Search in sources :

Example 1 with ReturnMappedAttributeReleasePolicy

use of org.apereo.cas.services.ReturnMappedAttributeReleasePolicy in project cas by apereo.

the class DefaultAttributeReleasePolicyMapper method toAttributeReleasePolicy.

@Override
public RegisteredServiceAttributeReleasePolicy toAttributeReleasePolicy(final RegisteredServiceEditBean.ServiceData data) {
    final RegisteredServiceAttributeReleasePolicyEditBean attrRelease = data.getAttrRelease();
    final RegisteredServiceAttributeReleasePolicyStrategyEditBean policyBean = attrRelease.getAttrPolicy();
    final String policyType = policyBean.getType();
    final AbstractRegisteredServiceAttributeReleasePolicy policy;
    if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.SCRIPT.toString())) {
        policy = new ScriptedRegisteredServiceAttributeReleasePolicy(policyBean.getScriptFile());
    } else if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.GROOVY.toString())) {
        policy = new GroovyScriptAttributeReleasePolicy(policyBean.getScriptFile());
    } else if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.ALL.toString())) {
        policy = new ReturnAllAttributeReleasePolicy();
    } else if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.ALLOWED.toString())) {
        policy = new ReturnAllowedAttributeReleasePolicy((List) policyBean.getAttributes());
    } else if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.MAPPED.toString())) {
        policy = new ReturnMappedAttributeReleasePolicy((Map) policyBean.getAttributes());
    } else if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.DENY.toString())) {
        policy = new DenyAllAttributeReleasePolicy();
    } else {
        policy = new ReturnAllowedAttributeReleasePolicy();
    }
    policy.setAuthorizedToReleaseCredentialPassword(attrRelease.isReleasePassword());
    policy.setAuthorizedToReleaseProxyGrantingTicket(attrRelease.isReleaseTicket());
    policy.setExcludeDefaultAttributes(attrRelease.isExcludeDefault());
    final RegisteredServiceAttributeFilter filter = this.attributeFilterMapper.toAttributeFilter(data);
    if (filter != null) {
        policy.setAttributeFilter(filter);
    }
    final PrincipalAttributesRepository principalRepository = this.principalAttributesRepositoryMapper.toPrincipalRepository(data);
    if (principalRepository != null) {
        policy.setPrincipalAttributesRepository(principalRepository);
    }
    return policy;
}
Also used : RegisteredServiceAttributeReleasePolicyStrategyEditBean(org.apereo.cas.mgmt.services.web.beans.RegisteredServiceAttributeReleasePolicyStrategyEditBean) ReturnAllAttributeReleasePolicy(org.apereo.cas.services.ReturnAllAttributeReleasePolicy) PrincipalAttributesRepository(org.apereo.cas.authentication.principal.PrincipalAttributesRepository) AbstractRegisteredServiceAttributeReleasePolicy(org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy) GroovyScriptAttributeReleasePolicy(org.apereo.cas.services.GroovyScriptAttributeReleasePolicy) DenyAllAttributeReleasePolicy(org.apereo.cas.services.DenyAllAttributeReleasePolicy) ScriptedRegisteredServiceAttributeReleasePolicy(org.apereo.cas.services.ScriptedRegisteredServiceAttributeReleasePolicy) ReturnAllowedAttributeReleasePolicy(org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy) RegisteredServiceAttributeFilter(org.apereo.cas.services.RegisteredServiceAttributeFilter) ReturnMappedAttributeReleasePolicy(org.apereo.cas.services.ReturnMappedAttributeReleasePolicy) RegisteredServiceAttributeReleasePolicyEditBean(org.apereo.cas.mgmt.services.web.beans.RegisteredServiceAttributeReleasePolicyEditBean) Map(java.util.Map)

Example 2 with ReturnMappedAttributeReleasePolicy

use of org.apereo.cas.services.ReturnMappedAttributeReleasePolicy in project cas by apereo.

the class DefaultAttributeReleasePolicyMapper method mapAttributeReleasePolicy.

