@ConditionalOnMissingBean(name = "cookieValueManager") @Autowired @Bean public CookieValueManager cookieValueManager(@Qualifier("cookieCipherExecutor") final CipherExecutor cipherExecutor) { if (casProperties.getTgc().getCrypto().isEnabled()) { return new DefaultCasCookieValueManager(cipherExecutor); } return new NoOpCookieValueManager(); }
@ConditionalOnMissingBean(name = "cookieValueManager") @Bean public CookieValueManager cookieValueManager() { if (casProperties.getTgc().getCrypto().isEnabled()) { return new DefaultCasCookieValueManager(cookieCipherExecutor(), casProperties.getTgc()); } return new NoOpCookieValueManager(); }
@ConditionalOnMissingBean(name = "cookieCipherExecutor") @RefreshScope @Bean public CipherExecutor cookieCipherExecutor() { final EncryptionJwtSigningJwtCryptographyProperties crypto = casProperties.getTgc().getCrypto(); boolean enabled = crypto.isEnabled(); if (!enabled && (StringUtils.isNotBlank(crypto.getEncryption().getKey())) && StringUtils.isNotBlank(crypto.getSigning().getKey())) { LOGGER.warn("Token encryption/signing is not enabled explicitly in the configuration, yet signing/encryption keys " + "are defined for operations. CAS will proceed to enable the cookie encryption/signing functionality."); enabled = true; } if (enabled) { return new TicketGrantingCookieCipherExecutor(crypto.getEncryption().getKey(), crypto.getSigning().getKey(), crypto.getAlg()); } LOGGER.warn("Ticket-granting cookie encryption/signing is turned off. This " + "MAY NOT be safe in a production environment. Consider using other choices to handle encryption, " + "signing and verification of ticket-granting cookies."); return NoOpCipherExecutor.getInstance(); }
@ConditionalOnMissingBean(name = "cookieCipherExecutor") @RefreshScope @Bean public CipherExecutor cookieCipherExecutor() { val crypto = casProperties.getTgc().getCrypto(); var enabled = crypto.isEnabled(); if (!enabled && StringUtils.isNotBlank(crypto.getEncryption().getKey()) && StringUtils.isNotBlank(crypto.getSigning().getKey())) { LOGGER.warn("Token encryption/signing is not enabled explicitly in the configuration, yet signing/encryption keys " + "are defined for operations. CAS will proceed to enable the cookie encryption/signing functionality."); enabled = true; } if (enabled) { return new TicketGrantingCookieCipherExecutor(crypto.getEncryption().getKey(), crypto.getSigning().getKey(), crypto.getAlg(), crypto.getSigning().getKeySize(), crypto.getEncryption().getKeySize()); } LOGGER.warn("Ticket-granting cookie encryption/signing is turned off. This " + "MAY NOT be safe in a production environment. Consider using other choices to handle encryption, " + "signing and verification of ticket-granting cookies."); return CipherExecutor.noOp(); }