Search in sources :

Example 1 with PropertiesConfigFactory

use of org.pac4j.config.client.PropertiesConfigFactory in project knox by apache.

the class Pac4jDispatcherFilter method init.

@Override
public void init(FilterConfig filterConfig) throws ServletException {
    // JWT service
    final ServletContext context = filterConfig.getServletContext();
    CryptoService cryptoService = null;
    String clusterName = null;
    if (context != null) {
        GatewayServices services = (GatewayServices) context.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
        clusterName = (String) context.getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE);
        if (services != null) {
            keystoreService = (KeystoreService) services.getService(GatewayServices.KEYSTORE_SERVICE);
            cryptoService = (CryptoService) services.getService(GatewayServices.CRYPTO_SERVICE);
            aliasService = (AliasService) services.getService(GatewayServices.ALIAS_SERVICE);
            masterService = (MasterService) services.getService("MasterService");
        }
    }
    // crypto service, alias service and cluster name are mandatory
    if (cryptoService == null || aliasService == null || clusterName == null) {
        log.cryptoServiceAndAliasServiceAndClusterNameRequired();
        throw new ServletException("The crypto service, alias service and cluster name are required.");
    }
    try {
        aliasService.getPasswordFromAliasForCluster(clusterName, KnoxSessionStore.PAC4J_PASSWORD, true);
    } catch (AliasServiceException e) {
        log.unableToGenerateAPasswordForEncryption(e);
        throw new ServletException("Unable to generate a password for encryption.");
    }
    // url to SSO authentication provider
    String pac4jCallbackUrl = filterConfig.getInitParameter(PAC4J_CALLBACK_URL);
    if (pac4jCallbackUrl == null) {
        log.ssoAuthenticationProviderUrlRequired();
        throw new ServletException("Required pac4j callback URL is missing.");
    }
    // add the callback parameter to know it's a callback
    pac4jCallbackUrl = CommonHelper.addParameter(pac4jCallbackUrl, PAC4J_CALLBACK_PARAMETER, "true");
    final Config config;
    final String clientName;
    // client name from servlet parameter (mandatory)
    final String clientNameParameter = filterConfig.getInitParameter("clientName");
    if (clientNameParameter == null) {
        log.clientNameParameterRequired();
        throw new ServletException("Required pac4j clientName parameter is missing.");
    }
    if (TEST_BASIC_AUTH.equalsIgnoreCase(clientNameParameter)) {
        // test configuration
        final IndirectBasicAuthClient indirectBasicAuthClient = new IndirectBasicAuthClient(new SimpleTestUsernamePasswordAuthenticator());
        indirectBasicAuthClient.setRealmName("Knox TEST");
        config = new Config(pac4jCallbackUrl, indirectBasicAuthClient);
        clientName = "IndirectBasicAuthClient";
    } else {
        // get clients from the init parameters
        final Map<String, String> properties = new HashMap<>();
        final Enumeration<String> names = filterConfig.getInitParameterNames();
        addDefaultConfig(clientNameParameter, properties);
        while (names.hasMoreElements()) {
            final String key = names.nextElement();
            properties.put(key, filterConfig.getInitParameter(key));
        }
        final PropertiesConfigFactory propertiesConfigFactory = new PropertiesConfigFactory(pac4jCallbackUrl, properties);
        config = propertiesConfigFactory.build();
        final List<Client> clients = config.getClients().getClients();
        if (clients == null || clients.size() == 0) {
            log.atLeastOnePac4jClientMustBeDefined();
            throw new ServletException("At least one pac4j client must be defined.");
        }
        if (CommonHelper.isBlank(clientNameParameter)) {
            clientName = clients.get(0).getName();
        } else {
            clientName = clientNameParameter;
        }
    }
    callbackFilter = new CallbackFilter();
    callbackFilter.init(filterConfig);
    callbackFilter.setConfigOnly(config);
    securityFilter = new SecurityFilter();
    securityFilter.setClients(clientName);
    securityFilter.setConfigOnly(config);
    final String domainSuffix = filterConfig.getInitParameter(PAC4J_COOKIE_DOMAIN_SUFFIX_PARAM);
    final String sessionStoreVar = filterConfig.getInitParameter(PAC4J_SESSION_STORE);
    SessionStore sessionStore;
    if (!StringUtils.isBlank(sessionStoreVar) && J2ESessionStore.class.getName().contains(sessionStoreVar)) {
        sessionStore = new J2ESessionStore();
    } else {
        sessionStore = new KnoxSessionStore(cryptoService, clusterName, domainSuffix);
    }
    config.setSessionStore(sessionStore);
}
Also used : GatewayServices(org.apache.knox.gateway.services.GatewayServices) J2ESessionStore(org.pac4j.core.context.session.J2ESessionStore) KnoxSessionStore(org.apache.knox.gateway.pac4j.session.KnoxSessionStore) HashMap(java.util.HashMap) Config(org.pac4j.core.config.Config) AliasServiceException(org.apache.knox.gateway.services.security.AliasServiceException) KnoxSessionStore(org.apache.knox.gateway.pac4j.session.KnoxSessionStore) SessionStore(org.pac4j.core.context.session.SessionStore) J2ESessionStore(org.pac4j.core.context.session.J2ESessionStore) CryptoService(org.apache.knox.gateway.services.security.CryptoService) PropertiesConfigFactory(org.pac4j.config.client.PropertiesConfigFactory) SecurityFilter(org.pac4j.j2e.filter.SecurityFilter) CallbackFilter(org.pac4j.j2e.filter.CallbackFilter) Client(org.pac4j.core.client.Client) IndirectBasicAuthClient(org.pac4j.http.client.indirect.IndirectBasicAuthClient) IndirectBasicAuthClient(org.pac4j.http.client.indirect.IndirectBasicAuthClient) SimpleTestUsernamePasswordAuthenticator(org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator)

