1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package edu.internet2.middleware.shibboleth.idp.config.profile.authn;
19
20 import java.util.List;
21
22 import javax.xml.namespace.QName;
23
24 import org.opensaml.xml.util.DatatypeHelper;
25 import org.opensaml.xml.util.LazyList;
26 import org.opensaml.xml.util.XMLHelper;
27 import org.slf4j.Logger;
28 import org.slf4j.LoggerFactory;
29 import org.springframework.beans.factory.BeanCreationException;
30 import org.springframework.beans.factory.support.BeanDefinitionBuilder;
31 import org.w3c.dom.Element;
32
33 import edu.internet2.middleware.shibboleth.idp.config.profile.ProfileHandlerNamespaceHandler;
34 import edu.internet2.middleware.shibboleth.idp.util.IPRange;
35
36
37 public class IPAddressLoginHandlerBeanDefinitionParser extends AbstractLoginHandlerBeanDefinitionParser {
38
39
40 public static final QName SCHEMA_TYPE = new QName(ProfileHandlerNamespaceHandler.NAMESPACE, "IPAddress");
41
42
43 private final Logger log = LoggerFactory.getLogger(IPAddressLoginHandlerBeanDefinitionParser.class);
44
45
46 protected Class getBeanClass(Element element) {
47 return IPAddressLoginHandlerFactoryBean.class;
48 }
49
50
51 protected void doParse(Element config, BeanDefinitionBuilder builder) {
52 super.doParse(config, builder);
53
54 String username = DatatypeHelper.safeTrimOrNullString(config.getAttributeNS(null, "username"));
55 if (username == null) {
56 String msg = "No username specified.";
57 log.error(msg);
58 throw new BeanCreationException(msg);
59 }
60 log.debug("authenticated username: {}", username);
61 builder.addPropertyValue("authenticatedUser", username);
62
63 List<IPRange> ranges = getIPRanges(config);
64 log.debug("registered IP ranges: {}", ranges.size());
65 builder.addPropertyValue("ipRanges", ranges);
66
67 boolean defaultDeny = XMLHelper.getAttributeValueAsBoolean(config.getAttributeNodeNS(null, "defaultDeny"));
68 log.debug("default deny: {}", defaultDeny);
69 builder.addPropertyValue("ipInRangeIsAuthenticated", defaultDeny);
70 }
71
72
73
74
75
76
77
78
79 protected List<IPRange> getIPRanges(Element config) {
80 List<Element> ipEntries = XMLHelper.getChildElementsByTagNameNS(config,
81 ProfileHandlerNamespaceHandler.NAMESPACE, "IPEntry");
82 if (ipEntries == null || ipEntries.isEmpty()) {
83 String msg = "At least one IPEntry must be specified.";
84 log.error(msg);
85 throw new BeanCreationException(msg);
86 }
87
88 List<IPRange> ranges = new LazyList<IPRange>();
89 for (Element ipEntry : ipEntries) {
90 ranges.add(IPRange.parseCIDRBlock(ipEntry.getTextContent()));
91 }
92
93 return ranges;
94 }
95 }