diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/ShibbolethUiApplication.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/ShibbolethUiApplication.java index 1fc74cf9d..b5c69ef0d 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/ShibbolethUiApplication.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/ShibbolethUiApplication.java @@ -3,21 +3,29 @@ import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverRepository; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.domain.EntityScan; import org.springframework.boot.builder.SpringApplicationBuilder; import org.springframework.boot.context.event.ApplicationStartedEvent; import org.springframework.boot.web.servlet.support.SpringBootServletInitializer; +import org.springframework.context.annotation.ComponentScan; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.FilterType; import org.springframework.context.annotation.Profile; import org.springframework.context.event.EventListener; import org.springframework.data.jpa.repository.config.EnableJpaAuditing; import org.springframework.scheduling.annotation.EnableScheduling; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.stereotype.Component; -@SpringBootApplication +@Configuration +@EnableAutoConfiguration +@ComponentScan(excludeFilters = @ComponentScan.Filter(type = FilterType.REGEX, pattern = "edu.internet2.tier.shibboleth.admin.ui.configuration.auto.*")) @EntityScan(basePackages = "edu.internet2.tier.shibboleth.admin.ui.domain") @EnableJpaAuditing @EnableScheduling +@EnableWebSecurity public class ShibbolethUiApplication extends SpringBootServletInitializer { @Override diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/WebSecurityConfig.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java similarity index 94% rename from backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/WebSecurityConfig.java rename to backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java index 186021597..a466e9706 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/WebSecurityConfig.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java @@ -1,9 +1,10 @@ -package edu.internet2.tier.shibboleth.admin.ui.configuration; +package edu.internet2.tier.shibboleth.admin.ui.configuration.auto; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.autoconfigure.condition.ConditionalOnClass; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Profile; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; @@ -20,7 +21,7 @@ * * Workaround for slashes in URL from [https://stackoverflow.com/questions/48453980/spring-5-0-3-requestrejectedexception-the-request-was-rejected-because-the-url] */ -@EnableWebSecurity +@Configuration public class WebSecurityConfig { @Value("${shibui.logout-url:/dashboard}") @@ -37,8 +38,7 @@ public HttpFirewall allowUrlEncodedSlashHttpFirewall() { } @Bean - @Profile("default") - @ConditionalOnMissingBean(value = {WebSecurityConfigurerAdapter.class}) + @ConditionalOnMissingBean(name = "webSecurityConfig") public WebSecurityConfigurerAdapter defaultAuth() { return new WebSecurityConfigurerAdapter() { diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/RequestInitiator.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/RequestInitiator.java new file mode 100644 index 000000000..78fd0028e --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/RequestInitiator.java @@ -0,0 +1,50 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain; + +import org.opensaml.core.xml.util.AttributeMap; + +import javax.annotation.Nonnull; + +public class RequestInitiator extends AbstractElementExtensibleXMLObject implements org.opensaml.saml.ext.saml2mdreqinit.RequestInitiator { + private String binding; + @Override + public String getBinding() { + return this.binding; + } + + @Override + public void setBinding(String binding) { + this.binding = binding; + } + + private String location; + + @Override + public String getLocation() { + return location; + } + + @Override + public void setLocation(String location) { + this.location = location; + } + + private String responseLocation; + + @Override + public String getResponseLocation() { + return this.responseLocation; + } + + @Override + public void setResponseLocation(String location) { + this.responseLocation = location; + } + + private AttributeMap attributeMap = new AttributeMap(this); + + @Nonnull + @Override + public AttributeMap getUnknownAttributes() { + return this.attributeMap; + } +} diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/RequestInitiatorBuilder.