[syncope] branch 3_0_X updated: Switch to SPDX identifier for the license (#527)

2023-10-05 Thread coheigea 
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 3_0_X
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/3_0_X by this push:
 new 5038e9b20f Switch to SPDX identifier for the license (#527)
5038e9b20f is described below

commit 5038e9b20f9c63b9fb867fdc4f570d9e912260b9
Author: Colm O hEigeartaigh 
AuthorDate: Thu Oct 5 08:03:51 2023 +0100

Switch to SPDX identifier for the license (#527)
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 27ea78d130..689743d669 100644
--- a/pom.xml
+++ b/pom.xml
@@ -42,7 +42,7 @@ under the License.
 
   
 
-  Apache License, Version 2.0
+  Apache-2.0
   http://www.apache.org/licenses/LICENSE-2.0.txt
   repo

[syncope] branch master updated: Switch to SPDX identifier for the license (#527)

2023-10-05 Thread coheigea 
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/master by this push:
 new 0a66e3aef6 Switch to SPDX identifier for the license (#527)
0a66e3aef6 is described below

commit 0a66e3aef6842ebebac6ef2f65d50fca5aaa03b5
Author: Colm O hEigeartaigh 
AuthorDate: Thu Oct 5 08:03:51 2023 +0100

Switch to SPDX identifier for the license (#527)
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 45e5ab98e1..65e8ad00be 100644
--- a/pom.xml
+++ b/pom.xml
@@ -42,7 +42,7 @@ under the License.
 
   
 
-  Apache License, Version 2.0
+  Apache-2.0
   http://www.apache.org/licenses/LICENSE-2.0.txt
   repo

[syncope] branch coheigea/license created (now 3c76bb067e)

2023-10-04 Thread coheigea 
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a change to branch coheigea/license
in repository https://gitbox.apache.org/repos/asf/syncope.git


  at 3c76bb067e Switch to SPDX identifier for the license

This branch includes the following new commits:

 new 3c76bb067e Switch to SPDX identifier for the license

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[syncope] 01/01: Switch to SPDX identifier for the license

2023-10-04 Thread coheigea 
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch coheigea/license
in repository https://gitbox.apache.org/repos/asf/syncope.git

commit 3c76bb067eb5c0fb5c6428d850c9614ade61739a
Author: Colm O hEigeartaigh 
AuthorDate: Thu Oct 5 06:02:45 2023 +0100

Switch to SPDX identifier for the license
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 45e5ab98e1..65e8ad00be 100644
--- a/pom.xml
+++ b/pom.xml
@@ -42,7 +42,7 @@ under the License.
 
   
 
-  Apache License, Version 2.0
+  Apache-2.0
   http://www.apache.org/licenses/LICENSE-2.0.txt
   repo

[syncope] branch master updated (16cb7fa -> dfdfa2c)

2020-10-07 Thread coheigea 
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git.


from 16cb7fa  Fixing CodeQL analysis (#217)
 add dfdfa2c  Adding security-and-quality query (#218)

No new revisions were added by this update.

Summary of changes:
 .github/workflows/codeql-analysis.yml | 1 +
 1 file changed, 1 insertion(+)

[syncope] branch master updated: Exclude codeql from rat-plugin

2020-10-07 Thread coheigea 
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/master by this push:
 new 6323bd0  Exclude codeql from rat-plugin
6323bd0 is described below

commit 6323bd0b14d2be8f788d0c3bbb68c3c717e05a56
Author: Colm O hEigeartaigh 
AuthorDate: Wed Oct 7 12:38:47 2020 +0100

Exclude codeql from rat-plugin
---
 pom.xml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pom.xml b/pom.xml
index 58b8694..084 100644
--- a/pom.xml
+++ b/pom.xml
@@ -2526,6 +2526,7 @@ under the License.
 **/*.json
 **/banner.txt
 **/target/**
+**/codeql-analysis.yml

[syncope] branch master updated: Update codeql-analysis.yml

2020-10-07 Thread coheigea 
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/master by this push:
 new 1990c48  Update codeql-analysis.yml
1990c48 is described below

commit 1990c48f3fe07f0c057927cdee6e039e3eca4c82
Author: Colm O hEigeartaigh 
AuthorDate: Wed Oct 7 12:27:20 2020 +0100

Update codeql-analysis.yml

Removing javascript
---
 .github/workflows/codeql-analysis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/codeql-analysis.yml 
b/.github/workflows/codeql-analysis.yml
index 9cf53e2..54f501f 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -24,7 +24,7 @@ jobs:
   matrix:
 # Override automatic language detection by changing the below list
 # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 
'python']
-language: ['java', 'javascript']
+language: ['java']
 # Learn more...
 # 
https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection

[syncope] branch master updated: Update codeql-analysis.yml

2020-10-07 Thread coheigea 
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/master by this push:
 new 1990c48  Update codeql-analysis.yml
1990c48 is described below

commit 1990c48f3fe07f0c057927cdee6e039e3eca4c82
Author: Colm O hEigeartaigh 
AuthorDate: Wed Oct 7 12:27:20 2020 +0100

Update codeql-analysis.yml

Removing javascript
---
 .github/workflows/codeql-analysis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/codeql-analysis.yml 
b/.github/workflows/codeql-analysis.yml
index 9cf53e2..54f501f 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -24,7 +24,7 @@ jobs:
   matrix:
 # Override automatic language detection by changing the below list
 # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 
'python']
-language: ['java', 'javascript']
+language: ['java']
 # Learn more...
 # 
https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection

[syncope] branch master updated: Create codeql-analysis.yml

2020-10-07 Thread coheigea 
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/master by this push:
 new 2857b4e  Create codeql-analysis.yml
2857b4e is described below

commit 2857b4e95e498bcc7a4da63740e99cf8a14f1b84
Author: Colm O hEigeartaigh 
AuthorDate: Wed Oct 7 12:22:54 2020 +0100

Create codeql-analysis.yml
---
 .github/workflows/codeql-analysis.yml | 71 +++
 1 file changed, 71 insertions(+)

diff --git a/.github/workflows/codeql-analysis.yml 
b/.github/workflows/codeql-analysis.yml
new file mode 100644
index 000..9cf53e2
--- /dev/null
+++ b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,71 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+name: "CodeQL"
+
+on:
+  push:
+branches: [master]
+  pull_request:
+# The branches below must be a subset of the branches above
+branches: [master]
+  schedule:
+- cron: '0 13 * * 4'
+
+jobs:
+  analyze:
+name: Analyze
+runs-on: ubuntu-latest
+
+strategy:
+  fail-fast: false
+  matrix:
+# Override automatic language detection by changing the below list
+# Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 
'python']
+language: ['java', 'javascript']
+# Learn more...
+# 
https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
+
+steps:
+- name: Checkout repository
+  uses: actions/checkout@v2
+  with:
+# We must fetch at least the immediate parents so that if this is
+# a pull request then we can checkout the head.
+fetch-depth: 2
+
+# If this run was triggered by a pull request event, then checkout
+# the head of the pull request instead of the merge commit.
+- run: git checkout HEAD^2
+  if: ${{ github.event_name == 'pull_request' }}
+
+# Initializes the CodeQL tools for scanning.
+- name: Initialize CodeQL
+  uses: github/codeql-action/init@v1
+  with:
+languages: ${{ matrix.language }}
+# If you wish to specify custom queries, you can do so here or in a 
config file.
+# By default, queries listed here will override any specified in a 
config file. 
+# Prefix the list here with "+" to use these queries and those in the 
config file.
+# queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+# Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+# If this step fails, then you should remove it and run the build manually 
(see below)
+- name: Autobuild
+  uses: github/codeql-action/autobuild@v1
+
+# ℹ️ Command-line programs to run using the OS shell.
+#  https://git.io/JvXDl
+
+# ✏️ If the Autobuild fails above, remove it and uncomment the following 
three lines
+#and modify them (or add more) to build your code if your project
+#uses a compiled language
+
+#- run: |
+#   make bootstrap
+#   make release
+
+- name: Perform CodeQL Analysis
+  uses: github/codeql-action/analyze@v1

[syncope] branch master updated: Fixing a grammatical issue with the mail template (#195)

2020-06-08 Thread coheigea 
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/master by this push:
 new 1cc9a2d  Fixing a grammatical issue with the mail template (#195)
1cc9a2d is described below

commit 1cc9a2d302c8f4f28188df843b4af4752c9bb0df
Author: Colm O hEigeartaigh 
AuthorDate: Mon Jun 8 14:35:09 2020 +0100

Fixing a grammatical issue with the mail template (#195)
---
 common/keymaster/client-api/src/main/resources/defaultContent.xml | 4 ++--
 .../persistence-jpa-json/src/main/resources/domains/MasterContent.xml | 4 ++--
 .../persistence-jpa-json/src/test/resources/domains/MasterContent.xml | 4 ++--
 core/persistence-jpa/src/main/resources/domains/MasterContent.xml | 4 ++--
 core/persistence-jpa/src/test/resources/domains/MasterContent.xml | 4 ++--
 core/persistence-jpa/src/test/resources/domains/TwoContent.xml| 4 ++--
 .../apache/syncope/core/provisioning/api/jexl/MailTemplateTest.java   | 4 ++--
 docker/core/src/main/resources/domains/MasterContent.xml.all  | 4 ++--
 docker/core/src/main/resources/domains/MasterContent.xml.myjson   | 4 ++--
 docker/core/src/main/resources/domains/MasterContent.xml.pgjsonb  | 4 ++--
 10 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/common/keymaster/client-api/src/main/resources/defaultContent.xml 
b/common/keymaster/client-api/src/main/resources/defaultContent.xml
index 477768a..e9b56bf 100644
--- a/common/keymaster/client-api/src/main/resources/defaultContent.xml
+++ b/common/keymaster/client-api/src/main/resources/defaultContent.xml
@@ -47,7 +47,7 @@ under the License.
   
   http://localhost:9080/syncope-enduser/confirmpasswordreset?token=${input.get(0).replaceAll('
 ', '%20')}link/a/p.
diff --git 
a/core/persistence-jpa-json/src/main/resources/domains/MasterContent.xml 
b/core/persistence-jpa-json/src/main/resources/domains/MasterContent.xml
index 1bd28de..41219a5 100644
--- a/core/persistence-jpa-json/src/main/resources/domains/MasterContent.xml
+++ b/core/persistence-jpa-json/src/main/resources/domains/MasterContent.xml
@@ -118,7 +118,7 @@ under the License.
   
   http://localhost:9080/syncope-enduser/confirmpasswordreset?token=${input.get(0).replaceAll('
 ', '%20')}link/a/p.
diff --git 
a/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml 
b/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml
index 6422c35..b0053e4 100644
--- a/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml
+++ b/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml
@@ -1149,7 +1149,7 @@ under the License.
 
   http://localhost:9080/syncope-enduser/confirmpasswordreset?token=${input.get(0).replaceAll('
 ', '%20')}link/a/p.
diff --git a/core/persistence-jpa/src/main/resources/domains/MasterContent.xml 
b/core/persistence-jpa/src/main/resources/domains/MasterContent.xml
index 6cbeb13..c5ed0c5 100644
--- a/core/persistence-jpa/src/main/resources/domains/MasterContent.xml
+++ b/core/persistence-jpa/src/main/resources/domains/MasterContent.xml
@@ -57,7 +57,7 @@ under the License.
   
   http://localhost:9080/syncope-enduser/confirmpasswordreset?token=${input.get(0).replaceAll('
 ', '%20')}link/a/p.
diff --git a/core/persistence-jpa/src/test/resources/domains/MasterContent.xml 
b/core/persistence-jpa/src/test/resources/domains/MasterContent.xml
index 170659f..890cf97 100644
--- a/core/persistence-jpa/src/test/resources/domains/MasterContent.xml
+++ b/core/persistence-jpa/src/test/resources/domains/MasterContent.xml
@@ -1236,7 +1236,7 @@ under the License.
 
   http://localhost:9080/syncope-enduser/confirmpasswordreset?token=${input.get(0).replaceAll('
 ', '%20')}link/a/p.
diff --git a/core/persistence-jpa/src/test/resources/domains/TwoContent.xml 
b/core/persistence-jpa/src/test/resources/domains/TwoContent.xml
index 2d5a056..4b7e58f 100644
--- a/core/persistence-jpa/src/test/resources/domains/TwoContent.xml
+++ b/core/persistence-jpa/src/test/resources/domains/TwoContent.xml
@@ -47,7 +47,7 @@ under the License.
   
   http://localhost:9080/syncope-enduser/confirmpasswordreset?token=${input.get(0).replaceAll('
 ', '%20')}link/a/p.
diff --git 
a/core/provisioning-api/src/test/java/org/apache/syncope/core/provisioning/api/jexl/MailTemplateTest.java
 
b/core/provisioning-api/src/test/java/org/apache/syncope/core/provisioning/api/jexl/MailTemplateTest.java
index d83b2a6..bfb6a2c 100644
--- 
a/core/provisioning-api/src/test/java/org/apache/syncope/core/provisioning/api/jexl/MailTemplateTest.java
+++ 
b/core/provisioning-api/src/test/java/org/apache/syncope/core/provisioning/api/jexl/MailTemplateTest.java
@@ -44,7 +44,7 @@ public class MailTemplateTest extends AbstractTest {
 + "Hi, we are happy to inform you that the password 
request was successfully executed for "
 + "your

[syncope] branch master updated: Updating Log4j to 2.13.2 due to CVE-2020-9488 (#177)

2020-04-27 Thread coheigea 
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/master by this push:
 new ba6d317  Updating Log4j to 2.13.2 due to CVE-2020-9488 (#177)
ba6d317 is described below

commit ba6d317dcf560b36b58c02119a7e20b9b0106f15
Author: Colm O hEigeartaigh 
AuthorDate: Mon Apr 27 10:05:51 2020 +0100

Updating Log4j to 2.13.2 due to CVE-2020-9488 (#177)
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index db29d46..3b3fd7d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -437,7 +437,7 @@ under the License.
 2.0.0.AM26
 2.0.0
 
-2.13.1
+2.13.2
 3.4.2
 
 3.1

[syncope] branch master updated: Replace JSTL with Apache Standard Taglibs (#146)

2019-12-12 Thread coheigea 
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/master by this push:
 new 34aed95  Replace JSTL with Apache Standard Taglibs (#146)
34aed95 is described below

commit 34aed95cb166d3e55d13fba139a362e81a2035be
Author: Colm O hEigeartaigh 
AuthorDate: Thu Dec 12 11:19:54 2019 +

Replace JSTL with Apache Standard Taglibs (#146)
---
 ext/oidcclient/agent/pom.xml | 4 ++--
 ext/saml2sp/agent/pom.xml| 4 ++--
 pom.xml  | 6 +++---
 standalone/LICENSE   | 4 ++--
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/ext/oidcclient/agent/pom.xml b/ext/oidcclient/agent/pom.xml
index 878aeb9..d0c37b7 100644
--- a/ext/oidcclient/agent/pom.xml
+++ b/ext/oidcclient/agent/pom.xml
@@ -47,8 +47,8 @@ under the License.
   javax.servlet.jsp-api
 
 
-  javax.servlet
-  jstl
+  org.apache.taglibs
+  taglibs-standard-impl
   provided
 
 
diff --git a/ext/saml2sp/agent/pom.xml b/ext/saml2sp/agent/pom.xml
index 808c76d..7a3bf6d 100644
--- a/ext/saml2sp/agent/pom.xml
+++ b/ext/saml2sp/agent/pom.xml
@@ -47,8 +47,8 @@ under the License.
   javax.servlet.jsp-api
 
 
-  javax.servlet
-  jstl
+  org.apache.taglibs
+  taglibs-standard-impl
   provided
 
 
diff --git a/pom.xml b/pom.xml
index 490b972..ea11284 100644
--- a/pom.xml
+++ b/pom.xml
@@ -602,9 +602,9 @@ under the License.
 provided
   
   
-javax.servlet
-jstl
-1.2
+org.apache.taglibs
+taglibs-standard-impl
+1.2.5
   
   
   
diff --git a/standalone/LICENSE b/standalone/LICENSE
index 3769043..77fc5fb 100644
--- a/standalone/LICENSE
+++ b/standalone/LICENSE
@@ -928,8 +928,8 @@ This is licensed under the CDDL 1.0, see above.
 
 ==
 
-For JSP Standard Tag Library (https://jstl.java.net/):
-This is licensed under the CDDL 1.0, see above.
+For Apache Standard Taglib (http://tomcat.apache.org/taglibs/standard/):
+This is licensed under the AL 2.0, see above.
 
 ==

[syncope] branch master updated: Disallow external DTDs/Stylesheets in a few places where we definately don't neeed them (#136)

2019-10-24 Thread coheigea 
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/master by this push:
 new 7c3b445  Disallow external DTDs/Stylesheets in a few places where we 
definately don't neeed them (#136)
7c3b445 is described below

commit 7c3b445b2df70bfc302d5758109699d82a69a923
Author: Colm O hEigeartaigh 
AuthorDate: Thu Oct 24 15:01:40 2019 +0100

Disallow external DTDs/Stylesheets in a few places where we definately 
don't neeed them (#136)
---
 .../java/org/apache/syncope/core/logic/init/CamelRouteLoader.java  | 6 ++
 .../org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java | 7 +++
 2 files changed, 13 insertions(+)

diff --git 
a/ext/camel/logic/src/main/java/org/apache/syncope/core/logic/init/CamelRouteLoader.java
 
b/ext/camel/logic/src/main/java/org/apache/syncope/core/logic/init/CamelRouteLoader.java
index 5ea378f..ec82cf6 100644
--- 
a/ext/camel/logic/src/main/java/org/apache/syncope/core/logic/init/CamelRouteLoader.java
+++ 
b/ext/camel/logic/src/main/java/org/apache/syncope/core/logic/init/CamelRouteLoader.java
@@ -146,6 +146,12 @@ public class CamelRouteLoader implements SyncopeCoreLoader 
{
 if (IS_JBOSS) {
 tf = TransformerFactory.newInstance();
 tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, 
true);
+try {
+tf.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+
tf.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
+} catch (IllegalArgumentException ex) {
+LOG.debug("The JAXP parser does not support the 
following attribute: ", ex);
+}
 tf.setURIResolver((href, base) -> null);
 
 Document doc = StaxUtils.read(resource.getInputStream());
diff --git 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
index cd429c8..2ec7b03 100644
--- 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
+++ 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
@@ -83,6 +83,13 @@ public class SAML2ReaderWriter {
 } catch (TransformerConfigurationException e) {
 LOG.error("Could not enable secure XML processing", e);
 }
+
+try {
+TRANSFORMER_FACTORY.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, 
"");
+
TRANSFORMER_FACTORY.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
+} catch (IllegalArgumentException ex) {
+ LOG.debug("The JAXP parser does not support the following 
attribute: ", ex);
+}
 }
 
 @Autowired

[syncope] branch 2_0_X updated: Disallow Doctypes for SAXParserFactory

2019-10-11 Thread coheigea 
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 2_0_X
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/2_0_X by this push:
 new a19c19e  Disallow Doctypes for SAXParserFactory
a19c19e is described below

commit a19c19e19948cd9e9457d709144ae6d1c2bcc239
Author: Colm O hEigeartaigh 
AuthorDate: Fri Oct 11 11:35:34 2019 +0100

Disallow Doctypes for SAXParserFactory
---
 .../apache/syncope/core/persistence/jpa/content/XMLContentLoader.java| 1 +
 1 file changed, 1 insertion(+)

diff --git 
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
 
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
index cdc01d0..3b117fe 100644
--- 
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
+++ 
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
@@ -107,6 +107,7 @@ public class XMLContentLoader extends AbstractContentDealer 
implements ContentLo
 
 SAXParserFactory factory = SAXParserFactory.newInstance();
 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, 
Boolean.TRUE);
+
factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl;, 
true);
 try (InputStream in = contentXML.getResource().getInputStream()) {
 SAXParser parser = factory.newSAXParser();
 parser.parse(in, new ContentLoaderHandler(dataSource, 
ROOT_ELEMENT, true, env));

[syncope] branch 2_1_X updated: Disallow Doctypes for SAXParserFactory

2019-10-11 Thread coheigea 
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 2_1_X
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/2_1_X by this push:
 new 410eeb3  Disallow Doctypes for SAXParserFactory
410eeb3 is described below

commit 410eeb3607f16cb2aa79ede7e44bb1bb662beea2
Author: Colm O hEigeartaigh 
AuthorDate: Fri Oct 11 11:35:34 2019 +0100

Disallow Doctypes for SAXParserFactory
---
 .../apache/syncope/core/persistence/jpa/content/XMLContentLoader.java| 1 +
 1 file changed, 1 insertion(+)

diff --git 
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
 
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
index a209a36..48aaf90 100644
--- 
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
+++ 
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
@@ -108,6 +108,7 @@ public class XMLContentLoader extends AbstractContentDealer 
implements ContentLo
 
 SAXParserFactory factory = SAXParserFactory.newInstance();
 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, 
Boolean.TRUE);
+
factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl;, 
true);
 try (InputStream in = contentXML.getResource().getInputStream()) {
 SAXParser parser = factory.newSAXParser();
 parser.parse(in, new ContentLoaderHandler(dataSource, 
ROOT_ELEMENT, true, env));

[syncope] branch master updated: Disallow Doctypes for SAXParserFactory

2019-10-11 Thread coheigea 
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/master by this push:
 new a7a3009  Disallow Doctypes for SAXParserFactory
 new 16fb995  Merge pull request #129 from coheigea/doctypes
a7a3009 is described below

commit a7a3009a5002f6e72fe5d19eb99382c28f374799
Author: Colm O hEigeartaigh 
AuthorDate: Fri Oct 11 11:35:34 2019 +0100

Disallow Doctypes for SAXParserFactory
---
 .../apache/syncope/core/persistence/jpa/content/XMLContentLoader.java| 1 +
 1 file changed, 1 insertion(+)

diff --git 
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
 
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
index db95a6a..9c1b502 100644
--- 
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
+++ 
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
@@ -112,6 +112,7 @@ public class XMLContentLoader implements ContentLoader {
 
 SAXParserFactory factory = SAXParserFactory.newInstance();
 factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, 
Boolean.TRUE);
+
factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl;, 
true);
 try (contentXML) {
 SAXParser parser = factory.newSAXParser();
 parser.parse(contentXML, new ContentLoaderHandler(dataSource, 
ROOT_ELEMENT, true, env));

[syncope] branch 2_1_X updated: Enable security-related HTTP headers in the console

2019-02-15 Thread coheigea 
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 2_1_X
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/2_1_X by this push:
 new b62f16c  Enable security-related HTTP headers in the console
 new 24474ac  Merge pull request #96 from coheigea/http_headers
b62f16c is described below

commit b62f16ccd22c16b0dfdcbecace17dac112db29c3
Author: Colm O hEigeartaigh 
AuthorDate: Thu Feb 14 18:17:43 2019 +

Enable security-related HTTP headers in the console
---
 .../syncope/client/console/SyncopeConsoleApplication.java  | 14 ++
 .../syncope/client/enduser/SyncopeEnduserApplication.java  | 14 ++
 2 files changed, 28 insertions(+)

diff --git 
a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java
 
b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java
index 3431f04..3ea3934 100644
--- 
a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java
+++ 
b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java
@@ -58,6 +58,9 @@ import 
org.apache.wicket.authroles.authorization.strategies.role.metadata.MetaDa
 import org.apache.wicket.markup.html.WebPage;
 import org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener;
 import org.apache.wicket.protocol.http.WebApplication;
+import org.apache.wicket.request.cycle.AbstractRequestCycleListener;
+import org.apache.wicket.request.cycle.RequestCycle;
+import org.apache.wicket.request.http.WebResponse;
 import org.apache.wicket.request.resource.AbstractResource;
 import org.apache.wicket.request.resource.IResource;
 import org.apache.wicket.request.resource.ResourceReference;
@@ -206,6 +209,17 @@ public class SyncopeConsoleApplication extends 
AuthenticatedWebApplication {
 }
 getRequestCycleListeners().add(new 
SyncopeConsoleRequestCycleListener());
 
+getRequestCycleListeners().add(new AbstractRequestCycleListener() {
+
+@Override
+public void onEndRequest(final RequestCycle cycle) {
+WebResponse response = (WebResponse) cycle.getResponse();
+response.setHeader("X-XSS-Protection", "1; mode=block");
+response.setHeader("X-Content-Type-Options", "nosniff");
+response.setHeader("X-Frame-Options", "sameorigin");
+}
+});
+
 mountPage("/login", getSignInPageClass());
 
 try {
diff --git 
a/client/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserApplication.java
 
b/client/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserApplication.java
index 207c789..e1efa65 100644
--- 
a/client/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserApplication.java
+++ 
b/client/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserApplication.java
@@ -50,6 +50,9 @@ import org.apache.wicket.WicketRuntimeException;
 import org.apache.wicket.protocol.http.WebApplication;
 import org.apache.wicket.request.Request;
 import org.apache.wicket.request.Response;
+import org.apache.wicket.request.cycle.AbstractRequestCycleListener;
+import org.apache.wicket.request.cycle.RequestCycle;
+import org.apache.wicket.request.http.WebResponse;
 import org.apache.wicket.request.resource.AbstractResource;
 import org.apache.wicket.request.resource.IResource;
 import org.apache.wicket.request.resource.ResourceReference;
@@ -304,6 +307,17 @@ public class SyncopeEnduserApplication extends 
WebApplication implements Seriali
 }
 });
 }
+
+getRequestCycleListeners().add(new AbstractRequestCycleListener() {
+
+@Override
+public void onEndRequest(final RequestCycle cycle) {
+WebResponse response = (WebResponse) cycle.getResponse();
+response.setHeader("X-XSS-Protection", "1; mode=block");
+response.setHeader("X-Content-Type-Options", "nosniff");
+response.setHeader("X-Frame-Options", "sameorigin");
+}
+});
 }
 
 @Override

[syncope] branch master updated: Enable the secure processing feature

2018-11-22 Thread coheigea 
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git


The following commit(s) were added to refs/heads/master by this push:
 new 720b253  Enable the secure processing feature
720b253 is described below

commit 720b2538d58833629497beecd1f2de04a7624ba4
Author: Colm O hEigeartaigh 
AuthorDate: Thu Nov 22 11:51:41 2018 +

Enable the secure processing feature
---
 .../apache/syncope/core/persistence/jpa/content/XMLContentLoader.java   | 2 ++
 1 file changed, 2 insertions(+)

diff --git 
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
 
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
index 8b59615..4adfde6 100644
--- 
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
+++ 
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java
@@ -23,6 +23,7 @@ import java.io.InputStream;
 import java.util.Properties;
 import javax.annotation.Resource;
 import javax.sql.DataSource;
+import javax.xml.XMLConstants;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.parsers.SAXParser;
 import javax.xml.parsers.SAXParserFactory;
@@ -101,6 +102,7 @@ public class XMLContentLoader extends AbstractContentDealer 
implements ContentLo
 throws IOException, ParserConfigurationException, SAXException {
 
 SAXParserFactory factory = SAXParserFactory.newInstance();
+factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, 
Boolean.TRUE);
 try (InputStream in = contentXML.getResource().getInputStream()) {
 SAXParser parser = factory.newSAXParser();
 parser.parse(in, new ContentLoaderHandler(dataSource, 
ROOT_ELEMENT, true));

syncope git commit: Updating WSS4J

2018-01-30 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X 8681aa76e -> 88f4b03e3


Updating WSS4J


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/88f4b03e
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/88f4b03e
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/88f4b03e

Branch: refs/heads/2_0_X
Commit: 88f4b03e39be6d13b879b5b46e93646da233447f
Parents: 8681aa7
Author: Colm O hEigeartaigh 
Authored: Tue Jan 30 17:09:00 2018 +
Committer: Colm O hEigeartaigh 
Committed: Tue Jan 30 17:09:12 2018 +

--
 pom.xml | 6 +-
 1 file changed, 5 insertions(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/88f4b03e/pom.xml
--
diff --git a/pom.xml b/pom.xml
index f93a5a4..c2fd20e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -618,7 +618,7 @@ under the License.
   
 org.apache.wss4j
 wss4j-ws-security-dom
-2.1.11
+2.1.12
 
   
 org.jasypt
@@ -628,6 +628,10 @@ under the License.
 org.apache.geronimo.specs
 geronimo-javamail_1.4_spec
   
+  
+com.fasterxml.woodstox
+woodstox-core
+

syncope git commit: Add the Active Directory Connector to fit/build-tools

2017-12-19 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X 845f25146 -> 32a6bd352


Add the Active Directory Connector to fit/build-tools

(cherry picked from commit d701a03fbaa84c079f8442608e279c5c60981160)


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/32a6bd35
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/32a6bd35
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/32a6bd35

Branch: refs/heads/2_0_X
Commit: 32a6bd35295ecd7d92be75e96b726fb6b50389c7
Parents: 845f251
Author: Colm O hEigeartaigh 
Authored: Tue Dec 19 15:41:43 2017 +
Committer: Colm O hEigeartaigh 
Committed: Tue Dec 19 15:42:21 2017 +

--
 .../apache/syncope/fit/buildtools/ConnIdStartStopListener.java| 1 +
 fit/build-tools/src/main/resources/buildToolsContext.xml  | 3 +++
 2 files changed, 4 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/32a6bd35/fit/build-tools/src/main/java/org/apache/syncope/fit/buildtools/ConnIdStartStopListener.java
--
diff --git 
a/fit/build-tools/src/main/java/org/apache/syncope/fit/buildtools/ConnIdStartStopListener.java
 
b/fit/build-tools/src/main/java/org/apache/syncope/fit/buildtools/ConnIdStartStopListener.java
index 1cb8370..1aaea1b 100644
--- 
a/fit/build-tools/src/main/java/org/apache/syncope/fit/buildtools/ConnIdStartStopListener.java
+++ 
b/fit/build-tools/src/main/java/org/apache/syncope/fit/buildtools/ConnIdStartStopListener.java
@@ -53,6 +53,7 @@ public class ConnIdStartStopListener implements 
ServletContextListener {
 "testconnectorserver.dbtable.bundle",
 "testconnectorserver.scriptedsql.bundle",
 "testconnectorserver.csvdir.bundle",
+"testconnectorserver.ad.bundle",
 "testconnectorserver.ldap.bundle" }) {
 
 URL url = null;

http://git-wip-us.apache.org/repos/asf/syncope/blob/32a6bd35/fit/build-tools/src/main/resources/buildToolsContext.xml
--
diff --git a/fit/build-tools/src/main/resources/buildToolsContext.xml 
b/fit/build-tools/src/main/resources/buildToolsContext.xml
index a4433c9..b3754ac 100644
--- a/fit/build-tools/src/main/resources/buildToolsContext.xml
+++ b/fit/build-tools/src/main/resources/buildToolsContext.xml
@@ -57,6 +57,9 @@ under the License.
   
 
 
+  
+
+

syncope git commit: SYNCOPE-1243 - Add information to GroupTO about user and AnyObject membership counts. Thanks to Francesco for reviewing.

2017-12-11 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X 2153a3dca -> 93e143590


SYNCOPE-1243 - Add information to GroupTO about user and AnyObject membership 
counts. Thanks to Francesco for reviewing.

