From 342ceca7a505ab1c821d5ead91311f7f7463cb2c Mon Sep 17 00:00:00 2001 From: yurem Date: Wed, 9 Jul 2014 11:25:38 +0300 Subject: [PATCH] Sync with SVN --- conf/oxTrust.properties | 17 ++-- conf/pom.xml | 2 +- conf/template/conf/oxTrust.properties.vm | 13 +-- pom.xml | 12 ++- profiles/default/config-oxtrust.properties | 2 + profiles/setup/config-oxtrust.properties | 2 + .../action/AppliancePasswordAction.java | 20 +++-- .../oxtrust/action/AuthenticationFilter.java | 60 -------------- .../gluu/oxtrust/action/Authenticator.java | 2 + .../oxtrust/action/UpdateClientAction.java | 4 +- .../oxtrust/action/UpdateGroupAction.java | 2 +- .../uma/ScopeDescriptionDownloadAction.java | 2 +- .../action/uma/UpdateResourceSetAction.java | 2 + .../uma/UpdateScopeDescriptionAction.java | 28 ------- .../oxtrust/config/OxTrustConfiguration.java | 19 ++++- .../AbstractConnectionCheckerTimer.java | 4 + .../oxtrust/ldap/service/AppInitializer.java | 15 +++- .../service/BaseConfigurationService.java | 18 ++-- .../ldap/service/CentralLdapService.java | 8 +- .../oxtrust/ldap/service/ClientService.java | 10 +++ .../oxtrust/ldap/service/GroupService.java | 1 - .../service/LdapConnectionCheckerTimer.java | 4 +- .../service/OxTrustConfigurationService.java | 44 ++++++++++ .../ldap/service/Shibboleth2ConfService.java | 9 +- .../ldap/service/StatusCheckerDaily.java | 38 +++++---- .../ldap/service/StatusCheckerTimer.java | 55 +++++------- .../ldap/service/SubversionService.java | 7 +- .../gluu/oxtrust/model/GluuOrganization.java | 10 --- .../model/OxAuthAuthenticationMethod.java | 83 +++++++++++++++++++ .../org/gluu/oxtrust/model/OxAuthClient.java | 11 +-- .../oxtrust/service/UmaProtectionService.java | 16 +++- .../gluu/oxtrust/util/OxTrustConstants.java | 1 + .../java/org/gluu/oxtrust/util/Utils.java | 47 ----------- .../ws/rs/InumGenerationWebServiceImpl.java | 28 ++++--- .../ws/rs/scim/BaseScimWebService.java | 28 +++---- .../WEB-INF/incl/client/clientForm.xhtml | 9 ++ .../webapp/WEB-INF/incl/layout/menu.xhtml | 1 - .../webapp/WEB-INF/incl/layout/template.xhtml | 24 +++--- .../incl/organization/organizationForm.xhtml | 6 +- src/main/webapp/WEB-INF/web.xml | 2 +- .../webapp/profile/person/viewProfile.xhtml | 2 +- src/main/webapp/uma/inventory.xhtml | 5 ++ .../uma/scope/modifyScopeDescription.xhtml | 27 ------ 43 files changed, 354 insertions(+), 346 deletions(-) create mode 100644 src/main/java/org/gluu/oxtrust/ldap/service/OxTrustConfigurationService.java create mode 100644 src/main/java/org/gluu/oxtrust/model/OxAuthAuthenticationMethod.java diff --git a/conf/oxTrust.properties b/conf/oxTrust.properties index 4b72dd752..a8ff7afb4 100644 --- a/conf/oxTrust.properties +++ b/conf/oxTrust.properties @@ -15,13 +15,13 @@ keystore.password=${config.host.keystore_password} person-objectClass-types=inetOrgPerson, eduPerson, gluuPerson, ${config.organization.inum-fn} person-objectClass-displayNames=inetOrgPerson, eduPerson, gluuPerson, Custom -svn.configuration-store.root=${config.host.schema}://svn.gluu.info/repository/servers/files/${config.appliance.inum-fn} +svn.configuration-store.root=${svn.configuration.base_path}/${config.appliance.inum-fn} svn.configuration-store.user=${config.appliance.inum-fn} svn.configuration-store.password=${config.appliance.svn_base64_encoded_password} person.allow-modification=true site.update-appliance-status=true -persist-in-svn=true +persist-in-svn=false # Do not modify below this line baseDN=o\=gluu @@ -71,14 +71,7 @@ idp.bindDN=inum=${config.appliance.inum},ou=appliances,o=gluu idp.bindPassword=${config.host.idp.ldap_base64_encoded_password} idp.useSSL=true idp.ldap.server=localhost:1636 - -# LDAP configuration related to VDS Server -vds.bindDN=inum=${config.appliance.inum},ou=appliances,o=gluu -vds.bindPassword=${config.host.vds.ldap_base64_encoded_password} -vds.useSSL=true -vds.ldap.server=localhost:1636 -vds.userField=uid,mail -vds.test.filter=objectclass=* +idp.user.fields=uid, mail mysql.url=jdbc:mysql:///${config.host.idp_mysql_db} mysql.user=${config.host.idp_mysql_user} @@ -148,3 +141,7 @@ uma.client_password=${config.uma.client_password} uma.redirect_uri=${config.host.schema}://${config.host.idp_name}${config.oxTrust.web_context}/uma_redirect_uri uma.resource_id=${config.uma.resource_id} uma.scope=${config.uma.scope} + +cssLocation=/identity/stylesheet +jsLocation=/identity/js + diff --git a/conf/pom.xml b/conf/pom.xml index 1dad3dab5..0d9cdf708 100644 --- a/conf/pom.xml +++ b/conf/pom.xml @@ -6,7 +6,7 @@ oxTrust configuration http://ox.gluu.org jar - 1.1.0.Final + 1.2.0.Final 2.3 diff --git a/conf/template/conf/oxTrust.properties.vm b/conf/template/conf/oxTrust.properties.vm index c7828bed8..2e28e5557 100644 --- a/conf/template/conf/oxTrust.properties.vm +++ b/conf/template/conf/oxTrust.properties.vm @@ -15,13 +15,13 @@ keystore.password=$config.puppetHost.keystore_password person-objectClass-types=inetOrgPerson, eduPerson, gluuPerson, ox-$config.puppetHost.inum_org person-objectClass-displayNames=inetOrgPerson, eduPerson, gluuPerson, Custom -svn.configuration-store.root=https://svn.gluu.info/repository/servers/files/$config.appliance.inumFN +svn.configuration-store.root=${config.puppetHost.svn_base_path}/$config.appliance.inumFN svn.configuration-store.user=$config.appliance.inumFN svn.configuration-store.password=$config.puppetHost.ldap_base64_encoded_password person.allow-modification=true site.update-appliance-status=true -persist-in-svn=true +persist-in-svn=${config.puppetHost.svn_enabled} # Do not modify below this line baseDN=o\=gluu @@ -71,14 +71,7 @@ idp.bindDN=inum=${config.appliance.inum},ou=appliances,o=gluu idp.bindPassword=$config.puppetHost.ldap_base64_encoded_password idp.useSSL=true idp.ldap.server=localhost:1636 - -# LDAP configuration related to VDS Server -vds.bindDN=inum=${config.appliance.inum},ou=appliances,o=gluu -vds.bindPassword=$config.puppetHost.ldap_base64_encoded_password -vds.useSSL=true -vds.ldap.server=localhost:1636 -vds.userField=uid,mail -vds.test.filter=objectclass=* +idp.user.fields=uid, mail mysql.url=jdbc:mysql:///$config.puppetHost.idp_mysql_db mysql.user=$config.puppetHost.idp_mysql_user diff --git a/pom.xml b/pom.xml index 50ee10041..585b8cd1f 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ oxTrust http://ox.gluu.org war - 1.1.0.Final + 1.2.0.Final 2.3 @@ -23,11 +23,10 @@ 5.3.3.Final 