cas - fixing GN cas authentication

This is a backport from a work done on Sextant. This introduces a
docker-composition to document how GeoNetwork can be integrated to a CAS
+ a LDAP directory, and make testing of such a configuration easier.

The docker composition integrates a cas in version 6.22, as well as an
OpenLDAP containing 2 users (admin & user), both having the password set
to the username.

Once compiled, it is possible to docker-compose up, then visit:
http://localhost:8080/geonetwork/srv/eng/casRedirect

to be able to connect via CAS.

core/src/main/java/org/fao/geonet/web/RedirectLogoutSuccessHandler.java

@@ -0,0 +1,29 @@
+package org.fao.geonet.web;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler;
+import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+
+public class RedirectLogoutSuccessHandler extends AbstractAuthenticationTargetUrlRequestHandler implements LogoutSuccessHandler {
+    @Override
+    public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
+        super.handle(request, response, authentication);
+    }
+
+    @Override
+    protected String determineTargetUrl(HttpServletRequest request, HttpServletResponse response) {
+        String redirectUrl = request.getParameter("redirect");
+        if (redirectUrl == null) {
+            return super.determineTargetUrl(request, response);
+        }
+
+        return redirectUrl;
+    }
+
+}

docker/gn-cas-ldap/README.md

@@ -0,0 +1,31 @@
+# Introduction
+
+This composition is meant to make runtime testing the CAS integration of
+GeoNetwork easier.
+
+This composition also integrates a LDAP, so that testing the
+config-spring-cas-ldap configuration is also possible.
+
+# Prerequisites
+
+It requires the GeoNetwork webapp to be built first:
+
+```
+$ mvn clean package -DskipTests
+```
+
+Then it can be launched:
+
+```
+$ docker-compose up
+
+```
+
+# Accessing the CAS login page from GeoNetwork
+
+The default GeoNetwork UI does not provide an URL for the login which will redirect onto CAS, you will need to manually browse the following one:
+
+```
+http://localhost:8080/geonetwork/srv/eng/casRedirect
+```
+

docker/gn-cas-ldap/cas/Dockerfile

@@ -0,0 +1,15 @@
+FROM openjdk:11.0.9-jdk AS builder
+
+COPY cas-overlay-template-6.2 /cas-overlay-template
+RUN cd /cas-overlay-template/ && ./gradlew build
+
+
+FROM tomcat:9.0-jdk11
+
+COPY --from=builder /cas-overlay-template/build/libs/cas.war ${CATALINA_HOME}/webapps/
+RUN cd $CATALINA_HOME/webapps                                                                                      && \
+  unzip -d cas cas.war                                                                                             && \
+  rm -f cas.war
+
+COPY cas-overlay-template-6.2/etc/cas /etc/cas
+

docker/gn-cas-ldap/cas/cas-overlay-template-6.2/.dockerignore

@@ -0,0 +1,7 @@
+target/**
+build/**
+bin/**
+.idea/**
+.history/**
+.github/**
+.git/**

docker/gn-cas-ldap/cas/cas-overlay-template-6.2/.gitattributes

@@ -0,0 +1,6 @@
+# Set line endings to LF, even on Windows. Otherwise, execution within Docker fails.
+# See https://help.github.com/articles/dealing-with-line-endings/
+*.sh text eol=lf
+gradlew text eol=lf
+*.cmd text eol=crlf
+*.bat text eol=crlf

docker/gn-cas-ldap/cas/cas-overlay-template-6.2/.gitignore

@@ -0,0 +1,22 @@
+.classpath
+!/.project
+.project
+.settings
+.history
+.vscode
+target/
+.idea/
+.DS_Store
+.idea
+overlays/
+.gradle/
+build/
+log/
+bin/
+*.war
+*.iml
+*.log
+tmp/
+./apache-tomcat
+apache-tomcat.zip
+config-metadata.properties

docker/gn-cas-ldap/cas/cas-overlay-template-6.2/.mergify.yml

@@ -0,0 +1,32 @@
+#
+# Licensed to Apereo under one or more contributor license
+# agreements. See the NOTICE file distributed with this work
+# for additional information regarding copyright ownership.
+# Apereo licenses this file to you under the Apache License,
+# Version 2.0 (the "License"); you may not use this file
+# except in compliance with the License.  You may obtain a
+# copy of the License at the following location:
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+pull_request_rules:
+- name: automatic merge by dependabot
+  conditions:
+    - status-success=continuous-integration/travis-ci/pr
+    - status-success=WIP
+    - "#changes-requested-reviews-by=0"
+    - base=master
+    - label=dependencies
+  actions:
+    merge:
+      method: merge
+      strict: true
+    delete_head_branch:

docker/gn-cas-ldap/cas/cas-overlay-template-6.2/.travis.yml

@@ -0,0 +1,62 @@
+language: java
+sudo: required
+dist: trusty
+services:
+  - docker
+branches:
+  only:
+    - master
+before_cache:
+  - rm -rf $HOME/.gradle/caches/5.*/
+  - rm -rf $HOME/.gradle/caches/4.*/
+  - rm -fr $HOME/.gradle/caches/*/plugin-resolution/
+  - find ~/.gradle/caches/ -name "*.lock" -type f -delete
+cache:
+  bundler: false
+  cargo: false
+  directories:
+    - $HOME/.m2
+    - $HOME/.npm/
+    - $HOME/.gradle/caches/
+    - $HOME/.gradle/wrapper/
+env:
+  global:
+    - JAVA_OPTS="-Xms512m -Xmx4048m -Xss128m -XX:ReservedCodeCacheSize=512m -XX:+UseG1GC -Xverify:none -server"
+    - GRADLE_OPTS="-Xms512m -Xmx1024m -Xss128m -XX:ReservedCodeCacheSize=512m -XX:+UseG1GC -Xverify:none -server"
+jdk:
+- openjdk11
+before_install:
+- echo -e "Configuring Gradle wrapper...\n"
+- mkdir -p ~/.gradle && echo "org.gradle.daemon=false" >> ~/.gradle/gradle.properties
+- chmod -R 777 ./gradlew
+- chmod -R 777 *.sh
+install: true
+stages:
+  - build
+  - validate
+  - docker
+jobs:
+  include:
+    - stage: build
+      script: ./gradlew clean build --stacktrace --no-daemon --refresh-dependencies -Dorg.gradle.internal.http.socketTimeout=600000 -Dorg.gradle.internal.http.connectionTimeout=600000
+      name: "Build CAS"
+      ############################################
+    - stage: validate
+      script: ./gradlew downloadShell
+      name: "Download CAS Shell"
+    - stage: validate
+      script: ./gradlew listTemplateViews
+      name: "List CAS Template Views"
+    - stage: validate
+      script: ./gradlew explodeWar
+      name: "Unzip CAS Web Application"
+      ############################################
+    - stage: docker
+      script: ./gradlew build jibDockerBuild --stacktrace --no-daemon --refresh-dependencies
+      name: "Build Docker Image via Jib"
+    - stage: docker
+      script: docker-compose build
+      name: "Build Docker Image via Docker Compose"
+    - stage: docker
+      script: ./docker-build.sh
+      name: "Build Docker Image"

docker/gn-cas-ldap/cas/cas-overlay-template-6.2/Dockerfile

@@ -0,0 +1,40 @@
+FROM adoptopenjdk/openjdk11:alpine-slim AS overlay
+
+RUN mkdir -p cas-overlay
+COPY ./src cas-overlay/src/
+COPY ./gradle/ cas-overlay/gradle/
+COPY ./gradlew ./settings.gradle ./build.gradle ./gradle.properties /cas-overlay/
+
+RUN mkdir -p ~/.gradle \
+    && echo "org.gradle.daemon=false" >> ~/.gradle/gradle.properties \
+    && echo "org.gradle.configureondemand=true" >> ~/.gradle/gradle.properties \
+    && cd cas-overlay \
+    && chmod 750 ./gradlew \
+    && ./gradlew --version;
+
+RUN cd cas-overlay \
+    && ./gradlew clean build --parallel --no-daemon;
+
+FROM adoptopenjdk/openjdk11:alpine-jre AS cas
+
+LABEL "Organization"="Apereo"
+LABEL "Description"="Apereo CAS"
+
+RUN cd / \
+    && mkdir -p /etc/cas/config \
+    && mkdir -p /etc/cas/services \
+    && mkdir -p /etc/cas/saml \
+    && mkdir -p cas-overlay;
+
+COPY etc/cas/ /etc/cas/
+COPY etc/cas/config/ /etc/cas/config/
+COPY etc/cas/services/ /etc/cas/services/
+COPY etc/cas/saml/ /etc/cas/saml/
+COPY --from=overlay cas-overlay/build/libs/cas.war cas-overlay/
+
+EXPOSE 8080 8443
+
+ENV PATH $PATH:$JAVA_HOME/bin:.
+
+WORKDIR cas-overlay
+ENTRYPOINT ["java", "-server", "-noverify", "-Xmx2048M", "-jar", "cas.war"]