Example 2 with PropertiesConfigFactory

use of org.pac4j.config.client.PropertiesConfigFactory in project cas by apereo.

the class RestfulDelegatedClientFactory method build.

@Override
public Collection<Client> build() {
    val cachedClients = clientsCache.getIfPresent(casProperties.getServer().getName());
    if (cachedClients == null) {
        val restProperties = casProperties.getAuthn().getPac4j().getRest();
        val exec = HttpUtils.HttpExecutionRequest.builder().basicAuthPassword(restProperties.getBasicAuthPassword()).basicAuthUsername(restProperties.getBasicAuthUsername()).method(HttpMethod.valueOf(restProperties.getMethod().toUpperCase().trim())).url(restProperties.getUrl()).build();
        try {
            return FunctionUtils.doAndRetry(callback -> {
                val response = HttpUtils.execute(exec);
                try {
                    val statusCode = response.getStatusLine().getStatusCode();
                    if (!HttpStatus.valueOf(statusCode).is2xxSuccessful()) {
                        throw new RuntimeException("Unable to retrieve delegated clients with status code " + statusCode);
                    }
                    val result = IOUtils.toString(response.getEntity().getContent(), StandardCharsets.UTF_8);
                    val clients = MAPPER.readValue(JsonValue.readHjson(result).toString(), Map.class);
                    LOGGER.trace("Delegated clients received from [{}] are [{}]", restProperties.getUrl(), clients);
                    val callbackUrl = (String) clients.getOrDefault("callbackUrl", null);
                    val properties = (Map<String, String>) clients.getOrDefault("properties", new HashMap<String, String>(0));
                    val factory = new PropertiesConfigFactory(callbackUrl, properties);
                    val builtClients = factory.build().getClients().findAllClients();
                    clientsCache.put(casProperties.getServer().getName(), builtClients);
                    return builtClients;
                } finally {
                    HttpUtils.close(response);
                }
            });
        } catch (final Exception e) {
            LoggingUtils.warn(LOGGER, e);
        }
    }
    return ObjectUtils.defaultIfNull(cachedClients, new ArrayList<>());
}
Also used : lombok.val(lombok.val) HashMap(java.util.HashMap) PropertiesConfigFactory(org.pac4j.config.client.PropertiesConfigFactory) HashMap(java.util.HashMap) Map(java.util.Map)

Aggregations

HashMap (java.util.HashMap)2 PropertiesConfigFactory (org.pac4j.config.client.PropertiesConfigFactory)2 Map (java.util.Map)1 lombok.val (lombok.val)1 KnoxSessionStore (org.apache.knox.gateway.pac4j.session.KnoxSessionStore)1 GatewayServices (org.apache.knox.gateway.services.GatewayServices)1 AliasServiceException (org.apache.knox.gateway.services.security.AliasServiceException)1 CryptoService (org.apache.knox.gateway.services.security.CryptoService)1 Client (org.pac4j.core.client.Client)1 Config (org.pac4j.core.config.Config)1 J2ESessionStore (org.pac4j.core.context.session.J2ESessionStore)1 SessionStore (org.pac4j.core.context.session.SessionStore)1 IndirectBasicAuthClient (org.pac4j.http.client.indirect.IndirectBasicAuthClient)1 SimpleTestUsernamePasswordAuthenticator (org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator)1 CallbackFilter (org.pac4j.j2e.filter.CallbackFilter)1 SecurityFilter (org.pac4j.j2e.filter.SecurityFilter)1