(cherry picked from commit d784ae297c79df8e7d9a7c5dec1677d716422ef2)


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/93e14359
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/93e14359
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/93e14359

Branch: refs/heads/2_0_X
Commit: 93e143590da19d5d3d68909726830db41bac8b3e
Parents: 2153a3d
Author: Colm O hEigeartaigh 
Authored: Mon Dec 11 11:07:35 2017 +
Committer: Colm O hEigeartaigh 
Committed: Mon Dec 11 11:18:40 2017 +

--
 .../apache/syncope/common/lib/to/GroupTO.java   | 40 
 .../core/persistence/api/dao/GroupDAO.java  |  8 
 .../core/persistence/jpa/dao/JPAGroupDAO.java   | 41 
 .../java/data/GroupDataBinderImpl.java  |  8 
 .../apache/syncope/fit/core/GroupITCase.java| 50 
 5 files changed, 147 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/93e14359/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupTO.java
--
diff --git 
a/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupTO.java 
b/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupTO.java
index 0ae0885..4b6d1a1 100644
--- a/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupTO.java
+++ b/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupTO.java
@@ -48,6 +48,14 @@ public class GroupTO extends AnyTO {
 
 private String udynMembershipCond;
 
+private int staticUserMembershipCount;
+
+private int dynamicUserMembershipCount;
+
+private int staticAnyObjectMembershipCount;
+
+private int dynamicAnyObjectMembershipCount;
+
 @XmlJavaTypeAdapter(XmlGenericMapAdapter.class)
 @JsonIgnore
 private final Map adynMembershipConds = new HashMap<>();
@@ -96,6 +104,38 @@ public class GroupTO extends AnyTO {
 this.udynMembershipCond = uDynMembershipCond;
 }
 
+public int getStaticUserMembershipCount() {
+return staticUserMembershipCount;
+}
+
+public void setStaticUserMembershipCount(final int 
staticUserMembershipCount) {
+this.staticUserMembershipCount = staticUserMembershipCount;
+}
+
+public int getDynamicUserMembershipCount() {
+return dynamicUserMembershipCount;
+}
+
+public void setDynamicUserMembershipCount(final int 
dynamicUserMembershipCount) {
+this.dynamicUserMembershipCount = dynamicUserMembershipCount;
+}
+
+public int getStaticAnyObjectMembershipCount() {
+return staticAnyObjectMembershipCount;
+}
+
+public void setStaticAnyObjectMembershipCount(final int 
staticAnyObjectMembershipCount) {
+this.staticAnyObjectMembershipCount = staticAnyObjectMembershipCount;
+}
+
+public int getDynamicAnyObjectMembershipCount() {
+return dynamicAnyObjectMembershipCount;
+}
+
+public void setDynamicAnyObjectMembershipCount(final int 
dynamicAnyObjectMembershipCount) {
+this.dynamicAnyObjectMembershipCount = dynamicAnyObjectMembershipCount;
+}
+
 @JsonProperty
 public Map getADynMembershipConds() {
 return adynMembershipConds;

http://git-wip-us.apache.org/repos/asf/syncope/blob/93e14359/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/GroupDAO.java
--
diff --git 
a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/GroupDAO.java
 
b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/GroupDAO.java
index 08548b4..f296932 100644
--- 
a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/GroupDAO.java
+++ 
b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/GroupDAO.java
@@ -48,6 +48,14 @@ public interface GroupDAO extends AnyDAO {
 
 List findADynMembers(Group group);
 
+int countAMembers(Group group);
+
+int countUMembers(Group group);
+
+int countADynMembers(Group group);
+
+int countUDynMembers(Group group);
+
 void clearADynMembers(Group group);
 
 /**

http://git-wip-us.apache.org/repos/asf/syncope/blob/93e14359/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAGroupDAO.java
--
diff --git

syncope git commit: SYNCOPE-1243 - Add information to GroupTO about user and AnyObject membership counts. Thanks to Francesco for reviewing.

2017-12-11 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master 003982086 -> d784ae297


SYNCOPE-1243 - Add information to GroupTO about user and AnyObject membership 
counts. Thanks to Francesco for reviewing.


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/d784ae29
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/d784ae29
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/d784ae29

Branch: refs/heads/master
Commit: d784ae297c79df8e7d9a7c5dec1677d716422ef2
Parents: 0039820
Author: Colm O hEigeartaigh 
Authored: Mon Dec 11 11:07:35 2017 +
Committer: Colm O hEigeartaigh 
Committed: Mon Dec 11 11:07:35 2017 +

--
 .../apache/syncope/common/lib/to/GroupTO.java   | 40 
 .../core/persistence/api/dao/GroupDAO.java  |  8 
 .../core/persistence/jpa/dao/JPAGroupDAO.java   | 41 
 .../java/data/GroupDataBinderImpl.java  |  8 
 .../apache/syncope/fit/core/GroupITCase.java| 50 
 5 files changed, 147 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/d784ae29/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupTO.java
--
diff --git 
a/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupTO.java 
b/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupTO.java
index c531840..e4bf304 100644
--- a/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupTO.java
+++ b/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupTO.java
@@ -47,6 +47,14 @@ public class GroupTO extends AnyTO {
 
 private String udynMembershipCond;
 
+private int staticUserMembershipCount;
+
+private int dynamicUserMembershipCount;
+
+private int staticAnyObjectMembershipCount;
+
+private int dynamicAnyObjectMembershipCount;
+
 @XmlJavaTypeAdapter(XmlGenericMapAdapter.class)
 @JsonIgnore
 private final Map adynMembershipConds = new HashMap<>();
@@ -95,6 +103,38 @@ public class GroupTO extends AnyTO {
 this.udynMembershipCond = uDynMembershipCond;
 }
 
+public int getStaticUserMembershipCount() {
+return staticUserMembershipCount;
+}
+
+public void setStaticUserMembershipCount(final int 
staticUserMembershipCount) {
+this.staticUserMembershipCount = staticUserMembershipCount;
+}
+
+public int getDynamicUserMembershipCount() {
+return dynamicUserMembershipCount;
+}
+
+public void setDynamicUserMembershipCount(final int 
dynamicUserMembershipCount) {
+this.dynamicUserMembershipCount = dynamicUserMembershipCount;
+}
+
+public int getStaticAnyObjectMembershipCount() {
+return staticAnyObjectMembershipCount;
+}
+
+public void setStaticAnyObjectMembershipCount(final int 
staticAnyObjectMembershipCount) {
+this.staticAnyObjectMembershipCount = staticAnyObjectMembershipCount;
+}
+
+public int getDynamicAnyObjectMembershipCount() {
+return dynamicAnyObjectMembershipCount;
+}
+
+public void setDynamicAnyObjectMembershipCount(final int 
dynamicAnyObjectMembershipCount) {
+this.dynamicAnyObjectMembershipCount = dynamicAnyObjectMembershipCount;
+}
+
 @JsonProperty
 public Map getADynMembershipConds() {
 return adynMembershipConds;

http://git-wip-us.apache.org/repos/asf/syncope/blob/d784ae29/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/GroupDAO.java
--
diff --git 
a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/GroupDAO.java
 
b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/GroupDAO.java
index 1ee1cf1..11b61e8 100644
--- 
a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/GroupDAO.java
+++ 
b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/GroupDAO.java
@@ -49,6 +49,14 @@ public interface GroupDAO extends AnyDAO {
 
 List findADynMembers(Group group);
 
+int countAMembers(Group group);
+
+int countUMembers(Group group);
+
+int countADynMembers(Group group);
+
+int countUDynMembers(Group group);
+
 Collection findAllResourceKeys(final String key);
 
 void clearADynMembers(Group group);

http://git-wip-us.apache.org/repos/asf/syncope/blob/d784ae29/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAGroupDAO.java
--
diff --git 
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAGroupDAO.java

syncope git commit: Minor streams optimisation

2017-11-20 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master 30d90566d -> f670e2fa3


Minor streams optimisation


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/f670e2fa
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/f670e2fa
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/f670e2fa

Branch: refs/heads/master
Commit: f670e2fa38d0862c9b5d15639e8fb8dee5770936
Parents: 30d9056
Author: Colm O hEigeartaigh 
Authored: Mon Nov 20 12:35:33 2017 +
Committer: Colm O hEigeartaigh 
Committed: Mon Nov 20 12:35:33 2017 +

--
 .../main/java/org/apache/syncope/core/logic/AbstractAnyLogic.java  | 2 +-
 .../src/main/java/org/apache/syncope/core/logic/GroupLogic.java| 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/f670e2fa/core/logic/src/main/java/org/apache/syncope/core/logic/AbstractAnyLogic.java
--
diff --git 
a/core/logic/src/main/java/org/apache/syncope/core/logic/AbstractAnyLogic.java 
b/core/logic/src/main/java/org/apache/syncope/core/logic/AbstractAnyLogic.java
index 4e84455..fa3ca98 100644
--- 
a/core/logic/src/main/java/org/apache/syncope/core/logic/AbstractAnyLogic.java
+++ 
b/core/logic/src/main/java/org/apache/syncope/core/logic/AbstractAnyLogic.java
@@ -229,7 +229,7 @@ public abstract class AbstractAnyLogic ext
 ? groupDAO
 : anyObjectDAO;
 authorized = anyDAO.findDynRealms(key).stream().
-filter(dynRealm -> 
effectiveRealms.contains(dynRealm)).findFirst().isPresent();
+anyMatch(dynRealm -> effectiveRealms.contains(dynRealm));
 }
 if (!authorized) {
 throw new DelegatedAdministrationException(

http://git-wip-us.apache.org/repos/asf/syncope/blob/f670e2fa/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java
--
diff --git 
a/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java 
b/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java
index 8d94807..103dae8 100644
--- a/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java
+++ b/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java
@@ -122,7 +122,7 @@ public class GroupLogic extends AbstractAnyLogic {
 -> realm.startsWith(ownedRealm) || 
ownedRealm.equals(RealmUtils.getGroupOwnerRealm(realm, key)));
 if (!authorized) {
 authorized = groupDAO.findDynRealms(key).stream().
-filter(dynRealm -> 
effectiveRealms.contains(dynRealm)).findFirst().isPresent();
+anyMatch(dynRealm -> effectiveRealms.contains(dynRealm));
 }
 if (!authorized) {
 throw new DelegatedAdministrationException(realm, 
AnyTypeKind.GROUP.name(), key);

syncope git commit: Removing some duplicate code + another typo

2017-10-19 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X de750537b -> 16a55aa15


Removing some duplicate code + another typo


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/16a55aa1
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/16a55aa1
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/16a55aa1

Branch: refs/heads/2_0_X
Commit: 16a55aa1548a215580b9b298edee5197772361b1
Parents: de75053
Author: Colm O hEigeartaigh 
Authored: Thu Oct 19 11:08:44 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Oct 19 12:18:30 2017 +0100

--
 .../apache/syncope/client/console/SyncopeConsoleApplication.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/16a55aa1/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java
--
diff --git 
a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java
 
b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java
index 4bf1188..cfcdfbf 100644
--- 
a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java
+++ 
b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java
@@ -115,7 +115,7 @@ public class SyncopeConsoleApplication extends 
AuthenticatedWebApplication {
 
 @SuppressWarnings("unchecked")
 protected void populatePageClasses(final Properties props) {
-Enumeration propNames = (Enumeration) 
props.propertyNames();
+Enumeration propNames = (Enumeration) 
props.propertyNames();
 while (propNames.hasMoreElements()) {
 String name = propNames.nextElement();
 if (name.startsWith("page.")) {

syncope git commit: Removing some duplicate code + another typo

2017-10-19 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master 0984dfd22 -> 3f47e9bde


Removing some duplicate code + another typo


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/3f47e9bd
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/3f47e9bd
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/3f47e9bd

Branch: refs/heads/master
Commit: 3f47e9bdee9e8ffeb606b2717e34ecbfe2801fb4
Parents: 0984dfd
Author: Colm O hEigeartaigh 
Authored: Thu Oct 19 11:08:44 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Oct 19 11:09:02 2017 +0100

--
 .../apache/syncope/client/console/SyncopeConsoleApplication.java   | 2 +-
 .../src/main/java/org/apache/syncope/core/logic/ResourceLogic.java | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/3f47e9bd/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java
--
diff --git 
a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java
 
b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java
index 28a35c9..ba08b8a 100644
--- 
a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java
+++ 
b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java
@@ -112,7 +112,7 @@ public class SyncopeConsoleApplication extends 
AuthenticatedWebApplication {
 
 @SuppressWarnings("unchecked")
 protected void populatePageClasses(final Properties props) {
-Enumeration propNames = (Enumeration) 
props.propertyNames();
+Enumeration propNames = (Enumeration) 
props.propertyNames();
 while (propNames.hasMoreElements()) {
 String name = propNames.nextElement();
 if (name.startsWith("page.")) {

http://git-wip-us.apache.org/repos/asf/syncope/blob/3f47e9bd/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java
--
diff --git 
a/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java 
b/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java
index b476387..b4a0f13 100644
--- a/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java
+++ b/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java
@@ -113,7 +113,6 @@ public class ResourceLogic extends 
AbstractTransactionalLogic {
 private ConnectorFactory connFactory;
 
 protected void securityChecks(final Set effectiveRealms, final 
String realm, final String key) {
-effectiveRealms.stream().anyMatch(ownedRealm -> 
realm.startsWith(ownedRealm));
 boolean authorized = effectiveRealms.stream().anyMatch(ownedRealm -> 
realm.startsWith(ownedRealm));
 if (!authorized) {
 throw new DelegatedAdministrationException(realm, 
ExternalResource.class.getSimpleName(), key);

syncope git commit: SYNCOPE-1186 - Remove copy of SAMLSSOResponseValidator and SSOValidatorResponse when CXF 3.1.13 is out

2017-10-05 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X 435101f50 -> 5eb2ee37f


SYNCOPE-1186 - Remove copy of SAMLSSOResponseValidator and SSOValidatorResponse 
when CXF 3.1.13 is out


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/5eb2ee37
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/5eb2ee37
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/5eb2ee37

Branch: refs/heads/2_0_X
Commit: 5eb2ee37f9c6c9279d91683b8f7f1375c9acb6be
Parents: 435101f
Author: Colm O hEigeartaigh 
Authored: Thu Oct 5 17:00:04 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Oct 5 17:00:04 2017 +0100

--
 .../apache/syncope/core/logic/SAML2SPLogic.java |   2 +-
 .../core/logic/saml2/SAML2ReaderWriter.java |   2 +
 .../logic/saml2/SAMLSSOResponseValidator.java   | 371 ---
 .../core/logic/saml2/SSOValidatorResponse.java  |  84 -
 4 files changed, 3 insertions(+), 456 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/5eb2ee37/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
--
diff --git 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
index 9c3afd7..6bd6182 100644
--- 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
+++ 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
@@ -19,7 +19,6 @@
 package org.apache.syncope.core.logic;
 
 import org.apache.syncope.core.logic.saml2.SAML2UserManager;
-import org.apache.syncope.core.logic.saml2.SSOValidatorResponse;
 
 import com.fasterxml.uuid.Generators;
 import com.fasterxml.uuid.impl.RandomBasedGenerator;
@@ -39,6 +38,7 @@ import org.apache.commons.lang3.tuple.Pair;
 import org.apache.commons.lang3.tuple.Triple;
 import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
 import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
+import org.apache.cxf.rs.security.saml.sso.SSOValidatorResponse;
 import org.apache.syncope.common.lib.AbstractBaseBean;
 import org.apache.syncope.common.lib.SyncopeClientException;
 import org.apache.syncope.common.lib.to.AttrTO;

http://git-wip-us.apache.org/repos/asf/syncope/blob/5eb2ee37/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
--
diff --git 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
index ff64284..f711b56 100644
--- 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
+++ 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
@@ -43,6 +43,8 @@ import javax.xml.transform.stream.StreamResult;
 import org.apache.commons.codec.binary.Base64;
 import org.apache.cxf.rs.security.saml.DeflateEncoderDecoder;
 import org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator;
+import org.apache.cxf.rs.security.saml.sso.SAMLSSOResponseValidator;
+import org.apache.cxf.rs.security.saml.sso.SSOValidatorResponse;
 import org.apache.cxf.staxutils.StaxUtils;
 import org.apache.syncope.common.lib.SSOConstants;
 import org.apache.syncope.common.lib.types.SAML2BindingType;

http://git-wip-us.apache.org/repos/asf/syncope/blob/5eb2ee37/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAMLSSOResponseValidator.java
--
diff --git 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAMLSSOResponseValidator.java
 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAMLSSOResponseValidator.java
deleted file mode 100644
index a32ed09..000
--- 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAMLSSOResponseValidator.java
+++ /dev/null
@@ -1,371 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT

syncope git commit: SYNCOPE-1195 - Remove copy of OpenSAMLUtil when WSS4J 2.1.11 is out

2017-09-01 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X 367dd7c8b -> 068720834


SYNCOPE-1195 - Remove copy of OpenSAMLUtil when WSS4J 2.1.11 is out


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/06872083
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/06872083
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/06872083

Branch: refs/heads/2_0_X
Commit: 068720834b11bb5cb5db8e35dffe04ef0ed881fe
Parents: 367dd7c
Author: Colm O hEigeartaigh 
Authored: Fri Sep 1 18:26:27 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Sep 1 18:26:27 2017 +0100

--
 .../syncope/core/logic/saml2/OpenSAMLUtil.java  | 141 ---
 .../core/logic/saml2/SAML2ReaderWriter.java |   5 +-
 pom.xml |   2 +-
 3 files changed, 4 insertions(+), 144 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/06872083/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/OpenSAMLUtil.java
--
diff --git 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/OpenSAMLUtil.java
 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/OpenSAMLUtil.java
deleted file mode 100644
index ff197d4..000
--- 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/OpenSAMLUtil.java
+++ /dev/null
@@ -1,141 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.syncope.core.logic.saml2;
-
-import org.apache.wss4j.common.ext.WSSecurityException;
-import org.opensaml.core.xml.XMLObject;
-import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
-import org.opensaml.core.xml.io.Marshaller;
-import org.opensaml.core.xml.io.MarshallerFactory;
-import org.opensaml.core.xml.io.MarshallingException;
-import org.opensaml.saml.common.SignableSAMLObject;
-import org.opensaml.xmlsec.signature.Signature;
-import org.opensaml.xmlsec.signature.support.SignatureException;
-import org.opensaml.xmlsec.signature.support.Signer;
-import org.opensaml.xmlsec.signature.support.SignerProvider;
-import org.w3c.dom.Document;
-import org.w3c.dom.DocumentFragment;
-import org.w3c.dom.Element;
-
-/**
- * Class OpenSAMLUtil provides static helper methods for the OpenSaml library.
- * TODO Remove once we pick up WSS4J 2.1.11 - See 
https://issues.apache.org/jira/browse/WSS-613
- */
-final class OpenSAMLUtil {
-
-private OpenSAMLUtil() {
-// Complete
-}
-
-/**
- * Convert a SAML Assertion from a XMLObject to a DOM Element
- *
- * @param xmlObject of type XMLObject
- * @param doc  of type Document
- * @param signObject whether to sign the XMLObject during marshalling
- * @return Element
- * @throws WSSecurityException
- */
-public static Element toDom(
-final XMLObject xmlObject,
-final Document doc,
-final boolean signObject
-) throws WSSecurityException {
-MarshallerFactory marshallerFactory = 
XMLObjectProviderRegistrySupport.getMarshallerFactory();
-Marshaller marshaller = marshallerFactory.getMarshaller(xmlObject);
-Element element = null;
-DocumentFragment frag = doc == null ? null : 
doc.createDocumentFragment();
-try {
-if (frag != null) {
-while (doc.getFirstChild() != null) {
-frag.appendChild(doc.removeChild(doc.getFirstChild()));
-}
-}
-try {
-if (doc == null) {
-element = marshaller.marshall(xmlObject);
-} else {
-element = marshaller.marshall(xmlObject, doc);
-}
-} catch (MarshallingException ex) {
-throw new 
WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex, "empty",
-  new Object[] {"Error marshalling 
a SAML assertion"});
-

syncope git commit: Fixing build error

2017-08-31 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X 3dc6e4203 -> c671393e2


Fixing build error


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/c671393e
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/c671393e
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/c671393e

Branch: refs/heads/2_0_X
Commit: c671393e2977550df35213e6d0c3abbdb06e4d81
Parents: 3dc6e42
Author: Colm O hEigeartaigh 
Authored: Thu Aug 31 15:50:31 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Aug 31 15:50:31 2017 +0100

--
 .../syncope/client/console/wizards/SAML2IdPWizardBuilder.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/c671393e/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java
--
diff --git 
a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java
 
b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java
index ba25ebf..3376e64 100644
--- 
a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java
+++ 
b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java
@@ -120,7 +120,7 @@ public class SAML2IdPWizardBuilder extends 
AjaxWizardBuilder {
 fields.add(useDeflateEncoding);
 
 AjaxCheckBoxPanel supportUnsolicited = new AjaxCheckBoxPanel(
-"field", "supportUnsolicited", new PropertyModel<>(idpTO, 
"supportUnsolicited"), false);
+"field", "supportUnsolicited", new 
PropertyModel(idpTO, "supportUnsolicited"), false);
 fields.add(supportUnsolicited);
 
 AjaxDropDownChoicePanel bindingType =

[1/2] syncope git commit: SYNCOPE-1202 - Support IdP Initiated SAML SSO

2017-08-31 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X 55e09aa66 -> 3dc6e4203


SYNCOPE-1202 - Support IdP Initiated SAML SSO


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/2751007c
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/2751007c
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/2751007c

Branch: refs/heads/2_0_X
Commit: 2751007cec23dc5e211b76fd3f3da73bcc692b89
Parents: 55e09aa
Author: Colm O hEigeartaigh 
Authored: Thu Aug 31 13:25:19 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Aug 31 15:43:03 2017 +0100

--
 .../syncope/common/lib/to/SAML2IdPTO.java   |  10 ++
 .../apache/syncope/core/logic/SAML2SPLogic.java |  34 +--
 .../core/logic/saml2/SAML2IdPEntity.java|   4 +
 .../core/persistence/api/entity/SAML2IdP.java   |   4 +
 .../persistence/jpa/entity/JPASAML2IdP.java |  15 +++
 .../java/data/SAML2IdPDataBinderImpl.java   |   2 +
 .../apache/syncope/fit/core/SAML2ITCase.java| 101 +--
 .../src/test/resources/fediz_realmb.xml |  35 +++
 8 files changed, 183 insertions(+), 22 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/2751007c/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java
--
diff --git 
a/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java
 
b/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java
index 022267d..12f53ab 100644
--- 
a/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java
+++ 
b/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java
@@ -53,6 +53,8 @@ public class SAML2IdPTO extends AbstractBaseBean implements 
EntityTO, ItemContai
 
 private boolean useDeflateEncoding;
 
+private boolean supportUnsolicited;
+
 private SAML2BindingType bindingType;
 
 private boolean logoutSupported;
@@ -195,4 +197,12 @@ public class SAML2IdPTO extends AbstractBaseBean 
implements EntityTO, ItemContai
 return actionsClassNames;
 }
 
+public boolean isSupportUnsolicited() {
+return supportUnsolicited;
+}
+
+public void setSupportUnsolicited(final boolean supportUnsolicited) {
+this.supportUnsolicited = supportUnsolicited;
+}
+
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/2751007c/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
--
diff --git 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
index 39d025c..6c9b7ed 100644
--- 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
+++ 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
@@ -114,6 +114,8 @@ import org.springframework.util.ResourceUtils;
 @Component
 public class SAML2SPLogic extends AbstractSAML2Logic {
 
+private static final String IDP_INITIATED_RELAY_STATE = "idpInitiated";
+
 private static final long JWT_RELAY_STATE_DURATION = 60L;
 
 private static final String JWT_CLAIM_IDP_DEFLATE = "IDP_DEFLATE";
@@ -361,17 +363,23 @@ public class SAML2SPLogic extends 
AbstractSAML2Logic {
 if (response.getRelayState() == null) {
 throw new IllegalArgumentException("No Relay State was provided");
 }
-JwsJwtCompactConsumer relayState = new 
JwsJwtCompactConsumer(response.getRelayState());
-if (!relayState.verifySignatureWith(jwsSignatureVerifier)) {
-throw new IllegalArgumentException("Invalid signature found in 
Relay State");
-}
-Long expiryTime = relayState.getJwtClaims().getExpiryTime();
-if (expiryTime == null || (expiryTime * 1000L) < new Date().getTime()) 
{
-throw new IllegalArgumentException("Relay State is expired");
-}
 
-Boolean useDeflateEncoding = Boolean.valueOf(
-
relayState.getJwtClaims().getClaim(JWT_CLAIM_IDP_DEFLATE).toString());
+Boolean useDeflateEncoding = false;
+String requestId = null;
+if (!IDP_INITIATED_RELAY_STATE.equals(response.getRelayState())) {
+JwsJwtCompactConsumer relayState = new 
JwsJwtCompactConsumer(response.getRelayState());
+if (!relayState.verifySignatureWith(jwsSignatureVerifier)) {
+throw new IllegalArgumentException("Invalid signature found in 
Relay State");
+}
+useDeflateEncoding = Boolean.valueOf(
+

[2/2] syncope git commit: SYNCOPE-1202 - Adding UI support

2017-08-31 Thread coheigea 
SYNCOPE-1202 - Adding UI support


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/3dc6e420
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/3dc6e420
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/3dc6e420

Branch: refs/heads/2_0_X
Commit: 3dc6e420360981dce08731b557b145993d8ff7c2
Parents: 2751007
Author: Colm O hEigeartaigh 
Authored: Thu Aug 31 15:27:02 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Aug 31 15:44:24 2017 +0100

--
 .../syncope/client/console/panels/SAML2IdPsDirectoryPanel.java   | 2 ++
 .../syncope/client/console/wizards/SAML2IdPWizardBuilder.java| 4 
 .../client/console/panels/SAML2IdPsDirectoryPanel.properties | 1 +
 .../client/console/panels/SAML2IdPsDirectoryPanel_it.properties  | 1 +
 .../console/panels/SAML2IdPsDirectoryPanel_pt_BR.properties  | 1 +
 .../client/console/panels/SAML2IdPsDirectoryPanel_ru.properties  | 1 +
 6 files changed, 10 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/3dc6e420/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.java
--
diff --git 
a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.java
 
b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.java
index 2874a84..1b3f818 100644
--- 
a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.java
+++ 
b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.java
@@ -192,6 +192,8 @@ public class SAML2IdPsDirectoryPanel extends DirectoryPanel<
 columns.add(new PropertyColumn(new 
ResourceModel("entityID"), "entityID", "entityID"));
 columns.add(new BooleanPropertyColumn(
 new ResourceModel("useDeflateEncoding"), "useDeflateEncoding", 
"useDeflateEncoding"));
+columns.add(new BooleanPropertyColumn(
+new ResourceModel("supportUnsolicited"), "supportUnsolicited", 
"supportUnsolicited"));
 columns.add(new PropertyColumn(
 new ResourceModel("bindingType"), "bindingType", 
"bindingType"));
 columns.add(new BooleanPropertyColumn(

http://git-wip-us.apache.org/repos/asf/syncope/blob/3dc6e420/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java
--
diff --git 
a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java
 
b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java
index 0fc7b22..ba25ebf 100644
--- 
a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java
+++ 
b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java
@@ -119,6 +119,10 @@ public class SAML2IdPWizardBuilder extends 
AjaxWizardBuilder {
 "field", "useDeflateEncoding", new 
PropertyModel(idpTO, "useDeflateEncoding"), false);
 fields.add(useDeflateEncoding);
 
+AjaxCheckBoxPanel supportUnsolicited = new AjaxCheckBoxPanel(
+"field", "supportUnsolicited", new PropertyModel<>(idpTO, 
"supportUnsolicited"), false);
+fields.add(supportUnsolicited);
+
 AjaxDropDownChoicePanel bindingType =
 new AjaxDropDownChoicePanel<>("field", "bindingType",
 new PropertyModel(idpTO, 
"bindingType"), false);

http://git-wip-us.apache.org/repos/asf/syncope/blob/3dc6e420/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties
--
diff --git 
a/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties
 
b/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties
index 97d8690..60b2a65 100644
--- 
a/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties
+++ 
b/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties
@@ -16,6 +16,7 @@
 # under the License.
 entityID=Entity ID
 useDeflateEncoding=Deflate Encoding
+supportUnsolicited=Support

[1/2] syncope git commit: SYNCOPE-1202 - Support IdP Initiated SAML SSO

2017-08-31 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master b3db3b19e -> 58983df16


SYNCOPE-1202 - Support IdP Initiated SAML SSO


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/c4261ab1
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/c4261ab1
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/c4261ab1

Branch: refs/heads/master
Commit: c4261ab150920d84a7f4095ee22331f235ef6813
Parents: b3db3b1
Author: Colm O hEigeartaigh 
Authored: Thu Aug 31 13:25:19 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Aug 31 13:25:19 2017 +0100

--
 .../syncope/common/lib/to/SAML2IdPTO.java   | 10 +++
 .../apache/syncope/core/logic/SAML2SPLogic.java | 34 ---
 .../core/logic/saml2/SAML2IdPEntity.java|  4 +
 .../core/persistence/api/entity/SAML2IdP.java   |  4 +
 .../persistence/jpa/entity/JPASAML2IdP.java | 15 
 .../java/data/SAML2IdPDataBinderImpl.java   |  2 +
 .../apache/syncope/fit/core/SAML2ITCase.java| 95 +---
 .../src/test/resources/fediz_realmb.xml | 35 
 8 files changed, 177 insertions(+), 22 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/c4261ab1/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java
--
diff --git 
a/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java
 
b/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java
index 7b8b241..b11a530 100644
--- 
a/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java
+++ 
b/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java
@@ -51,6 +51,8 @@ public class SAML2IdPTO extends AbstractBaseBean implements 
EntityTO, ItemContai
 
 private boolean useDeflateEncoding;
 
+private boolean supportUnsolicited;
+
 private SAML2BindingType bindingType;
 
 private boolean logoutSupported;
@@ -187,4 +189,12 @@ public class SAML2IdPTO extends AbstractBaseBean 
implements EntityTO, ItemContai
 return actionsClassNames;
 }
 
+public boolean isSupportUnsolicited() {
+return supportUnsolicited;
+}
+
+public void setSupportUnsolicited(final boolean supportUnsolicited) {
+this.supportUnsolicited = supportUnsolicited;
+}
+
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/c4261ab1/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
--
diff --git 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
index e07fc52..755d938 100644
--- 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
+++ 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
@@ -113,6 +113,8 @@ import org.springframework.util.ResourceUtils;
 @Component
 public class SAML2SPLogic extends AbstractSAML2Logic {
 
+private static final String IDP_INITIATED_RELAY_STATE = "idpInitiated";
+
 private static final long JWT_RELAY_STATE_DURATION = 60L;
 
 private static final String JWT_CLAIM_IDP_DEFLATE = "IDP_DEFLATE";
@@ -360,17 +362,23 @@ public class SAML2SPLogic extends 
AbstractSAML2Logic {
 if (response.getRelayState() == null) {
 throw new IllegalArgumentException("No Relay State was provided");
 }
-JwsJwtCompactConsumer relayState = new 
JwsJwtCompactConsumer(response.getRelayState());
-if (!relayState.verifySignatureWith(jwsSignatureVerifier)) {
-throw new IllegalArgumentException("Invalid signature found in 
Relay State");
-}
-Long expiryTime = relayState.getJwtClaims().getExpiryTime();
-if (expiryTime == null || (expiryTime * 1000L) < new Date().getTime()) 
{
-throw new IllegalArgumentException("Relay State is expired");
-}
 
