use of org.apereo.cas.services.ReturnAllAttributeReleasePolicy in project cas by apereo.
the class CentralAuthenticationServiceImplWithMockitoTests method createMockRegisteredService.
private static RegisteredService createMockRegisteredService(final String svcId, final boolean enabled, final RegisteredServiceProxyPolicy proxy) {
final RegisteredService mockRegSvc = mock(RegisteredService.class);
when(mockRegSvc.getServiceId()).thenReturn(svcId);
when(mockRegSvc.getProxyPolicy()).thenReturn(proxy);
when(mockRegSvc.getName()).thenReturn(svcId);
when(mockRegSvc.matches(argThat(new VerifyServiceByIdMatcher(svcId)))).thenReturn(true);
when(mockRegSvc.getAttributeReleasePolicy()).thenReturn(new ReturnAllAttributeReleasePolicy());
when(mockRegSvc.getUsernameAttributeProvider()).thenReturn(new DefaultRegisteredServiceUsernameProvider());
when(mockRegSvc.getAccessStrategy()).thenReturn(new DefaultRegisteredServiceAccessStrategy(enabled, true));
return mockRegSvc;
}
use of org.apereo.cas.services.ReturnAllAttributeReleasePolicy in project cas by apereo.
the class DefaultAttributeReleasePolicyMapper method toAttributeReleasePolicy.
@Override
public RegisteredServiceAttributeReleasePolicy toAttributeReleasePolicy(final RegisteredServiceEditBean.ServiceData data) {
final RegisteredServiceAttributeReleasePolicyEditBean attrRelease = data.getAttrRelease();
final RegisteredServiceAttributeReleasePolicyStrategyEditBean policyBean = attrRelease.getAttrPolicy();
final String policyType = policyBean.getType();
final AbstractRegisteredServiceAttributeReleasePolicy policy;
if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.SCRIPT.toString())) {
policy = new ScriptedRegisteredServiceAttributeReleasePolicy(policyBean.getScriptFile());
} else if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.GROOVY.toString())) {
policy = new GroovyScriptAttributeReleasePolicy(policyBean.getScriptFile());
} else if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.ALL.toString())) {
policy = new ReturnAllAttributeReleasePolicy();
} else if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.ALLOWED.toString())) {
policy = new ReturnAllowedAttributeReleasePolicy((List) policyBean.getAttributes());
} else if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.MAPPED.toString())) {
policy = new ReturnMappedAttributeReleasePolicy((Map) policyBean.getAttributes());
} else if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.DENY.toString())) {
policy = new DenyAllAttributeReleasePolicy();
} else {
policy = new ReturnAllowedAttributeReleasePolicy();
}
policy.setAuthorizedToReleaseCredentialPassword(attrRelease.isReleasePassword());
policy.setAuthorizedToReleaseProxyGrantingTicket(attrRelease.isReleaseTicket());
policy.setExcludeDefaultAttributes(attrRelease.isExcludeDefault());
final RegisteredServiceAttributeFilter filter = this.attributeFilterMapper.toAttributeFilter(data);
if (filter != null) {
policy.setAttributeFilter(filter);
}
final PrincipalAttributesRepository principalRepository = this.principalAttributesRepositoryMapper.toPrincipalRepository(data);
if (principalRepository != null) {
policy.setPrincipalAttributesRepository(principalRepository);
}
return policy;
}
use of org.apereo.cas.services.ReturnAllAttributeReleasePolicy in project cas by apereo.
the class DefaultAttributeReleasePolicyMapper method mapAttributeReleasePolicy.
