Skip to content

Commit

Permalink
[SHIBUI-808]
Browse files Browse the repository at this point in the history 
WIP
configuration changes
Docker rework
  • Loading branch information
@jj
jj committed Sep 25, 2018
1 parent d8f5844 commit 1addbbd
Show file tree
Hide file tree
Showing 11 changed files with 150 additions and 16 deletions.
3 changes: 2 additions & 1 deletion backend/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,8 @@ FROM gcr.io/distroless/java
ARG JAR_FILE

COPY ${JAR_FILE} app.jar
COPY loader.properties loader.properties

EXPOSE 8080

CMD ["app.jar"]
ENTRYPOINT ["/usr/bin/java", "-jar", "app.jar"]
35 changes: 28 additions & 7 deletions backend/build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,16 +34,36 @@ processResources.dependsOn(':ui:npm_run_buildProd')
bootWar.dependsOn(':ui:npm_run_buildProd')
bootWar.baseName = 'shibui'
bootWar {
manifest {
attributes("Manifest-Version" : "1.0", "Implementation-Version" : "${project.version}")
}
from(tasks.findByPath(':ui:npm_run_buildProd').outputs) {
manifest {
attributes(
"Manifest-Version" : "1.0",
"Implementation-Version" : "${project.version}"
)
}
from(tasks.findByPath(':ui:npm_run_buildProd').outputs) {
// into '/'
into '/public'
}
archiveName = "${baseName}.war"
}

bootJar.dependsOn ':ui:npm_run_buildProd'
bootJar.baseName = 'shibui'
bootJar {
manifest {
attributes(
"Manifest-Version" : "1.0",
"Implementation-Version" : "${project.version}",
'Main-Class': 'org.springframework.boot.loader.PropertiesLauncher'
)
}
from(tasks.findByPath(':ui:npm_run_buildProd').outputs) {
// into '/'
into '/public'
}
archiveName = "${baseName}.jar"
}

springBoot {
mainClassName = 'edu.internet2.tier.shibboleth.admin.ui.ShibbolethUiApplication'
buildInfo()
Expand Down Expand Up @@ -209,12 +229,13 @@ jacocoTestReport {
}
}

tasks.docker.dependsOn tasks.build
tasks.docker.dependsOn tasks.bootJar
docker {
name 'unicon/shibui'
tags 'latest'
pull true
noCache true
files tasks.bootWar.outputs
buildArgs(['JAR_FILE': 'shibui.war'])
files tasks.bootJar.outputs
files 'src/main/docker-files/loader.properties'
buildArgs(['JAR_FILE': 'shibui.jar'])
}
3 changes: 3 additions & 0 deletions ...src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/WebSecurityConfig.java
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
package edu.internet2.tier.shibboleth.admin.ui.configuration;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Profile;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
Expand Down Expand Up @@ -36,6 +38,7 @@ public HttpFirewall allowUrlEncodedSlashHttpFirewall() {

@Bean
@Profile("default")
@ConditionalOnMissingBean(value = {WebSecurityConfigurerAdapter.class})
public WebSecurityConfigurerAdapter defaultAuth() {
return new WebSecurityConfigurerAdapter() {

Expand Down
3 changes: 3 additions & 0 deletions pac4j-module/Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
FROM unicon/shibui

COPY *.jar /libs/
29 changes: 23 additions & 6 deletions pac4j-module/build.gradle
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,17 @@
plugins {
id 'java'
id 'org.springframework.boot' version '2.0.0.RELEASE'
id 'com.palantir.docker' version '0.20.1'
id 'jacoco'
id 'io.franzbecker.gradle-lombok' version '1.13'
id 'org.springframework.boot' version '2.0.0.RELEASE' apply false
id 'io.spring.dependency-management' version '1.0.6.RELEASE'
}

apply plugin: 'io.spring.dependency-management'

sourceCompatibility = 1.8
targetCompatibility = 1.8

repositories {
mavenLocal()
jcenter()
maven {
url 'https://build.shibboleth.net/nexus/content/groups/public'
Expand All @@ -24,14 +24,31 @@ lombok {
sha256 = "c5178b18caaa1a15e17b99ba5e4023d2de2ebc18b58cde0f5a04ca4b31c10e6d"
}

dependencyManagement {
imports {
mavenBom org.springframework.boot.gradle.plugin.SpringBootPlugin.BOM_COORDINATES
}
}

dependencies {
compileOnly project(':backend')

compile "org.pac4j:spring-security-pac4j:3.0.0"
compile "org.pac4j:pac4j-saml:2.2.1", {
compile "org.pac4j:spring-security-pac4j:4.0.0"
compile "org.pac4j:pac4j-saml:3.2.0-SNAPSHOT", {
// opensaml libraries are provided
exclude group: 'org.opensaml'
}

annotationProcessor "org.springframework.boot:spring-boot-configuration-processor"
}

docker project(':backend')
}

docker {
name 'unicon/shibui-pac4j'
tags 'latest-pac4j'
files configurations.runtime, tasks.jar.outputs
noCache true
}

tasks.docker.dependsOn(tasks.jar, ':backend:docker')
1 change: 1 addition & 0 deletions pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
import org.pac4j.core.config.Config;
import org.pac4j.saml.client.SAML2Client;
import org.pac4j.saml.client.SAML2ClientConfiguration;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

Expand Down
34 changes: 33 additions & 1 deletion pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,46 @@
package net.unicon.shibui.pac4j;

import org.pac4j.core.config.Config;
import org.pac4j.springframework.security.web.CallbackFilter;
import org.pac4j.springframework.security.web.SecurityFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;

