This is an automated email from the ASF dual-hosted git repository. ilgrosso pushed a commit to branch SPRING_BOOT_2_7 in repository https://gitbox.apache.org/repos/asf/syncope.git
commit 7dbf6d85c25803663e14d91e668a582651b81411 Author: Francesco Chicchiriccò <ilgro...@apache.org> AuthorDate: Fri Jul 15 17:39:26 2022 +0200 Upgrading Spring Boot to 2.7 and CAS to 6.6 --- .../syncope/client/console/SecurityConfig.java | 41 ++++--- .../syncope/client/enduser/SecurityConfig.java | 41 ++++--- .../spring/security/MustChangePasswordFilter.java | 7 +- .../core/spring/security/WebSecurityContext.java | 122 ++++++++++----------- pom.xml | 6 +- .../bootstrap/AuthModulePropertySourceMapper.java | 6 +- .../syncope/wa/starter/SyncopeWAApplication.java | 25 +++-- .../wa/starter/audit/WAAuditTrailManager.java | 3 +- .../syncope/wa/starter/config/WAContext.java | 10 +- .../gauth/WAGoogleMfaAuthCredentialRepository.java | 38 +++---- .../starter/mapping/AbstractClientAppMapper.java | 8 +- .../wa/starter/mapping/CASSPClientAppTOMapper.java | 4 +- .../starter/mapping/SAML2SPClientAppTOMapper.java | 2 +- .../apache/syncope/wa/starter/AbstractTest.java | 2 +- .../token/WAGoogleMfaAuthTokenRepositoryTest.java | 2 +- 15 files changed, 162 insertions(+), 155 deletions(-) diff --git a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SecurityConfig.java b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SecurityConfig.java index 86a5e39294..f33629d732 100644 --- a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SecurityConfig.java +++ b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SecurityConfig.java @@ -22,35 +22,34 @@ import org.apache.syncope.common.lib.types.IdRepoEntitlement; import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; @EnableWebSecurity @Configuration(proxyBeanMethods = false) public class SecurityConfig { @Bean - public WebSecurityConfigurerAdapter consoleSecurityConfigAdapter(final ConsoleProperties props) { - return new WebSecurityConfigurerAdapter() { - @Override - protected void configure(final AuthenticationManagerBuilder auth) throws Exception { - auth.inMemoryAuthentication(). - withUser(props.getAnonymousUser()). - password("{noop}" + props.getAnonymousKey()). - roles(IdRepoEntitlement.ANONYMOUS); - } + public SecurityFilterChain filterChain(final HttpSecurity http) throws Exception { + http.csrf().disable(). + authorizeRequests(). + requestMatchers(EndpointRequest.toAnyEndpoint()). + authenticated(). + and(). + httpBasic(); + return http.build(); + } - @Override - protected void configure(final HttpSecurity http) throws Exception { - http.csrf().disable(). - authorizeRequests(). - requestMatchers(EndpointRequest.toAnyEndpoint()). - authenticated(). - and(). - httpBasic(); - } - }; + @Bean + public InMemoryUserDetailsManager userDetailsService(final ConsoleProperties props) { + UserDetails user = User.withUsername(props.getAnonymousUser()). + password("{noop}" + props.getAnonymousKey()). + roles(IdRepoEntitlement.ANONYMOUS). + build(); + return new InMemoryUserDetailsManager(user); } } diff --git a/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SecurityConfig.java b/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SecurityConfig.java index 38e6e6a5ae..3218618cdf 100644 --- a/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SecurityConfig.java +++ b/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SecurityConfig.java @@ -22,35 +22,34 @@ import org.apache.syncope.common.lib.types.IdRepoEntitlement; import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; @EnableWebSecurity @Configuration(proxyBeanMethods = false) public class SecurityConfig { @Bean - public WebSecurityConfigurerAdapter enduserSecurityAdapter(final EnduserProperties props) { - return new WebSecurityConfigurerAdapter() { - @Override - protected void configure(final AuthenticationManagerBuilder auth) throws Exception { - auth.inMemoryAuthentication(). - withUser(props.getAnonymousUser()). - password("{noop}" + props.getAnonymousKey()). - roles(IdRepoEntitlement.ANONYMOUS); - } + public SecurityFilterChain filterChain(final HttpSecurity http) throws Exception { + http.csrf().disable(). + authorizeRequests(). + requestMatchers(EndpointRequest.toAnyEndpoint()). + authenticated(). + and(). + httpBasic(); + return http.build(); + } - @Override - protected void configure(final HttpSecurity http) throws Exception { - http.csrf().disable(). - authorizeRequests(). - requestMatchers(EndpointRequest.toAnyEndpoint()). - authenticated(). - and(). - httpBasic(); - } - }; + @Bean + public InMemoryUserDetailsManager userDetailsService(final EnduserProperties props) { + UserDetails user = User.withUsername(props.getAnonymousUser()). + password("{noop}" + props.getAnonymousKey()). + roles(IdRepoEntitlement.ANONYMOUS). + build(); + return new InMemoryUserDetailsManager(user); } } diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/MustChangePasswordFilter.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/MustChangePasswordFilter.java index 33479e83fa..92c6b8b191 100644 --- a/core/spring/src/main/java/org/apache/syncope/core/spring/security/MustChangePasswordFilter.java +++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/MustChangePasswordFilter.java @@ -28,7 +28,7 @@ import javax.servlet.ServletResponse; import org.apache.syncope.common.lib.types.IdRepoEntitlement; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.web.firewall.FirewalledRequest; +import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestWrapper; public class MustChangePasswordFilter implements Filter { @@ -46,12 +46,13 @@ public class MustChangePasswordFilter implements Filter { public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException { - if (request instanceof FirewalledRequest) { + if (request instanceof SecurityContextHolderAwareRequestWrapper) { boolean isMustChangePassword = SecurityContextHolder.getContext().getAuthentication().getAuthorities().stream().anyMatch( authority -> IdRepoEntitlement.MUST_CHANGE_PASSWORD.equals(authority.getAuthority())); - FirewalledRequest wrappedRequest = FirewalledRequest.class.cast(request); + SecurityContextHolderAwareRequestWrapper wrappedRequest = + SecurityContextHolderAwareRequestWrapper.class.cast(request); if (isMustChangePassword && !"POST".equalsIgnoreCase(wrappedRequest.getMethod()) && !"/users/self/changePassword".equals(wrappedRequest.getPathInfo())) { diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/WebSecurityContext.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/WebSecurityContext.java index 6117375848..e9ffb1b855 100644 --- a/core/spring/src/main/java/org/apache/syncope/core/spring/security/WebSecurityContext.java +++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/WebSecurityContext.java @@ -38,15 +38,16 @@ import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AnonymousAuthenticationProvider; +import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.access.AccessDeniedHandler; import org.springframework.security.web.access.intercept.FilterSecurityInterceptor; import org.springframework.security.web.authentication.AnonymousAuthenticationFilter; @@ -74,66 +75,65 @@ public class WebSecurityContext { } @Bean - public WebSecurityConfigurerAdapter webSecurityConfigurerAdapter( - final ApplicationContext ctx, + public WebSecurityCustomizer webSecurityCustomizer(final HttpFirewall allowUrlEncodedSlashHttpFirewall) { + return web -> web.httpFirewall(allowUrlEncodedSlashHttpFirewall); + } + + @Bean + public SecurityFilterChain filterChain( + final HttpSecurity http, + final UsernamePasswordAuthenticationProvider usernamePasswordAuthenticationProvider, + final JWTAuthenticationProvider jwtAuthenticationProvider, final SecurityProperties securityProperties, - final HttpFirewall allowUrlEncodedSlashHttpFirewall) { - - return new WebSecurityConfigurerAdapter(true) { - - @Override - public void configure(final WebSecurity web) { - web.httpFirewall(allowUrlEncodedSlashHttpFirewall); - } - - @Override - protected void configure(final HttpSecurity http) throws Exception { - SyncopeAuthenticationDetailsSource authenticationDetailsSource = - new SyncopeAuthenticationDetailsSource(); - - AnonymousAuthenticationProvider anonymousAuthenticationProvider = - new