This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch SPRING_BOOT_2_7
in repository https://gitbox.apache.org/repos/asf/syncope.git
commit 7dbf6d85c25803663e14d91e668a582651b81411
Author: Francesco Chicchiriccò <ilgro...@apache.org>
AuthorDate: Fri Jul 15 17:39:26 2022 +0200
Upgrading Spring Boot to 2.7 and CAS to 6.6
---
.../syncope/client/console/SecurityConfig.java | 41 ++++---
.../syncope/client/enduser/SecurityConfig.java | 41 ++++---
.../spring/security/MustChangePasswordFilter.java | 7 +-
.../core/spring/security/WebSecurityContext.java | 122 ++++++++++-----------
pom.xml | 6 +-
.../bootstrap/AuthModulePropertySourceMapper.java | 6 +-
.../syncope/wa/starter/SyncopeWAApplication.java | 25 +++--
.../wa/starter/audit/WAAuditTrailManager.java | 3 +-
.../syncope/wa/starter/config/WAContext.java | 10 +-
.../gauth/WAGoogleMfaAuthCredentialRepository.java | 38 +++----
.../starter/mapping/AbstractClientAppMapper.java | 8 +-
.../wa/starter/mapping/CASSPClientAppTOMapper.java | 4 +-
.../starter/mapping/SAML2SPClientAppTOMapper.java | 2 +-
.../apache/syncope/wa/starter/AbstractTest.java | 2 +-
.../token/WAGoogleMfaAuthTokenRepositoryTest.java | 2 +-
15 files changed, 162 insertions(+), 155 deletions(-)
diff --git
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SecurityConfig.java
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SecurityConfig.java
index 86a5e39294..f33629d732 100644
---
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SecurityConfig.java
+++
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SecurityConfig.java
@@ -22,35 +22,34 @@ import
org.apache.syncope.common.lib.types.IdRepoEntitlement;
import
org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
-import
org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import
org.springframework.security.config.annotation.web.builders.HttpSecurity;
import
org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import
org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
@EnableWebSecurity
@Configuration(proxyBeanMethods = false)
public class SecurityConfig {
@Bean
- public WebSecurityConfigurerAdapter consoleSecurityConfigAdapter(final
ConsoleProperties props) {
- return new WebSecurityConfigurerAdapter() {
- @Override
- protected void configure(final AuthenticationManagerBuilder auth)
throws Exception {
- auth.inMemoryAuthentication().
- withUser(props.getAnonymousUser()).
- password("{noop}" + props.getAnonymousKey()).
- roles(IdRepoEntitlement.ANONYMOUS);
- }
+ public SecurityFilterChain filterChain(final HttpSecurity http) throws
Exception {
+ http.csrf().disable().
+ authorizeRequests().
+ requestMatchers(EndpointRequest.toAnyEndpoint()).
+ authenticated().
+ and().
+ httpBasic();
+ return http.build();
+ }
- @Override
- protected void configure(final HttpSecurity http) throws Exception
{
- http.csrf().disable().
- authorizeRequests().
- requestMatchers(EndpointRequest.toAnyEndpoint()).
- authenticated().
- and().
- httpBasic();
- }
- };
+ @Bean
+ public InMemoryUserDetailsManager userDetailsService(final
ConsoleProperties props) {
+ UserDetails user = User.withUsername(props.getAnonymousUser()).
+ password("{noop}" + props.getAnonymousKey()).
+ roles(IdRepoEntitlement.ANONYMOUS).
