/**
*
*/
package com.thinkbiganalytics.auth.jaas.config;
import com.thinkbiganalytics.auth.DefaultPrincipalAuthorityGranter;
import com.thinkbiganalytics.auth.GroupPrincipalAuthorityGranter;
import com.thinkbiganalytics.auth.UserPrincipalAuthorityGranter;
import com.thinkbiganalytics.auth.jaas.LoginConfiguration;
import com.thinkbiganalytics.auth.jaas.LoginConfigurationBuilder;
import com.thinkbiganalytics.auth.jaas.UsernameJaasAuthenticationProvider;
import org.apache.commons.lang3.ArrayUtils;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Scope;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.jaas.AuthorityGranter;
import org.springframework.security.authentication.jaas.DefaultJaasAuthenticationProvider;
import org.springframework.security.authentication.jaas.memory.InMemoryConfiguration;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.inject.Named;
import javax.security.auth.login.AppConfigurationEntry;
/*-
* #%L
* thinkbig-security-auth
* %%
* Copyright (C) 2017 ThinkBig Analytics
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* #L%
*/
/**
*
*/
@Configuration
public class JaasAuthConfig {
public static final String JAAS_UI = "UI";
public static final String JAAS_UI_TOKEN = "UI-Token";
public static final String JAAS_SERVICES = "Services";
public static final String JAAS_SERVICES_TOKEN = "Services-Token";
public static final String SERVICES_AUTH_PROVIDER = "servicesAuthenticationProvider";
public static final String SERVICES_TOKEN_AUTH_PROVIDER = "servicesTokenAuthenticationProvider";
public static final String UI_AUTH_PROVIDER = "uiAuthenticationProvider";
public static final String UI_TOKEN_AUTH_PROVIDER = "uiTokenAuthenticationProvider";
public static final int DEFAULT_GRANTER_ORDER = Integer.MAX_VALUE - 100;
@Bean(name = UI_AUTH_PROVIDER)
public AuthenticationProvider uiAuthenticationProvider(@Named("jaasConfiguration") javax.security.auth.login.Configuration config,
List<AuthorityGranter> authorityGranters) {
DefaultJaasAuthenticationProvider provider = new DefaultJaasAuthenticationProvider();
provider.setConfiguration(config);
provider.setAuthorityGranters(authorityGranters.toArray(new AuthorityGranter[authorityGranters.size()]));
provider.setLoginContextName(JAAS_UI);
return provider;
}
@Bean(name = SERVICES_AUTH_PROVIDER)
public AuthenticationProvider servicesAuthenticationProvider(@Named("jaasConfiguration") javax.security.auth.login.Configuration config,
List<AuthorityGranter> authorityGranters) {
DefaultJaasAuthenticationProvider provider = new DefaultJaasAuthenticationProvider();
provider.setConfiguration(config);
provider.setAuthorityGranters(authorityGranters.toArray(new AuthorityGranter[authorityGranters.size()]));
provider.setLoginContextName(JAAS_SERVICES);
return provider;
}
@Bean(name = UI_TOKEN_AUTH_PROVIDER)
public AuthenticationProvider uiTokenAuthenticationProvider(@Named("jaasConfiguration") javax.security.auth.login.Configuration config,
List<AuthorityGranter> authorityGranters) {
UsernameJaasAuthenticationProvider provider = new UsernameJaasAuthenticationProvider();
provider.setConfiguration(config);
provider.setAuthorityGranters(authorityGranters.toArray(new AuthorityGranter[authorityGranters.size()]));
provider.setLoginContextName(JAAS_UI_TOKEN);
return provider;
}
@Bean(name = SERVICES_TOKEN_AUTH_PROVIDER)
public AuthenticationProvider servicesTokenAuthenticationProvider(@Named("jaasConfiguration") javax.security.auth.login.Configuration config,
List<AuthorityGranter> authorityGranters) {
UsernameJaasAuthenticationProvider provider = new UsernameJaasAuthenticationProvider();
provider.setConfiguration(config);
provider.setAuthorityGranters(authorityGranters.toArray(new AuthorityGranter[authorityGranters.size()]));
provider.setLoginContextName(JAAS_SERVICES_TOKEN);
return provider;
}
@Bean(name = "jaasConfiguration")
public javax.security.auth.login.Configuration jaasConfiguration(Optional<List<LoginConfiguration>> loginModuleEntries) {
// Generally the entries will be null only in situations like unit/integration tests.
if (loginModuleEntries.isPresent()) {
Map<String, AppConfigurationEntry[]> merged = loginModuleEntries.get().stream()
.map(c -> c.getAllApplicationEntries().entrySet())
.flatMap(s -> s.stream())
.collect(Collectors.toMap(e -> e.getKey(),
e -> e.getValue(),
ArrayUtils::addAll));
return new InMemoryConfiguration(merged);
} else {
return new InMemoryConfiguration(Collections.emptyMap());
}
}
@Bean(name = "groupPrincipalAuthorityGranter")
@Order(DEFAULT_GRANTER_ORDER - 100)
public AuthorityGranter groupPrincipalAuthorityGranter() {
return new GroupPrincipalAuthorityGranter();
}
@Bean(name = "userPrincipalAuthorityGranter")
@Order(DEFAULT_GRANTER_ORDER - 100)
public AuthorityGranter userPrincipalAuthorityGranter() {
return new UserPrincipalAuthorityGranter();
}
@Bean(name = "defaultAuthorityGranter")
@Order(DEFAULT_GRANTER_ORDER)
public AuthorityGranter defaultAuthorityGranter() {
return new DefaultPrincipalAuthorityGranter();
}
@Bean
@Scope("prototype")
public LoginConfigurationBuilder loginConfigurationBuilder() {
return new DefaultLoginConfigurationBuilder();
}
}