[syncope] branch 3_0_X updated: Switch to SPDX identifier for the license (#527)
This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch 3_0_X in repository https://gitbox.apache.org/repos/asf/syncope.git The following commit(s) were added to refs/heads/3_0_X by this push: new 5038e9b20f Switch to SPDX identifier for the license (#527) 5038e9b20f is described below commit 5038e9b20f9c63b9fb867fdc4f570d9e912260b9 Author: Colm O hEigeartaigh AuthorDate: Thu Oct 5 08:03:51 2023 +0100 Switch to SPDX identifier for the license (#527) --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 27ea78d130..689743d669 100644 --- a/pom.xml +++ b/pom.xml @@ -42,7 +42,7 @@ under the License. - Apache License, Version 2.0 + Apache-2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo
[syncope] branch master updated: Switch to SPDX identifier for the license (#527)
This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/syncope.git The following commit(s) were added to refs/heads/master by this push: new 0a66e3aef6 Switch to SPDX identifier for the license (#527) 0a66e3aef6 is described below commit 0a66e3aef6842ebebac6ef2f65d50fca5aaa03b5 Author: Colm O hEigeartaigh AuthorDate: Thu Oct 5 08:03:51 2023 +0100 Switch to SPDX identifier for the license (#527) --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 45e5ab98e1..65e8ad00be 100644 --- a/pom.xml +++ b/pom.xml @@ -42,7 +42,7 @@ under the License. - Apache License, Version 2.0 + Apache-2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo
[syncope] branch coheigea/license created (now 3c76bb067e)
This is an automated email from the ASF dual-hosted git repository. coheigea pushed a change to branch coheigea/license in repository https://gitbox.apache.org/repos/asf/syncope.git at 3c76bb067e Switch to SPDX identifier for the license This branch includes the following new commits: new 3c76bb067e Switch to SPDX identifier for the license The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference.
[syncope] 01/01: Switch to SPDX identifier for the license
This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch coheigea/license in repository https://gitbox.apache.org/repos/asf/syncope.git commit 3c76bb067eb5c0fb5c6428d850c9614ade61739a Author: Colm O hEigeartaigh AuthorDate: Thu Oct 5 06:02:45 2023 +0100 Switch to SPDX identifier for the license --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 45e5ab98e1..65e8ad00be 100644 --- a/pom.xml +++ b/pom.xml @@ -42,7 +42,7 @@ under the License. - Apache License, Version 2.0 + Apache-2.0 http://www.apache.org/licenses/LICENSE-2.0.txt repo
[syncope] branch master updated (16cb7fa -> dfdfa2c)
This is an automated email from the ASF dual-hosted git repository. coheigea pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/syncope.git. from 16cb7fa Fixing CodeQL analysis (#217) add dfdfa2c Adding security-and-quality query (#218) No new revisions were added by this update. Summary of changes: .github/workflows/codeql-analysis.yml | 1 + 1 file changed, 1 insertion(+)
[syncope] branch master updated: Exclude codeql from rat-plugin
This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/syncope.git The following commit(s) were added to refs/heads/master by this push: new 6323bd0 Exclude codeql from rat-plugin 6323bd0 is described below commit 6323bd0b14d2be8f788d0c3bbb68c3c717e05a56 Author: Colm O hEigeartaigh AuthorDate: Wed Oct 7 12:38:47 2020 +0100 Exclude codeql from rat-plugin --- pom.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/pom.xml b/pom.xml index 58b8694..084 100644 --- a/pom.xml +++ b/pom.xml @@ -2526,6 +2526,7 @@ under the License. **/*.json **/banner.txt **/target/** +**/codeql-analysis.yml
[syncope] branch master updated: Update codeql-analysis.yml
This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/syncope.git The following commit(s) were added to refs/heads/master by this push: new 1990c48 Update codeql-analysis.yml 1990c48 is described below commit 1990c48f3fe07f0c057927cdee6e039e3eca4c82 Author: Colm O hEigeartaigh AuthorDate: Wed Oct 7 12:27:20 2020 +0100 Update codeql-analysis.yml Removing javascript --- .github/workflows/codeql-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 9cf53e2..54f501f 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -24,7 +24,7 @@ jobs: matrix: # Override automatic language detection by changing the below list # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] -language: ['java', 'javascript'] +language: ['java'] # Learn more... # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
[syncope] branch master updated: Update codeql-analysis.yml
This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/syncope.git The following commit(s) were added to refs/heads/master by this push: new 1990c48 Update codeql-analysis.yml 1990c48 is described below commit 1990c48f3fe07f0c057927cdee6e039e3eca4c82 Author: Colm O hEigeartaigh AuthorDate: Wed Oct 7 12:27:20 2020 +0100 Update codeql-analysis.yml Removing javascript --- .github/workflows/codeql-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 9cf53e2..54f501f 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -24,7 +24,7 @@ jobs: matrix: # Override automatic language detection by changing the below list # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] -language: ['java', 'javascript'] +language: ['java'] # Learn more... # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection
[syncope] branch master updated: Create codeql-analysis.yml
This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/syncope.git The following commit(s) were added to refs/heads/master by this push: new 2857b4e Create codeql-analysis.yml 2857b4e is described below commit 2857b4e95e498bcc7a4da63740e99cf8a14f1b84 Author: Colm O hEigeartaigh AuthorDate: Wed Oct 7 12:22:54 2020 +0100 Create codeql-analysis.yml --- .github/workflows/codeql-analysis.yml | 71 +++ 1 file changed, 71 insertions(+) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 000..9cf53e2 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,71 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +name: "CodeQL" + +on: + push: +branches: [master] + pull_request: +# The branches below must be a subset of the branches above +branches: [master] + schedule: +- cron: '0 13 * * 4' + +jobs: + analyze: +name: Analyze +runs-on: ubuntu-latest + +strategy: + fail-fast: false + matrix: +# Override automatic language detection by changing the below list +# Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] +language: ['java', 'javascript'] +# Learn more... +# https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection + +steps: +- name: Checkout repository + uses: actions/checkout@v2 + with: +# We must fetch at least the immediate parents so that if this is +# a pull request then we can checkout the head. +fetch-depth: 2 + +# If this run was triggered by a pull request event, then checkout +# the head of the pull request instead of the merge commit. +- run: git checkout HEAD^2 + if: ${{ github.event_name == 'pull_request' }} + +# Initializes the CodeQL tools for scanning. +- name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: +languages: ${{ matrix.language }} +# If you wish to specify custom queries, you can do so here or in a config file. +# By default, queries listed here will override any specified in a config file. +# Prefix the list here with "+" to use these queries and those in the config file. +# queries: ./path/to/local/query, your-org/your-repo/queries@main + +# Autobuild attempts to build any compiled languages (C/C++, C#, or Java). +# If this step fails, then you should remove it and run the build manually (see below) +- name: Autobuild + uses: github/codeql-action/autobuild@v1 + +# ℹ️ Command-line programs to run using the OS shell. +# https://git.io/JvXDl + +# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines +#and modify them (or add more) to build your code if your project +#uses a compiled language + +#- run: | +# make bootstrap +# make release + +- name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1
[syncope] branch master updated: Fixing a grammatical issue with the mail template (#195)
This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/syncope.git The following commit(s) were added to refs/heads/master by this push: new 1cc9a2d Fixing a grammatical issue with the mail template (#195) 1cc9a2d is described below commit 1cc9a2d302c8f4f28188df843b4af4752c9bb0df Author: Colm O hEigeartaigh AuthorDate: Mon Jun 8 14:35:09 2020 +0100 Fixing a grammatical issue with the mail template (#195) --- common/keymaster/client-api/src/main/resources/defaultContent.xml | 4 ++-- .../persistence-jpa-json/src/main/resources/domains/MasterContent.xml | 4 ++-- .../persistence-jpa-json/src/test/resources/domains/MasterContent.xml | 4 ++-- core/persistence-jpa/src/main/resources/domains/MasterContent.xml | 4 ++-- core/persistence-jpa/src/test/resources/domains/MasterContent.xml | 4 ++-- core/persistence-jpa/src/test/resources/domains/TwoContent.xml| 4 ++-- .../apache/syncope/core/provisioning/api/jexl/MailTemplateTest.java | 4 ++-- docker/core/src/main/resources/domains/MasterContent.xml.all | 4 ++-- docker/core/src/main/resources/domains/MasterContent.xml.myjson | 4 ++-- docker/core/src/main/resources/domains/MasterContent.xml.pgjsonb | 4 ++-- 10 files changed, 20 insertions(+), 20 deletions(-) diff --git a/common/keymaster/client-api/src/main/resources/defaultContent.xml b/common/keymaster/client-api/src/main/resources/defaultContent.xml index 477768a..e9b56bf 100644 --- a/common/keymaster/client-api/src/main/resources/defaultContent.xml +++ b/common/keymaster/client-api/src/main/resources/defaultContent.xml @@ -47,7 +47,7 @@ under the License. http://localhost:9080/syncope-enduser/confirmpasswordreset?token=${input.get(0).replaceAll(' ', '%20')}link/a/p. diff --git a/core/persistence-jpa-json/src/main/resources/domains/MasterContent.xml b/core/persistence-jpa-json/src/main/resources/domains/MasterContent.xml index 1bd28de..41219a5 100644 --- a/core/persistence-jpa-json/src/main/resources/domains/MasterContent.xml +++ b/core/persistence-jpa-json/src/main/resources/domains/MasterContent.xml @@ -118,7 +118,7 @@ under the License. http://localhost:9080/syncope-enduser/confirmpasswordreset?token=${input.get(0).replaceAll(' ', '%20')}link/a/p. diff --git a/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml b/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml index 6422c35..b0053e4 100644 --- a/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml +++ b/core/persistence-jpa-json/src/test/resources/domains/MasterContent.xml @@ -1149,7 +1149,7 @@ under the License. http://localhost:9080/syncope-enduser/confirmpasswordreset?token=${input.get(0).replaceAll(' ', '%20')}link/a/p. diff --git a/core/persistence-jpa/src/main/resources/domains/MasterContent.xml b/core/persistence-jpa/src/main/resources/domains/MasterContent.xml index 6cbeb13..c5ed0c5 100644 --- a/core/persistence-jpa/src/main/resources/domains/MasterContent.xml +++ b/core/persistence-jpa/src/main/resources/domains/MasterContent.xml @@ -57,7 +57,7 @@ under the License. http://localhost:9080/syncope-enduser/confirmpasswordreset?token=${input.get(0).replaceAll(' ', '%20')}link/a/p. diff --git a/core/persistence-jpa/src/test/resources/domains/MasterContent.xml b/core/persistence-jpa/src/test/resources/domains/MasterContent.xml index 170659f..890cf97 100644 --- a/core/persistence-jpa/src/test/resources/domains/MasterContent.xml +++ b/core/persistence-jpa/src/test/resources/domains/MasterContent.xml @@ -1236,7 +1236,7 @@ under the License. http://localhost:9080/syncope-enduser/confirmpasswordreset?token=${input.get(0).replaceAll(' ', '%20')}link/a/p. diff --git a/core/persistence-jpa/src/test/resources/domains/TwoContent.xml b/core/persistence-jpa/src/test/resources/domains/TwoContent.xml index 2d5a056..4b7e58f 100644 --- a/core/persistence-jpa/src/test/resources/domains/TwoContent.xml +++ b/core/persistence-jpa/src/test/resources/domains/TwoContent.xml @@ -47,7 +47,7 @@ under the License. http://localhost:9080/syncope-enduser/confirmpasswordreset?token=${input.get(0).replaceAll(' ', '%20')}link/a/p. diff --git a/core/provisioning-api/src/test/java/org/apache/syncope/core/provisioning/api/jexl/MailTemplateTest.java b/core/provisioning-api/src/test/java/org/apache/syncope/core/provisioning/api/jexl/MailTemplateTest.java index d83b2a6..bfb6a2c 100644 --- a/core/provisioning-api/src/test/java/org/apache/syncope/core/provisioning/api/jexl/MailTemplateTest.java +++ b/core/provisioning-api/src/test/java/org/apache/syncope/core/provisioning/api/jexl/MailTemplateTest.java @@ -44,7 +44,7 @@ public class MailTemplateTest extends AbstractTest { + "Hi, we are happy to inform you that the password request was successfully executed for " + "your
[syncope] branch master updated: Updating Log4j to 2.13.2 due to CVE-2020-9488 (#177)
This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/syncope.git The following commit(s) were added to refs/heads/master by this push: new ba6d317 Updating Log4j to 2.13.2 due to CVE-2020-9488 (#177) ba6d317 is described below commit ba6d317dcf560b36b58c02119a7e20b9b0106f15 Author: Colm O hEigeartaigh AuthorDate: Mon Apr 27 10:05:51 2020 +0100 Updating Log4j to 2.13.2 due to CVE-2020-9488 (#177) --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index db29d46..3b3fd7d 100644 --- a/pom.xml +++ b/pom.xml @@ -437,7 +437,7 @@ under the License. 2.0.0.AM26 2.0.0 -2.13.1 +2.13.2 3.4.2 3.1
[syncope] branch master updated: Replace JSTL with Apache Standard Taglibs (#146)
This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/syncope.git The following commit(s) were added to refs/heads/master by this push: new 34aed95 Replace JSTL with Apache Standard Taglibs (#146) 34aed95 is described below commit 34aed95cb166d3e55d13fba139a362e81a2035be Author: Colm O hEigeartaigh AuthorDate: Thu Dec 12 11:19:54 2019 + Replace JSTL with Apache Standard Taglibs (#146) --- ext/oidcclient/agent/pom.xml | 4 ++-- ext/saml2sp/agent/pom.xml| 4 ++-- pom.xml | 6 +++--- standalone/LICENSE | 4 ++-- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/ext/oidcclient/agent/pom.xml b/ext/oidcclient/agent/pom.xml index 878aeb9..d0c37b7 100644 --- a/ext/oidcclient/agent/pom.xml +++ b/ext/oidcclient/agent/pom.xml @@ -47,8 +47,8 @@ under the License. javax.servlet.jsp-api - javax.servlet - jstl + org.apache.taglibs + taglibs-standard-impl provided diff --git a/ext/saml2sp/agent/pom.xml b/ext/saml2sp/agent/pom.xml index 808c76d..7a3bf6d 100644 --- a/ext/saml2sp/agent/pom.xml +++ b/ext/saml2sp/agent/pom.xml @@ -47,8 +47,8 @@ under the License. javax.servlet.jsp-api - javax.servlet - jstl + org.apache.taglibs + taglibs-standard-impl provided diff --git a/pom.xml b/pom.xml index 490b972..ea11284 100644 --- a/pom.xml +++ b/pom.xml @@ -602,9 +602,9 @@ under the License. provided -javax.servlet -jstl -1.2 +org.apache.taglibs +taglibs-standard-impl +1.2.5 diff --git a/standalone/LICENSE b/standalone/LICENSE index 3769043..77fc5fb 100644 --- a/standalone/LICENSE +++ b/standalone/LICENSE @@ -928,8 +928,8 @@ This is licensed under the CDDL 1.0, see above. == -For JSP Standard Tag Library (https://jstl.java.net/): -This is licensed under the CDDL 1.0, see above. +For Apache Standard Taglib (http://tomcat.apache.org/taglibs/standard/): +This is licensed under the AL 2.0, see above. ==
[syncope] branch master updated: Disallow external DTDs/Stylesheets in a few places where we definately don't neeed them (#136)
This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/syncope.git The following commit(s) were added to refs/heads/master by this push: new 7c3b445 Disallow external DTDs/Stylesheets in a few places where we definately don't neeed them (#136) 7c3b445 is described below commit 7c3b445b2df70bfc302d5758109699d82a69a923 Author: Colm O hEigeartaigh AuthorDate: Thu Oct 24 15:01:40 2019 +0100 Disallow external DTDs/Stylesheets in a few places where we definately don't neeed them (#136) --- .../java/org/apache/syncope/core/logic/init/CamelRouteLoader.java | 6 ++ .../org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java | 7 +++ 2 files changed, 13 insertions(+) diff --git a/ext/camel/logic/src/main/java/org/apache/syncope/core/logic/init/CamelRouteLoader.java b/ext/camel/logic/src/main/java/org/apache/syncope/core/logic/init/CamelRouteLoader.java index 5ea378f..ec82cf6 100644 --- a/ext/camel/logic/src/main/java/org/apache/syncope/core/logic/init/CamelRouteLoader.java +++ b/ext/camel/logic/src/main/java/org/apache/syncope/core/logic/init/CamelRouteLoader.java @@ -146,6 +146,12 @@ public class CamelRouteLoader implements SyncopeCoreLoader { if (IS_JBOSS) { tf = TransformerFactory.newInstance(); tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); +try { +tf.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); + tf.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); +} catch (IllegalArgumentException ex) { +LOG.debug("The JAXP parser does not support the following attribute: ", ex); +} tf.setURIResolver((href, base) -> null); Document doc = StaxUtils.read(resource.getInputStream()); diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java index cd429c8..2ec7b03 100644 --- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java +++ b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java @@ -83,6 +83,13 @@ public class SAML2ReaderWriter { } catch (TransformerConfigurationException e) { LOG.error("Could not enable secure XML processing", e); } + +try { +TRANSFORMER_FACTORY.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); + TRANSFORMER_FACTORY.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); +} catch (IllegalArgumentException ex) { + LOG.debug("The JAXP parser does not support the following attribute: ", ex); +} } @Autowired
[syncope] branch 2_0_X updated: Disallow Doctypes for SAXParserFactory
This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch 2_0_X in repository https://gitbox.apache.org/repos/asf/syncope.git The following commit(s) were added to refs/heads/2_0_X by this push: new a19c19e Disallow Doctypes for SAXParserFactory a19c19e is described below commit a19c19e19948cd9e9457d709144ae6d1c2bcc239 Author: Colm O hEigeartaigh AuthorDate: Fri Oct 11 11:35:34 2019 +0100 Disallow Doctypes for SAXParserFactory --- .../apache/syncope/core/persistence/jpa/content/XMLContentLoader.java| 1 + 1 file changed, 1 insertion(+) diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java index cdc01d0..3b117fe 100644 --- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java +++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java @@ -107,6 +107,7 @@ public class XMLContentLoader extends AbstractContentDealer implements ContentLo SAXParserFactory factory = SAXParserFactory.newInstance(); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); + factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl;, true); try (InputStream in = contentXML.getResource().getInputStream()) { SAXParser parser = factory.newSAXParser(); parser.parse(in, new ContentLoaderHandler(dataSource, ROOT_ELEMENT, true, env));
[syncope] branch 2_1_X updated: Disallow Doctypes for SAXParserFactory
This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch 2_1_X in repository https://gitbox.apache.org/repos/asf/syncope.git The following commit(s) were added to refs/heads/2_1_X by this push: new 410eeb3 Disallow Doctypes for SAXParserFactory 410eeb3 is described below commit 410eeb3607f16cb2aa79ede7e44bb1bb662beea2 Author: Colm O hEigeartaigh AuthorDate: Fri Oct 11 11:35:34 2019 +0100 Disallow Doctypes for SAXParserFactory --- .../apache/syncope/core/persistence/jpa/content/XMLContentLoader.java| 1 + 1 file changed, 1 insertion(+) diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java index a209a36..48aaf90 100644 --- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java +++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java @@ -108,6 +108,7 @@ public class XMLContentLoader extends AbstractContentDealer implements ContentLo SAXParserFactory factory = SAXParserFactory.newInstance(); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); + factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl;, true); try (InputStream in = contentXML.getResource().getInputStream()) { SAXParser parser = factory.newSAXParser(); parser.parse(in, new ContentLoaderHandler(dataSource, ROOT_ELEMENT, true, env));
[syncope] branch master updated: Disallow Doctypes for SAXParserFactory
This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/syncope.git The following commit(s) were added to refs/heads/master by this push: new a7a3009 Disallow Doctypes for SAXParserFactory new 16fb995 Merge pull request #129 from coheigea/doctypes a7a3009 is described below commit a7a3009a5002f6e72fe5d19eb99382c28f374799 Author: Colm O hEigeartaigh AuthorDate: Fri Oct 11 11:35:34 2019 +0100 Disallow Doctypes for SAXParserFactory --- .../apache/syncope/core/persistence/jpa/content/XMLContentLoader.java| 1 + 1 file changed, 1 insertion(+) diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java index db95a6a..9c1b502 100644 --- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java +++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java @@ -112,6 +112,7 @@ public class XMLContentLoader implements ContentLoader { SAXParserFactory factory = SAXParserFactory.newInstance(); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); + factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl;, true); try (contentXML) { SAXParser parser = factory.newSAXParser(); parser.parse(contentXML, new ContentLoaderHandler(dataSource, ROOT_ELEMENT, true, env));
[syncope] branch 2_1_X updated: Enable security-related HTTP headers in the console
This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch 2_1_X in repository https://gitbox.apache.org/repos/asf/syncope.git The following commit(s) were added to refs/heads/2_1_X by this push: new b62f16c Enable security-related HTTP headers in the console new 24474ac Merge pull request #96 from coheigea/http_headers b62f16c is described below commit b62f16ccd22c16b0dfdcbecace17dac112db29c3 Author: Colm O hEigeartaigh AuthorDate: Thu Feb 14 18:17:43 2019 + Enable security-related HTTP headers in the console --- .../syncope/client/console/SyncopeConsoleApplication.java | 14 ++ .../syncope/client/enduser/SyncopeEnduserApplication.java | 14 ++ 2 files changed, 28 insertions(+) diff --git a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java index 3431f04..3ea3934 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java @@ -58,6 +58,9 @@ import org.apache.wicket.authroles.authorization.strategies.role.metadata.MetaDa import org.apache.wicket.markup.html.WebPage; import org.apache.wicket.protocol.http.CsrfPreventionRequestCycleListener; import org.apache.wicket.protocol.http.WebApplication; +import org.apache.wicket.request.cycle.AbstractRequestCycleListener; +import org.apache.wicket.request.cycle.RequestCycle; +import org.apache.wicket.request.http.WebResponse; import org.apache.wicket.request.resource.AbstractResource; import org.apache.wicket.request.resource.IResource; import org.apache.wicket.request.resource.ResourceReference; @@ -206,6 +209,17 @@ public class SyncopeConsoleApplication extends AuthenticatedWebApplication { } getRequestCycleListeners().add(new SyncopeConsoleRequestCycleListener()); +getRequestCycleListeners().add(new AbstractRequestCycleListener() { + +@Override +public void onEndRequest(final RequestCycle cycle) { +WebResponse response = (WebResponse) cycle.getResponse(); +response.setHeader("X-XSS-Protection", "1; mode=block"); +response.setHeader("X-Content-Type-Options", "nosniff"); +response.setHeader("X-Frame-Options", "sameorigin"); +} +}); + mountPage("/login", getSignInPageClass()); try { diff --git a/client/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserApplication.java b/client/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserApplication.java index 207c789..e1efa65 100644 --- a/client/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserApplication.java +++ b/client/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserApplication.java @@ -50,6 +50,9 @@ import org.apache.wicket.WicketRuntimeException; import org.apache.wicket.protocol.http.WebApplication; import org.apache.wicket.request.Request; import org.apache.wicket.request.Response; +import org.apache.wicket.request.cycle.AbstractRequestCycleListener; +import org.apache.wicket.request.cycle.RequestCycle; +import org.apache.wicket.request.http.WebResponse; import org.apache.wicket.request.resource.AbstractResource; import org.apache.wicket.request.resource.IResource; import org.apache.wicket.request.resource.ResourceReference; @@ -304,6 +307,17 @@ public class SyncopeEnduserApplication extends WebApplication implements Seriali } }); } + +getRequestCycleListeners().add(new AbstractRequestCycleListener() { + +@Override +public void onEndRequest(final RequestCycle cycle) { +WebResponse response = (WebResponse) cycle.getResponse(); +response.setHeader("X-XSS-Protection", "1; mode=block"); +response.setHeader("X-Content-Type-Options", "nosniff"); +response.setHeader("X-Frame-Options", "sameorigin"); +} +}); } @Override
[syncope] branch master updated: Enable the secure processing feature
This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/syncope.git The following commit(s) were added to refs/heads/master by this push: new 720b253 Enable the secure processing feature 720b253 is described below commit 720b2538d58833629497beecd1f2de04a7624ba4 Author: Colm O hEigeartaigh AuthorDate: Thu Nov 22 11:51:41 2018 + Enable the secure processing feature --- .../apache/syncope/core/persistence/jpa/content/XMLContentLoader.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java index 8b59615..4adfde6 100644 --- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java +++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/content/XMLContentLoader.java @@ -23,6 +23,7 @@ import java.io.InputStream; import java.util.Properties; import javax.annotation.Resource; import javax.sql.DataSource; +import javax.xml.XMLConstants; import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.SAXParser; import javax.xml.parsers.SAXParserFactory; @@ -101,6 +102,7 @@ public class XMLContentLoader extends AbstractContentDealer implements ContentLo throws IOException, ParserConfigurationException, SAXException { SAXParserFactory factory = SAXParserFactory.newInstance(); +factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); try (InputStream in = contentXML.getResource().getInputStream()) { SAXParser parser = factory.newSAXParser(); parser.parse(in, new ContentLoaderHandler(dataSource, ROOT_ELEMENT, true));
syncope git commit: Updating WSS4J
Repository: syncope Updated Branches: refs/heads/2_0_X 8681aa76e -> 88f4b03e3 Updating WSS4J Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/88f4b03e Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/88f4b03e Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/88f4b03e Branch: refs/heads/2_0_X Commit: 88f4b03e39be6d13b879b5b46e93646da233447f Parents: 8681aa7 Author: Colm O hEigeartaighAuthored: Tue Jan 30 17:09:00 2018 + Committer: Colm O hEigeartaigh Committed: Tue Jan 30 17:09:12 2018 + -- pom.xml | 6 +- 1 file changed, 5 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/88f4b03e/pom.xml -- diff --git a/pom.xml b/pom.xml index f93a5a4..c2fd20e 100644 --- a/pom.xml +++ b/pom.xml @@ -618,7 +618,7 @@ under the License. org.apache.wss4j wss4j-ws-security-dom -2.1.11 +2.1.12 org.jasypt @@ -628,6 +628,10 @@ under the License. org.apache.geronimo.specs geronimo-javamail_1.4_spec + +com.fasterxml.woodstox +woodstox-core +
syncope git commit: Add the Active Directory Connector to fit/build-tools
Repository: syncope Updated Branches: refs/heads/2_0_X 845f25146 -> 32a6bd352 Add the Active Directory Connector to fit/build-tools (cherry picked from commit d701a03fbaa84c079f8442608e279c5c60981160) Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/32a6bd35 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/32a6bd35 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/32a6bd35 Branch: refs/heads/2_0_X Commit: 32a6bd35295ecd7d92be75e96b726fb6b50389c7 Parents: 845f251 Author: Colm O hEigeartaighAuthored: Tue Dec 19 15:41:43 2017 + Committer: Colm O hEigeartaigh Committed: Tue Dec 19 15:42:21 2017 + -- .../apache/syncope/fit/buildtools/ConnIdStartStopListener.java| 1 + fit/build-tools/src/main/resources/buildToolsContext.xml | 3 +++ 2 files changed, 4 insertions(+) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/32a6bd35/fit/build-tools/src/main/java/org/apache/syncope/fit/buildtools/ConnIdStartStopListener.java -- diff --git a/fit/build-tools/src/main/java/org/apache/syncope/fit/buildtools/ConnIdStartStopListener.java b/fit/build-tools/src/main/java/org/apache/syncope/fit/buildtools/ConnIdStartStopListener.java index 1cb8370..1aaea1b 100644 --- a/fit/build-tools/src/main/java/org/apache/syncope/fit/buildtools/ConnIdStartStopListener.java +++ b/fit/build-tools/src/main/java/org/apache/syncope/fit/buildtools/ConnIdStartStopListener.java @@ -53,6 +53,7 @@ public class ConnIdStartStopListener implements ServletContextListener { "testconnectorserver.dbtable.bundle", "testconnectorserver.scriptedsql.bundle", "testconnectorserver.csvdir.bundle", +"testconnectorserver.ad.bundle", "testconnectorserver.ldap.bundle" }) { URL url = null; http://git-wip-us.apache.org/repos/asf/syncope/blob/32a6bd35/fit/build-tools/src/main/resources/buildToolsContext.xml -- diff --git a/fit/build-tools/src/main/resources/buildToolsContext.xml b/fit/build-tools/src/main/resources/buildToolsContext.xml index a4433c9..b3754ac 100644 --- a/fit/build-tools/src/main/resources/buildToolsContext.xml +++ b/fit/build-tools/src/main/resources/buildToolsContext.xml @@ -57,6 +57,9 @@ under the License. + + +
syncope git commit: SYNCOPE-1243 - Add information to GroupTO about user and AnyObject membership counts. Thanks to Francesco for reviewing.
