View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.syncope.wa.starter.mapping;
20  
21  import java.util.List;
22  import java.util.Optional;
23  import org.apache.syncope.common.lib.policy.AttrReleasePolicyTO;
24  import org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf;
25  import org.apache.syncope.common.lib.wa.WAClientApp;
26  import org.apache.syncope.wa.bootstrap.mapping.AttrReleaseMapper;
27  import org.apereo.cas.authentication.AuthenticationEventExecutionPlan;
28  import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
29  import org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy;
30  import org.apereo.cas.services.RegisteredService;
31  import org.apereo.cas.services.RegisteredServiceAccessStrategy;
32  import org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy;
33  import org.apereo.cas.services.RegisteredServiceAuthenticationPolicy;
34  import org.apereo.cas.services.RegisteredServiceDelegatedAuthenticationPolicy;
35  import org.apereo.cas.services.RegisteredServiceMultifactorPolicy;
36  import org.apereo.cas.services.RegisteredServiceProxyGrantingTicketExpirationPolicy;
37  import org.apereo.cas.services.RegisteredServiceProxyTicketExpirationPolicy;
38  import org.apereo.cas.services.RegisteredServiceServiceTicketExpirationPolicy;
39  import org.apereo.cas.services.RegisteredServiceTicketGrantingTicketExpirationPolicy;
40  import org.slf4j.Logger;
41  import org.slf4j.LoggerFactory;
42  import org.springframework.beans.factory.ObjectProvider;
43  
44  public class RegisteredServiceMapper {
45  
46      protected static final Logger LOG = LoggerFactory.getLogger(RegisteredServiceMapper.class);
47  
48      protected final String pac4jCoreName;
49  
50      protected final ObjectProvider<AuthenticationEventExecutionPlan> authEventExecPlan;
51  
52      protected final List<MultifactorAuthenticationProvider> multifactorAuthenticationProviders;
53  
54      protected final List<AuthMapper> authMappers;
55  
56      protected final List<AccessMapper> accessMappers;
57  
58      protected final List<AttrReleaseMapper> attrReleaseMappers;
59  
60      protected final List<TicketExpirationMapper> ticketExpirationMappers;
61  
62      protected final List<ClientAppMapper> clientAppMappers;
63  
64      public RegisteredServiceMapper(
65              final String pac4jCoreName,
66              final ObjectProvider<AuthenticationEventExecutionPlan> authEventExecPlan,
67              final List<MultifactorAuthenticationProvider> multifactorAuthenticationProviders,
68              final List<AuthMapper> authMappers,
69              final List<AccessMapper> accessMappers,
70              final List<AttrReleaseMapper> attrReleaseMappers,
71              final List<TicketExpirationMapper> ticketExpirationMappers,
72              final List<ClientAppMapper> clientAppMappers) {
73  
74          this.pac4jCoreName = pac4jCoreName;
75          this.authEventExecPlan = authEventExecPlan;
76          this.multifactorAuthenticationProviders = multifactorAuthenticationProviders;
77          this.authMappers = authMappers;
78          this.accessMappers = accessMappers;
79          this.attrReleaseMappers = attrReleaseMappers;
80          this.ticketExpirationMappers = ticketExpirationMappers;
81          this.clientAppMappers = clientAppMappers;
82      }
83  
84      public RegisteredService toRegisteredService(final WAClientApp clientApp) {
85          return clientAppMappers.stream().
86                  filter(m -> m.supports(clientApp.getClientAppTO())).
87                  findFirst().
88                  map(clientAppMapper -> toRegisteredService(clientApp, clientAppMapper)).
89                  orElseGet(() -> {
90                      LOG.warn("Unable to locate mapper for {}", clientApp.getClientAppTO().getClass().getName());
91                      return null;
92                  });
93      }
94  
95      public RegisteredService toRegisteredService(final WAClientApp clientApp, final ClientAppMapper clientAppMapper) {
96          RegisteredServiceAuthenticationPolicy authPolicy = null;
97          RegisteredServiceMultifactorPolicy mfaPolicy = null;
98          RegisteredServiceDelegatedAuthenticationPolicy delegatedAuthPolicy = null;
99          if (clientApp.getAuthPolicy() != null) {
100             Optional<AuthMapper> authMapper = authMappers.stream().
101                     filter(m -> m.supports(clientApp.getAuthPolicy().getConf())).
