This is an automated email from the ASF dual-hosted git repository. ilgrosso pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/syncope.git
commit eaad1f0f2a3a38bef705f917bd0014f758f701f7 Author: Francesco Chicchiriccò <ilgro...@apache.org> AuthorDate: Wed Jan 25 08:36:28 2023 +0100 [SYNCOPE-1726] Ensuring Core and calling WA instance are both available in Keymaster before refreshing --- .../jpa/dao/ElasticsearchAnySearchDAO.java | 11 ++--- pom.xml | 4 +- .../apache/syncope/sra/actuate/SRASessions.java | 12 ++--- .../wa/bootstrap/WABootstrapConfiguration.java | 5 +- .../apache/syncope/wa/bootstrap/WARestClient.java | 56 +++++++++++++--------- .../wa/starter/config/WARefreshContextJob.java | 5 +- .../starter/oidc/WAOIDCJWKSGeneratorService.java | 8 ++-- .../metadata/RestfulSamlIdPMetadataGenerator.java | 10 ++-- .../metadata/RestfulSamlIdPMetadataLocator.java | 10 ++-- .../WASurrogateAuthenticationService.java | 2 +- .../wa/starter/u2f/WAU2FDeviceRepository.java | 2 +- .../webauthn/WAWebAuthnCredentialRepository.java | 2 +- 12 files changed, 70 insertions(+), 57 deletions(-) diff --git a/ext/elasticsearch/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/ElasticsearchAnySearchDAO.java b/ext/elasticsearch/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/ElasticsearchAnySearchDAO.java index 8fe9dd4388..67681a51c6 100644 --- a/ext/elasticsearch/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/ElasticsearchAnySearchDAO.java +++ b/ext/elasticsearch/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/ElasticsearchAnySearchDAO.java @@ -394,14 +394,9 @@ public class ElasticsearchAnySearchDAO extends AbstractAnySearchDAO { } if (query == null) { - Optional<AnyCond> anyCond = cond.getLeaf(AnyCond.class); - if (anyCond.isPresent()) { - query = getQuery(anyCond.get(), kind); - } else { - query = cond.getLeaf(AttrCond.class). - map(leaf -> getQuery(leaf, kind)). - orElse(null); - } + query = cond.getLeaf(AnyCond.class).map(ac -> getQuery(ac, kind)). + or(() -> cond.getLeaf(AttrCond.class).map(ac -> getQuery(ac, kind))). + orElse(null); } // allow for additional search conditions diff --git a/pom.xml b/pom.xml index ead40c69c5..fe0dcf95a9 100644 --- a/pom.xml +++ b/pom.xml @@ -413,7 +413,7 @@ under the License. <cxf.version>4.0.0</cxf.version> <bouncycastle.version>1.72</bouncycastle.version> - <nimbus-jose-jwt.version>9.28</nimbus-jose-jwt.version> + <nimbus-jose-jwt.version>9.29</nimbus-jose-jwt.version> <spring-boot.version>3.0.2</spring-boot.version> <spring-cloud-gateway.version>4.0.0</spring-cloud-gateway.version> @@ -1488,7 +1488,7 @@ under the License. <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-dependency-plugin</artifactId> - <version>3.3.0</version> + <version>3.5.0</version> <configuration> <outputDirectory>${bundles.directory}</outputDirectory> <artifactItems> diff --git a/sra/src/main/java/org/apache/syncope/sra/actuate/SRASessions.java b/sra/src/main/java/org/apache/syncope/sra/actuate/SRASessions.java index a56e8f0b8b..db42addb11 100644 --- a/sra/src/main/java/org/apache/syncope/sra/actuate/SRASessions.java +++ b/sra/src/main/java/org/apache/syncope/sra/actuate/SRASessions.java @@ -67,12 +67,12 @@ public class SRASessions { session.setAuthenticationDate(mapSession.getCreationTime().atOffset(OffsetDateTime.now().getOffset())); String principal; - if (ctx.getAuthentication() instanceof SAML2AuthenticationToken) { - principal = ((SAML2AuthenticationToken) ctx.getAuthentication()).getPrincipal().getNameId().getValue(); - } else if (ctx.getAuthentication() instanceof CASAuthenticationToken) { - principal = ((CASAuthenticationToken) ctx.getAuthentication()).getPrincipal().getPrincipal().getName(); - } else if (ctx.getAuthentication() instanceof OAuth2AuthenticationToken) { - principal = ((OAuth2AuthenticationToken) ctx.getAuthentication()).getPrincipal().getName(); + if (ctx.getAuthentication() instanceof SAML2AuthenticationToken saml2AuthenticationToken) { + principal = saml2AuthenticationToken.getPrincipal().getUserProfile().getUsername(); + } else if (ctx.getAuthentication() instanceof CASAuthenticationToken casAuthenticationToken) { + principal = casAuthenticationToken.getPrincipal().getPrincipal().getName(); + } else if (ctx.getAuthentication() instanceof OAuth2AuthenticationToken oauth2AuthenticationToken) { + principal = oauth2AuthenticationToken.getPrincipal().getName(); } else { principal = ctx.getAuthentication().getPrincipal().toString(); } diff --git a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/WABootstrapConfiguration.java b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/WABootstrapConfiguration.java index 8c505bd3c4..2215b28130 100644 --- a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/WABootstrapConfiguration.java +++ b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/WABootstrapConfiguration.java @@ -42,9 +42,12 @@ public class WABootstrapConfiguration { @Value("${wa.useGZIPCompression:true}") private boolean useGZIPCompression; + @Value("${service.discovery.address}") + private String serviceDiscoveryAddress; + @Bean public WARestClient waRestClient() { - return new WARestClient(anonymousUser, anonymousKey, useGZIPCompression); + return new WARestClient(anonymousUser, anonymousKey, useGZIPCompression, serviceDiscoveryAddress); } } diff --git a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/WARestClient.java b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/WARestClient.java index 0cfcd9ae3e..7d71da2e59 100644 --- a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/WARestClient.java +++ b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/WARestClient.java @@ -41,16 +41,47 @@ public class WARestClient { private final boolean useGZIPCompression; + private final String serviceDiscoveryAddress; + private SyncopeClient client; public WARestClient( final String anonymousUser, final String anonymousKey, - final boolean useGZIPCompression) { + final boolean useGZIPCompression, + final String serviceDiscoveryAddress) { this.anonymousUser = anonymousUser; this.anonymousKey = anonymousKey; this.useGZIPCompression = useGZIPCompression; + this.serviceDiscoveryAddress = serviceDiscoveryAddress; + } + + private Optional<NetworkService> getCore() { + try { + ApplicationContext context = ApplicationContextProvider.getApplicationContext(); + if (context == null) { + return Optional.empty(); + } + + Collection<ServiceOps> serviceOpsList = context.getBeansOfType(ServiceOps.class).values(); + if (serviceOpsList.isEmpty()) { + return Optional.empty(); + } + + ServiceOps serviceOps = serviceOpsList.iterator().next(); + + if (serviceOps.list(NetworkService.Type.WA). + stream().anyMatch(s -> s.getAddress().equals(serviceDiscoveryAddress))) { + + return Optional.of(serviceOps.get(NetworkService.Type.CORE)); + } + + return Optional.empty(); + } catch (KeymasterException e) { + LOG.trace(e.getMessage()); + } + return Optional.empty(); } public SyncopeClient getSyncopeClient() { @@ -72,30 +103,11 @@ public class WARestClient { } } - private static Optional<NetworkService> getCore() { - try { - ApplicationContext context = ApplicationContextProvider.getApplicationContext(); - if (context == null) { - return Optional.empty(); - } - - Collection<ServiceOps> serviceOpsList = context.getBeansOfType(ServiceOps.class).values(); - if (serviceOpsList.isEmpty()) { - return Optional.empty(); - } - ServiceOps serviceOps = serviceOpsList.iterator().next(); - return Optional.of(serviceOps.get(NetworkService.Type.CORE)); - } catch (KeymasterException e) { - LOG.trace(e.getMessage()); - } - return Optional.empty(); - } - - public static boolean isReady() { + public boolean isReady() { try { return getCore().isPresent(); } catch (Exception e) { - LOG.trace(e.getMessage()); + LOG.trace("While checking Core's availability: {}", e.getMessage()); } return false; } diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/WARefreshContextJob.