This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch 3_0_X
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/3_0_X by this push:
new 2c9f1508f6 [SYNCOPE-1760] Refactoring Spring Security config for Core
(#463)
2c9f1508f6 is described below
commit 2c9f1508f619bfd9267e992c2464b50b241f0db6
Author: Francesco Chicchiriccò <[email protected]>
AuthorDate: Thu May 25 17:04:40 2023 +0200
[SYNCOPE-1760] Refactoring Spring Security config for Core (#463)
---
.../syncope/client/ui/commons/BaseLogin.java | 2 -
.../syncope/client/ui/commons/BaseSession.java | 4 +-
.../syncope/client/console/ConsoleProperties.java | 12 ---
.../syncope/client/console/SecurityConfig.java | 7 +-
.../client/console/SyncopeConsoleSession.java | 5 +-
.../client/console/SyncopeWebApplication.java | 8 +-
.../apache/syncope/client/console/pages/Login.java | 5 --
.../syncope/client/console/AbstractTest.java | 12 ++-
.../syncope/client/enduser/SecurityConfig.java | 7 +-
.../client/enduser/SyncopeEnduserSession.java | 5 +-
.../client/enduser/SyncopeWebApplication.java | 12 +--
.../apache/syncope/client/enduser/pages/Login.java | 5 --
.../syncope/client/enduser/AbstractTest.java | 11 ++-
.../client/lib/NoAuthenticationHandler.java | 26 ------
.../syncope/client/lib/SyncopeAnonymousClient.java | 98 ++++++++++++++++++++++
.../apache/syncope/client/lib/SyncopeClient.java | 85 ++++---------------
.../client/lib/SyncopeClientFactoryBean.java | 26 ++++--
.../apache/syncope/client/lib/ConcurrencyTest.java | 4 +-
.../syncope/core/logic/SecurityQuestionLogic.java | 2 +-
.../org/apache/syncope/core/logic/UserLogic.java | 8 +-
.../syncope/core/rest/cxf/CheckDomainFilter.java | 74 ----------------
.../core/rest/cxf/IdRepoRESTCXFContext.java | 8 --
.../apache/syncope/core/logic/ConfParamLogic.java | 8 +-
.../org/apache/syncope/core/logic/DomainLogic.java | 12 +--
.../syncope/core/logic/NetworkServiceLogic.java | 8 +-
.../core/spring/security/WebSecurityContext.java | 27 ++----
.../actuate/DefaultSyncopeCoreInfoContributor.java | 2 -
.../org/apache/syncope/fit/AbstractITCase.java | 35 ++++----
.../org/apache/syncope/fit/AbstractUIITCase.java | 13 +--
.../org/apache/syncope/fit/OIDCClientDetector.java | 9 +-
.../syncope/fit/core/AuthenticationITCase.java | 20 ++---
.../syncope/fit/core/ExceptionMapperITCase.java | 2 +-
.../org/apache/syncope/fit/core/GroupITCase.java | 16 +---
.../syncope/fit/core/MultitenancyITCase.java | 11 ++-
.../apache/syncope/fit/core/OIDCJWKSITCase.java | 6 +-
.../org/apache/syncope/fit/core/PolicyITCase.java | 4 +-
.../apache/syncope/fit/core/PullTaskITCase.java | 2 +-
.../apache/syncope/fit/core/PushTaskITCase.java | 2 +-
.../org/apache/syncope/fit/core/ReportITCase.java | 2 +-
.../apache/syncope/fit/core/ResourceITCase.java | 2 +-
.../syncope/fit/core/SAML2IdPEntityITCase.java | 6 +-
.../syncope/fit/core/SAML2SPEntityITCase.java | 6 +-
.../apache/syncope/fit/core/SchedTaskITCase.java | 2 +-
.../apache/syncope/fit/core/UserSelfITCase.java | 27 +++---
.../apache/syncope/fit/core/VirSchemaITCase.java | 9 --
.../syncope/fit/core/wa/WAClientAppITCase.java | 6 +-
pom.xml | 2 +-
.../org/apache/syncope/sra/SecurityConfig.java | 4 +-
48 files changed, 262 insertions(+), 407 deletions(-)
diff --git
a/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/BaseLogin.java
b/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/BaseLogin.java
index 82c7eb3dc8..508e38e455 100644
---
a/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/BaseLogin.java
+++
b/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/BaseLogin.java
@@ -217,8 +217,6 @@ public abstract class BaseLogin extends WebPage {
protected abstract void sendError(String error);
- protected abstract String getAnonymousUser();
-
protected abstract void authenticate(
String username,
String password,
diff --git
a/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/BaseSession.java
b/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/BaseSession.java
index 6790183fb8..3187116192 100644
---
a/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/BaseSession.java
+++
b/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/BaseSession.java
@@ -22,7 +22,7 @@ import java.util.List;
import java.util.Locale;
import java.util.concurrent.Callable;
import java.util.concurrent.Future;
-import org.apache.syncope.client.lib.SyncopeClient;
+import org.apache.syncope.client.lib.SyncopeAnonymousClient;
public interface BaseSession {
@@ -55,7 +55,7 @@ public interface BaseSession {
String getJWT();
- SyncopeClient getAnonymousClient();
+ SyncopeAnonymousClient getAnonymousClient();
<T> T getAnonymousService(Class<T> serviceClass);
diff --git
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/ConsoleProperties.java
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/ConsoleProperties.java
index 14a8a1ed0a..15d86880e8 100644
---
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/ConsoleProperties.java
+++
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/ConsoleProperties.java
@@ -66,8 +66,6 @@ public class ConsoleProperties extends CommonUIProperties {
}
}
- private String adminUser = "admin";
-
private final Map<String, Class<? extends BasePage>> page = new
HashMap<>();
private String defaultAnyPanelClass = AnyPanel.class.getName();
@@ -76,16 +74,6 @@ public class ConsoleProperties extends CommonUIProperties {
private final Topology topology = new Topology();
- @Override
- public String getAdminUser() {
- return adminUser;
- }
-
- @Override
- public void setAdminUser(final String adminUser) {
- this.adminUser = adminUser;
- }
-
public Map<String, Class<? extends BasePage>> getPage() {
return page;
}
diff --git
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SecurityConfig.java
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SecurityConfig.java
index f33629d732..3fc281849a 100644
---
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SecurityConfig.java
+++
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SecurityConfig.java
@@ -20,6 +20,7 @@ package org.apache.syncope.client.console;
import org.apache.syncope.common.lib.types.IdRepoEntitlement;
import
org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
+import
org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import
org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -33,8 +34,9 @@ import org.springframework.security.web.SecurityFilterChain;
@Configuration(proxyBeanMethods = false)
public class SecurityConfig {
+ @ConditionalOnMissingBean
@Bean
- public SecurityFilterChain filterChain(final HttpSecurity http) throws
Exception {
+ public SecurityFilterChain actuatorFilterChain(final HttpSecurity http)
throws Exception {
http.csrf().disable().
authorizeRequests().
requestMatchers(EndpointRequest.toAnyEndpoint()).
@@ -44,8 +46,9 @@ public class SecurityConfig {
return http.build();
}
+ @ConditionalOnMissingBean
@Bean
- public InMemoryUserDetailsManager userDetailsService(final
ConsoleProperties props) {
+ public InMemoryUserDetailsManager actuatorUserDetailsService(final
ConsoleProperties props) {
UserDetails user = User.withUsername(props.getAnonymousUser()).
password("{noop}" + props.getAnonymousKey()).
roles(IdRepoEntitlement.ANONYMOUS).
diff --git
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java
index 66c331e0b0..00054d2dd7 100644
---
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java
+++
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java
@@ -43,6 +43,7 @@ import org.apache.commons.lang3.tuple.Pair;
import org.apache.commons.lang3.tuple.Triple;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.syncope.client.console.commons.RealmsUtils;
+import org.apache.syncope.client.lib.SyncopeAnonymousClient;
import org.apache.syncope.client.lib.SyncopeClient;
import org.apache.syncope.client.lib.SyncopeClientFactoryBean;
import org.apache.syncope.client.lib.batch.BatchRequest;
@@ -96,7 +97,7 @@ public class SyncopeConsoleSession extends
AuthenticatedWebSession implements Ba
protected final SyncopeClientFactoryBean clientFactory;
- protected final SyncopeClient anonymousClient;
+ protected final SyncopeAnonymousClient anonymousClient;
protected final Pair<String, String> gitAndBuildInfo;
@@ -383,7 +384,7 @@ public class SyncopeConsoleSession extends
AuthenticatedWebSession implements Ba
}
@Override
- public SyncopeClient getAnonymousClient() {
+ public SyncopeAnonymousClient getAnonymousClient() {
return anonymousClient;
}
diff --git
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeWebApplication.java
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeWebApplication.java
index b6cf37835d..122529779b 100644
---
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeWebApplication.java
+++
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/SyncopeWebApplication.java
@@ -43,8 +43,7 @@ import org.apache.syncope.client.console.pages.Login;
import org.apache.syncope.client.console.pages.MustChangePassword;
import org.apache.syncope.client.console.rest.RealmRestClient;
import org.apache.syncope.client.console.wizards.any.UserFormFinalizer;
-import org.apache.syncope.client.lib.AnonymousAuthenticationHandler;
-import org.apache.syncope.client.lib.SyncopeClient;
+import org.apache.syncope.client.lib.SyncopeAnonymousClient;
import org.apache.syncope.client.lib.SyncopeClientFactoryBean;
import org.apache.syncope.client.ui.commons.Constants;
import org.apache.syncope.client.ui.commons.SyncopeUIRequestCycleListener;
@@ -271,9 +270,8 @@ public class SyncopeWebApplication extends
WicketBootSecuredWebApplication {
return executor;
}
- public SyncopeClient newAnonymousClient() {
- return newClientFactory().create(
- new AnonymousAuthenticationHandler(props.getAnonymousUser(),
props.getAnonymousKey()));
+ public SyncopeAnonymousClient newAnonymousClient() {
+ return newClientFactory().createAnonymous(props.getAnonymousUser(),
props.getAnonymousKey());
}
public SyncopeClientFactoryBean newClientFactory() {
diff --git
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/pages/Login.java
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/pages/Login.java
index 4fbaeeede5..c5f37cb613 100644
---
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/pages/Login.java
+++
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/pages/Login.java
@@ -64,11 +64,6 @@ public class Login extends BaseLogin {
SyncopeConsoleSession.get().error(error);
}
- @Override
- protected String getAnonymousUser() {
- return SyncopeWebApplication.get().getAnonymousUser();
- }
-
@Override
protected void authenticate(final String username, final String password,
final AjaxRequestTarget target)
throws AccessControlException {
diff --git
a/client/idrepo/console/src/test/java/org/apache/syncope/client/console/AbstractTest.java
b/client/idrepo/console/src/test/java/org/apache/syncope/client/console/AbstractTest.java
