Search in sources :

Example 1 with SpringSecurityPropertiesAuthorizationGenerator

use of org.pac4j.core.authorization.generator.SpringSecurityPropertiesAuthorizationGenerator in project cas by apereo.

the class CasSecurityContextConfiguration method config.

@RefreshScope
@Bean
public Config config() {
    try {
        final AdminPagesSecurityProperties adminProps = casProperties.getAdminPagesSecurity();
        if (StringUtils.isNotBlank(adminProps.getLoginUrl()) && StringUtils.isNotBlank(adminProps.getService())) {
            final CasConfiguration casConfig = new CasConfiguration(adminProps.getLoginUrl());
            final DirectCasClient client = new DirectCasClient(casConfig);
            client.setName(CAS_CLIENT_NAME);
            final Config cfg = new Config(adminProps.getService(), client);
            if (adminProps.getUsers() == null) {
                LOGGER.warn("List of authorized users for admin pages security is not defined. " + "Allowing access for all authenticated users");
                client.setAuthorizationGenerator(new DefaultCasAuthorizationGenerator<>());
                cfg.setAuthorizer(new IsAuthenticatedAuthorizer());
            } else {
                final Resource file = ResourceUtils.prepareClasspathResourceIfNeeded(adminProps.getUsers());
                if (file != null && file.exists()) {
                    LOGGER.debug("Loading list of authorized users from [{}]", file);
                    final Properties properties = new Properties();
                    properties.load(file.getInputStream());
                    client.setAuthorizationGenerator(new SpringSecurityPropertiesAuthorizationGenerator(properties));
                    cfg.setAuthorizer(new RequireAnyRoleAuthorizer(adminProps.getAdminRoles()));
                }
            }
            return cfg;
        }
    } catch (final Exception e) {
        LOGGER.warn(e.getMessage(), e);
    }
    return new Config();
}
Also used : DirectCasClient(org.pac4j.cas.client.direct.DirectCasClient) IsAuthenticatedAuthorizer(org.pac4j.core.authorization.authorizer.IsAuthenticatedAuthorizer) SpringSecurityPropertiesAuthorizationGenerator(org.pac4j.core.authorization.generator.SpringSecurityPropertiesAuthorizationGenerator) CasConfiguration(org.pac4j.cas.config.CasConfiguration) Config(org.pac4j.core.config.Config) Resource(org.springframework.core.io.Resource) AdminPagesSecurityProperties(org.apereo.cas.configuration.model.core.web.security.AdminPagesSecurityProperties) CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties) EnableConfigurationProperties(org.springframework.boot.context.properties.EnableConfigurationProperties) Properties(java.util.Properties) AdminPagesSecurityProperties(org.apereo.cas.configuration.model.core.web.security.AdminPagesSecurityProperties) RequireAnyRoleAuthorizer(org.pac4j.core.authorization.authorizer.RequireAnyRoleAuthorizer) RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope) Bean(org.springframework.context.annotation.Bean)

Example 2 with SpringSecurityPropertiesAuthorizationGenerator

use of org.pac4j.core.authorization.generator.SpringSecurityPropertiesAuthorizationGenerator in project cas by apereo.

the class CasSecurityContextConfiguration method casAdminPagesPac4jConfig.

@RefreshScope
@Bean
public Config casAdminPagesPac4jConfig() {
    try {
        final AdminPagesSecurityProperties adminProps = casProperties.getAdminPagesSecurity();
        if (StringUtils.isNotBlank(adminProps.getLoginUrl()) && StringUtils.isNotBlank(adminProps.getService())) {
            final CasConfiguration casConfig = new CasConfiguration(adminProps.getLoginUrl());
            final DirectCasClient client = new DirectCasClient(casConfig);
            client.setName(CAS_CLIENT_NAME);
            final Config cfg = new Config(adminProps.getService(), client);
            if (adminProps.getUsers() == null) {
                LOGGER.warn("List of authorized users for admin pages security is not defined. " + "Allowing access for all authenticated users");
                client.setAuthorizationGenerator(new DefaultCasAuthorizationGenerator<>());
                cfg.setAuthorizer(new IsAuthenticatedAuthorizer());
            } else {
                final Resource file = ResourceUtils.prepareClasspathResourceIfNeeded(adminProps.getUsers());
                if (file != null && file.exists()) {
                    LOGGER.debug("Loading list of authorized users from [{}]", file);
                    final Properties properties = new Properties();
                    properties.load(file.getInputStream());
                    client.setAuthorizationGenerator(new SpringSecurityPropertiesAuthorizationGenerator(properties));
                    cfg.setAuthorizer(new RequireAnyRoleAuthorizer(adminProps.getAdminRoles()));
                }
            }
            return cfg;
        }
    } catch (final Exception e) {
        LOGGER.warn(e.getMessage(), e);
    }
    return new Config();
}
Also used : DirectCasClient(org.pac4j.cas.client.direct.DirectCasClient) IsAuthenticatedAuthorizer(org.pac4j.core.authorization.authorizer.IsAuthenticatedAuthorizer) SpringSecurityPropertiesAuthorizationGenerator(org.pac4j.core.authorization.generator.SpringSecurityPropertiesAuthorizationGenerator) CasConfiguration(org.pac4j.cas.config.CasConfiguration) Config(org.pac4j.core.config.Config) Resource(org.springframework.core.io.Resource) AdminPagesSecurityProperties(org.apereo.cas.configuration.model.core.web.security.AdminPagesSecurityProperties) CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties) EnableConfigurationProperties(org.springframework.boot.context.properties.EnableConfigurationProperties) Properties(java.util.Properties) AdminPagesSecurityProperties(org.apereo.cas.configuration.model.core.web.security.AdminPagesSecurityProperties) RequireAnyRoleAuthorizer(org.pac4j.core.authorization.authorizer.RequireAnyRoleAuthorizer) RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope) Bean(org.springframework.context.annotation.Bean)

Aggregations

Properties (java.util.Properties)2 CasConfigurationProperties (org.apereo.cas.configuration.CasConfigurationProperties)2 AdminPagesSecurityProperties (org.apereo.cas.configuration.model.core.web.security.AdminPagesSecurityProperties)2 DirectCasClient (org.pac4j.cas.client.direct.DirectCasClient)2 CasConfiguration (org.pac4j.cas.config.CasConfiguration)2 IsAuthenticatedAuthorizer (org.pac4j.core.authorization.authorizer.IsAuthenticatedAuthorizer)2 RequireAnyRoleAuthorizer (org.pac4j.core.authorization.authorizer.RequireAnyRoleAuthorizer)2 SpringSecurityPropertiesAuthorizationGenerator (org.pac4j.core.authorization.generator.SpringSecurityPropertiesAuthorizationGenerator)2 Config (org.pac4j.core.config.Config)2 EnableConfigurationProperties (org.springframework.boot.context.properties.EnableConfigurationProperties)2 RefreshScope (org.springframework.cloud.context.config.annotation.RefreshScope)2 Bean (org.springframework.context.annotation.Bean)2 Resource (org.springframework.core.io.Resource)2