adding pac4j header authentication

TIER · May 26, 2021 · 3dc330b · 3dc330b
1 parent 51e7cef
commit 3dc330b
Show file tree

Hide file tree

Showing 4 changed files with 191 additions and 170 deletions.
diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java
@@ -3,12 +3,17 @@
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository;
 import org.pac4j.core.client.Clients;
 import org.pac4j.core.config.Config;
+import org.pac4j.core.context.WebContext;
+import org.pac4j.core.credentials.Credentials;
 import org.pac4j.core.credentials.TokenCredentials;
+import org.pac4j.core.credentials.authenticator.Authenticator;
 import org.pac4j.core.profile.CommonProfile;
 import org.pac4j.core.profile.definition.CommonProfileDefinition;
+import org.pac4j.http.client.direct.ParameterClient;
 import org.pac4j.saml.client.SAML2Client;
 import org.pac4j.saml.client.SAML2ClientConfiguration;
 import org.pac4j.saml.credentials.authenticator.SAML2Authenticator;
+import org.pac4j.http.client.direct.HeaderClient;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -23,52 +28,42 @@ public SAML2ModelAuthorizationGenerator saml2ModelAuthorizationGenerator(UserRep
 
     @Bean
     public Config config(final Pac4jConfigurationProperties pac4jConfigurationProperties, final SAML2ModelAuthorizationGenerator saml2ModelAuthorizationGenerator) {
-        final SAML2ClientConfiguration saml2ClientConfiguration = new SAML2ClientConfiguration();
-        saml2ClientConfiguration.setKeystorePath(pac4jConfigurationProperties.getKeystorePath());
-        saml2ClientConfiguration.setKeystorePassword(pac4jConfigurationProperties.getKeystorePassword());
-        saml2ClientConfiguration.setPrivateKeyPassword(pac4jConfigurationProperties.getPrivateKeyPassword());
-        saml2ClientConfiguration.setIdentityProviderMetadataPath(pac4jConfigurationProperties.getIdentityProviderMetadataPath());
-        saml2ClientConfiguration.setMaximumAuthenticationLifetime(pac4jConfigurationProperties.getMaximumAuthenticationLifetime());
-        saml2ClientConfiguration.setServiceProviderEntityId(pac4jConfigurationProperties.getServiceProviderEntityId());
-        saml2ClientConfiguration.setServiceProviderMetadataPath(pac4jConfigurationProperties.getServiceProviderMetadataPath());
-        saml2ClientConfiguration.setForceServiceProviderMetadataGeneration(pac4jConfigurationProperties.isForceServiceProviderMetadataGeneration());
-        saml2ClientConfiguration.setWantsAssertionsSigned(pac4jConfigurationProperties.isWantAssertionsSigned());
 
-        saml2ClientConfiguration.setAttributeAsId(pac4jConfigurationProperties.getSaml2ProfileMapping().getUsername());
+        final Clients clients = new Clients(pac4jConfigurationProperties.getCallbackUrl());
 
-        final SAML2Client saml2Client = new SAML2Client(saml2ClientConfiguration);
-        saml2Client.setName("Saml2Client");
-        saml2Client.addAuthorizationGenerator(saml2ModelAuthorizationGenerator);
+        if(pac4jConfigurationProperties.getTypeOfAuth().equals("SAML2")) { //f
+            final SAML2ClientConfiguration saml2ClientConfiguration = new SAML2ClientConfiguration();
+            saml2ClientConfiguration.setKeystorePath(pac4jConfigurationProperties.getKeystorePath());
+            saml2ClientConfiguration.setKeystorePassword(pac4jConfigurationProperties.getKeystorePassword());
+            saml2ClientConfiguration.setPrivateKeyPassword(pac4jConfigurationProperties.getPrivateKeyPassword());
+            saml2ClientConfiguration.setIdentityProviderMetadataPath(pac4jConfigurationProperties.getIdentityProviderMetadataPath());
+            saml2ClientConfiguration.setMaximumAuthenticationLifetime(pac4jConfigurationProperties.getMaximumAuthenticationLifetime());
+            saml2ClientConfiguration.setServiceProviderEntityId(pac4jConfigurationProperties.getServiceProviderEntityId());
+            saml2ClientConfiguration.setServiceProviderMetadataPath(pac4jConfigurationProperties.getServiceProviderMetadataPath());
+            saml2ClientConfiguration.setForceServiceProviderMetadataGeneration(pac4jConfigurationProperties.isForceServiceProviderMetadataGeneration());
+            saml2ClientConfiguration.setWantsAssertionsSigned(pac4jConfigurationProperties.isWantAssertionsSigned());
+            saml2ClientConfiguration.setAttributeAsId(pac4jConfigurationProperties.getSaml2ProfileMapping().getUsername());
 
