View Javadoc

1   /*
2    * Licensed to the University Corporation for Advanced Internet Development, 
3    * Inc. (UCAID) under one or more contributor license agreements.  See the 
4    * NOTICE file distributed with this work for additional information regarding
5    * copyright ownership. The UCAID licenses this file to You under the Apache 
6    * License, Version 2.0 (the "License"); you may not use this file except in 
7    * compliance with the License.  You may obtain a copy of the License at
8    *
9    *    http://www.apache.org/licenses/LICENSE-2.0
10   *
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  
18  package edu.internet2.middleware.shibboleth.idp.config.profile.authn;
19  
20  import java.util.List;
21  
22  import javax.xml.namespace.QName;
23  
24  import org.opensaml.xml.util.DatatypeHelper;
25  import org.opensaml.xml.util.LazyList;
26  import org.opensaml.xml.util.XMLHelper;
27  import org.slf4j.Logger;
28  import org.slf4j.LoggerFactory;
29  import org.springframework.beans.factory.BeanCreationException;
30  import org.springframework.beans.factory.support.BeanDefinitionBuilder;
31  import org.w3c.dom.Element;
32  
33  import edu.internet2.middleware.shibboleth.idp.config.profile.ProfileHandlerNamespaceHandler;
34  import edu.internet2.middleware.shibboleth.idp.util.IPRange;
35  
36  /** Spring bean definition parser for IP address authentication handlers. */
37  public class IPAddressLoginHandlerBeanDefinitionParser extends AbstractLoginHandlerBeanDefinitionParser {
38  
39      /** Schema type. */
40      public static final QName SCHEMA_TYPE = new QName(ProfileHandlerNamespaceHandler.NAMESPACE, "IPAddress");
41  
42      /** Class logger. */
43      private final Logger log = LoggerFactory.getLogger(IPAddressLoginHandlerBeanDefinitionParser.class);
44  
45      /** {@inheritDoc} */
46      protected Class getBeanClass(Element element) {
47          return IPAddressLoginHandlerFactoryBean.class;
48      }
49  
50      /** {@inheritDoc} */
51      protected void doParse(Element config, BeanDefinitionBuilder builder) {
52          super.doParse(config, builder);
53  
54          String username = DatatypeHelper.safeTrimOrNullString(config.getAttributeNS(null, "username"));
55          if (username == null) {
56              String msg = "No username specified.";
57              log.error(msg);
58              throw new BeanCreationException(msg);
59          }
60          log.debug("authenticated username: {}", username);
61          builder.addPropertyValue("authenticatedUser", username);
62  
63          List<IPRange> ranges = getIPRanges(config);
64          log.debug("registered IP ranges: {}", ranges.size());
65          builder.addPropertyValue("ipRanges", ranges);
66  
67          boolean defaultDeny = XMLHelper.getAttributeValueAsBoolean(config.getAttributeNodeNS(null, "defaultDeny"));
68          log.debug("default deny: {}", defaultDeny);
69          builder.addPropertyValue("ipInRangeIsAuthenticated", defaultDeny);
70      }
71  
72      /**
73       * Gets the list of IP ranges given in the configuration.
74       * 
75       * @param config current configuration
76       * 
77       * @return list of IP ranges
78       */
79      protected List<IPRange> getIPRanges(Element config) {
80          List<Element> ipEntries = XMLHelper.getChildElementsByTagNameNS(config,
81                  ProfileHandlerNamespaceHandler.NAMESPACE, "IPEntry");
82          if (ipEntries == null || ipEntries.isEmpty()) {
83              String msg = "At least one IPEntry must be specified.";
84              log.error(msg);
85              throw new BeanCreationException(msg);
86          }
87  
88          List<IPRange> ranges = new LazyList<IPRange>();
89          for (Element ipEntry : ipEntries) {
90              ranges.add(IPRange.parseCIDRBlock(ipEntry.getTextContent()));
91          }
92  
93          return ranges;
94      }
95  }