1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.syncope.wa.starter.surrogate;
20
21 import java.util.Collection;
22 import java.util.Optional;
23 import java.util.stream.Collectors;
24 import org.apache.syncope.common.lib.wa.ImpersonationAccount;
25 import org.apache.syncope.common.rest.api.service.wa.ImpersonationService;
26 import org.apache.syncope.wa.bootstrap.WARestClient;
27 import org.apereo.cas.authentication.principal.Principal;
28 import org.apereo.cas.authentication.principal.Service;
29 import org.apereo.cas.authentication.surrogate.SurrogateAuthenticationService;
30 import org.slf4j.Logger;
31 import org.slf4j.LoggerFactory;
32
33 public class WASurrogateAuthenticationService implements SurrogateAuthenticationService {
34
35 protected static final Logger LOG = LoggerFactory.getLogger(WASurrogateAuthenticationService.class);
36
37 protected final WARestClient waRestClient;
38
39 public WASurrogateAuthenticationService(final WARestClient waRestClient) {
40 this.waRestClient = waRestClient;
41 }
42
43 @Override
44 public boolean canImpersonate(final String surrogate, final Principal principal, final Optional<Service> service) {
45 try {
46 LOG.debug("Checking impersonation attempt by {} for {}", principal, surrogate);
47
48 return waRestClient.getService(ImpersonationService.class).read(
49 principal.getId()).stream().anyMatch(acct -> surrogate.equals(acct.getImpersonated()));
50 } catch (final Exception e) {
51 LOG.info("Could not authorize account {} for owner {}", surrogate, principal.getId());
52 }
53 return false;
54 }
55
56 @Override
57 public Collection<String> getImpersonationAccounts(final String username) {
58 return waRestClient.getService(ImpersonationService.class).read(username).
59 stream().
60 map(ImpersonationAccount::getImpersonated).
61 collect(Collectors.toList());
62 }
63 }