@Configuration
@EnableWebSecurity
public class WebSecurity {
@Configuration
@Order(1)
public static class Pac4jSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
private static final Logger logger = LoggerFactory.getLogger(Pac4jSecurityConfigurationAdapter.class);

private final Config config;

public Pac4jSecurityConfigurationAdapter(Config config) {
logger.info("configuring pac4j authentication");
this.config = config;
}

@Override
protected void configure(HttpSecurity http) throws Exception {
final SecurityFilter securityFilter = new SecurityFilter(this.config, "Saml2Client");

final CallbackFilter callbackFilter = new CallbackFilter(this.config);
http.antMatcher("/**").addFilterBefore(callbackFilter, BasicAuthenticationFilter.class);
http.authorizeRequests().anyRequest().fullyAuthenticated();

http.addFilterBefore(securityFilter, BasicAuthenticationFilter.class);
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS);

http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
}
}
}
2 changes: 1 addition & 1 deletion pac4j-module/src/main/resources/META-INF/spring.factories
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer = net.unicon.shibui.pac4j.WebSecurity.Pac4jSecurityConfigurationAdapter
org.springframework.boot.autoconfigure.EnableAutoConfiguration=net.unicon.shibui.pac4j.Pac4jConfiguration,net.unicon.shibui.pac4j.WebSecurity,net.unicon.shibui.pac4j.WebSecurity.Pac4jSecurityConfigurationAdapter,net.unicon.shibui.pac4j.Pac4jConfigurationProperties
9 changes: 9 additions & 0 deletions pac4j-module/src/test/docker/conf/application.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
shibui:
pac4j:
keystorePath: "/conf/samlKeystore.jks"
keystorePassword: "changeit"
privateKeyPassword: "changeit"
serviceProviderEntityId: "https://unicon.net/shibui"
serviceProviderMetadataPath: "/conf/sp-metadata.xml"
forceServiceProviderMetadataGeneration: true
callbackUrl: "http://localhost:8080/callback
30 changes: 30 additions & 0 deletions pac4j-module/src/test/docker/conf/idp-metadata.xml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://accounts.google.com/o/saml2?idpid=C04alwt8m" validUntil="2021-06-30T14:58:44.000Z">
<md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIDdDCCAlygAwIBAgIGAVWm+BpSMA0GCSqGSIb3DQEBCwUAMHsxFDASBgNVBAoTC0dvb2dsZSBJ
bmMuMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MQ8wDQYDVQQDEwZHb29nbGUxGDAWBgNVBAsTD0dv
b2dsZSBGb3IgV29yazELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEwHhcNMTYwNzAx
MTQ1ODQ0WhcNMjEwNjMwMTQ1ODQ0WjB7MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEWMBQGA1UEBxMN
TW91bnRhaW4gVmlldzEPMA0GA1UEAxMGR29vZ2xlMRgwFgYDVQQLEw9Hb29nbGUgRm9yIFdvcmsx
CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAirwyeCS6SZpnYxprfXhpTNXwVfQC+J9OvBlJp8/7ngA627yER1bvfUkBMQxo0CXe
H6HX6Vw1DgalZJeEGDZSErlAY7lWkXkHdsejlMoYayQSZz2b/EfeRetwxh3Ek0hMDScOgDlsdfAn
AiZ4//n3IlypCi4ZMnLPs308FYunvp+R0Wd8Yqj8ctKhiYs6fCSHksDd+JKPe2FC1Zqw9GCGhi32
DBNRTHfE3tX3rTRs1pT0qbrQmpPfeBYfX00astGa3Dq/XWVO62IlqM7nVjglIPdi0tCIx+5RVZrY
uvULMipA+131TMxTpcGjUFxNwzPdogdpNhtL8+erfhG26C6b8wIDAQABMA0GCSqGSIb3DQEBCwUA
A4IBAQCIOe/bW+mdE9PuarSz60HPGe9ROibyEOTyAWGxvSFfqoNFzaH3oOiEHMNG+ZkHHGtGEeWc
KYQ72V1OKO4aNqy2XaT3onOkd2oh4N8Q5pWrgMRkAB2HvBhBcQeO6yojVamTd43Kbtc+Hly3o+Or
XXOR9cgfxX/0Dbb+xwzTcwcMoJ1CPd3T4zxByKMHNflWrgrmZ9DmDOya4Aqs+xvrvPJB2VHaXoJ6
r/N+xtG8zO8wNRuxQxNUvtcFKKX2sZAqQRASGi1z8Y1FhU6rWBdBRtaiASAIgkNwOmS603Mm08Yr
0Yq7x6h3XlG8HO0bAOto6pr6q85pLqqv7v7/x7mfdjV3</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://accounts.google.com/o/saml2/idp?idpid=C04alwt8m"/>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://accounts.google.com/o/saml2/idp?idpid=C04alwt8m"/>
</md:IDPSSODescriptor>
</md:EntityDescriptor>
17 changes: 17 additions & 0 deletions pac4j-module/src/test/docker/docker-compose.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
version: "3.7"

services:
shibui:
image: unicon/shibui-pac4j
command: "--shibui.pac4j.callbackUrl=http://localhost:8080/callback"
ports:
- 8080:8080
- 5005:5005
volumes:
- ./conf:/conf
- ./conf/application.yml:/application.yml
networks:
- front
networks:
front:
driver: bridge

0 comments on commit 1addbbd

Please sign in to comment.