102                     findFirst();
103             AuthMapperResult result = authMapper.map(mapper -> mapper.build(
104                     pac4jCoreName, authEventExecPlan, multifactorAuthenticationProviders, clientApp.getAuthPolicy(),
105                     clientApp.getAuthModules())).
106                     orElse(AuthMapperResult.EMPTY);
107             authPolicy = result.getAuthPolicy();
108             mfaPolicy = result.getMfaPolicy();
109             delegatedAuthPolicy = result.getDelegateAuthPolicy();
110         }
111 
112         RegisteredServiceAccessStrategy accessStrategy = null;
113         if (clientApp.getAccessPolicy() != null) {
114             Optional<AccessMapper> accessMapper = accessMappers.stream().
115                     filter(m -> m.supports(clientApp.getAccessPolicy().getConf())).
116                     findFirst();
117             accessStrategy = accessMapper.map(mapper -> mapper.build(clientApp.getAccessPolicy())).orElse(null);
118         }
119         if (delegatedAuthPolicy != null) {
120             if (accessStrategy == null) {
121                 accessStrategy = new DefaultRegisteredServiceAccessStrategy();
122             }
123             if (accessStrategy instanceof DefaultRegisteredServiceAccessStrategy) {
124                 ((DefaultRegisteredServiceAccessStrategy) accessStrategy).
125                         setDelegatedAuthenticationPolicy(delegatedAuthPolicy);
126             } else {
127                 LOG.warn("Could not set delegated auth policy because access strategy is instance of {}",
128                         accessStrategy.getClass().getName());
129             }
130         }
131 
132         AttrReleasePolicyTO attrReleasePolicyTO = Optional.ofNullable(clientApp.getAttrReleasePolicy()).
133                 orElseGet(() -> {
134                     AttrReleasePolicyTO arpTO = new AttrReleasePolicyTO();
135                     arpTO.setConf(new DefaultAttrReleasePolicyConf());
136                     return arpTO;
137                 });
138         Optional<AttrReleaseMapper> attrReleaseMapper = attrReleaseMappers.stream().
139                 filter(m -> m.supports(attrReleasePolicyTO.getConf())).
140                 findFirst();
141         RegisteredServiceAttributeReleasePolicy attributeReleasePolicy =
142                 attrReleaseMapper.map(mapper -> mapper.build(attrReleasePolicyTO)).orElse(null);
143 
144         RegisteredServiceTicketGrantingTicketExpirationPolicy tgtExpirationPolicy = null;
145         RegisteredServiceServiceTicketExpirationPolicy stExpirationPolicy = null;
146         RegisteredServiceProxyGrantingTicketExpirationPolicy tgtProxyExpirationPolicy = null;
147         RegisteredServiceProxyTicketExpirationPolicy stProxyExpirationPolicy = null;
148         if (clientApp.getTicketExpirationPolicy() != null) {
149             TicketExpirationMapper ticketExpirationMapper = ticketExpirationMappers.stream().
150                     filter(m -> m.supports(clientApp.getTicketExpirationPolicy().getConf())).
151                     findFirst().orElse(null);
152             if (ticketExpirationMapper != null) {
153                 tgtExpirationPolicy = ticketExpirationMapper.buildTGT(clientApp.getTicketExpirationPolicy());
154                 stExpirationPolicy = ticketExpirationMapper.buildST(clientApp.getTicketExpirationPolicy());
155                 tgtProxyExpirationPolicy = ticketExpirationMapper.buildProxyTGT(clientApp.getTicketExpirationPolicy());
156                 stProxyExpirationPolicy = ticketExpirationMapper.buildProxyST(clientApp.getTicketExpirationPolicy());
157             }
158         }
159 
160         return clientAppMapper.map(
161                 clientApp,
162                 authPolicy,
163                 mfaPolicy,
164                 accessStrategy,
165                 attributeReleasePolicy,
166                 tgtExpirationPolicy,
167                 stExpirationPolicy,
168                 tgtProxyExpirationPolicy,
169                 stProxyExpirationPolicy);
170     }
171 }