From c346eb77dd0cfdb38e769a090ec49cc63094001f Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 19 Nov 2019 16:04:24 -0800 Subject: [PATCH 001/111] Excluded JSON libraries from gradle - Because they conflict with org.json.JSONObject from SCIM libraries [#169854769] Signed-off-by: Andrew Wittrock --- build.gradle | 2 ++ .../identity/uaa/test/JsonMatcher.java | 21 ++++++++++++------- .../ClientAdminEndpointsMockMvcTests.java | 3 ++- .../scim/endpoints/ScimUserEndpointDocs.java | 6 ++++-- .../ScimUserEndpointsMockMvcTests.java | 12 +++++++---- 5 files changed, 29 insertions(+), 15 deletions(-) diff --git a/build.gradle b/build.gradle index d6dbb0f828c..511002f27ec 100644 --- a/build.gradle +++ b/build.gradle @@ -61,6 +61,8 @@ subprojects { exclude group: "org.springframework.boot", module: "spring-boot-starter-logging" exclude group: "org.apache.directory.server", module: "apacheds-core" exclude group: "org.apache.directory.server", module: "apacheds-protocol-ldap" + exclude group: "org.skyscreamer", module: "jsonassert" + exclude group: "com.vaadin.external.google", module: "android-json" } dependencies { diff --git a/model/src/test/java/org/cloudfoundry/identity/uaa/test/JsonMatcher.java b/model/src/test/java/org/cloudfoundry/identity/uaa/test/JsonMatcher.java index 2b415f0ea8a..a3d5f76a129 100644 --- a/model/src/test/java/org/cloudfoundry/identity/uaa/test/JsonMatcher.java +++ b/model/src/test/java/org/cloudfoundry/identity/uaa/test/JsonMatcher.java @@ -1,30 +1,33 @@ package org.cloudfoundry.identity.uaa.test; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; import org.hamcrest.BaseMatcher; import org.hamcrest.Description; -import org.json.JSONException; -import org.skyscreamer.jsonassert.JSONAssert; -import org.skyscreamer.jsonassert.JSONCompareMode; import static org.cloudfoundry.identity.uaa.test.ModelTestUtils.getResourceAsString; public class JsonMatcher extends BaseMatcher { + private final ObjectMapper mapper; + public static org.hamcrest.Matcher isJsonFile(Class clazz, String fileName) { String expectedJson = getResourceAsString(clazz, fileName); return new JsonMatcher(expectedJson); } - public static org.hamcrest.Matcher isJsonString(String expectedJson) { + static org.hamcrest.Matcher isJsonString(String expectedJson) { return new JsonMatcher(expectedJson); } private String expectedJson; - private JSONException jsonException; + private JsonProcessingException jsonException; private JsonMatcher(String expectedJson) { this.expectedJson = expectedJson; this.jsonException = null; + this.mapper = new ObjectMapper(); } @Override @@ -33,9 +36,11 @@ public boolean matches(Object actualJson) { return false; } try { - JSONAssert.assertEquals(expectedJson, (String) actualJson, JSONCompareMode.NON_EXTENSIBLE); - return true; - } catch (JSONException e) { + final JsonNode actualTree = mapper.readTree((String) actualJson); + final JsonNode expectedTree = mapper.readTree(expectedJson); + + return expectedTree.equals(actualTree); + } catch (JsonProcessingException e) { jsonException = e; return false; } diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/clients/ClientAdminEndpointsMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/clients/ClientAdminEndpointsMockMvcTests.java index c74f372fb4a..a63ad351f35 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/clients/ClientAdminEndpointsMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/clients/ClientAdminEndpointsMockMvcTests.java @@ -1188,7 +1188,8 @@ void changeFoobarSecret() throws Exception { .content(JsonUtils.writeValueAsString(request)); mockMvc.perform(modifyClientsPost) .andExpect(status().isBadRequest()) - .andExpect(content().json("{\"error\":\"invalid_client\",\"error_description\":\"Bad request. Not permitted to change another client's secret\"}")); + .andExpect(content().contentType(APPLICATION_JSON)) + .andExpect(content().string("{\"error\":\"invalid_client\",\"error_description\":\"Bad request. Not permitted to change another client's secret\"}")); } } diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpointDocs.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpointDocs.java index 2e7bac65179..8867d28359a 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpointDocs.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpointDocs.java @@ -474,7 +474,8 @@ void test_status_unlock_user() throws Exception { .content(jsonStatus) ) .andExpect(status().isOk()) - .andExpect(content().json(jsonStatus)) + .andExpect(content().contentType(APPLICATION_JSON)) + .andExpect(content().string(jsonStatus)) .andDo( document("{ClassName}/{methodName}", preprocessRequest(prettyPrint()), @@ -506,7 +507,8 @@ void test_status_password_expire_user() throws Exception { .content(jsonStatus) ) .andExpect(status().isOk()) - .andExpect(content().json(jsonStatus)) + .andExpect(content().contentType(APPLICATION_JSON)) + .andExpect(content().string(jsonStatus)) .andDo( document("{ClassName}/{methodName}", preprocessRequest(prettyPrint()), diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpointsMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpointsMockMvcTests.java index a5f7c9b0b7f..2b08a2580de 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpointsMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpointsMockMvcTests.java @@ -626,7 +626,8 @@ void testUnlockAccount() throws Exception { alteredAccountStatus.setLocked(false); updateAccountStatus(userToLockout, alteredAccountStatus) .andExpect(status().isOk()) - .andExpect(content().json(JsonUtils.writeValueAsString(alteredAccountStatus))); + .andExpect(content().contentType(APPLICATION_JSON)) + .andExpect(content().string(JsonUtils.writeValueAsString(alteredAccountStatus))); attemptLogin(userToLockout) .andExpect(redirectedUrl("/")); @@ -639,7 +640,8 @@ void testAccountStatusEmptyPatchDoesNotUnlock() throws Exception { updateAccountStatus(userToLockout, new UserAccountStatus()) .andExpect(status().isOk()) - .andExpect(content().json("{}")); + .andExpect(content().contentType(APPLICATION_JSON)) + .andExpect(content().string("{}")); attemptLogin(userToLockout) .andExpect(redirectedUrl("/login?error=account_locked")); @@ -666,7 +668,8 @@ void testUnlockAccountWhenNotLocked() throws Exception { alteredAccountStatus.setLocked(false); updateAccountStatus(userToLockout, alteredAccountStatus) .andExpect(status().isOk()) - .andExpect(content().json(JsonUtils.writeValueAsString(alteredAccountStatus))); + .andExpect(content().contentType(APPLICATION_JSON)) + .andExpect(content().string(JsonUtils.writeValueAsString(alteredAccountStatus))); attemptLogin(userToLockout) .andExpect(redirectedUrl("/")); @@ -709,7 +712,8 @@ void testForcePasswordChange() throws Exception { updateAccountStatus(user, alteredAccountStatus) .andExpect(status().isOk()) - .andExpect(content().json(JsonUtils.writeValueAsString(alteredAccountStatus))); + .andExpect(content().contentType(APPLICATION_JSON)) + .andExpect(content().string(JsonUtils.writeValueAsString(alteredAccountStatus))); assertTrue(usersRepository.checkPasswordChangeIndividuallyRequired(user.getId(), IdentityZoneHolder.get().getId())); } From 95580d2ada85dc1da52d39617b42e76f0b333a7c Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 19 Nov 2019 16:06:30 -0800 Subject: [PATCH 002/111] Test Refactor - move file from server/ to uaa/ [#169854769] Signed-off-by: Andrew Wittrock --- .../identity/uaa/scim/endpoints/ScimUserEndpointsTests.java | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {server => uaa}/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpointsTests.java (100%) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpointsTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpointsTests.java similarity index 100% rename from server/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpointsTests.java rename to uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpointsTests.java From 9cbbc7b9e857dfc93e10bd0bbde90d2a90d1f7a3 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 19 Nov 2019 16:10:06 -0800 Subject: [PATCH 003/111] Test Refactor - ScimUserEndpointsTests - Use @DefaultTestContext instead of @WithSpring [#169854769] Signed-off-by: Andrew Wittrock --- .../uaa/scim/endpoints/ScimUserEndpointsTests.java | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpointsTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpointsTests.java index dc432c2dec9..e33787270d3 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpointsTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpointsTests.java @@ -2,8 +2,8 @@ import com.unboundid.scim.sdk.AttributePath; import com.unboundid.scim.sdk.SCIMFilter; +import org.cloudfoundry.identity.uaa.DefaultTestContext; import org.cloudfoundry.identity.uaa.account.UserAccountStatus; -import org.cloudfoundry.identity.uaa.annotations.WithSpring; import org.cloudfoundry.identity.uaa.approval.Approval; import org.cloudfoundry.identity.uaa.approval.ApprovalStore; import org.cloudfoundry.identity.uaa.constants.OriginKeys; @@ -33,7 +33,6 @@ import org.cloudfoundry.identity.uaa.scim.jdbc.JdbcScimUserProvisioning; import org.cloudfoundry.identity.uaa.scim.validate.PasswordValidator; import org.cloudfoundry.identity.uaa.security.IsSelfCheck; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.test.ZoneSeeder; import org.cloudfoundry.identity.uaa.test.ZoneSeederExtension; import org.cloudfoundry.identity.uaa.web.ConvertingExceptionView; @@ -60,7 +59,6 @@ import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.test.annotation.DirtiesContext; import org.springframework.test.context.TestPropertySource; import org.springframework.test.util.ReflectionTestUtils; import org.springframework.web.servlet.View; @@ -102,15 +100,12 @@ import static org.mockito.Mockito.verifyZeroInteractions; import static org.mockito.Mockito.when; -@WithSpring -@ExtendWith(PollutionPreventionExtension.class) +@DefaultTestContext @ExtendWith(ZoneSeederExtension.class) -@DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_CLASS) @TestPropertySource(properties = { "groupMaxCount=5", "userMaxCount=5" }) -// TODO: Stop using @WithSpring. It's messing up UaaTokenServicesTests. class ScimUserEndpointsTests { private static final String JDSA_VMWARE_COM = "jd'sa@vmware.com"; @@ -223,7 +218,7 @@ void setUpAfterSeeding(final IdentityZone identityZone) { void validate_password_for_uaa_only() { validatePasswordForUaaOriginOnly(times(1), OriginKeys.UAA, "password"); } - + @Test void validate_password_not_called_for_non_uaa() { validatePasswordForUaaOriginOnly(never(), OriginKeys.LOGIN_SERVER, ""); From 10bfd06ed8c24dc19a5c13a19239f26806a4a4d3 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 19 Nov 2019 16:11:05 -0800 Subject: [PATCH 004/111] Test Refactor - move file from server/ to uaa/ [#169854769] Signed-off-by: Andrew Wittrock --- .../cloudfoundry/identity/uaa/oauth/UaaTokenServicesTests.java | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {server => uaa}/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServicesTests.java (100%) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServicesTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServicesTests.java similarity index 100% rename from server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServicesTests.java rename to uaa/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServicesTests.java From ca84fd1b5ec6be22dc5f71f958bed65bd9bde87f Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Wed, 20 Nov 2019 10:08:26 -0800 Subject: [PATCH 005/111] Test Refactor - remove unneeded properties [#169854769] --- .../test/bootstrap/all-properties-set.yml | 594 +++--------------- 1 file changed, 81 insertions(+), 513 deletions(-) diff --git a/uaa/src/test/resources/test/bootstrap/all-properties-set.yml b/uaa/src/test/resources/test/bootstrap/all-properties-set.yml index 20881b13bca..07b44bd4ea2 100644 --- a/uaa/src/test/resources/test/bootstrap/all-properties-set.yml +++ b/uaa/src/test/resources/test/bootstrap/all-properties-set.yml @@ -1,42 +1,4 @@ - --- -analytics: - code: some-code - domain: test.com -assetBaseUrl: /resources/pivotal -authentication: - policy: - countFailuresWithinSeconds: 7200 - global: - countFailuresWithinSeconds: 2222 - lockoutAfterFailures: 1 - lockoutPeriodSeconds: 152 - lockoutAfterFailures: 10 - lockoutPeriodSeconds: 600 -cors: - default: - allowed: - credentials: true - headers: &id001 - - Accept - - Content-Type - methods: &id002 - - GET - - POST - - PUT - origins: &id003 - - ^example.com.* - - foo.com - uris: .*token$ - max_age: 1999999 - xhr: - allowed: - credentials: true - headers: *id001 - methods: *id002 - origins: *id003 - uris: .*token$ - max_age: 1999999 database: abandonedtimeout: 45 caseinsensitive: true @@ -51,19 +13,6 @@ database: username: sa password: '' -delete: - expirationRunTime: 3000 - identityProviders: - - delete-discovery-provider - - delete.local - clients: - - client-should-not-exist-1 - - client-should-not-exist-2 - users: - - delete-user-1 - - delete-user-2 - -disableInternalAuth: true disableInternalUserManagement: true issuer: uri: https://localhost:8443/uaa/oauth/token @@ -127,368 +76,70 @@ links: signup: /configured_signup homeRedirect: /configured_home_redirect login: - accountChooserEnabled: true - authorize: - url: - branding: - companyName: test-company-branding-name - productLogo: | - this is an invalid - base64 logo with - line feeds - squareLogo: | - this is an invalid - base64 logo with - line feeds - entityBaseURL: https://login.some.test.domain.com:555/uaa - defaultIdentityProvider: uaa - idpDiscoveryEnabled: true - oauth: - providers: - my-oauth-provider: - addShadowUserOnLogin: false - attributeMappings: - family_name: last_name - given_name: first_name - authUrl: http://my-auth.com - emailDomain: - - example.com - issuer: http://issuer-my-token.com - linkText: My Oauth Provider - relyingPartyId: uaa - relyingPartySecret: secret - scopes: - - requested_scope - showLinkText: true - tokenKey: my-token-key - tokenKeyUrl: null - tokenUrl: http://my-token.com - type: oauth2.0 - storeCustomAttributes: false - my-oidc-provider: - attributeMappings: - family_name: last_name - given_name: first_name - user_name: - external_groups: - - roles - - - user: - attribute: - name-of-attribute-in-uaa-id-token: name-of-attribute-in-provider-token - name-of-other-attribute-in-uaa-id-token: name-of-other-attribute-in-provider-token - - authUrl: http://my-auth.com - linkText: My Oauth Provider - relyingPartyId: uaa - relyingPartySecret: secret - responseType: code id_token - scopes: - - requested_scope - showLinkText: true - tokenKey: my-token-key - tokenKeyUrl: null - tokenUrl: http://my-token.com - type: oidc1.0 - userInfoUrl: http://my-token.com/userinfo - storeCustomAttributes: false - clientAuthInBody: true - default-discovery-provider: - discoveryUrl: https://accounts.google.com/.well-known/openid-configuration - relyingPartyId: uaa - relyingPartySecret: secret - showLinkText: true - type: oidc1.0 - delete-discovery-provider: - discoveryUrl: https://accounts.google.com/.well-known/openid-configuration - relyingPartyId: uaa - relyingPartySecret: secret - showLinkText: true - type: oidc1.0 - - uts-oidc-provider: - authUrl: http://my-auth.com - discoveryUrl: https://accounts.google.com/.well-known/openid-configuration - attributeMappings: - family_name: last_name - given_name: first_name - user_name: - external_groups: - - roles - - - user: - attribute: - name-of-attribute-in-uaa-id-token: name-of-attribute-in-provider-token - name-of-other-attribute-in-uaa-id-token: name-of-other-attribute-in-provider-token - linkText: My Oauth Provider - relyingPartyId: uaa_token_services_test - relyingPartySecret: secret - responseType: code id_token - scopes: - - uaa_token_services_test_scope - tokenKey: my-token-key - tokenUrl: http://my-token.com - type: oidc1.0 - storeCustomAttributes: true - clientAuthInBody: true - - mfa: - providers: - mfaprovider1: - type: google-authenticator - config: - providerDescription: all-properties-set-description - issuer: google.com - - prompt: - password: - text: Your Secret - username: - text: Username + serviceProviderKey: | + -----BEGIN RSA PRIVATE KEY----- + MIICXQIBAAKBgQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5 + L39WqS9u0hnA+O7MCA/KlrAR4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vA + fpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCYxhMol6ZnTbSsFW6VZjFMjQIDAQAB + AoGAVOj2Yvuigi6wJD99AO2fgF64sYCm/BKkX3dFEw0vxTPIh58kiRP554Xt5ges + 7ZCqL9QpqrChUikO4kJ+nB8Uq2AvaZHbpCEUmbip06IlgdA440o0r0CPo1mgNxGu + lhiWRN43Lruzfh9qKPhleg2dvyFGQxy5Gk6KW/t8IS4x4r0CQQD/dceBA+Ndj3Xp + ubHfxqNz4GTOxndc/AXAowPGpge2zpgIc7f50t8OHhG6XhsfJ0wyQEEvodDhZPYX + kKBnXNHzAkEAyCA76vAwuxqAd3MObhiebniAU3SnPf2u4fdL1EOm92dyFs1JxyyL + gu/DsjPjx6tRtn4YAalxCzmAMXFSb1qHfwJBAM3qx3z0gGKbUEWtPHcP7BNsrnWK + vw6By7VC8bk/ffpaP2yYspS66Le9fzbFwoDzMVVUO/dELVZyBnhqSRHoXQcCQQCe + A2WL8S5o7Vn19rC0GVgu3ZJlUrwiZEVLQdlrticFPXaFrn3Md82ICww3jmURaKHS + N+l4lnMda79eSp3OMmq9AkA0p79BvYsLshUJJnvbk76pCjR28PK4dV1gSDUEqQMB + qy45ptdwJLqLJCeNoR0JUcDNIRhOCuOPND7pcMtX6hI/ + -----END RSA PRIVATE KEY----- + serviceProviderKeyPassword: password + serviceProviderCertificate: | + -----BEGIN CERTIFICATE----- + MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEO + MAwGA1UECBMFYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEO + MAwGA1UECxMFYXJ1YmExDjAMBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5h + cnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2MjdaFw0xNjExMTkyMjI2MjdaMHwx + CzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAM + BgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAb + BgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GN + ADCBiQKBgQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39W + qS9u0hnA+O7MCA/KlrAR4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOw + znoD66DDCnQVpbCjtDYWX+x6imxn8HCYxhMol6ZnTbSsFW6VZjFMjQIDAQABo4Ha + MIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1syGDCBpwYDVR0jBIGfMIGc + gBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3MQ4wDAYD + VQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYD + VQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJh + QGFydWJhLmFyggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ + 0HOZbbHClXmGUjGs+GS+xC1FO/am2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxC + KdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3oePe84k8jm3A7EvH5wi5hvCkK + RpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0= + -----END CERTIFICATE----- + url: http://localhost:8080/uaa + entityBaseURL: http://localhost:8080/uaa + entityID: cloudfoundry-saml-login saml: - maxAuthenticationAge: 3600 - metadataTrustCheck: false - activeKeyId: key1 - keys: - key1: - key: | - -----BEGIN RSA PRIVATE KEY----- - MIIEogIBAAKCAQEArRkvkddLUoNyuvu0ktkcLL0CyGG8Drh9oPsaVOLVHJqB1Ebr - oNMTPbY0HPjuD5WBDZTi3ftNLp1mPn9wFy6FhMTvIYeQmTskH8m/kyVReXG/zfWq - a4+V6UW4nmUcvfF3YNrHvN5VPTWTJrc2KBzseWQ70OaBNfBi6z4XbdOF45dDfck2 - oRnasinUv+rG+PUl7x8OjgdVyyen6qeCQ6xt8W9fHg//Nydlfwb3/L+syPoBujdu - Hai7GoLUzm/zqOM9dhlR5mjuEJ3QUvnmGKrGDoeHFog0CMgLC+C0Z4ZANB6GbjlM - bsQczsaYxHMqAMOnOe6xIXUrPOoc7rclwZeHMQIDAQABAoIBAAFB2ZKZmbZztfWd - tmYKpaW9ibOi4hbJSEBPEpXjP+EBTkgYa8WzQsSD+kTrme8LCvDqT+uE076u7fsu - OcYxVE7ujz4TGf3C7DQ+5uFOuBTFurroOeCmHlSfaQPdgCPxCQjvDdxVUREsvnDd - i8smyqDnFXgi9HVL1awXu1vU2XgZshfl6wBOCNomVMCN8mVcBQ0KM88SUvoUwM7i - sSdj1yQV16Za8+nVnMW41FMHegVRd3Y5EsXJfwGuXnZMIG87PavH1nUqn9NOFq9Y - kb4SeOO47PaMxv7jMaXltVVokdGH8L/BY4we8tBL+wVeUJ94aYx/Q/LUAtRPbKPS - ZSEi/7ECgYEA3dUg8DXzo59zl5a8kfz3aoLl8RqRYzuf8F396IuiVcqYlwlWOkZW - javwviEOEdZhUZPxK1duXKTvYw7s6eDFwV+CklTZu4A8M3Os0D8bSL/pIKqcadt5 - JClIRmOmmQpj9AYhSdBTdQtJGjVDaDXJBb7902pDm9I4jMFbjAKLZNsCgYEAx8J3 - Y1c7GwHw6dxvTywrw3U6z1ILbx2olVLY6DIgZaMVT4EKTAv2Ke4xF4OZYG+lLRbt - hhOHYzRMYC38MNl/9RXHBgUlQJXOQb9u644motl5dcMvzIIuWFCn5vXxR2C3McNy - vPdzYS2M64xRGy+IENtPSCcUs9C99bEajRcuG+MCgYAONabEfFA8/OvEnA08NL4M - fpIIHbGOb7VRClRHXxpo8G9RzXFOjk7hCFCFfUyPa/IT7awXIKSbHp2O9NfMK2+/ - cUTF5tWDozU3/oLlXAV9ZX2jcApQ5ZQe8t4EVEHJr9azPOlI9yVBbBWkriDBPiDA - U3mi3z2xb4fbzE726vrO3QKBgA6PfTZPgG5qiM3zFGX3+USpAd1kxJKX3dbskAT0 - ymm+JmqCJGcApDPQOeHV5NMjsC2GM1AHkmHHyR1lnLFO2UXbDYPB0kJP6RXfx00C - MozCP1k3Hf/RKWGkl2h9WtXyFchZz744Zz+ZG2F7+9l4cHmSEshWmOq2d3I2M5I/ - M0wzAoGAa2oM4Q6n+FMHl9e8H+2O4Dgm7wAdhuZI1LhnLL6GLVC1JTmGrz/6G2TX - iNFhc0lnDcVeZlwg4i7M7MH8UFdWj3ZEylsXjrjIspuAJg7a/6qmP9s2ITVffqYk - 2slwG2SIQchM5/0uOiP9W0YIjYEe7hgHUmL9Rh8xFuo9y72GH8c= - -----END RSA PRIVATE KEY----- - passphrase: password - certificate: | - -----BEGIN CERTIFICATE----- - MIID0DCCArgCCQDBRxU0ucjw6DANBgkqhkiG9w0BAQsFADCBqTELMAkGA1UEBhMC - VVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMR8wHQYDVQQK - ExZDbG91ZCBGb3VuZHJ5IElkZW50aXR5MQ4wDAYDVQQLEwVLZXkgMTEiMCAGA1UE - AxMZbG9naW4uaWRlbnRpdHkuY2YtYXBwLmNvbTEgMB4GCSqGSIb3DQEJARYRZmhh - bmlrQHBpdm90YWwuaW8wHhcNMTcwNDEwMTkxMTIyWhcNMTgwNDEwMTkxMTIyWjCB - qTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNp - c2NvMR8wHQYDVQQKExZDbG91ZCBGb3VuZHJ5IElkZW50aXR5MQ4wDAYDVQQLEwVL - ZXkgMTEiMCAGA1UEAxMZbG9naW4uaWRlbnRpdHkuY2YtYXBwLmNvbTEgMB4GCSqG - SIb3DQEJARYRZmhhbmlrQHBpdm90YWwuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IB - DwAwggEKAoIBAQCtGS+R10tSg3K6+7SS2RwsvQLIYbwOuH2g+xpU4tUcmoHURuug - 0xM9tjQc+O4PlYENlOLd+00unWY+f3AXLoWExO8hh5CZOyQfyb+TJVF5cb/N9apr - j5XpRbieZRy98Xdg2se83lU9NZMmtzYoHOx5ZDvQ5oE18GLrPhdt04Xjl0N9yTah - GdqyKdS/6sb49SXvHw6OB1XLJ6fqp4JDrG3xb18eD/83J2V/Bvf8v6zI+gG6N24d - qLsagtTOb/Oo4z12GVHmaO4QndBS+eYYqsYOh4cWiDQIyAsL4LRnhkA0HoZuOUxu - xBzOxpjEcyoAw6c57rEhdSs86hzutyXBl4cxAgMBAAEwDQYJKoZIhvcNAQELBQAD - ggEBAB72QKF9Iri+UdCGAIok/qIeKw5AwZ0wtiONa+DF4B80/yAA1ObpuO3eeeka - t0s4wtCRflE08zLrwqHlvKQAGKmJkfRLfEqfKStIUOTHQxE6wOaBtfW41M9ZF1hX - NHpnkfmSQjaHVNTRbABiFH6eTq8J6CuO12PyDf7lW3EofvcTU3ulsDhuMAz02ypJ - BgcOufnl+qP/m/BhVQsRD5mtJ56uJpHvri1VR2kj8N59V8f6KPO2m5Q6MulEhWml - TsxyxUl03oyICDP1cbpYtDk2VddVNWipHHPH/mBVW41EBVv0VDV03LH3RfS9dXiK - ynuP3shhqhFvaaiUTZP4l5yF/GQ= - -----END CERTIFICATE----- - key2: - key: | - -----BEGIN RSA PRIVATE KEY----- - MIIEpAIBAAKCAQEAwt7buITRZhXX98apcgJbiHhrPkrgn5MCsCphRQ89oWPUHWjN - j9Kz2m9LaKgq9DnNLl22U4e6/LUQToBCLxkIqwaobZKjIUjNAmNomqbNO7AD2+K7 - RCiQ2qijWUwXGu+5+fSmF/MOermNKUDiQnRJSSSAPObAHOI980zTWVsApKpcFVaV - vk/299L/0rk8I/mNvf63cdw4Nh3xn4Ct+oCnTaDg5OtpGz8sHlocOAti+LdrtNzH - uBWq8q2sdhFQBRGe1MOeH8CAEHgKYwELTBCJEyLhykdRgxXJHSaL56+mb6HQvGO/ - oyZHn+qHsCCjcdR1L/U4qt4m7HBimv0qbvApQwIDAQABAoIBAQCftmmcnHbG1WZR - NChSQa5ldlRnFJVvE90jJ0jbgfdAHAKQLAI2Ozme8JJ8bz/tNKZ+tt2lLlxJm9iG - jkYwNbNOAMHwNDuxHuqvZ2wnPEh+/+7Zu8VBwoGeRJLEsEFLmWjyfNnYTSPz37nb - Mst+LbKW2OylfXW89oxRqQibdqNbULpcU4NBDkMjToH1Z4dUFx3X2R2AAwgDz4Ku - HN4HoxbsbUCI5wLDJrTGrJgEntMSdsSdOY48YOMBnHqqfw7KoJ0sGjrPUy0vOGq2 - CeP3uqbXX/mJpvJ+jg3Y2b1Zeu2I+vAnZrxlaZ+hYnZfoNqVjBZ/EEq/lmEovMvr - erP8FYI5AoGBAOrlmMZYdhW0fRzfpx6WiBJUkFfmit4qs9nQRCouv+jHS5QL9aM9 - c+iKeP6kWuxBUYaDBmf5J1OBW4omNd384NX5PCiL/Fs/lxgdMZqEhnhT4Dj4Q6m6 - ZXUuY6hamoF5+z2mtkZzRyvD1LUAARKJw6ggUtcH28cYC3RkZ5P6SWHVAoGBANRg - scI9pF2VUrmwpgIGhynLBEO26k8j/FyE3S7lPcUZdgPCUZB0/tGklSo183KT/KQY - TgO2mqb8a8xKCz41DTnUPqJWZzBOFw5QaD2i9O6soXUAKqaUm3g40/gyWX1hUtHa - K0Kw5z1Sf3MoCpW0Ozzn3znYbAoSvBRr53d0EVK3AoGAOD1ObbbCVwIGroIR1i3+ - WD0s7g7Bkt2wf+bwWxUkV4xX2RNf9XyCItv8iiM5rbUZ2tXGE+DAfKrNCu+JGCQy - hKiOsbqKaiJ4f4qF1NQECg0y8xDlyl5Zakv4ClffBD77W1Bt9cIl+SGC7O8aUqDv - WnKawucbxLhKDcz4S6KyLR0CgYEAhuRrw24XqgEgLCVRK9QtoZP7P28838uBjNov - Cow8caY8WSLhX5mQCGQ7AjaGTG5Gd4ugcadYD1wgs/8LqRVVMzfmGII8xGe1KThV - HWEVpUssuf3DGU8meHPP3sNMJ+DbE8M42wE1vrNZlDEImBGD1qmIFVurM7K2l1n6 - CNtF7X0CgYBuFf0A0cna8LnxOAPm8EPHgFq4TnDU7BJzzcO/nsORDcrh+dZyGJNS - fUTMp4k+AQCm9UwJAiSf4VUwCbhXUZ3S+xB55vrH+Yc2OMtsIYhzr3OCkbgKBMDn - nBVKSGAomYD2kCUmSbg7bUrFfGntmvOLqTHtVfrCyE5i8qS63RbHlA== - -----END RSA PRIVATE KEY----- - passphrase: password - certificate: | - -----BEGIN CERTIFICATE----- - MIID0DCCArgCCQDqnPTUvA17+TANBgkqhkiG9w0BAQsFADCBqTELMAkGA1UEBhMC - VVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMR8wHQYDVQQK - ExZDbG91ZCBGb3VuZHJ5IElkZW50aXR5MQ4wDAYDVQQLEwVLZXkgMjEiMCAGA1UE - AxMZbG9naW4uaWRlbnRpdHkuY2YtYXBwLmNvbTEgMB4GCSqGSIb3DQEJARYRZmhh - bmlrQHBpdm90YWwuaW8wHhcNMTcwNDEwMTkxNTAyWhcNMTgwNDEwMTkxNTAyWjCB - qTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNBMRYwFAYDVQQHEw1TYW4gRnJhbmNp - c2NvMR8wHQYDVQQKExZDbG91ZCBGb3VuZHJ5IElkZW50aXR5MQ4wDAYDVQQLEwVL - ZXkgMjEiMCAGA1UEAxMZbG9naW4uaWRlbnRpdHkuY2YtYXBwLmNvbTEgMB4GCSqG - SIb3DQEJARYRZmhhbmlrQHBpdm90YWwuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IB - DwAwggEKAoIBAQDC3tu4hNFmFdf3xqlyAluIeGs+SuCfkwKwKmFFDz2hY9QdaM2P - 0rPab0toqCr0Oc0uXbZTh7r8tRBOgEIvGQirBqhtkqMhSM0CY2iaps07sAPb4rtE - KJDaqKNZTBca77n59KYX8w56uY0pQOJCdElJJIA85sAc4j3zTNNZWwCkqlwVVpW+ - T/b30v/SuTwj+Y29/rdx3Dg2HfGfgK36gKdNoODk62kbPyweWhw4C2L4t2u03Me4 - Faryrax2EVAFEZ7Uw54fwIAQeApjAQtMEIkTIuHKR1GDFckdJovnr6ZvodC8Y7+j - Jkef6oewIKNx1HUv9Tiq3ibscGKa/Spu8ClDAgMBAAEwDQYJKoZIhvcNAQELBQAD - ggEBAKzeh/bRDEEP/WGsiYhCCfvESyt0QeKwUk+Hfl0/oP4m9pXNrnMRApyoi7FB - owpmXIeqDqGigPai6pJ3xCO94P+Bz7WTk0+jScYm/hGpcIOeKh8FBfW0Fddu9Otn - qVk0FdRSCTjUZKQlNOqVTjBeKOjHmTkgh96IR3EP2/hp8Ym4HLC+w265V7LnkqD2 - SoMez7b2V4NmN7z9OxTALUbTzmFG77bBDExHvfbiFlkIptx8+IloJOCzUsPEg6Ur - kueuR7IB1S4q6Ja7Gb9b9NYQDFt4hjb5mC9aPxaX+KK2JlZg4cTFVCdkIyp2/fHI - iQpMzNWb7zZWlCfDL4dJZHYoNfg= - -----END CERTIFICATE----- + #Entity ID Alias to login at /saml/SSO/alias/{login.saml.entityIDAlias} + #entityIDAlias: cloudfoundry-saml-login + #Default nameID if IDP nameID is not set + nameID: 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified' + #Default assertionConsumerIndex if IDP value is not set + assertionConsumerIndex: 0 + #Local/SP metadata - sign metadata + signMetaData: true + #Local/SP metadata - requests signed + signRequest: true + #Local/SP metadata - want incoming assertions signed + #wantAssertionSigned: true + #Algorithm for SAML signatures. Defaults to SHA1. Accepts SHA1, SHA256, SHA512 + #signatureAlgorithm: SHA256 + socket: + # URL metadata fetch - pool timeout + connectionManagerTimeout: 10000 + # URL metadata fetch - read timeout + soTimeout: 10000 + authorize: + url: http://localhost:8080/uaa/oauth/authorize - providers: - okta-local: - storeCustomAttributes: false - iconUrl: http://link.to/icon.jpg - idpMetadata: | - - MIICmTCCAgKgAwIBAgIGAUPATqmEMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYDVQQGEwJVUzETMBEG - A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU - MBIGA1UECwwLU1NPUHJvdmlkZXIxEDAOBgNVBAMMB1Bpdm90YWwxHDAaBgkqhkiG9w0BCQEWDWlu - Zm9Ab2t0YS5jb20wHhcNMTQwMTIzMTgxMjM3WhcNNDQwMTIzMTgxMzM3WjCBjzELMAkGA1UEBhMC - VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoM - BE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRAwDgYDVQQDDAdQaXZvdGFsMRwwGgYJKoZIhvcN - AQkBFg1pbmZvQG9rdGEuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCeil67/TLOiTZU - WWgW2XEGgFZ94bVO90v5J1XmcHMwL8v5Z/8qjdZLpGdwI7Ph0CyXMMNklpaR/Ljb8fsls3amdT5O - Bw92Zo8ulcpjw2wuezTwL0eC0wY/GQDAZiXL59npE6U+fH1lbJIq92hx0HJSru/0O1q3+A/+jjZL - 3tL/SwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAI5BoWZoH6Mz9vhypZPOJCEKa/K+biZQsA4Zqsuk - vvphhSERhqk/Nv76Vkl8uvJwwHbQrR9KJx4L3PRkGCG24rix71jEuXVGZUsDNM3CUKnARx4MEab6 - GFHNkZ6DmoT/PFagngecHu+EwmuDtaG0rEkFrARwe+d8Ru0BN558abFburn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified - linkText: Okta Preview 1 - providerDescription: Test Okta Preview 1 Description - saml: - assertionConsumerIndex: 0 - metadataTrustCheck: true - nameID: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - showSamlLoginLink: true - okta-local-2: - assertionConsumerIndex: 0 - groupMappingMode: AS_SCOPES - idpMetadata: | - MIICmTCCAgKgAwIBAgIGAUPATqmEMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYDVQQGEwJVUzETMBEG - A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU - MBIGA1UECwwLU1NPUHJvdmlkZXIxEDAOBgNVBAMMB1Bpdm90YWwxHDAaBgkqhkiG9w0BCQEWDWlu - Zm9Ab2t0YS5jb20wHhcNMTQwMTIzMTgxMjM3WhcNNDQwMTIzMTgxMzM3WjCBjzELMAkGA1UEBhMC - VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoM - BE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRAwDgYDVQQDDAdQaXZvdGFsMRwwGgYJKoZIhvcN - AQkBFg1pbmZvQG9rdGEuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCeil67/TLOiTZU - WWgW2XEGgFZ94bVO90v5J1XmcHMwL8v5Z/8qjdZLpGdwI7Ph0CyXMMNklpaR/Ljb8fsls3amdT5O - Bw92Zo8ulcpjw2wuezTwL0eC0wY/GQDAZiXL59npE6U+fH1lbJIq92hx0HJSru/0O1q3+A/+jjZL - 3tL/SwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAI5BoWZoH6Mz9vhypZPOJCEKa/K+biZQsA4Zqsuk - vvphhSERhqk/Nv76Vkl8uvJwwHbQrR9KJx4L3PRkGCG24rix71jEuXVGZUsDNM3CUKnARx4MEab6 - GFHNkZ6DmoT/PFagngecHu+EwmuDtaG0rEkFrARwe+d8Ru0BN558abFburn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified - linkText: Okta Preview 2 - metadataTrustCheck: true - nameID: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - showSamlLoginLink: true - skipSslValidation: false - openam-local: - assertionConsumerIndex: 0 - idpMetadata: | - MIICmTCCAgKgAwIBAgIGAUPATqmEMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYDVQQGEwJVUzETMBEG - A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU - MBIGA1UECwwLU1NPUHJvdmlkZXIxEDAOBgNVBAMMB1Bpdm90YWwxHDAaBgkqhkiG9w0BCQEWDWlu - Zm9Ab2t0YS5jb20wHhcNMTQwMTIzMTgxMjM3WhcNNDQwMTIzMTgxMzM3WjCBjzELMAkGA1UEBhMC - VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoM - BE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRAwDgYDVQQDDAdQaXZvdGFsMRwwGgYJKoZIhvcN - AQkBFg1pbmZvQG9rdGEuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCeil67/TLOiTZU - WWgW2XEGgFZ94bVO90v5J1XmcHMwL8v5Z/8qjdZLpGdwI7Ph0CyXMMNklpaR/Ljb8fsls3amdT5O - Bw92Zo8ulcpjw2wuezTwL0eC0wY/GQDAZiXL59npE6U+fH1lbJIq92hx0HJSru/0O1q3+A/+jjZL - 3tL/SwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAI5BoWZoH6Mz9vhypZPOJCEKa/K+biZQsA4Zqsuk - vvphhSERhqk/Nv76Vkl8uvJwwHbQrR9KJx4L3PRkGCG24rix71jEuXVGZUsDNM3CUKnARx4MEab6 - GFHNkZ6DmoT/PFagngecHu+EwmuDtaG0rEkFrARwe+d8Ru0BN558abFburn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified - linkText: Log in with OpenAM - nameID: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress - showSamlLoginLink: true - signMetaData: false - signRequest: false - vsphere.local: - assertionConsumerIndex: 0 - idpMetadata: | - MIICmTCCAgKgAwIBAgIGAUPATqmEMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYDVQQGEwJVUzETMBEG - A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU - MBIGA1UECwwLU1NPUHJvdmlkZXIxEDAOBgNVBAMMB1Bpdm90YWwxHDAaBgkqhkiG9w0BCQEWDWlu - Zm9Ab2t0YS5jb20wHhcNMTQwMTIzMTgxMjM3WhcNNDQwMTIzMTgxMzM3WjCBjzELMAkGA1UEBhMC - VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoM - BE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRAwDgYDVQQDDAdQaXZvdGFsMRwwGgYJKoZIhvcN - AQkBFg1pbmZvQG9rdGEuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCeil67/TLOiTZU - WWgW2XEGgFZ94bVO90v5J1XmcHMwL8v5Z/8qjdZLpGdwI7Ph0CyXMMNklpaR/Ljb8fsls3amdT5O - Bw92Zo8ulcpjw2wuezTwL0eC0wY/GQDAZiXL59npE6U+fH1lbJIq92hx0HJSru/0O1q3+A/+jjZL - 3tL/SwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAI5BoWZoH6Mz9vhypZPOJCEKa/K+biZQsA4Zqsuk - vvphhSERhqk/Nv76Vkl8uvJwwHbQrR9KJx4L3PRkGCG24rix71jEuXVGZUsDNM3CUKnARx4MEab6 - GFHNkZ6DmoT/PFagngecHu+EwmuDtaG0rEkFrARwe+d8Ru0BN558abFburn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified - linkText: Log in with vCenter SSO - nameID: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent - showSamlLoginLink: true - skipSslValidation: true - delete.local: - assertionConsumerIndex: 0 - idpMetadata: | - MIICmTCCAgKgAwIBAgIGAUPATqmEMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYDVQQGEwJVUzETMBEG - A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU - MBIGA1UECwwLU1NPUHJvdmlkZXIxEDAOBgNVBAMMB1Bpdm90YWwxHDAaBgkqhkiG9w0BCQEWDWlu - Zm9Ab2t0YS5jb20wHhcNMTQwMTIzMTgxMjM3WhcNNDQwMTIzMTgxMzM3WjCBjzELMAkGA1UEBhMC - VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoM - BE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRAwDgYDVQQDDAdQaXZvdGFsMRwwGgYJKoZIhvcN - AQkBFg1pbmZvQG9rdGEuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCeil67/TLOiTZU - WWgW2XEGgFZ94bVO90v5J1XmcHMwL8v5Z/8qjdZLpGdwI7Ph0CyXMMNklpaR/Ljb8fsls3amdT5O - Bw92Zo8ulcpjw2wuezTwL0eC0wY/GQDAZiXL59npE6U+fH1lbJIq92hx0HJSru/0O1q3+A/+jjZL - 3tL/SwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAI5BoWZoH6Mz9vhypZPOJCEKa/K+biZQsA4Zqsuk - vvphhSERhqk/Nv76Vkl8uvJwwHbQrR9KJx4L3PRkGCG24rix71jEuXVGZUsDNM3CUKnARx4MEab6 - GFHNkZ6DmoT/PFagngecHu+EwmuDtaG0rEkFrARwe+d8Ru0BN558abFburn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified - linkText: This one will be deleted - nameID: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent - showSamlLoginLink: true - skipSslValidation: true - signatureAlgorithm: SHA256 - wantAssertionSigned: false - disableInResponseToCheck: true - signRequest: false - selfServiceLinksEnabled: false - url: https://login.some.test.domain.com:555/uaa -logout: - redirect: - parameter: - disable: true - whitelist: - - https://url1.domain1.com/logout-success - - https://url2.domain2.com/logout-success - url: /configured_login notifications: url: https://notifications.somedomain.com oauth: @@ -506,26 +157,6 @@ oauth: expireSecretInMonths: 7 clients: - cc-service-dashboards: - authorities: clients.read,clients.write,clients.admin - authorized-grant-types: authorization_code,client_credentials - scope: openid,cloud_controller_service_permissions.read - secret: cc-broker-secret - id: cc-service-dashboards - redirect-uri: http://service-dashboard.test.com - cc_routing: - authorities: routing.router_groups.read - authorized-grant-types: client_credentials - secret: cc-routing-secret - id: cc_routing - cf: - access-token-validity: 600 - authorities: uaa.none - authorized-grant-types: password,refresh_token - override: true - refresh-token-validity: 604800 - scope: cloud_controller.read,cloud_controller.write,openid,password.write,cloud_controller.admin,cloud_controller.admin_read_only,cloud_controller.global_auditor,scim.read,scim.write,doppler.firehose,uaa.user,routing.router_groups.read,routing.router_groups.write - id: cf login: authorities: oauth.login,scim.write,clients.read,notifications.write,critical_notifications.write,emails.write,scim.userids,password.write authorized-grant-types: authorization_code,client_credentials,refresh_token @@ -554,34 +185,19 @@ oauth: secret: secret id: jku_test_without_autoapprove client_without_openid: - authorities: uaa.none - authorized-grant-types: password,client_credentials,refresh_token,authorization_code - autoapprove: true - override: true - redirect-uri: http://localhost/** - scope: password.write - secret: secret - id: client_without_openid - notifications: - authorities: cloud_controller.admin,scim.read - authorized-grant-types: client_credentials - secret: notifications-secret - id: notifications + authorities: uaa.none + authorized-grant-types: password,client_credentials,refresh_token,authorization_code + autoapprove: true + override: true + redirect-uri: http://localhost/** + scope: password.write + secret: secret + id: client_without_openid admin: authorized-grant-types: client_credentials authorities: clients.read,clients.write,clients.secret,uaa.admin,scim.read,scim.write,password.write id: admin secret: admin-secret - client-should-not-exist-1: - authorized-grant-types: client_credentials - authorities: clients.read,clients.write,clients.secret,uaa.admin,scim.read,scim.write,password.write - id: admin - secret: admin-secret - client-should-not-exist-2: - authorized-grant-types: client_credentials - authorities: clients.read,clients.write,clients.secret,uaa.admin,scim.read,scim.write,password.write - id: admin - secret: admin-secret user: authorities: - openid @@ -603,60 +219,12 @@ oauth: - foo.foo authorize: ssl: true -password: - policy: - expirePasswordInMonths: 6 - global: - expirePasswordInMonths: 6 - maxLength: 100 - minLength: 8 - requireDigit: 0 - requireLowerCaseCharacter: 0 - requireSpecialCharacter: 1 - requireUpperCaseCharacter: 0 - maxLength: 100 - minLength: 8 - requireDigit: 0 - requireLowerCaseCharacter: 0 - requireSpecialCharacter: 1 - requireUpperCaseCharacter: 0 scim: - external_groups: - ldap: - cn=admins,ou=user accounts,dc=mydomain,dc=com: - - bosh.admin - - scim.read - some-saml-provider: - saml-bosh-admin-group: - - bosh.admin - saml-admin-group: - - scim.read - - scim.write - groups: - cat: The cat - pony: The magic of friendship userids_enabled: true user: override: true users: - admin|admin|admin|||foo.bar,uaa.admin|uaa - - delete-user-1|admin|admin|||foo.bar,uaa.admin|uaa - - delete-user-2|admin|admin|||foo.bar,uaa.admin|uaa -require_https: true -servlet: - session-store: memory - filtered-headers: - - X-Forwarded-Host - - Forwarded - session-cookie: - max-age: 30 - idle-timeout: 300 -smtp: - auth: true - from_address: test@example.com - host: some-host - port: 9090 - starttls: true uaa: url: https://uaa.some.test.domain.com:555/uaa shutdown: @@ -665,18 +233,18 @@ uaa: statusFile: /tmp/uaa-test-limited-mode-status-file.txt whitelist: endpoints: - - /other-url/** - - /oauth/authorize/** - - /oauth/token/** - - /check_token - - /login/** - - /logout/** - - /saml/** + - /other-url/** + - /oauth/authorize/** + - /oauth/token/** + - /check_token + - /login/** + - /logout/** + - /saml/** methods: - - CONNECT - - GET - - HEAD - - OPTIONS + - CONNECT + - GET + - HEAD + - OPTIONS zones: internal: hostnames: From 22fcf731cd28eb3e265b92a5d46c2cdd9e4a9507 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Wed, 20 Nov 2019 10:11:05 -0800 Subject: [PATCH 006/111] Test Refactor - UaaTokenServicesTests - Apply IntelliJ sanitizations [#169854769] --- .../uaa/oauth/UaaTokenServicesTests.java | 125 ++++++++++-------- 1 file changed, 72 insertions(+), 53 deletions(-) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServicesTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServicesTests.java index 8a639ab52f6..0352e38b1a0 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServicesTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServicesTests.java @@ -24,7 +24,11 @@ import org.cloudfoundry.identity.uaa.user.UaaUser; import org.cloudfoundry.identity.uaa.util.UaaTokenUtils; import org.joda.time.DateTime; -import org.junit.jupiter.api.*; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.DisplayName; +import org.junit.jupiter.api.Nested; +import org.junit.jupiter.api.Test; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.MethodSource; import org.junit.jupiter.params.provider.ValueSource; @@ -36,22 +40,37 @@ import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.TokenRequest; -import java.util.*; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Date; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; import java.util.stream.Stream; import static org.cloudfoundry.identity.uaa.oauth.TokenTestSupport.GRANT_TYPE; -import static org.cloudfoundry.identity.uaa.oauth.token.TokenConstants.*; +import static org.cloudfoundry.identity.uaa.oauth.token.TokenConstants.GRANT_TYPE_AUTHORIZATION_CODE; +import static org.cloudfoundry.identity.uaa.oauth.token.TokenConstants.GRANT_TYPE_CLIENT_CREDENTIALS; +import static org.cloudfoundry.identity.uaa.oauth.token.TokenConstants.GRANT_TYPE_IMPLICIT; +import static org.cloudfoundry.identity.uaa.oauth.token.TokenConstants.GRANT_TYPE_PASSWORD; +import static org.cloudfoundry.identity.uaa.oauth.token.TokenConstants.GRANT_TYPE_REFRESH_TOKEN; import static org.hamcrest.CoreMatchers.is; import static org.hamcrest.CoreMatchers.not; import static org.hamcrest.CoreMatchers.notNullValue; import static org.hamcrest.CoreMatchers.nullValue; import static org.hamcrest.CoreMatchers.startsWith; -import static org.hamcrest.Matchers.*; +import static org.hamcrest.Matchers.containsInAnyOrder; +import static org.hamcrest.Matchers.greaterThan; +import static org.hamcrest.Matchers.hasItem; +import static org.hamcrest.Matchers.hasKey; import static org.junit.Assert.assertThat; import static org.junit.jupiter.api.Assertions.assertAll; @WithSpring -public class UaaTokenServicesTests { +@DisplayName("Uaa Token Services Tests") +class UaaTokenServicesTests { @Autowired private UaaTokenServices tokenServices; @@ -83,7 +102,7 @@ void setupRequest() { @DisplayName("id token should contain jku header") @Test - public void ensureJKUHeaderIsSetWhenBuildingAnIdToken() { + void ensureJKUHeaderIsSetWhenBuildingAnIdToken() { AuthorizationRequest authorizationRequest = constructAuthorizationRequest(clientId, GRANT_TYPE_PASSWORD, requestedScope); OAuth2Authentication auth2Authentication = constructUserAuthenticationFromAuthzRequest(authorizationRequest, "admin", "uaa"); @@ -98,7 +117,7 @@ public void ensureJKUHeaderIsSetWhenBuildingAnIdToken() { @DisplayName("ensureIdToken Returned when Client Has OpenId Scope and Scope=OpenId withGrantType") @ParameterizedTest @ValueSource(strings = {GRANT_TYPE_PASSWORD, GRANT_TYPE_AUTHORIZATION_CODE, GRANT_TYPE_IMPLICIT}) - public void ensureIdTokenReturned_withGrantType(String grantType) { + void ensureIdTokenReturned_withGrantType(String grantType) { AuthorizationRequest authorizationRequest = constructAuthorizationRequest(clientId, grantType, requestedScope); OAuth2Authentication auth2Authentication = constructUserAuthenticationFromAuthzRequest(authorizationRequest, "admin", "uaa"); @@ -144,15 +163,15 @@ void setupRequest() { @DisplayName("id token should not be returned") @ParameterizedTest @ValueSource(strings = {GRANT_TYPE_PASSWORD, GRANT_TYPE_AUTHORIZATION_CODE, GRANT_TYPE_IMPLICIT}) - public void ensureAnIdTokenIsNotReturned(String grantType) { + void ensureAnIdTokenIsNotReturned(String grantType) { AuthorizationRequest authorizationRequest = constructAuthorizationRequest(clientId, grantType, requestedScope); OAuth2Authentication auth2Authentication = constructUserAuthenticationFromAuthzRequest(authorizationRequest, "admin", "uaa"); CompositeToken accessToken = (CompositeToken) tokenServices.createAccessToken(auth2Authentication); assertAll("id token is not returned, and a useful log message is printed", - () -> assertThat(accessToken.getIdTokenValue(), is(nullValue())), - () -> assertThat("Useful log message", logEvents, hasItem("an ID token was requested but 'openid' is missing from the requested scopes")) + () -> assertThat(accessToken.getIdTokenValue(), is(nullValue())), + () -> assertThat("Useful log message", logEvents, hasItem("an ID token was requested but 'openid' is missing from the requested scopes")) ); } } @@ -188,7 +207,7 @@ void resetUserApproval() { @DisplayName("id token should not be returned") @ParameterizedTest @ValueSource(strings = {GRANT_TYPE_AUTHORIZATION_CODE, GRANT_TYPE_IMPLICIT}) - public void ensureAnIdTokenIsNotReturned(String grantType) { + void ensureAnIdTokenIsNotReturned(String grantType) { AuthorizationRequest authorizationRequest = constructAuthorizationRequest(clientId, grantType, requestedScope); OAuth2Authentication auth2Authentication = constructUserAuthenticationFromAuthzRequest(authorizationRequest, "admin", "uaa"); @@ -199,7 +218,7 @@ public void ensureAnIdTokenIsNotReturned(String grantType) { @DisplayName("id token should returned when grant type is password") @Test - public void ensureAnIdTokenIsReturned() { + void ensureAnIdTokenIsReturned() { AuthorizationRequest authorizationRequest = constructAuthorizationRequest(clientId, GRANT_TYPE_PASSWORD, requestedScope); OAuth2Authentication auth2Authentication = constructUserAuthenticationFromAuthzRequest(authorizationRequest, "admin", "uaa"); @@ -211,7 +230,7 @@ public void ensureAnIdTokenIsReturned() { } @Test - public void ensureJKUHeaderIsSetWhenBuildingAnAccessToken() { + void ensureJKUHeaderIsSetWhenBuildingAnAccessToken() { AuthorizationRequest authorizationRequest = constructAuthorizationRequest(clientId, GRANT_TYPE_CLIENT_CREDENTIALS, Strings.split(clientScopes, ',')); OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), null); @@ -224,7 +243,7 @@ public void ensureJKUHeaderIsSetWhenBuildingAnAccessToken() { } @Test - public void ensureJKUHeaderIsSetWhenBuildingARefreshToken() { + void ensureJKUHeaderIsSetWhenBuildingARefreshToken() { AuthorizationRequest authorizationRequest = constructAuthorizationRequest(clientId, GRANT_TYPE_PASSWORD, "oauth.approvals"); OAuth2Authentication auth2Authentication = constructUserAuthenticationFromAuthzRequest(authorizationRequest, "admin", "uaa"); @@ -246,7 +265,7 @@ class WhenRefreshGrant { private CompositeExpiringOAuth2RefreshToken refreshToken; @Test - public void happyCase() { + void happyCase() { RefreshTokenRequestData refreshTokenRequestData = new RefreshTokenRequestData( GRANT_TYPE_AUTHORIZATION_CODE, Sets.newHashSet("openid", "user_attributes"), @@ -274,16 +293,16 @@ class WhenAcrClaimIsPresent { void setup(Set acrs) { RefreshTokenRequestData refreshTokenRequestData = new RefreshTokenRequestData( - GRANT_TYPE_AUTHORIZATION_CODE, - Sets.newHashSet("openid", "user_attributes"), - null, - "", - Sets.newHashSet(""), - "jku_test", - false, - new Date(), - acrs, - null + GRANT_TYPE_AUTHORIZATION_CODE, + Sets.newHashSet("openid", "user_attributes"), + null, + "", + Sets.newHashSet(""), + "jku_test", + false, + new Date(), + acrs, + null ); UaaUser uaaUser = jdbcUaaUserDatabase.retrieveUserByName("admin", "uaa"); refreshToken = refreshTokenCreator.createRefreshToken(uaaUser, refreshTokenRequestData, null); @@ -293,14 +312,14 @@ void setup(Set acrs) { @ParameterizedTest @MethodSource("org.cloudfoundry.identity.uaa.oauth.UaaTokenServicesTests#authenticationTestParams") @DisplayName("an ID token is returned with ACR claim") - public void happyCase(List acrs) { + void happyCase(List acrs) { setup(new HashSet<>(acrs)); CompositeToken refreshedToken = (CompositeToken) tokenServices.refreshAccessToken( - refreshToken.getValue(), - new TokenRequest( - Maps.newHashMap(), "jku_test", Lists.newArrayList("openid", "user_attributes"), GRANT_TYPE_REFRESH_TOKEN - ) + refreshToken.getValue(), + new TokenRequest( + Maps.newHashMap(), "jku_test", Lists.newArrayList("openid", "user_attributes"), GRANT_TYPE_REFRESH_TOKEN + ) ); assertThat(refreshedToken, is(notNullValue())); @@ -323,7 +342,7 @@ class WhenOpenIdScopeNotRequested { @ParameterizedTest @ValueSource(strings = {GRANT_TYPE_PASSWORD, GRANT_TYPE_AUTHORIZATION_CODE}) @DisplayName("an ID token is not returned") - public void idTokenNotReturned(String grantType) { + void idTokenNotReturned(String grantType) { String nonOpenIdScope = "user_attributes"; AuthorizationRequest authorizationRequest = constructAuthorizationRequest(clientId, grantType, nonOpenIdScope); OAuth2Authentication auth2Authentication = constructUserAuthenticationFromAuthzRequest(authorizationRequest, "admin", "uaa"); @@ -347,7 +366,7 @@ class WhenClientDoesNotHaveOpenIdScope { @ParameterizedTest @ValueSource(strings = {GRANT_TYPE_PASSWORD, GRANT_TYPE_AUTHORIZATION_CODE}) @DisplayName("an ID token is not returned") - public void idTokenNotReturned(String grantType) { + void idTokenNotReturned(String grantType) { String nonOpenIdScope = "password.write"; AuthorizationRequest authorizationRequest = constructAuthorizationRequest("client_without_openid", grantType, nonOpenIdScope); OAuth2Authentication auth2Authentication = constructUserAuthenticationFromAuthzRequest(authorizationRequest, "admin", "uaa"); @@ -372,7 +391,7 @@ class WhenScopingDownToExcludeOpenIdScope { @ParameterizedTest @ValueSource(strings = {GRANT_TYPE_PASSWORD, GRANT_TYPE_AUTHORIZATION_CODE}) @DisplayName("an ID token is not returned") - public void idTokenNotReturned(String grantType) { + void idTokenNotReturned(String grantType) { AuthorizationRequest authorizationRequest = constructAuthorizationRequest("jku_test", grantType, "openid", "user_attributes"); OAuth2Authentication auth2Authentication = constructUserAuthenticationFromAuthzRequest(authorizationRequest, "admin", "uaa"); CompositeToken compositeToken = (CompositeToken) tokenServices.createAccessToken(auth2Authentication); @@ -396,16 +415,16 @@ class WhenAmrClaimIsPresent { public void setup(List amrs) { RefreshTokenRequestData refreshTokenRequestData = new RefreshTokenRequestData( - GRANT_TYPE_AUTHORIZATION_CODE, - Sets.newHashSet("openid", "user_attributes"), - Sets.newHashSet(amrs), - null, - Sets.newHashSet(""), - "jku_test", - false, - new Date(), - null, - null + GRANT_TYPE_AUTHORIZATION_CODE, + Sets.newHashSet("openid", "user_attributes"), + Sets.newHashSet(amrs), + null, + Sets.newHashSet(""), + "jku_test", + false, + new Date(), + null, + null ); UaaUser uaaUser = jdbcUaaUserDatabase.retrieveUserByName("admin", "uaa"); refreshToken = refreshTokenCreator.createRefreshToken(uaaUser, refreshTokenRequestData, null); @@ -415,14 +434,14 @@ public void setup(List amrs) { @DisplayName("an ID token is returned with AMR claim") @ParameterizedTest @MethodSource("org.cloudfoundry.identity.uaa.oauth.UaaTokenServicesTests#authenticationTestParams") - public void happyCase(List amrs) { + void happyCase(List amrs) { setup(amrs); CompositeToken refreshedToken = (CompositeToken) tokenServices.refreshAccessToken( - refreshToken.getValue(), - new TokenRequest( - Maps.newHashMap(), "jku_test", Lists.newArrayList("openid", "user_attributes"), GRANT_TYPE_REFRESH_TOKEN - ) + refreshToken.getValue(), + new TokenRequest( + Maps.newHashMap(), "jku_test", Lists.newArrayList("openid", "user_attributes"), GRANT_TYPE_REFRESH_TOKEN + ) ); assertThat(refreshedToken, is(notNullValue())); @@ -445,7 +464,7 @@ private OAuth2Authentication constructUserAuthenticationFromAuthzRequest(Authori UaaUser uaaUser = jdbcUaaUserDatabase.retrieveUserByName(userId, userOrigin); UaaPrincipal principal = new UaaPrincipal(uaaUser); UaaAuthentication userAuthentication = new UaaAuthentication( - principal, null, Arrays.asList(authorities), null, true, System.currentTimeMillis() + principal, null, Arrays.asList(authorities), null, true, System.currentTimeMillis() ); return new OAuth2Authentication(authzRequest.createOAuth2Request(), userAuthentication); } @@ -457,10 +476,10 @@ static Stream> authenticationTestParams() { List intAcrs = Lists.newArrayList("2"); return Stream.of( - validAcrs, - nullAcrs, - validAcrsWithNull, - intAcrs + validAcrs, + nullAcrs, + validAcrsWithNull, + intAcrs ); } From 7deb8c2c076a878248decde58c0c71c64de74caf Mon Sep 17 00:00:00 2001 From: Cloud Foundry Identity Team Date: Wed, 20 Nov 2019 19:44:22 +0000 Subject: [PATCH 007/111] Update version and regenerate POM files for components --- metrics-data/pom.xml | 72 +++++++ model/pom.xml | 136 +++++++++++++ samples/api/pom.xml | 160 +++++++++++++++ samples/app/pom.xml | 160 +++++++++++++++ samples/pom.xml | 56 +++++ server/pom.xml | 476 ++++++++++++++++++++++++++++++++++++++++++- statsd/pom.xml | 136 +++++++++++++ uaa/pom.xml | 264 ++++++++++++++++++++++++ 8 files changed, 1454 insertions(+), 6 deletions(-) diff --git a/metrics-data/pom.xml b/metrics-data/pom.xml index 07c07312e17..8a0e4765571 100644 --- a/metrics-data/pom.xml +++ b/metrics-data/pom.xml @@ -18,6 +18,10 @@ jackson-databind compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -30,6 +34,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -49,6 +57,10 @@ jackson-annotations compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -61,6 +73,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -80,6 +96,10 @@ spring-boot-starter-test test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -92,6 +112,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -112,6 +136,10 @@ 2.2 test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -124,6 +152,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -143,6 +175,10 @@ junit-jupiter-api test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -155,6 +191,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -174,6 +214,10 @@ junit-jupiter-params test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -186,6 +230,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -205,6 +253,10 @@ unboundid-ldapsdk test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -217,6 +269,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -236,6 +292,10 @@ junit-jupiter-engine test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -248,6 +308,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -267,6 +331,10 @@ junit-vintage-engine test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -279,6 +347,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest diff --git a/model/pom.xml b/model/pom.xml index a918bd8edcf..009344ab618 100644 --- a/model/pom.xml +++ b/model/pom.xml @@ -19,6 +19,10 @@ 0.0.0 compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -31,6 +35,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -50,6 +58,10 @@ validation-api compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -62,6 +74,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -82,6 +98,10 @@ 2.6 compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -94,6 +114,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -113,6 +137,10 @@ spring-web compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -125,6 +153,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -144,6 +176,10 @@ spring-webmvc compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -156,6 +192,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -175,6 +215,10 @@ spring-security-config compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -187,6 +231,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -207,6 +255,10 @@ 2.4.0.RELEASE compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -219,6 +271,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -246,6 +302,10 @@ slf4j-api compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -258,6 +318,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -277,6 +341,10 @@ spring-boot-starter-test test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -289,6 +357,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -309,6 +381,10 @@ 2.2 test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -321,6 +397,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -340,6 +420,10 @@ junit-jupiter-api test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -352,6 +436,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -371,6 +459,10 @@ junit-jupiter-params test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -383,6 +475,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -402,6 +498,10 @@ unboundid-ldapsdk test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -414,6 +514,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -433,6 +537,10 @@ junit test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -445,6 +553,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -464,6 +576,10 @@ jsonassert test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -476,6 +592,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -495,6 +615,10 @@ junit-jupiter-engine test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -507,6 +631,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -526,6 +654,10 @@ junit-vintage-engine test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -538,6 +670,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest diff --git a/samples/api/pom.xml b/samples/api/pom.xml index 1831946dfd2..7c6e3353539 100644 --- a/samples/api/pom.xml +++ b/samples/api/pom.xml @@ -19,6 +19,10 @@ 0.0.0 compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -31,6 +35,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -50,6 +58,10 @@ spring-security-taglibs compile + + jsonassert + org.skyscreamer + spring-jdbc * @@ -70,6 +82,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -89,6 +105,10 @@ spring-security-config compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -101,6 +121,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -121,6 +145,10 @@ 9.0.27 provided + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -133,6 +161,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -152,6 +184,10 @@ spring-boot-starter-test test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -164,6 +200,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -184,6 +224,10 @@ 2.2 test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -196,6 +240,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -215,6 +263,10 @@ junit-jupiter-api test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -227,6 +279,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -246,6 +302,10 @@ junit-jupiter-params test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -258,6 +318,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -277,6 +341,10 @@ unboundid-ldapsdk test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -289,6 +357,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -308,6 +380,10 @@ spring-test test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -320,6 +396,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -339,6 +419,10 @@ junit test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -351,6 +435,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -370,6 +458,10 @@ mockito-core test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -382,6 +474,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -401,6 +497,10 @@ mockito-junit-jupiter test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -413,6 +513,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -432,6 +536,10 @@ postgresql test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -444,6 +552,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -464,6 +576,10 @@ 9.0.27 test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -476,6 +592,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -496,6 +616,10 @@ 9.0.27 test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -508,6 +632,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -528,6 +656,10 @@ 9.0.27 test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -540,6 +672,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -559,6 +695,10 @@ json-path-assert test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -571,6 +711,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -590,6 +734,10 @@ junit-jupiter-engine test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -602,6 +750,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -621,6 +773,10 @@ junit-vintage-engine test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -633,6 +789,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest diff --git a/samples/app/pom.xml b/samples/app/pom.xml index 841782eb91b..19d7ee03268 100644 --- a/samples/app/pom.xml +++ b/samples/app/pom.xml @@ -19,6 +19,10 @@ 0.0.0 compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -31,6 +35,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -51,6 +59,10 @@ 9.0.27 provided + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -63,6 +75,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -82,6 +98,10 @@ jstl runtime + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -94,6 +114,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -113,6 +137,10 @@ spring-security-config runtime + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -125,6 +153,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -148,6 +180,10 @@ spring-boot-starter-test test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -160,6 +196,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -180,6 +220,10 @@ 2.2 test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -192,6 +236,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -211,6 +259,10 @@ junit-jupiter-api test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -223,6 +275,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -242,6 +298,10 @@ junit-jupiter-params test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -254,6 +314,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -273,6 +337,10 @@ unboundid-ldapsdk test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -285,6 +353,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -304,6 +376,10 @@ spring-test test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -316,6 +392,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -335,6 +415,10 @@ junit test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -347,6 +431,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -366,6 +454,10 @@ mockito-core test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -378,6 +470,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -397,6 +493,10 @@ mockito-junit-jupiter test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -409,6 +509,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -428,6 +532,10 @@ postgresql test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -440,6 +548,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -460,6 +572,10 @@ 9.0.27 test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -472,6 +588,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -492,6 +612,10 @@ 9.0.27 test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -504,6 +628,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -524,6 +652,10 @@ 9.0.27 test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -536,6 +668,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -555,6 +691,10 @@ json-path-assert test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -567,6 +707,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -586,6 +730,10 @@ junit-jupiter-engine test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -598,6 +746,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -617,6 +769,10 @@ junit-vintage-engine test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -629,6 +785,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest diff --git a/samples/pom.xml b/samples/pom.xml index 8040d57d661..da32df9da2e 100644 --- a/samples/pom.xml +++ b/samples/pom.xml @@ -18,6 +18,10 @@ spring-boot-starter-test test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -30,6 +34,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -50,6 +58,10 @@ 2.2 test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -62,6 +74,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -81,6 +97,10 @@ junit-jupiter-api test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -93,6 +113,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -112,6 +136,10 @@ junit-jupiter-params test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -124,6 +152,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -143,6 +175,10 @@ unboundid-ldapsdk test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -155,6 +191,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -174,6 +214,10 @@ junit-jupiter-engine test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -186,6 +230,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -205,6 +253,10 @@ junit-vintage-engine test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -217,6 +269,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest diff --git a/server/pom.xml b/server/pom.xml index e436900cd93..658cd452b0e 100644 --- a/server/pom.xml +++ b/server/pom.xml @@ -19,6 +19,10 @@ 0.0.0 compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -35,6 +39,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -55,6 +63,10 @@ 9.0.27 compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -71,6 +83,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -91,6 +107,10 @@ 1.4.7 compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -107,6 +127,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -126,6 +150,10 @@ json-path compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -142,6 +170,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -162,6 +194,10 @@ 3.4.0 compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -178,6 +214,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -197,6 +237,10 @@ spring-beans compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -213,6 +257,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -232,6 +280,10 @@ spring-context compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -248,6 +300,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -267,6 +323,10 @@ spring-context-support compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -283,6 +343,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -302,6 +366,10 @@ spring-tx compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -318,6 +386,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -337,6 +409,10 @@ spring-jdbc compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -353,6 +429,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -372,6 +452,10 @@ spring-web compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -388,6 +472,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -407,6 +495,10 @@ spring-security-core compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -423,6 +515,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -443,6 +539,10 @@ 1.1.0.RELEASE compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -459,6 +559,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -478,6 +582,10 @@ spring-security-web compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -494,6 +602,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -514,6 +626,10 @@ 1.0.10.RELEASE compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -530,6 +646,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -549,6 +669,10 @@ spring-session-jdbc compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -565,6 +689,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -585,6 +713,10 @@ 2.4.0.RELEASE compile + + jsonassert + org.skyscreamer + commons-codec * @@ -605,6 +737,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -633,6 +769,10 @@ 1.64 compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -649,6 +789,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -669,6 +813,10 @@ 1.64 compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -685,6 +833,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -705,6 +857,10 @@ 28.1-jre compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -721,6 +877,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -740,6 +900,10 @@ aspectjrt compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -756,6 +920,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -775,6 +943,10 @@ aspectjweaver compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -791,6 +963,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -810,6 +986,10 @@ thymeleaf-spring5 compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -826,6 +1006,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -845,6 +1029,10 @@ thymeleaf-layout-dialect compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -861,6 +1049,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -880,6 +1072,10 @@ thymeleaf-extras-springsecurity5 compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -896,6 +1092,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -920,6 +1120,10 @@ wink-client-apache-httpclient * + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -928,22 +1132,26 @@ hamcrest-library org.hamcrest - - spring-boot-starter-logging - org.springframework.boot - bsh-core org.beanshell - commons-logging - * + android-json + com.vaadin.external.google hamcrest-core org.hamcrest + + spring-boot-starter-logging + org.springframework.boot + + + commons-logging + * + apacheds-core org.apache.directory.server @@ -967,6 +1175,10 @@ hibernate-validator compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -983,6 +1195,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1002,6 +1218,10 @@ flyway-core compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1018,6 +1238,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1037,6 +1261,10 @@ mariadb-java-client compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1053,6 +1281,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1072,6 +1304,10 @@ hsqldb compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1088,6 +1324,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1107,6 +1347,10 @@ snakeyaml compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1123,6 +1367,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1142,6 +1390,10 @@ spring-security-ldap compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1158,6 +1410,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1177,6 +1433,10 @@ spring-ldap-core compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1193,6 +1453,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1212,6 +1476,10 @@ spring-ldap-core-tiger compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1228,6 +1496,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1252,6 +1524,10 @@ slf4j-api * + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1268,6 +1544,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1288,6 +1568,10 @@ 1.2.0 compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1304,6 +1588,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1324,6 +1612,10 @@ 1.4.0 compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1340,6 +1632,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1359,6 +1655,10 @@ log4j-slf4j-impl compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1375,6 +1675,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1394,6 +1698,10 @@ log4j-core compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1410,6 +1718,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1429,6 +1741,10 @@ jaxb-api runtime + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1445,6 +1761,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1465,6 +1785,10 @@ 2.3.0 runtime + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1481,6 +1805,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1501,6 +1829,10 @@ 2.3.0 runtime + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1517,6 +1849,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1537,6 +1873,10 @@ 9.0.27 provided + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1553,6 +1893,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1572,6 +1916,10 @@ spring-boot-starter-test test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1588,6 +1936,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1608,6 +1960,10 @@ 2.2 test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1624,6 +1980,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1643,6 +2003,10 @@ junit-jupiter-api test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1659,6 +2023,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1678,6 +2046,10 @@ junit-jupiter-params test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1694,6 +2066,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1713,6 +2089,10 @@ unboundid-ldapsdk test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1729,6 +2109,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1748,6 +2132,10 @@ spring-test test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1764,6 +2152,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1783,6 +2175,10 @@ junit test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1799,6 +2195,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1818,6 +2218,10 @@ mockito-core test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1834,6 +2238,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1853,6 +2261,10 @@ mockito-junit-jupiter test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1869,6 +2281,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1888,6 +2304,10 @@ postgresql test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1904,6 +2324,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1924,6 +2348,10 @@ 9.0.27 test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1940,6 +2368,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1960,6 +2392,10 @@ 9.0.27 test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1976,6 +2412,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1995,6 +2435,10 @@ json-path-assert test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -2011,6 +2455,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -2030,6 +2478,10 @@ junit-jupiter-engine test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -2046,6 +2498,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -2065,6 +2521,10 @@ junit-vintage-engine test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -2081,6 +2541,10 @@ bsh-core org.beanshell + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest diff --git a/statsd/pom.xml b/statsd/pom.xml index 7f93bc09068..2cbc4c2f944 100644 --- a/statsd/pom.xml +++ b/statsd/pom.xml @@ -19,6 +19,10 @@ 0.0.0 compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -31,6 +35,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -50,6 +58,10 @@ spring-boot-starter compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -62,6 +74,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -81,6 +97,10 @@ spring-boot-starter-web compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -93,6 +113,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -112,6 +136,10 @@ spring-boot-starter-log4j2 compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -124,6 +152,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -144,6 +176,10 @@ 3.1.0 compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -156,6 +192,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -175,6 +215,10 @@ jackson-dataformat-yaml compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -187,6 +231,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -206,6 +254,10 @@ jackson-databind compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -218,6 +270,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -238,6 +294,10 @@ 9.0.27 provided + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -250,6 +310,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -269,6 +333,10 @@ spring-boot-starter-tomcat provided + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -281,6 +349,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -300,6 +372,10 @@ spring-boot-starter-test test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -312,6 +388,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -332,6 +412,10 @@ 2.2 test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -344,6 +428,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -363,6 +451,10 @@ junit-jupiter-api test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -375,6 +467,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -394,6 +490,10 @@ junit-jupiter-params test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -406,6 +506,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -425,6 +529,10 @@ unboundid-ldapsdk test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -437,6 +545,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -456,6 +568,10 @@ mockito-core test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -468,6 +584,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -487,6 +607,10 @@ junit-jupiter-engine test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -499,6 +623,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -518,6 +646,10 @@ junit-vintage-engine test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -530,6 +662,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest diff --git a/uaa/pom.xml b/uaa/pom.xml index 9dcbe8ae87b..11e74691402 100644 --- a/uaa/pom.xml +++ b/uaa/pom.xml @@ -19,6 +19,10 @@ 0.0.0 compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -31,6 +35,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -54,6 +62,10 @@ spring-boot-starter compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -66,6 +78,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -85,6 +101,10 @@ spring-boot-starter-web compile + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -97,6 +117,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -116,6 +140,10 @@ jaxb-api runtime + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -128,6 +156,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -148,6 +180,10 @@ 2.3.0 runtime + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -160,6 +196,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -180,6 +220,10 @@ 2.3.0 runtime + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -192,6 +236,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -212,6 +260,10 @@ 9.0.27 provided + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -224,6 +276,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -243,6 +299,10 @@ spring-security-config runtime + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -255,6 +315,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -274,6 +338,10 @@ spring-retry runtime + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -286,6 +354,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -305,6 +377,10 @@ aspectjweaver runtime + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -317,6 +393,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -336,6 +416,10 @@ postgresql runtime + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -348,6 +432,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -367,6 +455,10 @@ spring-boot-starter-test test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -379,6 +471,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -399,6 +495,10 @@ 2.2 test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -411,6 +511,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -430,6 +534,10 @@ junit-jupiter-api test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -442,6 +550,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -461,6 +573,10 @@ junit-jupiter-params test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -473,6 +589,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -492,6 +612,10 @@ unboundid-ldapsdk test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -504,6 +628,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -523,6 +651,10 @@ spring-test test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -535,6 +667,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -554,6 +690,10 @@ junit test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -566,6 +706,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -585,6 +729,10 @@ mockito-core test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -597,6 +745,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -616,6 +768,10 @@ mockito-junit-jupiter test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -628,6 +784,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -648,6 +808,10 @@ 9.0.27 test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -660,6 +824,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -680,6 +848,10 @@ 9.0.27 test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -692,6 +864,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -712,6 +888,10 @@ 9.0.27 test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -724,6 +904,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -743,6 +927,10 @@ json-path-assert test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -755,6 +943,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -779,6 +971,10 @@ slf4j-api * + + jsonassert + org.skyscreamer + slf4j-log4j12 * @@ -795,6 +991,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -818,6 +1018,10 @@ selenium-java test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -830,6 +1034,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -850,6 +1058,10 @@ 1.6 test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -862,6 +1074,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -882,6 +1098,10 @@ 3.4.0 test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -894,6 +1114,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -913,6 +1137,10 @@ jsonassert test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -925,6 +1153,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -944,6 +1176,10 @@ spring-security-test test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -956,6 +1192,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -975,6 +1215,10 @@ spring-restdocs-mockmvc test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -987,6 +1231,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1006,6 +1254,10 @@ junit-jupiter-engine test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1018,6 +1270,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest @@ -1037,6 +1293,10 @@ junit-vintage-engine test + + jsonassert + org.skyscreamer + hamcrest-all org.hamcrest @@ -1049,6 +1309,10 @@ spring-boot-starter-logging org.springframework.boot + + android-json + com.vaadin.external.google + hamcrest-core org.hamcrest From f1a3919dbdfb2a56ec1833a11acf330b546f1ff6 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Wed, 20 Nov 2019 14:22:57 -0800 Subject: [PATCH 008/111] Replace @WithSpring with @DefaultTestContext [finishes #169854769] Signed-off-by: Andrew Edstrom --- .../identity/uaa/annotations/WithSpring.java | 29 -- .../identity/uaa/test/TestWebAppContext.java | 60 ---- .../webapp/WEB-INF/spring/oauth-clients.xml | 30 ++ .../webapp/WEB-INF/spring/scim-endpoints.xml | 1 + .../uaa/oauth/UaaTokenServicesTests.java | 63 ++--- .../test/bootstrap/all-properties-set.yml | 257 ------------------ 6 files changed, 59 insertions(+), 381 deletions(-) delete mode 100644 server/src/test/java/org/cloudfoundry/identity/uaa/annotations/WithSpring.java delete mode 100644 server/src/test/java/org/cloudfoundry/identity/uaa/test/TestWebAppContext.java delete mode 100644 uaa/src/test/resources/test/bootstrap/all-properties-set.yml diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/annotations/WithSpring.java b/server/src/test/java/org/cloudfoundry/identity/uaa/annotations/WithSpring.java deleted file mode 100644 index b1fba9f8b88..00000000000 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/annotations/WithSpring.java +++ /dev/null @@ -1,29 +0,0 @@ -package org.cloudfoundry.identity.uaa.annotations; - -import org.cloudfoundry.identity.uaa.test.TestWebAppContext; -import org.junit.jupiter.api.extension.ExtendWith; -import org.springframework.test.context.ActiveProfiles; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit.jupiter.SpringExtension; -import org.springframework.test.context.web.WebAppConfiguration; - -import java.lang.annotation.ElementType; -import java.lang.annotation.Retention; -import java.lang.annotation.RetentionPolicy; -import java.lang.annotation.Target; - -/** - * @Deprecated. Use {@link org.cloudfoundry.identity.uaa.DefaultTestContext} instead. - * This is part of the uaa module, so move it to the server module if you need it - */ -@Deprecated -@ExtendWith(SpringExtension.class) -@Retention(RetentionPolicy.RUNTIME) -@Target(ElementType.TYPE) -@ActiveProfiles("default") -@WebAppConfiguration -@ContextConfiguration(classes = { - TestWebAppContext.class -}) -public @interface WithSpring { -} diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/test/TestWebAppContext.java b/server/src/test/java/org/cloudfoundry/identity/uaa/test/TestWebAppContext.java deleted file mode 100644 index 83459f87e8a..00000000000 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/test/TestWebAppContext.java +++ /dev/null @@ -1,60 +0,0 @@ -package org.cloudfoundry.identity.uaa.test; - -import org.apache.tomcat.jdbc.pool.DataSource; -import org.cloudfoundry.identity.uaa.impl.config.NestedMapPropertySource; -import org.cloudfoundry.identity.uaa.impl.config.YamlMapFactoryBean; -import org.cloudfoundry.identity.uaa.impl.config.YamlProcessor; -import org.springframework.beans.factory.InitializingBean; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.ImportResource; -import org.springframework.context.annotation.PropertySource; -import org.springframework.context.support.PropertySourcesPlaceholderConfigurer; -import org.springframework.core.io.Resource; -import org.springframework.core.io.support.EncodedResource; -import org.springframework.core.io.support.PropertySourceFactory; -import org.yaml.snakeyaml.Yaml; - -import java.util.Map; - -/** - * @Deprecated. Use {@link org.cloudfoundry.identity.uaa.DefaultTestContext} instead. - * This is part of the uaa module, so move it to the server module if you need it - */ -@Deprecated -@Configuration -@PropertySource(value = { - "file:../uaa/src/test/resources/test/bootstrap/all-properties-set.yml" -}, factory = NestedMapPropertySourceFactory.class) -@ImportResource(locations = { - "file:../uaa/src/main/webapp/WEB-INF/spring-servlet.xml" -}) -public class TestWebAppContext implements InitializingBean { - @Autowired - DataSource dataSource; - - @Bean - public static PropertySourcesPlaceholderConfigurer properties() { - return new PropertySourcesPlaceholderConfigurer(); - } - - @Override - public void afterPropertiesSet() { - } -} - -class NestedMapPropertySourceFactory implements PropertySourceFactory { - @Override - public org.springframework.core.env.PropertySource createPropertySource(String name, EncodedResource resource) { - YamlMapFactoryBean factory = new YamlMapFactoryBean(); - factory.setResolutionMethod(YamlProcessor.ResolutionMethod.OVERRIDE_AND_IGNORE); - factory.setResources(new Resource[]{resource.getResource()}); - - Map yamlMap = factory.getObject(); - String yamlStr = (new Yaml()).dump(yamlMap); - yamlMap.put("environmentYamlKey", yamlStr); - - return new NestedMapPropertySource("servletConfigYaml", yamlMap); - } -} \ No newline at end of file diff --git a/uaa/src/main/webapp/WEB-INF/spring/oauth-clients.xml b/uaa/src/main/webapp/WEB-INF/spring/oauth-clients.xml index 9bff5cd0241..73aacef10a0 100644 --- a/uaa/src/main/webapp/WEB-INF/spring/oauth-clients.xml +++ b/uaa/src/main/webapp/WEB-INF/spring/oauth-clients.xml @@ -187,6 +187,36 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/uaa/src/main/webapp/WEB-INF/spring/scim-endpoints.xml b/uaa/src/main/webapp/WEB-INF/spring/scim-endpoints.xml index 62ab6575f4d..7a6b4a87019 100644 --- a/uaa/src/main/webapp/WEB-INF/spring/scim-endpoints.xml +++ b/uaa/src/main/webapp/WEB-INF/spring/scim-endpoints.xml @@ -338,6 +338,7 @@ marissa|koala|marissa@test.org|Marissa|Bloggs|uaa.user testbootuser|password|testbootuser@test.org|Test|Bootstrap|uaa.user,scim.read + admin|admin|admin|||foo.bar,uaa.admin|uaa acme|acme.dev,acme.qa diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServicesTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServicesTests.java index 0352e38b1a0..60d10a272d4 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServicesTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServicesTests.java @@ -8,7 +8,7 @@ import org.apache.logging.log4j.core.LoggerContext; import org.apache.logging.log4j.core.appender.AbstractAppender; import org.bouncycastle.util.Strings; -import org.cloudfoundry.identity.uaa.annotations.WithSpring; +import org.cloudfoundry.identity.uaa.DefaultTestContext; import org.cloudfoundry.identity.uaa.approval.Approval; import org.cloudfoundry.identity.uaa.approval.JdbcApprovalStore; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; @@ -33,12 +33,13 @@ import org.junit.jupiter.params.provider.MethodSource; import org.junit.jupiter.params.provider.ValueSource; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Value; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.TokenRequest; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.context.TestPropertySource; import java.util.ArrayList; import java.util.Arrays; @@ -60,7 +61,6 @@ import static org.hamcrest.CoreMatchers.not; import static org.hamcrest.CoreMatchers.notNullValue; import static org.hamcrest.CoreMatchers.nullValue; -import static org.hamcrest.CoreMatchers.startsWith; import static org.hamcrest.Matchers.containsInAnyOrder; import static org.hamcrest.Matchers.greaterThan; import static org.hamcrest.Matchers.hasItem; @@ -68,30 +68,24 @@ import static org.junit.Assert.assertThat; import static org.junit.jupiter.api.Assertions.assertAll; -@WithSpring @DisplayName("Uaa Token Services Tests") +@DefaultTestContext +@TestPropertySource(properties = {"uaa.url=https://uaa.some.test.domain.com:555/uaa"}) class UaaTokenServicesTests { @Autowired private UaaTokenServices tokenServices; - @Value("${uaa.url}") - private String uaaUrl; - - @Value("${oauth.clients.jku_test.id}") - private String clientId; - - @Value("${oauth.clients.jku_test.secret}") - private String clientSecret; - - @Value("${oauth.clients.jku_test.scope}") - private String clientScopes; + private String clientId = "jku_test"; + private String clientSecret = "secret"; + private String clientScopes = "openid,oauth.approvals,user_attributes"; @Autowired private JdbcUaaUserDatabase jdbcUaaUserDatabase; @Nested @DisplayName("when building an id token") - @WithSpring + @DefaultTestContext + @TestPropertySource(properties = {"uaa.url=https://uaa.some.test.domain.com:555/uaa"}) class WhenRequestingAnIdToken { private String requestedScope; @@ -110,7 +104,6 @@ void ensureJKUHeaderIsSetWhenBuildingAnIdToken() { CompositeToken accessToken = (CompositeToken) tokenServices.createAccessToken(auth2Authentication); Jwt jwtToken = JwtHelper.decode(accessToken.getIdTokenValue()); - assertThat(jwtToken.getHeader().getJku(), startsWith(uaaUrl)); assertThat(jwtToken.getHeader().getJku(), is("https://uaa.some.test.domain.com:555/uaa/token_keys")); } @@ -130,7 +123,8 @@ void ensureIdTokenReturned_withGrantType(String grantType) { @Nested @DisplayName("when the user doesn't request the 'openid' scope") - @WithSpring + @DefaultTestContext + @TestPropertySource(properties = {"uaa.url=https://uaa.some.test.domain.com:555/uaa"}) class WhenUserDoesntRequestOpenIdScope { private List logEvents = new ArrayList<>(); private AbstractAppender appender; @@ -178,22 +172,16 @@ void ensureAnIdTokenIsNotReturned(String grantType) { @Nested @DisplayName("when the hasn't approved the 'openid' scope") - @WithSpring + @DefaultTestContext + @TestPropertySource(properties = {"uaa.url=https://uaa.some.test.domain.com:555/uaa"}) class WhenUserHasNotApprovedOpenIdScope { - @Value("${oauth.clients.jku_test_without_autoapprove.id}") - private String clientWithoutAutoApprove; - - @Value("${oauth.clients.jku_test_without_autoapprove.secret}") - private String clientWithoutAutoApproveSecret; - @Autowired private JdbcApprovalStore jdbcApprovalStore; @BeforeEach void setupRequest() { - clientId = clientWithoutAutoApprove; - clientSecret = clientWithoutAutoApprove; + clientId = "jku_test_without_autoapprove"; Approval approvedNonOpenIdScope = new Approval().setUserId("admin").setScope("oauth.approvals").setClientId(clientId).setExpiresAt(DateTime.now().plusDays(1).toDate()).setStatus(Approval.ApprovalStatus.APPROVED); jdbcApprovalStore.addApproval(approvedNonOpenIdScope, "uaa"); @@ -238,7 +226,6 @@ void ensureJKUHeaderIsSetWhenBuildingAnAccessToken() { OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); Jwt decode = JwtHelper.decode(accessToken.getValue()); - assertThat(decode.getHeader().getJku(), startsWith(uaaUrl)); assertThat(decode.getHeader().getJku(), is("https://uaa.some.test.domain.com:555/uaa/token_keys")); } @@ -251,13 +238,14 @@ void ensureJKUHeaderIsSetWhenBuildingARefreshToken() { CompositeToken accessToken = (CompositeToken) tokenServices.createAccessToken(auth2Authentication); Jwt jwtToken = JwtHelper.decode(accessToken.getRefreshToken().getValue()); - assertThat(jwtToken.getHeader().getJku(), startsWith(uaaUrl)); assertThat(jwtToken.getHeader().getJku(), is("https://uaa.some.test.domain.com:555/uaa/token_keys")); } @Nested @DisplayName("when performing the refresh grant type") - @WithSpring + @DefaultTestContext + @TestPropertySource(properties = {"uaa.url=https://uaa.some.test.domain.com:555/uaa"}) + @DirtiesContext class WhenRefreshGrant { @Autowired private RefreshTokenCreator refreshTokenCreator; @@ -288,7 +276,8 @@ void happyCase() { @Nested @DisplayName("when ACR claim is present") - @WithSpring + @DefaultTestContext + @TestPropertySource(properties = {"uaa.url=https://uaa.some.test.domain.com:555/uaa"}) class WhenAcrClaimIsPresent { void setup(Set acrs) { @@ -337,7 +326,8 @@ void happyCase(List acrs) { @Nested @DisplayName("when 'openid' scope was not requested in original token grant") - @WithSpring + @DefaultTestContext + @TestPropertySource(properties = {"uaa.url=https://uaa.some.test.domain.com:555/uaa"}) class WhenOpenIdScopeNotRequested { @ParameterizedTest @ValueSource(strings = {GRANT_TYPE_PASSWORD, GRANT_TYPE_AUTHORIZATION_CODE}) @@ -361,7 +351,8 @@ void idTokenNotReturned(String grantType) { @Nested @DisplayName("when client does not have 'openid' scope") - @WithSpring + @DefaultTestContext + @TestPropertySource(properties = {"uaa.url=https://uaa.some.test.domain.com:555/uaa"}) class WhenClientDoesNotHaveOpenIdScope { @ParameterizedTest @ValueSource(strings = {GRANT_TYPE_PASSWORD, GRANT_TYPE_AUTHORIZATION_CODE}) @@ -386,7 +377,8 @@ void idTokenNotReturned(String grantType) { @Nested @DisplayName("when scoping down the refresh token to exclude 'openid' scope") - @WithSpring + @DefaultTestContext + @TestPropertySource(properties = {"uaa.url=https://uaa.some.test.domain.com:555/uaa"}) class WhenScopingDownToExcludeOpenIdScope { @ParameterizedTest @ValueSource(strings = {GRANT_TYPE_PASSWORD, GRANT_TYPE_AUTHORIZATION_CODE}) @@ -410,7 +402,8 @@ void idTokenNotReturned(String grantType) { @Nested @DisplayName("when AMR claim is present") - @WithSpring + @DefaultTestContext + @TestPropertySource(properties = {"uaa.url=https://uaa.some.test.domain.com:555/uaa"}) class WhenAmrClaimIsPresent { public void setup(List amrs) { diff --git a/uaa/src/test/resources/test/bootstrap/all-properties-set.yml b/uaa/src/test/resources/test/bootstrap/all-properties-set.yml deleted file mode 100644 index 07b44bd4ea2..00000000000 --- a/uaa/src/test/resources/test/bootstrap/all-properties-set.yml +++ /dev/null @@ -1,257 +0,0 @@ ---- -database: - abandonedtimeout: 45 - caseinsensitive: true - evictionintervalms: 30000 - logabandoned: false - maxactive: 50 - maxidle: 5 - minidle: 3 - removeabandoned: true - driverClassName: org.hsqldb.jdbcDriver - url: jdbc:hsqldb:mem:uaadb - username: sa - password: '' - -disableInternalUserManagement: true -issuer: - uri: https://localhost:8443/uaa/oauth/token -encryption: - active_key_label: CHANGE-THIS-KEY - encryption_keys: - - label: CHANGE-THIS-KEY - passphrase: CHANGEME -jwt: - token: - claims: - exclude: - - authorities - policy: - accessTokenValiditySeconds: 4800 - activeKeyId: key-id-2 - global: - accessTokenValiditySeconds: 3600 - refreshTokenValiditySeconds: 7200 - keys: - key-id-1: - signingKey: | - test-signing-key - key-id-2: - signingKey: | - test-signing-key-2 - refreshTokenValiditySeconds: 9600 - queryString: - enabled: false - refresh: - format: opaque - restrict_grant: false - unique: true - revocable: true -ldap: - override: false - addShadowUserOnLogin: false - base: - password: password - searchBase: '' - searchFilter: cn={0} - url: ldap://localhost:10389/ - userDn: cn=admin,dc=test,dc=com - groups: - autoAdd: true - file: ldap/ldap-groups-map-to-scopes.xml - groupSearchFilter: (member={0}) - maxSearchDepth: 11 - searchBase: ou=all-groups,dc=test,dc=com - searchSubtree: true - profile: - file: ldap/ldap-search-and-bind.xml - providerDescription: Test LDAP Provider Description - storeCustomAttributes: false -links: - global: - passwd: "https://{zone.subdomain}.myaccountmanager.domain.com/z/{zone.id}/forgot_password" - signup: "https://{zone.subdomain}.myaccountmanager.domain.com/z/{zone.id}/create_account" - homeRedirect: "https://{zone.subdomain}.myaccountmanager.domain.com/z/{zone.id}/success" - passwd: /configured_passwd - signup: /configured_signup - homeRedirect: /configured_home_redirect -login: - serviceProviderKey: | - -----BEGIN RSA PRIVATE KEY----- - MIICXQIBAAKBgQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5 - L39WqS9u0hnA+O7MCA/KlrAR4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vA - fpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCYxhMol6ZnTbSsFW6VZjFMjQIDAQAB - AoGAVOj2Yvuigi6wJD99AO2fgF64sYCm/BKkX3dFEw0vxTPIh58kiRP554Xt5ges - 7ZCqL9QpqrChUikO4kJ+nB8Uq2AvaZHbpCEUmbip06IlgdA440o0r0CPo1mgNxGu - lhiWRN43Lruzfh9qKPhleg2dvyFGQxy5Gk6KW/t8IS4x4r0CQQD/dceBA+Ndj3Xp - ubHfxqNz4GTOxndc/AXAowPGpge2zpgIc7f50t8OHhG6XhsfJ0wyQEEvodDhZPYX - kKBnXNHzAkEAyCA76vAwuxqAd3MObhiebniAU3SnPf2u4fdL1EOm92dyFs1JxyyL - gu/DsjPjx6tRtn4YAalxCzmAMXFSb1qHfwJBAM3qx3z0gGKbUEWtPHcP7BNsrnWK - vw6By7VC8bk/ffpaP2yYspS66Le9fzbFwoDzMVVUO/dELVZyBnhqSRHoXQcCQQCe - A2WL8S5o7Vn19rC0GVgu3ZJlUrwiZEVLQdlrticFPXaFrn3Md82ICww3jmURaKHS - N+l4lnMda79eSp3OMmq9AkA0p79BvYsLshUJJnvbk76pCjR28PK4dV1gSDUEqQMB - qy45ptdwJLqLJCeNoR0JUcDNIRhOCuOPND7pcMtX6hI/ - -----END RSA PRIVATE KEY----- - serviceProviderKeyPassword: password - serviceProviderCertificate: | - -----BEGIN CERTIFICATE----- - MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEO - MAwGA1UECBMFYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEO - MAwGA1UECxMFYXJ1YmExDjAMBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5h - cnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2MjdaFw0xNjExMTkyMjI2MjdaMHwx - CzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAM - BgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAb - BgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GN - ADCBiQKBgQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39W - qS9u0hnA+O7MCA/KlrAR4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOw - znoD66DDCnQVpbCjtDYWX+x6imxn8HCYxhMol6ZnTbSsFW6VZjFMjQIDAQABo4Ha - MIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1syGDCBpwYDVR0jBIGfMIGc - gBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3MQ4wDAYD - VQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYD - VQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJh - QGFydWJhLmFyggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ - 0HOZbbHClXmGUjGs+GS+xC1FO/am2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxC - KdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3oePe84k8jm3A7EvH5wi5hvCkK - RpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0= - -----END CERTIFICATE----- - url: http://localhost:8080/uaa - entityBaseURL: http://localhost:8080/uaa - entityID: cloudfoundry-saml-login - saml: - #Entity ID Alias to login at /saml/SSO/alias/{login.saml.entityIDAlias} - #entityIDAlias: cloudfoundry-saml-login - #Default nameID if IDP nameID is not set - nameID: 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified' - #Default assertionConsumerIndex if IDP value is not set - assertionConsumerIndex: 0 - #Local/SP metadata - sign metadata - signMetaData: true - #Local/SP metadata - requests signed - signRequest: true - #Local/SP metadata - want incoming assertions signed - #wantAssertionSigned: true - #Algorithm for SAML signatures. Defaults to SHA1. Accepts SHA1, SHA256, SHA512 - #signatureAlgorithm: SHA256 - socket: - # URL metadata fetch - pool timeout - connectionManagerTimeout: 10000 - # URL metadata fetch - read timeout - soTimeout: 10000 - authorize: - url: http://localhost:8080/uaa/oauth/authorize - -notifications: - url: https://notifications.somedomain.com -oauth: - client: - encoder_cache: false - encoder_expiry: 600 - secret: - policy: - minLength: 8 - maxLength: 128 - requireUpperCaseCharacter: 1 - requireLowerCaseCharacter: 3 - requireDigit: 2 - requireSpecialCharacter: 0 - expireSecretInMonths: 7 - - clients: - login: - authorities: oauth.login,scim.write,clients.read,notifications.write,critical_notifications.write,emails.write,scim.userids,password.write - authorized-grant-types: authorization_code,client_credentials,refresh_token - autoapprove: true - override: true - redirect-uri: https://login.bosh-lite.com - scope: openid,oauth.approvals - secret: login-secret - id: login - jku_test: - authorities: uaa.none - authorized-grant-types: password,client_credentials,refresh_token,authorization_code - autoapprove: true - override: true - redirect-uri: http://localhost/** - scope: openid,oauth.approvals,user_attributes - secret: secret - id: jku_test - jku_test_without_autoapprove: - authorities: uaa.none - authorized-grant-types: password,client_credentials,refresh_token,authorization_code - autoapprove: false - override: true - redirect-uri: http://localhost/** - scope: openid,oauth.approvals - secret: secret - id: jku_test_without_autoapprove - client_without_openid: - authorities: uaa.none - authorized-grant-types: password,client_credentials,refresh_token,authorization_code - autoapprove: true - override: true - redirect-uri: http://localhost/** - scope: password.write - secret: secret - id: client_without_openid - admin: - authorized-grant-types: client_credentials - authorities: clients.read,clients.write,clients.secret,uaa.admin,scim.read,scim.write,password.write - id: admin - secret: admin-secret - user: - authorities: - - openid - - scim.me - - cloud_controller.read - - cloud_controller.write - - cloud_controller_service_permissions.read - - password.write - - uaa.user - - approvals.me - - oauth.approvals - - notification_preferences.read - - notification_preferences.write - - profile - - roles - - user_attributes - - cloud_controller.user - - actuator.read - - foo.foo - authorize: - ssl: true -scim: - userids_enabled: true - user: - override: true - users: - - admin|admin|admin|||foo.bar,uaa.admin|uaa -uaa: - url: https://uaa.some.test.domain.com:555/uaa - shutdown: - sleep: 5000 - limitedFunctionality: - statusFile: /tmp/uaa-test-limited-mode-status-file.txt - whitelist: - endpoints: - - /other-url/** - - /oauth/authorize/** - - /oauth/token/** - - /check_token - - /login/** - - /logout/** - - /saml/** - methods: - - CONNECT - - GET - - HEAD - - OPTIONS -zones: - internal: - hostnames: - - host1.domain.com - - host2 - - test3.localhost - - test4.localhost -metrics: - enabled: false - perRequestMetrics: true From b10f53de9cf7e27b1b495d9a4f7d3c488be0ec74 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Thu, 21 Nov 2019 14:06:23 -0600 Subject: [PATCH 009/111] Test Refactor - LimitedModeUaaFilterTests - Apply IntelliJ suggestions and refactor [nostory] --- .../uaa/web/LimitedModeUaaFilterTests.java | 74 ++++++++----------- 1 file changed, 30 insertions(+), 44 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/web/LimitedModeUaaFilterTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/web/LimitedModeUaaFilterTests.java index 18b4e6bf295..320e3561235 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/web/LimitedModeUaaFilterTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/web/LimitedModeUaaFilterTests.java @@ -1,18 +1,3 @@ -/* - * **************************************************************************** - * Cloud Foundry - * Copyright (c) [2009-2017] Pivotal Software, Inc. All Rights Reserved. - * - * This product is licensed to you under the Apache License, Version 2.0 (the "License"). - * You may not use this product except in compliance with the License. - * - * This product includes a number of subcomponents with - * separate copyright notices and license terms. Your use of these - * subcomponents is subject to the terms and conditions of the - * subcomponent's license, as noted in the LICENSE file. - * **************************************************************************** - */ - package org.cloudfoundry.identity.uaa.web; import org.cloudfoundry.identity.uaa.util.JsonUtils; @@ -42,7 +27,7 @@ import static org.mockito.Mockito.spy; import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; -import static org.mockito.Mockito.verifyZeroInteractions; +import static org.mockito.Mockito.verifyNoInteractions; import static org.springframework.http.HttpHeaders.ACCEPT; import static org.springframework.http.HttpMethod.GET; import static org.springframework.http.HttpMethod.POST; @@ -55,7 +40,7 @@ public class LimitedModeUaaFilterTests { private LimitedModeUaaFilter filter; private File statusFile; private final AtomicLong time = new AtomicLong(System.currentTimeMillis()); - TimeService timeService; + private TimeService timeService; @Before public void setup() throws Exception { @@ -78,13 +63,6 @@ public void teardown() { statusFile.delete(); } - public void setPathInfo(String pathInfo) { - request.setServletPath(""); - request.setPathInfo(pathInfo); - request.setContextPath("/uaa"); - request.setRequestURI(request.getContextPath()+request.getPathInfo()); - } - @Test public void disabled() throws Exception { filter.doFilterInternal(request, response, chain); @@ -93,16 +71,16 @@ public void disabled() throws Exception { } @Test - public void enabled_no_whitelist_post() throws Exception { + public void enabledNoWhitelistPost() throws Exception { request.setMethod(POST.name()); filter.setStatusFile(statusFile); filter.doFilterInternal(request, response, chain); - verifyZeroInteractions(chain); + verifyNoInteractions(chain); assertEquals(SC_SERVICE_UNAVAILABLE, response.getStatus()); } @Test - public void enabled_no_whitelist_get() throws Exception { + public void enabledNoWhitelistGet() throws Exception { request.setMethod(GET.name()); filter.setStatusFile(statusFile); filter.setPermittedMethods(new HashSet<>(Collections.singletonList(GET.toString()))); @@ -111,12 +89,12 @@ public void enabled_no_whitelist_get() throws Exception { } @Test - public void enabled_matching_url_post() throws Exception { + public void enabledMatchingUrlPost() throws Exception { request.setMethod(POST.name()); - filter.setPermittedEndpoints(new HashSet(Collections.singletonList("/oauth/token/**"))); + filter.setPermittedEndpoints(Collections.singleton("/oauth/token/**")); filter.setStatusFile(statusFile); for (String pathInfo : Arrays.asList("/oauth/token", "/oauth/token/alias/something")) { - setPathInfo(pathInfo); + setPathInfo(pathInfo, request); reset(chain); filter.doFilterInternal(request, response, chain); verify(chain, times(1)).doFilter(same(request), same(response)); @@ -124,28 +102,28 @@ public void enabled_matching_url_post() throws Exception { } @Test - public void enabled_not_matching_post() throws Exception { + public void enabledNotMatchingPost() throws Exception { request.setMethod(POST.name()); - filter.setPermittedEndpoints(new HashSet(Collections.singletonList("/oauth/token/**"))); + filter.setPermittedEndpoints(Collections.singleton("/oauth/token/**")); filter.setStatusFile(statusFile); for (String pathInfo : Arrays.asList("/url", "/other/url")) { response = new MockHttpServletResponse(); - setPathInfo(pathInfo); + setPathInfo(pathInfo, request); reset(chain); filter.doFilterInternal(request, response, chain); - verifyZeroInteractions(chain); + verifyNoInteractions(chain); assertEquals(SC_SERVICE_UNAVAILABLE, response.getStatus()); } } @Test - public void error_is_json() throws Exception { - filter.setPermittedEndpoints(new HashSet(Collections.singletonList("/oauth/token/**"))); + public void errorIsJson() throws Exception { + filter.setPermittedEndpoints(Collections.singleton("/oauth/token/**")); filter.setStatusFile(statusFile); for (String accept : Arrays.asList("application/json", "text/html,*/*")) { request = new MockHttpServletRequest(); response = new MockHttpServletResponse(); - setPathInfo("/not/allowed"); + setPathInfo("/not/allowed", request); request.setMethod(POST.name()); request.addHeader(ACCEPT, accept); filter.doFilterInternal(request, response, chain); @@ -155,13 +133,13 @@ public void error_is_json() throws Exception { } @Test - public void error_is_not() throws Exception { - filter.setPermittedEndpoints(new HashSet(Collections.singletonList("/oauth/token/**"))); + public void errorIsNot() throws Exception { + filter.setPermittedEndpoints(Collections.singleton("/oauth/token/**")); filter.setStatusFile(statusFile); for (String accept : Arrays.asList("text/html", "text/plain")) { request = new MockHttpServletRequest(); response = new MockHttpServletResponse(); - setPathInfo("/not/allowed"); + setPathInfo("/not/allowed", request); request.setMethod(POST.name()); request.addHeader(ACCEPT, accept); filter.doFilterInternal(request, response, chain); @@ -171,25 +149,33 @@ public void error_is_not() throws Exception { } @Test - public void disable_enable_uses_cache_to_avoid_file_access() { + public void disableEnableUsesCacheToAvoidFileAccess() { File spy = spy(statusFile); doCallRealMethod().when(spy).exists(); filter.setTimeService(timeService); filter.setStatusFile(spy); assertTrue(filter.isEnabled()); statusFile.delete(); - for (int i=0; i<10; i++) assertTrue(filter.isEnabled()); + for (int i = 0; i < 10; i++) assertTrue(filter.isEnabled()); time.set(time.get() + STATUS_INTERVAL_MS + 10); assertFalse(filter.isEnabled()); verify(spy, times(2)).exists(); } @Test - public void settings_file_changes_cache() throws Exception { - disable_enable_uses_cache_to_avoid_file_access(); + public void settingsFileChangesCache() { + disableEnableUsesCacheToAvoidFileAccess(); filter.setStatusFile(null); assertFalse(filter.isEnabled()); assertEquals(0, filter.getLastFileSystemCheck()); } + public static void setPathInfo( + final String pathInfo, + final MockHttpServletRequest request) { + request.setServletPath(""); + request.setPathInfo(pathInfo); + request.setContextPath("/uaa"); + request.setRequestURI(request.getContextPath() + request.getPathInfo()); + } } \ No newline at end of file From 42297541e13a051d9306c514bc915afef5399095 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Thu, 21 Nov 2019 14:08:50 -0600 Subject: [PATCH 010/111] Test Refactor - LimitedModeUaaFilterTests - Use JUnit5 [nostory] --- .../uaa/web/LimitedModeUaaFilterTests.java | 126 +++++++++--------- 1 file changed, 63 insertions(+), 63 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/web/LimitedModeUaaFilterTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/web/LimitedModeUaaFilterTests.java index 320e3561235..929864fa75e 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/web/LimitedModeUaaFilterTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/web/LimitedModeUaaFilterTests.java @@ -2,9 +2,9 @@ import org.cloudfoundry.identity.uaa.util.JsonUtils; import org.cloudfoundry.identity.uaa.util.TimeService; -import org.junit.After; -import org.junit.Before; -import org.junit.Test; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; @@ -17,9 +17,9 @@ import static javax.servlet.http.HttpServletResponse.SC_SERVICE_UNAVAILABLE; import static org.cloudfoundry.identity.uaa.web.LimitedModeUaaFilter.STATUS_INTERVAL_MS; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertTrue; import static org.mockito.ArgumentMatchers.same; import static org.mockito.Mockito.doCallRealMethod; import static org.mockito.Mockito.mock; @@ -34,122 +34,122 @@ public class LimitedModeUaaFilterTests { - private MockHttpServletRequest request; - private MockHttpServletResponse response; - private FilterChain chain; + private MockHttpServletRequest mockHttpServletRequest; + private MockHttpServletResponse mockHttpServletResponse; + private FilterChain mockFilterChain; private LimitedModeUaaFilter filter; private File statusFile; private final AtomicLong time = new AtomicLong(System.currentTimeMillis()); private TimeService timeService; - @Before - public void setup() throws Exception { + @BeforeEach + void setUp() throws Exception { timeService = new TimeService() { @Override public long getCurrentTimeMillis() { return time.get(); } }; - request = new MockHttpServletRequest(); - request.addHeader(ACCEPT, "*/*"); - response = new MockHttpServletResponse(); - chain = mock(FilterChain.class); + mockHttpServletRequest = new MockHttpServletRequest(); + mockHttpServletRequest.addHeader(ACCEPT, "*/*"); + mockHttpServletResponse = new MockHttpServletResponse(); + mockFilterChain = mock(FilterChain.class); filter = new LimitedModeUaaFilter(); statusFile = File.createTempFile("uaa-limited-mode.", ".status"); } - @After - public void teardown() { + @AfterEach + void tearDown() { statusFile.delete(); } @Test - public void disabled() throws Exception { - filter.doFilterInternal(request, response, chain); - verify(chain, times(1)).doFilter(same(request), same(response)); + void disabled() throws Exception { + filter.doFilterInternal(mockHttpServletRequest, mockHttpServletResponse, mockFilterChain); + verify(mockFilterChain, times(1)).doFilter(same(mockHttpServletRequest), same(mockHttpServletResponse)); assertFalse(filter.isEnabled()); } @Test - public void enabledNoWhitelistPost() throws Exception { - request.setMethod(POST.name()); + void enabledNoWhitelistPost() throws Exception { + mockHttpServletRequest.setMethod(POST.name()); filter.setStatusFile(statusFile); - filter.doFilterInternal(request, response, chain); - verifyNoInteractions(chain); - assertEquals(SC_SERVICE_UNAVAILABLE, response.getStatus()); + filter.doFilterInternal(mockHttpServletRequest, mockHttpServletResponse, mockFilterChain); + verifyNoInteractions(mockFilterChain); + assertEquals(SC_SERVICE_UNAVAILABLE, mockHttpServletResponse.getStatus()); } @Test - public void enabledNoWhitelistGet() throws Exception { - request.setMethod(GET.name()); + void enabledNoWhitelistGet() throws Exception { + mockHttpServletRequest.setMethod(GET.name()); filter.setStatusFile(statusFile); filter.setPermittedMethods(new HashSet<>(Collections.singletonList(GET.toString()))); - filter.doFilterInternal(request, response, chain); - verify(chain, times(1)).doFilter(same(request), same(response)); + filter.doFilterInternal(mockHttpServletRequest, mockHttpServletResponse, mockFilterChain); + verify(mockFilterChain, times(1)).doFilter(same(mockHttpServletRequest), same(mockHttpServletResponse)); } @Test - public void enabledMatchingUrlPost() throws Exception { - request.setMethod(POST.name()); + void enabledMatchingUrlPost() throws Exception { + mockHttpServletRequest.setMethod(POST.name()); filter.setPermittedEndpoints(Collections.singleton("/oauth/token/**")); filter.setStatusFile(statusFile); for (String pathInfo : Arrays.asList("/oauth/token", "/oauth/token/alias/something")) { - setPathInfo(pathInfo, request); - reset(chain); - filter.doFilterInternal(request, response, chain); - verify(chain, times(1)).doFilter(same(request), same(response)); + setPathInfo(pathInfo, mockHttpServletRequest); + reset(mockFilterChain); + filter.doFilterInternal(mockHttpServletRequest, mockHttpServletResponse, mockFilterChain); + verify(mockFilterChain, times(1)).doFilter(same(mockHttpServletRequest), same(mockHttpServletResponse)); } } @Test - public void enabledNotMatchingPost() throws Exception { - request.setMethod(POST.name()); + void enabledNotMatchingPost() throws Exception { + mockHttpServletRequest.setMethod(POST.name()); filter.setPermittedEndpoints(Collections.singleton("/oauth/token/**")); filter.setStatusFile(statusFile); for (String pathInfo : Arrays.asList("/url", "/other/url")) { - response = new MockHttpServletResponse(); - setPathInfo(pathInfo, request); - reset(chain); - filter.doFilterInternal(request, response, chain); - verifyNoInteractions(chain); - assertEquals(SC_SERVICE_UNAVAILABLE, response.getStatus()); + mockHttpServletResponse = new MockHttpServletResponse(); + setPathInfo(pathInfo, mockHttpServletRequest); + reset(mockFilterChain); + filter.doFilterInternal(mockHttpServletRequest, mockHttpServletResponse, mockFilterChain); + verifyNoInteractions(mockFilterChain); + assertEquals(SC_SERVICE_UNAVAILABLE, mockHttpServletResponse.getStatus()); } } @Test - public void errorIsJson() throws Exception { + void errorIsJson() throws Exception { filter.setPermittedEndpoints(Collections.singleton("/oauth/token/**")); filter.setStatusFile(statusFile); for (String accept : Arrays.asList("application/json", "text/html,*/*")) { - request = new MockHttpServletRequest(); - response = new MockHttpServletResponse(); - setPathInfo("/not/allowed", request); - request.setMethod(POST.name()); - request.addHeader(ACCEPT, accept); - filter.doFilterInternal(request, response, chain); - assertEquals(SC_SERVICE_UNAVAILABLE, response.getStatus()); - assertEquals(JsonUtils.writeValueAsString(filter.getErrorData()), response.getContentAsString()); + mockHttpServletRequest = new MockHttpServletRequest(); + mockHttpServletResponse = new MockHttpServletResponse(); + setPathInfo("/not/allowed", mockHttpServletRequest); + mockHttpServletRequest.setMethod(POST.name()); + mockHttpServletRequest.addHeader(ACCEPT, accept); + filter.doFilterInternal(mockHttpServletRequest, mockHttpServletResponse, mockFilterChain); + assertEquals(SC_SERVICE_UNAVAILABLE, mockHttpServletResponse.getStatus()); + assertEquals(JsonUtils.writeValueAsString(filter.getErrorData()), mockHttpServletResponse.getContentAsString()); } } @Test - public void errorIsNot() throws Exception { + void errorIsNot() throws Exception { filter.setPermittedEndpoints(Collections.singleton("/oauth/token/**")); filter.setStatusFile(statusFile); for (String accept : Arrays.asList("text/html", "text/plain")) { - request = new MockHttpServletRequest(); - response = new MockHttpServletResponse(); - setPathInfo("/not/allowed", request); - request.setMethod(POST.name()); - request.addHeader(ACCEPT, accept); - filter.doFilterInternal(request, response, chain); - assertEquals(SC_SERVICE_UNAVAILABLE, response.getStatus()); - assertEquals(filter.getErrorData().get("description"), response.getErrorMessage()); + mockHttpServletRequest = new MockHttpServletRequest(); + mockHttpServletResponse = new MockHttpServletResponse(); + setPathInfo("/not/allowed", mockHttpServletRequest); + mockHttpServletRequest.setMethod(POST.name()); + mockHttpServletRequest.addHeader(ACCEPT, accept); + filter.doFilterInternal(mockHttpServletRequest, mockHttpServletResponse, mockFilterChain); + assertEquals(SC_SERVICE_UNAVAILABLE, mockHttpServletResponse.getStatus()); + assertEquals(filter.getErrorData().get("description"), mockHttpServletResponse.getErrorMessage()); } } @Test - public void disableEnableUsesCacheToAvoidFileAccess() { + void disableEnableUsesCacheToAvoidFileAccess() { File spy = spy(statusFile); doCallRealMethod().when(spy).exists(); filter.setTimeService(timeService); @@ -163,7 +163,7 @@ public void disableEnableUsesCacheToAvoidFileAccess() { } @Test - public void settingsFileChangesCache() { + void settingsFileChangesCache() { disableEnableUsesCacheToAvoidFileAccess(); filter.setStatusFile(null); assertFalse(filter.isEnabled()); From 490484f64bc1ea81129d9192f4b3d372fb9bcfa9 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Thu, 21 Nov 2019 15:45:47 -0600 Subject: [PATCH 011/111] Refactor - LimitedModeUaaFilter - Apply IntelliJ sanitizations [nostory] --- .../uaa/web/LimitedModeUaaFilter.java | 77 ++++++------------- 1 file changed, 24 insertions(+), 53 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/web/LimitedModeUaaFilter.java b/server/src/main/java/org/cloudfoundry/identity/uaa/web/LimitedModeUaaFilter.java index 994904782c1..ba810f11152 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/web/LimitedModeUaaFilter.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/web/LimitedModeUaaFilter.java @@ -1,26 +1,13 @@ -/* - * **************************************************************************** - * Cloud Foundry - * Copyright (c) [2009-2017] Pivotal Software, Inc. All Rights Reserved. - * - * This product is licensed to you under the Apache License, Version 2.0 (the "License"). - * You may not use this product except in compliance with the License. - * - * This product includes a number of subcomponents with - * separate copyright notices and license terms. Your use of these - * subcomponents is subject to the terms and conditions of the - * subcomponent's license, as noted in the LICENSE file. - * **************************************************************************** - */ package org.cloudfoundry.identity.uaa.web; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.cloudfoundry.identity.uaa.util.JsonUtils; import org.cloudfoundry.identity.uaa.util.TimeService; import org.cloudfoundry.identity.uaa.util.TimeServiceImpl; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.http.HttpHeaders; import org.springframework.http.MediaType; +import org.springframework.lang.NonNull; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.web.filter.OncePerRequestFilter; @@ -50,25 +37,26 @@ public class LimitedModeUaaFilter extends OncePerRequestFilter { public static final long STATUS_INTERVAL_MS = 5000; private static Logger logger = LoggerFactory.getLogger(LimitedModeUaaFilter.class); - private Set permittedEndpoints = emptySet(); private Set permittedMethods = emptySet(); private List endpoints = emptyList(); private volatile boolean enabled = false; private File statusFile = null; private TimeService timeService = new TimeServiceImpl(); - private AtomicLong lastFileCheck= new AtomicLong(0); - + private AtomicLong lastFileCheck = new AtomicLong(0); @Override - protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { + protected void doFilterInternal( + final @NonNull HttpServletRequest request, + final @NonNull HttpServletResponse response, + final @NonNull FilterChain filterChain) throws ServletException, IOException { if (isEnabled()) { - if ( isMethodAllowed(request) || isEndpointAllowed(request)) { + if (isMethodAllowed(request) || isEndpointAllowed(request)) { filterChain.doFilter(request, response); } else { logger.debug(format("Operation Not permitted in limited mode for URL:%s and method:%s", - request.getRequestURI(), - request.getMethod() - ) + request.getRequestURI(), + request.getMethod() + ) ); Map json = getErrorData(); if (acceptsJson(request)) { @@ -93,58 +81,41 @@ protected Map getErrorData() { return json; } - protected boolean acceptsJson(HttpServletRequest request) { + private static boolean acceptsJson(HttpServletRequest request) { List mediaTypes = MediaType.parseMediaTypes(request.getHeader(HttpHeaders.ACCEPT)); return mediaTypes.stream().anyMatch(m -> m.isCompatibleWith(MediaType.APPLICATION_JSON)); } - protected boolean isMethodAllowed(HttpServletRequest request) { - return getPermittedMethods().contains(request.getMethod().toUpperCase()); + private boolean isMethodAllowed(HttpServletRequest request) { + return permittedMethods.contains(request.getMethod().toUpperCase()); } - public boolean isEndpointAllowed(HttpServletRequest request) { + private boolean isEndpointAllowed(HttpServletRequest request) { return endpoints.stream().anyMatch(m -> m.matches(request)); } public void setPermittedEndpoints(Set permittedEndpoints) { - this.permittedEndpoints = permittedEndpoints; - if (permittedEndpoints==null) { - this.endpoints = emptyList(); - } else { - this.endpoints = - permittedEndpoints - .stream() - .map(s -> new AntPathRequestMatcher(s)) - .collect(toList()); - } - } - - - public Set getPermittedEndpoints() { - return permittedEndpoints; - } - - public Set getPermittedMethods() { - return permittedMethods; + this.endpoints = ofNullable(permittedEndpoints) + .orElse(emptySet()) + .stream() + .map(AntPathRequestMatcher::new) + .collect(toList()); } public void setPermittedMethods(Set permittedMethods) { this.permittedMethods = ofNullable(permittedMethods).orElse(emptySet()); } - public boolean isTimeToCheckFileSystem() { + private boolean isTimeToCheckFileSystem() { long time = lastFileCheck.get(); long now = timeService.getCurrentTimeMillis(); - if (now - time > STATUS_INTERVAL_MS && lastFileCheck.compareAndSet(time, now)) { - return true; - } - return false; + return now - time > STATUS_INTERVAL_MS && lastFileCheck.compareAndSet(time, now); } public boolean isEnabled() { if (statusFile == null) { enabled = false; - } else if (isTimeToCheckFileSystem()){ + } else if (isTimeToCheckFileSystem()) { enabled = statusFile.exists(); } return enabled; From 0bfa77d924260e82b360c57fa69fecefda2aebfc Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 26 Nov 2019 21:18:36 -0600 Subject: [PATCH 012/111] Exclude logs/** in .gitignore [nostory] --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index fc7e287b7ce..ef4fcab7393 100644 --- a/.gitignore +++ b/.gitignore @@ -41,3 +41,4 @@ uaa/slate/node_modules/**/* uaa/slateCustomizations/source/versionfile ci/dockerfile/Dockerfile +logs/** \ No newline at end of file From 988542800dc099d7aba27cb9e50f19a656d0f6f7 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 26 Nov 2019 21:50:54 -0600 Subject: [PATCH 013/111] Samples Refactor - auto-format ApiController --- .../identity/api/web/ApiController.java | 36 +++++-------------- 1 file changed, 9 insertions(+), 27 deletions(-) diff --git a/samples/api/src/main/java/org/cloudfoundry/identity/api/web/ApiController.java b/samples/api/src/main/java/org/cloudfoundry/identity/api/web/ApiController.java index d6239678b2b..54432167835 100644 --- a/samples/api/src/main/java/org/cloudfoundry/identity/api/web/ApiController.java +++ b/samples/api/src/main/java/org/cloudfoundry/identity/api/web/ApiController.java @@ -1,27 +1,5 @@ -/******************************************************************************* - * Cloud Foundry - * Copyright (c) [2009-2016] Pivotal Software, Inc. All Rights Reserved. - * - * This product is licensed to you under the Apache License, Version 2.0 (the "License"). - * You may not use this product except in compliance with the License. - * - * This product includes a number of subcomponents with - * separate copyright notices and license terms. Your use of these - * subcomponents is subject to the terms and conditions of the - * subcomponent's license, as noted in the LICENSE file. - *******************************************************************************/ - package org.cloudfoundry.identity.api.web; -import java.io.IOException; -import java.io.InputStreamReader; -import java.security.Principal; -import java.util.HashMap; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - import org.springframework.context.expression.MapAccessor; import org.springframework.core.io.Resource; import org.springframework.expression.Expression; @@ -34,10 +12,14 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.servlet.View; -/** - * @author Dave Syer - * - */ +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.io.InputStreamReader; +import java.security.Principal; +import java.util.HashMap; +import java.util.Map; + @Controller public class ApiController { @@ -112,7 +94,7 @@ public String getContentType() { @Override public void render(Map model, HttpServletRequest request, HttpServletResponse response) - throws Exception { + throws Exception { if (response.getContentType() == null) { response.setContentType(getContentType()); } From 8cf54be8879598b994e327a47f245678353dab43 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Wed, 27 Nov 2019 12:52:55 -0600 Subject: [PATCH 014/111] Test Refactor - BootstrapTests uses JUnit5 [#169991138] --- .../identity/uaa/login/BootstrapTests.java | 78 +++++++++++-------- 1 file changed, 46 insertions(+), 32 deletions(-) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java index 51b6939a2c2..9e500a5bbbe 100755 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java @@ -13,11 +13,11 @@ import org.cloudfoundry.identity.uaa.zone.IdentityZoneProvisioning; import org.cloudfoundry.identity.uaa.zone.SamlConfig; import org.flywaydb.core.Flyway; -import org.junit.After; -import org.junit.AfterClass; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; +import org.junit.jupiter.api.AfterAll; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.BeforeAll; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; import org.springframework.beans.BeansException; import org.springframework.beans.factory.support.DefaultListableBeanFactory; import org.springframework.beans.factory.xml.ResourceEntityResolver; @@ -41,14 +41,14 @@ import java.util.Map; import java.util.Scanner; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertThat; -import static org.junit.Assert.assertTrue; +import static org.hamcrest.MatcherAssert.assertThat; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; -public class BootstrapTests { +class BootstrapTests { private static final String LOGIN_IDP_METADATA = "login.idpMetadata"; private static final String LOGIN_IDP_ENTITY_ALIAS = "login.idpEntityAlias"; private static final String LOGIN_IDP_METADATA_URL = "login.idpMetadataURL"; @@ -58,13 +58,13 @@ public class BootstrapTests { private ConfigurableApplicationContext context; - @BeforeClass - public static void saveProfiles() { + @BeforeAll + static void saveProfiles() { systemConfiguredProfiles = System.getProperty("spring.profiles.active"); } - @AfterClass - public static void restoreProfiles() { + @AfterAll + static void restoreProfiles() { if (systemConfiguredProfiles != null) { System.setProperty("spring.profiles.active", systemConfiguredProfiles); } else { @@ -72,8 +72,8 @@ public static void restoreProfiles() { } } - @Before - public void setup() { + @BeforeEach + void setup() { System.clearProperty("spring.profiles.active"); IdentityZoneHolder.clear(); @@ -82,8 +82,8 @@ public void setup() { } } - @After - public void tearDown() { + @AfterEach + void tearDown() { for (Map.Entry entry : originalSystemProps.entrySet()) { if (entry.getValue() != null) { System.setProperty(entry.getKey(), entry.getValue()); @@ -94,7 +94,7 @@ public void tearDown() { } @Test - public void xlegacy_test_deprecated_properties() { + void xlegacyTestDeprecatedProperties() { context = getServletContext(null, "login.yml", "test/bootstrap/deprecated_properties_still_work.yml", "file:./src/main/webapp/WEB-INF/spring-servlet.xml"); ScimGroupProvisioning scimGroupProvisioning = context.getBean("scimGroupProvisioning", ScimGroupProvisioning.class); List scimGroups = scimGroupProvisioning.retrieveAll(IdentityZoneHolder.get().getId()); @@ -104,7 +104,7 @@ public void xlegacy_test_deprecated_properties() { assertEquals("https://deprecated.home_redirect.com", zoneBootstrap.getHomeRedirect()); IdentityZone defaultZone = context.getBean(IdentityZoneProvisioning.class).retrieve("uaa"); IdentityZoneConfiguration defaultConfig = defaultZone.getConfig(); - assertTrue("Legacy SAML keys should be available", defaultConfig.getSamlConfig().getKeys().containsKey(SamlConfig.LEGACY_KEY_ID)); + assertTrue(defaultConfig.getSamlConfig().getKeys().containsKey(SamlConfig.LEGACY_KEY_ID), "Legacy SAML keys should be available"); assertEquals(SamlLoginServerKeyManagerTests.CERTIFICATE.trim(), defaultConfig.getSamlConfig().getCertificate().trim()); assertEquals(SamlLoginServerKeyManagerTests.KEY.trim(), defaultConfig.getSamlConfig().getPrivateKey().trim()); assertEquals(SamlLoginServerKeyManagerTests.PASSWORD.trim(), defaultConfig.getSamlConfig().getPrivateKeyPassword().trim()); @@ -112,7 +112,7 @@ public void xlegacy_test_deprecated_properties() { } @Test - public void legacy_saml_idp_as_top_level_element() { + void legacySamlIdpAsTopLevelElement() { System.setProperty(LOGIN_SAML_METADATA_TRUST_CHECK, "false"); System.setProperty(LOGIN_IDP_METADATA_URL, "http://simplesamlphp.uaa.com/saml2/idp/metadata.php"); System.setProperty(LOGIN_IDP_ENTITY_ALIAS, "testIDPFile"); @@ -133,7 +133,7 @@ public void legacy_saml_idp_as_top_level_element() { } @Test - public void legacy_saml_metadata_as_xml() throws Exception { + void legacySamlMetadataAsXml() throws Exception { String metadataString = new Scanner(new File("./src/main/resources/sample-okta-localhost.xml")).useDelimiter("\\Z").next(); System.setProperty(LOGIN_IDP_METADATA, metadataString); System.setProperty(LOGIN_IDP_ENTITY_ALIAS, "testIDPData"); @@ -144,9 +144,8 @@ public void legacy_saml_metadata_as_xml() throws Exception { findProvider(defs, "testIDPData").getType()); } - @Test - public void legacy_saml_metadata_as_url() { + void legacySamlMetadataAsUrl() { System.setProperty(LOGIN_SAML_METADATA_TRUST_CHECK, "false"); System.setProperty(LOGIN_IDP_METADATA_URL, "http://simplesamlphp.uaa.com:80/saml2/idp/metadata.php"); System.setProperty(LOGIN_IDP_ENTITY_ALIAS, "testIDPUrl"); @@ -163,11 +162,10 @@ public void legacy_saml_metadata_as_url() { SamlIdentityProviderDefinition.MetadataLocation.URL, defs.get(defs.size() - 1).getType() ); - } @Test - public void legacy_saml_url_without_port() { + void legacySamlUrlWithoutPort() { System.setProperty(LOGIN_SAML_METADATA_TRUST_CHECK, "false"); System.setProperty(LOGIN_IDP_METADATA_URL, "http://simplesamlphp.uaa.com/saml2/idp/metadata.php"); System.setProperty(LOGIN_IDP_ENTITY_ALIAS, "testIDPUrl"); @@ -190,7 +188,9 @@ public void legacy_saml_url_without_port() { } - private SamlIdentityProviderDefinition findProvider(List defs, String alias) { + private static SamlIdentityProviderDefinition findProvider( + final List defs, + final String alias) { for (SamlIdentityProviderDefinition def : defs) { if (alias.equals(def.getIdpEntityAlias())) { return def; @@ -199,11 +199,25 @@ private SamlIdentityProviderDefinition findProvider(List Date: Wed, 27 Nov 2019 12:55:22 -0600 Subject: [PATCH 015/111] Test Refactor - BootstrapTests - Use Extensions for cleanup [#169991138] --- .../identity/uaa/login/BootstrapTests.java | 25 +++++-------------- 1 file changed, 6 insertions(+), 19 deletions(-) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java index 9e500a5bbbe..fbc7c822b53 100755 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java @@ -1,11 +1,13 @@ package org.cloudfoundry.identity.uaa.login; import org.cloudfoundry.identity.uaa.impl.config.IdentityZoneConfigurationBootstrap; +import org.cloudfoundry.identity.uaa.impl.config.SpringProfileCleanupExtension; import org.cloudfoundry.identity.uaa.impl.config.YamlServletProfileInitializer; import org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.provider.saml.BootstrapSamlIdentityProviderData; import org.cloudfoundry.identity.uaa.scim.ScimGroup; import org.cloudfoundry.identity.uaa.scim.ScimGroupProvisioning; +import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.util.PredicateMatcher; import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration; @@ -13,11 +15,10 @@ import org.cloudfoundry.identity.uaa.zone.IdentityZoneProvisioning; import