This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
commit eaad1f0f2a3a38bef705f917bd0014f758f701f7
Author: Francesco Chicchiriccò <ilgro...@apache.org>
AuthorDate: Wed Jan 25 08:36:28 2023 +0100
[SYNCOPE-1726] Ensuring Core and calling WA instance are both available in
Keymaster before refreshing
---
.../jpa/dao/ElasticsearchAnySearchDAO.java | 11 ++---
pom.xml | 4 +-
.../apache/syncope/sra/actuate/SRASessions.java | 12 ++---
.../wa/bootstrap/WABootstrapConfiguration.java | 5 +-
.../apache/syncope/wa/bootstrap/WARestClient.java | 56 +++++++++++++---------
.../wa/starter/config/WARefreshContextJob.java | 5 +-
.../starter/oidc/WAOIDCJWKSGeneratorService.java | 8 ++--
.../metadata/RestfulSamlIdPMetadataGenerator.java | 10 ++--
.../metadata/RestfulSamlIdPMetadataLocator.java | 10 ++--
.../WASurrogateAuthenticationService.java | 2 +-
.../wa/starter/u2f/WAU2FDeviceRepository.java | 2 +-
.../webauthn/WAWebAuthnCredentialRepository.java | 2 +-
12 files changed, 70 insertions(+), 57 deletions(-)
diff --git
a/ext/elasticsearch/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/ElasticsearchAnySearchDAO.java
b/ext/elasticsearch/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/ElasticsearchAnySearchDAO.java
index 8fe9dd4388..67681a51c6 100644
---
a/ext/elasticsearch/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/ElasticsearchAnySearchDAO.java
+++
b/ext/elasticsearch/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/ElasticsearchAnySearchDAO.java
@@ -394,14 +394,9 @@ public class ElasticsearchAnySearchDAO extends
AbstractAnySearchDAO {
}
if (query == null) {
- Optional<AnyCond> anyCond = cond.getLeaf(AnyCond.class);
- if (anyCond.isPresent()) {
- query = getQuery(anyCond.get(), kind);
- } else {
- query = cond.getLeaf(AttrCond.class).
- map(leaf -> getQuery(leaf, kind)).
- orElse(null);
- }
+ query = cond.getLeaf(AnyCond.class).map(ac -> getQuery(ac,
kind)).
+ or(() -> cond.getLeaf(AttrCond.class).map(ac ->
getQuery(ac, kind))).
+ orElse(null);
}
// allow for additional search conditions
diff --git a/pom.xml b/pom.xml
index ead40c69c5..fe0dcf95a9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -413,7 +413,7 @@ under the License.
<cxf.version>4.0.0</cxf.version>
<bouncycastle.version>1.72</bouncycastle.version>
- <nimbus-jose-jwt.version>9.28</nimbus-jose-jwt.version>
+ <nimbus-jose-jwt.version>9.29</nimbus-jose-jwt.version>
<spring-boot.version>3.0.2</spring-boot.version>
<spring-cloud-gateway.version>4.0.0</spring-cloud-gateway.version>
@@ -1488,7 +1488,7 @@ under the License.
