Example 1 with Config
use of org.pac4j.core.config.Config in project cas by apereo.
the class CasSecurityContextConfiguration method config.
@RefreshScope
@Bean
public Config config() {
try {
final AdminPagesSecurityProperties adminProps = casProperties.getAdminPagesSecurity();
if (StringUtils.isNotBlank(adminProps.getLoginUrl()) && StringUtils.isNotBlank(adminProps.getService())) {
final CasConfiguration casConfig = new CasConfiguration(adminProps.getLoginUrl());
final DirectCasClient client = new DirectCasClient(casConfig);
client.setName(CAS_CLIENT_NAME);
final Config cfg = new Config(adminProps.getService(), client);
if (adminProps.getUsers() == null) {
LOGGER.warn("List of authorized users for admin pages security is not defined. " + "Allowing access for all authenticated users");
client.setAuthorizationGenerator(new DefaultCasAuthorizationGenerator<>());
cfg.setAuthorizer(new IsAuthenticatedAuthorizer());
} else {
final Resource file = ResourceUtils.prepareClasspathResourceIfNeeded(adminProps.getUsers());
if (file != null && file.exists()) {
LOGGER.debug("Loading list of authorized users from [{}]", file);
final Properties properties = new Properties();
properties.load(file.getInputStream());
client.setAuthorizationGenerator(new SpringSecurityPropertiesAuthorizationGenerator(properties));
cfg.setAuthorizer(new RequireAnyRoleAuthorizer(adminProps.getAdminRoles()));
}
}
return cfg;
}
} catch (final Exception e) {
LOGGER.warn(e.getMessage(), e);
}
return new Config();
}
Also used :
DirectCasClient(org.pac4j.cas.client.direct.DirectCasClient)
IsAuthenticatedAuthorizer(org.pac4j.core.authorization.authorizer.IsAuthenticatedAuthorizer)
SpringSecurityPropertiesAuthorizationGenerator(org.pac4j.core.authorization.generator.SpringSecurityPropertiesAuthorizationGenerator)
CasConfiguration(org.pac4j.cas.config.CasConfiguration)
Config(org.pac4j.core.config.Config)
Resource(org.springframework.core.io.Resource)
AdminPagesSecurityProperties(org.apereo.cas.configuration.model.core.web.security.AdminPagesSecurityProperties)
CasConfigurationProperties(org.apereo.cas.configuration.CasConfigurationProperties)
EnableConfigurationProperties(org.springframework.boot.context.properties.EnableConfigurationProperties)
Properties(java.util.Properties)
AdminPagesSecurityProperties(org.apereo.cas.configuration.model.core.web.security.AdminPagesSecurityProperties)
RequireAnyRoleAuthorizer(org.pac4j.core.authorization.authorizer.RequireAnyRoleAuthorizer)
RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope)
Bean(org.springframework.context.annotation.Bean)
Example 2 with Config
use of org.pac4j.core.config.Config in project cas by apereo.
the class CasSecurityContextConfiguration method requiresAuthenticationStatusAdminEndpointsInterceptor.
@RefreshScope
@Bean
public SecurityInterceptor requiresAuthenticationStatusAdminEndpointsInterceptor() {
final Config cfg = casAdminPagesPac4jConfig();
if (cfg.getClients() == null) {
return requiresAuthenticationStatusInterceptor();
}
final CasSecurityInterceptor interceptor = new CasSecurityInterceptor(cfg, CAS_CLIENT_NAME, "securityHeaders,csrfToken,".concat(getAuthorizerName()));
return interceptor;
}
Also used :
Config(org.pac4j.core.config.Config)
CasSecurityInterceptor(org.apereo.cas.web.pac4j.CasSecurityInterceptor)
RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope)
Bean(org.springframework.context.annotation.Bean)
Example 3 with Config
use of org.pac4j.core.config.Config in project cas by apereo.
the class CasSecurityContextConfiguration method requiresAuthenticationStatusInterceptor.