org.cloudfoundry.identity.uaa.zone.SamlConfig; import org.flywaydb.core.Flyway; -import org.junit.jupiter.api.AfterAll; import org.junit.jupiter.api.AfterEach; -import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.springframework.beans.BeansException; import org.springframework.beans.factory.support.DefaultListableBeanFactory; import org.springframework.beans.factory.xml.ResourceEntityResolver; @@ -48,30 +49,18 @@ import static org.junit.jupiter.api.Assertions.assertNull; import static org.junit.jupiter.api.Assertions.assertTrue; +@ExtendWith(PollutionPreventionExtension.class) +@ExtendWith(SpringProfileCleanupExtension.class) class BootstrapTests { + private static final String LOGIN_IDP_METADATA = "login.idpMetadata"; private static final String LOGIN_IDP_ENTITY_ALIAS = "login.idpEntityAlias"; private static final String LOGIN_IDP_METADATA_URL = "login.idpMetadataURL"; private static final String LOGIN_SAML_METADATA_TRUST_CHECK = "login.saml.metadataTrustCheck"; - private static String systemConfiguredProfiles; private static Map originalSystemProps = new HashMap<>(); private ConfigurableApplicationContext context; - @BeforeAll - static void saveProfiles() { - systemConfiguredProfiles = System.getProperty("spring.profiles.active"); - } - - @AfterAll - static void restoreProfiles() { - if (systemConfiguredProfiles != null) { - System.setProperty("spring.profiles.active", systemConfiguredProfiles); - } else { - System.clearProperty("spring.profiles.active"); - } - } - @BeforeEach void setup() { System.clearProperty("spring.profiles.active"); @@ -108,7 +97,6 @@ void xlegacyTestDeprecatedProperties() { assertEquals(SamlLoginServerKeyManagerTests.CERTIFICATE.trim(), defaultConfig.getSamlConfig().getCertificate().trim()); assertEquals(SamlLoginServerKeyManagerTests.KEY.trim(), defaultConfig.getSamlConfig().getPrivateKey().trim()); assertEquals(SamlLoginServerKeyManagerTests.PASSWORD.trim(), defaultConfig.getSamlConfig().getPrivateKeyPassword().trim()); - } @Test @@ -185,7 +173,6 @@ void legacySamlUrlWithoutPort() { SamlIdentityProviderDefinition.MetadataLocation.URL, defs.get(defs.size() - 1).getType() ); - } private static SamlIdentityProviderDefinition findProvider( From 964cdf4260ceda558d196feaee91d775c12ef7f6 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Wed, 27 Nov 2019 13:05:33 -0600 Subject: [PATCH 016/111] Test Refactor - BootstrapTests - Inline params with only one value [#169991138] --- .../identity/uaa/login/BootstrapTests.java | 61 +++++++------------ 1 file changed, 21 insertions(+), 40 deletions(-) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java index fbc7c822b53..67e8e813e69 100755 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java @@ -14,7 +14,6 @@ import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.cloudfoundry.identity.uaa.zone.IdentityZoneProvisioning; import org.cloudfoundry.identity.uaa.zone.SamlConfig; -import org.flywaydb.core.Flyway; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -24,6 +23,7 @@ import org.springframework.beans.factory.xml.ResourceEntityResolver; import org.springframework.beans.factory.xml.XmlBeanDefinitionReader; import org.springframework.context.ConfigurableApplicationContext; +import org.springframework.lang.NonNull; import org.springframework.mock.web.MockRequestDispatcher; import org.springframework.mock.web.MockServletConfig; import org.springframework.mock.web.MockServletContext; @@ -34,13 +34,12 @@ import javax.servlet.RequestDispatcher; import java.io.File; -import java.util.Arrays; import java.util.EventListener; import java.util.HashMap; -import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Scanner; +import java.util.Set; import static org.hamcrest.MatcherAssert.assertThat; import static org.junit.jupiter.api.Assertions.assertEquals; @@ -57,18 +56,20 @@ class BootstrapTests { private static final String LOGIN_IDP_ENTITY_ALIAS = "login.idpEntityAlias"; private static final String LOGIN_IDP_METADATA_URL = "login.idpMetadataURL"; private static final String LOGIN_SAML_METADATA_TRUST_CHECK = "login.saml.metadataTrustCheck"; - private static Map originalSystemProps = new HashMap<>(); + private static final Set PROPERTIES = Set.of(LOGIN_IDP_METADATA, + LOGIN_IDP_ENTITY_ALIAS, + LOGIN_IDP_METADATA_URL, + LOGIN_SAML_METADATA_TRUST_CHECK); + private static Map originalSystemProps; private ConfigurableApplicationContext context; @BeforeEach void setup() { - System.clearProperty("spring.profiles.active"); - IdentityZoneHolder.clear(); - - for (String s : Arrays.asList(LOGIN_IDP_METADATA, LOGIN_IDP_ENTITY_ALIAS, LOGIN_IDP_METADATA_URL, LOGIN_SAML_METADATA_TRUST_CHECK)) { - originalSystemProps.put(s, System.getProperty(s)); - } + originalSystemProps = new HashMap<>(); + PROPERTIES.forEach( + s -> originalSystemProps.put(s, System.getProperty(s) + )); } @AfterEach @@ -84,7 +85,7 @@ void tearDown() { @Test void xlegacyTestDeprecatedProperties() { - context = getServletContext(null, "login.yml", "test/bootstrap/deprecated_properties_still_work.yml", "file:./src/main/webapp/WEB-INF/spring-servlet.xml"); + context = getServletContext(null, "test/bootstrap/deprecated_properties_still_work.yml", "file:./src/main/webapp/WEB-INF/spring-servlet.xml"); ScimGroupProvisioning scimGroupProvisioning = context.getBean("scimGroupProvisioning", ScimGroupProvisioning.class); List scimGroups = scimGroupProvisioning.retrieveAll(IdentityZoneHolder.get().getId()); assertThat(scimGroups, PredicateMatcher.has(g -> g.getDisplayName().equals("pony") && "The magic of friendship".equals(g.getDescription()))); @@ -105,7 +106,7 @@ void legacySamlIdpAsTopLevelElement() { System.setProperty(LOGIN_IDP_METADATA_URL, "http://simplesamlphp.uaa.com/saml2/idp/metadata.php"); System.setProperty(LOGIN_IDP_ENTITY_ALIAS, "testIDPFile"); - context = getServletContext("default", "login.yml", "uaa.yml", "file:./src/main/webapp/WEB-INF/spring-servlet.xml"); + context = getServletContext("default", "uaa.yml", "file:./src/main/webapp/WEB-INF/spring-servlet.xml"); assertNotNull(context.getBean("viewResolver", ViewResolver.class)); assertNotNull(context.getBean("samlLogger", SAMLDefaultLogger.class)); assertFalse(context.getBean(BootstrapSamlIdentityProviderData.class).isLegacyMetadataTrustCheck()); @@ -125,7 +126,7 @@ void legacySamlMetadataAsXml() throws Exception { String metadataString = new Scanner(new File("./src/main/resources/sample-okta-localhost.xml")).useDelimiter("\\Z").next(); System.setProperty(LOGIN_IDP_METADATA, metadataString); System.setProperty(LOGIN_IDP_ENTITY_ALIAS, "testIDPData"); - context = getServletContext("default,saml,configMetadata", "login.yml", "uaa.yml", "file:./src/main/webapp/WEB-INF/spring-servlet.xml"); + context = getServletContext("default,saml,configMetadata", "uaa.yml", "file:./src/main/webapp/WEB-INF/spring-servlet.xml"); List defs = context.getBean(BootstrapSamlIdentityProviderData.class).getIdentityProviderDefinitions(); assertEquals( SamlIdentityProviderDefinition.MetadataLocation.DATA, @@ -138,7 +139,7 @@ void legacySamlMetadataAsUrl() { System.setProperty(LOGIN_IDP_METADATA_URL, "http://simplesamlphp.uaa.com:80/saml2/idp/metadata.php"); System.setProperty(LOGIN_IDP_ENTITY_ALIAS, "testIDPUrl"); - context = getServletContext("default", "login.yml", "uaa.yml", "file:./src/main/webapp/WEB-INF/spring-servlet.xml"); + context = getServletContext("default", "uaa.yml", "file:./src/main/webapp/WEB-INF/spring-servlet.xml"); assertNotNull(context.getBean("viewResolver", ViewResolver.class)); assertNotNull(context.getBean("samlLogger", SAMLDefaultLogger.class)); assertFalse(context.getBean(BootstrapSamlIdentityProviderData.class).isLegacyMetadataTrustCheck()); @@ -158,7 +159,7 @@ void legacySamlUrlWithoutPort() { System.setProperty(LOGIN_IDP_METADATA_URL, "http://simplesamlphp.uaa.com/saml2/idp/metadata.php"); System.setProperty(LOGIN_IDP_ENTITY_ALIAS, "testIDPUrl"); - context = getServletContext("default", "login.yml", "uaa.yml", "file:./src/main/webapp/WEB-INF/spring-servlet.xml"); + context = getServletContext("default", "uaa.yml", "file:./src/main/webapp/WEB-INF/spring-servlet.xml"); assertNotNull(context.getBean("viewResolver", ViewResolver.class)); assertNotNull(context.getBean("samlLogger", SAMLDefaultLogger.class)); assertFalse(context.getBean(BootstrapSamlIdentityProviderData.class).isLegacyMetadataTrustCheck()); @@ -188,22 +189,17 @@ private static SamlIdentityProviderDefinition findProvider( private static ConfigurableApplicationContext getServletContext( final String profiles, - final String loginYmlPath, final String uaaYamlPath, final String... resources) { return getServletContext( profiles, - false, - new String[]{"required_configuration.yml", loginYmlPath, uaaYamlPath}, - false, + new String[]{"required_configuration.yml", "login.yml", uaaYamlPath}, resources); } private static ConfigurableApplicationContext getServletContext( final String profiles, - final boolean mergeProfiles, final String[] yamlFiles, - final boolean cleandb, final String... resources) { String[] resourcesToLoad = resources; if (!resources[0].endsWith(".xml")) { @@ -216,7 +212,7 @@ private static ConfigurableApplicationContext getServletContext( AbstractRefreshableWebApplicationContext context = new AbstractRefreshableWebApplicationContext() { @Override - protected void loadBeanDefinitions(DefaultListableBeanFactory beanFactory) throws BeansException { + protected void loadBeanDefinitions(@NonNull DefaultListableBeanFactory beanFactory) throws BeansException { XmlBeanDefinitionReader beanDefinitionReader = new XmlBeanDefinitionReader(beanFactory); // Configure the bean definition reader with this context's @@ -225,25 +221,14 @@ protected void loadBeanDefinitions(DefaultListableBeanFactory beanFactory) throw beanDefinitionReader.setResourceLoader(this); beanDefinitionReader.setEntityResolver(new ResourceEntityResolver(this)); - if (configLocations != null) { - for (String configLocation : configLocations) { - beanDefinitionReader.loadBeanDefinitions(configLocation); - } + for (String configLocation : configLocations) { + beanDefinitionReader.loadBeanDefinitions(configLocation); } } - }; if (profiles != null) { - if (mergeProfiles) { - String[] activeProfiles = context.getEnvironment().getActiveProfiles(); - HashSet envProfiles = new HashSet<>(Arrays.asList(activeProfiles)); - envProfiles.addAll(Arrays.asList(StringUtils.commaDelimitedListToStringArray(profiles))); - envProfiles.add("strict"); - context.getEnvironment().setActiveProfiles(envProfiles.toArray(new String[0])); - } else { - context.getEnvironment().setActiveProfiles(StringUtils.commaDelimitedListToStringArray(profiles)); - } + context.getEnvironment().setActiveProfiles(StringUtils.commaDelimitedListToStringArray(profiles)); } MockServletContext servletContext = new MockServletContext() { @@ -275,10 +260,6 @@ public void addListener(Type t) { } context.refresh(); - if (cleandb) { - context.getBean(Flyway.class).clean(); - context.getBean(Flyway.class).migrate(); - } return context; } From cec20bb3c90267e556c17d7f3e1e0d0d7b414261 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Wed, 27 Nov 2019 13:32:51 -0600 Subject: [PATCH 017/111] Test Refactor - BootstrapTests - Use callbacks to reset system properties [#169991138] --- .../identity/uaa/login/BootstrapTests.java | 66 ++++++++++++------- 1 file changed, 41 insertions(+), 25 deletions(-) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java index 67e8e813e69..7b7299013c3 100755 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java @@ -14,10 +14,12 @@ import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.cloudfoundry.identity.uaa.zone.IdentityZoneProvisioning; import org.cloudfoundry.identity.uaa.zone.SamlConfig; -import org.junit.jupiter.api.AfterEach; -import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.AfterAllCallback; +import org.junit.jupiter.api.extension.BeforeAllCallback; import org.junit.jupiter.api.extension.ExtendWith; +import org.junit.jupiter.api.extension.ExtensionContext; +import org.junit.jupiter.api.extension.RegisterExtension; import org.springframework.beans.BeansException; import org.springframework.beans.factory.support.DefaultListableBeanFactory; import org.springframework.beans.factory.xml.ResourceEntityResolver; @@ -34,12 +36,12 @@ import javax.servlet.RequestDispatcher; import java.io.File; +import java.util.Arrays; import java.util.EventListener; -import java.util.HashMap; import java.util.List; -import java.util.Map; import java.util.Scanner; import java.util.Set; +import java.util.stream.Collectors; import static org.hamcrest.MatcherAssert.assertThat; import static org.junit.jupiter.api.Assertions.assertEquals; @@ -48,6 +50,38 @@ import static org.junit.jupiter.api.Assertions.assertNull; import static org.junit.jupiter.api.Assertions.assertTrue; +class SystemPropertiesCleanupExtension implements BeforeAllCallback, AfterAllCallback { + + private final Set properties; + + SystemPropertiesCleanupExtension(String... props) { + this.properties = Arrays.stream(props).collect(Collectors.toUnmodifiableSet()); + } + + @Override + public void beforeAll(ExtensionContext context) { + ExtensionContext.Store store = context.getStore(ExtensionContext.Namespace.create(context.getRequiredTestClass())); + + properties.forEach(s -> store.put(s, System.getProperty(s))); + } + + @Override + public void afterAll(ExtensionContext context) { + ExtensionContext.Store store = context.getStore(ExtensionContext.Namespace.create(context.getRequiredTestClass())); + + properties.forEach(key -> { + String value = store.get(key, String.class); + if (value == null) { + System.clearProperty(key); + } else { + System.setProperty(key, value); + } + } + ); + } +} + + @ExtendWith(PollutionPreventionExtension.class) @ExtendWith(SpringProfileCleanupExtension.class) class BootstrapTests { @@ -56,33 +90,15 @@ class BootstrapTests { private static final String LOGIN_IDP_ENTITY_ALIAS = "login.idpEntityAlias"; private static final String LOGIN_IDP_METADATA_URL = "login.idpMetadataURL"; private static final String LOGIN_SAML_METADATA_TRUST_CHECK = "login.saml.metadataTrustCheck"; - private static final Set PROPERTIES = Set.of(LOGIN_IDP_METADATA, + @RegisterExtension + static final SystemPropertiesCleanupExtension systemPropertiesCleanupExtension = new SystemPropertiesCleanupExtension( + LOGIN_IDP_METADATA, LOGIN_IDP_ENTITY_ALIAS, LOGIN_IDP_METADATA_URL, LOGIN_SAML_METADATA_TRUST_CHECK); - private static Map originalSystemProps; private ConfigurableApplicationContext context; - @BeforeEach - void setup() { - originalSystemProps = new HashMap<>(); - PROPERTIES.forEach( - s -> originalSystemProps.put(s, System.getProperty(s) - )); - } - - @AfterEach - void tearDown() { - for (Map.Entry entry : originalSystemProps.entrySet()) { - if (entry.getValue() != null) { - System.setProperty(entry.getKey(), entry.getValue()); - } else { - System.clearProperty(entry.getKey()); - } - } - } - @Test void xlegacyTestDeprecatedProperties() { context = getServletContext(null, "test/bootstrap/deprecated_properties_still_work.yml", "file:./src/main/webapp/WEB-INF/spring-servlet.xml"); From 9153dd737da4295ed775248fef9069c810b45047 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Wed, 27 Nov 2019 15:31:51 -0600 Subject: [PATCH 018/111] Test Refactor - BootstrapTests - Inline hardcoded parameters [#169991138] --- .../identity/uaa/login/BootstrapTests.java | 24 +++++++------------ 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java index 7b7299013c3..9b0b8824703 100755 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java @@ -101,7 +101,7 @@ class BootstrapTests { @Test void xlegacyTestDeprecatedProperties() { - context = getServletContext(null, "test/bootstrap/deprecated_properties_still_work.yml", "file:./src/main/webapp/WEB-INF/spring-servlet.xml"); + context = getServletContext(null, "test/bootstrap/deprecated_properties_still_work.yml"); ScimGroupProvisioning scimGroupProvisioning = context.getBean("scimGroupProvisioning", ScimGroupProvisioning.class); List scimGroups = scimGroupProvisioning.retrieveAll(IdentityZoneHolder.get().getId()); assertThat(scimGroups, PredicateMatcher.has(g -> g.getDisplayName().equals("pony") && "The magic of friendship".equals(g.getDescription()))); @@ -122,7 +122,7 @@ void legacySamlIdpAsTopLevelElement() { System.setProperty(LOGIN_IDP_METADATA_URL, "http://simplesamlphp.uaa.com/saml2/idp/metadata.php"); System.setProperty(LOGIN_IDP_ENTITY_ALIAS, "testIDPFile"); - context = getServletContext("default", "uaa.yml", "file:./src/main/webapp/WEB-INF/spring-servlet.xml"); + context = getServletContext("default", "uaa.yml"); assertNotNull(context.getBean("viewResolver", ViewResolver.class)); assertNotNull(context.getBean("samlLogger", SAMLDefaultLogger.class)); assertFalse(context.getBean(BootstrapSamlIdentityProviderData.class).isLegacyMetadataTrustCheck()); @@ -142,7 +142,7 @@ void legacySamlMetadataAsXml() throws Exception { String metadataString = new Scanner(new File("./src/main/resources/sample-okta-localhost.xml")).useDelimiter("\\Z").next(); System.setProperty(LOGIN_IDP_METADATA, metadataString); System.setProperty(LOGIN_IDP_ENTITY_ALIAS, "testIDPData"); - context = getServletContext("default,saml,configMetadata", "uaa.yml", "file:./src/main/webapp/WEB-INF/spring-servlet.xml"); + context = getServletContext("default,saml,configMetadata", "uaa.yml"); List defs = context.getBean(BootstrapSamlIdentityProviderData.class).getIdentityProviderDefinitions(); assertEquals( SamlIdentityProviderDefinition.MetadataLocation.DATA, @@ -155,7 +155,7 @@ void legacySamlMetadataAsUrl() { System.setProperty(LOGIN_IDP_METADATA_URL, "http://simplesamlphp.uaa.com:80/saml2/idp/metadata.php"); System.setProperty(LOGIN_IDP_ENTITY_ALIAS, "testIDPUrl"); - context = getServletContext("default", "uaa.yml", "file:./src/main/webapp/WEB-INF/spring-servlet.xml"); + context = getServletContext("default", "uaa.yml"); assertNotNull(context.getBean("viewResolver", ViewResolver.class)); assertNotNull(context.getBean("samlLogger", SAMLDefaultLogger.class)); assertFalse(context.getBean(BootstrapSamlIdentityProviderData.class).isLegacyMetadataTrustCheck()); @@ -175,7 +175,7 @@ void legacySamlUrlWithoutPort() { System.setProperty(LOGIN_IDP_METADATA_URL, "http://simplesamlphp.uaa.com/saml2/idp/metadata.php"); System.setProperty(LOGIN_IDP_ENTITY_ALIAS, "testIDPUrl"); - context = getServletContext("default", "uaa.yml", "file:./src/main/webapp/WEB-INF/spring-servlet.xml"); + context = getServletContext("default", "uaa.yml"); assertNotNull(context.getBean("viewResolver", ViewResolver.class)); assertNotNull(context.getBean("samlLogger", SAMLDefaultLogger.class)); assertFalse(context.getBean(BootstrapSamlIdentityProviderData.class).isLegacyMetadataTrustCheck()); @@ -205,18 +205,10 @@ private static SamlIdentityProviderDefinition findProvider( private static ConfigurableApplicationContext getServletContext( final String profiles, - final String uaaYamlPath, - final String... resources) { - return getServletContext( - profiles, - new String[]{"required_configuration.yml", "login.yml", uaaYamlPath}, - resources); - } + final String uaaYamlPath) { + String[] resources = new String[]{"file:./src/main/webapp/WEB-INF/spring-servlet.xml"}; + String[] yamlFiles = new String[]{"required_configuration.yml", "login.yml", uaaYamlPath}; - private static ConfigurableApplicationContext getServletContext( - final String profiles, - final String[] yamlFiles, - final String... resources) { String[] resourcesToLoad = resources; if (!resources[0].endsWith(".xml")) { resourcesToLoad = new String[resources.length - 1]; From 72b0cb7402dbdac5fe7e2c6c92369195e3992aab Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Wed, 27 Nov 2019 15:39:26 -0600 Subject: [PATCH 019/111] Test Refactor - BootstrapTests - Simplify how the context is built [#169991138] --- .../identity/uaa/login/BootstrapTests.java | 84 ++++++++----------- 1 file changed, 36 insertions(+), 48 deletions(-) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java index 9b0b8824703..8b415faf9f3 100755 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java @@ -206,69 +206,57 @@ private static SamlIdentityProviderDefinition findProvider( private static ConfigurableApplicationContext getServletContext( final String profiles, final String uaaYamlPath) { - String[] resources = new String[]{"file:./src/main/webapp/WEB-INF/spring-servlet.xml"}; String[] yamlFiles = new String[]{"required_configuration.yml", "login.yml", uaaYamlPath}; - String[] resourcesToLoad = resources; - if (!resources[0].endsWith(".xml")) { - resourcesToLoad = new String[resources.length - 1]; - System.arraycopy(resources, 1, resourcesToLoad, 0, resourcesToLoad.length); - } + abstractRefreshableWebApplicationContext.setServletContext(mockServletContext); + MockServletConfig servletConfig = new MockServletConfig(mockServletContext); + servletConfig.addInitParameter("environmentConfigLocations", StringUtils.arrayToCommaDelimitedString(yamlFiles)); + abstractRefreshableWebApplicationContext.setServletConfig(servletConfig); - final String[] configLocations = resourcesToLoad; + YamlServletProfileInitializer initializer = new YamlServletProfileInitializer(); + initializer.initialize(abstractRefreshableWebApplicationContext); - AbstractRefreshableWebApplicationContext context = new AbstractRefreshableWebApplicationContext() { + if (profiles != null) { + abstractRefreshableWebApplicationContext.getEnvironment().setActiveProfiles(StringUtils.commaDelimitedListToStringArray(profiles)); + } - @Override - protected void loadBeanDefinitions(@NonNull DefaultListableBeanFactory beanFactory) throws BeansException { - XmlBeanDefinitionReader beanDefinitionReader = new XmlBeanDefinitionReader(beanFactory); + abstractRefreshableWebApplicationContext.refresh(); - // Configure the bean definition reader with this context's - // resource loading environment. - beanDefinitionReader.setEnvironment(this.getEnvironment()); - beanDefinitionReader.setResourceLoader(this); - beanDefinitionReader.setEntityResolver(new ResourceEntityResolver(this)); + return abstractRefreshableWebApplicationContext; + } - for (String configLocation : configLocations) { - beanDefinitionReader.loadBeanDefinitions(configLocation); - } - } - }; + private final static MockServletContext mockServletContext = new MockServletContext() { + @Override + public RequestDispatcher getNamedDispatcher(String path) { + return new MockRequestDispatcher("/"); + } - if (profiles != null) { - context.getEnvironment().setActiveProfiles(StringUtils.commaDelimitedListToStringArray(profiles)); + @Override + public String getVirtualServerName() { + return "localhost"; } - MockServletContext servletContext = new MockServletContext() { - @Override - public RequestDispatcher getNamedDispatcher(String path) { - return new MockRequestDispatcher("/"); - } + @Override + public void addListener(Type t) { + //no op + } + }; - @Override - public String getVirtualServerName() { - return "localhost"; - } + private static final AbstractRefreshableWebApplicationContext abstractRefreshableWebApplicationContext = new AbstractRefreshableWebApplicationContext() { - @Override - public void addListener(Type t) { - //no op - } - }; - context.setServletContext(servletContext); - MockServletConfig servletConfig = new MockServletConfig(servletContext); - servletConfig.addInitParameter("environmentConfigLocations", StringUtils.arrayToCommaDelimitedString(yamlFiles)); - context.setServletConfig(servletConfig); + @Override + protected void loadBeanDefinitions(@NonNull DefaultListableBeanFactory beanFactory) throws BeansException { + XmlBeanDefinitionReader beanDefinitionReader = new XmlBeanDefinitionReader(beanFactory); - YamlServletProfileInitializer initializer = new YamlServletProfileInitializer(); - initializer.initialize(context); + // Configure the bean definition reader with this context's + // resource loading environment. + beanDefinitionReader.setEnvironment(this.getEnvironment()); + beanDefinitionReader.setResourceLoader(this); + beanDefinitionReader.setEntityResolver(new ResourceEntityResolver(this)); - if (profiles != null) { - context.getEnvironment().setActiveProfiles(StringUtils.commaDelimitedListToStringArray(profiles)); + beanDefinitionReader.loadBeanDefinitions("file:./src/main/webapp/WEB-INF/spring-servlet.xml"); } + }; - context.refresh(); - return context; - } } From 90d0c7d19ed4a378d8fd92abaee7d828f95b56fb Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Wed, 27 Nov 2019 15:47:54 -0600 Subject: [PATCH 020/111] Test Refactor - BootstrapTests - Remove reference to non-existent file login.yml [#169991138] --- .../org/cloudfoundry/identity/uaa/login/BootstrapTests.