Skip to content

Commit

Permalink
SHIBUI-1744
Browse files Browse the repository at this point in the history 
Updated to handle incoming header auth
  • Loading branch information
@chasegawa
chasegawa committed Jul 7, 2021
1 parent 6908030 commit 6ff066f
Show file tree
Hide file tree
Showing 4 changed files with 42 additions and 35 deletions.
5 changes: 4 additions & 1 deletion pac4j-module/build.gradle
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
plugins {
id 'groovy'
id 'jacoco'
id 'org.springframework.boot' version '2.1.5.RELEASE' apply false
id 'org.springframework.boot' version '2.4.2' apply false
id 'io.spring.dependency-management' version '1.0.7.RELEASE'
id 'io.freefair.lombok' version '5.3.0'
}

sourceCompatibility = 11
Expand All @@ -22,6 +23,8 @@ dependencyManagement {
}
}

generateLombokConfig.enabled = false

dependencies {
compileOnly project(':backend')

Expand Down
64 changes: 32 additions & 32 deletions pac4j-module/src/main/java/net/unicon/shibui/pac4j/AddNewUserFilter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,9 @@
import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository;
import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository;
import edu.internet2.tier.shibboleth.admin.ui.service.EmailService;

import org.apache.commons.lang3.RandomStringUtils;
import org.pac4j.core.profile.CommonProfile;
import org.pac4j.saml.profile.SAML2Profile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
Expand All @@ -27,22 +29,17 @@
import java.util.List;
import java.util.Optional;

/**
* @author Bill Smith (wsmith@unicon.net)
*/
public class AddNewUserFilter implements Filter {

private static final Logger logger = LoggerFactory.getLogger(AddNewUserFilter.class);
import lombok.extern.slf4j.Slf4j;

@Slf4j
public class AddNewUserFilter implements Filter {
private static final String ROLE_NONE = "ROLE_NONE";

private UserRepository userRepository;
private RoleRepository roleRepository;
private Optional<EmailService> emailService;

private Pac4jConfigurationProperties pac4jConfigurationProperties;

private RoleRepository roleRepository;
private Pac4jConfigurationProperties.SAML2ProfileMapping saml2ProfileMapping;
private UserRepository userRepository;

public AddNewUserFilter(Pac4jConfigurationProperties pac4jConfigurationProperties, UserRepository userRepository, RoleRepository roleRepository, Optional<EmailService> emailService) {
this.userRepository = userRepository;
Expand All @@ -52,11 +49,7 @@ public AddNewUserFilter(Pac4jConfigurationProperties pac4jConfigurationPropertie
saml2ProfileMapping = this.pac4jConfigurationProperties.getSaml2ProfileMapping();
}

@Override
public void init(FilterConfig filterConfig) throws ServletException {
}

private User buildAndPersistNewUserFromProfile(SAML2Profile profile) {
private User buildAndPersistNewUserFromProfile(CommonProfile profile) {
Role noRole = roleRepository.findByName(ROLE_NONE).orElse(new Role(ROLE_NONE));
roleRepository.save(noRole);

Expand All @@ -68,16 +61,20 @@ private User buildAndPersistNewUserFromProfile(SAML2Profile profile) {
user.setLastName(getAttributeFromProfile(profile, "lastName"));
user.setEmailAddress(getAttributeFromProfile(profile, "email"));
User persistedUser = userRepository.save(user);
if (logger.isDebugEnabled()) {
logger.debug("Persisted new user:\n" + user);
if (log.isDebugEnabled()) {
log.debug("Persisted new user:\n" + user);
}
return persistedUser;
}

@Override
public void destroy() {
}

@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
SAML2Profile profile = (SAML2Profile) authentication.getPrincipal();
CommonProfile profile = (CommonProfile) authentication.getPrincipal();
if (profile != null) {
String username = getAttributeFromProfile(profile, "username");
if (username != null) {
Expand All @@ -89,7 +86,7 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
try {
e.sendNewUserMail(username);
} catch (MessagingException e1) {
logger.warn(String.format("Unable to send new user email for user [%s]", username), e);
log.warn(String.format("Unable to send new user email for user [%s]", username), e);
}
});
} else {
Expand All @@ -104,34 +101,37 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
}
}

@Override
public void destroy() {
private String getAttributeFromProfile(CommonProfile profile, String stringKey) {
if (profile instanceof SAML2Profile) {
return getAttributeFromSAML2Profile(profile, stringKey);
}
return stringKey.equalsIgnoreCase("username") ? profile.getId() : null;
}

private String getAttributeFromProfile(SAML2Profile profile, String stringKey) {
String attribute = null;

@SuppressWarnings("unchecked")
private String getAttributeFromSAML2Profile(CommonProfile profile, String stringKey) {
String attributeKey = null;
switch (stringKey) {
case "username":
attribute = saml2ProfileMapping.getUsername();
attributeKey = saml2ProfileMapping.getUsername();
break;
case "firstName":
attribute = saml2ProfileMapping.getFirstName();
attributeKey = saml2ProfileMapping.getFirstName();
break;
case "lastName":
attribute = saml2ProfileMapping.getLastName();
attributeKey = saml2ProfileMapping.getLastName();
break;
case "email":
attribute = saml2ProfileMapping.getEmail();
attributeKey = saml2ProfileMapping.getEmail();
break;
default:
// do we care? Not yet.
}
List<String> attributeList = (List<String>) profile.getAttribute(attribute);
List<String> attributeList = (List<String>) profile.getAttribute(attributeKey);
return attributeList.size() < 1 ? null : attributeList.get(0);
}

private byte[] getJsonResponseBytes(ErrorResponse eErrorResponse) throws IOException {
String errorResponseJson = new ObjectMapper().writeValueAsString(eErrorResponse);
return errorResponseJson.getBytes();
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
}
7 changes: 5 additions & 2 deletions pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
import org.pac4j.core.credentials.authenticator.Authenticator;
import org.pac4j.core.exception.CredentialsException;
import org.pac4j.core.matching.matcher.PathMatcher;
import org.pac4j.core.profile.CommonProfile;
import org.pac4j.core.profile.definition.CommonProfileDefinition;
import org.pac4j.http.client.direct.HeaderClient;
import org.pac4j.saml.client.SAML2Client;
Expand Down Expand Up @@ -88,8 +89,10 @@ public void validate(Credentials credentials, WebContext context, SessionStore s
} else {
throw new CredentialsException("Invalid Credentials object generated by HeaderClient");
}
// must set user profile on credentials in order to continue.
// credentials.setUserProfile(userProfile);
final CommonProfile profile = new CommonProfile();
String token = ((TokenCredentials)credentials).getToken();
profile.setId(token);
credentials.setUserProfile(profile);
}
});
headerClient.setName(PAC4J_CLIENT_NAME);
Expand Down
1 change: 1 addition & 0 deletions pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ public void configure(org.springframework.security.config.annotation.web.builder

StrictHttpFirewall firewall = new StrictHttpFirewall();
firewall.setAllowUrlEncodedSlash(true);
firewall.setAllowUrlEncodedDoubleSlash(true);
web.httpFirewall(firewall);
}
}
Expand Down

0 comments on commit 6ff066f

Please sign in to comment.