-
Notifications
You must be signed in to change notification settings - Fork 41
Security configuration
CAS in the cloud LELEU Jérôme edited this page Mar 21, 2022
·
3 revisions
You need to define the security configuration (authentication and authorization mechanisms) in a Config component.
>> Read the documentation of the Config component.
It can be built via a configuration factory (org.pac4j.core.config.ConfigFactory):
public class DemoConfigFactory implements ConfigFactory {
private final String salt;
private final TemplateEngine templateEngine;
public DemoConfigFactory(final String salt, final TemplateEngine templateEngine) {
this.salt = salt;
this.templateEngine = templateEngine;
}
@Override
public Config build(final Object... parameters) {
final OidcConfiguration oidcConfiguration = new OidcConfiguration();
oidcConfiguration.setClientId("343992089165-sp0l1km383i8cbm2j5nn20kbk5dk8hor.apps.googleusercontent.com");
oidcConfiguration.setSecret("uR3D8ej1kIRPbqAFaxIE3HWh");
oidcConfiguration.setDiscoveryURI("https://accounts.google.com/.well-known/openid-configuration");
oidcConfiguration.setUseNonce(true);
oidcConfiguration.addCustomParam("prompt", "consent");
final OidcClient oidcClient = new OidcClient(oidcConfiguration);
oidcClient.setAuthorizationGenerator((ctx, profile) -> { profile.addRole("ROLE_ADMIN"); return profile; });
final FacebookClient facebookClient = new FacebookClient("145278422258960", "be21409ba8f39b5dae2a7de525484da8");
final FormClient formClient = new FormClient("http://localhost:8080/loginForm", new SimpleTestUsernamePasswordAuthenticator());
final CasConfiguration casConfiguration = new CasConfiguration("https://casserverpac4j.herokuapp.com/login");
final CasClient casClient = new CasClient(casConfiguration);
final DirectBasicAuthClient directBasicAuthClient = new DirectBasicAuthClient(new SimpleTestUsernamePasswordAuthenticator());
...
final Clients clients = new Clients("http://localhost:8080/callback", oidcClient, saml2Client, facebookClient,
twitterClient, formClient, indirectBasicAuthClient, casClient, parameterClient, directBasicAuthClient, new AnonymousClient(),
headerClient);
final Config config = new Config(clients);
config.addAuthorizer("admin", new RequireAnyRoleAuthorizer("ROLE_ADMIN"));
config.addAuthorizer("custom", new CustomAuthorizer());
config.addMatcher("excludedPath", new PathMatcher().excludeRegex("^/facebook/notprotected$"));
config.setHttpActionAdapter(new DemoHttpActionAdapter(templateEngine));
return config;
}
}See a full example here.