@Override
public void mapAttributeReleasePolicy(final RegisteredServiceAttributeReleasePolicy policy, final RegisteredServiceViewBean bean) {
if (policy instanceof AbstractRegisteredServiceAttributeReleasePolicy) {
final AbstractRegisteredServiceAttributeReleasePolicy attrPolicy = (AbstractRegisteredServiceAttributeReleasePolicy) policy;
final RegisteredServiceAttributeReleasePolicyViewBean attrPolicyBean = bean.getAttrRelease();
attrPolicyBean.setReleasePassword(attrPolicy.isAuthorizedToReleaseCredentialPassword());
attrPolicyBean.setReleaseTicket(attrPolicy.isAuthorizedToReleaseProxyGrantingTicket());
attrPolicyBean.setExcludeDefault(attrPolicy.isExcludeDefaultAttributes());
if (attrPolicy instanceof ScriptedRegisteredServiceAttributeReleasePolicy) {
attrPolicyBean.setAttrPolicy(AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.SCRIPT.toString());
} else if (attrPolicy instanceof GroovyScriptAttributeReleasePolicy) {
attrPolicyBean.setAttrPolicy(AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.GROOVY.toString());
} else if (attrPolicy instanceof ReturnAllAttributeReleasePolicy) {
attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.ALL.toString());
} else if (attrPolicy instanceof ReturnAllowedAttributeReleasePolicy) {
final ReturnAllowedAttributeReleasePolicy attrPolicyAllowed = (ReturnAllowedAttributeReleasePolicy) attrPolicy;
if (attrPolicyAllowed.getAllowedAttributes().isEmpty()) {
attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.NONE.toString());
} else {
attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.ALLOWED.toString());
}
} else if (attrPolicy instanceof ReturnMappedAttributeReleasePolicy) {
final ReturnMappedAttributeReleasePolicy attrPolicyAllowed = (ReturnMappedAttributeReleasePolicy) attrPolicy;
if (attrPolicyAllowed.getAllowedAttributes().isEmpty()) {
attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.NONE.toString());
} else {
attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.MAPPED.toString());
}
} else if (attrPolicy instanceof DenyAllAttributeReleasePolicy) {
attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.DENY.toString());
}
}
}
use of org.apereo.cas.services.ReturnAllAttributeReleasePolicy in project cas by apereo.
the class CasRegisteredServicesTestConfiguration method inMemoryRegisteredServices.
@Bean
public List inMemoryRegisteredServices() {
final List l = new ArrayList();
AbstractRegisteredService svc = RegisteredServiceTestUtils.getRegisteredService("testencryption$");
final ReturnAllowedAttributeReleasePolicy policy = new ReturnAllowedAttributeReleasePolicy();
policy.setAuthorizedToReleaseCredentialPassword(true);
policy.setAuthorizedToReleaseProxyGrantingTicket(true);
final RegisteredServicePublicKeyImpl publicKey = new RegisteredServicePublicKeyImpl();
publicKey.setLocation("classpath:keys/RSA1024Public.key");
svc.setPublicKey(publicKey);
svc.setAttributeReleasePolicy(policy);
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("testDefault");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("https://example\\.com/normal/.*");
svc.setEvaluationOrder(10);
svc.setAttributeReleasePolicy(new ReturnAllAttributeReleasePolicy());
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("https://example\\.com/high/.*");
svc.setEvaluationOrder(20);
svc.setAttributeReleasePolicy(new ReturnAllAttributeReleasePolicy());
final HashSet handlers = CollectionUtils.wrapHashSet(AcceptUsersAuthenticationHandler.class.getSimpleName(), TestOneTimePasswordAuthenticationHandler.class.getSimpleName());
svc.setRequiredHandlers(handlers);
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("(https://)*google.com$");
svc.setEvaluationOrder(1);
svc.setProxyPolicy(new RegexMatchingRegisteredServiceProxyPolicy(".+"));
svc.setPublicKey(new RegisteredServicePublicKeyImpl("classpath:keys/RSA4096Public.key", "RSA"));
final ReturnAllowedAttributeReleasePolicy policy1 = new ReturnAllowedAttributeReleasePolicy();
policy1.setAuthorizedToReleaseCredentialPassword(true);
policy1.setAuthorizedToReleaseProxyGrantingTicket(true);
svc.setAttributeReleasePolicy(policy1);
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("eduPersonTest");
