private Map<String, String> getParsedUsers() { val pattern = Pattern.compile("::"); val usersProperty = casProperties.getAuthn().getAccept().getUsers(); if (StringUtils.isNotBlank(usersProperty) && usersProperty.contains(pattern.pattern())) { return Stream.of(usersProperty.split(",")) .map(pattern::split) .collect(Collectors.toMap(userAndPassword -> userAndPassword[0], userAndPassword -> userAndPassword[1])); } return new HashMap<>(0); }
@ConditionalOnMissingBean(name = "acceptUsersAuthenticationEventExecutionPlanConfigurer") @Bean @RefreshScope public AuthenticationEventExecutionPlanConfigurer acceptUsersAuthenticationEventExecutionPlanConfigurer() { return plan -> { if (StringUtils.isNotBlank(this.casProperties.getAuthn().getAccept().getUsers())) { val header = "\nCAS is configured to accept a static list of credentials for authentication. " + "While this is generally useful for demo purposes, it is STRONGLY recommended " + "that you DISABLE this authentication method (by setting 'cas.authn.accept.users' " + "to a blank value) and switch to a mode that is more suitable for production."; AsciiArtUtils.printAsciiArtWarning(LOGGER, "STOP!", header); plan.registerAuthenticationHandlerWithPrincipalResolver(acceptUsersAuthenticationHandler.getIfAvailable(), defaultPrincipalResolver.getIfAvailable()); } }; } }
@RefreshScope @Bean public AuthenticationHandler acceptUsersAuthenticationHandler() { val props = casProperties.getAuthn().getAccept(); val h = new AcceptUsersAuthenticationHandler(props.getName(), servicesManager.getIfAvailable(), acceptUsersPrincipalFactory(), null, getParsedUsers()); h.setPasswordEncoder(PasswordEncoderUtils.newPasswordEncoder(props.getPasswordEncoder())); h.setPasswordPolicyConfiguration(acceptPasswordPolicyConfiguration()); h.setCredentialSelectionPredicate(CoreAuthenticationUtils.newCredentialSelectionPredicate(props.getCredentialCriteria())); h.setPrincipalNameTransformer(PrincipalNameTransformerUtils.newPrincipalNameTransformer(props.getPrincipalTransformation())); val passwordPolicy = props.getPasswordPolicy(); h.setPasswordPolicyHandlingStrategy(CoreAuthenticationUtils.newPasswordPolicyHandlingStrategy(passwordPolicy)); if (passwordPolicy.isEnabled()) { val cfg = new PasswordPolicyConfiguration(passwordPolicy); if (passwordPolicy.isAccountStateHandlingEnabled()) { cfg.setAccountStateHandler((response, configuration) -> new ArrayList<>(0)); } else { LOGGER.debug("Handling account states is disabled via CAS configuration"); } h.setPasswordPolicyConfiguration(cfg); } return h; }