-Boolean useDeflateEncoding = Boolean.valueOf(
-
relayState.getJwtClaims().getClaim(JWT_CLAIM_IDP_DEFLATE).toString());
+Boolean useDeflateEncoding = false;
+String requestId = null;
+if (!IDP_INITIATED_RELAY_STATE.equals(response.getRelayState())) {
+JwsJwtCompactConsumer relayState = new 
JwsJwtCompactConsumer(response.getRelayState());
+if (!relayState.verifySignatureWith(jwsSignatureVerifier)) {
+throw new IllegalArgumentException("Invalid signature found in 
Relay State");
+}
+useDeflateEncoding = Boolean.valueOf(
+

[2/2] syncope git commit: SYNCOPE-1202 - Adding UI support

2017-08-31 Thread coheigea 
SYNCOPE-1202 - Adding UI support


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/58983df1
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/58983df1
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/58983df1

Branch: refs/heads/master
Commit: 58983df16678167db27f0a5c0b32e0bd3fc985a7
Parents: c4261ab
Author: Colm O hEigeartaigh 
Authored: Thu Aug 31 15:27:02 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Aug 31 15:27:02 2017 +0100

--
 .../syncope/client/console/panels/SAML2IdPsDirectoryPanel.java   | 2 ++
 .../syncope/client/console/wizards/SAML2IdPWizardBuilder.java| 4 
 .../client/console/panels/SAML2IdPsDirectoryPanel.properties | 1 +
 .../client/console/panels/SAML2IdPsDirectoryPanel_it.properties  | 1 +
 .../console/panels/SAML2IdPsDirectoryPanel_pt_BR.properties  | 1 +
 .../client/console/panels/SAML2IdPsDirectoryPanel_ru.properties  | 1 +
 6 files changed, 10 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/58983df1/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.java
--
diff --git 
a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.java
 
b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.java
index 45bdef3..dd2fb52 100644
--- 
a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.java
+++ 
b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.java
@@ -192,6 +192,8 @@ public class SAML2IdPsDirectoryPanel extends DirectoryPanel<
 columns.add(new PropertyColumn<>(new ResourceModel("entityID"), 
"entityID", "entityID"));
 columns.add(new BooleanPropertyColumn<>(
 new ResourceModel("useDeflateEncoding"), "useDeflateEncoding", 
"useDeflateEncoding"));
+columns.add(new BooleanPropertyColumn<>(
+new ResourceModel("supportUnsolicited"), "supportUnsolicited", 
"supportUnsolicited"));
 columns.add(new PropertyColumn<>(
 new ResourceModel("bindingType"), "bindingType", 
"bindingType"));
 columns.add(new BooleanPropertyColumn<>(

http://git-wip-us.apache.org/repos/asf/syncope/blob/58983df1/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java
--
diff --git 
a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java
 
b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java
index 5cafb9b..35eb5dc 100644
--- 
a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java
+++ 
b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java
@@ -117,6 +117,10 @@ public class SAML2IdPWizardBuilder extends 
AjaxWizardBuilder {
 "field", "useDeflateEncoding", new PropertyModel<>(idpTO, 
"useDeflateEncoding"), false);
 fields.add(useDeflateEncoding);
 
+AjaxCheckBoxPanel supportUnsolicited = new AjaxCheckBoxPanel(
+"field", "supportUnsolicited", new PropertyModel<>(idpTO, 
"supportUnsolicited"), false);
+fields.add(supportUnsolicited);
+
 AjaxDropDownChoicePanel bindingType =
 new AjaxDropDownChoicePanel<>("field", "bindingType",
 new PropertyModel<>(idpTO, "bindingType"), false);

http://git-wip-us.apache.org/repos/asf/syncope/blob/58983df1/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties
--
diff --git 
a/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties
 
b/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties
index 97d8690..60b2a65 100644
--- 
a/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties
+++ 
b/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties
@@ -16,6 +16,7 @@
 # under the License.
 entityID=Entity ID
 useDeflateEncoding=Deflate Encoding
+supportUnsolicited=Support Unsolicited Logins

syncope git commit: SYNCOPE-1198 - Adding docs

2017-08-30 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master f15efd5b3 -> a0bccf169


SYNCOPE-1198 - Adding docs


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/a0bccf16
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/a0bccf16
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/a0bccf16

Branch: refs/heads/master
Commit: a0bccf169f8b65e4a8db0627574167756f96b94b
Parents: f15efd5
Author: Colm O hEigeartaigh 
Authored: Wed Aug 30 16:50:25 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Wed Aug 30 16:50:25 2017 +0100

--
 .../systemadministration/keystore.adoc | 17 +
 1 file changed, 17 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/a0bccf16/src/main/asciidoc/reference-guide/workingwithapachesyncope/systemadministration/keystore.adoc
--
diff --git 
a/src/main/asciidoc/reference-guide/workingwithapachesyncope/systemadministration/keystore.adoc
 
b/src/main/asciidoc/reference-guide/workingwithapachesyncope/systemadministration/keystore.adoc
index 7f7d03b..2648f0a 100644
--- 
a/src/main/asciidoc/reference-guide/workingwithapachesyncope/systemadministration/keystore.adoc
+++ 
b/src/main/asciidoc/reference-guide/workingwithapachesyncope/systemadministration/keystore.adoc
@@ -120,4 +120,21 @@ keystore.type=jks
 keystore.storepass=astorepass
 keystore.keypass=akyepass
 sp.cert.alias=saml2sp
+signature.algorithm=RSA_SHA1
 
+
+The `signature.algorithm` configuration parameter is the signature algorithm
+that is used with the key extracted from the keystore referenced in the
+parameters. The value for this parameter must match one of the values in the
+table below, each of which correspond to a shorthand for an associated
+algorithm as defined for use in the XML Signature specification. If 
+`signature.algorithm` is not specified, then either RSA_SHA1, EC_SHA1 or
+DSA_SHA1 is used depending on the type of key that is stored in the keystore.
+
+
+RSA_SHA1, RSA_SHA224, RSA_SHA256, RSA_SHA384, RSA_SHA512,
+RSA_SHA1_MGF1, RSA_SHA224_MGF1, RSA_SHA256_MGF1, RSA_SHA384_MGF1, 
RSA_SHA512_MGF1,
+EC_SHA1, EC_SHA224, EC_SHA256, EC_SHA384, EC_SHA512,
+HMAC_SHA1, HMAC_SHA224, HMAC_SHA256, HMAC_SHA384, HMAC_SHA512,
+DSA_SHA1
+

syncope git commit: SYNCOPE-1198 - Make the signature algorithm configurable for SAML SSO

2017-08-30 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master 43d3792fc -> f15efd5b3


SYNCOPE-1198 - Make the signature algorithm configurable for SAML SSO


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/f15efd5b
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/f15efd5b
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/f15efd5b

Branch: refs/heads/master
Commit: f15efd5b33f583aab967d7deaf6da255a2aa33b8
Parents: 43d3792
Author: Colm O hEigeartaigh 
Authored: Wed Aug 30 13:08:50 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Wed Aug 30 13:08:50 2017 +0100

--
 .../common/lib/types/SignatureAlgorithm.java| 59 
 .../syncope/core/logic/init/SAML2SPLoader.java  |  7 +++
 .../core/logic/saml2/SAML2ReaderWriter.java | 32 ---
 .../src/main/resources/saml2sp-logic.properties |  1 +
 .../main/resources/all/saml2sp-logic.properties |  1 +
 5 files changed, 93 insertions(+), 7 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/f15efd5b/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/types/SignatureAlgorithm.java
--
diff --git 
a/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/types/SignatureAlgorithm.java
 
b/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/types/SignatureAlgorithm.java
new file mode 100644
index 000..315d239
--- /dev/null
+++ 
b/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/types/SignatureAlgorithm.java
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.common.lib.types;
+
+public enum SignatureAlgorithm {
+
+RSA_SHA1("http://www.w3.org/2000/09/xmldsig#rsa-sha1;),
+RSA_SHA224("http://www.w3.org/2001/04/xmldsig-more#rsa-sha224;),
+RSA_SHA256("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256;),
+RSA_SHA384("http://www.w3.org/2001/04/xmldsig-more#rsa-sha384;),
+RSA_SHA512("http://www.w3.org/2001/04/xmldsig-more#rsa-sha512;),
+
+RSA_SHA1_MGF1("http://www.w3.org/2007/05/xmldsig-more#sha1-rsa-MGF1;),
+RSA_SHA224_MGF1("http://www.w3.org/2007/05/xmldsig-more#sha224-rsa-MGF1;),
+RSA_SHA256_MGF1("http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1;),
+RSA_SHA384_MGF1("http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1;),
+RSA_SHA512_MGF1("http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1;),
+
+EC_SHA1("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1;),
+EC_SHA224("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224;),
+EC_SHA256("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256;),
+EC_SHA384("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384;),
+EC_SHA512("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512;),
+
+HMAC_SHA1("http://www.w3.org/2000/09/xmldsig#hmac-sha1;),
+HMAC_SHA224("http://www.w3.org/2001/04/xmldsig-more#hmac-sha224;),
+HMAC_SHA256("http://www.w3.org/2001/04/xmldsig-more#hmac-sha256;),
+HMAC_SHA384("http://www.w3.org/2001/04/xmldsig-more#hmac-sha384;),
+HMAC_SHA512("http://www.w3.org/2001/04/xmldsig-more#hmac-sha512;),
+
+DSA_SHA1("http://www.w3.org/2000/09/xmldsig#dsa-sha1;);
+
+private final String algorithm;
+
+SignatureAlgorithm(final String algorithm) {
+this.algorithm = algorithm;
+}
+
+public String getAlgorithm() {
+return algorithm;
+}
+
+}

http://git-wip-us.apache.org/repos/asf/syncope/blob/f15efd5b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/init/SAML2SPLoader.java
--
diff --git 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/init/SAML2SPLoader.java
 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/init/SAML2SPLoader.java
index a4230b2..308b95e 100644
--- 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/init/SAML2SPLoader.java
+++

syncope git commit: Use the Santuario JCEMapper instead to get the JCE signature algorithm

2017-08-16 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master 278525b7c -> 1afd1a705


Use the Santuario JCEMapper instead to get the JCE signature algorithm


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/1afd1a70
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/1afd1a70
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/1afd1a70

Branch: refs/heads/master
Commit: 1afd1a7053a2fb5d56b9f9ec4a858909e1957c6c
Parents: 278525b
Author: Colm O hEigeartaigh 
Authored: Wed Aug 16 16:00:11 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Wed Aug 16 16:00:11 2017 +0100

--
 .../org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java  | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/1afd1a70/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
--
diff --git 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
index 4aebdbb..8bf0c47 100644
--- 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
+++ 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
@@ -52,6 +52,7 @@ import org.apache.syncope.core.logic.init.SAML2SPLoader;
 import org.apache.wss4j.common.crypto.Merlin;
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.OpenSAMLUtil;
+import org.apache.xml.security.algorithms.JCEMapper;
 import org.opensaml.core.xml.XMLObject;
 import org.opensaml.saml.common.SignableSAMLObject;
 import org.opensaml.saml.saml2.core.RequestAbstractType;
@@ -99,15 +100,13 @@ public class SAML2ReaderWriter {
 keyInfoGenerator = keyInfoGeneratorFactory.newInstance();
 
 sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
-jceSigAlgo = "SHA1withRSA";
 String pubKeyAlgo = 
loader.getCredential().getPublicKey().getAlgorithm();
 if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
 sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_DSA_SHA1;
-jceSigAlgo = "SHA1withDSA";
 } else if (pubKeyAlgo.equalsIgnoreCase("EC")) {
 sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1;
-jceSigAlgo = "SHA1withECDSA";
 }
+jceSigAlgo = JCEMapper.translateURItoJCEID(sigAlgo);
 
 callbackHandler = new SAMLSPCallbackHandler(loader.getKeyPass());
 }

[2/5] syncope git commit: Dynamically generate a keypair for use in the SAML signing tests

2017-08-11 Thread coheigea 
Dynamically generate a keypair for use in the SAML signing tests


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/1d8b6c62
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/1d8b6c62
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/1d8b6c62

Branch: refs/heads/2_0_X
Commit: 1d8b6c62110564b57eb615b405346f1c978ee65e
Parents: 919584f
Author: Colm O hEigeartaigh 
Authored: Fri Aug 11 12:38:06 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Aug 11 13:16:06 2017 +0100

--
 fit/core-reference/pom.xml  |   7 ++
 .../apache/syncope/fit/core/SAML2ITCase.java| 104 +--
 fit/core-reference/src/test/resources/fediz.xml |  14 +--
 pom.xml |   2 +
 4 files changed, 108 insertions(+), 19 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/1d8b6c62/fit/core-reference/pom.xml
--
diff --git a/fit/core-reference/pom.xml b/fit/core-reference/pom.xml
index de491a3..d28eb06 100644
--- a/fit/core-reference/pom.xml
+++ b/fit/core-reference/pom.xml
@@ -176,6 +176,13 @@ under the License.
   junit
   test
 
+
+  org.bouncycastle
+  bcpkix-jdk15on
+  ${bouncycastle.version}
+  test
+
+
   
 
   

http://git-wip-us.apache.org/repos/asf/syncope/blob/1d8b6c62/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java
--
diff --git 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java
index e8a5add..4ae8c8f 100644
--- 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java
+++ 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java
@@ -26,12 +26,23 @@ import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
+import java.io.File;
 import java.io.InputStream;
 import java.io.InputStreamReader;
+import java.io.OutputStream;
+import java.math.BigInteger;
 import java.nio.charset.StandardCharsets;
+import java.nio.file.FileSystems;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
 import java.security.KeyStore;
+import java.security.SecureRandom;
+import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
 import java.util.Collections;
+import java.util.Date;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import javax.xml.namespace.QName;
@@ -72,6 +83,13 @@ import org.apache.wss4j.common.util.Loader;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.engine.WSSConfig;
 import org.apache.xml.security.signature.XMLSignature;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x500.style.RFC4519Style;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.cert.X509v3CertificateBuilder;
+import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
+import org.bouncycastle.operator.ContentSigner;
+import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
 import org.joda.time.DateTime;
 import org.junit.AfterClass;
 import org.junit.Assume;
@@ -86,6 +104,8 @@ import org.w3c.dom.Element;
 public class SAML2ITCase extends AbstractITCase {
 
 private static SyncopeClient anonymous;
+private static Path keystorePath;
+private static Path truststorePath;
 
 @BeforeClass
 public static void setup() {
@@ -98,13 +118,17 @@ public class SAML2ITCase extends AbstractITCase {
 }
 
 @BeforeClass
-public static void importFromIdPMetadata() {
+public static void importFromIdPMetadata() throws Exception {
 if (!SAML2SPDetector.isSAML2SPAvailable()) {
 return;
 }
 
 assertTrue(saml2IdPService.list().isEmpty());
 
+createKeystores();
+
+updateMetadataWithCert();
+
 WebClient.client(saml2IdPService).
 accept(MediaType.APPLICATION_XML_TYPE).
 type(MediaType.APPLICATION_XML_TYPE);
@@ -124,7 +148,7 @@ public class SAML2ITCase extends AbstractITCase {
 }
 
 @AfterClass
-public static void clearIdPs() {
+public static void clearIdPs() throws Exception {
 if (!SAML2SPDetector.isSAML2SPAvailable()) {
 return;
 }
@@ -132,6 +156,9 @@ public class SAML2ITCase extends AbstractITCase {
 for (SAML2IdPTO idp : saml2IdPService.list()) {
 saml2IdPService.delete(idp.getKey());
 }
+
+

[1/3] syncope git commit: Take the valid SAML Assertion from the validator response instead.

2017-08-11 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master 5da5326ac -> 883911633


Take the valid SAML Assertion from the validator response instead.


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/88391163
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/88391163
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/88391163

Branch: refs/heads/master
Commit: 88391163320f5d73ca51e4c03b0edc5371ab6e1e
Parents: d8d5fe5
Author: Colm O hEigeartaigh 
Authored: Fri Aug 11 12:51:22 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Aug 11 13:15:07 2017 +0100

--
 .../apache/syncope/core/logic/SAML2SPLogic.java | 65 ++--
 .../core/logic/saml2/SAML2ReaderWriter.java |  8 ++-
 2 files changed, 39 insertions(+), 34 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/88391163/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
--
diff --git 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
index 31ef8c4..03576ab 100644
--- 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
+++ 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
@@ -37,6 +37,7 @@ import org.apache.commons.lang3.tuple.Pair;
 import org.apache.commons.lang3.tuple.Triple;
 import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
 import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
+import org.apache.cxf.rs.security.saml.sso.SSOValidatorResponse;
 import org.apache.syncope.common.lib.AbstractBaseBean;
 import org.apache.syncope.common.lib.SyncopeClientException;
 import org.apache.syncope.common.lib.to.AttrTO;
@@ -371,8 +372,10 @@ public class SAML2SPLogic extends 
AbstractSAML2Logic {
 if (idp.getConnObjectKeyItem() == null) {
 throw new IllegalArgumentException("No mapping provided for SAML 
2.0 IdP '" + idp.getId() + "'");
 }
+
+SSOValidatorResponse validatorResponse = null;
 try {
-saml2rw.validate(
+validatorResponse = saml2rw.validate(
 samlResponse,
 idp,
 getAssertionConsumerURL(response.getSpEntityID(), 
response.getUrlContext()),
@@ -390,47 +393,45 @@ public class SAML2SPLogic extends 
AbstractSAML2Logic {
 responseTO.setIdp(idp.getId());
 responseTO.setSloSupported(idp.getSLOLocation(idp.getBindingType()) != 
null);
 
-NameID nameID = null;
+Assertion assertion = validatorResponse.getOpensamlAssertion();
+NameID nameID = assertion.getSubject().getNameID();
 String keyValue = null;
-for (Assertion assertion : samlResponse.getAssertions()) {
-nameID = assertion.getSubject().getNameID();
-if (StringUtils.isNotBlank(nameID.getValue())
-&& 
idp.getConnObjectKeyItem().getExtAttrName().equals("NameID")) {
+if (StringUtils.isNotBlank(nameID.getValue())
+&& idp.getConnObjectKeyItem().getExtAttrName().equals("NameID")) {
 
-keyValue = nameID.getValue();
-}
+keyValue = nameID.getValue();
+}
 
-if (assertion.getConditions().getNotOnOrAfter() != null) {
-
responseTO.setNotOnOrAfter(assertion.getConditions().getNotOnOrAfter().toDate());
-}
-for (AuthnStatement authnStmt : assertion.getAuthnStatements()) {
-responseTO.setSessionIndex(authnStmt.getSessionIndex());
+if (assertion.getConditions().getNotOnOrAfter() != null) {
+
responseTO.setNotOnOrAfter(assertion.getConditions().getNotOnOrAfter().toDate());
+}
+for (AuthnStatement authnStmt : assertion.getAuthnStatements()) {
+responseTO.setSessionIndex(authnStmt.getSessionIndex());
 
-
responseTO.setAuthInstant(authnStmt.getAuthnInstant().toDate());
-if (authnStmt.getSessionNotOnOrAfter() != null) {
-
responseTO.setNotOnOrAfter(authnStmt.getSessionNotOnOrAfter().toDate());
-}
+responseTO.setAuthInstant(authnStmt.getAuthnInstant().toDate());
+if (authnStmt.getSessionNotOnOrAfter() != null) {
+
responseTO.setNotOnOrAfter(authnStmt.getSessionNotOnOrAfter().toDate());
 }
+}
 
-for (AttributeStatement attrStmt : 
assertion.getAttributeStatements()) {
-for (Attribute attr : attrStmt.getAttributes()) {
-if

[3/3] syncope git commit: SYNCOPE-1194 - Sign the SAML SSO Service Provider Metadata

2017-08-11 Thread coheigea 
SYNCOPE-1194 - Sign the SAML SSO Service Provider Metadata


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/a22a6b55
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/a22a6b55
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/a22a6b55

Branch: refs/heads/master
Commit: a22a6b55f83846bf06bbb322e9acc234a9425ea5
Parents: 5da5326
Author: Colm O hEigeartaigh 
Authored: Fri Aug 11 11:59:08 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Aug 11 13:15:07 2017 +0100

--
 .../apache/syncope/core/logic/SAML2SPLogic.java   |  1 +
 .../core/logic/saml2/SAML2ReaderWriter.java   |  3 +--
 .../org/apache/syncope/fit/core/SAML2ITCase.java  | 18 ++
 3 files changed, 20 insertions(+), 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/a22a6b55/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
--
diff --git 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
index 87b7eb6..31ef8c4 100644
--- 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
+++ 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
@@ -200,6 +200,7 @@ public class SAML2SPLogic extends 
AbstractSAML2Logic {
 }
 
 spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor);
+saml2rw.sign(spEntityDescriptor);
 
 saml2rw.write(new OutputStreamWriter(os), spEntityDescriptor, 
true);
 } catch (Exception e) {

http://git-wip-us.apache.org/repos/asf/syncope/blob/a22a6b55/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
--
diff --git 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
index e83af5e..fa48e77 100644
--- 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
+++ 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
@@ -152,14 +152,13 @@ public class SAML2ReaderWriter {
 return responseObject;
 }
 
-public void sign(final RequestAbstractType request) throws 
SecurityException {
+public void sign(final SignableSAMLObject signableObject) throws 
SecurityException {
 org.opensaml.xmlsec.signature.Signature signature = 
OpenSAMLUtil.buildSignature();
 
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
 signature.setSignatureAlgorithm(sigAlgo);
 signature.setSigningCredential(loader.getCredential());
 
signature.setKeyInfo(keyInfoGenerator.generate(loader.getCredential()));
 
-SignableSAMLObject signableObject = (SignableSAMLObject) request;
 signableObject.setSignature(signature);
 signableObject.releaseDOM();
 signableObject.releaseChildrenDOM(true);

http://git-wip-us.apache.org/repos/asf/syncope/blob/a22a6b55/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java
--
diff --git 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java
index b87db1b..93608c2 100644
--- 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java
+++ 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java
@@ -30,10 +30,13 @@ import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.nio.charset.StandardCharsets;
 import java.security.KeyStore;
+import java.security.cert.X509Certificate;
 import java.util.Collections;
 import java.util.Optional;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
+import javax.xml.namespace.QName;
+
 import org.apache.commons.codec.binary.Base64;
 import org.apache.cxf.helpers.DOMUtils;
 import org.apache.cxf.jaxrs.client.WebClient;
@@ -67,6 +70,7 @@ import org.apache.wss4j.common.util.DOM2Writer;
 import org.apache.wss4j.common.util.Loader;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.engine.WSSConfig;
+import org.apache.xml.security.signature.XMLSignature;
 import org.joda.time.DateTime;
 import org.junit.AfterClass;
 import org.junit.Assume;
@@ -74,6 +78,7 @@ import org.junit.BeforeClass;
 import org.junit.Test;
 import

[2/3] syncope git commit: Dynamically generate a keypair for use in the SAML signing tests

2017-08-11 Thread coheigea 
Dynamically generate a keypair for use in the SAML signing tests


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/d8d5fe5e
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/d8d5fe5e
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/d8d5fe5e

Branch: refs/heads/master
Commit: d8d5fe5ee8c7e887f5c2fda8362aa9a0296635c9
Parents: a22a6b5
Author: Colm O hEigeartaigh 
Authored: Fri Aug 11 12:38:06 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Aug 11 13:15:07 2017 +0100

--
 fit/core-reference/pom.xml  |   7 ++
 .../apache/syncope/fit/core/SAML2ITCase.java| 104 +--
 fit/core-reference/src/test/resources/fediz.xml |  14 +--
 pom.xml |   2 +
 4 files changed, 108 insertions(+), 19 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/d8d5fe5e/fit/core-reference/pom.xml
--
diff --git a/fit/core-reference/pom.xml b/fit/core-reference/pom.xml
index 5762a33..45a6214 100644
--- a/fit/core-reference/pom.xml
+++ b/fit/core-reference/pom.xml
@@ -176,6 +176,13 @@ under the License.
   junit
   test
 
+
+  org.bouncycastle
+  bcpkix-jdk15on
+  ${bouncycastle.version}
+  test
+
+
   
 
   

http://git-wip-us.apache.org/repos/asf/syncope/blob/d8d5fe5e/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java
--
diff --git 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java
index 93608c2..9ee5653 100644
--- 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java
+++ 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java
@@ -26,12 +26,23 @@ import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 import static org.junit.Assert.fail;
 
+import java.io.File;
 import java.io.InputStream;
 import java.io.InputStreamReader;
+import java.io.OutputStream;
+import java.math.BigInteger;
 import java.nio.charset.StandardCharsets;
+import java.nio.file.FileSystems;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
 import java.security.KeyStore;
+import java.security.SecureRandom;
+import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
 import java.util.Collections;
+import java.util.Date;
 import java.util.Optional;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
@@ -71,6 +82,13 @@ import org.apache.wss4j.common.util.Loader;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.engine.WSSConfig;
 import org.apache.xml.security.signature.XMLSignature;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x500.style.RFC4519Style;
+import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
+import org.bouncycastle.cert.X509v3CertificateBuilder;
+import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
+import org.bouncycastle.operator.ContentSigner;
+import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
 import org.joda.time.DateTime;
 import org.junit.AfterClass;
 import org.junit.Assume;
@@ -85,6 +103,8 @@ import org.w3c.dom.Element;
 public class SAML2ITCase extends AbstractITCase {
 
 private static SyncopeClient anonymous;
+private static Path keystorePath;
+private static Path truststorePath;
 
 @BeforeClass
 public static void setup() {
@@ -97,13 +117,17 @@ public class SAML2ITCase extends AbstractITCase {
 }
 
 @BeforeClass
-public static void importFromIdPMetadata() {
+public static void importFromIdPMetadata() throws Exception {
 if (!SAML2SPDetector.isSAML2SPAvailable()) {
 return;
 }
 
 assertTrue(saml2IdPService.list().isEmpty());
 
+createKeystores();
+
+updateMetadataWithCert();
+
 WebClient.client(saml2IdPService).
 accept(MediaType.APPLICATION_XML_TYPE).
 type(MediaType.APPLICATION_XML_TYPE);
@@ -123,7 +147,7 @@ public class SAML2ITCase extends AbstractITCase {
 }
 
 @AfterClass
-public static void clearIdPs() {
+public static void clearIdPs() throws Exception {
 if (!SAML2SPDetector.isSAML2SPAvailable()) {
 return;
 }
@@ -131,6 +155,9 @@ public class SAML2ITCase extends AbstractITCase {
 for (SAML2IdPTO idp : saml2IdPService.list()) {
 saml2IdPService.delete(idp.getKey());
 }
+
+

[2/2] syncope git commit: Support EC keys for signing in the SAML SSO module

2017-08-10 Thread coheigea 
Support EC keys for signing in the SAML SSO module


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/3b24fd10
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/3b24fd10
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/3b24fd10

Branch: refs/heads/2_0_X
Commit: 3b24fd10f1901430a42993da9d7f30f46cf2ab39
Parents: d70b33a
Author: Colm O hEigeartaigh 
Authored: Thu Aug 10 17:02:26 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Aug 10 17:56:35 2017 +0100

--
 .../org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java| 3 +++
 1 file changed, 3 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/3b24fd10/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
--
diff --git 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
index 6fe20e6..62e90e7 100644
--- 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
+++ 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
@@ -102,6 +102,9 @@ public class SAML2ReaderWriter {
 if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
 sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_DSA_SHA1;
 jceSigAlgo = "SHA1withDSA";
+} else if (pubKeyAlgo.equalsIgnoreCase("EC")) {
+sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1;
+jceSigAlgo = "SHA1withECDSA";
 }
 
 callbackHandler = new SAMLSPCallbackHandler(loader.getKeyPass());

[1/2] syncope git commit: Avoid an NPE if the SAML Response Issuer is null

2017-08-10 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master 97744afe7 -> 8e73cd830


Avoid an NPE if the SAML Response Issuer is null


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/13230e26
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/13230e26
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/13230e26

Branch: refs/heads/master
Commit: 13230e268b9361dbb056c8960a2e10e7cb7333b1
Parents: 97744af
Author: Colm O hEigeartaigh 
Authored: Thu Aug 10 13:15:51 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Aug 10 13:15:51 2017 +0100

--
 .../src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java | 3 +++
 1 file changed, 3 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/13230e26/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
--
diff --git 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
index f6953e6..87b7eb6 100644
--- 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
+++ 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
@@ -363,6 +363,9 @@ public class SAML2SPLogic extends 
AbstractSAML2Logic {
 }
 
 // 3. validate the SAML response and, if needed, decrypt the provided 
assertion(s)
+if (samlResponse.getIssuer() == null || 
samlResponse.getIssuer().getValue() == null) {
+throw new IllegalArgumentException("The SAML Response must contain 
an Issuer");
+}
 final SAML2IdPEntity idp = getIdP(samlResponse.getIssuer().getValue());
 if (idp.getConnObjectKeyItem() == null) {
 throw new IllegalArgumentException("No mapping provided for SAML 
2.0 IdP '" + idp.getId() + "'");

[2/2] syncope git commit: Support EC keys for signing in the SAML SSO module

2017-08-10 Thread coheigea 
Support EC keys for signing in the SAML SSO module


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/8e73cd83
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/8e73cd83
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/8e73cd83

Branch: refs/heads/master
Commit: 8e73cd830305a5ed72fe3d57b225c2ed5a7a9280
Parents: 13230e2
Author: Colm O hEigeartaigh 
Authored: Thu Aug 10 17:02:26 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Aug 10 17:02:26 2017 +0100

--
 .../org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java| 3 +++
 1 file changed, 3 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/8e73cd83/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
--
diff --git 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
index 096dccb..e83af5e 100644
--- 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
+++ 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java
@@ -103,6 +103,9 @@ public class SAML2ReaderWriter {
 if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
 sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_DSA_SHA1;
 jceSigAlgo = "SHA1withDSA";
+} else if (pubKeyAlgo.equalsIgnoreCase("EC")) {
+sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1;
+jceSigAlgo = "SHA1withECDSA";
 }
 
 callbackHandler = new SAMLSPCallbackHandler(loader.getKeyPass());

[1/3] syncope git commit: NPE guards for both the RelayState and Response

2017-08-02 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X e1a9e9e7f -> 8746f9f8e


NPE guards for both the RelayState and Response


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/ebd3e2e2
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/ebd3e2e2
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/ebd3e2e2

Branch: refs/heads/2_0_X
Commit: ebd3e2e2cf8e6ccbc933bf3ab3e7e8b650512928
Parents: e1a9e9e
Author: Colm O hEigeartaigh 
Authored: Wed Aug 2 15:31:47 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Wed Aug 2 17:10:26 2017 +0100

--
 .../main/java/org/apache/syncope/core/logic/SAML2SPLogic.java  | 6 ++
 1 file changed, 6 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/ebd3e2e2/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
--
diff --git 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
index 222d3cf..28a1ef0 100644
--- 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
+++ 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
@@ -421,6 +421,9 @@ public class SAML2SPLogic extends 
AbstractSAML2Logic {
 check();
 
 // 1. first checks for the provided relay state
+if (response.getRelayState() == null) {
+throw new IllegalArgumentException("No Relay State was provided");
+}
 JwsJwtCompactConsumer relayState = new 
JwsJwtCompactConsumer(response.getRelayState());
 if (!relayState.verifySignatureWith(jwsSignatureVerifier)) {
 throw new IllegalArgumentException("Invalid signature found in 
Relay State");
@@ -429,6 +432,9 @@ public class SAML2SPLogic extends 
AbstractSAML2Logic {
 
relayState.getJwtClaims().getClaim(JWT_CLAIM_IDP_DEFLATE).toString());
 
 // 2. parse the provided SAML response
+if (response.getSamlResponse() == null) {
+throw new IllegalArgumentException("No SAML Response was 
provided");
+}
 Response samlResponse;
 try {
 XMLObject responseObject = saml2rw.read(useDeflateEncoding, 
response.getSamlResponse());

[2/3] syncope git commit: Switch to use different ports to avoid conflict with other Tomcat deployments

2017-08-02 Thread coheigea 
Switch to use different ports to avoid conflict with other Tomcat deployments


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/a11cd34e
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/a11cd34e
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/a11cd34e

Branch: refs/heads/master
Commit: a11cd34eb3abba039a103a6429a6b9445234ef9d
Parents: c7a5057
Author: Colm O hEigeartaigh 
Authored: Wed Aug 2 16:42:31 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Wed Aug 2 17:10:05 2017 +0100

--
 standalone/pom.xml | 2 ++
 1 file changed, 2 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/a11cd34e/standalone/pom.xml
--
diff --git a/standalone/pom.xml b/standalone/pom.xml
index 89dd1bc..e045bf1 100644
--- a/standalone/pom.xml
+++ b/standalone/pom.xml
@@ -187,6 +187,8 @@ under the License.
 
