Search in sources :

Example 1 with IndirectBasicAuthClient

use of org.pac4j.http.client.indirect.IndirectBasicAuthClient in project knox by apache.

the class Pac4jDispatcherFilter method init.

@Override
public void init(FilterConfig filterConfig) throws ServletException {
    // JWT service
    final ServletContext context = filterConfig.getServletContext();
    CryptoService cryptoService = null;
    String clusterName = null;
    if (context != null) {
        GatewayServices services = (GatewayServices) context.getAttribute(GatewayServices.GATEWAY_SERVICES_ATTRIBUTE);
        clusterName = (String) context.getAttribute(GatewayServices.GATEWAY_CLUSTER_ATTRIBUTE);
        if (services != null) {
            keystoreService = (KeystoreService) services.getService(GatewayServices.KEYSTORE_SERVICE);
            cryptoService = (CryptoService) services.getService(GatewayServices.CRYPTO_SERVICE);
            aliasService = (AliasService) services.getService(GatewayServices.ALIAS_SERVICE);
            masterService = (MasterService) services.getService("MasterService");
        }
    }
    // crypto service, alias service and cluster name are mandatory
    if (cryptoService == null || aliasService == null || clusterName == null) {
        log.cryptoServiceAndAliasServiceAndClusterNameRequired();
        throw new ServletException("The crypto service, alias service and cluster name are required.");
    }
    try {
        aliasService.getPasswordFromAliasForCluster(clusterName, KnoxSessionStore.PAC4J_PASSWORD, true);
    } catch (AliasServiceException e) {
        log.unableToGenerateAPasswordForEncryption(e);
        throw new ServletException("Unable to generate a password for encryption.");
    }
    // url to SSO authentication provider
    String pac4jCallbackUrl = filterConfig.getInitParameter(PAC4J_CALLBACK_URL);
    if (pac4jCallbackUrl == null) {
        log.ssoAuthenticationProviderUrlRequired();
        throw new ServletException("Required pac4j callback URL is missing.");
    }
    // add the callback parameter to know it's a callback
    pac4jCallbackUrl = CommonHelper.addParameter(pac4jCallbackUrl, PAC4J_CALLBACK_PARAMETER, "true");
    final Config config;
    final String clientName;
    // client name from servlet parameter (mandatory)
    final String clientNameParameter = filterConfig.getInitParameter("clientName");
    if (clientNameParameter == null) {
        log.clientNameParameterRequired();
        throw new ServletException("Required pac4j clientName parameter is missing.");
    }
    if (TEST_BASIC_AUTH.equalsIgnoreCase(clientNameParameter)) {
        // test configuration
        final IndirectBasicAuthClient indirectBasicAuthClient = new IndirectBasicAuthClient(new SimpleTestUsernamePasswordAuthenticator());
        indirectBasicAuthClient.setRealmName("Knox TEST");
        config = new Config(pac4jCallbackUrl, indirectBasicAuthClient);
        clientName = "IndirectBasicAuthClient";
    } else {
        // get clients from the init parameters
        final Map<String, String> properties = new HashMap<>();
        final Enumeration<String> names = filterConfig.getInitParameterNames();
        addDefaultConfig(clientNameParameter, properties);
        while (names.hasMoreElements()) {
            final String key = names.nextElement();
            properties.put(key, filterConfig.getInitParameter(key));
        }
        final PropertiesConfigFactory propertiesConfigFactory = new PropertiesConfigFactory(pac4jCallbackUrl, properties);
        config = propertiesConfigFactory.build();
        final List<Client> clients = config.getClients().getClients();
        if (clients == null || clients.size() == 0) {
            log.atLeastOnePac4jClientMustBeDefined();
            throw new ServletException("At least one pac4j client must be defined.");
        }
        if (CommonHelper.isBlank(clientNameParameter)) {
            clientName = clients.get(0).getName();
        } else {
            clientName = clientNameParameter;
        }
    }
    callbackFilter = new CallbackFilter();
    callbackFilter.init(filterConfig);
    callbackFilter.setConfigOnly(config);
    securityFilter = new SecurityFilter();
    securityFilter.setClients(clientName);
    securityFilter.setConfigOnly(config);
    final String domainSuffix = filterConfig.getInitParameter(PAC4J_COOKIE_DOMAIN_SUFFIX_PARAM);
    final String sessionStoreVar = filterConfig.getInitParameter(PAC4J_SESSION_STORE);
    SessionStore sessionStore;
    if (!StringUtils.isBlank(sessionStoreVar) && J2ESessionStore.class.getName().contains(sessionStoreVar)) {
        sessionStore = new J2ESessionStore();
    } else {
        sessionStore = new KnoxSessionStore(cryptoService, clusterName, domainSuffix);
    }
    config.setSessionStore(sessionStore);
}
Also used : GatewayServices(org.apache.knox.gateway.services.GatewayServices) J2ESessionStore(org.pac4j.core.context.session.J2ESessionStore) KnoxSessionStore(org.apache.knox.gateway.pac4j.session.KnoxSessionStore) HashMap(java.util.HashMap) Config(org.pac4j.core.config.Config) AliasServiceException(org.apache.knox.gateway.services.security.AliasServiceException) KnoxSessionStore(org.apache.knox.gateway.pac4j.session.KnoxSessionStore) SessionStore(org.pac4j.core.context.session.SessionStore) J2ESessionStore(org.pac4j.core.context.session.J2ESessionStore) CryptoService(org.apache.knox.gateway.services.security.CryptoService) PropertiesConfigFactory(org.pac4j.config.client.PropertiesConfigFactory) SecurityFilter(org.pac4j.j2e.filter.SecurityFilter) CallbackFilter(org.pac4j.j2e.filter.CallbackFilter) Client(org.pac4j.core.client.Client) IndirectBasicAuthClient(org.pac4j.http.client.indirect.IndirectBasicAuthClient) IndirectBasicAuthClient(org.pac4j.http.client.indirect.IndirectBasicAuthClient) SimpleTestUsernamePasswordAuthenticator(org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator)

