1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.syncope.wa.starter.mapping;
20
21 import java.util.List;
22 import java.util.Optional;
23 import org.apache.syncope.common.lib.policy.AttrReleasePolicyTO;
24 import org.apache.syncope.common.lib.policy.DefaultAttrReleasePolicyConf;
25 import org.apache.syncope.common.lib.wa.WAClientApp;
26 import org.apache.syncope.wa.bootstrap.mapping.AttrReleaseMapper;
27 import org.apereo.cas.authentication.AuthenticationEventExecutionPlan;
28 import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
29 import org.apereo.cas.services.DefaultRegisteredServiceAccessStrategy;
30 import org.apereo.cas.services.RegisteredService;
31 import org.apereo.cas.services.RegisteredServiceAccessStrategy;
32 import org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy;
33 import org.apereo.cas.services.RegisteredServiceAuthenticationPolicy;
34 import org.apereo.cas.services.RegisteredServiceDelegatedAuthenticationPolicy;
35 import org.apereo.cas.services.RegisteredServiceMultifactorPolicy;
36 import org.apereo.cas.services.RegisteredServiceProxyGrantingTicketExpirationPolicy;
37 import org.apereo.cas.services.RegisteredServiceProxyTicketExpirationPolicy;
38 import org.apereo.cas.services.RegisteredServiceServiceTicketExpirationPolicy;
39 import org.apereo.cas.services.RegisteredServiceTicketGrantingTicketExpirationPolicy;
40 import org.slf4j.Logger;
41 import org.slf4j.LoggerFactory;
42 import org.springframework.beans.factory.ObjectProvider;
43
44 public class RegisteredServiceMapper {
45
46 protected static final Logger LOG = LoggerFactory.getLogger(RegisteredServiceMapper.class);
47
48 protected final String pac4jCoreName;
49
50 protected final ObjectProvider<AuthenticationEventExecutionPlan> authEventExecPlan;
51
52 protected final List<MultifactorAuthenticationProvider> multifactorAuthenticationProviders;
53
54 protected final List<AuthMapper> authMappers;
55
56 protected final List<AccessMapper> accessMappers;
57
58 protected final List<AttrReleaseMapper> attrReleaseMappers;
59
60 protected final List<TicketExpirationMapper> ticketExpirationMappers;
61
62 protected final List<ClientAppMapper> clientAppMappers;
63
64 public RegisteredServiceMapper(
65 final String pac4jCoreName,
66 final ObjectProvider<AuthenticationEventExecutionPlan> authEventExecPlan,
67 final List<MultifactorAuthenticationProvider> multifactorAuthenticationProviders,
68 final List<AuthMapper> authMappers,
69 final List<AccessMapper> accessMappers,
70 final List<AttrReleaseMapper> attrReleaseMappers,
71 final List<TicketExpirationMapper> ticketExpirationMappers,
72 final List<ClientAppMapper> clientAppMappers) {
73
74 this.pac4jCoreName = pac4jCoreName;
75 this.authEventExecPlan = authEventExecPlan;
76 this.multifactorAuthenticationProviders = multifactorAuthenticationProviders;
77 this.authMappers = authMappers;
78 this.accessMappers = accessMappers;
79 this.attrReleaseMappers = attrReleaseMappers;
80 this.ticketExpirationMappers = ticketExpirationMappers;
81 this.clientAppMappers = clientAppMappers;
82 }
83
84 public RegisteredService toRegisteredService(final WAClientApp clientApp) {
85 return clientAppMappers.stream().
86 filter(m -> m.supports(clientApp.getClientAppTO())).
87 findFirst().
88 map(clientAppMapper -> toRegisteredService(clientApp, clientAppMapper)).
89 orElseGet(() -> {
90 LOG.warn("Unable to locate mapper for {}", clientApp.getClientAppTO().getClass().getName());
91 return null;
92 });
93 }
94
95 public RegisteredService toRegisteredService(final WAClientApp clientApp, final ClientAppMapper clientAppMapper) {
96 RegisteredServiceAuthenticationPolicy authPolicy = null;
97 RegisteredServiceMultifactorPolicy mfaPolicy = null;
98 RegisteredServiceDelegatedAuthenticationPolicy delegatedAuthPolicy = null;
99 if (clientApp.getAuthPolicy() != null) {
100 Optional<AuthMapper> authMapper = authMappers.stream().
101 filter(m -> m.supports(clientApp.getAuthPolicy().getConf())).