1.1.2.Final 1.1.0 - 1.1.0.Final - SNAPSHOT + 1.2.0.Final + 1.2.0.Final java:app/oxtrust-ejb/#{ejbName} - 1.1.0.Final @@ -383,6 +382,11 @@ oxauth-model ${oxauth.version} + + org.xdi + oxTrustStatic + ${oxcore.version} + org.xdi oxauth-client diff --git a/profiles/default/config-oxtrust.properties b/profiles/default/config-oxtrust.properties index d8750322c..0357d088a 100644 --- a/profiles/default/config-oxtrust.properties +++ b/profiles/default/config-oxtrust.properties @@ -12,6 +12,8 @@ config.ldap.central.servers=localhost\:1389 config.ldap.central.maxconnections=3 config.ldap.central.useSSL=false +svn.configuration.base_path= + config.organization.inum=@!1111 config.organization.iname=@test*org config.organization.displayName=Test server diff --git a/profiles/setup/config-oxtrust.properties b/profiles/setup/config-oxtrust.properties index b3c9d7c25..12137231d 100644 --- a/profiles/setup/config-oxtrust.properties +++ b/profiles/setup/config-oxtrust.properties @@ -12,6 +12,8 @@ config.ldap.central.servers=localhost\:2389 config.ldap.central.maxconnections=3 config.ldap.central.useSSL=false +svn.configuration.base_path= + config.organization.inum=@!1111 config.organization.iname=@test*org config.organization.displayName=Test server diff --git a/src/main/java/org/gluu/oxtrust/action/AppliancePasswordAction.java b/src/main/java/org/gluu/oxtrust/action/AppliancePasswordAction.java index 0cacb62a3..a52aefcf3 100644 --- a/src/main/java/org/gluu/oxtrust/action/AppliancePasswordAction.java +++ b/src/main/java/org/gluu/oxtrust/action/AppliancePasswordAction.java @@ -61,15 +61,17 @@ public String update() { log.error("Failed to encrypt password", e); } appliance.setUserPassword(newPassword); - - GluuAppliance tmpAppliance = new GluuAppliance(); - tmpAppliance.setDn(appliance.getDn()); - boolean existAppliance = centralLdapService.containsAppliance(tmpAppliance); - - if (existAppliance) { - centralLdapService.updateAppliance(appliance); - } else { - centralLdapService.addAppliance(appliance); + + if (centralLdapService.isUseCentralServer()) { + GluuAppliance tmpAppliance = new GluuAppliance(); + tmpAppliance.setDn(appliance.getDn()); + boolean existAppliance = centralLdapService.containsAppliance(tmpAppliance); + + if (existAppliance) { + centralLdapService.updateAppliance(appliance); + } else { + centralLdapService.addAppliance(appliance); + } } applianceService.updateAppliance(appliance); diff --git a/src/main/java/org/gluu/oxtrust/action/AuthenticationFilter.java b/src/main/java/org/gluu/oxtrust/action/AuthenticationFilter.java index eff45fc56..a590de949 100644 --- a/src/main/java/org/gluu/oxtrust/action/AuthenticationFilter.java +++ b/src/main/java/org/gluu/oxtrust/action/AuthenticationFilter.java @@ -98,8 +98,6 @@ public void process() throws ServletException, IOException, LoginException { final String header = httpRequest.getHeader("Authorization"); if (((header != null) && header.startsWith("Bearer ")) || StringHelper.isNotEmpty(httpRequest.getParameter("authCreds"))) { processBearerAuth(httpRequest, httpResponse, chain); - } else if ((header != null) && header.startsWith("Basic ")) { - processBasicAuth(httpRequest, httpResponse, chain); } else { throw new ServletException("Invalid authentication type"); } @@ -187,64 +185,6 @@ public boolean validateOAuthToken(Identity identity, Credentials credentials, Ap return false; } - private void processBasicAuth(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, - ServletException { - Identity identity = Identity.instance(); - - if (identity == null) { - throw new ServletException("Identity not found - please ensure that the Identity component is created on startup."); - } - - Credentials credentials = identity.getCredentials(); - - boolean requireAuth = false; - String header = request.getHeader("Authorization"); - if (header != null && header.startsWith("Basic ")) { - String base64Token = header.substring(6); - String token = new String(Base64.decode(base64Token)); - - String userName = ""; - String password = ""; - int delim = token.indexOf(":"); - - if (delim != -1) { - userName = token.substring(0, delim); - password = token.substring(delim + 1); - } - - if (!StringHelper.isEmpty(userName)) { - // Only reauthenticate if username doesn't match Identity.username and user isn't authenticated - if (!userName.equals(credentials.getUsername()) || !identity.isLoggedIn()) { - try { - Authenticator authenticator = getAuthenticator(userName, password); - requireAuth = !authenticator.authenticateBasicWebService(); - } catch (Exception ex) { - log.warn("Error authenticating: " + ex.getMessage()); - requireAuth = true; - } - } - } - } - - if (!identity.isLoggedIn() && !credentials.isSet()) { - requireAuth = true; - } - - try { - if (!requireAuth) { - chain.doFilter(request, response); - return; - } - } catch (NotLoggedInException ex) { - requireAuth = true; - } - - if ((requireAuth && !identity.isLoggedIn())) { - response.addHeader("WWW-Authenticate", "Basic realm=\"" + realm + "\""); - response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Not authorized"); - } - } - private boolean authenticateUserSilently(Identity identity, Credentials credentials, String userName) { if (!StringHelper.isEmpty(userName)) { // Only reauthenticate if username doesn't match Identity.username and user isn't authenticated diff --git a/src/main/java/org/gluu/oxtrust/action/Authenticator.java b/src/main/java/org/gluu/oxtrust/action/Authenticator.java index 161248659..4ca9c394b 100644 --- a/src/main/java/org/gluu/oxtrust/action/Authenticator.java +++ b/src/main/java/org/gluu/oxtrust/action/Authenticator.java @@ -318,6 +318,7 @@ public boolean shibboleth2Authenticate() { if (StringHelper.isEmpty(userUid) || StringHelper.isEmpty(authType) || !authType.equals("shibboleth")) { result = false; + return result; } Pattern pattern = Pattern.compile(".+@.+\\.