1   /*
2    * Copyright 2018 LINE Corporation
3    *
4    * LINE Corporation licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   https://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  package com.linecorp.centraldogma.server.auth.saml;
17  
18  import static java.util.Objects.requireNonNull;
19  
20  import com.google.common.collect.ImmutableList;
21  
22  import com.linecorp.armeria.common.HttpResponse;
23  import com.linecorp.armeria.common.HttpStatus;
24  import com.linecorp.armeria.server.HttpService;
25  import com.linecorp.armeria.server.HttpServiceWithRoutes;
26  import com.linecorp.armeria.server.saml.SamlServiceProvider;
27  import com.linecorp.centraldogma.server.auth.AuthProvider;
28  
29  /**
30   * OpenSAML based {@link AuthProvider} implementation.
31   */
32  public class SamlAuthProvider implements AuthProvider {
33  
34      private final SamlServiceProvider sp;
35  
36      SamlAuthProvider(SamlServiceProvider sp) {
37          this.sp = requireNonNull(sp, "sp");
38      }
39  
40      @Override
41      public HttpService webLoginService() {
42          // Should always redirect to the IdP because the browser cannot set a token to the request.
43          final HttpService service = (ctx, req) -> HttpResponse.of(HttpStatus.INTERNAL_SERVER_ERROR);
44          return service.decorate(sp.newSamlDecorator());
45      }
46  
47      @Override
48      public Iterable<HttpServiceWithRoutes> moreServices() {
49          return ImmutableList.of(sp.newSamlService());
50      }
51  }