102 findFirst();
103 AuthMapperResult result = authMapper.map(mapper -> mapper.build(
104 pac4jCoreName, authEventExecPlan, multifactorAuthenticationProviders, clientApp.getAuthPolicy(),
105 clientApp.getAuthModules())).
106 orElse(AuthMapperResult.EMPTY);
107 authPolicy = result.getAuthPolicy();
108 mfaPolicy = result.getMfaPolicy();
109 delegatedAuthPolicy = result.getDelegateAuthPolicy();
110 }
111
112 RegisteredServiceAccessStrategy accessStrategy = null;
113 if (clientApp.getAccessPolicy() != null) {
114 Optional<AccessMapper> accessMapper = accessMappers.stream().
115 filter(m -> m.supports(clientApp.getAccessPolicy().getConf())).
116 findFirst();
117 accessStrategy = accessMapper.map(mapper -> mapper.build(clientApp.getAccessPolicy())).orElse(null);
118 }
119 if (delegatedAuthPolicy != null) {
120 if (accessStrategy == null) {
121 accessStrategy = new DefaultRegisteredServiceAccessStrategy();
122 }
123 if (accessStrategy instanceof DefaultRegisteredServiceAccessStrategy) {
124 ((DefaultRegisteredServiceAccessStrategy) accessStrategy).
125 setDelegatedAuthenticationPolicy(delegatedAuthPolicy);
126 } else {
127 LOG.warn("Could not set delegated auth policy because access strategy is instance of {}",
128 accessStrategy.getClass().getName());
129 }
130 }
131
132 AttrReleasePolicyTO attrReleasePolicyTO = Optional.ofNullable(clientApp.getAttrReleasePolicy()).
133 orElseGet(() -> {
134 AttrReleasePolicyTO arpTO = new AttrReleasePolicyTO();
135 arpTO.setConf(new DefaultAttrReleasePolicyConf());
136 return arpTO;
137 });
138 Optional<AttrReleaseMapper> attrReleaseMapper = attrReleaseMappers.stream().
139 filter(m -> m.supports(attrReleasePolicyTO.getConf())).
140 findFirst();
141 RegisteredServiceAttributeReleasePolicy attributeReleasePolicy =
142 attrReleaseMapper.map(mapper -> mapper.build(attrReleasePolicyTO)).orElse(null);
143
144 RegisteredServiceTicketGrantingTicketExpirationPolicy tgtExpirationPolicy = null;
145 RegisteredServiceServiceTicketExpirationPolicy stExpirationPolicy = null;
146 RegisteredServiceProxyGrantingTicketExpirationPolicy tgtProxyExpirationPolicy = null;
147 RegisteredServiceProxyTicketExpirationPolicy stProxyExpirationPolicy = null;
148 if (clientApp.getTicketExpirationPolicy() != null) {
149 TicketExpirationMapper ticketExpirationMapper = ticketExpirationMappers.stream().
150 filter(m -> m.supports(clientApp.getTicketExpirationPolicy().getConf())).
151 findFirst().orElse(null);
152 if (ticketExpirationMapper != null) {
153 tgtExpirationPolicy = ticketExpirationMapper.buildTGT(clientApp.getTicketExpirationPolicy());
154 stExpirationPolicy = ticketExpirationMapper.buildST(clientApp.getTicketExpirationPolicy());
155 tgtProxyExpirationPolicy = ticketExpirationMapper.buildProxyTGT(clientApp.getTicketExpirationPolicy());
156 stProxyExpirationPolicy = ticketExpirationMapper.buildProxyST(clientApp.getTicketExpirationPolicy());
157 }
158 }
159
160 return clientAppMapper.map(
161 clientApp,
162 authPolicy,
163 mfaPolicy,
164 accessStrategy,
165 attributeReleasePolicy,
166 tgtExpirationPolicy,
167 stExpirationPolicy,
168 tgtProxyExpirationPolicy,
169 stProxyExpirationPolicy);
170 }
171 }