1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.syncope.sra.security.cas;
20
21 import org.apache.syncope.sra.ApplicationContextUtils;
22 import org.apache.syncope.sra.security.LogoutRouteMatcher;
23 import org.apache.syncope.sra.security.PublicRouteMatcher;
24 import org.jasig.cas.client.Protocol;
25 import org.slf4j.Logger;
26 import org.slf4j.LoggerFactory;
27 import org.springframework.cache.CacheManager;
28 import org.springframework.context.ConfigurableApplicationContext;
29 import org.springframework.security.authentication.ReactiveAuthenticationManager;
30 import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
31 import org.springframework.security.config.web.server.ServerHttpSecurity;
32 import org.springframework.security.core.Authentication;
33 import org.springframework.security.web.server.authentication.AuthenticationWebFilter;
34 import org.springframework.security.web.server.authentication.logout.LogoutWebFilter;
35 import org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository;
36 import reactor.core.publisher.Mono;
37
38 public final class CASSecurityConfigUtils {
39
40 private static final Logger LOG = LoggerFactory.getLogger(CASSecurityConfigUtils.class);
41
42 private static ReactiveAuthenticationManager authenticationManager() {
43 return authentication -> Mono.just(authentication).filter(Authentication::isAuthenticated);
44 }
45
46 public static void forLogin(
47 final ServerHttpSecurity http,
48 final Protocol protocol,
49 final String casServerUrlPrefix,
50 final PublicRouteMatcher publicRouteMatcher) {
51
52 ReactiveAuthenticationManager authenticationManager = authenticationManager();
53
54 CASAuthenticationRequestWebFilter authRequestFilter = new CASAuthenticationRequestWebFilter(
55 publicRouteMatcher,
56 protocol,
57 casServerUrlPrefix);
58 http.addFilterAt(authRequestFilter, SecurityWebFiltersOrder.HTTP_BASIC);
59
60 AuthenticationWebFilter authenticationFilter = new CASAuthenticationWebFilter(
61 authenticationManager,
62 protocol,
63 casServerUrlPrefix);
64 authenticationFilter.setAuthenticationFailureHandler((exchange, ex) -> Mono.error(ex));
65 authenticationFilter.setSecurityContextRepository(new WebSessionServerSecurityContextRepository());
66 http.addFilterAt(authenticationFilter, SecurityWebFiltersOrder.AUTHENTICATION);
67 }
68
69 public static void forLogout(
70 final ServerHttpSecurity.AuthorizeExchangeSpec builder,
71 final CacheManager cacheManager,
72 final String casServerUrlPrefix,
73 final LogoutRouteMatcher logoutRouteMatcher,
74 final ConfigurableApplicationContext ctx) {
75
76 LogoutWebFilter logoutWebFilter = new LogoutWebFilter();
77 logoutWebFilter.setRequiresLogoutMatcher(logoutRouteMatcher);
78
79 logoutWebFilter.setLogoutHandler(new CASServerLogoutHandler(cacheManager, casServerUrlPrefix));
80
81 try {
82 CASServerLogoutSuccessHandler handler = ApplicationContextUtils.getOrCreateBean(ctx,
83 CASServerLogoutSuccessHandler.class.getName(),
84 CASServerLogoutSuccessHandler.class);
85 logoutWebFilter.setLogoutSuccessHandler(handler);
86 } catch (ClassNotFoundException e) {
87 LOG.error("While creating instance of {}", CASServerLogoutSuccessHandler.class.getName(), e);
88 }
89
90 builder.and().addFilterAt(logoutWebFilter, SecurityWebFiltersOrder.LOGOUT);
91 }
92
93 private CASSecurityConfigUtils() {
94
95 }
96 }