wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/DefaultAuthMapper.java - syncope - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.syncope.wa.starter.mapping;

 import java.util.HashSet;
 import java.util.List;
 import java.util.Optional;
 import java.util.Set;
 import java.util.stream.Collectors;
 import org.apache.commons.lang3.tuple.Pair;
 import org.apache.syncope.common.lib.auth.MFAAuthModuleConf;
 import org.apache.syncope.common.lib.policy.AuthPolicyTO;
 import org.apache.syncope.common.lib.policy.DefaultAuthPolicyConf;
 import org.apache.syncope.common.lib.to.AuthModuleTO;
 import org.apereo.cas.authentication.AuthenticationEventExecutionPlan;
 import org.apereo.cas.authentication.AuthenticationHandler;
 import org.apereo.cas.authentication.MultifactorAuthenticationHandler;
 import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
 import org.apereo.cas.services.AnyAuthenticationHandlerRegisteredServiceAuthenticationPolicyCriteria;
 import org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy;
 import org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy;
 import org.apereo.cas.services.RegisteredServiceAuthenticationPolicy;
 import org.apereo.cas.services.RegisteredServiceMultifactorPolicy;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.ObjectProvider;
 import org.springframework.context.ConfigurableApplicationContext;

 @AuthMapFor(authPolicyConfClass = DefaultAuthPolicyConf.class)
 public class DefaultAuthMapper implements AuthMapper {

     protected static final Logger LOG = LoggerFactory.getLogger(DefaultAuthMapper.class);

     @Override
     public Pair<RegisteredServiceAuthenticationPolicy, RegisteredServiceMultifactorPolicy> build(
             final ConfigurableApplicationContext ctx,
             final ObjectProvider<AuthenticationEventExecutionPlan> authenticationEventExecutionPlan,
             final AuthPolicyTO policy,
             final List<AuthModuleTO> authModules) {

         DefaultRegisteredServiceAuthenticationPolicy authPolicy = new DefaultRegisteredServiceAuthenticationPolicy();

         Set<String> mfaAuthHandlers = new HashSet<>();

         DefaultAuthPolicyConf policyConf = (DefaultAuthPolicyConf) policy.getConf();
         if (!policyConf.getAuthModules().isEmpty()) {
             mfaAuthHandlers.addAll(authenticationEventExecutionPlan.getObject().getAuthenticationHandlers().stream().
                     filter(MultifactorAuthenticationHandler.class::isInstance).
                     filter(mfaAuthHander -> policyConf.getAuthModules().contains(mfaAuthHander.getName())).
                     map(AuthenticationHandler::getName).
                     collect(Collectors.toSet()));

             Set<String> authHandlers = new HashSet<>(policyConf.getAuthModules());
             authHandlers.removeAll(mfaAuthHandlers);
             authPolicy.setRequiredAuthenticationHandlers(authHandlers);
         }

         AnyAuthenticationHandlerRegisteredServiceAuthenticationPolicyCriteria criteria =
                 new AnyAuthenticationHandlerRegisteredServiceAuthenticationPolicyCriteria();
         criteria.setTryAll(policyConf.isTryAll());
         authPolicy.setCriteria(criteria);

         DefaultRegisteredServiceMultifactorPolicy mfaPolicy = null;
         if (!mfaAuthHandlers.isEmpty()) {
             Set<String> fns = mfaAuthHandlers.stream().
                     map(handler -> authModules.stream().filter(am -> handler.equals(am.getKey())).findFirst()).
                     filter(Optional::isPresent).
                     map(Optional::get).
                     filter(am -> am.getConf() instanceof MFAAuthModuleConf).
                     map(am -> ((MFAAuthModuleConf) am.getConf()).getFriendlyName()).
                     collect(Collectors.toSet());

             Set<String> mfaProviders = ctx.getBeansOfType(MultifactorAuthenticationProvider.class).values().stream().
                     filter(map -> fns.contains(map.getFriendlyName())).
                     map(MultifactorAuthenticationProvider::getId).
                     collect(Collectors.toSet());

             mfaPolicy = new DefaultRegisteredServiceMultifactorPolicy();
             mfaPolicy.setBypassEnabled(false);
             mfaPolicy.setForceExecution(true);
             mfaPolicy.setMultifactorAuthenticationProviders(mfaProviders);
         }

         return Pair.of(authPolicy, mfaPolicy);
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.apache.syncope.wa.starter.mapping;