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/WARefreshContextJob.java index bca830d3de..06a7203064 100644 --- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/WARefreshContextJob.java +++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/WARefreshContextJob.java @@ -36,6 +36,9 @@ public class WARefreshContextJob implements Job { private static final Logger LOG = LoggerFactory.getLogger(WARefreshContextJob.class); + @Autowired + private WARestClient waRestClient; + @Autowired private ContextRefresher contextRefresher; @@ -46,7 +49,7 @@ public class WARefreshContextJob implements Job { public void execute(final JobExecutionContext jobExecutionContext) throws JobExecutionException { try { LOG.debug("Attempting to refresh WA application context"); - if (!WARestClient.isReady()) { + if (!waRestClient.isReady()) { LOG.debug("Syncope client is not yet ready"); throw new IllegalStateException("Syncope core is not yet ready to access requests"); } diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/oidc/WAOIDCJWKSGeneratorService.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/oidc/WAOIDCJWKSGeneratorService.java index 492485cac6..bfa6865ea1 100644 --- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/oidc/WAOIDCJWKSGeneratorService.java +++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/oidc/WAOIDCJWKSGeneratorService.java @@ -47,12 +47,12 @@ public class WAOIDCJWKSGeneratorService implements OidcJsonWebKeystoreGeneratorS protected final int jwksKeySize; public WAOIDCJWKSGeneratorService( - final WARestClient restClient, + final WARestClient waRestClient, final String jwksKeyId, final String jwksType, final int jwksKeySize) { - this.waRestClient = restClient; + this.waRestClient = waRestClient; this.jwksKeyId = jwksKeyId; this.jwksType = jwksType; this.jwksKeySize = jwksKeySize; @@ -60,7 +60,7 @@ public class WAOIDCJWKSGeneratorService implements OidcJsonWebKeystoreGeneratorS @Override public JsonWebKeySet store(final JsonWebKeySet jsonWebKeySet) throws Exception { - if (!WARestClient.isReady()) { + if (!waRestClient.isReady()) { throw new IllegalStateException("Syncope core is not yet ready"); } OIDCJWKSService service = waRestClient.getSyncopeClient().getService(OIDCJWKSService.class); @@ -77,7 +77,7 @@ public class WAOIDCJWKSGeneratorService implements OidcJsonWebKeystoreGeneratorS @Override public Resource generate() { - if (!WARestClient.isReady()) { + if (!waRestClient.isReady()) { throw new IllegalStateException("Syncope core is not yet ready"); } diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/saml/idp/metadata/RestfulSamlIdPMetadataGenerator.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/saml/idp/metadata/RestfulSamlIdPMetadataGenerator.java index 0b8cdb6efc..2161f118ce 100644 --- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/saml/idp/metadata/RestfulSamlIdPMetadataGenerator.java +++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/saml/idp/metadata/RestfulSamlIdPMetadataGenerator.java @@ -37,14 +37,14 @@ public class RestfulSamlIdPMetadataGenerator extends BaseSamlIdPMetadataGenerato private static final Logger LOG = LoggerFactory.getLogger(RestfulSamlIdPMetadataGenerator.class); - private final WARestClient restClient; + private final WARestClient waRestClient; public RestfulSamlIdPMetadataGenerator( final SamlIdPMetadataGeneratorConfigurationContext samlIdPMetadataGeneratorConfigurationContext, - final WARestClient restClient) { + final WARestClient waRestClient) { super(samlIdPMetadataGeneratorConfigurationContext); - this.restClient = restClient; + this.waRestClient = waRestClient; } @Override @@ -97,10 +97,10 @@ public class RestfulSamlIdPMetadataGenerator extends BaseSamlIdPMetadataGenerato } private SyncopeClient getSyncopeClient() { - if (!WARestClient.isReady()) { + if (!waRestClient.isReady()) { LOG.info("Syncope client is not yet ready"); throw new IllegalStateException("Syncope core is not yet ready to access requests"); } - return restClient.getSyncopeClient(); + return waRestClient.getSyncopeClient(); } } diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/saml/idp/metadata/RestfulSamlIdPMetadataLocator.