diff --git a/conf/oxTrust.properties b/conf/oxTrust.properties
index 4b72dd752..a8ff7afb4 100644
--- a/conf/oxTrust.properties
+++ b/conf/oxTrust.properties
@@ -15,13 +15,13 @@ keystore.password=${config.host.keystore_password}
person-objectClass-types=inetOrgPerson, eduPerson, gluuPerson, ${config.organization.inum-fn}
person-objectClass-displayNames=inetOrgPerson, eduPerson, gluuPerson, Custom
-svn.configuration-store.root=${config.host.schema}://svn.gluu.info/repository/servers/files/${config.appliance.inum-fn}
+svn.configuration-store.root=${svn.configuration.base_path}/${config.appliance.inum-fn}
svn.configuration-store.user=${config.appliance.inum-fn}
svn.configuration-store.password=${config.appliance.svn_base64_encoded_password}
person.allow-modification=true
site.update-appliance-status=true
-persist-in-svn=true
+persist-in-svn=false
# Do not modify below this line
baseDN=o\=gluu
@@ -71,14 +71,7 @@ idp.bindDN=inum=${config.appliance.inum},ou=appliances,o=gluu
idp.bindPassword=${config.host.idp.ldap_base64_encoded_password}
idp.useSSL=true
idp.ldap.server=localhost:1636
-
-# LDAP configuration related to VDS Server
-vds.bindDN=inum=${config.appliance.inum},ou=appliances,o=gluu
-vds.bindPassword=${config.host.vds.ldap_base64_encoded_password}
-vds.useSSL=true
-vds.ldap.server=localhost:1636
-vds.userField=uid,mail
-vds.test.filter=objectclass=*
+idp.user.fields=uid, mail
mysql.url=jdbc:mysql:///${config.host.idp_mysql_db}
mysql.user=${config.host.idp_mysql_user}
@@ -148,3 +141,7 @@ uma.client_password=${config.uma.client_password}
uma.redirect_uri=${config.host.schema}://${config.host.idp_name}${config.oxTrust.web_context}/uma_redirect_uri
uma.resource_id=${config.uma.resource_id}
uma.scope=${config.uma.scope}
+
+cssLocation=/identity/stylesheet
+jsLocation=/identity/js
+
diff --git a/conf/pom.xml b/conf/pom.xml
index 1dad3dab5..0d9cdf708 100644
--- a/conf/pom.xml
+++ b/conf/pom.xml
@@ -6,7 +6,7 @@
oxTrust configuration
http://ox.gluu.org
jar
- 1.1.0.Final
+ 1.2.0.Final
2.3
diff --git a/conf/template/conf/oxTrust.properties.vm b/conf/template/conf/oxTrust.properties.vm
index c7828bed8..2e28e5557 100644
--- a/conf/template/conf/oxTrust.properties.vm
+++ b/conf/template/conf/oxTrust.properties.vm
@@ -15,13 +15,13 @@ keystore.password=$config.puppetHost.keystore_password
person-objectClass-types=inetOrgPerson, eduPerson, gluuPerson, ox-$config.puppetHost.inum_org
person-objectClass-displayNames=inetOrgPerson, eduPerson, gluuPerson, Custom
-svn.configuration-store.root=https://svn.gluu.info/repository/servers/files/$config.appliance.inumFN
+svn.configuration-store.root=${config.puppetHost.svn_base_path}/$config.appliance.inumFN
svn.configuration-store.user=$config.appliance.inumFN
svn.configuration-store.password=$config.puppetHost.ldap_base64_encoded_password
person.allow-modification=true
site.update-appliance-status=true
-persist-in-svn=true
+persist-in-svn=${config.puppetHost.svn_enabled}
# Do not modify below this line
baseDN=o\=gluu
@@ -71,14 +71,7 @@ idp.bindDN=inum=${config.appliance.inum},ou=appliances,o=gluu
idp.bindPassword=$config.puppetHost.ldap_base64_encoded_password
idp.useSSL=true
idp.ldap.server=localhost:1636
-
-# LDAP configuration related to VDS Server
-vds.bindDN=inum=${config.appliance.inum},ou=appliances,o=gluu
-vds.bindPassword=$config.puppetHost.ldap_base64_encoded_password
-vds.useSSL=true
-vds.ldap.server=localhost:1636
-vds.userField=uid,mail
-vds.test.filter=objectclass=*
+idp.user.fields=uid, mail
mysql.url=jdbc:mysql:///$config.puppetHost.idp_mysql_db
mysql.user=$config.puppetHost.idp_mysql_user
diff --git a/pom.xml b/pom.xml
index 50ee10041..585b8cd1f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
oxTrust
http://ox.gluu.org
war
- 1.1.0.Final
+ 1.2.0.Final
2.3
@@ -23,11 +23,10 @@
5.3.3.Final
1.1.2.Final
1.1.0
- 1.1.0.Final
- SNAPSHOT
+ 1.2.0.Final
+ 1.2.0.Final
java:app/oxtrust-ejb/#{ejbName}
- 1.1.0.Final
@@ -383,6 +382,11 @@
oxauth-model
${oxauth.version}
+
+ org.xdi
+ oxTrustStatic
+ ${oxcore.version}
+
org.xdi
oxauth-client
diff --git a/profiles/default/config-oxtrust.properties b/profiles/default/config-oxtrust.properties
index d8750322c..0357d088a 100644
--- a/profiles/default/config-oxtrust.properties
+++ b/profiles/default/config-oxtrust.properties
@@ -12,6 +12,8 @@ config.ldap.central.servers=localhost\:1389
config.ldap.central.maxconnections=3
config.ldap.central.useSSL=false
+svn.configuration.base_path=
+
config.organization.inum=@!1111
config.organization.iname=@test*org
config.organization.displayName=Test server
diff --git a/profiles/setup/config-oxtrust.properties b/profiles/setup/config-oxtrust.properties
index b3c9d7c25..12137231d 100644
--- a/profiles/setup/config-oxtrust.properties
+++ b/profiles/setup/config-oxtrust.properties
@@ -12,6 +12,8 @@ config.ldap.central.servers=localhost\:2389
config.ldap.central.maxconnections=3
config.ldap.central.useSSL=false
+svn.configuration.base_path=
+
config.organization.inum=@!1111
config.organization.iname=@test*org
config.organization.displayName=Test server
diff --git a/src/main/java/org/gluu/oxtrust/action/AppliancePasswordAction.java b/src/main/java/org/gluu/oxtrust/action/AppliancePasswordAction.java
index 0cacb62a3..a52aefcf3 100644
--- a/src/main/java/org/gluu/oxtrust/action/AppliancePasswordAction.java
+++ b/src/main/java/org/gluu/oxtrust/action/AppliancePasswordAction.java
@@ -61,15 +61,17 @@ public String update() {
log.error("Failed to encrypt password", e);
}
appliance.setUserPassword(newPassword);
-
- GluuAppliance tmpAppliance = new GluuAppliance();
- tmpAppliance.setDn(appliance.getDn());
- boolean existAppliance = centralLdapService.containsAppliance(tmpAppliance);
-
- if (existAppliance) {
- centralLdapService.updateAppliance(appliance);
- } else {
- centralLdapService.addAppliance(appliance);
+
+ if (centralLdapService.isUseCentralServer()) {
+ GluuAppliance tmpAppliance = new GluuAppliance();
+ tmpAppliance.setDn(appliance.getDn());
+ boolean existAppliance = centralLdapService.containsAppliance(tmpAppliance);
+
+ if (existAppliance) {
+ centralLdapService.updateAppliance(appliance);
+ } else {
+ centralLdapService.addAppliance(appliance);
+ }
}
applianceService.updateAppliance(appliance);
diff --git a/src/main/java/org/gluu/oxtrust/action/AuthenticationFilter.java b/src/main/java/org/gluu/oxtrust/action/AuthenticationFilter.java
index eff45fc56..a590de949 100644
--- a/src/main/java/org/gluu/oxtrust/action/AuthenticationFilter.java
+++ b/src/main/java/org/gluu/oxtrust/action/AuthenticationFilter.java
@@ -98,8 +98,6 @@ public void process() throws ServletException, IOException, LoginException {
