Skip to content

Commit

Permalink
NOJIRA: Pac4J libs update
Browse files Browse the repository at this point in the history
Updates for Pac4J updates to current release
  • Loading branch information
chasegawa committed Jan 30, 2024
1 parent 27420e5 commit c359542
Show file tree
Hide file tree
Showing 7 changed files with 35 additions and 24 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@
@EnableJpaAuditing
@EnableScheduling
@EnableAsync
@OpenAPIDefinition(info=@Info(description = "The Shibboleth UI is specifically designed to help manage and edit metadata-driven configuration support for Shibboleth", title = "Shibboleth UI API", version = "1.0"))
@OpenAPIDefinition(info=@Info(description = "The SAML Metadata Configuration Manager is specifically designed to help manage and edit metadata-driven configuration support", title = "SAML Metadata Configuration Manager API", version = "2.0"))
public class ShibbolethUiApplication extends SpringBootServletInitializer {

private static final Logger logger = LoggerFactory.getLogger(ShibbolethUiApplication.class);
Expand Down
2 changes: 1 addition & 1 deletion backend/src/main/resources/application.properties
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,7 @@ shibui.pac4j-enabled=false
#environment variables must be set for beacon publisher to be used (the ones that are set when running shib-ui in
#docker container
shibui.beacon.enabled=true
shibui.beacon.productName=ShibUi
shibui.beacon.productName=SAML Metadata Configuration Manager
shibui.beacon.installationID=UNICON-SHIBUI-TESTING
shibui.beacon.url=http://collector.testbed.tier.internet2.edu:5001
#shibui.beacon.send.cron=0 59 3 * * ?
Expand Down
2 changes: 1 addition & 1 deletion gradle.properties
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ nashornVersion=15.4
opencsvVersion=5.7.1
opensamlVersion=5.0.0
pac4JVersion=6.0.0
pac4jSpringSecurityVersion=9.0.0
pac4jSpringSecurityVersion=10.0.0
seleneseRunnerVersion=4.3.0
shedlockVersion=5.2.0
shibbolethVersion=5.0.0
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
logoutFilter.setCentralLogout(Boolean.TRUE);
logoutFilter.setDefaultUrl(pac4jConfigurationProperties.getPostLogoutURL());
logoutFilter.setDestroySession(true);
http.securityMatcher("/login*", "/logout").addFilterBefore((Filter) logoutFilter, BasicAuthenticationFilter.class);
http.securityMatcher("/logout").addFilterBefore((Filter) logoutFilter, BasicAuthenticationFilter.class);
}

// add correct auth filter
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,13 @@
import jakarta.servlet.http.HttpServletResponse;
import org.pac4j.core.adapter.FrameworkAdapter;
import org.pac4j.core.config.Config;
import org.pac4j.core.context.CallContext;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.context.WebContextFactory;
import org.pac4j.core.engine.DefaultCallbackLogic;
import org.pac4j.core.exception.http.FoundAction;
import org.pac4j.core.exception.http.HttpAction;
import org.pac4j.core.exception.http.SeeOtherAction;
import org.pac4j.core.util.CommonHelper;
import org.pac4j.core.util.Pac4jConstants;
import org.pac4j.jee.config.AbstractConfigFilter;
Expand All @@ -30,18 +35,29 @@
*/
public class ShibuiCallbackFilter extends AbstractConfigFilter {
private String suffix = "/callback";
private String defaultUrl;
private String defaultUrl = "/dashboard";
private Boolean renewSession;
private String defaultClient;

public ShibuiCallbackFilter(Config config) {
// Added this because we were seeing odd behavior where the favicon request was getting in the mix and the return to the
// dashboard url was getting lost.
config.setCallbackLogicIfUndefined(new DefaultCallbackLogic() {
@Override
protected HttpAction redirectToOriginallyRequestedUrl(CallContext ctx, String defaultUrl) {
HttpAction action = super.redirectToOriginallyRequestedUrl(ctx, defaultUrl);
if (action instanceof SeeOtherAction && ((SeeOtherAction) action).getLocation().contains("favicon")) {
return new FoundAction(defaultUrl);
}
return action;
}
});
setConfig(config);
}

