/** * Find a service by an exact match of the service id. * * @param id the id * @return the registered service */ default RegisteredService findServiceByExactServiceId(final String id) { return load() .stream() .filter(r -> StringUtils.isNotBlank(r.getServiceId()) && r.getServiceId().equals(id)) .findFirst() .orElse(null); }
@Override public Map<String, Object> encodeAttributes(final Map<String, Object> attributes, final RegisteredService registeredService) { LOGGER.trace("Starting to encode attributes for release to service [{}]", registeredService); val newEncodedAttributes = new HashMap<String, Object>(attributes); val cachedAttributesToEncode = initialize(newEncodedAttributes); if (registeredService != null && registeredService.getAccessStrategy().isServiceAccessAllowed()) { encodeAttributesInternal(newEncodedAttributes, cachedAttributesToEncode, this.cipherExecutor, registeredService); LOGGER.debug("[{}] encoded attributes are available for release to [{}]: [{}]", newEncodedAttributes.size(), registeredService, newEncodedAttributes.keySet()); } else { LOGGER.debug("Service is not found/enabled in the service registry so no encoding has taken place."); } return newEncodedAttributes; }
private boolean findExistingMatchForService(final RegisteredService r) { if (StringUtils.isNotBlank(r.getServiceId())) { val match = this.serviceRegistry.findServiceById(r.getServiceId()); if (match != null) { LOGGER.warn("Skipping [{}] JSON service definition as a matching service [{}] is found in the registry", r.getName(), match.getName()); return true; } val match2 = this.serviceRegistry.findServiceByExactServiceId(r.getServiceId()); if (match2 != null) { LOGGER.warn("Skipping [{}] JSON service definition as a matching service [{}] is found in the registry", r.getName(), match2.getName()); return true; } } val match = this.serviceRegistry.findServiceById(r.getId()); if (match != null) { LOGGER.warn("Skipping [{}] JSON service definition as a matching id [{}] is found in the registry", r.getName(), match.getId()); return true; } return false; } }
/** * Method creates a filename to store the service. * * @param service - Service to be stored. * @param extension - extension to use for the file. * @return - String representing file name. */ @Override public String build(final RegisteredService service, final String extension) { return StringUtils.remove(service.getName(), ' ') + '-' + service.getId() + '.' + extension; } }
private boolean validateAndFilterServiceByEnvironment(final RegisteredService service) { if (this.environments.isEmpty()) { LOGGER.trace("No environments are defined by which services could be filtered"); return true; } if (service == null) { LOGGER.trace("No service definition was provided"); return true; } if (service.getEnvironments() == null || service.getEnvironments().isEmpty()) { LOGGER.trace("No environments are assigned to service [{}]", service.getName()); return true; } return service.getEnvironments() .stream() .anyMatch(this.environments::contains); } }
@Override public RegisteredService save(final RegisteredService registeredService) { if (registeredService.getId() == RegisteredService.INITIAL_IDENTIFIER_VALUE) { registeredService.setId(findHighestId() + 1); } val svc = findServiceById(registeredService.getId()); if (svc != null) { this.registeredServices.remove(svc); } this.registeredServices.add(registeredService); return registeredService; }
@Override public void write(final Kryo kryo, final Output output, final RegisteredService service) { kryo.writeObject(output, service.getServiceId()); kryo.writeObject(output, StringUtils.defaultIfEmpty(service.getName(), StringUtils.EMPTY)); kryo.writeObject(output, StringUtils.defaultIfEmpty(service.getDescription(), StringUtils.EMPTY)); kryo.writeObject(output, service.getId()); kryo.writeObject(output, service.getEvaluationOrder()); kryo.writeObject(output, ObjectUtils.defaultIfNull(service.getLogo(), getEmptyUrl())); kryo.writeObject(output, service.getLogoutType()); kryo.writeObject(output, ObjectUtils.defaultIfNull(service.getLogoutUrl(), StringUtils.EMPTY)); kryo.writeObject(output, new HashSet<>(service.getRequiredHandlers())); kryo.writeObject(output, StringUtils.defaultIfEmpty(service.getTheme(), StringUtils.EMPTY)); kryo.writeObject(output, StringUtils.defaultIfEmpty(service.getResponseType(), StringUtils.EMPTY)); writeObjectByReflection(kryo, output, ObjectUtils.defaultIfNull(service.getPublicKey(), new RegisteredServicePublicKeyImpl())); writeObjectByReflection(kryo, output, ObjectUtils.defaultIfNull(service.getProxyPolicy(), new RefuseRegisteredServiceProxyPolicy())); writeObjectByReflection(kryo, output, ObjectUtils.defaultIfNull(service.getAttributeReleasePolicy(), new