This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push:
new 538aea95ae [SYNCOPE-1842] Adding credentialCriteria support to all
relevant auth modules
538aea95ae is described below
commit 538aea95ae245ed7b96ca9ae3afdc83b1518f1f7
Author: Francesco Chicchiriccò <[email protected]>
AuthorDate: Thu Nov 14 13:10:45 2024 +0100
[SYNCOPE-1842] Adding credentialCriteria support to all relevant auth
modules
---
.../syncope/common/lib/auth/JDBCAuthModuleConf.java | 19 +++++++++++++++++++
.../syncope/common/lib/auth/JaasAuthModuleConf.java | 19 +++++++++++++++++++
.../syncope/common/lib/auth/LDAPAuthModuleConf.java | 6 +++---
.../syncope/common/lib/auth/StaticAuthModuleConf.java | 19 +++++++++++++++++++
.../common/lib/auth/SyncopeAuthModuleConf.java | 19 +++++++++++++++++++
.../mapping/AuthModulePropertySourceMapper.java | 4 ++++
6 files changed, 83 insertions(+), 3 deletions(-)
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/JDBCAuthModuleConf.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/JDBCAuthModuleConf.java
index 628a659fbd..33822dd426 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/JDBCAuthModuleConf.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/JDBCAuthModuleConf.java
@@ -41,6 +41,17 @@ public class JDBCAuthModuleConf extends AbstractJDBCConf
implements AuthModuleCo
*/
private String fieldDisabled;
+ /**
+ * A number of authentication handlers are allowed to determine whether
they can operate on the provided credential
+ * and as such lend themselves to be tried and tested during the
authentication handler selection phase.
+ * The credential criteria may be one of the following options:<ul>
+ * <li>A regular expression pattern that is tested against the credential
identifier.</li>
+ * <li>A fully qualified class name of your own design that implements
{@code Predicate}.</li>
+ * <li>Path to an external Groovy script that implements the same
interface.</li>
+ * </ul>
+ */
+ private String credentialCriteria;
+
public String getFieldPassword() {
return fieldPassword;
}
@@ -65,6 +76,14 @@ public class JDBCAuthModuleConf extends AbstractJDBCConf
implements AuthModuleCo
this.fieldDisabled = fieldDisabled;
}
+ public String getCredentialCriteria() {
+ return credentialCriteria;
+ }
+
+ public void setCredentialCriteria(final String credentialCriteria) {
+ this.credentialCriteria = credentialCriteria;
+ }
+
@Override
public Map<String, Object> map(final AuthModuleTO authModule, final Mapper
mapper) {
return mapper.map(authModule, this);
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/JaasAuthModuleConf.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/JaasAuthModuleConf.java
index c2f2ca94f3..1b7f010e56 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/JaasAuthModuleConf.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/JaasAuthModuleConf.java
@@ -44,6 +44,17 @@ public class JaasAuthModuleConf implements AuthModuleConf {
private String loginConfigurationFile;
+ /**
+ * A number of authentication handlers are allowed to determine whether
they can operate on the provided credential
+ * and as such lend themselves to be tried and tested during the
authentication handler selection phase.
+ * The credential criteria may be one of the following options:<ul>
+ * <li>A regular expression pattern that is tested against the credential
identifier.</li>
+ * <li>A fully qualified class name of your own design that implements
{@code Predicate}.</li>
+ * <li>Path to an external Groovy script that implements the same
interface.</li>
+ * </ul>
+ */
+ private String credentialCriteria;
+
public String getRealm() {
return realm;
}
@@ -84,6 +95,14 @@ public class JaasAuthModuleConf implements AuthModuleConf {
this.loginConfigurationFile = loginConfigurationFile;
}
+ public String getCredentialCriteria() {
+ return credentialCriteria;
+ }
+
+ public void setCredentialCriteria(final String credentialCriteria) {
+ this.credentialCriteria = credentialCriteria;
+ }
+
@Override
public Map<String, Object> map(final AuthModuleTO authModule, final Mapper
mapper) {
return mapper.map(authModule, this);
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/LDAPAuthModuleConf.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/LDAPAuthModuleConf.java
index e772f54679..7221b17de2 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/LDAPAuthModuleConf.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/LDAPAuthModuleConf.java
@@ -161,9 +161,9 @@ public class LDAPAuthModuleConf extends AbstractLDAPConf
implements AuthModuleCo
* A number of authentication handlers are allowed to determine whether
they can operate on the provided credential
* and as such lend themselves to be tried and tested during the
authentication handler selection phase.
* The credential criteria may be one of the following options:<ul>
- * <li>1) A regular expression pattern that is tested against the
credential identifier.</li>
- * <li>2) A fully qualified class name of your own design that implements
{@code Predicate}.</li>
- * <li>3) Path to an external Groovy script that implements the same
interface.</li>
+ * <li>A regular expression pattern that is tested against the credential
identifier.</li>
+ * <li>A fully qualified class name of your own design that implements
{@code Predicate}.</li>
+ * <li>Path to an external Groovy script that implements the same
interface.</li>
* </ul>
*/
private String credentialCriteria;
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/StaticAuthModuleConf.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/StaticAuthModuleConf.java
index cc0c064a6b..201783e301 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/StaticAuthModuleConf.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/StaticAuthModuleConf.java
@@ -26,8 +26,27 @@ public class StaticAuthModuleConf implements AuthModuleConf {
private static final long serialVersionUID = -7775771400318503131L;
+ /**
+ * A number of authentication handlers are allowed to determine whether
they can operate on the provided credential
+ * and as such lend themselves to be tried and tested during the
authentication handler selection phase.