Example 2 with IndirectBasicAuthClient

use of org.pac4j.http.client.indirect.IndirectBasicAuthClient in project pac4j by pac4j.

the class PropertiesConfigFactoryTests method test.

@Test
public void test() {
    final Map<String, String> properties = new HashMap<>();
    properties.put(FACEBOOK_ID, ID);
    properties.put(FACEBOOK_SECRET, SECRET);
    properties.put(TWITTER_ID, ID);
    properties.put(TWITTER_SECRET, SECRET);
    properties.put(CAS_LOGIN_URL, CALLBACK_URL);
    properties.put(CAS_PROTOCOL, CasProtocol.CAS20.toString());
    properties.put(SAML_KEYSTORE_PASSWORD, PASSWORD);
    properties.put(SAML_PRIVATE_KEY_PASSWORD, PASSWORD);
    properties.put(SAML_KEYSTORE_PATH, PATH);
    properties.put(SAML_IDENTITY_PROVIDER_METADATA_PATH, PATH);
    properties.put(SAML_DESTINATION_BINDING_TYPE, SAMLConstants.SAML2_REDIRECT_BINDING_URI);
    properties.put(SAML_KEYSTORE_ALIAS, VALUE);
    properties.put(OIDC_ID, ID);
    properties.put(OIDC_SECRET, SECRET);
    properties.put(OIDC_DISCOVERY_URI, CALLBACK_URL);
    properties.put(OIDC_USE_NONCE, "true");
    properties.put(OIDC_PREFERRED_JWS_ALGORITHM, "RS384");
    properties.put(OIDC_MAX_CLOCK_SKEW, "60");
    properties.put(OIDC_CLIENT_AUTHENTICATION_METHOD, "CLIENT_SECRET_POST");
    properties.put(OIDC_CUSTOM_PARAM_KEY + "1", KEY);
    properties.put(OIDC_CUSTOM_PARAM_VALUE + "1", VALUE);
    properties.put(CAS_LOGIN_URL.concat(".1"), LOGIN_URL);
    properties.put(CAS_PROTOCOL.concat(".1"), CasProtocol.CAS30.toString());
    properties.put(OIDC_TYPE.concat(".1"), "google");
    properties.put(OIDC_ID.concat(".1"), ID);
    properties.put(OIDC_SECRET.concat(".1"), SECRET);
    properties.put(ANONYMOUS, "whatever the value");
    properties.put(FORMCLIENT_LOGIN_URL, LOGIN_URL);
    properties.put(FORMCLIENT_AUTHENTICATOR, "testUsernamePassword");
    properties.put(INDIRECTBASICAUTH_AUTHENTICATOR.concat(".2"), "testUsernamePassword");
    properties.put(LDAP_TYPE, "direct");
    properties.put(LDAP_URL, "ldap://localhost:" + PORT);
    properties.put(LDAP_USE_SSL, "false");
    properties.put(LDAP_USE_START_TLS, "false");
    properties.put(LDAP_DN_FORMAT, CN + "=%s," + BASE_PEOPLE_DN);
    properties.put(LDAP_USERS_DN, BASE_PEOPLE_DN);
    properties.put(LDAP_PRINCIPAL_ATTRIBUTE_ID, CN);
    properties.put(LDAP_ATTRIBUTES, SN + "," + ROLE);
    properties.put(FORMCLIENT_LOGIN_URL.concat(".2"), PAC4J_BASE_URL);
    properties.put(FORMCLIENT_AUTHENTICATOR.concat(".2"), "ldap");
    properties.put(SPRING_ENCODER_TYPE.concat(".4"), "standard");
    properties.put(SPRING_ENCODER_STANDARD_SECRET.concat(".4"), SALT);
    properties.put(DB_JDBC_URL, "jdbc:h2:mem:test");
    properties.put(DB_USERNAME, Pac4jConstants.USERNAME);
    properties.put(DB_PASSWORD, Pac4jConstants.PASSWORD);
    properties.put(DB_USERNAME_ATTRIBUTE, Pac4jConstants.USERNAME);
    properties.put(DB_USER_PASSWORD_ATTRIBUTE, Pac4jConstants.PASSWORD);
    properties.put(DB_ATTRIBUTES, FIRSTNAME);
    properties.put(DB_PASSWORD_ENCODER, "encoder.spring.4");
    properties.put(INDIRECTBASICAUTH_AUTHENTICATOR.concat(".5"), "db");