index 8b61bb5190..30df5d9ecf 100644
---
a/client/idrepo/console/src/test/java/org/apache/syncope/client/console/AbstractTest.java
+++
b/client/idrepo/console/src/test/java/org/apache/syncope/client/console/AbstractTest.java
@@ -20,6 +20,7 @@ package org.apache.syncope.client.console;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.isNull;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
@@ -56,6 +57,7 @@ import
org.apache.syncope.client.console.commons.StatusProvider;
import org.apache.syncope.client.console.commons.VirSchemaDetailsPanelProvider;
import
org.apache.syncope.client.console.init.ClassPathScanImplementationLookup;
import org.apache.syncope.client.lib.AuthenticationHandler;
+import org.apache.syncope.client.lib.SyncopeAnonymousClient;
import org.apache.syncope.client.lib.SyncopeClient;
import org.apache.syncope.client.lib.SyncopeClientFactoryBean;
import org.apache.syncope.client.ui.commons.MIMETypesLoader;
@@ -292,12 +294,13 @@ public abstract class AbstractTest {
@Override
public SyncopeClientFactoryBean newClientFactory() {
SyncopeClient client = mock(SyncopeClient.class);
+ SyncopeAnonymousClient anonymousClient =
mock(SyncopeAnonymousClient.class);
when(client.self()).thenReturn(Triple.of(new HashMap<>(),
List.of(), getUserTO()));
- when(client.gitAndBuildInfo()).thenReturn(Pair.of("", ""));
- when(client.platform()).thenReturn(new PlatformInfo());
- when(client.numbers()).thenAnswer(ic -> {
+ when(anonymousClient.gitAndBuildInfo()).thenReturn(Pair.of("",
""));
+ when(anonymousClient.platform()).thenReturn(new PlatformInfo());
+ when(anonymousClient.numbers()).thenAnswer(ic -> {
NumbersInfo numbersInfo = new NumbersInfo();
numbersInfo.getConfCompleteness().put(
@@ -321,7 +324,7 @@ public abstract class AbstractTest {
return numbersInfo;
});
- when(client.system()).thenReturn(new SystemInfo());
+ when(anonymousClient.system()).thenReturn(new SystemInfo());
SyncopeService syncopeService = getSyncopeService();
when(client.getService(SyncopeService.class)).thenReturn(syncopeService);
@@ -339,6 +342,7 @@ public abstract class AbstractTest {
when(clientFactory.setDomain(any())).thenReturn(clientFactory);
when(clientFactory.create(any(AuthenticationHandler.class))).thenReturn(client);
when(clientFactory.create(anyString(),
anyString())).thenReturn(client);
+ when(clientFactory.createAnonymous(anyString(),
isNull())).thenReturn(anonymousClient);
return clientFactory;
}
diff --git
a/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SecurityConfig.java
b/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SecurityConfig.java
index 3218618cdf..ca65e79eb4 100644
---
a/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SecurityConfig.java
+++
b/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SecurityConfig.java
@@ -20,6 +20,7 @@ package org.apache.syncope.client.enduser;
import org.apache.syncope.common.lib.types.IdRepoEntitlement;
import
org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
+import
org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import
org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -33,8 +34,9 @@ import org.springframework.security.web.SecurityFilterChain;
@Configuration(proxyBeanMethods = false)
public class SecurityConfig {
+ @ConditionalOnMissingBean
@Bean
- public SecurityFilterChain filterChain(final HttpSecurity http) throws
Exception {
+ public SecurityFilterChain actuatorFilterChain(final HttpSecurity http)
throws Exception {
http.csrf().disable().
authorizeRequests().
requestMatchers(EndpointRequest.toAnyEndpoint()).
@@ -44,8 +46,9 @@ public class SecurityConfig {
return http.build();
}
+ @ConditionalOnMissingBean
@Bean
- public InMemoryUserDetailsManager userDetailsService(final
EnduserProperties props) {
+ public InMemoryUserDetailsManager actuatorUserDetailsService(final
EnduserProperties props) {
UserDetails user = User.withUsername(props.getAnonymousUser()).
password("{noop}" + props.getAnonymousKey()).
roles(IdRepoEntitlement.ANONYMOUS).
diff --git
a/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserSession.java
b/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserSession.java
index 450807f320..51b9dfd822 100644
---
a/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserSession.java
+++
b/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeEnduserSession.java
@@ -36,6 +36,7 @@ import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.apache.commons.lang3.time.FastDateFormat;
import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.syncope.client.lib.SyncopeAnonymousClient;
import org.apache.syncope.client.lib.SyncopeClient;
import org.apache.syncope.client.lib.SyncopeClientFactoryBean;
import org.apache.syncope.client.ui.commons.BaseSession;
@@ -87,7 +88,7 @@ public class SyncopeEnduserSession extends
AuthenticatedWebSession implements Ba
private final SyncopeClientFactoryBean clientFactory;
- private final SyncopeClient anonymousClient;
+ private final SyncopeAnonymousClient anonymousClient;
private final PlatformInfo platformInfo;
@@ -296,7 +297,7 @@ public class SyncopeEnduserSession extends
AuthenticatedWebSession implements Ba
}
@Override
- public SyncopeClient getAnonymousClient() {
+ public SyncopeAnonymousClient getAnonymousClient() {
return anonymousClient;
}
diff --git
a/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeWebApplication.java
b/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeWebApplication.java
index 0647284544..887baf949a 100644
---
a/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeWebApplication.java
+++
b/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/SyncopeWebApplication.java
@@ -35,8 +35,7 @@ import org.apache.syncope.client.enduser.pages.Login;
import org.apache.syncope.client.enduser.pages.MustChangePassword;
import org.apache.syncope.client.enduser.pages.SelfConfirmPasswordReset;
import org.apache.syncope.client.enduser.panels.Sidebar;
-import org.apache.syncope.client.lib.AnonymousAuthenticationHandler;
-import org.apache.syncope.client.lib.SyncopeClient;
+import org.apache.syncope.client.lib.SyncopeAnonymousClient;
import org.apache.syncope.client.lib.SyncopeClientFactoryBean;
import org.apache.syncope.client.ui.commons.SyncopeUIRequestCycleListener;
import org.apache.syncope.client.ui.commons.annotations.Resource;
@@ -246,9 +245,8 @@ public class SyncopeWebApplication extends
WicketBootSecuredWebApplication {
return new SyncopeEnduserSession(request);
}
- public SyncopeClient newAnonymousClient() {
- return newClientFactory().create(
- new AnonymousAuthenticationHandler(props.getAnonymousUser(),
props.getAnonymousKey()));
+ public SyncopeAnonymousClient newAnonymousClient() {
+ return newClientFactory().createAnonymous(props.getAnonymousUser(),
props.getAnonymousKey());
}
public SyncopeClientFactoryBean newClientFactory() {
@@ -278,10 +276,6 @@ public class SyncopeWebApplication extends
WicketBootSecuredWebApplication {
return props.getAnonymousUser();
}
- public String getAnonymousKey() {
- return props.getAnonymousKey();
- }
-
public boolean isCaptchaEnabled() {
return props.isCaptcha();
}
diff --git
a/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/pages/Login.java
b/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/pages/Login.java
index bcc26ade6d..7e5efcb39b 100644
---
a/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/pages/Login.java
+++
b/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/pages/Login.java
@@ -88,11 +88,6 @@ public class Login extends BaseLogin {
SyncopeEnduserSession.get().error(error);
}
- @Override
- protected String getAnonymousUser() {
- return SyncopeWebApplication.get().getAnonymousUser();
- }
-
@Override
protected void authenticate(final String username, final String password,
final AjaxRequestTarget target)
throws AccessControlException {
diff --git
a/client/idrepo/enduser/src/test/java/org/apache/syncope/client/enduser/AbstractTest.java
b/client/idrepo/enduser/src/test/java/org/apache/syncope/client/enduser/AbstractTest.java
index a209ca5949..b53aa17e92 100644
---
a/client/idrepo/enduser/src/test/java/org/apache/syncope/client/enduser/AbstractTest.java
+++
b/client/idrepo/enduser/src/test/java/org/apache/syncope/client/enduser/AbstractTest.java
@@ -20,6 +20,7 @@ package org.apache.syncope.client.enduser;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.isNull;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
@@ -35,6 +36,7 @@ import org.apache.commons.lang3.tuple.Triple;
import org.apache.cxf.jaxrs.client.Client;
import
org.apache.syncope.client.enduser.init.ClassPathScanImplementationLookup;
import org.apache.syncope.client.lib.AuthenticationHandler;
+import org.apache.syncope.client.lib.SyncopeAnonymousClient;
import org.apache.syncope.client.lib.SyncopeClient;
import org.apache.syncope.client.lib.SyncopeClientFactoryBean;
import org.apache.syncope.client.ui.commons.MIMETypesLoader;
@@ -199,12 +201,14 @@ public abstract class AbstractTest {
@Override
public SyncopeClientFactoryBean newClientFactory() {
SyncopeClient client = mock(SyncopeClient.class);
+ SyncopeAnonymousClient anonymousClient =
mock(SyncopeAnonymousClient.class);
+
when(client.getJWT()).thenReturn("<anyJWT>");
when(client.self()).thenReturn(Triple.of(new HashMap<>(),
List.of(), getUserTO()));
- when(client.platform()).thenReturn(new PlatformInfo());
- when(client.numbers()).thenAnswer(ic -> {
+ when(anonymousClient.platform()).thenReturn(new PlatformInfo());
+ when(anonymousClient.numbers()).thenAnswer(ic -> {
NumbersInfo numbersInfo = new NumbersInfo();
numbersInfo.getConfCompleteness().put(
@@ -228,7 +232,7 @@ public abstract class AbstractTest {
return numbersInfo;
});
- when(client.system()).thenReturn(new SystemInfo());
+ when(anonymousClient.system()).thenReturn(new SystemInfo());
SyncopeService syncopeService = getSyncopeService();
when(client.getService(SyncopeService.class)).thenReturn(syncopeService);
@@ -243,6 +247,7 @@ public abstract class AbstractTest {
when(clientFactory.setDomain(any())).thenReturn(clientFactory);
when(clientFactory.create(any(AuthenticationHandler.class))).thenReturn(client);
when(clientFactory.create(anyString(),
anyString())).thenReturn(client);
+ when(clientFactory.createAnonymous(anyString(),
isNull())).thenReturn(anonymousClient);
return clientFactory;
}
diff --git
a/client/idrepo/lib/src/main/java/org/apache/syncope/client/lib/NoAuthenticationHandler.java
b/client/idrepo/lib/src/main/java/org/apache/syncope/client/lib/NoAuthenticationHandler.java
deleted file mode 100644
index 6ad2b1f67a..0000000000
---
a/client/idrepo/lib/src/main/java/org/apache/syncope/client/lib/NoAuthenticationHandler.java
+++ /dev/null
@@ -1,26 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.client.lib;
-
-/**
- * Empty implementation not providing any real authentication capability.