+ build();
+ return new InMemoryUserDetailsManager(user);
}
}
diff --git
a/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SecurityConfig.java
b/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SecurityConfig.java
index 38e6e6a5ae..3218618cdf 100644
---
a/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SecurityConfig.java
+++
b/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SecurityConfig.java
@@ -22,35 +22,34 @@ import
org.apache.syncope.common.lib.types.IdRepoEntitlement;
import
org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
-import
org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import
org.springframework.security.config.annotation.web.builders.HttpSecurity;
import
org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import
org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
@EnableWebSecurity
@Configuration(proxyBeanMethods = false)
public class SecurityConfig {
@Bean
- public WebSecurityConfigurerAdapter enduserSecurityAdapter(final
EnduserProperties props) {
- return new WebSecurityConfigurerAdapter() {
- @Override
- protected void configure(final AuthenticationManagerBuilder auth)
throws Exception {
- auth.inMemoryAuthentication().
- withUser(props.getAnonymousUser()).
- password("{noop}" + props.getAnonymousKey()).
- roles(IdRepoEntitlement.ANONYMOUS);
- }
+ public SecurityFilterChain filterChain(final HttpSecurity http) throws
Exception {
+ http.csrf().disable().
+ authorizeRequests().
+ requestMatchers(EndpointRequest.toAnyEndpoint()).
+ authenticated().
+ and().
+ httpBasic();
+ return http.build();
+ }
- @Override
- protected void configure(final HttpSecurity http) throws Exception
{
- http.csrf().disable().
- authorizeRequests().
- requestMatchers(EndpointRequest.toAnyEndpoint()).
- authenticated().
- and().
- httpBasic();
- }
- };
+ @Bean
+ public InMemoryUserDetailsManager userDetailsService(final
EnduserProperties props) {
+ UserDetails user = User.withUsername(props.getAnonymousUser()).
+ password("{noop}" + props.getAnonymousKey()).
+ roles(IdRepoEntitlement.ANONYMOUS).
+ build();
+ return new InMemoryUserDetailsManager(user);
}
}
diff --git
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/MustChangePasswordFilter.java
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/MustChangePasswordFilter.java
index 33479e83fa..92c6b8b191 100644
---
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/MustChangePasswordFilter.java
+++
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/MustChangePasswordFilter.java
@@ -28,7 +28,7 @@ import javax.servlet.ServletResponse;
import org.apache.syncope.common.lib.types.IdRepoEntitlement;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.web.firewall.FirewalledRequest;
+import
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper;
public class MustChangePasswordFilter implements Filter {
@@ -46,12 +46,13 @@ public class MustChangePasswordFilter implements Filter {
public void doFilter(final ServletRequest request, final ServletResponse
response, final FilterChain chain)
throws IOException, ServletException {
- if (request instanceof FirewalledRequest) {
+ if (request instanceof SecurityContextHolderAwareRequestWrapper) {
boolean isMustChangePassword =
SecurityContextHolder.getContext().getAuthentication().getAuthorities().stream().anyMatch(
authority ->
IdRepoEntitlement.MUST_CHANGE_PASSWORD.equals(authority.getAuthority()));
- FirewalledRequest wrappedRequest =
FirewalledRequest.class.cast(request);
+ SecurityContextHolderAwareRequestWrapper wrappedRequest =
+
SecurityContextHolderAwareRequestWrapper.class.cast(request);
if (isMustChangePassword &&
!"POST".equalsIgnoreCase(wrappedRequest.getMethod())
&&
!"/users/self/changePassword".equals(wrappedRequest.getPathInfo())) {
diff --git
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/WebSecurityContext.java
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/WebSecurityContext.java
index 6117375848..e9ffb1b855 100644
---
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/WebSecurityContext.java
+++