[a-z]+"); @@ -334,6 +335,7 @@ public boolean shibboleth2Authenticate() { if (user == null) { result = false; + return result; } log.debug("Person Inum is " + user.getInum()); diff --git a/src/main/java/org/gluu/oxtrust/action/UpdateClientAction.java b/src/main/java/org/gluu/oxtrust/action/UpdateClientAction.java index 718b421cc..b079197d9 100644 --- a/src/main/java/org/gluu/oxtrust/action/UpdateClientAction.java +++ b/src/main/java/org/gluu/oxtrust/action/UpdateClientAction.java @@ -155,7 +155,7 @@ public String update() throws Exception { private List getNonEmptyStringList(List currentList) { if (currentList != null && currentList.size() > 0) { - return currentList; + return new ArrayList(currentList); } else { return new ArrayList(); } @@ -377,7 +377,7 @@ private void updateLoginURIs() { private void updateLogoutURIs() { if (this.logoutUris == null || this.logoutUris.size() == 0) { - this.client.setOxAuthRedirectURIs(null); + this.client.setOxAuthPostLogoutRedirectURIs(null); return; } diff --git a/src/main/java/org/gluu/oxtrust/action/UpdateGroupAction.java b/src/main/java/org/gluu/oxtrust/action/UpdateGroupAction.java index 7739c5e02..4af7ac130 100644 --- a/src/main/java/org/gluu/oxtrust/action/UpdateGroupAction.java +++ b/src/main/java/org/gluu/oxtrust/action/UpdateGroupAction.java @@ -314,7 +314,7 @@ private void updatePersons(List oldMembers, List tmpClients = new ArrayList(); - for (DisplayNameEntry group : this.clients) { - tmpClients.add(group.getDn()); - } - - this.scopeDescription.setClients(tmpClients); - } - - private List getClientDisplayNameEntries() { - List result = new ArrayList(); - List tmp = lookupService.getDisplayNameEntries(clientService.getDnForClient(null), this.scopeDescription.getClients()); - if (tmp != null) { - result.addAll(tmp); - } - - return result; - } - public List getClients() { return clients; } diff --git a/src/main/java/org/gluu/oxtrust/config/OxTrustConfiguration.java b/src/main/java/org/gluu/oxtrust/config/OxTrustConfiguration.java index 2b69a163f..8602a8d64 100644 --- a/src/main/java/org/gluu/oxtrust/config/OxTrustConfiguration.java +++ b/src/main/java/org/gluu/oxtrust/config/OxTrustConfiguration.java @@ -49,7 +49,7 @@ public class OxTrustConfiguration { @Create public void create() { this.ldapConfiguration = createFileConfiguration(CONFIGURATION_FILE_LOCAL_LDAP_PROPERTIES_FILE); - this.ldapCentralConfiguration = createFileConfiguration(CONFIGURATION_FILE_CENTRAL_LDAP_PROPERTIES_FILE); + this.ldapCentralConfiguration = createFileConfiguration(CONFIGURATION_FILE_CENTRAL_LDAP_PROPERTIES_FILE, false); } @Observer(EVENT_INIT_CONFIGURATION) @@ -63,12 +63,23 @@ public void updateConfigurations() { } private FileConfiguration createFileConfiguration(String fileName) { + return createFileConfiguration(fileName, true); + } + + private FileConfiguration createFileConfiguration(String fileName, boolean isMandatory) { try { - return new FileConfiguration(fileName); + FileConfiguration fileConfiguration = new FileConfiguration(fileName); + if (fileConfiguration.isLoaded()) { + return fileConfiguration; + } } catch (Exception ex) { - log.error("Failed to load configuration from {0}", ex, fileName); - throw new ConfigurationException("Failed to load configuration from " + fileName, ex); + if (isMandatory) { + log.error("Failed to load configuration from {0}", ex, fileName); + throw new ConfigurationException("Failed to load configuration from " + fileName, ex); + } } + + return null; } private boolean createConfigurationFromLdap(boolean recoverFromFiles) { diff --git a/src/main/java/org/gluu/oxtrust/ldap/service/AbstractConnectionCheckerTimer.java b/src/main/java/org/gluu/oxtrust/ldap/service/AbstractConnectionCheckerTimer.java index 3553487e0..8ec40e275 100644 --- a/src/main/java/org/gluu/oxtrust/ldap/service/AbstractConnectionCheckerTimer.java +++ b/src/main/java/org/gluu/oxtrust/ldap/service/AbstractConnectionCheckerTimer.java @@ -18,6 +18,10 @@ public class AbstractConnectionCheckerTimer { private Log log; protected void processImpl(FileConfiguration configuration, LDAPConnectionProvider connectionProvider) { + if ((configuration == null) || (connectionProvider == null)) { + return; + } + // Check if application has connection to LDAP server boolean isConnected = connectionProvider.isConnected(); if (!isConnected) { diff --git a/src/main/java/org/gluu/oxtrust/ldap/service/AppInitializer.java b/src/main/java/org/gluu/oxtrust/ldap/service/AppInitializer.java index c4ae05da0..b8016fe2e 100644 --- a/src/main/java/org/gluu/oxtrust/ldap/service/AppInitializer.java +++ b/src/main/java/org/gluu/oxtrust/ldap/service/AppInitializer.java @@ -296,9 +296,12 @@ private void showBuildInfo() { private void createConnectionProvider(FileConfiguration configuration, String configurationComponentName, String connectionProviderComponentName) throws ConfigurationException { Contexts.getApplicationContext().set(configurationComponentName, configuration); -//TODO: Oleksiy Tataryn: Make oxTrust guess configuration if none available instead of just crashing. Or at least give give better explanation to the user. - LdapConnectionService connectionProvider = new LdapConnectionService(PropertiesDecrypter.decryptProperties(configuration + + LdapConnectionService connectionProvider = null; + if (configuration != null) { + connectionProvider = new LdapConnectionService(PropertiesDecrypter.decryptProperties(configuration .getProperties())); + } Contexts.getApplicationContext().set(connectionProviderComponentName, connectionProvider); } @@ -348,7 +351,9 @@ public void destroyApplicationComponents() throws ConfigurationException { LdapConnectionService centralConnectionProvider = (LdapConnectionService) Contexts.getApplicationContext().get( "centralConnectionProvider"); - centralConnectionProvider.closeConnectionPool(); + if (centralConnectionProvider != null) { + centralConnectionProvider.closeConnectionPool(); + } } @Factory(value = "ldapEntryManager", scope = ScopeType.APPLICATION, autoCreate = true) @@ -368,6 +373,10 @@ public LdapEntryManager createLdapEntryManager() { public LdapEntryManager createCentralLdapEntryManager() { LdapConnectionService centralConnectionProvider = (LdapConnectionService) Contexts.getApplicationContext().get( "centralConnectionProvider"); + if (centralConnectionProvider == null) { + return null; + } + LdapEntryManager centralLdapEntryManager = new LdapEntryManager(new OperationsFacade(centralConnectionProvider)); log.debug("Created central LdapEntryManager: " + centralLdapEntryManager); diff --git a/src/main/java/org/gluu/oxtrust/ldap/service/BaseConfigurationService.java b/src/main/java/org/gluu/oxtrust/ldap/service/BaseConfigurationService.java index c272e3134..7bd08108e 100644 --- a/src/main/java/org/gluu/oxtrust/ldap/service/BaseConfigurationService.java +++ b/src/main/java/org/gluu/oxtrust/ldap/service/BaseConfigurationService.java @@ -132,14 +132,16 @@ public boolean checkAndUpdateLdapbaseConfigurationImpl() { String newPassword = RandomStringUtils.randomAlphanumeric(8); appliance.setBlowfishPassword(StringEncrypter.defaultInstance().encrypt(newPassword)); - GluuAppliance tmpAppliance = new GluuAppliance(); - tmpAppliance.setDn(appliance.getDn()); - boolean existAppliance = centralLdapService.containsAppliance(tmpAppliance); - - if (existAppliance) { - centralLdapService.updateAppliance(appliance); - } else { - centralLdapService.addAppliance(appliance); + if (centralLdapService.isUseCentralServer()) { + GluuAppliance tmpAppliance = new GluuAppliance(); + tmpAppliance.setDn(appliance.getDn()); + boolean existAppliance = centralLdapService.containsAppliance(tmpAppliance); + + if (existAppliance) { + centralLdapService.updateAppliance(appliance); + } else { + centralLdapService.addAppliance(appliance); + } } appliance.setUserPassword(newPassword); diff --git a/src/main/java/org/gluu/oxtrust/ldap/service/CentralLdapService.java b/src/main/java/org/gluu/oxtrust/ldap/service/CentralLdapService.java index 130162152..81a166de9 100644 --- a/src/main/java/org/gluu/oxtrust/ldap/service/CentralLdapService.java +++ b/src/main/java/org/gluu/oxtrust/ldap/service/CentralLdapService.java @@ -18,8 +18,8 @@ @AutoCreate public class CentralLdapService { - @In - LdapEntryManager centralLdapEntryManager; + @In(required = false) + private LdapEntryManager centralLdapEntryManager; /** * Add appliance entry @@ -49,5 +49,9 @@ public void updateAppliance(GluuAppliance appliance) { public boolean containsAppliance(GluuAppliance appliance) { return centralLdapEntryManager.contains(appliance); } + + public boolean isUseCentralServer() { + return centralLdapEntryManager != null; + } } diff --git a/src/main/java/org/gluu/oxtrust/ldap/service/ClientService.java b/src/main/java/org/gluu/oxtrust/ldap/service/ClientService.java index 17e4edffb..b7ea95e91 100644 --- a/src/main/java/org/gluu/oxtrust/ldap/service/ClientService.java +++ b/src/main/java/org/gluu/oxtrust/ldap/service/ClientService.java @@ -8,6 +8,7 @@ import org.gluu.oxtrust.model.OxAuthCustomClient; import org.gluu.oxtrust.model.OxAuthTrustedClientBox; import org.gluu.oxtrust.model.TokenResponseAlgs; +import org.gluu.oxtrust.model.OxAuthAuthenticationMethod; import org.gluu.oxtrust.util.OxTrustConstants; import org.gluu.site.ldap.persistence.LdapEntryManager; import org.jboss.seam.Component; @@ -365,4 +366,13 @@ public OxAuthTrustedClientBox[] getOxAuthTrustedClient() { return OxAuthTrustedClientBox.values(); } + /** + * Get all available Authentication methods + * + * @return Array of Authentication methods + */ + public OxAuthAuthenticationMethod[] getAuthenticationMethods() { + return OxAuthAuthenticationMethod.values(); + } + } diff --git a/src/main/java/org/gluu/oxtrust/ldap/service/GroupService.java b/src/main/java/org/gluu/oxtrust/ldap/service/GroupService.java index 624ebc745..bc41fc7ed 100644 --- a/src/main/java/org/gluu/oxtrust/ldap/service/GroupService.java +++ b/src/main/java/org/gluu/oxtrust/ldap/service/GroupService.java @@ -236,7 +236,6 @@ private String generateInumForNewGroupImpl() throws Exception { String orgInum = OrganizationService.instance().getInumForOrganization(); return orgInum + OxTrustConstants.inumDelimiter + OxTrustConstants.INUM_GROUP_OBJECTTYPE + OxTrustConstants.inumDelimiter + INumGenerator.generate(2); - } /** diff --git a/src/main/java/org/gluu/oxtrust/ldap/service/LdapConnectionCheckerTimer.java b/src/main/java/org/gluu/oxtrust/ldap/service/LdapConnectionCheckerTimer.java index 665a2ba80..39b53ddcd 100644 --- a/src/main/java/org/gluu/oxtrust/ldap/service/LdapConnectionCheckerTimer.java +++ b/src/main/java/org/gluu/oxtrust/ldap/service/LdapConnectionCheckerTimer.java @@ -34,13 +34,13 @@ public class LdapConnectionCheckerTimer extends AbstractConnectionCheckerTimer { @In private FileConfiguration localLdapConfiguration; - @In + @In(required = false) private FileConfiguration centralLdapConfiguration; @In private LDAPConnectionProvider connectionProvider; - @In + @In(required = false) private LDAPConnectionProvider centralConnectionProvider; private boolean isActive; diff --git a/src/main/java/org/gluu/oxtrust/ldap/service/OxTrustConfigurationService.java b/src/main/java/org/gluu/oxtrust/ldap/service/OxTrustConfigurationService.java new file mode 100644 index 000000000..d87478ad0 --- /dev/null +++ b/src/main/java/org/gluu/oxtrust/ldap/service/OxTrustConfigurationService.java @@ -0,0 +1,44 @@ +package org.gluu.oxtrust.ldap.service; + +import org.jboss.seam.ScopeType; +import org.jboss.seam.annotations.AutoCreate; +import org.jboss.seam.annotations.In; +import org.jboss.seam.annotations.Name; +import org.jboss.seam.annotations.Scope; +import org.jboss.seam.web.ServletContexts; +import org.xdi.config.oxtrust.ApplicationConfiguration; +import org.xdi.util.StringHelper; + +/** + * GluuAppliance service + * + * @author Oleksiy Tataryn Date: 08.07.2014 + */ +@Scope(ScopeType.STATELESS) +@Name("oxTrustConfigurationService") +@AutoCreate +public class OxTrustConfigurationService { + + @In(value = "#{oxTrustConfiguration.applicationConfiguration}") + private ApplicationConfiguration applicationConfiguration; + + public String getCssLocation() { + if (StringHelper.isEmpty(applicationConfiguration.getCssLocation())){ + String contextPath = ServletContexts.instance().getRequest().getContextPath(); + return contextPath + "/stylesheet"; + }else{ + return applicationConfiguration.getCssLocation(); + } + } + + public String getJsLocation() { + if (StringHelper.isEmpty(applicationConfiguration.getJsLocation())){ + String contextPath = ServletContexts.instance().getRequest().getContextPath(); + return contextPath + "/js"; + }else{ + return applicationConfiguration.getJsLocation(); + } + } + + +} diff --git a/src/main/java/org/gluu/oxtrust/ldap/service/Shibboleth2ConfService.java b/src/main/java/org/gluu/oxtrust/ldap/service/Shibboleth2ConfService.java index 8022356f0..7fbda1560 100644 --- a/src/main/java/org/gluu/oxtrust/ldap/service/Shibboleth2ConfService.java +++ b/src/main/java/org/gluu/oxtrust/ldap/service/Shibboleth2ConfService.java @@ -122,7 +122,6 @@ public class Shibboleth2ConfService implements Serializable { public static final String SHIB2_IDP_SP_CERT_FILE = "spcert.crt"; - @In private