AnonymousAuthenticationProvider(ANONYMOUS_BEAN_KEY); - AnonymousAuthenticationFilter anonymousAuthenticationFilter = - new AnonymousAuthenticationFilter( - ANONYMOUS_BEAN_KEY, - securityProperties.getAnonymousUser(), - AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")); - anonymousAuthenticationFilter.setAuthenticationDetailsSource(authenticationDetailsSource); - - SyncopeBasicAuthenticationEntryPoint basicAuthenticationEntryPoint = - new SyncopeBasicAuthenticationEntryPoint(); - basicAuthenticationEntryPoint.setRealmName("Apache Syncope authentication"); - - JWTAuthenticationFilter jwtAuthenticationFilter = new JWTAuthenticationFilter( - authenticationManager(), - basicAuthenticationEntryPoint, - authenticationDetailsSource, - ctx.getBean(AuthDataAccessor.class), - ctx.getBean(DefaultCredentialChecker.class)); - - http.authorizeRequests(). - antMatchers("/**").permitAll().and(). - sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and(). - securityContext().securityContextRepository(new NullSecurityContextRepository()).and(). - anonymous(). - authenticationProvider(anonymousAuthenticationProvider). - authenticationFilter(anonymousAuthenticationFilter).and(). - httpBasic().authenticationEntryPoint(basicAuthenticationEntryPoint). - authenticationDetailsSource(authenticationDetailsSource).and(). - exceptionHandling().accessDeniedHandler(accessDeniedHandler()).and(). - addFilterBefore(jwtAuthenticationFilter, BasicAuthenticationFilter.class). - addFilterBefore(new MustChangePasswordFilter(), FilterSecurityInterceptor.class). - headers().disable(). - csrf().disable(); - } - - @Override - protected void configure(final AuthenticationManagerBuilder builder) throws Exception { - builder. - authenticationProvider(ctx.getBean(UsernamePasswordAuthenticationProvider.class)). - authenticationProvider(ctx.getBean(JWTAuthenticationProvider.class)); - } - }; + final ApplicationContext ctx) throws Exception { + + AuthenticationManager authenticationManager = http.getSharedObject(AuthenticationManagerBuilder.class). + authenticationProvider(usernamePasswordAuthenticationProvider). + authenticationProvider(jwtAuthenticationProvider). + build(); + + SyncopeAuthenticationDetailsSource authenticationDetailsSource = + new SyncopeAuthenticationDetailsSource(); + + AnonymousAuthenticationProvider anonymousAuthenticationProvider = + new AnonymousAuthenticationProvider(ANONYMOUS_BEAN_KEY); + AnonymousAuthenticationFilter anonymousAuthenticationFilter = + new AnonymousAuthenticationFilter( + ANONYMOUS_BEAN_KEY, + securityProperties.getAnonymousUser(), + AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")); + anonymousAuthenticationFilter.setAuthenticationDetailsSource(authenticationDetailsSource); + + SyncopeBasicAuthenticationEntryPoint basicAuthenticationEntryPoint = + new SyncopeBasicAuthenticationEntryPoint(); + basicAuthenticationEntryPoint.setRealmName("Apache Syncope authentication"); + + JWTAuthenticationFilter jwtAuthenticationFilter = new JWTAuthenticationFilter( + authenticationManager, + basicAuthenticationEntryPoint, + authenticationDetailsSource, + ctx.getBean(AuthDataAccessor.class), + ctx.getBean(DefaultCredentialChecker.class)); + + MustChangePasswordFilter mustChangePasswordFilter = new MustChangePasswordFilter(); + + http.authenticationManager(authenticationManager). + authorizeRequests(). + antMatchers("/**").permitAll().and(). + sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and(). + securityContext().securityContextRepository(new NullSecurityContextRepository()).and(). + anonymous(). + authenticationProvider(anonymousAuthenticationProvider). + authenticationFilter(anonymousAuthenticationFilter).and(). + httpBasic().authenticationEntryPoint(basicAuthenticationEntryPoint). + authenticationDetailsSource(authenticationDetailsSource).and(). + exceptionHandling().accessDeniedHandler(accessDeniedHandler()).and(). + addFilterBefore(jwtAuthenticationFilter, BasicAuthenticationFilter.class). + addFilterBefore(mustChangePasswordFilter, FilterSecurityInterceptor.class). + headers().disable(). + csrf().disable(); + + return http.build(); } @ConditionalOnMissingBean diff --git a/pom.xml b/pom.xml