@Override public Optional<MultifactorAuthenticationProvider> isActivated(final Authentication authentication, final RegisteredService registeredService, final HttpServletRequest httpServletRequest, final Service service) { val timedMultifactor = casProperties.getAuthn().getAdaptive().getRequireTimedMultifactor(); if (service == null || authentication == null) { LOGGER.debug("No service or authentication is available to determine event for principal"); return Optional.empty(); } if (timedMultifactor == null || timedMultifactor.isEmpty()) { LOGGER.debug("Adaptive authentication is not configured to require multifactor authentication by time"); return Optional.empty(); } val providerMap = MultifactorAuthenticationUtils.getAvailableMultifactorAuthenticationProviders(ApplicationContextProvider.getApplicationContext()); if (providerMap.isEmpty()) { LOGGER.error("No multifactor authentication providers are available in the application context"); throw new AuthenticationException(); } return checkTimedMultifactorProvidersForRequest(registeredService, authentication); }
@ConditionalOnMissingBean(name = "adaptiveAuthenticationPolicy") @Bean @RefreshScope public AdaptiveAuthenticationPolicy adaptiveAuthenticationPolicy() { return new DefaultAdaptiveAuthenticationPolicy(this.geoLocationService.getIfAvailable(), ipAddressIntelligenceService(), casProperties.getAuthn().getAdaptive()); }
final Service service) { val multifactorMap = casProperties.getAuthn().getAdaptive().getRequireMultifactor();
private Optional<MultifactorAuthenticationProvider> checkTimedMultifactorProvidersForRequest(final RegisteredService service, final Authentication authentication) { val timedMultifactor = casProperties.getAuthn().getAdaptive().getRequireTimedMultifactor(); val now = LocalDateTime.now(); val dow = DayOfWeek.from(now);
@ConditionalOnMissingBean(name = "ipAddressIntelligenceService") @Bean @RefreshScope public IPAddressIntelligenceService ipAddressIntelligenceService() { val adaptive = casProperties.getAuthn().getAdaptive(); val intel = adaptive.getIpIntel(); if (StringUtils.isNotBlank(intel.getRest().getUrl())) { return new RestfulIPAddressIntelligenceService(adaptive); } if (intel.getGroovy().getLocation() != null) { return new GroovyIPAddressIntelligenceService(adaptive); } if (StringUtils.isNotBlank(intel.getBlackDot().getEmailAddress())) { return new RestfulIPAddressIntelligenceService(adaptive); } return IPAddressIntelligenceService.allowed(); } }