AttributeService attributeService; @@ -900,16 +899,16 @@ public boolean generateIdpConfigurationFiles() { // Prepare data for files VelocityContext context = new VelocityContext(); - String host = applicationConfiguration.getVdsLdapProtocol() + "://" + applicationConfiguration.getVdsLdapServer(); + String host = applicationConfiguration.getIdpLdapProtocol() + "://" + applicationConfiguration.getIdpLdapServer(); String base = applicationConfiguration.getBaseDN(); - String serviceUser = applicationConfiguration.getVdsBindDn(); + String serviceUser = applicationConfiguration.getIdpBindDn(); String serviceCredential = ""; try { - serviceCredential = StringEncrypter.defaultInstance().decrypt(applicationConfiguration.getVdsBindPassword()); + serviceCredential = StringEncrypter.defaultInstance().decrypt(applicationConfiguration.getIdpBindPassword()); } catch (EncryptionException e) { log.error("Failed to decrypt bindPassword", e); } - String userField = applicationConfiguration.getVdsUserField(); + String userField = applicationConfiguration.getIdpUserFields(); context.put("host", host); context.put("base", base); context.put("serviceUser", serviceUser); diff --git a/src/main/java/org/gluu/oxtrust/ldap/service/StatusCheckerDaily.java b/src/main/java/org/gluu/oxtrust/ldap/service/StatusCheckerDaily.java index d3669840d..c25bca910 100644 --- a/src/main/java/org/gluu/oxtrust/ldap/service/StatusCheckerDaily.java +++ b/src/main/java/org/gluu/oxtrust/ldap/service/StatusCheckerDaily.java @@ -25,19 +25,19 @@ public class StatusCheckerDaily { @Logger - Log log; + private Log log; @In - ApplianceService applianceService; + private ApplianceService applianceService; @In - GroupService groupService; + private GroupService groupService; @In - PersonService personService; + private PersonService personService; @In - CentralLdapService centralLdapService; + private CentralLdapService centralLdapService; @In private OxTrustConfiguration oxTrustConfiguration; @@ -88,19 +88,21 @@ private void process(Date when, Long interval) { return; } - try { - GluuAppliance tmpAppliance = new GluuAppliance(); - tmpAppliance.setDn(appliance.getDn()); - boolean existAppliance = centralLdapService.containsAppliance(tmpAppliance); - - if (existAppliance) { - centralLdapService.updateAppliance(appliance); - } else { - centralLdapService.addAppliance(appliance); + if (centralLdapService.isUseCentralServer()) { + try { + GluuAppliance tmpAppliance = new GluuAppliance(); + tmpAppliance.setDn(appliance.getDn()); + boolean existAppliance = centralLdapService.containsAppliance(tmpAppliance); + + if (existAppliance) { + centralLdapService.updateAppliance(appliance); + } else { + centralLdapService.addAppliance(appliance); + } + } catch (LdapMappingException ex) { + log.error("Failed to update appliance at central server", ex); + return; } - } catch (LdapMappingException ex) { - log.error("Failed to update appliance at central server", ex); - return; } log.debug("Daily Appliance status update finished"); @@ -112,7 +114,7 @@ private void setLdapAttributes(GluuAppliance appliance) { int personCount = personService.countPersons(); appliance.setGroupCount(String.valueOf(groupCount)); - appliance.setPersonCount(String.valueOf(personCount)); + appliance.setPersonCount(String.valueOf(personCount)); appliance.setGluuDSStatus(Boolean.toString(groupCount > 0 && personCount > 0)); } diff --git a/src/main/java/org/gluu/oxtrust/ldap/service/StatusCheckerTimer.java b/src/main/java/org/gluu/oxtrust/ldap/service/StatusCheckerTimer.java index 887712002..16b75303e 100644 --- a/src/main/java/org/gluu/oxtrust/ldap/service/StatusCheckerTimer.java +++ b/src/main/java/org/gluu/oxtrust/ldap/service/StatusCheckerTimer.java @@ -25,8 +25,8 @@ import org.apache.commons.io.IOUtils; import org.gluu.oxtrust.config.OxTrustConfiguration; import org.gluu.oxtrust.model.GluuAppliance; -import org.gluu.oxtrust.util.OxTrustConstants; import org.gluu.oxtrust.util.NumberHelper; +import org.gluu.oxtrust.util.OxTrustConstants; import org.gluu.site.ldap.persistence.exception.LdapMappingException; import org.jboss.seam.ScopeType; import org.jboss.seam.annotations.AutoCreate; @@ -43,17 +43,6 @@ import org.xdi.config.oxtrust.ApplicationConfiguration; import org.xdi.util.StringHelper; import org.xdi.util.process.ProcessHelper; -import org.xdi.util.security.StringEncrypter; -import org.xdi.util.security.StringEncrypter.EncryptionException; - -import com.unboundid.ldap.sdk.LDAPConnectionPool; -import com.unboundid.ldap.sdk.SearchResult; -import com.unboundid.ldap.sdk.SearchScope; -import com.unboundid.ldap.sdk.ServerSet; -import com.unboundid.ldap.sdk.SimpleBindRequest; -import com.unboundid.ldap.sdk.SingleServerSet; -import com.unboundid.util.ssl.SSLUtil; -import com.unboundid.util.ssl.TrustAllTrustManager; /** * Gather periodically site and server status @@ -66,19 +55,19 @@ public class StatusCheckerTimer { @Logger - Log log; + private Log log; @In - ApplianceService applianceService; + private ApplianceService applianceService; @In - GroupService groupService; + private GroupService groupService; @In - PersonService personService; + private PersonService personService; @In - CentralLdapService centralLdapService; + private CentralLdapService centralLdapService; @In private OxTrustConfiguration oxTrustConfiguration; @@ -130,7 +119,7 @@ private void process(Date when, Long interval) { setCertificateExpiryAttributes(appliance); - setVDSAttributes(appliance); +// setVDSAttributes(appliance); appliance.setLastUpdate(toIntString(System.currentTimeMillis() / 1000)); @@ -141,19 +130,21 @@ private void process(Date when, Long interval) { return; } - try { - GluuAppliance tmpAppliance = new GluuAppliance(); - tmpAppliance.setDn(appliance.getDn()); - boolean existAppliance = centralLdapService.containsAppliance(tmpAppliance); - - if (existAppliance) { - centralLdapService.updateAppliance(appliance); - } else { - centralLdapService.addAppliance(appliance); + if (centralLdapService.isUseCentralServer()) { + try { + GluuAppliance tmpAppliance = new GluuAppliance(); + tmpAppliance.setDn(appliance.getDn()); + boolean existAppliance = centralLdapService.containsAppliance(tmpAppliance); + + if (existAppliance) { + centralLdapService.updateAppliance(appliance); + } else { + centralLdapService.addAppliance(appliance); + } + } catch (LdapMappingException