Repository: syncope
Updated Branches:
  refs/heads/2_0_X 02b6d4eb6 -> 6fd572119
  refs/heads/master 9a7afc0ce -> 24f789932


[SYNCOPE-1301] Reworking logic to avoid conficts


Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/6fd57211
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/6fd57211
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/6fd57211

Branch: refs/heads/2_0_X
Commit: 6fd572119b1a91029962a7b36ca7f372ad2204a5
Parents: 02b6d4e
Author: Francesco Chicchiriccò <ilgro...@apache.org>
Authored: Fri Apr 13 09:04:17 2018 +0200
Committer: Francesco Chicchiriccò <ilgro...@apache.org>
Committed: Fri Apr 13 09:04:17 2018 +0200

----------------------------------------------------------------------
 .../persistence/jpa/entity/JPAAccessToken.java  |  2 +-
 .../api/data/AccessTokenDataBinder.java         |  6 +-
 .../java/data/AccessTokenDataBinderImpl.java    | 83 ++++++++++----------
 .../apache/syncope/core/logic/SAML2SPLogic.java | 20 +++--
 4 files changed, 53 insertions(+), 58 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/syncope/blob/6fd57211/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPAAccessToken.java
----------------------------------------------------------------------
diff --git 
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPAAccessToken.java
 
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPAAccessToken.java
index 4ddaed1..e3bc873 100644
--- 
a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPAAccessToken.java
+++ 
b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/entity/JPAAccessToken.java
@@ -44,7 +44,7 @@ public class JPAAccessToken extends AbstractProvidedKeyEntity 
implements AccessT
     @Temporal(TemporalType.TIMESTAMP)
     private Date expiryTime;
 
-    @Column(nullable = true)
+    @Column(unique = true)
     private String owner;
 
     @Lob

http://git-wip-us.apache.org/repos/asf/syncope/blob/6fd57211/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/data/AccessTokenDataBinder.java
----------------------------------------------------------------------
diff --git 
a/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/data/AccessTokenDataBinder.java
 
b/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/data/AccessTokenDataBinder.java
index 4bb64aa..d50fc22 100644
--- 
a/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/data/AccessTokenDataBinder.java
+++ 
b/core/provisioning-api/src/main/java/org/apache/syncope/core/provisioning/api/data/AccessTokenDataBinder.java
@@ -21,16 +21,14 @@ package org.apache.syncope.core.provisioning.api.data;
 import java.util.Date;
 import java.util.Map;
 import org.apache.commons.lang3.tuple.Pair;
-import org.apache.commons.lang3.tuple.Triple;
 import org.apache.syncope.common.lib.to.AccessTokenTO;
 import org.apache.syncope.core.persistence.api.entity.AccessToken;
 
 public interface AccessTokenDataBinder {
 
-    Triple<String, String, Date> generateJWT(String subject, long duration, 
Map<String, Object> claims);
+    Pair<String, Date> generateJWT(String tokenId, String subject, long 
duration, Map<String, Object> claims);
 
-    Pair<String, Date> create(
-            String subject, Map<String, Object> claims, byte[] authorities, 
boolean replaceExisting);
+    Pair<String, Date> create(String subject, Map<String, Object> claims, 
byte[] authorities, boolean replace);
 
     Pair<String, Date> update(AccessToken accessToken, byte[] authorities);
 

http://git-wip-us.apache.org/repos/asf/syncope/blob/6fd57211/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
----------------------------------------------------------------------
diff --git 
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
 
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
index 350f1ed..0b2e4b6 100644
--- 
a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
+++ 
b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/AccessTokenDataBinderImpl.java
@@ -24,7 +24,6 @@ import java.util.Date;
 import java.util.Map;
 import javax.annotation.Resource;
 import org.apache.commons.lang3.tuple.Pair;
-import org.apache.commons.lang3.tuple.Triple;
 import org.apache.cxf.rs.security.jose.common.JoseType;
 import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
 import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
@@ -46,8 +45,6 @@ import org.springframework.stereotype.Component;
 @Component
 public class AccessTokenDataBinderImpl implements AccessTokenDataBinder {
 
-    private static final String[] IGNORE_PROPERTIES = { "owner" };
-
     private static final RandomBasedGenerator UUID_GENERATOR = 
Generators.randomBasedGenerator();
 
     @Resource(name = "adminUser")
@@ -72,8 +69,11 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
     private DefaultCredentialChecker credentialChecker;
 
