This is an automated email from the ASF dual-hosted git repository. ilgrosso pushed a commit to branch 3_0_X in repository https://gitbox.apache.org/repos/asf/syncope.git
commit 17a414bf202df0c3219c45a1fad95a6896947ecf Author: Francesco Chicchiriccò <[email protected]> AuthorDate: Thu Nov 14 13:10:45 2024 +0100 [SYNCOPE-1842] Adding credentialCriteria support to all relevant auth modules --- .../syncope/common/lib/auth/JDBCAuthModuleConf.java | 19 +++++++++++++++++++ .../syncope/common/lib/auth/JaasAuthModuleConf.java | 19 +++++++++++++++++++ .../syncope/common/lib/auth/LDAPAuthModuleConf.java | 6 +++--- .../syncope/common/lib/auth/StaticAuthModuleConf.java | 19 +++++++++++++++++++ .../common/lib/auth/SyncopeAuthModuleConf.java | 19 +++++++++++++++++++ .../mapping/AuthModulePropertySourceMapper.java | 4 ++++ 6 files changed, 83 insertions(+), 3 deletions(-) diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/JDBCAuthModuleConf.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/JDBCAuthModuleConf.java index 628a659fbd..33822dd426 100644 --- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/JDBCAuthModuleConf.java +++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/JDBCAuthModuleConf.java @@ -41,6 +41,17 @@ public class JDBCAuthModuleConf extends AbstractJDBCConf implements AuthModuleCo */ private String fieldDisabled; + /** + * A number of authentication handlers are allowed to determine whether they can operate on the provided credential + * and as such lend themselves to be tried and tested during the authentication handler selection phase. + * The credential criteria may be one of the following options:<ul> + * <li>A regular expression pattern that is tested against the credential identifier.</li> + * <li>A fully qualified class name of your own design that implements {@code Predicate}.</li> + * <li>Path to an external Groovy script that implements the same interface.</li> + * </ul> + */ + private String credentialCriteria; + public String getFieldPassword() { return fieldPassword; } @@ -65,6 +76,14 @@ public class JDBCAuthModuleConf extends AbstractJDBCConf implements AuthModuleCo this.fieldDisabled = fieldDisabled; } + public String getCredentialCriteria() { + return credentialCriteria; + } + + public void setCredentialCriteria(final String credentialCriteria) { + this.credentialCriteria = credentialCriteria; + } + @Override public Map<String, Object> map(final AuthModuleTO authModule, final Mapper mapper) { return mapper.map(authModule, this); diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/JaasAuthModuleConf.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/JaasAuthModuleConf.java index c2f2ca94f3..1b7f010e56 100644 --- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/JaasAuthModuleConf.java +++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/JaasAuthModuleConf.java @@ -44,6 +44,17 @@ public class JaasAuthModuleConf implements AuthModuleConf { private String loginConfigurationFile; + /** + * A number of authentication handlers are allowed to determine whether they can operate on the provided credential + * and as such lend themselves to be tried and tested during the authentication handler selection phase. + * The credential criteria may be one of the following options:<ul> + * <li>A regular expression pattern that is tested against the credential identifier.</li> + * <li>A fully qualified class name of your own design that implements {@code Predicate}.</li> + * <li>Path to an external Groovy script that implements the same interface.</li> + * </ul> + */ + private String credentialCriteria; + public String getRealm() { return realm; } @@ -84,6 +95,14 @@ public class JaasAuthModuleConf implements AuthModuleConf { this.loginConfigurationFile = loginConfigurationFile; } + public String getCredentialCriteria() { + return credentialCriteria; + } + + public void setCredentialCriteria(final String credentialCriteria) { + this.credentialCriteria = credentialCriteria; + } + @Override public Map<String, Object> map(final AuthModuleTO authModule, final Mapper mapper) { return mapper.map(authModule, this); diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/LDAPAuthModuleConf.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/LDAPAuthModuleConf.java index e772f54679..7221b17de2 100644 --- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/LDAPAuthModuleConf.java +++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/LDAPAuthModuleConf.java @@ -161,9 +161,9 @@ public class LDAPAuthModuleConf extends AbstractLDAPConf implements AuthModuleCo * A number of authentication handlers are allowed to determine whether they can operate on the provided credential * and as such lend themselves to be tried and tested during the authentication handler selection phase. * The credential criteria may be one of the following options:<ul> - * <li>1) A regular expression pattern that is tested against the credential identifier.</li> - * <li>2) A fully qualified class name of your own design that implements {@code Predicate}.</li> - * <li>3) Path to an external Groovy script that implements the same interface.</li> + * <li>A regular expression pattern that is tested against the credential identifier.</li> + * <li>A fully qualified class name of your own design that implements {@code Predicate}.</li> + * <li>Path to an external Groovy script that implements the same interface.