diff --git a/pac4j-module/build.gradle b/pac4j-module/build.gradle index f0c6f87fa..4318595df 100644 --- a/pac4j-module/build.gradle +++ b/pac4j-module/build.gradle @@ -1,8 +1,9 @@ plugins { id 'groovy' id 'jacoco' - id 'org.springframework.boot' version '2.1.5.RELEASE' apply false + id 'org.springframework.boot' version '2.4.2' apply false id 'io.spring.dependency-management' version '1.0.7.RELEASE' + id 'io.freefair.lombok' version '5.3.0' } sourceCompatibility = 11 @@ -22,6 +23,8 @@ dependencyManagement { } } +generateLombokConfig.enabled = false + dependencies { compileOnly project(':backend') diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/AddNewUserFilter.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/AddNewUserFilter.java index 54cb2950d..7ca2c3676 100644 --- a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/AddNewUserFilter.java +++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/AddNewUserFilter.java @@ -7,7 +7,9 @@ import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository; import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository; import edu.internet2.tier.shibboleth.admin.ui.service.EmailService; + import org.apache.commons.lang3.RandomStringUtils; +import org.pac4j.core.profile.CommonProfile; import org.pac4j.saml.profile.SAML2Profile; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -27,22 +29,17 @@ import java.util.List; import java.util.Optional; -/** - * @author Bill Smith (wsmith@unicon.net) - */ -public class AddNewUserFilter implements Filter { - - private static final Logger logger = LoggerFactory.getLogger(AddNewUserFilter.class); +import lombok.extern.slf4j.Slf4j; +@Slf4j +public class AddNewUserFilter implements Filter { private static final String ROLE_NONE = "ROLE_NONE"; - private UserRepository userRepository; - private RoleRepository roleRepository; private Optional emailService; - private Pac4jConfigurationProperties pac4jConfigurationProperties; - + private RoleRepository roleRepository; private Pac4jConfigurationProperties.SAML2ProfileMapping saml2ProfileMapping; + private UserRepository userRepository; public AddNewUserFilter(Pac4jConfigurationProperties pac4jConfigurationProperties, UserRepository userRepository, RoleRepository roleRepository, Optional emailService) { this.userRepository = userRepository; @@ -52,11 +49,7 @@ public AddNewUserFilter(Pac4jConfigurationProperties pac4jConfigurationPropertie saml2ProfileMapping = this.pac4jConfigurationProperties.getSaml2ProfileMapping(); } - @Override - public void init(FilterConfig filterConfig) throws ServletException { - } - - private User buildAndPersistNewUserFromProfile(SAML2Profile profile) { + private User buildAndPersistNewUserFromProfile(CommonProfile profile) { Role noRole = roleRepository.findByName(ROLE_NONE).orElse(new Role(ROLE_NONE)); roleRepository.save(noRole); @@ -68,16 +61,20 @@ private User buildAndPersistNewUserFromProfile(SAML2Profile profile) { user.setLastName(getAttributeFromProfile(profile, "lastName")); user.setEmailAddress(getAttributeFromProfile(profile, "email")); User persistedUser = userRepository.save(user); - if (logger.isDebugEnabled()) { - logger.debug("Persisted new user:\n" + user); + if (log.isDebugEnabled()) { + log.debug("Persisted new user:\n" + user); } return persistedUser; } + @Override + public void destroy() { + } + @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); - SAML2Profile profile = (SAML2Profile) authentication.getPrincipal(); + CommonProfile profile = (CommonProfile) authentication.getPrincipal(); if (profile != null) { String username = getAttributeFromProfile(profile, "username"); if (username != null) { @@ -89,7 +86,7 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha try { e.sendNewUserMail(username); } catch (MessagingException e1) { - logger.warn(String.format("Unable to send new user email for user [%s]", username), e); + log.warn(String.format("Unable to send new user email for user [%s]", username), e); } }); } else { @@ -104,34 +101,37 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha } } - @Override - public void destroy() { + private String getAttributeFromProfile(CommonProfile profile, String stringKey) { + if (profile instanceof SAML2Profile) { + return getAttributeFromSAML2Profile(profile, stringKey); + } + return stringKey.equalsIgnoreCase("username") ? profile.getId() : null; } - - private String getAttributeFromProfile(SAML2Profile profile, String stringKey) { - String attribute = null; + + @SuppressWarnings("unchecked") + private String getAttributeFromSAML2Profile(CommonProfile profile, String stringKey) { + String attributeKey = null; switch (stringKey) { case "username": - attribute = saml2ProfileMapping.getUsername(); + attributeKey = saml2ProfileMapping.getUsername(); break; case "firstName": - attribute = saml2ProfileMapping.getFirstName(); + attributeKey = saml2ProfileMapping.getFirstName(); break; case "lastName": - attribute = saml2ProfileMapping.getLastName(); + attributeKey = saml2ProfileMapping.getLastName(); break; case "email": - attribute = saml2ProfileMapping.getEmail(); + attributeKey = saml2ProfileMapping.getEmail(); break; default: // do we care? Not yet. } - List attributeList = (List) profile.getAttribute(attribute); + List attributeList = (List) profile.getAttribute(attributeKey); return attributeList.size() < 1 ? null : attributeList.get(0); } - private byte[] getJsonResponseBytes(ErrorResponse eErrorResponse) throws IOException { - String errorResponseJson = new ObjectMapper().writeValueAsString(eErrorResponse); - return errorResponseJson.getBytes(); + @Override + public void init(FilterConfig filterConfig) throws ServletException { } } diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java index 070265867..4b0939acc 100644 --- a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java +++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java @@ -10,6 +10,7 @@ import org.pac4j.core.credentials.authenticator.Authenticator; import org.pac4j.core.exception.CredentialsException; import org.pac4j.core.matching.matcher.PathMatcher; +import org.pac4j.core.profile.CommonProfile; import org.pac4j.core.profile.definition.CommonProfileDefinition; import org.pac4j.http.client.direct.HeaderClient; import org.pac4j.saml.client.SAML2Client; @@ -88,8 +89,10 @@ public void validate(Credentials credentials, WebContext context, SessionStore s } else { throw new CredentialsException("Invalid Credentials object generated by HeaderClient"); } - // must set user profile on credentials in order to continue. - // credentials.setUserProfile(userProfile); + final CommonProfile profile = new CommonProfile(); + String token = ((TokenCredentials)credentials).getToken(); + profile.setId(token); + credentials.setUserProfile(profile); } }); headerClient.setName(PAC4J_CLIENT_NAME); diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java index da34a58ff..c29f170c3 100644 --- a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java +++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java @@ -72,6 +72,7 @@ public void configure(org.springframework.security.config.annotation.web.builder StrictHttpFirewall firewall = new StrictHttpFirewall(); firewall.setAllowUrlEncodedSlash(true); + firewall.setAllowUrlEncodedDoubleSlash(true); web.httpFirewall(firewall); } }