use of org.apereo.cas.services.ReturnMappedAttributeReleasePolicy in project cas by apereo.
the class DefaultAttributeReleasePolicyMapper method toAttributeReleasePolicy.
@Override
public RegisteredServiceAttributeReleasePolicy toAttributeReleasePolicy(final RegisteredServiceEditBean.ServiceData data) {
final RegisteredServiceAttributeReleasePolicyEditBean attrRelease = data.getAttrRelease();
final RegisteredServiceAttributeReleasePolicyStrategyEditBean policyBean = attrRelease.getAttrPolicy();
final String policyType = policyBean.getType();
final AbstractRegisteredServiceAttributeReleasePolicy policy;
if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.SCRIPT.toString())) {
policy = new ScriptedRegisteredServiceAttributeReleasePolicy(policyBean.getScriptFile());
} else if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.GROOVY.toString())) {
policy = new GroovyScriptAttributeReleasePolicy(policyBean.getScriptFile());
} else if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.ALL.toString())) {
policy = new ReturnAllAttributeReleasePolicy();
} else if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.ALLOWED.toString())) {
policy = new ReturnAllowedAttributeReleasePolicy((List) policyBean.getAttributes());
} else if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.MAPPED.toString())) {
policy = new ReturnMappedAttributeReleasePolicy((Map) policyBean.getAttributes());
} else if (StringUtils.equalsIgnoreCase(policyType, AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.DENY.toString())) {
policy = new DenyAllAttributeReleasePolicy();
} else {
policy = new ReturnAllowedAttributeReleasePolicy();
}
policy.setAuthorizedToReleaseCredentialPassword(attrRelease.isReleasePassword());
policy.setAuthorizedToReleaseProxyGrantingTicket(attrRelease.isReleaseTicket());
policy.setExcludeDefaultAttributes(attrRelease.isExcludeDefault());
final RegisteredServiceAttributeFilter filter = this.attributeFilterMapper.toAttributeFilter(data);
if (filter != null) {
policy.setAttributeFilter(filter);
}
final PrincipalAttributesRepository principalRepository = this.principalAttributesRepositoryMapper.toPrincipalRepository(data);
if (principalRepository != null) {
policy.setPrincipalAttributesRepository(principalRepository);
}
return policy;
}
use of org.apereo.cas.services.ReturnMappedAttributeReleasePolicy in project cas by apereo.
the class DefaultAttributeReleasePolicyMapper method mapAttributeReleasePolicy.
@Override
public void mapAttributeReleasePolicy(final RegisteredServiceAttributeReleasePolicy policy, final RegisteredServiceViewBean bean) {
if (policy instanceof AbstractRegisteredServiceAttributeReleasePolicy) {
final AbstractRegisteredServiceAttributeReleasePolicy attrPolicy = (AbstractRegisteredServiceAttributeReleasePolicy) policy;
final RegisteredServiceAttributeReleasePolicyViewBean attrPolicyBean = bean.getAttrRelease();
attrPolicyBean.setReleasePassword(attrPolicy.isAuthorizedToReleaseCredentialPassword());
attrPolicyBean.setReleaseTicket(attrPolicy.isAuthorizedToReleaseProxyGrantingTicket());
attrPolicyBean.setExcludeDefault(attrPolicy.isExcludeDefaultAttributes());
if (attrPolicy instanceof ScriptedRegisteredServiceAttributeReleasePolicy) {
attrPolicyBean.setAttrPolicy(AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.SCRIPT.toString());
} else if (attrPolicy instanceof GroovyScriptAttributeReleasePolicy) {
attrPolicyBean.setAttrPolicy(AbstractRegisteredServiceAttributeReleasePolicyStrategyBean.Types.GROOVY.toString());
} else if (attrPolicy instanceof ReturnAllAttributeReleasePolicy) {
attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.ALL.toString());
} else if (attrPolicy instanceof ReturnAllowedAttributeReleasePolicy) {
final ReturnAllowedAttributeReleasePolicy attrPolicyAllowed = (ReturnAllowedAttributeReleasePolicy) attrPolicy;
if (attrPolicyAllowed.getAllowedAttributes().isEmpty()) {
attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.NONE.toString());
} else {
attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.ALLOWED.toString());
}
} else if (attrPolicy instanceof ReturnMappedAttributeReleasePolicy) {
final ReturnMappedAttributeReleasePolicy attrPolicyAllowed = (ReturnMappedAttributeReleasePolicy) attrPolicy;
if (attrPolicyAllowed.getAllowedAttributes().isEmpty()) {
attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.NONE.toString());
} else {
attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.MAPPED.toString());
}
} else if (attrPolicy instanceof DenyAllAttributeReleasePolicy) {
attrPolicyBean.setAttrPolicy(RegisteredServiceAttributeReleasePolicyStrategyViewBean.Types.DENY.toString());
}
}
}
use of org.apereo.cas.services.ReturnMappedAttributeReleasePolicy in project cas by apereo.
the class GenerateServiceTicketActionTests method verifyServiceTicketWithAccessStrategyMultivalued.
