/** * Transform principal attributes list into map map. * * @param list the list * @return the map */ public static Map<String, Object> transformPrincipalAttributesListIntoMap(final List<String> list) { val map = transformPrincipalAttributesListIntoMultiMap(list); return CollectionUtils.wrap(map); }
/** * Is remember me authentication? * looks at the authentication object to find {@link RememberMeCredential#AUTHENTICATION_ATTRIBUTE_REMEMBER_ME} * and expects the assertion to also note a new login session. * * @param model the model * @param assertion the assertion * @return true if remember-me, false if otherwise. */ public static boolean isRememberMeAuthentication(final Authentication model, final Assertion assertion) { val authnAttributes = convertAttributeValuesToMultiValuedObjects(model.getAttributes()); val authnMethod = (Collection) authnAttributes.get(RememberMeCredential.AUTHENTICATION_ATTRIBUTE_REMEMBER_ME); return authnMethod != null && authnMethod.contains(Boolean.TRUE) && assertion.isFromNewLogin(); }
private static void buildAuthenticationHistory(final Set<Authentication> authentications, final Map<String, Object> authenticationAttributes, final Map<String, Object> principalAttributes, final AuthenticationBuilder authenticationBuilder) { LOGGER.trace("Collecting authentication history based on [{}] authentication events", authentications.size()); authentications.forEach(authn -> { val authenticatedPrincipal = authn.getPrincipal(); LOGGER.debug("Evaluating authentication principal [{}] for inclusion in result", authenticatedPrincipal); principalAttributes.putAll(CoreAuthenticationUtils.mergeAttributes(principalAttributes, authenticatedPrincipal.getAttributes())); LOGGER.debug("Collected principal attributes [{}] for inclusion in this result for principal [{}]", principalAttributes, authenticatedPrincipal.getId()); authenticationAttributes.putAll(CoreAuthenticationUtils.mergeAttributes(authenticationAttributes, authn.getAttributes())); LOGGER.debug("Finalized authentication attributes [{}] for inclusion in this authentication result", authenticationAttributes); authenticationBuilder .addSuccesses(authn.getSuccesses()) .addFailures(authn.getFailures()) .addCredentials(authn.getCredentials()); }); }
.filter(ldapInstanceConfigurationPredicate()) .forEach(l -> { val multiMapAttributes = CoreAuthenticationUtils.transformPrincipalAttributesListIntoMultiMap(l.getPrincipalAttributeList()); LOGGER.debug("Created and mapped principal attributes [{}] for [{}]...", multiMapAttributes, l.getLdapUrl()); LOGGER.debug("Ldap authentication for [{}] is filtering credentials by [{}]", l.getLdapUrl(), l.getCredentialCriteria()); handler.setCredentialSelectionPredicate(CoreAuthenticationUtils.newCredentialSelectionPredicate(l.getCredentialCriteria()));
h.setPasswordPolicyHandlingStrategy(CoreAuthenticationUtils.newPasswordPolicyHandlingStrategy(passwordPolicy)); if (passwordPolicy.isEnabled()) { LOGGER.debug("Password policy is enabled for JAAS. Constructing password policy configuration for [{}]", jaas.getRealm()); h.setCredentialSelectionPredicate(CoreAuthenticationUtils.newCredentialSelectionPredicate(jaas.getCredentialCriteria())); return h; })
private void configureJdbcAuthenticationHandler(final AbstractJdbcUsernamePasswordAuthenticationHandler handler, final BaseJdbcAuthenticationProperties properties) { handler.setPasswordEncoder(PasswordEncoderUtils.newPasswordEncoder(properties.getPasswordEncoder())); handler.setPrincipalNameTransformer(PrincipalNameTransformerUtils.newPrincipalNameTransformer(properties.getPrincipalTransformation())); handler.setPasswordPolicyConfiguration(bindSearchPasswordPolicyConfiguration()); if (StringUtils.isNotBlank(properties.getCredentialCriteria())) { handler.setCredentialSelectionPredicate(CoreAuthenticationUtils.newCredentialSelectionPredicate(properties.getCredentialCriteria())); } LOGGER.trace("Configured authentication handler [{}] to handle database url at [{}]", handler.getName(), properties.getUrl()); } }
CollectionUtils.wrap(CoreAuthenticationUtils.isRememberMeAuthentication(authentication, assertion)));
@RefreshScope @Bean public AuthenticationHandler acceptUsersAuthenticationHandler() { val props = casProperties.getAuthn().getAccept(); val h = new AcceptUsersAuthenticationHandler(props.getName(), servicesManager.getIfAvailable(), acceptUsersPrincipalFactory(), null, getParsedUsers()); h.setPasswordEncoder(PasswordEncoderUtils.newPasswordEncoder(props.getPasswordEncoder())); h.setPasswordPolicyConfiguration(acceptPasswordPolicyConfiguration()); h.setCredentialSelectionPredicate(CoreAuthenticationUtils.newCredentialSelectionPredicate(props.getCredentialCriteria())); h.setPrincipalNameTransformer(PrincipalNameTransformerUtils.newPrincipalNameTransformer(props.getPrincipalTransformation())); val passwordPolicy = props.getPasswordPolicy(); h.setPasswordPolicyHandlingStrategy(CoreAuthenticationUtils.newPasswordPolicyHandlingStrategy(passwordPolicy)); if (passwordPolicy.isEnabled()) { val cfg = new PasswordPolicyConfiguration(passwordPolicy); if (passwordPolicy.isAccountStateHandlingEnabled()) { cfg.setAccountStateHandler((response, configuration) -> new ArrayList<>(0)); } else { LOGGER.debug("Handling account states is disabled via CAS configuration"); } h.setPasswordPolicyConfiguration(cfg); } return h; }
private AuthenticationHandler queryDatabaseAuthenticationHandler(final QueryJdbcAuthenticationProperties b) { val attributes = CoreAuthenticationUtils.transformPrincipalAttributesListIntoMultiMap(b.getPrincipalAttributeList()); LOGGER.trace("Created and mapped principal attributes [{}] for [{}]...", attributes, b.getUrl()); val h = new QueryDatabaseAuthenticationHandler(b.getName(), servicesManager.getIfAvailable(), jdbcPrincipalFactory(), b.getOrder(), JpaBeans.newDataSource(b), b.getSql(), b.getFieldPassword(), b.getFieldExpired(), b.getFieldDisabled(), CollectionUtils.wrap(attributes)); configureJdbcAuthenticationHandler(h, b); h.setPasswordPolicyConfiguration(queryPasswordPolicyConfiguration()); return h; }
/** * Gets principal attributes. * Single-valued attributes are converted to a collection * so the review can easily loop through all. * * @param model the model * @return the attributes * @since 4.1.0 */ protected Map<String, Object> getPrincipalAttributesAsMultiValuedAttributes(final Map<String, Object> model) { return CoreAuthenticationUtils.convertAttributeValuesToMultiValuedObjects(getPrincipal(model).getAttributes()); }
if (principalAttributes != null && !principalAttributes.isEmpty()) { LOGGER.debug("Adding attributes [{}] for the final principal", principalAttributes); attributes.putAll(CoreAuthenticationUtils.mergeAttributes(attributes, principalAttributes));