ex) { + log.error("Failed to update appliance at central server", ex); + return; } - } catch (LdapMappingException ex) { - log.error("Failed to update appliance at central server", ex); - return; } log.debug("Appliance status update finished"); @@ -209,7 +200,7 @@ private void setHttpdAttributes(GluuAppliance appliance) { appliance.setGluuHttpStatus(Boolean.toString(OxTrustConstants.HTTPD_TEST_PAGE_CONTENT.equals(page))); } - +/* private void setVDSAttributes(GluuAppliance appliance) { log.debug("Setting VDS attributes"); ApplicationConfiguration applicationConfiguration = oxTrustConfiguration.getApplicationConfiguration(); @@ -271,7 +262,7 @@ private void setVDSAttributes(GluuAppliance appliance) { } appliance.setGluuVDSStatus(Boolean.toString(topPresent && vdapcontainerPresent && vdlabelPresent && vdDirectoryViewPresent)); } - +*/ private String getHttpdPage(String idpUrl, String httpdTestPageName) { String[] urlParts = idpUrl.split("://"); if ("https".equals(urlParts[0])) { diff --git a/src/main/java/org/gluu/oxtrust/ldap/service/SubversionService.java b/src/main/java/org/gluu/oxtrust/ldap/service/SubversionService.java index 797167615..c01b26c5e 100644 --- a/src/main/java/org/gluu/oxtrust/ldap/service/SubversionService.java +++ b/src/main/java/org/gluu/oxtrust/ldap/service/SubversionService.java @@ -162,7 +162,10 @@ private String getLocalRepositoryFilePath(String dirFn, SubversionFile subversio */ public void initSubversionService() { - String svnConfigurationStoreRoot = applicationConfiguration.getSvnConfigurationStoreRoot(); + String svnConfigurationStoreRoot = null; + if (applicationConfiguration.isPersistSVN()) { + svnConfigurationStoreRoot = applicationConfiguration.getSvnConfigurationStoreRoot(); + } SVNAdminAreaFactory.setSelector(new ISVNAdminAreaFactorySelector() { @@ -181,7 +184,7 @@ public Collection getEnabledFactories(File path, Collection factories, boolean w }); if (StringHelper.isEmpty(svnConfigurationStoreRoot)) { - log.error("Failed to initialize Subversion store due to wrong SVN root path"); + log.warn("The service which commit configuration files into SVN was disabled"); return; } diff --git a/src/main/java/org/gluu/oxtrust/model/GluuOrganization.java b/src/main/java/org/gluu/oxtrust/model/GluuOrganization.java index 309f7acd0..2095e1498 100644 --- a/src/main/java/org/gluu/oxtrust/model/GluuOrganization.java +++ b/src/main/java/org/gluu/oxtrust/model/GluuOrganization.java @@ -1,7 +1,6 @@ package org.gluu.oxtrust.model; import java.io.Serializable; -import java.util.List; import javax.validation.constraints.NotNull; import javax.validation.constraints.Size; @@ -84,15 +83,6 @@ @LdapAttribute(name = "gluuTempFaviconImage") private String tempFaviconImage; - @LdapAttribute(name = "scimStatus") - private GluuStatus scimStatus; - - @LdapAttribute(name = "scimAuthMode") - private String scimAuthMode; - - @LdapAttribute(name = "scimGroup") - private String scimGroup; - @LdapAttribute(name = "oxInumConfig") private String oxInumConfig; diff --git a/src/main/java/org/gluu/oxtrust/model/OxAuthAuthenticationMethod.java b/src/main/java/org/gluu/oxtrust/model/OxAuthAuthenticationMethod.java new file mode 100644 index 000000000..1cd11d848 --- /dev/null +++ b/src/main/java/org/gluu/oxtrust/model/OxAuthAuthenticationMethod.java @@ -0,0 +1,83 @@ +package org.gluu.oxtrust.model; + +import java.util.HashMap; +import java.util.Map; + +import org.gluu.site.ldap.persistence.annotation.LdapEnum; + +/** + * @author Yuriy Movchan Date: 07/07/2014 + */ +public enum OxAuthAuthenticationMethod implements LdapEnum { + + /** + * Clients in possession of a client password authenticate with the Authorization Server + * using HTTP Basic authentication scheme. Default one if not client authentication is specified. + */ + CLIENT_SECRET_BASIC("client_secret_basic", "client_secret_basic"), + + /** + * Clients in possession of a client password authenticate with the Authorization Server + * by including the client credentials in the request body. + */ + CLIENT_SECRET_POST("client_secret_post", "client_secret_post"), + + /** + * Clients in possession of a client password create a JWT using the HMAC-SHA algorithm. + * The HMAC (Hash-based Message Authentication Code) is calculated using the client_secret + * as the shared key. + */ + CLIENT_SECRET_JWT("client_secret_jwt", "client_secret_jwt"), + + /** + * Clients that have registered a public key sign a JWT using the RSA algorithm if a RSA + * key was registered or the ECDSA algorithm if an Elliptic Curve key was registered. + */ + PRIVATE_KEY_JWT("private_key_jwt", "private_key_jwt"), + + /** + * The Client does not authenticate itself at the Token Endpoint, either because it uses only the Implicit Flow + * (and so does not use the Token Endpoint) or because it is a Public Client with no Client Secret or other + * authentication mechanism. + */ + NONE("none", "none"); + + + private String value; + private String displayName; + + private static Map mapByValues = new HashMap(); + + static { + for (OxAuthAuthenticationMethod enumType : values()) { + mapByValues.put(enumType.getValue(), enumType); + } + } + + private OxAuthAuthenticationMethod(String value, String displayName) { + this.value = value; + this.displayName = displayName; + } + + public String getValue() { + return value; + } + + public String getDisplayName() { + return displayName; + } + + public static OxAuthAuthenticationMethod getByValue(String value) { + return mapByValues.get(value); + } + + public Enum resolveByValue(String value) { + return getByValue(value); + } + + @Override + public String toString() { + return value; + } + +} \ No newline at end of file diff --git a/src/main/java/org/gluu/oxtrust/model/OxAuthClient.java b/src/main/java/org/gluu/oxtrust/model/OxAuthClient.java index 559bf5d3a..44474feb2 100644 --- a/src/main/java/org/gluu/oxtrust/model/OxAuthClient.java +++ b/src/main/java/org/gluu/oxtrust/model/OxAuthClient.java @@ -1,7 +1,6 @@ package org.gluu.oxtrust.model; import java.io.Serializable; -import java.util.Arrays; import java.util.List; import javax.validation.constraints.NotNull; @@ -10,11 +9,11 @@ import lombok.Data; import lombok.EqualsAndHashCode; -import org.xdi.oxauth.model.common.ResponseType; import org.gluu.site.ldap.persistence.annotation.LdapAttribute; import org.gluu.site.ldap.persistence.annotation.LdapEntry; import