/** * Locate matching attribute value boolean. * * @param attrName the attr name * @param attrValue the attr value * @param attributes the attributes * @return true/false */ protected boolean locateMatchingAttributeValue(final String attrName, final String attrValue, final Map<String, Object> attributes) { return locateMatchingAttributeValue(attrName, attrValue, attributes, true); }
LOGGER.debug("Evaluating multifactor authentication bypass properties for principal [{}], service [{}] and provider [{}]", principal.getId(), registeredService, provider); val bypassByPrincipal = locateMatchingAttributeBasedOnPrincipalAttributes(bypassProperties, principal); if (bypassByPrincipal) { LOGGER.debug("Bypass rules for principal [{}] indicate the request may be ignored", principal.getId()); val bypassByAuthn = locateMatchingAttributeBasedOnAuthenticationAttributes(bypassProperties, authentication); if (bypassByAuthn) { LOGGER.debug("Bypass rules for authentication for principal [{}] indicate the request may be ignored", principal.getId()); val bypassByAuthnMethod = locateMatchingAttributeValue( AuthenticationManager.AUTHENTICATION_METHOD_ATTRIBUTE, bypassProperties.getAuthenticationMethodName(), val bypassByHandlerName = locateMatchingAttributeValue( AuthenticationHandler.SUCCESSFUL_AUTHENTICATION_HANDLERS, bypassProperties.getAuthenticationHandlerName(), val bypassByCredType = locateMatchingCredentialType(authentication, bypassProperties.getCredentialClassType()); if (bypassByCredType) { LOGGER.debug("Bypass rules for credential types [{}] indicate the request may be ignored", bypassProperties.getCredentialClassType()); val bypassByHttpRequest = locateMatchingHttpRequest(authentication, request); if (bypassByHttpRequest) { LOGGER.debug("Bypass rules for http request indicate the request may be ignored for [{}]", principal.getId()); val bypassByService = locateMatchingRegisteredServiceForBypass(authentication, registeredService); if (bypassByService) { return false;
/** * New multifactor authentication provider bypass multifactor. * * @param props the props * @return the multifactor authentication provider bypass */ public static MultifactorAuthenticationProviderBypass newMultifactorAuthenticationProviderBypass( final MultifactorAuthenticationProviderBypassProperties props) { val bypass = new ChainingMultifactorAuthenticationBypassProvider(); bypass.addBypass(new DefaultMultifactorAuthenticationProviderBypass(props)); if (props.getType() == MultifactorAuthenticationProviderBypassProperties.MultifactorProviderBypassTypes.GROOVY) { bypass.addBypass(new GroovyMultifactorAuthenticationProviderBypass(props)); } if (props.getType() == MultifactorAuthenticationProviderBypassProperties.MultifactorProviderBypassTypes.REST) { bypass.addBypass(new RestMultifactorAuthenticationProviderBypass(props)); } return bypass; }
/** * Skip bypass and support event based on principal attributes. * * @param bypass the bypass properties * @param principal the principal * @return the boolean */ protected boolean locateMatchingAttributeBasedOnPrincipalAttributes( final MultifactorAuthenticationProviderBypassProperties bypass, final Principal principal) { return locateMatchingAttributeValue(bypass.getPrincipalAttributeName(), bypass.getPrincipalAttributeValue(), principal.getAttributes()); }
/** * Skip bypass and support event based on authentication attributes. * * @param bypass the bypass settings for the provider. * @param authn the authn * @return the boolean */ protected boolean locateMatchingAttributeBasedOnAuthenticationAttributes( final MultifactorAuthenticationProviderBypassProperties bypass, final Authentication authn) { return locateMatchingAttributeValue(bypass.getAuthenticationAttributeName(), bypass.getAuthenticationAttributeValue(), authn.getAttributes()); }