@ConditionalOnMissingBean(name = "tokenAuthenticationHandler") @Bean public AuthenticationHandler tokenAuthenticationHandler() { val token = casProperties.getAuthn().getToken(); return new TokenAuthenticationHandler(token.getName(), servicesManager.getIfAvailable(), tokenPrincipalFactory(), PrincipalNameTransformerUtils.newPrincipalNameTransformer(token.getPrincipalTransformation())); }
@Bean public AuthenticationHandler tokenAuthenticationHandler() { final TokenAuthenticationProperties token = casProperties.getAuthn().getToken(); return new TokenAuthenticationHandler(token.getName(), servicesManager, tokenPrincipalFactory(), Beans.newPrincipalNameTransformer(token.getPrincipalTransformation())); }
@Bean public CipherExecutor tokenCipherExecutor() { final CryptographyProperties crypto = casProperties.getAuthn().getToken().getCrypto(); return new TokenTicketCipherExecutor(crypto.getEncryption().getKey(), crypto.getSigning().getKey()); }
@Bean @RefreshScope @ConditionalOnMissingBean(name = "tokenCipherExecutor") public CipherExecutor tokenCipherExecutor() { val crypto = casProperties.getAuthn().getToken().getCrypto(); val enabled = FunctionUtils.doIf( !crypto.isEnabled() && StringUtils.isNotBlank(crypto.getEncryption().getKey()) && StringUtils.isNotBlank(crypto.getSigning().getKey()), () -> { LOGGER.warn("Token encryption/signing is not enabled explicitly in the configuration, yet signing/encryption keys " + "are defined for operations. CAS will proceed to enable the token encryption/signing functionality."); return Boolean.TRUE; }, crypto::isEnabled) .get(); if (enabled) { return new TokenTicketCipherExecutor(crypto.getEncryption().getKey(), crypto.getSigning().getKey(), crypto.getAlg(), crypto.isEncryptionEnabled(), crypto.isSigningEnabled(), crypto.getSigning().getKeySize(), crypto.getEncryption().getKeySize()); } LOGGER.info("Token cookie encryption/signing is turned off. This " + "MAY NOT be safe in a production environment. Consider using other choices to handle encryption, " + "signing and verification of generated tokens."); return CipherExecutor.noOp(); }