ReturnAllowedAttributeReleasePolicy())); writeObjectByReflection(kryo, output, ObjectUtils.defaultIfNull(service.getUsernameAttributeProvider(), new DefaultRegisteredServiceUsernameProvider())); writeObjectByReflection(kryo, output, ObjectUtils.defaultIfNull(service.getAccessStrategy(), new DefaultRegisteredServiceAccessStrategy())); writeObjectByReflection(kryo, output, ObjectUtils.defaultIfNull(service.getMultifactorPolicy(), new DefaultRegisteredServiceMultifactorPolicy())); writeObjectByReflection(kryo, output, ObjectUtils.defaultIfNull(service.getContacts(), new ArrayList<>())); kryo.writeObject(output, StringUtils.defaultIfEmpty(service.getInformationUrl(), StringUtils.EMPTY)); kryo.writeObject(output, StringUtils.defaultIfEmpty(service.getPrivacyUrl(), StringUtils.EMPTY)); kryo.writeObject(output, new HashMap<>(service.getProperties())); }
/** * Gets registered service jwt secret. * * @param service the service * @param propName the prop name * @return the registered service jwt secret */ protected String getRegisteredServiceJwtProperty(final RegisteredService service, final RegisteredServiceProperty.RegisteredServiceProperties propName) { if (service == null || !service.getAccessStrategy().isServiceAccessAllowed()) { LOGGER.debug("Service is not defined/found or its access is disabled in the registry"); throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE); } if (propName.isAssignedTo(service)) { return propName.getPropertyValue(service).getValue(); } LOGGER.warn("Service [{}] does not define a property [{}] in the registry", service.getServiceId(), propName); return null; }
@Override @JsonIgnore public boolean isProviderAllowed(final String provider, final RegisteredService registeredService) { if (this.allowedProviders == null || this.allowedProviders.isEmpty()) { LOGGER.warn("Registered service [{}] does not define any authorized/supported delegated authentication providers. " + "It is STRONGLY recommended that you authorize and assign providers to the service definition. " + "While just a warning for now, this behavior will be enforced by CAS in future versions.", registeredService.getName()); return true; } return this.allowedProviders.contains(provider); } }
@Override public int compareTo(final RegisteredService other) { return new CompareToBuilder() .append(getEvaluationOrder(), other.getEvaluationOrder()) .append(StringUtils.defaultIfBlank(getName(), StringUtils.EMPTY).toLowerCase(), StringUtils.defaultIfBlank(other.getName(), StringUtils.EMPTY).toLowerCase()) .append(getServiceId(), other.getServiceId()).append(getId(), other.getId()) .toComparison(); }
/** * Gets registered service jwt secret. * * @param service the service * @param propName the prop name * @return the registered service jwt secret */ protected static String getRegisteredServiceJwtSecret(final RegisteredService service, final String propName) { if (service == null || !service.getAccessStrategy().isServiceAccessAllowed()) { LOGGER.debug("Service is not defined/found or its access is disabled in the registry"); throw new UnauthorizedServiceException(UnauthorizedServiceException.CODE_UNAUTHZ_SERVICE); } if (service.getProperties().containsKey(propName)) { final RegisteredServiceProperty propSigning = service.getProperties().get(propName); final String tokenSigningSecret = propSigning.getValue(); if (StringUtils.isNotBlank(tokenSigningSecret)) { LOGGER.debug("Found the secret value [{}] for service [{}]", propName, service.getServiceId()); return tokenSigningSecret; } } LOGGER.warn("Service [{}] does not define a property [{}] in the registry", service.getServiceId(), propName); return null; } }
if (registeredService != null && registeredService.getAccessStrategy().isServiceAccessAllowed()) { logger.debug("Placing registered service [{}] with id [{}] in context scope", registeredService.getServiceId(), registeredService.getId()); WebUtils.putRegisteredService(context, registeredService); final RegisteredServiceAccessStrategy accessStrategy = registeredService.getAccessStrategy(); if (accessStrategy.getUnauthorizedRedirectUrl() != null) { logger.debug("Placing registered service's unauthorized redirect url [{}] with id [{}] in context scope", accessStrategy.getUnauthorizedRedirectUrl(), registeredService.getServiceId()); WebUtils.putUnauthorizedRedirectUrl(context, accessStrategy.getUnauthorizedRedirectUrl());
@Override public String[] resolveFrom(final JoinPoint auditableTarget, final Object retval) { Objects.requireNonNull(retval, "Return value must not be null"); val result = AuditableExecutionResult.class.cast(retval); val accessCheckOutcome = "Client Access " + BooleanUtils.toString(result.isExecutionFailure(), "Denied", "Granted"); val builder = new ToStringBuilder(this, NO_CLASS_NAME_STYLE) .append("result", accessCheckOutcome); if (result.getProperties().containsKey(Client.class.getSimpleName())) { builder.append("client", result.getProperties().get(Client.class.getSimpleName())); } result.getRegisteredService().ifPresent(service -> builder.append("registeredService", service.getName() + ':' + service.getServiceId())); return new String[]{builder.toString()}; } }
