X-Git-Url: https://repo.niif.hu/gitweb/gitweb.cgi?p=java-idp.git;a=blobdiff_plain;f=src%2Fmain%2Fjava%2Fedu%2Finternet2%2Fmiddleware%2Fshibboleth%2Fidp%2Fconfig%2Fprofile%2Fauthn%2FIPAddressLoginHandlerBeanDefinitionParser.java;h=e9ef96f14609a8f1f90182efe1d9430c849320c5;hp=c3dc07d754fc353483b0ece2cce15711e4dbc1b2;hb=408981da0c6e70f0d90e08b4f9056a10b363975a;hpb=6bf3f9248ad8ecae2905b9da1108c28830a4c0d9 diff --git a/src/main/java/edu/internet2/middleware/shibboleth/idp/config/profile/authn/IPAddressLoginHandlerBeanDefinitionParser.java b/src/main/java/edu/internet2/middleware/shibboleth/idp/config/profile/authn/IPAddressLoginHandlerBeanDefinitionParser.java index c3dc07d..e9ef96f 100644 --- a/src/main/java/edu/internet2/middleware/shibboleth/idp/config/profile/authn/IPAddressLoginHandlerBeanDefinitionParser.java +++ b/src/main/java/edu/internet2/middleware/shibboleth/idp/config/profile/authn/IPAddressLoginHandlerBeanDefinitionParser.java @@ -16,32 +16,28 @@ package edu.internet2.middleware.shibboleth.idp.config.profile.authn; -import java.util.ArrayList; import java.util.List; -import java.util.Map; import javax.xml.namespace.QName; import org.opensaml.xml.util.DatatypeHelper; +import org.opensaml.xml.util.LazyList; import org.opensaml.xml.util.XMLHelper; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.BeanCreationException; import org.springframework.beans.factory.support.BeanDefinitionBuilder; import org.w3c.dom.Element; import edu.internet2.middleware.shibboleth.idp.config.profile.ProfileHandlerNamespaceHandler; +import edu.internet2.middleware.shibboleth.idp.util.IPRange; -/** - * Spring bean definition parser for IP address authentication handlers. - */ +/** Spring bean definition parser for IP address authentication handlers. */ public class IPAddressLoginHandlerBeanDefinitionParser extends AbstractLoginHandlerBeanDefinitionParser { /** Schema type. */ public static final QName SCHEMA_TYPE = new QName(ProfileHandlerNamespaceHandler.NAMESPACE, "IPAddress"); - /** Name of ip entry elements. */ - public static final QName IP_ENTRY_ELEMENT_NAME = new QName(ProfileHandlerNamespaceHandler.NAMESPACE, "IPEntry"); - /** Class logger. */ private final Logger log = LoggerFactory.getLogger(IPAddressLoginHandlerBeanDefinitionParser.class); @@ -54,25 +50,45 @@ public class IPAddressLoginHandlerBeanDefinitionParser extends AbstractLoginHand protected void doParse(Element config, BeanDefinitionBuilder builder) { super.doParse(config, builder); + String username = DatatypeHelper.safeTrimOrNullString(config.getAttributeNS(null, "username")); + if (username == null) { + String msg = "No username specified."; + log.error(msg); + throw new BeanCreationException(msg); + } + log.debug("authenticated username: {}", username); + builder.addPropertyValue("authenticatedUser", username); + + List ranges = getIPRanges(config); + log.debug("registered IP ranges: {}", ranges.size()); + builder.addPropertyValue("ipRanges", ranges); + boolean defaultDeny = XMLHelper.getAttributeValueAsBoolean(config.getAttributeNodeNS(null, "defaultDeny")); - log.debug("Setting defaultDeny to: {}", defaultDeny); - builder.addPropertyValue("defaultDeny", defaultDeny); - - String username = DatatypeHelper.safeTrim(config.getAttributeNS(null, "username")); - log.debug("Setting username to: {}", username); - builder.addPropertyValue("username", username); - - Map> children = XMLHelper.getChildElements(config); - List ipEntries = children.get(IP_ENTRY_ELEMENT_NAME); - List addresses = new ArrayList(); - - for (Element element : ipEntries) { - String address = DatatypeHelper.safeTrimOrNullString(element.getTextContent()); - if (address != null) { - log.debug("Adding IP Address: {}", address); - addresses.add(address); - } + log.debug("default deny: {}", defaultDeny); + builder.addPropertyValue("ipInRangeIsAuthenticated", defaultDeny); + } + + /** + * Gets the list of IP ranges given in the configuration. + * + * @param config current configuration + * + * @return list of IP ranges + */ + protected List getIPRanges(Element config) { + List ipEntries = XMLHelper.getChildElementsByTagNameNS(config, + ProfileHandlerNamespaceHandler.NAMESPACE, "IPEntry"); + if (ipEntries == null || ipEntries.isEmpty()) { + String msg = "At least one IPEntry must be specified."; + log.error(msg); + throw new BeanCreationException(msg); } - builder.addPropertyValue("addresses", addresses); + + List ranges = new LazyList(); + for (Element ipEntry : ipEntries) { + ranges.add(IPRange.parseCIDRBlock(ipEntry.getTextContent())); + } + + return ranges; } -} +} \ No newline at end of file