Search in sources :

Example 1 with DenyAllAttributeReleasePolicy

use of org.apereo.cas.services.DenyAllAttributeReleasePolicy in project cas by apereo.

the class DefaultAttributeReleasePolicyMapper method toAttributeReleasePolicy.

@Override
public RegisteredServiceAttributeReleasePolicy toAttributeReleasePolicy(final RegisteredServiceEditBean.ServiceData data) {
    final RegisteredServiceAttributeReleasePolicyEditBean attrRelease = data.getAttrRelease();
    final RegisteredServiceAttributeReleasePolicyStrategyEditBean policyBean = attrRelease.getAttrPolicy();
    final String policyType = policyBean.getType();
    final AbstractRegisteredServiceAttributeReleasePolicy policy;
    if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.SCRIPT.toString())) {
        policy = new ScriptedRegisteredServiceAttributeReleasePolicy(policyBean.getScriptFile());
    } else if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.GROOVY.toString())) {
        policy = new GroovyScriptAttributeReleasePolicy(policyBean.getScriptFile());
    } else if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.ALL.toString())) {
        policy = new ReturnAllAttributeReleasePolicy();
    } else if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.ALLOWED.toString())) {
        policy = new ReturnAllowedAttributeReleasePolicy((List) policyBean.getAttributes());
    } else if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.MAPPED.toString())) {
        policy = new ReturnMappedAttributeReleasePolicy((Map) policyBean.getAttributes());
    } else if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.DENY.toString())) {
        policy = new DenyAllAttributeReleasePolicy();
    } else {
        policy = new ReturnAllowedAttributeReleasePolicy();
    }
    policy.setAuthorizedToReleaseCredentialPassword(attrRelease.isReleasePassword());
    policy.setAuthorizedToReleaseProxyGrantingTicket(attrRelease.isReleaseTicket());
    policy.setExcludeDefaultAttributes(attrRelease.isExcludeDefault());
    final RegisteredServiceAttributeFilter filter = this.attributeFilterMapper.toAttributeFilter(data);
    if (filter != null) {
        policy.setAttributeFilter(filter);
    }
    final PrincipalAttributesRepository principalRepository = this.principalAttributesRepositoryMapper.toPrincipalRepository(data);
    if (principalRepository != null) {
        policy.setPrincipalAttributesRepository(principalRepository);
    }
    return policy;
}
Also used : RegisteredServiceAttributeReleasePolicyStrategyEditBean(org.apereo.cas.mgmt.services.web.beans.RegisteredServiceAttributeReleasePolicyStrategyEditBean) ReturnAllAttributeReleasePolicy(org.apereo.cas.services.ReturnAllAttributeReleasePolicy) PrincipalAttributesRepository(org.apereo.cas.authentication.principal.PrincipalAttributesRepository) AbstractRegisteredServiceAttributeReleasePolicy(org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy) GroovyScriptAttributeReleasePolicy(org.apereo.cas.services.GroovyScriptAttributeReleasePolicy) DenyAllAttributeReleasePolicy(org.apereo.cas.services.DenyAllAttributeReleasePolicy) ScriptedRegisteredServiceAttributeReleasePolicy(org.apereo.cas.services.ScriptedRegisteredServiceAttributeReleasePolicy) ReturnAllowedAttributeReleasePolicy(org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy) RegisteredServiceAttributeFilter(org.apereo.cas.services.RegisteredServiceAttributeFilter) ReturnMappedAttributeReleasePolicy(org.apereo.cas.services.ReturnMappedAttributeReleasePolicy) RegisteredServiceAttributeReleasePolicyEditBean(org.apereo.cas.mgmt.services.web.beans.RegisteredServiceAttributeReleasePolicyEditBean) Map(java.util.Map)

Example 2 with DenyAllAttributeReleasePolicy

use of org.apereo.cas.services.DenyAllAttributeReleasePolicy in project cas by apereo.

the class DefaultAttributeReleasePolicyMapper method mapAttributeReleasePolicy.