+ * The credential criteria may be one of the following options:<ul>
+ * <li>A regular expression pattern that is tested against the credential
identifier.</li>
+ * <li>A fully qualified class name of your own design that implements
{@code Predicate}.</li>
+ * <li>Path to an external Groovy script that implements the same
interface.</li>
+ * </ul>
+ */
+ private String credentialCriteria;
+
private final Map<String, String> users = new HashMap<>();
+ public String getCredentialCriteria() {
+ return credentialCriteria;
+ }
+
+ public void setCredentialCriteria(final String credentialCriteria) {
+ this.credentialCriteria = credentialCriteria;
+ }
+
public Map<String, String> getUsers() {
return users;
}
diff --git
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/SyncopeAuthModuleConf.java
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/SyncopeAuthModuleConf.java
index 109c858ebe..6f565d974e 100644
---
a/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/SyncopeAuthModuleConf.java
+++
b/common/am/lib/src/main/java/org/apache/syncope/common/lib/auth/SyncopeAuthModuleConf.java
@@ -28,6 +28,17 @@ public class SyncopeAuthModuleConf implements AuthModuleConf
{
private String domain = SyncopeConstants.MASTER_DOMAIN;
+ /**
+ * A number of authentication handlers are allowed to determine whether
they can operate on the provided credential
+ * and as such lend themselves to be tried and tested during the
authentication handler selection phase.
+ * The credential criteria may be one of the following options:<ul>
+ * <li>A regular expression pattern that is tested against the credential
identifier.</li>
+ * <li>A fully qualified class name of your own design that implements
{@code Predicate}.</li>
+ * <li>Path to an external Groovy script that implements the same
interface.</li>
+ * </ul>
+ */
+ private String credentialCriteria;
+
public String getDomain() {
return domain;
}
@@ -36,6 +47,14 @@ public class SyncopeAuthModuleConf implements AuthModuleConf
{
this.domain = domain;
}
+ public String getCredentialCriteria() {
+ return credentialCriteria;
+ }
+
+ public void setCredentialCriteria(final String credentialCriteria) {
+ this.credentialCriteria = credentialCriteria;
+ }
+
@Override
public Map<String, Object> map(final AuthModuleTO authModule, final Mapper
mapper) {
return mapper.map(authModule, this);
diff --git
a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/mapping/AuthModulePropertySourceMapper.java
b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/mapping/AuthModulePropertySourceMapper.java
index 884e8620ff..a975bc4ad3 100644
---
a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/mapping/AuthModulePropertySourceMapper.java
+++
b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/mapping/AuthModulePropertySourceMapper.java
@@ -93,6 +93,7 @@ public class AuthModulePropertySourceMapper extends
PropertySourceMapper impleme
props.setName(authModuleTO.getKey());
props.setState(AuthenticationHandlerStates.valueOf(authModuleTO.getState().name()));
props.setOrder(authModuleTO.getOrder());
+ props.setCredentialCriteria(conf.getCredentialCriteria());
String users = conf.getUsers().entrySet().stream().
map(entry -> entry.getKey() + "::" + entry.getValue()).
collect(Collectors.joining(","));
@@ -143,6 +144,7 @@ public class AuthModulePropertySourceMapper extends
PropertySourceMapper impleme
props.setFieldPassword(conf.getFieldPassword());
props.setPrincipalAttributeList(authModuleTO.getItems().stream().
map(item -> item.getIntAttrName() + ":" +
item.getExtAttrName()).toList());
+ props.setCredentialCriteria(conf.getCredentialCriteria());
fill(props, conf);
return prefix("cas.authn.jdbc.query[].", WAConfUtils.asMap(props));
@@ -159,6 +161,7 @@ public class AuthModulePropertySourceMapper extends
PropertySourceMapper impleme
props.setKerberosRealmSystemProperty(conf.getKerberosRealmSystemProperty());
props.setLoginConfigType(conf.getLoginConfigurationFile());
props.setRealm(conf.getRealm());
+ props.setCredentialCriteria(conf.getCredentialCriteria());
return prefix("cas.authn.jaas[].", WAConfUtils.asMap(props));
}
@@ -386,6 +389,7 @@ public class AuthModulePropertySourceMapper extends
PropertySourceMapper impleme
props.setUrl(StringUtils.substringBefore(syncopeClient.getAddress(),
"/rest"));
props.setAttributeMappings(authModuleTO.getItems().stream().
collect(Collectors.toMap(Item::getIntAttrName,
Item::getExtAttrName)));
+ props.setCredentialCriteria(conf.getCredentialCriteria());
return prefix("cas.authn.syncope.", WAConfUtils.asMap(props));
}