Repository: syncope Updated Branches: refs/heads/2_0_X 2153a3dca -> 93e143590 SYNCOPE-1243 - Add information to GroupTO about user and AnyObject membership counts. Thanks to Francesco for reviewing. (cherry picked from commit d784ae297c79df8e7d9a7c5dec1677d716422ef2) Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/93e14359 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/93e14359 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/93e14359 Branch: refs/heads/2_0_X Commit: 93e143590da19d5d3d68909726830db41bac8b3e Parents: 2153a3d Author: Colm O hEigeartaighAuthored: Mon Dec 11 11:07:35 2017 + Committer: Colm O hEigeartaigh Committed: Mon Dec 11 11:18:40 2017 + -- .../apache/syncope/common/lib/to/GroupTO.java | 40 .../core/persistence/api/dao/GroupDAO.java | 8 .../core/persistence/jpa/dao/JPAGroupDAO.java | 41 .../java/data/GroupDataBinderImpl.java | 8 .../apache/syncope/fit/core/GroupITCase.java| 50 5 files changed, 147 insertions(+) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/93e14359/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupTO.java -- diff --git a/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupTO.java b/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupTO.java index 0ae0885..4b6d1a1 100644 --- a/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupTO.java +++ b/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupTO.java @@ -48,6 +48,14 @@ public class GroupTO extends AnyTO { private String udynMembershipCond; +private int staticUserMembershipCount; + +private int dynamicUserMembershipCount; + +private int staticAnyObjectMembershipCount; + +private int dynamicAnyObjectMembershipCount; + @XmlJavaTypeAdapter(XmlGenericMapAdapter.class) @JsonIgnore private final Map adynMembershipConds = new HashMap<>(); @@ -96,6 +104,38 @@ public class GroupTO extends AnyTO { this.udynMembershipCond = uDynMembershipCond; } +public int getStaticUserMembershipCount() { +return staticUserMembershipCount; +} + +public void setStaticUserMembershipCount(final int staticUserMembershipCount) { +this.staticUserMembershipCount = staticUserMembershipCount; +} + +public int getDynamicUserMembershipCount() { +return dynamicUserMembershipCount; +} + +public void setDynamicUserMembershipCount(final int dynamicUserMembershipCount) { +this.dynamicUserMembershipCount = dynamicUserMembershipCount; +} + +public int getStaticAnyObjectMembershipCount() { +return staticAnyObjectMembershipCount; +} + +public void setStaticAnyObjectMembershipCount(final int staticAnyObjectMembershipCount) { +this.staticAnyObjectMembershipCount = staticAnyObjectMembershipCount; +} + +public int getDynamicAnyObjectMembershipCount() { +return dynamicAnyObjectMembershipCount; +} + +public void setDynamicAnyObjectMembershipCount(final int dynamicAnyObjectMembershipCount) { +this.dynamicAnyObjectMembershipCount = dynamicAnyObjectMembershipCount; +} + @JsonProperty public Map getADynMembershipConds() { return adynMembershipConds; http://git-wip-us.apache.org/repos/asf/syncope/blob/93e14359/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/GroupDAO.java -- diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/GroupDAO.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/GroupDAO.java index 08548b4..f296932 100644 --- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/GroupDAO.java +++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/GroupDAO.java @@ -48,6 +48,14 @@ public interface GroupDAO extends AnyDAO { List findADynMembers(Group group); +int countAMembers(Group group); + +int countUMembers(Group group); + +int countADynMembers(Group group); + +int countUDynMembers(Group group); + void clearADynMembers(Group group); /** http://git-wip-us.apache.org/repos/asf/syncope/blob/93e14359/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAGroupDAO.java -- diff --git
syncope git commit: SYNCOPE-1243 - Add information to GroupTO about user and AnyObject membership counts. Thanks to Francesco for reviewing.
Repository: syncope Updated Branches: refs/heads/master 003982086 -> d784ae297 SYNCOPE-1243 - Add information to GroupTO about user and AnyObject membership counts. Thanks to Francesco for reviewing. Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/d784ae29 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/d784ae29 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/d784ae29 Branch: refs/heads/master Commit: d784ae297c79df8e7d9a7c5dec1677d716422ef2 Parents: 0039820 Author: Colm O hEigeartaighAuthored: Mon Dec 11 11:07:35 2017 + Committer: Colm O hEigeartaigh Committed: Mon Dec 11 11:07:35 2017 + -- .../apache/syncope/common/lib/to/GroupTO.java | 40 .../core/persistence/api/dao/GroupDAO.java | 8 .../core/persistence/jpa/dao/JPAGroupDAO.java | 41 .../java/data/GroupDataBinderImpl.java | 8 .../apache/syncope/fit/core/GroupITCase.java| 50 5 files changed, 147 insertions(+) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/d784ae29/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupTO.java -- diff --git a/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupTO.java b/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupTO.java index c531840..e4bf304 100644 --- a/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupTO.java +++ b/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupTO.java @@ -47,6 +47,14 @@ public class GroupTO extends AnyTO { private String udynMembershipCond; +private int staticUserMembershipCount; + +private int dynamicUserMembershipCount; + +private int staticAnyObjectMembershipCount; + +private int dynamicAnyObjectMembershipCount; + @XmlJavaTypeAdapter(XmlGenericMapAdapter.class) @JsonIgnore private final Map adynMembershipConds = new HashMap<>(); @@ -95,6 +103,38 @@ public class GroupTO extends AnyTO { this.udynMembershipCond = uDynMembershipCond; } +public int getStaticUserMembershipCount() { +return staticUserMembershipCount; +} + +public void setStaticUserMembershipCount(final int staticUserMembershipCount) { +this.staticUserMembershipCount = staticUserMembershipCount; +} + +public int getDynamicUserMembershipCount() { +return dynamicUserMembershipCount; +} + +public void setDynamicUserMembershipCount(final int dynamicUserMembershipCount) { +this.dynamicUserMembershipCount = dynamicUserMembershipCount; +} + +public int getStaticAnyObjectMembershipCount() { +return staticAnyObjectMembershipCount; +} + +public void setStaticAnyObjectMembershipCount(final int staticAnyObjectMembershipCount) { +this.staticAnyObjectMembershipCount = staticAnyObjectMembershipCount; +} + +public int getDynamicAnyObjectMembershipCount() { +return dynamicAnyObjectMembershipCount; +} + +public void setDynamicAnyObjectMembershipCount(final int dynamicAnyObjectMembershipCount) { +this.dynamicAnyObjectMembershipCount = dynamicAnyObjectMembershipCount; +} + @JsonProperty public Map getADynMembershipConds() { return adynMembershipConds; http://git-wip-us.apache.org/repos/asf/syncope/blob/d784ae29/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/GroupDAO.java -- diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/GroupDAO.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/GroupDAO.java index 1ee1cf1..11b61e8 100644 --- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/GroupDAO.java +++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/GroupDAO.java @@ -49,6 +49,14 @@ public interface GroupDAO extends AnyDAO { List findADynMembers(Group group); +int countAMembers(Group group); + +int countUMembers(Group group); + +int countADynMembers(Group group); + +int countUDynMembers(Group group); + Collection findAllResourceKeys(final String key); void clearADynMembers(Group group); http://git-wip-us.apache.org/repos/asf/syncope/blob/d784ae29/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAGroupDAO.java -- diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAGroupDAO.java
syncope git commit: Minor streams optimisation
Repository: syncope Updated Branches: refs/heads/master 30d90566d -> f670e2fa3 Minor streams optimisation Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/f670e2fa Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/f670e2fa Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/f670e2fa Branch: refs/heads/master Commit: f670e2fa38d0862c9b5d15639e8fb8dee5770936 Parents: 30d9056 Author: Colm O hEigeartaighAuthored: Mon Nov 20 12:35:33 2017 + Committer: Colm O hEigeartaigh Committed: Mon Nov 20 12:35:33 2017 + -- .../main/java/org/apache/syncope/core/logic/AbstractAnyLogic.java | 2 +- .../src/main/java/org/apache/syncope/core/logic/GroupLogic.java| 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/f670e2fa/core/logic/src/main/java/org/apache/syncope/core/logic/AbstractAnyLogic.java -- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/AbstractAnyLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/AbstractAnyLogic.java index 4e84455..fa3ca98 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/AbstractAnyLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/AbstractAnyLogic.java @@ -229,7 +229,7 @@ public abstract class AbstractAnyLogic ext ? groupDAO : anyObjectDAO; authorized = anyDAO.findDynRealms(key).stream(). -filter(dynRealm -> effectiveRealms.contains(dynRealm)).findFirst().isPresent(); +anyMatch(dynRealm -> effectiveRealms.contains(dynRealm)); } if (!authorized) { throw new DelegatedAdministrationException( http://git-wip-us.apache.org/repos/asf/syncope/blob/f670e2fa/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java -- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java index 8d94807..103dae8 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/GroupLogic.java @@ -122,7 +122,7 @@ public class GroupLogic extends AbstractAnyLogic { -> realm.startsWith(ownedRealm) || ownedRealm.equals(RealmUtils.getGroupOwnerRealm(realm, key))); if (!authorized) { authorized = groupDAO.findDynRealms(key).stream(). -filter(dynRealm -> effectiveRealms.contains(dynRealm)).findFirst().isPresent(); +anyMatch(dynRealm -> effectiveRealms.contains(dynRealm)); } if (!authorized) { throw new DelegatedAdministrationException(realm, AnyTypeKind.GROUP.name(), key);
syncope git commit: Removing some duplicate code + another typo
Repository: syncope Updated Branches: refs/heads/2_0_X de750537b -> 16a55aa15 Removing some duplicate code + another typo Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/16a55aa1 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/16a55aa1 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/16a55aa1 Branch: refs/heads/2_0_X Commit: 16a55aa1548a215580b9b298edee5197772361b1 Parents: de75053 Author: Colm O hEigeartaighAuthored: Thu Oct 19 11:08:44 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Oct 19 12:18:30 2017 +0100 -- .../apache/syncope/client/console/SyncopeConsoleApplication.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/16a55aa1/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java -- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java index 4bf1188..cfcdfbf 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java @@ -115,7 +115,7 @@ public class SyncopeConsoleApplication extends AuthenticatedWebApplication { @SuppressWarnings("unchecked") protected void populatePageClasses(final Properties props) { -Enumeration propNames = (Enumeration) props.propertyNames(); +Enumeration propNames = (Enumeration) props.propertyNames(); while (propNames.hasMoreElements()) { String name = propNames.nextElement(); if (name.startsWith("page.")) {
syncope git commit: Removing some duplicate code + another typo
Repository: syncope Updated Branches: refs/heads/master 0984dfd22 -> 3f47e9bde Removing some duplicate code + another typo Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/3f47e9bd Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/3f47e9bd Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/3f47e9bd Branch: refs/heads/master Commit: 3f47e9bdee9e8ffeb606b2717e34ecbfe2801fb4 Parents: 0984dfd Author: Colm O hEigeartaighAuthored: Thu Oct 19 11:08:44 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Oct 19 11:09:02 2017 +0100 -- .../apache/syncope/client/console/SyncopeConsoleApplication.java | 2 +- .../src/main/java/org/apache/syncope/core/logic/ResourceLogic.java | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/3f47e9bd/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java -- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java index 28a35c9..ba08b8a 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java @@ -112,7 +112,7 @@ public class SyncopeConsoleApplication extends AuthenticatedWebApplication { @SuppressWarnings("unchecked") protected void populatePageClasses(final Properties props) { -Enumeration propNames = (Enumeration) props.propertyNames(); +Enumeration propNames = (Enumeration) props.propertyNames(); while (propNames.hasMoreElements()) { String name = propNames.nextElement(); if (name.startsWith("page.")) { http://git-wip-us.apache.org/repos/asf/syncope/blob/3f47e9bd/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java -- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java index b476387..b4a0f13 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/ResourceLogic.java @@ -113,7 +113,6 @@ public class ResourceLogic extends AbstractTransactionalLogic { private ConnectorFactory connFactory; protected void securityChecks(final Set effectiveRealms, final String realm, final String key) { -effectiveRealms.stream().anyMatch(ownedRealm -> realm.startsWith(ownedRealm)); boolean authorized = effectiveRealms.stream().anyMatch(ownedRealm -> realm.startsWith(ownedRealm)); if (!authorized) { throw new DelegatedAdministrationException(realm, ExternalResource.class.getSimpleName(), key);
syncope git commit: SYNCOPE-1186 - Remove copy of SAMLSSOResponseValidator and SSOValidatorResponse when CXF 3.1.13 is out
Repository: syncope Updated Branches: refs/heads/2_0_X 435101f50 -> 5eb2ee37f SYNCOPE-1186 - Remove copy of SAMLSSOResponseValidator and SSOValidatorResponse when CXF 3.1.13 is out Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/5eb2ee37 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/5eb2ee37 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/5eb2ee37 Branch: refs/heads/2_0_X Commit: 5eb2ee37f9c6c9279d91683b8f7f1375c9acb6be Parents: 435101f Author: Colm O hEigeartaighAuthored: Thu Oct 5 17:00:04 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Oct 5 17:00:04 2017 +0100 -- .../apache/syncope/core/logic/SAML2SPLogic.java | 2 +- .../core/logic/saml2/SAML2ReaderWriter.java | 2 + .../logic/saml2/SAMLSSOResponseValidator.java | 371 --- .../core/logic/saml2/SSOValidatorResponse.java | 84 - 4 files changed, 3 insertions(+), 456 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/5eb2ee37/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java -- diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java index 9c3afd7..6bd6182 100644 --- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java +++ b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java @@ -19,7 +19,6 @@ package org.apache.syncope.core.logic; import org.apache.syncope.core.logic.saml2.SAML2UserManager; -import org.apache.syncope.core.logic.saml2.SSOValidatorResponse; import com.fasterxml.uuid.Generators; import com.fasterxml.uuid.impl.RandomBasedGenerator; @@ -39,6 +38,7 @@ import org.apache.commons.lang3.tuple.Pair; import org.apache.commons.lang3.tuple.Triple; import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer; import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier; +import org.apache.cxf.rs.security.saml.sso.SSOValidatorResponse; import org.apache.syncope.common.lib.AbstractBaseBean; import org.apache.syncope.common.lib.SyncopeClientException; import org.apache.syncope.common.lib.to.AttrTO; http://git-wip-us.apache.org/repos/asf/syncope/blob/5eb2ee37/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java -- diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java index ff64284..f711b56 100644 --- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java +++ b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java @@ -43,6 +43,8 @@ import javax.xml.transform.stream.StreamResult; import org.apache.commons.codec.binary.Base64; import org.apache.cxf.rs.security.saml.DeflateEncoderDecoder; import org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator; +import org.apache.cxf.rs.security.saml.sso.SAMLSSOResponseValidator; +import org.apache.cxf.rs.security.saml.sso.SSOValidatorResponse; import org.apache.cxf.staxutils.StaxUtils; import org.apache.syncope.common.lib.SSOConstants; import org.apache.syncope.common.lib.types.SAML2BindingType; http://git-wip-us.apache.org/repos/asf/syncope/blob/5eb2ee37/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAMLSSOResponseValidator.java -- diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAMLSSOResponseValidator.java b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAMLSSOResponseValidator.java deleted file mode 100644 index a32ed09..000 --- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAMLSSOResponseValidator.java +++ /dev/null @@ -1,371 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT
syncope git commit: SYNCOPE-1195 - Remove copy of OpenSAMLUtil when WSS4J 2.1.11 is out
Repository: syncope Updated Branches: refs/heads/2_0_X 367dd7c8b -> 068720834 SYNCOPE-1195 - Remove copy of OpenSAMLUtil when WSS4J 2.1.11 is out Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/06872083 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/06872083 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/06872083 Branch: refs/heads/2_0_X Commit: 068720834b11bb5cb5db8e35dffe04ef0ed881fe Parents: 367dd7c Author: Colm O hEigeartaighAuthored: Fri Sep 1 18:26:27 2017 +0100 Committer: Colm O hEigeartaigh Committed: Fri Sep 1 18:26:27 2017 +0100 -- .../syncope/core/logic/saml2/OpenSAMLUtil.java | 141 --- .../core/logic/saml2/SAML2ReaderWriter.java | 5 +- pom.xml | 2 +- 3 files changed, 4 insertions(+), 144 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/06872083/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/OpenSAMLUtil.java -- diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/OpenSAMLUtil.java b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/OpenSAMLUtil.java deleted file mode 100644 index ff197d4..000 --- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/OpenSAMLUtil.java +++ /dev/null @@ -1,141 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.syncope.core.logic.saml2; - -import org.apache.wss4j.common.ext.WSSecurityException; -import org.opensaml.core.xml.XMLObject; -import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; -import org.opensaml.core.xml.io.Marshaller; -import org.opensaml.core.xml.io.MarshallerFactory; -import org.opensaml.core.xml.io.MarshallingException; -import org.opensaml.saml.common.SignableSAMLObject; -import org.opensaml.xmlsec.signature.Signature; -import org.opensaml.xmlsec.signature.support.SignatureException; -import org.opensaml.xmlsec.signature.support.Signer; -import org.opensaml.xmlsec.signature.support.SignerProvider; -import org.w3c.dom.Document; -import org.w3c.dom.DocumentFragment; -import org.w3c.dom.Element; - -/** - * Class OpenSAMLUtil provides static helper methods for the OpenSaml library. - * TODO Remove once we pick up WSS4J 2.1.11 - See https://issues.apache.org/jira/browse/WSS-613 - */ -final class OpenSAMLUtil { - -private OpenSAMLUtil() { -// Complete -} - -/** - * Convert a SAML Assertion from a XMLObject to a DOM Element - * - * @param xmlObject of type XMLObject - * @param doc of type Document - * @param signObject whether to sign the XMLObject during marshalling - * @return Element - * @throws WSSecurityException - */ -public static Element toDom( -final XMLObject xmlObject, -final Document doc, -final boolean signObject -) throws WSSecurityException { -MarshallerFactory marshallerFactory = XMLObjectProviderRegistrySupport.getMarshallerFactory(); -Marshaller marshaller = marshallerFactory.getMarshaller(xmlObject); -Element element = null; -DocumentFragment frag = doc == null ? null : doc.createDocumentFragment(); -try { -if (frag != null) { -while (doc.getFirstChild() != null) { -frag.appendChild(doc.removeChild(doc.getFirstChild())); -} -} -try { -if (doc == null) { -element = marshaller.marshall(xmlObject); -} else { -element = marshaller.marshall(xmlObject, doc); -} -} catch (MarshallingException ex) { -throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex, "empty", - new Object[] {"Error marshalling a SAML assertion"}); -
syncope git commit: Fixing build error
Repository: syncope Updated Branches: refs/heads/2_0_X 3dc6e4203 -> c671393e2 Fixing build error Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/c671393e Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/c671393e Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/c671393e Branch: refs/heads/2_0_X Commit: c671393e2977550df35213e6d0c3abbdb06e4d81 Parents: 3dc6e42 Author: Colm O hEigeartaighAuthored: Thu Aug 31 15:50:31 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Aug 31 15:50:31 2017 +0100 -- .../syncope/client/console/wizards/SAML2IdPWizardBuilder.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/c671393e/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java -- diff --git a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java index ba25ebf..3376e64 100644 --- a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java +++ b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java @@ -120,7 +120,7 @@ public class SAML2IdPWizardBuilder extends AjaxWizardBuilder { fields.add(useDeflateEncoding); AjaxCheckBoxPanel supportUnsolicited = new AjaxCheckBoxPanel( -"field", "supportUnsolicited", new PropertyModel<>(idpTO, "supportUnsolicited"), false); +"field", "supportUnsolicited", new PropertyModel(idpTO, "supportUnsolicited"), false); fields.add(supportUnsolicited); AjaxDropDownChoicePanel bindingType =
[1/2] syncope git commit: SYNCOPE-1202 - Support IdP Initiated SAML SSO
Repository: syncope Updated Branches: refs/heads/2_0_X 55e09aa66 -> 3dc6e4203 SYNCOPE-1202 - Support IdP Initiated SAML SSO Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/2751007c Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/2751007c Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/2751007c Branch: refs/heads/2_0_X Commit: 2751007cec23dc5e211b76fd3f3da73bcc692b89 Parents: 55e09aa Author: Colm O hEigeartaighAuthored: Thu Aug 31 13:25:19 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Aug 31 15:43:03 2017 +0100 -- .../syncope/common/lib/to/SAML2IdPTO.java | 10 ++ .../apache/syncope/core/logic/SAML2SPLogic.java | 34 +-- .../core/logic/saml2/SAML2IdPEntity.java| 4 + .../core/persistence/api/entity/SAML2IdP.java | 4 + .../persistence/jpa/entity/JPASAML2IdP.java | 15 +++ .../java/data/SAML2IdPDataBinderImpl.java | 2 + .../apache/syncope/fit/core/SAML2ITCase.java| 101 +-- .../src/test/resources/fediz_realmb.xml | 35 +++ 8 files changed, 183 insertions(+), 22 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/2751007c/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java -- diff --git a/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java b/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java index 022267d..12f53ab 100644 --- a/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java +++ b/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java @@ -53,6 +53,8 @@ public class SAML2IdPTO extends AbstractBaseBean implements EntityTO, ItemContai private boolean useDeflateEncoding; +private boolean supportUnsolicited; + private SAML2BindingType bindingType; private boolean logoutSupported; @@ -195,4 +197,12 @@ public class SAML2IdPTO extends AbstractBaseBean implements EntityTO, ItemContai return actionsClassNames; } +public boolean isSupportUnsolicited() { +return supportUnsolicited; +} + +public void setSupportUnsolicited(final boolean supportUnsolicited) { +this.supportUnsolicited = supportUnsolicited; +} + } http://git-wip-us.apache.org/repos/asf/syncope/blob/2751007c/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java -- diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java index 39d025c..6c9b7ed 100644 --- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java +++ b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java @@ -114,6 +114,8 @@ import org.springframework.util.ResourceUtils; @Component public class SAML2SPLogic extends AbstractSAML2Logic { +private static final String IDP_INITIATED_RELAY_STATE = "idpInitiated"; + private static final long JWT_RELAY_STATE_DURATION = 60L; private static final String JWT_CLAIM_IDP_DEFLATE = "IDP_DEFLATE"; @@ -361,17 +363,23 @@ public class SAML2SPLogic extends AbstractSAML2Logic { if (response.getRelayState() == null) { throw new IllegalArgumentException("No Relay State was provided"); } -JwsJwtCompactConsumer relayState = new JwsJwtCompactConsumer(response.getRelayState()); -if (!relayState.verifySignatureWith(jwsSignatureVerifier)) { -throw new IllegalArgumentException("Invalid signature found in Relay State"); -} -Long expiryTime = relayState.getJwtClaims().getExpiryTime(); -if (expiryTime == null || (expiryTime * 1000L) < new Date().getTime()) { -throw new IllegalArgumentException("Relay State is expired"); -} -Boolean useDeflateEncoding = Boolean.valueOf( - relayState.getJwtClaims().getClaim(JWT_CLAIM_IDP_DEFLATE).toString()); +Boolean useDeflateEncoding = false; +String requestId = null; +if (!IDP_INITIATED_RELAY_STATE.equals(response.getRelayState())) { +JwsJwtCompactConsumer relayState = new JwsJwtCompactConsumer(response.getRelayState()); +if (!relayState.verifySignatureWith(jwsSignatureVerifier)) { +throw new IllegalArgumentException("Invalid signature found in Relay State"); +} +useDeflateEncoding = Boolean.valueOf( +
[2/2] syncope git commit: SYNCOPE-1202 - Adding UI support
SYNCOPE-1202 - Adding UI support Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/3dc6e420 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/3dc6e420 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/3dc6e420 Branch: refs/heads/2_0_X Commit: 3dc6e420360981dce08731b557b145993d8ff7c2 Parents: 2751007 Author: Colm O hEigeartaighAuthored: Thu Aug 31 15:27:02 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Aug 31 15:44:24 2017 +0100 -- .../syncope/client/console/panels/SAML2IdPsDirectoryPanel.java | 2 ++ .../syncope/client/console/wizards/SAML2IdPWizardBuilder.java| 4 .../client/console/panels/SAML2IdPsDirectoryPanel.properties | 1 + .../client/console/panels/SAML2IdPsDirectoryPanel_it.properties | 1 + .../console/panels/SAML2IdPsDirectoryPanel_pt_BR.properties | 1 + .../client/console/panels/SAML2IdPsDirectoryPanel_ru.properties | 1 + 6 files changed, 10 insertions(+) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/3dc6e420/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.java -- diff --git a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.java b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.java index 2874a84..1b3f818 100644 --- a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.java +++ b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.java @@ -192,6 +192,8 @@ public class SAML2IdPsDirectoryPanel extends DirectoryPanel< columns.add(new PropertyColumn (new ResourceModel("entityID"), "entityID", "entityID")); columns.add(new BooleanPropertyColumn( new ResourceModel("useDeflateEncoding"), "useDeflateEncoding", "useDeflateEncoding")); +columns.add(new BooleanPropertyColumn( +new ResourceModel("supportUnsolicited"), "supportUnsolicited", "supportUnsolicited")); columns.add(new PropertyColumn ( new ResourceModel("bindingType"), "bindingType", "bindingType")); columns.add(new BooleanPropertyColumn( http://git-wip-us.apache.org/repos/asf/syncope/blob/3dc6e420/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java -- diff --git a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java index 0fc7b22..ba25ebf 100644 --- a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java +++ b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java @@ -119,6 +119,10 @@ public class SAML2IdPWizardBuilder extends AjaxWizardBuilder { "field", "useDeflateEncoding", new PropertyModel(idpTO, "useDeflateEncoding"), false); fields.add(useDeflateEncoding); +AjaxCheckBoxPanel supportUnsolicited = new AjaxCheckBoxPanel( +"field", "supportUnsolicited", new PropertyModel<>(idpTO, "supportUnsolicited"), false); +fields.add(supportUnsolicited); + AjaxDropDownChoicePanel bindingType = new AjaxDropDownChoicePanel<>("field", "bindingType", new PropertyModel(idpTO, "bindingType"), false); http://git-wip-us.apache.org/repos/asf/syncope/blob/3dc6e420/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties -- diff --git a/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties b/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties index 97d8690..60b2a65 100644 --- a/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties +++ b/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties @@ -16,6 +16,7 @@ # under the License. entityID=Entity ID useDeflateEncoding=Deflate Encoding +supportUnsolicited=Support
[1/2] syncope git commit: SYNCOPE-1202 - Support IdP Initiated SAML SSO
Repository: syncope Updated Branches: refs/heads/master b3db3b19e -> 58983df16 SYNCOPE-1202 - Support IdP Initiated SAML SSO Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/c4261ab1 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/c4261ab1 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/c4261ab1 Branch: refs/heads/master Commit: c4261ab150920d84a7f4095ee22331f235ef6813 Parents: b3db3b1 Author: Colm O hEigeartaighAuthored: Thu Aug 31 13:25:19 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Aug 31 13:25:19 2017 +0100 -- .../syncope/common/lib/to/SAML2IdPTO.java | 10 +++ .../apache/syncope/core/logic/SAML2SPLogic.java | 34 --- .../core/logic/saml2/SAML2IdPEntity.java| 4 + .../core/persistence/api/entity/SAML2IdP.java | 4 + .../persistence/jpa/entity/JPASAML2IdP.java | 15 .../java/data/SAML2IdPDataBinderImpl.java | 2 + .../apache/syncope/fit/core/SAML2ITCase.java| 95 +--- .../src/test/resources/fediz_realmb.xml | 35 8 files changed, 177 insertions(+), 22 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/c4261ab1/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java -- diff --git a/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java b/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java index 7b8b241..b11a530 100644 --- a/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java +++ b/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2IdPTO.java @@ -51,6 +51,8 @@ public class SAML2IdPTO extends AbstractBaseBean implements EntityTO, ItemContai private boolean useDeflateEncoding; +private boolean supportUnsolicited; + private SAML2BindingType bindingType; private boolean logoutSupported; @@ -187,4 +189,12 @@ public class SAML2IdPTO extends AbstractBaseBean implements EntityTO, ItemContai return actionsClassNames; } +public boolean isSupportUnsolicited() { +return supportUnsolicited; +} + +public void setSupportUnsolicited(final boolean supportUnsolicited) { +this.supportUnsolicited = supportUnsolicited; +} + } http://git-wip-us.apache.org/repos/asf/syncope/blob/c4261ab1/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java -- diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java index e07fc52..755d938 100644 --- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java +++ b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java @@ -113,6 +113,8 @@ import org.springframework.util.ResourceUtils; @Component public class SAML2SPLogic extends AbstractSAML2Logic { +private static final String IDP_INITIATED_RELAY_STATE = "idpInitiated"; + private static final long JWT_RELAY_STATE_DURATION = 60L; private static final String JWT_CLAIM_IDP_DEFLATE = "IDP_DEFLATE"; @@ -360,17 +362,23 @@ public class SAML2SPLogic extends AbstractSAML2Logic { if (response.getRelayState() == null) { throw new IllegalArgumentException("No Relay State was provided"); } -JwsJwtCompactConsumer relayState = new JwsJwtCompactConsumer(response.getRelayState()); -if (!relayState.verifySignatureWith(jwsSignatureVerifier)) { -throw new IllegalArgumentException("Invalid signature found in Relay State"); -} -Long expiryTime = relayState.getJwtClaims().getExpiryTime(); -if (expiryTime == null || (expiryTime * 1000L) < new Date().getTime()) { -throw new IllegalArgumentException("Relay State is expired"); -} -Boolean useDeflateEncoding = Boolean.valueOf( - relayState.getJwtClaims().getClaim(JWT_CLAIM_IDP_DEFLATE).toString()); +Boolean useDeflateEncoding = false; +String requestId = null; +if (!IDP_INITIATED_RELAY_STATE.equals(response.getRelayState())) { +JwsJwtCompactConsumer relayState = new JwsJwtCompactConsumer(response.getRelayState()); +if (!relayState.verifySignatureWith(jwsSignatureVerifier)) { +throw new IllegalArgumentException("Invalid signature found in Relay State"); +} +useDeflateEncoding = Boolean.valueOf( +
[2/2] syncope git commit: SYNCOPE-1202 - Adding UI support
