View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.syncope.wa.starter.mapping;
20  
21  import java.util.HashSet;
22  import java.util.List;
23  import java.util.Optional;
24  import java.util.Set;
25  import java.util.stream.Collectors;
26  import org.apache.commons.lang3.tuple.Pair;
27  import org.apache.syncope.common.lib.auth.MFAAuthModuleConf;
28  import org.apache.syncope.common.lib.auth.Pac4jAuthModuleConf;
29  import org.apache.syncope.common.lib.policy.AuthPolicyConf;
30  import org.apache.syncope.common.lib.policy.AuthPolicyTO;
31  import org.apache.syncope.common.lib.policy.DefaultAuthPolicyConf;
32  import org.apache.syncope.common.lib.to.AuthModuleTO;
33  import org.apereo.cas.authentication.AuthenticationEventExecutionPlan;
34  import org.apereo.cas.authentication.AuthenticationHandler;
35  import org.apereo.cas.authentication.MultifactorAuthenticationHandler;
36  import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
37  import org.apereo.cas.services.AnyAuthenticationHandlerRegisteredServiceAuthenticationPolicyCriteria;
38  import org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy;
39  import org.apereo.cas.services.DefaultRegisteredServiceDelegatedAuthenticationPolicy;
40  import org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy;
41  import org.slf4j.Logger;
42  import org.slf4j.LoggerFactory;
43  import org.springframework.beans.factory.ObjectProvider;
44  
45  public class DefaultAuthMapper implements AuthMapper {
46  
47      protected static final Logger LOG = LoggerFactory.getLogger(DefaultAuthMapper.class);
48  
49      @Override
50      public boolean supports(final AuthPolicyConf conf) {
51          return DefaultAuthPolicyConf.class.equals(conf.getClass());
52      }
53  
54      @Override
55      public AuthMapperResult build(
56              final String pac4jCoreName,
57              final ObjectProvider<AuthenticationEventExecutionPlan> authEventExecPlan,
58              final List<MultifactorAuthenticationProvider> multifactorAuthenticationProviders,
59              final AuthPolicyTO policy,
60              final List<AuthModuleTO> authModules) {
61  
62          DefaultRegisteredServiceAuthenticationPolicy authPolicy = new DefaultRegisteredServiceAuthenticationPolicy();
63  
64          Set<String> mfaAuthHandlers = new HashSet<>();
65          Set<Pair<String, String>> delegatedAuthHandlers = new HashSet<>();
66  
67          DefaultAuthPolicyConf policyConf = (DefaultAuthPolicyConf) policy.getConf();
68          Set<String> authHandlers = authModules.stream().map(AuthModuleTO::getKey).
69                  collect(Collectors.toCollection(HashSet::new));
70          if (!authHandlers.isEmpty()) {
71              mfaAuthHandlers.addAll(authEventExecPlan.getObject().getAuthenticationHandlers().stream().
72                      filter(MultifactorAuthenticationHandler.class::isInstance).
73                      filter(mfaAuthHander -> policyConf.getAuthModules().contains(mfaAuthHander.getName())).
74                      map(AuthenticationHandler::getName).
75                      collect(Collectors.toSet()));
76              authHandlers.removeAll(mfaAuthHandlers);
77  
78              delegatedAuthHandlers.addAll(authModules.stream().
79                      filter(m -> m.getConf() instanceof Pac4jAuthModuleConf).
80                      map(m -> Pair.of(
81                      m.getKey(),
82                      Optional.ofNullable(((Pac4jAuthModuleConf) m.getConf()).getClientName()).orElse(m.getKey()))).
83                      collect(Collectors.toSet()));
84              if (!delegatedAuthHandlers.isEmpty()) {
85                  authHandlers.removeAll(delegatedAuthHandlers.stream().map(Pair::getLeft).collect(Collectors.toSet()));
86                  authHandlers.add(pac4jCoreName);
87              }
88  
89              authPolicy.setRequiredAuthenticationHandlers(authHandlers);
90          }
91  
92          AnyAuthenticationHandlerRegisteredServiceAuthenticationPolicyCriteria criteria =
93                  new AnyAuthenticationHandlerRegisteredServiceAuthenticationPolicyCriteria();
94          criteria.setTryAll(policyConf.isTryAll());
95          authPolicy.setCriteria(criteria);
96  
97          DefaultRegisteredServiceMultifactorPolicy mfaPolicy = null;
98          if (!mfaAuthHandlers.isEmpty()) {
99              Set<String> fns = mfaAuthHandlers.stream().
100                     map(handler -> authModules.stream().filter(am -> handler.equals(am.getKey())).findFirst()).
101                     filter(Optional::isPresent).
102                     map(Optional::get).
103                     filter(am -> am.getConf() instanceof MFAAuthModuleConf).
104                     map(am -> ((MFAAuthModuleConf) am.getConf()).getFriendlyName()).
105                     collect(Collectors.toSet());
106 
107             Set<String> mfaProviders = multifactorAuthenticationProviders.stream().
108                     filter(map -> fns.contains(map.getFriendlyName())).
109                     map(MultifactorAuthenticationProvider::getId).
110                     collect(Collectors.toSet());
111 
112             mfaPolicy = new DefaultRegisteredServiceMultifactorPolicy();
113             mfaPolicy.setBypassEnabled(false);
114             mfaPolicy.setForceExecution(true);
115             mfaPolicy.setMultifactorAuthenticationProviders(mfaProviders);
116         }
117 
118         DefaultRegisteredServiceDelegatedAuthenticationPolicy delegatedAuthPolicy = null;
119         if (!delegatedAuthHandlers.isEmpty()) {
120             delegatedAuthPolicy = new DefaultRegisteredServiceDelegatedAuthenticationPolicy();
121             delegatedAuthPolicy.getAllowedProviders().addAll(
122                     delegatedAuthHandlers.stream().map(Pair::getRight).collect(Collectors.toSet()));
123         }
124 
125         return new AuthMapperResult(authPolicy, mfaPolicy, delegatedAuthPolicy);
126     }
127 }