@Override
public void mapAttributeReleasePolicy(final RegisteredServiceAttributeReleasePolicy policy, final RegisteredServiceViewBean bean) {
    if (policy instanceof AbstractRegisteredServiceAttributeReleasePolicy) {
        final AbstractRegisteredServiceAttributeReleasePolicy attrPolicy = (AbstractRegisteredServiceAttributeReleasePolicy) policy;
        final RegisteredServiceAttributeReleasePolicyViewBean attrPolicyBean = bean.getAttrRelease();
        attrPolicyBean.setReleasePassword(attrPolicy.isAuthorizedToReleaseCredentialPassword());
        attrPolicyBean.setReleaseTicket(attrPolicy.isAuthorizedToReleaseProxyGrantingTicket());
        attrPolicyBean.setExcludeDefault(attrPolicy.isExcludeDefaultAttributes());
        if (attrPolicy instanceof ScriptedRegisteredServiceAttributeReleasePolicy) {
            attrPolicyBean.setAttrPolicy(AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.SCRIPT.toString());
        } else if (attrPolicy instanceof GroovyScriptAttributeReleasePolicy) {
            attrPolicyBean.setAttrPolicy(AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.GROOVY.toString());
        } else if (attrPolicy instanceof ReturnAllAttributeReleasePolicy) {
            attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.ALL.toString());
        } else if (attrPolicy instanceof ReturnAllowedAttributeReleasePolicy) {
            final ReturnAllowedAttributeReleasePolicy attrPolicyAllowed = (ReturnAllowedAttributeReleasePolicy) attrPolicy;
            if (attrPolicyAllowed.getAllowedAttributes().isEmpty()) {
                attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.NONE.toString());
            } else {
                attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.ALLOWED.toString());
            }
        } else if (attrPolicy instanceof ReturnMappedAttributeReleasePolicy) {
            final ReturnMappedAttributeReleasePolicy attrPolicyAllowed = (ReturnMappedAttributeReleasePolicy) attrPolicy;
            if (attrPolicyAllowed.getAllowedAttributes().isEmpty()) {
                attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.NONE.toString());
            } else {
                attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.MAPPED.toString());
            }
        } else if (attrPolicy instanceof DenyAllAttributeReleasePolicy) {
            attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.DENY.toString());
        }
    }
}
Also used : DenyAllAttributeReleasePolicy(org.apereo.cas.services.DenyAllAttributeReleasePolicy) ReturnAllAttributeReleasePolicy(org.apereo.cas.services.ReturnAllAttributeReleasePolicy) ScriptedRegisteredServiceAttributeReleasePolicy(org.apereo.cas.services.ScriptedRegisteredServiceAttributeReleasePolicy) AbstractRegisteredServiceAttributeReleasePolicy(org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy) RegisteredServiceAttributeReleasePolicyViewBean(org.apereo.cas.mgmt.services.web.beans.RegisteredServiceAttributeReleasePolicyViewBean) ReturnAllowedAttributeReleasePolicy(org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy) GroovyScriptAttributeReleasePolicy(org.apereo.cas.services.GroovyScriptAttributeReleasePolicy) ReturnMappedAttributeReleasePolicy(org.apereo.cas.services.ReturnMappedAttributeReleasePolicy)

Example 3 with DenyAllAttributeReleasePolicy

use of org.apereo.cas.services.DenyAllAttributeReleasePolicy in project cas by apereo.

the class OidcProfileScopeToAttributesFilter method reconcile.

@Override
public void reconcile(final RegisteredService service) {
    if (!(service instanceof OidcRegisteredService)) {
        super.reconcile(service);
        return;
    }
    final List<String> otherScopes = new ArrayList<>();
    final ChainingAttributeReleasePolicy policy = new ChainingAttributeReleasePolicy();
    final OidcRegisteredService oidc = OidcRegisteredService.class.cast(service);
    oidc.getScopes().forEach(s -> {
        switch(s.trim().toLowerCase()) {
            case OidcConstants.EMAIL:
                policy.getPolicies().add(new OidcEmailScopeAttributeReleasePolicy());
                break;
            case OidcConstants.ADDRESS:
                policy.getPolicies().add(new OidcAddressScopeAttributeReleasePolicy());
                break;
            case OidcConstants.PROFILE:
                policy.getPolicies().add(new OidcProfileScopeAttributeReleasePolicy());
                break;
            case OidcConstants.PHONE:
                policy.getPolicies().add(new OidcPhoneScopeAttributeReleasePolicy());
                break;
            case OidcConstants.OFFLINE_ACCESS:
                oidc.setGenerateRefreshToken(true);
                break;
            case OidcCustomScopeAttributeReleasePolicy.SCOPE_CUSTOM:
                otherScopes.add(s.trim());
                break;
            default:
                final BaseOidcScopeAttributeReleasePolicy userPolicy = userScopes.stream().filter(t -> t.getScopeName().equals(s.trim())).findFirst().orElse(null);
                if (userPolicy != null) {
                    policy.getPolicies().add(userPolicy);
                }
        }
    });
    otherScopes.remove(OidcConstants.OPENID);
    if (!otherScopes.isEmpty()) {
        policy.getPolicies().add(new OidcCustomScopeAttributeReleasePolicy(otherScopes));
    }
    if (policy.getPolicies().isEmpty()) {
        oidc.setAttributeReleasePolicy(new DenyAllAttributeReleasePolicy());
    } else {
        oidc.setAttributeReleasePolicy(policy);
    }
    this.servicesManager.save(oidc);
}
Also used : DenyAllAttributeReleasePolicy(org.apereo.cas.services.DenyAllAttributeReleasePolicy) OidcProfileScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcProfileScopeAttributeReleasePolicy) OidcCustomScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcCustomScopeAttributeReleasePolicy) BaseOidcScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy) OidcRegisteredService(org.apereo.cas.services.OidcRegisteredService) ArrayList(java.util.ArrayList) ChainingAttributeReleasePolicy(org.apereo.cas.services.ChainingAttributeReleasePolicy) OidcPhoneScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcPhoneScopeAttributeReleasePolicy) OidcAddressScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcAddressScopeAttributeReleasePolicy) OidcEmailScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcEmailScopeAttributeReleasePolicy)

Example 4 with DenyAllAttributeReleasePolicy

use of org.apereo.cas.services.DenyAllAttributeReleasePolicy in project cas by apereo.

the class SamlRegisteredServiceTests method verifySavingInCommonSamlService.

@Test
public void verifySavingInCommonSamlService() throws Exception {
    final SamlRegisteredService service = new SamlRegisteredService();
    service.setName(SAML_SERVICE);
    service.setServiceId("http://mmoayyed.unicon.net");
    service.setMetadataLocation(METADATA_LOCATION);
    final InCommonRSAttributeReleasePolicy policy = new InCommonRSAttributeReleasePolicy();
    final ChainingAttributeReleasePolicy chain = new ChainingAttributeReleasePolicy();
    chain.setPolicies(Arrays.asList(policy, new DenyAllAttributeReleasePolicy()));
    service.setAttributeReleasePolicy(chain);
    final JsonServiceRegistryDao dao = new JsonServiceRegistryDao(RESOURCE, false, mock(ApplicationEventPublisher.class));
    dao.save(service);
    dao.load();
}
Also used : InCommonRSAttributeReleasePolicy(org.apereo.cas.support.saml.services.InCommonRSAttributeReleasePolicy) DenyAllAttributeReleasePolicy(org.apereo.cas.services.DenyAllAttributeReleasePolicy) JsonServiceRegistryDao(org.apereo.cas.services.JsonServiceRegistryDao) SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService) ApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher) ChainingAttributeReleasePolicy(org.apereo.cas.services.ChainingAttributeReleasePolicy) Test(org.junit.Test)

Example 5 with DenyAllAttributeReleasePolicy

use of org.apereo.cas.services.DenyAllAttributeReleasePolicy in project cas by apereo.

the class DefaultAttributeReleasePolicyMapper method mapAttributeReleasePolicy.