@Override
public void mapAttributeReleasePolicy(final RegisteredServiceAttributeReleasePolicy policy, final RegisteredServiceViewBean bean) {
    if (policy instanceof AbstractRegisteredServiceAttributeReleasePolicy) {
        final AbstractRegisteredServiceAttributeReleasePolicy attrPolicy = (AbstractRegisteredServiceAttributeReleasePolicy) policy;
        final RegisteredServiceAttributeReleasePolicyViewBean attrPolicyBean = bean.getAttrRelease();
        attrPolicyBean.setReleasePassword(attrPolicy.isAuthorizedToReleaseCredentialPassword());
        attrPolicyBean.setReleaseTicket(attrPolicy.isAuthorizedToReleaseProxyGrantingTicket());
        attrPolicyBean.setExcludeDefault(attrPolicy.isExcludeDefaultAttributes());
        if (attrPolicy instanceof ScriptedRegisteredServiceAttributeReleasePolicy) {
            attrPolicyBean.setAttrPolicy(AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.SCRIPT.toString());
        } else if (attrPolicy instanceof GroovyScriptAttributeReleasePolicy) {
            attrPolicyBean.setAttrPolicy(AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.GROOVY.toString());
        } else if (attrPolicy instanceof ReturnAllAttributeReleasePolicy) {
            attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.ALL.toString());
        } else if (attrPolicy instanceof ReturnAllowedAttributeReleasePolicy) {
            final ReturnAllowedAttributeReleasePolicy attrPolicyAllowed = (ReturnAllowedAttributeReleasePolicy) attrPolicy;
            if (attrPolicyAllowed.getAllowedAttributes().isEmpty()) {
                attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.NONE.toString());
            } else {
                attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.ALLOWED.toString());
            }
        } else if (attrPolicy instanceof ReturnMappedAttributeReleasePolicy) {
            final ReturnMappedAttributeReleasePolicy attrPolicyAllowed = (ReturnMappedAttributeReleasePolicy) attrPolicy;
            if (attrPolicyAllowed.getAllowedAttributes().isEmpty()) {
                attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.NONE.toString());
            } else {
                attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.MAPPED.toString());
            }
        } else if (attrPolicy instanceof DenyAllAttributeReleasePolicy) {
            attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.DENY.toString());
        }
    }
}
Also used : DenyAllAttributeReleasePolicy(org.apereo.cas.services.DenyAllAttributeReleasePolicy) ReturnAllAttributeReleasePolicy(org.apereo.cas.services.ReturnAllAttributeReleasePolicy) ScriptedRegisteredServiceAttributeReleasePolicy(org.apereo.cas.services.ScriptedRegisteredServiceAttributeReleasePolicy) AbstractRegisteredServiceAttributeReleasePolicy(org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy) RegisteredServiceAttributeReleasePolicyViewBean(org.apereo.cas.mgmt.services.web.beans.RegisteredServiceAttributeReleasePolicyViewBean) ReturnAllowedAttributeReleasePolicy(org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy) GroovyScriptAttributeReleasePolicy(org.apereo.cas.services.GroovyScriptAttributeReleasePolicy) ReturnMappedAttributeReleasePolicy(org.apereo.cas.services.ReturnMappedAttributeReleasePolicy)

Example 3 with ReturnMappedAttributeReleasePolicy

use of org.apereo.cas.services.ReturnMappedAttributeReleasePolicy in project cas by apereo.

the class GenerateServiceTicketActionTests method verifyServiceTicketWithAccessStrategyMultivalued.