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/RequestInitiatorBuilder.java new file mode 100644 index 000000000..98d554e37 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/RequestInitiatorBuilder.java @@ -0,0 +1,43 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain; + +import org.opensaml.saml.common.AbstractSAMLObjectBuilder; +import org.opensaml.saml.common.xml.SAMLConstants; +import org.w3c.dom.Element; + +import javax.annotation.Nonnull; +import javax.annotation.Nullable; +import javax.xml.namespace.QName; + +public class RequestInitiatorBuilder extends AbstractSAMLObjectBuilder { + + /** + * Constructor. + */ + public RequestInitiatorBuilder() { + + } + + /** {@inheritDoc} */ + public RequestInitiator buildObject() { + return buildObject(SAMLConstants.SAML20MDRI_NS, org.opensaml.saml.ext.saml2mdreqinit.RequestInitiator.DEFAULT_ELEMENT_LOCAL_NAME, + SAMLConstants.SAML20MDRI_PREFIX); + } + + /** {@inheritDoc} */ + public RequestInitiator buildObject(final String namespaceURI, final String localName, + final String namespacePrefix) { + RequestInitiator o = new RequestInitiator(); + o.setNamespaceURI(namespaceURI); + o.setElementLocalName(localName); + o.setNamespacePrefix(namespacePrefix); + return o; + } + + @Nonnull + @Override + public RequestInitiator buildObject(@Nullable String namespaceURI, @Nonnull String localName, @Nullable String namespacePrefix, @Nullable QName schemaType) { + RequestInitiator requestInitiator = buildObject(namespaceURI, localName, namespacePrefix); + requestInitiator.setSchemaType(schemaType); + return requestInitiator; + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/RoleDescriptor.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/RoleDescriptor.java index fa6600543..fc235c110 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/RoleDescriptor.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/RoleDescriptor.java @@ -83,11 +83,7 @@ public void setSupportedProtocols(List supportedProtocols) { @Override public boolean isSupportedProtocol(String s) { - return isSupportedProtocol; - } - - public void setIsSupportedProtocol(boolean isSupportedProtocol) { - this.isSupportedProtocol = isSupportedProtocol; + return this.supportedProtocols.contains(s); } @Override diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/SPSSODescriptor.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/SPSSODescriptor.java index 5688a19cb..7ac151d4a 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/SPSSODescriptor.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/SPSSODescriptor.java @@ -32,6 +32,9 @@ public class SPSSODescriptor extends SSODescriptor implements org.opensaml.saml. @Override public Boolean isAuthnRequestsSigned() { + if (isAuthnRequestsSigned == null) { + return false; + } return isAuthnRequestsSigned; } @@ -55,7 +58,7 @@ public void setAuthnRequestsSigned(XSBooleanValue xsBooleanValue) { @Override public Boolean getWantAssertionsSigned() { - return wantAssertionsSigned; + return wantAssertionsSigned == null ? false : wantAssertionsSigned; } @Override diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Data.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Data.java index 10fc4bdb7..46c58324a 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Data.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Data.java @@ -65,7 +65,7 @@ public List getX509SubjectNames() { @Nonnull @Override public List getX509Certificates() { - return Arrays.asList(this.xmlObjects.stream().filter(i -> i instanceof org.opensaml.xmlsec.signature.X509Certificate).toArray(org.opensaml.xmlsec.signature.X509Certificate[]::new)); + return new ArrayList<>(Arrays.asList(this.xmlObjects.stream().filter(i -> i instanceof org.opensaml.xmlsec.signature.X509Certificate).toArray(org.opensaml.xmlsec.signature.X509Certificate[]::new))); } public void addX509Certificate(edu.internet2.tier.shibboleth.admin.ui.domain.X509Certificate x509Certificate) { diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/InitializationService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/InitializationService.java index 38bdb6784..4a554110c 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/InitializationService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/InitializationService.java @@ -2,7 +2,6 @@ import org.opensaml.core.config.InitializationException; import org.opensaml.core.config.Initializer; -import