     @Override
-    public Triple<String, String, Date> generateJWT(
-            final String subject, final long duration, final Map<String, 
Object> claims) {
+    public Pair<String, Date> generateJWT(
+            final String tokenId,
+            final String subject,
+            final long duration,
+            final Map<String, Object> claims) {
 
         credentialChecker.checkIsDefaultJWSKeyInUse();
 
@@ -81,7 +81,7 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
         long expiryTime = currentTime + 60L * duration;
 
         JwtClaims jwtClaims = new JwtClaims();
-        jwtClaims.setTokenId(UUID_GENERATOR.generate().toString());
+        jwtClaims.setTokenId(tokenId);
         jwtClaims.setSubject(subject);
         jwtClaims.setIssuedAt(currentTime);
         jwtClaims.setIssuer(jwtIssuer);
@@ -97,52 +97,52 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
 
         String signed = producer.signWith(jwsSignatureProvider);
 
-        return Triple.of(jwtClaims.getTokenId(), signed, new Date(expiryTime * 
1000L));
+        return Pair.of(signed, new Date(expiryTime * 1000L));
     }
 
-    @Override
-    public Pair<String, Date> create(
+    private AccessToken replace(
             final String subject,
             final Map<String, Object> claims,
             final byte[] authorities,
-            final boolean replaceExisting) {
-
-        String body = null;
-        Date expiryTime = null;
-
-        AccessToken existing = accessTokenDAO.findByOwner(subject);
-        if (existing != null) {
-            body = existing.getBody();
-            expiryTime = existing.getExpiryTime();
-        }
-
-        if (replaceExisting || body == null) {
-            Triple<String, String, Date> created = generateJWT(
-                    subject,
-                    confDAO.find("jwt.lifetime.minutes", 120L),
-                    claims);
-
-            body = created.getMiddle();
-            expiryTime = created.getRight();
+            final AccessToken accessToken) {
 
-            AccessToken accessToken = 
entityFactory.newEntity(AccessToken.class);
-            accessToken.setKey(created.getLeft());
-            accessToken.setBody(body);
-            accessToken.setExpiryTime(expiryTime);
-            accessToken.setOwner(subject);
+        Pair<String, Date> generated = generateJWT(
+                accessToken.getKey(),
+                subject,
+                confDAO.find("jwt.lifetime.minutes", 120L),
+                claims);
 
-            if (!adminUser.equals(accessToken.getOwner())) {
-                accessToken.setAuthorities(authorities);
-            }
+        accessToken.setBody(generated.getLeft());
+        accessToken.setExpiryTime(generated.getRight());
+        accessToken.setOwner(subject);
 
-            accessTokenDAO.save(accessToken);
+        if (!adminUser.equals(accessToken.getOwner())) {
+            accessToken.setAuthorities(authorities);
         }
 
-        if (replaceExisting && existing != null) {
-            accessTokenDAO.delete(existing);
+        return accessTokenDAO.save(accessToken);
+    }
+
+    @Override
+    public Pair<String, Date> create(
+            final String subject,
+            final Map<String, Object> claims,
+            final byte[] authorities,
+            final boolean replace) {
+
+        AccessToken accessToken = accessTokenDAO.findByOwner(subject);
+        if (accessToken == null) {
+            // no AccessToken found: create new
+            accessToken = entityFactory.newEntity(AccessToken.class);
+            accessToken.setKey(UUID_GENERATOR.generate().toString());
+
+            accessToken = replace(subject, claims, authorities, accessToken);
+        } else if (replace) {
+            // AccessToken found, but replace requested: update existing
+            accessToken = replace(subject, claims, authorities, accessToken);
         }
 
-        return Pair.of(body, expiryTime);
+        return Pair.of(accessToken.getBody(), accessToken.getExpiryTime());
     }
 
     @Override
@@ -179,8 +179,7 @@ public class AccessTokenDataBinderImpl implements 
AccessTokenDataBinder {
     @Override
     public AccessTokenTO getAccessTokenTO(final AccessToken accessToken) {
         AccessTokenTO accessTokenTO = new AccessTokenTO();
-        BeanUtils.copyProperties(accessToken, accessTokenTO, 
IGNORE_PROPERTIES);
-        accessTokenTO.setOwner(accessToken.getOwner());
+        BeanUtils.copyProperties(accessToken, accessTokenTO);
 
         return accessTokenTO;
     }

http://git-wip-us.apache.org/repos/asf/syncope/blob/6fd57211/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
----------------------------------------------------------------------
diff --git 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
index 3b68c48..943401e 100644
--- 
a/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
+++ 
b/ext/saml2sp/logic/src/main/java/org/apache/syncope/core/logic/SAML2SPLogic.java
@@ -18,8 +18,6 @@
  */
 package org.apache.syncope.core.logic;
 