svc.setUsernameAttributeProvider(new PrincipalAttributeRegisteredServiceUsernameProvider("eduPersonAffiliation"));
svc.setAttributeReleasePolicy(new ReturnAllAttributeReleasePolicy());
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("testencryption$");
final ReturnAllowedAttributeReleasePolicy policy2 = new ReturnAllowedAttributeReleasePolicy();
policy2.setAuthorizedToReleaseCredentialPassword(true);
policy2.setAuthorizedToReleaseProxyGrantingTicket(true);
svc.setAttributeReleasePolicy(policy2);
svc.setPublicKey(new RegisteredServicePublicKeyImpl("classpath:keys/RSA1024Public.key", "RSA"));
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("^TestServiceAttributeForAuthzFails");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(CollectionUtils.wrap("cn", CollectionUtils.wrapSet("cnValue"), "givenName", CollectionUtils.wrapSet("gnameValue"))));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("^TestSsoFalse");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(true, false));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("TestServiceAttributeForAuthzPasses");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(CollectionUtils.wrap("groupMembership", CollectionUtils.wrapSet("adopters"))));
svc.setAttributeReleasePolicy(new ReturnAllAttributeReleasePolicy());
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("eduPersonTestInvalid");
svc.setUsernameAttributeProvider(new PrincipalAttributeRegisteredServiceUsernameProvider("nonExistentAttributeName"));
svc.setAttributeReleasePolicy(new ReturnAllowedAttributeReleasePolicy(CollectionUtils.wrap("groupMembership")));
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("testAnonymous");
svc.setUsernameAttributeProvider(new AnonymousRegisteredServiceUsernameAttributeProvider());
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("^http://www.jasig.org.+");
svc.setProxyPolicy(new RegexMatchingRegisteredServiceProxyPolicy(".+"));
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("usernameAttributeProviderService");
svc.setUsernameAttributeProvider(new PrincipalAttributeRegisteredServiceUsernameProvider("cn"));
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("proxyService");
svc.setProxyPolicy(new RegexMatchingRegisteredServiceProxyPolicy("^https://.+"));
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("^test.*");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
svc.setEvaluationOrder(1000);
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("https://localhost.*");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
svc.setEvaluationOrder(100);
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("https://carmenwiki.osu.edu.*");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
svc.setEvaluationOrder(99);
l.add(svc);
svc = RegisteredServiceTestUtils.getRegisteredService("jwtservice");
svc.setAccessStrategy(new DefaultRegisteredServiceAccessStrategy(new HashMap<>()));
svc.setUsernameAttributeProvider(new DefaultRegisteredServiceUsernameProvider());
final DefaultRegisteredServiceProperty prop = new DefaultRegisteredServiceProperty();
prop.setValues(CollectionUtils.wrapSet(Boolean.TRUE.toString()));
svc.getProperties().put(RegisteredServiceProperty.RegisteredServiceProperties.TOKEN_AS_SERVICE_TICKET.getPropertyName(), prop);
svc.setEvaluationOrder(2000);
l.add(svc);
return l;
}
use of org.apereo.cas.services.ReturnAllAttributeReleasePolicy in project cas by apereo.
the class BaseLdapServiceRegistryTests method verifySamlService.
@Test
public void verifySamlService() {
final SamlRegisteredService r = new SamlRegisteredService();
r.setName("verifySamlService");
r.setServiceId("Testing");
r.setDescription("description");
r.setAttributeReleasePolicy(new ReturnAllAttributeReleasePolicy());
final Map fmt = new HashMap();
fmt.put("key", "value");
r.setAttributeNameFormats(fmt);
r.setMetadataCriteriaDirection("INCLUDE");
r.setMetadataCriteriaRemoveEmptyEntitiesDescriptors(true);
r.setMetadataSignatureLocation("location");
r.setRequiredAuthenticationContextClass("Testing");
final SamlRegisteredService r2 = (SamlRegisteredService) this.dao.save(r);
assertEquals(r, r2);
}
Aggregations