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/WebSecurityContext.java
@@ -38,15 +38,16 @@ import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import
org.springframework.security.authentication.AnonymousAuthenticationProvider;
+import org.springframework.security.authentication.AuthenticationManager;
import
org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import
org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import
org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
import
org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import
org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import
org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.AccessDeniedHandler;
import
org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import
org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
@@ -74,66 +75,65 @@ public class WebSecurityContext {
}
@Bean
- public WebSecurityConfigurerAdapter webSecurityConfigurerAdapter(
- final ApplicationContext ctx,
+ public WebSecurityCustomizer webSecurityCustomizer(final HttpFirewall
allowUrlEncodedSlashHttpFirewall) {
+ return web -> web.httpFirewall(allowUrlEncodedSlashHttpFirewall);
+ }
+
+ @Bean
+ public SecurityFilterChain filterChain(
+ final HttpSecurity http,
+ final UsernamePasswordAuthenticationProvider
usernamePasswordAuthenticationProvider,
+ final JWTAuthenticationProvider jwtAuthenticationProvider,
final SecurityProperties securityProperties,
- final HttpFirewall allowUrlEncodedSlashHttpFirewall) {
-
- return new WebSecurityConfigurerAdapter(true) {
-
- @Override
- public void configure(final WebSecurity web) {
- web.httpFirewall(allowUrlEncodedSlashHttpFirewall);
- }
-
- @Override
- protected void configure(final HttpSecurity http) throws Exception
{
- SyncopeAuthenticationDetailsSource authenticationDetailsSource
=
- new SyncopeAuthenticationDetailsSource();
-
- AnonymousAuthenticationProvider
anonymousAuthenticationProvider =
- new
AnonymousAuthenticationProvider(ANONYMOUS_BEAN_KEY);
- AnonymousAuthenticationFilter anonymousAuthenticationFilter =
- new AnonymousAuthenticationFilter(
- ANONYMOUS_BEAN_KEY,
- securityProperties.getAnonymousUser(),
-
AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
-
anonymousAuthenticationFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
-
- SyncopeBasicAuthenticationEntryPoint
basicAuthenticationEntryPoint =
- new SyncopeBasicAuthenticationEntryPoint();
- basicAuthenticationEntryPoint.setRealmName("Apache Syncope
authentication");
-
- JWTAuthenticationFilter jwtAuthenticationFilter = new
JWTAuthenticationFilter(
- authenticationManager(),
- basicAuthenticationEntryPoint,
- authenticationDetailsSource,
- ctx.getBean(AuthDataAccessor.class),
- ctx.getBean(DefaultCredentialChecker.class));
-
- http.authorizeRequests().
- antMatchers("/**").permitAll().and().
-
sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().
- securityContext().securityContextRepository(new
NullSecurityContextRepository()).and().
- anonymous().
-
authenticationProvider(anonymousAuthenticationProvider).
-
authenticationFilter(anonymousAuthenticationFilter).and().
-
httpBasic().authenticationEntryPoint(basicAuthenticationEntryPoint).
-
authenticationDetailsSource(authenticationDetailsSource).and().
-
exceptionHandling().accessDeniedHandler(accessDeniedHandler()).and().
- addFilterBefore(jwtAuthenticationFilter,
BasicAuthenticationFilter.class).
- addFilterBefore(new MustChangePasswordFilter(),
FilterSecurityInterceptor.class).
- headers().disable().
- csrf().disable();
- }
-
- @Override
- protected void configure(final AuthenticationManagerBuilder
builder) throws Exception {
- builder.
-
authenticationProvider(ctx.getBean(UsernamePasswordAuthenticationProvider.class)).
-
authenticationProvider(ctx.getBean(JWTAuthenticationProvider.class));
- }
- };
+ final ApplicationContext ctx) throws Exception {
+
+ AuthenticationManager authenticationManager =
http.getSharedObject(AuthenticationManagerBuilder.class).
+ authenticationProvider(usernamePasswordAuthenticationProvider).
+ authenticationProvider(jwtAuthenticationProvider).