 
 
+
+

syncope git commit: Some trivial grammatical changes

2017-08-01 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X bf35449ca -> 6008f3eb1


Some trivial grammatical changes


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/6008f3eb
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/6008f3eb
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/6008f3eb

Branch: refs/heads/2_0_X
Commit: 6008f3eb1b61b214c5592f05022c75fe9a432642
Parents: bf35449
Author: Colm O hEigeartaigh 
Authored: Tue Aug 1 17:27:04 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Tue Aug 1 21:28:03 2017 +0100

--
 .../main/java/org/apache/syncope/core/logic/AccessTokenLogic.java  | 2 +-
 .../src/main/java/org/apache/syncope/core/logic/SAML2IdPLogic.java | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/6008f3eb/core/logic/src/main/java/org/apache/syncope/core/logic/AccessTokenLogic.java
--
diff --git 
a/core/logic/src/main/java/org/apache/syncope/core/logic/AccessTokenLogic.java 
b/core/logic/src/main/java/org/apache/syncope/core/logic/AccessTokenLogic.java
index c495392..e6b0099 100644
--- 
a/core/logic/src/main/java/org/apache/syncope/core/logic/AccessTokenLogic.java
+++ 
b/core/logic/src/main/java/org/apache/syncope/core/logic/AccessTokenLogic.java
@@ -54,7 +54,7 @@ public class AccessTokenLogic extends 
AbstractTransactionalLogic
 @PreAuthorize("isAuthenticated()")
 public Pair login() {
 if (anonymousUser.equals(AuthContextUtils.getUsername())) {
-throw new IllegalArgumentException(anonymousUser + " cannot be 
granted for an access token");
+throw new IllegalArgumentException(anonymousUser + " cannot be 
granted an access token");
 }
 
 return binder.create(AuthContextUtils.getUsername(), 
Collections.emptyMap(), false);

http://git-wip-us.apache.org/repos/asf/syncope/blob/6008f3eb/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2IdPLogic.java
--
diff --git 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2IdPLogic.java
 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2IdPLogic.java
index bb26b34..d7337b3 100644
--- 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2IdPLogic.java
+++ 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2IdPLogic.java
@@ -165,7 +165,7 @@ public class SAML2IdPLogic extends 
AbstractSAML2Logic {
 } else if (idp.getSSOLocation(SAML2BindingType.REDIRECT) != null) {
 idpTO.setBindingType(SAML2BindingType.REDIRECT);
 } else {
-throw new IllegalArgumentException("Not POST nor REDIRECT 
artifacts supported by " + idp.getId());
+throw new IllegalArgumentException("Neither POST nor REDIRECT 
artifacts supported by " + idp.getId());
 }
 
 result.add(idpTO);

[1/2] syncope git commit: Fixed WSS4J version on master + added a few lambdas in the SAML SSO code

2017-08-01 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master f533b2f73 -> 2f182750b


Fixed WSS4J version on master + added a few lambdas in the SAML SSO code


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/2f182750
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/2f182750
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/2f182750

Branch: refs/heads/master
Commit: 2f182750bdef9e260c4e267f95e816c76a7fbccc
Parents: 508c8cc
Author: Colm O hEigeartaigh 
Authored: Tue Aug 1 17:27:20 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Tue Aug 1 21:27:45 2017 +0100

--
 .../core/rest/cxf/service/SAML2SPServiceImpl.java | 10 +-
 .../java/org/apache/syncope/fit/core/SAML2ITCase.java | 14 ++
 pom.xml   |  2 +-
 3 files changed, 8 insertions(+), 18 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/2f182750/ext/saml2sp/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/SAML2SPServiceImpl.java
--
diff --git 
a/ext/saml2sp/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/SAML2SPServiceImpl.java
 
b/ext/saml2sp/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/SAML2SPServiceImpl.java
index 94d14f1..4ec2074 100644
--- 
a/ext/saml2sp/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/SAML2SPServiceImpl.java
+++ 
b/ext/saml2sp/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/SAML2SPServiceImpl.java
@@ -18,9 +18,6 @@
  */
 package org.apache.syncope.core.rest.cxf.service;
 
-import java.io.IOException;
-import java.io.OutputStream;
-
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
@@ -42,13 +39,8 @@ public class SAML2SPServiceImpl extends AbstractServiceImpl 
implements SAML2SPSe
 
 @Override
 public Response getMetadata(final String spEntityID, final String 
urlContext) {
-StreamingOutput sout = new StreamingOutput() {
+StreamingOutput sout = (os) -> 
logic.getMetadata(StringUtils.appendIfMissing(spEntityID, "/"), urlContext, os);
 
-@Override
-public void write(final OutputStream os) throws IOException {
-logic.getMetadata(StringUtils.appendIfMissing(spEntityID, 
"/"), urlContext, os);
-}
-};
 return Response.ok(sout).
 type(MediaType.APPLICATION_XML).
 build();

http://git-wip-us.apache.org/repos/asf/syncope/blob/2f182750/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java
--
diff --git 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java
index 948c426..2df4530 100644
--- 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java
+++ 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java
@@ -28,11 +28,11 @@ import static org.junit.Assert.fail;
 import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.nio.charset.StandardCharsets;
+import java.util.Optional;
+
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.collections4.IterableUtils;
-import org.apache.commons.collections4.Predicate;
 import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.cxf.staxutils.StaxUtils;
 import org.apache.syncope.client.lib.AnonymousAuthenticationHandler;
@@ -135,13 +135,11 @@ public class SAML2ITCase extends AbstractITCase {
 public void setIdPMapping() {
 Assume.assumeTrue(SAML2SPDetector.isSAML2SPAvailable());
 
-SAML2IdPTO ssoCircle = IterableUtils.find(saml2IdPService.list(), new 
Predicate() {
+Optional ssoCircleOpt =
+saml2IdPService.list().stream().filter(o -> 
"https://idp.ssocircle.com".equals(o.getEntityID())).findFirst();
+assertTrue(ssoCircleOpt.isPresent());
 
-@Override
-public boolean evaluate(final SAML2IdPTO object) {
-return 
"https://idp.ssocircle.com".equals(object.getEntityID());
-}
-});
+SAML2IdPTO ssoCircle = ssoCircleOpt.get();
 assertNotNull(ssoCircle);
 assertFalse(ssoCircle.getMappingItems().isEmpty());
 assertNotNull(ssoCircle.getConnObjectKeyItem());

http://git-wip-us.apache.org/repos/asf/syncope/blob/2f182750/pom.xml
--
diff --git a/pom.xml b/pom.xml
index

[2/2] syncope git commit: Some trivial grammatical changes

2017-08-01 Thread coheigea 
Some trivial grammatical changes


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/508c8cc8
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/508c8cc8
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/508c8cc8

Branch: refs/heads/master
Commit: 508c8cc823118d2015aa12f323de7bf5afd77019
Parents: f533b2f
Author: Colm O hEigeartaigh 
Authored: Tue Aug 1 17:27:04 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Tue Aug 1 21:27:45 2017 +0100

--
 .../main/java/org/apache/syncope/core/logic/AccessTokenLogic.java  | 2 +-
 .../src/main/java/org/apache/syncope/core/logic/SAML2IdPLogic.java | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/508c8cc8/core/logic/src/main/java/org/apache/syncope/core/logic/AccessTokenLogic.java
--
diff --git 
a/core/logic/src/main/java/org/apache/syncope/core/logic/AccessTokenLogic.java 
b/core/logic/src/main/java/org/apache/syncope/core/logic/AccessTokenLogic.java
index c495392..e6b0099 100644
--- 
a/core/logic/src/main/java/org/apache/syncope/core/logic/AccessTokenLogic.java
+++ 
b/core/logic/src/main/java/org/apache/syncope/core/logic/AccessTokenLogic.java
@@ -54,7 +54,7 @@ public class AccessTokenLogic extends 
AbstractTransactionalLogic
 @PreAuthorize("isAuthenticated()")
 public Pair login() {
 if (anonymousUser.equals(AuthContextUtils.getUsername())) {
-throw new IllegalArgumentException(anonymousUser + " cannot be 
granted for an access token");
+throw new IllegalArgumentException(anonymousUser + " cannot be 
granted an access token");
 }
 
 return binder.create(AuthContextUtils.getUsername(), 
Collections.emptyMap(), false);

http://git-wip-us.apache.org/repos/asf/syncope/blob/508c8cc8/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2IdPLogic.java
--
diff --git 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2IdPLogic.java
 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2IdPLogic.java
index f86b633..b432c04 100644
--- 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2IdPLogic.java
+++ 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2IdPLogic.java
@@ -165,7 +165,7 @@ public class SAML2IdPLogic extends 
AbstractSAML2Logic {
 } else if (idp.getSSOLocation(SAML2BindingType.REDIRECT) != null) {
 idpTO.setBindingType(SAML2BindingType.REDIRECT);
 } else {
-throw new IllegalArgumentException("Not POST nor REDIRECT 
artifacts supported by " + idp.getId());
+throw new IllegalArgumentException("Neither POST nor REDIRECT 
artifacts supported by " + idp.getId());
 }
 
 result.add(idpTO);

syncope git commit: Trivial formatting change

2017-07-28 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X c522ac058 -> 0819aec66


Trivial formatting change


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/0819aec6
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/0819aec6
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/0819aec6

Branch: refs/heads/2_0_X
Commit: 0819aec664ef220a0251c3b418e1f864109a9daf
Parents: c522ac0
Author: Colm O hEigeartaigh 
Authored: Fri Jul 28 15:28:15 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Jul 28 15:28:32 2017 +0100

--
 .../workingwithapachesyncope/customization.adoc | 16 
 1 file changed, 8 insertions(+), 8 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/0819aec6/src/main/asciidoc/reference-guide/workingwithapachesyncope/customization.adoc
--
diff --git 
a/src/main/asciidoc/reference-guide/workingwithapachesyncope/customization.adoc 
b/src/main/asciidoc/reference-guide/workingwithapachesyncope/customization.adoc
index eb0db34..50977ac 100644
--- 
a/src/main/asciidoc/reference-guide/workingwithapachesyncope/customization.adoc
+++ 
b/src/main/asciidoc/reference-guide/workingwithapachesyncope/customization.adoc
@@ -410,14 +410,14 @@ classpath*:/workflow*Context.xml
 with
 
 
-  classpath*:/coreContext.xml
-  classpath*:/elasticsearchClientContext.xml
-  classpath*:/securityContext.xml
-  classpath*:/logicContext.xml
-  classpath*:/restCXFContext.xml
-  classpath*:/persistenceContext.xml
-  classpath*:/provisioning*Context.xml
-  classpath*:/workflow*Context.xml
+classpath*:/coreContext.xml
+classpath*:/elasticsearchClientContext.xml
+classpath*:/securityContext.xml
+classpath*:/logicContext.xml
+classpath*:/restCXFContext.xml
+classpath*:/persistenceContext.xml
+classpath*:/provisioning*Context.xml
+classpath*:/workflow*Context.xml
 
 
 [[customization-console]]

syncope git commit: Trivial formatting change

2017-07-28 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master 2b4053df1 -> a9cc9e760


Trivial formatting change


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/a9cc9e76
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/a9cc9e76
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/a9cc9e76

Branch: refs/heads/master
Commit: a9cc9e76005a10fc75dec63665951e042aef72bc
Parents: 2b4053d
Author: Colm O hEigeartaigh 
Authored: Fri Jul 28 15:28:15 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Jul 28 15:28:15 2017 +0100

--
 .../workingwithapachesyncope/customization.adoc | 16 
 1 file changed, 8 insertions(+), 8 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/a9cc9e76/src/main/asciidoc/reference-guide/workingwithapachesyncope/customization.adoc
--
diff --git 
a/src/main/asciidoc/reference-guide/workingwithapachesyncope/customization.adoc 
b/src/main/asciidoc/reference-guide/workingwithapachesyncope/customization.adoc
index 5a115e4..07c4384 100644
--- 
a/src/main/asciidoc/reference-guide/workingwithapachesyncope/customization.adoc
+++ 
b/src/main/asciidoc/reference-guide/workingwithapachesyncope/customization.adoc
@@ -407,14 +407,14 @@ classpath*:/workflow*Context.xml
 with
 
 
-  classpath*:/coreContext.xml
-  classpath*:/elasticsearchClientContext.xml
-  classpath*:/securityContext.xml
-  classpath*:/logicContext.xml
-  classpath*:/restCXFContext.xml
-  classpath*:/persistenceContext.xml
-  classpath*:/provisioning*Context.xml
-  classpath*:/workflow*Context.xml
+classpath*:/coreContext.xml
+classpath*:/elasticsearchClientContext.xml
+classpath*:/securityContext.xml
+classpath*:/logicContext.xml
+classpath*:/restCXFContext.xml
+classpath*:/persistenceContext.xml
+classpath*:/provisioning*Context.xml
+classpath*:/workflow*Context.xml
 
 
 [[customization-console]]

syncope git commit: SYNCOPE-1179 - JWT "Date" claims are interpreted using milliseconds instead of seconds

2017-07-28 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X 98ab61e06 -> c522ac058


SYNCOPE-1179 - JWT "Date" claims are interpreted using milliseconds instead of 
seconds


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/c522ac05
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/c522ac05
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/c522ac05

Branch: refs/heads/2_0_X
Commit: c522ac05821dd23e3326c01525ebdd233ad66dd2
Parents: 98ab61e
Author: Colm O hEigeartaigh 
Authored: Fri Jul 28 14:50:03 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Jul 28 14:50:27 2017 +0100

--
 .../java/data/AccessTokenDataBinderImpl.java| 24 
 .../security/JWTAuthenticationProvider.java |  4 +-
 .../org/apache/syncope/fit/core/JWTITCase.java  | 58 +++-
 3 files changed, 48 insertions(+), 38 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/c522ac05/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
--
diff --git 
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
 
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
index f30562d..d886db6 100644
--- 
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
+++ 
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
@@ -87,16 +87,16 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
 
 credentialChecker.checkIsDefaultJWSKeyInUse();
 
-Date now = new Date();
-Date expiry = new Date(now.getTime() + 60L * 1000L * duration);
+long currentTime = new Date().getTime() / 1000L;
+long expiryTime = currentTime + 60L * duration;
 
 JwtClaims jwtClaims = new JwtClaims();
 jwtClaims.setTokenId(UUID_GENERATOR.generate().toString());
 jwtClaims.setSubject(subject);
-jwtClaims.setIssuedAt(now.getTime());
+jwtClaims.setIssuedAt(currentTime);
 jwtClaims.setIssuer(jwtIssuer);
-jwtClaims.setExpiryTime(expiry.getTime());
-jwtClaims.setNotBefore(now.getTime());
+jwtClaims.setExpiryTime(expiryTime);
+jwtClaims.setNotBefore(currentTime);
 for (Map.Entry entry : claims.entrySet()) {
 jwtClaims.setClaim(entry.getKey(), entry.getValue());
 }
@@ -107,7 +107,7 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
 
 String signed = producer.signWith(jwsSignatureProvider);
 
-return Triple.of(jwtClaims.getTokenId(), signed, expiry);
+return Triple.of(jwtClaims.getTokenId(), signed, new Date(expiryTime * 
1000L));
 }
 
 @Override
@@ -164,10 +164,11 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
 
 credentialChecker.checkIsDefaultJWSKeyInUse();
 
-Date now = new Date();
 long duration = confDAO.find("jwt.lifetime.minutes", 120L);
-Date expiry = new Date(now.getTime() + 60L * 1000L * duration);
-consumer.getJwtClaims().setExpiryTime(expiry.getTime());
+long currentTime = new Date().getTime() / 1000L;
+long expiry = currentTime + 60L * duration;
+consumer.getJwtClaims().setExpiryTime(expiry);
+Date expiryDate = new Date(expiry * 1000L);
 
 JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, 
jwsSignatureProvider.getAlgorithm());
 JwtToken token = new JwtToken(jwsHeaders, consumer.getJwtClaims());
@@ -176,7 +177,8 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
 String body = producer.signWith(jwsSignatureProvider);
 
 accessToken.setBody(body);
-accessToken.setExpiryTime(expiry);
+// AccessToken stores expiry time in milliseconds, as opposed to 
seconds for the JWT tokens.
+accessToken.setExpiryTime(expiryDate);
 
 if (!adminUser.equals(accessToken.getOwner())) {
 try {
@@ -190,7 +192,7 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
 
 accessTokenDAO.save(accessToken);
 
-return Pair.of(body, expiry);
+return Pair.of(body, expiryDate);
 }
 
 @Override

http://git-wip-us.apache.org/repos/asf/syncope/blob/c522ac05/core/spring/src/main/java/org/apache/syncope/core/spring/security/JWTAuthenticationProvider.java
--
diff --git

syncope git commit: SYNCOPE-1179 - JWT "Date" claims are interpreted using milliseconds instead of seconds

2017-07-28 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master b41675a33 -> 2b4053df1


SYNCOPE-1179 - JWT "Date" claims are interpreted using milliseconds instead of 
seconds


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/2b4053df
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/2b4053df
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/2b4053df

Branch: refs/heads/master
Commit: 2b4053df14d74e47c55ced76b713fc1baba0abda
Parents: b41675a
Author: Colm O hEigeartaigh 
Authored: Fri Jul 28 14:50:03 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Jul 28 14:50:03 2017 +0100

--
 .../java/data/AccessTokenDataBinderImpl.java| 24 
 .../security/JWTAuthenticationProvider.java |  4 +-
 .../org/apache/syncope/fit/core/JWTITCase.java  | 58 +++-
 3 files changed, 48 insertions(+), 38 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/2b4053df/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
--
diff --git 
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
 
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
index f30562d..d886db6 100644
--- 
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
+++ 
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
@@ -87,16 +87,16 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
 
 credentialChecker.checkIsDefaultJWSKeyInUse();
 
-Date now = new Date();
-Date expiry = new Date(now.getTime() + 60L * 1000L * duration);
+long currentTime = new Date().getTime() / 1000L;
+long expiryTime = currentTime + 60L * duration;
 
 JwtClaims jwtClaims = new JwtClaims();
 jwtClaims.setTokenId(UUID_GENERATOR.generate().toString());
 jwtClaims.setSubject(subject);
-jwtClaims.setIssuedAt(now.getTime());
+jwtClaims.setIssuedAt(currentTime);
 jwtClaims.setIssuer(jwtIssuer);
-jwtClaims.setExpiryTime(expiry.getTime());
-jwtClaims.setNotBefore(now.getTime());
+jwtClaims.setExpiryTime(expiryTime);
+jwtClaims.setNotBefore(currentTime);
 for (Map.Entry entry : claims.entrySet()) {
 jwtClaims.setClaim(entry.getKey(), entry.getValue());
 }
@@ -107,7 +107,7 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
 
 String signed = producer.signWith(jwsSignatureProvider);
 
-return Triple.of(jwtClaims.getTokenId(), signed, expiry);
+return Triple.of(jwtClaims.getTokenId(), signed, new Date(expiryTime * 
1000L));
 }
 
 @Override
@@ -164,10 +164,11 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
 
 credentialChecker.checkIsDefaultJWSKeyInUse();
 
-Date now = new Date();
 long duration = confDAO.find("jwt.lifetime.minutes", 120L);
-Date expiry = new Date(now.getTime() + 60L * 1000L * duration);
-consumer.getJwtClaims().setExpiryTime(expiry.getTime());
+long currentTime = new Date().getTime() / 1000L;
+long expiry = currentTime + 60L * duration;
+consumer.getJwtClaims().setExpiryTime(expiry);
+Date expiryDate = new Date(expiry * 1000L);
 
 JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, 
jwsSignatureProvider.getAlgorithm());
 JwtToken token = new JwtToken(jwsHeaders, consumer.getJwtClaims());
@@ -176,7 +177,8 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
 String body = producer.signWith(jwsSignatureProvider);
 
 accessToken.setBody(body);
-accessToken.setExpiryTime(expiry);
+// AccessToken stores expiry time in milliseconds, as opposed to 
seconds for the JWT tokens.
+accessToken.setExpiryTime(expiryDate);
 
 if (!adminUser.equals(accessToken.getOwner())) {
 try {
@@ -190,7 +192,7 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
 
 accessTokenDAO.save(accessToken);
 
-return Pair.of(body, expiry);
+return Pair.of(body, expiryDate);
 }
 
 @Override

http://git-wip-us.apache.org/repos/asf/syncope/blob/2b4053df/core/spring/src/main/java/org/apache/syncope/core/spring/security/JWTAuthenticationProvider.java
--
diff --git

syncope git commit: SYNCOPE-1174 - NPE in AccessTokenDataBinderImpl if no 'jwt.lifetime.minutes' schema is present

2017-07-27 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X fffee9f15 -> 6634daaee


SYNCOPE-1174 - NPE in AccessTokenDataBinderImpl if no 'jwt.lifetime.minutes' 
schema is present


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/6634daae
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/6634daae
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/6634daae

Branch: refs/heads/2_0_X
Commit: 6634daaeebbe95fea9e1c104bc64d7b2e0d45e4b
Parents: fffee9f
Author: Colm O hEigeartaigh 
Authored: Thu Jul 27 16:47:35 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Jul 27 16:48:02 2017 +0100

--
 .../java/data/AccessTokenDataBinderImpl.java | 11 ++-
 1 file changed, 10 insertions(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/6634daae/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
--
diff --git 
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
 
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
index 13a5b93..b415fb2 100644
--- 
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
+++ 
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
@@ -38,6 +38,7 @@ import 
org.apache.syncope.core.persistence.api.dao.AccessTokenDAO;
 import org.apache.syncope.core.persistence.api.dao.ConfDAO;
 import org.apache.syncope.core.persistence.api.entity.AccessToken;
 import org.apache.syncope.core.persistence.api.entity.EntityFactory;
+import org.apache.syncope.core.persistence.api.entity.conf.CPlainAttr;
 import org.apache.syncope.core.provisioning.api.data.AccessTokenDataBinder;
 import org.apache.syncope.core.provisioning.api.serialization.POJOHelper;
 import org.apache.syncope.core.spring.BeanUtils;
@@ -124,9 +125,17 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
 }
 
 if (replaceExisting || body == null) {
+int duration = 120;
+CPlainAttr jwtLifetimeMins = confDAO.find("jwt.lifetime.minutes", 
"120");
+if (jwtLifetimeMins != null) {
+duration = 
jwtLifetimeMins.getValues().get(0).getLongValue().intValue();
+} else {
+LOG.warn("No schema found for 'jwt.lifetime.minutes'. Using 
default value of '120'");
+}
+
 Triple created = generateJWT(
 subject,
-confDAO.find("jwt.lifetime.minutes", 
"120").getValues().get(0).getLongValue().intValue(),
+duration,
 claims);
 
 body = created.getMiddle();

syncope git commit: SYNCOPE-1174 - NPE in AccessTokenDataBinderImpl if no 'jwt.lifetime.minutes' schema is present

2017-07-27 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master aa11ac9b4 -> 64ef5bf18


SYNCOPE-1174 - NPE in AccessTokenDataBinderImpl if no 'jwt.lifetime.minutes' 
schema is present


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/64ef5bf1
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/64ef5bf1
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/64ef5bf1

Branch: refs/heads/master
Commit: 64ef5bf1800f699168f59fbd27be113c76cd0baa
Parents: aa11ac9
Author: Colm O hEigeartaigh 
Authored: Thu Jul 27 16:47:35 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Jul 27 16:47:35 2017 +0100

--
 .../java/data/AccessTokenDataBinderImpl.java | 11 ++-
 1 file changed, 10 insertions(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/64ef5bf1/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
--
diff --git 
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
 
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
index 13a5b93..b415fb2 100644
--- 
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
+++ 
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
@@ -38,6 +38,7 @@ import 
org.apache.syncope.core.persistence.api.dao.AccessTokenDAO;
 import org.apache.syncope.core.persistence.api.dao.ConfDAO;
 import org.apache.syncope.core.persistence.api.entity.AccessToken;
 import org.apache.syncope.core.persistence.api.entity.EntityFactory;
+import org.apache.syncope.core.persistence.api.entity.conf.CPlainAttr;
 import org.apache.syncope.core.provisioning.api.data.AccessTokenDataBinder;
 import org.apache.syncope.core.provisioning.api.serialization.POJOHelper;
 import org.apache.syncope.core.spring.BeanUtils;
@@ -124,9 +125,17 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
 }
 
 if (replaceExisting || body == null) {
+int duration = 120;
+CPlainAttr jwtLifetimeMins = confDAO.find("jwt.lifetime.minutes", 
"120");
+if (jwtLifetimeMins != null) {
+duration = 
jwtLifetimeMins.getValues().get(0).getLongValue().intValue();
+} else {
+LOG.warn("No schema found for 'jwt.lifetime.minutes'. Using 
default value of '120'");
+}
+
 Triple created = generateJWT(
 subject,
-confDAO.find("jwt.lifetime.minutes", 
"120").getValues().get(0).getLongValue().intValue(),
+duration,
 claims);
 
 body = created.getMiddle();

[1/2] syncope git commit: SYNCOPE-1173 - Replace List dynGroups with List dynMemberships

2017-07-27 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X 4a9964872 -> fffee9f15


SYNCOPE-1173 - Replace List dynGroups with List 
dynMemberships


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/025441a3
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/025441a3
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/025441a3

Branch: refs/heads/2_0_X
Commit: 025441a36cf89f02b1b82e0ea617daa27b2ce9ac
Parents: 4a99648
Author: Colm O hEigeartaigh 
Authored: Wed Jul 26 16:36:29 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Jul 27 11:14:22 2017 +0100

--
 .../client/console/wizards/any/Groups.java  |  4 +-
 .../syncope/common/lib/to/AnyObjectTO.java  | 12 +++---
 .../common/lib/to/GroupableRelatableTO.java |  2 +-
 .../apache/syncope/common/lib/to/UserTO.java| 12 +++---
 .../test/resources/domains/MasterContent.xml|  8 ++--
 .../java/data/AnyObjectDataBinderImpl.java  | 14 ++-
 .../java/data/UserDataBinderImpl.java   | 15 +--
 .../apache/syncope/fit/core/GroupITCase.java| 42 +---
 .../org/apache/syncope/fit/core/RoleITCase.java |  2 +-
 .../syncope/fit/core/UserIssuesITCase.java  |  5 ++-
 10 files changed, 74 insertions(+), 42 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/025441a3/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java
--
diff --git 
a/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java
 
b/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java
index 8e640fd..499bc26 100644
--- 
a/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java
+++ 
b/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java
@@ -313,8 +313,8 @@ public class Groups extends WizardStep implements 
ICondition {
 GroupFiqlSearchConditionBuilder searchConditionBuilder = 
SyncopeClient.getGroupSearchConditionBuilder();
 
 ArrayList conditions = new ArrayList<>();
-for (String groupKey : 
GroupableRelatableTO.class.cast(anyTO).getDynGroups()) {
-
conditions.add(searchConditionBuilder.is("key").equalTo(groupKey).wrap());
+for (MembershipTO membership : 
GroupableRelatableTO.class.cast(anyTO).getDynMemberships()) {
+
conditions.add(searchConditionBuilder.is("key").equalTo(membership.getGroupKey()).wrap());
 }
 
 Map assignedGroups = new HashMap<>();

http://git-wip-us.apache.org/repos/asf/syncope/blob/025441a3/common/lib/src/main/java/org/apache/syncope/common/lib/to/AnyObjectTO.java
--
diff --git 
a/common/lib/src/main/java/org/apache/syncope/common/lib/to/AnyObjectTO.java 
b/common/lib/src/main/java/org/apache/syncope/common/lib/to/AnyObjectTO.java
index 231504b..af8b0ea 100644
--- a/common/lib/src/main/java/org/apache/syncope/common/lib/to/AnyObjectTO.java
+++ b/common/lib/src/main/java/org/apache/syncope/common/lib/to/AnyObjectTO.java
@@ -41,7 +41,7 @@ public class AnyObjectTO extends AnyTO implements 
GroupableRelatableTO {
 
 private final List memberships = new ArrayList<>();
 
-private final List dynGroups = new ArrayList<>();
+private final List dynMemberships = new ArrayList<>();
 
 public String getName() {
 return name;
@@ -91,11 +91,11 @@ public class AnyObjectTO extends AnyTO implements 
GroupableRelatableTO {
 return memberships;
 }
 
-@XmlElementWrapper(name = "dynGroups")
-@XmlElement(name = "role")
-@JsonProperty("dynGroups")
+@XmlElementWrapper(name = "dynMemberships")
+@XmlElement(name = "dynMembership")
+@JsonProperty("dynMemberships")
 @Override
-public List getDynGroups() {
-return dynGroups;
+public List getDynMemberships() {
+return dynMemberships;
 }
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/025441a3/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupableRelatableTO.java
--
diff --git 
a/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupableRelatableTO.java
 
b/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupableRelatableTO.java
index 0dba26d..f2b8dbc 100644
--- 
a/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupableRelatableTO.java
+++ 
b/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupableRelatableTO.java
@@ -26,7 +26,7 @@ public interface GroupableRelatableTO {
 
 List getMemberships();
 
-

[2/2] syncope git commit: Removing Java 8 idioms

2017-07-27 Thread coheigea 
Removing Java 8 idioms


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/fffee9f1
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/fffee9f1
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/fffee9f1