final String header = httpRequest.getHeader("Authorization");
if (((header != null) && header.startsWith("Bearer ")) || StringHelper.isNotEmpty(httpRequest.getParameter("authCreds"))) {
processBearerAuth(httpRequest, httpResponse, chain);
- } else if ((header != null) && header.startsWith("Basic ")) {
- processBasicAuth(httpRequest, httpResponse, chain);
} else {
throw new ServletException("Invalid authentication type");
}
@@ -187,64 +185,6 @@ public boolean validateOAuthToken(Identity identity, Credentials credentials, Ap
return false;
}
- private void processBasicAuth(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException,
- ServletException {
- Identity identity = Identity.instance();
-
- if (identity == null) {
- throw new ServletException("Identity not found - please ensure that the Identity component is created on startup.");
- }
-
- Credentials credentials = identity.getCredentials();
-
- boolean requireAuth = false;
- String header = request.getHeader("Authorization");
- if (header != null && header.startsWith("Basic ")) {
- String base64Token = header.substring(6);
- String token = new String(Base64.decode(base64Token));
-
- String userName = "";
- String password = "";
- int delim = token.indexOf(":");
-
- if (delim != -1) {
- userName = token.substring(0, delim);
- password = token.substring(delim + 1);
- }
-
- if (!StringHelper.isEmpty(userName)) {
- // Only reauthenticate if username doesn't match Identity.username and user isn't authenticated
- if (!userName.equals(credentials.getUsername()) || !identity.isLoggedIn()) {
- try {
- Authenticator authenticator = getAuthenticator(userName, password);
- requireAuth = !authenticator.authenticateBasicWebService();
- } catch (Exception ex) {
- log.warn("Error authenticating: " + ex.getMessage());
- requireAuth = true;
- }
- }
- }
- }
-
- if (!identity.isLoggedIn() && !credentials.isSet()) {
- requireAuth = true;
- }
-
- try {
- if (!requireAuth) {
- chain.doFilter(request, response);
- return;
- }
- } catch (NotLoggedInException ex) {
- requireAuth = true;
- }
-
- if ((requireAuth && !identity.isLoggedIn())) {
- response.addHeader("WWW-Authenticate", "Basic realm=\"" + realm + "\"");
- response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Not authorized");
- }
- }
-
private boolean authenticateUserSilently(Identity identity, Credentials credentials, String userName) {
if (!StringHelper.isEmpty(userName)) {
// Only reauthenticate if username doesn't match Identity.username and user isn't authenticated
diff --git a/src/main/java/org/gluu/oxtrust/action/Authenticator.java b/src/main/java/org/gluu/oxtrust/action/Authenticator.java
index 161248659..4ca9c394b 100644
--- a/src/main/java/org/gluu/oxtrust/action/Authenticator.java
+++ b/src/main/java/org/gluu/oxtrust/action/Authenticator.java
@@ -318,6 +318,7 @@ public boolean shibboleth2Authenticate() {
if (StringHelper.isEmpty(userUid) || StringHelper.isEmpty(authType) || !authType.equals("shibboleth")) {
result = false;
+ return result;
}
Pattern pattern = Pattern.compile(".+@.+\\.[a-z]+");
@@ -334,6 +335,7 @@ public boolean shibboleth2Authenticate() {
if (user == null) {
result = false;
+ return result;
}
log.debug("Person Inum is " + user.getInum());
diff --git a/src/main/java/org/gluu/oxtrust/action/UpdateClientAction.java b/src/main/java/org/gluu/oxtrust/action/UpdateClientAction.java
index 718b421cc..b079197d9 100644
--- a/src/main/java/org/gluu/oxtrust/action/UpdateClientAction.java
+++ b/src/main/java/org/gluu/oxtrust/action/UpdateClientAction.java
@@ -155,7 +155,7 @@ public String update() throws Exception {
private List getNonEmptyStringList(List currentList) {
if (currentList != null && currentList.size() > 0) {
- return currentList;
+ return new ArrayList(currentList);
} else {
return new ArrayList();
}
@@ -377,7 +377,7 @@ private void updateLoginURIs() {
private void updateLogoutURIs() {
if (this.logoutUris == null || this.logoutUris.size() == 0) {
- this.client.setOxAuthRedirectURIs(null);
+ this.client.setOxAuthPostLogoutRedirectURIs(null);
return;
}
diff --git a/src/main/java/org/gluu/oxtrust/action/UpdateGroupAction.java b/src/main/java/org/gluu/oxtrust/action/UpdateGroupAction.java
index 7739c5e02..4af7ac130 100644
--- a/src/main/java/org/gluu/oxtrust/action/UpdateGroupAction.java
+++ b/src/main/java/org/gluu/oxtrust/action/UpdateGroupAction.java
@@ -314,7 +314,7 @@ private void updatePersons(List oldMembers, List tmpClients = new ArrayList();
- for (DisplayNameEntry group : this.clients) {
- tmpClients.add(group.getDn());
- }
-
- this.scopeDescription.setClients(tmpClients);
- }
-
- private List getClientDisplayNameEntries() {
- List result = new ArrayList();
- List tmp = lookupService.getDisplayNameEntries(clientService.getDnForClient(null), this.scopeDescription.getClients());
- if (tmp != null) {
- result.addAll(tmp);
- }
-
- return result;
- }
-
public List getClients() {
return clients;
}
diff --git a/src/main/java/org/gluu/oxtrust/config/OxTrustConfiguration.java b/src/main/java/org/gluu/oxtrust/config/OxTrustConfiguration.java
index 2b69a163f..8602a8d64 100644
--- a/src/main/java/org/gluu/oxtrust/config/OxTrustConfiguration.java
+++ b/src/main/java/org/gluu/oxtrust/config/OxTrustConfiguration.java
@@ -49,7 +49,7 @@ public class OxTrustConfiguration {
@Create
public void create() {
this.ldapConfiguration = createFileConfiguration(CONFIGURATION_FILE_LOCAL_LDAP_PROPERTIES_FILE);
- this.ldapCentralConfiguration = createFileConfiguration(CONFIGURATION_FILE_CENTRAL_LDAP_PROPERTIES_FILE);
+ this.ldapCentralConfiguration = createFileConfiguration(CONFIGURATION_FILE_CENTRAL_LDAP_PROPERTIES_FILE, false);
}
@Observer(EVENT_INIT_CONFIGURATION)
@@ -63,12 +63,23 @@ public void updateConfigurations() {
}
private FileConfiguration createFileConfiguration(String fileName) {
+ return createFileConfiguration(fileName, true);
+ }
+
+ private FileConfiguration createFileConfiguration(String fileName, boolean isMandatory) {
try {
- return new FileConfiguration(fileName);
+ FileConfiguration fileConfiguration = new FileConfiguration(fileName);
+ if (fileConfiguration.isLoaded()) {
+ return fileConfiguration;
+ }
} catch (Exception ex) {
- log.error("Failed to load configuration from {0}", ex, fileName);
- throw new ConfigurationException("Failed to load configuration from " + fileName, ex);
+ if (isMandatory) {
+ log.error("Failed to load configuration from {0}", ex, fileName);
+ throw new ConfigurationException("Failed to load configuration from " + fileName, ex);
+ }
}
+
+ return null;
}
private boolean createConfigurationFromLdap(boolean recoverFromFiles) {
