Search in sources :

Example 1 with J2ESessionStore

use of org.pac4j.core.context.session.J2ESessionStore in project knox by apache.

the class Pac4jDispatcherFilter method init.

@Override
public void init(FilterConfig filterConfig) throws ServletException {
    // JWT service
    final ServletContext context = filterConfig.getServletContext();
    CryptoService cryptoService = null;
    String clusterName = null;
    if (context != null) {
        GatewayServices services = (GatewayServices) context.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
        clusterName = (String) context.getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE);
        if (services != null) {
            keystoreService = (KeystoreService) services.getService(GatewayServices.KEYSTORE_SERVICE);
            cryptoService = (CryptoService) services.getService(GatewayServices.CRYPTO_SERVICE);
            aliasService = (AliasService) services.getService(GatewayServices.ALIAS_SERVICE);
            masterService = (MasterService) services.getService("MasterService");
        }
    }
    // crypto service, alias service and cluster name are mandatory
    if (cryptoService == null || aliasService == null || clusterName == null) {
        log.cryptoServiceAndAliasServiceAndClusterNameRequired();
        throw new ServletException("The crypto service, alias service and cluster name are required.");
    }
    try {
        aliasService.getPasswordFromAliasForCluster(clusterName, KnoxSessionStore.PAC4J_PASSWORD, true);
    } catch (AliasServiceException e) {
        log.unableToGenerateAPasswordForEncryption(e);
        throw new ServletException("Unable to generate a password for encryption.");
    }
    // url to SSO authentication provider
    String pac4jCallbackUrl = filterConfig.getInitParameter(PAC4J_CALLBACK_URL);
    if (pac4jCallbackUrl == null) {
        log.ssoAuthenticationProviderUrlRequired();
        throw new ServletException("Required pac4j callback URL is missing.");
    }
    // add the callback parameter to know it's a callback
    pac4jCallbackUrl = CommonHelper.addParameter(pac4jCallbackUrl, PAC4J_CALLBACK_PARAMETER, "true");
    final Config config;
    final String clientName;
    // client name from servlet parameter (mandatory)
    final String clientNameParameter = filterConfig.getInitParameter("clientName");
    if (clientNameParameter == null) {
        log.clientNameParameterRequired();
        throw new ServletException("Required pac4j clientName parameter is missing.");
    }
    if (TEST_BASIC_AUTH.equalsIgnoreCase(clientNameParameter)) {
        // test configuration
        final IndirectBasicAuthClient indirectBasicAuthClient = new IndirectBasicAuthClient(new SimpleTestUsernamePasswordAuthenticator());
        indirectBasicAuthClient.setRealmName("Knox TEST");
        config = new Config(pac4jCallbackUrl, indirectBasicAuthClient);
        clientName = "IndirectBasicAuthClient";
    } else {
        // get clients from the init parameters
        final Map<String, String> properties = new HashMap<>();
        final Enumeration<String> names = filterConfig.getInitParameterNames();
        addDefaultConfig(clientNameParameter, properties);
        while (names.hasMoreElements()) {
            final String key = names.nextElement();
            properties.put(key, filterConfig.getInitParameter(key));
        }
        final PropertiesConfigFactory propertiesConfigFactory = new PropertiesConfigFactory(pac4jCallbackUrl, properties);
        config = propertiesConfigFactory.build();
        final List<Client> clients = config.getClients().getClients();
        if (clients == null || clients.size() == 0) {
            log.atLeastOnePac4jClientMustBeDefined();
            throw new ServletException("At least one pac4j client must be defined.");
        }
        if (CommonHelper.isBlank(clientNameParameter)) {
            clientName = clients.get(0).getName();
        } else {
            clientName = clientNameParameter;
        }
    }
    callbackFilter = new CallbackFilter();
    callbackFilter.init(filterConfig);
    callbackFilter.setConfigOnly(config);
    securityFilter = new SecurityFilter();
    securityFilter.setClients(clientName);
    securityFilter.setConfigOnly(config);
    final String domainSuffix = filterConfig.getInitParameter(PAC4J_COOKIE_DOMAIN_SUFFIX_PARAM);
    final String sessionStoreVar = filterConfig.getInitParameter(PAC4J_SESSION_STORE);
    SessionStore sessionStore;
    if (!StringUtils.isBlank(sessionStoreVar) && J2ESessionStore.class.getName().contains(sessionStoreVar)) {
        sessionStore = new J2ESessionStore();
    } else {
        sessionStore = new KnoxSessionStore(cryptoService, clusterName, domainSuffix);
    }
    config.setSessionStore(sessionStore);
}
Also used : GatewayServices(org.apache.knox.gateway.services.GatewayServices) J2ESessionStore(org.pac4j.core.context.session.J2ESessionStore) KnoxSessionStore(org.apache.knox.gateway.pac4j.session.KnoxSessionStore) HashMap(java.util.HashMap) Config(org.pac4j.core.config.Config) AliasServiceException(org.apache.knox.gateway.services.security.AliasServiceException) KnoxSessionStore(org.apache.knox.gateway.pac4j.session.KnoxSessionStore) SessionStore(org.pac4j.core.context.session.SessionStore) J2ESessionStore(org.pac4j.core.context.session.J2ESessionStore) CryptoService(org.apache.knox.gateway.services.security.CryptoService) PropertiesConfigFactory(org.pac4j.config.client.PropertiesConfigFactory) SecurityFilter(org.pac4j.j2e.filter.SecurityFilter) CallbackFilter(org.pac4j.j2e.filter.CallbackFilter) Client(org.pac4j.core.client.Client) IndirectBasicAuthClient(org.pac4j.http.client.indirect.IndirectBasicAuthClient) IndirectBasicAuthClient(org.pac4j.http.client.indirect.IndirectBasicAuthClient) SimpleTestUsernamePasswordAuthenticator(org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator)