index cfbae059f5..91626fa192 100644 --- a/pom.xml +++ b/pom.xml @@ -411,7 +411,7 @@ under the License. <jackson.version>2.13.3</jackson.version> - <spring-boot.version>2.6.9</spring-boot.version> + <spring-boot.version>2.7.1</spring-boot.version> <spring-cloud-gateway.version>3.1.3</spring-cloud-gateway.version> <openjpa.version>3.2.2</openjpa.version> @@ -446,9 +446,9 @@ under the License. <modernizer-maven.version>2.4.0</modernizer-maven.version> - <pac4j.version>5.3.1</pac4j.version> + <pac4j.version>5.4.3</pac4j.version> - <cas.version>6.5.6</cas.version> + <cas.version>6.6.0-RC4</cas.version> <cas-client.version>3.6.4</cas-client.version> <h2.version>2.1.214</h2.version> diff --git a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/AuthModulePropertySourceMapper.java b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/AuthModulePropertySourceMapper.java index 27b8d268ac..0bcc408982 100644 --- a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/AuthModulePropertySourceMapper.java +++ b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/AuthModulePropertySourceMapper.java @@ -247,13 +247,15 @@ public class AuthModulePropertySourceMapper extends PropertySourceMapper impleme CasSimpleMultifactorAuthenticationProperties props = new CasSimpleMultifactorAuthenticationProperties(); props.setName(authModuleTO.getKey()); props.setOrder(authModuleTO.getOrder()); - props.setTokenLength(conf.getTokenLength()); - props.setTimeToKillInSeconds(conf.getTimeToKillInSeconds()); + props.getMail().setAttributeName(conf.getEmailAttribute()); props.getMail().setFrom(conf.getEmailFrom()); props.getMail().setSubject(conf.getEmailSubject()); props.getMail().setText(conf.getEmailText()); + props.getToken().getCore().setTokenLength(conf.getTokenLength()); + props.getToken().getCore().setTimeToKillInSeconds(conf.getTimeToKillInSeconds()); + if (StringUtils.isNotBlank(conf.getBypassGroovyScript())) { try { props.getBypass().getGroovy().setLocation(ResourceUtils.getResourceFrom(conf.getBypassGroovyScript())); diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/SyncopeWAApplication.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/SyncopeWAApplication.java index aeb44e2dcd..cda6bd0976 100644 --- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/SyncopeWAApplication.java +++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/SyncopeWAApplication.java @@ -27,6 +27,7 @@ import org.apache.syncope.wa.starter.config.WARefreshContextJob; import org.apereo.cas.config.GoogleAuthenticatorLdapConfiguration; import org.apereo.cas.configuration.CasConfigurationProperties; import org.apereo.cas.configuration.CasConfigurationPropertiesValidator; +import org.apereo.cas.oidc.config.OidcJwksJpaConfiguration; import org.quartz.JobBuilder; import org.quartz.JobDetail; import org.quartz.JobKey; @@ -61,16 +62,14 @@ import org.springframework.transaction.annotation.EnableTransactionManagement; @SpringBootApplication(exclude = { /* - List of CAS-specific classes that we want to - exclude from auto-configuration. This is required when there is a - competing option/implementation available in Syncope that needs to be - conditionally activated. + * List of CAS-specific classes that we want to exclude from auto-configuration. + * This is required when there is a competing option/implementation available in Syncope that needs to be + * conditionally activated. */ GoogleAuthenticatorLdapConfiguration.class, - + OidcJwksJpaConfiguration.class, /* - List of Spring Boot classes that we want to disable - and remove from auto-configuration. + * List of Spring Boot classes that we want to disable and remove from auto-configuration. */ HibernateJpaAutoConfiguration.class, JerseyAutoConfiguration.class, @@ -96,14 +95,14 @@ public class SyncopeWAApplication extends SpringBootServletInitializer { public static void main(final String[] args) { new SpringApplicationBuilder(SyncopeWAApplication.class). - properties(Map.of("spring.config.name", "wa", "spring.cloud.bootstrap.name", "wa")). - build().run(args); + properties(Map.of("spring.config.name", "wa", "spring.cloud.bootstrap.name", "wa")). + build().run(args); } @Override