@Override
public void mapAttributeReleasePolicy(final RegisteredServiceAttributeReleasePolicy policy, final RegisteredServiceEditBean.ServiceData bean) {
    if (policy instanceof AbstractRegisteredServiceAttributeReleasePolicy) {
        final AbstractRegisteredServiceAttributeReleasePolicy attrPolicy = (AbstractRegisteredServiceAttributeReleasePolicy) policy;
        final RegisteredServiceAttributeReleasePolicyEditBean attrPolicyBean = bean.getAttrRelease();
        attrPolicyBean.setReleasePassword(attrPolicy.isAuthorizedToReleaseCredentialPassword());
        attrPolicyBean.setReleaseTicket(attrPolicy.isAuthorizedToReleaseProxyGrantingTicket());
        attrPolicyBean.setExcludeDefault(attrPolicy.isExcludeDefaultAttributes());
        this.attributeFilterMapper.mapAttributeFilter(attrPolicy.getAttributeFilter(), bean);
        this.principalAttributesRepositoryMapper.mapPrincipalRepository(attrPolicy.getPrincipalAttributesRepository(), bean);
        final RegisteredServiceAttributeReleasePolicyStrategyEditBean sBean = attrPolicyBean.getAttrPolicy();
        if (attrPolicy instanceof ScriptedRegisteredServiceAttributeReleasePolicy) {
            final ScriptedRegisteredServiceAttributeReleasePolicy policyS = (ScriptedRegisteredServiceAttributeReleasePolicy) attrPolicy;
            sBean.setType(AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.SCRIPT.toString());
            sBean.setScriptFile(policyS.getScriptFile());
        } else if (attrPolicy instanceof GroovyScriptAttributeReleasePolicy) {
            final GroovyScriptAttributeReleasePolicy policyG = (GroovyScriptAttributeReleasePolicy) attrPolicy;
            sBean.setScriptFile(policyG.getGroovyScript());
            sBean.setType(AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.GROOVY.toString());
        } else if (attrPolicy instanceof ReturnAllAttributeReleasePolicy) {
            sBean.setType(AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.ALL.toString());
        } else if (attrPolicy instanceof ReturnAllowedAttributeReleasePolicy) {
            final ReturnAllowedAttributeReleasePolicy attrPolicyAllowed = (ReturnAllowedAttributeReleasePolicy) attrPolicy;
            sBean.setType(AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.ALLOWED.toString());
            sBean.setAttributes(attrPolicyAllowed.getAllowedAttributes());
        } else if (attrPolicy instanceof ReturnMappedAttributeReleasePolicy) {
            final ReturnMappedAttributeReleasePolicy attrPolicyAllowed = (ReturnMappedAttributeReleasePolicy) attrPolicy;
            sBean.setType(AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.MAPPED.toString());
            sBean.setAttributes(attrPolicyAllowed.getAllowedAttributes());
        } else if (attrPolicy instanceof DenyAllAttributeReleasePolicy) {
            sBean.setType(AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.DENY.toString());
        }
    }
}
Also used : RegisteredServiceAttributeReleasePolicyStrategyEditBean(org.apereo.cas.mgmt.services.web.beans.RegisteredServiceAttributeReleasePolicyStrategyEditBean) DenyAllAttributeReleasePolicy(org.apereo.cas.services.DenyAllAttributeReleasePolicy) ReturnAllAttributeReleasePolicy(org.apereo.cas.services.ReturnAllAttributeReleasePolicy) ScriptedRegisteredServiceAttributeReleasePolicy(org.apereo.cas.services.ScriptedRegisteredServiceAttributeReleasePolicy) AbstractRegisteredServiceAttributeReleasePolicy(org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy) ReturnAllowedAttributeReleasePolicy(org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy) GroovyScriptAttributeReleasePolicy(org.apereo.cas.services.GroovyScriptAttributeReleasePolicy) ReturnMappedAttributeReleasePolicy(org.apereo.cas.services.ReturnMappedAttributeReleasePolicy) RegisteredServiceAttributeReleasePolicyEditBean(org.apereo.cas.mgmt.services.web.beans.RegisteredServiceAttributeReleasePolicyEditBean)

Aggregations

DenyAllAttributeReleasePolicy (org.apereo.cas.services.DenyAllAttributeReleasePolicy)6 AbstractRegisteredServiceAttributeReleasePolicy (org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy)3 GroovyScriptAttributeReleasePolicy (org.apereo.cas.services.GroovyScriptAttributeReleasePolicy)3 ReturnAllAttributeReleasePolicy (org.apereo.cas.services.ReturnAllAttributeReleasePolicy)3 ReturnAllowedAttributeReleasePolicy (org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy)3 ReturnMappedAttributeReleasePolicy (org.apereo.cas.services.ReturnMappedAttributeReleasePolicy)3 ScriptedRegisteredServiceAttributeReleasePolicy (org.apereo.cas.services.ScriptedRegisteredServiceAttributeReleasePolicy)3 RegisteredServiceAttributeReleasePolicyEditBean (org.apereo.cas.mgmt.services.web.beans.RegisteredServiceAttributeReleasePolicyEditBean)2 RegisteredServiceAttributeReleasePolicyStrategyEditBean (org.apereo.cas.mgmt.services.web.beans.RegisteredServiceAttributeReleasePolicyStrategyEditBean)2 ChainingAttributeReleasePolicy (org.apereo.cas.services.ChainingAttributeReleasePolicy)2 SecureRandom (java.security.SecureRandom)1 ArrayList (java.util.ArrayList)1 Map (java.util.Map)1 PostConstruct (javax.annotation.PostConstruct)1 PrincipalAttributesRepository (org.apereo.cas.authentication.principal.PrincipalAttributesRepository)1 Service (org.apereo.cas.authentication.principal.Service)1 RegisteredServiceAttributeReleasePolicyViewBean (org.apereo.cas.mgmt.services.web.beans.RegisteredServiceAttributeReleasePolicyViewBean)1 BaseOidcScopeAttributeReleasePolicy (org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy)1 OidcAddressScopeAttributeReleasePolicy (org.apereo.cas.oidc.claims.OidcAddressScopeAttributeReleasePolicy)1 OidcCustomScopeAttributeReleasePolicy (org.apereo.cas.oidc.claims.OidcCustomScopeAttributeReleasePolicy)1