diff --git a/src/main/java/org/gluu/oxtrust/ldap/service/AbstractConnectionCheckerTimer.java b/src/main/java/org/gluu/oxtrust/ldap/service/AbstractConnectionCheckerTimer.java
index 3553487e0..8ec40e275 100644
--- a/src/main/java/org/gluu/oxtrust/ldap/service/AbstractConnectionCheckerTimer.java
+++ b/src/main/java/org/gluu/oxtrust/ldap/service/AbstractConnectionCheckerTimer.java
@@ -18,6 +18,10 @@ public class AbstractConnectionCheckerTimer {
private Log log;
protected void processImpl(FileConfiguration configuration, LDAPConnectionProvider connectionProvider) {
+ if ((configuration == null) || (connectionProvider == null)) {
+ return;
+ }
+
// Check if application has connection to LDAP server
boolean isConnected = connectionProvider.isConnected();
if (!isConnected) {
diff --git a/src/main/java/org/gluu/oxtrust/ldap/service/AppInitializer.java b/src/main/java/org/gluu/oxtrust/ldap/service/AppInitializer.java
index c4ae05da0..b8016fe2e 100644
--- a/src/main/java/org/gluu/oxtrust/ldap/service/AppInitializer.java
+++ b/src/main/java/org/gluu/oxtrust/ldap/service/AppInitializer.java
@@ -296,9 +296,12 @@ private void showBuildInfo() {
private void createConnectionProvider(FileConfiguration configuration, String configurationComponentName, String connectionProviderComponentName)
throws ConfigurationException {
Contexts.getApplicationContext().set(configurationComponentName, configuration);
-//TODO: Oleksiy Tataryn: Make oxTrust guess configuration if none available instead of just crashing. Or at least give give better explanation to the user.
- LdapConnectionService connectionProvider = new LdapConnectionService(PropertiesDecrypter.decryptProperties(configuration
+
+ LdapConnectionService connectionProvider = null;
+ if (configuration != null) {
+ connectionProvider = new LdapConnectionService(PropertiesDecrypter.decryptProperties(configuration
.getProperties()));
+ }
Contexts.getApplicationContext().set(connectionProviderComponentName, connectionProvider);
}
@@ -348,7 +351,9 @@ public void destroyApplicationComponents() throws ConfigurationException {
LdapConnectionService centralConnectionProvider = (LdapConnectionService) Contexts.getApplicationContext().get(
"centralConnectionProvider");
- centralConnectionProvider.closeConnectionPool();
+ if (centralConnectionProvider != null) {
+ centralConnectionProvider.closeConnectionPool();
+ }
}
@Factory(value = "ldapEntryManager", scope = ScopeType.APPLICATION, autoCreate = true)
@@ -368,6 +373,10 @@ public LdapEntryManager createLdapEntryManager() {
public LdapEntryManager createCentralLdapEntryManager() {
LdapConnectionService centralConnectionProvider = (LdapConnectionService) Contexts.getApplicationContext().get(
"centralConnectionProvider");
+ if (centralConnectionProvider == null) {
+ return null;
+ }
+
LdapEntryManager centralLdapEntryManager = new LdapEntryManager(new OperationsFacade(centralConnectionProvider));
log.debug("Created central LdapEntryManager: " + centralLdapEntryManager);
diff --git a/src/main/java/org/gluu/oxtrust/ldap/service/BaseConfigurationService.java b/src/main/java/org/gluu/oxtrust/ldap/service/BaseConfigurationService.java
index c272e3134..7bd08108e 100644
--- a/src/main/java/org/gluu/oxtrust/ldap/service/BaseConfigurationService.java
+++ b/src/main/java/org/gluu/oxtrust/ldap/service/BaseConfigurationService.java
@@ -132,14 +132,16 @@ public boolean checkAndUpdateLdapbaseConfigurationImpl() {
String newPassword = RandomStringUtils.randomAlphanumeric(8);
appliance.setBlowfishPassword(StringEncrypter.defaultInstance().encrypt(newPassword));
- GluuAppliance tmpAppliance = new GluuAppliance();
- tmpAppliance.setDn(appliance.getDn());
- boolean existAppliance = centralLdapService.containsAppliance(tmpAppliance);
-
- if (existAppliance) {
- centralLdapService.updateAppliance(appliance);
- } else {
- centralLdapService.addAppliance(appliance);
+ if (centralLdapService.isUseCentralServer()) {
+ GluuAppliance tmpAppliance = new GluuAppliance();
+ tmpAppliance.setDn(appliance.getDn());
+ boolean existAppliance = centralLdapService.containsAppliance(tmpAppliance);
+
+ if (existAppliance) {
+ centralLdapService.updateAppliance(appliance);
+ } else {
+ centralLdapService.addAppliance(appliance);
+ }
}
appliance.setUserPassword(newPassword);
diff --git a/src/main/java/org/gluu/oxtrust/ldap/service/CentralLdapService.java b/src/main/java/org/gluu/oxtrust/ldap/service/CentralLdapService.java
index 130162152..81a166de9 100644
--- a/src/main/java/org/gluu/oxtrust/ldap/service/CentralLdapService.java
+++ b/src/main/java/org/gluu/oxtrust/ldap/service/CentralLdapService.java
@@ -18,8 +18,8 @@
@AutoCreate
public class CentralLdapService {
- @In
- LdapEntryManager centralLdapEntryManager;
+ @In(required = false)
+ private LdapEntryManager centralLdapEntryManager;
/**
* Add appliance entry
@@ -49,5 +49,9 @@ public void updateAppliance(GluuAppliance appliance) {
public boolean containsAppliance(GluuAppliance appliance) {
return centralLdapEntryManager.contains(appliance);
}
+
+ public boolean isUseCentralServer() {
+ return centralLdapEntryManager != null;
+ }
}
diff --git a/src/main/java/org/gluu/oxtrust/ldap/service/ClientService.java b/src/main/java/org/gluu/oxtrust/ldap/service/ClientService.java
index 17e4edffb..b7ea95e91 100644
--- a/src/main/java/org/gluu/oxtrust/ldap/service/ClientService.java
+++ b/src/main/java/org/gluu/oxtrust/ldap/service/ClientService.java
@@ -8,6 +8,7 @@
import org.gluu.oxtrust.model.OxAuthCustomClient;
import org.gluu.oxtrust.model.OxAuthTrustedClientBox;
import org.gluu.oxtrust.model.TokenResponseAlgs;
+import org.gluu.oxtrust.model.OxAuthAuthenticationMethod;
import org.gluu.oxtrust.util.OxTrustConstants;
import org.gluu.site.ldap.persistence.LdapEntryManager;
import org.jboss.seam.Component;
@@ -365,4 +366,13 @@ public OxAuthTrustedClientBox[] getOxAuthTrustedClient() {
return OxAuthTrustedClientBox.values();
}
+ /**
+ * Get all available Authentication methods
+ *
+ * @return Array of Authentication methods
+ */
+ public OxAuthAuthenticationMethod[] getAuthenticationMethods() {
+ return OxAuthAuthenticationMethod.values();
+ }
+
}
diff --git a/src/main/java/org/gluu/oxtrust/ldap/service/GroupService.java b/src/main/java/org/gluu/oxtrust/ldap/service/GroupService.java
index 624ebc745..bc41fc7ed 100644
--- a/src/main/java/org/gluu/oxtrust/ldap/service/GroupService.java
+++ b/src/main/java/org/gluu/oxtrust/ldap/service/GroupService.java
@@ -236,7 +236,6 @@ private String generateInumForNewGroupImpl() throws Exception {
String orgInum = OrganizationService.instance().getInumForOrganization();
