/** * Ensure principal access is allowed for service. * * @param service the service * @param registeredService the registered service * @param authentication the authentication */ static void ensurePrincipalAccessIsAllowedForService(final Service service, final RegisteredService registeredService, final Authentication authentication) { ensurePrincipalAccessIsAllowedForService(service, registeredService, authentication, true); }
/** * Ensure service access is allowed. * * @param serviceTicket the service ticket * @param context the context * @param registeredService the registered service * @throws UnauthorizedServiceException the unauthorized service exception * @throws PrincipalException the principal exception */ static void ensurePrincipalAccessIsAllowedForService(final ServiceTicket serviceTicket, final AuthenticationResult context, final RegisteredService registeredService) throws UnauthorizedServiceException, PrincipalException { ensurePrincipalAccessIsAllowedForService(serviceTicket.getService(), registeredService, context.getAuthentication()); }
/** * Ensure service access is allowed. Determines the final authentication object * by looking into the chained authentications of the ticket granting ticket. * * @param service the service * @param registeredService the registered service * @param ticketGrantingTicket the ticket granting ticket * @param retrievePrincipalAttributesFromReleasePolicy the retrieve principal attributes from release policy * @throws UnauthorizedServiceException the unauthorized service exception * @throws PrincipalException the principal exception */ static void ensurePrincipalAccessIsAllowedForService(final Service service, final RegisteredService registeredService, final TicketGrantingTicket ticketGrantingTicket, final boolean retrievePrincipalAttributesFromReleasePolicy) throws UnauthorizedServiceException, PrincipalException { ensurePrincipalAccessIsAllowedForService(service, registeredService, ticketGrantingTicket.getRoot().getAuthentication(), retrievePrincipalAttributesFromReleasePolicy); }
/** * Ensure service access is allowed. * * @param serviceTicket the service ticket * @param registeredService the registered service * @param ticketGrantingTicket the ticket granting ticket * @param retrievePrincipalAttributesFromReleasePolicy the retrieve principal attributes from release policy * @throws UnauthorizedServiceException the unauthorized service exception * @throws PrincipalException the principal exception */ static void ensurePrincipalAccessIsAllowedForService(final ServiceTicket serviceTicket, final RegisteredService registeredService, final TicketGrantingTicket ticketGrantingTicket, final boolean retrievePrincipalAttributesFromReleasePolicy) throws UnauthorizedServiceException, PrincipalException { ensurePrincipalAccessIsAllowedForService(serviceTicket.getService(), registeredService, ticketGrantingTicket.getAuthentication(), retrievePrincipalAttributesFromReleasePolicy); }
val result = AuditableExecutionResult.of(context); try { RegisteredServiceAccessStrategyUtils.ensurePrincipalAccessIsAllowedForService(context.getServiceTicket().get(), context.getAuthenticationResult().get(), providedRegisteredService.get()); } catch (final PrincipalException e) { .build(); try { RegisteredServiceAccessStrategyUtils.ensurePrincipalAccessIsAllowedForService(service, registeredService, ticketGrantingTicket.get(), RegisteredServiceAccessStrategyUtils.ensurePrincipalAccessIsAllowedForService(service, registeredService, authentication,
/** * Ensure service access is allowed. * * @param service the service * @param registeredService the registered service * @param authentication the authentication * @param retrievePrincipalAttributesFromReleasePolicy retrieve attributes from release policy or simply rely on the principal attributes * already collected. Setting this value to false bears the assumption that the policy * has run already. * @throws UnauthorizedServiceException the unauthorized service exception * @throws PrincipalException the principal exception */ static void ensurePrincipalAccessIsAllowedForService(final Service service, final RegisteredService registeredService, final Authentication authentication, final boolean retrievePrincipalAttributesFromReleasePolicy) throws UnauthorizedServiceException, PrincipalException { ensureServiceAccessIsAllowed(service, registeredService); val principal = authentication.getPrincipal(); val principalAttrs = retrievePrincipalAttributesFromReleasePolicy && registeredService != null && registeredService.getAttributeReleasePolicy() != null ? registeredService.getAttributeReleasePolicy().getAttributes(principal, service, registeredService) : authentication.getPrincipal().getAttributes(); val attributes = new HashMap<String, Object>(principalAttrs); attributes.putAll(authentication.getAttributes()); ensurePrincipalAccessIsAllowedForService(service, registeredService, principal.getId(), attributes); }