- */
-public class NoAuthenticationHandler implements AuthenticationHandler {
-
-}
diff --git
a/client/idrepo/lib/src/main/java/org/apache/syncope/client/lib/SyncopeAnonymousClient.java
b/client/idrepo/lib/src/main/java/org/apache/syncope/client/lib/SyncopeAnonymousClient.java
new file mode 100644
index 0000000000..69d6cb2521
--- /dev/null
+++
b/client/idrepo/lib/src/main/java/org/apache/syncope/client/lib/SyncopeAnonymousClient.java
@@ -0,0 +1,98 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.client.lib;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Base64;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.MediaType;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.lang3.tuple.Pair;
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
+import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean;
+import org.apache.cxf.jaxrs.client.WebClient;
+import org.apache.syncope.common.lib.info.NumbersInfo;
+import org.apache.syncope.common.lib.info.PlatformInfo;
+import org.apache.syncope.common.lib.info.SystemInfo;
+import org.apache.syncope.common.rest.api.RESTHeaders;
+
+public class SyncopeAnonymousClient extends SyncopeClient {
+
+ protected final AnonymousAuthenticationHandler anonymousAuthHandler;
+
+ public SyncopeAnonymousClient(
+ final MediaType mediaType,
+ final JAXRSClientFactoryBean restClientFactory,
+ final RestClientExceptionMapper exceptionMapper,
+ final AnonymousAuthenticationHandler anonymousAuthHandler,
+ final boolean useCompression,
+ final TLSClientParameters tlsClientParameters) {
+
+ super(mediaType, restClientFactory, exceptionMapper,
anonymousAuthHandler, useCompression, tlsClientParameters);
+ this.anonymousAuthHandler = anonymousAuthHandler;
+ }
+
+ protected JsonNode info() throws IOException {
+ WebClient webClient = WebClient.create(
+ restClientFactory.getAddress().replace("/rest",
"/actuator/info")).
+ accept(MediaType.APPLICATION_JSON_TYPE).
+ header(RESTHeaders.DOMAIN, getDomain()).
+ header(HttpHeaders.AUTHORIZATION, "Basic " +
Base64.getEncoder().encodeToString(
+ (anonymousAuthHandler.getUsername() + ":" +
anonymousAuthHandler.getPassword()).getBytes()));
+
+ return MAPPER.readTree((InputStream) webClient.get().getEntity());
+ }
+
+ public Pair<String, String> gitAndBuildInfo() {
+ try {
+ JsonNode info = info();
+ return Pair.of(
+ info.has("git") ?
info.get("git").get("commit").get("id").asText() : StringUtils.EMPTY,
+ info.get("build").get("version").asText());
+ } catch (IOException e) {
+ throw new RuntimeException("While getting build and git Info", e);
+ }
+ }
+
+ public PlatformInfo platform() {
+ try {
+ return MAPPER.treeToValue(info().get("platform"),
PlatformInfo.class);
+ } catch (IOException e) {
+ throw new RuntimeException("While getting Platform Info", e);
+ }
+ }
+
+ public SystemInfo system() {
+ try {
+ return MAPPER.treeToValue(info().get("system"), SystemInfo.class);
+ } catch (IOException e) {
+ throw new RuntimeException("While getting System Info", e);
+ }
+ }
+
+ public NumbersInfo numbers() {
+ try {
+ return MAPPER.treeToValue(info().get("numbers"),
NumbersInfo.class);
+ } catch (IOException e) {
+ throw new RuntimeException("While getting Numbers Info", e);
+ }
+ }
+}
diff --git
a/client/idrepo/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClient.java
b/client/idrepo/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClient.java
index 60546ae1ae..0c7c4d2d6f 100644
---
a/client/idrepo/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClient.java
+++
b/client/idrepo/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClient.java
@@ -19,22 +19,16 @@
package org.apache.syncope.client.lib;
import com.fasterxml.jackson.core.type.TypeReference;
-import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.json.JsonMapper;
import java.io.IOException;
-import java.io.InputStream;
-import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
-import java.util.Optional;
import java.util.Set;
import javax.ws.rs.core.EntityTag;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.commons.lang3.tuple.Pair;
import org.apache.commons.lang3.tuple.Triple;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.jaxrs.client.Client;
@@ -47,9 +41,6 @@ import org.apache.cxf.transport.http.HTTPConduit;
import org.apache.cxf.transport.http.URLConnectionHTTPConduit;
import org.apache.syncope.client.lib.batch.BatchRequest;
import org.apache.syncope.common.lib.SyncopeConstants;
-import org.apache.syncope.common.lib.info.NumbersInfo;
-import org.apache.syncope.common.lib.info.PlatformInfo;
-import org.apache.syncope.common.lib.info.SystemInfo;
import
org.apache.syncope.common.lib.search.AnyObjectFiqlSearchConditionBuilder;
import
org.apache.syncope.common.lib.search.ConnObjectTOFiqlSearchConditionBuilder;
import org.apache.syncope.common.lib.search.GroupFiqlSearchConditionBuilder;
@@ -91,7 +82,7 @@ public class SyncopeClient {
final MediaType mediaType,
final JAXRSClientFactoryBean restClientFactory,
final RestClientExceptionMapper exceptionMapper,
- final AuthenticationHandler handler,
+ final AuthenticationHandler authHandler,
final boolean useCompression,
final TLSClientParameters tlsClientParameters) {
@@ -101,9 +92,10 @@ public class SyncopeClient {
this.restClientFactory.setHeaders(new HashMap<>());
}
this.exceptionMapper = exceptionMapper;
- this.tlsClientParameters = tlsClientParameters;
- init(handler);
this.useCompression = useCompression;
+ this.tlsClientParameters = tlsClientParameters;
+
+ init(authHandler);
}
/**
@@ -118,27 +110,27 @@ public class SyncopeClient {
* </ul>
* More can be supported by subclasses.
*
- * @param handler authentication handler
+ * @param authHandler authentication handler
*/
- protected void init(final AuthenticationHandler handler) {
+ protected void init(final AuthenticationHandler authHandler) {
cleanup();
- if (handler instanceof AnonymousAuthenticationHandler) {
- restClientFactory.setUsername(((AnonymousAuthenticationHandler)
handler).getUsername());
- restClientFactory.setPassword(((AnonymousAuthenticationHandler)
handler).getPassword());
- } else if (handler instanceof BasicAuthenticationHandler) {
- restClientFactory.setUsername(((BasicAuthenticationHandler)
handler).getUsername());
- restClientFactory.setPassword(((BasicAuthenticationHandler)
handler).getPassword());
+ if (authHandler instanceof AnonymousAuthenticationHandler) {
+ restClientFactory.setUsername(((AnonymousAuthenticationHandler)
authHandler).getUsername());
+ restClientFactory.setPassword(((AnonymousAuthenticationHandler)
authHandler).getPassword());
+ } else if (authHandler instanceof BasicAuthenticationHandler) {
+ restClientFactory.setUsername(((BasicAuthenticationHandler)
authHandler).getUsername());
+ restClientFactory.setPassword(((BasicAuthenticationHandler)
authHandler).getPassword());
String jwt =
getService(AccessTokenService.class).login().getHeaderString(RESTHeaders.TOKEN);
restClientFactory.getHeaders().put(HttpHeaders.AUTHORIZATION,
List.of("Bearer " + jwt));
restClientFactory.setUsername(null);
restClientFactory.setPassword(null);
- } else if (handler instanceof JWTAuthenticationHandler) {
+ } else if (authHandler instanceof JWTAuthenticationHandler) {
restClientFactory.getHeaders().put(
HttpHeaders.AUTHORIZATION,
- List.of("Bearer " + ((JWTAuthenticationHandler)
handler).getJwt()));
+ List.of("Bearer " + ((JWTAuthenticationHandler)
authHandler).getJwt()));
}
}
@@ -149,55 +141,6 @@ public class SyncopeClient {
restClientFactory.setPassword(null);
}
- protected JsonNode info() throws IOException {
- WebClient webClient = WebClient.create(
- restClientFactory.getAddress().replace("/rest",
"/actuator/info")).
- accept(MediaType.APPLICATION_JSON_TYPE).
- header(RESTHeaders.DOMAIN, getDomain());
-
- Optional.ofNullable(getJWT()).ifPresentOrElse(
- jwt -> webClient.header(HttpHeaders.AUTHORIZATION, "Bearer " +
jwt),
- () -> webClient.header(HttpHeaders.AUTHORIZATION, "Basic " +
Base64.getEncoder().encodeToString(
- (restClientFactory.getUsername() + ":" +
restClientFactory.getPassword()).getBytes())));
-
- return MAPPER.readTree((InputStream) webClient.get().getEntity());
- }
-
- public Pair<String, String> gitAndBuildInfo() {
- try {
- JsonNode info = info();
- return Pair.of(
- info.has("git") ?
info.get("git").get("commit").get("id").asText() : StringUtils.EMPTY,
- info.get("build").get("version").asText());
- } catch (IOException e) {
- throw new RuntimeException("While getting build and git Info", e);
- }
- }
-
- public PlatformInfo platform() {
- try {
- return MAPPER.treeToValue(info().get("platform"),
PlatformInfo.class);
- } catch (IOException e) {
- throw new RuntimeException("While getting Platform Info", e);
- }
- }
-
- public SystemInfo system() {
- try {
- return MAPPER.treeToValue(info().get("system"), SystemInfo.class);
- } catch (IOException e) {
- throw new RuntimeException("While getting System Info", e);
- }
- }
-
- public NumbersInfo numbers() {
- try {
- return MAPPER.treeToValue(info().get("numbers"),
NumbersInfo.class);
- } catch (IOException e) {
- throw new RuntimeException("While getting Numbers Info", e);
- }
- }
-
/**
* Gives the base address for REST calls.
*
diff --git
a/client/idrepo/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java
b/client/idrepo/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java
index ab5abac336..e8d67f34d4 100644
---
a/client/idrepo/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java
+++
b/client/idrepo/lib/src/main/java/org/apache/syncope/client/lib/SyncopeClientFactoryBean.java
@@ -234,15 +234,6 @@ public class SyncopeClientFactoryBean {
return this;
}
- /**
- * Builds client instance with no authentication, for user
self-registration and password reset.
- *
- * @return client instance with no authentication
- */
- public SyncopeClient create() {
- return create(new NoAuthenticationHandler());
- }
-
/**
* Builds client instance with the given credentials.
* Such credentials will be used only to obtain a valid JWT in the
@@ -283,4 +274,21 @@ public class SyncopeClientFactoryBean {
useCompression,
tlsClientParameters);
}
+
+ /**
+ * Builds client instance with the given anonymous credentials.