Example 2 with J2ESessionStore

use of org.pac4j.core.context.session.J2ESessionStore in project cas by apereo.

the class CasOAuthConfiguration method oauthSecConfig.

@Bean
public Config oauthSecConfig() {
    final CasConfiguration cfg = new CasConfiguration(casProperties.getServer().getLoginUrl());
    final CasClient oauthCasClient = new CasClient(cfg);
    oauthCasClient.setRedirectActionBuilder(webContext -> oauthCasClientRedirectActionBuilder().build(oauthCasClient, webContext));
    oauthCasClient.setName(Authenticators.CAS_OAUTH_CLIENT);
    oauthCasClient.setUrlResolver(casCallbackUrlResolver());
    final Authenticator authenticator = oAuthClientAuthenticator();
    final DirectBasicAuthClient basicAuthClient = new DirectBasicAuthClient(authenticator);
    basicAuthClient.setName(Authenticators.CAS_OAUTH_CLIENT_BASIC_AUTHN);
    final DirectFormClient directFormClient = new DirectFormClient(authenticator);
    directFormClient.setName(Authenticators.CAS_OAUTH_CLIENT_DIRECT_FORM);
    directFormClient.setUsernameParameter(CLIENT_ID);
    directFormClient.setPasswordParameter(CLIENT_SECRET);
    final DirectFormClient userFormClient = new DirectFormClient(oAuthUserAuthenticator());
    userFormClient.setName(Authenticators.CAS_OAUTH_CLIENT_USER_FORM);
    final Config config = new Config(OAuth20Utils.casOAuthCallbackUrl(casProperties.getServer().getPrefix()), oauthCasClient, basicAuthClient, directFormClient, userFormClient);
    config.setSessionStore(new J2ESessionStore());
    return config;
}
Also used : J2ESessionStore(org.pac4j.core.context.session.J2ESessionStore) DirectFormClient(org.pac4j.http.client.direct.DirectFormClient) CasConfiguration(org.pac4j.cas.config.CasConfiguration) Config(org.pac4j.core.config.Config) DirectBasicAuthClient(org.pac4j.http.client.direct.DirectBasicAuthClient) OAuth20ClientAuthenticator(org.apereo.cas.support.oauth.authenticator.OAuth20ClientAuthenticator) Authenticator(org.pac4j.core.credentials.authenticator.Authenticator) OAuth20UserAuthenticator(org.apereo.cas.support.oauth.authenticator.OAuth20UserAuthenticator) CasClient(org.pac4j.cas.client.CasClient) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) Bean(org.springframework.context.annotation.Bean)

Aggregations

Config (org.pac4j.core.config.Config)2 J2ESessionStore (org.pac4j.core.context.session.J2ESessionStore)2 HashMap (java.util.HashMap)1 KnoxSessionStore (org.apache.knox.gateway.pac4j.session.KnoxSessionStore)1 GatewayServices (org.apache.knox.gateway.services.GatewayServices)1 AliasServiceException (org.apache.knox.gateway.services.security.AliasServiceException)1 CryptoService (org.apache.knox.gateway.services.security.CryptoService)1 OAuth20ClientAuthenticator (org.apereo.cas.support.oauth.authenticator.OAuth20ClientAuthenticator)1 OAuth20UserAuthenticator (org.apereo.cas.support.oauth.authenticator.OAuth20UserAuthenticator)1 CasClient (org.pac4j.cas.client.CasClient)1 CasConfiguration (org.pac4j.cas.config.CasConfiguration)1 PropertiesConfigFactory (org.pac4j.config.client.PropertiesConfigFactory)1 Client (org.pac4j.core.client.Client)1 SessionStore (org.pac4j.core.context.session.SessionStore)1 Authenticator (org.pac4j.core.credentials.authenticator.Authenticator)1 DirectBasicAuthClient (org.pac4j.http.client.direct.DirectBasicAuthClient)1 DirectFormClient (org.pac4j.http.client.direct.DirectFormClient)1 IndirectBasicAuthClient (org.pac4j.http.client.indirect.IndirectBasicAuthClient)1 SimpleTestUsernamePasswordAuthenticator (org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator)1 CallbackFilter (org.pac4j.j2e.filter.CallbackFilter)1