return orgInum + OxTrustConstants.inumDelimiter + OxTrustConstants.INUM_GROUP_OBJECTTYPE + OxTrustConstants.inumDelimiter
+ INumGenerator.generate(2);
-
}
/**
diff --git a/src/main/java/org/gluu/oxtrust/ldap/service/LdapConnectionCheckerTimer.java b/src/main/java/org/gluu/oxtrust/ldap/service/LdapConnectionCheckerTimer.java
index 665a2ba80..39b53ddcd 100644
--- a/src/main/java/org/gluu/oxtrust/ldap/service/LdapConnectionCheckerTimer.java
+++ b/src/main/java/org/gluu/oxtrust/ldap/service/LdapConnectionCheckerTimer.java
@@ -34,13 +34,13 @@ public class LdapConnectionCheckerTimer extends AbstractConnectionCheckerTimer {
@In
private FileConfiguration localLdapConfiguration;
- @In
+ @In(required = false)
private FileConfiguration centralLdapConfiguration;
@In
private LDAPConnectionProvider connectionProvider;
- @In
+ @In(required = false)
private LDAPConnectionProvider centralConnectionProvider;
private boolean isActive;
diff --git a/src/main/java/org/gluu/oxtrust/ldap/service/OxTrustConfigurationService.java b/src/main/java/org/gluu/oxtrust/ldap/service/OxTrustConfigurationService.java
new file mode 100644
index 000000000..d87478ad0
--- /dev/null
+++ b/src/main/java/org/gluu/oxtrust/ldap/service/OxTrustConfigurationService.java
@@ -0,0 +1,44 @@
+package org.gluu.oxtrust.ldap.service;
+
+import org.jboss.seam.ScopeType;
+import org.jboss.seam.annotations.AutoCreate;
+import org.jboss.seam.annotations.In;
+import org.jboss.seam.annotations.Name;
+import org.jboss.seam.annotations.Scope;
+import org.jboss.seam.web.ServletContexts;
+import org.xdi.config.oxtrust.ApplicationConfiguration;
+import org.xdi.util.StringHelper;
+
+/**
+ * GluuAppliance service
+ *
+ * @author Oleksiy Tataryn Date: 08.07.2014
+ */
+@Scope(ScopeType.STATELESS)
+@Name("oxTrustConfigurationService")
+@AutoCreate
+public class OxTrustConfigurationService {
+
+ @In(value = "#{oxTrustConfiguration.applicationConfiguration}")
+ private ApplicationConfiguration applicationConfiguration;
+
+ public String getCssLocation() {
+ if (StringHelper.isEmpty(applicationConfiguration.getCssLocation())){
+ String contextPath = ServletContexts.instance().getRequest().getContextPath();
+ return contextPath + "/stylesheet";
+ }else{
+ return applicationConfiguration.getCssLocation();
+ }
+ }
+
+ public String getJsLocation() {
+ if (StringHelper.isEmpty(applicationConfiguration.getJsLocation())){
+ String contextPath = ServletContexts.instance().getRequest().getContextPath();
+ return contextPath + "/js";
+ }else{
+ return applicationConfiguration.getJsLocation();
+ }
+ }
+
+
+}
diff --git a/src/main/java/org/gluu/oxtrust/ldap/service/Shibboleth2ConfService.java b/src/main/java/org/gluu/oxtrust/ldap/service/Shibboleth2ConfService.java
index 8022356f0..7fbda1560 100644
--- a/src/main/java/org/gluu/oxtrust/ldap/service/Shibboleth2ConfService.java
+++ b/src/main/java/org/gluu/oxtrust/ldap/service/Shibboleth2ConfService.java
@@ -122,7 +122,6 @@ public class Shibboleth2ConfService implements Serializable {
public static final String SHIB2_IDP_SP_CERT_FILE = "spcert.crt";
-
@In
private AttributeService attributeService;
@@ -900,16 +899,16 @@ public boolean generateIdpConfigurationFiles() {
// Prepare data for files
VelocityContext context = new VelocityContext();
- String host = applicationConfiguration.getVdsLdapProtocol() + "://" + applicationConfiguration.getVdsLdapServer();
+ String host = applicationConfiguration.getIdpLdapProtocol() + "://" + applicationConfiguration.getIdpLdapServer();
String base = applicationConfiguration.getBaseDN();
- String serviceUser = applicationConfiguration.getVdsBindDn();
+ String serviceUser = applicationConfiguration.getIdpBindDn();
String serviceCredential = "";
try {
- serviceCredential = StringEncrypter.defaultInstance().decrypt(applicationConfiguration.getVdsBindPassword());
+ serviceCredential = StringEncrypter.defaultInstance().decrypt(applicationConfiguration.getIdpBindPassword());
} catch (EncryptionException e) {
log.error("Failed to decrypt bindPassword", e);
}
- String userField = applicationConfiguration.getVdsUserField();
+ String userField = applicationConfiguration.getIdpUserFields();
context.put("host", host);
context.put("base", base);
context.put("serviceUser", serviceUser);
diff --git a/src/main/java/org/gluu/oxtrust/ldap/service/StatusCheckerDaily.java b/src/main/java/org/gluu/oxtrust/ldap/service/StatusCheckerDaily.java
index d3669840d..c25bca910 100644
--- a/src/main/java/org/gluu/oxtrust/ldap/service/StatusCheckerDaily.java
+++ b/src/main/java/org/gluu/oxtrust/ldap/service/StatusCheckerDaily.java
@@ -25,19 +25,19 @@
public class StatusCheckerDaily {
@Logger
- Log log;
+ private Log log;
@In
- ApplianceService applianceService;
+ private ApplianceService applianceService;
@In
- GroupService groupService;
+ private GroupService groupService;
@In
- PersonService personService;
+ private PersonService personService;
@In
- CentralLdapService centralLdapService;
+ private CentralLdapService centralLdapService;
@In
private OxTrustConfiguration oxTrustConfiguration;
@@ -88,19 +88,21 @@ private void process(Date when, Long interval) {
return;
}
- try {
- GluuAppliance tmpAppliance = new GluuAppliance();
- tmpAppliance.setDn(appliance.getDn());
- boolean existAppliance = centralLdapService.containsAppliance(tmpAppliance);
-
- if (existAppliance) {
- centralLdapService.updateAppliance(appliance);
- } else {
- centralLdapService.addAppliance(appliance);
+ if (centralLdapService.isUseCentralServer()) {
+ try {
+ GluuAppliance tmpAppliance = new GluuAppliance();
+ tmpAppliance.setDn(appliance.getDn());
+ boolean existAppliance = centralLdapService.containsAppliance(tmpAppliance);
+
+ if (existAppliance) {
+ centralLdapService.updateAppliance(appliance);
+ } else {
+ centralLdapService.addAppliance(appliance);
+ }
+ } catch (LdapMappingException ex) {
+ log.error("Failed to update appliance at central server", ex);
+ return;
}
- } catch (LdapMappingException ex) {
- log.error("Failed to update appliance at central server", ex);
- return;
}
log.debug("Daily Appliance status update finished");
@@ -112,7 +114,7 @@ private void setLdapAttributes(GluuAppliance appliance) {
int personCount = personService.countPersons();
appliance.setGroupCount(String.valueOf(groupCount));
- appliance.setPersonCount(String.valueOf(personCount));
+ appliance.setPersonCount(String.valueOf(personCount));
appliance.setGluuDSStatus(Boolean.toString(groupCount > 0 && personCount > 0));
}
diff --git a/src/main/java/org/gluu/oxtrust/ldap/service/StatusCheckerTimer.java b/src/main/java/org/gluu/oxtrust/ldap/service/StatusCheckerTimer.java