SYNCOPE-1202 - Adding UI support Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/58983df1 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/58983df1 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/58983df1 Branch: refs/heads/master Commit: 58983df16678167db27f0a5c0b32e0bd3fc985a7 Parents: c4261ab Author: Colm O hEigeartaighAuthored: Thu Aug 31 15:27:02 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Aug 31 15:27:02 2017 +0100 -- .../syncope/client/console/panels/SAML2IdPsDirectoryPanel.java | 2 ++ .../syncope/client/console/wizards/SAML2IdPWizardBuilder.java| 4 .../client/console/panels/SAML2IdPsDirectoryPanel.properties | 1 + .../client/console/panels/SAML2IdPsDirectoryPanel_it.properties | 1 + .../console/panels/SAML2IdPsDirectoryPanel_pt_BR.properties | 1 + .../client/console/panels/SAML2IdPsDirectoryPanel_ru.properties | 1 + 6 files changed, 10 insertions(+) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/58983df1/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.java -- diff --git a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.java b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.java index 45bdef3..dd2fb52 100644 --- a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.java +++ b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.java @@ -192,6 +192,8 @@ public class SAML2IdPsDirectoryPanel extends DirectoryPanel< columns.add(new PropertyColumn<>(new ResourceModel("entityID"), "entityID", "entityID")); columns.add(new BooleanPropertyColumn<>( new ResourceModel("useDeflateEncoding"), "useDeflateEncoding", "useDeflateEncoding")); +columns.add(new BooleanPropertyColumn<>( +new ResourceModel("supportUnsolicited"), "supportUnsolicited", "supportUnsolicited")); columns.add(new PropertyColumn<>( new ResourceModel("bindingType"), "bindingType", "bindingType")); columns.add(new BooleanPropertyColumn<>( http://git-wip-us.apache.org/repos/asf/syncope/blob/58983df1/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java -- diff --git a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java index 5cafb9b..35eb5dc 100644 --- a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java +++ b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/wizards/SAML2IdPWizardBuilder.java @@ -117,6 +117,10 @@ public class SAML2IdPWizardBuilder extends AjaxWizardBuilder { "field", "useDeflateEncoding", new PropertyModel<>(idpTO, "useDeflateEncoding"), false); fields.add(useDeflateEncoding); +AjaxCheckBoxPanel supportUnsolicited = new AjaxCheckBoxPanel( +"field", "supportUnsolicited", new PropertyModel<>(idpTO, "supportUnsolicited"), false); +fields.add(supportUnsolicited); + AjaxDropDownChoicePanel bindingType = new AjaxDropDownChoicePanel<>("field", "bindingType", new PropertyModel<>(idpTO, "bindingType"), false); http://git-wip-us.apache.org/repos/asf/syncope/blob/58983df1/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties -- diff --git a/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties b/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties index 97d8690..60b2a65 100644 --- a/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties +++ b/ext/saml2sp/client-console/src/main/resources/org/apache/syncope/client/console/panels/SAML2IdPsDirectoryPanel.properties @@ -16,6 +16,7 @@ # under the License. entityID=Entity ID useDeflateEncoding=Deflate Encoding +supportUnsolicited=Support Unsolicited Logins
syncope git commit: SYNCOPE-1198 - Adding docs
Repository: syncope Updated Branches: refs/heads/master f15efd5b3 -> a0bccf169 SYNCOPE-1198 - Adding docs Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/a0bccf16 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/a0bccf16 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/a0bccf16 Branch: refs/heads/master Commit: a0bccf169f8b65e4a8db0627574167756f96b94b Parents: f15efd5 Author: Colm O hEigeartaighAuthored: Wed Aug 30 16:50:25 2017 +0100 Committer: Colm O hEigeartaigh Committed: Wed Aug 30 16:50:25 2017 +0100 -- .../systemadministration/keystore.adoc | 17 + 1 file changed, 17 insertions(+) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/a0bccf16/src/main/asciidoc/reference-guide/workingwithapachesyncope/systemadministration/keystore.adoc -- diff --git a/src/main/asciidoc/reference-guide/workingwithapachesyncope/systemadministration/keystore.adoc b/src/main/asciidoc/reference-guide/workingwithapachesyncope/systemadministration/keystore.adoc index 7f7d03b..2648f0a 100644 --- a/src/main/asciidoc/reference-guide/workingwithapachesyncope/systemadministration/keystore.adoc +++ b/src/main/asciidoc/reference-guide/workingwithapachesyncope/systemadministration/keystore.adoc @@ -120,4 +120,21 @@ keystore.type=jks keystore.storepass=astorepass keystore.keypass=akyepass sp.cert.alias=saml2sp +signature.algorithm=RSA_SHA1 + +The `signature.algorithm` configuration parameter is the signature algorithm +that is used with the key extracted from the keystore referenced in the +parameters. The value for this parameter must match one of the values in the +table below, each of which correspond to a shorthand for an associated +algorithm as defined for use in the XML Signature specification. If +`signature.algorithm` is not specified, then either RSA_SHA1, EC_SHA1 or +DSA_SHA1 is used depending on the type of key that is stored in the keystore. + + +RSA_SHA1, RSA_SHA224, RSA_SHA256, RSA_SHA384, RSA_SHA512, +RSA_SHA1_MGF1, RSA_SHA224_MGF1, RSA_SHA256_MGF1, RSA_SHA384_MGF1, RSA_SHA512_MGF1, +EC_SHA1, EC_SHA224, EC_SHA256, EC_SHA384, EC_SHA512, +HMAC_SHA1, HMAC_SHA224, HMAC_SHA256, HMAC_SHA384, HMAC_SHA512, +DSA_SHA1 +
syncope git commit: SYNCOPE-1198 - Make the signature algorithm configurable for SAML SSO
Repository: syncope Updated Branches: refs/heads/master 43d3792fc -> f15efd5b3 SYNCOPE-1198 - Make the signature algorithm configurable for SAML SSO Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/f15efd5b Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/f15efd5b Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/f15efd5b Branch: refs/heads/master Commit: f15efd5b33f583aab967d7deaf6da255a2aa33b8 Parents: 43d3792 Author: Colm O hEigeartaighAuthored: Wed Aug 30 13:08:50 2017 +0100 Committer: Colm O hEigeartaigh Committed: Wed Aug 30 13:08:50 2017 +0100 -- .../common/lib/types/SignatureAlgorithm.java| 59 .../syncope/core/logic/init/SAML2SPLoader.java | 7 +++ .../core/logic/saml2/SAML2ReaderWriter.java | 32 --- .../src/main/resources/saml2sp-logic.properties | 1 + .../main/resources/all/saml2sp-logic.properties | 1 + 5 files changed, 93 insertions(+), 7 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/f15efd5b/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/types/SignatureAlgorithm.java -- diff --git a/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/types/SignatureAlgorithm.java b/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/types/SignatureAlgorithm.java new file mode 100644 index 000..315d239 --- /dev/null +++ b/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/types/SignatureAlgorithm.java @@ -0,0 +1,59 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.syncope.common.lib.types; + +public enum SignatureAlgorithm { + +RSA_SHA1("http://www.w3.org/2000/09/xmldsig#rsa-sha1;), +RSA_SHA224("http://www.w3.org/2001/04/xmldsig-more#rsa-sha224;), +RSA_SHA256("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256;), +RSA_SHA384("http://www.w3.org/2001/04/xmldsig-more#rsa-sha384;), +RSA_SHA512("http://www.w3.org/2001/04/xmldsig-more#rsa-sha512;), + +RSA_SHA1_MGF1("http://www.w3.org/2007/05/xmldsig-more#sha1-rsa-MGF1;), +RSA_SHA224_MGF1("http://www.w3.org/2007/05/xmldsig-more#sha224-rsa-MGF1;), +RSA_SHA256_MGF1("http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1;), +RSA_SHA384_MGF1("http://www.w3.org/2007/05/xmldsig-more#sha384-rsa-MGF1;), +RSA_SHA512_MGF1("http://www.w3.org/2007/05/xmldsig-more#sha512-rsa-MGF1;), + +EC_SHA1("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1;), +EC_SHA224("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha224;), +EC_SHA256("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256;), +EC_SHA384("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384;), +EC_SHA512("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512;), + +HMAC_SHA1("http://www.w3.org/2000/09/xmldsig#hmac-sha1;), +HMAC_SHA224("http://www.w3.org/2001/04/xmldsig-more#hmac-sha224;), +HMAC_SHA256("http://www.w3.org/2001/04/xmldsig-more#hmac-sha256;), +HMAC_SHA384("http://www.w3.org/2001/04/xmldsig-more#hmac-sha384;), +HMAC_SHA512("http://www.w3.org/2001/04/xmldsig-more#hmac-sha512;), + +DSA_SHA1("http://www.w3.org/2000/09/xmldsig#dsa-sha1;); + +private final String algorithm; + +SignatureAlgorithm(final String algorithm) { +this.algorithm = algorithm; +} + +public String getAlgorithm() { +return algorithm; +} + +} http://git-wip-us.apache.org/repos/asf/syncope/blob/f15efd5b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/init/SAML2SPLoader.java -- diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/init/SAML2SPLoader.java b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/init/SAML2SPLoader.java index a4230b2..308b95e 100644 --- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/init/SAML2SPLoader.java +++
syncope git commit: Use the Santuario JCEMapper instead to get the JCE signature algorithm
Repository: syncope Updated Branches: refs/heads/master 278525b7c -> 1afd1a705 Use the Santuario JCEMapper instead to get the JCE signature algorithm Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/1afd1a70 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/1afd1a70 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/1afd1a70 Branch: refs/heads/master Commit: 1afd1a7053a2fb5d56b9f9ec4a858909e1957c6c Parents: 278525b Author: Colm O hEigeartaighAuthored: Wed Aug 16 16:00:11 2017 +0100 Committer: Colm O hEigeartaigh Committed: Wed Aug 16 16:00:11 2017 +0100 -- .../org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/1afd1a70/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java -- diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java index 4aebdbb..8bf0c47 100644 --- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java +++ b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java @@ -52,6 +52,7 @@ import org.apache.syncope.core.logic.init.SAML2SPLoader; import org.apache.wss4j.common.crypto.Merlin; import org.apache.wss4j.common.ext.WSSecurityException; import org.apache.wss4j.common.saml.OpenSAMLUtil; +import org.apache.xml.security.algorithms.JCEMapper; import org.opensaml.core.xml.XMLObject; import org.opensaml.saml.common.SignableSAMLObject; import org.opensaml.saml.saml2.core.RequestAbstractType; @@ -99,15 +100,13 @@ public class SAML2ReaderWriter { keyInfoGenerator = keyInfoGeneratorFactory.newInstance(); sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1; -jceSigAlgo = "SHA1withRSA"; String pubKeyAlgo = loader.getCredential().getPublicKey().getAlgorithm(); if (pubKeyAlgo.equalsIgnoreCase("DSA")) { sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_DSA_SHA1; -jceSigAlgo = "SHA1withDSA"; } else if (pubKeyAlgo.equalsIgnoreCase("EC")) { sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1; -jceSigAlgo = "SHA1withECDSA"; } +jceSigAlgo = JCEMapper.translateURItoJCEID(sigAlgo); callbackHandler = new SAMLSPCallbackHandler(loader.getKeyPass()); }
[2/5] syncope git commit: Dynamically generate a keypair for use in the SAML signing tests
Dynamically generate a keypair for use in the SAML signing tests Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/1d8b6c62 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/1d8b6c62 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/1d8b6c62 Branch: refs/heads/2_0_X Commit: 1d8b6c62110564b57eb615b405346f1c978ee65e Parents: 919584f Author: Colm O hEigeartaighAuthored: Fri Aug 11 12:38:06 2017 +0100 Committer: Colm O hEigeartaigh Committed: Fri Aug 11 13:16:06 2017 +0100 -- fit/core-reference/pom.xml | 7 ++ .../apache/syncope/fit/core/SAML2ITCase.java| 104 +-- fit/core-reference/src/test/resources/fediz.xml | 14 +-- pom.xml | 2 + 4 files changed, 108 insertions(+), 19 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/1d8b6c62/fit/core-reference/pom.xml -- diff --git a/fit/core-reference/pom.xml b/fit/core-reference/pom.xml index de491a3..d28eb06 100644 --- a/fit/core-reference/pom.xml +++ b/fit/core-reference/pom.xml @@ -176,6 +176,13 @@ under the License. junit test + + org.bouncycastle + bcpkix-jdk15on + ${bouncycastle.version} + test + + http://git-wip-us.apache.org/repos/asf/syncope/blob/1d8b6c62/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java -- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java index e8a5add..4ae8c8f 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java @@ -26,12 +26,23 @@ import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; +import java.io.File; import java.io.InputStream; import java.io.InputStreamReader; +import java.io.OutputStream; +import java.math.BigInteger; import java.nio.charset.StandardCharsets; +import java.nio.file.FileSystems; +import java.nio.file.Files; +import java.nio.file.Path; +import java.security.KeyPair; +import java.security.KeyPairGenerator; import java.security.KeyStore; +import java.security.SecureRandom; +import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.util.Collections; +import java.util.Date; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import javax.xml.namespace.QName; @@ -72,6 +83,13 @@ import org.apache.wss4j.common.util.Loader; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.engine.WSSConfig; import org.apache.xml.security.signature.XMLSignature; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x500.style.RFC4519Style; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.cert.X509v3CertificateBuilder; +import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; +import org.bouncycastle.operator.ContentSigner; +import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; import org.joda.time.DateTime; import org.junit.AfterClass; import org.junit.Assume; @@ -86,6 +104,8 @@ import org.w3c.dom.Element; public class SAML2ITCase extends AbstractITCase { private static SyncopeClient anonymous; +private static Path keystorePath; +private static Path truststorePath; @BeforeClass public static void setup() { @@ -98,13 +118,17 @@ public class SAML2ITCase extends AbstractITCase { } @BeforeClass -public static void importFromIdPMetadata() { +public static void importFromIdPMetadata() throws Exception { if (!SAML2SPDetector.isSAML2SPAvailable()) { return; } assertTrue(saml2IdPService.list().isEmpty()); +createKeystores(); + +updateMetadataWithCert(); + WebClient.client(saml2IdPService). accept(MediaType.APPLICATION_XML_TYPE). type(MediaType.APPLICATION_XML_TYPE); @@ -124,7 +148,7 @@ public class SAML2ITCase extends AbstractITCase { } @AfterClass -public static void clearIdPs() { +public static void clearIdPs() throws Exception { if (!SAML2SPDetector.isSAML2SPAvailable()) { return; } @@ -132,6 +156,9 @@ public class SAML2ITCase extends AbstractITCase { for (SAML2IdPTO idp : saml2IdPService.list()) { saml2IdPService.delete(idp.getKey()); } + +
[1/3] syncope git commit: Take the valid SAML Assertion from the validator response instead.
Repository: syncope Updated Branches: refs/heads/master 5da5326ac -> 883911633 Take the valid SAML Assertion from the validator response instead. Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/88391163 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/88391163 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/88391163 Branch: refs/heads/master Commit: 88391163320f5d73ca51e4c03b0edc5371ab6e1e Parents: d8d5fe5 Author: Colm O hEigeartaighAuthored: Fri Aug 11 12:51:22 2017 +0100 Committer: Colm O hEigeartaigh Committed: Fri Aug 11 13:15:07 2017 +0100 -- .../apache/syncope/core/logic/SAML2SPLogic.java | 65 ++-- .../core/logic/saml2/SAML2ReaderWriter.java | 8 ++- 2 files changed, 39 insertions(+), 34 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/88391163/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java -- diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java index 31ef8c4..03576ab 100644 --- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java +++ b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java @@ -37,6 +37,7 @@ import org.apache.commons.lang3.tuple.Pair; import org.apache.commons.lang3.tuple.Triple; import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer; import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier; +import org.apache.cxf.rs.security.saml.sso.SSOValidatorResponse; import org.apache.syncope.common.lib.AbstractBaseBean; import org.apache.syncope.common.lib.SyncopeClientException; import org.apache.syncope.common.lib.to.AttrTO; @@ -371,8 +372,10 @@ public class SAML2SPLogic extends AbstractSAML2Logic { if (idp.getConnObjectKeyItem() == null) { throw new IllegalArgumentException("No mapping provided for SAML 2.0 IdP '" + idp.getId() + "'"); } + +SSOValidatorResponse validatorResponse = null; try { -saml2rw.validate( +validatorResponse = saml2rw.validate( samlResponse, idp, getAssertionConsumerURL(response.getSpEntityID(), response.getUrlContext()), @@ -390,47 +393,45 @@ public class SAML2SPLogic extends AbstractSAML2Logic { responseTO.setIdp(idp.getId()); responseTO.setSloSupported(idp.getSLOLocation(idp.getBindingType()) != null); -NameID nameID = null; +Assertion assertion = validatorResponse.getOpensamlAssertion(); +NameID nameID = assertion.getSubject().getNameID(); String keyValue = null; -for (Assertion assertion : samlResponse.getAssertions()) { -nameID = assertion.getSubject().getNameID(); -if (StringUtils.isNotBlank(nameID.getValue()) -&& idp.getConnObjectKeyItem().getExtAttrName().equals("NameID")) { +if (StringUtils.isNotBlank(nameID.getValue()) +&& idp.getConnObjectKeyItem().getExtAttrName().equals("NameID")) { -keyValue = nameID.getValue(); -} +keyValue = nameID.getValue(); +} -if (assertion.getConditions().getNotOnOrAfter() != null) { - responseTO.setNotOnOrAfter(assertion.getConditions().getNotOnOrAfter().toDate()); -} -for (AuthnStatement authnStmt : assertion.getAuthnStatements()) { -responseTO.setSessionIndex(authnStmt.getSessionIndex()); +if (assertion.getConditions().getNotOnOrAfter() != null) { + responseTO.setNotOnOrAfter(assertion.getConditions().getNotOnOrAfter().toDate()); +} +for (AuthnStatement authnStmt : assertion.getAuthnStatements()) { +responseTO.setSessionIndex(authnStmt.getSessionIndex()); - responseTO.setAuthInstant(authnStmt.getAuthnInstant().toDate()); -if (authnStmt.getSessionNotOnOrAfter() != null) { - responseTO.setNotOnOrAfter(authnStmt.getSessionNotOnOrAfter().toDate()); -} +responseTO.setAuthInstant(authnStmt.getAuthnInstant().toDate()); +if (authnStmt.getSessionNotOnOrAfter() != null) { + responseTO.setNotOnOrAfter(authnStmt.getSessionNotOnOrAfter().toDate()); } +} -for (AttributeStatement attrStmt : assertion.getAttributeStatements()) { -for (Attribute attr : attrStmt.getAttributes()) { -if
[3/3] syncope git commit: SYNCOPE-1194 - Sign the SAML SSO Service Provider Metadata
SYNCOPE-1194 - Sign the SAML SSO Service Provider Metadata Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/a22a6b55 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/a22a6b55 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/a22a6b55 Branch: refs/heads/master Commit: a22a6b55f83846bf06bbb322e9acc234a9425ea5 Parents: 5da5326 Author: Colm O hEigeartaighAuthored: Fri Aug 11 11:59:08 2017 +0100 Committer: Colm O hEigeartaigh Committed: Fri Aug 11 13:15:07 2017 +0100 -- .../apache/syncope/core/logic/SAML2SPLogic.java | 1 + .../core/logic/saml2/SAML2ReaderWriter.java | 3 +-- .../org/apache/syncope/fit/core/SAML2ITCase.java | 18 ++ 3 files changed, 20 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/a22a6b55/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java -- diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java index 87b7eb6..31ef8c4 100644 --- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java +++ b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java @@ -200,6 +200,7 @@ public class SAML2SPLogic extends AbstractSAML2Logic { } spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor); +saml2rw.sign(spEntityDescriptor); saml2rw.write(new OutputStreamWriter(os), spEntityDescriptor, true); } catch (Exception e) { http://git-wip-us.apache.org/repos/asf/syncope/blob/a22a6b55/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java -- diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java index e83af5e..fa48e77 100644 --- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java +++ b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java @@ -152,14 +152,13 @@ public class SAML2ReaderWriter { return responseObject; } -public void sign(final RequestAbstractType request) throws SecurityException { +public void sign(final SignableSAMLObject signableObject) throws SecurityException { org.opensaml.xmlsec.signature.Signature signature = OpenSAMLUtil.buildSignature(); signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); signature.setSignatureAlgorithm(sigAlgo); signature.setSigningCredential(loader.getCredential()); signature.setKeyInfo(keyInfoGenerator.generate(loader.getCredential())); -SignableSAMLObject signableObject = (SignableSAMLObject) request; signableObject.setSignature(signature); signableObject.releaseDOM(); signableObject.releaseChildrenDOM(true); http://git-wip-us.apache.org/repos/asf/syncope/blob/a22a6b55/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java -- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java index b87db1b..93608c2 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java @@ -30,10 +30,13 @@ import java.io.InputStream; import java.io.InputStreamReader; import java.nio.charset.StandardCharsets; import java.security.KeyStore; +import java.security.cert.X509Certificate; import java.util.Collections; import java.util.Optional; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; +import javax.xml.namespace.QName; + import org.apache.commons.codec.binary.Base64; import org.apache.cxf.helpers.DOMUtils; import org.apache.cxf.jaxrs.client.WebClient; @@ -67,6 +70,7 @@ import org.apache.wss4j.common.util.DOM2Writer; import org.apache.wss4j.common.util.Loader; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.engine.WSSConfig; +import org.apache.xml.security.signature.XMLSignature; import org.joda.time.DateTime; import org.junit.AfterClass; import org.junit.Assume; @@ -74,6 +78,7 @@ import org.junit.BeforeClass; import org.junit.Test; import
[2/3] syncope git commit: Dynamically generate a keypair for use in the SAML signing tests
Dynamically generate a keypair for use in the SAML signing tests Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/d8d5fe5e Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/d8d5fe5e Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/d8d5fe5e Branch: refs/heads/master Commit: d8d5fe5ee8c7e887f5c2fda8362aa9a0296635c9 Parents: a22a6b5 Author: Colm O hEigeartaighAuthored: Fri Aug 11 12:38:06 2017 +0100 Committer: Colm O hEigeartaigh Committed: Fri Aug 11 13:15:07 2017 +0100 -- fit/core-reference/pom.xml | 7 ++ .../apache/syncope/fit/core/SAML2ITCase.java| 104 +-- fit/core-reference/src/test/resources/fediz.xml | 14 +-- pom.xml | 2 + 4 files changed, 108 insertions(+), 19 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/d8d5fe5e/fit/core-reference/pom.xml -- diff --git a/fit/core-reference/pom.xml b/fit/core-reference/pom.xml index 5762a33..45a6214 100644 --- a/fit/core-reference/pom.xml +++ b/fit/core-reference/pom.xml @@ -176,6 +176,13 @@ under the License. junit test + + org.bouncycastle + bcpkix-jdk15on + ${bouncycastle.version} + test + + http://git-wip-us.apache.org/repos/asf/syncope/blob/d8d5fe5e/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java -- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java index 93608c2..9ee5653 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java @@ -26,12 +26,23 @@ import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; +import java.io.File; import java.io.InputStream; import java.io.InputStreamReader; +import java.io.OutputStream; +import java.math.BigInteger; import java.nio.charset.StandardCharsets; +import java.nio.file.FileSystems; +import java.nio.file.Files; +import java.nio.file.Path; +import java.security.KeyPair; +import java.security.KeyPairGenerator; import java.security.KeyStore; +import java.security.SecureRandom; +import java.security.cert.Certificate; import java.security.cert.X509Certificate; import java.util.Collections; +import java.util.Date; import java.util.Optional; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; @@ -71,6 +82,13 @@ import org.apache.wss4j.common.util.Loader; import org.apache.wss4j.dom.WSConstants; import org.apache.wss4j.dom.engine.WSSConfig; import org.apache.xml.security.signature.XMLSignature; +import org.bouncycastle.asn1.x500.X500Name; +import org.bouncycastle.asn1.x500.style.RFC4519Style; +import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; +import org.bouncycastle.cert.X509v3CertificateBuilder; +import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; +import org.bouncycastle.operator.ContentSigner; +import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; import org.joda.time.DateTime; import org.junit.AfterClass; import org.junit.Assume; @@ -85,6 +103,8 @@ import org.w3c.dom.Element; public class SAML2ITCase extends AbstractITCase { private static SyncopeClient anonymous; +private static Path keystorePath; +private static Path truststorePath; @BeforeClass public static void setup() { @@ -97,13 +117,17 @@ public class SAML2ITCase extends AbstractITCase { } @BeforeClass -public static void importFromIdPMetadata() { +public static void importFromIdPMetadata() throws Exception { if (!SAML2SPDetector.isSAML2SPAvailable()) { return; } assertTrue(saml2IdPService.list().isEmpty()); +createKeystores(); + +updateMetadataWithCert(); + WebClient.client(saml2IdPService). accept(MediaType.APPLICATION_XML_TYPE). type(MediaType.APPLICATION_XML_TYPE); @@ -123,7 +147,7 @@ public class SAML2ITCase extends AbstractITCase { } @AfterClass -public static void clearIdPs() { +public static void clearIdPs() throws Exception { if (!SAML2SPDetector.isSAML2SPAvailable()) { return; } @@ -131,6 +155,9 @@ public class SAML2ITCase extends AbstractITCase { for (SAML2IdPTO idp : saml2IdPService.list()) { saml2IdPService.delete(idp.getKey()); } + +
[2/2] syncope git commit: Support EC keys for signing in the SAML SSO module
Support EC keys for signing in the SAML SSO module Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/3b24fd10 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/3b24fd10 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/3b24fd10 Branch: refs/heads/2_0_X Commit: 3b24fd10f1901430a42993da9d7f30f46cf2ab39 Parents: d70b33a Author: Colm O hEigeartaighAuthored: Thu Aug 10 17:02:26 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Aug 10 17:56:35 2017 +0100 -- .../org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java| 3 +++ 1 file changed, 3 insertions(+) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/3b24fd10/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java -- diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java index 6fe20e6..62e90e7 100644 --- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java +++ b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java @@ -102,6 +102,9 @@ public class SAML2ReaderWriter { if (pubKeyAlgo.equalsIgnoreCase("DSA")) { sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_DSA_SHA1; jceSigAlgo = "SHA1withDSA"; +} else if (pubKeyAlgo.equalsIgnoreCase("EC")) { +sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1; +jceSigAlgo = "SHA1withECDSA"; } callbackHandler = new SAMLSPCallbackHandler(loader.getKeyPass());
[1/2] syncope git commit: Avoid an NPE if the SAML Response Issuer is null
Repository: syncope Updated Branches: refs/heads/master 97744afe7 -> 8e73cd830 Avoid an NPE if the SAML Response Issuer is null Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/13230e26 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/13230e26 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/13230e26 Branch: refs/heads/master Commit: 13230e268b9361dbb056c8960a2e10e7cb7333b1 Parents: 97744af Author: Colm O hEigeartaighAuthored: Thu Aug 10 13:15:51 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Aug 10 13:15:51 2017 +0100 -- .../src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java | 3 +++ 1 file changed, 3 insertions(+) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/13230e26/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java -- diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java index f6953e6..87b7eb6 100644 --- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java +++ b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java @@ -363,6 +363,9 @@ public class SAML2SPLogic extends AbstractSAML2Logic { } // 3. validate the SAML response and, if needed, decrypt the provided assertion(s) +if (samlResponse.getIssuer() == null || samlResponse.getIssuer().getValue() == null) { +throw new IllegalArgumentException("The SAML Response must contain an Issuer"); +} final SAML2IdPEntity idp = getIdP(samlResponse.getIssuer().getValue()); if (idp.getConnObjectKeyItem() == null) { throw new IllegalArgumentException("No mapping provided for SAML 2.0 IdP '" + idp.getId() + "'");
[2/2] syncope git commit: Support EC keys for signing in the SAML SSO module
Support EC keys for signing in the SAML SSO module Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/8e73cd83 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/8e73cd83 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/8e73cd83 Branch: refs/heads/master Commit: 8e73cd830305a5ed72fe3d57b225c2ed5a7a9280 Parents: 13230e2 Author: Colm O hEigeartaighAuthored: Thu Aug 10 17:02:26 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Aug 10 17:02:26 2017 +0100 -- .../org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java| 3 +++ 1 file changed, 3 insertions(+) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/8e73cd83/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java -- diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java index 096dccb..e83af5e 100644 --- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java +++ b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java @@ -103,6 +103,9 @@ public class SAML2ReaderWriter { if (pubKeyAlgo.equalsIgnoreCase("DSA")) { sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_DSA_SHA1; jceSigAlgo = "SHA1withDSA"; +} else if (pubKeyAlgo.equalsIgnoreCase("EC")) { +sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1; +jceSigAlgo = "SHA1withECDSA"; } callbackHandler = new SAMLSPCallbackHandler(loader.getKeyPass());
[1/3] syncope git commit: NPE guards for both the RelayState and Response
Repository: syncope Updated Branches: refs/heads/2_0_X e1a9e9e7f -> 8746f9f8e NPE guards for both the RelayState and Response Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/ebd3e2e2 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/ebd3e2e2 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/ebd3e2e2 Branch: refs/heads/2_0_X Commit: ebd3e2e2cf8e6ccbc933bf3ab3e7e8b650512928 Parents: e1a9e9e Author: Colm O hEigeartaighAuthored: Wed Aug 2 15:31:47 2017 +0100 Committer: Colm O hEigeartaigh Committed: Wed Aug 2 17:10:26 2017 +0100 -- .../main/java/org/apache/syncope/core/logic/SAML2SPLogic.java | 6 ++ 1 file changed, 6 insertions(+) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/ebd3e2e2/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java -- diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java index 222d3cf..28a1ef0 100644 --- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java +++ b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java @@ -421,6 +421,9 @@ public class SAML2SPLogic extends AbstractSAML2Logic { check(); // 1. first checks for the provided relay state +if (response.getRelayState() == null) { +throw new IllegalArgumentException("No Relay State was provided"); +} JwsJwtCompactConsumer relayState = new JwsJwtCompactConsumer(response.getRelayState()); if (!relayState.verifySignatureWith(jwsSignatureVerifier)) { throw new IllegalArgumentException("Invalid signature found in Relay State"); @@ -429,6 +432,9 @@ public class SAML2SPLogic extends AbstractSAML2Logic { relayState.getJwtClaims().getClaim(JWT_CLAIM_IDP_DEFLATE).toString()); // 2. parse the provided SAML response +if (response.getSamlResponse() == null) { +throw new IllegalArgumentException("No SAML Response was provided"); +} Response samlResponse; try { XMLObject responseObject = saml2rw.read(useDeflateEncoding, response.getSamlResponse());
[2/3] syncope git commit: Switch to use different ports to avoid conflict with other Tomcat deployments