+ *
+ * @param username username
+ * @param password password
+ * @return client instance with the given credentials
+ */
+ public SyncopeAnonymousClient createAnonymous(final String username, final
String password) {
+ return new SyncopeAnonymousClient(
+ getContentType().getMediaType(),
+ getRestClientFactoryBean(),
+ getExceptionMapper(),
+ new AnonymousAuthenticationHandler(username, password),
+ useCompression,
+ tlsClientParameters);
+ }
}
diff --git
a/client/idrepo/lib/src/test/java/org/apache/syncope/client/lib/ConcurrencyTest.java
b/client/idrepo/lib/src/test/java/org/apache/syncope/client/lib/ConcurrencyTest.java
index ebf8e6f980..2ea7b08231 100644
---
a/client/idrepo/lib/src/test/java/org/apache/syncope/client/lib/ConcurrencyTest.java
+++
b/client/idrepo/lib/src/test/java/org/apache/syncope/client/lib/ConcurrencyTest.java
@@ -32,7 +32,9 @@ public class ConcurrencyTest {
private static final int THREAD_NUMBER = 1000;
- private static final SyncopeClient CLIENT = new
SyncopeClientFactoryBean().setAddress("http://url";).create();
+ private static final SyncopeClient CLIENT = new SyncopeClientFactoryBean().
+ setAddress("http://url";).create(new AuthenticationHandler() {
+ });
@Test
public void multiThreadTest() throws InterruptedException {
diff --git
a/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/SecurityQuestionLogic.java
b/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/SecurityQuestionLogic.java
index cf1c20bf8f..ca4ec681e7 100644
---
a/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/SecurityQuestionLogic.java
+++
b/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/SecurityQuestionLogic.java
@@ -104,7 +104,7 @@ public class SecurityQuestionLogic extends
AbstractTransactionalLogic<SecurityQu
return deleted;
}
- @PreAuthorize("isAnonymous() or hasRole('" + IdRepoEntitlement.ANONYMOUS +
"')")
+ @PreAuthorize("hasRole('" + IdRepoEntitlement.ANONYMOUS + "')")
public SecurityQuestionTO readByUser(final String username) {
if (username == null) {
throw new NotFoundException("Null username");
diff --git
a/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java
b/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java
index 2d02fc9fbc..dba15799b8 100644
---
a/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java
+++
b/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java
@@ -187,7 +187,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO,
UserCR, UserUR> {
return Pair.of(count, result);
}
- @PreAuthorize("isAnonymous() or hasRole('" + IdRepoEntitlement.ANONYMOUS +
"')")
+ @PreAuthorize("hasRole('" + IdRepoEntitlement.ANONYMOUS + "')")
public ProvisioningResult<UserTO> selfCreate(final UserCR createReq, final
boolean nullPriorityAsync) {
return doCreate(createReq, true, nullPriorityAsync);
}
@@ -378,7 +378,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO,
UserCR, UserUR> {
return result;
}
- @PreAuthorize("isAnonymous() or hasRole('" + IdRepoEntitlement.ANONYMOUS +
"')")
+ @PreAuthorize("hasRole('" + IdRepoEntitlement.ANONYMOUS + "')")
@Transactional(readOnly = true)
public void compliance(final ComplianceQuery query) {
SyncopeClientException sce =
SyncopeClientException.build(ClientExceptionType.RESTValidation);
@@ -429,7 +429,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO,
UserCR, UserUR> {
}
}
- @PreAuthorize("isAnonymous() or hasRole('" + IdRepoEntitlement.ANONYMOUS +
"')")
+ @PreAuthorize("hasRole('" + IdRepoEntitlement.ANONYMOUS + "')")
@Transactional
public void requestPasswordReset(final String username, final String
securityAnswer) {
User user = Optional.ofNullable(userDAO.findByUsername(username)).
@@ -445,7 +445,7 @@ public class UserLogic extends AbstractAnyLogic<UserTO,
UserCR, UserUR> {
provisioningManager.requestPasswordReset(user.getKey(),
AuthContextUtils.getUsername(), REST_CONTEXT);
}
- @PreAuthorize("isAnonymous() or hasRole('" + IdRepoEntitlement.ANONYMOUS +
"')")
+ @PreAuthorize("hasRole('" + IdRepoEntitlement.ANONYMOUS + "')")
@Transactional
public void confirmPasswordReset(final String token, final String
password) {
User user = Optional.ofNullable(userDAO.findByToken(token)).
diff --git
a/core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/CheckDomainFilter.java
b/core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/CheckDomainFilter.java
deleted file mode 100644
index 17a13361d9..0000000000
---
a/core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/CheckDomainFilter.java
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.syncope.core.rest.cxf;
-
-import java.io.IOException;
-import javax.ws.rs.container.ContainerRequestContext;
-import javax.ws.rs.container.ContainerRequestFilter;
-import javax.ws.rs.container.PreMatching;
-import javax.ws.rs.core.HttpHeaders;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.ext.Provider;
-import org.apache.syncope.common.lib.SyncopeConstants;
-import org.apache.syncope.common.lib.to.ErrorTO;
-import org.apache.syncope.common.lib.types.ClientExceptionType;
-import org.apache.syncope.common.rest.api.RESTHeaders;
-import org.apache.syncope.core.persistence.api.DomainHolder;
-
-/**
- * Checks that requested Domain exists.
- */
-@Provider
-@PreMatching
-public class CheckDomainFilter implements ContainerRequestFilter {
-
- protected final DomainHolder domainHolder;
-
- public CheckDomainFilter(final DomainHolder domainHolder) {
- this.domainHolder = domainHolder;
- }
-
- @Override
- public void filter(final ContainerRequestContext reqContext) throws
IOException {
- String domain = reqContext.getHeaderString(RESTHeaders.DOMAIN);
- if (domain != null && !SyncopeConstants.MASTER_DOMAIN.equals(domain)) {
- if (!domainHolder.getDomains().containsKey(domain)) {
- String message = "Domain '" + domain + "' not available";
-
- ErrorTO error = new ErrorTO();
- error.setStatus(Response.Status.NOT_FOUND.getStatusCode());
- error.setType(ClientExceptionType.NotFound);
- error.getElements().add(message);
-
-
reqContext.abortWith(Response.status(Response.Status.NOT_FOUND).
- entity(error).
- header(HttpHeaders.CONTENT_TYPE,
- reqContext.getAcceptableMediaTypes().isEmpty()
- ? MediaType.APPLICATION_JSON
- :
reqContext.getAcceptableMediaTypes().get(0).toString()).
- header(RESTHeaders.ERROR_CODE,
- ClientExceptionType.NotFound.name()).
- header(RESTHeaders.ERROR_INFO,
-
ClientExceptionType.NotFound.getInfoHeaderValue(message)).
- build());
- }
- }
- }
-}
diff --git
a/core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/IdRepoRESTCXFContext.java
b/core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/IdRepoRESTCXFContext.java
index 97f8509af2..41d1007885 100644
---
a/core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/IdRepoRESTCXFContext.java
+++
b/core/idrepo/rest-cxf/src/main/java/org/apache/syncope/core/rest/cxf/IdRepoRESTCXFContext.java
@@ -236,12 +236,6 @@ public class IdRepoRESTCXFContext {
return new SearchContextProvider();
}
- @ConditionalOnMissingBean
- @Bean
- public CheckDomainFilter checkDomainFilter(final DomainHolder
domainHolder) {
- return new CheckDomainFilter(domainHolder);
- }
-
@ConditionalOnMissingBean
@Bean
public AddDomainFilter addDomainFilter() {
@@ -328,7 +322,6 @@ public class IdRepoRESTCXFContext {
final GZIPOutInterceptor gzipOutInterceptor,
final ThreadLocalCleanupOutInterceptor
threadLocalCleanupOutInterceptor,
final OpenApiFeature openapiFeature,
- final CheckDomainFilter checkDomainFilter,
final RestServiceExceptionMapper restServiceExceptionMapper,
final Bus bus,
final ApplicationContext ctx) {
@@ -353,7 +346,6 @@ public class IdRepoRESTCXFContext {
yamlProvider,
restServiceExceptionMapper,
searchContextProvider,
- checkDomainFilter,
addDomainFilter,
addETagFilter));
diff --git
a/core/self-keymaster-starter/src/main/java/org/apache/syncope/core/logic/ConfParamLogic.java
b/core/self-keymaster-starter/src/main/java/org/apache/syncope/core/logic/ConfParamLogic.java
index 5ff8f346e5..3a08906af7 100644
---
a/core/self-keymaster-starter/src/main/java/org/apache/syncope/core/logic/ConfParamLogic.java
+++
b/core/self-keymaster-starter/src/main/java/org/apache/syncope/core/logic/ConfParamLogic.java
@@ -46,7 +46,7 @@ public class ConfParamLogic extends
AbstractTransactionalLogic<EntityTO> {
this.entityFactory = entityFactory;
}
- @PreAuthorize("@environment.getProperty('keymaster.username') ==
authentication.name and not(isAnonymous())")
+ @PreAuthorize("@environment.getProperty('keymaster.username') ==
authentication.name")
@Transactional(readOnly = true)
public Map<String, Object> list() {
Map<String, Object> params = new TreeMap<>();
@@ -60,7 +60,7 @@ public class ConfParamLogic extends
AbstractTransactionalLogic<EntityTO> {
return params;
}
- @PreAuthorize("@environment.getProperty('keymaster.username') ==
authentication.name and not(isAnonymous())")
+ @PreAuthorize("@environment.getProperty('keymaster.username') ==
authentication.name")
@Transactional(readOnly = true)
public JsonNode get(final String key) {
ConfParam param = confParamDAO.find(key);
@@ -68,7 +68,7 @@ public class ConfParamLogic extends
AbstractTransactionalLogic<EntityTO> {
return
Optional.ofNullable(param).map(ConfParam::getValue).orElse(null);
}
- @PreAuthorize("@environment.getProperty('keymaster.username') ==
authentication.name and not(isAnonymous())")
+ @PreAuthorize("@environment.getProperty('keymaster.username') ==
authentication.name")
public void set(final String key, final JsonNode value) {
ConfParam param = confParamDAO.find(key);
if (param == null) {
@@ -84,7 +84,7 @@ public class ConfParamLogic extends
AbstractTransactionalLogic<EntityTO> {
confParamDAO.save(param);
}
- @PreAuthorize("@environment.getProperty('keymaster.username') ==
authentication.name and not(isAnonymous())")
+ @PreAuthorize("@environment.getProperty('keymaster.username') ==
authentication.name")
public void remove(final String key) {
