-
Notifications
You must be signed in to change notification settings - Fork 9
Security configuration
CAS in the cloud LELEU Jérôme edited this page Mar 24, 2022
·
2 revisions
You need to define the security configuration (authentication and authorization mechanisms) in a Config component.
>> Read the documentation of the Config component.
It must be built via a configuration factory (org.pac4j.core.config.ConfigFactory):
public class DemoConfigFactory implements ConfigFactory {
public Config build() {
final OidcConfiguration oidcConfiguration = new OidcConfiguration();
oidcConfiguration.setClientId(clientId);
oidcConfiguration.setSecret(secret);
oidcConfiguration.setDiscoveryURI("https://accounts.google.com/.well-known/openid-configuration");
final OidcClient<OidcProfile> oidcClient = new OidcClient<>(oidcConfiguration);
oidcClient.setAuthorizationGenerator((context, profile) -> {profile.addRole("ROLE_ADMIN"); return profile;});
final SAML2ClientConfiguration cfg = new SAML2ClientConfiguration("resource:samlKeystore.jks", "pac4j-demo-passwd", "pac4j-demo-passwd", "resource:metadata-okta.xml");
cfg.setMaximumAuthenticationLifetime(3600);
cfg.setServiceProviderEntityId("http://localhost:8080/callback?client_name=SAML2Client");
cfg.setServiceProviderMetadataPath("sp-metadata.xml");
final SAML2Client saml2Client = new SAML2Client(cfg);
final FacebookClient facebookClient = new FacebookClient(fbId, fbSecret);
final TwitterClient twitterClient = new TwitterClient(twId, twSecret);
...
final Clients clients = new Clients("http://localhost:8080/callback", saml2Client, facebookClient, twitterClient,
formClient, indirectBasicAuthClient, casClient, parameterClient, directBasicAuthClient, oidcClient, anonymousClient);
final Config config = new Config(clients);
config.addAuthorizer("admin", new RequireAnyRoleAuthorizer("ROLE_ADMIN"));
config.addAuthorizer("custom", new CustomAuthorizer());
return config;
}
}See a full example here.