@Override public Principal resolve(final Credential credential, final Optional<Principal> currentPrincipal, final Optional<AuthenticationHandler> handler) { LOGGER.debug("Attempting to resolve a principal..."); var principalId = extractPrincipalId(credential, currentPrincipal); if (StringUtils.isBlank(principalId)) { LOGGER.debug("Principal id [{}] could not be found", principalId); val attributes = retrievePersonAttributes(principalId, credential); if (attributes == null || attributes.isEmpty()) { LOGGER.debug("Principal id [{}] did not specify any attributes", principalId); val pair = convertPersonAttributesToPrincipal(principalId, attributes); val principal = this.principalFactory.createPrincipal(pair.getKey(), pair.getValue()); LOGGER.info("Final resolved principal by [{}] is [{}]", getName(), principal); return principal;
@Override protected String extractPrincipalId(final Credential credential, final Optional<Principal> currentPrincipal) { LOGGER.debug("Attempting to extract principal id for principal [{}]", currentPrincipal); if (!credential.getClass().equals(SurrogateUsernamePasswordCredential.class)) { LOGGER.trace("Provided credential is not one of [{}]", SurrogateUsernamePasswordCredential.class.getName()); return super.extractPrincipalId(credential, currentPrincipal); } if (currentPrincipal.isEmpty()) { throw new IllegalArgumentException("Current principal resolved cannot be null"); } val id = currentPrincipal.get().getId(); LOGGER.debug("Resolving principal id for surrogate authentication as [{}]", id); return id; } }
@Override protected Map<String, List<Object>> retrievePersonAttributes(final String principalId, final Credential credential) { val wsFedCredentials = (WsFederationCredential) credential; if (this.configuration.getAttributesType() == WsFederationConfiguration.WsFedPrincipalResolutionAttributesType.WSFED) { return wsFedCredentials.getAttributes(); } if (this.configuration.getAttributesType() == WsFederationConfiguration.WsFedPrincipalResolutionAttributesType.CAS) { return super.retrievePersonAttributes(principalId, credential); } val mergedAttributes = new HashMap<String, List<Object>>(wsFedCredentials.getAttributes()); mergedAttributes.putAll(super.retrievePersonAttributes(principalId, credential)); return mergedAttributes; }
@Bean @ConditionalOnMissingBean(name = "jaasPersonDirectoryPrincipalResolvers") public List<PrincipalResolver> jaasPersonDirectoryPrincipalResolvers() { val personDirectory = casProperties.getPersonDirectory(); return casProperties.getAuthn().getJaas() .stream() .filter(jaas -> StringUtils.isNotBlank(jaas.getRealm())) .map(jaas -> { val jaasPrincipal = jaas.getPrincipal(); val principalAttribute = StringUtils.defaultIfBlank(jaasPrincipal.getPrincipalAttribute(), personDirectory.getPrincipalAttribute()); return new PersonDirectoryPrincipalResolver(attributeRepository.getIfAvailable(), jaasPrincipalFactory(), jaasPrincipal.isReturnNull() || personDirectory.isReturnNull(), principalAttribute, jaasPrincipal.isUseExistingPrincipalId() || personDirectory.isUseExistingPrincipalId()); }) .collect(Collectors.toList()); }
@RefreshScope @Bean @ConditionalOnMissingBean(name = "personDirectoryAttributeRepositoryPrincipalResolver") public PrincipalResolver personDirectoryAttributeRepositoryPrincipalResolver() { val personDirectory = casProperties.getPersonDirectory(); return new PersonDirectoryPrincipalResolver( attributeRepository.getIfAvailable(), principalFactory(), personDirectory.isReturnNull(), personDirectory.getPrincipalAttribute(), personDirectory.isUseExistingPrincipalId() ); }