diff --git a/backend/Dockerfile b/backend/Dockerfile index 08c66d341..12b7f9775 100644 --- a/backend/Dockerfile +++ b/backend/Dockerfile @@ -3,7 +3,6 @@ FROM gcr.io/distroless/java ARG JAR_FILE COPY ${JAR_FILE} app.jar -COPY loader.properties loader.properties EXPOSE 8080 diff --git a/backend/build.gradle b/backend/build.gradle index 64f8a7e10..39203eae4 100644 --- a/backend/build.gradle +++ b/backend/build.gradle @@ -210,6 +210,9 @@ dependencies { // Envers for persistent entities versioning compile 'org.hibernate:hibernate-envers' + //Pacj4 sub-project + runtimeOnly project(':pac4j-module') + enversTestCompile sourceSets.main.output enversTestCompile sourceSets.test.output enversTestCompile configurations.compile @@ -367,7 +370,6 @@ docker { pull true noCache true files tasks.bootJar.outputs - files 'src/main/docker-files/loader.properties' buildArgs(['JAR_FILE': "shibui-${version}.jar"]) } diff --git a/backend/src/main/resources/application.properties b/backend/src/main/resources/application.properties index 909b2943a..c55eeca2a 100644 --- a/backend/src/main/resources/application.properties +++ b/backend/src/main/resources/application.properties @@ -84,3 +84,8 @@ shibui.mail.html.email-template-path-prefix=/mail/html/ shibui.mail.system-email-address=doNotReply@shibui.org shibui.roles=ROLE_ADMIN,ROLE_USER,ROLE_NONE + +#In order to enable authentication via configured pac4j library (with external SAMl Idp, for example) +#This property must be set to true and pac4j properties configured. For sample pac4j properties, see application.yml +#for an example pac4j configuration +#shibui.pac4j-enabled=true diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml index 8e823e8a3..fd5224758 100644 --- a/backend/src/main/resources/application.yml +++ b/backend/src/main/resources/application.yml @@ -1,3 +1,21 @@ +#shibui: +# pac4j-enabled: true +# pac4j: +# keystorePath: "/etc/shibui/samlKeystore.jks" +# keystorePassword: "changeit" +# privateKeyPassword: "changeit" +# serviceProviderEntityId: "https://idp.example.com/shibui" +# serviceProviderMetadataPath: "/etc/shibui/sp-metadata.xml" +# identityProviderMetadataPath: "/etc/shibui/idp-metadata.xml" +# forceServiceProviderMetadataGeneration: false +# callbackUrl: "https://localhost:8443/callback" +# maximumAuthenticationLifetime: 3600000 +# saml2ProfileMapping: +# username: urn:oid:0.9.2342.19200300.100.1.1 +# firstname: urn:oid:2.5.4.42 +# lastname: urn:oid:2.5.4.4 +# email: urn:oid:0.9.2342.19200300.100.1.3 + custom: attributes: # Default attributes diff --git a/pac4j-module/Dockerfile b/pac4j-module/Dockerfile deleted file mode 100644 index 6c78f991e..000000000 --- a/pac4j-module/Dockerfile +++ /dev/null @@ -1,3 +0,0 @@ -FROM unicon/shibui - -COPY *.jar /libs/ \ No newline at end of file diff --git a/pac4j-module/build.gradle b/pac4j-module/build.gradle index 8bdb9c5d6..539ee191c 100644 --- a/pac4j-module/build.gradle +++ b/pac4j-module/build.gradle @@ -1,6 +1,6 @@ plugins { id 'groovy' - id 'com.palantir.docker' version '0.20.1' + //id 'com.palantir.docker' version '0.20.1' id 'jacoco' id 'org.springframework.boot' version '2.0.0.RELEASE' apply false id 'io.spring.dependency-management' version '1.0.6.RELEASE' @@ -40,19 +40,12 @@ dependencies { annotationProcessor "org.springframework.boot:spring-boot-configuration-processor" - docker project(':backend') + //docker project(':backend') } -docker { +/*docker { name 'unicon/shibui-pac4j' tags 'latest-pac4j' - files configurations.runtime, tasks.jar.outputs - noCache true -} - -task testme(type: Copy) { - from configurations.runtime - into temporaryDir -} +}*/ -tasks.docker.dependsOn(tasks.jar, ':backend:docker') \ No newline at end of file +//tasks.docker.dependsOn(tasks.jar, ':backend:docker') \ No newline at end of file diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java index 884873881..d96e4b352 100644 --- a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java +++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java @@ -7,10 +7,12 @@ import org.pac4j.saml.client.SAML2Client; import org.pac4j.saml.client.SAML2ClientConfiguration; import org.pac4j.saml.credentials.authenticator.SAML2Authenticator; +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @Configuration +@ConditionalOnProperty(name = "shibui.pac4j-enabled", havingValue = "true") public class Pac4jConfiguration { @Bean public SAML2ModelAuthorizationGenerator saml2ModelAuthorizationGenerator(UserRepository userRepository) { diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfigurationProperties.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfigurationProperties.java index cf36d8e65..47defac65 100644 --- a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfigurationProperties.java +++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfigurationProperties.java @@ -1,5 +1,6 @@ package net.unicon.shibui.pac4j; +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.stereotype.Component; @@ -7,6 +8,7 @@ @Component @ConfigurationProperties(prefix = "shibui.pac4j") @EnableConfigurationProperties +@ConditionalOnProperty(name = "shibui.pac4j-enabled", havingValue = "true") public class Pac4jConfigurationProperties { private String keystorePath = "/tmp/samlKeystore.jks"; private String keystorePassword = "changeit"; diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java index 023d382e0..907cc6963 100644 --- a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java +++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java @@ -9,6 +9,7 @@ import org.pac4j.springframework.security.web.SecurityFilter; import org.springframework.boot.autoconfigure.AutoConfigureAfter; import org.springframework.boot.autoconfigure.AutoConfigureOrder; +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.annotation.Order; @@ -24,7 +25,9 @@ @Configuration @AutoConfigureOrder(-1) +@ConditionalOnProperty(name = "shibui.pac4j-enabled", havingValue = "true") @AutoConfigureAfter(EmailConfiguration.class) + public class WebSecurity { @Bean("webSecurityConfig") public WebSecurityConfigurerAdapter webSecurityConfigurerAdapter(final Config config, UserRepository userRepository, RoleRepository roleRepository, Optional emailService, Pac4jConfigurationProperties pac4jConfigurationProperties) { @@ -33,6 +36,7 @@ public WebSecurityConfigurerAdapter webSecurityConfigurerAdapter(final Config co @Configuration @Order(0) + @ConditionalOnProperty(name = "shibui.pac4j-enabled", havingValue = "true") public static class FaviconSecurityConfiguration extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { @@ -42,6 +46,7 @@ protected void configure(HttpSecurity http) throws Exception { @Configuration @Order(1) + @ConditionalOnProperty(name = "shibui.pac4j-enabled", havingValue = "true") public static class UnsecuredSecurityConfiguration extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { @@ -51,6 +56,7 @@ protected void configure(HttpSecurity http) throws Exception { @Configuration @Order(2) + @ConditionalOnProperty(name = "shibui.pac4j-enabled", havingValue = "true") public static class ErrorSecurityConfiguration extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { @@ -102,7 +108,7 @@ public void configure(org.springframework.security.config.annotation.web.builder } @Bean - public AuditorAware defaultAuditorAware() { + public AuditorAware pac4jAuditorAware() { return new Pac4jAuditorAware(); } }