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/saml/idp/metadata/RestfulSamlIdPMetadataLocator.java index b66b2cade8..71c8fa1d5e 100644 --- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/saml/idp/metadata/RestfulSamlIdPMetadataLocator.java +++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/saml/idp/metadata/RestfulSamlIdPMetadataLocator.java @@ -39,15 +39,15 @@ public class RestfulSamlIdPMetadataLocator extends AbstractSamlIdPMetadataLocato private static final Logger LOG = LoggerFactory.getLogger(RestfulSamlIdPMetadataLocator.class); - private final WARestClient restClient; + private final WARestClient waRestClient; public RestfulSamlIdPMetadataLocator( final CipherExecutor<String, String> metadataCipherExecutor, final Cache<String, SamlIdPMetadataDocument> metadataCache, - final WARestClient restClient) { + final WARestClient waRestClient) { super(metadataCipherExecutor, metadataCache); - this.restClient = restClient; + this.waRestClient = waRestClient; } @Override @@ -122,10 +122,10 @@ public class RestfulSamlIdPMetadataLocator extends AbstractSamlIdPMetadataLocato } private SyncopeClient getSyncopeClient() { - if (!WARestClient.isReady()) { + if (!waRestClient.isReady()) { LOG.info("Syncope client is not yet ready"); throw new IllegalStateException("Syncope core is not yet ready to access requests"); } - return restClient.getSyncopeClient(); + return waRestClient.getSyncopeClient(); } } diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/surrogate/WASurrogateAuthenticationService.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/surrogate/WASurrogateAuthenticationService.java index ad4c0833f2..0c44fb9f25 100644 --- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/surrogate/WASurrogateAuthenticationService.java +++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/surrogate/WASurrogateAuthenticationService.java @@ -63,7 +63,7 @@ public class WASurrogateAuthenticationService implements SurrogateAuthentication } private ImpersonationService getImpersonationService() { - if (!WARestClient.isReady()) { + if (!waRestClient.isReady()) { throw new IllegalStateException("Syncope core is not yet ready"); } return waRestClient.getSyncopeClient().getService(ImpersonationService.class); diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/u2f/WAU2FDeviceRepository.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/u2f/WAU2FDeviceRepository.java index a66a196246..6210ca349e 100644 --- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/u2f/WAU2FDeviceRepository.java +++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/u2f/WAU2FDeviceRepository.java @@ -133,7 +133,7 @@ public class WAU2FDeviceRepository extends BaseU2FDeviceRepository { } private U2FRegistrationService getU2FService() { - if (!WARestClient.isReady()) { + if (!waRestClient.isReady()) { throw new IllegalStateException("Syncope core is not yet ready"); } return waRestClient.getSyncopeClient().getService(U2FRegistrationService.class); diff --git a/wa/starter/src/main/java/org/apache/syncope/wa/starter/webauthn/WAWebAuthnCredentialRepository.java b/wa/starter/src/main/java/org/apache/syncope/wa/starter/webauthn/WAWebAuthnCredentialRepository.java index d62ffe218b..6b3e8ac2f2 100644 --- a/wa/starter/src/main/java/org/apache/syncope/wa/starter/webauthn/WAWebAuthnCredentialRepository.java +++ b/wa/starter/src/main/java/org/apache/syncope/wa/starter/webauthn/WAWebAuthnCredentialRepository.java @@ -128,7 +128,7 @@ public class WAWebAuthnCredentialRepository extends BaseWebAuthnCredentialReposi } private WebAuthnRegistrationService getService() { - if (!WARestClient.isReady()) { + if (!waRestClient.isReady()) { throw new IllegalStateException("Syncope core is not yet ready"); } return waRestClient.getSyncopeClient().getService(WebAuthnRegistrationService.class);