private static Optional<Object> getFirstAttributeByName(final Principal principal, final String attribute) { val value = principal.getAttributes().get(attribute); return CollectionUtils.firstElement(value); }
/** * Get alternate principal if alternate attribute configured. * @param certificate X509 Certificate of user * @return principal using alternate attribute or null if none configured */ protected String getAlternatePrincipal(final X509Certificate certificate) { if (alternatePrincipalAttribute == null) { return null; } val attributes = extractPersonAttributes(certificate); val attribute = attributes.get(alternatePrincipalAttribute); if (attribute == null) { LOGGER.debug("Attempt to get alternate principal with attribute {} was unsuccessful.", alternatePrincipalAttribute); return null; } val optionalAttribute = CollectionUtils.firstElement(attribute); if (optionalAttribute.isEmpty()) { LOGGER.debug("Alternate attribute list for {} was empty.", alternatePrincipalAttribute); return null; } val alternatePrincipal = optionalAttribute.get().toString(); if (StringUtils.isNotEmpty(alternatePrincipal)) { LOGGER.debug("Using alternate principal attribute {} ", alternatePrincipal); return alternatePrincipal; } LOGGER.debug("Returning null principal id..."); return null; }
LOGGER.debug("Found attribute [{}] with value(s) [{}]", key, values); if (values.size() == 1) { val value = CollectionUtils.firstElement(values).get(); convertedAttributes.put(key, value); } else { val values = result.get(); if (!values.isEmpty()) { principalId = CollectionUtils.firstElement(values).get().toString(); LOGGER.debug("Found principal id attribute value [{}] and removed it from the collection of attributes", principalId);
@Override public String generate(final Principal principal, final Service service) { val attributes = principal.getAttributes(); LOGGER.debug("Found principal attributes [{}] to use when generating persistent identifiers", attributes); val principalId = FunctionUtils.doIf( StringUtils.isNotBlank(this.attribute) && attributes.containsKey(this.attribute), () -> { val attributeValue = attributes.get(this.attribute); LOGGER.debug("Using attribute [{}] to establish principal id", this.attribute); return CollectionUtils.firstElement(attributeValue).get().toString(); }, () -> { LOGGER.debug("Using principal id [{}] to generate persistent identifier", principal.getId()); return principal.getId(); } ).get(); return generate(principalId, service != null ? service.getId() : null); }
@Override public Optional<MultifactorAuthenticationProvider> isActivated(final Authentication authentication, final RegisteredService registeredService, final HttpServletRequest httpServletRequest, final Service service) { if (authentication == null) { LOGGER.debug("No authentication is available to determine event for principal"); return Optional.empty(); } val principal = getPrincipalForMultifactorAuthentication(authentication); val result = resolveMultifactorAuthenticationProvider(Optional.empty(), registeredService, principal); if (result != null && !result.isEmpty()) { val id = CollectionUtils.firstElement(result); return MultifactorAuthenticationUtils.getMultifactorAuthenticationProviderById(id.toString(), ApplicationContextProvider.getApplicationContext()); } return Optional.empty(); }
val result = CollectionUtils.firstElement(idAttributeAsList); if (result.isPresent()) { val principalId = result.get().toString();
@Override protected String getExpirationPolicyNameFor(final TicketState ticketState) { val attrs = ticketState.getAuthentication().getAttributes(); val rememberMeRes = CollectionUtils.firstElement(attrs.get(RememberMeCredential.AUTHENTICATION_ATTRIBUTE_REMEMBER_ME)); if (rememberMeRes.isEmpty()) { return PolicyTypes.DEFAULT.name(); } val b = (Boolean) rememberMeRes.get(); if (b.equals(Boolean.FALSE)) { LOGGER.trace("Ticket is not associated with a remember-me authentication."); return PolicyTypes.DEFAULT.name(); } return PolicyTypes.REMEMBER_ME.name(); }
val isBypass = Boolean.class.cast(CollectionUtils.firstElement(attributes.get(MultifactorAuthenticationProviderBypass.AUTHENTICATION_ATTRIBUTE_BYPASS_MFA)).get()); val bypassedId = CollectionUtils.firstElement(attributes.get(MultifactorAuthenticationProviderBypass.AUTHENTICATION_ATTRIBUTE_BYPASS_MFA_PROVIDER)).get().toString(); LOGGER.trace("Found multifactor authentication bypass attributes for provider [{}]", bypassedId); if (isBypass && StringUtils.equals(bypassedId, requestedContext)) {
/** * Decide if credential password should be released as attribute. * The credential must have been cached as an authentication attribute * and the attribute release policy must be allowed to release the * attribute. * * @param attributes the attributes * @param authentication the authentication * @param service the service */ protected void decideIfCredentialPasswordShouldBeReleasedAsAttribute(final Map<String, Object> attributes, final Authentication authentication, final RegisteredService service) { val policy = service.getAttributeReleasePolicy(); val isAuthorized = policy != null && policy.isAuthorizedToReleaseCredentialPassword() && isAttributeAllowedForRelease(CasViewConstants.MODEL_ATTRIBUTE_NAME_PRINCIPAL_CREDENTIAL); val element = CollectionUtils.firstElement(authentication.getAttributes().get(CasViewConstants.MODEL_ATTRIBUTE_NAME_PRINCIPAL_CREDENTIAL)); val credential = element.map(Object::toString).orElse(null); decideAttributeReleaseBasedOnServiceAttributePolicy(attributes, credential, CasViewConstants.MODEL_ATTRIBUTE_NAME_PRINCIPAL_CREDENTIAL, service, isAuthorized); }
input -> providers.stream().anyMatch(provider -> input != null && provider.matches(input))); if (result != null && !result.isEmpty()) { val id = CollectionUtils.firstElement(result); return MultifactorAuthenticationUtils.getMultifactorAuthenticationProviderById(id.toString(), applicationContext);
val id = CollectionUtils.firstElement(result); return MultifactorAuthenticationUtils.getMultifactorAuthenticationProviderById(id.toString(), ApplicationContextProvider.getApplicationContext());
@Override public void authorize(final HttpServletRequest request, final Service service, final Assertion assertion) { val registeredService = this.servicesManager.findServiceBy(service); RegisteredServiceAccessStrategyUtils.ensureServiceAccessIsAllowed(service, registeredService); LOGGER.debug("Evaluating service [{}] for delegated authentication policy", service); val policy = registeredService.getAccessStrategy().getDelegatedAuthenticationPolicy(); if (policy != null) { val attributes = assertion.getPrimaryAuthentication().getAttributes(); if (attributes.containsKey(ClientCredential.AUTHENTICATION_ATTRIBUTE_CLIENT_NAME)) { val clientNameAttr = attributes.get(ClientCredential.AUTHENTICATION_ATTRIBUTE_CLIENT_NAME); val value = CollectionUtils.firstElement(clientNameAttr); if (value.isPresent()) { val client = value.get().toString(); LOGGER.debug("Evaluating delegated authentication policy [{}] for client [{}] and service [{}]", policy, client, registeredService); val context = AuditableContext.builder() .registeredService(registeredService) .properties(CollectionUtils.wrap(Client.class.getSimpleName(), client)) .build(); val result = delegatedAuthenticationPolicyEnforcer.execute(context); result.throwExceptionIfNeeded(); } } } } }