View Javadoc
1   package com.github.choonchernlim.security.adfs.saml2;
2   
3   import static com.github.choonchernlim.betterPreconditions.preconditions.PreconditionFactory.expect;
4   import com.google.common.base.MoreObjects;
5   import com.google.common.base.Optional;
6   import com.google.common.collect.ImmutableSet;
7   import net.karneim.pojobuilder.GeneratePojoBuilder;
8   import org.opensaml.saml2.core.AuthnContext;
9   import org.springframework.core.io.Resource;
10  import org.springframework.security.saml.userdetails.SAMLUserDetailsService;
11  
12  import java.util.Set;
13  
14  /**
15   * This class contains all properties that can be configured by Sp using the provided builder class.
16   */
17  public final class SAMLConfigBean {
18  
19      /**
20       * (REQUIRED) IdP's server name.
21       */
22      private final String idpServerName;
23  
24      /**
25       * (REQUIRED) Sp's server name.
26       */
27      private final String spServerName;
28  
29      /**
30       * (OPTIONAL) Sp's HTTPS port.
31       * <p/>
32       * Default is 443.
33       */
34      private final Integer spHttpsPort;
35  
36      /**
37       * (OPTIONAL) Sp's context path.
38       * <p/>
39       * Default is "".
40       */
41      private final String spContextPath;
42  
43      /**
44       * (REQUIRED) Keystore containing app's public/private key and ADFS' certificate with public key.
45       */
46      private final Resource keystoreResource;
47  
48      /**
49       * (REQUIRED) Keystore alias.
50       */
51      private final String keystoreAlias;
52  
53      /**
54       * (REQUIRED) Keystore password.
55       */
56      private final String keystorePassword;
57  
58      /**
59       * (REQUIRED) Keystore private key password.
60       */
61      private final String keystorePrivateKeyPassword;
62  
63      /**
64       * (REQUIRED) Where to redirect user on successful login if no saved request is found in the session.
65       */
66      private final String successLoginDefaultUrl;
67  
68      /**
69       * (REQUIRED) Where to redirect user on successful logout.
70       */
71      private final String successLogoutUrl;
72  
73      /**
74       * Where to redirect user on failed login. This value is set to null, which returns
75       * 401 error code on failed login. But, in theory, this will never be used because
76       * IdP will handled the failed login on IdP login page.
77       * <p/>
78       * Default is blank.
79       */
80      private final String failedLoginDefaultUrl;
81  
82      /**
83       * For configuring user details and authorities.
84       * <p/>
85       * Default is null.
86       */
87      private final SAMLUserDetailsService samlUserDetailsService;
88  
89      /**
90       * Whether to store CSRF token in cookie.
91       * </p>
92       * Default is false.
93       */
94      private final Boolean storeCsrfTokenInCookie;
95  
96      /**
97       * Determine what authentication methods to use.
98       * <p/>
99       * To use the order of authentication methods defined by IdP, set as empty set.
100      * <p/>
101      * To enable Windows Integrated Auth (WIA) cross browsers and OSes, use `CustomAuthnContext.WINDOWS_INTEGRATED_AUTHN_CTX`.
102      * <p/>
103      * Default is user/password authentication where IdP login page is displayed.
104      */
105     private final Set<String> authnContexts;
106 
107     @GeneratePojoBuilder
108     SAMLConfigBean(final String idpServerName,
109                    final String spServerName,
110                    final Integer spHttpsPort,
111                    final String spContextPath,
112                    final Resource keystoreResource,
113                    final String keystoreAlias,
114                    final String keystorePassword,
115                    final String keystorePrivateKeyPassword,
116                    final String successLoginDefaultUrl,
117                    final String successLogoutUrl,
118                    final String failedLoginDefaultUrl,
119                    final Boolean storeCsrfTokenInCookie,
120                    final SAMLUserDetailsService samlUserDetailsService,
121                    final Set<String> authnContexts) {
122 
123         //@formatter:off
124         this.idpServerName = expect(idpServerName, "IdP server name").not().toBeBlank().check();
125 
126         this.spServerName = expect(spServerName, "Sp server name").not().toBeBlank().check();
127         this.spHttpsPort = Optional.fromNullable(spHttpsPort).or(443);
128         this.spContextPath = Optional.fromNullable(spContextPath).or("");
129 
130         this.keystoreResource = (Resource) expect(keystoreResource, "Key store").not().toBeNull().check();
131         this.keystoreAlias = expect(keystoreAlias, "Keystore alias").not().toBeBlank().check();
132         this.keystorePassword = expect(keystorePassword, "Keystore password").not().toBeBlank().check();
133         this.keystorePrivateKeyPassword = expect(keystorePrivateKeyPassword, "Keystore private key password").not().toBeBlank().check();
134 
135         this.successLoginDefaultUrl = expect(successLoginDefaultUrl, "Success login URL").not().toBeBlank().check();
136         this.successLogoutUrl = expect(successLogoutUrl, "Success logout URL").not().toBeBlank().check();
137         this.failedLoginDefaultUrl = Optional.fromNullable(failedLoginDefaultUrl).or("");
138 
139         this.storeCsrfTokenInCookie = MoreObjects.firstNonNull(storeCsrfTokenInCookie, false);
140         this.samlUserDetailsService = samlUserDetailsService;
141 
142         this.authnContexts = Optional.fromNullable(authnContexts).or(ImmutableSet.of(AuthnContext.PASSWORD_AUTHN_CTX));
143         //@formatter:on
144     }
145 
146     public String getIdpServerName() {
147         return idpServerName;
148     }
149 
150     public String getSpServerName() {
151         return spServerName;
152     }
153 
154     public Integer getSpHttpsPort() {
155         return spHttpsPort;
156     }
157 
158     public String getSpContextPath() {
159         return spContextPath;
160     }
161 
162     public Resource getKeystoreResource() {
163         return keystoreResource;
164     }
165 
166     public String getKeystoreAlias() {
167         return keystoreAlias;
168     }
169 
170     public String getKeystorePassword() {
171         return keystorePassword;
172     }
173 
174     public String getKeystorePrivateKeyPassword() {
175         return keystorePrivateKeyPassword;
176     }
177 
178     public String getSuccessLoginDefaultUrl() {
179         return successLoginDefaultUrl;
180     }
181 
182     public String getSuccessLogoutUrl() {
183         return successLogoutUrl;
184     }
185 
186     public String getFailedLoginDefaultUrl() {
187         return failedLoginDefaultUrl;
188     }
189 
190     public Boolean getStoreCsrfTokenInCookie() {
191         return storeCsrfTokenInCookie;
192     }
193 
194     public SAMLUserDetailsService getSamlUserDetailsService() {
195         return samlUserDetailsService;
196     }
197 
198     public Set<String> getAuthnContexts() {
199         return authnContexts;
200     }
201 }