+ build();
+
+ SyncopeAuthenticationDetailsSource authenticationDetailsSource =
+ new SyncopeAuthenticationDetailsSource();
+
+ AnonymousAuthenticationProvider anonymousAuthenticationProvider =
+ new AnonymousAuthenticationProvider(ANONYMOUS_BEAN_KEY);
+ AnonymousAuthenticationFilter anonymousAuthenticationFilter =
+ new AnonymousAuthenticationFilter(
+ ANONYMOUS_BEAN_KEY,
+ securityProperties.getAnonymousUser(),
+ AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
+
anonymousAuthenticationFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
+
+ SyncopeBasicAuthenticationEntryPoint basicAuthenticationEntryPoint =
+ new SyncopeBasicAuthenticationEntryPoint();
+ basicAuthenticationEntryPoint.setRealmName("Apache Syncope
authentication");
+
+ JWTAuthenticationFilter jwtAuthenticationFilter = new
JWTAuthenticationFilter(
+ authenticationManager,
+ basicAuthenticationEntryPoint,
+ authenticationDetailsSource,
+ ctx.getBean(AuthDataAccessor.class),
+ ctx.getBean(DefaultCredentialChecker.class));
+
+ MustChangePasswordFilter mustChangePasswordFilter = new
MustChangePasswordFilter();
+
+ http.authenticationManager(authenticationManager).
+ authorizeRequests().
+ antMatchers("/**").permitAll().and().
+
sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().
+ securityContext().securityContextRepository(new
NullSecurityContextRepository()).and().
+ anonymous().
+ authenticationProvider(anonymousAuthenticationProvider).
+ authenticationFilter(anonymousAuthenticationFilter).and().
+
httpBasic().authenticationEntryPoint(basicAuthenticationEntryPoint).
+ authenticationDetailsSource(authenticationDetailsSource).and().
+
exceptionHandling().accessDeniedHandler(accessDeniedHandler()).and().
+ addFilterBefore(jwtAuthenticationFilter,
BasicAuthenticationFilter.class).
+ addFilterBefore(mustChangePasswordFilter,
FilterSecurityInterceptor.class).
+ headers().disable().
+ csrf().disable();
+
+ return http.build();
}
@ConditionalOnMissingBean
diff --git a/pom.xml b/pom.xml
index cfbae059f5..91626fa192 100644
--- a/pom.xml
+++ b/pom.xml
@@ -411,7 +411,7 @@ under the License.
<jackson.version>2.13.3</jackson.version>
- <spring-boot.version>2.6.9</spring-boot.version>
+ <spring-boot.version>2.7.1</spring-boot.version>
<spring-cloud-gateway.version>3.1.3</spring-cloud-gateway.version>
<openjpa.version>3.2.2</openjpa.version>
@@ -446,9 +446,9 @@ under the License.
<modernizer-maven.version>2.4.0</modernizer-maven.version>
- <pac4j.version>5.3.1</pac4j.version>
+ <pac4j.version>5.4.3</pac4j.version>
- <cas.version>6.5.6</cas.version>
+ <cas.version>6.6.0-RC4</cas.version>
<cas-client.version>3.6.4</cas-client.version>
<h2.version>2.1.214</h2.version>
diff --git
a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/AuthModulePropertySourceMapper.java
b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/AuthModulePropertySourceMapper.java
index 27b8d268ac..0bcc408982 100644
---
a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/AuthModulePropertySourceMapper.java
+++
b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/AuthModulePropertySourceMapper.java
@@ -247,13 +247,15 @@ public class AuthModulePropertySourceMapper extends
PropertySourceMapper impleme
CasSimpleMultifactorAuthenticationProperties props = new
CasSimpleMultifactorAuthenticationProperties();
props.setName(authModuleTO.getKey());
props.setOrder(authModuleTO.getOrder());
- props.setTokenLength(conf.getTokenLength());
