From 4007133cb11c7072a70ae690e708fda2018ee171 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Panzar?= Date: Sun, 20 Sep 2020 14:11:33 +0200 Subject: [PATCH] Migrate to latest Play version - addresses #92 Moves session storage to cookie instead of cache. --- app/auth/CustomCodeVerifier.java | 15 +++++++++++++++ app/auth/CustomCookieSessionStore.java | 26 ++++++++++++++++++++++++++ app/mappers/ActivityMapper.java | 1 - app/modules/SecurityModule.java | 7 ++++--- 4 files changed, 45 insertions(+), 4 deletions(-) create mode 100644 app/auth/CustomCodeVerifier.java create mode 100644 app/auth/CustomCookieSessionStore.java diff --git a/app/auth/CustomCodeVerifier.java b/app/auth/CustomCodeVerifier.java new file mode 100644 index 00000000..657ba27a --- /dev/null +++ b/app/auth/CustomCodeVerifier.java @@ -0,0 +1,15 @@ +package auth; + +import com.nimbusds.oauth2.sdk.pkce.CodeVerifier; + +import java.io.Serializable; + +public class CustomCodeVerifier extends CodeVerifier implements Serializable { + public CustomCodeVerifier(String value) { + super(value); + } + + public static CustomCodeVerifier from(CodeVerifier codeVerifier) { + return new CustomCodeVerifier(codeVerifier.getValue()); + } +} diff --git a/app/auth/CustomCookieSessionStore.java b/app/auth/CustomCookieSessionStore.java new file mode 100644 index 00000000..ef16d0b9 --- /dev/null +++ b/app/auth/CustomCookieSessionStore.java @@ -0,0 +1,26 @@ +package auth; + +import com.nimbusds.oauth2.sdk.pkce.CodeVerifier; +import org.pac4j.play.PlayWebContext; +import org.pac4j.play.store.NoOpDataEncrypter; +import org.pac4j.play.store.PlayCookieSessionStore; + +import javax.inject.Singleton; + +@Singleton +public class CustomCookieSessionStore extends PlayCookieSessionStore { + + public CustomCookieSessionStore() { + super(new NoOpDataEncrypter()); + } + + @Override + public void set(PlayWebContext context, String key, Object value) { + Object cleanedValue = value; + if (key.endsWith("$codeVerifierSessionParameter") && value instanceof CodeVerifier) { + cleanedValue = CustomCodeVerifier.from((CodeVerifier) value); + } + + super.set(context, key, cleanedValue); + } +} diff --git a/app/mappers/ActivityMapper.java b/app/mappers/ActivityMapper.java index 51feaf09..89a35b9d 100644 --- a/app/mappers/ActivityMapper.java +++ b/app/mappers/ActivityMapper.java @@ -33,7 +33,6 @@ public static LogEntry toModel(Activity in, LogEntry out) { out = out != null ? out : new LogEntry(); out.id = in.id; - // TODO return out; } diff --git a/app/modules/SecurityModule.java b/app/modules/SecurityModule.java index 6e80a88e..850f80d8 100644 --- a/app/modules/SecurityModule.java +++ b/app/modules/SecurityModule.java @@ -5,6 +5,7 @@ import auth.ClientName; import auth.CustomAuthorizer; import auth.CustomCallbackLogic; +import auth.CustomCookieSessionStore; import be.objectify.deadbolt.java.cache.HandlerCache; import com.google.inject.AbstractModule; import com.google.inject.Provides; @@ -31,7 +32,6 @@ import org.pac4j.play.deadbolt2.Pac4jHandlerCache; import org.pac4j.play.deadbolt2.Pac4jRoleHandler; import org.pac4j.play.http.PlayHttpActionAdapter; -import org.pac4j.play.store.PlayCacheSessionStore; import org.pac4j.play.store.PlayCookieSessionStore; import org.pac4j.play.store.PlaySessionStore; import play.Environment; @@ -74,9 +74,9 @@ protected void configure() { bind(HandlerCache.class).to(Pac4jHandlerCache.class); bind(Pac4jRoleHandler.class).to(MyPac4jRoleHandler.class); - bind(PlaySessionStore.class).to(PlayCacheSessionStore.class); +// bind(PlaySessionStore.class).to(PlayCacheSessionStore.class); // com.nimbusds.oauth2.sdk.pkce.CodeVerifier cannot be cast to java.io.Serializable -// bind(PlaySessionStore.class).to(PlayCookieSessionStore.class); + bind(PlaySessionStore.class).to(CustomCookieSessionStore.class); // callback final CallbackController callbackController = new CallbackController(); @@ -171,6 +171,7 @@ protected KeycloakOidcClient provideKeycloakClient() { config.setBaseUri(KeycloakBaseUri.get(configuration)); config.setRealm(KeycloakRealm.get(configuration)); config.setWithState(false); + config.setDisablePkce(true); return new KeycloakOidcClient(config); });