Permalink
Browse files

Issue #57 - Make bypass SSO allowed users configurable

  • Loading branch information...
joshdrummond committed Jun 8, 2015
1 parent b87e679 commit 910c80836d591e603a56ba1631c87cb612fa0e23
@@ -0,0 +1,54 @@
/*
Copyright 2015 Josh Drummond
This file is part of WebPasswordSafe.
WebPasswordSafe is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
WebPasswordSafe is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with WebPasswordSafe; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
package net.webpasswordsafe.server.plugin.authentication.sso;
import java.util.HashSet;
import java.util.Set;
/**
*
* @author Josh Drummond
*
*/
public abstract class BypassWhitelistSsoAuthenticator
implements SsoAuthenticator
{
private Set<String> bypassAllowedUsers;
public BypassWhitelistSsoAuthenticator()
{
bypassAllowedUsers = new HashSet<String>();
}
@Override
public boolean isBypassAllowed(String principal)
{
return getBypassAllowedUsers().contains(principal);
}
public Set<String> getBypassAllowedUsers() {
return bypassAllowedUsers;
}
public void setBypassAllowedUsers(Set<String> bypassAllowedUsers) {
this.bypassAllowedUsers = bypassAllowedUsers;
}
}
@@ -44,5 +44,11 @@ public String getLogoutUrl()
{
return "";
}
@Override
public boolean isBypassAllowed(String principal)
{
return true;
}
}
@@ -30,4 +30,5 @@
public boolean isSsoEnabled();
public String getPrincipal();
public String getLogoutUrl();
public boolean isBypassAllowed(String principal);
}
@@ -124,13 +124,10 @@ public AuthenticationStatus login(String principal, String[] credentials)
String message = "";
principal = trimUsername(principal);
//don't let them get around SSO if enabled
if (ssoAuthenticator.isSsoEnabled())
if (ssoAuthenticator.isSsoEnabled() && !ssoAuthenticator.isBypassAllowed(principal))
{
if (!principal.equals("admin")) //FIXME
{
authStatus = AuthenticationStatus.FAILURE;
message = "bypass SSO not allowed";
}
authStatus = AuthenticationStatus.FAILURE;
message = "bypass SSO not allowed";
}
//otherwise authenticate given credentials
if (authStatus == AuthenticationStatus.SUCCESS)
@@ -30,7 +30,7 @@
* @author Josh Drummond
*
*/
public class CasSsoAuthenticator implements SsoAuthenticator
public class CasSsoAuthenticator extends BypassWhitelistSsoAuthenticator
{
private static Logger LOG = Logger.getLogger(CasSsoAuthenticator.class);
private String logoutUrl;
@@ -48,6 +48,11 @@
<bean id="ssoAuthenticator"
class="net.webpasswordsafe.server.plugin.authentication.sso.CasSsoAuthenticator">
<property name="logoutUrl" value="https://cas-server.com/cas/logout?service=$1" />
<property name="bypassAllowedUsers">
<set>
<value>admin</value>
</set>
</property>
</bean>
-->

0 comments on commit 910c808

Please sign in to comment.