Branch: refs/heads/2_0_X
Commit: fffee9f15d2a7dfdc49524e983e1cb0d9254271f
Parents: 025441a
Author: Colm O hEigeartaigh 
Authored: Thu Jul 27 12:46:35 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Jul 27 12:46:35 2017 +0100

--
 .../apache/syncope/fit/core/GroupITCase.java| 65 +---
 .../syncope/fit/core/UserIssuesITCase.java  | 12 +++-
 2 files changed, 69 insertions(+), 8 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/fffee9f1/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java
--
diff --git 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java
index 9d833cc..fe9129d 100644
--- 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java
+++ 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java
@@ -38,6 +38,8 @@ import javax.naming.directory.SearchResult;
 import javax.ws.rs.ForbiddenException;
 import javax.ws.rs.core.GenericType;
 import javax.ws.rs.core.Response;
+
+import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.collections4.IterableUtils;
 import org.apache.commons.collections4.Predicate;
 import org.apache.commons.lang3.SerializationUtils;
@@ -652,7 +654,14 @@ public class GroupITCase extends AbstractITCase {
 
 List memberships = userService.read(
 "c9b2dec2-00a7-4855-97c0-d854842b4b24").getDynMemberships();
-assertTrue(memberships.stream().anyMatch(m -> 
m.getGroupKey().equals(groupKey)));
+assertFalse(CollectionUtils.select(memberships, new 
Predicate() {
+
+public boolean evaluate(MembershipTO object) {
+return object.getGroupKey().equals(groupKey);
+}
+
+
+}).isEmpty());
 
 GroupPatch patch = new GroupPatch();
 patch.setKey(group.getKey());
@@ -683,14 +692,35 @@ public class GroupITCase extends AbstractITCase {
 assertNotNull(newAny.getPlainAttr("location"));
 List memberships = anyObjectService.read(
 "fc6dbc3a-6c07-4965-8781-921e7401a4a5").getDynMemberships();
-assertTrue(memberships.stream().anyMatch(m -> 
m.getGroupKey().equals(groupKey)));
+assertFalse(CollectionUtils.select(memberships, new 
Predicate() {
+
+public boolean evaluate(MembershipTO object) {
+return object.getGroupKey().equals(groupKey);
+}
+
+
+}).isEmpty());
 
 memberships = anyObjectService.read(
 "8559d14d-58c2-46eb-a2d4-a7d35161e8f8").getDynMemberships();
-assertTrue(memberships.stream().anyMatch(m -> 
m.getGroupKey().equals(groupKey)));
+assertFalse(CollectionUtils.select(memberships, new 
Predicate() {
+
+public boolean evaluate(MembershipTO object) {
+return object.getGroupKey().equals(groupKey);
+}
+
+
+}).isEmpty());
 
 memberships = 
anyObjectService.read(newAny.getKey()).getDynMemberships();
-assertTrue(memberships.stream().anyMatch(m -> 
m.getGroupKey().equals(groupKey)));
+assertFalse(CollectionUtils.select(memberships, new 
Predicate() {
+
+public boolean evaluate(MembershipTO object) {
+return object.getGroupKey().equals(groupKey);
+}
+
+
+}).isEmpty());
 
 // 2. update group and change aDynMembership condition
 fiql = 
SyncopeClient.getAnyObjectSearchConditionBuilder("PRINTER").is("location").nullValue().query();
@@ -717,12 +747,33 @@ public class GroupITCase extends AbstractITCase {
 
 memberships = anyObjectService.read(
 "fc6dbc3a-6c07-4965-8781-921e7401a4a5").getDynMemberships();
-assertFalse(memberships.stream().anyMatch(m -> 
m.getGroupKey().equals(groupKey)));
+assertTrue(CollectionUtils.select(memberships, new 
Predicate() {
+
+public boolean evaluate(MembershipTO object) {
+return object.getGroupKey().equals(groupKey);
+}
+
+
+}).isEmpty());
 memberships = anyObjectService.read(
 "8559d14d-58c2-46eb-a2d4-a7d35161e8f8").getDynMemberships();
-assertFalse(memberships.stream().anyMatch(m -> 
m.getGroupKey().equals(groupKey)));
+assertTrue(CollectionUtils.select(memberships, new 
Predicate() {
+
+public boolean

syncope git commit: SYNCOPE-1173 - Replace List dynGroups with List dynMemberships

2017-07-26 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master b436c7a7d -> dde0773f3


SYNCOPE-1173 - Replace List dynGroups with List 
dynMemberships


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/dde0773f
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/dde0773f
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/dde0773f

Branch: refs/heads/master
Commit: dde0773f3321a9dc5a92fd1404f273af48cfc6c9
Parents: b436c7a
Author: Colm O hEigeartaigh 
Authored: Wed Jul 26 16:36:29 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Wed Jul 26 16:36:29 2017 +0100

--
 .../client/console/wizards/any/Groups.java  |  4 +-
 .../syncope/common/lib/to/AnyObjectTO.java  | 12 +++---
 .../common/lib/to/GroupableRelatableTO.java |  2 +-
 .../apache/syncope/common/lib/to/UserTO.java| 12 +++---
 .../test/resources/domains/MasterContent.xml|  8 ++--
 .../java/data/AnyObjectDataBinderImpl.java  | 14 ++-
 .../java/data/UserDataBinderImpl.java   | 15 +--
 .../apache/syncope/fit/core/GroupITCase.java| 42 +---
 .../org/apache/syncope/fit/core/RoleITCase.java |  2 +-
 .../syncope/fit/core/UserIssuesITCase.java  |  5 ++-
 10 files changed, 74 insertions(+), 42 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/dde0773f/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java
--
diff --git 
a/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java
 
b/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java
index 8e640fd..499bc26 100644
--- 
a/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java
+++ 
b/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java
@@ -313,8 +313,8 @@ public class Groups extends WizardStep implements 
ICondition {
 GroupFiqlSearchConditionBuilder searchConditionBuilder = 
SyncopeClient.getGroupSearchConditionBuilder();
 
 ArrayList conditions = new ArrayList<>();
-for (String groupKey : 
GroupableRelatableTO.class.cast(anyTO).getDynGroups()) {
-
conditions.add(searchConditionBuilder.is("key").equalTo(groupKey).wrap());
+for (MembershipTO membership : 
GroupableRelatableTO.class.cast(anyTO).getDynMemberships()) {
+
conditions.add(searchConditionBuilder.is("key").equalTo(membership.getGroupKey()).wrap());
 }
 
 Map assignedGroups = new HashMap<>();

http://git-wip-us.apache.org/repos/asf/syncope/blob/dde0773f/common/lib/src/main/java/org/apache/syncope/common/lib/to/AnyObjectTO.java
--
diff --git 
a/common/lib/src/main/java/org/apache/syncope/common/lib/to/AnyObjectTO.java 
b/common/lib/src/main/java/org/apache/syncope/common/lib/to/AnyObjectTO.java
index 231504b..af8b0ea 100644
--- a/common/lib/src/main/java/org/apache/syncope/common/lib/to/AnyObjectTO.java
+++ b/common/lib/src/main/java/org/apache/syncope/common/lib/to/AnyObjectTO.java
@@ -41,7 +41,7 @@ public class AnyObjectTO extends AnyTO implements 
GroupableRelatableTO {
 
 private final List memberships = new ArrayList<>();
 
-private final List dynGroups = new ArrayList<>();
+private final List dynMemberships = new ArrayList<>();
 
 public String getName() {
 return name;
@@ -91,11 +91,11 @@ public class AnyObjectTO extends AnyTO implements 
GroupableRelatableTO {
 return memberships;
 }
 
-@XmlElementWrapper(name = "dynGroups")
-@XmlElement(name = "role")
-@JsonProperty("dynGroups")
+@XmlElementWrapper(name = "dynMemberships")
+@XmlElement(name = "dynMembership")
+@JsonProperty("dynMemberships")
 @Override
-public List getDynGroups() {
-return dynGroups;
+public List getDynMemberships() {
+return dynMemberships;
 }
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/dde0773f/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupableRelatableTO.java
--
diff --git 
a/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupableRelatableTO.java
 
b/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupableRelatableTO.java
index 0dba26d..f2b8dbc 100644
--- 
a/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupableRelatableTO.java
+++ 
b/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupableRelatableTO.java
@@ -26,7 +26,7 @@ public interface GroupableRelatableTO {
 
 List getMemberships();
 
-

syncope git commit: SYNCOPE-1172 - Error message of "Malformed Path" could be made a little clearer

2017-07-26 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X a56e2eaca -> 56d4e95b9


SYNCOPE-1172 - Error message of "Malformed Path" could be made a little clearer


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/56d4e95b
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/56d4e95b
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/56d4e95b

Branch: refs/heads/2_0_X
Commit: 56d4e95b982baf9b819086057bd54df50d0dd701
Parents: a56e2ea
Author: Colm O hEigeartaigh 
Authored: Wed Jul 26 15:00:07 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Wed Jul 26 15:03:20 2017 +0100

--
 .../syncope/core/persistence/api/dao/MalformedPathException.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/56d4e95b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/MalformedPathException.java
--
diff --git 
a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/MalformedPathException.java
 
b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/MalformedPathException.java
index ec29738..c47156b 100644
--- 
a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/MalformedPathException.java
+++ 
b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/MalformedPathException.java
@@ -26,6 +26,6 @@ public class MalformedPathException extends RuntimeException {
 private static final long serialVersionUID = -164735562182120006L;
 
 public MalformedPathException(final String path) {
-super("Malformed path: " + path);
+super("The provided realm path is malformed: " + path);
 }
 }

syncope git commit: Changed the admin password for the archetype as well

2017-07-18 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master 0913da283 -> 030defd12


Changed the admin password for the archetype as well


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/030defd1
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/030defd1
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/030defd1

Branch: refs/heads/master
Commit: 030defd12e45d3c6bf203b8668f5be047801b941
Parents: 0913da2
Author: Colm O hEigeartaigh 
Authored: Tue Jul 18 17:52:04 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Tue Jul 18 17:52:04 2017 +0100

--
 archetype/src/main/resources/META-INF/maven/archetype-metadata.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/030defd1/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml
--
diff --git a/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml 
b/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml
index f3ba98c..391cd25 100644
--- a/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml
+++ b/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml
@@ -25,7 +25,7 @@ under the License.
 
 
 
-5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
+
DE088591C00CC98B36F5ADAAF7DA2B004CF7F2FE7BBB45B766B6409876E2F3DB13C7905C6AA59464

syncope git commit: SYNCOPE-1165 - Switch the default password cipher algorithm from SHA1 to SSHA256

2017-07-18 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master 7ee0bf22c -> 0913da283


SYNCOPE-1165 - Switch the default password cipher algorithm from SHA1 to SSHA256


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/0913da28
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/0913da28
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/0913da28

Branch: refs/heads/master
Commit: 0913da283a378fd87207b55b75b48266d3e98b18
Parents: 7ee0bf2
Author: Colm O hEigeartaigh 
Authored: Tue Jul 18 15:51:06 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Tue Jul 18 15:51:06 2017 +0100

--
 .../src/main/resources/domains/MasterContent.xml | 2 +-
 .../core/spring/security/DefaultCredentialChecker.java   | 3 ++-
 core/spring/src/main/resources/security.properties   | 2 +-
 .../apache/syncope/core/spring/security/EncryptorTest.java   | 8 
 pom.xml  | 2 +-
 5 files changed, 13 insertions(+), 4 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/0913da28/core/persistence-jpa/src/main/resources/domains/MasterContent.xml
--
diff --git a/core/persistence-jpa/src/main/resources/domains/MasterContent.xml 
b/core/persistence-jpa/src/main/resources/domains/MasterContent.xml
index 9d42535..875647b 100644
--- a/core/persistence-jpa/src/main/resources/domains/MasterContent.xml
+++ b/core/persistence-jpa/src/main/resources/domains/MasterContent.xml
@@ -28,7 +28,7 @@ under the License.
   
   
+   attribute_id="56db89b9-119e-4923-a16e-f42823b90c66" 
stringValue="SSHA256"/>
 
   
 anonymousKey
 1abcdefghilmnopqrstuvz2!

[1/2] syncope git commit: Filter security.properties for the spring tests as well

2017-07-18 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/1_2_X 42b1b5f8d -> d4edbaa81


Filter security.properties for the spring tests as well


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/ea687551
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/ea687551
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/ea687551

Branch: refs/heads/1_2_X
Commit: ea68755183514cacbb48b966c14baec71c5dbfef
Parents: 42b1b5f
Author: Colm O hEigeartaigh 
Authored: Mon Jul 17 19:15:53 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Tue Jul 18 13:03:21 2017 +0100

--
 .../java/org/apache/syncope/core/security/EncryptorTest.java  | 7 +++
 1 file changed, 7 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/ea687551/core/src/test/java/org/apache/syncope/core/security/EncryptorTest.java
--
diff --git 
a/core/src/test/java/org/apache/syncope/core/security/EncryptorTest.java 
b/core/src/test/java/org/apache/syncope/core/security/EncryptorTest.java
index 7d8fdb6..626416f 100644
--- a/core/src/test/java/org/apache/syncope/core/security/EncryptorTest.java
+++ b/core/src/test/java/org/apache/syncope/core/security/EncryptorTest.java
@@ -18,6 +18,7 @@
  */
 package org.apache.syncope.core.security;
 
+import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
@@ -56,4 +57,10 @@ public class EncryptorTest {
 }
 }
 }
+
+@Test
+public void testDecodeDefaultAESKey() throws Exception {
+String password = encryptor.decode("9Pav+xl+UyHt02H9ZBytiA==", 
CipherAlgorithm.AES);
+assertEquals("password", password);
+}
 }

[2/2] syncope git commit: SYNCOPE-1168 - Encryptor pads short secret keys with "0" instead of random characters

2017-07-18 Thread coheigea 
SYNCOPE-1168 - Encryptor pads short secret keys with "0" instead of random 
characters


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/d4edbaa8
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/d4edbaa8
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/d4edbaa8

Branch: refs/heads/1_2_X
Commit: d4edbaa814bd50e0a7c8373c8624eb5e4b02763c
Parents: ea68755
Author: Colm O hEigeartaigh 
Authored: Tue Jul 18 11:02:40 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Tue Jul 18 13:21:13 2017 +0100

--
 .../java/org/apache/syncope/core/util/Encryptor.java| 11 +++
 .../org/apache/syncope/core/security/EncryptorTest.java | 12 ++--
 2 files changed, 17 insertions(+), 6 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/d4edbaa8/core/src/main/java/org/apache/syncope/core/util/Encryptor.java
--
diff --git a/core/src/main/java/org/apache/syncope/core/util/Encryptor.java 
b/core/src/main/java/org/apache/syncope/core/util/Encryptor.java
index 270f2f8..2e8c111 100644
--- a/core/src/main/java/org/apache/syncope/core/util/Encryptor.java
+++ b/core/src/main/java/org/apache/syncope/core/util/Encryptor.java
@@ -172,11 +172,14 @@ public final class Encryptor {
 String actualKey = secretKey;
 if (actualKey.length() < 16) {
 StringBuilder actualKeyPadding = new StringBuilder(actualKey);
-for (int i = 0; i < 16 - actualKey.length(); i++) {
-actualKeyPadding.append('0');
-}
+int length = 16 - actualKey.length();
+String randomChars = 
SecureRandomUtil.generateRandomPassword(length);
+
+actualKeyPadding.append(randomChars);
 actualKey = actualKeyPadding.toString();
-LOG.debug("actualKey too short, adding some random characters");
+LOG.warn("The secret key is too short (< 16), adding some random 
characters. "
+ + "Passwords encrypted with AES and this key will not be 
recoverable "
+ + "as a result if the container is restarted.");
 }
 
 try {

http://git-wip-us.apache.org/repos/asf/syncope/blob/d4edbaa8/core/src/test/java/org/apache/syncope/core/security/EncryptorTest.java
--
diff --git 
a/core/src/test/java/org/apache/syncope/core/security/EncryptorTest.java 
b/core/src/test/java/org/apache/syncope/core/security/EncryptorTest.java
index 626416f..c7fed5c 100644
--- a/core/src/test/java/org/apache/syncope/core/security/EncryptorTest.java
+++ b/core/src/test/java/org/apache/syncope/core/security/EncryptorTest.java
@@ -60,7 +60,15 @@ public class EncryptorTest {
 
 @Test
 public void testDecodeDefaultAESKey() throws Exception {
-String password = encryptor.decode("9Pav+xl+UyHt02H9ZBytiA==", 
CipherAlgorithm.AES);
-assertEquals("password", password);
+String decPassword = encryptor.decode("9Pav+xl+UyHt02H9ZBytiA==", 
CipherAlgorithm.AES);
+assertEquals(password, decPassword);
+}
+
+@Test
+public void testSmallKey() throws Exception {
+Encryptor smallKeyEncryptor = Encryptor.getInstance("123");
+String encPassword = smallKeyEncryptor.encode(password, 
CipherAlgorithm.AES);
+String decPassword = smallKeyEncryptor.decode(encPassword, 
CipherAlgorithm.AES);
+assertEquals(password, decPassword);
 }
 }

syncope git commit: SYNCOPE-1168 - Encryptor pads short secret keys with "0" instead of random characters

2017-07-18 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master eebca673e -> 4214a3892


SYNCOPE-1168 - Encryptor pads short secret keys with "0" instead of random 
characters


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/4214a389
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/4214a389
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/4214a389

Branch: refs/heads/master
Commit: 4214a38925ea07d6ab2a9d8bbf32fcd3fe0841d0
Parents: eebca67
Author: Colm O hEigeartaigh 
Authored: Tue Jul 18 11:02:40 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Tue Jul 18 11:36:21 2017 +0100

--
 .../apache/syncope/core/spring/security/Encryptor.java | 11 +++
 .../syncope/core/spring/security/EncryptorTest.java| 13 +++--
 2 files changed, 18 insertions(+), 6 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/4214a389/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java
--
diff --git 
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java
 
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java
index af64177..a97094a 100644
--- 
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java
+++ 
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java
@@ -154,11 +154,14 @@ public final class Encryptor {
 String actualKey = secretKey;
 if (actualKey.length() < 16) {
 StringBuilder actualKeyPadding = new StringBuilder(actualKey);
-for (int i = 0; i < 16 - actualKey.length(); i++) {
-actualKeyPadding.append('0');
-}
+int length = 16 - actualKey.length();
+String randomChars = 
SecureRandomUtils.generateRandomPassword(length);
+
+actualKeyPadding.append(randomChars);
 actualKey = actualKeyPadding.toString();
-LOG.debug("actualKey too short, adding some random characters");
+LOG.warn("The secret key is too short (< 16), adding some random 
characters. "
+ + "Passwords encrypted with AES and this key will not be 
recoverable "
+ + "as a result if the container is restarted.");
 }
 
 try {

http://git-wip-us.apache.org/repos/asf/syncope/blob/4214a389/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java
--
diff --git 
a/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java
 
b/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java
index 98c3f16..064d970 100644
--- 
a/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java
+++ 
b/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java
@@ -61,7 +61,16 @@ public class EncryptorTest {
 
 @Test
 public void testDecodeDefaultAESKey() throws Exception {
-String password = encryptor.decode("9Pav+xl+UyHt02H9ZBytiA==", 
CipherAlgorithm.AES);
-assertEquals("password", password);
+String decPassword = encryptor.decode("9Pav+xl+UyHt02H9ZBytiA==", 
CipherAlgorithm.AES);
+assertEquals(password, decPassword);
 }
+
+@Test
+public void testSmallKey() throws Exception {
+Encryptor smallKeyEncryptor = Encryptor.getInstance("123");
+String encPassword = smallKeyEncryptor.encode(password, 
CipherAlgorithm.AES);
+String decPassword = smallKeyEncryptor.decode(encPassword, 
CipherAlgorithm.AES);
+assertEquals(password, decPassword);
+}
+
 }

syncope git commit: SYNCOPE-1168 - Encryptor pads short secret keys with "0" instead of random characters

2017-07-18 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X e21971bf5 -> 852dec694


SYNCOPE-1168 - Encryptor pads short secret keys with "0" instead of random 
characters


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/852dec69
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/852dec69
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/852dec69

Branch: refs/heads/2_0_X
Commit: 852dec6946813ac4756b8868988e145316bd6f94
Parents: e21971b
Author: Colm O hEigeartaigh 
Authored: Tue Jul 18 11:02:40 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Tue Jul 18 12:02:32 2017 +0100

--
 .../apache/syncope/core/spring/security/Encryptor.java | 11 +++
 .../syncope/core/spring/security/EncryptorTest.java| 13 +++--
 2 files changed, 18 insertions(+), 6 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/852dec69/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java
--
diff --git 
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java
 
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java
index af64177..a97094a 100644
--- 
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java
+++ 
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java
@@ -154,11 +154,14 @@ public final class Encryptor {
 String actualKey = secretKey;
 if (actualKey.length() < 16) {
 StringBuilder actualKeyPadding = new StringBuilder(actualKey);
-for (int i = 0; i < 16 - actualKey.length(); i++) {
-actualKeyPadding.append('0');
-}
+int length = 16 - actualKey.length();
+String randomChars = 
SecureRandomUtils.generateRandomPassword(length);
+
+actualKeyPadding.append(randomChars);
 actualKey = actualKeyPadding.toString();
-LOG.debug("actualKey too short, adding some random characters");
+LOG.warn("The secret key is too short (< 16), adding some random 
characters. "
+ + "Passwords encrypted with AES and this key will not be 
recoverable "
+ + "as a result if the container is restarted.");
 }
 
 try {

http://git-wip-us.apache.org/repos/asf/syncope/blob/852dec69/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java
--
diff --git 
a/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java
 
b/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java
index 98c3f16..064d970 100644
--- 
a/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java
+++ 
b/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java
@@ -61,7 +61,16 @@ public class EncryptorTest {
 
 @Test
 public void testDecodeDefaultAESKey() throws Exception {
-String password = encryptor.decode("9Pav+xl+UyHt02H9ZBytiA==", 
CipherAlgorithm.AES);
-assertEquals("password", password);
+String decPassword = encryptor.decode("9Pav+xl+UyHt02H9ZBytiA==", 
CipherAlgorithm.AES);
+assertEquals(password, decPassword);
 }
+
+@Test
+public void testSmallKey() throws Exception {
+Encryptor smallKeyEncryptor = Encryptor.getInstance("123");
+String encPassword = smallKeyEncryptor.encode(password, 
CipherAlgorithm.AES);
+String decPassword = smallKeyEncryptor.decode(encPassword, 
CipherAlgorithm.AES);
+assertEquals(password, decPassword);
+}
+
 }

syncope git commit: Filter security.properties for the spring tests as well

2017-07-17 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master 2d444f625 -> 3faef350f


Filter security.properties for the spring tests as well


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/3faef350
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/3faef350
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/3faef350

Branch: refs/heads/master
Commit: 3faef350fd2d9fdaf3d20ab6bd73ce6b83e4c695
Parents: 2d444f6
Author: Colm O hEigeartaigh 
Authored: Mon Jul 17 19:15:53 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Mon Jul 17 19:15:53 2017 +0100

--
 core/spring/pom.xml   | 7 +++
 .../apache/syncope/core/spring/security/EncryptorTest.java| 7 +++
 2 files changed, 14 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/3faef350/core/spring/pom.xml
--
diff --git a/core/spring/pom.xml b/core/spring/pom.xml
index d92d4e0..d33a01f 100644
--- a/core/spring/pom.xml
+++ b/core/spring/pom.xml
@@ -104,5 +104,12 @@ under the License.
 maven-checkstyle-plugin
   
 
+
+  
+src/main/resources
+true
+  
+
+
   
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/3faef350/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java
--
diff --git 
a/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java
 
b/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java
index 4bfa0fa..98c3f16 100644
--- 
a/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java
+++ 
b/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java
@@ -20,6 +20,7 @@ package org.apache.syncope.core.spring.security;
 
 import org.apache.syncope.core.spring.security.Encryptor;
 
+import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
@@ -57,4 +58,10 @@ public class EncryptorTest {
 }
 }
 }
+
+@Test
+public void testDecodeDefaultAESKey() throws Exception {
+String password = encryptor.decode("9Pav+xl+UyHt02H9ZBytiA==", 
CipherAlgorithm.AES);
+assertEquals("password", password);
+}
 }

syncope git commit: Adding some negative tests for JWT third party tokens

2017-07-05 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master ffb78c087 -> 2035f6b4d


Adding some negative tests for JWT third party tokens


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/2035f6b4
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/2035f6b4
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/2035f6b4

Branch: refs/heads/master
Commit: 2035f6b4d7d9d3624e6c52a070f081dd54835606
Parents: ffb78c0
Author: Colm O hEigeartaigh 
Authored: Wed Jul 5 11:53:45 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Wed Jul 5 11:53:45 2017 +0100

--
 .../org/apache/syncope/fit/core/JWTITCase.java  | 106 +++
 1 file changed, 106 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/2035f6b4/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
--
diff --git 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
index ef122f6..4d9e050 100644
--- 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
+++ 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
@@ -420,4 +420,110 @@ public class JWTITCase extends AbstractITCase {
 assertFalse(self.getLeft().isEmpty());
 assertEquals("puccini", self.getRight().getUsername());
 }
+
+@Test
+public void thirdPartyTokenUnknownUser() throws ParseException {
+// Create a new token
+Date now = new Date();
+
+Calendar expiry = Calendar.getInstance();
+expiry.setTime(now);
+expiry.add(Calendar.MINUTE, 5);
+
+JwtClaims jwtClaims = new JwtClaims();
+jwtClaims.setTokenId(UUID.randomUUID().toString());
+jwtClaims.setSubject("stra...@apache.org");
+jwtClaims.setIssuedAt(now.getTime());
+jwtClaims.setIssuer(CustomJWTSSOProvider.ISSUER);
+jwtClaims.setExpiryTime(expiry.getTime().getTime());
+jwtClaims.setNotBefore(now.getTime());
+
+JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, 
SignatureAlgorithm.HS512);
+JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
+JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
+
+JwsSignatureProvider jwsSignatureProvider =
+new 
HmacJwsSignatureProvider(CustomJWTSSOProvider.CUSTOM_KEY.getBytes(), 
SignatureAlgorithm.HS512);
+String signed = producer.signWith(jwsSignatureProvider);
+
+SyncopeClient jwtClient = clientFactory.create(signed);
+
+try {
+jwtClient.self();
+fail("Failure expected on an unknown subject");
+} catch (AccessControlException ex) {
+// expected
+}
+}
+
+@Test
+public void thirdPartyTokenUnknownIssuer() throws ParseException {
+// Create a new token
+Date now = new Date();
+
+Calendar expiry = Calendar.getInstance();
+expiry.setTime(now);
+expiry.add(Calendar.MINUTE, 5);
+
+JwtClaims jwtClaims = new JwtClaims();
+jwtClaims.setTokenId(UUID.randomUUID().toString());
+jwtClaims.setSubject("pucc...@apache.org");
+jwtClaims.setIssuedAt(now.getTime());
+jwtClaims.setIssuer(CustomJWTSSOProvider.ISSUER + "_");
+jwtClaims.setExpiryTime(expiry.getTime().getTime());
+jwtClaims.setNotBefore(now.getTime());
+
+JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, 
SignatureAlgorithm.HS512);
+JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
+JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
+
+JwsSignatureProvider jwsSignatureProvider =
+new 
HmacJwsSignatureProvider(CustomJWTSSOProvider.CUSTOM_KEY.getBytes(), 
SignatureAlgorithm.HS512);
+String signed = producer.signWith(jwsSignatureProvider);
+
+SyncopeClient jwtClient = clientFactory.create(signed);
+
+try {
+jwtClient.self();
+fail("Failure expected on an unknown issuer");
+} catch (AccessControlException ex) {
+// expected
+}
+}
+
+@Test
+public void thirdPartyTokenBadSignature() throws ParseException {
+// Create a new token
+Date now = new Date();
+
+Calendar expiry = Calendar.getInstance();
+expiry.setTime(now);
+expiry.add(Calendar.MINUTE, 5);
+
+JwtClaims jwtClaims = new JwtClaims();
+jwtClaims.setTokenId(UUID.randomUUID().toString());
+jwtClaims.setSubject("pucc...@apache.org");
+jwtClaims.setIssuedAt(now.getTime());
+

syncope git commit: Adding some negative tests for JWT third party tokens

2017-07-05 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X 48d917933 -> 894885ba3


Adding some negative tests for JWT third party tokens


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/894885ba
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/894885ba
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/894885ba

Branch: refs/heads/2_0_X
Commit: 894885ba30be335054ba8b7e814216dbe0fa0985
Parents: 48d9179
Author: Colm O hEigeartaigh 
Authored: Wed Jul 5 11:53:45 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Wed Jul 5 12:29:48 2017 +0100

--
 .../org/apache/syncope/fit/core/JWTITCase.java  | 106 +++
 1 file changed, 106 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/894885ba/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
--
diff --git 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
index ef122f6..4d9e050 100644
--- 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
+++ 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
@@ -420,4 +420,110 @@ public class JWTITCase extends AbstractITCase {
 assertFalse(self.getLeft().isEmpty());
 assertEquals("puccini", self.getRight().getUsername());
 }
+
+@Test
+public void thirdPartyTokenUnknownUser() throws ParseException {
+// Create a new token
+Date now = new Date();
+
+Calendar expiry = Calendar.getInstance();
+expiry.setTime(now);
+expiry.add(Calendar.MINUTE, 5);
+
+JwtClaims jwtClaims = new JwtClaims();
+jwtClaims.setTokenId(UUID.randomUUID().toString());
+jwtClaims.setSubject("stra...@apache.org");
+jwtClaims.setIssuedAt(now.getTime());
+jwtClaims.setIssuer(CustomJWTSSOProvider.ISSUER);
+jwtClaims.setExpiryTime(expiry.getTime().getTime());
+jwtClaims.setNotBefore(now.getTime());
+
+JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, 
SignatureAlgorithm.HS512);
+JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
+JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
+
+JwsSignatureProvider jwsSignatureProvider =
+new 
HmacJwsSignatureProvider(CustomJWTSSOProvider.CUSTOM_KEY.getBytes(), 
SignatureAlgorithm.HS512);
+String signed = producer.signWith(jwsSignatureProvider);
+
+SyncopeClient jwtClient = clientFactory.create(signed);
+
+try {
+jwtClient.self();
+fail("Failure expected on an unknown subject");
+} catch (AccessControlException ex) {
+// expected
+}
+}
+
+@Test
+public void thirdPartyTokenUnknownIssuer() throws ParseException {
+// Create a new token
+Date now = new Date();
+
+Calendar expiry = Calendar.getInstance();
+expiry.setTime(now);
+expiry.add(Calendar.MINUTE, 5);
+
+JwtClaims jwtClaims = new JwtClaims();
+jwtClaims.setTokenId(UUID.randomUUID().toString());
+jwtClaims.setSubject("pucc...@apache.org");
+jwtClaims.setIssuedAt(now.getTime());
+jwtClaims.setIssuer(CustomJWTSSOProvider.ISSUER + "_");
+jwtClaims.setExpiryTime(expiry.getTime().getTime());
+jwtClaims.setNotBefore(now.getTime());
+
+JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, 
SignatureAlgorithm.HS512);
+JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
+JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
+
+JwsSignatureProvider jwsSignatureProvider =
+new 
HmacJwsSignatureProvider(CustomJWTSSOProvider.CUSTOM_KEY.getBytes(), 
SignatureAlgorithm.HS512);
+String signed = producer.signWith(jwsSignatureProvider);
+
+SyncopeClient jwtClient = clientFactory.create(signed);
+
+try {
+jwtClient.self();
+fail("Failure expected on an unknown issuer");
+} catch (AccessControlException ex) {
+// expected
+}
+}
+
+@Test
+public void thirdPartyTokenBadSignature() throws ParseException {
+// Create a new token
+Date now = new Date();
+
+Calendar expiry = Calendar.getInstance();
+expiry.setTime(now);
+expiry.add(Calendar.MINUTE, 5);
+
+JwtClaims jwtClaims = new JwtClaims();
+jwtClaims.setTokenId(UUID.randomUUID().toString());
+jwtClaims.setSubject("pucc...@apache.org");
+jwtClaims.setIssuedAt(now.getTime());
+

syncope git commit: Make sure a null issuer is explicitly not allowed

2017-07-04 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master c86fb4e63 -> bbf5b514b