org.opensaml.core.xml.config.XMLObjectProviderInitializer; import java.util.ServiceLoader; @@ -15,7 +14,11 @@ protected InitializationService() { public static synchronized void initialize() throws InitializationException { final ServiceLoader serviceLoader = ServiceLoader.load(Initializer.class); for (Initializer initializer : serviceLoader) { - if (initializer.getClass().equals(org.opensaml.saml.config.impl.XMLObjectProviderInitializer.class) || initializer.getClass().equals(XMLObjectProviderInitializer.class) || initializer.getClass().equals(org.opensaml.xmlsec.config.impl.XMLObjectProviderInitializer.class)) { + if ( + initializer.getClass().equals(org.opensaml.saml.config.impl.XMLObjectProviderInitializer.class) + || initializer.getClass().equals(org.opensaml.core.xml.config.XMLObjectProviderInitializer.class) + || initializer.getClass().equals(org.opensaml.xmlsec.config.impl.XMLObjectProviderInitializer.class) + ) { continue; } initializer.init(); diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializer.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializer.java index f21fdc93d..2b6718dd1 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializer.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/opensaml/config/JPAXMLObjectProviderInitializer.java @@ -13,7 +13,12 @@ protected String[] getConfigResources() { "/jpa-saml2-assertion-config.xml", "/jpa-schema-config.xml", "/jpa-saml2-metadata-ui-config.xml", - "/jpa-signature-config.xml" + "/jpa-signature-config.xml", + "/encryption-config.xml", + "/saml2-metadata-algorithm-config.xml", + "/jpa-saml2-metadata-reqinit-config.xml", + "/saml2-protocol-config.xml", + "/modified-saml2-assertion-config.xml" }; } } diff --git a/backend/src/main/resources/META-INF/spring.factories b/backend/src/main/resources/META-INF/spring.factories index fc0a891d0..c03acd3ec 100644 --- a/backend/src/main/resources/META-INF/spring.factories +++ b/backend/src/main/resources/META-INF/spring.factories @@ -1,2 +1,4 @@ org.springframework.boot.env.EnvironmentPostProcessor=\ - edu.internet2.tier.shibboleth.admin.ui.configuration.postprocessors.IdpHomeValueSettingEnvironmentPostProcessor \ No newline at end of file + edu.internet2.tier.shibboleth.admin.ui.configuration.postprocessors.IdpHomeValueSettingEnvironmentPostProcessor +org.springframework.boot.autoconfigure.EnableAutoConfiguration=\ + edu.internet2.tier.shibboleth.admin.ui.configuration.auto.WebSecurityConfig \ No newline at end of file diff --git a/backend/src/main/resources/jpa-saml2-metadata-reqinit-config.xml b/backend/src/main/resources/jpa-saml2-metadata-reqinit-config.xml new file mode 100644 index 000000000..868961e13 --- /dev/null +++ b/backend/src/main/resources/jpa-saml2-metadata-reqinit-config.xml @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/backend/src/main/resources/modified-saml2-assertion-config.xml b/backend/src/main/resources/modified-saml2-assertion-config.xml new file mode 100644 index 000000000..1f9d649a0 --- /dev/null +++ b/backend/src/main/resources/modified-saml2-assertion-config.xml @@ -0,0 +1,313 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/domain/Pac4jTest.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/domain/Pac4jTest.groovy new file mode 100644 index 000000000..16b48b7c8 --- /dev/null +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/domain/Pac4jTest.groovy @@ -0,0 +1,19 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain + +import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects +import spock.lang.Specification + +class Pac4jTest extends Specification { + OpenSamlObjects openSamlObjects = new OpenSamlObjects().with { + init() + it + } + + def "test unmarshalling pac4j created metadata"() { + when: + def metadata = openSamlObjects.unmarshalFromXml this.class.getResourceAsStream('/metadata/SHIBUI-808.xml').bytes + + then: + noExceptionThrown() + } +} diff --git a/backend/src/test/resources/metadata/SHIBUI-808.xml b/backend/src/test/resources/metadata/SHIBUI-808.xml new file mode 100644 index 000000000..9cfab103c --- /dev/null +++ b/backend/src/test/resources/metadata/SHIBUI-808.xml @@ -0,0 +1,60 @@ + + + + + + + + + + + + + + + + + + + + + MIICpzCCAY+gAwIBAgIBATANBgkqhkiG9w0BAQUFADAXMRUwEwYDVQQDDAw1YjhmNDI2MmEzZmQw + HhcNMTgwOTI2MTU0NzQ4WhcNMTkwOTI2MTU0NzQ5WjAXMRUwEwYDVQQDDAw1YjhmNDI2MmEzZmQw + ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCEFup+XxSTiXS/XnT1R7vvPZfUG+jDwbgE + 