@Test
public void verifyServiceTicketWithAccessStrategyMultivalued() throws Exception {
    val context = new MockRequestContext();
    val serviceId = UUID.randomUUID().toString();
    val registeredService = RegisteredServiceTestUtils.getRegisteredService(serviceId, Map.of("eduPersonAffiliation", Set.of(".*developer.*")));
    registeredService.setAttributeReleasePolicy(new ReturnMappedAttributeReleasePolicy(Map.of("eduPersonAffiliation", "groovy { return 'engineers' }")));
    getServicesManager().save(registeredService);
    context.getFlowScope().put(CasWebflowConstants.ATTRIBUTE_SERVICE, RegisteredServiceTestUtils.getService(serviceId));
    val request = new MockHttpServletRequest();
    context.setExternalContext(new ServletExternalContext(new MockServletContext(), request, new MockHttpServletResponse()));
    request.addParameter(CasProtocolConstants.PARAMETER_SERVICE, serviceId);
    WebUtils.putTicketGrantingTicketInScopes(context, this.ticketGrantingTicket);
    this.action.execute(context);
    assertNotNull(WebUtils.getServiceTicketFromRequestScope(context));
}
Also used : lombok.val(lombok.val) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) ServletExternalContext(org.springframework.webflow.context.servlet.ServletExternalContext) ReturnMappedAttributeReleasePolicy(org.apereo.cas.services.ReturnMappedAttributeReleasePolicy) MockRequestContext(org.springframework.webflow.test.MockRequestContext) MockServletContext(org.springframework.mock.web.MockServletContext) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 4 with ReturnMappedAttributeReleasePolicy

use of org.apereo.cas.services.ReturnMappedAttributeReleasePolicy in project cas by apereo.

the class GenerateServiceTicketActionTests method verifyServiceTicketWithAccessStrategyMapped.

@Test
public void verifyServiceTicketWithAccessStrategyMapped() throws Exception {
    val context = new MockRequestContext();
    val serviceId = UUID.randomUUID().toString();
    val registeredService = RegisteredServiceTestUtils.getRegisteredService(serviceId, Map.of("Role", Set.of(".*developer.*")));
    registeredService.setAttributeReleasePolicy(new ReturnMappedAttributeReleasePolicy(Map.of("Role", "groovy { return attributes['eduPersonAffiliation'].get(0) }")));
    getServicesManager().save(registeredService);
    context.getFlowScope().put(CasWebflowConstants.ATTRIBUTE_SERVICE, RegisteredServiceTestUtils.getService(serviceId));
    val request = new MockHttpServletRequest();
    context.setExternalContext(new ServletExternalContext(new MockServletContext(), request, new MockHttpServletResponse()));
    request.addParameter(CasProtocolConstants.PARAMETER_SERVICE, serviceId);
    WebUtils.putTicketGrantingTicketInScopes(context, this.ticketGrantingTicket);
    this.action.execute(context);
    assertNotNull(WebUtils.getServiceTicketFromRequestScope(context));
}
Also used : lombok.val(lombok.val) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) ServletExternalContext(org.springframework.webflow.context.servlet.ServletExternalContext) ReturnMappedAttributeReleasePolicy(org.apereo.cas.services.ReturnMappedAttributeReleasePolicy) MockRequestContext(org.springframework.webflow.test.MockRequestContext) MockServletContext(org.springframework.mock.web.MockServletContext) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.jupiter.api.Test)

Example 5 with ReturnMappedAttributeReleasePolicy

use of org.apereo.cas.services.ReturnMappedAttributeReleasePolicy in project cas by apereo.

the class SamlSPUtils method newSamlServiceProviderService.

