Skip to content

Security configuration

Jump to bottom Edit New page
LELEU Jérôme edited this page Nov 20, 2020 · 4 revisions

You need to define the security configuration (authentication and authorization mechanisms) in a Config component.

>> Read the documentation of the Config component.

It can be built via a Spring context file or a Spring configuration class:

Spring context file:

    <bean id="facebookClient" class="org.pac4j.oauth.client.FacebookClient">
        <constructor-arg name="key" value="145278422258960" />
        <constructor-arg name="secret" value="be21409ba8f39b5dae2a7de525484da8" />
    </bean>

    <bean id="twitterClient" class="org.pac4j.oauth.client.TwitterClient">
        <constructor-arg name="key" value="CoxUiYwQOSFDReZYdjigBA" />
        <constructor-arg name="secret" value="2kAzunH5Btc4gRSaMr7D7MkyoJ5u1VzbOOzE8rBofs" />
    </bean>

    <bean id="testAuthenticator" class="org.pac4j.http.credentials.authenticator.test.SimpleTestUsernamePasswordAuthenticator">
    </bean>

    <bean id="formClient" class="org.pac4j.http.client.indirect.FormClient">
        <constructor-arg name="loginUrl" value="http://localhost:8080/loginForm" />
        <constructor-arg name="usernamePasswordAuthenticator" ref="testAuthenticator" />
    </bean>

    ...

    <bean id="clients" class="org.pac4j.core.client.Clients">
        <constructor-arg name="callbackUrl" value="http://localhost:8080/callback" />
        <constructor-arg name="clients">
            <list>
                <ref bean="oidClient" />
                <ref bean="saml2Client" />
                <ref bean="facebookClient" />
                <ref bean="twitterClient" />
                <ref bean="formClient" />
                <ref bean="indirectBasicAuthClient" />
                <ref bean="casClient" />
                <ref bean="parameterClient" />
                <ref bean="directBasicAuthClient" />
                <ref bean="casRestBasicAuthClient" />
            </list>
        </constructor-arg>
    </bean>

    <bean id="customAuthorizer" class="org.pac4j.demo.spring.CustomAuthorizer">
    </bean>

    <bean id="config" class="org.pac4j.core.config.Config">
        <constructor-arg name="clients" ref="clients" />
        <constructor-arg name="authorizers">
            <map>
                <entry key="custom" value-ref="customAuthorizer" />
            </map>
        </constructor-arg>
    </bean>

See a full example here.

Spring configuration class:

@Configuration
public class Pac4jConfig {

    @Value("${salt}")
    private String salt;

    @Bean
    public Config config() {
        final OidcConfiguration oidcConfiguration = new OidcConfiguration();
        oidcConfiguration.setClientId("167480702619-8e1lo80dnu8bpk3k0lvvj27noin97vu9.apps.googleusercontent.com");
        oidcConfiguration.setSecret("MhMme_Ik6IH2JMnAT6MFIfee");
        oidcConfiguration.setPreferredJwsAlgorithm(JWSAlgorithm.PS384);
        oidcConfiguration.addCustomParam("prompt", "consent");
        final GoogleOidcClient oidcClient = new GoogleOidcClient(oidcConfiguration);
        oidcClient.setAuthorizationGenerator((ctx, profile) -> { profile.addRole("ROLE_ADMIN"); return profile; });

        final SAML2Configuration cfg = new SAML2Configuration(new ClassPathResource("samlKeystore.jks"), "pac4j-demo-passwd", "pac4j-demo-passwd", new ClassPathResource("metadata-okta.xml"));
        cfg.setMaximumAuthenticationLifetime(3600);
        cfg.setServiceProviderEntityId("http://localhost:8080/callback?client_name=SAML2Client");
        cfg.setServiceProviderMetadataResource(new FileSystemResource(new File("sp-metadata.xml").getAbsoluteFile()));
        final SAML2Client saml2Client = new SAML2Client(cfg);

        ...

        final CasConfiguration configuration = new CasConfiguration("https://casserverpac4j.herokuapp.com/login");
        final CasClient casClient = new CasClient(configuration);

        final SecretSignatureConfiguration secretSignatureConfiguration = new SecretSignatureConfiguration(salt);
        final SecretEncryptionConfiguration secretEncryptionConfiguration = new SecretEncryptionConfiguration(salt);
        final JwtAuthenticator authenticator = new JwtAuthenticator();
        authenticator.setSignatureConfiguration(secretSignatureConfiguration);
        authenticator.setEncryptionConfiguration(secretEncryptionConfiguration);
        ParameterClient parameterClient = new ParameterClient("token", authenticator);
        parameterClient.setSupportGetRequest(true);
        parameterClient.setSupportPostRequest(false);

        final DirectBasicAuthClient directBasicAuthClient = new DirectBasicAuthClient(new SimpleTestUsernamePasswordAuthenticator());

        final Clients clients = new Clients("http://localhost:8080/callback", oidcClient, saml2Client, facebookClient,
                twitterClient, formClient, indirectBasicAuthClient, casClient, parameterClient, directBasicAuthClient);

        final Config config = new Config(clients);
        config.addAuthorizer("admin", new RequireAnyRoleAuthorizer("ROLE_ADMIN"));
        return config;
    }
}

See a full example here.

Add a custom footer
Add a custom sidebar
Clone this wiki locally