Merge pull request pac4j#256 from ihostage/feature/249

pac4j#249 Pac4jHandler not support DirectClient
jemstep · Jan 2, 2019 · 889398d · 889398d
2 parents df3e91d + 4706314
commit 889398d
Show file tree

Hide file tree

Showing 2 changed files with 54 additions and 3 deletions.
diff --git a/shared/src/main/java/org/pac4j/play/deadbolt2/Pac4jHandler.java b/shared/src/main/java/org/pac4j/play/deadbolt2/Pac4jHandler.java
@@ -5,7 +5,10 @@
 import be.objectify.deadbolt.java.models.Permission;
 import be.objectify.deadbolt.java.models.Subject;
 import org.pac4j.core.client.Client;
+import org.pac4j.core.client.DirectClient;
 import org.pac4j.core.config.Config;
+import org.pac4j.core.context.Pac4jConstants;
+import org.pac4j.core.credentials.Credentials;
 import org.pac4j.core.engine.DefaultSecurityLogic;
 import org.pac4j.core.exception.HttpAction;
 import org.pac4j.core.exception.TechnicalException;
@@ -24,6 +27,8 @@
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.CompletionStage;
 
+import static org.pac4j.core.util.CommonHelper.isNotEmpty;
+
 /**
  * This is the deadbolt handler for pac4j: the deadbolt subject is built from the pac4j user profile.
  * If no pac4j profile exists, the user is redirected to the identity provider for login for indirect clients; otherwise, a 401 error is returned.
@@ -71,7 +76,20 @@ public CompletionStage<Optional<Result>> beforeAuthCheck(final Http.Context cont
 
                 HttpAction action;
                 try {
-                    if (startAuthentication(playWebContext, currentClients)) {
+                    if (startDirectAuthentication(currentClients)) {
+                        logger.debug("Starting direct authentication");
+                        DirectClient client = (DirectClient) currentClients.get(0);
+                        Credentials credentials = client.getCredentials(playWebContext);
+                        if (credentials != null) {
+                            CommonProfile userProfile = credentials.getUserProfile();
+                            if (userProfile != null) {
+                                setProfile(context, userProfile);
+                                return Optional.empty();
+                            }
+                        }
+                        logger.debug("unauthorized");
+                        action = unauthorized(playWebContext, currentClients);
+                    } else if (startAuthentication(playWebContext, currentClients)) {
                         logger.debug("Starting authentication");
                         saveRequestedUrl(playWebContext, currentClients);
                         action = redirectToIdentityProvider(playWebContext, currentClients);
@@ -112,6 +130,11 @@ private Optional<CommonProfile> getProfile(final Http.Context context) {
         return manager.get(true);
     }
 
+    private void setProfile(final Http.Context context, CommonProfile profile) {
+        final PlayWebContext playWebContext = new PlayWebContext(context, playSessionStore);
+        playWebContext.setRequestAttribute(Pac4jConstants.USER_PROFILES, profile);
+    }
+
     @Override
     public CompletionStage<Result> onAuthFailure(final Http.Context context, final Optional<String> content) {
         return CompletableFuture.supplyAsync(() -> {
@@ -125,4 +148,8 @@ public CompletionStage<Result> onAuthFailure(final Http.Context context, final O
     public CompletionStage<Optional<DynamicResourceHandler>> getDynamicResourceHandler(final Http.Context context) {
         throw new TechnicalException("getDynamicResourceHandler() not supported in Pac4jHandler");
     }
+
+    private boolean startDirectAuthentication(final List<Client> currentClients) {
+        return isNotEmpty(currentClients) && currentClients.get(0) instanceof DirectClient;
+    }
 }
diff --git a/shared/src/main/scala/org/pac4j/play/scala/deadbolt2/Pac4jHandler.scala b/shared/src/main/scala/org/pac4j/play/scala/deadbolt2/Pac4jHandler.scala
@@ -4,14 +4,17 @@ import java.util.Optional
 
 import scala.concurrent.{ExecutionContext, Future}
 import scala.language.implicitConversions
-
 import be.objectify.deadbolt.scala.{AuthenticatedRequest, DeadboltHandler, DynamicResourceHandler}
 import be.objectify.deadbolt.scala.models.Subject
+import org.pac4j.core.client.{Client, DirectClient}
 import org.pac4j.core.config.Config
+import org.pac4j.core.context.Pac4jConstants
+import org.pac4j.core.credentials.Credentials
 import org.pac4j.core.engine.DefaultSecurityLogic
 import org.pac4j.core.exception.{HttpAction, TechnicalException}
 import org.pac4j.core.http.adapter.HttpActionAdapter
 import org.pac4j.core.profile.{CommonProfile, ProfileManager}
+import org.pac4j.core.util.CommonHelper.isNotEmpty
 import org.pac4j.play.PlayWebContext
 import org.pac4j.play.store.PlaySessionStore
 import play.api.mvc.{Request, RequestHeader, Result}
@@ -37,7 +40,20 @@ class Pac4jHandler(config: Config, clients: String, playSessionStore: PlaySessio
       logger.debug("currentClients: {}", currentClients)
 
       val action = try {
-        if (startAuthentication(playWebContext, currentClients)) {
+        if (startDirectAuthentication(currentClients)) {
+          logger.debug("Starting direct authentication")
+          val client = currentClients.get(0).asInstanceOf[DirectClient[_ <: Credentials, _ <: CommonProfile]]
+          val credentials = client.getCredentials(playWebContext)
+          if (credentials != null) {
+            val userProfile = credentials.getUserProfile
+            if (userProfile != null) {
+              setProfile(request, userProfile)
+              return Future { None }
+            }
+          }
+          logger.debug("unauthorized")
+          unauthorized(playWebContext, currentClients)
+        } else if (startAuthentication(playWebContext, currentClients)) {
           logger.debug("Starting authentication")
           saveRequestedUrl(playWebContext, currentClients)
           redirectToIdentityProvider(playWebContext, currentClients)
@@ -66,6 +82,11 @@ class Pac4jHandler(config: Config, clients: String, playSessionStore: PlaySessio
     profileManager.get(true)
   }
 
+  private def setProfile(request: RequestHeader, profile: CommonProfile): Unit = {
+    val playWebContext = new PlayWebContext(request, playSessionStore)
+    playWebContext.setRequestAttribute(Pac4jConstants.USER_PROFILES, profile)
+  }
+
   override def onAuthFailure[A](request: AuthenticatedRequest[A]): Future[Result] = Future {
     val playWebContext = new PlayWebContext(request, playSessionStore)
     httpActionAdapter.adapt(403, playWebContext).asScala()
@@ -76,4 +97,7 @@ class Pac4jHandler(config: Config, clients: String, playSessionStore: PlaySessio
 
   override def getDynamicResourceHandler[A](request: Request[A]): Future[Option[DynamicResourceHandler]] =
     throw new TechnicalException("getDynamicResourceHandler() not supported in Pac4jHandler")
+
+  private def startDirectAuthentication(currentClients: java.util.List[Client[_ <: Credentials, _ <: CommonProfile]]): Boolean =
+    isNotEmpty(currentClients) && currentClients.get(0).isInstanceOf[DirectClient[_ <: Credentials, _ <: CommonProfile]]
 }