/**
 * New saml service provider registration.
 * Precedence of services is lowest so generated service can be overridden by non-generated version.
 * @param sp       the properties
 * @param resolver the resolver
 * @return the saml registered service
 */
@SneakyThrows
public static SamlRegisteredService newSamlServiceProviderService(final AbstractSamlSPProperties sp, final SamlRegisteredServiceCachingMetadataResolver resolver) {
    if (StringUtils.isBlank(sp.getMetadata())) {
        LOGGER.debug("Skipped registration of [{}] since no metadata location is defined", sp.getName());
        return null;
    }
    val service = new SamlRegisteredService();
    service.setName(sp.getName());
    service.setDescription(sp.getDescription());
    service.setEvaluationOrder(Ordered.LOWEST_PRECEDENCE);
    service.setMetadataLocation(sp.getMetadata());
    val attributesToRelease = new ArrayList<>(sp.getAttributes());
    if (StringUtils.isNotBlank(sp.getNameIdAttribute())) {
        attributesToRelease.add(sp.getNameIdAttribute());
        service.setUsernameAttributeProvider(new PrincipalAttributeRegisteredServiceUsernameProvider(sp.getNameIdAttribute()));
    }
    if (StringUtils.isNotBlank(sp.getNameIdFormat())) {
        service.setRequiredNameIdFormat(sp.getNameIdFormat());
    }
    val attributes = CoreAuthenticationUtils.transformPrincipalAttributesListIntoMultiMap(attributesToRelease);
    val policy = new ChainingAttributeReleasePolicy();
    policy.addPolicy(new ReturnMappedAttributeReleasePolicy(CollectionUtils.wrap(attributes)));
    service.setAttributeReleasePolicy(policy);
    service.setMetadataCriteriaRoles(SPSSODescriptor.DEFAULT_ELEMENT_NAME.getLocalPart());
    service.setMetadataCriteriaRemoveEmptyEntitiesDescriptors(true);
    service.setMetadataCriteriaRemoveRolelessEntityDescriptors(true);
    if (StringUtils.isNotBlank(sp.getSignatureLocation())) {
        service.setMetadataSignatureLocation(sp.getSignatureLocation());
    }
    val entityIDList = determineEntityIdList(sp, resolver, service);
    if (entityIDList.isEmpty()) {
        LOGGER.warn("Skipped registration of [{}] since no metadata entity ids could be found", sp.getName());
        return null;
    }
    val entityIds = org.springframework.util.StringUtils.collectionToDelimitedString(entityIDList, "|");
    service.setMetadataCriteriaDirection(PredicateFilter.Direction.INCLUDE.name());
    service.setMetadataCriteriaPattern(entityIds);
    LOGGER.debug("Registering saml service [{}] by entity id [{}]", sp.getName(), entityIds);
    service.setServiceId(entityIds);
    service.setSignAssertions(sp.getSignAssertions());
    service.setSignResponses(sp.isSignResponses());
    return service;
}
Also used : lombok.val(lombok.val) PrincipalAttributeRegisteredServiceUsernameProvider(org.apereo.cas.services.PrincipalAttributeRegisteredServiceUsernameProvider) SamlRegisteredService(org.apereo.cas.support.saml.services.SamlRegisteredService) ArrayList(java.util.ArrayList) ChainingAttributeReleasePolicy(org.apereo.cas.services.ChainingAttributeReleasePolicy) ReturnMappedAttributeReleasePolicy(org.apereo.cas.services.ReturnMappedAttributeReleasePolicy) SneakyThrows(lombok.SneakyThrows)

Aggregations

ReturnMappedAttributeReleasePolicy (org.apereo.cas.services.ReturnMappedAttributeReleasePolicy)6 lombok.val (lombok.val)3 AbstractRegisteredServiceAttributeReleasePolicy (org.apereo.cas.services.AbstractRegisteredServiceAttributeReleasePolicy)3 DenyAllAttributeReleasePolicy (org.apereo.cas.services.DenyAllAttributeReleasePolicy)3 GroovyScriptAttributeReleasePolicy (org.apereo.cas.services.GroovyScriptAttributeReleasePolicy)3 ReturnAllAttributeReleasePolicy (org.apereo.cas.services.ReturnAllAttributeReleasePolicy)3 ReturnAllowedAttributeReleasePolicy (org.apereo.cas.services.ReturnAllowedAttributeReleasePolicy)3 ScriptedRegisteredServiceAttributeReleasePolicy (org.apereo.cas.services.ScriptedRegisteredServiceAttributeReleasePolicy)3 RegisteredServiceAttributeReleasePolicyEditBean (org.apereo.cas.mgmt.services.web.beans.RegisteredServiceAttributeReleasePolicyEditBean)2 RegisteredServiceAttributeReleasePolicyStrategyEditBean (org.apereo.cas.mgmt.services.web.beans.RegisteredServiceAttributeReleasePolicyStrategyEditBean)2 Test (org.junit.jupiter.api.Test)2 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)2 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)2 MockServletContext (org.springframework.mock.web.MockServletContext)2 ServletExternalContext (org.springframework.webflow.context.servlet.ServletExternalContext)2 MockRequestContext (org.springframework.webflow.test.MockRequestContext)2 ArrayList (java.util.ArrayList)1 Map (java.util.Map)1 SneakyThrows (lombok.SneakyThrows)1 PrincipalAttributesRepository (org.apereo.cas.authentication.principal.PrincipalAttributesRepository)1