package edu.internet2.middleware.shibboleth.idp.config.profile.authn;
-import java.util.ArrayList;
import java.util.List;
-import java.util.Map;
import javax.xml.namespace.QName;
import org.opensaml.xml.util.DatatypeHelper;
+import org.opensaml.xml.util.LazyList;
import org.opensaml.xml.util.XMLHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.BeanCreationException;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.w3c.dom.Element;
import edu.internet2.middleware.shibboleth.idp.config.profile.ProfileHandlerNamespaceHandler;
+import edu.internet2.middleware.shibboleth.idp.util.IPRange;
-/**
- * Spring bean definition parser for IP address authentication handlers.
- */
+/** Spring bean definition parser for IP address authentication handlers. */
public class IPAddressLoginHandlerBeanDefinitionParser extends AbstractLoginHandlerBeanDefinitionParser {
/** Schema type. */
public static final QName SCHEMA_TYPE = new QName(ProfileHandlerNamespaceHandler.NAMESPACE, "IPAddress");
- /** Name of ip entry elements. */
- public static final QName IP_ENTRY_ELEMENT_NAME = new QName(ProfileHandlerNamespaceHandler.NAMESPACE, "IPEntry");
-
/** Class logger. */
private final Logger log = LoggerFactory.getLogger(IPAddressLoginHandlerBeanDefinitionParser.class);
protected void doParse(Element config, BeanDefinitionBuilder builder) {
super.doParse(config, builder);
+ String username = DatatypeHelper.safeTrimOrNullString(config.getAttributeNS(null, "username"));
+ if (username == null) {
+ String msg = "No username specified.";
+ log.error(msg);
+ throw new BeanCreationException(msg);
+ }
+ log.debug("authenticated username: {}", username);
+ builder.addPropertyValue("authenticatedUser", username);
+
+ List<IPRange> ranges = getIPRanges(config);
+ log.debug("registered IP ranges: {}", ranges.size());
+ builder.addPropertyValue("ipRanges", ranges);
+
boolean defaultDeny = XMLHelper.getAttributeValueAsBoolean(config.getAttributeNodeNS(null, "defaultDeny"));
- log.debug("Setting defaultDeny to: {}", defaultDeny);
- builder.addPropertyValue("defaultDeny", defaultDeny);
-
- String username = DatatypeHelper.safeTrim(config.getAttributeNS(null, "username"));
- log.debug("Setting username to: {}", username);
- builder.addPropertyValue("username", username);
-
- Map<QName, List<Element>> children = XMLHelper.getChildElements(config);
- List<Element> ipEntries = children.get(IP_ENTRY_ELEMENT_NAME);
- List<String> addresses = new ArrayList<String>();
-
- for (Element element : ipEntries) {
- String address = DatatypeHelper.safeTrimOrNullString(element.getTextContent());
- if (address != null) {
- log.debug("Adding IP Address: {}", address);
- addresses.add(address);
- }
+ log.debug("default deny: {}", defaultDeny);
+ builder.addPropertyValue("ipInRangeIsAuthenticated", defaultDeny);
+ }
+
+ /**
+ * Gets the list of IP ranges given in the configuration.
+ *
+ * @param config current configuration
+ *
+ * @return list of IP ranges
+ */
+ protected List<IPRange> getIPRanges(Element config) {
+ List<Element> ipEntries = XMLHelper.getChildElementsByTagNameNS(config,
+ ProfileHandlerNamespaceHandler.NAMESPACE, "IPEntry");
+ if (ipEntries == null || ipEntries.isEmpty()) {
+ String msg = "At least one IPEntry must be specified.";
+ log.error(msg);
+ throw new BeanCreationException(msg);
}
- builder.addPropertyValue("addresses", addresses);
+
+ List<IPRange> ranges = new LazyList<IPRange>();
+ for (Element ipEntry : ipEntries) {
+ ranges.add(IPRange.parseCIDRBlock(ipEntry.getTextContent()));
+ }
+
+ return ranges;
}
-}
+}
\ No newline at end of file
projects / java-idp.git / blobdiff