SHIBUI-2111

merge gone bad resolution
TIER · Sep 29, 2021 · 41a4441 · 41a4441
1 parent af3484c
commit 41a4441
Show file tree

Hide file tree

Showing 2 changed files with 72 additions and 0 deletions.
diff --git a/...main/java/net/unicon/shibui/pac4j/authenticator/ShibuiPac4JHeaderClientAuthenticator.java b/...main/java/net/unicon/shibui/pac4j/authenticator/ShibuiPac4JHeaderClientAuthenticator.java
@@ -0,0 +1,40 @@
+package net.unicon.shibui.pac4j.authenticator;
+
+import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService;
+import lombok.AllArgsConstructor;
+import org.apache.commons.lang3.StringUtils;
+import org.pac4j.core.context.WebContext;
+import org.pac4j.core.credentials.Credentials;
+import org.pac4j.core.credentials.TokenCredentials;
+import org.pac4j.core.credentials.authenticator.Authenticator;
+import org.pac4j.core.exception.CredentialsException;
+import org.pac4j.core.profile.CommonProfile;
+
+/**
+ * Handles parsing the header tokens when using the Pac4J Header client
+ */
+@AllArgsConstructor
+public class ShibuiPac4JHeaderClientAuthenticator implements Authenticator {
+    private UserService userService;
+
+    @Override
+    public void validate(Credentials credentials, WebContext context) {
+        {
+            if (credentials instanceof TokenCredentials) {
+                TokenCredentials creds = (TokenCredentials) credentials;
+                String token = creds.getToken();
+                if (StringUtils.isAllBlank(token)) {
+                    throw new CredentialsException("Supplied token value in header was missing or blank");
+                }
+            } else {
+                throw new CredentialsException("Invalid Credentials object generated by HeaderClient");
+            }
+            final CommonProfile profile = new CommonProfile();
+            String token = ((TokenCredentials) credentials).getToken();
+            profile.setId(token);
+            profile.addAttribute("username", token);
+            profile.setRoles(userService.getUserRoles(token));
+            credentials.setUserProfile(profile);
+        }
+    }
+}
diff --git a/...-module/src/main/java/net/unicon/shibui/pac4j/authenticator/ShibuiSAML2Authenticator.java b/...-module/src/main/java/net/unicon/shibui/pac4j/authenticator/ShibuiSAML2Authenticator.java
@@ -0,0 +1,32 @@
+package net.unicon.shibui.pac4j.authenticator;
+
+import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService;
+import lombok.AllArgsConstructor;
+import org.pac4j.core.context.WebContext;
+import org.pac4j.core.profile.CommonProfile;
+import org.pac4j.saml.credentials.SAML2Credentials;
+import org.pac4j.saml.credentials.authenticator.SAML2Authenticator;
+
+import java.util.Map;
+
+public class ShibuiSAML2Authenticator extends SAML2Authenticator {
+    private final UserService userService;
+
+    public ShibuiSAML2Authenticator(final String attributeAsId, final Map<String, String> mappedAttributes, UserService userService) {
+        super(attributeAsId, mappedAttributes);
+        this.userService = userService;
+    }
+
+    /**
+     * After setting up the information for the user from the SAML, add user roles from the DB if they exist
+     * @param credentials
+     * @param context
+     */
+    @Override
+    public void validate(final SAML2Credentials credentials, final WebContext context) {
+        super.validate(credentials, context);
+        CommonProfile profile = credentials.getUserProfile();
+        profile.setRoles(userService.getUserRoles(profile.getUsername()));
+        credentials.setUserProfile(profile);
+    }
+}