Small fixes
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/911eeda8 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/911eeda8 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/911eeda8 Branch: refs/heads/SYNCOPE-808 Commit: 911eeda8e4dcb753e599588cfa85592e3e9b5700 Parents: 8f94d1b Author: Francesco Chicchiriccò <[email protected]> Authored: Thu Apr 13 12:35:34 2017 +0200 Committer: Francesco Chicchiriccò <[email protected]> Committed: Thu Apr 13 12:35:34 2017 +0200 ---------------------------------------------------------------------- .../enduser/util/UserRequestValidatorTest.java | 39 ++++++++++---------- deb/enduser/pom.xml | 1 - .../syncope/ext/saml2lsp/agent/Logout.java | 3 -- .../common/lib/to/SAML2ReceivedResponseTO.java | 11 ------ .../common/lib/types/SAML2BindingType.java | 13 ++----- .../apache/syncope/core/logic/SAML2SPLogic.java | 11 +++--- .../core/logic/saml2/SAML2IdPEntity.java | 2 +- .../core/logic/saml2/SAML2ReaderWriter.java | 5 +-- 8 files changed, 31 insertions(+), 54 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/syncope/blob/911eeda8/client/enduser/src/test/java/org/apache/syncope/client/enduser/util/UserRequestValidatorTest.java ---------------------------------------------------------------------- diff --git a/client/enduser/src/test/java/org/apache/syncope/client/enduser/util/UserRequestValidatorTest.java b/client/enduser/src/test/java/org/apache/syncope/client/enduser/util/UserRequestValidatorTest.java index 88c611a..70d4fd3 100644 --- a/client/enduser/src/test/java/org/apache/syncope/client/enduser/util/UserRequestValidatorTest.java +++ b/client/enduser/src/test/java/org/apache/syncope/client/enduser/util/UserRequestValidatorTest.java @@ -18,6 +18,9 @@ */ package org.apache.syncope.client.enduser.util; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.ObjectMapper; import java.io.IOException; @@ -27,21 +30,23 @@ import java.util.Map; import org.apache.syncope.client.enduser.model.CustomAttributesInfo; import org.apache.syncope.common.lib.to.AttrTO; import org.apache.syncope.common.lib.to.UserTO; -import org.junit.Assert; import org.junit.Test; import org.springframework.core.io.ClassPathResource; public class UserRequestValidatorTest { + private AttrTO attrTO(String schemaKey, String... values) { + return new AttrTO.Builder().schema(schemaKey).values(values).build(); + } + @Test public void testCompliant() throws IOException { - UserTO userTO = new UserTO(); // plain - AttrTO firstname = buildAttrTO("firstname", "defaultFirstname"); - AttrTO surname = buildAttrTO("surname", "surnameValue"); - AttrTO additionalCtype = buildAttrTO("additional#ctype", "ctypeValue"); - AttrTO notAllowed = buildAttrTO("not_allowed", "notAllowedValue"); + AttrTO firstname = attrTO("firstname", "defaultFirstname"); + AttrTO surname = attrTO("surname", "surnameValue"); + AttrTO additionalCtype = attrTO("additional#ctype", "ctypeValue"); + AttrTO notAllowed = attrTO("not_allowed", "notAllowedValue"); userTO.getPlainAttrs().addAll(Arrays.asList(firstname, surname, notAllowed, additionalCtype)); Map<String, CustomAttributesInfo> customForm = new ObjectMapper().readValue(new ClassPathResource( @@ -49,37 +54,33 @@ public class UserRequestValidatorTest { }); // not allowed because of presence of notAllowed attribute - Assert.assertFalse(UserRequestValidator.compliant(userTO, customForm, true)); + assertFalse(UserRequestValidator.compliant(userTO, customForm, true)); // remove notAllowed attribute and make it compliant userTO.getPlainAttrs().remove(notAllowed); - Assert.assertTrue(UserRequestValidator.compliant(userTO, customForm, true)); + assertTrue(UserRequestValidator.compliant(userTO, customForm, true)); // firstname must have only one defaultValue