    properties.put(REST_URL.concat(".3"), PAC4J_BASE_URL);
    properties.put(DIRECTBASICAUTH_AUTHENTICATOR.concat(".7"), "rest.3");
    LdapServer ldapServer = null;
    try {
        ldapServer = new LdapServer();
        ldapServer.start();
        new DbServer();
        final PropertiesConfigFactory factory = new PropertiesConfigFactory(CALLBACK_URL, properties);
        final Config config = factory.build();
        final Clients clients = config.getClients();
        assertEquals(13, clients.getClients().size());
        final FacebookClient fbClient = (FacebookClient) clients.findClient("FacebookClient");
        assertEquals(ID, fbClient.getKey());
        assertEquals(SECRET, fbClient.getSecret());
        assertNotNull(clients.findClient("AnonymousClient"));
        final TwitterClient twClient = (TwitterClient) clients.findClient("TwitterClient");
        assertEquals(ID, twClient.getKey());
        assertEquals(SECRET, twClient.getSecret());
        final CasClient casClient = (CasClient) clients.findClient("CasClient");
        assertEquals(CALLBACK_URL, casClient.getConfiguration().getLoginUrl());
        assertEquals(CasProtocol.CAS20, casClient.getConfiguration().getProtocol());
        final SAML2Client saml2client = (SAML2Client) clients.findClient("SAML2Client");
        assertNotNull(saml2client);
        final SAML2ClientConfiguration saml2Config = saml2client.getConfiguration();
        assertEquals(SAMLConstants.SAML2_REDIRECT_BINDING_URI, saml2Config.getDestinationBindingType());
        assertEquals(VALUE, saml2Config.getKeyStoreAlias());
        final OidcClient oidcClient = (OidcClient) clients.findClient("OidcClient");
        assertNotNull(oidcClient);
        assertEquals(ClientAuthenticationMethod.CLIENT_SECRET_POST.toString(), oidcClient.getConfiguration().getClientAuthenticationMethod().toString().toLowerCase());
        final CasClient casClient1 = (CasClient) clients.findClient("CasClient.1");
        assertEquals(CasProtocol.CAS30, casClient1.getConfiguration().getProtocol());
        final GoogleOidcClient googleOidcClient = (GoogleOidcClient) clients.findClient("GoogleOidcClient.1");
        googleOidcClient.init();
        assertEquals(ID, googleOidcClient.getConfiguration().getClientId());
        assertEquals(SECRET, googleOidcClient.getConfiguration().getSecret());
        assertEquals("https://accounts.google.com/.well-known/openid-configuration", googleOidcClient.getConfiguration().getDiscoveryURI());
        assertEquals(CALLBACK_URL + "?client_name=GoogleOidcClient.1", googleOidcClient.getCallbackUrlResolver().compute(googleOidcClient.getUrlResolver(), googleOidcClient.getCallbackUrl(), googleOidcClient.getName(), MockWebContext.create()));
        final FormClient formClient = (FormClient) clients.findClient("FormClient");
        assertEquals(LOGIN_URL, formClient.getLoginUrl());
        assertTrue(formClient.getAuthenticator() instanceof SimpleTestUsernamePasswordAuthenticator);
        final FormClient formClient2 = (FormClient) clients.findClient("FormClient.2");
        assertEquals(PAC4J_BASE_URL, formClient2.getLoginUrl());
