kandi background
Explore Kits

buji-pac4j | pac4j security library for Shiro : OAuth CAS SAML | Authentication library

 by   bujiio Java Version: Current License: Apache-2.0

 by   bujiio Java Version: Current License: Apache-2.0

Download this library from

kandi X-RAY | buji-pac4j Summary

buji-pac4j is a Java library typically used in Security, Authentication applications. buji-pac4j has no bugs, it has no vulnerabilities, it has build file available, it has a Permissive License and it has low support. You can download it from GitHub, Maven.
The buji-pac4j project is an easy and powerful security library for Shiro web applications and web services which supports authentication and authorization, but also advanced features like CSRF protection. It's based on Java 11, Shiro 1.8 and on the pac4j security engine v5. It's available under the Apache 2 license. ▸ OAuth - SAML - CAS - OpenID Connect - HTTP - Google App Engine - Kerberos - LDAP - SQL - JWT - MongoDB - CouchDB - IP address - REST API. ▸ Roles / permissions - Anonymous / remember-me / (fully) authenticated - Profile type, attribute - CORS - CSRF - Security headers - IP address, HTTP method.
Support
Support
Quality
Quality
Security
Security
License
License
Reuse
Reuse

kandi-support Support

  • buji-pac4j has a low active ecosystem.
  • It has 473 star(s) with 126 fork(s). There are 46 watchers for this library.
  • It had no major release in the last 12 months.
  • buji-pac4j has no issues reported. On average issues are closed in 40 days. There are 1 open pull requests and 0 closed requests.
  • It has a neutral sentiment in the developer community.
  • The latest version of buji-pac4j is current.
buji-pac4j Support
Best in #Authentication
Average in #Authentication
buji-pac4j Support
Best in #Authentication
Average in #Authentication

quality kandi Quality

  • buji-pac4j has 0 bugs and 0 code smells.
buji-pac4j Quality
Best in #Authentication
Average in #Authentication
buji-pac4j Quality
Best in #Authentication
Average in #Authentication

securitySecurity

  • buji-pac4j has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.
  • buji-pac4j code analysis shows 0 unresolved vulnerabilities.
  • There are 0 security hotspots that need review.
buji-pac4j Security
Best in #Authentication
Average in #Authentication
buji-pac4j Security
Best in #Authentication
Average in #Authentication

license License

  • buji-pac4j is licensed under the Apache-2.0 License. This license is Permissive.
  • Permissive licenses have the least restrictions, and you can use them in most projects.
buji-pac4j License
Best in #Authentication
Average in #Authentication
buji-pac4j License
Best in #Authentication
Average in #Authentication

buildReuse

  • buji-pac4j releases are not available. You will need to build from source code and install.
  • Deployable package is available in Maven.
  • Build file is available. You can build the component from source.
  • buji-pac4j saves you 331 person hours of effort in developing the same functionality from scratch.
  • It has 818 lines of code, 85 functions and 13 files.
  • It has medium code complexity. Code complexity directly impacts maintainability of the code.
buji-pac4j Reuse
Best in #Authentication
Average in #Authentication
buji-pac4j Reuse
Best in #Authentication
Average in #Authentication
Top functions reviewed by kandi - BETA

kandi has reviewed buji-pac4j and discovered the below as its top functions. This is intended to give you an instant insight into buji-pac4j implemented functionality, and help decide if they suit your requirements.

  • Allow user to authenticate the session .
  • Returns a simple authorization info object .
  • Sets a value in the session .
  • Populate the authenticated user profiles .
  • Find Shiro .
  • Save all the profiles .
  • Gets the profile name .
  • Gets the principal .
  • Gets the appi .
  • Gets the client clients .

buji-pac4j Key Features

A client represents an authentication mechanism. It performs the login process and returns a user profile. An indirect client is for web applications authentication while a direct client is for web services authentication:

An authorizer is meant to check authorizations on the authenticated user profile(s) or on the current web context:

A matcher defines whether the SecurityFilter must be applied and can be used for additional web processing

The SecurityFilter protects an url by checking that the user is authenticated and that the authorizations are valid, according to the clients and authorizers configuration. If the user is not authenticated, it performs authentication for direct clients or starts the login process for indirect clients

The CallbackFilter finishes the login process for an indirect client

The LogoutFilter logs out the user from the application and triggers the logout at the identity provider level

Community Discussions

Trending Discussions on buji-pac4j
  • shiro buji pac4j cas single sign out not work
Trending Discussions on buji-pac4j

QUESTION

shiro buji pac4j cas single sign out not work

Asked 2020-Mar-29 at 02:33

spring boot 2.2.5

shiro-spring-boot-web-starter 1.5.1

buji-pac4j 4.1.1

pac4j-cas 3.8.3

cas overlay template 5.3.