	import java.util.HashSet;
	import java.util.List;
	import java.util.Optional;
	import java.util.Set;
	import java.util.stream.Collectors;
	import org.apache.commons.lang3.tuple.Pair;
	import org.apache.syncope.common.lib.auth.MFAAuthModuleConf;
	import org.apache.syncope.common.lib.policy.AuthPolicyTO;
	import org.apache.syncope.common.lib.policy.DefaultAuthPolicyConf;
	import org.apache.syncope.common.lib.to.AuthModuleTO;
	import org.apereo.cas.authentication.AuthenticationEventExecutionPlan;
	import org.apereo.cas.authentication.AuthenticationHandler;
	import org.apereo.cas.authentication.MultifactorAuthenticationHandler;
	import org.apereo.cas.authentication.MultifactorAuthenticationProvider;
	import org.apereo.cas.services.AnyAuthenticationHandlerRegisteredServiceAuthenticationPolicyCriteria;
	import org.apereo.cas.services.DefaultRegisteredServiceAuthenticationPolicy;
	import org.apereo.cas.services.DefaultRegisteredServiceMultifactorPolicy;
	import org.apereo.cas.services.RegisteredServiceAuthenticationPolicy;
	import org.apereo.cas.services.RegisteredServiceMultifactorPolicy;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;
	import org.springframework.beans.factory.ObjectProvider;
	import org.springframework.context.ConfigurableApplicationContext;

	@AuthMapFor(authPolicyConfClass = DefaultAuthPolicyConf.class)
	public class DefaultAuthMapper implements AuthMapper {

	protected static final Logger LOG = LoggerFactory.getLogger(DefaultAuthMapper.class);

	@Override
	public Pair<RegisteredServiceAuthenticationPolicy, RegisteredServiceMultifactorPolicy> build(
	final ConfigurableApplicationContext ctx,
	final ObjectProvider<AuthenticationEventExecutionPlan> authenticationEventExecutionPlan,
	final AuthPolicyTO policy,
	final List<AuthModuleTO> authModules) {

	DefaultRegisteredServiceAuthenticationPolicy authPolicy = new DefaultRegisteredServiceAuthenticationPolicy();

	Set<String> mfaAuthHandlers = new HashSet<>();

	DefaultAuthPolicyConf policyConf = (DefaultAuthPolicyConf) policy.getConf();
	if (!policyConf.getAuthModules().isEmpty()) {
	mfaAuthHandlers.addAll(authenticationEventExecutionPlan.getObject().getAuthenticationHandlers().stream().
	filter(MultifactorAuthenticationHandler.class::isInstance).
	filter(mfaAuthHander -> policyConf.getAuthModules().contains(mfaAuthHander.getName())).
	map(AuthenticationHandler::getName).
	collect(Collectors.toSet()));

	Set<String> authHandlers = new HashSet<>(policyConf.getAuthModules());
	authHandlers.removeAll(mfaAuthHandlers);
	authPolicy.setRequiredAuthenticationHandlers(authHandlers);
	}

	AnyAuthenticationHandlerRegisteredServiceAuthenticationPolicyCriteria criteria =
	new AnyAuthenticationHandlerRegisteredServiceAuthenticationPolicyCriteria();
	criteria.setTryAll(policyConf.isTryAll());
	authPolicy.setCriteria(criteria);

	DefaultRegisteredServiceMultifactorPolicy mfaPolicy = null;
	if (!mfaAuthHandlers.isEmpty()) {
	Set<String> fns = mfaAuthHandlers.stream().
	map(handler -> authModules.stream().filter(am -> handler.equals(am.getKey())).findFirst()).
	filter(Optional::isPresent).
	map(Optional::get).
	filter(am -> am.getConf() instanceof MFAAuthModuleConf).
	map(am -> ((MFAAuthModuleConf) am.getConf()).getFriendlyName()).
	collect(Collectors.toSet());

	Set<String> mfaProviders = ctx.getBeansOfType(MultifactorAuthenticationProvider.class).values().stream().
	filter(map -> fns.contains(map.getFriendlyName())).
	map(MultifactorAuthenticationProvider::getId).
	collect(Collectors.toSet());

	mfaPolicy = new DefaultRegisteredServiceMultifactorPolicy();
	mfaPolicy.setBypassEnabled(false);
	mfaPolicy.setForceExecution(true);
	mfaPolicy.setMultifactorAuthenticationProviders(mfaProviders);
	}

	return Pair.of(authPolicy, mfaPolicy);
	}
	}