From 594e43b44813888950a888ef2716a30422212972 Mon Sep 17 00:00:00 2001 From: Dominik Frantisek Bucik <bucik@ics.muni.cz> Date: Tue, 19 Mar 2024 13:50:53 +0100 Subject: [PATCH] =?UTF-8?q?feat:=20=F0=9F=8E=B8=20Sync=20blocked=20and=20a?= =?UTF-8?q?llowed=20IdPs?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../cz/muni/ics/oidc/ToOidcSynchronizer.java | 28 +++++++++++++++++++ .../muni/ics/oidc/models/MitreidClient.java | 12 ++++++++ .../cz/muni/ics/oidc/props/AttrsMapping.java | 6 ++++ src/main/resources/application.yml | 2 ++ 4 files changed, 48 insertions(+) diff --git a/src/main/java/cz/muni/ics/oidc/ToOidcSynchronizer.java b/src/main/java/cz/muni/ics/oidc/ToOidcSynchronizer.java index f5fc56f..c8aeb1e 100644 --- a/src/main/java/cz/muni/ics/oidc/ToOidcSynchronizer.java +++ b/src/main/java/cz/muni/ics/oidc/ToOidcSynchronizer.java @@ -358,6 +358,8 @@ public class ToOidcSynchronizer { setJurisdiction(c, attrs); setAcceptedTos(c, attrs); setResourceIds(c, attrs); + setOnlyAllowedIdps(c, attrs); + setBlockedIdps(c, attrs); } private void setClientId(MitreidClient c, Map<String, PerunAttributeValue> attrs) @@ -814,4 +816,30 @@ public class ToOidcSynchronizer { } } + private void setOnlyAllowedIdps(MitreidClient c, Map<String, PerunAttributeValue> attrs) { + if (attrs == null || !StringUtils.hasText(perunAttrNames.getOnlyAllowedIdps())) { + return; + } + + PerunAttributeValue attributeValue = attrs.getOrDefault(perunAttrNames.getOnlyAllowedIdps(), null); + if (attributeValue == null || PerunAttributeValueAwareModel.isNullValue(attributeValue.getValue())) { + c.setOnlyAllowedIdps(new HashSet<>()); + } else { + c.setOnlyAllowedIdps(new HashSet<>(attributeValue.valueAsList())); + } + } + + private void setBlockedIdps(MitreidClient c, Map<String, PerunAttributeValue> attrs) { + if (attrs == null || !StringUtils.hasText(perunAttrNames.getBlockedIdps())) { + return; + } + + PerunAttributeValue attributeValue = attrs.getOrDefault(perunAttrNames.getBlockedIdps(), null); + if (attributeValue == null || PerunAttributeValueAwareModel.isNullValue(attributeValue.getValue())) { + c.setBlockedIdps(new HashSet<>()); + } else { + c.setBlockedIdps(new HashSet<>(attributeValue.valueAsList())); + } + } + } diff --git a/src/main/java/cz/muni/ics/oidc/models/MitreidClient.java b/src/main/java/cz/muni/ics/oidc/models/MitreidClient.java index 9b95ee2..4c7fe07 100644 --- a/src/main/java/cz/muni/ics/oidc/models/MitreidClient.java +++ b/src/main/java/cz/muni/ics/oidc/models/MitreidClient.java @@ -290,6 +290,18 @@ public class MitreidClient implements ClientDetails { @Column(name = "parent_client_id") private Long parentClientId; + @ElementCollection(fetch = FetchType.EAGER) + @CollectionTable(name = "client_only_allowed_idps", joinColumns = @JoinColumn(name = "owner_id")) + @Column(name = "idp_entity_id") + @CascadeOnDelete + private Set<String> onlyAllowedIdps; + + @ElementCollection(fetch = FetchType.EAGER) + @CollectionTable(name = "client_blocked_idps", joinColumns = @JoinColumn(name = "owner_id")) + @Column(name = "idp_entity_id") + @CascadeOnDelete + private Set<String> blockedIdps; + @Transient private Map<String, Object> additionalInformation = new HashMap<>(); diff --git a/src/main/java/cz/muni/ics/oidc/props/AttrsMapping.java b/src/main/java/cz/muni/ics/oidc/props/AttrsMapping.java index e86b2d9..ce28f21 100644 --- a/src/main/java/cz/muni/ics/oidc/props/AttrsMapping.java +++ b/src/main/java/cz/muni/ics/oidc/props/AttrsMapping.java @@ -73,6 +73,10 @@ public class AttrsMapping { private String resourceIds; + private String blockedIdps; + + private String onlyAllowedIdps; + // MitreID client non-related @NotBlank private String masterProxyIdentifier; @@ -115,6 +119,8 @@ public class AttrsMapping { addOptionalAttrName(attrNames, jurisdiction); addOptionalAttrName(attrNames, acceptedTos); addOptionalAttrName(attrNames, resourceIds); + addOptionalAttrName(attrNames, onlyAllowedIdps); + addOptionalAttrName(attrNames, blockedIdps); return attrNames; } diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 890506a..2c4e802 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -39,6 +39,8 @@ attributes: jurisdiction: "urn:perun:facility:attribute-def:def:rpJurisdiction" accepted_tos: "urn:perun:facility:attribute-def:def:rpAcceptedTos" resource_ids: "urn:perun:facility:attribute-def:def:rpResourceIds" + only_allowed_idps: "urn:perun:facility:attribute-def:def:rpOnlyAllowedIdps" + blocked_idps: "urn:perun:facility:attribute-def:def:rpBlockedIdps" conf: langs: ["en", "cs"] -- GitLab