@ConditionalOnMissingBean(name = "proxyPrincipalResolver") @Bean public PrincipalResolver proxyPrincipalResolver() { return new ProxyingPrincipalResolver(proxyPrincipalFactory()); }
@Override protected Map<String, List<Object>> retrievePersonAttributes(final String principalId, final Credential credential) { val wsFedCredentials = (WsFederationCredential) credential; if (this.configuration.getAttributesType() == WsFederationConfiguration.WsFedPrincipalResolutionAttributesType.WSFED) { return wsFedCredentials.getAttributes(); } if (this.configuration.getAttributesType() == WsFederationConfiguration.WsFedPrincipalResolutionAttributesType.CAS) { return super.retrievePersonAttributes(principalId, credential); } val mergedAttributes = new HashMap<String, List<Object>>(wsFedCredentials.getAttributes()); mergedAttributes.putAll(super.retrievePersonAttributes(principalId, credential)); return mergedAttributes; }
@Override protected String extractPrincipalId(final Credential credential, final Optional<Principal> currentPrincipal) { LOGGER.debug("Attempting to extract principal id for principal [{}]", currentPrincipal); if (!credential.getClass().equals(SurrogateUsernamePasswordCredential.class)) { LOGGER.trace("Provided credential is not one of [{}]", SurrogateUsernamePasswordCredential.class.getName()); return super.extractPrincipalId(credential, currentPrincipal); } if (currentPrincipal.isEmpty()) { throw new IllegalArgumentException("Current principal resolved cannot be null"); } val id = currentPrincipal.get().getId(); LOGGER.debug("Resolving principal id for surrogate authentication as [{}]", id); return id; } }
@Bean @ConditionalOnMissingBean(name = "defaultPrincipalResolver") @RefreshScope public PrincipalResolver defaultPrincipalResolver(final List<PrincipalResolutionExecutionPlanConfigurer> configurers) { val plan = new DefaultPrincipalResolutionExecutionPlan(); val sortedConfigurers = new ArrayList<PrincipalResolutionExecutionPlanConfigurer>(configurers); AnnotationAwareOrderComparator.sortIfNecessary(sortedConfigurers); sortedConfigurers.forEach(c -> { LOGGER.trace("Configuring principal resolution execution plan [{}]", c.getName()); c.configurePrincipalResolutionExecutionPlan(plan); }); plan.registerPrincipalResolver(new EchoingPrincipalResolver()); val resolver = new ChainingPrincipalResolver(); resolver.setChain(plan.getRegisteredPrincipalResolvers()); return resolver; }
@Override public Principal resolve(final Credential credential, final Optional<Principal> currentPrincipal, final Optional<AuthenticationHandler> handler) { LOGGER.debug("Attempting to resolve a principal..."); var principalId = extractPrincipalId(credential, currentPrincipal); if (StringUtils.isBlank(principalId)) { LOGGER.debug("Principal id [{}] could not be found", principalId); val attributes = retrievePersonAttributes(principalId, credential); if (attributes == null || attributes.isEmpty()) { LOGGER.debug("Principal id [{}] did not specify any attributes", principalId); val pair = convertPersonAttributesToPrincipal(principalId, attributes); val principal = this.principalFactory.createPrincipal(pair.getKey(), pair.getValue()); LOGGER.info("Final resolved principal by [{}] is [{}]", getName(), principal); return principal;
@RefreshScope @Bean @ConditionalOnMissingBean(name = "personDirectoryAttributeRepositoryPrincipalResolver") public PrincipalResolver personDirectoryAttributeRepositoryPrincipalResolver() { val personDirectory = casProperties.getPersonDirectory(); return new PersonDirectoryPrincipalResolver( attributeRepository.getIfAvailable(), principalFactory(), personDirectory.isReturnNull(), personDirectory.getPrincipalAttribute(), personDirectory.isUseExistingPrincipalId() ); }
@Override public Map<String, List<Object>> getPersonAttributesFromMultivaluedAttributes(final Map<String, List<Object>> attributes) { if (attributes.containsKey("username")) { val username = attributes.get("username"); if (!username.isEmpty()) { val results = new HashMap<String, List<Object>>(); val attrs = getAttributesForUser(username.get(0).toString()); LOGGER.debug("Groovy-based attributes found are [{}]", attrs); attrs.forEach((k, v) -> { val values = new ArrayList<Object>(CollectionUtils.toCollection(v)); LOGGER.debug("Adding Groovy-based attribute [{}] with value(s) [{}]", k, values); results.put(k, values); }); return results; } } return new HashMap<>(0); }
@ConditionalOnMissingBean(name = "groovyAttributeRepositories") @Bean @RefreshScope public List<IPersonAttributeDao> groovyAttributeRepositories() { val list = new ArrayList<IPersonAttributeDao>(); casProperties.getAuthn().getAttributeRepository().getGroovy().forEach(groovy -> { if (groovy.getLocation() != null) { val dao = new GroovyPersonAttributeDao(new InternalGroovyScriptDao(applicationContext, casProperties)); dao.setCaseInsensitiveUsername(groovy.isCaseInsensitive()); dao.setOrder(groovy.getOrder()); LOGGER.debug("Configured Groovy attribute sources from [{}]", groovy.getLocation()); list.add(dao); } }); return list; }
@Bean @RefreshScope public PrincipalResolver trustedPrincipalResolver() { val resolver = new ChainingPrincipalResolver(); val personDirectory = casProperties.getPersonDirectory(); val trusted = casProperties.getAuthn().getTrusted(); val principalAttribute = StringUtils.defaultIfBlank(trusted.getPrincipalAttribute(), personDirectory.getPrincipalAttribute()); val bearingPrincipalResolver = new PrincipalBearingPrincipalResolver(attributeRepository.getIfAvailable(), trustedPrincipalFactory(), trusted.isReturnNull() || personDirectory.isReturnNull(), principalAttribute, trusted.isUseExistingPrincipalId() || personDirectory.isUseExistingPrincipalId()); resolver.setChain(CollectionUtils.wrapList(new EchoingPrincipalResolver(), bearingPrincipalResolver)); return resolver; }
@Bean @ConditionalOnMissingBean(name = "jaasPersonDirectoryPrincipalResolvers") public List<PrincipalResolver> jaasPersonDirectoryPrincipalResolvers() { val personDirectory = casProperties.getPersonDirectory(); return casProperties.getAuthn().getJaas() .stream() .filter(jaas -> StringUtils.isNotBlank(jaas.getRealm())) .map(jaas -> { val jaasPrincipal = jaas.getPrincipal(); val principalAttribute = StringUtils.defaultIfBlank(jaasPrincipal.getPrincipalAttribute(), personDirectory.getPrincipalAttribute()); return new PersonDirectoryPrincipalResolver(attributeRepository.getIfAvailable(), jaasPrincipalFactory(), jaasPrincipal.isReturnNull() || personDirectory.isReturnNull(), principalAttribute, jaasPrincipal.isUseExistingPrincipalId() || personDirectory.isUseExistingPrincipalId()); }) .collect(Collectors.toList()); }