/** * Ensure service access is allowed. * * @param registeredService the registered service */ public static void ensureServiceAccessIsAllowed(final RegisteredService registeredService) { ensureServiceAccessIsAllowed(registeredService != null ? registeredService.getName() : StringUtils.EMPTY, registeredService); }
@Override public boolean doPrincipalAttributesAllowServiceAccess(final String principal, final Map<String, Object> attributes) { if (isSurrogateAuthenticationSession(attributes)) { if (!isSurrogateEnabled()) { return false; } return doPrincipalAttributesAllowSurrogateServiceAccess(attributes); } return super.doPrincipalAttributesAllowServiceAccess(principal, attributes); }
@Override public boolean isServiceAccessAllowed() { if (!doesStartingTimeAllowServiceAccess()) { return false; } if (!doesEndingTimeAllowServiceAccess()) { return false; } return super.isServiceAccessAllowed(); }
@Override public boolean supports(final WebApplicationService singleLogoutService) { val selectedService = (WebApplicationService) this.authenticationRequestServiceSelectionStrategies.resolveService(singleLogoutService); val registeredService = this.servicesManager.findServiceBy(selectedService); if (registeredService != null && registeredService.getAccessStrategy().isServiceAccessAllowed() && registeredService.getLogoutType() != RegisteredServiceLogoutType.NONE) { return supportsInternal(singleLogoutService, registeredService); } return false; }
@Override @JsonIgnore public boolean isServiceAccessAllowed() { buildGroovyAccessStrategyInstanceIfNeeded(); return this.groovyStrategyInstance.isServiceAccessAllowed(); }
@Override public RegisteredService save(final RegisteredService registeredService) { if (registeredService.getId() == RegisteredService.INITIAL_IDENTIFIER_VALUE) { registeredService.setId(findHighestId() + 1); } val svc = findServiceById(registeredService.getId()); if (svc != null) { this.registeredServices.remove(svc); } this.registeredServices.add(registeredService); return registeredService; }
/** * Locate matching registered service property boolean. * * @param authentication the authentication * @param registeredService the registered service * @return true/false */ protected boolean locateMatchingRegisteredServiceForBypass(final Authentication authentication, final RegisteredService registeredService) { if (registeredService != null && registeredService.getMultifactorPolicy() != null) { return registeredService.getMultifactorPolicy().isBypassEnabled(); } return false; }
public DenyAllAttributeReleasePolicy() { setExcludeDefaultAttributes(true); setPrincipalIdAttribute(null); setAuthorizedToReleaseAuthenticationAttributes(false); setAuthorizedToReleaseCredentialPassword(false); setAuthorizedToReleaseProxyGrantingTicket(false); }
@JsonIgnore @Override public URI getUnauthorizedRedirectUrl() { buildGroovyAccessStrategyInstanceIfNeeded(); return this.groovyStrategyInstance.getUnauthorizedRedirectUrl(); }
@Override protected AbstractRegisteredService newInstance() { return new RegexRegisteredService(); }
@Override @JsonIgnore public boolean isServiceAccessAllowedForSso() { buildGroovyAccessStrategyInstanceIfNeeded(); return this.groovyStrategyInstance.isServiceAccessAllowedForSso(); }
private RegisteredService checkServiceExpirationPolicyIfAny(final RegisteredService registeredService) { if (registeredService == null || RegisteredServiceAccessStrategyUtils.ensureServiceIsNotExpired(registeredService)) { return registeredService; } return processExpiredRegisteredService(registeredService); }
/** * Return a list of services for the passed domain. * * @param domain the domain name * @return list of services */ default Collection<RegisteredService> getServicesForDomain(final String domain) { return getAllServices(); }
@JsonIgnore @Override public String getPrincipalAttributeValueToMatch() { buildGroovyMultifactorPolicyInstanceIfNeeded(); return this.groovyPolicyInstance.getPrincipalAttributeValueToMatch(); }
@JsonIgnore @Override public Set<String> getMultifactorAuthenticationProviders() { buildGroovyMultifactorPolicyInstanceIfNeeded(); return this.groovyPolicyInstance.getMultifactorAuthenticationProviders(); }
@Override public RegisteredServiceMultifactorPolicy.FailureModes failureMode() { return RegisteredServiceMultifactorPolicy.FailureModes.valueOf(failureMode); }
private RegisteredService validateRegisteredService(final RegisteredService registeredService) { val result = checkServiceExpirationPolicyIfAny(registeredService); if (validateAndFilterServiceByEnvironment(result)) { return result; } return null; }
@Override @JsonIgnore public void setServiceAccessAllowed(final boolean enabled) { buildGroovyAccessStrategyInstanceIfNeeded(); this.groovyStrategyInstance.setServiceAccessAllowed(enabled); }
@Override public Map<String, Object> getAttributesInternal(final Principal principal, final Map<String, Object> attrs, final RegisteredService service) { return authorizeReleaseOfAllowedAttributes(attrs); }
@Override public boolean matchesExistingService(final String service) { return findServiceBy(service) != null; }