        assertTrue(formClient2.getAuthenticator() instanceof LdapProfileService);
        final LdapProfileService ldapAuthenticator = (LdapProfileService) formClient2.getAuthenticator();
        final UsernamePasswordCredentials ldapCredentials = new UsernamePasswordCredentials(GOOD_USERNAME, PASSWORD);
        ldapAuthenticator.validate(ldapCredentials, MockWebContext.create());
        assertNotNull(ldapCredentials.getUserProfile());
        final IndirectBasicAuthClient indirectBasicAuthClient = (IndirectBasicAuthClient) clients.findClient("IndirectBasicAuthClient.2");
        assertEquals("authentication required", indirectBasicAuthClient.getRealmName());
        assertTrue(indirectBasicAuthClient.getAuthenticator() instanceof SimpleTestUsernamePasswordAuthenticator);
        final IndirectBasicAuthClient indirectBasicAuthClient2 = (IndirectBasicAuthClient) clients.findClient("IndirectBasicAuthClient.5");
        assertTrue(indirectBasicAuthClient2.getAuthenticator() instanceof DbProfileService);
        final DbProfileService dbAuthenticator = (DbProfileService) indirectBasicAuthClient2.getAuthenticator();
        assertNotNull(dbAuthenticator);
        final UsernamePasswordCredentials dbCredentials = new UsernamePasswordCredentials(GOOD_USERNAME, PASSWORD);
        dbAuthenticator.validate(dbCredentials, MockWebContext.create());
        assertNotNull(dbCredentials.getUserProfile());
        final DirectBasicAuthClient directBasicAuthClient = (DirectBasicAuthClient) clients.findClient("DirectBasicAuthClient.7");
        assertNotNull(directBasicAuthClient);
        final RestAuthenticator restAuthenticator = (RestAuthenticator) directBasicAuthClient.getAuthenticator();
        assertEquals(PAC4J_BASE_URL, restAuthenticator.getUrl());
    } finally {
        if (ldapServer != null) {
            ldapServer.stop();
        }
    }
}
Also used : TwitterClient(org.pac4j.oauth.client.TwitterClient) HashMap(java.util.HashMap) Config(org.pac4j.core.config.Config) FacebookClient(org.pac4j.oauth.client.FacebookClient) FormClient(org.pac4j.http.client.indirect.FormClient) SAML2ClientConfiguration(org.pac4j.saml.client.SAML2ClientConfiguration) GoogleOidcClient(org.pac4j.oidc.client.GoogleOidcClient) DirectBasicAuthClient(org.pac4j.http.client.direct.DirectBasicAuthClient) Clients(org.pac4j.core.client.Clients) RestAuthenticator(org.pac4j.http.credentials.authenticator.RestAuthenticator) UsernamePasswordCredentials(org.pac4j.core.credentials.UsernamePasswordCredentials) LdapServer(org.pac4j.ldap.test.tools.LdapServer) OidcClient(org.pac4j.oidc.client.OidcClient) GoogleOidcClient(org.pac4j.oidc.client.GoogleOidcClient) DbProfileService(org.pac4j.sql.profile.service.DbProfileService) DbServer(org.pac4j.sql.test.tools.DbServer) SAML2Client(org.pac4j.saml.client.SAML2Client) CasClient(org.pac4j.cas.client.CasClient) SimpleTestUsernamePasswordAuthenticator(org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator) LdapProfileService(org.pac4j.ldap.profile.service.LdapProfileService) IndirectBasicAuthClient(org.pac4j.http.client.indirect.IndirectBasicAuthClient) Test(org.junit.Test)