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
- <version>3.3.0</version>
+ <version>3.5.0</version>
<configuration>
<outputDirectory>${bundles.directory}</outputDirectory>
<artifactItems>
diff --git a/sra/src/main/java/org/apache/syncope/sra/actuate/SRASessions.java
b/sra/src/main/java/org/apache/syncope/sra/actuate/SRASessions.java
index a56e8f0b8b..db42addb11 100644
--- a/sra/src/main/java/org/apache/syncope/sra/actuate/SRASessions.java
+++ b/sra/src/main/java/org/apache/syncope/sra/actuate/SRASessions.java
@@ -67,12 +67,12 @@ public class SRASessions {
session.setAuthenticationDate(mapSession.getCreationTime().atOffset(OffsetDateTime.now().getOffset()));
String principal;
- if (ctx.getAuthentication() instanceof SAML2AuthenticationToken) {
- principal = ((SAML2AuthenticationToken)
ctx.getAuthentication()).getPrincipal().getNameId().getValue();
- } else if (ctx.getAuthentication() instanceof CASAuthenticationToken) {
- principal = ((CASAuthenticationToken)
ctx.getAuthentication()).getPrincipal().getPrincipal().getName();
- } else if (ctx.getAuthentication() instanceof
OAuth2AuthenticationToken) {
- principal = ((OAuth2AuthenticationToken)
ctx.getAuthentication()).getPrincipal().getName();
+ if (ctx.getAuthentication() instanceof SAML2AuthenticationToken
saml2AuthenticationToken) {
+ principal =
saml2AuthenticationToken.getPrincipal().getUserProfile().getUsername();
+ } else if (ctx.getAuthentication() instanceof CASAuthenticationToken
casAuthenticationToken) {
+ principal =
casAuthenticationToken.getPrincipal().getPrincipal().getName();
+ } else if (ctx.getAuthentication() instanceof
OAuth2AuthenticationToken oauth2AuthenticationToken) {
+ principal = oauth2AuthenticationToken.getPrincipal().getName();
} else {
principal = ctx.getAuthentication().getPrincipal().toString();
}
diff --git
a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/WABootstrapConfiguration.java
b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/WABootstrapConfiguration.java
index 8c505bd3c4..2215b28130 100644
---
a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/WABootstrapConfiguration.java
+++
b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/WABootstrapConfiguration.java
@@ -42,9 +42,12 @@ public class WABootstrapConfiguration {
@Value("${wa.useGZIPCompression:true}")
private boolean useGZIPCompression;
+ @Value("${service.discovery.address}")
+ private String serviceDiscoveryAddress;
+
@Bean
public WARestClient waRestClient() {
- return new WARestClient(anonymousUser, anonymousKey,
useGZIPCompression);
+ return new WARestClient(anonymousUser, anonymousKey,
useGZIPCompression, serviceDiscoveryAddress);
}
}
diff --git
a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/WARestClient.java
b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/WARestClient.java
index 0cfcd9ae3e..7d71da2e59 100644
---
a/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/WARestClient.java
+++
b/wa/bootstrap/src/main/java/org/apache/syncope/wa/bootstrap/WARestClient.java
@@ -41,16 +41,47 @@ public class WARestClient {
private final boolean useGZIPCompression;
+ private final String serviceDiscoveryAddress;
+
private SyncopeClient client;
public WARestClient(
final String anonymousUser,
final String anonymousKey,
- final boolean useGZIPCompression) {
+ final boolean useGZIPCompression,
+ final String serviceDiscoveryAddress) {
this.anonymousUser = anonymousUser;
this.anonymousKey = anonymousKey;
this.useGZIPCompression = useGZIPCompression;
+ this.serviceDiscoveryAddress = serviceDiscoveryAddress;
+ }
+
+ private Optional<NetworkService> getCore() {
+ try {
+ ApplicationContext context =
ApplicationContextProvider.getApplicationContext();
+ if (context == null) {
+ return Optional.empty();
+ }
+
+ Collection<ServiceOps> serviceOpsList =
context.getBeansOfType(ServiceOps.class).values();
+ if (serviceOpsList.isEmpty()) {
+ return Optional.empty();
+ }
+
+ ServiceOps serviceOps = serviceOpsList.iterator().next();
+
+ if (serviceOps.list(NetworkService.Type.WA).