Switch to use different ports to avoid conflict with other Tomcat deployments Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/a11cd34e Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/a11cd34e Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/a11cd34e Branch: refs/heads/master Commit: a11cd34eb3abba039a103a6429a6b9445234ef9d Parents: c7a5057 Author: Colm O hEigeartaighAuthored: Wed Aug 2 16:42:31 2017 +0100 Committer: Colm O hEigeartaigh Committed: Wed Aug 2 17:10:05 2017 +0100 -- standalone/pom.xml | 2 ++ 1 file changed, 2 insertions(+) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/a11cd34e/standalone/pom.xml -- diff --git a/standalone/pom.xml b/standalone/pom.xml index 89dd1bc..e045bf1 100644 --- a/standalone/pom.xml +++ b/standalone/pom.xml @@ -187,6 +187,8 @@ under the License. + +
syncope git commit: Some trivial grammatical changes
Repository: syncope Updated Branches: refs/heads/2_0_X bf35449ca -> 6008f3eb1 Some trivial grammatical changes Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/6008f3eb Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/6008f3eb Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/6008f3eb Branch: refs/heads/2_0_X Commit: 6008f3eb1b61b214c5592f05022c75fe9a432642 Parents: bf35449 Author: Colm O hEigeartaighAuthored: Tue Aug 1 17:27:04 2017 +0100 Committer: Colm O hEigeartaigh Committed: Tue Aug 1 21:28:03 2017 +0100 -- .../main/java/org/apache/syncope/core/logic/AccessTokenLogic.java | 2 +- .../src/main/java/org/apache/syncope/core/logic/SAML2IdPLogic.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/6008f3eb/core/logic/src/main/java/org/apache/syncope/core/logic/AccessTokenLogic.java -- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/AccessTokenLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/AccessTokenLogic.java index c495392..e6b0099 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/AccessTokenLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/AccessTokenLogic.java @@ -54,7 +54,7 @@ public class AccessTokenLogic extends AbstractTransactionalLogic @PreAuthorize("isAuthenticated()") public Pair login() { if (anonymousUser.equals(AuthContextUtils.getUsername())) { -throw new IllegalArgumentException(anonymousUser + " cannot be granted for an access token"); +throw new IllegalArgumentException(anonymousUser + " cannot be granted an access token"); } return binder.create(AuthContextUtils.getUsername(), Collections. emptyMap(), false); http://git-wip-us.apache.org/repos/asf/syncope/blob/6008f3eb/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2IdPLogic.java -- diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2IdPLogic.java b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2IdPLogic.java index bb26b34..d7337b3 100644 --- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2IdPLogic.java +++ b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2IdPLogic.java @@ -165,7 +165,7 @@ public class SAML2IdPLogic extends AbstractSAML2Logic { } else if (idp.getSSOLocation(SAML2BindingType.REDIRECT) != null) { idpTO.setBindingType(SAML2BindingType.REDIRECT); } else { -throw new IllegalArgumentException("Not POST nor REDIRECT artifacts supported by " + idp.getId()); +throw new IllegalArgumentException("Neither POST nor REDIRECT artifacts supported by " + idp.getId()); } result.add(idpTO);
[1/2] syncope git commit: Fixed WSS4J version on master + added a few lambdas in the SAML SSO code
Repository: syncope Updated Branches: refs/heads/master f533b2f73 -> 2f182750b Fixed WSS4J version on master + added a few lambdas in the SAML SSO code Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/2f182750 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/2f182750 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/2f182750 Branch: refs/heads/master Commit: 2f182750bdef9e260c4e267f95e816c76a7fbccc Parents: 508c8cc Author: Colm O hEigeartaighAuthored: Tue Aug 1 17:27:20 2017 +0100 Committer: Colm O hEigeartaigh Committed: Tue Aug 1 21:27:45 2017 +0100 -- .../core/rest/cxf/service/SAML2SPServiceImpl.java | 10 +- .../java/org/apache/syncope/fit/core/SAML2ITCase.java | 14 ++ pom.xml | 2 +- 3 files changed, 8 insertions(+), 18 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/2f182750/ext/saml2sp/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/SAML2SPServiceImpl.java -- diff --git a/ext/saml2sp/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/SAML2SPServiceImpl.java b/ext/saml2sp/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/SAML2SPServiceImpl.java index 94d14f1..4ec2074 100644 --- a/ext/saml2sp/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/SAML2SPServiceImpl.java +++ b/ext/saml2sp/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/service/SAML2SPServiceImpl.java @@ -18,9 +18,6 @@ */ package org.apache.syncope.core.rest.cxf.service; -import java.io.IOException; -import java.io.OutputStream; - import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; @@ -42,13 +39,8 @@ public class SAML2SPServiceImpl extends AbstractServiceImpl implements SAML2SPSe @Override public Response getMetadata(final String spEntityID, final String urlContext) { -StreamingOutput sout = new StreamingOutput() { +StreamingOutput sout = (os) -> logic.getMetadata(StringUtils.appendIfMissing(spEntityID, "/"), urlContext, os); -@Override -public void write(final OutputStream os) throws IOException { -logic.getMetadata(StringUtils.appendIfMissing(spEntityID, "/"), urlContext, os); -} -}; return Response.ok(sout). type(MediaType.APPLICATION_XML). build(); http://git-wip-us.apache.org/repos/asf/syncope/blob/2f182750/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java -- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java index 948c426..2df4530 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java @@ -28,11 +28,11 @@ import static org.junit.Assert.fail; import java.io.InputStream; import java.io.InputStreamReader; import java.nio.charset.StandardCharsets; +import java.util.Optional; + import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import org.apache.commons.codec.binary.Base64; -import org.apache.commons.collections4.IterableUtils; -import org.apache.commons.collections4.Predicate; import org.apache.cxf.jaxrs.client.WebClient; import org.apache.cxf.staxutils.StaxUtils; import org.apache.syncope.client.lib.AnonymousAuthenticationHandler; @@ -135,13 +135,11 @@ public class SAML2ITCase extends AbstractITCase { public void setIdPMapping() { Assume.assumeTrue(SAML2SPDetector.isSAML2SPAvailable()); -SAML2IdPTO ssoCircle = IterableUtils.find(saml2IdPService.list(), new Predicate() { +Optional ssoCircleOpt = +saml2IdPService.list().stream().filter(o -> "https://idp.ssocircle.com".equals(o.getEntityID())).findFirst(); +assertTrue(ssoCircleOpt.isPresent()); -@Override -public boolean evaluate(final SAML2IdPTO object) { -return "https://idp.ssocircle.com".equals(object.getEntityID()); -} -}); +SAML2IdPTO ssoCircle = ssoCircleOpt.get(); assertNotNull(ssoCircle); assertFalse(ssoCircle.getMappingItems().isEmpty()); assertNotNull(ssoCircle.getConnObjectKeyItem()); http://git-wip-us.apache.org/repos/asf/syncope/blob/2f182750/pom.xml -- diff --git a/pom.xml b/pom.xml index
[2/2] syncope git commit: Some trivial grammatical changes
Some trivial grammatical changes Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/508c8cc8 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/508c8cc8 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/508c8cc8 Branch: refs/heads/master Commit: 508c8cc823118d2015aa12f323de7bf5afd77019 Parents: f533b2f Author: Colm O hEigeartaighAuthored: Tue Aug 1 17:27:04 2017 +0100 Committer: Colm O hEigeartaigh Committed: Tue Aug 1 21:27:45 2017 +0100 -- .../main/java/org/apache/syncope/core/logic/AccessTokenLogic.java | 2 +- .../src/main/java/org/apache/syncope/core/logic/SAML2IdPLogic.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/508c8cc8/core/logic/src/main/java/org/apache/syncope/core/logic/AccessTokenLogic.java -- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/AccessTokenLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/AccessTokenLogic.java index c495392..e6b0099 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/AccessTokenLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/AccessTokenLogic.java @@ -54,7 +54,7 @@ public class AccessTokenLogic extends AbstractTransactionalLogic @PreAuthorize("isAuthenticated()") public Pair login() { if (anonymousUser.equals(AuthContextUtils.getUsername())) { -throw new IllegalArgumentException(anonymousUser + " cannot be granted for an access token"); +throw new IllegalArgumentException(anonymousUser + " cannot be granted an access token"); } return binder.create(AuthContextUtils.getUsername(), Collections. emptyMap(), false); http://git-wip-us.apache.org/repos/asf/syncope/blob/508c8cc8/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2IdPLogic.java -- diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2IdPLogic.java b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2IdPLogic.java index f86b633..b432c04 100644 --- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2IdPLogic.java +++ b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2IdPLogic.java @@ -165,7 +165,7 @@ public class SAML2IdPLogic extends AbstractSAML2Logic { } else if (idp.getSSOLocation(SAML2BindingType.REDIRECT) != null) { idpTO.setBindingType(SAML2BindingType.REDIRECT); } else { -throw new IllegalArgumentException("Not POST nor REDIRECT artifacts supported by " + idp.getId()); +throw new IllegalArgumentException("Neither POST nor REDIRECT artifacts supported by " + idp.getId()); } result.add(idpTO);
syncope git commit: Trivial formatting change
Repository: syncope Updated Branches: refs/heads/2_0_X c522ac058 -> 0819aec66 Trivial formatting change Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/0819aec6 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/0819aec6 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/0819aec6 Branch: refs/heads/2_0_X Commit: 0819aec664ef220a0251c3b418e1f864109a9daf Parents: c522ac0 Author: Colm O hEigeartaighAuthored: Fri Jul 28 15:28:15 2017 +0100 Committer: Colm O hEigeartaigh Committed: Fri Jul 28 15:28:32 2017 +0100 -- .../workingwithapachesyncope/customization.adoc | 16 1 file changed, 8 insertions(+), 8 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/0819aec6/src/main/asciidoc/reference-guide/workingwithapachesyncope/customization.adoc -- diff --git a/src/main/asciidoc/reference-guide/workingwithapachesyncope/customization.adoc b/src/main/asciidoc/reference-guide/workingwithapachesyncope/customization.adoc index eb0db34..50977ac 100644 --- a/src/main/asciidoc/reference-guide/workingwithapachesyncope/customization.adoc +++ b/src/main/asciidoc/reference-guide/workingwithapachesyncope/customization.adoc @@ -410,14 +410,14 @@ classpath*:/workflow*Context.xml with - classpath*:/coreContext.xml - classpath*:/elasticsearchClientContext.xml - classpath*:/securityContext.xml - classpath*:/logicContext.xml - classpath*:/restCXFContext.xml - classpath*:/persistenceContext.xml - classpath*:/provisioning*Context.xml - classpath*:/workflow*Context.xml +classpath*:/coreContext.xml +classpath*:/elasticsearchClientContext.xml +classpath*:/securityContext.xml +classpath*:/logicContext.xml +classpath*:/restCXFContext.xml +classpath*:/persistenceContext.xml +classpath*:/provisioning*Context.xml +classpath*:/workflow*Context.xml [[customization-console]]
syncope git commit: Trivial formatting change
Repository: syncope Updated Branches: refs/heads/master 2b4053df1 -> a9cc9e760 Trivial formatting change Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/a9cc9e76 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/a9cc9e76 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/a9cc9e76 Branch: refs/heads/master Commit: a9cc9e76005a10fc75dec63665951e042aef72bc Parents: 2b4053d Author: Colm O hEigeartaighAuthored: Fri Jul 28 15:28:15 2017 +0100 Committer: Colm O hEigeartaigh Committed: Fri Jul 28 15:28:15 2017 +0100 -- .../workingwithapachesyncope/customization.adoc | 16 1 file changed, 8 insertions(+), 8 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/a9cc9e76/src/main/asciidoc/reference-guide/workingwithapachesyncope/customization.adoc -- diff --git a/src/main/asciidoc/reference-guide/workingwithapachesyncope/customization.adoc b/src/main/asciidoc/reference-guide/workingwithapachesyncope/customization.adoc index 5a115e4..07c4384 100644 --- a/src/main/asciidoc/reference-guide/workingwithapachesyncope/customization.adoc +++ b/src/main/asciidoc/reference-guide/workingwithapachesyncope/customization.adoc @@ -407,14 +407,14 @@ classpath*:/workflow*Context.xml with - classpath*:/coreContext.xml - classpath*:/elasticsearchClientContext.xml - classpath*:/securityContext.xml - classpath*:/logicContext.xml - classpath*:/restCXFContext.xml - classpath*:/persistenceContext.xml - classpath*:/provisioning*Context.xml - classpath*:/workflow*Context.xml +classpath*:/coreContext.xml +classpath*:/elasticsearchClientContext.xml +classpath*:/securityContext.xml +classpath*:/logicContext.xml +classpath*:/restCXFContext.xml +classpath*:/persistenceContext.xml +classpath*:/provisioning*Context.xml +classpath*:/workflow*Context.xml [[customization-console]]
syncope git commit: SYNCOPE-1179 - JWT "Date" claims are interpreted using milliseconds instead of seconds
Repository: syncope Updated Branches: refs/heads/2_0_X 98ab61e06 -> c522ac058 SYNCOPE-1179 - JWT "Date" claims are interpreted using milliseconds instead of seconds Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/c522ac05 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/c522ac05 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/c522ac05 Branch: refs/heads/2_0_X Commit: c522ac05821dd23e3326c01525ebdd233ad66dd2 Parents: 98ab61e Author: Colm O hEigeartaighAuthored: Fri Jul 28 14:50:03 2017 +0100 Committer: Colm O hEigeartaigh Committed: Fri Jul 28 14:50:27 2017 +0100 -- .../java/data/AccessTokenDataBinderImpl.java| 24 .../security/JWTAuthenticationProvider.java | 4 +- .../org/apache/syncope/fit/core/JWTITCase.java | 58 +++- 3 files changed, 48 insertions(+), 38 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/c522ac05/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java -- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java index f30562d..d886db6 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java @@ -87,16 +87,16 @@ public class AccessTokenDataBinderImpl implements AccessTokenDataBinder { credentialChecker.checkIsDefaultJWSKeyInUse(); -Date now = new Date(); -Date expiry = new Date(now.getTime() + 60L * 1000L * duration); +long currentTime = new Date().getTime() / 1000L; +long expiryTime = currentTime + 60L * duration; JwtClaims jwtClaims = new JwtClaims(); jwtClaims.setTokenId(UUID_GENERATOR.generate().toString()); jwtClaims.setSubject(subject); -jwtClaims.setIssuedAt(now.getTime()); +jwtClaims.setIssuedAt(currentTime); jwtClaims.setIssuer(jwtIssuer); -jwtClaims.setExpiryTime(expiry.getTime()); -jwtClaims.setNotBefore(now.getTime()); +jwtClaims.setExpiryTime(expiryTime); +jwtClaims.setNotBefore(currentTime); for (Map.Entry entry : claims.entrySet()) { jwtClaims.setClaim(entry.getKey(), entry.getValue()); } @@ -107,7 +107,7 @@ public class AccessTokenDataBinderImpl implements AccessTokenDataBinder { String signed = producer.signWith(jwsSignatureProvider); -return Triple.of(jwtClaims.getTokenId(), signed, expiry); +return Triple.of(jwtClaims.getTokenId(), signed, new Date(expiryTime * 1000L)); } @Override @@ -164,10 +164,11 @@ public class AccessTokenDataBinderImpl implements AccessTokenDataBinder { credentialChecker.checkIsDefaultJWSKeyInUse(); -Date now = new Date(); long duration = confDAO.find("jwt.lifetime.minutes", 120L); -Date expiry = new Date(now.getTime() + 60L * 1000L * duration); -consumer.getJwtClaims().setExpiryTime(expiry.getTime()); +long currentTime = new Date().getTime() / 1000L; +long expiry = currentTime + 60L * duration; +consumer.getJwtClaims().setExpiryTime(expiry); +Date expiryDate = new Date(expiry * 1000L); JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, jwsSignatureProvider.getAlgorithm()); JwtToken token = new JwtToken(jwsHeaders, consumer.getJwtClaims()); @@ -176,7 +177,8 @@ public class AccessTokenDataBinderImpl implements AccessTokenDataBinder { String body = producer.signWith(jwsSignatureProvider); accessToken.setBody(body); -accessToken.setExpiryTime(expiry); +// AccessToken stores expiry time in milliseconds, as opposed to seconds for the JWT tokens. +accessToken.setExpiryTime(expiryDate); if (!adminUser.equals(accessToken.getOwner())) { try { @@ -190,7 +192,7 @@ public class AccessTokenDataBinderImpl implements AccessTokenDataBinder { accessTokenDAO.save(accessToken); -return Pair.of(body, expiry); +return Pair.of(body, expiryDate); } @Override http://git-wip-us.apache.org/repos/asf/syncope/blob/c522ac05/core/spring/src/main/java/org/apache/syncope/core/spring/security/JWTAuthenticationProvider.java -- diff --git
syncope git commit: SYNCOPE-1179 - JWT "Date" claims are interpreted using milliseconds instead of seconds
Repository: syncope Updated Branches: refs/heads/master b41675a33 -> 2b4053df1 SYNCOPE-1179 - JWT "Date" claims are interpreted using milliseconds instead of seconds Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/2b4053df Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/2b4053df Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/2b4053df Branch: refs/heads/master Commit: 2b4053df14d74e47c55ced76b713fc1baba0abda Parents: b41675a Author: Colm O hEigeartaighAuthored: Fri Jul 28 14:50:03 2017 +0100 Committer: Colm O hEigeartaigh Committed: Fri Jul 28 14:50:03 2017 +0100 -- .../java/data/AccessTokenDataBinderImpl.java| 24 .../security/JWTAuthenticationProvider.java | 4 +- .../org/apache/syncope/fit/core/JWTITCase.java | 58 +++- 3 files changed, 48 insertions(+), 38 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/2b4053df/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java -- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java index f30562d..d886db6 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java @@ -87,16 +87,16 @@ public class AccessTokenDataBinderImpl implements AccessTokenDataBinder { credentialChecker.checkIsDefaultJWSKeyInUse(); -Date now = new Date(); -Date expiry = new Date(now.getTime() + 60L * 1000L * duration); +long currentTime = new Date().getTime() / 1000L; +long expiryTime = currentTime + 60L * duration; JwtClaims jwtClaims = new JwtClaims(); jwtClaims.setTokenId(UUID_GENERATOR.generate().toString()); jwtClaims.setSubject(subject); -jwtClaims.setIssuedAt(now.getTime()); +jwtClaims.setIssuedAt(currentTime); jwtClaims.setIssuer(jwtIssuer); -jwtClaims.setExpiryTime(expiry.getTime()); -jwtClaims.setNotBefore(now.getTime()); +jwtClaims.setExpiryTime(expiryTime); +jwtClaims.setNotBefore(currentTime); for (Map.Entry entry : claims.entrySet()) { jwtClaims.setClaim(entry.getKey(), entry.getValue()); } @@ -107,7 +107,7 @@ public class AccessTokenDataBinderImpl implements AccessTokenDataBinder { String signed = producer.signWith(jwsSignatureProvider); -return Triple.of(jwtClaims.getTokenId(), signed, expiry); +return Triple.of(jwtClaims.getTokenId(), signed, new Date(expiryTime * 1000L)); } @Override @@ -164,10 +164,11 @@ public class AccessTokenDataBinderImpl implements AccessTokenDataBinder { credentialChecker.checkIsDefaultJWSKeyInUse(); -Date now = new Date(); long duration = confDAO.find("jwt.lifetime.minutes", 120L); -Date expiry = new Date(now.getTime() + 60L * 1000L * duration); -consumer.getJwtClaims().setExpiryTime(expiry.getTime()); +long currentTime = new Date().getTime() / 1000L; +long expiry = currentTime + 60L * duration; +consumer.getJwtClaims().setExpiryTime(expiry); +Date expiryDate = new Date(expiry * 1000L); JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, jwsSignatureProvider.getAlgorithm()); JwtToken token = new JwtToken(jwsHeaders, consumer.getJwtClaims()); @@ -176,7 +177,8 @@ public class AccessTokenDataBinderImpl implements AccessTokenDataBinder { String body = producer.signWith(jwsSignatureProvider); accessToken.setBody(body); -accessToken.setExpiryTime(expiry); +// AccessToken stores expiry time in milliseconds, as opposed to seconds for the JWT tokens. +accessToken.setExpiryTime(expiryDate); if (!adminUser.equals(accessToken.getOwner())) { try { @@ -190,7 +192,7 @@ public class AccessTokenDataBinderImpl implements AccessTokenDataBinder { accessTokenDAO.save(accessToken); -return Pair.of(body, expiry); +return Pair.of(body, expiryDate); } @Override http://git-wip-us.apache.org/repos/asf/syncope/blob/2b4053df/core/spring/src/main/java/org/apache/syncope/core/spring/security/JWTAuthenticationProvider.java -- diff --git
syncope git commit: SYNCOPE-1174 - NPE in AccessTokenDataBinderImpl if no 'jwt.lifetime.minutes' schema is present
Repository: syncope Updated Branches: refs/heads/2_0_X fffee9f15 -> 6634daaee SYNCOPE-1174 - NPE in AccessTokenDataBinderImpl if no 'jwt.lifetime.minutes' schema is present Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/6634daae Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/6634daae Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/6634daae Branch: refs/heads/2_0_X Commit: 6634daaeebbe95fea9e1c104bc64d7b2e0d45e4b Parents: fffee9f Author: Colm O hEigeartaighAuthored: Thu Jul 27 16:47:35 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Jul 27 16:48:02 2017 +0100 -- .../java/data/AccessTokenDataBinderImpl.java | 11 ++- 1 file changed, 10 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/6634daae/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java -- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java index 13a5b93..b415fb2 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java @@ -38,6 +38,7 @@ import org.apache.syncope.core.persistence.api.dao.AccessTokenDAO; import org.apache.syncope.core.persistence.api.dao.ConfDAO; import org.apache.syncope.core.persistence.api.entity.AccessToken; import org.apache.syncope.core.persistence.api.entity.EntityFactory; +import org.apache.syncope.core.persistence.api.entity.conf.CPlainAttr; import org.apache.syncope.core.provisioning.api.data.AccessTokenDataBinder; import org.apache.syncope.core.provisioning.api.serialization.POJOHelper; import org.apache.syncope.core.spring.BeanUtils; @@ -124,9 +125,17 @@ public class AccessTokenDataBinderImpl implements AccessTokenDataBinder { } if (replaceExisting || body == null) { +int duration = 120; +CPlainAttr jwtLifetimeMins = confDAO.find("jwt.lifetime.minutes", "120"); +if (jwtLifetimeMins != null) { +duration = jwtLifetimeMins.getValues().get(0).getLongValue().intValue(); +} else { +LOG.warn("No schema found for 'jwt.lifetime.minutes'. Using default value of '120'"); +} + Triple created = generateJWT( subject, -confDAO.find("jwt.lifetime.minutes", "120").getValues().get(0).getLongValue().intValue(), +duration, claims); body = created.getMiddle();
syncope git commit: SYNCOPE-1174 - NPE in AccessTokenDataBinderImpl if no 'jwt.lifetime.minutes' schema is present
Repository: syncope Updated Branches: refs/heads/master aa11ac9b4 -> 64ef5bf18 SYNCOPE-1174 - NPE in AccessTokenDataBinderImpl if no 'jwt.lifetime.minutes' schema is present Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/64ef5bf1 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/64ef5bf1 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/64ef5bf1 Branch: refs/heads/master Commit: 64ef5bf1800f699168f59fbd27be113c76cd0baa Parents: aa11ac9 Author: Colm O hEigeartaighAuthored: Thu Jul 27 16:47:35 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Jul 27 16:47:35 2017 +0100 -- .../java/data/AccessTokenDataBinderImpl.java | 11 ++- 1 file changed, 10 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/64ef5bf1/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java -- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java index 13a5b93..b415fb2 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java @@ -38,6 +38,7 @@ import org.apache.syncope.core.persistence.api.dao.AccessTokenDAO; import org.apache.syncope.core.persistence.api.dao.ConfDAO; import org.apache.syncope.core.persistence.api.entity.AccessToken; import org.apache.syncope.core.persistence.api.entity.EntityFactory; +import org.apache.syncope.core.persistence.api.entity.conf.CPlainAttr; import org.apache.syncope.core.provisioning.api.data.AccessTokenDataBinder; import org.apache.syncope.core.provisioning.api.serialization.POJOHelper; import org.apache.syncope.core.spring.BeanUtils; @@ -124,9 +125,17 @@ public class AccessTokenDataBinderImpl implements AccessTokenDataBinder { } if (replaceExisting || body == null) { +int duration = 120; +CPlainAttr jwtLifetimeMins = confDAO.find("jwt.lifetime.minutes", "120"); +if (jwtLifetimeMins != null) { +duration = jwtLifetimeMins.getValues().get(0).getLongValue().intValue(); +} else { +LOG.warn("No schema found for 'jwt.lifetime.minutes'. Using default value of '120'"); +} + Triple created = generateJWT( subject, -confDAO.find("jwt.lifetime.minutes", "120").getValues().get(0).getLongValue().intValue(), +duration, claims); body = created.getMiddle();
[1/2] syncope git commit: SYNCOPE-1173 - Replace List dynGroups with List dynMemberships
Repository: syncope Updated Branches: refs/heads/2_0_X 4a9964872 -> fffee9f15 SYNCOPE-1173 - Replace List dynGroups with List dynMemberships Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/025441a3 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/025441a3 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/025441a3 Branch: refs/heads/2_0_X Commit: 025441a36cf89f02b1b82e0ea617daa27b2ce9ac Parents: 4a99648 Author: Colm O hEigeartaighAuthored: Wed Jul 26 16:36:29 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Jul 27 11:14:22 2017 +0100 -- .../client/console/wizards/any/Groups.java | 4 +- .../syncope/common/lib/to/AnyObjectTO.java | 12 +++--- .../common/lib/to/GroupableRelatableTO.java | 2 +- .../apache/syncope/common/lib/to/UserTO.java| 12 +++--- .../test/resources/domains/MasterContent.xml| 8 ++-- .../java/data/AnyObjectDataBinderImpl.java | 14 ++- .../java/data/UserDataBinderImpl.java | 15 +-- .../apache/syncope/fit/core/GroupITCase.java| 42 +--- .../org/apache/syncope/fit/core/RoleITCase.java | 2 +- .../syncope/fit/core/UserIssuesITCase.java | 5 ++- 10 files changed, 74 insertions(+), 42 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/025441a3/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java -- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java b/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java index 8e640fd..499bc26 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java @@ -313,8 +313,8 @@ public class Groups extends WizardStep implements ICondition { GroupFiqlSearchConditionBuilder searchConditionBuilder = SyncopeClient.getGroupSearchConditionBuilder(); ArrayList conditions = new ArrayList<>(); -for (String groupKey : GroupableRelatableTO.class.cast(anyTO).getDynGroups()) { - conditions.add(searchConditionBuilder.is("key").equalTo(groupKey).wrap()); +for (MembershipTO membership : GroupableRelatableTO.class.cast(anyTO).getDynMemberships()) { + conditions.add(searchConditionBuilder.is("key").equalTo(membership.getGroupKey()).wrap()); } Map assignedGroups = new HashMap<>(); http://git-wip-us.apache.org/repos/asf/syncope/blob/025441a3/common/lib/src/main/java/org/apache/syncope/common/lib/to/AnyObjectTO.java -- diff --git a/common/lib/src/main/java/org/apache/syncope/common/lib/to/AnyObjectTO.java b/common/lib/src/main/java/org/apache/syncope/common/lib/to/AnyObjectTO.java index 231504b..af8b0ea 100644 --- a/common/lib/src/main/java/org/apache/syncope/common/lib/to/AnyObjectTO.java +++ b/common/lib/src/main/java/org/apache/syncope/common/lib/to/AnyObjectTO.java @@ -41,7 +41,7 @@ public class AnyObjectTO extends AnyTO implements GroupableRelatableTO { private final List memberships = new ArrayList<>(); -private final List dynGroups = new ArrayList<>(); +private final List dynMemberships = new ArrayList<>(); public String getName() { return name; @@ -91,11 +91,11 @@ public class AnyObjectTO extends AnyTO implements GroupableRelatableTO { return memberships; } -@XmlElementWrapper(name = "dynGroups") -@XmlElement(name = "role") -@JsonProperty("dynGroups") +@XmlElementWrapper(name = "dynMemberships") +@XmlElement(name = "dynMembership") +@JsonProperty("dynMemberships") @Override -public List getDynGroups() { -return dynGroups; +public List getDynMemberships() { +return dynMemberships; } } http://git-wip-us.apache.org/repos/asf/syncope/blob/025441a3/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupableRelatableTO.java -- diff --git a/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupableRelatableTO.java b/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupableRelatableTO.java index 0dba26d..f2b8dbc 100644 --- a/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupableRelatableTO.java +++ b/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupableRelatableTO.java @@ -26,7 +26,7 @@ public interface GroupableRelatableTO { List getMemberships(); -
[2/2] syncope git commit: Removing Java 8 idioms
Removing Java 8 idioms Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/fffee9f1 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/fffee9f1 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/fffee9f1 Branch: refs/heads/2_0_X Commit: fffee9f15d2a7dfdc49524e983e1cb0d9254271f Parents: 025441a Author: Colm O hEigeartaighAuthored: Thu Jul 27 12:46:35 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Jul 27 12:46:35 2017 +0100 -- .../apache/syncope/fit/core/GroupITCase.java| 65 +--- .../syncope/fit/core/UserIssuesITCase.java | 12 +++- 2 files changed, 69 insertions(+), 8 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/fffee9f1/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java -- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java index 9d833cc..fe9129d 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java @@ -38,6 +38,8 @@ import javax.naming.directory.SearchResult; import javax.ws.rs.ForbiddenException; import javax.ws.rs.core.GenericType; import javax.ws.rs.core.Response; + +import org.apache.commons.collections4.CollectionUtils; import org.apache.commons.collections4.IterableUtils; import org.apache.commons.collections4.Predicate; import org.apache.commons.lang3.SerializationUtils; @@ -652,7 +654,14 @@ public class GroupITCase extends AbstractITCase { List memberships = userService.read( "c9b2dec2-00a7-4855-97c0-d854842b4b24").getDynMemberships(); -assertTrue(memberships.stream().anyMatch(m -> m.getGroupKey().equals(groupKey))); +assertFalse(CollectionUtils.select(memberships, new Predicate() { + +public boolean evaluate(MembershipTO object) { +return object.getGroupKey().equals(groupKey); +} + + +}).isEmpty()); GroupPatch patch = new GroupPatch(); patch.setKey(group.getKey()); @@ -683,14 +692,35 @@ public class GroupITCase extends AbstractITCase { assertNotNull(newAny.getPlainAttr("location")); List memberships = anyObjectService.read( "fc6dbc3a-6c07-4965-8781-921e7401a4a5").getDynMemberships(); -assertTrue(memberships.stream().anyMatch(m -> m.getGroupKey().equals(groupKey))); +assertFalse(CollectionUtils.select(memberships, new Predicate() { + +public boolean evaluate(MembershipTO object) { +return object.getGroupKey().equals(groupKey); +} + + +}).isEmpty()); memberships = anyObjectService.read( "8559d14d-58c2-46eb-a2d4-a7d35161e8f8").getDynMemberships(); -assertTrue(memberships.stream().anyMatch(m -> m.getGroupKey().equals(groupKey))); +assertFalse(CollectionUtils.select(memberships, new Predicate() { + +public boolean evaluate(MembershipTO object) { +return object.getGroupKey().equals(groupKey); +} + + +}).isEmpty()); memberships = anyObjectService.read(newAny.getKey()).getDynMemberships(); -assertTrue(memberships.stream().anyMatch(m -> m.getGroupKey().equals(groupKey))); +assertFalse(CollectionUtils.select(memberships, new Predicate() { + +public boolean evaluate(MembershipTO object) { +return object.getGroupKey().equals(groupKey); +} + + +}).isEmpty()); // 2. update group and change aDynMembership condition fiql = SyncopeClient.getAnyObjectSearchConditionBuilder("PRINTER").is("location").nullValue().query(); @@ -717,12 +747,33 @@ public class GroupITCase extends AbstractITCase { memberships = anyObjectService.read( "fc6dbc3a-6c07-4965-8781-921e7401a4a5").getDynMemberships(); -assertFalse(memberships.stream().anyMatch(m -> m.getGroupKey().equals(groupKey))); +assertTrue(CollectionUtils.select(memberships, new Predicate() { + +public boolean evaluate(MembershipTO object) { +return object.getGroupKey().equals(groupKey); +} + + +}).isEmpty()); memberships = anyObjectService.read( "8559d14d-58c2-46eb-a2d4-a7d35161e8f8").getDynMemberships(); -assertFalse(memberships.stream().anyMatch(m -> m.getGroupKey().equals(groupKey))); +assertTrue(CollectionUtils.select(memberships, new Predicate() { + +public boolean
syncope git commit: SYNCOPE-1173 - Replace List dynGroups with List dynMemberships
