View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.syncope.wa.starter.surrogate;
20  
21  import java.util.Collection;
22  import java.util.Optional;
23  import java.util.stream.Collectors;
24  import org.apache.syncope.common.lib.wa.ImpersonationAccount;
25  import org.apache.syncope.common.rest.api.service.wa.ImpersonationService;
26  import org.apache.syncope.wa.bootstrap.WARestClient;
27  import org.apereo.cas.authentication.principal.Principal;
28  import org.apereo.cas.authentication.principal.Service;
29  import org.apereo.cas.authentication.surrogate.SurrogateAuthenticationService;
30  import org.slf4j.Logger;
31  import org.slf4j.LoggerFactory;
32  
33  public class WASurrogateAuthenticationService implements SurrogateAuthenticationService {
34  
35      protected static final Logger LOG = LoggerFactory.getLogger(WASurrogateAuthenticationService.class);
36  
37      protected final WARestClient waRestClient;
38  
39      public WASurrogateAuthenticationService(final WARestClient waRestClient) {
40          this.waRestClient = waRestClient;
41      }
42  
43      @Override
44      public boolean canImpersonate(final String surrogate, final Principal principal, final Optional<Service> service) {
45          try {
46              LOG.debug("Checking impersonation attempt by {} for {}", principal, surrogate);
47  
48              return waRestClient.getService(ImpersonationService.class).read(
49                      principal.getId()).stream().anyMatch(acct -> surrogate.equals(acct.getImpersonated()));
50          } catch (final Exception e) {
51              LOG.info("Could not authorize account {} for owner {}", surrogate, principal.getId());
52          }
53          return false;
54      }
55  
56      @Override
57      public Collection<String> getImpersonationAccounts(final String username) {
58          return waRestClient.getService(ImpersonationService.class).read(username).
59                  stream().
60                  map(ImpersonationAccount::getImpersonated).
61                  collect(Collectors.toList());
62      }
63  }