1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.syncope.wa.starter.mapping;
20
21 import java.util.HashSet;
22 import java.util.List;
23 import java.util.Optional;
24 import java.util.Set;
25 import java.util.stream.Collectors;
26 import org.apache.commons.lang3.tuple.Pair;
27 import org.apache.syncope.common.lib.auth.MFAAuthModuleConf;
28 import org.apache.syncope.common.lib.auth.Pac4jAuthModuleConf;
29 import org.apache.syncope.common.lib.policy.AuthPolicyConf;
30 import org.apache.syncope.common.lib.policy.AuthPolicyTO;
31 import org.apache.syncope.common.lib.policy.DefaultAuthPolicyConf;
32 import org.apache.syncope.common.lib.to.AuthModuleTO;
33 import org.apereo.cas.authentication.AuthenticationEventExecutionPlan;
34 import org.apereo.cas.authentication.AuthenticationHandler;
35 import org.apereo.cas.authentication.MultifactorAuthenticationHandler;
36 import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
37 import org.apereo.cas.services.AnyAuthenticationHandlerRegisteredServiceAuthenticationPolicyCriteria;
38 import org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy;
39 import org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy;
40 import org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy;
41 import org.slf4j.Logger;
42 import org.slf4j.LoggerFactory;
43 import org.springframework.beans.factory.ObjectProvider;
44
45 public class DefaultAuthMapper implements AuthMapper {
46
47 protected static final Logger LOG = LoggerFactory.getLogger(DefaultAuthMapper.class);
48
49 @Override
50 public boolean supports(final AuthPolicyConf conf) {
51 return DefaultAuthPolicyConf.class.equals(conf.getClass());
52 }
53
54 @Override
55 public AuthMapperResult build(
56 final String pac4jCoreName,
57 final ObjectProvider<AuthenticationEventExecutionPlan> authEventExecPlan,
58 final List<MultifactorAuthenticationProvider> multifactorAuthenticationProviders,
59 final AuthPolicyTO policy,
60 final List<AuthModuleTO> authModules) {
61
62 DefaultRegisteredServiceAuthenticationPolicy authPolicy = new DefaultRegisteredServiceAuthenticationPolicy();
63
64 Set<String> mfaAuthHandlers = new HashSet<>();
65 Set<Pair<String, String>> delegatedAuthHandlers = new HashSet<>();
66
67 DefaultAuthPolicyConf policyConf = (DefaultAuthPolicyConf) policy.getConf();
68 Set<String> authHandlers = authModules.stream().map(AuthModuleTO::getKey).
69 collect(Collectors.toCollection(HashSet::new));
70 if (!authHandlers.isEmpty()) {
71 mfaAuthHandlers.addAll(authEventExecPlan.getObject().getAuthenticationHandlers().stream().
72 filter(MultifactorAuthenticationHandler.class::isInstance).
73 filter(mfaAuthHander -> policyConf.getAuthModules().contains(mfaAuthHander.getName())).
74 map(AuthenticationHandler::getName).
75 collect(Collectors.toSet()));
76 authHandlers.removeAll(mfaAuthHandlers);
77
78 delegatedAuthHandlers.addAll(authModules.stream().
79 filter(m -> m.getConf() instanceof Pac4jAuthModuleConf).
80 map(m -> Pair.of(
81 m.getKey(),
82 Optional.ofNullable(((Pac4jAuthModuleConf) m.getConf()).getClientName()).orElse(m.getKey()))).
83 collect(Collectors.toSet()));
84 if (!delegatedAuthHandlers.isEmpty()) {
85 authHandlers.removeAll(delegatedAuthHandlers.stream().map(Pair::getLeft).collect(Collectors.toSet()));
86 authHandlers.add(pac4jCoreName);
87 }
88
89 authPolicy.setRequiredAuthenticationHandlers(authHandlers);
90 }
91
92 AnyAuthenticationHandlerRegisteredServiceAuthenticationPolicyCriteria criteria =
93 new AnyAuthenticationHandlerRegisteredServiceAuthenticationPolicyCriteria();
94 criteria.setTryAll(policyConf.isTryAll());
95 authPolicy.setCriteria(criteria);
96
97 DefaultRegisteredServiceMultifactorPolicy mfaPolicy = null;
98 if (!mfaAuthHandlers.isEmpty()) {
99 Set<String> fns = mfaAuthHandlers.stream().
100 map(handler -> authModules.stream().filter(am -> handler.equals(am.getKey())).findFirst()).
101 filter(Optional::isPresent).
102 map(Optional::get).
103 filter(am -> am.getConf() instanceof MFAAuthModuleConf).
104 map(am -> ((MFAAuthModuleConf) am.getConf()).getFriendlyName()).
105 collect(Collectors.toSet());
106
107 Set<String> mfaProviders = multifactorAuthenticationProviders.stream().
108 filter(map -> fns.contains(map.getFriendlyName())).
109 map(MultifactorAuthenticationProvider::getId).
110 collect(Collectors.toSet());
111
112 mfaPolicy = new DefaultRegisteredServiceMultifactorPolicy();
113 mfaPolicy.setBypassEnabled(false);
114 mfaPolicy.setForceExecution(true);
115 mfaPolicy.setMultifactorAuthenticationProviders(mfaProviders);
116 }
117
118 DefaultRegisteredServiceDelegatedAuthenticationPolicy delegatedAuthPolicy = null;
119 if (!delegatedAuthHandlers.isEmpty()) {
120 delegatedAuthPolicy = new DefaultRegisteredServiceDelegatedAuthenticationPolicy();
121 delegatedAuthPolicy.getAllowedProviders().addAll(
122 delegatedAuthHandlers.stream().map(Pair::getRight).collect(Collectors.toSet()));
123 }
124
125 return new AuthMapperResult(authPolicy, mfaPolicy, delegatedAuthPolicy);
126 }
127 }