SAMLAuthenticationProviderImpl.java example

Explorer

enhanced-snapshots-master
- src
  - com
    - sungardas
- test
  - com
    - sungardas
      - enhancedsnapshots
        dto
        converter
        TaskDtoConverterTest.java
        UserDtoConverterTest.java
        VolumeDtoConverterTest.java
        service
        impl
        CryptoServiceImplTest.java
        MasterServiceImplTest.java
        RetentionServiceImplTest.java
        TaskServiceTest.java
        UserServiceImplTest.java

package com.sungardas.enhancedsnapshots.security;

import com.sungardas.enhancedsnapshots.components.ConfigurationMediator;
import com.sungardas.enhancedsnapshots.service.UserService;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.schema.impl.XSStringImpl;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.saml.SAMLAuthenticationProvider;
import org.springframework.security.saml.SAMLCredential;

public class SAMLAuthenticationProviderImpl extends SAMLAuthenticationProvider {

    private static final Logger LOG = LogManager.getLogger(SAMLAuthenticationProviderImpl.class);

    private static final String ALLOWED_LIST_ATTRIBUTE_NAME = "ess_instance_guids";

    private static final String ADMIN_WILDCARD_EXP = "*";

    private ConfigurationMediator configurationMediator;

    private UserService userService;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (configurationMediator.isSungardasSSO()) {
            Authentication result = super.authenticate(authentication);

            SAMLCredential credential = (SAMLCredential) result.getCredentials();
            Attribute attribute = credential.getAttribute(ALLOWED_LIST_ATTRIBUTE_NAME);
            if (attribute != null) {
                for (XMLObject object : attribute.getAttributeValues()) {
                    String value = ((XSStringImpl) object).getValue();
                    if (ADMIN_WILDCARD_EXP.equals(value)) {
                        LOG.warn("User ({}) has admin access, instance UUID: {}", credential.getNameID().getValue(), configurationMediator.getUUID());
                        return result;
                    }
                    if (configurationMediator.getUUID().equals(value)) {
                        return result;
                    }
                }
            }

            LOG.error("User ({}) has not allowed to use this instance with UUID: {}", credential.getNameID().getValue(), configurationMediator.getUUID());

            userService.removeUser(result.getName());

            throw new AuthenticationServiceException("Access denied");
        } else {
            return super.authenticate(authentication);
        }
    }

    public void setConfigurationMediator(ConfigurationMediator configurationMediator) {
        this.configurationMediator = configurationMediator;
    }

    public void setUserService(UserService userService) {
        this.userService = userService;
    }
}