5JInMzOIyQna0KnynNM/Zxe/ZtlU+ArOVC5b5WtMomyefLxyxKQI/+aCM5OkJ8gpsJAfDnQDhB0r + dwMZ/n9T2iktiKIS963v4n9+nacx/vlD2t+FFvnHSBcoNUIncvp2lKh9JZNzuGMkipeXibb5wGjN + KYC0MBpXX90lHH9L0xP7+B9hHOI3rnwVKzHwh5oEuDSH8h2ZYQMDAEPHmLSbGP4F1N0Zr/FY+tK1 + LlY0LKxoFk1a6OKUDIT2IHljR7oqaBJRGkMFgFJK0cL7DKtrHZoNLUdaiWVWfoNaW/4k2LarBLLZ + cO77AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAGgJCR5v2F+d8/Jvl92OSaKldY07mUFTDtxHUpKw + dl0lnL3c75g4ISjFPIztuDzsAB9x8vHu4+5+rm383to4i5TL/DoOZmiFAn6WIGe0c+qE+JyNG30G + mmVjHP33s9qy0tqJe/9qtpAqXdQIC0XuqmfW49J62iE/vtClSVn8tUof7TRtrH1QGxkZJjLbG7JC + F9Z1JbvgN2pMvElhpX4SnjALUd10lB2stlKjEc5cB2BnqcOyikTxgA+zDnemy6k6JFxi9/oxKNuW + tGEr1nX42AyL1k6IpSgZikBGlwI3Rj69FoRMQayhG7pK5/XdzZ8D8YbresX2qHA5EbNrcajBsGI= + + + + + + + MIICpzCCAY+gAwIBAgIBATANBgkqhkiG9w0BAQUFADAXMRUwEwYDVQQDDAw1YjhmNDI2MmEzZmQw + HhcNMTgwOTI2MTU0NzQ4WhcNMTkwOTI2MTU0NzQ5WjAXMRUwEwYDVQQDDAw1YjhmNDI2MmEzZmQw + ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCEFup+XxSTiXS/XnT1R7vvPZfUG+jDwbgE + 5JInMzOIyQna0KnynNM/Zxe/ZtlU+ArOVC5b5WtMomyefLxyxKQI/+aCM5OkJ8gpsJAfDnQDhB0r + dwMZ/n9T2iktiKIS963v4n9+nacx/vlD2t+FFvnHSBcoNUIncvp2lKh9JZNzuGMkipeXibb5wGjN + KYC0MBpXX90lHH9L0xP7+B9hHOI3rnwVKzHwh5oEuDSH8h2ZYQMDAEPHmLSbGP4F1N0Zr/FY+tK1 + LlY0LKxoFk1a6OKUDIT2IHljR7oqaBJRGkMFgFJK0cL7DKtrHZoNLUdaiWVWfoNaW/4k2LarBLLZ + cO77AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAGgJCR5v2F+d8/Jvl92OSaKldY07mUFTDtxHUpKw + dl0lnL3c75g4ISjFPIztuDzsAB9x8vHu4+5+rm383to4i5TL/DoOZmiFAn6WIGe0c+qE+JyNG30G + mmVjHP33s9qy0tqJe/9qtpAqXdQIC0XuqmfW49J62iE/vtClSVn8tUof7TRtrH1QGxkZJjLbG7JC + F9Z1JbvgN2pMvElhpX4SnjALUd10lB2stlKjEc5cB2BnqcOyikTxgA+zDnemy6k6JFxi9/oxKNuW + tGEr1nX42AyL1k6IpSgZikBGlwI3Rj69FoRMQayhG7pK5/XdzZ8D8YbresX2qHA5EbNrcajBsGI= + + + + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + urn:oasis:names:tc:SAML:2.0:nameid-format:persistent + urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress + urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified + + + diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java index 1c28b1ee1..b7d1e05dd 100644 --- a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java +++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java @@ -12,6 +12,7 @@ public class Pac4jConfiguration { @Bean public Config config(final Pac4jConfigurationProperties pac4jConfigurationProperties) { + System.setProperty("skipPac4jOpenSAMLinit", "true"); final SAML2ClientConfiguration saml2ClientConfiguration = new SAML2ClientConfiguration(); saml2ClientConfiguration.setKeystorePath(pac4jConfigurationProperties.getKeystorePath()); saml2ClientConfiguration.setKeystorePassword(pac4jConfigurationProperties.getKeystorePassword()); diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfigurationProperties.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfigurationProperties.java index 1334c7e72..afb1369a1 100644 --- a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfigurationProperties.java +++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfigurationProperties.java @@ -1,14 +1,10 @@ package net.unicon.shibui.pac4j; -import lombok.Getter; -import lombok.Setter; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.stereotype.Component; @Component @ConfigurationProperties(prefix = "shibui.pac4j") -@Getter -@Setter public class Pac4jConfigurationProperties { private String keystorePath = "/tmp/samlKeystore.jks"; private String keystorePassword = "changeit"; @@ -20,4 +16,84 @@ public class Pac4jConfigurationProperties { private boolean forceServiceProviderMetadataGeneration = false; private String callbackUrl; private boolean wantAssertionsSigned = true; + + public String getKeystorePath() { + return keystorePath; + } + + public void setKeystorePath(String keystorePath) { + this.keystorePath = keystorePath; + } + + public String getKeystorePassword() { + return keystorePassword; + } + + public void setKeystorePassword(String keystorePassword) { + this.keystorePassword = keystorePassword; + } + + public String getPrivateKeyPassword() { + return privateKeyPassword; + } + + public void setPrivateKeyPassword(String privateKeyPassword) { + this.privateKeyPassword = privateKeyPassword; + } + + public String getIdentityProviderMetadataPath() { + return identityProviderMetadataPath; + } + + public void setIdentityProviderMetadataPath(String identityProviderMetadataPath) { + this.identityProviderMetadataPath = identityProviderMetadataPath; + } + + public int getMaximumAuthenticationLifetime() { + return