confParamDAO.delete(key);
}
diff --git
a/core/self-keymaster-starter/src/main/java/org/apache/syncope/core/logic/DomainLogic.java
b/core/self-keymaster-starter/src/main/java/org/apache/syncope/core/logic/DomainLogic.java
index f30b8d75e1..764d591c0b 100644
---
a/core/self-keymaster-starter/src/main/java/org/apache/syncope/core/logic/DomainLogic.java
+++
b/core/self-keymaster-starter/src/main/java/org/apache/syncope/core/logic/DomainLogic.java
@@ -53,12 +53,12 @@ public class DomainLogic extends
AbstractTransactionalLogic<EntityTO> {
this.domainWatcher = domainWatcher;
}
- @PreAuthorize("@environment.getProperty('keymaster.username') ==
authentication.name and not(isAnonymous())")
+ @PreAuthorize("@environment.getProperty('keymaster.username') ==
authentication.name")
public List<Domain> list() {
return
domainDAO.findAll().stream().map(DomainEntity::get).collect(Collectors.toList());
}
- @PreAuthorize("@environment.getProperty('keymaster.username') ==
authentication.name and not(isAnonymous())")
+ @PreAuthorize("@environment.getProperty('keymaster.username') ==
authentication.name")
public Domain read(final String key) {
DomainEntity domain = domainDAO.find(key);
if (domain == null) {
@@ -68,7 +68,7 @@ public class DomainLogic extends
AbstractTransactionalLogic<EntityTO> {
return domain.get();
}
- @PreAuthorize("@environment.getProperty('keymaster.username') ==
authentication.name and not(isAnonymous())")
+ @PreAuthorize("@environment.getProperty('keymaster.username') ==
authentication.name")
public Domain create(final Domain domain) {
if (Objects.equals(domain.getKey(), SyncopeConstants.MASTER_DOMAIN)) {
throw new KeymasterException("Cannot create domain " +
SyncopeConstants.MASTER_DOMAIN);
@@ -88,7 +88,7 @@ public class DomainLogic extends
AbstractTransactionalLogic<EntityTO> {
return domainEntity.get();
}
- @PreAuthorize("@environment.getProperty('keymaster.username') ==
authentication.name and not(isAnonymous())")
+ @PreAuthorize("@environment.getProperty('keymaster.username') ==
authentication.name")
public void changeAdminPassword(final String key, final String password,
final CipherAlgorithm cipherAlgorithm) {
DomainEntity domain = domainDAO.find(key);
if (domain == null) {
@@ -102,7 +102,7 @@ public class DomainLogic extends
AbstractTransactionalLogic<EntityTO> {
domainDAO.save(domain);
}
- @PreAuthorize("@environment.getProperty('keymaster.username') ==
authentication.name and not(isAnonymous())")
+ @PreAuthorize("@environment.getProperty('keymaster.username') ==
authentication.name")
public void adjustPoolSize(final String key, final int poolMaxActive,
final int poolMinIdle) {
DomainEntity domain = domainDAO.find(key);
if (domain == null) {
@@ -116,7 +116,7 @@ public class DomainLogic extends
AbstractTransactionalLogic<EntityTO> {
domainDAO.save(domain);
}
- @PreAuthorize("@environment.getProperty('keymaster.username') ==
authentication.name and not(isAnonymous())")
+ @PreAuthorize("@environment.getProperty('keymaster.username') ==
authentication.name")
public void delete(final String key) {
domainDAO.delete(key);
diff --git
a/core/self-keymaster-starter/src/main/java/org/apache/syncope/core/logic/NetworkServiceLogic.java
b/core/self-keymaster-starter/src/main/java/org/apache/syncope/core/logic/NetworkServiceLogic.java
index 0391de8582..15a0d1443a 100644
---
a/core/self-keymaster-starter/src/main/java/org/apache/syncope/core/logic/NetworkServiceLogic.java
+++
b/core/self-keymaster-starter/src/main/java/org/apache/syncope/core/logic/NetworkServiceLogic.java
@@ -52,14 +52,14 @@ public class NetworkServiceLogic extends
AbstractTransactionalLogic<EntityTO> {
return ns;
}
- @PreAuthorize("@environment.getProperty('keymaster.username') ==
authentication.name and not(isAnonymous())")
+ @PreAuthorize("@environment.getProperty('keymaster.username') ==
authentication.name")
@Transactional(readOnly = true)
public List<NetworkService> list(final NetworkService.Type serviceType) {
return serviceDAO.findAll(serviceType).stream().
map(service -> toNetworkService(serviceType,
service)).collect(Collectors.toList());
}
- @PreAuthorize("@environment.getProperty('keymaster.username') ==
authentication.name and not(isAnonymous())")
+ @PreAuthorize("@environment.getProperty('keymaster.username') ==
authentication.name")
@Transactional(readOnly = true)
public NetworkService get(final NetworkService.Type serviceType) {
List<NetworkService> list = list(serviceType);
@@ -72,7 +72,7 @@ public class NetworkServiceLogic extends
AbstractTransactionalLogic<EntityTO> {
: list.get(RandomUtils.nextInt(0, list.size()));
}
- @PreAuthorize("@environment.getProperty('keymaster.username') ==
authentication.name and not(isAnonymous())")
+ @PreAuthorize("@environment.getProperty('keymaster.username') ==
authentication.name")
public void register(final NetworkService networkService) {
unregister(networkService);
@@ -82,7 +82,7 @@ public class NetworkServiceLogic extends
AbstractTransactionalLogic<EntityTO> {
serviceDAO.save(service);
}
- @PreAuthorize("@environment.getProperty('keymaster.username') ==
authentication.name and not(isAnonymous())")
+ @PreAuthorize("@environment.getProperty('keymaster.username') ==
authentication.name")
public void unregister(final NetworkService networkService) {
serviceDAO.findAll(networkService.getType()).stream().
filter(service ->
service.getAddress().equals(networkService.getAddress())).
diff --git
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/WebSecurityContext.java
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/WebSecurityContext.java
index bd4b4fe7b7..42911045bc 100644
---
a/core/spring/src/main/java/org/apache/syncope/core/spring/security/WebSecurityContext.java
+++
b/core/spring/src/main/java/org/apache/syncope/core/spring/security/WebSecurityContext.java
@@ -20,6 +20,7 @@ package org.apache.syncope.core.spring.security;
import org.apache.syncope.common.keymaster.client.api.ConfParamOps;
import org.apache.syncope.common.keymaster.client.api.DomainOps;
+import org.apache.syncope.common.lib.types.IdRepoEntitlement;
import org.apache.syncope.core.persistence.api.dao.AccessTokenDAO;
import org.apache.syncope.core.persistence.api.dao.AnySearchDAO;
import org.apache.syncope.core.persistence.api.dao.DelegationDAO;
@@ -33,10 +34,8 @@ import
org.apache.syncope.core.provisioning.api.ImplementationLookup;
import org.apache.syncope.core.provisioning.api.MappingManager;
import org.apache.syncope.core.provisioning.api.UserProvisioningManager;
import
org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
-import
org.springframework.security.authentication.AnonymousAuthenticationProvider;
import org.springframework.security.authentication.AuthenticationManager;
import
org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import
org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
@@ -44,12 +43,10 @@ import
org.springframework.security.config.annotation.web.builders.HttpSecurity;
import
org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import
org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.AccessDeniedHandler;
import
org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
-import
org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
import
org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.context.NullSecurityContextRepository;
import org.springframework.security.web.firewall.DefaultHttpFirewall;
@@ -60,8 +57,6 @@ import org.springframework.security.web.firewall.HttpFirewall;
@Configuration(proxyBeanMethods = false)
public class WebSecurityContext {
- private static final String ANONYMOUS_BEAN_KEY = "doesNotMatter";
-
public WebSecurityContext() {
SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_INHERITABLETHREADLOCAL);
}
@@ -84,7 +79,8 @@ public class WebSecurityContext {
final UsernamePasswordAuthenticationProvider
usernamePasswordAuthenticationProvider,
final JWTAuthenticationProvider jwtAuthenticationProvider,
final SecurityProperties securityProperties,
- final ApplicationContext ctx) throws Exception {
+ final AuthDataAccessor authDataAccessor,
+ final DefaultCredentialChecker defaultCredentialChecker) throws
Exception {
AuthenticationManager authenticationManager =
http.getSharedObject(AuthenticationManagerBuilder.class).
authenticationProvider(usernamePasswordAuthenticationProvider).
@@ -94,15 +90,6 @@ public class WebSecurityContext {
SyncopeAuthenticationDetailsSource authenticationDetailsSource =
new SyncopeAuthenticationDetailsSource();
- AnonymousAuthenticationProvider anonymousAuthenticationProvider =
- new AnonymousAuthenticationProvider(ANONYMOUS_BEAN_KEY);
- AnonymousAuthenticationFilter anonymousAuthenticationFilter =
- new AnonymousAuthenticationFilter(
- ANONYMOUS_BEAN_KEY,
- securityProperties.getAnonymousUser(),
- AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
-
anonymousAuthenticationFilter.setAuthenticationDetailsSource(authenticationDetailsSource);
-
SyncopeBasicAuthenticationEntryPoint basicAuthenticationEntryPoint =
new SyncopeBasicAuthenticationEntryPoint();
basicAuthenticationEntryPoint.setRealmName("Apache Syncope
authentication");
@@ -111,19 +98,17 @@ public class WebSecurityContext {
authenticationManager,
basicAuthenticationEntryPoint,
authenticationDetailsSource,
- ctx.getBean(AuthDataAccessor.class),
- ctx.getBean(DefaultCredentialChecker.class));
+ authDataAccessor,
+ defaultCredentialChecker);
MustChangePasswordFilter mustChangePasswordFilter = new
MustChangePasswordFilter();
http.authenticationManager(authenticationManager).
authorizeRequests().
+
antMatchers("/actuator/**").hasRole(IdRepoEntitlement.ANONYMOUS).
antMatchers("/**").permitAll().and().
sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().
securityContext().securityContextRepository(new
NullSecurityContextRepository()).and().
- anonymous().
- authenticationProvider(anonymousAuthenticationProvider).