@RefreshScope
@Bean
public SecurityInterceptor requiresAuthenticationStatusInterceptor() {
final AdminPagesSecurityProperties secProps = casProperties.getAdminPagesSecurity();
final IpRegexpAuthenticator authn = new IpRegexpAuthenticator(secProps.getIp());
final IpClient ipClient = new IpClient(authn);
final Set<String> headerNames = org.springframework.util.StringUtils.commaDelimitedListToSet(secProps.getAlternateIpHeaderName());
final IpExtractor credentialsExtractor = new IpExtractor(headerNames.toArray(new String[] {}));
ipClient.setCredentialsExtractor(credentialsExtractor);
return new CasSecurityInterceptor(new Config(ipClient), ipClient.getClass().getSimpleName());
}
Also used :
IpRegexpAuthenticator(org.pac4j.http.credentials.authenticator.IpRegexpAuthenticator)
IpClient(org.pac4j.http.client.direct.IpClient)
IpExtractor(org.pac4j.http.credentials.extractor.IpExtractor)
Config(org.pac4j.core.config.Config)
CasSecurityInterceptor(org.apereo.cas.web.pac4j.CasSecurityInterceptor)
AdminPagesSecurityProperties(org.apereo.cas.configuration.model.core.web.security.AdminPagesSecurityProperties)
RefreshScope(org.springframework.cloud.context.config.annotation.RefreshScope)
Bean(org.springframework.context.annotation.Bean)
Example 4 with Config
use of org.pac4j.core.config.Config in project knox by apache.
the class Pac4jDispatcherFilter method init.
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// JWT service
final ServletContext context = filterConfig.getServletContext();
CryptoService cryptoService = null;
String clusterName = null;
if (context != null) {
GatewayServices services = (GatewayServices) context.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
clusterName = (String) context.getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE);
if (services != null) {
keystoreService = (KeystoreService) services.getService(GatewayServices.KEYSTORE_SERVICE);
cryptoService = (CryptoService) services.getService(GatewayServices.CRYPTO_SERVICE);
aliasService = (AliasService) services.getService(GatewayServices.ALIAS_SERVICE);
masterService = (MasterService) services.getService("MasterService");
}
}
// crypto service, alias service and cluster name are mandatory
if (cryptoService == null || aliasService == null || clusterName == null) {
log.cryptoServiceAndAliasServiceAndClusterNameRequired();
throw new ServletException("The crypto service, alias service and cluster name are required.");
}
try {
aliasService.getPasswordFromAliasForCluster(clusterName, KnoxSessionStore.PAC4J_PASSWORD, true);
} catch (AliasServiceException e) {
log.unableToGenerateAPasswordForEncryption(e);
throw new ServletException("Unable to generate a password for encryption.");
}
// url to SSO authentication provider
String pac4jCallbackUrl = filterConfig.getInitParameter(PAC4J_CALLBACK_URL);
if (pac4jCallbackUrl == null) {
log.ssoAuthenticationProviderUrlRequired();
throw new ServletException("Required pac4j callback URL is missing.");
}
// add the callback parameter to know it's a callback
pac4jCallbackUrl = CommonHelper.addParameter(pac4jCallbackUrl, PAC4J_CALLBACK_PARAMETER, "true");
final Config config;
final String clientName;
// client name from servlet parameter (mandatory)
final String clientNameParameter = filterConfig.getInitParameter("clientName");
if (clientNameParameter == null) {
log.clientNameParameterRequired();
throw new ServletException("Required pac4j clientName parameter is missing.");
}
if (TEST_BASIC_AUTH.equalsIgnoreCase(clientNameParameter)) {
// test configuration
final IndirectBasicAuthClient indirectBasicAuthClient = new IndirectBasicAuthClient(new SimpleTestUsernamePasswordAuthenticator());
indirectBasicAuthClient.setRealmName("Knox TEST");
config = new Config(pac4jCallbackUrl, indirectBasicAuthClient);
clientName = "IndirectBasicAuthClient";
} else {
// get clients from the init parameters
final Map<String, String> properties = new HashMap<>();
final Enumeration<String> names = filterConfig.getInitParameterNames();
addDefaultConfig(clientNameParameter, properties);
while (names.hasMoreElements()) {
final String key = names.nextElement();
properties.put(key, filterConfig.getInitParameter(key));
}