- props.setTimeToKillInSeconds(conf.getTimeToKillInSeconds());
+
props.getMail().setAttributeName(conf.getEmailAttribute());
props.getMail().setFrom(conf.getEmailFrom());
props.getMail().setSubject(conf.getEmailSubject());
props.getMail().setText(conf.getEmailText());
+ props.getToken().getCore().setTokenLength(conf.getTokenLength());
+
props.getToken().getCore().setTimeToKillInSeconds(conf.getTimeToKillInSeconds());
+
if (StringUtils.isNotBlank(conf.getBypassGroovyScript())) {
try {
props.getBypass().getGroovy().setLocation(ResourceUtils.getResourceFrom(conf.getBypassGroovyScript()));
diff --git
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/SyncopeWAApplication.java
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/SyncopeWAApplication.java
index aeb44e2dcd..cda6bd0976 100644
---
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/SyncopeWAApplication.java
+++
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/SyncopeWAApplication.java
@@ -27,6 +27,7 @@ import
org.apache.syncope.wa.starter.config.WARefreshContextJob;
import org.apereo.cas.config.GoogleAuthenticatorLdapConfiguration;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.CasConfigurationPropertiesValidator;
+import org.apereo.cas.oidc.config.OidcJwksJpaConfiguration;
import org.quartz.JobBuilder;
import org.quartz.JobDetail;
import org.quartz.JobKey;
@@ -61,16 +62,14 @@ import
org.springframework.transaction.annotation.EnableTransactionManagement;
@SpringBootApplication(exclude = {
/*
- List of CAS-specific classes that we want to
- exclude from auto-configuration. This is required when there is a
- competing option/implementation available in Syncope that needs to be
- conditionally activated.
+ * List of CAS-specific classes that we want to exclude from
auto-configuration.
+ * This is required when there is a competing option/implementation
available in Syncope that needs to be
+ * conditionally activated.
*/
GoogleAuthenticatorLdapConfiguration.class,
-
+ OidcJwksJpaConfiguration.class,
/*
- List of Spring Boot classes that we want to disable
- and remove from auto-configuration.
+ * List of Spring Boot classes that we want to disable and remove from
auto-configuration.
*/
HibernateJpaAutoConfiguration.class,
JerseyAutoConfiguration.class,
@@ -96,14 +95,14 @@ public class SyncopeWAApplication extends
SpringBootServletInitializer {
public static void main(final String[] args) {
new SpringApplicationBuilder(SyncopeWAApplication.class).
- properties(Map.of("spring.config.name", "wa",
"spring.cloud.bootstrap.name", "wa")).
- build().run(args);
+ properties(Map.of("spring.config.name", "wa",
"spring.cloud.bootstrap.name", "wa")).
+ build().run(args);
}
@Override
protected SpringApplicationBuilder configure(final
SpringApplicationBuilder builder) {
return builder.properties(Map.of("spring.config.name", "wa",
- "spring.cloud.bootstrap.name",
"wa")).sources(SyncopeWAApplication.class);
+ "spring.cloud.bootstrap.name",
"wa")).sources(SyncopeWAApplication.class);
}
/**
@@ -119,8 +118,10 @@ public class SyncopeWAApplication extends
SpringBootServletInitializer {
scheduleJobToRefreshContext(waProperties, scheduler);
}
- protected void scheduleJobToRefreshContext(final WAProperties
waProperties,
- final SchedulerFactoryBean
scheduler) {
+ protected void scheduleJobToRefreshContext(
+ final WAProperties waProperties,
+ final SchedulerFactoryBean scheduler) {
+
try {
Date date =
Date.from(LocalDateTime.now().plusSeconds(waProperties.getContextRefreshDelay()).