index 887712002..16b75303e 100644
--- a/src/main/java/org/gluu/oxtrust/ldap/service/StatusCheckerTimer.java
+++ b/src/main/java/org/gluu/oxtrust/ldap/service/StatusCheckerTimer.java
@@ -25,8 +25,8 @@
import org.apache.commons.io.IOUtils;
import org.gluu.oxtrust.config.OxTrustConfiguration;
import org.gluu.oxtrust.model.GluuAppliance;
-import org.gluu.oxtrust.util.OxTrustConstants;
import org.gluu.oxtrust.util.NumberHelper;
+import org.gluu.oxtrust.util.OxTrustConstants;
import org.gluu.site.ldap.persistence.exception.LdapMappingException;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.AutoCreate;
@@ -43,17 +43,6 @@
import org.xdi.config.oxtrust.ApplicationConfiguration;
import org.xdi.util.StringHelper;
import org.xdi.util.process.ProcessHelper;
-import org.xdi.util.security.StringEncrypter;
-import org.xdi.util.security.StringEncrypter.EncryptionException;
-
-import com.unboundid.ldap.sdk.LDAPConnectionPool;
-import com.unboundid.ldap.sdk.SearchResult;
-import com.unboundid.ldap.sdk.SearchScope;
-import com.unboundid.ldap.sdk.ServerSet;
-import com.unboundid.ldap.sdk.SimpleBindRequest;
-import com.unboundid.ldap.sdk.SingleServerSet;
-import com.unboundid.util.ssl.SSLUtil;
-import com.unboundid.util.ssl.TrustAllTrustManager;
/**
* Gather periodically site and server status
@@ -66,19 +55,19 @@
public class StatusCheckerTimer {
@Logger
- Log log;
+ private Log log;
@In
- ApplianceService applianceService;
+ private ApplianceService applianceService;
@In
- GroupService groupService;
+ private GroupService groupService;
@In
- PersonService personService;
+ private PersonService personService;
@In
- CentralLdapService centralLdapService;
+ private CentralLdapService centralLdapService;
@In
private OxTrustConfiguration oxTrustConfiguration;
@@ -130,7 +119,7 @@ private void process(Date when, Long interval) {
setCertificateExpiryAttributes(appliance);
- setVDSAttributes(appliance);
+// setVDSAttributes(appliance);
appliance.setLastUpdate(toIntString(System.currentTimeMillis() / 1000));
@@ -141,19 +130,21 @@ private void process(Date when, Long interval) {
return;
}
- try {
- GluuAppliance tmpAppliance = new GluuAppliance();
- tmpAppliance.setDn(appliance.getDn());
- boolean existAppliance = centralLdapService.containsAppliance(tmpAppliance);
-
- if (existAppliance) {
- centralLdapService.updateAppliance(appliance);
- } else {
- centralLdapService.addAppliance(appliance);
+ if (centralLdapService.isUseCentralServer()) {
+ try {
+ GluuAppliance tmpAppliance = new GluuAppliance();
+ tmpAppliance.setDn(appliance.getDn());
+ boolean existAppliance = centralLdapService.containsAppliance(tmpAppliance);
+
+ if (existAppliance) {
+ centralLdapService.updateAppliance(appliance);
+ } else {
+ centralLdapService.addAppliance(appliance);
+ }
+ } catch (LdapMappingException ex) {
+ log.error("Failed to update appliance at central server", ex);
+ return;
}
- } catch (LdapMappingException ex) {
- log.error("Failed to update appliance at central server", ex);
- return;
}
log.debug("Appliance status update finished");
@@ -209,7 +200,7 @@ private void setHttpdAttributes(GluuAppliance appliance) {
appliance.setGluuHttpStatus(Boolean.toString(OxTrustConstants.HTTPD_TEST_PAGE_CONTENT.equals(page)));
}
-
+/*
private void setVDSAttributes(GluuAppliance appliance) {
log.debug("Setting VDS attributes");
ApplicationConfiguration applicationConfiguration = oxTrustConfiguration.getApplicationConfiguration();
@@ -271,7 +262,7 @@ private void setVDSAttributes(GluuAppliance appliance) {
}
appliance.setGluuVDSStatus(Boolean.toString(topPresent && vdapcontainerPresent && vdlabelPresent && vdDirectoryViewPresent));
}
-
+*/
private String getHttpdPage(String idpUrl, String httpdTestPageName) {
String[] urlParts = idpUrl.split("://");
if ("https".equals(urlParts[0])) {
diff --git a/src/main/java/org/gluu/oxtrust/ldap/service/SubversionService.java b/src/main/java/org/gluu/oxtrust/ldap/service/SubversionService.java
index 797167615..c01b26c5e 100644
--- a/src/main/java/org/gluu/oxtrust/ldap/service/SubversionService.java
+++ b/src/main/java/org/gluu/oxtrust/ldap/service/SubversionService.java
@@ -162,7 +162,10 @@ private String getLocalRepositoryFilePath(String dirFn, SubversionFile subversio
*/
public void initSubversionService() {
- String svnConfigurationStoreRoot = applicationConfiguration.getSvnConfigurationStoreRoot();
+ String svnConfigurationStoreRoot = null;
+ if (applicationConfiguration.isPersistSVN()) {
+ svnConfigurationStoreRoot = applicationConfiguration.getSvnConfigurationStoreRoot();
+ }
SVNAdminAreaFactory.setSelector(new ISVNAdminAreaFactorySelector() {
@@ -181,7 +184,7 @@ public Collection getEnabledFactories(File path, Collection factories, boolean w
});
if (StringHelper.isEmpty(svnConfigurationStoreRoot)) {
- log.error("Failed to initialize Subversion store due to wrong SVN root path");
+ log.warn("The service which commit configuration files into SVN was disabled");
return;
}
diff --git a/src/main/java/org/gluu/oxtrust/model/GluuOrganization.java b/src/main/java/org/gluu/oxtrust/model/GluuOrganization.java
index 309f7acd0..2095e1498 100644
--- a/src/main/java/org/gluu/oxtrust/model/GluuOrganization.java
+++ b/src/main/java/org/gluu/oxtrust/model/GluuOrganization.java
@@ -1,7 +1,6 @@
package org.gluu.oxtrust.model;
import java.io.Serializable;
-import java.util.List;
import javax.validation.constraints.NotNull;
import javax.validation.constraints.Size;
@@ -84,15 +83,6 @@
@LdapAttribute(name = "gluuTempFaviconImage")
private String tempFaviconImage;
- @LdapAttribute(name = "scimStatus")
- private GluuStatus scimStatus;
-
- @LdapAttribute(name = "scimAuthMode")
- private String scimAuthMode;
-
- @LdapAttribute(name = "scimGroup")
- private String scimGroup;
-
@LdapAttribute(name = "oxInumConfig")
private String oxInumConfig;
diff --git a/src/main/java/org/gluu/oxtrust/model/OxAuthAuthenticationMethod.java b/src/main/java/org/gluu/oxtrust/model/OxAuthAuthenticationMethod.java
new file mode 100644
index 000000000..1cd11d848
--- /dev/null
+++ b/src/main/java/org/gluu/oxtrust/model/OxAuthAuthenticationMethod.java
@@ -0,0 +1,83 @@
+package org.gluu.oxtrust.model;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.gluu.site.ldap.persistence.annotation.LdapEnum;
+
+/**
+ * @author Yuriy Movchan Date: 07/07/2014
+ */
+public enum OxAuthAuthenticationMethod implements LdapEnum {
+
+ /**
+ * Clients in possession of a client password authenticate with the Authorization Server
+ * using HTTP Basic authentication scheme. Default one if not client authentication is specified.
