use of org.pac4j.config.client.PropertiesConfigFactory in project knox by apache.
the class Pac4jDispatcherFilter method init.
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// JWT service
final ServletContext context = filterConfig.getServletContext();
CryptoService cryptoService = null;
String clusterName = null;
if (context != null) {
GatewayServices services = (GatewayServices) context.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
clusterName = (String) context.getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE);
if (services != null) {
keystoreService = (KeystoreService) services.getService(GatewayServices.KEYSTORE_SERVICE);
cryptoService = (CryptoService) services.getService(GatewayServices.CRYPTO_SERVICE);
aliasService = (AliasService) services.getService(GatewayServices.ALIAS_SERVICE);
masterService = (MasterService) services.getService("MasterService");
}
}
// crypto service, alias service and cluster name are mandatory
if (cryptoService == null || aliasService == null || clusterName == null) {
log.cryptoServiceAndAliasServiceAndClusterNameRequired();
throw new ServletException("The crypto service, alias service and cluster name are required.");
}
try {
aliasService.getPasswordFromAliasForCluster(clusterName, KnoxSessionStore.PAC4J_PASSWORD, true);
} catch (AliasServiceException e) {
log.unableToGenerateAPasswordForEncryption(e);
throw new ServletException("Unable to generate a password for encryption.");
}
// url to SSO authentication provider
String pac4jCallbackUrl = filterConfig.getInitParameter(PAC4J_CALLBACK_URL);
if (pac4jCallbackUrl == null) {
log.ssoAuthenticationProviderUrlRequired();
throw new ServletException("Required pac4j callback URL is missing.");
}
// add the callback parameter to know it's a callback
pac4jCallbackUrl = CommonHelper.addParameter(pac4jCallbackUrl, PAC4J_CALLBACK_PARAMETER, "true");
final Config config;
final String clientName;
// client name from servlet parameter (mandatory)
final String clientNameParameter = filterConfig.getInitParameter("clientName");
if (clientNameParameter == null) {
log.clientNameParameterRequired();
throw new ServletException("Required pac4j clientName parameter is missing.");
}
if (TEST_BASIC_AUTH.equalsIgnoreCase(clientNameParameter)) {
// test configuration
final IndirectBasicAuthClient indirectBasicAuthClient = new IndirectBasicAuthClient(new SimpleTestUsernamePasswordAuthenticator());
indirectBasicAuthClient.setRealmName("Knox TEST");
config = new Config(pac4jCallbackUrl, indirectBasicAuthClient);
clientName = "IndirectBasicAuthClient";
} else {
// get clients from the init parameters
final Map<String, String> properties = new HashMap<>();
final Enumeration<String> names = filterConfig.getInitParameterNames();
addDefaultConfig(clientNameParameter, properties);
while (names.hasMoreElements()) {
final String key = names.nextElement();
properties.put(key, filterConfig.getInitParameter(key));
}
final PropertiesConfigFactory propertiesConfigFactory = new PropertiesConfigFactory(pac4jCallbackUrl, properties);
config = propertiesConfigFactory.build();
final List<Client> clients = config.getClients().getClients();
if (clients == null || clients.size() == 0) {
log.atLeastOnePac4jClientMustBeDefined();
throw new ServletException("At least one pac4j client must be defined.");
}
if (CommonHelper.isBlank(clientNameParameter)) {
clientName = clients.get(0).getName();
} else {
clientName = clientNameParameter;
}
}
callbackFilter = new CallbackFilter();
callbackFilter.init(filterConfig);
callbackFilter.setConfigOnly(config);
securityFilter = new SecurityFilter();
securityFilter.setClients(clientName);
securityFilter.setConfigOnly(config);
final String domainSuffix = filterConfig.getInitParameter(PAC4J_COOKIE_DOMAIN_SUFFIX_PARAM);
final String sessionStoreVar = filterConfig.getInitParameter(PAC4J_SESSION_STORE);
SessionStore sessionStore;
if (!StringUtils.isBlank(sessionStoreVar) && J2ESessionStore.class.getName().contains(sessionStoreVar)) {
sessionStore = new J2ESessionStore();
} else {
sessionStore = new KnoxSessionStore(cryptoService, clusterName, domainSuffix);
}
config.setSessionStore(sessionStore);
}
use of org.pac4j.config.client.PropertiesConfigFactory in project cas by apereo.
the class RestfulDelegatedClientFactory method build.
@Override
public Collection<Client> build() {
val cachedClients = clientsCache.getIfPresent(casProperties.getServer().getName());
if (cachedClients == null) {
val restProperties = casProperties.getAuthn().getPac4j().getRest();
val exec = HttpUtils.HttpExecutionRequest.builder().basicAuthPassword(restProperties.getBasicAuthPassword()).basicAuthUsername(restProperties.getBasicAuthUsername()).method(HttpMethod.valueOf(restProperties.getMethod().toUpperCase().trim())).url(restProperties.getUrl()).build();
try {
return FunctionUtils.doAndRetry(callback -> {
val response = HttpUtils.execute(exec);
try {
val statusCode = response.getStatusLine().getStatusCode();
if (!HttpStatus.valueOf(statusCode).is2xxSuccessful()) {
throw new RuntimeException("Unable to retrieve delegated clients with status code " + statusCode);
}
val result = IOUtils.toString(response.getEntity().getContent(), StandardCharsets.UTF_8);
val clients = MAPPER.readValue(JsonValue.readHjson(result).toString(), Map.class);
LOGGER.trace("Delegated clients received from [{}] are [{}]", restProperties.getUrl(), clients);
val callbackUrl = (String) clients.getOrDefault("callbackUrl", null);
val properties = (Map<String, String>) clients.getOrDefault("properties", new HashMap<String, String>(0));
val factory = new PropertiesConfigFactory(callbackUrl, properties);
val builtClients = factory.build().getClients().findAllClients();
clientsCache.put(casProperties.getServer().getName(), builtClients);
return builtClients;
} finally {
HttpUtils.close(response);
}
});
} catch (final Exception e) {
LoggingUtils.warn(LOGGER, e);
}
}
return ObjectUtils.defaultIfNull(cachedClients, new ArrayList<>());
}
Aggregations