@Override public void validate(ConfigProblemSetBuilder p, Authn n) { if (!n.isEnabled() && maybeShouldBeEnabled(n)) { p.addProblem(Problem.Severity.WARNING, "An authentication method is fully or " + "partially configured, but not enabled. It must be enabled to take effect."); } }
public Authn getAuthn(String deploymentName) { Security security = getSecurity(deploymentName); Authn result = security.getAuthn(); if (result == null) { result = new Authn(); security.setAuthn(result); } return result; }
public void setAuthnMethod(String deploymentName, AuthnMethod method) { Authn authn = getAuthn(deploymentName); switch (method.getMethod()) { case OAuth2: authn.setOauth2((OAuth2) method); break; case SAML: authn.setSaml((Saml) method); break; case LDAP: authn.setLdap((Ldap) method); break; case X509: authn.setX509((X509) method); break; case IAP: authn.setIap((IAP) method); break; default: throw new RuntimeException("Unknown Authn method " + method.getMethod()); } }
SpringConfig(Security security) { OAuth2 oauth2 = security.getAuthn().getOauth2(); if (oauth2.isEnabled()) { this.oauth2 = oauth2; } } }
public LdapConfig(Security security) { if (!security.getAuthn().getLdap().isEnabled()) { return; } Ldap ldap = security.getAuthn().getLdap(); this.enabled = ldap.isEnabled(); this.url = ldap.getUrl(); this.userDnPattern = ldap.getUserDnPattern(); this.userSearchBase = ldap.getUserSearchBase(); this.userSearchFilter = ldap.getUserSearchFilter(); } }
public X509Config(Security security) { if (!security.getAuthn().getX509().isEnabled()) { return; } X509 x509 = security.getAuthn().getX509(); this.enabled = x509.isEnabled(); if (StringUtils.isNotEmpty(x509.getRoleOid())) { this.roleOid = x509.getRoleOid(); } if (StringUtils.isNotEmpty(x509.getNodeName())) { this.subjectPrincipalRegex = x509.getSubjectPrincipalRegex(); } } }
public IAPConfig(Security security) { if (!security.getAuthn().getIap().isEnabled()) { return; } IAP iap = security.getAuthn().getIap(); this.enabled = iap.isEnabled(); if (StringUtils.isNotEmpty(iap.getAudience())) { this.audience = iap.getAudience(); } if (StringUtils.isNotEmpty(iap.getJwtHeader())) { this.jwtHeader = iap.getJwtHeader(); } if (StringUtils.isNotEmpty(iap.getIssuerId())) { this.issuerId = iap.getIssuerId(); } if (StringUtils.isNotEmpty(iap.getIapVerifyKeyUrl())) { this.iapVerifyKeyUrl = iap.getIapVerifyKeyUrl(); } } }
public SamlConfig(Security security) { if (!security.getAuthn().getSaml().isEnabled()) { return; } Saml saml = security.getAuthn().getSaml(); this.enabled = saml.isEnabled(); this.issuerId = saml.getIssuerId(); this.metadataUrl = "file:" + saml.getMetadataLocal(); if (StringUtils.isNotEmpty(saml.getMetadataRemote())) { this.metadataUrl = saml.getMetadataRemote(); } this.keyStore = "file:" + saml.getKeyStore(); this.keyStoreAliasName = saml.getKeyStoreAliasName(); this.keyStorePassword = saml.getKeyStorePassword(); URL u = saml.getServiceAddress(); this.redirectProtocol = u.getProtocol(); this.redirectHostname = u.getHost(); if (u.getPort() != -1) { this.redirectHostname += ":" + u.getPort(); } if (StringUtils.isNotEmpty(u.getPath())) { this.redirectBasePath = u.getPath(); } } }
public void setAuthnMethod(String deploymentName, AuthnMethod method) { Authn authn = getAuthn(deploymentName); switch (method.getMethod()) { case OAuth2: authn.setOauth2((OAuth2) method); break; case SAML: authn.setSaml((Saml) method); break; case LDAP: authn.setLdap((Ldap) method); break; case X509: authn.setX509((X509) method); break; case IAP: authn.setIap((IAP) method); break; default: throw new RuntimeException("Unknown Authn method " + method.getMethod()); } }