+ */
+ CLIENT_SECRET_BASIC("client_secret_basic", "client_secret_basic"),
+
+ /**
+ * Clients in possession of a client password authenticate with the Authorization Server
+ * by including the client credentials in the request body.
+ */
+ CLIENT_SECRET_POST("client_secret_post", "client_secret_post"),
+
+ /**
+ * Clients in possession of a client password create a JWT using the HMAC-SHA algorithm.
+ * The HMAC (Hash-based Message Authentication Code) is calculated using the client_secret
+ * as the shared key.
+ */
+ CLIENT_SECRET_JWT("client_secret_jwt", "client_secret_jwt"),
+
+ /**
+ * Clients that have registered a public key sign a JWT using the RSA algorithm if a RSA
+ * key was registered or the ECDSA algorithm if an Elliptic Curve key was registered.
+ */
+ PRIVATE_KEY_JWT("private_key_jwt", "private_key_jwt"),
+
+ /**
+ * The Client does not authenticate itself at the Token Endpoint, either because it uses only the Implicit Flow
+ * (and so does not use the Token Endpoint) or because it is a Public Client with no Client Secret or other
+ * authentication mechanism.
+ */
+ NONE("none", "none");
+
+
+ private String value;
+ private String displayName;
+
+ private static Map mapByValues = new HashMap();
+
+ static {
+ for (OxAuthAuthenticationMethod enumType : values()) {
+ mapByValues.put(enumType.getValue(), enumType);
+ }
+ }
+
+ private OxAuthAuthenticationMethod(String value, String displayName) {
+ this.value = value;
+ this.displayName = displayName;
+ }
+
+ public String getValue() {
+ return value;
+ }
+
+ public String getDisplayName() {
+ return displayName;
+ }
+
+ public static OxAuthAuthenticationMethod getByValue(String value) {
+ return mapByValues.get(value);
+ }
+
+ public Enum extends LdapEnum> resolveByValue(String value) {
+ return getByValue(value);
+ }
+
+ @Override
+ public String toString() {
+ return value;
+ }
+
+}
\ No newline at end of file
diff --git a/src/main/java/org/gluu/oxtrust/model/OxAuthClient.java b/src/main/java/org/gluu/oxtrust/model/OxAuthClient.java
index 559bf5d3a..44474feb2 100644
--- a/src/main/java/org/gluu/oxtrust/model/OxAuthClient.java
+++ b/src/main/java/org/gluu/oxtrust/model/OxAuthClient.java
@@ -1,7 +1,6 @@
package org.gluu.oxtrust.model;
import java.io.Serializable;
-import java.util.Arrays;
import java.util.List;
import javax.validation.constraints.NotNull;
@@ -10,11 +9,11 @@
import lombok.Data;
import lombok.EqualsAndHashCode;
-import org.xdi.oxauth.model.common.ResponseType;
import org.gluu.site.ldap.persistence.annotation.LdapAttribute;
import org.gluu.site.ldap.persistence.annotation.LdapEntry;
import org.gluu.site.ldap.persistence.annotation.LdapObjectClass;
import org.xdi.ldap.model.Entry;
+import org.xdi.oxauth.model.common.ResponseType;
import org.xdi.util.security.StringEncrypter;
import org.xdi.util.security.StringEncrypter.EncryptionException;
@@ -29,9 +28,6 @@
@EqualsAndHashCode(callSuper=false)
public @Data class OxAuthClient extends Entry implements Serializable {
- /**
- *
- */
private static final long serialVersionUID = -2310140703735705346L;
@LdapAttribute(ignoreDuringUpdate = true)
@@ -79,14 +75,15 @@
@LdapAttribute(name = "oxAuthResponseType")
private ResponseType[] responseTypes;
+
+ @LdapAttribute(name = "oxAuthTokenEndpointAuthMethod")
+ private OxAuthAuthenticationMethod tokenEndpointAuthMethod;
@LdapAttribute(name = "oxAuthPostLogoutRedirectURI")
private String[] postLogoutRedirectUris;
private String oxAuthClientSecret;
-
-
public void setOxAuthClientSecret(String oxAuthClientSecret) throws EncryptionException {
this.oxAuthClientSecret = oxAuthClientSecret;
if (oxAuthClientSecret != null && oxAuthClientSecret.length() > 1) {
diff --git a/src/main/java/org/gluu/oxtrust/service/UmaProtectionService.java b/src/main/java/org/gluu/oxtrust/service/UmaProtectionService.java
index 96fbb1fe0..cb7941412 100644
--- a/src/main/java/org/gluu/oxtrust/service/UmaProtectionService.java
+++ b/src/main/java/org/gluu/oxtrust/service/UmaProtectionService.java
@@ -9,9 +9,13 @@
import javax.ws.rs.core.Response;
+import org.apache.http.conn.ClientConnectionManager;
+import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.impl.conn.PoolingClientConnectionManager;
import org.gluu.oxtrust.exception.UmaProtectionException;
import org.gluu.oxtrust.ldap.service.AppInitializer;
import org.jboss.resteasy.client.ClientResponseFailure;
+import org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor;
import org.jboss.seam.ScopeType;
import org.jboss.seam.annotations.AutoCreate;
import org.jboss.seam.annotations.Create;
@@ -76,9 +80,13 @@ public class UmaProtectionService implements Serializable {
@Create
public void init() {
if (this.umaMetadataConfiguration != null) {
- this.resourceSetPermissionRegistrationService = UmaClientFactory.instance().createResourceSetPermissionRegistrationService(this.umaMetadataConfiguration);
- this.resourceSetRegistrationService = UmaClientFactory.instance().createResourceSetRegistrationService(this.umaMetadataConfiguration);
- this.rptStatusService = UmaClientFactory.instance().createRptStatusService(this.umaMetadataConfiguration);
+ ClientConnectionManager connectoinManager = new PoolingClientConnectionManager();
+ final DefaultHttpClient defaultHttpClient = new DefaultHttpClient(connectoinManager);
+ final ApacheHttpClient4Executor clientExecutor = new ApacheHttpClient4Executor(defaultHttpClient);
+
+ this.resourceSetPermissionRegistrationService = UmaClientFactory.instance().createResourceSetPermissionRegistrationService(this.umaMetadataConfiguration, clientExecutor);
