-
Notifications
You must be signed in to change notification settings - Fork 50
/
Copy pathSecurityModule.scala
144 lines (122 loc) · 6.53 KB
/
SecurityModule.scala
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
package modules
import com.google.inject.{AbstractModule, Provides}
import controllers.{CustomAuthorizer, DemoHttpActionAdapter, RoleAdminAuthGenerator}
import org.pac4j.cas.client.{CasClient, CasProxyReceptor}
import org.pac4j.cas.config.{CasConfiguration, CasProtocol}
import org.pac4j.core.authorization.authorizer.RequireAnyRoleAuthorizer
import org.pac4j.core.client.Clients
import org.pac4j.core.client.direct.AnonymousClient
import org.pac4j.core.config.Config
import org.pac4j.core.context.FrameworkParameters
import org.pac4j.core.context.session.{SessionStore, SessionStoreFactory}
import org.pac4j.core.matching.matcher.PathMatcher
import org.pac4j.core.profile.CommonProfile
import org.pac4j.http.client.direct.{DirectBasicAuthClient, ParameterClient}
import org.pac4j.http.client.indirect.{FormClient, IndirectBasicAuthClient}
import org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator
import org.pac4j.jwt.config.signature.SecretSignatureConfiguration
import org.pac4j.jwt.credentials.authenticator.JwtAuthenticator
import org.pac4j.oauth.client.{FacebookClient, TwitterClient}
import org.pac4j.oidc.client.OidcClient
import org.pac4j.oidc.config.OidcConfiguration
import org.pac4j.play.scala.{DefaultSecurityComponents, Pac4jScalaTemplateHelper, SecurityComponents}
import org.pac4j.play.store.{PlayCookieSessionStore, ShiroAesDataEncrypter}
import org.pac4j.play.{CallbackController, LogoutController}
import org.pac4j.saml.client.SAML2Client
import org.pac4j.saml.config.SAML2Configuration
import play.api.{Configuration, Environment}
import java.io.File
import java.nio.charset.StandardCharsets
/**
* Guice DI module to be included in application.conf
*/
class SecurityModule(environment: Environment, configuration: Configuration) extends AbstractModule {
val baseUrl = configuration.get[String]("baseUrl")
override def configure(): Unit = {
val sKey = configuration.get[String]("play.http.secret.key").substring(0, 16)
val dataEncrypter = new ShiroAesDataEncrypter(sKey.getBytes(StandardCharsets.UTF_8))
val playSessionStore = new PlayCookieSessionStore(dataEncrypter)
bind(classOf[SessionStore]).toInstance(playSessionStore)
bind(classOf[SecurityComponents]).to(classOf[DefaultSecurityComponents])
bind(classOf[Pac4jScalaTemplateHelper[CommonProfile]])
// callback
val callbackController = new CallbackController()
callbackController.setDefaultUrl("/?defaulturlafterlogout")
bind(classOf[CallbackController]).toInstance(callbackController)
// logout
val logoutController = new LogoutController()
logoutController.setDefaultUrl("/")
bind(classOf[LogoutController]).toInstance(logoutController)
}
@Provides
def provideFacebookClient: FacebookClient = {
val fbId = configuration.getOptional[String]("fbId").get
val fbSecret = configuration.getOptional[String]("fbSecret").get
val fbClient = new FacebookClient(fbId, fbSecret)
fbClient.setMultiProfile(true)
fbClient
}
@Provides
def provideTwitterClient: TwitterClient = new TwitterClient("HVSQGAw2XmiwcKOTvZFbQ", "FSiO9G9VRR4KCuksky0kgGuo8gAVndYymr4Nl7qc8AA")
@Provides
def provideFormClient: FormClient = new FormClient(baseUrl + "/loginForm", new SimpleTestUsernamePasswordAuthenticator())
@Provides
def provideIndirectBasicAuthClient: IndirectBasicAuthClient = new IndirectBasicAuthClient(new SimpleTestUsernamePasswordAuthenticator())
/*@Provides
def provideCasProxyReceptor: CasProxyReceptor = new CasProxyReceptor()*/
@Provides
def provideCasClient(casProxyReceptor: CasProxyReceptor): CasClient = {
val casConfiguration = new CasConfiguration("https://casserverpac4j.herokuapp.com/login")
//val casConfiguration = new CasConfiguration("http://localhost:8888/cas/login")
casConfiguration.setProtocol(CasProtocol.CAS20)
//casConfiguration.setProxyReceptor(casProxyReceptor)
new CasClient(casConfiguration)
}
@Provides
def provideSaml2Client: SAML2Client = {
val cfg = new SAML2Configuration("resource:samlKeystore.jks", "pac4j-demo-passwd", "pac4j-demo-passwd", "resource:openidp-feide.xml")
cfg.setMaximumAuthenticationLifetime(3600)
cfg.setServiceProviderEntityId("urn:mace:saml:pac4j.org")
cfg.setServiceProviderMetadataPath(new File("target", "sp-metadata.xml").getAbsolutePath)
new SAML2Client(cfg)
}
@Provides
def provideOidcClient: OidcClient = {
val oidcConfiguration = new OidcConfiguration()
oidcConfiguration.setClientId("343992089165-i1es0qvej18asl33mvlbeq750i3ko32k.apps.googleusercontent.com")
oidcConfiguration.setSecret("unXK_RSCbCXLTic2JACTiAo9")
oidcConfiguration.setDiscoveryURI("https://accounts.google.com/.well-known/openid-configuration")
oidcConfiguration.addCustomParam("prompt", "consent")
val oidcClient = new OidcClient(oidcConfiguration)
oidcClient.addAuthorizationGenerator(new RoleAdminAuthGenerator)
oidcClient
}
@Provides
def provideParameterClient: ParameterClient = {
val jwtAuthenticator = new JwtAuthenticator()
jwtAuthenticator.addSignatureConfiguration(new SecretSignatureConfiguration("12345678901234567890123456789012"))
val parameterClient = new ParameterClient("token", jwtAuthenticator)
parameterClient.setSupportGetRequest(true)
parameterClient.setSupportPostRequest(false)
parameterClient
}
@Provides
def provideDirectBasicAuthClient: DirectBasicAuthClient = new DirectBasicAuthClient(new SimpleTestUsernamePasswordAuthenticator)
@Provides
def provideConfig(facebookClient: FacebookClient, twitterClient: TwitterClient, formClient: FormClient, indirectBasicAuthClient: IndirectBasicAuthClient,
casClient: CasClient, saml2Client: SAML2Client, oidcClient: OidcClient, parameterClient: ParameterClient, directBasicAuthClient: DirectBasicAuthClient,
sessionStore: SessionStore): Config = {
val clients = new Clients(baseUrl + "/callback", facebookClient, twitterClient, formClient,
indirectBasicAuthClient, casClient, saml2Client, oidcClient, parameterClient, directBasicAuthClient,
new AnonymousClient())
val config = new Config(clients)
config.addAuthorizer("admin", new RequireAnyRoleAuthorizer("ROLE_ADMIN"))
config.addAuthorizer("custom", new CustomAuthorizer)
config.addMatcher("excludedPath", new PathMatcher().excludeRegex("^/facebook/notprotected\\.html$"))
config.setSessionStoreFactory(new SessionStoreFactory {
override def newSessionStore(parameters: FrameworkParameters): SessionStore = sessionStore
});
config.setHttpActionAdapter(new DemoHttpActionAdapter())
config
}
}