SpringConfig(Security security) { OAuth2 oauth2 = security.getAuthn().getOauth2(); if (oauth2.isEnabled()) { this.oauth2 = oauth2; } } }
public LdapConfig(Security security) { if (!security.getAuthn().getLdap().isEnabled()) { return; } Ldap ldap = security.getAuthn().getLdap(); this.enabled = ldap.isEnabled(); this.url = ldap.getUrl(); this.userDnPattern = ldap.getUserDnPattern(); this.userSearchBase = ldap.getUserSearchBase(); this.userSearchFilter = ldap.getUserSearchFilter(); } }
public X509Config(Security security) { if (!security.getAuthn().getX509().isEnabled()) { return; } X509 x509 = security.getAuthn().getX509(); this.enabled = x509.isEnabled(); if (StringUtils.isNotEmpty(x509.getRoleOid())) { this.roleOid = x509.getRoleOid(); } if (StringUtils.isNotEmpty(x509.getNodeName())) { this.subjectPrincipalRegex = x509.getSubjectPrincipalRegex(); } } }
public IAPConfig(Security security) { if (!security.getAuthn().getIap().isEnabled()) { return; } IAP iap = security.getAuthn().getIap(); this.enabled = iap.isEnabled(); if (StringUtils.isNotEmpty(iap.getAudience())) { this.audience = iap.getAudience(); } if (StringUtils.isNotEmpty(iap.getJwtHeader())) { this.jwtHeader = iap.getJwtHeader(); } if (StringUtils.isNotEmpty(iap.getIssuerId())) { this.issuerId = iap.getIssuerId(); } if (StringUtils.isNotEmpty(iap.getIapVerifyKeyUrl())) { this.iapVerifyKeyUrl = iap.getIapVerifyKeyUrl(); } } }
public SamlConfig(Security security) { if (!security.getAuthn().getSaml().isEnabled()) { return; } Saml saml = security.getAuthn().getSaml(); this.enabled = saml.isEnabled(); this.issuerId = saml.getIssuerId(); this.metadataUrl = "file:" + saml.getMetadataLocal(); if (StringUtils.isNotEmpty(saml.getMetadataRemote())) { this.metadataUrl = saml.getMetadataRemote(); } this.keyStore = "file:" + saml.getKeyStore(); this.keyStoreAliasName = saml.getKeyStoreAliasName(); this.keyStorePassword = saml.getKeyStorePassword(); URL u = saml.getServiceAddress(); this.redirectProtocol = u.getProtocol(); this.redirectHostname = u.getHost(); if (u.getPort() != -1) { this.redirectHostname += ":" + u.getPort(); } if (StringUtils.isNotEmpty(u.getPath())) { this.redirectBasePath = u.getPath(); } } }
public boolean isAuth(DeploymentConfiguration deploymentConfiguration) { return deploymentConfiguration.getSecurity().getAuthn().isEnabled(); } }
public Authn getAuthn(String deploymentName) { Security security = getSecurity(deploymentName); Authn result = security.getAuthn(); if (result == null) { result = new Authn(); security.setAuthn(result); } return result; }
/** * @return True if any core field in an authentication method has a non-empty value. "Core fields" * are generally required fields to make an authentication method work, such as client ID/secret, * or path to a certficate store. */ private boolean maybeShouldBeEnabled(Authn n) { OAuth2 o = n.getOauth2(); Saml s = n.getSaml(); Ldap l = n.getLdap(); IAP i = n.getIap(); // There isn't a good "core fields" for X509 return StringUtils.isNotEmpty(o.getClient().getClientId()) || StringUtils.isNotEmpty(o.getClient().getClientSecret()) || StringUtils.isNotEmpty(s.getIssuerId()) || StringUtils.isNotEmpty(s.getKeyStore()) || StringUtils.isNotEmpty(l.getUserDnPattern()) || StringUtils.isNotEmpty(l.getUserSearchBase()) || StringUtils.isNotEmpty(l.getUserSearchFilter()) || StringUtils.isNotEmpty(i.getAudience()); } }
public boolean isAuth(DeploymentConfiguration deploymentConfiguration) { return deploymentConfiguration.getSecurity().getAuthn().isEnabled(); } }