atZone(ZoneId.systemDefault()).toInstant());
diff --git
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/audit/WAAuditTrailManager.java
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/audit/WAAuditTrailManager.java
index 6dfdf01a54..f4119a8065 100644
---
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/audit/WAAuditTrailManager.java
+++
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/audit/WAAuditTrailManager.java
@@ -19,7 +19,6 @@
package org.apache.syncope.wa.starter.audit;
import com.fasterxml.jackson.core.JsonProcessingException;
-import java.time.LocalDate;
import java.time.OffsetDateTime;
import java.util.Map;
import java.util.Set;
@@ -79,7 +78,7 @@ public class WAAuditTrailManager extends
AbstractAuditTrailManager {
}
@Override
- public Set<? extends AuditActionContext> getAuditRecordsSince(final
LocalDate sinceDate) {
+ public Set<? extends AuditActionContext> getAuditRecords(final
Map<WhereClauseFields, Object> map) {
throw new UnsupportedOperationException("Fetching audit events from WA
is not supported");
}
diff --git
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/WAContext.java
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/WAContext.java
index b929fb6104..5d03747e58 100644
---
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/WAContext.java
+++
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/WAContext.java
@@ -283,7 +283,9 @@ public class WAContext {
public OneTimeTokenCredentialRepository googleAuthenticatorAccountRegistry(
final CasConfigurationProperties casProperties,
@Qualifier("googleAuthenticatorAccountCipherExecutor")
- final CipherExecutor<String, String> cipherExecutor,
+ final CipherExecutor<String, String>
googleAuthenticatorAccountCipherExecutor,
+ @Qualifier("googleAuthenticatorScratchCodesCipherExecutor")
+ final CipherExecutor<Number, Number>
googleAuthenticatorScratchCodesCipherExecutor,
final IGoogleAuthenticator googleAuthenticatorInstance,
final WARestClient restClient) {
@@ -301,7 +303,11 @@ public class WAContext {
ConnectionFactory connectionFactory =
LdapUtils.newLdaptiveConnectionFactory(ldap);
return new LdapGoogleAuthenticatorTokenCredentialRepository(
- cipherExecutor, googleAuthenticatorInstance,
connectionFactory, ldap);
+ googleAuthenticatorAccountCipherExecutor,
+ googleAuthenticatorScratchCodesCipherExecutor,
+ googleAuthenticatorInstance,
+ connectionFactory,
+ ldap);
}
return new WAGoogleMfaAuthCredentialRepository(restClient,
googleAuthenticatorInstance);
}
diff --git
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/gauth/WAGoogleMfaAuthCredentialRepository.java
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/gauth/WAGoogleMfaAuthCredentialRepository.java
index cb2b4fa0d5..e785ea29dd 100644
---
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/gauth/WAGoogleMfaAuthCredentialRepository.java
+++
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/gauth/WAGoogleMfaAuthCredentialRepository.java
@@ -44,27 +44,27 @@ public class WAGoogleMfaAuthCredentialRepository extends
BaseGoogleAuthenticator
public WAGoogleMfaAuthCredentialRepository(
final WARestClient waRestClient, final IGoogleAuthenticator
googleAuthenticator) {
- super(CipherExecutor.noOpOfStringToString(), googleAuthenticator);
+ super(CipherExecutor.noOpOfStringToString(),
CipherExecutor.noOpOfNumberToNumber(), googleAuthenticator);
this.waRestClient = waRestClient;
}
- protected GoogleMfaAuthAccount mapGoogleMfaAuthAccount(final
OneTimeTokenAccount account) {
+ protected GoogleMfaAuthAccount mapGoogleMfaAuthAccount(final
OneTimeTokenAccount otta) {
return new GoogleMfaAuthAccount.Builder().
registrationDate(OffsetDateTime.now()).
- scratchCodes(account.getScratchCodes()).
- validationCode(account.getValidationCode()).
- secretKey(account.getSecretKey()).
- id(account.getId()).
+
scratchCodes(otta.getScratchCodes().stream().map(Number::intValue).collect(Collectors.toList())).
+ validationCode(otta.getValidationCode()).
+ secretKey(otta.getSecretKey()).
+ id(otta.getId()).
build();
}
- protected GoogleAuthenticatorAccount mapGoogleMfaAuthAccount(final
GoogleMfaAuthAccount account) {
+ protected GoogleAuthenticatorAccount mapGoogleMfaAuthAccount(final
GoogleMfaAuthAccount gmfaa) {
return GoogleAuthenticatorAccount.builder().
- secretKey(account.getSecretKey()).
- validationCode(account.getValidationCode()).