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java index 8b415faf9f3..6595b4b5dab 100755 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java @@ -206,7 +206,7 @@ private static SamlIdentityProviderDefinition findProvider( private static ConfigurableApplicationContext getServletContext( final String profiles, final String uaaYamlPath) { - String[] yamlFiles = new String[]{"required_configuration.yml", "login.yml", uaaYamlPath}; + String[] yamlFiles = new String[]{"required_configuration.yml", uaaYamlPath}; abstractRefreshableWebApplicationContext.setServletContext(mockServletContext); MockServletConfig servletConfig = new MockServletConfig(mockServletContext); From a6d578b6bb42e61bb8b225d54ff3e28a12f2f4c0 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Wed, 27 Nov 2019 16:31:57 -0600 Subject: [PATCH 021/111] Test Refactor - Move Extensions to dedicated package [nostory] --- .../identity/uaa/account/EmailChangeEmailServiceTest.java | 2 +- .../identity/uaa/account/PasswordResetEndpointTest.java | 2 +- .../identity/uaa/annotations/WithDatabaseContext.java | 2 +- .../identity/uaa/audit/event/SystemDeletableTest.java | 2 +- .../uaa/authentication/AuthzAuthenticationFilterTests.java | 2 +- .../authentication/PasswordChangeUiRequiredFilterTest.java | 2 +- .../uaa/authentication/UaaAuthenticationDetailsTest.java | 2 +- .../manager/AuthzAuthenticationManagerTests.java | 2 +- .../manager/LdapLoginAuthenticationManagerTests.java | 2 +- .../manager/LoginAuthenticationManagerTests.java | 2 +- .../manager/PasswordGrantAuthenticationManagerTest.java | 2 +- .../identity/uaa/client/ClientAdminEndpointsTests.java | 2 +- .../PollutionPreventionExtension.java | 2 +- .../config => extensions}/SpringProfileCleanupExtension.java | 2 +- .../uaa/impl/config/YamlServletProfileInitializerTest.java | 3 ++- .../uaa/invitations/EmailInvitationsServiceTests.java | 2 +- .../identity/uaa/login/AccountsControllerTest.java | 2 +- .../uaa/login/AutologinAuthenticationManagerTest.java | 2 +- .../identity/uaa/login/ChangeEmailControllerTest.java | 2 +- .../identity/uaa/login/ChangePasswordControllerTest.java | 2 +- .../identity/uaa/login/EmailAccountCreationServiceTests.java | 2 +- .../cloudfoundry/identity/uaa/login/EmailServiceTests.java | 2 +- .../uaa/login/ForcePasswordChangeControllerTest.java | 2 +- .../identity/uaa/login/HomeControllerViewTests.java | 2 +- .../identity/uaa/login/LoginInfoEndpointTests.java | 2 +- .../identity/uaa/login/ProfileControllerMockMvcTests.java | 2 +- .../identity/uaa/login/ResetPasswordControllerTest.java | 2 +- .../identity/uaa/message/LocalUaaRestTemplateTests.java | 2 +- .../identity/uaa/mfa/MfaUiRequiredFilterTests.java | 2 +- .../uaa/mfa/UserGoogleMfaCredentialsProvisioningTest.java | 2 +- .../identity/uaa/oauth/ClientAccessTokenValidityTest.java | 2 +- .../identity/uaa/oauth/ClientRefreshTokenValidityTest.java | 2 +- .../identity/uaa/oauth/IntrospectEndpointTest.java | 2 +- .../uaa/oauth/UaaAuthorizationRequestManagerTests.java | 2 +- .../identity/uaa/oauth/openid/IdTokenCreatorTest.java | 2 +- .../identity/uaa/oauth/token/KeyInfoServiceTests.java | 2 +- .../identity/uaa/oauth/token/TokenKeyEndpointTests.java | 2 +- .../uaa/provider/saml/SamlSessionStorageFactoryTests.java | 2 +- .../uaa/provider/saml/ZoneAwareMetadataGeneratorTests.java | 2 +- .../provider/saml/idp/NonSnarlIdpMetadataManagerTest.java | 2 +- .../uaa/resources/jdbc/LimitSqlAdapterFactoryTest.java | 2 +- .../uaa/scim/endpoints/ChangeEmailEndpointsMockMvcTest.java | 2 +- .../cloudfoundry/identity/uaa/scim/util/ScimUtilsTest.java | 2 +- .../uaa/scim/validate/UaaPasswordPolicyValidatorTests.java | 2 +- .../cloudfoundry/identity/uaa/util/UaaStringUtilsTest.java | 2 +- .../org/cloudfoundry/identity/uaa/util/UaaUrlUtilsTest.java | 2 +- .../identity/uaa/web/beans/UaaSessionConfigTest.java | 2 +- .../identity/uaa/zone/IdentityZoneHolderTest.java | 2 +- .../uaa/zone/ZoneAwareClientSecretPolicyValidatorTests.java | 2 +- .../identity/uaa/zone/beans/IdentityZoneManagerImplTest.java | 2 +- .../uaa/zone/event/IdentityProviderModifiedEventTest.java | 2 +- .../org/cloudfoundry/identity/uaa/DefaultTestContext.java | 2 +- .../manager/DynamicZoneAwareAuthenticationManagerTest.java | 2 +- .../org/cloudfoundry/identity/uaa/login/BootstrapTests.java | 5 ++--- .../identity/uaa/test/PollutionPreventionExtensionTests.java | 2 +- 55 files changed, 57 insertions(+), 57 deletions(-) rename server/src/test/java/org/cloudfoundry/identity/uaa/{security => extensions}/PollutionPreventionExtension.java (95%) rename server/src/test/java/org/cloudfoundry/identity/uaa/{impl/config => extensions}/SpringProfileCleanupExtension.java (95%) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/account/EmailChangeEmailServiceTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/account/EmailChangeEmailServiceTest.java index 892298a68a2..a92e86a9c17 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/account/EmailChangeEmailServiceTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/account/EmailChangeEmailServiceTest.java @@ -11,7 +11,7 @@ import org.cloudfoundry.identity.uaa.message.MessageType; import org.cloudfoundry.identity.uaa.scim.ScimUser; import org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.util.JsonUtils; import org.cloudfoundry.identity.uaa.zone.*; import org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/account/PasswordResetEndpointTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/account/PasswordResetEndpointTest.java index a91c9f2d21e..59540bd360b 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/account/PasswordResetEndpointTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/account/PasswordResetEndpointTest.java @@ -10,7 +10,7 @@ import org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException; import org.cloudfoundry.identity.uaa.scim.test.JsonObjectMatcherUtils; import org.cloudfoundry.identity.uaa.scim.validate.PasswordValidator; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.test.MockAuthentication; import org.cloudfoundry.identity.uaa.util.JsonUtils; import org.cloudfoundry.identity.uaa.zone.MultitenantClientServices; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/annotations/WithDatabaseContext.java b/server/src/test/java/org/cloudfoundry/identity/uaa/annotations/WithDatabaseContext.java index 4b02a80b14b..1a0bbb5f461 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/annotations/WithDatabaseContext.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/annotations/WithDatabaseContext.java @@ -1,6 +1,6 @@ package org.cloudfoundry.identity.uaa.annotations; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.util.beans.PasswordEncoderConfig; import org.junit.jupiter.api.extension.ExtendWith; import org.springframework.context.annotation.Configuration; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/audit/event/SystemDeletableTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/audit/event/SystemDeletableTest.java index 0cd2ebaa92a..9f8f18299c0 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/audit/event/SystemDeletableTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/audit/event/SystemDeletableTest.java @@ -4,7 +4,7 @@ import org.cloudfoundry.identity.uaa.mfa.MfaProvider; import org.cloudfoundry.identity.uaa.provider.IdentityProvider; import org.cloudfoundry.identity.uaa.scim.ScimUser; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.user.UaaUser; import org.cloudfoundry.identity.uaa.user.UaaUserPrototype; import org.cloudfoundry.identity.uaa.zone.IdentityZone; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/AuthzAuthenticationFilterTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/AuthzAuthenticationFilterTests.java index 02a438b3b8d..65314764007 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/AuthzAuthenticationFilterTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/AuthzAuthenticationFilterTests.java @@ -1,6 +1,6 @@ package org.cloudfoundry.identity.uaa.authentication; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.util.SessionUtils; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/PasswordChangeUiRequiredFilterTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/PasswordChangeUiRequiredFilterTest.java index 4fdbf169683..1f99c76cac6 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/PasswordChangeUiRequiredFilterTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/PasswordChangeUiRequiredFilterTest.java @@ -1,6 +1,6 @@ package org.cloudfoundry.identity.uaa.authentication; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.util.SessionUtils; import org.cloudfoundry.identity.uaa.web.UaaSavedRequestCache; import org.junit.jupiter.api.AfterEach; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/UaaAuthenticationDetailsTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/UaaAuthenticationDetailsTest.java index a44b7823579..78e34a4b03c 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/UaaAuthenticationDetailsTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/UaaAuthenticationDetailsTest.java @@ -1,6 +1,6 @@ package org.cloudfoundry.identity.uaa.authentication; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; import org.springframework.mock.web.MockHttpServletRequest; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/AuthzAuthenticationManagerTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/AuthzAuthenticationManagerTests.java index 5a048129ebe..895e5379e3d 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/AuthzAuthenticationManagerTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/AuthzAuthenticationManagerTests.java @@ -16,7 +16,7 @@ import org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning; import org.cloudfoundry.identity.uaa.provider.PasswordPolicy; import org.cloudfoundry.identity.uaa.provider.UaaIdentityProviderDefinition; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.user.UaaAuthority; import org.cloudfoundry.identity.uaa.user.UaaUser; import org.cloudfoundry.identity.uaa.user.UaaUserDatabase; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/LdapLoginAuthenticationManagerTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/LdapLoginAuthenticationManagerTests.java index 567d99d0660..8533dd6de49 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/LdapLoginAuthenticationManagerTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/LdapLoginAuthenticationManagerTests.java @@ -7,7 +7,7 @@ import org.cloudfoundry.identity.uaa.provider.LdapIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.provider.ldap.extension.ExtendedLdapUserImpl; import org.cloudfoundry.identity.uaa.provider.ldap.extension.LdapAuthority; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.user.UaaAuthority; import org.cloudfoundry.identity.uaa.user.UaaUser; import org.cloudfoundry.identity.uaa.user.UaaUserDatabase; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/LoginAuthenticationManagerTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/LoginAuthenticationManagerTests.java index 01a4adceeb9..f2896533463 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/LoginAuthenticationManagerTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/LoginAuthenticationManagerTests.java @@ -5,7 +5,7 @@ import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; import org.cloudfoundry.identity.uaa.authentication.event.IdentityProviderAuthenticationSuccessEvent; import org.cloudfoundry.identity.uaa.constants.OriginKeys; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.test.TestApplicationEventPublisher; import org.cloudfoundry.identity.uaa.user.UaaAuthority; import org.cloudfoundry.identity.uaa.user.UaaUser; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/PasswordGrantAuthenticationManagerTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/PasswordGrantAuthenticationManagerTest.java index 474cdb12ed2..2f617374929 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/PasswordGrantAuthenticationManagerTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/PasswordGrantAuthenticationManagerTest.java @@ -15,7 +15,7 @@ import org.cloudfoundry.identity.uaa.provider.oauth.XOAuthAuthenticationManager; import org.cloudfoundry.identity.uaa.provider.oauth.XOAuthCodeToken; import org.cloudfoundry.identity.uaa.provider.oauth.XOAuthProviderConfigurator; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.zone.MultitenantClientServices; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.junit.jupiter.api.AfterEach; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/client/ClientAdminEndpointsTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/client/ClientAdminEndpointsTests.java index c5868451dc5..114820a827c 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/client/ClientAdminEndpointsTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/client/ClientAdminEndpointsTests.java @@ -10,7 +10,7 @@ import org.cloudfoundry.identity.uaa.resources.QueryableResourceManager; import org.cloudfoundry.identity.uaa.resources.ResourceMonitor; import org.cloudfoundry.identity.uaa.resources.SearchResults; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.security.beans.SecurityContextAccessor; import org.cloudfoundry.identity.uaa.zone.ClientSecretPolicy; import org.cloudfoundry.identity.uaa.zone.IdentityZone; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/security/PollutionPreventionExtension.java b/server/src/test/java/org/cloudfoundry/identity/uaa/extensions/PollutionPreventionExtension.java similarity index 95% rename from server/src/test/java/org/cloudfoundry/identity/uaa/security/PollutionPreventionExtension.java rename to server/src/test/java/org/cloudfoundry/identity/uaa/extensions/PollutionPreventionExtension.java index 74ebbaf062c..8ce79434ee9 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/security/PollutionPreventionExtension.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/extensions/PollutionPreventionExtension.java @@ -1,4 +1,4 @@ -package org.cloudfoundry.identity.uaa.security; +package org.cloudfoundry.identity.uaa.extensions; import org.cloudfoundry.identity.uaa.test.TestUtils; import org.junit.jupiter.api.extension.AfterAllCallback; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/impl/config/SpringProfileCleanupExtension.java b/server/src/test/java/org/cloudfoundry/identity/uaa/extensions/SpringProfileCleanupExtension.java similarity index 95% rename from server/src/test/java/org/cloudfoundry/identity/uaa/impl/config/SpringProfileCleanupExtension.java rename to server/src/test/java/org/cloudfoundry/identity/uaa/extensions/SpringProfileCleanupExtension.java index 9f45dae34b5..f0719a19d50 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/impl/config/SpringProfileCleanupExtension.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/extensions/SpringProfileCleanupExtension.java @@ -1,4 +1,4 @@ -package org.cloudfoundry.identity.uaa.impl.config; +package org.cloudfoundry.identity.uaa.extensions; import org.junit.jupiter.api.extension.AfterAllCallback; import org.junit.jupiter.api.extension.BeforeAllCallback; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializerTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializerTest.java index 51b54ff44cd..dcfb14b1ce0 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializerTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializerTest.java @@ -3,7 +3,8 @@ import org.apache.commons.io.FileUtils; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.core.LoggerContext; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.SpringProfileCleanupExtension; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Nested; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/invitations/EmailInvitationsServiceTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/invitations/EmailInvitationsServiceTests.java index cf459fa0d38..096e1f578d3 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/invitations/EmailInvitationsServiceTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/invitations/EmailInvitationsServiceTests.java @@ -6,7 +6,7 @@ import org.cloudfoundry.identity.uaa.message.MessageService; import org.cloudfoundry.identity.uaa.scim.ScimUser; import org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.util.JsonUtils; import org.cloudfoundry.identity.uaa.zone.MultitenantClientServices; import org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerTest.java index 764b9d54374..8dea90db64b 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerTest.java @@ -10,7 +10,7 @@ import org.cloudfoundry.identity.uaa.provider.JdbcIdentityProviderProvisioning; import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/AutologinAuthenticationManagerTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/AutologinAuthenticationManagerTest.java index 8c72d2d62a1..a79aec4f52e 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/login/AutologinAuthenticationManagerTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/login/AutologinAuthenticationManagerTest.java @@ -9,7 +9,7 @@ import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeType; import org.cloudfoundry.identity.uaa.constants.OriginKeys; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.user.UaaUser; import org.cloudfoundry.identity.uaa.user.UaaUserDatabase; import org.cloudfoundry.identity.uaa.util.JsonUtils; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/ChangeEmailControllerTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/ChangeEmailControllerTest.java index 9db4ad18d1e..1b58a4d92ae 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/login/ChangeEmailControllerTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/login/ChangeEmailControllerTest.java @@ -7,7 +7,7 @@ import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.error.UaaException; import org.cloudfoundry.identity.uaa.home.BuildInfo; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.user.UaaAuthority; import org.cloudfoundry.identity.uaa.user.UaaUser; import org.cloudfoundry.identity.uaa.user.UaaUserDatabase; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/ChangePasswordControllerTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/ChangePasswordControllerTest.java index 529be875ac9..c5ca5f9ce43 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/login/ChangePasswordControllerTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/login/ChangePasswordControllerTest.java @@ -6,7 +6,7 @@ import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; import org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.user.UaaAuthority; import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.junit.jupiter.api.AfterEach; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/EmailAccountCreationServiceTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/EmailAccountCreationServiceTests.java index c06d5b479ae..893cdf20cee 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/login/EmailAccountCreationServiceTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/login/EmailAccountCreationServiceTests.java @@ -13,7 +13,7 @@ import org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException; import org.cloudfoundry.identity.uaa.scim.exception.ScimResourceAlreadyExistsException; import org.cloudfoundry.identity.uaa.scim.validate.PasswordValidator; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.util.JsonUtils; import org.cloudfoundry.identity.uaa.zone.*; import org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/EmailServiceTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/EmailServiceTests.java index 83be81811b7..f488efaefd1 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/login/EmailServiceTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/login/EmailServiceTests.java @@ -3,7 +3,7 @@ import org.cloudfoundry.identity.uaa.message.EmailService; import org.cloudfoundry.identity.uaa.message.MessageType; import org.cloudfoundry.identity.uaa.message.util.FakeJavaMailSender; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.zone.BrandingInformation; import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/ForcePasswordChangeControllerTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/ForcePasswordChangeControllerTest.java index 6de2453079e..ba4a43775c2 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/login/ForcePasswordChangeControllerTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/login/ForcePasswordChangeControllerTest.java @@ -4,7 +4,7 @@ import org.cloudfoundry.identity.uaa.account.ResetPasswordService; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/HomeControllerViewTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/HomeControllerViewTests.java index a8a29d05776..8a9bbc3b2c4 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/login/HomeControllerViewTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/login/HomeControllerViewTests.java @@ -5,7 +5,7 @@ import org.cloudfoundry.identity.uaa.client.JdbcClientMetadataProvisioning; import org.cloudfoundry.identity.uaa.home.BuildInfo; import org.cloudfoundry.identity.uaa.home.HomeController; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.zone.*; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpointTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpointTests.java index 1d83271ad34..e78baaaf03b 100755 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpointTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpointTests.java @@ -12,7 +12,7 @@ import org.cloudfoundry.identity.uaa.provider.oauth.XOAuthProviderConfigurator; import org.cloudfoundry.identity.uaa.provider.saml.LoginSamlAuthenticationToken; import org.cloudfoundry.identity.uaa.provider.saml.SamlIdentityProviderConfigurator; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.util.JsonUtils; import org.cloudfoundry.identity.uaa.util.PredicateMatcher; import org.cloudfoundry.identity.uaa.zone.*; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/ProfileControllerMockMvcTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/ProfileControllerMockMvcTests.java index c684a3198c9..cf47f3b2c0d 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/login/ProfileControllerMockMvcTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/login/ProfileControllerMockMvcTests.java @@ -8,7 +8,7 @@ import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.home.BuildInfo; import org.cloudfoundry.identity.uaa.oauth.client.ClientConstants; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.security.beans.SecurityContextAccessor; import org.cloudfoundry.identity.uaa.zone.MultitenantClientServices; import org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/ResetPasswordControllerTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/ResetPasswordControllerTest.java index 9c5df71d073..9514e239458 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/login/ResetPasswordControllerTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/login/ResetPasswordControllerTest.java @@ -8,7 +8,7 @@ import org.cloudfoundry.identity.uaa.home.BuildInfo; import org.cloudfoundry.identity.uaa.message.MessageService; import org.cloudfoundry.identity.uaa.message.MessageType; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.user.UaaUser; import org.cloudfoundry.identity.uaa.user.UaaUserDatabase; import org.cloudfoundry.identity.uaa.zone.*; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/message/LocalUaaRestTemplateTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/message/LocalUaaRestTemplateTests.java index 87716331064..bde6be1935d 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/message/LocalUaaRestTemplateTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/message/LocalUaaRestTemplateTests.java @@ -3,7 +3,7 @@ import com.google.common.collect.ImmutableMap; import com.google.common.collect.Sets; import org.cloudfoundry.identity.uaa.constants.OriginKeys; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.user.UaaAuthority; import org.cloudfoundry.identity.uaa.zone.MultitenantClientServices; import org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/MfaUiRequiredFilterTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/MfaUiRequiredFilterTests.java index bba7882cfdd..70273dd89c0 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/MfaUiRequiredFilterTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/MfaUiRequiredFilterTests.java @@ -9,7 +9,7 @@ import com.google.common.collect.Lists; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/UserGoogleMfaCredentialsProvisioningTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/UserGoogleMfaCredentialsProvisioningTest.java index 366521b9de8..3118b973894 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/UserGoogleMfaCredentialsProvisioningTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/UserGoogleMfaCredentialsProvisioningTest.java @@ -3,7 +3,7 @@ import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; import org.cloudfoundry.identity.uaa.mfa.exception.UserMfaConfigAlreadyExistsException; import org.cloudfoundry.identity.uaa.mfa.exception.UserMfaConfigDoesNotExistException; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.cloudfoundry.identity.uaa.zone.MfaConfig; import org.junit.jupiter.api.BeforeEach; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ClientAccessTokenValidityTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ClientAccessTokenValidityTest.java index 2df0d99b204..aaa20987792 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ClientAccessTokenValidityTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ClientAccessTokenValidityTest.java @@ -1,6 +1,6 @@ package org.cloudfoundry.identity.uaa.oauth; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration; import org.cloudfoundry.identity.uaa.zone.MultitenantClientServices; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ClientRefreshTokenValidityTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ClientRefreshTokenValidityTest.java index 0cd6d51ee40..b70f8405739 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ClientRefreshTokenValidityTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ClientRefreshTokenValidityTest.java @@ -1,6 +1,6 @@ package org.cloudfoundry.identity.uaa.oauth; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration; import org.cloudfoundry.identity.uaa.zone.MultitenantClientServices; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/IntrospectEndpointTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/IntrospectEndpointTest.java index d56fc8f2f7a..36f095c717e 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/IntrospectEndpointTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/IntrospectEndpointTest.java @@ -1,7 +1,7 @@ package org.cloudfoundry.identity.uaa.oauth; import org.cloudfoundry.identity.uaa.oauth.token.IntrospectionClaims; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthorizationRequestManagerTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthorizationRequestManagerTests.java index 86d39638c9d..51ef865cae9 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthorizationRequestManagerTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthorizationRequestManagerTests.java @@ -4,7 +4,7 @@ import org.cloudfoundry.identity.uaa.oauth.client.ClientConstants; import org.cloudfoundry.identity.uaa.oauth.token.TokenConstants; import org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.security.beans.SecurityContextAccessor; import org.cloudfoundry.identity.uaa.user.UaaUser; import org.cloudfoundry.identity.uaa.user.UaaUserDatabase; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/openid/IdTokenCreatorTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/openid/IdTokenCreatorTest.java index 6b73d40c332..018188e879f 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/openid/IdTokenCreatorTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/openid/IdTokenCreatorTest.java @@ -3,7 +3,7 @@ import org.cloudfoundry.identity.uaa.oauth.TokenEndpointBuilder; import org.cloudfoundry.identity.uaa.oauth.TokenValidityResolver; import org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.user.UaaUser; import org.cloudfoundry.identity.uaa.user.UaaUserDatabase; import org.cloudfoundry.identity.uaa.user.UaaUserPrototype; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/KeyInfoServiceTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/KeyInfoServiceTests.java index 3457e106eaa..b7ef57db085 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/KeyInfoServiceTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/KeyInfoServiceTests.java @@ -3,7 +3,7 @@ import org.cloudfoundry.identity.uaa.impl.config.LegacyTokenKey; import org.cloudfoundry.identity.uaa.oauth.KeyInfo; import