Example 46 with RegisteredService
use of org.apereo.cas.services.RegisteredService in project cas by apereo.
the class CasKryoTranscoderTests method verifyEncodeDecodeRegisteredService.
@Test
public void verifyEncodeDecodeRegisteredService() {
final RegisteredService service = RegisteredServiceTestUtils.getRegisteredService("helloworld");
final CachedData result = transcoder.encode(service);
assertEquals(service, transcoder.decode(result));
assertEquals(service, transcoder.decode(result));
}
Also used :
CachedData(net.spy.memcached.CachedData)
RegisteredService(org.apereo.cas.services.RegisteredService)
Test(org.junit.Test)
Example 47 with RegisteredService
use of org.apereo.cas.services.RegisteredService in project cas by apereo.
the class CasRegisteredServiceHazelcastStreamPublisher method getCacheObject.
private DistributedCacheObject<RegisteredService> getCacheObject(final RegisteredService service, final ApplicationEvent event) {
final long time = new Date().getTime();
final DistributedCacheObject<RegisteredService> item = new DistributedCacheObject<>(time, service);
item.getProperties().put("event", event);
return item;
}
Also used :
RegisteredService(org.apereo.cas.services.RegisteredService)
DistributedCacheObject(org.apereo.cas.DistributedCacheObject)
Date(java.util.Date)
Example 48 with RegisteredService
use of org.apereo.cas.services.RegisteredService in project cas by apereo.
the class SurrogateAuthorizationAction method doExecute.
@Override
protected Event doExecute(final RequestContext requestContext) {
final Authentication ca = AuthenticationCredentialsThreadLocalBinder.getCurrentAuthentication();
try {
final Service service = WebUtils.getService(requestContext);
final Authentication authentication = WebUtils.getAuthentication(requestContext);
final RegisteredService svc = WebUtils.getRegisteredService(requestContext);
if (svc != null) {
AuthenticationCredentialsThreadLocalBinder.bindCurrent(authentication);
final AuditableContext audit = AuditableContext.builder().service(service).authentication(authentication).registeredService(svc).retrievePrincipalAttributesFromReleasePolicy(Boolean.TRUE).build();
final AuditableExecutionResult accessResult = this.registeredServiceAccessStrategyEnforcer.execute(audit);
accessResult.throwExceptionIfNeeded();
return success();
}
return null;
} finally {
AuthenticationCredentialsThreadLocalBinder.bindCurrent(ca);
}
}
Also used :
AuditableContext(org.apereo.cas.audit.AuditableContext)
RegisteredService(org.apereo.cas.services.RegisteredService)
Authentication(org.apereo.cas.authentication.Authentication)
RegisteredService(org.apereo.cas.services.RegisteredService)
Service(org.apereo.cas.authentication.principal.Service)
AuditableExecutionResult(org.apereo.cas.audit.AuditableExecutionResult)
Example 49 with RegisteredService
use of org.apereo.cas.services.RegisteredService in project cas by apereo.
the class BaseOidcScopeAttributeReleasePolicy method getAttributesInternal.
@Override
public Map<String, Object> getAttributesInternal(final Principal principal, final Map<String, Object> attributes, final RegisteredService service) {
final ApplicationContext applicationContext = ApplicationContextProvider.getApplicationContext();
if (applicationContext == null) {
LOGGER.warn("Could not locate the application context to process attributes");
return new HashMap<>();
}
final Map<String, Object> resolvedAttributes = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
resolvedAttributes.putAll(attributes);
final Map<String, Object> attributesToRelease = new HashMap<>(resolvedAttributes.size());
LOGGER.debug("Attempting to map and filter claims based on resolved attributes [{}]", resolvedAttributes);
final CasConfigurationProperties properties = applicationContext.getBean(CasConfigurationProperties.class);
final List<String> supportedClaims = properties.getAuthn().getOidc().getClaims();
final Set<String> allowedClaims = new HashSet<>(getAllowedAttributes());
allowedClaims.retainAll(supportedClaims);
LOGGER.debug("[{}] is designed to allow claims [{}] for scope [{}]. After cross-checking with " + "supported claims [{}], the final collection of allowed attributes is [{}]", getClass().getSimpleName(), getAllowedAttributes(), getScopeName(), supportedClaims, allowedClaims);
allowedClaims.stream().map(claim -> mapClaimToAttribute(claim, resolvedAttributes)).filter(p -> p.getValue() != null).forEach(p -> attributesToRelease.put(p.getKey(), p.getValue()));
return attributesToRelease;
}
Also used :
CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties)
Setter(lombok.Setter)
Getter(lombok.Getter)
OidcAttributeToScopeClaimMapper(org.apereo.cas.oidc.claims.mapping.OidcAttributeToScopeClaimMapper)
Set(java.util.Set)
HashMap(java.util.HashMap)
EqualsAndHashCode(lombok.EqualsAndHashCode)
ApplicationContext(org.springframework.context.ApplicationContext)
RegisteredService(org.apereo.cas.services.RegisteredService)
AbstractRegisteredServiceAttributeReleasePolicy(org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy)
HashSet(java.util.HashSet)
Slf4j(lombok.extern.slf4j.Slf4j)
List(java.util.List)
Pair(org.apache.commons.lang3.tuple.Pair)
TreeMap(java.util.TreeMap)
Map(java.util.Map)
JsonIgnore(com.fasterxml.jackson.annotation.JsonIgnore)
ToString(lombok.ToString)
Principal(org.apereo.cas.authentication.principal.Principal)
ApplicationContextProvider(org.apereo.cas.util.spring.ApplicationContextProvider)
ApplicationContext(org.springframework.context.ApplicationContext)
HashMap(java.util.HashMap)
CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties)
ToString(lombok.ToString)
TreeMap(java.util.TreeMap)
HashSet(java.util.HashSet)
Example 50 with RegisteredService
use of org.apereo.cas.services.RegisteredService in project cas by apereo.