-import org.apache.syncope.core.logic.saml2.SAML2UserManager;
-
 import com.fasterxml.uuid.Generators;
 import com.fasterxml.uuid.impl.RandomBasedGenerator;
 import java.io.OutputStream;
@@ -35,7 +33,6 @@ import java.util.Map;
 import javax.annotation.Resource;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.tuple.Pair;
-import org.apache.commons.lang3.tuple.Triple;
 import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
 import org.apache.cxf.rs.security.jose.jws.JwsSignatureVerifier;
 import org.apache.cxf.rs.security.saml.sso.SSOValidatorResponse;
@@ -53,6 +50,7 @@ import 
org.apache.syncope.common.lib.types.StandardEntitlement;
 import org.apache.syncope.core.logic.saml2.SAML2ReaderWriter;
 import org.apache.syncope.core.logic.saml2.SAML2IdPCache;
 import org.apache.syncope.core.logic.saml2.SAML2IdPEntity;
+import org.apache.syncope.core.logic.saml2.SAML2UserManager;
 import org.apache.syncope.core.persistence.api.dao.AccessTokenDAO;
 import org.apache.syncope.core.persistence.api.dao.NotFoundException;
 import org.apache.syncope.core.persistence.api.dao.SAML2IdPDAO;
@@ -326,13 +324,13 @@ public class SAML2SPLogic extends 
AbstractSAML2Logic<AbstractBaseBean> {
             // 3. generate relay state as JWT
             Map<String, Object> claims = new HashMap<>();
             claims.put(JWT_CLAIM_IDP_DEFLATE, idp.isUseDeflateEncoding());
-            Triple<String, String, Date> relayState =
-                    accessTokenDataBinder.generateJWT(authnRequest.getID(), 
JWT_RELAY_STATE_DURATION, claims);
+            Pair<String, Date> relayState = accessTokenDataBinder.generateJWT(
+                    UUID_GENERATOR.generate().toString(), 
authnRequest.getID(), JWT_RELAY_STATE_DURATION, claims);
 
             // 4. sign and encode AuthnRequest
             switch (idp.getBindingType()) {
                 case REDIRECT:
-                    
requestTO.setRelayState(URLEncoder.encode(relayState.getMiddle(), 
StandardCharsets.UTF_8.name()));
+                    
requestTO.setRelayState(URLEncoder.encode(relayState.getLeft(), 
StandardCharsets.UTF_8.name()));
                     requestTO.setContent(URLEncoder.encode(
                             saml2rw.encode(authnRequest, true), 
StandardCharsets.UTF_8.name()));
                     
requestTO.setSignAlg(URLEncoder.encode(saml2rw.getSigAlgo(), 
StandardCharsets.UTF_8.name()));
@@ -343,7 +341,7 @@ public class SAML2SPLogic extends 
AbstractSAML2Logic<AbstractBaseBean> {
 
                 case POST:
                 default:
-                    requestTO.setRelayState(relayState.getMiddle());
+                    requestTO.setRelayState(relayState.getLeft());
                     saml2rw.sign(authnRequest);
                     requestTO.setContent(saml2rw.encode(authnRequest, 
idp.isUseDeflateEncoding()));
             }
@@ -515,7 +513,7 @@ public class SAML2SPLogic extends 
AbstractSAML2Logic<AbstractBaseBean> {
                 if (StringUtils.isNotBlank(userTO.getUsername())) {
                     responseTO.setUsername(userTO.getUsername());
                 }
-                
+
                 responseTO.setSelfReg(true);
 
                 return responseTO;
@@ -621,9 +619,9 @@ public class SAML2SPLogic extends 
AbstractSAML2Logic<AbstractBaseBean> {
             Map<String, Object> claims = new HashMap<>();
             claims.put(JWT_CLAIM_IDP_DEFLATE,
                     idp.getBindingType() == SAML2BindingType.REDIRECT ? true : 
idp.isUseDeflateEncoding());
-            Triple<String, String, Date> relayState =
-                    accessTokenDataBinder.generateJWT(logoutRequest.getID(), 
JWT_RELAY_STATE_DURATION, claims);
-            requestTO.setRelayState(relayState.getMiddle());
+            Pair<String, Date> relayState = accessTokenDataBinder.generateJWT(
+                    UUID_GENERATOR.generate().toString(), 
logoutRequest.getID(), JWT_RELAY_STATE_DURATION, claims);
+            requestTO.setRelayState(relayState.getLeft());
 
             // 4. sign and encode AuthnRequest
             switch (idp.getBindingType()) {

Reply via email to