maximumAuthenticationLifetime; + } + + public void setMaximumAuthenticationLifetime(int maximumAuthenticationLifetime) { + this.maximumAuthenticationLifetime = maximumAuthenticationLifetime; + } + + public String getServiceProviderEntityId() { + return serviceProviderEntityId; + } + + public void setServiceProviderEntityId(String serviceProviderEntityId) { + this.serviceProviderEntityId = serviceProviderEntityId; + } + + public String getServiceProviderMetadataPath() { + return serviceProviderMetadataPath; + } + + public void setServiceProviderMetadataPath(String serviceProviderMetadataPath) { + this.serviceProviderMetadataPath = serviceProviderMetadataPath; + } + + public boolean isForceServiceProviderMetadataGeneration() { + return forceServiceProviderMetadataGeneration; + } + + public void setForceServiceProviderMetadataGeneration(boolean forceServiceProviderMetadataGeneration) { + this.forceServiceProviderMetadataGeneration = forceServiceProviderMetadataGeneration; + } + + public String getCallbackUrl() { + return callbackUrl; + } + + public void setCallbackUrl(String callbackUrl) { + this.callbackUrl = callbackUrl; + } + + public boolean isWantAssertionsSigned() { + return wantAssertionsSigned; + } + + public void setWantAssertionsSigned(boolean wantAssertionsSigned) { + this.wantAssertionsSigned = wantAssertionsSigned; + } } diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java index 28bfa1f58..5d624ddd5 100644 --- a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java +++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java @@ -3,29 +3,26 @@ import org.pac4j.core.config.Config; import org.pac4j.springframework.security.web.CallbackFilter; import org.pac4j.springframework.security.web.SecurityFilter; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.boot.autoconfigure.EnableAutoConfiguration; +import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.annotation.Order; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; -import org.springframework.security.web.csrf.CookieCsrfTokenRepository; @Configuration public class WebSecurity { - @Configuration - @Order(1) - public static class Pac4jSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter { - private static final Logger logger = LoggerFactory.getLogger(Pac4jSecurityConfigurationAdapter.class); + @Bean("webSecurityConfig") + public WebSecurityConfigurerAdapter webSecurityConfigurerAdapter(final Config config) { + return new Pac4jWebSecurityConfigurerAdapter(config); + } + @Order(1) + public static class Pac4jWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { private final Config config; - public Pac4jSecurityConfigurationAdapter(Config config) { - logger.info("configuring pac4j authentication"); + public Pac4jWebSecurityConfigurerAdapter(final Config config) { this.config = config; } @@ -34,13 +31,17 @@ protected void configure(HttpSecurity http) throws Exception { final SecurityFilter securityFilter = new SecurityFilter(this.config, "Saml2Client"); final CallbackFilter callbackFilter = new CallbackFilter(this.config); + // http.regexMatcher("/callback").addFilterBefore(callbackFilter, BasicAuthenticationFilter.class); http.antMatcher("/**").addFilterBefore(callbackFilter, BasicAuthenticationFilter.class); http.authorizeRequests().anyRequest().fullyAuthenticated(); http.addFilterBefore(securityFilter, BasicAuthenticationFilter.class); http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS); - http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); + // http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); + + http.csrf().disable(); + http.headers().frameOptions().disable(); } } } diff --git a/pac4j-module/src/main/resources/META-INF/spring.factories b/pac4j-module/src/main/resources/META-INF/spring.factories index 9a6e6cbf2..90f792d84 100644 --- a/pac4j-module/src/main/resources/META-INF/spring.factories +++ b/pac4j-module/src/main/resources/META-INF/spring.factories @@ -1 +1,4 @@ -org.springframework.boot.autoconfigure.EnableAutoConfiguration=net.unicon.shibui.pac4j.Pac4jConfiguration,net.unicon.shibui.pac4j.WebSecurity,net.unicon.shibui.pac4j.WebSecurity.Pac4jSecurityConfigurationAdapter,net.unicon.shibui.pac4j.Pac4jConfigurationProperties \ No newline at end of file +org.springframework.boot.autoconfigure.EnableAutoConfiguration=\ + net.unicon.shibui.pac4j.Pac4jConfiguration,\ + net.unicon.shibui.pac4j.WebSecurity,\ + net.unicon.shibui.pac4j.Pac4jConfigurationProperties \ No newline at end of file