the class OidcProfileScopeToAttributesFilter method reconcile.
@Override
public void reconcile(final RegisteredService service) {
if (!(service instanceof OidcRegisteredService)) {
super.reconcile(service);
return;
}
LOGGER.debug("Reconciling OpenId Connect scopes and claims for [{}]", service.getServiceId());
final List<String> otherScopes = new ArrayList<>();
final ChainingAttributeReleasePolicy policy = new ChainingAttributeReleasePolicy();
final OidcRegisteredService oidc = OidcRegisteredService.class.cast(service);
oidc.getScopes().forEach(s -> {
LOGGER.debug("Reviewing scope [{}] for [{}]", s, service.getServiceId());
try {
final OidcConstants.StandardScopes scope = OidcConstants.StandardScopes.valueOf(s.trim().toLowerCase().toUpperCase());
switch(scope) {
case EMAIL:
LOGGER.debug("Mapped [{}] to attribute release policy [{}]", s, OidcEmailScopeAttributeReleasePolicy.class.getSimpleName());
policy.getPolicies().add(new OidcEmailScopeAttributeReleasePolicy());
break;
case ADDRESS:
LOGGER.debug("Mapped [{}] to attribute release policy [{}]", s, OidcAddressScopeAttributeReleasePolicy.class.getSimpleName());
policy.getPolicies().add(new OidcAddressScopeAttributeReleasePolicy());
break;
case PROFILE:
LOGGER.debug("Mapped [{}] to attribute release policy [{}]", s, OidcProfileScopeAttributeReleasePolicy.class.getSimpleName());
policy.getPolicies().add(new OidcProfileScopeAttributeReleasePolicy());
break;
case PHONE:
LOGGER.debug("Mapped [{}] to attribute release policy [{}]", s, OidcProfileScopeAttributeReleasePolicy.class.getSimpleName());
policy.getPolicies().add(new OidcPhoneScopeAttributeReleasePolicy());
break;
case OFFLINE_ACCESS:
LOGGER.debug("Given scope [{}], service [{}] is marked to generate refresh tokens", s, service.getId());
oidc.setGenerateRefreshToken(Boolean.TRUE);
break;
case CUSTOM:
LOGGER.debug("Found custom scope [{}] for service [{}]", s, service.getId());
otherScopes.add(s.trim());
break;
default:
LOGGER.debug("Scope [{}] is unsupported for service [{}]", s, service.getId());
break;
}
} catch (final Exception e) {
LOGGER.debug("[{}] appears to be a user-defined scope and does not match any of the predefined standard scopes. " + "Checking [{}] against user-defined scopes provided as [{}]", s, s, userScopes);
final BaseOidcScopeAttributeReleasePolicy userPolicy = userScopes.stream().filter(t -> t.getScopeName().equals(s.trim())).findFirst().orElse(null);
if (userPolicy != null) {
LOGGER.debug("Mapped user-defined scope [{}] to attribute release policy [{}]", s, userPolicy);
policy.getPolicies().add(userPolicy);
}
}
});
otherScopes.remove(OidcConstants.StandardScopes.OPENID.getScope());
if (!otherScopes.isEmpty()) {
LOGGER.debug("Mapped scopes [{}] to attribute release policy [{}]", otherScopes, OidcCustomScopeAttributeReleasePolicy.class.getSimpleName());
policy.getPolicies().add(new OidcCustomScopeAttributeReleasePolicy(otherScopes));
}
if (policy.getPolicies().isEmpty()) {
LOGGER.debug("No attribute release policy could be determined based on given scopes. " + "No claims/attributes will be released to [{}]", service.getServiceId());
oidc.setAttributeReleasePolicy(new DenyAllAttributeReleasePolicy());
} else {
oidc.setAttributeReleasePolicy(policy);
}
LOGGER.debug("Scope/claim reconciliation for service [{}] resulted in the following attribute release policy [{}]", service.getServiceId(), oidc.getAttributeReleasePolicy());
if (!oidc.equals(service)) {
LOGGER.debug("Saving scope/claim reconciliation results for service [{}] into registry", service.getServiceId());
this.servicesManager.save(oidc);
LOGGER.debug("Saved service [{}] into registry", service.getServiceId());
} else {
LOGGER.debug("No changes detected in service [{}] after scope/claim reconciliation", service.getId());
}
}
Also used :
CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties)
OidcProfileScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcProfileScopeAttributeReleasePolicy)
OidcAttributeToScopeClaimMapper(org.apereo.cas.oidc.claims.mapping.OidcAttributeToScopeClaimMapper)
OidcCustomScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcCustomScopeAttributeReleasePolicy)
HashMap(java.util.HashMap)
Reflections(org.reflections.Reflections)
OidcEmailScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcEmailScopeAttributeReleasePolicy)
ArrayList(java.util.ArrayList)
BaseOidcScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy)
HashSet(java.util.HashSet)
PrincipalFactory(org.apereo.cas.authentication.principal.PrincipalFactory)
DefaultOAuth20ProfileScopeToAttributesFilter(org.apereo.cas.support.oauth.profile.DefaultOAuth20ProfileScopeToAttributesFilter)
FilterBuilder(org.reflections.util.FilterBuilder)
OidcProperties(org.apereo.cas.configuration.model.support.oidc.OidcProperties)
Map(java.util.Map)
OidcAddressScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcAddressScopeAttributeReleasePolicy)
AccessToken(org.apereo.cas.ticket.accesstoken.AccessToken)
ConfigurationBuilder(org.reflections.util.ConfigurationBuilder)
ChainingAttributeReleasePolicy(org.apereo.cas.services.ChainingAttributeReleasePolicy)
ServicesManager(org.apereo.cas.services.ServicesManager)
Unchecked(org.jooq.lambda.Unchecked)
OidcConstants(org.apereo.cas.oidc.OidcConstants)
Collection(java.util.Collection)
OidcPhoneScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcPhoneScopeAttributeReleasePolicy)
Set(java.util.Set)
DenyAllAttributeReleasePolicy(org.apereo.cas.services.DenyAllAttributeReleasePolicy)
RegisteredService(org.apereo.cas.services.RegisteredService)
ClasspathHelper(org.reflections.util.ClasspathHelper)
SubTypesScanner(org.reflections.scanners.SubTypesScanner)
Slf4j(lombok.extern.slf4j.Slf4j)
List(java.util.List)
OidcRegisteredService(org.apereo.cas.services.OidcRegisteredService)
Service(org.apereo.cas.authentication.principal.Service)
J2EContext(org.pac4j.core.context.J2EContext)
Principal(org.apereo.cas.authentication.principal.Principal)
BaseOidcScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.BaseOidcScopeAttributeReleasePolicy)
OidcRegisteredService(org.apereo.cas.services.OidcRegisteredService)
ArrayList(java.util.ArrayList)
ChainingAttributeReleasePolicy(org.apereo.cas.services.ChainingAttributeReleasePolicy)
DenyAllAttributeReleasePolicy(org.apereo.cas.services.DenyAllAttributeReleasePolicy)
OidcProfileScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcProfileScopeAttributeReleasePolicy)
OidcCustomScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcCustomScopeAttributeReleasePolicy)
OidcConstants(org.apereo.cas.oidc.OidcConstants)
OidcPhoneScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcPhoneScopeAttributeReleasePolicy)
OidcAddressScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcAddressScopeAttributeReleasePolicy)
OidcEmailScopeAttributeReleasePolicy(org.apereo.cas.oidc.claims.OidcEmailScopeAttributeReleasePolicy)
Aggregations
RegisteredService (org.apereo.cas.services.RegisteredService)182
Authentication (org.apereo.cas.authentication.Authentication)59
Service (org.apereo.cas.authentication.principal.Service)55
Test (org.junit.Test)49
Principal (org.apereo.cas.authentication.principal.Principal)36
OAuthRegisteredService (org.apereo.cas.support.oauth.services.OAuthRegisteredService)31
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)29
RegexRegisteredService (org.apereo.cas.services.RegexRegisteredService)23
AbstractRegisteredService (org.apereo.cas.services.AbstractRegisteredService)21
MultifactorAuthenticationProvider (org.apereo.cas.services.MultifactorAuthenticationProvider)20
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)20
Event (org.springframework.webflow.execution.Event)20
ServicesManager (org.apereo.cas.services.ServicesManager)17
CentralAuthenticationService (org.apereo.cas.CentralAuthenticationService)15
AuthenticationException (org.apereo.cas.authentication.AuthenticationException)15
Map (java.util.Map)14
HttpServletRequest (javax.servlet.http.HttpServletRequest)14
Slf4j (lombok.extern.slf4j.Slf4j)14
Collection (java.util.Collection)13
HashMap (java.util.HashMap)12