final PropertiesConfigFactory propertiesConfigFactory = new PropertiesConfigFactory(pac4jCallbackUrl, properties);
config = propertiesConfigFactory.build();
final List<Client> clients = config.getClients().getClients();
if (clients == null || clients.size() == 0) {
log.atLeastOnePac4jClientMustBeDefined();
throw new ServletException("At least one pac4j client must be defined.");
}
if (CommonHelper.isBlank(clientNameParameter)) {
clientName = clients.get(0).getName();
} else {
clientName = clientNameParameter;
}
}
callbackFilter = new CallbackFilter();
callbackFilter.init(filterConfig);
callbackFilter.setConfigOnly(config);
securityFilter = new SecurityFilter();
securityFilter.setClients(clientName);
securityFilter.setConfigOnly(config);
final String domainSuffix = filterConfig.getInitParameter(PAC4J_COOKIE_DOMAIN_SUFFIX_PARAM);
final String sessionStoreVar = filterConfig.getInitParameter(PAC4J_SESSION_STORE);
SessionStore sessionStore;
if (!StringUtils.isBlank(sessionStoreVar) && J2ESessionStore.class.getName().contains(sessionStoreVar)) {
sessionStore = new J2ESessionStore();
} else {
sessionStore = new KnoxSessionStore(cryptoService, clusterName, domainSuffix);
}
config.setSessionStore(sessionStore);
}
Also used :
GatewayServices(org.apache.knox.gateway.services.GatewayServices)
J2ESessionStore(org.pac4j.core.context.session.J2ESessionStore)
KnoxSessionStore(org.apache.knox.gateway.pac4j.session.KnoxSessionStore)
HashMap(java.util.HashMap)
Config(org.pac4j.core.config.Config)
AliasServiceException(org.apache.knox.gateway.services.security.AliasServiceException)
KnoxSessionStore(org.apache.knox.gateway.pac4j.session.KnoxSessionStore)
SessionStore(org.pac4j.core.context.session.SessionStore)
J2ESessionStore(org.pac4j.core.context.session.J2ESessionStore)
CryptoService(org.apache.knox.gateway.services.security.CryptoService)
PropertiesConfigFactory(org.pac4j.config.client.PropertiesConfigFactory)
SecurityFilter(org.pac4j.j2e.filter.SecurityFilter)
CallbackFilter(org.pac4j.j2e.filter.CallbackFilter)
Client(org.pac4j.core.client.Client)
IndirectBasicAuthClient(org.pac4j.http.client.indirect.IndirectBasicAuthClient)
IndirectBasicAuthClient(org.pac4j.http.client.indirect.IndirectBasicAuthClient)
SimpleTestUsernamePasswordAuthenticator(org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator)
Example 5 with Config
use of org.pac4j.core.config.Config in project pac4j by pac4j.
the class DefaultSecurityLogicTests method setUp.
@Before
public void setUp() {
logic = new DefaultSecurityLogic();
context = MockWebContext.create();
config = new Config();
securityGrantedAccessAdapter = (context, profiles, parameters) -> {
nbCall++;
return null;
};
httpActionAdapter = (code, ctx) -> null;
clients = null;
authorizers = null;
matchers = null;
multiProfile = null;
nbCall = 0;
}Aggregations
Config (org.pac4j.core.config.Config)14
Bean (org.springframework.context.annotation.Bean)7
RefreshScope (org.springframework.cloud.context.config.annotation.RefreshScope)5
CasConfiguration (org.pac4j.cas.config.CasConfiguration)4
AdminPagesSecurityProperties (org.apereo.cas.configuration.model.core.web.security.AdminPagesSecurityProperties)3
Before (org.junit.Before)3
CasClient (org.pac4j.cas.client.CasClient)3
DirectCasClient (org.pac4j.cas.client.direct.DirectCasClient)3
IsAuthenticatedAuthorizer (org.pac4j.core.authorization.authorizer.IsAuthenticatedAuthorizer)3
RequireAnyRoleAuthorizer (org.pac4j.core.authorization.authorizer.RequireAnyRoleAuthorizer)3
Clients (org.pac4j.core.client.Clients)3
HashMap (java.util.HashMap)2
Properties (java.util.Properties)2
CasConfigurationProperties (org.apereo.cas.configuration.CasConfigurationProperties)2
CasSecurityInterceptor (org.apereo.cas.web.pac4j.CasSecurityInterceptor)2
SpringSecurityPropertiesAuthorizationGenerator (org.pac4j.core.authorization.generator.SpringSecurityPropertiesAuthorizationGenerator)2
J2ESessionStore (org.pac4j.core.context.session.J2ESessionStore)2
UsernamePasswordCredentials (org.pac4j.core.credentials.UsernamePasswordCredentials)2
IndirectBasicAuthClient (org.pac4j.http.client.indirect.IndirectBasicAuthClient)2
SimpleTestUsernamePasswordAuthenticator (org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator)2