Example 3 with IndirectBasicAuthClient

use of org.pac4j.http.client.indirect.IndirectBasicAuthClient in project pac4j by pac4j.

the class IndirectHttpClientBuilder method tryCreateIndirectBasciAuthClient.

public void tryCreateIndirectBasciAuthClient(final List<Client> clients) {
    for (int i = 0; i <= MAX_NUM_CLIENTS; i++) {
        final String authenticator = getProperty(INDIRECTBASICAUTH_AUTHENTICATOR, i);
        if (isNotBlank(authenticator)) {
            final IndirectBasicAuthClient indirectBasicAuthClient = new IndirectBasicAuthClient();
            indirectBasicAuthClient.setAuthenticator(getAuthenticator(authenticator));
            if (containsProperty(INDIRECTBASICAUTH_REALM_NAME, i)) {
                indirectBasicAuthClient.setRealmName(getProperty(INDIRECTBASICAUTH_REALM_NAME, i));
            }
            indirectBasicAuthClient.setName(concat(indirectBasicAuthClient.getName(), i));
            clients.add(indirectBasicAuthClient);
        }
    }
}
Also used : IndirectBasicAuthClient(org.pac4j.http.client.indirect.IndirectBasicAuthClient)

Aggregations

IndirectBasicAuthClient (org.pac4j.http.client.indirect.IndirectBasicAuthClient)3 HashMap (java.util.HashMap)2 Config (org.pac4j.core.config.Config)2 SimpleTestUsernamePasswordAuthenticator (org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator)2 KnoxSessionStore (org.apache.knox.gateway.pac4j.session.KnoxSessionStore)1 GatewayServices (org.apache.knox.gateway.services.GatewayServices)1 AliasServiceException (org.apache.knox.gateway.services.security.AliasServiceException)1 CryptoService (org.apache.knox.gateway.services.security.CryptoService)1 Test (org.junit.Test)1 CasClient (org.pac4j.cas.client.CasClient)1 PropertiesConfigFactory (org.pac4j.config.client.PropertiesConfigFactory)1 Client (org.pac4j.core.client.Client)1 Clients (org.pac4j.core.client.Clients)1 J2ESessionStore (org.pac4j.core.context.session.J2ESessionStore)1 SessionStore (org.pac4j.core.context.session.SessionStore)1 UsernamePasswordCredentials (org.pac4j.core.credentials.UsernamePasswordCredentials)1 DirectBasicAuthClient (org.pac4j.http.client.direct.DirectBasicAuthClient)1 FormClient (org.pac4j.http.client.indirect.FormClient)1 RestAuthenticator (org.pac4j.http.credentials.authenticator.RestAuthenticator)1 CallbackFilter (org.pac4j.j2e.filter.CallbackFilter)1