-        SAML2Authenticator saml2Authenticator = new SAML2Authenticator(saml2ClientConfiguration.getAttributeAsId(), saml2ClientConfiguration.getMappedAttributes());
-        saml2Authenticator.setProfileDefinition(new CommonProfileDefinition<>(p -> new BetterSAML2Profile(pac4jConfigurationProperties.getSaml2ProfileMapping().getUsername())));
-        saml2Client.setAuthenticator(saml2Authenticator);
+            final SAML2Client saml2Client = new SAML2Client(saml2ClientConfiguration);
+            saml2Client.setName("Saml2Client");
+            saml2Client.addAuthorizationGenerator(saml2ModelAuthorizationGenerator);
+            SAML2Authenticator saml2Authenticator = new SAML2Authenticator(saml2ClientConfiguration.getAttributeAsId(), saml2ClientConfiguration.getMappedAttributes());
+            saml2Authenticator.setProfileDefinition(new CommonProfileDefinition<>(p -> new BetterSAML2Profile(pac4jConfigurationProperties.getSaml2ProfileMapping().getUsername())));
+            saml2Client.setAuthenticator(saml2Authenticator);
 
-        final Clients clients = new Clients(pac4jConfigurationProperties.getCallbackUrl(), saml2Client);
-
-        final Config config = new Config(clients);
-        return config;
-    }
-
-    @Bean
-    public Config headerConfig() {
-        HeaderClient client = new HeaderClient("Authorization", "Basic ", (credentials, ctx) -> {
-            String token = ((TokenCredentials) credentials).getToken();
-            // check the token and create a profile
-            if ("goodToken".equals(token)) {
-                CommonProfile profile = new CommonProfile();
-                profile.setId("myId");
-                // save in the credentials to be passed to the default AuthenticatorProfileCreator
-                credentials.setUserProfile(profile);
-            }
-        }) {
+            clients.setClients(saml2Client);
+        }
+        else if (pac4jConfigurationProperties.getTypeOfAuth().equals("HEADER")) {
+              HeaderClient headerClient = new HeaderClient(pac4jConfigurationProperties.getAuthenticationHeader(), new Authenticator() {
                 @Override
-                protected void clientInit() {
+                public void validate(Credentials credentials, WebContext context) {
+
                 }
-            };
+            });
+            clients.setClients(headerClient);
+        }
 
-        final Config config = new Config(client);
+        final Config config = new Config(clients);
         return config;
     }
-
 }
diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfigurationProperties.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfigurationProperties.java
@@ -21,7 +21,8 @@ public class Pac4jConfigurationProperties {
     private String callbackUrl;
     private boolean wantAssertionsSigned = true;
     private SAML2ProfileMapping saml2ProfileMapping;
-    private boolean enableHeaderAuthentication = true;
+    private String typeOfAuth = "SAML2";
+    private String authenticationHeader = "REMOTE_USER";
 
     public static class SAML2ProfileMapping {
         private String username;
@@ -150,6 +151,20 @@ public void setSaml2ProfileMapping(SAML2ProfileMapping saml2ProfileMapping) {
         this.saml2ProfileMapping = saml2ProfileMapping;
     }
 
-    public boolean getEnableHeaderAuthentication() { return enableHeaderAuthentication; }
+    public String getTypeOfAuth() {
+        return typeOfAuth;
+    }
+
+    public void setTypeOfAuth(String typeOfAuth) {
+        this.typeOfAuth = typeOfAuth;
+    }
 
+    public String getAuthenticationHeader() {
+        return authenticationHeader;
+    }
+
+    public void setAuthenticationHeader(String authenticationHeader) {
+        this.authenticationHeader = authenticationHeader;
+    }
 }
+
diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java
@@ -83,10 +83,12 @@ public Pac4jWebSecurityConfigurerAdapter(final Config config, UserRepository use
         @Override
         protected void configure(HttpSecurity http) throws Exception {
             final SecurityFilter securityFilter = new SecurityFilter(this.config, "Saml2Client");
+            final SecurityFilter securityFilterForHeader = new SecurityFilter(this.config, "HeaderClient");
 
             final CallbackFilter callbackFilter = new CallbackFilter(this.config);
             http.antMatcher("/**").addFilterBefore(callbackFilter, BasicAuthenticationFilter.class)
                     .addFilterBefore(securityFilter, BasicAuthenticationFilter.class)
+                    .addFilterBefore(securityFilterForHeader, BasicAuthenticationFilter.class)  //xxx check on this
                     .addFilterAfter(new AddNewUserFilter(pac4jConfigurationProperties, userRepository, roleRepository, emailService), SecurityFilter.class);
 
             http.authorizeRequests().anyRequest().fullyAuthenticated();