Repository: syncope Updated Branches: refs/heads/master b436c7a7d -> dde0773f3 SYNCOPE-1173 - Replace List dynGroups with List dynMemberships Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/dde0773f Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/dde0773f Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/dde0773f Branch: refs/heads/master Commit: dde0773f3321a9dc5a92fd1404f273af48cfc6c9 Parents: b436c7a Author: Colm O hEigeartaighAuthored: Wed Jul 26 16:36:29 2017 +0100 Committer: Colm O hEigeartaigh Committed: Wed Jul 26 16:36:29 2017 +0100 -- .../client/console/wizards/any/Groups.java | 4 +- .../syncope/common/lib/to/AnyObjectTO.java | 12 +++--- .../common/lib/to/GroupableRelatableTO.java | 2 +- .../apache/syncope/common/lib/to/UserTO.java| 12 +++--- .../test/resources/domains/MasterContent.xml| 8 ++-- .../java/data/AnyObjectDataBinderImpl.java | 14 ++- .../java/data/UserDataBinderImpl.java | 15 +-- .../apache/syncope/fit/core/GroupITCase.java| 42 +--- .../org/apache/syncope/fit/core/RoleITCase.java | 2 +- .../syncope/fit/core/UserIssuesITCase.java | 5 ++- 10 files changed, 74 insertions(+), 42 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/dde0773f/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java -- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java b/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java index 8e640fd..499bc26 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/wizards/any/Groups.java @@ -313,8 +313,8 @@ public class Groups extends WizardStep implements ICondition { GroupFiqlSearchConditionBuilder searchConditionBuilder = SyncopeClient.getGroupSearchConditionBuilder(); ArrayList conditions = new ArrayList<>(); -for (String groupKey : GroupableRelatableTO.class.cast(anyTO).getDynGroups()) { - conditions.add(searchConditionBuilder.is("key").equalTo(groupKey).wrap()); +for (MembershipTO membership : GroupableRelatableTO.class.cast(anyTO).getDynMemberships()) { + conditions.add(searchConditionBuilder.is("key").equalTo(membership.getGroupKey()).wrap()); } Map assignedGroups = new HashMap<>(); http://git-wip-us.apache.org/repos/asf/syncope/blob/dde0773f/common/lib/src/main/java/org/apache/syncope/common/lib/to/AnyObjectTO.java -- diff --git a/common/lib/src/main/java/org/apache/syncope/common/lib/to/AnyObjectTO.java b/common/lib/src/main/java/org/apache/syncope/common/lib/to/AnyObjectTO.java index 231504b..af8b0ea 100644 --- a/common/lib/src/main/java/org/apache/syncope/common/lib/to/AnyObjectTO.java +++ b/common/lib/src/main/java/org/apache/syncope/common/lib/to/AnyObjectTO.java @@ -41,7 +41,7 @@ public class AnyObjectTO extends AnyTO implements GroupableRelatableTO { private final List memberships = new ArrayList<>(); -private final List dynGroups = new ArrayList<>(); +private final List dynMemberships = new ArrayList<>(); public String getName() { return name; @@ -91,11 +91,11 @@ public class AnyObjectTO extends AnyTO implements GroupableRelatableTO { return memberships; } -@XmlElementWrapper(name = "dynGroups") -@XmlElement(name = "role") -@JsonProperty("dynGroups") +@XmlElementWrapper(name = "dynMemberships") +@XmlElement(name = "dynMembership") +@JsonProperty("dynMemberships") @Override -public List getDynGroups() { -return dynGroups; +public List getDynMemberships() { +return dynMemberships; } } http://git-wip-us.apache.org/repos/asf/syncope/blob/dde0773f/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupableRelatableTO.java -- diff --git a/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupableRelatableTO.java b/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupableRelatableTO.java index 0dba26d..f2b8dbc 100644 --- a/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupableRelatableTO.java +++ b/common/lib/src/main/java/org/apache/syncope/common/lib/to/GroupableRelatableTO.java @@ -26,7 +26,7 @@ public interface GroupableRelatableTO { List getMemberships(); -
syncope git commit: SYNCOPE-1172 - Error message of "Malformed Path" could be made a little clearer
Repository: syncope Updated Branches: refs/heads/2_0_X a56e2eaca -> 56d4e95b9 SYNCOPE-1172 - Error message of "Malformed Path" could be made a little clearer Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/56d4e95b Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/56d4e95b Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/56d4e95b Branch: refs/heads/2_0_X Commit: 56d4e95b982baf9b819086057bd54df50d0dd701 Parents: a56e2ea Author: Colm O hEigeartaighAuthored: Wed Jul 26 15:00:07 2017 +0100 Committer: Colm O hEigeartaigh Committed: Wed Jul 26 15:03:20 2017 +0100 -- .../syncope/core/persistence/api/dao/MalformedPathException.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/56d4e95b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/MalformedPathException.java -- diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/MalformedPathException.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/MalformedPathException.java index ec29738..c47156b 100644 --- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/MalformedPathException.java +++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/MalformedPathException.java @@ -26,6 +26,6 @@ public class MalformedPathException extends RuntimeException { private static final long serialVersionUID = -164735562182120006L; public MalformedPathException(final String path) { -super("Malformed path: " + path); +super("The provided realm path is malformed: " + path); } }
syncope git commit: Changed the admin password for the archetype as well
Repository: syncope Updated Branches: refs/heads/master 0913da283 -> 030defd12 Changed the admin password for the archetype as well Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/030defd1 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/030defd1 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/030defd1 Branch: refs/heads/master Commit: 030defd12e45d3c6bf203b8668f5be047801b941 Parents: 0913da2 Author: Colm O hEigeartaighAuthored: Tue Jul 18 17:52:04 2017 +0100 Committer: Colm O hEigeartaigh Committed: Tue Jul 18 17:52:04 2017 +0100 -- archetype/src/main/resources/META-INF/maven/archetype-metadata.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/030defd1/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml -- diff --git a/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml b/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml index f3ba98c..391cd25 100644 --- a/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml +++ b/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml @@ -25,7 +25,7 @@ under the License. -5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 + DE088591C00CC98B36F5ADAAF7DA2B004CF7F2FE7BBB45B766B6409876E2F3DB13C7905C6AA59464
syncope git commit: SYNCOPE-1165 - Switch the default password cipher algorithm from SHA1 to SSHA256
Repository: syncope Updated Branches: refs/heads/master 7ee0bf22c -> 0913da283 SYNCOPE-1165 - Switch the default password cipher algorithm from SHA1 to SSHA256 Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/0913da28 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/0913da28 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/0913da28 Branch: refs/heads/master Commit: 0913da283a378fd87207b55b75b48266d3e98b18 Parents: 7ee0bf2 Author: Colm O hEigeartaighAuthored: Tue Jul 18 15:51:06 2017 +0100 Committer: Colm O hEigeartaigh Committed: Tue Jul 18 15:51:06 2017 +0100 -- .../src/main/resources/domains/MasterContent.xml | 2 +- .../core/spring/security/DefaultCredentialChecker.java | 3 ++- core/spring/src/main/resources/security.properties | 2 +- .../apache/syncope/core/spring/security/EncryptorTest.java | 8 pom.xml | 2 +- 5 files changed, 13 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/0913da28/core/persistence-jpa/src/main/resources/domains/MasterContent.xml -- diff --git a/core/persistence-jpa/src/main/resources/domains/MasterContent.xml b/core/persistence-jpa/src/main/resources/domains/MasterContent.xml index 9d42535..875647b 100644 --- a/core/persistence-jpa/src/main/resources/domains/MasterContent.xml +++ b/core/persistence-jpa/src/main/resources/domains/MasterContent.xml @@ -28,7 +28,7 @@ under the License. + attribute_id="56db89b9-119e-4923-a16e-f42823b90c66" stringValue="SSHA256"/> anonymousKey 1abcdefghilmnopqrstuvz2!
[1/2] syncope git commit: Filter security.properties for the spring tests as well
Repository: syncope Updated Branches: refs/heads/1_2_X 42b1b5f8d -> d4edbaa81 Filter security.properties for the spring tests as well Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/ea687551 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/ea687551 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/ea687551 Branch: refs/heads/1_2_X Commit: ea68755183514cacbb48b966c14baec71c5dbfef Parents: 42b1b5f Author: Colm O hEigeartaighAuthored: Mon Jul 17 19:15:53 2017 +0100 Committer: Colm O hEigeartaigh Committed: Tue Jul 18 13:03:21 2017 +0100 -- .../java/org/apache/syncope/core/security/EncryptorTest.java | 7 +++ 1 file changed, 7 insertions(+) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/ea687551/core/src/test/java/org/apache/syncope/core/security/EncryptorTest.java -- diff --git a/core/src/test/java/org/apache/syncope/core/security/EncryptorTest.java b/core/src/test/java/org/apache/syncope/core/security/EncryptorTest.java index 7d8fdb6..626416f 100644 --- a/core/src/test/java/org/apache/syncope/core/security/EncryptorTest.java +++ b/core/src/test/java/org/apache/syncope/core/security/EncryptorTest.java @@ -18,6 +18,7 @@ */ package org.apache.syncope.core.security; +import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; @@ -56,4 +57,10 @@ public class EncryptorTest { } } } + +@Test +public void testDecodeDefaultAESKey() throws Exception { +String password = encryptor.decode("9Pav+xl+UyHt02H9ZBytiA==", CipherAlgorithm.AES); +assertEquals("password", password); +} }
[2/2] syncope git commit: SYNCOPE-1168 - Encryptor pads short secret keys with "0" instead of random characters
SYNCOPE-1168 - Encryptor pads short secret keys with "0" instead of random characters Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/d4edbaa8 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/d4edbaa8 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/d4edbaa8 Branch: refs/heads/1_2_X Commit: d4edbaa814bd50e0a7c8373c8624eb5e4b02763c Parents: ea68755 Author: Colm O hEigeartaighAuthored: Tue Jul 18 11:02:40 2017 +0100 Committer: Colm O hEigeartaigh Committed: Tue Jul 18 13:21:13 2017 +0100 -- .../java/org/apache/syncope/core/util/Encryptor.java| 11 +++ .../org/apache/syncope/core/security/EncryptorTest.java | 12 ++-- 2 files changed, 17 insertions(+), 6 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/d4edbaa8/core/src/main/java/org/apache/syncope/core/util/Encryptor.java -- diff --git a/core/src/main/java/org/apache/syncope/core/util/Encryptor.java b/core/src/main/java/org/apache/syncope/core/util/Encryptor.java index 270f2f8..2e8c111 100644 --- a/core/src/main/java/org/apache/syncope/core/util/Encryptor.java +++ b/core/src/main/java/org/apache/syncope/core/util/Encryptor.java @@ -172,11 +172,14 @@ public final class Encryptor { String actualKey = secretKey; if (actualKey.length() < 16) { StringBuilder actualKeyPadding = new StringBuilder(actualKey); -for (int i = 0; i < 16 - actualKey.length(); i++) { -actualKeyPadding.append('0'); -} +int length = 16 - actualKey.length(); +String randomChars = SecureRandomUtil.generateRandomPassword(length); + +actualKeyPadding.append(randomChars); actualKey = actualKeyPadding.toString(); -LOG.debug("actualKey too short, adding some random characters"); +LOG.warn("The secret key is too short (< 16), adding some random characters. " + + "Passwords encrypted with AES and this key will not be recoverable " + + "as a result if the container is restarted."); } try { http://git-wip-us.apache.org/repos/asf/syncope/blob/d4edbaa8/core/src/test/java/org/apache/syncope/core/security/EncryptorTest.java -- diff --git a/core/src/test/java/org/apache/syncope/core/security/EncryptorTest.java b/core/src/test/java/org/apache/syncope/core/security/EncryptorTest.java index 626416f..c7fed5c 100644 --- a/core/src/test/java/org/apache/syncope/core/security/EncryptorTest.java +++ b/core/src/test/java/org/apache/syncope/core/security/EncryptorTest.java @@ -60,7 +60,15 @@ public class EncryptorTest { @Test public void testDecodeDefaultAESKey() throws Exception { -String password = encryptor.decode("9Pav+xl+UyHt02H9ZBytiA==", CipherAlgorithm.AES); -assertEquals("password", password); +String decPassword = encryptor.decode("9Pav+xl+UyHt02H9ZBytiA==", CipherAlgorithm.AES); +assertEquals(password, decPassword); +} + +@Test +public void testSmallKey() throws Exception { +Encryptor smallKeyEncryptor = Encryptor.getInstance("123"); +String encPassword = smallKeyEncryptor.encode(password, CipherAlgorithm.AES); +String decPassword = smallKeyEncryptor.decode(encPassword, CipherAlgorithm.AES); +assertEquals(password, decPassword); } }
syncope git commit: SYNCOPE-1168 - Encryptor pads short secret keys with "0" instead of random characters
Repository: syncope Updated Branches: refs/heads/master eebca673e -> 4214a3892 SYNCOPE-1168 - Encryptor pads short secret keys with "0" instead of random characters Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/4214a389 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/4214a389 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/4214a389 Branch: refs/heads/master Commit: 4214a38925ea07d6ab2a9d8bbf32fcd3fe0841d0 Parents: eebca67 Author: Colm O hEigeartaighAuthored: Tue Jul 18 11:02:40 2017 +0100 Committer: Colm O hEigeartaigh Committed: Tue Jul 18 11:36:21 2017 +0100 -- .../apache/syncope/core/spring/security/Encryptor.java | 11 +++ .../syncope/core/spring/security/EncryptorTest.java| 13 +++-- 2 files changed, 18 insertions(+), 6 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/4214a389/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java -- diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java index af64177..a97094a 100644 --- a/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java +++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java @@ -154,11 +154,14 @@ public final class Encryptor { String actualKey = secretKey; if (actualKey.length() < 16) { StringBuilder actualKeyPadding = new StringBuilder(actualKey); -for (int i = 0; i < 16 - actualKey.length(); i++) { -actualKeyPadding.append('0'); -} +int length = 16 - actualKey.length(); +String randomChars = SecureRandomUtils.generateRandomPassword(length); + +actualKeyPadding.append(randomChars); actualKey = actualKeyPadding.toString(); -LOG.debug("actualKey too short, adding some random characters"); +LOG.warn("The secret key is too short (< 16), adding some random characters. " + + "Passwords encrypted with AES and this key will not be recoverable " + + "as a result if the container is restarted."); } try { http://git-wip-us.apache.org/repos/asf/syncope/blob/4214a389/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java -- diff --git a/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java b/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java index 98c3f16..064d970 100644 --- a/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java +++ b/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java @@ -61,7 +61,16 @@ public class EncryptorTest { @Test public void testDecodeDefaultAESKey() throws Exception { -String password = encryptor.decode("9Pav+xl+UyHt02H9ZBytiA==", CipherAlgorithm.AES); -assertEquals("password", password); +String decPassword = encryptor.decode("9Pav+xl+UyHt02H9ZBytiA==", CipherAlgorithm.AES); +assertEquals(password, decPassword); } + +@Test +public void testSmallKey() throws Exception { +Encryptor smallKeyEncryptor = Encryptor.getInstance("123"); +String encPassword = smallKeyEncryptor.encode(password, CipherAlgorithm.AES); +String decPassword = smallKeyEncryptor.decode(encPassword, CipherAlgorithm.AES); +assertEquals(password, decPassword); +} + }
syncope git commit: SYNCOPE-1168 - Encryptor pads short secret keys with "0" instead of random characters
Repository: syncope Updated Branches: refs/heads/2_0_X e21971bf5 -> 852dec694 SYNCOPE-1168 - Encryptor pads short secret keys with "0" instead of random characters Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/852dec69 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/852dec69 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/852dec69 Branch: refs/heads/2_0_X Commit: 852dec6946813ac4756b8868988e145316bd6f94 Parents: e21971b Author: Colm O hEigeartaighAuthored: Tue Jul 18 11:02:40 2017 +0100 Committer: Colm O hEigeartaigh Committed: Tue Jul 18 12:02:32 2017 +0100 -- .../apache/syncope/core/spring/security/Encryptor.java | 11 +++ .../syncope/core/spring/security/EncryptorTest.java| 13 +++-- 2 files changed, 18 insertions(+), 6 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/852dec69/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java -- diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java index af64177..a97094a 100644 --- a/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java +++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/Encryptor.java @@ -154,11 +154,14 @@ public final class Encryptor { String actualKey = secretKey; if (actualKey.length() < 16) { StringBuilder actualKeyPadding = new StringBuilder(actualKey); -for (int i = 0; i < 16 - actualKey.length(); i++) { -actualKeyPadding.append('0'); -} +int length = 16 - actualKey.length(); +String randomChars = SecureRandomUtils.generateRandomPassword(length); + +actualKeyPadding.append(randomChars); actualKey = actualKeyPadding.toString(); -LOG.debug("actualKey too short, adding some random characters"); +LOG.warn("The secret key is too short (< 16), adding some random characters. " + + "Passwords encrypted with AES and this key will not be recoverable " + + "as a result if the container is restarted."); } try { http://git-wip-us.apache.org/repos/asf/syncope/blob/852dec69/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java -- diff --git a/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java b/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java index 98c3f16..064d970 100644 --- a/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java +++ b/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java @@ -61,7 +61,16 @@ public class EncryptorTest { @Test public void testDecodeDefaultAESKey() throws Exception { -String password = encryptor.decode("9Pav+xl+UyHt02H9ZBytiA==", CipherAlgorithm.AES); -assertEquals("password", password); +String decPassword = encryptor.decode("9Pav+xl+UyHt02H9ZBytiA==", CipherAlgorithm.AES); +assertEquals(password, decPassword); } + +@Test +public void testSmallKey() throws Exception { +Encryptor smallKeyEncryptor = Encryptor.getInstance("123"); +String encPassword = smallKeyEncryptor.encode(password, CipherAlgorithm.AES); +String decPassword = smallKeyEncryptor.decode(encPassword, CipherAlgorithm.AES); +assertEquals(password, decPassword); +} + }
syncope git commit: Filter security.properties for the spring tests as well
Repository: syncope Updated Branches: refs/heads/master 2d444f625 -> 3faef350f Filter security.properties for the spring tests as well Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/3faef350 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/3faef350 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/3faef350 Branch: refs/heads/master Commit: 3faef350fd2d9fdaf3d20ab6bd73ce6b83e4c695 Parents: 2d444f6 Author: Colm O hEigeartaighAuthored: Mon Jul 17 19:15:53 2017 +0100 Committer: Colm O hEigeartaigh Committed: Mon Jul 17 19:15:53 2017 +0100 -- core/spring/pom.xml | 7 +++ .../apache/syncope/core/spring/security/EncryptorTest.java| 7 +++ 2 files changed, 14 insertions(+) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/3faef350/core/spring/pom.xml -- diff --git a/core/spring/pom.xml b/core/spring/pom.xml index d92d4e0..d33a01f 100644 --- a/core/spring/pom.xml +++ b/core/spring/pom.xml @@ -104,5 +104,12 @@ under the License. maven-checkstyle-plugin + + +src/main/resources +true + + + http://git-wip-us.apache.org/repos/asf/syncope/blob/3faef350/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java -- diff --git a/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java b/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java index 4bfa0fa..98c3f16 100644 --- a/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java +++ b/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java @@ -20,6 +20,7 @@ package org.apache.syncope.core.spring.security; import org.apache.syncope.core.spring.security.Encryptor; +import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; @@ -57,4 +58,10 @@ public class EncryptorTest { } } } + +@Test +public void testDecodeDefaultAESKey() throws Exception { +String password = encryptor.decode("9Pav+xl+UyHt02H9ZBytiA==", CipherAlgorithm.AES); +assertEquals("password", password); +} }
syncope git commit: Adding some negative tests for JWT third party tokens
Repository: syncope Updated Branches: refs/heads/master ffb78c087 -> 2035f6b4d Adding some negative tests for JWT third party tokens Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/2035f6b4 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/2035f6b4 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/2035f6b4 Branch: refs/heads/master Commit: 2035f6b4d7d9d3624e6c52a070f081dd54835606 Parents: ffb78c0 Author: Colm O hEigeartaighAuthored: Wed Jul 5 11:53:45 2017 +0100 Committer: Colm O hEigeartaigh Committed: Wed Jul 5 11:53:45 2017 +0100 -- .../org/apache/syncope/fit/core/JWTITCase.java | 106 +++ 1 file changed, 106 insertions(+) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/2035f6b4/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java -- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java index ef122f6..4d9e050 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java @@ -420,4 +420,110 @@ public class JWTITCase extends AbstractITCase { assertFalse(self.getLeft().isEmpty()); assertEquals("puccini", self.getRight().getUsername()); } + +@Test +public void thirdPartyTokenUnknownUser() throws ParseException { +// Create a new token +Date now = new Date(); + +Calendar expiry = Calendar.getInstance(); +expiry.setTime(now); +expiry.add(Calendar.MINUTE, 5); + +JwtClaims jwtClaims = new JwtClaims(); +jwtClaims.setTokenId(UUID.randomUUID().toString()); +jwtClaims.setSubject("stra...@apache.org"); +jwtClaims.setIssuedAt(now.getTime()); +jwtClaims.setIssuer(CustomJWTSSOProvider.ISSUER); +jwtClaims.setExpiryTime(expiry.getTime().getTime()); +jwtClaims.setNotBefore(now.getTime()); + +JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.HS512); +JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims); +JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken); + +JwsSignatureProvider jwsSignatureProvider = +new HmacJwsSignatureProvider(CustomJWTSSOProvider.CUSTOM_KEY.getBytes(), SignatureAlgorithm.HS512); +String signed = producer.signWith(jwsSignatureProvider); + +SyncopeClient jwtClient = clientFactory.create(signed); + +try { +jwtClient.self(); +fail("Failure expected on an unknown subject"); +} catch (AccessControlException ex) { +// expected +} +} + +@Test +public void thirdPartyTokenUnknownIssuer() throws ParseException { +// Create a new token +Date now = new Date(); + +Calendar expiry = Calendar.getInstance(); +expiry.setTime(now); +expiry.add(Calendar.MINUTE, 5); + +JwtClaims jwtClaims = new JwtClaims(); +jwtClaims.setTokenId(UUID.randomUUID().toString()); +jwtClaims.setSubject("pucc...@apache.org"); +jwtClaims.setIssuedAt(now.getTime()); +jwtClaims.setIssuer(CustomJWTSSOProvider.ISSUER + "_"); +jwtClaims.setExpiryTime(expiry.getTime().getTime()); +jwtClaims.setNotBefore(now.getTime()); + +JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.HS512); +JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims); +JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken); + +JwsSignatureProvider jwsSignatureProvider = +new HmacJwsSignatureProvider(CustomJWTSSOProvider.CUSTOM_KEY.getBytes(), SignatureAlgorithm.HS512); +String signed = producer.signWith(jwsSignatureProvider); + +SyncopeClient jwtClient = clientFactory.create(signed); + +try { +jwtClient.self(); +fail("Failure expected on an unknown issuer"); +} catch (AccessControlException ex) { +// expected +} +} + +@Test +public void thirdPartyTokenBadSignature() throws ParseException { +// Create a new token +Date now = new Date(); + +Calendar expiry = Calendar.getInstance(); +expiry.setTime(now); +expiry.add(Calendar.MINUTE, 5); + +JwtClaims jwtClaims = new JwtClaims(); +jwtClaims.setTokenId(UUID.randomUUID().toString()); +jwtClaims.setSubject("pucc...@apache.org"); +jwtClaims.setIssuedAt(now.getTime()); +
syncope git commit: Adding some negative tests for JWT third party tokens
Repository: syncope Updated Branches: refs/heads/2_0_X 48d917933 -> 894885ba3 Adding some negative tests for JWT third party tokens Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/894885ba Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/894885ba Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/894885ba Branch: refs/heads/2_0_X Commit: 894885ba30be335054ba8b7e814216dbe0fa0985 Parents: 48d9179 Author: Colm O hEigeartaighAuthored: Wed Jul 5 11:53:45 2017 +0100 Committer: Colm O hEigeartaigh Committed: Wed Jul 5 12:29:48 2017 +0100 -- .../org/apache/syncope/fit/core/JWTITCase.java | 106 +++ 1 file changed, 106 insertions(+) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/894885ba/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java -- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java index ef122f6..4d9e050 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java @@ -420,4 +420,110 @@ public class JWTITCase extends AbstractITCase { assertFalse(self.getLeft().isEmpty()); assertEquals("puccini", self.getRight().getUsername()); } + +@Test +public void thirdPartyTokenUnknownUser() throws ParseException { +// Create a new token +Date now = new Date(); + +Calendar expiry = Calendar.getInstance(); +expiry.setTime(now); +expiry.add(Calendar.MINUTE, 5); + +JwtClaims jwtClaims = new JwtClaims(); +jwtClaims.setTokenId(UUID.randomUUID().toString()); +jwtClaims.setSubject("stra...@apache.org"); +jwtClaims.setIssuedAt(now.getTime()); +jwtClaims.setIssuer(CustomJWTSSOProvider.ISSUER); +jwtClaims.setExpiryTime(expiry.getTime().getTime()); +jwtClaims.setNotBefore(now.getTime()); + +JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.HS512); +JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims); +JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken); + +JwsSignatureProvider jwsSignatureProvider = +new HmacJwsSignatureProvider(CustomJWTSSOProvider.CUSTOM_KEY.getBytes(), SignatureAlgorithm.HS512); +String signed = producer.signWith(jwsSignatureProvider); + +SyncopeClient jwtClient = clientFactory.create(signed); + +try { +jwtClient.self(); +fail("Failure expected on an unknown subject"); +} catch (AccessControlException ex) { +// expected +} +} + +@Test +public void thirdPartyTokenUnknownIssuer() throws ParseException { +// Create a new token +Date now = new Date(); + +Calendar expiry = Calendar.getInstance(); +expiry.setTime(now); +expiry.add(Calendar.MINUTE, 5); + +JwtClaims jwtClaims = new JwtClaims(); +jwtClaims.setTokenId(UUID.randomUUID().toString()); +jwtClaims.setSubject("pucc...@apache.org"); +jwtClaims.setIssuedAt(now.getTime()); +jwtClaims.setIssuer(CustomJWTSSOProvider.ISSUER + "_"); +jwtClaims.setExpiryTime(expiry.getTime().getTime()); +jwtClaims.setNotBefore(now.getTime()); + +JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.HS512); +JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims); +JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken); + +JwsSignatureProvider jwsSignatureProvider = +new HmacJwsSignatureProvider(CustomJWTSSOProvider.CUSTOM_KEY.getBytes(), SignatureAlgorithm.HS512); +String signed = producer.signWith(jwsSignatureProvider); + +SyncopeClient jwtClient = clientFactory.create(signed); + +try { +jwtClient.self(); +fail("Failure expected on an unknown issuer"); +} catch (AccessControlException ex) { +// expected +} +} + +@Test +public void thirdPartyTokenBadSignature() throws ParseException { +// Create a new token +Date now = new Date(); + +Calendar expiry = Calendar.getInstance(); +expiry.setTime(now); +expiry.add(Calendar.MINUTE, 5); + +JwtClaims jwtClaims = new JwtClaims(); +jwtClaims.setTokenId(UUID.randomUUID().toString()); +jwtClaims.setSubject("pucc...@apache.org"); +jwtClaims.setIssuedAt(now.getTime()); +
syncope git commit: Make sure a null issuer is explicitly not allowed
Repository: syncope Updated Branches: refs/heads/master c86fb4e63 -> bbf5b514b Make sure a null issuer is explicitly not allowed Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/bbf5b514 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/bbf5b514 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/bbf5b514 Branch: refs/heads/master Commit: bbf5b514b92cf37109e1a168a189014f1c570356 Parents: c86fb4e Author: Colm O hEigeartaighAuthored: Tue Jul 4 16:37:23 2017 +0100 Committer: Colm O hEigeartaigh Committed: Tue Jul 4 16:37:23 2017 +0100 -- .../core/logic/init/ClassPathScanImplementationLookup.java| 1 - .../org/apache/syncope/core/spring/security/AuthDataAccessor.java | 3 +++ 2 files changed, 3 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/bbf5b514/core/logic/src/main/java/org/apache/syncope/core/logic/init/ClassPathScanImplementationLookup.java -- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/init/ClassPathScanImplementationLookup.java b/core/logic/src/main/java/org/apache/syncope/core/logic/init/ClassPathScanImplementationLookup.java index 1fa0043..fd2f1fb 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/init/ClassPathScanImplementationLookup.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/init/ClassPathScanImplementationLookup.java @@ -29,7 +29,6 @@ import org.apache.syncope.common.lib.policy.AccountRuleConf; import org.apache.syncope.common.lib.policy.PasswordRuleConf; import org.apache.syncope.common.lib.report.ReportletConf; import org.apache.syncope.core.persistence.api.ImplementationLookup; -import org.apache.syncope.core.persistence.api.ImplementationLookup.Type; import org.apache.syncope.core.persistence.api.attrvalue.validation.Validator; import org.apache.syncope.core.persistence.api.dao.AccountRule; import org.apache.syncope.core.persistence.api.dao.AccountRuleConfClass; http://git-wip-us.apache.org/repos/asf/syncope/blob/bbf5b514/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java -- diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java index 1a425f3..402bfae 100644 --- a/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java +++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java @@ -155,6 +155,9 @@ public class AuthDataAccessor { } } +if (issuer == null) { +throw new AuthenticationCredentialsNotFoundException("A null issuer is not permitted"); +} JWTSSOProvider provider = jwtSSOProviders.get(issuer); if (provider == null) { throw new AuthenticationCredentialsNotFoundException(
syncope git commit: Trivial grammatical fixes
Repository: syncope Updated Branches: refs/heads/2_0_X f5fc2f166 -> c102038a9 Trivial grammatical fixes Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/c102038a Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/c102038a Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/c102038a Branch: refs/heads/2_0_X Commit: c102038a996e82e29b41c4fca73fe0468c64a816 Parents: f5fc2f1 Author: Colm O hEigeartaighAuthored: Mon Jul 3 17:35:28 2017 +0100 Committer: Colm O hEigeartaigh Committed: Mon Jul 3 17:35:51 2017 +0100 -- src/main/asciidoc/reference-guide/concepts/realms.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/c102038a/src/main/asciidoc/reference-guide/concepts/realms.adoc -- diff --git a/src/main/asciidoc/reference-guide/concepts/realms.adoc b/src/main/asciidoc/reference-guide/concepts/realms.adoc index ec9cfbc..2ed169b 100644 --- a/src/main/asciidoc/reference-guide/concepts/realms.adoc +++ b/src/main/asciidoc/reference-guide/concepts/realms.adoc @@ -46,8 +46,8 @@ Moreover, this partition allows fine-grained control over policy enforcement and [[dynamic-realms]] .Dynamic Realms -Realms provide a mean to model static containment hierarchies. + -Such strategy might not be the ideal fit for situations where the set of Users, Groups and Any Objects to administer +Realms provide a means to model static containment hierarchies. + +This might not be the ideal fit for situations where the set of Users, Groups and Any Objects to administer cannot be statically defined by containment. Dynamic Realms can be used to identify Users, Groups and Any Objects according to some attributes' value, resource
syncope git commit: Log a warning if the default anonymousKey is being used