- authenticationFilter(anonymousAuthenticationFilter).and().
httpBasic().authenticationEntryPoint(basicAuthenticationEntryPoint).
authenticationDetailsSource(authenticationDetailsSource).and().
exceptionHandling().accessDeniedHandler(accessDeniedHandler()).and().
diff --git
a/core/starter/src/main/java/org/apache/syncope/core/starter/actuate/DefaultSyncopeCoreInfoContributor.java
b/core/starter/src/main/java/org/apache/syncope/core/starter/actuate/DefaultSyncopeCoreInfoContributor.java
index 54abf4b4b3..5e17374918 100644
---
a/core/starter/src/main/java/org/apache/syncope/core/starter/actuate/DefaultSyncopeCoreInfoContributor.java
+++
b/core/starter/src/main/java/org/apache/syncope/core/starter/actuate/DefaultSyncopeCoreInfoContributor.java
@@ -64,7 +64,6 @@ import org.springframework.boot.actuate.info.Info;
import org.springframework.boot.actuate.info.InfoContributor;
import org.springframework.context.PayloadApplicationEvent;
import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
-import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
public class DefaultSyncopeCoreInfoContributor implements
SyncopeCoreInfoContributor, InfoContributor {
@@ -330,7 +329,6 @@ public class DefaultSyncopeCoreInfoContributor implements
SyncopeCoreInfoContrib
}
}
- @PreAuthorize("isAuthenticated()")
@Transactional(readOnly = true)
@Override
public void contribute(final Info.Builder builder) {
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java
index 4fca6a7f0e..14ebc41dc2 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractITCase.java
@@ -56,7 +56,7 @@ import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.apache.cxf.jaxrs.client.WebClient;
-import org.apache.syncope.client.lib.AnonymousAuthenticationHandler;
+import org.apache.syncope.client.lib.SyncopeAnonymousClient;
import org.apache.syncope.client.lib.SyncopeClient;
import org.apache.syncope.client.lib.SyncopeClientFactoryBean;
import org.apache.syncope.common.keymaster.client.api.ConfParamOps;
@@ -289,7 +289,7 @@ public abstract class AbstractITCase {
protected static SyncopeClient ADMIN_CLIENT;
- protected static SyncopeClient ANONYMOUS_CLIENT;
+ protected static SyncopeAnonymousClient ANONYMOUS_CLIENT;
protected static SyncopeService SYNCOPE_SERVICE;
@@ -394,7 +394,7 @@ public abstract class AbstractITCase {
protected static boolean IS_ELASTICSEARCH_ENABLED = false;
@BeforeAll
- public static void securitySetup() {
+ public static void anonymousSetup() throws IOException {
try (InputStream propStream =
AbstractITCase.class.getResourceAsStream("/core.properties")) {
Properties props = new Properties();
props.load(propStream);
@@ -413,13 +413,27 @@ public abstract class AbstractITCase {
assertNotNull(JWS_KEY);
assertNotNull(JWT_ISSUER);
- ANONYMOUS_CLIENT = CLIENT_FACTORY.create(new
AnonymousAuthenticationHandler(ANONYMOUS_UNAME, ANONYMOUS_KEY));
+ ANONYMOUS_CLIENT = CLIENT_FACTORY.createAnonymous(ANONYMOUS_UNAME,
ANONYMOUS_KEY);
GOOGLE_MFA_AUTH_TOKEN_SERVICE =
ANONYMOUS_CLIENT.getService(GoogleMfaAuthTokenService.class);
GOOGLE_MFA_AUTH_ACCOUNT_SERVICE =
ANONYMOUS_CLIENT.getService(GoogleMfaAuthAccountService.class);
U2F_REGISTRATION_SERVICE =
ANONYMOUS_CLIENT.getService(U2FRegistrationService.class);
WEBAUTHN_REGISTRATION_SERVICE =
ANONYMOUS_CLIENT.getService(WebAuthnRegistrationService.class);
IMPERSONATION_SERVICE =
ANONYMOUS_CLIENT.getService(ImpersonationService.class);
+
+ JsonNode beans = JSON_MAPPER.readTree(
+ (InputStream) WebClient.create(
+ StringUtils.substringBeforeLast(ADDRESS, "/") +
"/actuator/beans",
+ ANONYMOUS_UNAME,
+ ANONYMOUS_KEY,
+ null).
+ accept(MediaType.APPLICATION_JSON).get().getEntity());
+
+ JsonNode uwfAdapter = beans.findValues("uwfAdapter").get(0);
+ IS_FLOWABLE_ENABLED =
uwfAdapter.get("resource").asText().contains("Flowable");
+
+ JsonNode anySearchDAO = beans.findValues("anySearchDAO").get(0);
+ IS_ELASTICSEARCH_ENABLED =
anySearchDAO.get("type").asText().contains("Elasticsearch");
}
@BeforeAll
@@ -480,19 +494,6 @@ public abstract class AbstractITCase {
WA_CONFIG_SERVICE = ADMIN_CLIENT.getService(WAConfigService.class);
}
- @BeforeAll
- public static void actuatorInfoSetup() throws IOException {
- JsonNode beans = JSON_MAPPER.readTree(
- (InputStream)
WebClient.create(StringUtils.substringBeforeLast(ADDRESS, "/") +
"/actuator/beans").
- accept(MediaType.APPLICATION_JSON).get().getEntity());
-
- JsonNode uwfAdapter = beans.findValues("uwfAdapter").get(0);
- IS_FLOWABLE_ENABLED =
uwfAdapter.get("resource").asText().contains("Flowable");
-
- JsonNode anySearchDAO = beans.findValues("anySearchDAO").get(0);
- IS_ELASTICSEARCH_ENABLED =
anySearchDAO.get("type").asText().contains("Elasticsearch");
- }
-
protected static String getUUIDString() {
return UUID.randomUUID().toString().substring(0, 8);
}
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractUIITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractUIITCase.java
index ca5499f791..142ec3e2d2 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractUIITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/AbstractUIITCase.java
@@ -75,9 +75,9 @@ public abstract class AbstractUIITCase {
protected static boolean IS_FLOWABLE_ENABLED = false;
protected static boolean IS_ELASTICSEARCH_ENABLED = false;
-
+
@BeforeAll
- public static void securitySetup() {
+ public static void anonymousSetup() throws IOException {
try (InputStream propStream =
AbstractITCase.class.getResourceAsStream("/core.properties")) {
Properties props = new Properties();
props.load(propStream);
@@ -90,12 +90,13 @@ public abstract class AbstractUIITCase {
assertNotNull(ANONYMOUS_UNAME);
assertNotNull(ANONYMOUS_KEY);
- }
- @BeforeAll
- public static void actuatorInfoSetup() throws IOException {
JsonNode beans = JSON_MAPPER.readTree(
- (InputStream)
WebClient.create(StringUtils.substringBeforeLast(ADDRESS, "/") +
"/actuator/beans").
+ (InputStream) WebClient.create(
+ StringUtils.substringBeforeLast(ADDRESS, "/") +
"/actuator/beans",
+ ANONYMOUS_UNAME,
+ ANONYMOUS_KEY,
+ null).
accept(MediaType.APPLICATION_JSON).get().getEntity());
JsonNode uwfAdapter = beans.findValues("uwfAdapter").get(0);
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/OIDCClientDetector.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/OIDCClientDetector.java
index fbedc4cdeb..b9beac71ca 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/OIDCClientDetector.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/OIDCClientDetector.java
@@ -18,8 +18,6 @@
*/
package org.apache.syncope.fit;
-import org.apache.syncope.client.lib.AnonymousAuthenticationHandler;
-import org.apache.syncope.client.lib.SyncopeClientFactoryBean;
import org.apache.syncope.common.rest.api.service.OIDCC4UIProviderService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -34,12 +32,7 @@ public final class OIDCClientDetector {
synchronized (LOG) {
if (ENABLED == null) {
try {
- new SyncopeClientFactoryBean().
- setAddress(AbstractITCase.ADDRESS).
-
setContentType(SyncopeClientFactoryBean.ContentType.JSON).
- create(new AnonymousAuthenticationHandler(
- AbstractITCase.ANONYMOUS_UNAME,
AbstractITCase.ANONYMOUS_KEY)).
- getService(OIDCC4UIProviderService.class).list();
+
AbstractITCase.ANONYMOUS_CLIENT.getService(OIDCC4UIProviderService.class).list();
ENABLED = true;
} catch (Exception e) {
// ignore
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/AuthenticationITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/AuthenticationITCase.java
index 9432575d6e..79c053abdd 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/AuthenticationITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/AuthenticationITCase.java
@@ -34,7 +34,6 @@ import javax.ws.rs.ForbiddenException;
import javax.ws.rs.core.GenericType;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.tuple.Triple;
-import org.apache.syncope.client.lib.AnonymousAuthenticationHandler;
import org.apache.syncope.client.lib.BasicAuthenticationHandler;
import org.apache.syncope.client.lib.SyncopeClient;
import org.apache.syncope.common.lib.SyncopeClientException;
@@ -91,17 +90,8 @@ public class AuthenticationITCase extends AbstractITCase {
@Test
public void readEntitlements() {
- // 1. as not authenticated (not allowed)
- try {
- CLIENT_FACTORY.create().self();
- fail("This should not happen");
- } catch (AccessControlException e) {
- assertNotNull(e);
- }
-
- // 2. as anonymous
- Triple<Map<String, Set<String>>, List<String>, UserTO> self =
CLIENT_FACTORY.create(
- new AnonymousAuthenticationHandler(ANONYMOUS_UNAME,
ANONYMOUS_KEY)).self();
+ // 1. as anonymous
+ Triple<Map<String, Set<String>>, List<String>, UserTO> self =
ANONYMOUS_CLIENT.self();
assertEquals(1, self.getLeft().size());
assertTrue(self.getLeft().keySet().contains(IdRepoEntitlement.ANONYMOUS));
assertEquals(List.of(), self.getMiddle());
@@ -109,7 +99,7 @@ public class AuthenticationITCase extends AbstractITCase {
// 3. as admin
self = ADMIN_CLIENT.self();
- assertEquals(ADMIN_CLIENT.platform().getEntitlements().size(),
self.getLeft().size());
+ assertEquals(ANONYMOUS_CLIENT.platform().getEntitlements().size(),
self.getLeft().size());
assertFalse(self.getLeft().keySet().contains(IdRepoEntitlement.ANONYMOUS));
assertEquals(List.of(), self.getMiddle());
assertEquals(ADMIN_UNAME, self.getRight().getUsername());
@@ -420,7 +410,7 @@ public class AuthenticationITCase extends AbstractITCase {
String anyTypeKey = "FOLDER " + getUUIDString();
// 1. no entitlement exists (yet) for the any type to be created
- assertFalse(ADMIN_CLIENT.platform().getEntitlements().stream().
+ assertFalse(ANONYMOUS_CLIENT.platform().getEntitlements().stream().
anyMatch(entitlement -> entitlement.contains(anyTypeKey)));
// 2. create plain schema, any type class and any type
@@ -441,7 +431,7 @@ public class AuthenticationITCase extends AbstractITCase {
ANY_TYPE_SERVICE.create(anyTypeTO);
// 2. now entitlement exists for the any type just created
- assertTrue(ADMIN_CLIENT.platform().getEntitlements().stream().