@Test
public void verifyServiceTicketWithAccessStrategyMultivalued() throws Exception {
val context = new MockRequestContext();
val serviceId = UUID.randomUUID().toString();
val registeredService = RegisteredServiceTestUtils.getRegisteredService(serviceId, Map.of("eduPersonAffiliation", Set.of(".*developer.*")));
registeredService.setAttributeReleasePolicy(new ReturnMappedAttributeReleasePolicy(Map.of("eduPersonAffiliation", "groovy { return 'engineers' }")));
getServicesManager().save(registeredService);
context.getFlowScope().put(CasWebflowConstants.ATTRIBUTE_SERVICE, RegisteredServiceTestUtils.getService(serviceId));
val request = new MockHttpServletRequest();
context.setExternalContext(new ServletExternalContext(new MockServletContext(), request, new MockHttpServletResponse()));
request.addParameter(CasProtocolConstants.PARAMETER_SERVICE, serviceId);
WebUtils.putTicketGrantingTicketInScopes(context, this.ticketGrantingTicket);
this.action.execute(context);
assertNotNull(WebUtils.getServiceTicketFromRequestScope(context));
}
use of org.apereo.cas.services.ReturnMappedAttributeReleasePolicy in project cas by apereo.
the class GenerateServiceTicketActionTests method verifyServiceTicketWithAccessStrategyMapped.
@Test
public void verifyServiceTicketWithAccessStrategyMapped() throws Exception {
val context = new MockRequestContext();
val serviceId = UUID.randomUUID().toString();
val registeredService = RegisteredServiceTestUtils.getRegisteredService(serviceId, Map.of("Role", Set.of(".*developer.*")));
registeredService.setAttributeReleasePolicy(new ReturnMappedAttributeReleasePolicy(Map.of("Role", "groovy { return attributes['eduPersonAffiliation'].get(0) }")));
getServicesManager().save(registeredService);
context.getFlowScope().put(CasWebflowConstants.ATTRIBUTE_SERVICE, RegisteredServiceTestUtils.getService(serviceId));
val request = new MockHttpServletRequest();
context.setExternalContext(new ServletExternalContext(new MockServletContext(), request, new MockHttpServletResponse()));
request.addParameter(CasProtocolConstants.PARAMETER_SERVICE, serviceId);
WebUtils.putTicketGrantingTicketInScopes(context, this.ticketGrantingTicket);
this.action.execute(context);
assertNotNull(WebUtils.getServiceTicketFromRequestScope(context));
}
use of org.apereo.cas.services.ReturnMappedAttributeReleasePolicy in project cas by apereo.
the class SamlSPUtils method newSamlServiceProviderService.
/**
* New saml service provider registration.
* Precedence of services is lowest so generated service can be overridden by non-generated version.
* @param sp the properties
* @param resolver the resolver
* @return the saml registered service
*/
@SneakyThrows
public static SamlRegisteredService newSamlServiceProviderService(final AbstractSamlSPProperties sp, final SamlRegisteredServiceCachingMetadataResolver resolver) {
if (StringUtils.isBlank(sp.getMetadata())) {
LOGGER.debug("Skipped registration of [{}] since no metadata location is defined", sp.getName());
return null;
}
val service = new SamlRegisteredService();
service.setName(sp.getName());
service.setDescription(sp.getDescription());
service.setEvaluationOrder(Ordered.LOWEST_PRECEDENCE);
service.setMetadataLocation(sp.getMetadata());
val attributesToRelease = new ArrayList<>(sp.getAttributes());
if (StringUtils.isNotBlank(sp.getNameIdAttribute())) {
attributesToRelease.add(sp.getNameIdAttribute());
service.setUsernameAttributeProvider(new PrincipalAttributeRegisteredServiceUsernameProvider(sp.getNameIdAttribute()));
}
if (StringUtils.isNotBlank(sp.getNameIdFormat())) {
service.setRequiredNameIdFormat(sp.getNameIdFormat());
}
val attributes = CoreAuthenticationUtils.transformPrincipalAttributesListIntoMultiMap(attributesToRelease);
val policy = new ChainingAttributeReleasePolicy();
policy.addPolicy(new ReturnMappedAttributeReleasePolicy(CollectionUtils.wrap(attributes)));
service.setAttributeReleasePolicy(policy);
service.setMetadataCriteriaRoles(SPSSODescriptor.DEFAULT_ELEMENT_NAME.getLocalPart());
service.setMetadataCriteriaRemoveEmptyEntitiesDescriptors(true);
service.setMetadataCriteriaRemoveRolelessEntityDescriptors(true);
if (StringUtils.isNotBlank(sp.getSignatureLocation())) {
service.setMetadataSignatureLocation(sp.getSignatureLocation());
}
val entityIDList = determineEntityIdList(sp, resolver, service);
if (entityIDList.isEmpty()) {
LOGGER.warn("Skipped registration of [{}] since no metadata entity ids could be found", sp.getName());
return null;
}
val entityIds = org.springframework.util.StringUtils.collectionToDelimitedString(entityIDList, "|");
service.setMetadataCriteriaDirection(PredicateFilter.Direction.INCLUDE.name());
service.setMetadataCriteriaPattern(entityIds);
LOGGER.debug("Registering saml service [{}] by entity id [{}]", sp.getName(), entityIds);
service.setServiceId(entityIds);
service.setSignAssertions(sp.getSignAssertions());
service.setSignResponses(sp.isSignResponses());
return service;
}
Aggregations