Make sure a null issuer is explicitly not allowed


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/bbf5b514
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/bbf5b514
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/bbf5b514

Branch: refs/heads/master
Commit: bbf5b514b92cf37109e1a168a189014f1c570356
Parents: c86fb4e
Author: Colm O hEigeartaigh 
Authored: Tue Jul 4 16:37:23 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Tue Jul 4 16:37:23 2017 +0100

--
 .../core/logic/init/ClassPathScanImplementationLookup.java| 1 -
 .../org/apache/syncope/core/spring/security/AuthDataAccessor.java | 3 +++
 2 files changed, 3 insertions(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/bbf5b514/core/logic/src/main/java/org/apache/syncope/core/logic/init/ClassPathScanImplementationLookup.java
--
diff --git 
a/core/logic/src/main/java/org/apache/syncope/core/logic/init/ClassPathScanImplementationLookup.java
 
b/core/logic/src/main/java/org/apache/syncope/core/logic/init/ClassPathScanImplementationLookup.java
index 1fa0043..fd2f1fb 100644
--- 
a/core/logic/src/main/java/org/apache/syncope/core/logic/init/ClassPathScanImplementationLookup.java
+++ 
b/core/logic/src/main/java/org/apache/syncope/core/logic/init/ClassPathScanImplementationLookup.java
@@ -29,7 +29,6 @@ import org.apache.syncope.common.lib.policy.AccountRuleConf;
 import org.apache.syncope.common.lib.policy.PasswordRuleConf;
 import org.apache.syncope.common.lib.report.ReportletConf;
 import org.apache.syncope.core.persistence.api.ImplementationLookup;
-import org.apache.syncope.core.persistence.api.ImplementationLookup.Type;
 import org.apache.syncope.core.persistence.api.attrvalue.validation.Validator;
 import org.apache.syncope.core.persistence.api.dao.AccountRule;
 import org.apache.syncope.core.persistence.api.dao.AccountRuleConfClass;

http://git-wip-us.apache.org/repos/asf/syncope/blob/bbf5b514/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java
--
diff --git 
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java
 
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java
index 1a425f3..402bfae 100644
--- 
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java
+++ 
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java
@@ -155,6 +155,9 @@ public class AuthDataAccessor {
 }
 }
 
+if (issuer == null) {
+throw new AuthenticationCredentialsNotFoundException("A null 
issuer is not permitted");
+}
 JWTSSOProvider provider = jwtSSOProviders.get(issuer);
 if (provider == null) {
 throw new AuthenticationCredentialsNotFoundException(

syncope git commit: Trivial grammatical fixes

2017-07-03 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X f5fc2f166 -> c102038a9


Trivial grammatical fixes


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/c102038a
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/c102038a
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/c102038a

Branch: refs/heads/2_0_X
Commit: c102038a996e82e29b41c4fca73fe0468c64a816
Parents: f5fc2f1
Author: Colm O hEigeartaigh 
Authored: Mon Jul 3 17:35:28 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Mon Jul 3 17:35:51 2017 +0100

--
 src/main/asciidoc/reference-guide/concepts/realms.adoc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/c102038a/src/main/asciidoc/reference-guide/concepts/realms.adoc
--
diff --git a/src/main/asciidoc/reference-guide/concepts/realms.adoc 
b/src/main/asciidoc/reference-guide/concepts/realms.adoc
index ec9cfbc..2ed169b 100644
--- a/src/main/asciidoc/reference-guide/concepts/realms.adoc
+++ b/src/main/asciidoc/reference-guide/concepts/realms.adoc
@@ -46,8 +46,8 @@ Moreover, this partition allows fine-grained control over 
policy enforcement and
 [[dynamic-realms]]
 .Dynamic Realms
 
-Realms provide a mean to model static containment hierarchies. +
-Such strategy might not be the ideal fit for situations where the set of 
Users, Groups and Any Objects to administer
+Realms provide a means to model static containment hierarchies. +
+This might not be the ideal fit for situations where the set of Users, Groups 
and Any Objects to administer
 cannot be statically defined by containment.
 
 Dynamic Realms can be used to identify Users, Groups and Any Objects according 
to some attributes' value, resource

syncope git commit: Log a warning if the default anonymousKey is being used

2017-06-29 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master c50ee3176 -> 3ceb8b597


Log a warning if the default anonymousKey is being used


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/3ceb8b59
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/3ceb8b59
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/3ceb8b59

Branch: refs/heads/master
Commit: 3ceb8b597b203d5e5b7fe96c55487e3df5641cb5
Parents: c50ee31
Author: Colm O hEigeartaigh 
Authored: Thu Jun 29 10:40:39 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Jun 29 11:04:36 2017 +0100

--
 .../src/test/resources/provisioningTest.xml   |  1 +
 .../spring/security/DefaultCredentialChecker.java | 14 +-
 .../UsernamePasswordAuthenticationProvider.java   |  1 +
 core/spring/src/main/resources/securityContext.xml|  1 +
 4 files changed, 16 insertions(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/3ceb8b59/core/provisioning-java/src/test/resources/provisioningTest.xml
--
diff --git a/core/provisioning-java/src/test/resources/provisioningTest.xml 
b/core/provisioning-java/src/test/resources/provisioningTest.xml
index 53fb6d9..e3c1dd2 100644
--- a/core/provisioning-java/src/test/resources/provisioningTest.xml
+++ b/core/provisioning-java/src/test/resources/provisioningTest.xml
@@ -59,6 +59,7 @@ under the License.
   
   
   
+  
   
   
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/3ceb8b59/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java
--
diff --git 
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java
 
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java
index a75b39e..a63c588 100644
--- 
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java
+++ 
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java
@@ -32,13 +32,18 @@ public class DefaultCredentialChecker {
 
 private static final String DEFAULT_ADMIN_PASSWORD = 
"5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8";
 
+private static final String DEFAULT_ANON_KEY = "anonymousKey";
+
 private final boolean defaultAdminPasswordInUse;
 
 private final boolean defaultJwsKeyInUse;
 
-public DefaultCredentialChecker(final String jwsKey, final String 
adminPassword) {
+private final boolean defaultAnonymousKeyInUse;
+
+public DefaultCredentialChecker(final String jwsKey, final String 
adminPassword, final String anonymousKey) {
 defaultJwsKeyInUse = DEFAULT_JWS_KEY.equals(jwsKey);
 defaultAdminPasswordInUse = 
DEFAULT_ADMIN_PASSWORD.equals(adminPassword);
+defaultAnonymousKeyInUse = DEFAULT_ANON_KEY.equals(anonymousKey);
 }
 
 public void checkIsDefaultJWSKeyInUse() {
@@ -55,4 +60,11 @@ public class DefaultCredentialChecker {
 }
 }
 
+public void checkIsDefaultAnonymousKeyInUse() {
+if (defaultAnonymousKeyInUse) {
+LOG.warn("The default anonymousKey property is being used. "
++ "This must be changed to avoid a security breach!");
+}
+}
+
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/3ceb8b59/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java
--
diff --git 
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java
 
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java
index 2a5430e..da11553 100644
--- 
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java
+++ 
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java
@@ -98,6 +98,7 @@ public class UsernamePasswordAuthenticationProvider 
implements AuthenticationPro
 
 if (anonymousUser.equals(authentication.getName())) {
 username[0] = anonymousUser;
+credentialChecker.checkIsDefaultAnonymousKeyInUse();
 authenticated = 
authentication.getCredentials().toString().equals(anonymousKey);
 } else if (adminUser.equals(authentication.getName())) {
 username[0] = adminUser;

http://git-wip-us.apache.org/repos/asf/syncope/blob/3ceb8b59/core/spring/src/main/resources/securityContext.xml

syncope git commit: Log a warning if the default anonymousKey is being used

2017-06-29 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X 4ba5e3bf9 -> 6f4af4163


Log a warning if the default anonymousKey is being used


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/6f4af416
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/6f4af416
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/6f4af416

Branch: refs/heads/2_0_X
Commit: 6f4af41637d18647398b2a33bfbf2522474874a7
Parents: 4ba5e3b
Author: Colm O hEigeartaigh 
Authored: Thu Jun 29 10:40:39 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Jun 29 11:04:51 2017 +0100

--
 .../src/test/resources/provisioningTest.xml   |  1 +
 .../spring/security/DefaultCredentialChecker.java | 14 +-
 .../UsernamePasswordAuthenticationProvider.java   |  1 +
 core/spring/src/main/resources/securityContext.xml|  1 +
 4 files changed, 16 insertions(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/6f4af416/core/provisioning-java/src/test/resources/provisioningTest.xml
--
diff --git a/core/provisioning-java/src/test/resources/provisioningTest.xml 
b/core/provisioning-java/src/test/resources/provisioningTest.xml
index 53fb6d9..e3c1dd2 100644
--- a/core/provisioning-java/src/test/resources/provisioningTest.xml
+++ b/core/provisioning-java/src/test/resources/provisioningTest.xml
@@ -59,6 +59,7 @@ under the License.
   
   
   
+  
   
   
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/6f4af416/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java
--
diff --git 
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java
 
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java
index a75b39e..a63c588 100644
--- 
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java
+++ 
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java
@@ -32,13 +32,18 @@ public class DefaultCredentialChecker {
 
 private static final String DEFAULT_ADMIN_PASSWORD = 
"5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8";
 
+private static final String DEFAULT_ANON_KEY = "anonymousKey";
+
 private final boolean defaultAdminPasswordInUse;
 
 private final boolean defaultJwsKeyInUse;
 
-public DefaultCredentialChecker(final String jwsKey, final String 
adminPassword) {
+private final boolean defaultAnonymousKeyInUse;
+
+public DefaultCredentialChecker(final String jwsKey, final String 
adminPassword, final String anonymousKey) {
 defaultJwsKeyInUse = DEFAULT_JWS_KEY.equals(jwsKey);
 defaultAdminPasswordInUse = 
DEFAULT_ADMIN_PASSWORD.equals(adminPassword);
+defaultAnonymousKeyInUse = DEFAULT_ANON_KEY.equals(anonymousKey);
 }
 
 public void checkIsDefaultJWSKeyInUse() {
@@ -55,4 +60,11 @@ public class DefaultCredentialChecker {
 }
 }
 
+public void checkIsDefaultAnonymousKeyInUse() {
+if (defaultAnonymousKeyInUse) {
+LOG.warn("The default anonymousKey property is being used. "
++ "This must be changed to avoid a security breach!");
+}
+}
+
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/6f4af416/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java
--
diff --git 
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java
 
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java
index 2a5430e..da11553 100644
--- 
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java
+++ 
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java
@@ -98,6 +98,7 @@ public class UsernamePasswordAuthenticationProvider 
implements AuthenticationPro
 
 if (anonymousUser.equals(authentication.getName())) {
 username[0] = anonymousUser;
+credentialChecker.checkIsDefaultAnonymousKeyInUse();
 authenticated = 
authentication.getCredentials().toString().equals(anonymousKey);
 } else if (adminUser.equals(authentication.getName())) {
 username[0] = adminUser;

http://git-wip-us.apache.org/repos/asf/syncope/blob/6f4af416/core/spring/src/main/resources/securityContext.xml

syncope git commit: Removing "Roles" from the anonymous authn section of the docs

2017-06-28 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X e4fb3d581 -> 9d553b85f


Removing "Roles" from the anonymous authn section of the docs


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/9d553b85
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/9d553b85
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/9d553b85

Branch: refs/heads/2_0_X
Commit: 9d553b85f93195cef9afd65096a8e4dacf0e541f
Parents: e4fb3d5
Author: Colm O hEigeartaigh 
Authored: Wed Jun 28 13:30:04 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Wed Jun 28 13:30:33 2017 +0100

--
 .../reference-guide/workingwithapachesyncope/restfulservices.adoc  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/9d553b85/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc
--
diff --git 
a/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc
 
b/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc
index 0ebd83d..da00883 100644
--- 
a/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc
+++ 
b/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc
@@ -80,7 +80,7 @@ The set of RESTful services provided by Apache Syncope can be 
divided as:
 . endpoints accessible without any sort of authentication (e.g. truly 
anonymous), for self-registration and
 <>;
 . endpoints disclosing information about the given Syncope deployment 
(available <>, configured
-<>, Groups, Roles, ...), requiring some sort of shared 
authentication defined by the
+<>, Groups, ...), requiring some sort of shared 
authentication defined by the
 `anonymousKey` value  in the `security.properties` file - for more 
information, read about Spring Security's
 
http://docs.spring.io/spring-security/site/docs/4.2.x/reference/htmlsingle/#anonymous[Anonymous
 Authentication^];
 . endpoints for self-service (self-update, password change, ...), requiring 
user authentication and no entitlements;

syncope git commit: Removing "Roles" from the anonymous authn section of the docs

2017-06-28 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master 733b97203 -> aa5d3ba95


Removing "Roles" from the anonymous authn section of the docs


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/aa5d3ba9
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/aa5d3ba9
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/aa5d3ba9

Branch: refs/heads/master
Commit: aa5d3ba9505f2512cc17f847c32716cde4b0359b
Parents: 733b972
Author: Colm O hEigeartaigh 
Authored: Wed Jun 28 13:30:04 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Wed Jun 28 13:30:04 2017 +0100

--
 .../reference-guide/workingwithapachesyncope/restfulservices.adoc  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/aa5d3ba9/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc
--
diff --git 
a/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc
 
b/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc
index 595c96e..8627087 100644
--- 
a/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc
+++ 
b/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc
@@ -80,7 +80,7 @@ The set of RESTful services provided by Apache Syncope can be 
divided as:
 . endpoints accessible without any sort of authentication (e.g. truly 
anonymous), for self-registration and
 <>;
 . endpoints disclosing information about the given Syncope deployment 
(available <>, configured
-<>, Groups, Roles, ...), requiring some sort of shared 
authentication defined by the
+<>, Groups, ...), requiring some sort of shared 
authentication defined by the
 `anonymousKey` value  in the `security.properties` file - for more 
information, read about Spring Security's
 
http://docs.spring.io/spring-security/site/docs/4.2.x/reference/htmlsingle/#anonymous[Anonymous
 Authentication^];
 . endpoints for self-service (self-update, password change, ...), requiring 
user authentication and no entitlements;

syncope git commit: SYNCOPE-1119 - Support specifying the admin password using the installer

2017-06-26 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X dd9e73fe2 -> c4c301c97


SYNCOPE-1119 - Support specifying the admin password using the installer


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/c4c301c9
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/c4c301c9
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/c4c301c9

Branch: refs/heads/2_0_X
Commit: c4c301c977f8d9b24ea85244b36d1600ada930bd
Parents: dd9e73f
Author: Colm O hEigeartaigh 
Authored: Mon Jun 26 17:12:57 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Mon Jun 26 17:13:48 2017 +0100

--
 .../META-INF/maven/archetype-metadata.xml   |  3 +++
 archetype/src/main/resources/meta-pom.xml   |  1 +
 .../src/main/resources/security.properties  |  2 +-
 .../syncope/installer/utilities/MavenUtils.java | 21 ++--
 .../validators/ArchetypeValidator.java  |  5 +
 .../src/main/resources/izpack/userInputSpec.xml |  4 
 pom.xml |  1 +
 7 files changed, 34 insertions(+), 3 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/c4c301c9/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml
--
diff --git a/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml 
b/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml
index db55592..f3ba98c 100644
--- a/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml
+++ b/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml
@@ -24,6 +24,9 @@ under the License.
 
 
 
+
+5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
+
   
   
   

http://git-wip-us.apache.org/repos/asf/syncope/blob/c4c301c9/archetype/src/main/resources/meta-pom.xml
--
diff --git a/archetype/src/main/resources/meta-pom.xml 
b/archetype/src/main/resources/meta-pom.xml
index 3ee57a1..a322758 100644
--- a/archetype/src/main/resources/meta-pom.xml
+++ b/archetype/src/main/resources/meta-pom.xml
@@ -34,6 +34,7 @@ under the License.
 ${secretKey}
 ${anonymousKey}
 ${jwsKey}
+${adminPassword}
 
 true
 true

http://git-wip-us.apache.org/repos/asf/syncope/blob/c4c301c9/core/spring/src/main/resources/security.properties
--
diff --git a/core/spring/src/main/resources/security.properties 
b/core/spring/src/main/resources/security.properties
index 9e59a96..5c39d1e 100644
--- a/core/spring/src/main/resources/security.properties
+++ b/core/spring/src/main/resources/security.properties
@@ -15,7 +15,7 @@
 # specific language governing permissions and limitations
 # under the License.
 adminUser=${adminUser}
-adminPassword=5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
+adminPassword=${adminPassword}
 adminPasswordAlgorithm=SHA1
 
 anonymousUser=${anonymousUser}

http://git-wip-us.apache.org/repos/asf/syncope/blob/c4c301c9/installer/src/main/java/org/apache/syncope/installer/utilities/MavenUtils.java
--
diff --git 
a/installer/src/main/java/org/apache/syncope/installer/utilities/MavenUtils.java
 
b/installer/src/main/java/org/apache/syncope/installer/utilities/MavenUtils.java
index cd773a8..59ee898 100644
--- 
a/installer/src/main/java/org/apache/syncope/installer/utilities/MavenUtils.java
+++ 
b/installer/src/main/java/org/apache/syncope/installer/utilities/MavenUtils.java
@@ -23,15 +23,23 @@ import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.PrintStream;
+import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 import java.util.Properties;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.TransformerException;
+
+import org.apache.commons.codec.binary.Hex;
 import org.apache.commons.io.FileUtils;
 import org.apache.maven.shared.invoker.DefaultInvocationRequest;
 import org.apache.maven.shared.invoker.DefaultInvoker;
@@ -110,8 +118,17 @@ public class MavenUtils {
 properties.setProperty("anonymousKey", anonymousKey);
 properties.setProperty("jwsKey", jwsKey);
 
-//String encodedPassword = PasswordGenerator.password(adminPassword, 
"SHA-1");
-

syncope git commit: SYNCOPE-1119 - Support specifying the admin password using the installer

2017-06-26 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master 2deb36904 -> cca472be5


SYNCOPE-1119 - Support specifying the admin password using the installer


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/cca472be
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/cca472be
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/cca472be

Branch: refs/heads/master
Commit: cca472be51fd9d882e4bd8aa8f1e03a4c16112d6
Parents: 2deb369
Author: Colm O hEigeartaigh 
Authored: Mon Jun 26 17:12:57 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Mon Jun 26 17:13:21 2017 +0100

--
 .../META-INF/maven/archetype-metadata.xml   |  3 +++
 archetype/src/main/resources/meta-pom.xml   |  1 +
 .../src/main/resources/security.properties  |  2 +-
 .../syncope/installer/utilities/MavenUtils.java | 21 ++--
 .../validators/ArchetypeValidator.java  |  5 +
 .../src/main/resources/izpack/userInputSpec.xml |  4 
 pom.xml |  1 +
 7 files changed, 34 insertions(+), 3 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/cca472be/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml
--
diff --git a/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml 
b/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml
index db55592..f3ba98c 100644
--- a/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml
+++ b/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml
@@ -24,6 +24,9 @@ under the License.
 
 
 
+
+5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
+
   
   
   

http://git-wip-us.apache.org/repos/asf/syncope/blob/cca472be/archetype/src/main/resources/meta-pom.xml
--
diff --git a/archetype/src/main/resources/meta-pom.xml 
b/archetype/src/main/resources/meta-pom.xml
index 3ee57a1..a322758 100644
--- a/archetype/src/main/resources/meta-pom.xml
+++ b/archetype/src/main/resources/meta-pom.xml
@@ -34,6 +34,7 @@ under the License.
 ${secretKey}
 ${anonymousKey}
 ${jwsKey}
+${adminPassword}
 
 true
 true

http://git-wip-us.apache.org/repos/asf/syncope/blob/cca472be/core/spring/src/main/resources/security.properties
--
diff --git a/core/spring/src/main/resources/security.properties 
b/core/spring/src/main/resources/security.properties
index 9e59a96..5c39d1e 100644
--- a/core/spring/src/main/resources/security.properties
+++ b/core/spring/src/main/resources/security.properties
@@ -15,7 +15,7 @@
 # specific language governing permissions and limitations
 # under the License.
 adminUser=${adminUser}
-adminPassword=5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
+adminPassword=${adminPassword}
 adminPasswordAlgorithm=SHA1
 
 anonymousUser=${anonymousUser}

http://git-wip-us.apache.org/repos/asf/syncope/blob/cca472be/installer/src/main/java/org/apache/syncope/installer/utilities/MavenUtils.java
--
diff --git 
a/installer/src/main/java/org/apache/syncope/installer/utilities/MavenUtils.java
 
b/installer/src/main/java/org/apache/syncope/installer/utilities/MavenUtils.java
index cd773a8..59ee898 100644
--- 
a/installer/src/main/java/org/apache/syncope/installer/utilities/MavenUtils.java
+++ 
b/installer/src/main/java/org/apache/syncope/installer/utilities/MavenUtils.java
@@ -23,15 +23,23 @@ import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.PrintStream;
+import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
 import java.util.Properties;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.TransformerException;
+
+import org.apache.commons.codec.binary.Hex;
 import org.apache.commons.io.FileUtils;
 import org.apache.maven.shared.invoker.DefaultInvocationRequest;
 import org.apache.maven.shared.invoker.DefaultInvoker;
@@ -110,8 +118,17 @@ public class MavenUtils {
 properties.setProperty("anonymousKey", anonymousKey);
 properties.setProperty("jwsKey", jwsKey);
 
-//String encodedPassword = PasswordGenerator.password(adminPassword, 
"SHA-1");
-

[1/2] syncope git commit: Fixing some Javadoc warnings

2017-06-26 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X a9d916e99 -> 9530eac4c


Fixing some Javadoc warnings


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/eacb4df3
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/eacb4df3
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/eacb4df3

Branch: refs/heads/2_0_X
Commit: eacb4df325cad11412893f502319911d740bfd03
Parents: a9d916e
Author: Colm O hEigeartaigh 
Authored: Mon Jun 26 15:32:28 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Mon Jun 26 15:37:42 2017 +0100

--
 .../apache/syncope/client/lib/SyncopeClientFactoryBean.java | 9 ++---
 .../apache/syncope/common/lib/search/SyncopeProperty.java   | 2 +-
 .../apache/syncope/ide/netbeans/view/ServerDetailsView.java | 2 ++
 3 files changed, 9 insertions(+), 4 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/eacb4df3/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java
--
diff --git 
a/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java
 
b/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java
index e51723a..2cf1021 100644
--- 
a/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java
+++ 
b/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java
@@ -245,7 +245,8 @@ public class SyncopeClientFactoryBean {
 
 /**
  * Builds client instance with the given credentials.
- * Such credentials will be used only to obtain a valid JWT in the {@link 
HttpHeaders#AUTHORIZATION} header;
+ * Such credentials will be used only to obtain a valid JWT in the
+ * {@link javax.ws.rs.core.HttpHeaders#AUTHORIZATION} header;
  *
  * @param username username
  * @param password password
@@ -256,11 +257,13 @@ public class SyncopeClientFactoryBean {
 }
 
 /**
- * Builds client instance which will be passing the provided value in the 
{@link HttpHeaders#AUTHORIZATION}
+ * Builds client instance which will be passing the provided value in the
+ * {@link javax.ws.rs.core.HttpHeaders#AUTHORIZATION}
  * request header.
  *
  * @param jwt value received after login, in the {@link RESTHeaders#TOKEN} 
response header
- * @return client instance which will be passing the provided value in the 
{@link HttpHeaders#AUTHORIZATION}
+ * @return client instance which will be passing the provided value in the
+ * {@link javax.ws.rs.core.HttpHeaders#AUTHORIZATION}
  * request header
  */
 public SyncopeClient create(final String jwt) {

http://git-wip-us.apache.org/repos/asf/syncope/blob/eacb4df3/common/lib/src/main/java/org/apache/syncope/common/lib/search/SyncopeProperty.java
--
diff --git 
a/common/lib/src/main/java/org/apache/syncope/common/lib/search/SyncopeProperty.java
 
b/common/lib/src/main/java/org/apache/syncope/common/lib/search/SyncopeProperty.java
index fe2d47e..bcc55ca 100644
--- 
a/common/lib/src/main/java/org/apache/syncope/common/lib/search/SyncopeProperty.java
+++ 
b/common/lib/src/main/java/org/apache/syncope/common/lib/search/SyncopeProperty.java
@@ -37,7 +37,7 @@ public interface SyncopeProperty extends Property {
 
 /** Is textual property different (ignoring case) than given literal or 
not matching given pattern?
  *
- * @param literalOrPattern
+ * @param literalOrPattern The literal or Pattern String
  * @return updated condition
  */
 CompleteCondition notEqualTolIgnoreCase(String literalOrPattern);

http://git-wip-us.apache.org/repos/asf/syncope/blob/eacb4df3/ide/netbeans/src/main/java/org/apache/syncope/ide/netbeans/view/ServerDetailsView.java
--
diff --git 
a/ide/netbeans/src/main/java/org/apache/syncope/ide/netbeans/view/ServerDetailsView.java
 
b/ide/netbeans/src/main/java/org/apache/syncope/ide/netbeans/view/ServerDetailsView.java
index ba9c60c..58ebde2 100644
--- 
a/ide/netbeans/src/main/java/org/apache/syncope/ide/netbeans/view/ServerDetailsView.java
+++ 
b/ide/netbeans/src/main/java/org/apache/syncope/ide/netbeans/view/ServerDetailsView.java
@@ -36,6 +36,8 @@ public class ServerDetailsView extends JDialog {
 
 /**
  * Creates new form LoginView
+ * @param parent Parent Frame
+ * @param modal Whether it is modal or not
  */
 public ServerDetailsView(final java.awt.Frame parent, final boolean modal) 
{
 super(parent, modal);

[2/2] syncope git commit: SYNCOPE-1119 - Updating docs again

2017-06-26 Thread coheigea 
SYNCOPE-1119 - Updating docs again


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/9530eac4
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/9530eac4
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/9530eac4

Branch: refs/heads/2_0_X
Commit: 9530eac4c973a0bcb1374a50d085217b717fc389
Parents: eacb4df
Author: Colm O hEigeartaigh 
Authored: Mon Jun 26 15:37:00 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Mon Jun 26 15:37:47 2017 +0100

--
 src/main/asciidoc/getting-started/movingForward.adoc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/9530eac4/src/main/asciidoc/getting-started/movingForward.adoc
--
diff --git a/src/main/asciidoc/getting-started/movingForward.adoc 
b/src/main/asciidoc/getting-started/movingForward.adoc
index 2ab602e..9162f6a 100644
--- a/src/main/asciidoc/getting-started/movingForward.adoc
+++ b/src/main/asciidoc/getting-started/movingForward.adoc
@@ -45,4 +45,5 @@ Authorization" of the Reference Guide for more information.
 
 Note that if you installed Syncope using either the installer or the maven 
archetype methods, then you will have already
 supplied custom values for "*secretKey*" and "*anonymousKey*". From Syncope 
2.0.4 onwards, both installation methods will also
-query for "*jwsKey*" and "*adminPassword*", and so no further action is 
required for these installation methods.
+query for "*jwsKey*", and the installer method will prompt for the 
"*adminPassword*" as well. 
+

[2/2] syncope git commit: SYNCOPE-1119 - Updating docs again

2017-06-26 Thread coheigea 
SYNCOPE-1119 - Updating docs again


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/053cb7e7
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/053cb7e7
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/053cb7e7

Branch: refs/heads/master
Commit: 053cb7e733ab5f53d8cf8b87792944800311ed0c
Parents: b5889b2
Author: Colm O hEigeartaigh 
Authored: Mon Jun 26 15:37:00 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Mon Jun 26 15:37:00 2017 +0100

--
 src/main/asciidoc/getting-started/movingForward.adoc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/053cb7e7/src/main/asciidoc/getting-started/movingForward.adoc
--
diff --git a/src/main/asciidoc/getting-started/movingForward.adoc 
b/src/main/asciidoc/getting-started/movingForward.adoc
index 2ab602e..9162f6a 100644
--- a/src/main/asciidoc/getting-started/movingForward.adoc
+++ b/src/main/asciidoc/getting-started/movingForward.adoc
@@ -45,4 +45,5 @@ Authorization" of the Reference Guide for more information.
 
