Merged in SHIBUI-1661-a (pull request #455)

SHIBUI-1661 - conditional pac4j Approved-by: Jonathan Johnson
TIER · Dec 17, 2019 · d328b11 · d328b11
2 parents 29bfc0e + 999ea4f
commit d328b11
Showing 10 changed files with 40 additions and 24 deletions.
diff --git a/backend/Dockerfile b/backend/Dockerfile
@@ -2,8 +2,8 @@ FROM gcr.io/distroless/java
 
 ARG JAR_FILE
 
-COPY ${JAR_FILE} app.jar
 COPY loader.properties loader.properties
+COPY ${JAR_FILE} app.jar
 
 EXPOSE 8080
 

diff --git a/backend/build.gradle b/backend/build.gradle
@@ -210,6 +210,9 @@ dependencies {
     // Envers for persistent entities versioning
     compile 'org.hibernate:hibernate-envers'
 
+    //Pacj4 sub-project
+    runtimeOnly project(':pac4j-module')
+
     enversTestCompile sourceSets.main.output
     enversTestCompile sourceSets.test.output
     enversTestCompile configurations.compile

diff --git a/backend/src/main/docker-files/loader.properties b/backend/src/main/docker-files/loader.properties
@@ -1 +1 @@
-loader.path=libs/
+loader.path=libs/
diff --git a/backend/src/main/resources/application.properties b/backend/src/main/resources/application.properties
@@ -84,3 +84,8 @@ shibui.mail.html.email-template-path-prefix=/mail/html/
 shibui.mail.system-email-address=doNotReply@shibui.org
 
 shibui.roles=ROLE_ADMIN,ROLE_USER,ROLE_NONE
+
+#In order to enable authentication via configured pac4j library (with external SAMl Idp, for example)
+#This property must be set to true and pac4j properties configured. For sample pac4j properties, see application.yml
+#for an example pac4j configuration
+#shibui.pac4j-enabled=true
diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml
@@ -1,3 +1,21 @@
+#shibui:
+#  pac4j-enabled: true
+#  pac4j:
+#    keystorePath: "/etc/shibui/samlKeystore.jks"
+#    keystorePassword: "changeit"
+#    privateKeyPassword: "changeit"
+#    serviceProviderEntityId: "https://idp.example.com/shibui"
+#    serviceProviderMetadataPath: "/etc/shibui/sp-metadata.xml"
+#    identityProviderMetadataPath: "/etc/shibui/idp-metadata.xml"
+#    forceServiceProviderMetadataGeneration: false
+#    callbackUrl: "https://localhost:8443/callback"
+#    maximumAuthenticationLifetime: 3600000
+#    saml2ProfileMapping:
+#      username: urn:oid:0.9.2342.19200300.100.1.1
+#      firstname: urn:oid:2.5.4.42
+#      lastname: urn:oid:2.5.4.4
+#      email: urn:oid:0.9.2342.19200300.100.1.3
+
 custom:
   attributes:
   # Default attributes

diff --git a/pac4j-module/Dockerfile b/pac4j-module/Dockerfile
diff --git a/pac4j-module/build.gradle b/pac4j-module/build.gradle
@@ -1,6 +1,5 @@
 plugins {
     id 'groovy'
-    id 'com.palantir.docker' version '0.20.1'
     id 'jacoco'
     id 'org.springframework.boot' version '2.0.0.RELEASE' apply false
     id 'io.spring.dependency-management' version '1.0.6.RELEASE'
@@ -39,20 +38,4 @@ dependencies {
     testCompile "org.spockframework:spock-spring:1.1-groovy-2.4"
 
     annotationProcessor "org.springframework.boot:spring-boot-configuration-processor"
-
-    docker project(':backend')
-}
-
-docker {
-    name 'unicon/shibui-pac4j'
-    tags 'latest-pac4j'
-    files configurations.runtime, tasks.jar.outputs
-    noCache true
-}
-
-task testme(type: Copy) {
-    from configurations.runtime
-    into temporaryDir
-}
-
-tasks.docker.dependsOn(tasks.jar, ':backend:docker')
+}
diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfiguration.java
@@ -7,10 +7,12 @@
 import org.pac4j.saml.client.SAML2Client;
 import org.pac4j.saml.client.SAML2ClientConfiguration;
 import org.pac4j.saml.credentials.authenticator.SAML2Authenticator;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
 @Configuration
+@ConditionalOnProperty(name = "shibui.pac4j-enabled", havingValue = "true")
 public class Pac4jConfiguration {
     @Bean
     public SAML2ModelAuthorizationGenerator saml2ModelAuthorizationGenerator(UserRepository userRepository) {

diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfigurationProperties.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/Pac4jConfigurationProperties.java
@@ -1,12 +1,14 @@
 package net.unicon.shibui.pac4j;
 
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.stereotype.Component;
 
 @Component
 @ConfigurationProperties(prefix = "shibui.pac4j")
 @EnableConfigurationProperties
+@ConditionalOnProperty(name = "shibui.pac4j-enabled", havingValue = "true")
 public class Pac4jConfigurationProperties {
     private String keystorePath = "/tmp/samlKeystore.jks";
     private String keystorePassword = "changeit";

diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java
@@ -9,6 +9,7 @@
 import org.pac4j.springframework.security.web.SecurityFilter;
 import org.springframework.boot.autoconfigure.AutoConfigureAfter;
 import org.springframework.boot.autoconfigure.AutoConfigureOrder;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
@@ -24,7 +25,9 @@
 
 @Configuration
 @AutoConfigureOrder(-1)
+@ConditionalOnProperty(name = "shibui.pac4j-enabled", havingValue = "true")
 @AutoConfigureAfter(EmailConfiguration.class)
+
 public class WebSecurity {
     @Bean("webSecurityConfig")
     public WebSecurityConfigurerAdapter webSecurityConfigurerAdapter(final Config config, UserRepository userRepository, RoleRepository roleRepository, Optional<EmailService> emailService, Pac4jConfigurationProperties pac4jConfigurationProperties) {
@@ -33,6 +36,7 @@ public WebSecurityConfigurerAdapter webSecurityConfigurerAdapter(final Config co
 
     @Configuration
     @Order(0)
+    @ConditionalOnProperty(name = "shibui.pac4j-enabled", havingValue = "true")
     public static class FaviconSecurityConfiguration extends WebSecurityConfigurerAdapter {
         @Override
         protected void configure(HttpSecurity http) throws Exception {
@@ -42,6 +46,7 @@ protected void configure(HttpSecurity http) throws Exception {
 
     @Configuration
     @Order(1)
+    @ConditionalOnProperty(name = "shibui.pac4j-enabled", havingValue = "true")
     public static class UnsecuredSecurityConfiguration extends WebSecurityConfigurerAdapter {
         @Override
         protected void configure(HttpSecurity http) throws Exception {
@@ -51,6 +56,7 @@ protected void configure(HttpSecurity http) throws Exception {
 
     @Configuration
     @Order(2)
+    @ConditionalOnProperty(name = "shibui.pac4j-enabled", havingValue = "true")
     public static class ErrorSecurityConfiguration extends WebSecurityConfigurerAdapter {
         @Override
         protected void configure(HttpSecurity http) throws Exception {
@@ -102,7 +108,7 @@ public void configure(org.springframework.security.config.annotation.web.builder
     }
 
     @Bean
-    public AuditorAware<String> defaultAuditorAware() {
+    public AuditorAware<String> pac4jAuditorAware() {
         return new Pac4jAuditorAware();
     }
 }