I start cas server in tomcat with https, and start two clients(pac4j1 and pac4j2) in eclipse.

single sign on works, but single sign out failed.

Following are my configs:

I only added one service file under cas server which looks like:

{
  "@class": "org.apereo.cas.services.RegexRegisteredService",
  "serviceId": "^(http)://localhost.*",
  "name": "local",
  "id": 10000003, 
  "evaluationOrder": 1
}

application.yml of pac4j1:

server:
  port: 8444
  servlet:
    context-path: /pac4j1

cas:
  client-name: pac4j1Client
  server:
    url: https://localhost:8443/cas
  project:
    url: http://localhost:8444/pac4j1

Pac4jConfig:

@Configuration
public class Pac4jConfig {

    @Value("${cas.server.url}")
    private String casServerUrl;

    @Value("${cas.project.url}")
    private String projectUrl;

    @Value("${cas.client-name}")
    private String clientName;

    @Bean("authcConfig")
    public Config config(CasClient casClient, ShiroSessionStore shiroSessionStore) {

        Config config = new Config(casClient);
        config.setSessionStore(shiroSessionStore);
        return config;
    }


    @Bean
    public ShiroSessionStore shiroSessionStore(){
        return new ShiroSessionStore();
    }


    @Bean
    public CasClient casClient(CasConfiguration casConfig){

        CasClient casClient = new CasClient(casConfig);

        casClient.setCallbackUrl(projectUrl + "/callback?client_name=" + clientName);
        casClient.setName(clientName);
        return casClient;
    }

    @Bean
    public CasConfiguration casConfig(){
        final CasConfiguration configuration = new CasConfiguration();

        configuration.setLoginUrl(casServerUrl + "/login");

        configuration.setProtocol(CasProtocol.CAS20);
        configuration.setAcceptAnyProxy(true);
        configuration.setPrefixUrl(casServerUrl + "/");        

        return configuration;
    }

}

shiro config:

@Configuration
public class ShiroConfig {  

    @Value("${cas.project.url}")
    private String projectUrl;

    @Value("${cas.server.url}")
    private String casServerUrl;

    @Value("${cas.client-name}")
    private String clientName;

    @Bean("securityManager")
    public DefaultWebSecurityManager securityManager(Pac4jSubjectFactory subjectFactory, CasRealm casRealm){

        DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
        manager.setRealm(casRealm);
        manager.setSubjectFactory(subjectFactory);

        return manager;
    }    

    @Bean
    public CasRealm casRealm(){

        CasRealm realm = new CasRealm();

        realm.setClientName(clientName);
        realm.setCachingEnabled(false);

        realm.setAuthenticationCachingEnabled(false);
        realm.setAuthorizationCachingEnabled(false);

        return realm;
    }

    @Bean
    public Pac4jSubjectFactory subjectFactory(){
        return new Pac4jSubjectFactory();
    }

    @Bean
    public FilterRegistrationBean<SingleSignOutFilter> singleSignOutFilter() {

        FilterRegistrationBean<SingleSignOutFilter> bean = new FilterRegistrationBean<SingleSignOutFilter>();
        bean.setName("singleSignOutFilter");

        SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
        singleSignOutFilter.setCasServerUrlPrefix(casServerUrl);
        singleSignOutFilter.setIgnoreInitConfiguration(true);

        bean.setFilter(singleSignOutFilter);
        bean.addUrlPatterns("/*");
        bean.setEnabled(true);
        bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
        return bean;
    }

    @Bean
    public FilterRegistrationBean<DelegatingFilterProxy> filterRegistrationBean() {