+ this.resourceSetRegistrationService = UmaClientFactory.instance().createResourceSetRegistrationService(this.umaMetadataConfiguration, clientExecutor);
+ this.rptStatusService = UmaClientFactory.instance().createRptStatusService(this.umaMetadataConfiguration, clientExecutor);
}
}
@@ -133,7 +141,7 @@ public RptStatusResponse getStatusResponse(Token patToken, String rptToken) {
RptStatusResponse rptStatusResponse = null;
try {
RptStatusRequest tokenStatusRequest = new RptStatusRequest(rptToken);
- rptStatusResponse = rptStatusService.requestRptStatus(authorization, tokenStatusRequest);
+ rptStatusResponse = this.rptStatusService.requestRptStatus(authorization, tokenStatusRequest);
} catch (Exception ex) {
log.error("Failed to determine RPT status", ex);
}
diff --git a/src/main/java/org/gluu/oxtrust/util/OxTrustConstants.java b/src/main/java/org/gluu/oxtrust/util/OxTrustConstants.java
index b8ebc4dc6..4ce30e0a6 100644
--- a/src/main/java/org/gluu/oxtrust/util/OxTrustConstants.java
+++ b/src/main/java/org/gluu/oxtrust/util/OxTrustConstants.java
@@ -27,6 +27,7 @@ public final class OxTrustConstants extends OxConstants {
public static final String iname = "iname";
public static final String displayName = "displayName";
public static final String description = "description";
+ public static final String origin = "gluuAttributeOrigin";
public static final String mail = "mail";
public static final String status = "status";
diff --git a/src/main/java/org/gluu/oxtrust/util/Utils.java b/src/main/java/org/gluu/oxtrust/util/Utils.java
index ec9c25d81..d22107397 100644
--- a/src/main/java/org/gluu/oxtrust/util/Utils.java
+++ b/src/main/java/org/gluu/oxtrust/util/Utils.java
@@ -25,53 +25,6 @@ public class Utils implements Serializable {
private static final long serialVersionUID = -2842459224631032594L;
private static Log log = Logging.getLog(Utils.class);
- /**
- * checks if the User is a member or owner of SCIM group.
- *
- * @return boolean
- * @throws Exception
- */
- public static boolean isScimGroupMemberOrOwner(GluuCustomPerson user) throws Exception {
-
- GroupService groupService = GroupService.instance();
- OrganizationService organizationService = OrganizationService.instance();
- GluuOrganization org = organizationService.getOrganization();
- GluuGroup group = groupService.getGroupByDn(org.getScimGroup());
- List members = group.getMembers();
- String owner = group.getOwner();
- if (owner.equalsIgnoreCase(user.getDn())) {
- return true;
- }
-
- for (String member : members) {
-
- if (member.equalsIgnoreCase(user.getDn())) {
- return true;
- }
- }
-
- return false;
-
- }
-
- /**
- * Gets Scim Authorization mode
- *
- * @return AuthMode
- */
- public static String scimAuthMode() {
- try {
- OrganizationService orgService;
- orgService = OrganizationService.instance();
- GluuOrganization org = orgService.getOrganization();
- return org.getScimAuthMode();
- } catch (Exception ex) {
- log.error("an Error occured could not get ScimAuthMode : ", ex);
- }
- return null;
-
- }
-
/**
* Delete a Group from a Person
*
diff --git a/src/main/java/org/gluu/oxtrust/ws/rs/InumGenerationWebServiceImpl.java b/src/main/java/org/gluu/oxtrust/ws/rs/InumGenerationWebServiceImpl.java
index 591013c82..c957497ca 100644
--- a/src/main/java/org/gluu/oxtrust/ws/rs/InumGenerationWebServiceImpl.java
+++ b/src/main/java/org/gluu/oxtrust/ws/rs/InumGenerationWebServiceImpl.java
@@ -7,10 +7,12 @@
import javax.ws.rs.core.Response;
import org.codehaus.jackson.map.ObjectMapper;
+import org.gluu.oxtrust.ldap.service.ApplianceService;
import org.gluu.oxtrust.ldap.service.InumService;
import org.gluu.oxtrust.ldap.service.OrganizationService;
import org.gluu.oxtrust.ldap.service.SecurityService;
import org.gluu.oxtrust.ldap.service.intercept.InumGeneratorInterceptorService;
+import org.gluu.oxtrust.model.GluuAppliance;
import org.gluu.oxtrust.model.GluuCustomPerson;
import org.gluu.oxtrust.model.GluuOrganization;
import org.gluu.oxtrust.model.InumConf;
@@ -27,6 +29,7 @@
import org.jboss.seam.annotations.Name;
import org.jboss.seam.contexts.Contexts;
import org.jboss.seam.log.Log;
+import org.xdi.ldap.model.GluuBoolean;
import org.xdi.ldap.model.GluuStatus;
import org.xdi.model.GluuUserRole;
@@ -48,6 +51,9 @@ public class InumGenerationWebServiceImpl implements InumGenerationWebService {
@In
InumService inumService;
+ @In
+ private ApplianceService applianceService;
+
@Override
public Response getInum(HttpServletRequest request, String prefix) throws Exception {
@@ -120,29 +126,25 @@ private Response getErrorResponse(String errMsg, int statusCode) {
private boolean getAuthorizedUser() {
try {
GluuCustomPerson authUser = (GluuCustomPerson) Contexts.getSessionContext().get(OxTrustConstants.CURRENT_PERSON);
- SecurityService securityService = SecurityService.instance();
- OrganizationService organizationService = OrganizationService.instance();
- GluuOrganization org = organizationService.getOrganization();
- if (!GluuStatus.ACTIVE.equals(org.getScimStatus())) {
+ if (authUser == null) {
return false;
}
- GluuUserRole[] userRoles = securityService.getUserRoles(authUser);
- for (GluuUserRole role : userRoles) {
+ GluuAppliance appliance = applianceService.getAppliance();
+ if (appliance == null) {
+ return false;
+ }
- if (role.getRoleName().equalsIgnoreCase("MANAGER") || role.getRoleName().equalsIgnoreCase("OWNER")) {
- if (Utils.isScimGroupMemberOrOwner(authUser)) {
- return true;
- }
- }
+ if (!(GluuBoolean.TRUE.equals(appliance.getScimEnabled()) || GluuBoolean.ENABLED.equals(appliance.getScimEnabled()))) {