public void handleRegisteredServiceExpiredEvent(final CasRegisteredServiceExpiredEvent event) { val registeredService = event.getRegisteredService(); val contacts = registeredService.getContacts(); val serviceName = StringUtils.defaultIfBlank(registeredService.getName(), registeredService.getServiceId()); if (communicationsManager.isMailSenderDefined()) { val message = String.format(mail.getText(), serviceName);
val principal = authentication.getPrincipal(); val attributePolicy = registeredService.getAttributeReleasePolicy(); LOGGER.debug("Attribute policy [{}] is associated with service [{}]", attributePolicy, registeredService); val principalId = registeredService.getUsernameAttributeProvider().resolveUsername(principal, selectedService, registeredService); val modifiedPrincipal = this.principalFactory.createPrincipal(principalId, attributesToRelease); val builder = DefaultAuthenticationBuilder.newInstance(authentication); builder.setPrincipal(modifiedPrincipal); LOGGER.debug("Principal determined for release to [{}] is [{}]", registeredService.getServiceId(), principalId);
/** * Load services that are provided by the DAO. */ @Override public Collection<RegisteredService> load() { LOGGER.trace("Loading services from [{}]", serviceRegistry.getName()); this.services = this.serviceRegistry.load() .stream() .collect(Collectors.toConcurrentMap(r -> { LOGGER.debug("Adding registered service [{}]", r.getServiceId()); return r.getId(); }, Function.identity(), (r, s) -> s == null ? r : s)); loadInternal(); publishEvent(new CasRegisteredServicesLoadedEvent(this, getAllServices())); evaluateExpiredServiceDefinitions(); LOGGER.info("Loaded [{}] service(s) from [{}].", this.services.size(), this.serviceRegistry.getName()); return services.values(); }
/** * Release principal id as attribute if needed. * * @param principal the principal * @param attributesToRelease the attributes to release * @param service the service * @param registeredService the registered service */ protected void insertPrincipalIdAsAttributeIfNeeded(final Principal principal, final Map<String, Object> attributesToRelease, final Service service, final RegisteredService registeredService) { if (StringUtils.isNotBlank(getPrincipalIdAttribute())) { LOGGER.debug("Attempting to resolve the principal id for service [{}]", registeredService.getServiceId()); val id = registeredService.getUsernameAttributeProvider().resolveUsername(principal, service, registeredService); LOGGER.debug("Releasing resolved principal id [{}] as attribute [{}]", id, getPrincipalIdAttribute()); attributesToRelease.put(getPrincipalIdAttribute(), principal.getId()); } }
/** * Remove registered service. * * @param service the service */ protected void removeRegisteredService(final RegisteredService service) { this.serviceMap.remove(service.getId()); }
/** * Initialize cipher based on service public key. * * @param publicKey the public key * @param registeredService the registered service * @return the false if no public key is found * or if cipher cannot be initialized, etc. */ private static Cipher initializeCipherBasedOnServicePublicKey(final PublicKey publicKey, final RegisteredService registeredService) { try { LOGGER.debug("Using service [{}] public key [{}] to initialize the cipher", registeredService.getServiceId(), registeredService.getPublicKey()); val cipher = Cipher.getInstance(publicKey.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE, publicKey); LOGGER.debug("Initialized cipher in encrypt-mode via the public key algorithm [{}] for service [{}]", publicKey.getAlgorithm(), registeredService.getServiceId()); return cipher; } catch (final Exception e) { LOGGER.warn("Cipher could not be initialized for service [{}]. Error [{}]", registeredService, e.getMessage()); } return null; }
private RegisteredService processExpiredRegisteredService(final RegisteredService registeredService) { val policy = registeredService.getExpirationPolicy(); LOGGER.warn("Registered service [{}] has expired on [{}]", registeredService.getServiceId(), policy.getExpirationDate()); if (policy.isDeleteWhenExpired()) { LOGGER.debug("Deleting expired registered service [{}] from registry.", registeredService.getServiceId()); if (policy.isNotifyWhenDeleted()) { LOGGER.debug("Contacts for registered service [{}] will be notified of service expiry", registeredService.getServiceId()); publishEvent(new CasRegisteredServiceExpiredEvent(this, registeredService)); } delete(registeredService); return null; } return registeredService; }