diff --git a/pac4j-module/Dockerfile b/pac4j-module/Dockerfile new file mode 100644 index 000000000..e69de29bb diff --git a/pac4j-module/build.gradle b/pac4j-module/build.gradle new file mode 100644 index 000000000..d783ad01f --- /dev/null +++ b/pac4j-module/build.gradle @@ -0,0 +1,37 @@ +plugins { + id 'java' + id 'org.springframework.boot' version '2.0.0.RELEASE' + id 'com.palantir.docker' version '0.20.1' + id 'jacoco' + id 'io.franzbecker.gradle-lombok' version '1.13' +} + +apply plugin: 'io.spring.dependency-management' + +sourceCompatibility = 1.8 +targetCompatibility = 1.8 + +repositories { + jcenter() + maven { + url 'https://build.shibboleth.net/nexus/content/groups/public' + artifactUrls = ['https://build.shibboleth.net/nexus/content/repositories/thirdparty-snapshots'] + } +} + +lombok { + version = "1.16.20" + sha256 = "c5178b18caaa1a15e17b99ba5e4023d2de2ebc18b58cde0f5a04ca4b31c10e6d" +} + +dependencies { + compileOnly project(':backend') + + compile "org.pac4j:spring-security-pac4j:3.0.0" + compile "org.pac4j:pac4j-saml:2.2.1", { + // opensaml libraries are provided + exclude group: 'org.opensaml' + } + + annotationProcessor "org.springframework.boot:spring-boot-configuration-processor" +} \ No newline at end of file diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java new file mode 100644 index 000000000..193ccaac2 --- /dev/null +++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java @@ -0,0 +1,33 @@ +package net.unicon.shibui.pac4j; + +import org.pac4j.core.client.Clients; +import org.pac4j.core.config.Config; +import org.pac4j.saml.client.SAML2Client; +import org.pac4j.saml.client.SAML2ClientConfiguration; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; + +@Configuration +public class Pac4jConfiguration { + @Bean + public Config config(final Pac4jConfigurationProperties pac4jConfigurationProperties) { + final SAML2ClientConfiguration saml2ClientConfiguration = new SAML2ClientConfiguration(); + saml2ClientConfiguration.setKeystorePath(pac4jConfigurationProperties.getKeystorePath()); + saml2ClientConfiguration.setKeystorePassword(pac4jConfigurationProperties.getKeystorePassword()); + saml2ClientConfiguration.setPrivateKeyPassword(pac4jConfigurationProperties.getPrivateKeyPassword()); + saml2ClientConfiguration.setIdentityProviderMetadataPath(pac4jConfigurationProperties.getIdentityProviderMetadataPath()); + saml2ClientConfiguration.setMaximumAuthenticationLifetime(pac4jConfigurationProperties.getMaximumAuthenticationLifetime()); + saml2ClientConfiguration.setServiceProviderEntityId(pac4jConfigurationProperties.getServiceProviderEntityId()); + saml2ClientConfiguration.setServiceProviderMetadataPath(pac4jConfigurationProperties.getServiceProviderMetadataPath()); + saml2ClientConfiguration.setForceServiceProviderMetadataGeneration(pac4jConfigurationProperties.isForceServiceProviderMetadataGeneration()); + saml2ClientConfiguration.setWantsAssertionsSigned(pac4jConfigurationProperties.isWantAssertionsSigned()); + + final SAML2Client saml2Client = new SAML2Client(saml2ClientConfiguration); + saml2Client.setName("Saml2Client"); + + final Clients clients = new Clients(pac4jConfigurationProperties.getCallbackUrl(), saml2Client); + + final Config config = new Config(clients); + return config; + } +} diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfigurationProperties.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfigurationProperties.java new file mode 100644 index 000000000..1334c7e72 --- /dev/null +++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfigurationProperties.java @@ -0,0 +1,23 @@ +package net.unicon.shibui.pac4j; + +import lombok.Getter; +import lombok.Setter; +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.stereotype.Component; + +@Component +@ConfigurationProperties(prefix = "shibui.pac4j") +@Getter +@Setter +public class Pac4jConfigurationProperties { + private String keystorePath = "/tmp/samlKeystore.jks"; + private String keystorePassword = "changeit"; + private String privateKeyPassword = "changeit"; + private String identityProviderMetadataPath = "/tmp/idp-metadata.xml"; + private int maximumAuthenticationLifetime = 3600; + private String serviceProviderEntityId = "https://unicon.net/shibui"; + private String serviceProviderMetadataPath = "/tmp/sp-metadata.xml"; + private boolean forceServiceProviderMetadataGeneration = false; + private String callbackUrl; + private boolean wantAssertionsSigned = true; +} diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java new file mode 100644 index 000000000..80a755431 --- /dev/null +++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java @@ -0,0 +1,14 @@ +package net.unicon.shibui.pac4j; + +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; + +@Configuration +@EnableWebSecurity +public class WebSecurity { + @Configuration + public static class Pac4jSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter { + + } +} diff --git a/pac4j-module/src/main/resources/META-INF/spring.factories b/pac4j-module/src/main/resources/META-INF/spring.factories new file mode 100644 index 000000000..a24bba892 --- /dev/null +++ b/pac4j-module/src/main/resources/META-INF/spring.factories @@ -0,0 +1 @@ +org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer = net.unicon.shibui.pac4j.WebSecurity.Pac4jSecurityConfigurationAdapter \ No newline at end of file diff --git a/settings.gradle b/settings.gradle index adb85a37b..8fae26617 100644 --- a/settings.gradle +++ b/settings.gradle @@ -1 +1 @@ -include 'backend', 'ui' \ No newline at end of file +include 'backend', 'ui', 'pac4j-module' \ No newline at end of file