+ return false;
}
- return false;
+
+ return true;
} catch (Exception ex) {
log.error("Exception: ", ex);
return false;
}
-
}
}
diff --git a/src/main/java/org/gluu/oxtrust/ws/rs/scim/BaseScimWebService.java b/src/main/java/org/gluu/oxtrust/ws/rs/scim/BaseScimWebService.java
index 977afe581..50dd18b45 100644
--- a/src/main/java/org/gluu/oxtrust/ws/rs/scim/BaseScimWebService.java
+++ b/src/main/java/org/gluu/oxtrust/ws/rs/scim/BaseScimWebService.java
@@ -2,8 +2,10 @@
import javax.ws.rs.core.Response;
+import org.gluu.oxtrust.ldap.service.ApplianceService;
import org.gluu.oxtrust.ldap.service.OrganizationService;
import org.gluu.oxtrust.ldap.service.SecurityService;
+import org.gluu.oxtrust.model.GluuAppliance;
import org.gluu.oxtrust.model.GluuCustomPerson;
import org.gluu.oxtrust.model.GluuOrganization;
import org.gluu.oxtrust.model.scim.Error;
@@ -16,6 +18,7 @@
import org.jboss.seam.contexts.Contexts;
import org.jboss.seam.log.Log;
import org.xdi.config.oxtrust.ApplicationConfiguration;
+import org.xdi.ldap.model.GluuBoolean;
import org.xdi.ldap.model.GluuStatus;
import org.xdi.model.GluuUserRole;
import org.xdi.util.Pair;
@@ -33,6 +36,9 @@ public class BaseScimWebService {
@In(value = "#{oxTrustConfiguration.applicationConfiguration}")
private ApplicationConfiguration applicationConfiguration;
+ @In
+ private ApplianceService applianceService;
+
@In
private UmaAuthenticationService umaAuthenticationService;
@@ -59,33 +65,25 @@ protected Response processAuthorization(String authorization) throws Exception {
protected boolean getAuthorizedUser() {
try {
GluuCustomPerson authUser = (GluuCustomPerson) Contexts.getSessionContext().get(OxTrustConstants.CURRENT_PERSON);
- SecurityService securityService = SecurityService.instance();
- OrganizationService organizationService = OrganizationService.instance();
- GluuOrganization org = organizationService.getOrganization();
- if (!GluuStatus.ACTIVE.equals(org.getScimStatus())) {
+ if (authUser == null) {
return false;
}
- if (authUser == null) {
+ GluuAppliance appliance = applianceService.getAppliance();
+ if (appliance == null) {
return false;
}
- GluuUserRole[] userRoles = securityService.getUserRoles(authUser);
- for (GluuUserRole role : userRoles) {
-
- if (role.getRoleName().equalsIgnoreCase("MANAGER") || role.getRoleName().equalsIgnoreCase("OWNER")) {
- if (Utils.isScimGroupMemberOrOwner(authUser)) {
- return true;
- }
- }
+ if (!(GluuBoolean.TRUE.equals(appliance.getScimEnabled()) || GluuBoolean.ENABLED.equals(appliance.getScimEnabled()))) {
+ return false;
}
- return false;
+
+ return true;
} catch (Exception ex) {
log.error("Exception: ", ex);
return false;
}
-
}
protected Response getErrorResponse(String errMsg, int statusCode) {
diff --git a/src/main/webapp/WEB-INF/incl/client/clientForm.xhtml b/src/main/webapp/WEB-INF/incl/client/clientForm.xhtml
index 5c0c080f1..6d4fab8e4 100644
--- a/src/main/webapp/WEB-INF/incl/client/clientForm.xhtml
+++ b/src/main/webapp/WEB-INF/incl/client/clientForm.xhtml
@@ -60,6 +60,15 @@
+
+ Authentication method
+
+
+
+
+
+
+
Redirect Login URIs
diff --git a/src/main/webapp/WEB-INF/incl/layout/menu.xhtml b/src/main/webapp/WEB-INF/incl/layout/menu.xhtml
index dd6f0eab2..3a0407147 100644
--- a/src/main/webapp/WEB-INF/incl/layout/menu.xhtml
+++ b/src/main/webapp/WEB-INF/incl/layout/menu.xhtml
@@ -28,7 +28,6 @@
-
diff --git a/src/main/webapp/WEB-INF/incl/layout/template.xhtml b/src/main/webapp/WEB-INF/incl/layout/template.xhtml
index c0cd70288..82b5d0e0b 100644
--- a/src/main/webapp/WEB-INF/incl/layout/template.xhtml
+++ b/src/main/webapp/WEB-INF/incl/layout/template.xhtml
@@ -1,5 +1,6 @@
+
-
-
+
#{organizationService.organization.organizationTitle}
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
@@ -47,7 +44,6 @@
-
@@ -81,5 +77,5 @@
-
+
\ No newline at end of file
diff --git a/src/main/webapp/WEB-INF/incl/organization/organizationForm.xhtml b/src/main/webapp/WEB-INF/incl/organization/organizationForm.xhtml
index 4776830c2..455939d68 100644
--- a/src/main/webapp/WEB-INF/incl/organization/organizationForm.xhtml
+++ b/src/main/webapp/WEB-INF/incl/organization/organizationForm.xhtml
@@ -42,9 +42,9 @@
background: url(../img/colorpicker/select2.png);
}
-
-
-
+
+
+
diff --git a/src/main/webapp/WEB-INF/web.xml b/src/main/webapp/WEB-INF/web.xml
index d940f838c..703a4efd8 100644
--- a/src/main/webapp/WEB-INF/web.xml
+++ b/src/main/webapp/WEB-INF/web.xml
@@ -37,7 +37,7 @@
org.richfaces.resourceOptimization.enabled
- false
+ true
diff --git a/src/main/webapp/profile/person/viewProfile.xhtml b/src/main/webapp/profile/person/viewProfile.xhtml
index 44ff7e3ae..92e253f2f 100644
--- a/src/main/webapp/profile/person/viewProfile.xhtml
+++ b/src/main/webapp/profile/person/viewProfile.xhtml
@@ -14,7 +14,7 @@
-
+
function changeAttributeVisibility(attrId, show) {
var attr = $('a[id*=' + attrId + ']');
diff --git a/src/main/webapp/uma/inventory.xhtml b/src/main/webapp/uma/inventory.xhtml
index 49c787122..5c3714195 100644
--- a/src/main/webapp/uma/inventory.xhtml
+++ b/src/main/webapp/uma/inventory.xhtml
@@ -45,6 +45,11 @@
+
+ Id
+
+
+
Scopes
diff --git a/src/main/webapp/uma/scope/modifyScopeDescription.xhtml b/src/main/webapp/uma/scope/modifyScopeDescription.xhtml
index 00070ac66..935a4831c 100644
--- a/src/main/webapp/uma/scope/modifyScopeDescription.xhtml
+++ b/src/main/webapp/uma/scope/modifyScopeDescription.xhtml
@@ -71,29 +71,6 @@
-
-
- Clients
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
@@ -105,10 +82,6 @@
-
-