Repository: syncope Updated Branches: refs/heads/master c50ee3176 -> 3ceb8b597 Log a warning if the default anonymousKey is being used Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/3ceb8b59 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/3ceb8b59 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/3ceb8b59 Branch: refs/heads/master Commit: 3ceb8b597b203d5e5b7fe96c55487e3df5641cb5 Parents: c50ee31 Author: Colm O hEigeartaighAuthored: Thu Jun 29 10:40:39 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Jun 29 11:04:36 2017 +0100 -- .../src/test/resources/provisioningTest.xml | 1 + .../spring/security/DefaultCredentialChecker.java | 14 +- .../UsernamePasswordAuthenticationProvider.java | 1 + core/spring/src/main/resources/securityContext.xml| 1 + 4 files changed, 16 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/3ceb8b59/core/provisioning-java/src/test/resources/provisioningTest.xml -- diff --git a/core/provisioning-java/src/test/resources/provisioningTest.xml b/core/provisioning-java/src/test/resources/provisioningTest.xml index 53fb6d9..e3c1dd2 100644 --- a/core/provisioning-java/src/test/resources/provisioningTest.xml +++ b/core/provisioning-java/src/test/resources/provisioningTest.xml @@ -59,6 +59,7 @@ under the License. + http://git-wip-us.apache.org/repos/asf/syncope/blob/3ceb8b59/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java -- diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java index a75b39e..a63c588 100644 --- a/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java +++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java @@ -32,13 +32,18 @@ public class DefaultCredentialChecker { private static final String DEFAULT_ADMIN_PASSWORD = "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8"; +private static final String DEFAULT_ANON_KEY = "anonymousKey"; + private final boolean defaultAdminPasswordInUse; private final boolean defaultJwsKeyInUse; -public DefaultCredentialChecker(final String jwsKey, final String adminPassword) { +private final boolean defaultAnonymousKeyInUse; + +public DefaultCredentialChecker(final String jwsKey, final String adminPassword, final String anonymousKey) { defaultJwsKeyInUse = DEFAULT_JWS_KEY.equals(jwsKey); defaultAdminPasswordInUse = DEFAULT_ADMIN_PASSWORD.equals(adminPassword); +defaultAnonymousKeyInUse = DEFAULT_ANON_KEY.equals(anonymousKey); } public void checkIsDefaultJWSKeyInUse() { @@ -55,4 +60,11 @@ public class DefaultCredentialChecker { } } +public void checkIsDefaultAnonymousKeyInUse() { +if (defaultAnonymousKeyInUse) { +LOG.warn("The default anonymousKey property is being used. " ++ "This must be changed to avoid a security breach!"); +} +} + } http://git-wip-us.apache.org/repos/asf/syncope/blob/3ceb8b59/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java -- diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java index 2a5430e..da11553 100644 --- a/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java +++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java @@ -98,6 +98,7 @@ public class UsernamePasswordAuthenticationProvider implements AuthenticationPro if (anonymousUser.equals(authentication.getName())) { username[0] = anonymousUser; +credentialChecker.checkIsDefaultAnonymousKeyInUse(); authenticated = authentication.getCredentials().toString().equals(anonymousKey); } else if (adminUser.equals(authentication.getName())) { username[0] = adminUser; http://git-wip-us.apache.org/repos/asf/syncope/blob/3ceb8b59/core/spring/src/main/resources/securityContext.xml
syncope git commit: Log a warning if the default anonymousKey is being used
Repository: syncope Updated Branches: refs/heads/2_0_X 4ba5e3bf9 -> 6f4af4163 Log a warning if the default anonymousKey is being used Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/6f4af416 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/6f4af416 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/6f4af416 Branch: refs/heads/2_0_X Commit: 6f4af41637d18647398b2a33bfbf2522474874a7 Parents: 4ba5e3b Author: Colm O hEigeartaighAuthored: Thu Jun 29 10:40:39 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Jun 29 11:04:51 2017 +0100 -- .../src/test/resources/provisioningTest.xml | 1 + .../spring/security/DefaultCredentialChecker.java | 14 +- .../UsernamePasswordAuthenticationProvider.java | 1 + core/spring/src/main/resources/securityContext.xml| 1 + 4 files changed, 16 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/6f4af416/core/provisioning-java/src/test/resources/provisioningTest.xml -- diff --git a/core/provisioning-java/src/test/resources/provisioningTest.xml b/core/provisioning-java/src/test/resources/provisioningTest.xml index 53fb6d9..e3c1dd2 100644 --- a/core/provisioning-java/src/test/resources/provisioningTest.xml +++ b/core/provisioning-java/src/test/resources/provisioningTest.xml @@ -59,6 +59,7 @@ under the License. + http://git-wip-us.apache.org/repos/asf/syncope/blob/6f4af416/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java -- diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java index a75b39e..a63c588 100644 --- a/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java +++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java @@ -32,13 +32,18 @@ public class DefaultCredentialChecker { private static final String DEFAULT_ADMIN_PASSWORD = "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8"; +private static final String DEFAULT_ANON_KEY = "anonymousKey"; + private final boolean defaultAdminPasswordInUse; private final boolean defaultJwsKeyInUse; -public DefaultCredentialChecker(final String jwsKey, final String adminPassword) { +private final boolean defaultAnonymousKeyInUse; + +public DefaultCredentialChecker(final String jwsKey, final String adminPassword, final String anonymousKey) { defaultJwsKeyInUse = DEFAULT_JWS_KEY.equals(jwsKey); defaultAdminPasswordInUse = DEFAULT_ADMIN_PASSWORD.equals(adminPassword); +defaultAnonymousKeyInUse = DEFAULT_ANON_KEY.equals(anonymousKey); } public void checkIsDefaultJWSKeyInUse() { @@ -55,4 +60,11 @@ public class DefaultCredentialChecker { } } +public void checkIsDefaultAnonymousKeyInUse() { +if (defaultAnonymousKeyInUse) { +LOG.warn("The default anonymousKey property is being used. " ++ "This must be changed to avoid a security breach!"); +} +} + } http://git-wip-us.apache.org/repos/asf/syncope/blob/6f4af416/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java -- diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java index 2a5430e..da11553 100644 --- a/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java +++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java @@ -98,6 +98,7 @@ public class UsernamePasswordAuthenticationProvider implements AuthenticationPro if (anonymousUser.equals(authentication.getName())) { username[0] = anonymousUser; +credentialChecker.checkIsDefaultAnonymousKeyInUse(); authenticated = authentication.getCredentials().toString().equals(anonymousKey); } else if (adminUser.equals(authentication.getName())) { username[0] = adminUser; http://git-wip-us.apache.org/repos/asf/syncope/blob/6f4af416/core/spring/src/main/resources/securityContext.xml
syncope git commit: Removing "Roles" from the anonymous authn section of the docs
Repository: syncope Updated Branches: refs/heads/2_0_X e4fb3d581 -> 9d553b85f Removing "Roles" from the anonymous authn section of the docs Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/9d553b85 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/9d553b85 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/9d553b85 Branch: refs/heads/2_0_X Commit: 9d553b85f93195cef9afd65096a8e4dacf0e541f Parents: e4fb3d5 Author: Colm O hEigeartaighAuthored: Wed Jun 28 13:30:04 2017 +0100 Committer: Colm O hEigeartaigh Committed: Wed Jun 28 13:30:33 2017 +0100 -- .../reference-guide/workingwithapachesyncope/restfulservices.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/9d553b85/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc -- diff --git a/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc b/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc index 0ebd83d..da00883 100644 --- a/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc +++ b/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc @@ -80,7 +80,7 @@ The set of RESTful services provided by Apache Syncope can be divided as: . endpoints accessible without any sort of authentication (e.g. truly anonymous), for self-registration and < >; . endpoints disclosing information about the given Syncope deployment (available < >, configured -< >, Groups, Roles, ...), requiring some sort of shared authentication defined by the +< >, Groups, ...), requiring some sort of shared authentication defined by the `anonymousKey` value in the `security.properties` file - for more information, read about Spring Security's http://docs.spring.io/spring-security/site/docs/4.2.x/reference/htmlsingle/#anonymous[Anonymous Authentication^]; . endpoints for self-service (self-update, password change, ...), requiring user authentication and no entitlements;
syncope git commit: Removing "Roles" from the anonymous authn section of the docs
Repository: syncope Updated Branches: refs/heads/master 733b97203 -> aa5d3ba95 Removing "Roles" from the anonymous authn section of the docs Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/aa5d3ba9 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/aa5d3ba9 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/aa5d3ba9 Branch: refs/heads/master Commit: aa5d3ba9505f2512cc17f847c32716cde4b0359b Parents: 733b972 Author: Colm O hEigeartaighAuthored: Wed Jun 28 13:30:04 2017 +0100 Committer: Colm O hEigeartaigh Committed: Wed Jun 28 13:30:04 2017 +0100 -- .../reference-guide/workingwithapachesyncope/restfulservices.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/aa5d3ba9/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc -- diff --git a/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc b/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc index 595c96e..8627087 100644 --- a/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc +++ b/src/main/asciidoc/reference-guide/workingwithapachesyncope/restfulservices.adoc @@ -80,7 +80,7 @@ The set of RESTful services provided by Apache Syncope can be divided as: . endpoints accessible without any sort of authentication (e.g. truly anonymous), for self-registration and < >; . endpoints disclosing information about the given Syncope deployment (available < >, configured -< >, Groups, Roles, ...), requiring some sort of shared authentication defined by the +< >, Groups, ...), requiring some sort of shared authentication defined by the `anonymousKey` value in the `security.properties` file - for more information, read about Spring Security's http://docs.spring.io/spring-security/site/docs/4.2.x/reference/htmlsingle/#anonymous[Anonymous Authentication^]; . endpoints for self-service (self-update, password change, ...), requiring user authentication and no entitlements;
syncope git commit: SYNCOPE-1119 - Support specifying the admin password using the installer
Repository: syncope Updated Branches: refs/heads/2_0_X dd9e73fe2 -> c4c301c97 SYNCOPE-1119 - Support specifying the admin password using the installer Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/c4c301c9 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/c4c301c9 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/c4c301c9 Branch: refs/heads/2_0_X Commit: c4c301c977f8d9b24ea85244b36d1600ada930bd Parents: dd9e73f Author: Colm O hEigeartaighAuthored: Mon Jun 26 17:12:57 2017 +0100 Committer: Colm O hEigeartaigh Committed: Mon Jun 26 17:13:48 2017 +0100 -- .../META-INF/maven/archetype-metadata.xml | 3 +++ archetype/src/main/resources/meta-pom.xml | 1 + .../src/main/resources/security.properties | 2 +- .../syncope/installer/utilities/MavenUtils.java | 21 ++-- .../validators/ArchetypeValidator.java | 5 + .../src/main/resources/izpack/userInputSpec.xml | 4 pom.xml | 1 + 7 files changed, 34 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/c4c301c9/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml -- diff --git a/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml b/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml index db55592..f3ba98c 100644 --- a/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml +++ b/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml @@ -24,6 +24,9 @@ under the License. + +5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 + http://git-wip-us.apache.org/repos/asf/syncope/blob/c4c301c9/archetype/src/main/resources/meta-pom.xml -- diff --git a/archetype/src/main/resources/meta-pom.xml b/archetype/src/main/resources/meta-pom.xml index 3ee57a1..a322758 100644 --- a/archetype/src/main/resources/meta-pom.xml +++ b/archetype/src/main/resources/meta-pom.xml @@ -34,6 +34,7 @@ under the License. ${secretKey} ${anonymousKey} ${jwsKey} +${adminPassword} true true http://git-wip-us.apache.org/repos/asf/syncope/blob/c4c301c9/core/spring/src/main/resources/security.properties -- diff --git a/core/spring/src/main/resources/security.properties b/core/spring/src/main/resources/security.properties index 9e59a96..5c39d1e 100644 --- a/core/spring/src/main/resources/security.properties +++ b/core/spring/src/main/resources/security.properties @@ -15,7 +15,7 @@ # specific language governing permissions and limitations # under the License. adminUser=${adminUser} -adminPassword=5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 +adminPassword=${adminPassword} adminPasswordAlgorithm=SHA1 anonymousUser=${anonymousUser} http://git-wip-us.apache.org/repos/asf/syncope/blob/c4c301c9/installer/src/main/java/org/apache/syncope/installer/utilities/MavenUtils.java -- diff --git a/installer/src/main/java/org/apache/syncope/installer/utilities/MavenUtils.java b/installer/src/main/java/org/apache/syncope/installer/utilities/MavenUtils.java index cd773a8..59ee898 100644 --- a/installer/src/main/java/org/apache/syncope/installer/utilities/MavenUtils.java +++ b/installer/src/main/java/org/apache/syncope/installer/utilities/MavenUtils.java @@ -23,15 +23,23 @@ import java.io.File; import java.io.FileNotFoundException; import java.io.IOException; import java.io.PrintStream; +import java.nio.charset.StandardCharsets; import java.nio.file.Files; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; import java.util.ArrayList; import java.util.Collections; import java.util.List; import java.util.Properties; +import java.util.logging.Level; +import java.util.logging.Logger; + import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; + +import org.apache.commons.codec.binary.Hex; import org.apache.commons.io.FileUtils; import org.apache.maven.shared.invoker.DefaultInvocationRequest; import org.apache.maven.shared.invoker.DefaultInvoker; @@ -110,8 +118,17 @@ public class MavenUtils { properties.setProperty("anonymousKey", anonymousKey); properties.setProperty("jwsKey", jwsKey); -//String encodedPassword = PasswordGenerator.password(adminPassword, "SHA-1"); -
syncope git commit: SYNCOPE-1119 - Support specifying the admin password using the installer
Repository: syncope Updated Branches: refs/heads/master 2deb36904 -> cca472be5 SYNCOPE-1119 - Support specifying the admin password using the installer Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/cca472be Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/cca472be Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/cca472be Branch: refs/heads/master Commit: cca472be51fd9d882e4bd8aa8f1e03a4c16112d6 Parents: 2deb369 Author: Colm O hEigeartaighAuthored: Mon Jun 26 17:12:57 2017 +0100 Committer: Colm O hEigeartaigh Committed: Mon Jun 26 17:13:21 2017 +0100 -- .../META-INF/maven/archetype-metadata.xml | 3 +++ archetype/src/main/resources/meta-pom.xml | 1 + .../src/main/resources/security.properties | 2 +- .../syncope/installer/utilities/MavenUtils.java | 21 ++-- .../validators/ArchetypeValidator.java | 5 + .../src/main/resources/izpack/userInputSpec.xml | 4 pom.xml | 1 + 7 files changed, 34 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/cca472be/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml -- diff --git a/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml b/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml index db55592..f3ba98c 100644 --- a/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml +++ b/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml @@ -24,6 +24,9 @@ under the License. + +5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 + http://git-wip-us.apache.org/repos/asf/syncope/blob/cca472be/archetype/src/main/resources/meta-pom.xml -- diff --git a/archetype/src/main/resources/meta-pom.xml b/archetype/src/main/resources/meta-pom.xml index 3ee57a1..a322758 100644 --- a/archetype/src/main/resources/meta-pom.xml +++ b/archetype/src/main/resources/meta-pom.xml @@ -34,6 +34,7 @@ under the License. ${secretKey} ${anonymousKey} ${jwsKey} +${adminPassword} true true http://git-wip-us.apache.org/repos/asf/syncope/blob/cca472be/core/spring/src/main/resources/security.properties -- diff --git a/core/spring/src/main/resources/security.properties b/core/spring/src/main/resources/security.properties index 9e59a96..5c39d1e 100644 --- a/core/spring/src/main/resources/security.properties +++ b/core/spring/src/main/resources/security.properties @@ -15,7 +15,7 @@ # specific language governing permissions and limitations # under the License. adminUser=${adminUser} -adminPassword=5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 +adminPassword=${adminPassword} adminPasswordAlgorithm=SHA1 anonymousUser=${anonymousUser} http://git-wip-us.apache.org/repos/asf/syncope/blob/cca472be/installer/src/main/java/org/apache/syncope/installer/utilities/MavenUtils.java -- diff --git a/installer/src/main/java/org/apache/syncope/installer/utilities/MavenUtils.java b/installer/src/main/java/org/apache/syncope/installer/utilities/MavenUtils.java index cd773a8..59ee898 100644 --- a/installer/src/main/java/org/apache/syncope/installer/utilities/MavenUtils.java +++ b/installer/src/main/java/org/apache/syncope/installer/utilities/MavenUtils.java @@ -23,15 +23,23 @@ import java.io.File; import java.io.FileNotFoundException; import java.io.IOException; import java.io.PrintStream; +import java.nio.charset.StandardCharsets; import java.nio.file.Files; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; import java.util.ArrayList; import java.util.Collections; import java.util.List; import java.util.Properties; +import java.util.logging.Level; +import java.util.logging.Logger; + import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; + +import org.apache.commons.codec.binary.Hex; import org.apache.commons.io.FileUtils; import org.apache.maven.shared.invoker.DefaultInvocationRequest; import org.apache.maven.shared.invoker.DefaultInvoker; @@ -110,8 +118,17 @@ public class MavenUtils { properties.setProperty("anonymousKey", anonymousKey); properties.setProperty("jwsKey", jwsKey); -//String encodedPassword = PasswordGenerator.password(adminPassword, "SHA-1"); -
[1/2] syncope git commit: Fixing some Javadoc warnings
Repository: syncope Updated Branches: refs/heads/2_0_X a9d916e99 -> 9530eac4c Fixing some Javadoc warnings Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/eacb4df3 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/eacb4df3 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/eacb4df3 Branch: refs/heads/2_0_X Commit: eacb4df325cad11412893f502319911d740bfd03 Parents: a9d916e Author: Colm O hEigeartaighAuthored: Mon Jun 26 15:32:28 2017 +0100 Committer: Colm O hEigeartaigh Committed: Mon Jun 26 15:37:42 2017 +0100 -- .../apache/syncope/client/lib/SyncopeClientFactoryBean.java | 9 ++--- .../apache/syncope/common/lib/search/SyncopeProperty.java | 2 +- .../apache/syncope/ide/netbeans/view/ServerDetailsView.java | 2 ++ 3 files changed, 9 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/eacb4df3/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java -- diff --git a/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java b/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java index e51723a..2cf1021 100644 --- a/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java +++ b/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java @@ -245,7 +245,8 @@ public class SyncopeClientFactoryBean { /** * Builds client instance with the given credentials. - * Such credentials will be used only to obtain a valid JWT in the {@link HttpHeaders#AUTHORIZATION} header; + * Such credentials will be used only to obtain a valid JWT in the + * {@link javax.ws.rs.core.HttpHeaders#AUTHORIZATION} header; * * @param username username * @param password password @@ -256,11 +257,13 @@ public class SyncopeClientFactoryBean { } /** - * Builds client instance which will be passing the provided value in the {@link HttpHeaders#AUTHORIZATION} + * Builds client instance which will be passing the provided value in the + * {@link javax.ws.rs.core.HttpHeaders#AUTHORIZATION} * request header. * * @param jwt value received after login, in the {@link RESTHeaders#TOKEN} response header - * @return client instance which will be passing the provided value in the {@link HttpHeaders#AUTHORIZATION} + * @return client instance which will be passing the provided value in the + * {@link javax.ws.rs.core.HttpHeaders#AUTHORIZATION} * request header */ public SyncopeClient create(final String jwt) { http://git-wip-us.apache.org/repos/asf/syncope/blob/eacb4df3/common/lib/src/main/java/org/apache/syncope/common/lib/search/SyncopeProperty.java -- diff --git a/common/lib/src/main/java/org/apache/syncope/common/lib/search/SyncopeProperty.java b/common/lib/src/main/java/org/apache/syncope/common/lib/search/SyncopeProperty.java index fe2d47e..bcc55ca 100644 --- a/common/lib/src/main/java/org/apache/syncope/common/lib/search/SyncopeProperty.java +++ b/common/lib/src/main/java/org/apache/syncope/common/lib/search/SyncopeProperty.java @@ -37,7 +37,7 @@ public interface SyncopeProperty extends Property { /** Is textual property different (ignoring case) than given literal or not matching given pattern? * - * @param literalOrPattern + * @param literalOrPattern The literal or Pattern String * @return updated condition */ CompleteCondition notEqualTolIgnoreCase(String literalOrPattern); http://git-wip-us.apache.org/repos/asf/syncope/blob/eacb4df3/ide/netbeans/src/main/java/org/apache/syncope/ide/netbeans/view/ServerDetailsView.java -- diff --git a/ide/netbeans/src/main/java/org/apache/syncope/ide/netbeans/view/ServerDetailsView.java b/ide/netbeans/src/main/java/org/apache/syncope/ide/netbeans/view/ServerDetailsView.java index ba9c60c..58ebde2 100644 --- a/ide/netbeans/src/main/java/org/apache/syncope/ide/netbeans/view/ServerDetailsView.java +++ b/ide/netbeans/src/main/java/org/apache/syncope/ide/netbeans/view/ServerDetailsView.java @@ -36,6 +36,8 @@ public class ServerDetailsView extends JDialog { /** * Creates new form LoginView + * @param parent Parent Frame + * @param modal Whether it is modal or not */ public ServerDetailsView(final java.awt.Frame parent, final boolean modal) { super(parent, modal);
[2/2] syncope git commit: SYNCOPE-1119 - Updating docs again
SYNCOPE-1119 - Updating docs again Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/9530eac4 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/9530eac4 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/9530eac4 Branch: refs/heads/2_0_X Commit: 9530eac4c973a0bcb1374a50d085217b717fc389 Parents: eacb4df Author: Colm O hEigeartaighAuthored: Mon Jun 26 15:37:00 2017 +0100 Committer: Colm O hEigeartaigh Committed: Mon Jun 26 15:37:47 2017 +0100 -- src/main/asciidoc/getting-started/movingForward.adoc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/9530eac4/src/main/asciidoc/getting-started/movingForward.adoc -- diff --git a/src/main/asciidoc/getting-started/movingForward.adoc b/src/main/asciidoc/getting-started/movingForward.adoc index 2ab602e..9162f6a 100644 --- a/src/main/asciidoc/getting-started/movingForward.adoc +++ b/src/main/asciidoc/getting-started/movingForward.adoc @@ -45,4 +45,5 @@ Authorization" of the Reference Guide for more information. Note that if you installed Syncope using either the installer or the maven archetype methods, then you will have already supplied custom values for "*secretKey*" and "*anonymousKey*". From Syncope 2.0.4 onwards, both installation methods will also -query for "*jwsKey*" and "*adminPassword*", and so no further action is required for these installation methods. +query for "*jwsKey*", and the installer method will prompt for the "*adminPassword*" as well. +
[2/2] syncope git commit: SYNCOPE-1119 - Updating docs again
SYNCOPE-1119 - Updating docs again Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/053cb7e7 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/053cb7e7 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/053cb7e7 Branch: refs/heads/master Commit: 053cb7e733ab5f53d8cf8b87792944800311ed0c Parents: b5889b2 Author: Colm O hEigeartaighAuthored: Mon Jun 26 15:37:00 2017 +0100 Committer: Colm O hEigeartaigh Committed: Mon Jun 26 15:37:00 2017 +0100 -- src/main/asciidoc/getting-started/movingForward.adoc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/053cb7e7/src/main/asciidoc/getting-started/movingForward.adoc -- diff --git a/src/main/asciidoc/getting-started/movingForward.adoc b/src/main/asciidoc/getting-started/movingForward.adoc index 2ab602e..9162f6a 100644 --- a/src/main/asciidoc/getting-started/movingForward.adoc +++ b/src/main/asciidoc/getting-started/movingForward.adoc @@ -45,4 +45,5 @@ Authorization" of the Reference Guide for more information. Note that if you installed Syncope using either the installer or the maven archetype methods, then you will have already supplied custom values for "*secretKey*" and "*anonymousKey*". From Syncope 2.0.4 onwards, both installation methods will also -query for "*jwsKey*" and "*adminPassword*", and so no further action is required for these installation methods. +query for "*jwsKey*", and the installer method will prompt for the "*adminPassword*" as well. +
[1/2] syncope git commit: Fixing some Javadoc warnings
Repository: syncope Updated Branches: refs/heads/master 8432cce7e -> 053cb7e73 Fixing some Javadoc warnings Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/b5889b25 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/b5889b25 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/b5889b25 Branch: refs/heads/master Commit: b5889b250f4b3ed2900feebe3f2c48899c1a517a Parents: 8432cce Author: Colm O hEigeartaighAuthored: Mon Jun 26 15:32:28 2017 +0100 Committer: Colm O hEigeartaigh Committed: Mon Jun 26 15:32:28 2017 +0100 -- .../apache/syncope/client/lib/SyncopeClientFactoryBean.java | 9 ++--- .../apache/syncope/common/lib/search/SyncopeProperty.java | 2 +- .../apache/syncope/ide/netbeans/view/ServerDetailsView.java | 2 ++ 3 files changed, 9 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/b5889b25/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java -- diff --git a/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java b/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java index 1e5924b..eba161d 100644 --- a/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java +++ b/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java @@ -245,7 +245,8 @@ public class SyncopeClientFactoryBean { /** * Builds client instance with the given credentials. - * Such credentials will be used only to obtain a valid JWT in the {@link HttpHeaders#AUTHORIZATION} header; + * Such credentials will be used only to obtain a valid JWT in the + * {@link javax.ws.rs.core.HttpHeaders#AUTHORIZATION} header; * * @param username username * @param password password @@ -256,11 +257,13 @@ public class SyncopeClientFactoryBean { } /** - * Builds client instance which will be passing the provided value in the {@link HttpHeaders#AUTHORIZATION} + * Builds client instance which will be passing the provided value in the + * {@link javax.ws.rs.core.HttpHeaders#AUTHORIZATION} * request header. * * @param jwt value received after login, in the {@link RESTHeaders#TOKEN} response header - * @return client instance which will be passing the provided value in the {@link HttpHeaders#AUTHORIZATION} + * @return client instance which will be passing the provided value in the + * {@link javax.ws.rs.core.HttpHeaders#AUTHORIZATION} * request header */ public SyncopeClient create(final String jwt) { http://git-wip-us.apache.org/repos/asf/syncope/blob/b5889b25/common/lib/src/main/java/org/apache/syncope/common/lib/search/SyncopeProperty.java -- diff --git a/common/lib/src/main/java/org/apache/syncope/common/lib/search/SyncopeProperty.java b/common/lib/src/main/java/org/apache/syncope/common/lib/search/SyncopeProperty.java index fe2d47e..bcc55ca 100644 --- a/common/lib/src/main/java/org/apache/syncope/common/lib/search/SyncopeProperty.java +++ b/common/lib/src/main/java/org/apache/syncope/common/lib/search/SyncopeProperty.java @@ -37,7 +37,7 @@ public interface SyncopeProperty extends Property { /** Is textual property different (ignoring case) than given literal or not matching given pattern? * - * @param literalOrPattern + * @param literalOrPattern The literal or Pattern String * @return updated condition */ CompleteCondition notEqualTolIgnoreCase(String literalOrPattern); http://git-wip-us.apache.org/repos/asf/syncope/blob/b5889b25/ide/netbeans/src/main/java/org/apache/syncope/ide/netbeans/view/ServerDetailsView.java -- diff --git a/ide/netbeans/src/main/java/org/apache/syncope/ide/netbeans/view/ServerDetailsView.java b/ide/netbeans/src/main/java/org/apache/syncope/ide/netbeans/view/ServerDetailsView.java index ba9c60c..58ebde2 100644 --- a/ide/netbeans/src/main/java/org/apache/syncope/ide/netbeans/view/ServerDetailsView.java +++ b/ide/netbeans/src/main/java/org/apache/syncope/ide/netbeans/view/ServerDetailsView.java @@ -36,6 +36,8 @@ public class ServerDetailsView extends JDialog { /** * Creates new form LoginView + * @param parent Parent Frame + * @param modal Whether it is modal or not */ public ServerDetailsView(final java.awt.Frame parent, final boolean modal) { super(parent, modal);
syncope git commit: SYNCOPE-1120 - Use the standard Bearer Authorization header for JWT tokens
Repository: syncope Updated Branches: refs/heads/2_0_X 8a6e9f86a -> 652312dff SYNCOPE-1120 - Use the standard Bearer Authorization header for JWT tokens Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/652312df Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/652312df Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/652312df Branch: refs/heads/2_0_X Commit: 652312dff5eb88dd2cbb462930e50508968afbc4 Parents: 8a6e9f8 Author: Colm O hEigeartaighAuthored: Fri Jun 23 16:36:16 2017 +0100 Committer: Colm O hEigeartaigh Committed: Fri Jun 23 16:37:11 2017 +0100 -- .../client/console/rest/BaseRestClient.java | 5 +++- .../syncope/client/lib/SyncopeClient.java | 24 +--- .../client/lib/SyncopeClientFactoryBean.java| 6 ++--- .../security/JWTAuthenticationFilter.java | 11 + .../rest/cxf/service/SAML2SPServiceImpl.java| 16 ++--- .../org/apache/syncope/fit/AbstractITCase.java | 4 +++- 6 files changed, 46 insertions(+), 20 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/652312df/client/console/src/main/java/org/apache/syncope/client/console/rest/BaseRestClient.java -- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/rest/BaseRestClient.java b/client/console/src/main/java/org/apache/syncope/client/console/rest/BaseRestClient.java index 8b3dce2..4a780a6 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/rest/BaseRestClient.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/rest/BaseRestClient.java @@ -19,6 +19,9 @@ package org.apache.syncope.client.console.rest; import java.net.URI; + +import javax.ws.rs.core.HttpHeaders; + import org.apache.cxf.jaxrs.client.WebClient; import org.apache.syncope.client.console.SyncopeConsoleSession; import org.apache.syncope.client.lib.SyncopeClient; @@ -76,7 +79,7 @@ public abstract class BaseRestClient implements RestClient { webClient.accept(SyncopeConsoleSession.get().getMediaType()).to(location.toASCIIString(), false); return webClient. header(RESTHeaders.DOMAIN, SyncopeConsoleSession.get().getDomain()). -header(RESTHeaders.TOKEN, SyncopeConsoleSession.get().getJWT()). +header(HttpHeaders.AUTHORIZATION, "Bearer " + SyncopeConsoleSession.get().getJWT()). get(resultClass); } } http://git-wip-us.apache.org/repos/asf/syncope/blob/652312df/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClient.java -- diff --git a/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClient.java b/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClient.java index f722cf8..c13fa77 100644 --- a/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClient.java +++ b/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClient.java @@ -27,6 +27,7 @@ import java.util.List; import java.util.Map; import java.util.Set; import javax.ws.rs.core.EntityTag; +import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import org.apache.commons.lang3.tuple.ImmutablePair; @@ -107,18 +108,19 @@ public class SyncopeClient { restClientFactory.setPassword(((BasicAuthenticationHandler) handler).getPassword()); String jwt = getService(AccessTokenService.class).login().getHeaderString(RESTHeaders.TOKEN); -restClientFactory.getHeaders().put(RESTHeaders.TOKEN, Collections.singletonList(jwt)); +restClientFactory.getHeaders().put(HttpHeaders.AUTHORIZATION, Collections.singletonList("Bearer " + jwt)); restClientFactory.setUsername(null); restClientFactory.setPassword(null); } else if (handler instanceof JWTAuthenticationHandler) { restClientFactory.getHeaders().put( -RESTHeaders.TOKEN, Collections.singletonList(((JWTAuthenticationHandler) handler).getJwt())); +HttpHeaders.AUTHORIZATION, +Collections.singletonList("Bearer " + ((JWTAuthenticationHandler) handler).getJwt())); } } protected void cleanup() { -restClientFactory.getHeaders().remove(RESTHeaders.TOKEN); +restClientFactory.getHeaders().remove(HttpHeaders.AUTHORIZATION); restClientFactory.setUsername(null); restClientFactory.setPassword(null); } @@ -128,7 +130,7 @@ public class SyncopeClient { */ public void refresh() { String jwt =