+ stream().anyMatch(s ->
s.getAddress().equals(serviceDiscoveryAddress))) {
+
+ return Optional.of(serviceOps.get(NetworkService.Type.CORE));
+ }
+
+ return Optional.empty();
+ } catch (KeymasterException e) {
+ LOG.trace(e.getMessage());
+ }
+ return Optional.empty();
}
public SyncopeClient getSyncopeClient() {
@@ -72,30 +103,11 @@ public class WARestClient {
}
}
- private static Optional<NetworkService> getCore() {
- try {
- ApplicationContext context =
ApplicationContextProvider.getApplicationContext();
- if (context == null) {
- return Optional.empty();
- }
-
- Collection<ServiceOps> serviceOpsList =
context.getBeansOfType(ServiceOps.class).values();
- if (serviceOpsList.isEmpty()) {
- return Optional.empty();
- }
- ServiceOps serviceOps = serviceOpsList.iterator().next();
- return Optional.of(serviceOps.get(NetworkService.Type.CORE));
- } catch (KeymasterException e) {
- LOG.trace(e.getMessage());
- }
- return Optional.empty();
- }
-
- public static boolean isReady() {
+ public boolean isReady() {
try {
return getCore().isPresent();
} catch (Exception e) {
- LOG.trace(e.getMessage());
+ LOG.trace("While checking Core's availability: {}",
e.getMessage());
}
return false;
}
diff --git
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/WARefreshContextJob.java
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/WARefreshContextJob.java
index bca830d3de..06a7203064 100644
---
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/WARefreshContextJob.java
+++
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/config/WARefreshContextJob.java
@@ -36,6 +36,9 @@ public class WARefreshContextJob implements Job {
private static final Logger LOG =
LoggerFactory.getLogger(WARefreshContextJob.class);
+ @Autowired
+ private WARestClient waRestClient;
+
@Autowired
private ContextRefresher contextRefresher;
@@ -46,7 +49,7 @@ public class WARefreshContextJob implements Job {
public void execute(final JobExecutionContext jobExecutionContext) throws
JobExecutionException {
try {
LOG.debug("Attempting to refresh WA application context");
- if (!WARestClient.isReady()) {
+ if (!waRestClient.isReady()) {
LOG.debug("Syncope client is not yet ready");
throw new IllegalStateException("Syncope core is not yet ready
to access requests");
}
diff --git
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/oidc/WAOIDCJWKSGeneratorService.java
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/oidc/WAOIDCJWKSGeneratorService.java
index 492485cac6..bfa6865ea1 100644
---
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/oidc/WAOIDCJWKSGeneratorService.java
+++
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/oidc/WAOIDCJWKSGeneratorService.java
@@ -47,12 +47,12 @@ public class WAOIDCJWKSGeneratorService implements
OidcJsonWebKeystoreGeneratorS
protected final int jwksKeySize;
public WAOIDCJWKSGeneratorService(
- final WARestClient restClient,
+ final WARestClient waRestClient,
final String jwksKeyId,
final String jwksType,
final int jwksKeySize) {
- this.waRestClient = restClient;
+ this.waRestClient = waRestClient;
this.jwksKeyId = jwksKeyId;
this.jwksType = jwksType;
this.jwksKeySize = jwksKeySize;
@@ -60,7 +60,7 @@ public class WAOIDCJWKSGeneratorService implements
OidcJsonWebKeystoreGeneratorS
@Override
public JsonWebKeySet store(final JsonWebKeySet jsonWebKeySet) throws
Exception {
- if (!WARestClient.isReady()) {
+ if (!waRestClient.isReady()) {
throw new IllegalStateException("Syncope core is not yet ready");
}
OIDCJWKSService service =
waRestClient.getSyncopeClient().getService(OIDCJWKSService.class);
@@ -77,7 +77,7 @@ public class WAOIDCJWKSGeneratorService implements
OidcJsonWebKeystoreGeneratorS
@Override
public Resource generate() {
- if (!WARestClient.isReady()) {
+ if (!waRestClient.isReady()) {
throw new IllegalStateException("Syncope core is not yet ready");
}
diff --git
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/saml/idp/metadata/RestfulSamlIdPMetadataGenerator.java
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/saml/idp/metadata/RestfulSamlIdPMetadataGenerator.java
index 0b8cdb6efc..2161f118ce 100644
---
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/saml/idp/metadata/RestfulSamlIdPMetadataGenerator.java
+++
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/saml/idp/metadata/RestfulSamlIdPMetadataGenerator.java
@@ -37,14 +37,14 @@ public class RestfulSamlIdPMetadataGenerator extends
BaseSamlIdPMetadataGenerato
private static final Logger LOG =
LoggerFactory.getLogger(RestfulSamlIdPMetadataGenerator.class);
- private final WARestClient restClient;
+ private final WARestClient waRestClient;
public RestfulSamlIdPMetadataGenerator(