@Override
public void init(final FilterConfig filterConfig) throws ServletException {
super.init(filterConfig);
this.defaultUrl = getStringParam(filterConfig, Pac4jConstants.DEFAULT_URL, this.defaultUrl);
this.renewSession = getBooleanParam(filterConfig, Pac4jConstants.RENEW_SESSION, this.renewSession);
this.defaultClient = getStringParam(filterConfig, Pac4jConstants.DEFAULT_CLIENT, this.defaultClient);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,15 +31,14 @@
* LogoutFilter was part of the jakartee-pac4j stuff - there were a number of changes when Pac4J shifted to v6 (the j2ee stuff is now core
* as pac4j-jakartee and its not at all confusing).
*
* Essentially, we check to see if the filter matches the right pattern - this should be done by the Spring mechanisms, but the configured filters
* were still being called in the filter chain, so this logic was re-introduced here. This is essentially an expansion of -
* Essentially, we check to see if the filter matches the right pattern - because of how we re-rout "/logout" before it even gets to
* the filters, we have this filter in place to check for the "/login/logout" which will then do logout behaviors.
* This class is essentially a modification of -
* https://github.com/pac4j/jee-pac4j/blob/master/jakartaee-pac4j/src/main/java/org/pac4j/jee/filter/LogoutFilter.java
*/
@Getter
@Setter
public class ShibuiLogoutFilter extends AbstractConfigFilter {
private final static String SUFFIX = "login"; // "logout" is redirected before we ever hit the filters - sent to /login?logout;

private String defaultUrl;
private String logoutUrlPattern;
private Boolean localLogout;
Expand All @@ -50,17 +49,6 @@ public ShibuiLogoutFilter(Config config) {
setConfig(config);
}

private boolean mustApply(final WebContext context) {
final String path = context.getPath();
logger.debug("path: {} | suffix: {}", path, SUFFIX);

if (isBlank(SUFFIX)) {
return true;
} else {
return path != null && path.endsWith(SUFFIX);
}
}

@Override
public void init(final FilterConfig filterConfig) throws ServletException {
super.init(filterConfig);
Expand All @@ -74,8 +62,14 @@ public void init(final FilterConfig filterConfig) throws ServletException {

@Override
protected void internalFilter(final HttpServletRequest request, final HttpServletResponse response, final FilterChain chain) throws IOException, ServletException {
Config config = getSharedConfig();
FrameworkAdapter.INSTANCE.applyDefaultSettingsIfUndefined(config);
config.getLogoutLogic().perform(config, defaultUrl, logoutUrlPattern, localLogout, destroySession, centralLogout, new JEEFrameworkParameters(request, response));
// the actual "/logout url is redirected before the filters every get anything. It hits /login?logout - so this filter should only
// act when the QUERY STRING is "logout"
if (request.getQueryString() != null && request.getQueryString().endsWith("logout")) {
Config config = getSharedConfig();
FrameworkAdapter.INSTANCE.applyDefaultSettingsIfUndefined(config);
config.getLogoutLogic().perform(config, defaultUrl, logoutUrlPattern, localLogout, destroySession, centralLogout, new JEEFrameworkParameters(request, response));
} else {
chain.doFilter(request, response);
}
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ private SAML2Configuration buildSaml2ConfigFromPac4JConfiguration(Pac4jConfigura
saml2Config.setAttributeAsId(pac4jConfigProps.getSimpleProfileMapping().getUsername());
saml2Config.setPostLogoutURL(pac4jConfigProps.getPostLogoutURL());
saml2Config.setAuthnRequestBindingType("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
saml2Config.setCallbackUrl(pac4jConfigProps.getCallbackUrl());

return saml2Config;
}
Expand Down

0 comments on commit c359542

Please sign in to comment.