+ assertTrue(ANONYMOUS_CLIENT.platform().getEntitlements().stream().
anyMatch(entitlement -> entitlement.contains(anyTypeKey)));
// 3. attempt to create an instance of the type above: fail because no
entitlement was assigned
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/ExceptionMapperITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/ExceptionMapperITCase.java
index a7ef5e8ac4..2a7d79c519 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/ExceptionMapperITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/ExceptionMapperITCase.java
@@ -183,7 +183,7 @@ public class ExceptionMapperITCase extends AbstractITCase {
}
try {
- CLIENT_FACTORY.create(ANONYMOUS_UNAME,
ANONYMOUS_KEY).getService(AccessTokenService.class).login();
+ ANONYMOUS_CLIENT.getService(AccessTokenService.class).login();
fail("This should not happen");
} catch (SyncopeClientException e) {
assertEquals(ClientExceptionType.InvalidRequest, e.getType());
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java
index e7d28cb76e..79b2a275af 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/GroupITCase.java
@@ -30,7 +30,6 @@ import static org.junit.jupiter.api.Assertions.fail;
import static org.junit.jupiter.api.Assumptions.assumeFalse;
import java.io.IOException;
-import java.security.AccessControlException;
import java.util.List;
import java.util.Map;
import java.util.Optional;
@@ -46,7 +45,6 @@ import javax.ws.rs.ForbiddenException;
import javax.ws.rs.core.GenericType;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.SerializationUtils;
-import org.apache.syncope.client.lib.AnonymousAuthenticationHandler;
import org.apache.syncope.client.lib.SyncopeClient;
import org.apache.syncope.common.lib.AnyOperations;
import org.apache.syncope.common.lib.Attr;
@@ -663,25 +661,15 @@ public class GroupITCase extends AbstractITCase {
@Test
public void anonymous() {
- GroupService unauthenticated =
CLIENT_FACTORY.create().getService(GroupService.class);
try {
- unauthenticated.search(new
AnyQuery.Builder().realm("/even").build());
- fail("This should not happen");
- } catch (AccessControlException e) {
- assertNotNull(e);
- }
-
- SyncopeClient anonymous = CLIENT_FACTORY.create(
- new AnonymousAuthenticationHandler(ANONYMOUS_UNAME,
ANONYMOUS_KEY));
- try {
- anonymous.getService(GroupService.class).
+ ANONYMOUS_CLIENT.getService(GroupService.class).
search(new AnyQuery.Builder().realm("/even").build());
fail("This should not happen");
} catch (ForbiddenException e) {
assertNotNull(e);
}
- assertFalse(anonymous.getService(SyncopeService.class).
+ assertFalse(ANONYMOUS_CLIENT.getService(SyncopeService.class).
searchAssignableGroups("/even", null, 1,
100).getResult().isEmpty());
}
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/MultitenancyITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/MultitenancyITCase.java
index a8c729c702..af05e5e274 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/MultitenancyITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/MultitenancyITCase.java
@@ -25,6 +25,7 @@ import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.fail;
import static org.junit.jupiter.api.Assumptions.assumeTrue;
+import java.security.AccessControlException;
import java.util.List;
import java.util.Locale;
import javax.ws.rs.core.GenericType;
@@ -33,7 +34,6 @@ import org.apache.commons.lang3.StringUtils;
import org.apache.syncope.client.lib.SyncopeClient;
import org.apache.syncope.client.lib.SyncopeClientFactoryBean;
import org.apache.syncope.common.keymaster.client.api.model.Domain;
-import org.apache.syncope.common.lib.SyncopeClientException;
import org.apache.syncope.common.lib.SyncopeConstants;
import org.apache.syncope.common.lib.request.UserCR;
import org.apache.syncope.common.lib.to.ConnInstanceTO;
@@ -49,7 +49,6 @@ import org.apache.syncope.common.lib.to.RealmTO;
import org.apache.syncope.common.lib.to.ResourceTO;
import org.apache.syncope.common.lib.to.UserTO;
import org.apache.syncope.common.lib.types.AnyTypeKind;
-import org.apache.syncope.common.lib.types.ClientExceptionType;
import org.apache.syncope.common.lib.types.ExecStatus;
import org.apache.syncope.common.lib.types.MappingPurpose;
import org.apache.syncope.common.lib.types.MatchingRule;
@@ -248,13 +247,13 @@ public class MultitenancyITCase extends AbstractITCase {
@Test
public void issueSYNCOPE1377() {
try {
- new
SyncopeClientFactoryBean().setAddress(ADDRESS).setDomain("NotExisting").create().
+ new
SyncopeClientFactoryBean().setAddress(ADDRESS).setDomain("NotExisting").
+ create(ADMIN_UNAME, ADMIN_PWD).
getService(UserSelfService.class).
create(UserITCase.getUniqueSample("[email protected]"));
fail("This should not happen");
- } catch (SyncopeClientException e) {
- assertEquals(ClientExceptionType.NotFound, e.getType());
- assertTrue(e.getMessage().contains("NotExisting"));
+ } catch (AccessControlException e) {
+ assertTrue(e.getMessage().contains("Could not find domain
NotExisting"));
}
}
}
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/OIDCJWKSITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/OIDCJWKSITCase.java
index 39af643ccc..1f5bc32ebe 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/OIDCJWKSITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/OIDCJWKSITCase.java
@@ -23,8 +23,6 @@ import static org.junit.jupiter.api.Assertions.fail;
import static org.junit.jupiter.api.Assumptions.assumeTrue;
import javax.ws.rs.core.Response;
-import org.apache.syncope.client.lib.AnonymousAuthenticationHandler;
-import org.apache.syncope.client.lib.SyncopeClient;
import org.apache.syncope.client.lib.SyncopeClientFactoryBean;
import org.apache.syncope.common.lib.SyncopeClientException;
import org.apache.syncope.common.lib.types.ClientExceptionType;
@@ -42,9 +40,7 @@ public class OIDCJWKSITCase extends AbstractITCase {
public static void setup() {
assumeTrue(CLIENT_FACTORY.getContentType() ==
SyncopeClientFactoryBean.ContentType.JSON);
- SyncopeClient anonymous = CLIENT_FACTORY.create(
- new AnonymousAuthenticationHandler(ANONYMOUS_UNAME,
ANONYMOUS_KEY));
- WA_OIDC_JWKS_SERVICE = anonymous.getService(OIDCJWKSService.class);
+ WA_OIDC_JWKS_SERVICE =
ANONYMOUS_CLIENT.getService(OIDCJWKSService.class);
}
@Test
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/PolicyITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/PolicyITCase.java
index 418c933caf..c3375a112b 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/PolicyITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/PolicyITCase.java
@@ -407,7 +407,7 @@ public class PolicyITCase extends AbstractITCase {
@Test
public void getPullCorrelationRuleJavaClasses() {
- Set<String> classes = ADMIN_CLIENT.platform().
+ Set<String> classes = ANONYMOUS_CLIENT.platform().
getJavaImplInfo(IdMImplementationType.PULL_CORRELATION_RULE).get().getClasses();
assertEquals(1, classes.size());
assertEquals(DummyPullCorrelationRule.class.getName(),
classes.iterator().next());
@@ -415,7 +415,7 @@ public class PolicyITCase extends AbstractITCase {
@Test
public void getPushCorrelationRuleJavaClasses() {
- Set<String> classes = ADMIN_CLIENT.platform().
+ Set<String> classes = ANONYMOUS_CLIENT.platform().
getJavaImplInfo(IdMImplementationType.PUSH_CORRELATION_RULE).get().getClasses();
assertEquals(1, classes.size());
assertEquals(DummyPushCorrelationRule.class.getName(),
classes.iterator().next());
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/PullTaskITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/PullTaskITCase.java
index b3b8df87cc..aa02d088e9 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/PullTaskITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/PullTaskITCase.java
@@ -184,7 +184,7 @@ public class PullTaskITCase extends AbstractTaskITCase {
@Test
public void getPullActionsClasses() {
- Set<String> actions = ADMIN_CLIENT.platform().
+ Set<String> actions = ANONYMOUS_CLIENT.platform().
getJavaImplInfo(IdMImplementationType.PULL_ACTIONS).get().getClasses();
assertNotNull(actions);
assertFalse(actions.isEmpty());
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/PushTaskITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/PushTaskITCase.java
index 7911780061..9e686ca3f6 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/PushTaskITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/PushTaskITCase.java
@@ -70,7 +70,7 @@ public class PushTaskITCase extends AbstractTaskITCase {
@Test
public void getPushActionsClasses() {
- Set<String> actions = ADMIN_CLIENT.platform().
+ Set<String> actions = ANONYMOUS_CLIENT.platform().
getJavaImplInfo(IdMImplementationType.PUSH_ACTIONS).get().getClasses();
assertNotNull(actions);
}
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/ReportITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/ReportITCase.java
index cdd4e6420b..4a726321a5 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/ReportITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/ReportITCase.java
@@ -75,7 +75,7 @@ public class ReportITCase extends AbstractITCase {
@Test
public void getReportDelegates() {
- Set<String> reportDelegates = ADMIN_CLIENT.platform().
+ Set<String> reportDelegates = ANONYMOUS_CLIENT.platform().
getJavaImplInfo(IdRepoImplementationType.REPORT_DELEGATE).get().getClasses();
assertNotNull(reportDelegates);
assertFalse(reportDelegates.isEmpty());
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/ResourceITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/ResourceITCase.java
index 9cf43483ee..dda42c542f 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/ResourceITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/ResourceITCase.java
@@ -94,7 +94,7 @@ public class ResourceITCase extends AbstractITCase {
@Test
public void getPropagationActionsClasses() {
- Set<String> actions = ADMIN_CLIENT.platform().
+ Set<String> actions = ANONYMOUS_CLIENT.platform().
getJavaImplInfo(IdMImplementationType.PROPAGATION_ACTIONS).get().getClasses();
assertNotNull(actions);
assertFalse(actions.isEmpty());
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2IdPEntityITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2IdPEntityITCase.java
index f61197cd0d..8d56f15e7e 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2IdPEntityITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2IdPEntityITCase.java
@@ -24,8 +24,6 @@ import static org.junit.jupiter.api.Assumptions.assumeTrue;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
-import org.apache.syncope.client.lib.AnonymousAuthenticationHandler;
-import org.apache.syncope.client.lib.SyncopeClient;
import org.apache.syncope.client.lib.SyncopeClientFactoryBean;
import org.apache.syncope.common.lib.SyncopeClientException;
import org.apache.syncope.common.lib.to.SAML2IdPEntityTO;
@@ -42,9 +40,7 @@ public class SAML2IdPEntityITCase extends AbstractITCase {
public static void setup() {
assumeTrue(CLIENT_FACTORY.getContentType() ==
SyncopeClientFactoryBean.ContentType.JSON);
- SyncopeClient anonymous = CLIENT_FACTORY.create(
- new AnonymousAuthenticationHandler(ANONYMOUS_UNAME,
ANONYMOUS_KEY));
- WA_SAML2IDP_ENTITY_SERVICE =
anonymous.getService(SAML2IdPEntityService.class);
+ WA_SAML2IDP_ENTITY_SERVICE =
ANONYMOUS_CLIENT.getService(SAML2IdPEntityService.class);
}
private static SAML2IdPEntityTO set() {
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2SPEntityITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2SPEntityITCase.java
index daa41babfb..26fd91ba8c 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2SPEntityITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2SPEntityITCase.java
@@ -24,8 +24,6 @@ import static org.junit.jupiter.api.Assumptions.assumeTrue;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
-import org.apache.syncope.client.lib.AnonymousAuthenticationHandler;
-import org.apache.syncope.client.lib.SyncopeClient;
import org.apache.syncope.client.lib.SyncopeClientFactoryBean;
import org.apache.syncope.common.lib.SyncopeClientException;
import org.apache.syncope.common.lib.to.SAML2SPEntityTO;
@@ -44,9 +42,7 @@ public class SAML2SPEntityITCase extends AbstractITCase {
public static void setup() {
assumeTrue(CLIENT_FACTORY.getContentType() ==
SyncopeClientFactoryBean.ContentType.JSON);
- SyncopeClient anonymous = CLIENT_FACTORY.create(
- new AnonymousAuthenticationHandler(ANONYMOUS_UNAME,
ANONYMOUS_KEY));
- WA_SAML2SP_ENTITY_SERVICE =
anonymous.getService(SAML2SPEntityService.class);
+ WA_SAML2SP_ENTITY_SERVICE =
ANONYMOUS_CLIENT.getService(SAML2SPEntityService.class);
}
private static SAML2SPEntityTO set() {
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SchedTaskITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SchedTaskITCase.java
index 8ed3ff73e4..8c92cc16e9 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SchedTaskITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SchedTaskITCase.java
@@ -55,7 +55,7 @@ public class SchedTaskITCase extends AbstractTaskITCase {
@Test
public void getJobClasses() {
- Set<String> jobClasses = ADMIN_CLIENT.platform().