 Note that if you installed Syncope using either the installer or the maven 
archetype methods, then you will have already
 supplied custom values for "*secretKey*" and "*anonymousKey*". From Syncope 
2.0.4 onwards, both installation methods will also
-query for "*jwsKey*" and "*adminPassword*", and so no further action is 
required for these installation methods.
+query for "*jwsKey*", and the installer method will prompt for the 
"*adminPassword*" as well. 
+

[1/2] syncope git commit: Fixing some Javadoc warnings

2017-06-26 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master 8432cce7e -> 053cb7e73


Fixing some Javadoc warnings


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/b5889b25
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/b5889b25
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/b5889b25

Branch: refs/heads/master
Commit: b5889b250f4b3ed2900feebe3f2c48899c1a517a
Parents: 8432cce
Author: Colm O hEigeartaigh 
Authored: Mon Jun 26 15:32:28 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Mon Jun 26 15:32:28 2017 +0100

--
 .../apache/syncope/client/lib/SyncopeClientFactoryBean.java | 9 ++---
 .../apache/syncope/common/lib/search/SyncopeProperty.java   | 2 +-
 .../apache/syncope/ide/netbeans/view/ServerDetailsView.java | 2 ++
 3 files changed, 9 insertions(+), 4 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/b5889b25/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java
--
diff --git 
a/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java
 
b/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java
index 1e5924b..eba161d 100644
--- 
a/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java
+++ 
b/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java
@@ -245,7 +245,8 @@ public class SyncopeClientFactoryBean {
 
 /**
  * Builds client instance with the given credentials.
- * Such credentials will be used only to obtain a valid JWT in the {@link 
HttpHeaders#AUTHORIZATION} header;
+ * Such credentials will be used only to obtain a valid JWT in the
+ * {@link javax.ws.rs.core.HttpHeaders#AUTHORIZATION} header;
  *
  * @param username username
  * @param password password
@@ -256,11 +257,13 @@ public class SyncopeClientFactoryBean {
 }
 
 /**
- * Builds client instance which will be passing the provided value in the 
{@link HttpHeaders#AUTHORIZATION}
+ * Builds client instance which will be passing the provided value in the
+ * {@link javax.ws.rs.core.HttpHeaders#AUTHORIZATION}
  * request header.
  *
  * @param jwt value received after login, in the {@link RESTHeaders#TOKEN} 
response header
- * @return client instance which will be passing the provided value in the 
{@link HttpHeaders#AUTHORIZATION}
+ * @return client instance which will be passing the provided value in the
+ * {@link javax.ws.rs.core.HttpHeaders#AUTHORIZATION}
  * request header
  */
 public SyncopeClient create(final String jwt) {

http://git-wip-us.apache.org/repos/asf/syncope/blob/b5889b25/common/lib/src/main/java/org/apache/syncope/common/lib/search/SyncopeProperty.java
--
diff --git 
a/common/lib/src/main/java/org/apache/syncope/common/lib/search/SyncopeProperty.java
 
b/common/lib/src/main/java/org/apache/syncope/common/lib/search/SyncopeProperty.java
index fe2d47e..bcc55ca 100644
--- 
a/common/lib/src/main/java/org/apache/syncope/common/lib/search/SyncopeProperty.java
+++ 
b/common/lib/src/main/java/org/apache/syncope/common/lib/search/SyncopeProperty.java
@@ -37,7 +37,7 @@ public interface SyncopeProperty extends Property {
 
 /** Is textual property different (ignoring case) than given literal or 
not matching given pattern?
  *
- * @param literalOrPattern
+ * @param literalOrPattern The literal or Pattern String
  * @return updated condition
  */
 CompleteCondition notEqualTolIgnoreCase(String literalOrPattern);

http://git-wip-us.apache.org/repos/asf/syncope/blob/b5889b25/ide/netbeans/src/main/java/org/apache/syncope/ide/netbeans/view/ServerDetailsView.java
--
diff --git 
a/ide/netbeans/src/main/java/org/apache/syncope/ide/netbeans/view/ServerDetailsView.java
 
b/ide/netbeans/src/main/java/org/apache/syncope/ide/netbeans/view/ServerDetailsView.java
index ba9c60c..58ebde2 100644
--- 
a/ide/netbeans/src/main/java/org/apache/syncope/ide/netbeans/view/ServerDetailsView.java
+++ 
b/ide/netbeans/src/main/java/org/apache/syncope/ide/netbeans/view/ServerDetailsView.java
@@ -36,6 +36,8 @@ public class ServerDetailsView extends JDialog {
 
 /**
  * Creates new form LoginView
+ * @param parent Parent Frame
+ * @param modal Whether it is modal or not
  */
 public ServerDetailsView(final java.awt.Frame parent, final boolean modal) 
{
 super(parent, modal);

syncope git commit: SYNCOPE-1120 - Use the standard Bearer Authorization header for JWT tokens

2017-06-23 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X 8a6e9f86a -> 652312dff


SYNCOPE-1120 - Use the standard Bearer Authorization header for JWT tokens


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/652312df
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/652312df
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/652312df

Branch: refs/heads/2_0_X
Commit: 652312dff5eb88dd2cbb462930e50508968afbc4
Parents: 8a6e9f8
Author: Colm O hEigeartaigh 
Authored: Fri Jun 23 16:36:16 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Jun 23 16:37:11 2017 +0100

--
 .../client/console/rest/BaseRestClient.java |  5 +++-
 .../syncope/client/lib/SyncopeClient.java   | 24 +---
 .../client/lib/SyncopeClientFactoryBean.java|  6 ++---
 .../security/JWTAuthenticationFilter.java   | 11 +
 .../rest/cxf/service/SAML2SPServiceImpl.java| 16 ++---
 .../org/apache/syncope/fit/AbstractITCase.java  |  4 +++-
 6 files changed, 46 insertions(+), 20 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/652312df/client/console/src/main/java/org/apache/syncope/client/console/rest/BaseRestClient.java
--
diff --git 
a/client/console/src/main/java/org/apache/syncope/client/console/rest/BaseRestClient.java
 
b/client/console/src/main/java/org/apache/syncope/client/console/rest/BaseRestClient.java
index 8b3dce2..4a780a6 100644
--- 
a/client/console/src/main/java/org/apache/syncope/client/console/rest/BaseRestClient.java
+++ 
b/client/console/src/main/java/org/apache/syncope/client/console/rest/BaseRestClient.java
@@ -19,6 +19,9 @@
 package org.apache.syncope.client.console.rest;
 
 import java.net.URI;
+
+import javax.ws.rs.core.HttpHeaders;
+
 import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.syncope.client.console.SyncopeConsoleSession;
 import org.apache.syncope.client.lib.SyncopeClient;
@@ -76,7 +79,7 @@ public abstract class BaseRestClient implements RestClient {
 
webClient.accept(SyncopeConsoleSession.get().getMediaType()).to(location.toASCIIString(),
 false);
 return webClient.
 header(RESTHeaders.DOMAIN, 
SyncopeConsoleSession.get().getDomain()).
-header(RESTHeaders.TOKEN, 
SyncopeConsoleSession.get().getJWT()).
+header(HttpHeaders.AUTHORIZATION, "Bearer " + 
SyncopeConsoleSession.get().getJWT()).
 get(resultClass);
 }
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/652312df/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClient.java
--
diff --git 
a/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClient.java 
b/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClient.java
index f722cf8..c13fa77 100644
--- a/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClient.java
+++ b/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClient.java
@@ -27,6 +27,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import javax.ws.rs.core.EntityTag;
+import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import org.apache.commons.lang3.tuple.ImmutablePair;
@@ -107,18 +108,19 @@ public class SyncopeClient {
 restClientFactory.setPassword(((BasicAuthenticationHandler) 
handler).getPassword());
 
 String jwt = 
getService(AccessTokenService.class).login().getHeaderString(RESTHeaders.TOKEN);
-restClientFactory.getHeaders().put(RESTHeaders.TOKEN, 
Collections.singletonList(jwt));
+restClientFactory.getHeaders().put(HttpHeaders.AUTHORIZATION, 
Collections.singletonList("Bearer " + jwt));
 
 restClientFactory.setUsername(null);
 restClientFactory.setPassword(null);
 } else if (handler instanceof JWTAuthenticationHandler) {
 restClientFactory.getHeaders().put(
-RESTHeaders.TOKEN, 
Collections.singletonList(((JWTAuthenticationHandler) handler).getJwt()));
+HttpHeaders.AUTHORIZATION,
+Collections.singletonList("Bearer " + 
((JWTAuthenticationHandler) handler).getJwt()));
 }
 }
 
 protected void cleanup() {
-restClientFactory.getHeaders().remove(RESTHeaders.TOKEN);
+restClientFactory.getHeaders().remove(HttpHeaders.AUTHORIZATION);
 restClientFactory.setUsername(null);
 restClientFactory.setPassword(null);
 }
@@ -128,7 +130,7 @@ public class SyncopeClient {
  */
 public void refresh() {
 String jwt =

syncope git commit: SYNCOPE-1120 - Use the standard Bearer Authorization header for JWT tokens

2017-06-23 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master e76c59da5 -> ab4c623a3


SYNCOPE-1120 - Use the standard Bearer Authorization header for JWT tokens


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/ab4c623a
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/ab4c623a
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/ab4c623a

Branch: refs/heads/master
Commit: ab4c623a3f6ccdbe03968235b843ec81a2d97b1f
Parents: e76c59d
Author: Colm O hEigeartaigh 
Authored: Fri Jun 23 16:36:16 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Jun 23 16:36:48 2017 +0100

--
 .../client/console/rest/BaseRestClient.java |  5 +++-
 .../syncope/client/lib/SyncopeClient.java   | 24 +---
 .../client/lib/SyncopeClientFactoryBean.java|  6 ++---
 .../security/JWTAuthenticationFilter.java   | 11 +
 .../rest/cxf/service/SAML2SPServiceImpl.java| 16 ++---
 .../org/apache/syncope/fit/AbstractITCase.java  |  4 +++-
 6 files changed, 46 insertions(+), 20 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/ab4c623a/client/console/src/main/java/org/apache/syncope/client/console/rest/BaseRestClient.java
--
diff --git 
a/client/console/src/main/java/org/apache/syncope/client/console/rest/BaseRestClient.java
 
b/client/console/src/main/java/org/apache/syncope/client/console/rest/BaseRestClient.java
index 8b3dce2..4a780a6 100644
--- 
a/client/console/src/main/java/org/apache/syncope/client/console/rest/BaseRestClient.java
+++ 
b/client/console/src/main/java/org/apache/syncope/client/console/rest/BaseRestClient.java
@@ -19,6 +19,9 @@
 package org.apache.syncope.client.console.rest;
 
 import java.net.URI;
+
+import javax.ws.rs.core.HttpHeaders;
+
 import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.syncope.client.console.SyncopeConsoleSession;
 import org.apache.syncope.client.lib.SyncopeClient;
@@ -76,7 +79,7 @@ public abstract class BaseRestClient implements RestClient {
 
webClient.accept(SyncopeConsoleSession.get().getMediaType()).to(location.toASCIIString(),
 false);
 return webClient.
 header(RESTHeaders.DOMAIN, 
SyncopeConsoleSession.get().getDomain()).
-header(RESTHeaders.TOKEN, 
SyncopeConsoleSession.get().getJWT()).
+header(HttpHeaders.AUTHORIZATION, "Bearer " + 
SyncopeConsoleSession.get().getJWT()).
 get(resultClass);
 }
 }

http://git-wip-us.apache.org/repos/asf/syncope/blob/ab4c623a/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClient.java
--
diff --git 
a/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClient.java 
b/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClient.java
index f722cf8..c13fa77 100644
--- a/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClient.java
+++ b/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClient.java
@@ -27,6 +27,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import javax.ws.rs.core.EntityTag;
+import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
 import org.apache.commons.lang3.tuple.ImmutablePair;
@@ -107,18 +108,19 @@ public class SyncopeClient {
 restClientFactory.setPassword(((BasicAuthenticationHandler) 
handler).getPassword());
 
 String jwt = 
getService(AccessTokenService.class).login().getHeaderString(RESTHeaders.TOKEN);
-restClientFactory.getHeaders().put(RESTHeaders.TOKEN, 
Collections.singletonList(jwt));
+restClientFactory.getHeaders().put(HttpHeaders.AUTHORIZATION, 
Collections.singletonList("Bearer " + jwt));
 
 restClientFactory.setUsername(null);
 restClientFactory.setPassword(null);
 } else if (handler instanceof JWTAuthenticationHandler) {
 restClientFactory.getHeaders().put(
-RESTHeaders.TOKEN, 
Collections.singletonList(((JWTAuthenticationHandler) handler).getJwt()));
+HttpHeaders.AUTHORIZATION,
+Collections.singletonList("Bearer " + 
((JWTAuthenticationHandler) handler).getJwt()));
 }
 }
 
 protected void cleanup() {
-restClientFactory.getHeaders().remove(RESTHeaders.TOKEN);
+restClientFactory.getHeaders().remove(HttpHeaders.AUTHORIZATION);
 restClientFactory.setUsername(null);
 restClientFactory.setPassword(null);
 }
@@ -128,7 +130,7 @@ public class SyncopeClient {
  */
 public void refresh() {
 String jwt =

[2/2] syncope git commit: SYNCOPE-1117 - Require that a jwsKey is specified when using the installer + maven archetype

2017-06-23 Thread coheigea 
SYNCOPE-1117 - Require that a jwsKey is specified when using the installer + 
maven archetype


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/61b9f412
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/61b9f412
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/61b9f412

Branch: refs/heads/2_0_X
Commit: 61b9f412c5d1b67f43c1c4f04b809cf2bfb2f96a
Parents: 9f40bd2
Author: Colm O hEigeartaigh 
Authored: Fri Jun 23 13:36:08 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Jun 23 13:37:17 2017 +0100

--
 .../resources/META-INF/maven/archetype-metadata.xml|  1 +
 archetype/src/main/resources/meta-pom.xml  |  1 +
 .../resources/projects/default/archetype.properties|  2 ++
 core/spring/src/main/resources/security.properties |  2 +-
 .../syncope/installer/processes/ArchetypeProcess.java  |  4 +++-
 .../apache/syncope/installer/utilities/MavenUtils.java | 13 +++--
 .../installer/validators/ArchetypeValidator.java   |  5 +
 .../src/main/resources/izpack/ProcessPanel.Spec.xml|  3 ++-
 .../src/main/resources/izpack/userInputLang.xml_eng|  1 +
 .../src/main/resources/izpack/userInputLang.xml_ita|  1 +
 installer/src/main/resources/izpack/userInputSpec.xml  |  4 
 pom.xml|  1 +
 12 files changed, 33 insertions(+), 5 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/61b9f412/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml
--
diff --git a/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml 
b/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml
index 7060a73..db55592 100644
--- a/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml
+++ b/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml
@@ -23,6 +23,7 @@ under the License.
   
 
 
+
   
   
   

http://git-wip-us.apache.org/repos/asf/syncope/blob/61b9f412/archetype/src/main/resources/meta-pom.xml
--
diff --git a/archetype/src/main/resources/meta-pom.xml 
b/archetype/src/main/resources/meta-pom.xml
index 47a2d5e..3ee57a1 100644
--- a/archetype/src/main/resources/meta-pom.xml
+++ b/archetype/src/main/resources/meta-pom.xml
@@ -33,6 +33,7 @@ under the License.
 
 ${secretKey}
 ${anonymousKey}
+${jwsKey}
 
 true
 true

http://git-wip-us.apache.org/repos/asf/syncope/blob/61b9f412/archetype/src/test/resources/projects/default/archetype.properties
--
diff --git a/archetype/src/test/resources/projects/default/archetype.properties 
b/archetype/src/test/resources/projects/default/archetype.properties
index e8b1aee..620c4b7 100644
--- a/archetype/src/test/resources/projects/default/archetype.properties
+++ b/archetype/src/test/resources/projects/default/archetype.properties
@@ -19,3 +19,5 @@ artifactId=syncope-test
 version=1.0-SNAPSHOT
 secretKey=testSecretKey
 anonymousKey=testAnonymousKey
+jwsKey=testJwsKey
+adminPassword=testPassword

http://git-wip-us.apache.org/repos/asf/syncope/blob/61b9f412/core/spring/src/main/resources/security.properties
--
diff --git a/core/spring/src/main/resources/security.properties 
b/core/spring/src/main/resources/security.properties
index d4f892b..9e59a96 100644
--- a/core/spring/src/main/resources/security.properties
+++ b/core/spring/src/main/resources/security.properties
@@ -23,7 +23,7 @@ anonymousKey=${anonymousKey}
 
 secretKey=${secretKey}
 
-jwsKey=ZW7pRixehFuNUtnY5Se47IemgMryTzazPPJ9CGX5LTCmsOJpOgHAQEuPQeV9A28f
+jwsKey=${jwsKey}
 jwtIssuer=ApacheSyncope
 
 # default for LDAP / RFC2307 SSHA

http://git-wip-us.apache.org/repos/asf/syncope/blob/61b9f412/installer/src/main/java/org/apache/syncope/installer/processes/ArchetypeProcess.java
--
diff --git 
a/installer/src/main/java/org/apache/syncope/installer/processes/ArchetypeProcess.java
 
b/installer/src/main/java/org/apache/syncope/installer/processes/ArchetypeProcess.java
index e0e61b0..8115b2b 100644
--- 
a/installer/src/main/java/org/apache/syncope/installer/processes/ArchetypeProcess.java
+++ 
b/installer/src/main/java/org/apache/syncope/installer/processes/ArchetypeProcess.java
@@ -56,6 +56,7 @@ public class ArchetypeProcess extends BaseProcess {
 final boolean mavenProxyAutoconf = Boolean.valueOf(args[17]);
 final boolean swagger = Boolean.valueOf(args[18]);
 final boolean activiti = Boolean.valueOf(args[19]);
+

[1/2] syncope git commit: SYNCOPE-1119 - Make it more obvious that the default admin password needs to be changed

2017-06-23 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X 7e3a4c909 -> 61b9f412c


SYNCOPE-1119 - Make it more obvious that the default admin password needs to be 
changed


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/9f40bd25
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/9f40bd25
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/9f40bd25

Branch: refs/heads/2_0_X
Commit: 9f40bd25b48f32fa5e5289a00e6f033925c81f26
Parents: 7e3a4c9
Author: Colm O hEigeartaigh 
Authored: Fri Jun 23 12:37:29 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Jun 23 13:37:10 2017 +0100

--
 .../spring/security/UsernamePasswordAuthenticationProvider.java  | 4 
 1 file changed, 4 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/9f40bd25/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java
--
diff --git 
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java
 
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java
index 28cc970..2a5430e 100644
--- 
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java
+++ 
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java
@@ -50,6 +50,9 @@ public class UsernamePasswordAuthenticationProvider 
implements AuthenticationPro
 @Autowired
 protected UserProvisioningManager provisioningManager;
 
+@Autowired
+private DefaultCredentialChecker credentialChecker;
+
 @Resource(name = "adminUser")
 protected String adminUser;
 
@@ -99,6 +102,7 @@ public class UsernamePasswordAuthenticationProvider 
implements AuthenticationPro
 } else if (adminUser.equals(authentication.getName())) {
 username[0] = adminUser;
 if (SyncopeConstants.MASTER_DOMAIN.equals(domainKey)) {
+credentialChecker.checkIsDefaultAdminPasswordInUse();
 authenticated = ENCRYPTOR.verify(
 authentication.getCredentials().toString(),
 CipherAlgorithm.valueOf(adminPasswordAlgorithm),

[2/2] syncope git commit: SYNCOPE-1119 - Make it more obvious that the default admin password needs to be changed

2017-06-23 Thread coheigea 
SYNCOPE-1119 - Make it more obvious that the default admin password needs to be 
changed


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/14d5e768
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/14d5e768
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/14d5e768

Branch: refs/heads/master
Commit: 14d5e768734e725d8a0ec2738257a94abb682876
Parents: bdff1fd
Author: Colm O hEigeartaigh 
Authored: Fri Jun 23 12:37:29 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Jun 23 13:36:31 2017 +0100

--
 .../spring/security/UsernamePasswordAuthenticationProvider.java  | 4 
 1 file changed, 4 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/14d5e768/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java
--
diff --git 
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java
 
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java
index 28cc970..2a5430e 100644
--- 
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java
+++ 
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java
@@ -50,6 +50,9 @@ public class UsernamePasswordAuthenticationProvider 
implements AuthenticationPro
 @Autowired
 protected UserProvisioningManager provisioningManager;
 
+@Autowired
+private DefaultCredentialChecker credentialChecker;
+
 @Resource(name = "adminUser")
 protected String adminUser;
 
@@ -99,6 +102,7 @@ public class UsernamePasswordAuthenticationProvider 
implements AuthenticationPro
 } else if (adminUser.equals(authentication.getName())) {
 username[0] = adminUser;
 if (SyncopeConstants.MASTER_DOMAIN.equals(domainKey)) {
+credentialChecker.checkIsDefaultAdminPasswordInUse();
 authenticated = ENCRYPTOR.verify(
 authentication.getCredentials().toString(),
 CipherAlgorithm.valueOf(adminPasswordAlgorithm),

[1/2] syncope git commit: SYNCOPE-1117 - Require that a jwsKey is specified when using the installer + maven archetype

2017-06-23 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master bdff1fd61 -> 3b88f6830


SYNCOPE-1117 - Require that a jwsKey is specified when using the installer + 
maven archetype


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/3b88f683
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/3b88f683
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/3b88f683

Branch: refs/heads/master
Commit: 3b88f683089162b62fe7b190be177e79e35944ea
Parents: 14d5e76
Author: Colm O hEigeartaigh 
Authored: Fri Jun 23 13:36:08 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Jun 23 13:36:31 2017 +0100

--
 .../resources/META-INF/maven/archetype-metadata.xml|  1 +
 archetype/src/main/resources/meta-pom.xml  |  1 +
 .../resources/projects/default/archetype.properties|  2 ++
 core/spring/src/main/resources/security.properties |  2 +-
 .../syncope/installer/processes/ArchetypeProcess.java  |  4 +++-
 .../apache/syncope/installer/utilities/MavenUtils.java | 13 +++--
 .../installer/validators/ArchetypeValidator.java   |  5 +
 .../src/main/resources/izpack/ProcessPanel.Spec.xml|  3 ++-
 .../src/main/resources/izpack/userInputLang.xml_eng|  1 +
 .../src/main/resources/izpack/userInputLang.xml_ita|  1 +
 installer/src/main/resources/izpack/userInputSpec.xml  |  4 
 pom.xml|  1 +
 12 files changed, 33 insertions(+), 5 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/3b88f683/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml
--
diff --git a/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml 
b/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml
index 7060a73..db55592 100644
--- a/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml
+++ b/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml
@@ -23,6 +23,7 @@ under the License.
   
 
 
+
   
   
   

http://git-wip-us.apache.org/repos/asf/syncope/blob/3b88f683/archetype/src/main/resources/meta-pom.xml
--
diff --git a/archetype/src/main/resources/meta-pom.xml 
b/archetype/src/main/resources/meta-pom.xml
index 47a2d5e..3ee57a1 100644
--- a/archetype/src/main/resources/meta-pom.xml
+++ b/archetype/src/main/resources/meta-pom.xml
@@ -33,6 +33,7 @@ under the License.
 
 ${secretKey}
 ${anonymousKey}
+${jwsKey}
 
 true
 true

http://git-wip-us.apache.org/repos/asf/syncope/blob/3b88f683/archetype/src/test/resources/projects/default/archetype.properties
--
diff --git a/archetype/src/test/resources/projects/default/archetype.properties 
b/archetype/src/test/resources/projects/default/archetype.properties
index e8b1aee..620c4b7 100644
--- a/archetype/src/test/resources/projects/default/archetype.properties
+++ b/archetype/src/test/resources/projects/default/archetype.properties
@@ -19,3 +19,5 @@ artifactId=syncope-test
 version=1.0-SNAPSHOT
 secretKey=testSecretKey
 anonymousKey=testAnonymousKey
+jwsKey=testJwsKey
+adminPassword=testPassword

http://git-wip-us.apache.org/repos/asf/syncope/blob/3b88f683/core/spring/src/main/resources/security.properties
--
diff --git a/core/spring/src/main/resources/security.properties 
b/core/spring/src/main/resources/security.properties
index d4f892b..9e59a96 100644
--- a/core/spring/src/main/resources/security.properties
+++ b/core/spring/src/main/resources/security.properties
@@ -23,7 +23,7 @@ anonymousKey=${anonymousKey}
 
 secretKey=${secretKey}
 
-jwsKey=ZW7pRixehFuNUtnY5Se47IemgMryTzazPPJ9CGX5LTCmsOJpOgHAQEuPQeV9A28f
+jwsKey=${jwsKey}
 jwtIssuer=ApacheSyncope
 
 # default for LDAP / RFC2307 SSHA

http://git-wip-us.apache.org/repos/asf/syncope/blob/3b88f683/installer/src/main/java/org/apache/syncope/installer/processes/ArchetypeProcess.java
--
diff --git 
a/installer/src/main/java/org/apache/syncope/installer/processes/ArchetypeProcess.java
 
b/installer/src/main/java/org/apache/syncope/installer/processes/ArchetypeProcess.java
index e0e61b0..8115b2b 100644
--- 
a/installer/src/main/java/org/apache/syncope/installer/processes/ArchetypeProcess.java
+++ 
b/installer/src/main/java/org/apache/syncope/installer/processes/ArchetypeProcess.java
@@ -56,6 +56,7 @@ public class ArchetypeProcess extends BaseProcess {
 final boolean mavenProxyAutoconf = Boolean.valueOf(args[17]);
 final boolean swagger =

[1/3] syncope git commit: Add a test to make sure we can't fake a JWT Id

2017-06-22 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X eeb4febd9 -> 579d5b7c8


Add a test to make sure we can't fake a JWT Id


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/a775712e
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/a775712e
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/a775712e

Branch: refs/heads/2_0_X
Commit: a775712eb59787d887ff5fe43ae350a95a99942c
Parents: eeb4feb
Author: Colm O hEigeartaigh 
Authored: Thu Jun 22 15:39:16 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Jun 22 17:08:50 2017 +0100

--
 .../org/apache/syncope/fit/core/JWTITCase.java  | 45 
 1 file changed, 45 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/a775712e/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
--
diff --git 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
index 703a706..bc1767a 100644
--- 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
+++ 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
@@ -48,6 +48,8 @@ import 
org.apache.syncope.common.rest.api.service.UserSelfService;
 import org.apache.syncope.fit.AbstractITCase;
 import org.junit.Test;
 
+import com.fasterxml.uuid.Generators;
+
 /**
  * Some tests for JWT Tokens
  */
@@ -339,4 +341,47 @@ public class JWTITCase extends AbstractITCase {
 }
 }
 
+@Test
+public void testUnknownId() throws ParseException {
+// Get an initial token
+SyncopeClient adminClient = clientFactory.create(ADMIN_UNAME, 
ADMIN_PWD);
+AccessTokenService accessTokenService = 
adminClient.getService(AccessTokenService.class);
+
+Response response = accessTokenService.login();
+String token = response.getHeaderString(RESTHeaders.TOKEN);
+assertNotNull(token);
+
+// Create a new token using an unknown Id
+Date now = new Date();
+
+Calendar expiry = Calendar.getInstance();
+expiry.setTime(now);
+expiry.add(Calendar.MINUTE, 5);
+
+JwtClaims jwtClaims = new JwtClaims();
+
jwtClaims.setTokenId(Generators.randomBasedGenerator().generate().toString());
+jwtClaims.setSubject("admin");
+jwtClaims.setIssuedAt(now.getTime());
+jwtClaims.setIssuer(JWT_ISSUER);
+jwtClaims.setExpiryTime(expiry.getTime().getTime());
+jwtClaims.setNotBefore(now.getTime());
+
+JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, 
SignatureAlgorithm.HS512);
+JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
+JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
+
+JwsSignatureProvider jwsSignatureProvider =
+new HmacJwsSignatureProvider(JWS_KEY.getBytes(), 
SignatureAlgorithm.HS512);
+String signed = producer.signWith(jwsSignatureProvider);
+
+SyncopeClient jwtClient = clientFactory.create(signed);
+UserSelfService jwtUserSelfService = 
jwtClient.getService(UserSelfService.class);
+try {
+jwtUserSelfService.read();
+fail("Failure expected on an unknown id");
+} catch (AccessControlException ex) {
+// expected
+}
+}
+
 }

[2/3] syncope git commit: Changing test file to reference the jws bytes correctly

2017-06-22 Thread coheigea 
Changing test file to reference the jws bytes correctly


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/fe20846c
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/fe20846c
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/fe20846c

Branch: refs/heads/2_0_X
Commit: fe20846cc83c81f0a3a12f4c36a6e5f9ffb71009
Parents: a775712
Author: Colm O hEigeartaigh 
Authored: Thu Jun 22 16:09:39 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Jun 22 17:08:56 2017 +0100

--
 core/provisioning-java/src/test/resources/provisioningTest.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/fe20846c/core/provisioning-java/src/test/resources/provisioningTest.xml
--
diff --git a/core/provisioning-java/src/test/resources/provisioningTest.xml 
b/core/provisioning-java/src/test/resources/provisioningTest.xml
index b16780f..4db50f0 100644
--- a/core/provisioning-java/src/test/resources/provisioningTest.xml
+++ b/core/provisioning-java/src/test/resources/provisioningTest.xml
@@ -45,13 +45,13 @@ under the License.
 