userTO.getPlainAttrMap().get("firstname").getValues().add("notAllowedFirstnameValue"); - Assert.assertFalse(UserRequestValidator.compliant(userTO, customForm, true)); - Assert.assertTrue(UserRequestValidator.compliant(userTO, customForm, false)); + assertFalse(UserRequestValidator.compliant(userTO, customForm, true)); + assertTrue(UserRequestValidator.compliant(userTO, customForm, false)); // clean userTO.getPlainAttrMap().get("firstname").getValues().remove("notAllowedFirstnameValue"); // derived must not be present - AttrTO derivedNotAllowed = buildAttrTO("derivedNotAllowed"); + AttrTO derivedNotAllowed = attrTO("derivedNotAllowed"); userTO.getDerAttrs().add(derivedNotAllowed); - Assert.assertFalse(UserRequestValidator.compliant(userTO, customForm, true)); + assertFalse(UserRequestValidator.compliant(userTO, customForm, true)); // clean userTO.getDerAttrs().clear(); // virtual - AttrTO virtualdata = buildAttrTO("virtualdata", "defaultVirtualData"); + AttrTO virtualdata = attrTO("virtualdata", "defaultVirtualData"); userTO.getVirAttrs().add(virtualdata); - Assert.assertTrue(UserRequestValidator.compliant(userTO, customForm, true)); + assertTrue(UserRequestValidator.compliant(userTO, customForm, true)); // with empty form is compliant by definition - Assert.assertTrue(UserRequestValidator.compliant(userTO, new HashMap<String, CustomAttributesInfo>(), true)); - } - - private AttrTO buildAttrTO(String schemaKey, String... values) { - return new AttrTO.Builder().schema(schemaKey).values(values).build(); + assertTrue(UserRequestValidator.compliant(userTO, new HashMap<String, CustomAttributesInfo>(), true)); } } http://git-wip-us.apache.org/repos/asf/syncope/blob/911eeda8/deb/enduser/pom.xml ---------------------------------------------------------------------- diff --git a/deb/enduser/pom.xml b/deb/enduser/pom.xml index 8981f8a..770c894 100644 --- a/deb/enduser/pom.xml +++ b/deb/enduser/pom.xml @@ -92,7 +92,6 @@ under the License. <directory>${project.basedir}/../../client/enduser/src/main/resources</directory> <includes> <include>enduser.properties</include> - <include>enduserContext.xml</include> <include>customForm.json</include> </includes> <targetPath>${project.build.directory}/etc</targetPath> http://git-wip-us.apache.org/repos/asf/syncope/blob/911eeda8/ext/saml2sp/agent/src/main/java/org/apache/syncope/ext/saml2lsp/agent/Logout.java ---------------------------------------------------------------------- diff --git a/ext/saml2sp/agent/src/main/java/org/apache/syncope/ext/saml2lsp/agent/Logout.java b/ext/saml2sp/agent/src/main/java/org/apache/syncope/ext/saml2lsp/agent/Logout.java index 3ad191c..a8fe481 100644 --- a/ext/saml2sp/agent/src/main/java/org/apache/syncope/ext/saml2lsp/agent/Logout.java +++ b/ext/saml2sp/agent/src/main/java/org/apache/syncope/ext/saml2lsp/agent/Logout.java @@ -31,7 +31,6 @@ import org.apache.syncope.client.lib.SyncopeClientFactoryBean; import org.apache.syncope.common.lib.SSOConstants; import org.apache.syncope.common.lib.to.SAML2ReceivedResponseTO; import org.apache.syncope.common.lib.to.SAML2RequestTO; -import org.apache.syncope.common.lib.types.SAML2BindingType; import org.apache.syncope.common.rest.api.service.SAML2SPService; @WebServlet(name = "logout", urlPatterns = { "/saml2sp/logout" }) @@ -116,7 +115,6 @@ public class Logout extends AbstractSAML2SPServlet { SAML2ReceivedResponseTO receivedResponse = new SAML2ReceivedResponseTO(); receivedResponse.setSamlResponse(samlResponse); receivedResponse.setRelayState(relayState); - receivedResponse.setBindingType(SAML2BindingType.REDIRECT); doLogout(receivedResponse, request, response); } @@ -128,7 +126,6 @@ public class Logout extends AbstractSAML2SPServlet { // process POST binding logout response SAML2ReceivedResponseTO receivedResponse = extract(request.getInputStream()); - receivedResponse.setBindingType(SAML2BindingType.POST); doLogout(receivedResponse, request, response); } http://git-wip-us.apache.org/repos/asf/syncope/blob/911eeda8/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2ReceivedResponseTO.java ---------------------------------------------------------------------- diff --git a/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2ReceivedResponseTO.java b/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2ReceivedResponseTO.java index b8d82ae..3d5d9b4 100644 --- a/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2ReceivedResponseTO.java +++ b/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/to/SAML2ReceivedResponseTO.java @@ -21,7 +21,6 @@ package org.apache.syncope.common.lib.to; import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlType; import org.apache.syncope.common.lib.AbstractBaseBean; -import org.apache.syncope.common.lib.types.SAML2BindingType; @XmlRootElement(name = "saml2ReceivedResponse") @XmlType @@ -33,8 +32,6 @@ public class SAML2ReceivedResponseTO extends AbstractBaseBean { private String relayState; - private SAML2BindingType bindingType; - public String getSamlResponse() { return samlResponse; } @@ -51,12 +48,4 @@ public class SAML2ReceivedResponseTO extends AbstractBaseBean { this.relayState = relayState; } - public SAML2BindingType getBindingType() { - return bindingType; - } - - public void setBindingType(final SAML2BindingType bindingType) { - this.bindingType = bindingType; - } - } http://git-wip-us.apache.org/repos/asf/syncope/blob/911eeda8/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/types/SAML2BindingType.java ---------------------------------------------------------------------- diff --git a/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/types/SAML2BindingType.java b/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/types/SAML2BindingType.java index 04c0704..ab2959a 100644 --- a/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/types/SAML2BindingType.java +++ b/ext/saml2sp/common-lib/src/main/java/org/apache/syncope/common/lib/types/SAML2BindingType.java @@ -22,26 +22,19 @@ import javax.xml.bind.annotation.XmlEnum; @XmlEnum public enum SAML2BindingType { - POST("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", 0), - REDIRECT("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", 1); + POST("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"), + REDIRECT("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"); private final String uri; - private final int index; - - SAML2BindingType(final String uri, final int index) { + SAML2BindingType(final String uri) { this.uri = uri; - this.index = index; } public String getUri() { return uri; } - public int getIndex() { - return index; - } - public static SAML2BindingType fromUri(final String uri) { SAML2BindingType bindingType = null; http://git-wip-us.apache.org/repos/asf/syncope/blob/911eeda8/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java ---------------------------------------------------------------------- diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java index 61d272a..9835061 100644 --- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java +++ b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java @@ -196,7 +196,7 @@ public class SAML2SPLogic extends AbstractSAML2Logic<AbstractBaseBean> { for (SAML2BindingType bindingType : SAML2BindingType.values()) { AssertionConsumerService assertionConsumerService = new AssertionConsumerServiceBuilder().buildObject(); - assertionConsumerService.setIndex(bindingType.getIndex()); + assertionConsumerService.setIndex(bindingType.ordinal()); assertionConsumerService.setBinding(bindingType.getUri()); assertionConsumerService.setLocation(spEntityID + urlContext + "/assertion-consumer"); spSSODescriptor.getAssertionConsumerServices().add(assertionConsumerService); @@ -420,8 +420,7 @@ public class SAML2SPLogic extends AbstractSAML2Logic<AbstractBaseBean> { // 2. parse the provided SAML response Response samlResponse; try { - XMLObject responseObject = saml2rw.read( - SAML2BindingType.POST, useDeflateEncoding, response.getSamlResponse()); + XMLObject responseObject = saml2rw.read(useDeflateEncoding, response.getSamlResponse()); if (!