Add OAUTH2 OIDC login support (#1140)
* Somewhat working * Change Autocreate logic * Add OAuth Error Message if Auto create Disabled * Display OAUTH2 username(email) in Account Settings * Disable Change user/pass for Oauth2 user * Hide SSO Button if SSO login Disabled * Remove some spaces and comments * Add OAUTH2 Login example docker-compose file * Add Some Comments * Hide Printing of Client secret * Remove OAUTH2 Beans and replace with applicationProperties * Add conditional annotation to Bean Creation * Update settings.yml.template Add OAUTH2 enabling template. * Update messages_en_GB.propertiespull/1017/head
parent
777e512e61
commit
d9fa8f7b48
12 changed files with 282 additions and 5 deletions
@ -0,0 +1,39 @@ |
||||
version: '3.3' |
||||
services: |
||||
stirling-pdf: |
||||
container_name: Stirling-PDF-Security |
||||
image: frooodle/s-pdf:latest |
||||
deploy: |
||||
resources: |
||||
limits: |
||||
memory: 4G |
||||
healthcheck: |
||||
test: ["CMD-SHELL", "curl -f http://localhost:8080/api/v1/info/status | grep -q 'UP' && curl -fL http://localhost:8080/ | grep -q 'Please sign in'"] |
||||
interval: 5s |
||||
timeout: 10s |
||||
retries: 16 |
||||
ports: |
||||
- 8080:8080 |
||||
volumes: |
||||
- /stirling/latest/data:/usr/share/tessdata:rw |
||||
- /stirling/latest/config:/configs:rw |
||||
- /stirling/latest/logs:/logs:rw |
||||
environment: |
||||
DOCKER_ENABLE_SECURITY: "true" |
||||
SECURITY_ENABLELOGIN: "true" |
||||
SECURITY_OAUTH2_ENABLED: "true" |
||||
SECURITY_OAUTH2_AUTOCREATEUSER: "true" # This is set to true to allow auto-creation of non-existing users in Striling-PDF |
||||
SECURITY_OAUTH2_ISSUER: "https://accounts.google.com" # Change with any other provider that supports OpenID Connect Discovery (/.well-known/openid-configuration) end-point |
||||
SECURITY_OAUTH2_CLIENTID: "<YOUR CLIENT ID>.apps.googleusercontent.com" # Client ID from your provider |
||||
SECURITY_OAUTH2_CLIENTSECRET: "<YOUR CLIENT SECRET>" # Client Secret from your provider |
||||
PUID: 1002 |
||||
PGID: 1002 |
||||
UMASK: "022" |
||||
SYSTEM_DEFAULTLOCALE: en-US |
||||
UI_APPNAME: Stirling-PDF |
||||
UI_HOMEDESCRIPTION: Demo site for Stirling-PDF Latest with Security |
||||
UI_APPNAMENAVBAR: Stirling-PDF Latest |
||||
SYSTEM_MAXFILESIZE: "100" |
||||
METRICS_ENABLED: "true" |
||||
SYSTEM_GOOGLEVISIBILITY: "true" |
||||
restart: on-failure:5 |
@ -0,0 +1,43 @@ |
||||
package stirling.software.SPDF.config.security; |
||||
|
||||
import java.io.IOException; |
||||
|
||||
|
||||
import jakarta.servlet.http.HttpServletRequest; |
||||
import jakarta.servlet.http.HttpServletResponse; |
||||
import jakarta.servlet.http.HttpSession; |
||||
import jakarta.servlet.ServletException; |
||||
import org.springframework.context.annotation.Bean; |
||||
import org.springframework.security.core.Authentication; |
||||
import org.springframework.security.core.session.SessionRegistry; |
||||
import org.springframework.security.core.session.SessionRegistryImpl; |
||||
import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler; |
||||
|
||||
public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler |
||||
{ |
||||
@Bean |
||||
public SessionRegistry sessionRegistry() { |
||||
return new SessionRegistryImpl(); |
||||
} |
||||
|
||||
@Override |
||||
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException |
||||
{ |
||||
HttpSession session = request.getSession(false); |
||||
if (session != null) { |
||||
String sessionId = session.getId(); |
||||
sessionRegistry() |
||||
.removeSessionInformation( |
||||
sessionId); |
||||
} |
||||
|
||||
if(request.getParameter("oauth2AutoCreateDisabled") != null) |
||||
{ |
||||
response.sendRedirect(request.getContextPath()+"/login?error=oauth2AutoCreateDisabled"); |
||||
} |
||||
else |
||||
{ |
||||
response.sendRedirect(request.getContextPath() + "/login?logout=true"); |
||||
} |
||||
} |
||||
} |
Loading…
Reference in new issue