@Override @JsonIgnore public boolean isProviderAllowed(final String provider, final RegisteredService registeredService) { if (this.allowedProviders == null || this.allowedProviders.isEmpty()) { LOGGER.warn("Registered service [{}] does not define any authorized/supported delegated authentication providers. " + "It is STRONGLY recommended that you authorize and assign providers to the service definition. " + "While just a warning for now, this behavior will be enforced by CAS in future versions.", registeredService.getName()); return true; } return this.allowedProviders.contains(provider); } }
/** * Ensure service access is allowed. * * @param registeredService the registered service */ public static void ensureServiceAccessIsAllowed(final RegisteredService registeredService) { ensureServiceAccessIsAllowed(registeredService != null ? registeredService.getName() : StringUtils.EMPTY, registeredService); }
@Override public final void publish(final RegisteredService service, final ApplicationEvent event) { if (!BaseCasRegisteredServiceEvent.class.isAssignableFrom(event.getClass())) { return; } LOGGER.debug("Publishing service definition [{}] for event [{}] with publisher [{}]", service.getName(), event.getClass().getSimpleName(), this.publisherId); publishInternal(service, event); }
/** * Should skip interrupt for registered service. * * @param registeredService the registered service * @return the boolean */ protected boolean shouldSkipInterruptForRegisteredService(final RegisteredService registeredService) { if (registeredService != null) { LOGGER.debug("Checking interrupt rules for service [{}]", registeredService.getName()); if (RegisteredServiceProperties.SKIP_INTERRUPT_NOTIFICATIONS.isAssignedTo(registeredService)) { LOGGER.debug("Service [{}] is set to skip interrupt notifications", registeredService.getName()); return true; } LOGGER.debug("Service [{}] is set to not skip interrupt notifications", registeredService.getName()); } else { LOGGER.debug("No service was found in the request context. Proceeding as usual..."); } return false; }
/** * Find a service by an exact match of the service name. * * @param name the name * @return the registered service */ default RegisteredService findServiceByExactServiceName(final String name) { return load() .stream() .filter(r -> r.getName().equals(name)) .findFirst() .orElse(null); }
private static String getBackupMetadataFilenamePrefix(final AbstractResource metadataResource, final RegisteredService service) { return service.getName() .concat("-") .concat(String.valueOf(service.getId())) .concat("-") .concat(metadataResource.getFilename()) .concat("-"); }
private static String getServiceName(final GitUtil git, final String path) { try { return CasManagementUtils.fromJson(Paths.get(git.repoPath() + '/' + path).toFile()).getName() + " - " + path; } catch (final Exception e) { LOGGER.error(e.getMessage(), e); } return path; }
/** * Gets metadata backup file. * * @param metadataResource the metadata resource * @param service the service * @return the metadata backup file * @throws IOException the io exception */ protected File getMetadataBackupFile(final AbstractResource metadataResource, final RegisteredService service) throws IOException { LOGGER.debug("Metadata backup directory is at [{}]", this.metadataBackupDirectory.getCanonicalPath()); val metadataFileName = getBackupMetadataFilenamePrefix(metadataResource, service) .concat(getBackupMetadataFilenameSuffix(metadataResource, service)); val backupFile = new File(this.metadataBackupDirectory, metadataFileName); if (backupFile.exists()) { LOGGER.warn("Metadata file designated for service [{}] already exists at path [{}].", service.getName(), backupFile.getCanonicalPath()); } else { LOGGER.debug("Metadata to fetch for service [{}] will be placed at [{}]", service.getName(), backupFile.getCanonicalPath()); } return backupFile; }
/** * Gets display name. * * @return the display name */ public String getDisplayName() { val items = getDisplayNames(); if (items.isEmpty()) { return this.registeredService.getName(); } return StringUtils.collectionToDelimitedString(items, "."); }
/** * Method creates a filename to store the service. * * @param service - Service to be stored. * @param extension - extension to use for the file. * @return - String representing file name. */ @Override public String build(final RegisteredService service, final String extension) { return StringUtils.remove(service.getName(), ' ') + '-' + service.getId() + '.' + extension; } }
private boolean validateAndFilterServiceByEnvironment(final RegisteredService service) { if (this.environments.isEmpty()) { LOGGER.trace("No environments are defined by which services could be filtered"); return true; } if (service == null) { LOGGER.trace("No service definition was provided"); return true; } if (service.getEnvironments() == null || service.getEnvironments().isEmpty()) { LOGGER.trace("No environments are assigned to service [{}]", service.getName()); return true; } return service.getEnvironments() .stream() .anyMatch(this.environments::contains); } }
@Override public String[] resolveFrom(final JoinPoint auditableTarget, final Object retval) { Objects.requireNonNull(retval, "Return value must not be null"); val result = AuditableExecutionResult.class.cast(retval); val accessCheckOutcome = "Client Access " + BooleanUtils.toString(result.isExecutionFailure(), "Denied", "Granted"); val builder = new ToStringBuilder(this, NO_CLASS_NAME_STYLE) .append("result", accessCheckOutcome); if (result.getProperties().containsKey(Client.class.getSimpleName())) { builder.append("client", result.getProperties().get(Client.class.getSimpleName())); } result.getRegisteredService().ifPresent(service -> builder.append("registeredService", service.getName() + ':' + service.getServiceId())); return new String[]{builder.toString()}; } }