syncope git commit: SYNCOPE-1120 - Use the standard Bearer Authorization header for JWT tokens
Repository: syncope Updated Branches: refs/heads/master e76c59da5 -> ab4c623a3 SYNCOPE-1120 - Use the standard Bearer Authorization header for JWT tokens Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/ab4c623a Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/ab4c623a Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/ab4c623a Branch: refs/heads/master Commit: ab4c623a3f6ccdbe03968235b843ec81a2d97b1f Parents: e76c59d Author: Colm O hEigeartaighAuthored: Fri Jun 23 16:36:16 2017 +0100 Committer: Colm O hEigeartaigh Committed: Fri Jun 23 16:36:48 2017 +0100 -- .../client/console/rest/BaseRestClient.java | 5 +++- .../syncope/client/lib/SyncopeClient.java | 24 +--- .../client/lib/SyncopeClientFactoryBean.java| 6 ++--- .../security/JWTAuthenticationFilter.java | 11 + .../rest/cxf/service/SAML2SPServiceImpl.java| 16 ++--- .../org/apache/syncope/fit/AbstractITCase.java | 4 +++- 6 files changed, 46 insertions(+), 20 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/ab4c623a/client/console/src/main/java/org/apache/syncope/client/console/rest/BaseRestClient.java -- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/rest/BaseRestClient.java b/client/console/src/main/java/org/apache/syncope/client/console/rest/BaseRestClient.java index 8b3dce2..4a780a6 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/rest/BaseRestClient.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/rest/BaseRestClient.java @@ -19,6 +19,9 @@ package org.apache.syncope.client.console.rest; import java.net.URI; + +import javax.ws.rs.core.HttpHeaders; + import org.apache.cxf.jaxrs.client.WebClient; import org.apache.syncope.client.console.SyncopeConsoleSession; import org.apache.syncope.client.lib.SyncopeClient; @@ -76,7 +79,7 @@ public abstract class BaseRestClient implements RestClient { webClient.accept(SyncopeConsoleSession.get().getMediaType()).to(location.toASCIIString(), false); return webClient. header(RESTHeaders.DOMAIN, SyncopeConsoleSession.get().getDomain()). -header(RESTHeaders.TOKEN, SyncopeConsoleSession.get().getJWT()). +header(HttpHeaders.AUTHORIZATION, "Bearer " + SyncopeConsoleSession.get().getJWT()). get(resultClass); } } http://git-wip-us.apache.org/repos/asf/syncope/blob/ab4c623a/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClient.java -- diff --git a/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClient.java b/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClient.java index f722cf8..c13fa77 100644 --- a/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClient.java +++ b/client/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClient.java @@ -27,6 +27,7 @@ import java.util.List; import java.util.Map; import java.util.Set; import javax.ws.rs.core.EntityTag; +import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import org.apache.commons.lang3.tuple.ImmutablePair; @@ -107,18 +108,19 @@ public class SyncopeClient { restClientFactory.setPassword(((BasicAuthenticationHandler) handler).getPassword()); String jwt = getService(AccessTokenService.class).login().getHeaderString(RESTHeaders.TOKEN); -restClientFactory.getHeaders().put(RESTHeaders.TOKEN, Collections.singletonList(jwt)); +restClientFactory.getHeaders().put(HttpHeaders.AUTHORIZATION, Collections.singletonList("Bearer " + jwt)); restClientFactory.setUsername(null); restClientFactory.setPassword(null); } else if (handler instanceof JWTAuthenticationHandler) { restClientFactory.getHeaders().put( -RESTHeaders.TOKEN, Collections.singletonList(((JWTAuthenticationHandler) handler).getJwt())); +HttpHeaders.AUTHORIZATION, +Collections.singletonList("Bearer " + ((JWTAuthenticationHandler) handler).getJwt())); } } protected void cleanup() { -restClientFactory.getHeaders().remove(RESTHeaders.TOKEN); +restClientFactory.getHeaders().remove(HttpHeaders.AUTHORIZATION); restClientFactory.setUsername(null); restClientFactory.setPassword(null); } @@ -128,7 +130,7 @@ public class SyncopeClient { */ public void refresh() { String jwt =
[2/2] syncope git commit: SYNCOPE-1117 - Require that a jwsKey is specified when using the installer + maven archetype
SYNCOPE-1117 - Require that a jwsKey is specified when using the installer + maven archetype Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/61b9f412 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/61b9f412 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/61b9f412 Branch: refs/heads/2_0_X Commit: 61b9f412c5d1b67f43c1c4f04b809cf2bfb2f96a Parents: 9f40bd2 Author: Colm O hEigeartaighAuthored: Fri Jun 23 13:36:08 2017 +0100 Committer: Colm O hEigeartaigh Committed: Fri Jun 23 13:37:17 2017 +0100 -- .../resources/META-INF/maven/archetype-metadata.xml| 1 + archetype/src/main/resources/meta-pom.xml | 1 + .../resources/projects/default/archetype.properties| 2 ++ core/spring/src/main/resources/security.properties | 2 +- .../syncope/installer/processes/ArchetypeProcess.java | 4 +++- .../apache/syncope/installer/utilities/MavenUtils.java | 13 +++-- .../installer/validators/ArchetypeValidator.java | 5 + .../src/main/resources/izpack/ProcessPanel.Spec.xml| 3 ++- .../src/main/resources/izpack/userInputLang.xml_eng| 1 + .../src/main/resources/izpack/userInputLang.xml_ita| 1 + installer/src/main/resources/izpack/userInputSpec.xml | 4 pom.xml| 1 + 12 files changed, 33 insertions(+), 5 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/61b9f412/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml -- diff --git a/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml b/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml index 7060a73..db55592 100644 --- a/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml +++ b/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml @@ -23,6 +23,7 @@ under the License. + http://git-wip-us.apache.org/repos/asf/syncope/blob/61b9f412/archetype/src/main/resources/meta-pom.xml -- diff --git a/archetype/src/main/resources/meta-pom.xml b/archetype/src/main/resources/meta-pom.xml index 47a2d5e..3ee57a1 100644 --- a/archetype/src/main/resources/meta-pom.xml +++ b/archetype/src/main/resources/meta-pom.xml @@ -33,6 +33,7 @@ under the License. ${secretKey} ${anonymousKey} +${jwsKey} true true http://git-wip-us.apache.org/repos/asf/syncope/blob/61b9f412/archetype/src/test/resources/projects/default/archetype.properties -- diff --git a/archetype/src/test/resources/projects/default/archetype.properties b/archetype/src/test/resources/projects/default/archetype.properties index e8b1aee..620c4b7 100644 --- a/archetype/src/test/resources/projects/default/archetype.properties +++ b/archetype/src/test/resources/projects/default/archetype.properties @@ -19,3 +19,5 @@ artifactId=syncope-test version=1.0-SNAPSHOT secretKey=testSecretKey anonymousKey=testAnonymousKey +jwsKey=testJwsKey +adminPassword=testPassword http://git-wip-us.apache.org/repos/asf/syncope/blob/61b9f412/core/spring/src/main/resources/security.properties -- diff --git a/core/spring/src/main/resources/security.properties b/core/spring/src/main/resources/security.properties index d4f892b..9e59a96 100644 --- a/core/spring/src/main/resources/security.properties +++ b/core/spring/src/main/resources/security.properties @@ -23,7 +23,7 @@ anonymousKey=${anonymousKey} secretKey=${secretKey} -jwsKey=ZW7pRixehFuNUtnY5Se47IemgMryTzazPPJ9CGX5LTCmsOJpOgHAQEuPQeV9A28f +jwsKey=${jwsKey} jwtIssuer=ApacheSyncope # default for LDAP / RFC2307 SSHA http://git-wip-us.apache.org/repos/asf/syncope/blob/61b9f412/installer/src/main/java/org/apache/syncope/installer/processes/ArchetypeProcess.java -- diff --git a/installer/src/main/java/org/apache/syncope/installer/processes/ArchetypeProcess.java b/installer/src/main/java/org/apache/syncope/installer/processes/ArchetypeProcess.java index e0e61b0..8115b2b 100644 --- a/installer/src/main/java/org/apache/syncope/installer/processes/ArchetypeProcess.java +++ b/installer/src/main/java/org/apache/syncope/installer/processes/ArchetypeProcess.java @@ -56,6 +56,7 @@ public class ArchetypeProcess extends BaseProcess { final boolean mavenProxyAutoconf = Boolean.valueOf(args[17]); final boolean swagger = Boolean.valueOf(args[18]); final boolean activiti = Boolean.valueOf(args[19]); +
[1/2] syncope git commit: SYNCOPE-1119 - Make it more obvious that the default admin password needs to be changed
Repository: syncope Updated Branches: refs/heads/2_0_X 7e3a4c909 -> 61b9f412c SYNCOPE-1119 - Make it more obvious that the default admin password needs to be changed Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/9f40bd25 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/9f40bd25 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/9f40bd25 Branch: refs/heads/2_0_X Commit: 9f40bd25b48f32fa5e5289a00e6f033925c81f26 Parents: 7e3a4c9 Author: Colm O hEigeartaighAuthored: Fri Jun 23 12:37:29 2017 +0100 Committer: Colm O hEigeartaigh Committed: Fri Jun 23 13:37:10 2017 +0100 -- .../spring/security/UsernamePasswordAuthenticationProvider.java | 4 1 file changed, 4 insertions(+) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/9f40bd25/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java -- diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java index 28cc970..2a5430e 100644 --- a/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java +++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java @@ -50,6 +50,9 @@ public class UsernamePasswordAuthenticationProvider implements AuthenticationPro @Autowired protected UserProvisioningManager provisioningManager; +@Autowired +private DefaultCredentialChecker credentialChecker; + @Resource(name = "adminUser") protected String adminUser; @@ -99,6 +102,7 @@ public class UsernamePasswordAuthenticationProvider implements AuthenticationPro } else if (adminUser.equals(authentication.getName())) { username[0] = adminUser; if (SyncopeConstants.MASTER_DOMAIN.equals(domainKey)) { +credentialChecker.checkIsDefaultAdminPasswordInUse(); authenticated = ENCRYPTOR.verify( authentication.getCredentials().toString(), CipherAlgorithm.valueOf(adminPasswordAlgorithm),
[2/2] syncope git commit: SYNCOPE-1119 - Make it more obvious that the default admin password needs to be changed
SYNCOPE-1119 - Make it more obvious that the default admin password needs to be changed Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/14d5e768 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/14d5e768 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/14d5e768 Branch: refs/heads/master Commit: 14d5e768734e725d8a0ec2738257a94abb682876 Parents: bdff1fd Author: Colm O hEigeartaighAuthored: Fri Jun 23 12:37:29 2017 +0100 Committer: Colm O hEigeartaigh Committed: Fri Jun 23 13:36:31 2017 +0100 -- .../spring/security/UsernamePasswordAuthenticationProvider.java | 4 1 file changed, 4 insertions(+) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/14d5e768/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java -- diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java index 28cc970..2a5430e 100644 --- a/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java +++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/UsernamePasswordAuthenticationProvider.java @@ -50,6 +50,9 @@ public class UsernamePasswordAuthenticationProvider implements AuthenticationPro @Autowired protected UserProvisioningManager provisioningManager; +@Autowired +private DefaultCredentialChecker credentialChecker; + @Resource(name = "adminUser") protected String adminUser; @@ -99,6 +102,7 @@ public class UsernamePasswordAuthenticationProvider implements AuthenticationPro } else if (adminUser.equals(authentication.getName())) { username[0] = adminUser; if (SyncopeConstants.MASTER_DOMAIN.equals(domainKey)) { +credentialChecker.checkIsDefaultAdminPasswordInUse(); authenticated = ENCRYPTOR.verify( authentication.getCredentials().toString(), CipherAlgorithm.valueOf(adminPasswordAlgorithm),
[1/2] syncope git commit: SYNCOPE-1117 - Require that a jwsKey is specified when using the installer + maven archetype
Repository: syncope Updated Branches: refs/heads/master bdff1fd61 -> 3b88f6830 SYNCOPE-1117 - Require that a jwsKey is specified when using the installer + maven archetype Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/3b88f683 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/3b88f683 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/3b88f683 Branch: refs/heads/master Commit: 3b88f683089162b62fe7b190be177e79e35944ea Parents: 14d5e76 Author: Colm O hEigeartaighAuthored: Fri Jun 23 13:36:08 2017 +0100 Committer: Colm O hEigeartaigh Committed: Fri Jun 23 13:36:31 2017 +0100 -- .../resources/META-INF/maven/archetype-metadata.xml| 1 + archetype/src/main/resources/meta-pom.xml | 1 + .../resources/projects/default/archetype.properties| 2 ++ core/spring/src/main/resources/security.properties | 2 +- .../syncope/installer/processes/ArchetypeProcess.java | 4 +++- .../apache/syncope/installer/utilities/MavenUtils.java | 13 +++-- .../installer/validators/ArchetypeValidator.java | 5 + .../src/main/resources/izpack/ProcessPanel.Spec.xml| 3 ++- .../src/main/resources/izpack/userInputLang.xml_eng| 1 + .../src/main/resources/izpack/userInputLang.xml_ita| 1 + installer/src/main/resources/izpack/userInputSpec.xml | 4 pom.xml| 1 + 12 files changed, 33 insertions(+), 5 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/3b88f683/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml -- diff --git a/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml b/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml index 7060a73..db55592 100644 --- a/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml +++ b/archetype/src/main/resources/META-INF/maven/archetype-metadata.xml @@ -23,6 +23,7 @@ under the License. + http://git-wip-us.apache.org/repos/asf/syncope/blob/3b88f683/archetype/src/main/resources/meta-pom.xml -- diff --git a/archetype/src/main/resources/meta-pom.xml b/archetype/src/main/resources/meta-pom.xml index 47a2d5e..3ee57a1 100644 --- a/archetype/src/main/resources/meta-pom.xml +++ b/archetype/src/main/resources/meta-pom.xml @@ -33,6 +33,7 @@ under the License. ${secretKey} ${anonymousKey} +${jwsKey} true true http://git-wip-us.apache.org/repos/asf/syncope/blob/3b88f683/archetype/src/test/resources/projects/default/archetype.properties -- diff --git a/archetype/src/test/resources/projects/default/archetype.properties b/archetype/src/test/resources/projects/default/archetype.properties index e8b1aee..620c4b7 100644 --- a/archetype/src/test/resources/projects/default/archetype.properties +++ b/archetype/src/test/resources/projects/default/archetype.properties @@ -19,3 +19,5 @@ artifactId=syncope-test version=1.0-SNAPSHOT secretKey=testSecretKey anonymousKey=testAnonymousKey +jwsKey=testJwsKey +adminPassword=testPassword http://git-wip-us.apache.org/repos/asf/syncope/blob/3b88f683/core/spring/src/main/resources/security.properties -- diff --git a/core/spring/src/main/resources/security.properties b/core/spring/src/main/resources/security.properties index d4f892b..9e59a96 100644 --- a/core/spring/src/main/resources/security.properties +++ b/core/spring/src/main/resources/security.properties @@ -23,7 +23,7 @@ anonymousKey=${anonymousKey} secretKey=${secretKey} -jwsKey=ZW7pRixehFuNUtnY5Se47IemgMryTzazPPJ9CGX5LTCmsOJpOgHAQEuPQeV9A28f +jwsKey=${jwsKey} jwtIssuer=ApacheSyncope # default for LDAP / RFC2307 SSHA http://git-wip-us.apache.org/repos/asf/syncope/blob/3b88f683/installer/src/main/java/org/apache/syncope/installer/processes/ArchetypeProcess.java -- diff --git a/installer/src/main/java/org/apache/syncope/installer/processes/ArchetypeProcess.java b/installer/src/main/java/org/apache/syncope/installer/processes/ArchetypeProcess.java index e0e61b0..8115b2b 100644 --- a/installer/src/main/java/org/apache/syncope/installer/processes/ArchetypeProcess.java +++ b/installer/src/main/java/org/apache/syncope/installer/processes/ArchetypeProcess.java @@ -56,6 +56,7 @@ public class ArchetypeProcess extends BaseProcess { final boolean mavenProxyAutoconf = Boolean.valueOf(args[17]); final boolean swagger =
[1/3] syncope git commit: Add a test to make sure we can't fake a JWT Id
Repository: syncope Updated Branches: refs/heads/2_0_X eeb4febd9 -> 579d5b7c8 Add a test to make sure we can't fake a JWT Id Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/a775712e Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/a775712e Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/a775712e Branch: refs/heads/2_0_X Commit: a775712eb59787d887ff5fe43ae350a95a99942c Parents: eeb4feb Author: Colm O hEigeartaighAuthored: Thu Jun 22 15:39:16 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Jun 22 17:08:50 2017 +0100 -- .../org/apache/syncope/fit/core/JWTITCase.java | 45 1 file changed, 45 insertions(+) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/a775712e/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java -- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java index 703a706..bc1767a 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java @@ -48,6 +48,8 @@ import org.apache.syncope.common.rest.api.service.UserSelfService; import org.apache.syncope.fit.AbstractITCase; import org.junit.Test; +import com.fasterxml.uuid.Generators; + /** * Some tests for JWT Tokens */ @@ -339,4 +341,47 @@ public class JWTITCase extends AbstractITCase { } } +@Test +public void testUnknownId() throws ParseException { +// Get an initial token +SyncopeClient adminClient = clientFactory.create(ADMIN_UNAME, ADMIN_PWD); +AccessTokenService accessTokenService = adminClient.getService(AccessTokenService.class); + +Response response = accessTokenService.login(); +String token = response.getHeaderString(RESTHeaders.TOKEN); +assertNotNull(token); + +// Create a new token using an unknown Id +Date now = new Date(); + +Calendar expiry = Calendar.getInstance(); +expiry.setTime(now); +expiry.add(Calendar.MINUTE, 5); + +JwtClaims jwtClaims = new JwtClaims(); + jwtClaims.setTokenId(Generators.randomBasedGenerator().generate().toString()); +jwtClaims.setSubject("admin"); +jwtClaims.setIssuedAt(now.getTime()); +jwtClaims.setIssuer(JWT_ISSUER); +jwtClaims.setExpiryTime(expiry.getTime().getTime()); +jwtClaims.setNotBefore(now.getTime()); + +JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.HS512); +JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims); +JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken); + +JwsSignatureProvider jwsSignatureProvider = +new HmacJwsSignatureProvider(JWS_KEY.getBytes(), SignatureAlgorithm.HS512); +String signed = producer.signWith(jwsSignatureProvider); + +SyncopeClient jwtClient = clientFactory.create(signed); +UserSelfService jwtUserSelfService = jwtClient.getService(UserSelfService.class); +try { +jwtUserSelfService.read(); +fail("Failure expected on an unknown id"); +} catch (AccessControlException ex) { +// expected +} +} + }
[2/3] syncope git commit: Changing test file to reference the jws bytes correctly
Changing test file to reference the jws bytes correctly Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/fe20846c Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/fe20846c Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/fe20846c Branch: refs/heads/2_0_X Commit: fe20846cc83c81f0a3a12f4c36a6e5f9ffb71009 Parents: a775712 Author: Colm O hEigeartaighAuthored: Thu Jun 22 16:09:39 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Jun 22 17:08:56 2017 +0100 -- core/provisioning-java/src/test/resources/provisioningTest.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/fe20846c/core/provisioning-java/src/test/resources/provisioningTest.xml -- diff --git a/core/provisioning-java/src/test/resources/provisioningTest.xml b/core/provisioning-java/src/test/resources/provisioningTest.xml index b16780f..4db50f0 100644 --- a/core/provisioning-java/src/test/resources/provisioningTest.xml +++ b/core/provisioning-java/src/test/resources/provisioningTest.xml @@ -45,13 +45,13 @@ under the License. - + HS512 - + HS512
[3/3] syncope git commit: [SYNCOPE-1117] - Add a "DefaultCredentialChecker" to log a warning if the default JWS key is being used
[SYNCOPE-1117] - Add a "DefaultCredentialChecker" to log a warning if the default JWS key is being used Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/579d5b7c Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/579d5b7c Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/579d5b7c Branch: refs/heads/2_0_X Commit: 579d5b7c8ef9bdbe4716c14932fc3597f5975591 Parents: fe20846 Author: Colm O hEigeartaighAuthored: Thu Jun 22 16:33:25 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Jun 22 17:09:02 2017 +0100 -- .../java/data/AccessTokenDataBinderImpl.java| 8 +++ .../src/test/resources/provisioningTest.xml | 4 ++ .../security/DefaultCredentialChecker.java | 55 .../security/JWTAuthenticationFilter.java | 5 ++ .../src/main/resources/securityContext.xml | 6 +++ 5 files changed, 78 insertions(+) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/579d5b7c/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java -- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java index d4d8afc..13a5b93 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java @@ -42,6 +42,7 @@ import org.apache.syncope.core.provisioning.api.data.AccessTokenDataBinder; import org.apache.syncope.core.provisioning.api.serialization.POJOHelper; import org.apache.syncope.core.spring.BeanUtils; import org.apache.syncope.core.spring.security.AuthContextUtils; +import org.apache.syncope.core.spring.security.DefaultCredentialChecker; import org.apache.syncope.core.spring.security.Encryptor; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -77,10 +78,15 @@ public class AccessTokenDataBinderImpl implements AccessTokenDataBinder { @Autowired private EntityFactory entityFactory; +@Autowired +private DefaultCredentialChecker credentialChecker; + @Override public Triple generateJWT( final String subject, final int duration, final Map claims) { +credentialChecker.checkIsDefaultJWSKeyInUse(); + Date now = new Date(); Date expiry = new Date(now.getTime() + 60L * 1000L * duration); @@ -156,6 +162,8 @@ public class AccessTokenDataBinderImpl implements AccessTokenDataBinder { public Pair update(final AccessToken accessToken) { JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(accessToken.getBody()); +credentialChecker.checkIsDefaultJWSKeyInUse(); + Date now = new Date(); int duration = confDAO.find("jwt.lifetime.minutes", "120").getValues().get(0).getLongValue().intValue(); Date expiry = new Date(now.getTime() + 60L * 1000L * duration); http://git-wip-us.apache.org/repos/asf/syncope/blob/579d5b7c/core/provisioning-java/src/test/resources/provisioningTest.xml -- diff --git a/core/provisioning-java/src/test/resources/provisioningTest.xml b/core/provisioning-java/src/test/resources/provisioningTest.xml index 4db50f0..53fb6d9 100644 --- a/core/provisioning-java/src/test/resources/provisioningTest.xml +++ b/core/provisioning-java/src/test/resources/provisioningTest.xml @@ -56,5 +56,9 @@ under the License. HS512 + + + + http://git-wip-us.apache.org/repos/asf/syncope/blob/579d5b7c/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java -- diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java new file mode 100644 index 000..3dc0ea0 --- /dev/null +++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java @@ -0,0 +1,55 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0
[3/3] syncope git commit: [SYNCOPE-1117] - Add a "DefaultCredentialChecker" to log a warning if the default JWS key is being used
[SYNCOPE-1117] - Add a "DefaultCredentialChecker" to log a warning if the default JWS key is being used Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/a4f35119 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/a4f35119 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/a4f35119 Branch: refs/heads/master Commit: a4f351196912442cd54b2e4329d952cd9855ea34 Parents: 24f3eeb Author: Colm O hEigeartaighAuthored: Thu Jun 22 16:33:25 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Jun 22 16:33:25 2017 +0100 -- .../java/data/AccessTokenDataBinderImpl.java| 8 +++ .../src/test/resources/provisioningTest.xml | 4 ++ .../security/DefaultCredentialChecker.java | 55 .../security/JWTAuthenticationFilter.java | 5 ++ .../src/main/resources/securityContext.xml | 6 +++ 5 files changed, 78 insertions(+) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/a4f35119/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java -- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java index d4d8afc..13a5b93 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java @@ -42,6 +42,7 @@ import org.apache.syncope.core.provisioning.api.data.AccessTokenDataBinder; import org.apache.syncope.core.provisioning.api.serialization.POJOHelper; import org.apache.syncope.core.spring.BeanUtils; import org.apache.syncope.core.spring.security.AuthContextUtils; +import org.apache.syncope.core.spring.security.DefaultCredentialChecker; import org.apache.syncope.core.spring.security.Encryptor; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -77,10 +78,15 @@ public class AccessTokenDataBinderImpl implements AccessTokenDataBinder { @Autowired private EntityFactory entityFactory; +@Autowired +private DefaultCredentialChecker credentialChecker; + @Override public Triple generateJWT( final String subject, final int duration, final Map claims) { +credentialChecker.checkIsDefaultJWSKeyInUse(); + Date now = new Date(); Date expiry = new Date(now.getTime() + 60L * 1000L * duration); @@ -156,6 +162,8 @@ public class AccessTokenDataBinderImpl implements AccessTokenDataBinder { public Pair update(final AccessToken accessToken) { JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(accessToken.getBody()); +credentialChecker.checkIsDefaultJWSKeyInUse(); + Date now = new Date(); int duration = confDAO.find("jwt.lifetime.minutes", "120").getValues().get(0).getLongValue().intValue(); Date expiry = new Date(now.getTime() + 60L * 1000L * duration); http://git-wip-us.apache.org/repos/asf/syncope/blob/a4f35119/core/provisioning-java/src/test/resources/provisioningTest.xml -- diff --git a/core/provisioning-java/src/test/resources/provisioningTest.xml b/core/provisioning-java/src/test/resources/provisioningTest.xml index 4db50f0..53fb6d9 100644 --- a/core/provisioning-java/src/test/resources/provisioningTest.xml +++ b/core/provisioning-java/src/test/resources/provisioningTest.xml @@ -56,5 +56,9 @@ under the License. HS512 + + + + http://git-wip-us.apache.org/repos/asf/syncope/blob/a4f35119/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java -- diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java new file mode 100644 index 000..3dc0ea0 --- /dev/null +++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java @@ -0,0 +1,55 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0
[2/3] syncope git commit: Changing test file to reference the jws bytes correctly
Changing test file to reference the jws bytes correctly Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/24f3eebf Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/24f3eebf Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/24f3eebf Branch: refs/heads/master Commit: 24f3eebf53aed4c380d142a879ee4bc98d702d35 Parents: 9ed7b7b Author: Colm O hEigeartaighAuthored: Thu Jun 22 16:09:39 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Jun 22 16:09:39 2017 +0100 -- core/provisioning-java/src/test/resources/provisioningTest.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/24f3eebf/core/provisioning-java/src/test/resources/provisioningTest.xml -- diff --git a/core/provisioning-java/src/test/resources/provisioningTest.xml b/core/provisioning-java/src/test/resources/provisioningTest.xml index b16780f..4db50f0 100644 --- a/core/provisioning-java/src/test/resources/provisioningTest.xml +++ b/core/provisioning-java/src/test/resources/provisioningTest.xml @@ -45,13 +45,13 @@ under the License. - + HS512 - + HS512
[1/3] syncope git commit: Add a test to make sure we can't fake a JWT Id
Repository: syncope Updated Branches: refs/heads/master 0e21f7c1a -> a4f351196 Add a test to make sure we can't fake a JWT Id Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/9ed7b7bb Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/9ed7b7bb Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/9ed7b7bb Branch: refs/heads/master Commit: 9ed7b7bb6831696d036a6afc95267ef8d5712f3d Parents: 0e21f7c Author: Colm O hEigeartaighAuthored: Thu Jun 22 15:39:16 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Jun 22 15:39:16 2017 +0100 -- .../org/apache/syncope/fit/core/JWTITCase.java | 45 1 file changed, 45 insertions(+) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/9ed7b7bb/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java -- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java index 703a706..bc1767a 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java @@ -48,6 +48,8 @@ import org.apache.syncope.common.rest.api.service.UserSelfService; import org.apache.syncope.fit.AbstractITCase; import org.junit.Test; +import com.fasterxml.uuid.Generators; + /** * Some tests for JWT Tokens */ @@ -339,4 +341,47 @@ public class JWTITCase extends AbstractITCase { } } +@Test +public void testUnknownId() throws ParseException { +// Get an initial token +SyncopeClient adminClient = clientFactory.create(ADMIN_UNAME, ADMIN_PWD); +AccessTokenService accessTokenService = adminClient.getService(AccessTokenService.class); + +Response response = accessTokenService.login(); +String token = response.getHeaderString(RESTHeaders.TOKEN); +assertNotNull(token); + +// Create a new token using an unknown Id +Date now = new Date(); + +Calendar expiry = Calendar.getInstance(); +expiry.setTime(now); +expiry.add(Calendar.MINUTE, 5); + +JwtClaims jwtClaims = new JwtClaims(); + jwtClaims.setTokenId(Generators.randomBasedGenerator().generate().toString()); +jwtClaims.setSubject("admin"); +jwtClaims.setIssuedAt(now.getTime()); +jwtClaims.setIssuer(JWT_ISSUER); +jwtClaims.setExpiryTime(expiry.getTime().getTime()); +jwtClaims.setNotBefore(now.getTime()); + +JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.HS512); +JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims); +JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken); + +JwsSignatureProvider jwsSignatureProvider = +new HmacJwsSignatureProvider(JWS_KEY.getBytes(), SignatureAlgorithm.HS512); +String signed = producer.signWith(jwsSignatureProvider); + +SyncopeClient jwtClient = clientFactory.create(signed); +UserSelfService jwtUserSelfService = jwtClient.getService(UserSelfService.class); +try { +jwtUserSelfService.read(); +fail("Failure expected on an unknown id"); +} catch (AccessControlException ex) { +// expected +} +} + }
syncope git commit: SYNCOPE-1117 - Tweaking the docs a bit for 2.0.4
Repository: syncope Updated Branches: refs/heads/2_0_X af417daf6 -> eeb4febd9 SYNCOPE-1117 - Tweaking the docs a bit for 2.0.4 Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/eeb4febd Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/eeb4febd Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/eeb4febd Branch: refs/heads/2_0_X Commit: eeb4febd9169fce052bd864cf609493d6302ee79 Parents: af417da Author: Colm O hEigeartaighAuthored: Thu Jun 22 13:19:35 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Jun 22 13:20:00 2017 +0100 -- src/main/asciidoc/getting-started/movingForward.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/eeb4febd/src/main/asciidoc/getting-started/movingForward.adoc -- diff --git a/src/main/asciidoc/getting-started/movingForward.adoc b/src/main/asciidoc/getting-started/movingForward.adoc index fd5f84f..2ab602e 100644 --- a/src/main/asciidoc/getting-started/movingForward.adoc +++ b/src/main/asciidoc/getting-started/movingForward.adoc @@ -45,4 +45,4 @@ Authorization" of the Reference Guide for more information. Note that if you installed Syncope using either the installer or the maven archetype methods, then you will have already supplied custom values for "*secretKey*" and "*anonymousKey*". From Syncope 2.0.4 onwards, both installation methods will also -query for "*jwsKey*", meaning that only the "*adminPassword*" must be changed for these installation methods. +query for "*jwsKey*" and "*adminPassword*", and so no further action is required for these installation methods.
