View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.syncope.sra.security.cas;
20  
21  import org.apache.syncope.sra.ApplicationContextUtils;
22  import org.apache.syncope.sra.security.LogoutRouteMatcher;
23  import org.apache.syncope.sra.security.PublicRouteMatcher;
24  import org.jasig.cas.client.Protocol;
25  import org.slf4j.Logger;
26  import org.slf4j.LoggerFactory;
27  import org.springframework.cache.CacheManager;
28  import org.springframework.context.ConfigurableApplicationContext;
29  import org.springframework.security.authentication.ReactiveAuthenticationManager;
30  import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
31  import org.springframework.security.config.web.server.ServerHttpSecurity;
32  import org.springframework.security.core.Authentication;
33  import org.springframework.security.web.server.authentication.AuthenticationWebFilter;
34  import org.springframework.security.web.server.authentication.logout.LogoutWebFilter;
35  import org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository;
36  import reactor.core.publisher.Mono;
37  
38  public final class CASSecurityConfigUtils {
39  
40      private static final Logger LOG = LoggerFactory.getLogger(CASSecurityConfigUtils.class);
41  
42      private static ReactiveAuthenticationManager authenticationManager() {
43          return authentication -> Mono.just(authentication).filter(Authentication::isAuthenticated);
44      }
45  
46      public static void forLogin(
47              final ServerHttpSecurity http,
48              final Protocol protocol,
49              final String casServerUrlPrefix,
50              final PublicRouteMatcher publicRouteMatcher) {
51  
52          ReactiveAuthenticationManager authenticationManager = authenticationManager();
53  
54          CASAuthenticationRequestWebFilter authRequestFilter = new CASAuthenticationRequestWebFilter(
55                  publicRouteMatcher,
56                  protocol,
57                  casServerUrlPrefix);
58          http.addFilterAt(authRequestFilter, SecurityWebFiltersOrder.HTTP_BASIC);
59  
60          AuthenticationWebFilter authenticationFilter = new CASAuthenticationWebFilter(
61                  authenticationManager,
62                  protocol,
63                  casServerUrlPrefix);
64          authenticationFilter.setAuthenticationFailureHandler((exchange, ex) -> Mono.error(ex));
65          authenticationFilter.setSecurityContextRepository(new WebSessionServerSecurityContextRepository());
66          http.addFilterAt(authenticationFilter, SecurityWebFiltersOrder.AUTHENTICATION);
67      }
68  
69      public static void forLogout(
70              final ServerHttpSecurity.AuthorizeExchangeSpec builder,
71              final CacheManager cacheManager,
72              final String casServerUrlPrefix,
73              final LogoutRouteMatcher logoutRouteMatcher,
74              final ConfigurableApplicationContext ctx) {
75  
76          LogoutWebFilter logoutWebFilter = new LogoutWebFilter();
77          logoutWebFilter.setRequiresLogoutMatcher(logoutRouteMatcher);
78  
79          logoutWebFilter.setLogoutHandler(new CASServerLogoutHandler(cacheManager, casServerUrlPrefix));
80  
81          try {
82              CASServerLogoutSuccessHandler handler = ApplicationContextUtils.getOrCreateBean(ctx,
83                      CASServerLogoutSuccessHandler.class.getName(),
84                      CASServerLogoutSuccessHandler.class);
85              logoutWebFilter.setLogoutSuccessHandler(handler);
86          } catch (ClassNotFoundException e) {
87              LOG.error("While creating instance of {}", CASServerLogoutSuccessHandler.class.getName(), e);
88          }
89  
90          builder.and().addFilterAt(logoutWebFilter, SecurityWebFiltersOrder.LOGOUT);
91      }
92  
93      private CASSecurityConfigUtils() {
94          // private constructor for static utility class
95      }
96  }