Search in sources :

Example 1 with MetadataFilter

use of org.opensaml.saml.metadata.resolver.filter.MetadataFilter in project cas by apereo.

the class ChainingMetadataResolverCacheLoader method buildMetadataFilters.

/**
     * Build metadata filters.
     *
     * @param service          the service
     * @param metadataProvider the metadata provider
     * @throws Exception the exception
     */
protected void buildMetadataFilters(final SamlRegisteredService service, final AbstractMetadataResolver metadataProvider) throws Exception {
    final List<MetadataFilter> metadataFilterList = new ArrayList<>();
    buildRequiredValidUntilFilterIfNeeded(service, metadataFilterList);
    buildSignatureValidationFilterIfNeeded(service, metadataFilterList);
    buildEntityRoleFilterIfNeeded(service, metadataFilterList);
    buildPredicateFilterIfNeeded(service, metadataFilterList);
    if (!metadataFilterList.isEmpty()) {
        final MetadataFilterChain metadataFilterChain = new MetadataFilterChain();
        metadataFilterChain.setFilters(metadataFilterList);
        LOGGER.debug("Metadata filter chain initialized with [{}] filters", metadataFilterList.size());
        metadataProvider.setMetadataFilter(metadataFilterChain);
    }
}
Also used : ArrayList(java.util.ArrayList) MetadataFilter(org.opensaml.saml.metadata.resolver.filter.MetadataFilter) MetadataFilterChain(org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain)

Example 2 with MetadataFilter

use of org.opensaml.saml.metadata.resolver.filter.MetadataFilter in project cas by apereo.

the class SamlMetadataUIConfiguration method configureResource.

private static void configureResource(final ConfigurableApplicationContext applicationContext, final Map<Resource, MetadataFilterChain> resources, final MetadataFilterChain chain, final String resourceArray, final CasConfigurationProperties casProperties) {
    val splitArray = org.springframework.util.StringUtils.commaDelimitedListToStringArray(resourceArray);
    Arrays.stream(splitArray).forEach(Unchecked.consumer(entry -> {
        val arr = Splitter.on(DEFAULT_SEPARATOR).splitToList(entry);
        val metadataFile = arr.get(0);
        val signingKey = arr.size() > 1 ? arr.get(1) : null;
        val filters = new ArrayList<MetadataFilter>();
        if (casProperties.getSamlMetadataUi().getMaxValidity() > 0) {
            val filter = new RequiredValidUntilFilter();
            filter.setMaxValidityInterval(Duration.ofSeconds(casProperties.getSamlMetadataUi().getMaxValidity()));
            filters.add(filter);
        }
        var addResource = true;
        if (StringUtils.isNotBlank(signingKey)) {
            val sigFilter = SamlUtils.buildSignatureValidationFilter(applicationContext, signingKey);
            if (sigFilter != null) {
                sigFilter.setRequireSignedRoot(casProperties.getSamlMetadataUi().isRequireSignedRoot());
                filters.add(sigFilter);
            } else {
                LOGGER.warn("Failed to locate the signing key [{}] for [{}]", signingKey, metadataFile);
                addResource = false;
            }
        }
        chain.setFilters(filters);
        val resource = applicationContext.getResource(metadataFile);
        if (addResource && ResourceUtils.doesResourceExist(resource)) {
            resources.put(resource, chain);
        } else {
            LOGGER.warn("Skipping metadata [{}]; Either the resource cannot be retrieved or its signing key is missing", metadataFile);
        }
    }));
}
Also used : lombok.val(lombok.val) CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties) Arrays(java.util.Arrays) StaticMetadataResolverAdapter(org.apereo.cas.support.saml.mdui.StaticMetadataResolverAdapter) HashMap(java.util.HashMap) StringUtils(org.apache.commons.lang3.StringUtils) RequiredValidUntilFilter(org.opensaml.saml.metadata.resolver.filter.impl.RequiredValidUntilFilter) RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope) ArrayList(java.util.ArrayList) SamlUtils(org.apereo.cas.support.saml.SamlUtils) EnableConfigurationProperties(org.springframework.boot.context.properties.EnableConfigurationProperties) ConfigurableApplicationContext(org.springframework.context.ConfigurableApplicationContext) Duration(java.time.Duration) Map(java.util.Map) CollectionUtils(org.apereo.cas.util.CollectionUtils) Qualifier(org.springframework.beans.factory.annotation.Qualifier) Splitter(com.google.common.base.Splitter) MetadataFilter(org.opensaml.saml.metadata.resolver.filter.MetadataFilter) Resource(org.springframework.core.io.Resource) MetadataFilterChain(org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain) AbstractMetadataResolverAdapter(org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter) MetadataResolverAdapter(org.apereo.cas.support.saml.mdui.MetadataResolverAdapter) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) ResourceUtils(org.apereo.cas.util.ResourceUtils) Unchecked(org.jooq.lambda.Unchecked) lombok.val(lombok.val) ScopedProxyMode(org.springframework.context.annotation.ScopedProxyMode) ChainingMetadataResolverAdapter(org.apereo.cas.support.saml.mdui.ChainingMetadataResolverAdapter) OpenSamlConfigBean(org.apereo.cas.support.saml.OpenSamlConfigBean) Configuration(org.springframework.context.annotation.Configuration) Slf4j(lombok.extern.slf4j.Slf4j) DynamicMetadataResolverAdapter(org.apereo.cas.support.saml.mdui.DynamicMetadataResolverAdapter) Bean(org.springframework.context.annotation.Bean) RequiredValidUntilFilter(org.opensaml.saml.metadata.resolver.filter.impl.RequiredValidUntilFilter) MetadataFilter(org.opensaml.saml.metadata.resolver.filter.MetadataFilter)

Aggregations

ArrayList (java.util.ArrayList)2 MetadataFilter (org.opensaml.saml.metadata.resolver.filter.MetadataFilter)2 MetadataFilterChain (org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain)2 Splitter (com.google.common.base.Splitter)1 Duration (java.time.Duration)1 Arrays (java.util.Arrays)1 HashMap (java.util.HashMap)1 Map (java.util.Map)1 Slf4j (lombok.extern.slf4j.Slf4j)1 lombok.val (lombok.val)1 StringUtils (org.apache.commons.lang3.StringUtils)1 CasConfigurationProperties (org.apereo.cas.configuration.CasConfigurationProperties)1 OpenSamlConfigBean (org.apereo.cas.support.saml.OpenSamlConfigBean)1 SamlUtils (org.apereo.cas.support.saml.SamlUtils)1 AbstractMetadataResolverAdapter (org.apereo.cas.support.saml.mdui.AbstractMetadataResolverAdapter)1 ChainingMetadataResolverAdapter (org.apereo.cas.support.saml.mdui.ChainingMetadataResolverAdapter)1 DynamicMetadataResolverAdapter (org.apereo.cas.support.saml.mdui.DynamicMetadataResolverAdapter)1 MetadataResolverAdapter (org.apereo.cas.support.saml.mdui.MetadataResolverAdapter)1 StaticMetadataResolverAdapter (org.apereo.cas.support.saml.mdui.StaticMetadataResolverAdapter)1 CollectionUtils (org.apereo.cas.util.CollectionUtils)1