- scratchCodes(account.getScratchCodes()).
- name(account.getName()).
- id(account.getId()).
+ secretKey(gmfaa.getSecretKey()).
+ validationCode(gmfaa.getValidationCode()).
+
scratchCodes(gmfaa.getScratchCodes().stream().map(Number::intValue).collect(Collectors.toList())).
+ name(gmfaa.getName()).
+ id(gmfaa.getId()).
build();
}
@@ -134,17 +134,17 @@ public class WAGoogleMfaAuthCredentialRepository extends
BaseGoogleAuthenticator
}
@Override
- public OneTimeTokenAccount save(final OneTimeTokenAccount tokenAccount) {
+ public OneTimeTokenAccount save(final OneTimeTokenAccount otta) {
GoogleMfaAuthAccount account = new GoogleMfaAuthAccount.Builder().
registrationDate(OffsetDateTime.now()).
- scratchCodes(tokenAccount.getScratchCodes()).
- validationCode(tokenAccount.getValidationCode()).
- secretKey(tokenAccount.getSecretKey()).
- name(tokenAccount.getName()).
- id(tokenAccount.getId()).
+
scratchCodes(otta.getScratchCodes().stream().map(Number::intValue).collect(Collectors.toList())).
+ validationCode(otta.getValidationCode()).
+ secretKey(otta.getSecretKey()).
+ name(otta.getName()).
+ id(otta.getId()).
build();
waRestClient.getSyncopeClient().
-
getService(GoogleMfaAuthAccountService.class).create(tokenAccount.getUsername(),
account);
+
getService(GoogleMfaAuthAccountService.class).create(otta.getUsername(),
account);
return mapGoogleMfaAuthAccount(account);
}
diff --git
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/AbstractClientAppMapper.java
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/AbstractClientAppMapper.java
index ee62c2b43c..f9a9685c16 100644
---
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/AbstractClientAppMapper.java
+++
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/AbstractClientAppMapper.java
@@ -22,8 +22,8 @@ import java.util.Map;
import java.util.stream.Collectors;
import org.apache.syncope.common.lib.Attr;
import org.apache.syncope.common.lib.to.ClientAppTO;
+import org.apereo.cas.services.BaseWebBasedRegisteredService;
import org.apereo.cas.services.DefaultRegisteredServiceProperty;
-import org.apereo.cas.services.RegexRegisteredService;
import org.apereo.cas.services.RegisteredServiceAccessStrategy;
import org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy;
import org.apereo.cas.services.RegisteredServiceAuthenticationPolicy;
@@ -32,7 +32,7 @@ import org.apereo.cas.services.RegisteredServiceProperty;
abstract class AbstractClientAppMapper implements ClientAppMapper {
- protected void setCommon(final RegexRegisteredService service, final
ClientAppTO clientApp) {
+ protected void setCommon(final BaseWebBasedRegisteredService service,
final ClientAppTO clientApp) {
service.setId(clientApp.getClientAppId());
service.setName(clientApp.getName());
service.setDescription(clientApp.getDescription());
@@ -48,7 +48,7 @@ abstract class AbstractClientAppMapper implements
ClientAppMapper {
}
protected void setPolicies(
- final RegexRegisteredService service,
+ final BaseWebBasedRegisteredService service,
final RegisteredServiceAuthenticationPolicy authPolicy,
final RegisteredServiceMultifactorPolicy mfaPolicy,
final RegisteredServiceAccessStrategy accessStrategy,
@@ -58,7 +58,7 @@ abstract class AbstractClientAppMapper implements
ClientAppMapper {
service.setAuthenticationPolicy(authPolicy);
}
if (mfaPolicy != null) {
- service.setMultifactorPolicy(mfaPolicy);
+ service.setMultifactorAuthenticationPolicy(mfaPolicy);
}
if (accessStrategy != null) {
service.setAccessStrategy(accessStrategy);
diff --git
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/CASSPClientAppTOMapper.java
