[SYNCOPE-1068] Using Wicket's CsrfPreventionRequestCycleListener, controlled via console.properties and enabled by default
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/822ad873 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/822ad873 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/822ad873 Branch: refs/heads/master Commit: 822ad873cb7139ae81f76d4b685273851b7e79dc Parents: b81f9e4 Author: Francesco Chicchiriccò <ilgro...@apache.org> Authored: Thu Apr 20 15:26:29 2017 +0200 Committer: Francesco Chicchiriccò <ilgro...@apache.org> Committed: Thu Apr 20 15:26:47 2017 +0200 ---------------------------------------------------------------------- .../syncope/client/console/SyncopeConsoleApplication.java | 6 ++++++ client/console/src/main/resources/console.properties | 2 ++ .../src/main/resources/console.properties | 2 ++ .../apache/syncope/fit/console/AbstractConsoleITCase.java | 10 ++++++++++ .../org/apache/syncope/fit/console/AjaxBrowseITCase.java | 7 +++++-- fit/core-reference/src/test/resources/console.properties | 2 ++ 6 files changed, 27 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/syncope/blob/822ad873/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java index 88a6965..4c44802 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java @@ -63,6 +63,7 @@ import org.apache.wicket.authroles.authentication.AuthenticatedWebApplication; import org.apache.wicket.authroles.authentication.AuthenticatedWebSession; import org.apache.wicket.authroles.authorization.strategies.role.metadata.MetaDataRoleAuthorizationStrategy; import org.apache.wicket.markup.html.WebPage; +import org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener; import org.apache.wicket.protocol.http.WebApplication; import org.apache.wicket.request.resource.IResource; import org.apache.wicket.request.resource.ResourceReference; @@ -174,6 +175,8 @@ public class SyncopeConsoleApplication extends AuthenticatedWebApplication { useGZIPCompression = props.getProperty("useGZIPCompression"); Args.notNull(useGZIPCompression, "<useGZIPCompression>"); + String csrf = props.getProperty("csrf"); + // process page properties pageClasses = new HashMap<>(); populatePageClasses(props); @@ -205,6 +208,9 @@ public class SyncopeConsoleApplication extends AuthenticatedWebApplication { getMarkupSettings().setStripWicketTags(true); getMarkupSettings().setCompressWhitespace(true); + if (BooleanUtils.toBoolean(csrf)) { + getRequestCycleListeners().add(new CsrfPreventionRequestCycleListener()); + } getRequestCycleListeners().add(new SyncopeConsoleRequestCycleListener()); mountPage("/login", getSignInPageClass()); http://git-wip-us.apache.org/repos/asf/syncope/blob/822ad873/client/console/src/main/resources/console.properties ---------------------------------------------------------------------- diff --git a/client/console/src/main/resources/console.properties b/client/console/src/main/resources/console.properties index 03326ff..a3c44f8 100644 --- a/client/console/src/main/resources/console.properties +++ b/client/console/src/main/resources/console.properties @@ -28,6 +28,8 @@ port=8080 rootPath=/syncope/rest/ useGZIPCompression=true +csrf=true + activitiModelerDirectory=${activiti-modeler.directory} reconciliationReportKey=c3520ad9-179f-49e7-b315-d684d216dd97 http://git-wip-us.apache.org/repos/asf/syncope/blob/822ad873/fit/console-reference/src/main/resources/console.properties ---------------------------------------------------------------------- diff --git a/fit/console-reference/src/main/resources/console.properties b/fit/console-reference/src/main/resources/console.properties index 00834e6..4ce2e9b 100644 --- a/fit/console-reference/src/main/resources/console.properties +++ b/fit/console-reference/src/main/resources/console.properties @@ -28,6 +28,8 @@ port=9080 rootPath=/syncope/rest/ useGZIPCompression=true +csrf=true + activitiModelerDirectory=${activiti-modeler.directory} reconciliationReportKey=c3520ad9-179f-49e7-b315-d684d216dd97 http://git-wip-us.apache.org/repos/asf/syncope/blob/822ad873/fit/core-reference/src/test/java/org/apache/syncope/fit/console/AbstractConsoleITCase.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/console/AbstractConsoleITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/console/AbstractConsoleITCase.java index 0565590..fcb6173 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/console/AbstractConsoleITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/console/AbstractConsoleITCase.java @@ -21,6 +21,8 @@ package org.apache.syncope.fit.console; import java.io.Serializable; import java.lang.reflect.Method; import org.apache.syncope.client.console.pages.Login; +import org.apache.syncope.client.lib.SyncopeClientFactoryBean; +import org.apache.syncope.common.rest.api.service.SyncopeService; import org.apache.wicket.Component; import org.apache.wicket.MarkupContainer; import org.apache.wicket.behavior.AbstractAjaxBehavior; @@ -46,15 +48,23 @@ public abstract class AbstractConsoleITCase { protected static final String ADMIN_PWD = "password"; + protected static final String ADDRESS = "http://localhost:9080/syncope/rest"; + protected static final String KEY = "key"; protected static final String SCHEMA = "schema"; protected static WicketTester TESTER; + protected static SyncopeService SYNCOPE_SERVICE; + @BeforeClass public static void setUp() { TESTER = ConsoleSetup.TESTER; + + SYNCOPE_SERVICE = new SyncopeClientFactoryBean(). + setAddress(ADDRESS).create(ADMIN_UNAME, ADMIN_PWD). + getService(SyncopeService.class); } protected void doLogin(final String user, final String passwd) { http://git-wip-us.apache.org/repos/asf/syncope/blob/822ad873/fit/core-reference/src/test/java/org/apache/syncope/fit/console/AjaxBrowseITCase.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/console/AjaxBrowseITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/console/AjaxBrowseITCase.java index 8ac8558..c6b1aaf 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/console/AjaxBrowseITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/console/AjaxBrowseITCase.java @@ -30,6 +30,7 @@ import org.apache.syncope.client.console.pages.SecurityQuestions; import org.apache.syncope.client.console.pages.Types; import org.apache.syncope.client.console.pages.Workflow; import org.apache.syncope.client.console.topology.Topology; +import org.apache.syncope.fit.ActivitiDetector; import org.junit.Test; // Please, keep the class name as is in order to respect the execution order. It seems that from wicket 7.5.0 the @@ -69,8 +70,10 @@ public class AjaxBrowseITCase extends AbstractConsoleITCase { TESTER.clickLink("body:reportsLI:reports"); TESTER.assertRenderedPage(Reports.class); - TESTER.clickLink("body:configurationLI:configurationUL:workflowLI:workflow"); - TESTER.assertRenderedPage(Workflow.class); + if (ActivitiDetector.isActivitiEnabledForUsers(SYNCOPE_SERVICE)) { + TESTER.clickLink("body:configurationLI:configurationUL:workflowLI:workflow"); + TESTER.assertRenderedPage(Workflow.class); + } TESTER.clickLink("body:configurationLI:configurationUL:logsLI:logs"); TESTER.assertRenderedPage(Logs.class); http://git-wip-us.apache.org/repos/asf/syncope/blob/822ad873/fit/core-reference/src/test/resources/console.properties ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/resources/console.properties b/fit/core-reference/src/test/resources/console.properties index 00834e6..63ed279 100644 --- a/fit/core-reference/src/test/resources/console.properties +++ b/fit/core-reference/src/test/resources/console.properties @@ -28,6 +28,8 @@ port=9080 rootPath=/syncope/rest/ useGZIPCompression=true +csrf=false + activitiModelerDirectory=${activiti-modeler.directory} reconciliationReportKey=c3520ad9-179f-49e7-b315-d684d216dd97