(responseObject instanceof Response)) { throw new IllegalArgumentException("Expected " + Response.class.getName() + ", got " + responseObject.getClass().getName()); @@ -587,7 +586,8 @@ public class SAML2SPLogic extends AbstractSAML2Logic<AbstractBaseBean> { try { // 3. generate relay state as JWT Map<String, Object> claims = new HashMap<>(); - claims.put(JWT_CLAIM_IDP_DEFLATE, idp.isUseDeflateEncoding()); + claims.put(JWT_CLAIM_IDP_DEFLATE, + idp.getBindingType() == SAML2BindingType.REDIRECT ? true : idp.isUseDeflateEncoding()); Triple<String, String, Date> relayState = accessTokenDataBinder.generateJWT(logoutRequest.getID(), JWT_RELAY_STATE_DURATION, claims); requestTO.setRelayState(relayState.getMiddle()); @@ -641,8 +641,7 @@ public class SAML2SPLogic extends AbstractSAML2Logic<AbstractBaseBean> { // 3. parse the provided SAML response LogoutResponse logoutResponse; try { - XMLObject responseObject = saml2rw.read( - response.getBindingType(), useDeflateEncoding, response.getSamlResponse()); + XMLObject responseObject = saml2rw.read(useDeflateEncoding, response.getSamlResponse()); if (!(responseObject instanceof LogoutResponse)) { throw new IllegalArgumentException("Expected " + LogoutResponse.class.getName() + ", got " + responseObject.getClass().getName()); http://git-wip-us.apache.org/repos/asf/syncope/blob/911eeda8/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2IdPEntity.java ---------------------------------------------------------------------- diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2IdPEntity.java b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2IdPEntity.java index 07b4f44..dd07cdd 100644 --- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2IdPEntity.java +++ b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2IdPEntity.java @@ -126,7 +126,7 @@ public class SAML2IdPEntity { } public boolean isUseDeflateEncoding() { - return bindingType == SAML2BindingType.REDIRECT ? true : useDeflateEncoding; + return useDeflateEncoding; } public void setUseDeflateEncoding(final boolean useDeflateEncoding) { http://git-wip-us.apache.org/repos/asf/syncope/blob/911eeda8/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java ---------------------------------------------------------------------- diff --git a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java index 11e83cf..0698b38 100644 --- a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java +++ b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/saml2/SAML2ReaderWriter.java @@ -46,7 +46,6 @@ import org.apache.cxf.rs.security.saml.DeflateEncoderDecoder; import org.apache.cxf.rs.security.saml.sso.SAMLProtocolResponseValidator; import org.apache.cxf.staxutils.StaxUtils; import org.apache.syncope.common.lib.SSOConstants; -import org.apache.syncope.common.lib.types.SAML2BindingType; import org.apache.syncope.core.logic.init.SAML2SPLoader; import org.apache.wss4j.common.crypto.Merlin; import org.apache.wss4j.common.ext.WSSecurityException; @@ -126,12 +125,12 @@ public class SAML2ReaderWriter { transformer.transform(source, streamResult); } - public XMLObject read(final SAML2BindingType bindingType, final boolean useDeflateEncoding, final String response) + public XMLObject read(final boolean useDeflateEncoding, final String response) throws DataFormatException, UnsupportedEncodingException, XMLStreamException, WSSecurityException { InputStream tokenStream; byte[] deflatedToken = Base64.decodeBase64(response); - tokenStream = bindingType != SAML2BindingType.POST && useDeflateEncoding + tokenStream = useDeflateEncoding ? new DeflateEncoderDecoder().inflateToken(deflatedToken) : new ByteArrayInputStream(deflatedToken);
