@Autowired @Bean @RefreshScope @ConditionalOnMissingBean(name = "ticketGrantingTicketCookieGenerator") public CookieRetrievingCookieGenerator ticketGrantingTicketCookieGenerator(@Qualifier("cookieCipherExecutor") final CipherExecutor cipherExecutor) { final TicketGrantingCookieProperties tgc = casProperties.getTgc(); final int rememberMeMaxAge = (int) tgc.getRememberMeMaxAge(); return new TGCCookieRetrievingCookieGenerator(cookieValueManager(cipherExecutor), tgc.getName(), tgc.getPath(), tgc.getDomain(), rememberMeMaxAge, tgc.isSecure(), tgc.getMaxAge(), tgc.isHttpOnly()); } }
@ConditionalOnMissingBean(name = "cookieValueManager") @Autowired @Bean public CookieValueManager cookieValueManager(@Qualifier("cookieCipherExecutor") final CipherExecutor cipherExecutor) { if (casProperties.getTgc().getCrypto().isEnabled()) { return new DefaultCasCookieValueManager(cipherExecutor); } return new NoOpCookieValueManager(); }
val cookieThemeResolver = new CookieThemeResolver(); cookieThemeResolver.setDefaultThemeName(defaultThemeName); cookieThemeResolver.setCookieDomain(tgc.getDomain()); cookieThemeResolver.setCookieHttpOnly(tgc.isHttpOnly()); cookieThemeResolver.setCookieMaxAge(tgc.getMaxAge()); cookieThemeResolver.setCookiePath(tgc.getPath()); cookieThemeResolver.setCookieSecure(tgc.isSecure());
@ConditionalOnMissingBean(name = "ticketGrantingTicketCookieGenerator") @Bean @RefreshScope public CookieRetrievingCookieGenerator ticketGrantingTicketCookieGenerator() { val tgc = casProperties.getTgc(); val rememberMeMaxAge = (int) Beans.newDuration(tgc.getRememberMeMaxAge()).getSeconds(); return new TGCCookieRetrievingCookieGenerator(cookieValueManager(), tgc.getName(), tgc.getPath(), tgc.getDomain(), rememberMeMaxAge, tgc.isSecure(), tgc.getMaxAge(), tgc.isHttpOnly()); } }
@ConditionalOnMissingBean(name = "cookieValueManager") @Bean public CookieValueManager cookieValueManager() { if (casProperties.getTgc().getCrypto().isEnabled()) { return new DefaultCasCookieValueManager(cookieCipherExecutor(), casProperties.getTgc()); } return new NoOpCookieValueManager(); }
@ConditionalOnMissingBean(name = "cookieCipherExecutor") @RefreshScope @Bean public CipherExecutor cookieCipherExecutor() { final EncryptionJwtSigningJwtCryptographyProperties crypto = casProperties.getTgc().getCrypto(); boolean enabled = crypto.isEnabled(); if (!enabled && (StringUtils.isNotBlank(crypto.getEncryption().getKey())) && StringUtils.isNotBlank(crypto.getSigning().getKey())) { LOGGER.warn("Token encryption/signing is not enabled explicitly in the configuration, yet signing/encryption keys " + "are defined for operations. CAS will proceed to enable the cookie encryption/signing functionality."); enabled = true; } if (enabled) { return new TicketGrantingCookieCipherExecutor(crypto.getEncryption().getKey(), crypto.getSigning().getKey(), crypto.getAlg()); } LOGGER.warn("Ticket-granting cookie encryption/signing is turned off. This " + "MAY NOT be safe in a production environment. Consider using other choices to handle encryption, " + "signing and verification of ticket-granting cookies."); return NoOpCipherExecutor.getInstance(); }
@ConditionalOnMissingBean(name = "cookieCipherExecutor") @RefreshScope @Bean public CipherExecutor cookieCipherExecutor() { val crypto = casProperties.getTgc().getCrypto(); var enabled = crypto.isEnabled(); if (!enabled && StringUtils.isNotBlank(crypto.getEncryption().getKey()) && StringUtils.isNotBlank(crypto.getSigning().getKey())) { LOGGER.warn("Token encryption/signing is not enabled explicitly in the configuration, yet signing/encryption keys " + "are defined for operations. CAS will proceed to enable the cookie encryption/signing functionality."); enabled = true; } if (enabled) { return new TicketGrantingCookieCipherExecutor(crypto.getEncryption().getKey(), crypto.getSigning().getKey(), crypto.getAlg(), crypto.getSigning().getKeySize(), crypto.getEncryption().getKeySize()); } LOGGER.warn("Ticket-granting cookie encryption/signing is turned off. This " + "MAY NOT be safe in a production environment. Consider using other choices to handle encryption, " + "signing and verification of ticket-granting cookies."); return CipherExecutor.noOp(); }