Repository: syncope Updated Branches: refs/heads/2_0_X a9aae187d -> b799c0365 refs/heads/master 750c789aa -> af37b2ba9
[SYNCOPE-1043] Further fixes for console Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/53514f3c Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/53514f3c Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/53514f3c Branch: refs/heads/2_0_X Commit: 53514f3c41d9a1f2a2b36dafdf5acda8f3bfdf9f Parents: a9aae18 Author: Francesco Chicchiriccò <ilgro...@apache.org> Authored: Tue Mar 14 11:47:02 2017 +0100 Committer: Francesco Chicchiriccò <ilgro...@apache.org> Committed: Tue Mar 14 11:47:02 2017 +0100 ---------------------------------------------------------------------- .../SyncopeConsoleRequestCycleListener.java | 43 +++++++++++++------- .../client/console/SyncopeConsoleSession.java | 2 +- .../core/spring/security/AuthDataAccessor.java | 5 +++ .../security/JWTAuthenticationProvider.java | 1 + 4 files changed, 35 insertions(+), 16 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/syncope/blob/53514f3c/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleRequestCycleListener.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleRequestCycleListener.java b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleRequestCycleListener.java index d9723a8..e22266a 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleRequestCycleListener.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleRequestCycleListener.java @@ -23,13 +23,13 @@ import javax.ws.rs.BadRequestException; import javax.xml.ws.WebServiceException; import org.apache.syncope.client.console.pages.Login; import org.apache.syncope.common.lib.SyncopeClientException; -import org.apache.wicket.Page; import org.apache.wicket.authorization.UnauthorizedInstantiationException; import org.apache.wicket.core.request.handler.PageProvider; import org.apache.wicket.core.request.handler.RenderPageRequestHandler; import org.apache.wicket.markup.html.pages.ExceptionErrorPage; import org.apache.wicket.protocol.http.PageExpiredException; import org.apache.wicket.request.IRequestHandler; +import org.apache.wicket.request.component.IRequestablePage; import org.apache.wicket.request.cycle.AbstractRequestCycleListener; import org.apache.wicket.request.cycle.RequestCycle; import org.apache.wicket.request.mapper.parameter.PageParameters; @@ -40,11 +40,15 @@ public class SyncopeConsoleRequestCycleListener extends AbstractRequestCycleList private static final Logger LOG = LoggerFactory.getLogger(SyncopeConsoleRequestCycleListener.class); - private boolean instanceOf(final Exception e, final Class<? extends Exception> clazz) { + private Throwable instanceOf(final Exception e, final Class<? extends Exception> clazz) { return clazz.isAssignableFrom(e.getClass()) - || (e.getCause() != null && clazz.isAssignableFrom(e.getCause().getClass())) - || (e.getCause() != null && e.getCause().getCause() != null - && clazz.isAssignableFrom(e.getCause().getCause().getClass())); + ? e + : e.getCause() != null && clazz.isAssignableFrom(e.getCause().getClass()) + ? e.getCause() + : e.getCause() != null && e.getCause().getCause() != null + && clazz.isAssignableFrom(e.getCause().getCause().getClass()) + ? e.getCause().getCause() + : null; } @Override @@ -53,19 +57,23 @@ public class SyncopeConsoleRequestCycleListener extends AbstractRequestCycleList PageParameters errorParameters = new PageParameters(); - Page errorPage; - if (instanceOf(e, UnauthorizedInstantiationException.class)) { + IRequestablePage errorPage = null; + if (instanceOf(e, UnauthorizedInstantiationException.class) != null) { errorParameters.add("errorMessage", "unauthorizedInstantiationException"); errorPage = new Login(errorParameters); - } else if (instanceOf(e, AccessControlException.class)) { - errorParameters.add("errorMessage", "accessControlException"); + } else if (instanceOf(e, AccessControlException.class) != null) { + if (instanceOf(e, AccessControlException.class).getMessage().contains("expired")) { + errorParameters.add("errorMessage", "pageExpiredException"); + } else { + errorParameters.add("errorMessage", "accessControlException"); + } errorPage = new Login(errorParameters); - } else if (instanceOf(e, PageExpiredException.class) || !SyncopeConsoleSession.get().isSignedIn()) { + } else if (instanceOf(e, PageExpiredException.class) != null || !SyncopeConsoleSession.get().isSignedIn()) { errorParameters.add("errorMessage", "pageExpiredException"); errorPage = new Login(errorParameters); - } else if (instanceOf(e, BadRequestException.class) - || instanceOf(e, WebServiceException.class) - || instanceOf(e, SyncopeClientException.class)) { + } else if (instanceOf(e, BadRequestException.class) != null + || instanceOf(e, WebServiceException.class) != null + || instanceOf(e, SyncopeClientException.class) != null) { errorParameters.add("errorMessage", "restClientException"); errorPage = new Login(errorParameters); @@ -75,8 +83,13 @@ public class SyncopeConsoleRequestCycleListener extends AbstractRequestCycleList } if (errorPage instanceof Login) { - SyncopeConsoleSession.get().cleanup(); - SyncopeConsoleSession.get().invalidateNow(); + try { + SyncopeConsoleSession.get().cleanup(); + SyncopeConsoleSession.get().invalidateNow(); + } catch (Throwable t) { + // ignore + LOG.debug("Unexpected error while forcing logout after error", t); + } } return new RenderPageRequestHandler(new PageProvider(errorPage)); http://git-wip-us.apache.org/repos/asf/syncope/blob/53514f3c/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java index 4aae7e5..4bf0cd2 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java @@ -196,7 +196,7 @@ public class SyncopeConsoleSession extends AuthenticatedWebSession { } public boolean owns(final String entitlement) { - return auth.containsKey(entitlement); + return auth != null && auth.containsKey(entitlement); } @Override http://git-wip-us.apache.org/repos/asf/syncope/blob/53514f3c/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java ---------------------------------------------------------------------- diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java index af85985..616f3e7 100644 --- a/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java +++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/AuthDataAccessor.java @@ -386,6 +386,11 @@ public class AuthDataAccessor { return authorities; } + @Transactional + public void removeExpired(final String tokenKey) { + accessTokenDAO.delete(tokenKey); + } + @Transactional(readOnly = true) public void audit( final AuditElements.EventCategoryType type, http://git-wip-us.apache.org/repos/asf/syncope/blob/53514f3c/core/spring/src/main/java/org/apache/syncope/core/spring/security/JWTAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/JWTAuthenticationProvider.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/JWTAuthenticationProvider.java index 9686fd7..30e2be7 100644 --- a/core/spring/src/main/java/org/apache/syncope/core/spring/security/JWTAuthenticationProvider.java +++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/JWTAuthenticationProvider.java @@ -61,6 +61,7 @@ public class JWTAuthenticationProvider implements AuthenticationProvider { Long expiryTime = claims.getExpiryTime(); if (expiryTime == null || expiryTime < referenceTime) { + dataAccessor.removeExpired(claims.getTokenId()); throw new CredentialsExpiredException("JWT is expired"); }