protected SpringApplicationBuilder configure(final SpringApplicationBuilder builder) { return builder.properties(Map.of("spring.config.name", "wa", - "spring.cloud.bootstrap.name", "wa")).sources(SyncopeWAApplication.class); + "spring.cloud.bootstrap.name", "wa")).sources(SyncopeWAApplication.class); } /** @@ -119,8 +118,10 @@ public class SyncopeWAApplication extends SpringBootServletInitializer { scheduleJobToRefreshContext(waProperties, scheduler); } - protected void scheduleJobToRefreshContext(final WAProperties waProperties, - final SchedulerFactoryBean scheduler) { + protected void scheduleJobToRefreshContext( + final WAProperties waProperties, + final SchedulerFactoryBean scheduler) { + try { Date date = Date.from(LocalDateTime.now().plusSeconds(waProperties.getContextRefreshDelay()). atZone(ZoneId.systemDefault()).toInstant()); diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/audit/WAAuditTrailManager.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/audit/WAAuditTrailManager.java index 6dfdf01a54..f4119a8065 100644 --- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/audit/WAAuditTrailManager.java +++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/audit/WAAuditTrailManager.java @@ -19,7 +19,6 @@ package org.apache.syncope.wa.starter.audit; import com.fasterxml.jackson.core.JsonProcessingException; -import java.time.LocalDate; import java.time.OffsetDateTime; import java.util.Map; import java.util.Set; @@ -79,7 +78,7 @@ public class WAAuditTrailManager extends AbstractAuditTrailManager { } @Override - public Set<? extends AuditActionContext> getAuditRecordsSince(final LocalDate sinceDate) { + public Set<? extends AuditActionContext> getAuditRecords(final Map<WhereClauseFields, Object> map) { throw new UnsupportedOperationException("Fetching audit events from WA is not supported"); } diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/WAContext.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/WAContext.java index b929fb6104..5d03747e58 100644 --- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/WAContext.java +++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/WAContext.java @@ -283,7 +283,9 @@ public class WAContext { public OneTimeTokenCredentialRepository googleAuthenticatorAccountRegistry( final CasConfigurationProperties casProperties, @Qualifier("googleAuthenticatorAccountCipherExecutor") - final CipherExecutor<String, String> cipherExecutor, + final CipherExecutor<String, String> googleAuthenticatorAccountCipherExecutor, + @Qualifier("googleAuthenticatorScratchCodesCipherExecutor") + final CipherExecutor<Number, Number> googleAuthenticatorScratchCodesCipherExecutor, final IGoogleAuthenticator googleAuthenticatorInstance, final WARestClient restClient) { @@ -301,7 +303,11 @@ public class WAContext { ConnectionFactory connectionFactory = LdapUtils.newLdaptiveConnectionFactory(ldap); return new LdapGoogleAuthenticatorTokenCredentialRepository( - cipherExecutor, googleAuthenticatorInstance, connectionFactory, ldap); + googleAuthenticatorAccountCipherExecutor, + googleAuthenticatorScratchCodesCipherExecutor, + googleAuthenticatorInstance, + connectionFactory, + ldap); } return new WAGoogleMfaAuthCredentialRepository(restClient, googleAuthenticatorInstance); } diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/gauth/WAGoogleMfaAuthCredentialRepository.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/gauth/WAGoogleMfaAuthCredentialRepository.java index cb2b4fa0d5..e785ea29dd 100644 --- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/gauth/WAGoogleMfaAuthCredentialRepository.java +++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/gauth/WAGoogleMfaAuthCredentialRepository.java @@ -44,27 +44,27 @@ public class WAGoogleMfaAuthCredentialRepository extends BaseGoogleAuthenticator public WAGoogleMfaAuthCredentialRepository( final WARestClient waRestClient, final IGoogleAuthenticator googleAuthenticator) { - super(CipherExecutor.noOpOfStringToString(), googleAuthenticator); + super(CipherExecutor.noOpOfStringToString(), CipherExecutor.noOpOfNumberToNumber(), googleAuthenticator); this.waRestClient = waRestClient; } - protected GoogleMfaAuthAccount mapGoogleMfaAuthAccount(final OneTimeTokenAccount account) { + protected GoogleMfaAuthAccount mapGoogleMfaAuthAccount(final OneTimeTokenAccount otta) { return new GoogleMfaAuthAccount.Builder(). registrationDate(OffsetDateTime.now()). - scratchCodes(account.getScratchCodes()). - validationCode(account.getValidationCode()). - secretKey(account.getSecretKey()). - id(account.getId()). + scratchCodes(otta.getScratchCodes().stream().map(Number::intValue).collect(Collectors.toList())). + validationCode(otta.getValidationCode()). + secretKey(otta.getSecretKey()). + id(otta.getId()). build(); } - protected GoogleAuthenticatorAccount mapGoogleMfaAuthAccount(final GoogleMfaAuthAccount account) { + protected GoogleAuthenticatorAccount mapGoogleMfaAuthAccount(final GoogleMfaAuthAccount gmfaa) { return GoogleAuthenticatorAccount.builder(). - secretKey(account.getSecretKey()). - validationCode(account.getValidationCode()). - scratchCodes(account.getScratchCodes()). - name(account.getName()). - id(account.getId()). + secretKey(gmfaa.getSecretKey()). + validationCode(gmfaa.getValidationCode()). + scratchCodes(gmfaa.getScratchCodes().stream().map(Number::intValue).collect(Collectors.toList())). + name(gmfaa.getName()). + id(gmfaa.getId()). build(); } @@ -134,17 +134,17 @@ public class WAGoogleMfaAuthCredentialRepository extends BaseGoogleAuthenticator } @Override - public OneTimeTokenAccount save(final OneTimeTokenAccount tokenAccount) { + public OneTimeTokenAccount save(final OneTimeTokenAccount otta) { GoogleMfaAuthAccount account = new GoogleMfaAuthAccount.Builder(). registrationDate(OffsetDateTime.now()). - scratchCodes(tokenAccount.getScratchCodes()). - validationCode(tokenAccount.getValidationCode()). - secretKey(tokenAccount.getSecretKey()). - name(tokenAccount.getName()). - id(tokenAccount.getId()). + scratchCodes(otta.getScratchCodes().stream().map(Number::intValue).collect(Collectors.toList())). + validationCode(otta.getValidationCode()). + secretKey(otta.getSecretKey()). + name(otta.getName()). + id(otta.getId()). build(); waRestClient.getSyncopeClient(). - getService(GoogleMfaAuthAccountService.class).create(tokenAccount.getUsername(), account); + getService(GoogleMfaAuthAccountService.class).create(otta.getUsername(), account); return mapGoogleMfaAuthAccount(account); } diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/AbstractClientAppMapper.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/AbstractClientAppMapper.java index ee62c2b43c..f9a9685c16 100644 --- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/AbstractClientAppMapper.java +++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/AbstractClientAppMapper.java @@ -22,8 +22,8 @@ import java.util.Map; import java.util.stream.Collectors; import org.apache.syncope.common.lib.Attr; import org.apache.syncope.common.lib.to.ClientAppTO; +import org.apereo.cas.services.BaseWebBasedRegisteredService; import org.apereo.cas.services.DefaultRegisteredServiceProperty; -import org.apereo.cas.services.RegexRegisteredService; import org.apereo.cas.services.RegisteredServiceAccessStrategy; import org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy; import org.apereo.cas.services.RegisteredServiceAuthenticationPolicy; @@ -32,7 +32,7 @@ import org.apereo.cas.services.RegisteredServiceProperty; abstract class AbstractClientAppMapper implements ClientAppMapper { - protected void setCommon(final RegexRegisteredService service, final ClientAppTO clientApp) { + protected void setCommon(final BaseWebBasedRegisteredService service, final ClientAppTO clientApp) { service.setId(clientApp.getClientAppId()); service.setName(clientApp.getName()); service.setDescription(clientApp.getDescription()); @@ -48,7 +48,7 @@ abstract class AbstractClientAppMapper implements ClientAppMapper { } protected void setPolicies( - final RegexRegisteredService service, + final BaseWebBasedRegisteredService service, final RegisteredServiceAuthenticationPolicy authPolicy, final RegisteredServiceMultifactorPolicy mfaPolicy, final RegisteredServiceAccessStrategy accessStrategy, @@ -58,7 +58,7 @@ abstract class AbstractClientAppMapper implements ClientAppMapper { service.setAuthenticationPolicy(authPolicy); } if (mfaPolicy != null) { - service.setMultifactorPolicy(mfaPolicy); + service.setMultifactorAuthenticationPolicy(mfaPolicy); } if (accessStrategy != null) { service.setAccessStrategy(accessStrategy); diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/CASSPClientAppTOMapper.