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/CASSPClientAppTOMapper.java
index e1146ef929..5d007d2a05 100644
---
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/CASSPClientAppTOMapper.java
+++
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/CASSPClientAppTOMapper.java
@@ -20,7 +20,7 @@ package org.apache.syncope.wa.starter.mapping;
import org.apache.syncope.common.lib.to.CASSPClientAppTO;
import org.apache.syncope.common.lib.wa.WAClientApp;
-import org.apereo.cas.services.RegexRegisteredService;
+import org.apereo.cas.services.CasRegisteredService;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.services.RegisteredServiceAccessStrategy;
import org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy;
@@ -42,7 +42,7 @@ public class CASSPClientAppTOMapper extends
AbstractClientAppMapper {
CASSPClientAppTO cas =
CASSPClientAppTO.class.cast(clientApp.getClientAppTO());
- RegexRegisteredService service = new RegexRegisteredService();
+ CasRegisteredService service = new CasRegisteredService();
service.setServiceId(cas.getServiceId());
setCommon(service, cas);
diff --git
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/SAML2SPClientAppTOMapper.java
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/SAML2SPClientAppTOMapper.java
index d90dd0d510..ac7e576c69 100644
---
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/SAML2SPClientAppTOMapper.java
+++
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/SAML2SPClientAppTOMapper.java
@@ -52,7 +52,7 @@ public class SAML2SPClientAppTOMapper extends
AbstractClientAppMapper {
service.setMetadataLocation(sp.getMetadataLocation());
service.setMetadataSignatureLocation(sp.getMetadataSignatureLocation());
service.setSignAssertions(TriStateBoolean.fromBoolean(sp.isSignAssertions()));
- service.setSignResponses(sp.isSignResponses());
+
service.setSignResponses(TriStateBoolean.fromBoolean(sp.isSignResponses()));
service.setEncryptionOptional(sp.isEncryptionOptional());
service.setEncryptAssertions(sp.isEncryptAssertions());
service.setRequiredAuthenticationContextClass(sp.getRequiredAuthenticationContextClass());
diff --git
a/wa/starter/src/test/java/org/apache/syncope/wa/starter/AbstractTest.java
b/wa/starter/src/test/java/org/apache/syncope/wa/starter/AbstractTest.java
index 33ee8ffb99..54db7d837b 100644
--- a/wa/starter/src/test/java/org/apache/syncope/wa/starter/AbstractTest.java
+++ b/wa/starter/src/test/java/org/apache/syncope/wa/starter/AbstractTest.java
@@ -21,7 +21,7 @@ package org.apache.syncope.wa.starter;
import java.util.UUID;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.context.TestConfiguration;
-import org.springframework.boot.web.server.LocalServerPort;
+import org.springframework.boot.test.web.server.LocalServerPort;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.test.context.ContextConfiguration;
diff --git
a/wa/starter/src/test/java/org/apache/syncope/wa/starter/gauth/token/WAGoogleMfaAuthTokenRepositoryTest.java
b/wa/starter/src/test/java/org/apache/syncope/wa/starter/gauth/token/WAGoogleMfaAuthTokenRepositoryTest.java
index 835ddbf663..b3089233da 100644
---
a/wa/starter/src/test/java/org/apache/syncope/wa/starter/gauth/token/WAGoogleMfaAuthTokenRepositoryTest.java
+++
b/wa/starter/src/test/java/org/apache/syncope/wa/starter/gauth/token/WAGoogleMfaAuthTokenRepositoryTest.java
@@ -29,7 +29,7 @@ import org.springframework.beans.factory.annotation.Autowired;
public class WAGoogleMfaAuthTokenRepositoryTest extends AbstractTest {
@Autowired
- private OneTimeTokenRepository tokenRepository;
+ private OneTimeTokenRepository<GoogleAuthenticatorToken> tokenRepository;
@Test
public void verifyOps() {
