| /* |
| * Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| package org.apache.streampark.console.system.authentication; |
| |
| import io.buji.pac4j.filter.CallbackFilter; |
| import io.buji.pac4j.filter.LogoutFilter; |
| import io.buji.pac4j.filter.SecurityFilter; |
| import io.buji.pac4j.realm.Pac4jRealm; |
| import lombok.extern.slf4j.Slf4j; |
| import org.pac4j.core.config.Config; |
| import org.springframework.beans.factory.annotation.Autowired; |
| import org.springframework.beans.factory.annotation.Value; |
| import org.springframework.context.annotation.Configuration; |
| import org.springframework.stereotype.Component; |
| |
| import javax.annotation.PostConstruct; |
| import javax.servlet.Filter; |
| |
| import java.net.URI; |
| import java.util.LinkedHashMap; |
| |
| @Component |
| @Configuration |
| @Slf4j |
| /** Plugin for {@link ShiroConfig.java} to load SSO config if enabled */ |
| public class SsoShiroPlugin { |
| @Autowired private Config ssoConfig; |
| @Autowired private ShiroService shiroService; |
| |
| @Value("${sso.enable:#{false}}") |
| private Boolean ssoEnable; |
| |
| @PostConstruct |
| public void init() { |
| // Make sso controller anon if it's not enabled |
| if (!ssoEnable) { |
| LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>(); |
| filterChainDefinitionMap.put("/sso/signin", "anon"); |
| filterChainDefinitionMap.put("/sso/token", "anon"); |
| shiroService.addFilterChains(filterChainDefinitionMap); |
| return; |
| } |
| |
| // Add Pac4jRealm into shiro |
| shiroService.addRealm(new Pac4jRealm()); |
| |
| // Construct the shiro filter for SSO |
| SecurityFilter securityFilter = new SecurityFilter(); |
| CallbackFilter callbackFilter = new CallbackFilter(); |
| LogoutFilter logoutFilter = new LogoutFilter(); |
| securityFilter.setConfig(ssoConfig); |
| callbackFilter.setConfig(ssoConfig); |
| logoutFilter.setConfig(ssoConfig); |
| logoutFilter.setDefaultUrl("/?defaulturlafterlogout"); |
| LinkedHashMap<String, Filter> filters = new LinkedHashMap<>(); |
| filters.put("ssoSecurityFilter", securityFilter); |
| filters.put("ssoCallbackFilter", callbackFilter); |
| filters.put("ssoLogoutFilter", logoutFilter); |
| shiroService.addFilters(filters); |
| |
| // Construct the filterChainDefinitionMap for SSO |
| LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>(); |
| filterChainDefinitionMap.put("/sso/signin", "ssoSecurityFilter"); |
| filterChainDefinitionMap.put("/sso/token", "ssoSecurityFilter"); |
| filterChainDefinitionMap.put("/pac4jLogout", "ssoLogoutFilter"); |
| // Get callback endpoint from callbackUrl |
| String callbackEndpoint = URI.create(ssoConfig.getClients().getCallbackUrl()).getPath(); |
| filterChainDefinitionMap.put(callbackEndpoint, "ssoCallbackFilter"); |
| shiroService.addFilterChains(filterChainDefinitionMap); |
| } |
| } |