final SamlIdPMetadataGeneratorConfigurationContext
samlIdPMetadataGeneratorConfigurationContext,
- final WARestClient restClient) {
+ final WARestClient waRestClient) {
super(samlIdPMetadataGeneratorConfigurationContext);
- this.restClient = restClient;
+ this.waRestClient = waRestClient;
}
@Override
@@ -97,10 +97,10 @@ public class RestfulSamlIdPMetadataGenerator extends
BaseSamlIdPMetadataGenerato
}
private SyncopeClient getSyncopeClient() {
- if (!WARestClient.isReady()) {
+ if (!waRestClient.isReady()) {
LOG.info("Syncope client is not yet ready");
throw new IllegalStateException("Syncope core is not yet ready to
access requests");
}
- return restClient.getSyncopeClient();
+ return waRestClient.getSyncopeClient();
}
}
diff --git
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/saml/idp/metadata/RestfulSamlIdPMetadataLocator.java
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/saml/idp/metadata/RestfulSamlIdPMetadataLocator.java
index b66b2cade8..71c8fa1d5e 100644
---
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/saml/idp/metadata/RestfulSamlIdPMetadataLocator.java
+++
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/saml/idp/metadata/RestfulSamlIdPMetadataLocator.java
@@ -39,15 +39,15 @@ public class RestfulSamlIdPMetadataLocator extends
AbstractSamlIdPMetadataLocato
private static final Logger LOG =
LoggerFactory.getLogger(RestfulSamlIdPMetadataLocator.class);
- private final WARestClient restClient;
+ private final WARestClient waRestClient;
public RestfulSamlIdPMetadataLocator(
final CipherExecutor<String, String> metadataCipherExecutor,
final Cache<String, SamlIdPMetadataDocument> metadataCache,
- final WARestClient restClient) {
+ final WARestClient waRestClient) {
super(metadataCipherExecutor, metadataCache);
- this.restClient = restClient;
+ this.waRestClient = waRestClient;
}
@Override
@@ -122,10 +122,10 @@ public class RestfulSamlIdPMetadataLocator extends
AbstractSamlIdPMetadataLocato
}
private SyncopeClient getSyncopeClient() {
- if (!WARestClient.isReady()) {
+ if (!waRestClient.isReady()) {
LOG.info("Syncope client is not yet ready");
throw new IllegalStateException("Syncope core is not yet ready to
access requests");
}
- return restClient.getSyncopeClient();
+ return waRestClient.getSyncopeClient();
}
}
diff --git
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/surrogate/WASurrogateAuthenticationService.java
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/surrogate/WASurrogateAuthenticationService.java
index ad4c0833f2..0c44fb9f25 100644
---
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/surrogate/WASurrogateAuthenticationService.java
+++
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/surrogate/WASurrogateAuthenticationService.java
@@ -63,7 +63,7 @@ public class WASurrogateAuthenticationService implements
SurrogateAuthentication
}
private ImpersonationService getImpersonationService() {
- if (!WARestClient.isReady()) {
+ if (!waRestClient.isReady()) {
throw new IllegalStateException("Syncope core is not yet ready");
}
return
waRestClient.getSyncopeClient().getService(ImpersonationService.class);
diff --git
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/u2f/WAU2FDeviceRepository.java
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/u2f/WAU2FDeviceRepository.java
index a66a196246..6210ca349e 100644
---
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/u2f/WAU2FDeviceRepository.java
+++
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/u2f/WAU2FDeviceRepository.java
@@ -133,7 +133,7 @@ public class WAU2FDeviceRepository extends
BaseU2FDeviceRepository {
}
private U2FRegistrationService getU2FService() {
- if (!WARestClient.isReady()) {
+ if (!waRestClient.isReady()) {
throw new IllegalStateException("Syncope core is not yet ready");
}
return
waRestClient.getSyncopeClient().getService(U2FRegistrationService.class);
diff --git
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/webauthn/WAWebAuthnCredentialRepository.java
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/webauthn/WAWebAuthnCredentialRepository.java
index d62ffe218b..6b3e8ac2f2 100644
---
a/wa/starter/src/main/java/org/apache/syncope/wa/starter/webauthn/WAWebAuthnCredentialRepository.java
+++
b/wa/starter/src/main/java/org/apache/syncope/wa/starter/webauthn/WAWebAuthnCredentialRepository.java
@@ -128,7 +128,7 @@ public class WAWebAuthnCredentialRepository extends
BaseWebAuthnCredentialReposi
}
private WebAuthnRegistrationService getService() {
- if (!WARestClient.isReady()) {
+ if (!waRestClient.isReady()) {
throw new IllegalStateException("Syncope core is not yet ready");
}
return
waRestClient.getSyncopeClient().getService(WebAuthnRegistrationService.class);
