SHIBUI-1774

minor cleanup

pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java

@@ -7,6 +7,7 @@
 import org.pac4j.core.credentials.Credentials;
 import org.pac4j.core.credentials.TokenCredentials;
 import org.pac4j.core.credentials.authenticator.Authenticator;
+import org.pac4j.core.exception.CredentialsException;
 import org.pac4j.core.profile.CommonProfile;
 import org.pac4j.core.profile.definition.CommonProfileDefinition;
 import org.pac4j.http.client.direct.ParameterClient;
@@ -27,11 +28,12 @@ public SAML2ModelAuthorizationGenerator saml2ModelAuthorizationGenerator(UserRep
     }
 
     @Bean
-    public Config config(final Pac4jConfigurationProperties pac4jConfigurationProperties, final SAML2ModelAuthorizationGenerator saml2ModelAuthorizationGenerator) {
+    public Config config(final Pac4jConfigurationProperties pac4jConfigurationProperties,
+                         final SAML2ModelAuthorizationGenerator saml2ModelAuthorizationGenerator) {
 
         final Clients clients = new Clients(pac4jConfigurationProperties.getCallbackUrl());
 
-        if(pac4jConfigurationProperties.getTypeOfAuth().equals("SAML2")) { //f
+        if (pac4jConfigurationProperties.getTypeOfAuth().equals("SAML2")) {
             final SAML2ClientConfiguration saml2ClientConfiguration = new SAML2ClientConfiguration();
             saml2ClientConfiguration.setKeystorePath(pac4jConfigurationProperties.getKeystorePath());
             saml2ClientConfiguration.setKeystorePassword(pac4jConfigurationProperties.getKeystorePassword());
@@ -47,17 +49,23 @@ public Config config(final Pac4jConfigurationProperties pac4jConfigurationProper
             final SAML2Client saml2Client = new SAML2Client(saml2ClientConfiguration);
             saml2Client.setName("Saml2Client");
             saml2Client.addAuthorizationGenerator(saml2ModelAuthorizationGenerator);
-            SAML2Authenticator saml2Authenticator = new SAML2Authenticator(saml2ClientConfiguration.getAttributeAsId(), saml2ClientConfiguration.getMappedAttributes());
-            saml2Authenticator.setProfileDefinition(new CommonProfileDefinition<>(p -> new BetterSAML2Profile(pac4jConfigurationProperties.getSaml2ProfileMapping().getUsername())));
+            SAML2Authenticator saml2Authenticator = new SAML2Authenticator(saml2ClientConfiguration.getAttributeAsId(),
+                            saml2ClientConfiguration.getMappedAttributes());
+            saml2Authenticator.setProfileDefinition(new CommonProfileDefinition<>(
+                            p -> new BetterSAML2Profile(pac4jConfigurationProperties.getSaml2ProfileMapping().getUsername())));
             saml2Client.setAuthenticator(saml2Authenticator);
 
             clients.setClients(saml2Client);
-        }
-        else if (pac4jConfigurationProperties.getTypeOfAuth().equals("HEADER")) {
-              HeaderClient headerClient = new HeaderClient(pac4jConfigurationProperties.getAuthenticationHeader(), new Authenticator() {
+        } else if (pac4jConfigurationProperties.getTypeOfAuth().equals("HEADER")) {
+            HeaderClient headerClient = new HeaderClient(pac4jConfigurationProperties.getAuthenticationHeader(), new Authenticator() {
                 @Override
                 public void validate(Credentials credentials, WebContext context) {
-
+                    if (credentials instanceof TokenCredentials) {
+                    TokenCredentials creds = (TokenCredentials) credentials;
+                    String remoteUser = creds.getToken();
+                    } else {
+                        throw new CredentialsException("Invalid Credentials object generated by HeaderClient");
+                    }
                 }
             });
             clients.setClients(headerClient);

pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfigurationProperties.java

@@ -10,6 +10,8 @@
 @EnableConfigurationProperties
 @ConditionalOnProperty(name = "shibui.pac4j-enabled", havingValue = "true")
 public class Pac4jConfigurationProperties {
+    final static String DEFAULT_AUTH_HEADER = "REMOTE_USER"; 
+
     private String keystorePath = "/tmp/samlKeystore.jks";
     private String keystorePassword = "changeit";
     private String privateKeyPassword = "changeit";
@@ -22,7 +24,7 @@ public class Pac4jConfigurationProperties {
     private boolean wantAssertionsSigned = true;
     private SAML2ProfileMapping saml2ProfileMapping;
     private String typeOfAuth = "SAML2";
-    private String authenticationHeader = "REMOTE_USER";
+    private String authenticationHeader = DEFAULT_AUTH_HEADER;
 
     public static class SAML2ProfileMapping {
         private String username;

pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java

@@ -82,19 +82,15 @@ public Pac4jWebSecurityConfigurerAdapter(final Config config, UserRepository use
 
         @Override
         protected void configure(HttpSecurity http) throws Exception {
-            final SecurityFilter securityFilter = new SecurityFilter(this.config, "Saml2Client");
             final SecurityFilter securityFilterForHeader = new SecurityFilter(this.config, "HeaderClient");
 
             final CallbackFilter callbackFilter = new CallbackFilter(this.config);
             http.antMatcher("/**").addFilterBefore(callbackFilter, BasicAuthenticationFilter.class)
-                    .addFilterBefore(securityFilter, BasicAuthenticationFilter.class)
                     .addFilterBefore(securityFilterForHeader, BasicAuthenticationFilter.class)  //xxx check on this
                     .addFilterAfter(new AddNewUserFilter(pac4jConfigurationProperties, userRepository, roleRepository, emailService), SecurityFilter.class);
 
             http.authorizeRequests().anyRequest().fullyAuthenticated();
-
             http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS);
-
             http.csrf().disable();
             http.headers().frameOptions().disable();
         }