   
   
-
+
 
   HS512
 
   
   
-
+
 
   HS512

[3/3] syncope git commit: [SYNCOPE-1117] - Add a "DefaultCredentialChecker" to log a warning if the default JWS key is being used

2017-06-22 Thread coheigea 
[SYNCOPE-1117] - Add a "DefaultCredentialChecker" to log a warning if the 
default JWS key is being used


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/579d5b7c
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/579d5b7c
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/579d5b7c

Branch: refs/heads/2_0_X
Commit: 579d5b7c8ef9bdbe4716c14932fc3597f5975591
Parents: fe20846
Author: Colm O hEigeartaigh 
Authored: Thu Jun 22 16:33:25 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Jun 22 17:09:02 2017 +0100

--
 .../java/data/AccessTokenDataBinderImpl.java|  8 +++
 .../src/test/resources/provisioningTest.xml |  4 ++
 .../security/DefaultCredentialChecker.java  | 55 
 .../security/JWTAuthenticationFilter.java   |  5 ++
 .../src/main/resources/securityContext.xml  |  6 +++
 5 files changed, 78 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/579d5b7c/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
--
diff --git 
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
 
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
index d4d8afc..13a5b93 100644
--- 
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
+++ 
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
@@ -42,6 +42,7 @@ import 
org.apache.syncope.core.provisioning.api.data.AccessTokenDataBinder;
 import org.apache.syncope.core.provisioning.api.serialization.POJOHelper;
 import org.apache.syncope.core.spring.BeanUtils;
 import org.apache.syncope.core.spring.security.AuthContextUtils;
+import org.apache.syncope.core.spring.security.DefaultCredentialChecker;
 import org.apache.syncope.core.spring.security.Encryptor;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -77,10 +78,15 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
 @Autowired
 private EntityFactory entityFactory;
 
+@Autowired
+private DefaultCredentialChecker credentialChecker;
+
 @Override
 public Triple generateJWT(
 final String subject, final int duration, final Map claims) {
 
+credentialChecker.checkIsDefaultJWSKeyInUse();
+
 Date now = new Date();
 Date expiry = new Date(now.getTime() + 60L * 1000L * duration);
 
@@ -156,6 +162,8 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
 public Pair update(final AccessToken accessToken) {
 JwsJwtCompactConsumer consumer = new 
JwsJwtCompactConsumer(accessToken.getBody());
 
+credentialChecker.checkIsDefaultJWSKeyInUse();
+
 Date now = new Date();
 int duration = confDAO.find("jwt.lifetime.minutes", 
"120").getValues().get(0).getLongValue().intValue();
 Date expiry = new Date(now.getTime() + 60L * 1000L * duration);

http://git-wip-us.apache.org/repos/asf/syncope/blob/579d5b7c/core/provisioning-java/src/test/resources/provisioningTest.xml
--
diff --git a/core/provisioning-java/src/test/resources/provisioningTest.xml 
b/core/provisioning-java/src/test/resources/provisioningTest.xml
index 4db50f0..53fb6d9 100644
--- a/core/provisioning-java/src/test/resources/provisioningTest.xml
+++ b/core/provisioning-java/src/test/resources/provisioningTest.xml
@@ -56,5 +56,9 @@ under the License.
   HS512
 
   
+  
+  
+  
+  
   
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/579d5b7c/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java
--
diff --git 
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java
 
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java
new file mode 100644
index 000..3dc0ea0
--- /dev/null
+++ 
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0

[3/3] syncope git commit: [SYNCOPE-1117] - Add a "DefaultCredentialChecker" to log a warning if the default JWS key is being used

2017-06-22 Thread coheigea 
[SYNCOPE-1117] - Add a "DefaultCredentialChecker" to log a warning if the 
default JWS key is being used


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/a4f35119
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/a4f35119
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/a4f35119

Branch: refs/heads/master
Commit: a4f351196912442cd54b2e4329d952cd9855ea34
Parents: 24f3eeb
Author: Colm O hEigeartaigh 
Authored: Thu Jun 22 16:33:25 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Jun 22 16:33:25 2017 +0100

--
 .../java/data/AccessTokenDataBinderImpl.java|  8 +++
 .../src/test/resources/provisioningTest.xml |  4 ++
 .../security/DefaultCredentialChecker.java  | 55 
 .../security/JWTAuthenticationFilter.java   |  5 ++
 .../src/main/resources/securityContext.xml  |  6 +++
 5 files changed, 78 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/a4f35119/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
--
diff --git 
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
 
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
index d4d8afc..13a5b93 100644
--- 
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
+++ 
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
@@ -42,6 +42,7 @@ import 
org.apache.syncope.core.provisioning.api.data.AccessTokenDataBinder;
 import org.apache.syncope.core.provisioning.api.serialization.POJOHelper;
 import org.apache.syncope.core.spring.BeanUtils;
 import org.apache.syncope.core.spring.security.AuthContextUtils;
+import org.apache.syncope.core.spring.security.DefaultCredentialChecker;
 import org.apache.syncope.core.spring.security.Encryptor;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -77,10 +78,15 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
 @Autowired
 private EntityFactory entityFactory;
 
+@Autowired
+private DefaultCredentialChecker credentialChecker;
+
 @Override
 public Triple generateJWT(
 final String subject, final int duration, final Map claims) {
 
+credentialChecker.checkIsDefaultJWSKeyInUse();
+
 Date now = new Date();
 Date expiry = new Date(now.getTime() + 60L * 1000L * duration);
 
@@ -156,6 +162,8 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
 public Pair update(final AccessToken accessToken) {
 JwsJwtCompactConsumer consumer = new 
JwsJwtCompactConsumer(accessToken.getBody());
 
+credentialChecker.checkIsDefaultJWSKeyInUse();
+
 Date now = new Date();
 int duration = confDAO.find("jwt.lifetime.minutes", 
"120").getValues().get(0).getLongValue().intValue();
 Date expiry = new Date(now.getTime() + 60L * 1000L * duration);

http://git-wip-us.apache.org/repos/asf/syncope/blob/a4f35119/core/provisioning-java/src/test/resources/provisioningTest.xml
--
diff --git a/core/provisioning-java/src/test/resources/provisioningTest.xml 
b/core/provisioning-java/src/test/resources/provisioningTest.xml
index 4db50f0..53fb6d9 100644
--- a/core/provisioning-java/src/test/resources/provisioningTest.xml
+++ b/core/provisioning-java/src/test/resources/provisioningTest.xml
@@ -56,5 +56,9 @@ under the License.
   HS512
 
   
+  
+  
+  
+  
   
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/a4f35119/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java
--
diff --git 
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java
 
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java
new file mode 100644
index 000..3dc0ea0
--- /dev/null
+++ 
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java
@@ -0,0 +1,55 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0

[2/3] syncope git commit: Changing test file to reference the jws bytes correctly

2017-06-22 Thread coheigea 
Changing test file to reference the jws bytes correctly


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/24f3eebf
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/24f3eebf
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/24f3eebf

Branch: refs/heads/master
Commit: 24f3eebf53aed4c380d142a879ee4bc98d702d35
Parents: 9ed7b7b
Author: Colm O hEigeartaigh 
Authored: Thu Jun 22 16:09:39 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Jun 22 16:09:39 2017 +0100

--
 core/provisioning-java/src/test/resources/provisioningTest.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/24f3eebf/core/provisioning-java/src/test/resources/provisioningTest.xml
--
diff --git a/core/provisioning-java/src/test/resources/provisioningTest.xml 
b/core/provisioning-java/src/test/resources/provisioningTest.xml
index b16780f..4db50f0 100644
--- a/core/provisioning-java/src/test/resources/provisioningTest.xml
+++ b/core/provisioning-java/src/test/resources/provisioningTest.xml
@@ -45,13 +45,13 @@ under the License.
 
   
   
-
+
 
   HS512
 
   
   
-
+
 
   HS512

[1/3] syncope git commit: Add a test to make sure we can't fake a JWT Id

2017-06-22 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master 0e21f7c1a -> a4f351196


Add a test to make sure we can't fake a JWT Id


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/9ed7b7bb
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/9ed7b7bb
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/9ed7b7bb

Branch: refs/heads/master
Commit: 9ed7b7bb6831696d036a6afc95267ef8d5712f3d
Parents: 0e21f7c
Author: Colm O hEigeartaigh 
Authored: Thu Jun 22 15:39:16 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Jun 22 15:39:16 2017 +0100

--
 .../org/apache/syncope/fit/core/JWTITCase.java  | 45 
 1 file changed, 45 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/9ed7b7bb/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
--
diff --git 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
index 703a706..bc1767a 100644
--- 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
+++ 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
@@ -48,6 +48,8 @@ import 
org.apache.syncope.common.rest.api.service.UserSelfService;
 import org.apache.syncope.fit.AbstractITCase;
 import org.junit.Test;
 
+import com.fasterxml.uuid.Generators;
+
 /**
  * Some tests for JWT Tokens
  */
@@ -339,4 +341,47 @@ public class JWTITCase extends AbstractITCase {
 }
 }
 
+@Test
+public void testUnknownId() throws ParseException {
+// Get an initial token
+SyncopeClient adminClient = clientFactory.create(ADMIN_UNAME, 
ADMIN_PWD);
+AccessTokenService accessTokenService = 
adminClient.getService(AccessTokenService.class);
+
+Response response = accessTokenService.login();
+String token = response.getHeaderString(RESTHeaders.TOKEN);
+assertNotNull(token);
+
+// Create a new token using an unknown Id
+Date now = new Date();
+
+Calendar expiry = Calendar.getInstance();
+expiry.setTime(now);
+expiry.add(Calendar.MINUTE, 5);
+
+JwtClaims jwtClaims = new JwtClaims();
+
jwtClaims.setTokenId(Generators.randomBasedGenerator().generate().toString());
+jwtClaims.setSubject("admin");
+jwtClaims.setIssuedAt(now.getTime());
+jwtClaims.setIssuer(JWT_ISSUER);
+jwtClaims.setExpiryTime(expiry.getTime().getTime());
+jwtClaims.setNotBefore(now.getTime());
+
+JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, 
SignatureAlgorithm.HS512);
+JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
+JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
+
+JwsSignatureProvider jwsSignatureProvider =
+new HmacJwsSignatureProvider(JWS_KEY.getBytes(), 
SignatureAlgorithm.HS512);
+String signed = producer.signWith(jwsSignatureProvider);
+
+SyncopeClient jwtClient = clientFactory.create(signed);
+UserSelfService jwtUserSelfService = 
jwtClient.getService(UserSelfService.class);
+try {
+jwtUserSelfService.read();
+fail("Failure expected on an unknown id");
+} catch (AccessControlException ex) {
+// expected
+}
+}
+
 }

syncope git commit: SYNCOPE-1117 - Tweaking the docs a bit for 2.0.4

2017-06-22 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X af417daf6 -> eeb4febd9


SYNCOPE-1117 - Tweaking the docs a bit for 2.0.4


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/eeb4febd
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/eeb4febd
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/eeb4febd

Branch: refs/heads/2_0_X
Commit: eeb4febd9169fce052bd864cf609493d6302ee79
Parents: af417da
Author: Colm O hEigeartaigh 
Authored: Thu Jun 22 13:19:35 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Jun 22 13:20:00 2017 +0100

--
 src/main/asciidoc/getting-started/movingForward.adoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/eeb4febd/src/main/asciidoc/getting-started/movingForward.adoc
--
diff --git a/src/main/asciidoc/getting-started/movingForward.adoc 
b/src/main/asciidoc/getting-started/movingForward.adoc
index fd5f84f..2ab602e 100644
--- a/src/main/asciidoc/getting-started/movingForward.adoc
+++ b/src/main/asciidoc/getting-started/movingForward.adoc
@@ -45,4 +45,4 @@ Authorization" of the Reference Guide for more information.
 
 Note that if you installed Syncope using either the installer or the maven 
archetype methods, then you will have already
 supplied custom values for "*secretKey*" and "*anonymousKey*". From Syncope 
2.0.4 onwards, both installation methods will also
-query for "*jwsKey*", meaning that only the "*adminPassword*" must be changed 
for these installation methods.
+query for "*jwsKey*" and "*adminPassword*", and so no further action is 
required for these installation methods.

syncope git commit: SYNCOPE-1117 - Tweaking the docs a bit for 2.0.4

2017-06-22 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master a18b08c14 -> 0e21f7c1a


SYNCOPE-1117 - Tweaking the docs a bit for 2.0.4


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/0e21f7c1
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/0e21f7c1
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/0e21f7c1

Branch: refs/heads/master
Commit: 0e21f7c1a6492c5cc61956c3654a1483d2680092
Parents: a18b08c
Author: Colm O hEigeartaigh 
Authored: Thu Jun 22 13:19:35 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Jun 22 13:19:35 2017 +0100

--
 src/main/asciidoc/getting-started/movingForward.adoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/0e21f7c1/src/main/asciidoc/getting-started/movingForward.adoc
--
diff --git a/src/main/asciidoc/getting-started/movingForward.adoc 
b/src/main/asciidoc/getting-started/movingForward.adoc
index fd5f84f..2ab602e 100644
--- a/src/main/asciidoc/getting-started/movingForward.adoc
+++ b/src/main/asciidoc/getting-started/movingForward.adoc
@@ -45,4 +45,4 @@ Authorization" of the Reference Guide for more information.
 
 Note that if you installed Syncope using either the installer or the maven 
archetype methods, then you will have already
 supplied custom values for "*secretKey*" and "*anonymousKey*". From Syncope 
2.0.4 onwards, both installation methods will also
-query for "*jwsKey*", meaning that only the "*adminPassword*" must be changed 
for these installation methods.
+query for "*jwsKey*" and "*adminPassword*", and so no further action is 
required for these installation methods.

syncope git commit: SYNCOPE-1117 - Update the getting started docs with information about changing default security values

2017-06-22 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X 168ab95e9 -> af417daf6


SYNCOPE-1117 - Update the getting started docs with information about changing 
default security values


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/af417daf
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/af417daf
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/af417daf

Branch: refs/heads/2_0_X
Commit: af417daf6b8bdf6122df6197a029c47b54beecbf
Parents: 168ab95
Author: Colm O hEigeartaigh 
Authored: Thu Jun 22 13:05:23 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Jun 22 13:05:59 2017 +0100

--
 .../asciidoc/getting-started/movingForward.adoc   | 18 ++
 1 file changed, 18 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/af417daf/src/main/asciidoc/getting-started/movingForward.adoc
--
diff --git a/src/main/asciidoc/getting-started/movingForward.adoc 
b/src/main/asciidoc/getting-started/movingForward.adoc
index 7ebb7c6..fd5f84f 100644
--- a/src/main/asciidoc/getting-started/movingForward.adoc
+++ b/src/main/asciidoc/getting-started/movingForward.adoc
@@ -28,3 +28,21 @@ ifeval::["{backend}" == "pdf"]
 http://syncope.apache.org/docs/reference-guide.pdf[Apache Syncope Reference 
Guide]
 endif::[]
 to understand how to configure, extend, customize and deploy your new Apache 
Syncope project.
+
+Before deploying your Apache Syncope installation into production, it is 
essential to ensure that the default values for 
+various security properties have been changed to values specific to your 
deployment. 
+
+The following values must be changed from the defaults in the 
`security.properties` file:
+
+* *adminPassword* - The SHA1 hash evaluation of the cleartext password, the 
default value of which is "password".
+* *secretKey* - The secret key value used for AES ciphering. Only required if 
either:
+** the value for "*adminPasswordAlgorithm*" is "AES" or
+** the configuration parameter "password.cipher.algorithm" is changed to "AES" 
(See section 4.6.12 "Configuration Parameters" of
+the Reference Guide for more information).
+* *anonymousKey* - The key value to use for anonymous requests.
+* *jwsKey* - The symmetric signing key used to sign access tokens (Syncope 
2.0.3 onwards only). See section 4.4.1 "REST Authentication and 
+Authorization" of the Reference Guide for more information.
+
+Note that if you installed Syncope using either the installer or the maven 
archetype methods, then you will have already
+supplied custom values for "*secretKey*" and "*anonymousKey*". From Syncope 
2.0.4 onwards, both installation methods will also
+query for "*jwsKey*", meaning that only the "*adminPassword*" must be changed 
for these installation methods.

syncope git commit: SYNCOPE-1117 - Update the getting started docs with information about changing default security values

2017-06-22 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master 16096f6d8 -> a18b08c14


SYNCOPE-1117 - Update the getting started docs with information about changing 
default security values


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/a18b08c1
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/a18b08c1
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/a18b08c1

Branch: refs/heads/master
Commit: a18b08c144abf2c1ae56c1cde89bfcda2267d4c1
Parents: 16096f6
Author: Colm O hEigeartaigh 
Authored: Thu Jun 22 13:05:23 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Jun 22 13:05:23 2017 +0100

--
 .../asciidoc/getting-started/movingForward.adoc   | 18 ++
 1 file changed, 18 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/a18b08c1/src/main/asciidoc/getting-started/movingForward.adoc
--
diff --git a/src/main/asciidoc/getting-started/movingForward.adoc 
b/src/main/asciidoc/getting-started/movingForward.adoc
index 7ebb7c6..fd5f84f 100644
--- a/src/main/asciidoc/getting-started/movingForward.adoc
+++ b/src/main/asciidoc/getting-started/movingForward.adoc
@@ -28,3 +28,21 @@ ifeval::["{backend}" == "pdf"]
 http://syncope.apache.org/docs/reference-guide.pdf[Apache Syncope Reference 
Guide]
 endif::[]
 to understand how to configure, extend, customize and deploy your new Apache 
Syncope project.
+
+Before deploying your Apache Syncope installation into production, it is 
essential to ensure that the default values for 
+various security properties have been changed to values specific to your 
deployment. 
+
+The following values must be changed from the defaults in the 
`security.properties` file:
+
+* *adminPassword* - The SHA1 hash evaluation of the cleartext password, the 
default value of which is "password".
+* *secretKey* - The secret key value used for AES ciphering. Only required if 
either:
+** the value for "*adminPasswordAlgorithm*" is "AES" or
+** the configuration parameter "password.cipher.algorithm" is changed to "AES" 
(See section 4.6.12 "Configuration Parameters" of
+the Reference Guide for more information).
+* *anonymousKey* - The key value to use for anonymous requests.
+* *jwsKey* - The symmetric signing key used to sign access tokens (Syncope 
2.0.3 onwards only). See section 4.4.1 "REST Authentication and 
+Authorization" of the Reference Guide for more information.
+
+Note that if you installed Syncope using either the installer or the maven 
archetype methods, then you will have already
+supplied custom values for "*secretKey*" and "*anonymousKey*". From Syncope 
2.0.4 onwards, both installation methods will also
+query for "*jwsKey*", meaning that only the "*adminPassword*" must be changed 
for these installation methods.

syncope git commit: Adding a "None" signature test-case

2017-06-21 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X e71a33683 -> 4634f910d


Adding a "None" signature test-case


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/4634f910
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/4634f910
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/4634f910

Branch: refs/heads/2_0_X
Commit: 4634f910d72c53c75acf159ada6a7a79a406a425
Parents: e71a336
Author: Colm O hEigeartaigh 
Authored: Wed Jun 21 16:32:21 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Wed Jun 21 17:38:54 2017 +0100

--
 .../org/apache/syncope/fit/core/JWTITCase.java  | 41 
 1 file changed, 41 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/4634f910/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
--
diff --git 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
index 42164fc..703a706 100644
--- 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
+++ 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
@@ -38,6 +38,7 @@ import 
org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
 import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
 import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
 import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
+import org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider;
 import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
 import org.apache.syncope.client.lib.SyncopeClient;
@@ -298,4 +299,44 @@ public class JWTITCase extends AbstractITCase {
 // expected
 }
 }
+
+@Test
+public void testNoneSignature() throws ParseException {
+// Get an initial token
+SyncopeClient adminClient = clientFactory.create(ADMIN_UNAME, 
ADMIN_PWD);
+AccessTokenService accessTokenService = 
adminClient.getService(AccessTokenService.class);
+
+Response response = accessTokenService.login();
+String token = response.getHeaderString(RESTHeaders.TOKEN);
+assertNotNull(token);
+JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(token);
+String tokenId = consumer.getJwtClaims().getTokenId();
+
+// Create a new token using the Id of the first token
+
+JwtClaims jwtClaims = new JwtClaims();
+jwtClaims.setTokenId(tokenId);
+jwtClaims.setSubject(consumer.getJwtClaims().getSubject());
+jwtClaims.setIssuedAt(consumer.getJwtClaims().getIssuedAt());
+jwtClaims.setIssuer(consumer.getJwtClaims().getIssuer());
+jwtClaims.setExpiryTime(consumer.getJwtClaims().getExpiryTime());
+jwtClaims.setNotBefore(consumer.getJwtClaims().getNotBefore());
+
+JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, 
SignatureAlgorithm.NONE);
+JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
+JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
+
+JwsSignatureProvider jwsSignatureProvider = new 
NoneJwsSignatureProvider();
+String signed = producer.signWith(jwsSignatureProvider);
+
+SyncopeClient jwtClient = clientFactory.create(signed);
+UserSelfService jwtUserSelfService = 
jwtClient.getService(UserSelfService.class);
+try {
+jwtUserSelfService.read();
+fail("Failure expected on no signature");
+} catch (AccessControlException ex) {
+// expected
+}
+}
+
 }

syncope git commit: Adding a "None" signature test-case

2017-06-21 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master 7d20e44d1 -> 6edc1e675


Adding a "None" signature test-case


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/6edc1e67
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/6edc1e67
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/6edc1e67

Branch: refs/heads/master
Commit: 6edc1e67554d90dd3d1fc62ff064dc1b8a0c4978
Parents: 7d20e44
Author: Colm O hEigeartaigh 
Authored: Wed Jun 21 16:32:21 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Wed Jun 21 17:37:41 2017 +0100

--
 .../org/apache/syncope/fit/core/JWTITCase.java  | 41 
 1 file changed, 41 insertions(+)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/6edc1e67/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
--
diff --git 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
index 42164fc..703a706 100644
--- 
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
+++ 
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java
@@ -38,6 +38,7 @@ import 
org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
 import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
 import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
 import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
+import org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider;
 import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
 import org.apache.cxf.rs.security.jose.jwt.JwtToken;
 import org.apache.syncope.client.lib.SyncopeClient;
@@ -298,4 +299,44 @@ public class JWTITCase extends AbstractITCase {
 // expected
 }
 }
+
+@Test
+public void testNoneSignature() throws ParseException {
+// Get an initial token
+SyncopeClient adminClient = clientFactory.create(ADMIN_UNAME, 
ADMIN_PWD);
+AccessTokenService accessTokenService = 
adminClient.getService(AccessTokenService.class);
+
+Response response = accessTokenService.login();
+String token = response.getHeaderString(RESTHeaders.TOKEN);
+assertNotNull(token);
+JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(token);
+String tokenId = consumer.getJwtClaims().getTokenId();
+
+// Create a new token using the Id of the first token
+
+JwtClaims jwtClaims = new JwtClaims();
+jwtClaims.setTokenId(tokenId);
+jwtClaims.setSubject(consumer.getJwtClaims().getSubject());
+jwtClaims.setIssuedAt(consumer.getJwtClaims().getIssuedAt());
+jwtClaims.setIssuer(consumer.getJwtClaims().getIssuer());
+jwtClaims.setExpiryTime(consumer.getJwtClaims().getExpiryTime());
+jwtClaims.setNotBefore(consumer.getJwtClaims().getNotBefore());
+
+JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, 
SignatureAlgorithm.NONE);
+JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims);
+JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken);
+
+JwsSignatureProvider jwsSignatureProvider = new 
NoneJwsSignatureProvider();
+String signed = producer.signWith(jwsSignatureProvider);
+
+SyncopeClient jwtClient = clientFactory.create(signed);
+UserSelfService jwtUserSelfService = 
jwtClient.getService(UserSelfService.class);
+try {
+jwtUserSelfService.read();
+fail("Failure expected on no signature");
+} catch (AccessControlException ex) {
+// expected
+}
+}
+
 }

syncope git commit: Replacing Calendar with Date

2017-06-16 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X 841b8a98f -> 605359a72


Replacing Calendar with Date


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/605359a7
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/605359a7
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/605359a7

Branch: refs/heads/2_0_X
Commit: 605359a72b1a5a364030599085650ee3a7dde402
Parents: 841b8a9
Author: Colm O hEigeartaigh 
Authored: Fri Jun 16 09:49:12 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Jun 16 09:50:20 2017 +0100

--

--

syncope git commit: Replacing Calendar with Date

2017-06-16 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/master c679035d9 -> 10a95705f


Replacing Calendar with Date


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/10a95705
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/10a95705
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/10a95705

Branch: refs/heads/master
Commit: 10a95705f6c25d263da8fbe7561d11d946c310cf
Parents: c679035
Author: Colm O hEigeartaigh 
Authored: Fri Jun 16 09:49:12 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Jun 16 09:49:12 2017 +0100

--
 .../java/data/AccessTokenDataBinderImpl.java| 23 +++-
 .../org/apache/syncope/fit/core/JWTITCase.java  |  2 --
 2 files changed, 8 insertions(+), 17 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/10a95705/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
--
diff --git 
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
 
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
index ae88565..d4d8afc 100644
--- 
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
+++ 
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
@@ -20,7 +20,6 @@ package org.apache.syncope.core.provisioning.java.data;
 
 import com.fasterxml.uuid.Generators;
 import com.fasterxml.uuid.impl.RandomBasedGenerator;
-import java.util.Calendar;
 import java.util.Date;
 import java.util.Map;
 import javax.annotation.Resource;
@@ -83,17 +82,14 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
 final String subject, final int duration, final Map claims) {
 
 Date now = new Date();
-
-Calendar expiry = Calendar.getInstance();
-expiry.setTime(now);
-expiry.add(Calendar.MINUTE, duration);
+Date expiry = new Date(now.getTime() + 60L * 1000L * duration);
 
 JwtClaims jwtClaims = new JwtClaims();
 jwtClaims.setTokenId(UUID_GENERATOR.generate().toString());
 jwtClaims.setSubject(subject);
 jwtClaims.setIssuedAt(now.getTime());
 jwtClaims.setIssuer(jwtIssuer);
-jwtClaims.setExpiryTime(expiry.getTime().getTime());
+jwtClaims.setExpiryTime(expiry.getTime());
 jwtClaims.setNotBefore(now.getTime());
 for (Map.Entry entry : claims.entrySet()) {
 jwtClaims.setClaim(entry.getKey(), entry.getValue());
@@ -105,7 +101,7 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
 
 String signed = producer.signWith(jwsSignatureProvider);
 
-return Triple.of(jwtClaims.getTokenId(), signed, expiry.getTime());
+return Triple.of(jwtClaims.getTokenId(), signed, expiry);
 }
 
 @Override
@@ -161,21 +157,18 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
 JwsJwtCompactConsumer consumer = new 
JwsJwtCompactConsumer(accessToken.getBody());
 
 Date now = new Date();
-Calendar expiry = Calendar.getInstance();
-expiry.setTime(now);
-expiry.add(Calendar.MINUTE,
-confDAO.find("jwt.lifetime.minutes", 
"120").getValues().get(0).getLongValue().intValue());
-consumer.getJwtClaims().setExpiryTime(expiry.getTime().getTime());
+int duration = confDAO.find("jwt.lifetime.minutes", 
"120").getValues().get(0).getLongValue().intValue();
+Date expiry = new Date(now.getTime() + 60L * 1000L * duration);
+consumer.getJwtClaims().setExpiryTime(expiry.getTime());
 
 JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, 
jwsSignatureProvider.getAlgorithm());
 JwtToken token = new JwtToken(jwsHeaders, consumer.getJwtClaims());
 JwsJwtCompactProducer producer = new JwsJwtCompactProducer(token);
 
 String body = producer.signWith(jwsSignatureProvider);
-Date expiryTime = expiry.getTime();
 
 accessToken.setBody(body);
-accessToken.setExpiryTime(expiryTime);
+accessToken.setExpiryTime(expiry);
 
 if (!adminUser.equals(accessToken.getOwner())) {
 try {
@@ -189,7 +182,7 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
 
 accessTokenDAO.save(accessToken);
 
-return Pair.of(body, expiryTime);
+return Pair.of(body, expiry);
 }
 
 @Override

syncope git commit: Remove hard-coded reference to HS512 so that we can generate any signature that is injected instead

2017-06-16 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X 78b68bf4b -> 841b8a98f


Remove hard-coded reference to HS512 so that we can generate any signature that 
is injected instead


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/841b8a98
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/841b8a98
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/841b8a98

Branch: refs/heads/2_0_X
Commit: 841b8a98f1335e294fd81066e51cfd56bc792b23
Parents: 78b68bf
Author: Colm O hEigeartaigh 
Authored: Fri Jun 16 09:18:10 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Fri Jun 16 09:18:42 2017 +0100

--
 .../java/data/AccessTokenDataBinderImpl.java| 23 +++-
 .../org/apache/syncope/fit/core/JWTITCase.java  |  2 --
 2 files changed, 8 insertions(+), 17 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/841b8a98/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
--
diff --git 
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
 
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
index ae88565..d4d8afc 100644
--- 
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
+++ 
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
@@ -20,7 +20,6 @@ package org.apache.syncope.core.provisioning.java.data;
 
 import com.fasterxml.uuid.Generators;
 import com.fasterxml.uuid.impl.RandomBasedGenerator;
-import java.util.Calendar;
 import java.util.Date;
 import java.util.Map;
 import javax.annotation.Resource;
@@ -83,17 +82,14 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
 final String subject, final int duration, final Map claims) {
 
 Date now = new Date();
-
-Calendar expiry = Calendar.getInstance();
-expiry.setTime(now);
-expiry.add(Calendar.MINUTE, duration);
+Date expiry = new Date(now.getTime() + 60L * 1000L * duration);
 
 JwtClaims jwtClaims = new JwtClaims();
 jwtClaims.setTokenId(UUID_GENERATOR.generate().toString());
 jwtClaims.setSubject(subject);
 jwtClaims.setIssuedAt(now.getTime());
 jwtClaims.setIssuer(jwtIssuer);
-jwtClaims.setExpiryTime(expiry.getTime().getTime());
+jwtClaims.setExpiryTime(expiry.getTime());
 jwtClaims.setNotBefore(now.getTime());
 for (Map.Entry entry : claims.entrySet()) {
 jwtClaims.setClaim(entry.getKey(), entry.getValue());
@@ -105,7 +101,7 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
 
 String signed = producer.signWith(jwsSignatureProvider);
 
-return Triple.of(jwtClaims.getTokenId(), signed, expiry.getTime());
+return Triple.of(jwtClaims.getTokenId(), signed, expiry);
 }
 
 @Override
@@ -161,21 +157,18 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
 JwsJwtCompactConsumer consumer = new 
JwsJwtCompactConsumer(accessToken.getBody());
 
 Date now = new Date();
-Calendar expiry = Calendar.getInstance();
-expiry.setTime(now);
-expiry.add(Calendar.MINUTE,
-confDAO.find("jwt.lifetime.minutes", 
"120").getValues().get(0).getLongValue().intValue());
-consumer.getJwtClaims().setExpiryTime(expiry.getTime().getTime());
+int duration = confDAO.find("jwt.lifetime.minutes", 
"120").getValues().get(0).getLongValue().intValue();
+Date expiry = new Date(now.getTime() + 60L * 1000L * duration);
+consumer.getJwtClaims().setExpiryTime(expiry.getTime());
 
 JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, 
jwsSignatureProvider.getAlgorithm());
 JwtToken token = new JwtToken(jwsHeaders, consumer.getJwtClaims());
 JwsJwtCompactProducer producer = new JwsJwtCompactProducer(token);
 
 String body = producer.signWith(jwsSignatureProvider);
-Date expiryTime = expiry.getTime();
 
 accessToken.setBody(body);
-accessToken.setExpiryTime(expiryTime);
+accessToken.setExpiryTime(expiry);
 
 if (!adminUser.equals(accessToken.getOwner())) {
 try {
@@ -189,7 +182,7 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
 
 accessTokenDAO.save(accessToken);
 
-return Pair.of(body, expiryTime);
+return Pair.of(body, expiry);
 }

syncope git commit: Get the signature algorithm from the signature provider rather than hardcoding to HS512 to allow the user to plug in other implementations

2017-06-15 Thread coheigea 
Repository: syncope
Updated Branches:
  refs/heads/2_0_X 79a3fd675 -> a8d5d0527


Get the signature algorithm from the signature provider rather than hardcoding 
to HS512 to allow the user to plug in other implementations


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/a8d5d052
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/a8d5d052
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/a8d5d052

Branch: refs/heads/2_0_X
Commit: a8d5d05270faa3043075b10541587a699f8884d3
Parents: 79a3fd6
Author: Colm O hEigeartaigh 
Authored: Thu Jun 15 16:39:57 2017 +0100
Committer: Colm O hEigeartaigh 
Committed: Thu Jun 15 16:40:32 2017 +0100

--
 .../provisioning/java/data/AccessTokenDataBinderImpl.java   | 9 -
 1 file changed, 4 insertions(+), 5 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/syncope/blob/a8d5d052/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
--
diff --git 
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
 
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
index 5159733..ae88565 100644
--- 
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
+++ 
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
@@ -27,7 +27,6 @@ import javax.annotation.Resource;
 import org.apache.commons.lang3.tuple.Pair;
 import org.apache.commons.lang3.tuple.Triple;
 import org.apache.cxf.rs.security.jose.common.JoseType;
-import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
 import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
 import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
 import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
@@ -61,8 +60,6 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
 
 private static final RandomBasedGenerator UUID_GENERATOR = 
Generators.randomBasedGenerator();
 
-private static final JwsHeaders JWS_HEADERS = new JwsHeaders(JoseType.JWT, 
SignatureAlgorithm.HS512);
-
 @Resource(name = "adminUser")
 private String adminUser;
 
@@ -102,7 +99,8 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
 jwtClaims.setClaim(entry.getKey(), entry.getValue());
 }
 
-JwtToken token = new JwtToken(JWS_HEADERS, jwtClaims);
+JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, 
jwsSignatureProvider.getAlgorithm());
+JwtToken token = new JwtToken(jwsHeaders, jwtClaims);
 JwsJwtCompactProducer producer = new JwsJwtCompactProducer(token);
 
 String signed = producer.signWith(jwsSignatureProvider);
@@ -169,7 +167,8 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
 confDAO.find("jwt.lifetime.minutes", 
"120").getValues().get(0).getLongValue().intValue());
 consumer.getJwtClaims().setExpiryTime(expiry.getTime().getTime());
 
-JwtToken token = new JwtToken(JWS_HEADERS, consumer.getJwtClaims());
+JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, 
jwsSignatureProvider.getAlgorithm());
+JwtToken token = new JwtToken(jwsHeaders, consumer.getJwtClaims());
 JwsJwtCompactProducer producer = new JwsJwtCompactProducer(token);
 
 String body = producer.signWith(jwsSignatureProvider);

  1   2   >