syncope git commit: SYNCOPE-1117 - Tweaking the docs a bit for 2.0.4
Repository: syncope Updated Branches: refs/heads/master a18b08c14 -> 0e21f7c1a SYNCOPE-1117 - Tweaking the docs a bit for 2.0.4 Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/0e21f7c1 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/0e21f7c1 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/0e21f7c1 Branch: refs/heads/master Commit: 0e21f7c1a6492c5cc61956c3654a1483d2680092 Parents: a18b08c Author: Colm O hEigeartaighAuthored: Thu Jun 22 13:19:35 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Jun 22 13:19:35 2017 +0100 -- src/main/asciidoc/getting-started/movingForward.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/0e21f7c1/src/main/asciidoc/getting-started/movingForward.adoc -- diff --git a/src/main/asciidoc/getting-started/movingForward.adoc b/src/main/asciidoc/getting-started/movingForward.adoc index fd5f84f..2ab602e 100644 --- a/src/main/asciidoc/getting-started/movingForward.adoc +++ b/src/main/asciidoc/getting-started/movingForward.adoc @@ -45,4 +45,4 @@ Authorization" of the Reference Guide for more information. Note that if you installed Syncope using either the installer or the maven archetype methods, then you will have already supplied custom values for "*secretKey*" and "*anonymousKey*". From Syncope 2.0.4 onwards, both installation methods will also -query for "*jwsKey*", meaning that only the "*adminPassword*" must be changed for these installation methods. +query for "*jwsKey*" and "*adminPassword*", and so no further action is required for these installation methods.
syncope git commit: SYNCOPE-1117 - Update the getting started docs with information about changing default security values
Repository: syncope Updated Branches: refs/heads/2_0_X 168ab95e9 -> af417daf6 SYNCOPE-1117 - Update the getting started docs with information about changing default security values Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/af417daf Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/af417daf Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/af417daf Branch: refs/heads/2_0_X Commit: af417daf6b8bdf6122df6197a029c47b54beecbf Parents: 168ab95 Author: Colm O hEigeartaighAuthored: Thu Jun 22 13:05:23 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Jun 22 13:05:59 2017 +0100 -- .../asciidoc/getting-started/movingForward.adoc | 18 ++ 1 file changed, 18 insertions(+) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/af417daf/src/main/asciidoc/getting-started/movingForward.adoc -- diff --git a/src/main/asciidoc/getting-started/movingForward.adoc b/src/main/asciidoc/getting-started/movingForward.adoc index 7ebb7c6..fd5f84f 100644 --- a/src/main/asciidoc/getting-started/movingForward.adoc +++ b/src/main/asciidoc/getting-started/movingForward.adoc @@ -28,3 +28,21 @@ ifeval::["{backend}" == "pdf"] http://syncope.apache.org/docs/reference-guide.pdf[Apache Syncope Reference Guide] endif::[] to understand how to configure, extend, customize and deploy your new Apache Syncope project. + +Before deploying your Apache Syncope installation into production, it is essential to ensure that the default values for +various security properties have been changed to values specific to your deployment. + +The following values must be changed from the defaults in the `security.properties` file: + +* *adminPassword* - The SHA1 hash evaluation of the cleartext password, the default value of which is "password". +* *secretKey* - The secret key value used for AES ciphering. Only required if either: +** the value for "*adminPasswordAlgorithm*" is "AES" or +** the configuration parameter "password.cipher.algorithm" is changed to "AES" (See section 4.6.12 "Configuration Parameters" of +the Reference Guide for more information). +* *anonymousKey* - The key value to use for anonymous requests. +* *jwsKey* - The symmetric signing key used to sign access tokens (Syncope 2.0.3 onwards only). See section 4.4.1 "REST Authentication and +Authorization" of the Reference Guide for more information. + +Note that if you installed Syncope using either the installer or the maven archetype methods, then you will have already +supplied custom values for "*secretKey*" and "*anonymousKey*". From Syncope 2.0.4 onwards, both installation methods will also +query for "*jwsKey*", meaning that only the "*adminPassword*" must be changed for these installation methods.
syncope git commit: SYNCOPE-1117 - Update the getting started docs with information about changing default security values
Repository: syncope Updated Branches: refs/heads/master 16096f6d8 -> a18b08c14 SYNCOPE-1117 - Update the getting started docs with information about changing default security values Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/a18b08c1 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/a18b08c1 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/a18b08c1 Branch: refs/heads/master Commit: a18b08c144abf2c1ae56c1cde89bfcda2267d4c1 Parents: 16096f6 Author: Colm O hEigeartaighAuthored: Thu Jun 22 13:05:23 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Jun 22 13:05:23 2017 +0100 -- .../asciidoc/getting-started/movingForward.adoc | 18 ++ 1 file changed, 18 insertions(+) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/a18b08c1/src/main/asciidoc/getting-started/movingForward.adoc -- diff --git a/src/main/asciidoc/getting-started/movingForward.adoc b/src/main/asciidoc/getting-started/movingForward.adoc index 7ebb7c6..fd5f84f 100644 --- a/src/main/asciidoc/getting-started/movingForward.adoc +++ b/src/main/asciidoc/getting-started/movingForward.adoc @@ -28,3 +28,21 @@ ifeval::["{backend}" == "pdf"] http://syncope.apache.org/docs/reference-guide.pdf[Apache Syncope Reference Guide] endif::[] to understand how to configure, extend, customize and deploy your new Apache Syncope project. + +Before deploying your Apache Syncope installation into production, it is essential to ensure that the default values for +various security properties have been changed to values specific to your deployment. + +The following values must be changed from the defaults in the `security.properties` file: + +* *adminPassword* - The SHA1 hash evaluation of the cleartext password, the default value of which is "password". +* *secretKey* - The secret key value used for AES ciphering. Only required if either: +** the value for "*adminPasswordAlgorithm*" is "AES" or +** the configuration parameter "password.cipher.algorithm" is changed to "AES" (See section 4.6.12 "Configuration Parameters" of +the Reference Guide for more information). +* *anonymousKey* - The key value to use for anonymous requests. +* *jwsKey* - The symmetric signing key used to sign access tokens (Syncope 2.0.3 onwards only). See section 4.4.1 "REST Authentication and +Authorization" of the Reference Guide for more information. + +Note that if you installed Syncope using either the installer or the maven archetype methods, then you will have already +supplied custom values for "*secretKey*" and "*anonymousKey*". From Syncope 2.0.4 onwards, both installation methods will also +query for "*jwsKey*", meaning that only the "*adminPassword*" must be changed for these installation methods.
syncope git commit: Adding a "None" signature test-case
Repository: syncope Updated Branches: refs/heads/2_0_X e71a33683 -> 4634f910d Adding a "None" signature test-case Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/4634f910 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/4634f910 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/4634f910 Branch: refs/heads/2_0_X Commit: 4634f910d72c53c75acf159ada6a7a79a406a425 Parents: e71a336 Author: Colm O hEigeartaighAuthored: Wed Jun 21 16:32:21 2017 +0100 Committer: Colm O hEigeartaigh Committed: Wed Jun 21 17:38:54 2017 +0100 -- .../org/apache/syncope/fit/core/JWTITCase.java | 41 1 file changed, 41 insertions(+) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/4634f910/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java -- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java index 42164fc..703a706 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java @@ -38,6 +38,7 @@ import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer; import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer; import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider; import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier; +import org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider; import org.apache.cxf.rs.security.jose.jwt.JwtClaims; import org.apache.cxf.rs.security.jose.jwt.JwtToken; import org.apache.syncope.client.lib.SyncopeClient; @@ -298,4 +299,44 @@ public class JWTITCase extends AbstractITCase { // expected } } + +@Test +public void testNoneSignature() throws ParseException { +// Get an initial token +SyncopeClient adminClient = clientFactory.create(ADMIN_UNAME, ADMIN_PWD); +AccessTokenService accessTokenService = adminClient.getService(AccessTokenService.class); + +Response response = accessTokenService.login(); +String token = response.getHeaderString(RESTHeaders.TOKEN); +assertNotNull(token); +JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(token); +String tokenId = consumer.getJwtClaims().getTokenId(); + +// Create a new token using the Id of the first token + +JwtClaims jwtClaims = new JwtClaims(); +jwtClaims.setTokenId(tokenId); +jwtClaims.setSubject(consumer.getJwtClaims().getSubject()); +jwtClaims.setIssuedAt(consumer.getJwtClaims().getIssuedAt()); +jwtClaims.setIssuer(consumer.getJwtClaims().getIssuer()); +jwtClaims.setExpiryTime(consumer.getJwtClaims().getExpiryTime()); +jwtClaims.setNotBefore(consumer.getJwtClaims().getNotBefore()); + +JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.NONE); +JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims); +JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken); + +JwsSignatureProvider jwsSignatureProvider = new NoneJwsSignatureProvider(); +String signed = producer.signWith(jwsSignatureProvider); + +SyncopeClient jwtClient = clientFactory.create(signed); +UserSelfService jwtUserSelfService = jwtClient.getService(UserSelfService.class); +try { +jwtUserSelfService.read(); +fail("Failure expected on no signature"); +} catch (AccessControlException ex) { +// expected +} +} + }
syncope git commit: Adding a "None" signature test-case
Repository: syncope Updated Branches: refs/heads/master 7d20e44d1 -> 6edc1e675 Adding a "None" signature test-case Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/6edc1e67 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/6edc1e67 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/6edc1e67 Branch: refs/heads/master Commit: 6edc1e67554d90dd3d1fc62ff064dc1b8a0c4978 Parents: 7d20e44 Author: Colm O hEigeartaighAuthored: Wed Jun 21 16:32:21 2017 +0100 Committer: Colm O hEigeartaigh Committed: Wed Jun 21 17:37:41 2017 +0100 -- .../org/apache/syncope/fit/core/JWTITCase.java | 41 1 file changed, 41 insertions(+) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/6edc1e67/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java -- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java index 42164fc..703a706 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/JWTITCase.java @@ -38,6 +38,7 @@ import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer; import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer; import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider; import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier; +import org.apache.cxf.rs.security.jose.jws.NoneJwsSignatureProvider; import org.apache.cxf.rs.security.jose.jwt.JwtClaims; import org.apache.cxf.rs.security.jose.jwt.JwtToken; import org.apache.syncope.client.lib.SyncopeClient; @@ -298,4 +299,44 @@ public class JWTITCase extends AbstractITCase { // expected } } + +@Test +public void testNoneSignature() throws ParseException { +// Get an initial token +SyncopeClient adminClient = clientFactory.create(ADMIN_UNAME, ADMIN_PWD); +AccessTokenService accessTokenService = adminClient.getService(AccessTokenService.class); + +Response response = accessTokenService.login(); +String token = response.getHeaderString(RESTHeaders.TOKEN); +assertNotNull(token); +JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(token); +String tokenId = consumer.getJwtClaims().getTokenId(); + +// Create a new token using the Id of the first token + +JwtClaims jwtClaims = new JwtClaims(); +jwtClaims.setTokenId(tokenId); +jwtClaims.setSubject(consumer.getJwtClaims().getSubject()); +jwtClaims.setIssuedAt(consumer.getJwtClaims().getIssuedAt()); +jwtClaims.setIssuer(consumer.getJwtClaims().getIssuer()); +jwtClaims.setExpiryTime(consumer.getJwtClaims().getExpiryTime()); +jwtClaims.setNotBefore(consumer.getJwtClaims().getNotBefore()); + +JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.NONE); +JwtToken jwtToken = new JwtToken(jwsHeaders, jwtClaims); +JwsJwtCompactProducer producer = new JwsJwtCompactProducer(jwtToken); + +JwsSignatureProvider jwsSignatureProvider = new NoneJwsSignatureProvider(); +String signed = producer.signWith(jwsSignatureProvider); + +SyncopeClient jwtClient = clientFactory.create(signed); +UserSelfService jwtUserSelfService = jwtClient.getService(UserSelfService.class); +try { +jwtUserSelfService.read(); +fail("Failure expected on no signature"); +} catch (AccessControlException ex) { +// expected +} +} + }
syncope git commit: Replacing Calendar with Date
Repository: syncope Updated Branches: refs/heads/2_0_X 841b8a98f -> 605359a72 Replacing Calendar with Date Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/605359a7 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/605359a7 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/605359a7 Branch: refs/heads/2_0_X Commit: 605359a72b1a5a364030599085650ee3a7dde402 Parents: 841b8a9 Author: Colm O hEigeartaighAuthored: Fri Jun 16 09:49:12 2017 +0100 Committer: Colm O hEigeartaigh Committed: Fri Jun 16 09:50:20 2017 +0100 -- --
syncope git commit: Replacing Calendar with Date
Repository: syncope Updated Branches: refs/heads/master c679035d9 -> 10a95705f Replacing Calendar with Date Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/10a95705 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/10a95705 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/10a95705 Branch: refs/heads/master Commit: 10a95705f6c25d263da8fbe7561d11d946c310cf Parents: c679035 Author: Colm O hEigeartaighAuthored: Fri Jun 16 09:49:12 2017 +0100 Committer: Colm O hEigeartaigh Committed: Fri Jun 16 09:49:12 2017 +0100 -- .../java/data/AccessTokenDataBinderImpl.java| 23 +++- .../org/apache/syncope/fit/core/JWTITCase.java | 2 -- 2 files changed, 8 insertions(+), 17 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/10a95705/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java -- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java index ae88565..d4d8afc 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java @@ -20,7 +20,6 @@ package org.apache.syncope.core.provisioning.java.data; import com.fasterxml.uuid.Generators; import com.fasterxml.uuid.impl.RandomBasedGenerator; -import java.util.Calendar; import java.util.Date; import java.util.Map; import javax.annotation.Resource; @@ -83,17 +82,14 @@ public class AccessTokenDataBinderImpl implements AccessTokenDataBinder { final String subject, final int duration, final Map claims) { Date now = new Date(); - -Calendar expiry = Calendar.getInstance(); -expiry.setTime(now); -expiry.add(Calendar.MINUTE, duration); +Date expiry = new Date(now.getTime() + 60L * 1000L * duration); JwtClaims jwtClaims = new JwtClaims(); jwtClaims.setTokenId(UUID_GENERATOR.generate().toString()); jwtClaims.setSubject(subject); jwtClaims.setIssuedAt(now.getTime()); jwtClaims.setIssuer(jwtIssuer); -jwtClaims.setExpiryTime(expiry.getTime().getTime()); +jwtClaims.setExpiryTime(expiry.getTime()); jwtClaims.setNotBefore(now.getTime()); for (Map.Entry entry : claims.entrySet()) { jwtClaims.setClaim(entry.getKey(), entry.getValue()); @@ -105,7 +101,7 @@ public class AccessTokenDataBinderImpl implements AccessTokenDataBinder { String signed = producer.signWith(jwsSignatureProvider); -return Triple.of(jwtClaims.getTokenId(), signed, expiry.getTime()); +return Triple.of(jwtClaims.getTokenId(), signed, expiry); } @Override @@ -161,21 +157,18 @@ public class AccessTokenDataBinderImpl implements AccessTokenDataBinder { JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(accessToken.getBody()); Date now = new Date(); -Calendar expiry = Calendar.getInstance(); -expiry.setTime(now); -expiry.add(Calendar.MINUTE, -confDAO.find("jwt.lifetime.minutes", "120").getValues().get(0).getLongValue().intValue()); -consumer.getJwtClaims().setExpiryTime(expiry.getTime().getTime()); +int duration = confDAO.find("jwt.lifetime.minutes", "120").getValues().get(0).getLongValue().intValue(); +Date expiry = new Date(now.getTime() + 60L * 1000L * duration); +consumer.getJwtClaims().setExpiryTime(expiry.getTime()); JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, jwsSignatureProvider.getAlgorithm()); JwtToken token = new JwtToken(jwsHeaders, consumer.getJwtClaims()); JwsJwtCompactProducer producer = new JwsJwtCompactProducer(token); String body = producer.signWith(jwsSignatureProvider); -Date expiryTime = expiry.getTime(); accessToken.setBody(body); -accessToken.setExpiryTime(expiryTime); +accessToken.setExpiryTime(expiry); if (!adminUser.equals(accessToken.getOwner())) { try { @@ -189,7 +182,7 @@ public class AccessTokenDataBinderImpl implements AccessTokenDataBinder { accessTokenDAO.save(accessToken); -return Pair.of(body, expiryTime); +return Pair.of(body, expiry); } @Override
syncope git commit: Remove hard-coded reference to HS512 so that we can generate any signature that is injected instead
Repository: syncope Updated Branches: refs/heads/2_0_X 78b68bf4b -> 841b8a98f Remove hard-coded reference to HS512 so that we can generate any signature that is injected instead Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/841b8a98 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/841b8a98 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/841b8a98 Branch: refs/heads/2_0_X Commit: 841b8a98f1335e294fd81066e51cfd56bc792b23 Parents: 78b68bf Author: Colm O hEigeartaighAuthored: Fri Jun 16 09:18:10 2017 +0100 Committer: Colm O hEigeartaigh Committed: Fri Jun 16 09:18:42 2017 +0100 -- .../java/data/AccessTokenDataBinderImpl.java| 23 +++- .../org/apache/syncope/fit/core/JWTITCase.java | 2 -- 2 files changed, 8 insertions(+), 17 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/841b8a98/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java -- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java index ae88565..d4d8afc 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java @@ -20,7 +20,6 @@ package org.apache.syncope.core.provisioning.java.data; import com.fasterxml.uuid.Generators; import com.fasterxml.uuid.impl.RandomBasedGenerator; -import java.util.Calendar; import java.util.Date; import java.util.Map; import javax.annotation.Resource; @@ -83,17 +82,14 @@ public class AccessTokenDataBinderImpl implements AccessTokenDataBinder { final String subject, final int duration, final Map claims) { Date now = new Date(); - -Calendar expiry = Calendar.getInstance(); -expiry.setTime(now); -expiry.add(Calendar.MINUTE, duration); +Date expiry = new Date(now.getTime() + 60L * 1000L * duration); JwtClaims jwtClaims = new JwtClaims(); jwtClaims.setTokenId(UUID_GENERATOR.generate().toString()); jwtClaims.setSubject(subject); jwtClaims.setIssuedAt(now.getTime()); jwtClaims.setIssuer(jwtIssuer); -jwtClaims.setExpiryTime(expiry.getTime().getTime()); +jwtClaims.setExpiryTime(expiry.getTime()); jwtClaims.setNotBefore(now.getTime()); for (Map.Entry entry : claims.entrySet()) { jwtClaims.setClaim(entry.getKey(), entry.getValue()); @@ -105,7 +101,7 @@ public class AccessTokenDataBinderImpl implements AccessTokenDataBinder { String signed = producer.signWith(jwsSignatureProvider); -return Triple.of(jwtClaims.getTokenId(), signed, expiry.getTime()); +return Triple.of(jwtClaims.getTokenId(), signed, expiry); } @Override @@ -161,21 +157,18 @@ public class AccessTokenDataBinderImpl implements AccessTokenDataBinder { JwsJwtCompactConsumer consumer = new JwsJwtCompactConsumer(accessToken.getBody()); Date now = new Date(); -Calendar expiry = Calendar.getInstance(); -expiry.setTime(now); -expiry.add(Calendar.MINUTE, -confDAO.find("jwt.lifetime.minutes", "120").getValues().get(0).getLongValue().intValue()); -consumer.getJwtClaims().setExpiryTime(expiry.getTime().getTime()); +int duration = confDAO.find("jwt.lifetime.minutes", "120").getValues().get(0).getLongValue().intValue(); +Date expiry = new Date(now.getTime() + 60L * 1000L * duration); +consumer.getJwtClaims().setExpiryTime(expiry.getTime()); JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, jwsSignatureProvider.getAlgorithm()); JwtToken token = new JwtToken(jwsHeaders, consumer.getJwtClaims()); JwsJwtCompactProducer producer = new JwsJwtCompactProducer(token); String body = producer.signWith(jwsSignatureProvider); -Date expiryTime = expiry.getTime(); accessToken.setBody(body); -accessToken.setExpiryTime(expiryTime); +accessToken.setExpiryTime(expiry); if (!adminUser.equals(accessToken.getOwner())) { try { @@ -189,7 +182,7 @@ public class AccessTokenDataBinderImpl implements AccessTokenDataBinder { accessTokenDAO.save(accessToken); -return Pair.of(body, expiryTime); +return Pair.of(body, expiry); }
syncope git commit: Get the signature algorithm from the signature provider rather than hardcoding to HS512 to allow the user to plug in other implementations
Repository: syncope Updated Branches: refs/heads/2_0_X 79a3fd675 -> a8d5d0527 Get the signature algorithm from the signature provider rather than hardcoding to HS512 to allow the user to plug in other implementations Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/a8d5d052 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/a8d5d052 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/a8d5d052 Branch: refs/heads/2_0_X Commit: a8d5d05270faa3043075b10541587a699f8884d3 Parents: 79a3fd6 Author: Colm O hEigeartaighAuthored: Thu Jun 15 16:39:57 2017 +0100 Committer: Colm O hEigeartaigh Committed: Thu Jun 15 16:40:32 2017 +0100 -- .../provisioning/java/data/AccessTokenDataBinderImpl.java | 9 - 1 file changed, 4 insertions(+), 5 deletions(-) -- http://git-wip-us.apache.org/repos/asf/syncope/blob/a8d5d052/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java -- diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java index 5159733..ae88565 100644 --- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java +++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java @@ -27,7 +27,6 @@ import javax.annotation.Resource; import org.apache.commons.lang3.tuple.Pair; import org.apache.commons.lang3.tuple.Triple; import org.apache.cxf.rs.security.jose.common.JoseType; -import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.apache.cxf.rs.security.jose.jws.JwsHeaders; import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer; import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer; @@ -61,8 +60,6 @@ public class AccessTokenDataBinderImpl implements AccessTokenDataBinder { private static final RandomBasedGenerator UUID_GENERATOR = Generators.randomBasedGenerator(); -private static final JwsHeaders JWS_HEADERS = new JwsHeaders(JoseType.JWT, SignatureAlgorithm.HS512); - @Resource(name = "adminUser") private String adminUser; @@ -102,7 +99,8 @@ public class AccessTokenDataBinderImpl implements AccessTokenDataBinder { jwtClaims.setClaim(entry.getKey(), entry.getValue()); } -JwtToken token = new JwtToken(JWS_HEADERS, jwtClaims); +JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, jwsSignatureProvider.getAlgorithm()); +JwtToken token = new JwtToken(jwsHeaders, jwtClaims); JwsJwtCompactProducer producer = new JwsJwtCompactProducer(token); String signed = producer.signWith(jwsSignatureProvider); @@ -169,7 +167,8 @@ public class AccessTokenDataBinderImpl implements AccessTokenDataBinder { confDAO.find("jwt.lifetime.minutes", "120").getValues().get(0).getLongValue().intValue()); consumer.getJwtClaims().setExpiryTime(expiry.getTime().getTime()); -JwtToken token = new JwtToken(JWS_HEADERS, consumer.getJwtClaims()); +JwsHeaders jwsHeaders = new JwsHeaders(JoseType.JWT, jwsSignatureProvider.getAlgorithm()); +JwtToken token = new JwtToken(jwsHeaders, consumer.getJwtClaims()); JwsJwtCompactProducer producer = new JwsJwtCompactProducer(token); String body = producer.signWith(jwsSignatureProvider);