+ Set<String> jobClasses = ANONYMOUS_CLIENT.platform().
getJavaImplInfo(IdRepoImplementationType.TASKJOB_DELEGATE).get().getClasses();
assertNotNull(jobClasses);
assertFalse(jobClasses.isEmpty());
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserSelfITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserSelfITCase.java
index 031df76845..9e9352fcb5 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserSelfITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserSelfITCase.java
@@ -71,7 +71,7 @@ public class UserSelfITCase extends AbstractITCase {
@Test
public void selfRegistrationAllowed() {
- assertTrue(ADMIN_CLIENT.platform().isSelfRegAllowed());
+ assertTrue(ANONYMOUS_CLIENT.platform().isSelfRegAllowed());
}
@Test
@@ -87,8 +87,7 @@ public class UserSelfITCase extends AbstractITCase {
}
// 2. self-registration as anonymous: works
- SyncopeClient anonClient = CLIENT_FACTORY.create();
- UserTO self = anonClient.getService(UserSelfService.class).
+ UserTO self = ANONYMOUS_CLIENT.getService(UserSelfService.class).
create(UserITCase.getUniqueSample("[email protected]")).
readEntity(new GenericType<ProvisioningResult<UserTO>>() {
}).getEntity();
@@ -106,8 +105,7 @@ public class UserSelfITCase extends AbstractITCase {
new
MembershipTO.Builder("29f96485-729e-4d31-88a1-6fc60e4677f3").build());
userCR.getResources().add(RESOURCE_NAME_TESTDB);
- SyncopeClient anonClient = CLIENT_FACTORY.create();
- UserTO userTO = anonClient.getService(UserSelfService.class).
+ UserTO userTO = ANONYMOUS_CLIENT.getService(UserSelfService.class).
create(userCR).
readEntity(new GenericType<ProvisioningResult<UserTO>>() {
}).getEntity();
@@ -144,8 +142,7 @@ public class UserSelfITCase extends AbstractITCase {
userCR.getMemberships().add(
new
MembershipTO.Builder("29f96485-729e-4d31-88a1-6fc60e4677f3").build());
userCR.getResources().add(RESOURCE_NAME_TESTDB);
- SyncopeClient anonClient = CLIENT_FACTORY.create();
- UserTO userTO = anonClient.getService(UserSelfService.class).
+ UserTO userTO = ANONYMOUS_CLIENT.getService(UserSelfService.class).
create(userCR).
readEntity(new GenericType<ProvisioningResult<UserTO>>() {
}).getEntity();
@@ -329,14 +326,13 @@ public class UserSelfITCase extends AbstractITCase {
assertNotNull(read);
// 3. request password reset (as anonymous) providing the expected
security answer
- SyncopeClient anonClient = CLIENT_FACTORY.create();
try {
-
anonClient.getService(UserSelfService.class).requestPasswordReset(user.getUsername(),
"WRONG");
+
ANONYMOUS_CLIENT.getService(UserSelfService.class).requestPasswordReset(user.getUsername(),
"WRONG");
fail("This should not happen");
} catch (SyncopeClientException e) {
assertEquals(ClientExceptionType.InvalidSecurityAnswer,
e.getType());
}
-
anonClient.getService(UserSelfService.class).requestPasswordReset(user.getUsername(),
"Rossi");
+
ANONYMOUS_CLIENT.getService(UserSelfService.class).requestPasswordReset(user.getUsername(),
"Rossi");
if (IS_ELASTICSEARCH_ENABLED) {
try {
@@ -353,13 +349,13 @@ public class UserSelfITCase extends AbstractITCase {
// 5. confirm password reset
try {
-
anonClient.getService(UserSelfService.class).confirmPasswordReset("WRONG
TOKEN", "newPassword");
+
ANONYMOUS_CLIENT.getService(UserSelfService.class).confirmPasswordReset("WRONG
TOKEN", "newPassword");
fail("This should not happen");
} catch (SyncopeClientException e) {
assertEquals(ClientExceptionType.NotFound, e.getType());
assertTrue(e.getMessage().contains("WRONG TOKEN"));
}
-
anonClient.getService(UserSelfService.class).confirmPasswordReset(token,
"newPassword123");
+
ANONYMOUS_CLIENT.getService(UserSelfService.class).confirmPasswordReset(token,
"newPassword123");
// 6. verify that password was reset and token removed
authClient = CLIENT_FACTORY.create(user.getUsername(),
"newPassword123");
@@ -387,8 +383,7 @@ public class UserSelfITCase extends AbstractITCase {
assertNotNull(read);
// 3. request password reset (as anonymous) with no security answer
- SyncopeClient anonClient = CLIENT_FACTORY.create();
-
anonClient.getService(UserSelfService.class).requestPasswordReset(user.getUsername(),
null);
+
ANONYMOUS_CLIENT.getService(UserSelfService.class).requestPasswordReset(user.getUsername(),
null);
// 4. get token (normally sent via e-mail, now reading as admin)
String token = USER_SERVICE.read(read.getKey()).getToken();
@@ -396,13 +391,13 @@ public class UserSelfITCase extends AbstractITCase {
// 5. confirm password reset
try {
-
anonClient.getService(UserSelfService.class).confirmPasswordReset("WRONG
TOKEN", "newPassword");
+
ANONYMOUS_CLIENT.getService(UserSelfService.class).confirmPasswordReset("WRONG
TOKEN", "newPassword");
fail("This should not happen");
} catch (SyncopeClientException e) {
assertEquals(ClientExceptionType.NotFound, e.getType());
assertTrue(e.getMessage().contains("WRONG TOKEN"));
}
-
anonClient.getService(UserSelfService.class).confirmPasswordReset(token,
"newPassword123");
+
ANONYMOUS_CLIENT.getService(UserSelfService.class).confirmPasswordReset(token,
"newPassword123");
// 6. verify that password was reset and token removed
authClient = CLIENT_FACTORY.create(user.getUsername(),
"newPassword123");
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/VirSchemaITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/VirSchemaITCase.java
index 364cb710b2..9c95fa670d 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/VirSchemaITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/VirSchemaITCase.java
@@ -24,7 +24,6 @@ import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assertions.fail;
-import java.security.AccessControlException;
import java.util.List;
import java.util.Locale;
import javax.ws.rs.core.Response;
@@ -100,14 +99,6 @@ public class VirSchemaITCase extends AbstractITCase {
@Test
public void anonymous() {
- SchemaService unauthenticated =
CLIENT_FACTORY.create().getService(SchemaService.class);
- try {
- unauthenticated.search(new
SchemaQuery.Builder().type(SchemaType.VIRTUAL).build());
- fail("This should not happen");
- } catch (AccessControlException e) {
- assertNotNull(e);
- }
-
SchemaService anonymous =
ANONYMOUS_CLIENT.getService(SchemaService.class);
assertFalse(anonymous.search(new
SchemaQuery.Builder().type(SchemaType.VIRTUAL).build()).isEmpty());
}
diff --git
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/wa/WAClientAppITCase.java
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/wa/WAClientAppITCase.java
index b27545aa54..a5dd774f3b 100644
---
a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/wa/WAClientAppITCase.java
+++
b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/wa/WAClientAppITCase.java
@@ -25,8 +25,6 @@ import static org.junit.jupiter.api.Assertions.assertTrue;
import static org.junit.jupiter.api.Assumptions.assumeTrue;
import java.util.List;
-import org.apache.syncope.client.lib.AnonymousAuthenticationHandler;
-import org.apache.syncope.client.lib.SyncopeClient;
import org.apache.syncope.client.lib.SyncopeClientFactoryBean;
import org.apache.syncope.common.lib.policy.AccessPolicyTO;
import org.apache.syncope.common.lib.policy.AttrReleasePolicyTO;
@@ -54,9 +52,7 @@ public class WAClientAppITCase extends AbstractITCase {
public static void setup() {
assumeTrue(CLIENT_FACTORY.getContentType() ==
SyncopeClientFactoryBean.ContentType.JSON);
- SyncopeClient anonymous = CLIENT_FACTORY.create(
- new AnonymousAuthenticationHandler(ANONYMOUS_UNAME,
ANONYMOUS_KEY));
- WA_CLIENT_APP_SERVICE = anonymous.getService(WAClientAppService.class);
+ WA_CLIENT_APP_SERVICE =
ANONYMOUS_CLIENT.getService(WAClientAppService.class);
}
@Test
diff --git a/pom.xml b/pom.xml
index 1d9afb95fa..3cf1084615 100644
--- a/pom.xml
+++ b/pom.xml
@@ -428,7 +428,7 @@ under the License.
<slf4j.version>1.7.36</slf4j.version>
- <elasticsearch.version>8.7.1</elasticsearch.version>
+ <elasticsearch.version>8.8.0</elasticsearch.version>
<log4j2.version>2.20.0</log4j2.version>
<disruptor.version>3.4.4</disruptor.version>
diff --git a/sra/src/main/java/org/apache/syncope/sra/SecurityConfig.java
b/sra/src/main/java/org/apache/syncope/sra/SecurityConfig.java
index af091ce6e4..8929324e9a 100644
--- a/sra/src/main/java/org/apache/syncope/sra/SecurityConfig.java
+++ b/sra/src/main/java/org/apache/syncope/sra/SecurityConfig.java
@@ -94,6 +94,7 @@ public class SecurityConfig {
and().build();
}
+ @ConditionalOnMissingBean
@Bean
@Order(1)
public SecurityWebFilterChain actuatorSecurityFilterChain(final
ServerHttpSecurity http) {
@@ -105,8 +106,9 @@ public class SecurityConfig {
and().build();
}
+ @ConditionalOnMissingBean
@Bean
- public ReactiveUserDetailsService userDetailsService(final SRAProperties
props) {
+ public ReactiveUserDetailsService actuatorUserDetailsService(final
SRAProperties props) {
UserDetails user = User.builder().
username(props.getAnonymousUser()).
password("{noop}" + props.getAnonymousKey()).