private boolean findExistingMatchForService(final RegisteredService r) { if (StringUtils.isNotBlank(r.getServiceId())) { val match = this.serviceRegistry.findServiceById(r.getServiceId()); if (match != null) { LOGGER.warn("Skipping [{}] JSON service definition as a matching service [{}] is found in the registry", r.getName(), match.getName()); return true; } val match2 = this.serviceRegistry.findServiceByExactServiceId(r.getServiceId()); if (match2 != null) { LOGGER.warn("Skipping [{}] JSON service definition as a matching service [{}] is found in the registry", r.getName(), match2.getName()); return true; } } val match = this.serviceRegistry.findServiceById(r.getId()); if (match != null) { LOGGER.warn("Skipping [{}] JSON service definition as a matching id [{}] is found in the registry", r.getName(), match.getId()); return true; } return false; } }
@Override public Collection<SingleLogoutRequest> handle(final WebApplicationService singleLogoutService, final String ticketId, final TicketGrantingTicket ticketGrantingTicket) { if (singleLogoutService.isLoggedOutAlready()) { LOGGER.debug("Service [{}] is already logged out.", singleLogoutService); return new ArrayList<>(0); } val selectedService = (WebApplicationService) this.authenticationRequestServiceSelectionStrategies.resolveService(singleLogoutService); LOGGER.trace("Processing logout request for service [{}]...", selectedService); val registeredService = this.servicesManager.findServiceBy(selectedService); LOGGER.debug("Service [{}] supports single logout and is found in the registry as [{}]. Proceeding...", selectedService.getId(), registeredService.getName()); val logoutUrls = this.singleLogoutServiceLogoutUrlBuilder.determineLogoutUrl(registeredService, selectedService); LOGGER.debug("Prepared logout url [{}] for service [{}]", logoutUrls, selectedService); if (logoutUrls == null || logoutUrls.isEmpty()) { LOGGER.debug("Service [{}] does not support logout operations given no logout url could be determined.", selectedService); return new ArrayList<>(0); } LOGGER.trace("Creating logout request for [{}] and ticket id [{}]", selectedService, ticketId); return createLogoutRequests(ticketId, selectedService, registeredService, logoutUrls, ticketGrantingTicket); }
private static String getDeletedServiceName(final GitUtil git, final String path) { try (val treeWalk = new TreeWalk(git.getRepository())) { treeWalk.addTree(git.getLastNCommits(1).findFirst().orElseThrow().getTree()); while (treeWalk.next()) { if (treeWalk.getPathString().endsWith(path)) { return CasManagementUtils.fromJson(git.readObject(treeWalk.getObjectId(0))).getName() + " - " + path; } } } catch (final Exception e) { LOGGER.error(e.getMessage(), e); } return path; } }
@Override public int compareTo(final RegisteredService other) { return new CompareToBuilder() .append(getEvaluationOrder(), other.getEvaluationOrder()) .append(StringUtils.defaultIfBlank(getName(), StringUtils.EMPTY).toLowerCase(), StringUtils.defaultIfBlank(other.getName(), StringUtils.EMPTY).toLowerCase()) .append(getServiceId(), other.getServiceId()).append(getId(), other.getId()) .toComparison(); }
@Override public void accept(final File file) { LOGGER.debug("Service definition [{}] was deleted. Reloading cache...", file); val service = serviceRegistryDao.getRegisteredServiceFromFile(file); if (service != null) { serviceRegistryDao.publishEvent(new CasRegisteredServicePreDeleteEvent(this, service)); serviceRegistryDao.removeRegisteredService(service); LOGGER.debug("Successfully deleted service definition [{}]", service.getName()); serviceRegistryDao.publishEvent(new CasRegisteredServiceDeletedEvent(this, service)); } else { LOGGER.warn("Unable to locate a matching service definition from file [{}]. Reloading cache...", file); val results = serviceRegistryDao.load(); serviceRegistryDao.publishEvent(new CasRegisteredServicesLoadedEvent(this, results)); } } }
/** * Creates a change for a modified file. * * @param git - GitUtil * @param entry - DiffEntry for the change * @return - Change */ @SuppressWarnings("DefaultCharset") @SneakyThrows public static Change createModifyChange(final GitUtil git, final DiffEntry entry) { val file = git.repoPath() + '/' + entry.getNewPath(); val json = new String(Files.readAllBytes(Paths.get(file))); val svc = CasManagementUtils.fromJson(json); return new Change(String.valueOf(svc.getId()), entry.getNewPath(), entry.getChangeType().toString(), svc.getName(), ObjectId.toString(entry.getOldId().toObjectId()), ObjectId.toString(entry.getNewId().toObjectId())); }
/** * Handle cas risky authentication detected event. * * @param event the event */ @EventListener public void handleCasRiskyAuthenticationDetectedEvent(final CasRiskyAuthenticationDetectedEvent event) { if (this.casEventRepository != null) { val dto = prepareCasEvent(event); dto.putEventId(event.getService().getName()); dto.setPrincipalId(event.getAuthentication().getPrincipal().getId()); this.casEventRepository.save(dto); } } }
/** * Creates a change for a delete file. * * @param git - GitUtil * @param entry - DiffEntry for the change. * @return - Change */ @SneakyThrows public static Change createDeleteChange(final GitUtil git, final DiffEntry entry) { val json = git.readObject(entry.getOldId().toObjectId()); val svc = CasManagementUtils.fromJson(json); return new Change(String.valueOf(svc.getId()), entry.getOldPath(), DiffEntry.ChangeType.DELETE.toString(), svc.getName(), ObjectId.toString(entry.getOldId().toObjectId()), null); }