket());
attrPolicyBean.setExcludeDefault(attrPolicy.isExcludeDefaultAttributes());
this.attributeFilterMapper.mapAttributeFilter(attrPolicy.getAttributeFilter(), bean);
this.principalAttributesRepositoryMapper.mapPrincipalRepository(attrPolicy.getPrincipalAttributesRepository(), bean);
final RegisteredServiceAttributeReleasePolicyStrategyEditBean sBean = attrPolicyBean.getAttrPolicy();
if (attrPolicy instanceof ScriptedRegisteredServiceAttributeReleasePolicy) {
final ScriptedRegisteredServiceAttributeReleasePolicy policyS = (ScriptedRegisteredServiceAttributeReleasePolicy) attrPolicy;
sBean.setType(AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.SCRIPT.toString());
sBean.setScriptFile(policyS.getScriptFile());
} else if (attrPolicy instanceof GroovyScriptAttributeReleasePolicy) {
final GroovyScriptAttributeReleasePolicy policyG = (GroovyScriptAttributeReleasePolicy) attrPolicy;
sBean.setScriptFile(policyG.getGroovyScript());
sBean.setType(AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.GROOVY.toString());
} else if (attrPolicy instanceof ReturnAllAttributeReleasePolicy) {
sBean.setType(AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.ALL.toString());
} else if (attrPolicy instanceof ReturnAllowedAttributeReleasePolicy) {
final ReturnAllowedAttributeReleasePolicy attrPolicyAllowed = (ReturnAllowedAttributeReleasePolicy) attrPolicy;
sBean.setType(AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.ALLOWED.toString());
sBean.setAttributes(attrPolicyAllowed.getAllowedAttributes());
} else if (attrPolicy instanceof ReturnMappedAttributeReleasePolicy) {
final ReturnMappedAttributeReleasePolicy attrPolicyAllowed = (ReturnMappedAttributeReleasePolicy) attrPolicy;
sBean.setType(AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.MAPPED.toString());
sBean.setAttributes(attrPolicyAllowed.getAllowedAttributes());
} else if (attrPolicy instanceof DenyAllAttributeReleasePolicy) {
sBean.setType(AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.DENY.toString());
}
}
}
Aggregations