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/CASSPClientAppTOMapper.java index e1146ef929..5d007d2a05 100644 --- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/CASSPClientAppTOMapper.java +++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/CASSPClientAppTOMapper.java @@ -20,7 +20,7 @@ package org.apache.syncope.wa.starter.mapping; import org.apache.syncope.common.lib.to.CASSPClientAppTO; import org.apache.syncope.common.lib.wa.WAClientApp; -import org.apereo.cas.services.RegexRegisteredService; +import org.apereo.cas.services.CasRegisteredService; import org.apereo.cas.services.RegisteredService; import org.apereo.cas.services.RegisteredServiceAccessStrategy; import org.apereo.cas.services.RegisteredServiceAttributeReleasePolicy; @@ -42,7 +42,7 @@ public class CASSPClientAppTOMapper extends AbstractClientAppMapper { CASSPClientAppTO cas = CASSPClientAppTO.class.cast(clientApp.getClientAppTO()); - RegexRegisteredService service = new RegexRegisteredService(); + CasRegisteredService service = new CasRegisteredService(); service.setServiceId(cas.getServiceId()); setCommon(service, cas); diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/SAML2SPClientAppTOMapper.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/SAML2SPClientAppTOMapper.java index d90dd0d510..ac7e576c69 100644 --- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/SAML2SPClientAppTOMapper.java +++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/mapping/SAML2SPClientAppTOMapper.java @@ -52,7 +52,7 @@ public class SAML2SPClientAppTOMapper extends AbstractClientAppMapper { service.setMetadataLocation(sp.getMetadataLocation()); service.setMetadataSignatureLocation(sp.getMetadataSignatureLocation()); service.setSignAssertions(TriStateBoolean.fromBoolean(sp.isSignAssertions())); - service.setSignResponses(sp.isSignResponses()); + service.setSignResponses(TriStateBoolean.fromBoolean(sp.isSignResponses())); service.setEncryptionOptional(sp.isEncryptionOptional()); service.setEncryptAssertions(sp.isEncryptAssertions()); service.setRequiredAuthenticationContextClass(sp.getRequiredAuthenticationContextClass()); diff --git a/wa/starter/src/test/java/org/apache/syncope/wa/starter/AbstractTest.java b/wa/starter/src/test/java/org/apache/syncope/wa/starter/AbstractTest.java index 33ee8ffb99..54db7d837b 100644 --- a/wa/starter/src/test/java/org/apache/syncope/wa/starter/AbstractTest.java +++ b/wa/starter/src/test/java/org/apache/syncope/wa/starter/AbstractTest.java @@ -21,7 +21,7 @@ package org.apache.syncope.wa.starter; import java.util.UUID; import org.springframework.boot.test.context.SpringBootTest; import org.springframework.boot.test.context.TestConfiguration; -import org.springframework.boot.web.server.LocalServerPort; +import org.springframework.boot.test.web.server.LocalServerPort; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; import org.springframework.test.context.ContextConfiguration; diff --git a/wa/starter/src/test/java/org/apache/syncope/wa/starter/gauth/token/WAGoogleMfaAuthTokenRepositoryTest.java b/wa/starter/src/test/java/org/apache/syncope/wa/starter/gauth/token/WAGoogleMfaAuthTokenRepositoryTest.java index 835ddbf663..b3089233da 100644 --- a/wa/starter/src/test/java/org/apache/syncope/wa/starter/gauth/token/WAGoogleMfaAuthTokenRepositoryTest.java +++ b/wa/starter/src/test/java/org/apache/syncope/wa/starter/gauth/token/WAGoogleMfaAuthTokenRepositoryTest.java @@ -29,7 +29,7 @@ import org.springframework.beans.factory.annotation.Autowired; public class WAGoogleMfaAuthTokenRepositoryTest extends AbstractTest { @Autowired - private OneTimeTokenRepository tokenRepository; + private OneTimeTokenRepository<GoogleAuthenticatorToken> tokenRepository; @Test public void verifyOps() {