        FilterRegistrationBean<DelegatingFilterProxy> filterRegistration = new FilterRegistrationBean<DelegatingFilterProxy>();
        filterRegistration.setFilter(new DelegatingFilterProxy("shiroFilter"));

        filterRegistration.addInitParameter("targetFilterLifecycle", "true");
        filterRegistration.setEnabled(true);
        filterRegistration.addUrlPatterns("/*");
        filterRegistration.setDispatcherTypes(DispatcherType.REQUEST, DispatcherType.FORWARD);
        return filterRegistration;
    }

    private void loadShiroFilterChain(ShiroFilterFactoryBean shiroFilterFactoryBean){

        Map<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
        filterChainDefinitionMap.put("/", "securityFilter");       
        filterChainDefinitionMap.put("/index", "securityFilter");
        filterChainDefinitionMap.put("/callback", "callbackFilter");
        filterChainDefinitionMap.put("/logout", "logout");
        filterChainDefinitionMap.put("/**","anon");     
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
    }

    @Bean("shiroFilter")
    public ShiroFilterFactoryBean factory(DefaultWebSecurityManager securityManager, Config config) {

        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();

        shiroFilterFactoryBean.setSecurityManager(securityManager);

        loadShiroFilterChain(shiroFilterFactoryBean);
        Map<String, Filter> filters = new HashMap<>(3);

        SecurityFilter securityFilter = new SecurityFilter();
        securityFilter.setConfig(config);
        securityFilter.setClients(clientName);
        filters.put("securityFilter", securityFilter);

        MyCallbackFilter callbackFilter = new MyCallbackFilter();
        callbackFilter.setConfig(config);
        callbackFilter.setDefaultUrl(projectUrl);
        filters.put("callbackFilter", callbackFilter);

        LogoutFilter logoutFilter = new LogoutFilter();
        logoutFilter.setConfig(config);
        logoutFilter.setCentralLogout(true);
        logoutFilter.setLocalLogout(true);
        logoutFilter.setDefaultUrl(projectUrl + "/callback?client_name=" + clientName);
        filters.put("logout",logoutFilter);

        shiroFilterFactoryBean.setFilters(filters);
        return shiroFilterFactoryBean;
    }   

}

application.properties of cas server is default, and cas server use https(https://localhost:8443/cas) while cas clients are http(http://localhost:8444/pac4j1).

Where am I wrong?

ANSWER

Answered 2020-Mar-29 at 02:33

with the help of the link SLO which provided by leopal, i know that cas server need to send log out request back to client.

Hence, i checked the log of cas server and found INFO [org.apereo.cas.logout.DefaultLogoutManager] - <Performing logout operations for.

so i added log for org.apereo.cas.logout and found that there are some classes about logout: DefaultLogoutManager, DefaultSingleLogoutServiceLogoutUrlBuilder, DefaultSingleLogoutServiceMessageHandler and SimpleUrlValidator.

when performing logout, DefaultSingleLogoutServiceLogoutUrlBuilder.determineLogoutUrl will get the logout url from registered service or get the original url from cas client if original url is a valid url.

So my problem is : i didn't define logout url in service json file and the original url from cas client is localhost:8444 which is a invalid ipv4. As a result, cas server will not send logout request back to client.

Solution is : use ip in project url instead of localhost in application.yml of cas client:

cas:
  client-name: pac4j1Client
  server:
    url: https://localhost:8443/cas
  project:
    url: http://192.168.2.119:8444/pac4j1

another solution is set logoutUrl for each cas client service json file(not tried yet).

Source https://stackoverflow.com/questions/60884213

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install buji-pac4j

You can download it from GitHub, Maven.
You can use buji-pac4j like any standard Java library. Please include the the jar files in your classpath. You can also use any IDE and you can run and debug the buji-pac4j component as you would do with any other Java program. Best practice is to use a build tool that supports dependency management such as Maven or Gradle. For Maven installation, please refer maven.apache.org. For Gradle installation, please refer gradle.org .

Support

For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .

DOWNLOAD this Library from

Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from
over 430 million Knowledge Items
Find more libraries
Reuse Solution Kits and Libraries Curated by Popular Use Cases

Save this library and start creating your kit

Explore Related Topics

Share this Page

share link
Consider Popular Authentication Libraries
Compare Authentication Libraries with Highest Support
Compare Authentication Libraries with Highest Quality
Compare Authentication Libraries with Highest Security
Compare Authentication Libraries with Permissive License
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from
over 430 million Knowledge Items
Find more libraries
Reuse Solution Kits and Libraries Curated by Popular Use Cases

Save this library and start creating your kit

  • © 2022 Open Weaver Inc.