</li> * </ul> */ private String credentialCriteria; diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/StaticAuthModuleConf.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/StaticAuthModuleConf.java index cc0c064a6b..201783e301 100644 --- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/StaticAuthModuleConf.java +++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/StaticAuthModuleConf.java @@ -26,8 +26,27 @@ public class StaticAuthModuleConf implements AuthModuleConf { private static final long serialVersionUID = -7775771400318503131L; + /** + * A number of authentication handlers are allowed to determine whether they can operate on the provided credential + * and as such lend themselves to be tried and tested during the authentication handler selection phase. + * The credential criteria may be one of the following options:<ul> + * <li>A regular expression pattern that is tested against the credential identifier.</li> + * <li>A fully qualified class name of your own design that implements {@code Predicate}.</li> + * <li>Path to an external Groovy script that implements the same interface.</li> + * </ul> + */ + private String credentialCriteria; + private final Map<String, String> users = new HashMap<>(); + public String getCredentialCriteria() { + return credentialCriteria; + } + + public void setCredentialCriteria(final String credentialCriteria) { + this.credentialCriteria = credentialCriteria; + } + public Map<String, String> getUsers() { return users; } diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/SyncopeAuthModuleConf.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/SyncopeAuthModuleConf.java index 109c858ebe..6f565d974e 100644 --- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/SyncopeAuthModuleConf.java +++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/SyncopeAuthModuleConf.java @@ -28,6 +28,17 @@ public class SyncopeAuthModuleConf implements AuthModuleConf { private String domain = SyncopeConstants.MASTER_DOMAIN; + /** + * A number of authentication handlers are allowed to determine whether they can operate on the provided credential + * and as such lend themselves to be tried and tested during the authentication handler selection phase. + * The credential criteria may be one of the following options:<ul> + * <li>A regular expression pattern that is tested against the credential identifier.</li> + * <li>A fully qualified class name of your own design that implements {@code Predicate}.</li> + * <li>Path to an external Groovy script that implements the same interface.</li> + * </ul> + */ + private String credentialCriteria; + public String getDomain() { return domain; } @@ -36,6 +47,14 @@ public class SyncopeAuthModuleConf implements AuthModuleConf { this.domain = domain; } + public String getCredentialCriteria() { + return credentialCriteria; + } + + public void setCredentialCriteria(final String credentialCriteria) { + this.credentialCriteria = credentialCriteria; + } + @Override public Map<String, Object> map(final AuthModuleTO authModule, final Mapper mapper) { return mapper.map(authModule, this); diff --git a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/mapping/AuthModulePropertySourceMapper.java b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/mapping/AuthModulePropertySourceMapper.java index 728b30188c..b2c43b2d65 100644 --- a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/mapping/AuthModulePropertySourceMapper.java +++ b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/mapping/AuthModulePropertySourceMapper.java @@ -96,6 +96,7 @@ public class AuthModulePropertySourceMapper extends PropertySourceMapper impleme props.setName(authModuleTO.getKey()); props.setState(AuthenticationHandlerStates.valueOf(authModuleTO.getState().name())); props.setOrder(authModuleTO.getOrder()); + props.setCredentialCriteria(conf.getCredentialCriteria()); String users = conf.getUsers().entrySet().stream(). map(entry -> entry.getKey() + "::" + entry.getValue()). collect(Collectors.joining(",")); @@ -146,6 +147,7 @@ public class AuthModulePropertySourceMapper extends PropertySourceMapper impleme props.setFieldPassword(conf.getFieldPassword()); props.setPrincipalAttributeList(authModuleTO.getItems().stream(). map(item -> item.getIntAttrName() + ":" + item.getExtAttrName()).collect(Collectors.toList())); + props.setCredentialCriteria(conf.getCredentialCriteria()); fill(props, conf); return prefix("cas.authn.jdbc.query[].", CasCoreConfigurationUtils.asMap(props)); @@ -162,6 +164,7 @@ public class AuthModulePropertySourceMapper extends PropertySourceMapper impleme props.setKerberosRealmSystemProperty(conf.getKerberosRealmSystemProperty()); props.setLoginConfigType(conf.getLoginConfigurationFile()); props.setRealm(conf.getRealm()); + props.setCredentialCriteria(conf.getCredentialCriteria()); return prefix("cas.authn.jaas[].", CasCoreConfigurationUtils.asMap(props)); } @@ -394,6 +397,7 @@ public class AuthModulePropertySourceMapper extends PropertySourceMapper impleme props.setUrl(StringUtils.substringBefore(syncopeClient.getAddress(), "/rest")); props.setAttributeMappings(authModuleTO.getItems().stream(). collect(Collectors.toMap(Item::getIntAttrName, Item::getExtAttrName))); + props.setCredentialCriteria(conf.getCredentialCriteria()); return prefix("cas.authn.syncope.", CasCoreConfigurationUtils.asMap(props)); }