org.gluu.site.ldap.persistence.annotation.LdapObjectClass; import org.xdi.ldap.model.Entry; +import org.xdi.oxauth.model.common.ResponseType; import org.xdi.util.security.StringEncrypter; import org.xdi.util.security.StringEncrypter.EncryptionException; @@ -29,9 +28,6 @@ @EqualsAndHashCode(callSuper=false) public @Data class OxAuthClient extends Entry implements Serializable { - /** - * - */ private static final long serialVersionUID = -2310140703735705346L; @LdapAttribute(ignoreDuringUpdate = true) @@ -79,14 +75,15 @@ @LdapAttribute(name = "oxAuthResponseType") private ResponseType[] responseTypes; + + @LdapAttribute(name = "oxAuthTokenEndpointAuthMethod") + private OxAuthAuthenticationMethod tokenEndpointAuthMethod; @LdapAttribute(name = "oxAuthPostLogoutRedirectURI") private String[] postLogoutRedirectUris; private String oxAuthClientSecret; - - public void setOxAuthClientSecret(String oxAuthClientSecret) throws EncryptionException { this.oxAuthClientSecret = oxAuthClientSecret; if (oxAuthClientSecret != null && oxAuthClientSecret.length() > 1) { diff --git a/src/main/java/org/gluu/oxtrust/service/UmaProtectionService.java b/src/main/java/org/gluu/oxtrust/service/UmaProtectionService.java index 96fbb1fe0..cb7941412 100644 --- a/src/main/java/org/gluu/oxtrust/service/UmaProtectionService.java +++ b/src/main/java/org/gluu/oxtrust/service/UmaProtectionService.java @@ -9,9 +9,13 @@ import javax.ws.rs.core.Response; +import org.apache.http.conn.ClientConnectionManager; +import org.apache.http.impl.client.DefaultHttpClient; +import org.apache.http.impl.conn.PoolingClientConnectionManager; import org.gluu.oxtrust.exception.UmaProtectionException; import org.gluu.oxtrust.ldap.service.AppInitializer; import org.jboss.resteasy.client.ClientResponseFailure; +import org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor; import org.jboss.seam.ScopeType; import org.jboss.seam.annotations.AutoCreate; import org.jboss.seam.annotations.Create; @@ -76,9 +80,13 @@ public class UmaProtectionService implements Serializable { @Create public void init() { if (this.umaMetadataConfiguration != null) { - this.resourceSetPermissionRegistrationService = UmaClientFactory.instance().createResourceSetPermissionRegistrationService(this.umaMetadataConfiguration); - this.resourceSetRegistrationService = UmaClientFactory.instance().createResourceSetRegistrationService(this.umaMetadataConfiguration); - this.rptStatusService = UmaClientFactory.instance().createRptStatusService(this.umaMetadataConfiguration); + ClientConnectionManager connectoinManager = new PoolingClientConnectionManager(); + final DefaultHttpClient defaultHttpClient = new DefaultHttpClient(connectoinManager); + final ApacheHttpClient4Executor clientExecutor = new ApacheHttpClient4Executor(defaultHttpClient); + + this.resourceSetPermissionRegistrationService = UmaClientFactory.instance().createResourceSetPermissionRegistrationService(this.umaMetadataConfiguration, clientExecutor); + this.resourceSetRegistrationService = UmaClientFactory.instance().createResourceSetRegistrationService(this.umaMetadataConfiguration, clientExecutor); + this.rptStatusService = UmaClientFactory.instance().createRptStatusService(this.umaMetadataConfiguration, clientExecutor); } } @@ -133,7 +141,7 @@ public RptStatusResponse getStatusResponse(Token patToken, String rptToken) { RptStatusResponse rptStatusResponse = null; try { RptStatusRequest tokenStatusRequest = new RptStatusRequest(rptToken); - rptStatusResponse = rptStatusService.requestRptStatus(authorization, tokenStatusRequest); + rptStatusResponse = this.rptStatusService.requestRptStatus(authorization, tokenStatusRequest); } catch (Exception ex) { log.error("Failed to determine RPT status", ex); } diff --git a/src/main/java/org/gluu/oxtrust/util/OxTrustConstants.java b/src/main/java/org/gluu/oxtrust/util/OxTrustConstants.java index b8ebc4dc6..4ce30e0a6 100644 --- a/src/main/java/org/gluu/oxtrust/util/OxTrustConstants.java +++ b/src/main/java/org/gluu/oxtrust/util/OxTrustConstants.java @@ -27,6 +27,7 @@ public final class OxTrustConstants extends OxConstants { public static final String iname = "iname"; public static final String displayName = "displayName"; public static final String description = "description"; + public static final String origin = "gluuAttributeOrigin"; public static final String mail = "mail"; public static final String status = "status"; diff --git a/src/main/java/org/gluu/oxtrust/util/Utils.java b/src/main/java/org/gluu/oxtrust/util/Utils.java index ec9c25d81..d22107397 100644 --- a/src/main/java/org/gluu/oxtrust/util/Utils.java +++ b/src/main/java/org/gluu/oxtrust/util/Utils.java @@ -25,53 +25,6 @@ public class Utils implements Serializable { private static final long serialVersionUID = -2842459224631032594L; private static Log log = Logging.getLog(Utils.class); - /** - * checks if the User is a member or owner of SCIM group. - * - * @return boolean - * @throws Exception - */ - public static boolean isScimGroupMemberOrOwner(GluuCustomPerson user) throws Exception { - - GroupService groupService = GroupService.instance(); - OrganizationService organizationService = OrganizationService.instance(); - GluuOrganization org = organizationService.getOrganization(); - GluuGroup group = groupService.getGroupByDn(org.getScimGroup()); - List members = group.getMembers(); - String owner = group.getOwner(); - if (owner.equalsIgnoreCase(user.getDn())) { - return true; - } - - for (String member : members) { - - if (member.equalsIgnoreCase(user.getDn())) { - return true; - } - } - - return false; - - } - - /** - * Gets Scim Authorization mode - * - * @return AuthMode - */ - public static String scimAuthMode() { - try { - OrganizationService orgService; - orgService = OrganizationService.instance(); - GluuOrganization org = orgService.getOrganization(); - return org.getScimAuthMode(); - } catch (Exception ex) { - log.error("an Error occured could not get ScimAuthMode : ", ex); - } - return null; - - } - /** * Delete a Group from a Person * diff --git a/src/main/java/org/gluu/oxtrust/ws/rs/InumGenerationWebServiceImpl.java b/src/main/java/org/gluu/oxtrust/ws/rs/InumGenerationWebServiceImpl.java index 591013c82..c957497ca 100644 --- a/src/main/java/org/gluu/oxtrust/ws/rs/InumGenerationWebServiceImpl.java +++ b/src/main/java/org/gluu/oxtrust/ws/rs/InumGenerationWebServiceImpl.java @@ -7,10 +7,12 @@ import javax.ws.rs.core.Response; import org.codehaus.jackson.map.ObjectMapper; +import org.gluu.oxtrust.ldap.service.ApplianceService; import org.gluu.oxtrust.ldap.service.InumService; import org.gluu.oxtrust.ldap.service.OrganizationService; import org.gluu.oxtrust.ldap.service.SecurityService; import org.gluu.oxtrust.ldap.service.intercept.InumGeneratorInterceptorService; +import org.gluu.oxtrust.model.GluuAppliance; import org.gluu.oxtrust.model.GluuCustomPerson; import org.gluu.oxtrust.model.GluuOrganization; import org.gluu.oxtrust.model.InumConf; @@ -27,6 +29,7 @@ import org.jboss.seam.annotations.Name; import org.jboss.seam.contexts.Contexts; import org.jboss.seam.log.Log; +import org.xdi.ldap.model.GluuBoolean; import org.xdi.ldap.model.GluuStatus; import org.xdi.model.GluuUserRole; @@ -48,6 +51,9 @@ public class InumGenerationWebServiceImpl implements InumGenerationWebService { @In InumService inumService; + @In + private ApplianceService applianceService; + @Override public Response getInum(HttpServletRequest request, String prefix) throws Exception { @@ -120,29 +126,25 @@ private Response getErrorResponse(String errMsg, int statusCode) { private boolean getAuthorizedUser() { try { GluuCustomPerson authUser = (GluuCustomPerson) Contexts.getSessionContext().get(OxTrustConstants.CURRENT_PERSON); - SecurityService securityService = SecurityService.instance(); - OrganizationService organizationService = OrganizationService.instance(); - GluuOrganization org = organizationService.getOrganization(); - if (!GluuStatus.ACTIVE.equals(org.getScimStatus())) { + if (authUser == null) { return false; } - GluuUserRole[] userRoles = securityService.getUserRoles(authUser); - for (GluuUserRole role : userRoles) { + GluuAppliance appliance = applianceService.getAppliance(); + if (appliance == null) { + return false; + } - if (role.getRoleName().equalsIgnoreCase("MANAGER") || role.getRoleName().equalsIgnoreCase("OWNER")) { - if (Utils.isScimGroupMemberOrOwner(authUser)) { - return true; - } - } + if (!(GluuBoolean.TRUE.equals(appliance.getScimEnabled()) || GluuBoolean.ENABLED.equals(appliance.getScimEnabled()))) { + return false; } - return false; + + return true; } catch (Exception ex) { log.error("Exception: ", ex); return false; } - } } diff --git a/src/main/java/org/gluu/oxtrust/ws/rs/scim/BaseScimWebService.java b/src/main/java/org/gluu/oxtrust/ws/rs/scim/BaseScimWebService.java index 977afe581..50dd18b45 100644 --- a/src/main/java/org/gluu/oxtrust/ws/rs/scim/BaseScimWebService.java +++ b/src/main/java/org/gluu/oxtrust/ws/rs/scim/BaseScimWebService.java @@ -2,8 +2,10 @@ import javax.ws.rs.core.Response; +import org.gluu.oxtrust.ldap.service.ApplianceService; import org.gluu.oxtrust.ldap.service.OrganizationService; import org.gluu.oxtrust.ldap.service.SecurityService; +import org.gluu.oxtrust.model.GluuAppliance; import org.gluu.oxtrust.model.GluuCustomPerson; import org.gluu.oxtrust.model.GluuOrganization; import org.gluu.oxtrust.model.scim.Error; @@ -16,6 +18,7 @@ import org.jboss.seam.contexts.Contexts; import org.jboss.seam.log.Log; import org.xdi.config.oxtrust.ApplicationConfiguration; +import org.xdi.ldap.model.GluuBoolean; import org.xdi.ldap.model.GluuStatus; import org.xdi.model.GluuUserRole; import org.xdi.util.Pair; @@ -33,6 +36,9 @@ public class BaseScimWebService { @In(value = "#{oxTrustConfiguration.applicationConfiguration}") private ApplicationConfiguration applicationConfiguration; + @In + private ApplianceService applianceService; + @In private UmaAuthenticationService umaAuthenticationService; @@ -59,33 +65,25 @@ protected Response processAuthorization(String authorization) throws Exception { protected boolean getAuthorizedUser() { try { GluuCustomPerson authUser = (GluuCustomPerson) Contexts.getSessionContext().get(OxTrustConstants.CURRENT_PERSON); - SecurityService securityService = SecurityService.instance(); - OrganizationService organizationService = OrganizationService.instance(); - GluuOrganization org = organizationService.getOrganization(); - if (!GluuStatus.ACTIVE.equals(org.getScimStatus())) { + if (authUser == null) { return false; } - if (authUser == null) { + GluuAppliance appliance = applianceService.getAppliance(); + if (appliance == null) { return false; } - GluuUserRole[] userRoles = securityService.getUserRoles(authUser); - for (GluuUserRole role : userRoles) { - - if (role.getRoleName().equalsIgnoreCase("MANAGER") || role.getRoleName().equalsIgnoreCase("OWNER")) { - if (Utils.isScimGroupMemberOrOwner(authUser)) { - return true; - } - } + if (!(GluuBoolean.TRUE.equals(appliance.getScimEnabled()) || GluuBoolean.ENABLED.equals(appliance.getScimEnabled()))) { + return false; } - return false; + + return true; } catch (Exception ex) { log.error("Exception: ", ex); return false; } - } protected Response getErrorResponse(String errMsg, int statusCode) { diff --git a/src/main/webapp/WEB-INF/incl/client/clientForm.xhtml b/src/main/webapp/WEB-INF/incl/client/clientForm.xhtml index 5c0c080f1..6d4fab8e4 100644 --- a/src/main/webapp/WEB-INF/incl/client/clientForm.xhtml +++ b/src/main/webapp/WEB-INF/incl/client/clientForm.xhtml @@ -60,6 +60,15 @@ + + Authentication method + + + + + + + Redirect Login URIs diff --git a/src/main/webapp/WEB-INF/incl/layout/menu.xhtml b/src/main/webapp/WEB-INF/incl/layout/menu.xhtml index dd6f0eab2..3a0407147 100644 --- a/src/main/webapp/WEB-INF/incl/layout/menu.xhtml +++ b/src/main/webapp/WEB-INF/incl/layout/menu.xhtml @@ -28,7 +28,6 @@ - diff --git a/src/main/webapp/WEB-INF/incl/layout/template.xhtml b/src/main/webapp/WEB-INF/incl/layout/template.xhtml index c0cd70288..82b5d0e0b 100644 --- a/src/main/webapp/WEB-INF/incl/layout/template.xhtml +++ b/src/main/webapp/WEB-INF/incl/layout/template.xhtml @@ -1,5 +1,6 @@ + - - + #{organizationService.organization.organizationTitle} - - - - - - - - - - + + + + + + @@ -47,7 +44,6 @@ - @@ -81,5 +77,5 @@ - + \ No newline at end of file diff --git a/src/main/webapp/WEB-INF/incl/organization/organizationForm.xhtml b/src/main/webapp/WEB-INF/incl/organization/organizationForm.xhtml index 4776830c2..455939d68 100644 --- a/src/main/webapp/WEB-INF/incl/organization/organizationForm.xhtml +++ b/src/main/webapp/WEB-INF/incl/organization/organizationForm.xhtml @@ -42,9 +42,9 @@ background: url(../img/colorpicker/select2.png); } - - - +