org.cloudfoundry.identity.uaa.oauth.KeyInfoService; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/TokenKeyEndpointTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/TokenKeyEndpointTests.java index 7d7a4d9cebb..ef78ba3154b 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/TokenKeyEndpointTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/TokenKeyEndpointTests.java @@ -2,7 +2,7 @@ import org.cloudfoundry.identity.uaa.oauth.KeyInfoService; import org.cloudfoundry.identity.uaa.oauth.TokenKeyEndpoint; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.util.JsonUtils; import org.cloudfoundry.identity.uaa.util.MapCollector; import org.cloudfoundry.identity.uaa.zone.IdentityZone; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/SamlSessionStorageFactoryTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/SamlSessionStorageFactoryTests.java index 63fb2c414f4..1955cc9ce56 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/SamlSessionStorageFactoryTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/SamlSessionStorageFactoryTests.java @@ -1,6 +1,6 @@ package org.cloudfoundry.identity.uaa.provider.saml; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/ZoneAwareMetadataGeneratorTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/ZoneAwareMetadataGeneratorTests.java index 4fac0778747..7fa2c1f823f 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/ZoneAwareMetadataGeneratorTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/ZoneAwareMetadataGeneratorTests.java @@ -3,7 +3,7 @@ import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.cloudfoundry.identity.uaa.provider.saml.idp.SamlTestUtils; import org.cloudfoundry.identity.uaa.saml.SamlKey; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/idp/NonSnarlIdpMetadataManagerTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/idp/NonSnarlIdpMetadataManagerTest.java index 0a874d2f1ff..1c1a0fccdf1 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/idp/NonSnarlIdpMetadataManagerTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/idp/NonSnarlIdpMetadataManagerTest.java @@ -1,7 +1,7 @@ package org.cloudfoundry.identity.uaa.provider.saml.idp; import org.cloudfoundry.identity.uaa.provider.saml.ZoneAwareKeyManager; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.junit.jupiter.api.BeforeEach; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/resources/jdbc/LimitSqlAdapterFactoryTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/resources/jdbc/LimitSqlAdapterFactoryTest.java index 51c65c445b4..cad4952f86c 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/resources/jdbc/LimitSqlAdapterFactoryTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/resources/jdbc/LimitSqlAdapterFactoryTest.java @@ -1,7 +1,7 @@ package org.cloudfoundry.identity.uaa.resources.jdbc; import org.apache.commons.lang.StringUtils; -import org.cloudfoundry.identity.uaa.impl.config.SpringProfileCleanupExtension; +import org.cloudfoundry.identity.uaa.extensions.SpringProfileCleanupExtension; import org.junit.jupiter.api.extension.ExtendWith; import org.junit.jupiter.api.extension.ExtensionContext; import org.junit.jupiter.params.ParameterizedTest; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ChangeEmailEndpointsMockMvcTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ChangeEmailEndpointsMockMvcTest.java index 6743b334b80..31c0885f384 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ChangeEmailEndpointsMockMvcTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ChangeEmailEndpointsMockMvcTest.java @@ -7,7 +7,7 @@ import org.cloudfoundry.identity.uaa.scim.ScimUser; import org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning; import org.cloudfoundry.identity.uaa.scim.event.UserModifiedEvent; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/util/ScimUtilsTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/util/ScimUtilsTest.java index 34febc54b6d..6e41409d82a 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/util/ScimUtilsTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/util/ScimUtilsTest.java @@ -6,7 +6,7 @@ import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.scim.ScimUser; import org.cloudfoundry.identity.uaa.scim.exception.InvalidScimResourceException; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/validate/UaaPasswordPolicyValidatorTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/validate/UaaPasswordPolicyValidatorTests.java index 5f20bc92af6..0ae4bd052a4 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/validate/UaaPasswordPolicyValidatorTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/validate/UaaPasswordPolicyValidatorTests.java @@ -8,7 +8,7 @@ import org.cloudfoundry.identity.uaa.provider.UaaIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.scim.ScimUser; import org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.junit.jupiter.api.BeforeEach; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/util/UaaStringUtilsTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/util/UaaStringUtilsTest.java index 2489540950f..11ca5e3d0ff 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/util/UaaStringUtilsTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/util/UaaStringUtilsTest.java @@ -1,6 +1,6 @@ package org.cloudfoundry.identity.uaa.util; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.cloudfoundry.identity.uaa.zone.MultitenancyFixture; import org.junit.jupiter.api.BeforeEach; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/util/UaaUrlUtilsTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/util/UaaUrlUtilsTest.java index 38997f2ed98..9e0e096ddd2 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/util/UaaUrlUtilsTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/util/UaaUrlUtilsTest.java @@ -1,6 +1,6 @@ package org.cloudfoundry.identity.uaa.util; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.cloudfoundry.identity.uaa.zone.MultitenancyFixture; import org.junit.jupiter.api.AfterEach; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/web/beans/UaaSessionConfigTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/web/beans/UaaSessionConfigTest.java index 42a94fce12d..4898d610833 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/web/beans/UaaSessionConfigTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/web/beans/UaaSessionConfigTest.java @@ -1,6 +1,6 @@ package org.cloudfoundry.identity.uaa.web.beans; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneHolderTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneHolderTest.java index a1e486d554a..fb873546cf7 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneHolderTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneHolderTest.java @@ -15,7 +15,7 @@ package org.cloudfoundry.identity.uaa.zone; import org.cloudfoundry.identity.uaa.provider.saml.SamlKeyManagerFactory; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.junit.jupiter.api.*; import org.junit.jupiter.api.extension.ExtendWith; import org.mockito.InOrder; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/zone/ZoneAwareClientSecretPolicyValidatorTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/zone/ZoneAwareClientSecretPolicyValidatorTests.java index d332fb31a74..f2ffac9aa05 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/zone/ZoneAwareClientSecretPolicyValidatorTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/zone/ZoneAwareClientSecretPolicyValidatorTests.java @@ -1,6 +1,6 @@ package org.cloudfoundry.identity.uaa.zone; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/zone/beans/IdentityZoneManagerImplTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/zone/beans/IdentityZoneManagerImplTest.java index 0f4272e472a..5df6669b32f 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/zone/beans/IdentityZoneManagerImplTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/zone/beans/IdentityZoneManagerImplTest.java @@ -1,6 +1,6 @@ package org.cloudfoundry.identity.uaa.zone.beans; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Nested; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/zone/event/IdentityProviderModifiedEventTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/zone/event/IdentityProviderModifiedEventTest.java index 9537456ffca..5fbea85c8d9 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/zone/event/IdentityProviderModifiedEventTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/zone/event/IdentityProviderModifiedEventTest.java @@ -4,7 +4,7 @@ import org.cloudfoundry.identity.uaa.provider.IdentityProvider; import org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.provider.saml.BootstrapSamlIdentityProviderDataTests; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/DefaultTestContext.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/DefaultTestContext.java index b82ec78fd8e..62c4d7b9f45 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/DefaultTestContext.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/DefaultTestContext.java @@ -1,6 +1,6 @@ package org.cloudfoundry.identity.uaa; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.junit.jupiter.api.extension.ExtendWith; import org.springframework.test.context.ActiveProfiles; import org.springframework.test.context.ContextConfiguration; diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/DynamicZoneAwareAuthenticationManagerTest.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/DynamicZoneAwareAuthenticationManagerTest.java index 49275e35346..fc0ffc45b32 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/DynamicZoneAwareAuthenticationManagerTest.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/DynamicZoneAwareAuthenticationManagerTest.java @@ -10,7 +10,7 @@ import org.cloudfoundry.identity.uaa.scim.ScimGroupProvisioning; import org.cloudfoundry.identity.uaa.provider.IdentityProvider; import org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.cloudfoundry.identity.uaa.zone.MultitenancyFixture; diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java index 6595b4b5dab..ed9822d406d 100755 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java @@ -1,13 +1,13 @@ package org.cloudfoundry.identity.uaa.login; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.SpringProfileCleanupExtension; import org.cloudfoundry.identity.uaa.impl.config.IdentityZoneConfigurationBootstrap; -import org.cloudfoundry.identity.uaa.impl.config.SpringProfileCleanupExtension; import org.cloudfoundry.identity.uaa.impl.config.YamlServletProfileInitializer; import org.cloudfoundry.identity.uaa.provider.SamlIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.provider.saml.BootstrapSamlIdentityProviderData; import org.cloudfoundry.identity.uaa.scim.ScimGroup; import org.cloudfoundry.identity.uaa.scim.ScimGroupProvisioning; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.util.PredicateMatcher; import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration; @@ -81,7 +81,6 @@ public void afterAll(ExtensionContext context) { } } - @ExtendWith(PollutionPreventionExtension.class) @ExtendWith(SpringProfileCleanupExtension.class) class BootstrapTests { diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/test/PollutionPreventionExtensionTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/test/PollutionPreventionExtensionTests.java index f081ac9e1b0..27c3aed98ba 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/test/PollutionPreventionExtensionTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/test/PollutionPreventionExtensionTests.java @@ -1,7 +1,7 @@ package org.cloudfoundry.identity.uaa.test; import org.cloudfoundry.identity.uaa.SpringServletTestConfig; -import org.cloudfoundry.identity.uaa.security.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.cloudfoundry.identity.uaa.zone.JdbcIdentityZoneProvisioning; From 97b7344b2231080dcfaefba5e6f01ee9cab167f5 Mon Sep 17 00:00:00 2001 From: UAA Team Date: Mon, 2 Dec 2019 10:49:43 -0800 Subject: [PATCH 022/111] Increase number of databases created for tests. --- scripts/start_db_helper.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/start_db_helper.sh b/scripts/start_db_helper.sh index de629226e20..b7dcb37889a 100755 --- a/scripts/start_db_helper.sh +++ b/scripts/start_db_helper.sh @@ -3,9 +3,9 @@ set -eu script_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -# Number of gradle workers times 4, which was somewhat arbitrary but is sufficient in practice. +# Number of gradle workers times 5, which was somewhat arbitrary but is sufficient in practice. # We make extra dbs because a gradle worker ID can exceed the max number of workers. -NUM_OF_DATABASES_TO_CREATE=24 +NUM_OF_DATABASES_TO_CREATE=30 function createDB() { true From a0481615024b57a941ece0e20344bd8e983ea154 Mon Sep 17 00:00:00 2001 From: Jeremy Morony Date: Sat, 30 Nov 2019 08:41:39 -0800 Subject: [PATCH 023/111] Purge expired session from in memory map Prior to this commit, configuring the UAA to manage sessions in memory resulted in the use of `MapSessionRepository` to manage sessions. `MapSessionRepository` does not automatically remove expired sessions from it's backing map. And neither did the UAA, resulting in a memory leak. Now, register a scheduled task to remove expired sessions. The tasks frequency can be configured via the `servlet.session-purge-delay` property. [#170035178] --- .../uaa/web/beans/PurgeableSessionMap.java | 28 ++++++++++++ .../uaa/web/beans/UaaMemorySessionConfig.java | 11 +++-- .../web/beans/PurgeableSessionMapTest.java | 44 +++++++++++++++++++ 3 files changed, 79 insertions(+), 4 deletions(-) create mode 100644 server/src/main/java/org/cloudfoundry/identity/uaa/web/beans/PurgeableSessionMap.java create mode 100644 server/src/test/java/org/cloudfoundry/identity/uaa/web/beans/PurgeableSessionMapTest.java diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/web/beans/PurgeableSessionMap.java b/server/src/main/java/org/cloudfoundry/identity/uaa/web/beans/PurgeableSessionMap.java new file mode 100644 index 00000000000..b8a5d345a0d --- /dev/null +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/web/beans/PurgeableSessionMap.java @@ -0,0 +1,28 @@ +package org.cloudfoundry.identity.uaa.web.beans; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.scheduling.annotation.Scheduled; +import org.springframework.session.Session; +import org.springframework.stereotype.Component; + +import java.util.List; +import java.util.concurrent.ConcurrentHashMap; + +import static java.util.stream.Collectors.toList; + +@Component +class PurgeableSessionMap extends ConcurrentHashMap { + private final static Logger logger = LoggerFactory.getLogger(PurgeableSessionMap.class); + + @Scheduled(fixedDelayString = "${servlet-session-purge-delay:900000}") + public void purge() { + List expired = expired(); + expired.forEach(s -> remove(s.getId())); + logger.debug(String.format("Purged %s sessions", expired.size())); + } + + public List expired() { + return values().stream().filter(Session::isExpired).collect(toList()); + } +} diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/web/beans/UaaMemorySessionConfig.java b/server/src/main/java/org/cloudfoundry/identity/uaa/web/beans/UaaMemorySessionConfig.java index aeb619b2ea1..3d1802779bb 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/web/beans/UaaMemorySessionConfig.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/web/beans/UaaMemorySessionConfig.java @@ -7,14 +7,14 @@ import org.springframework.context.annotation.*; import org.springframework.core.type.AnnotatedTypeMetadata; import org.springframework.lang.NonNull; +import org.springframework.scheduling.annotation.EnableScheduling; import org.springframework.session.MapSessionRepository; import org.springframework.session.config.annotation.web.http.EnableSpringHttpSession; -import java.util.concurrent.ConcurrentHashMap; - @Configuration @Conditional(UaaMemorySessionConfig.MemoryConfigured.class) @EnableSpringHttpSession +@EnableScheduling public class UaaMemorySessionConfig extends UaaSessionConfig { private final static Logger logger = LoggerFactory.getLogger(UaaMemorySessionConfig.class); @@ -29,8 +29,11 @@ public boolean matches(@NonNull ConditionContext context, @NonNull AnnotatedType } @Bean - public MapSessionRepository sessionRepository(final @Value("${servlet.idle-timeout:1800}") int idleTimeout) { - MapSessionRepository sessionRepository = new MapSessionRepository(new ConcurrentHashMap<>()); + public MapSessionRepository sessionRepository( + final @Value("${servlet.idle-timeout:1800}") int idleTimeout, + @Autowired PurgeableSessionMap purgeableSessionMap + ) { + MapSessionRepository sessionRepository = new MapSessionRepository(purgeableSessionMap); sessionRepository.setDefaultMaxInactiveInterval(idleTimeout); return sessionRepository; } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/web/beans/PurgeableSessionMapTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/web/beans/PurgeableSessionMapTest.java new file mode 100644 index 00000000000..ea622fd56c3 --- /dev/null +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/web/beans/PurgeableSessionMapTest.java @@ -0,0 +1,44 @@ +package org.cloudfoundry.identity.uaa.web.beans; + +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.springframework.session.Session; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + +class PurgeableSessionMapTest { + private static final String SESSION_ID = "id"; + private PurgeableSessionMap sessions; + + @BeforeEach + void setUp() { + sessions = new PurgeableSessionMap(); + } + + @Test + void doesNotDeleteActiveSessions() { + sessions.put(SESSION_ID, createSession(SESSION_ID, false)); + + sessions.purge(); + assertThat(sessions).hasSize(1); + assertThat(sessions).containsKey(SESSION_ID); + } + + @Test + void deletesActiveSessions() { + sessions.put(SESSION_ID, createSession(SESSION_ID, true)); + + sessions.purge(); + assertThat(sessions).hasSize(0); + } + + private Session createSession(String id, boolean expired) { + Session session = mock(Session.class); + when(session.getId()).thenReturn(id); + when(session.isExpired()).thenReturn(expired); + + return session; + } +} \ No newline at end of file From 95e94b52406113b94833f2ac289020d72cc66a58 Mon Sep 17 00:00:00 2001 From: Philipp Schon Date: Tue, 3 Dec 2019 11:27:05 +0100 Subject: [PATCH 024/111] Add DB index on revocable tokens Signed-off-by: Florian Tack --- .../uaa/db/hsqldb/V4_99_1575367461__revocable_token_index.sql | 1 + .../uaa/db/mysql/V4_99_1575367461__revocable_token_index.sql | 1 + .../db/postgresql/V4_99_1575367461__revocable_token_index.sql | 1 + 3 files changed, 3 insertions(+) create mode 100644 server/src/main/resources/org/cloudfoundry/identity/uaa/db/hsqldb/V4_99_1575367461__revocable_token_index.sql create mode 100644 server/src/main/resources/org/cloudfoundry/identity/uaa/db/mysql/V4_99_1575367461__revocable_token_index.sql create mode 100644 server/src/main/resources/org/cloudfoundry/identity/uaa/db/postgresql/V4_99_1575367461__revocable_token_index.sql diff --git a/server/src/main/resources/org/cloudfoundry/identity/uaa/db/hsqldb/V4_99_1575367461__revocable_token_index.sql b/server/src/main/resources/org/cloudfoundry/identity/uaa/db/hsqldb/V4_99_1575367461__revocable_token_index.sql new file mode 100644 index 00000000000..a9b0f81aa46 --- /dev/null +++ b/server/src/main/resources/org/cloudfoundry/identity/uaa/db/hsqldb/V4_99_1575367461__revocable_token_index.sql @@ -0,0 +1 @@ +CREATE INDEX IF NOT EXISTS revocable_tokens_user_id_client_id_response_type_identity__idx on revocable_tokens (user_id, client_id, response_type, identity_zone_id); diff --git a/server/src/main/resources/org/cloudfoundry/identity/uaa/db/mysql/V4_99_1575367461__revocable_token_index.sql b/server/src/main/resources/org/cloudfoundry/identity/uaa/db/mysql/V4_99_1575367461__revocable_token_index.sql new file mode 100644 index 00000000000..7c9272e3b50 --- /dev/null +++ b/server/src/main/resources/org/cloudfoundry/identity/uaa/db/mysql/V4_99_1575367461__revocable_token_index.sql @@ -0,0 +1 @@ +CREATE INDEX revocable_tokens_user_id_client_id_response_type_identity__idx on revocable_tokens (user_id, client_id, response_type, identity_zone_id); diff --git a/server/src/main/resources/org/cloudfoundry/identity/uaa/db/postgresql/V4_99_1575367461__revocable_token_index.sql b/server/src/main/resources/org/cloudfoundry/identity/uaa/db/postgresql/V4_99_1575367461__revocable_token_index.sql new file mode 100644 index 00000000000..7ef09293c75 --- /dev/null +++ b/server/src/main/resources/org/cloudfoundry/identity/uaa/db/postgresql/V4_99_1575367461__revocable_token_index.sql @@ -0,0 +1 @@ +CREATE INDEX CONCURRENTLY IF NOT EXISTS revocable_tokens_user_id_client_id_response_type_identity__idx on revocable_tokens(user_id, client_id, response_type, identity_zone_id); From 9f5af96bcf726ba36a00cf610d8d66cfcd154ccd Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Tue, 3 Dec 2019 11:13:01 +0000 Subject: [PATCH 025/111] Bump spring-framework-bom from 5.2.1.RELEASE to 5.2.2.RELEASE Bumps [spring-framework-bom](https://github.com/spring-projects/spring-framework) from 5.2.1.RELEASE to 5.2.2.RELEASE. - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.2.1.RELEASE...v5.2.2.RELEASE) Signed-off-by: dependabot-preview[bot] --- dependencies.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependencies.gradle b/dependencies.gradle index 938cbde7521..a0717f31a0b 100644 --- a/dependencies.gradle +++ b/dependencies.gradle @@ -18,7 +18,7 @@ versions.springBootVersion = "2.2.1.RELEASE" versions.springSecurityJwtVersion = "1.1.0.RELEASE" versions.springSecurityOAuthVersion = "2.4.0.RELEASE" versions.springSecuritySamlVersion = "1.0.10.RELEASE" -versions.springVersion = "5.2.1.RELEASE" +versions.springVersion = "5.2.2.RELEASE" versions.tomcatVersion = "${tomcatVersion}" versions.xmlBind = "2.3.0" From 334c870799a5efd818737c8a9dee79de4b1e9517 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 3 Dec 2019 13:13:36 -0600 Subject: [PATCH 026/111] Test Refactor - IdentityZoneResolvingFilterTests - Apply IntelliJ sanitizations [#170083097] --- .../IdentityZoneResolvingFilterTests.java | 45 +++++++------------ 1 file changed, 16 insertions(+), 29 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneResolvingFilterTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneResolvingFilterTests.java index cb5ce4279f3..5ab0e4096d0 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneResolvingFilterTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneResolvingFilterTests.java @@ -1,17 +1,3 @@ -/** - ******************************************************************************* - * Cloud Foundry - * Copyright (c) [2009-2015] Pivotal Software, Inc. All Rights Reserved. - *

- * This product is licensed to you under the Apache License, Version 2.0 (the "License"). - * You may not use this product except in compliance with the License. - *

- * This product includes a number of subcomponents with - * separate copyright notices and license terms. Your use of these - * subcomponents is subject to the terms and conditions of the - * subcomponent's license, as noted in the LICENSE file. - ***************************************************************************** - */ package org.cloudfoundry.identity.uaa.zone; import org.cloudfoundry.identity.uaa.test.JdbcTestBase; @@ -38,12 +24,13 @@ public class IdentityZoneResolvingFilterTests extends JdbcTestBase { - private boolean wasFilterExecuted = false; + private boolean wasFilterExecuted; private IdentityZoneProvisioning dao; @Before public void createDao() { dao = new JdbcIdentityZoneProvisioning(jdbcTemplate); + wasFilterExecuted = false; } @Test @@ -54,7 +41,7 @@ public void holderIsSetWithDefaultIdentityZone() { @Test public void holderIsSetWithMatchingIdentityZone() throws Exception { - assertFindsCorrectSubdomain("myzone", "myzone.uaa.mycf.com", "uaa.mycf.com","login.mycf.com"); + assertFindsCorrectSubdomain("myzone", "myzone.uaa.mycf.com", "uaa.mycf.com", "login.mycf.com"); } @Test @@ -64,18 +51,18 @@ public void holderIsSetWithMatchingIdentityZoneWhenSubdomainContainsUaaHostname( @Test public void holderIsSetWithUAAIdentityZone() throws Exception { - assertFindsCorrectSubdomain("", "uaa.mycf.com", "uaa.mycf.com","login.mycf.com"); - assertFindsCorrectSubdomain("", "login.mycf.com", "uaa.mycf.com","login.mycf.com"); + assertFindsCorrectSubdomain("", "uaa.mycf.com", "uaa.mycf.com", "login.mycf.com"); + assertFindsCorrectSubdomain("", "login.mycf.com", "uaa.mycf.com", "login.mycf.com"); } @Test public void holderIsResolvedWithCaseInsensitiveIdentityZone() throws Exception { - assertFindsCorrectSubdomain("", "Login.MyCF.COM", "uaa.mycf.com","login.mycf.com"); + assertFindsCorrectSubdomain("", "Login.MyCF.COM", "uaa.mycf.com", "login.mycf.com"); } @Test public void holderIsSetWithCaseInsensitiveIdentityZone() throws Exception { - assertFindsCorrectSubdomain("", "login.mycf.com", "uaa.mycf.com","Login.MyCF.COM"); + assertFindsCorrectSubdomain("", "login.mycf.com", "uaa.mycf.com", "Login.MyCF.COM"); } @Test @@ -83,7 +70,7 @@ public void doNotThrowException_InCase_RetrievingZoneFails() throws Exception { MockHttpServletRequest request = new MockHttpServletRequest(); String incomingSubdomain = "not_a_zone"; String uaaHostname = "uaa.mycf.com"; - String incomingHostname = incomingSubdomain+"."+uaaHostname; + String incomingHostname = incomingSubdomain + "." + uaaHostname; request.setServerName(incomingHostname); MockHttpServletResponse response = new MockHttpServletResponse(); @@ -95,7 +82,7 @@ public void doNotThrowException_InCase_RetrievingZoneFails() throws Exception { assertEquals(HttpServletResponse.SC_NOT_FOUND, response.getStatus()); assertEquals(IdentityZone.getUaa(), IdentityZoneHolder.get()); - Mockito.verifyZeroInteractions(chain); + Mockito.verifyNoInteractions(chain); } private void assertFindsCorrectSubdomain(final String subDomainInput, final String incomingHostname, String... additionalInternalHostnames) throws ServletException, IOException { @@ -134,7 +121,7 @@ public void doFilter(ServletRequest request, ServletResponse response) { public void holderIsNotSetWithNonMatchingIdentityZone() throws Exception { String incomingSubdomain = "not_a_zone"; String uaaHostname = "uaa.mycf.com"; - String incomingHostname = incomingSubdomain+"."+uaaHostname; + String incomingHostname = incomingSubdomain + "." + uaaHostname; IdentityZoneResolvingFilter filter = new IdentityZoneResolvingFilter(); @@ -156,21 +143,21 @@ public void holderIsNotSetWithNonMatchingIdentityZone() throws Exception { } @Test - public void setDefaultZoneHostnamesWithNull() { + public void setDefaultZoneHostNamesWithNull() { IdentityZoneResolvingFilter filter = new IdentityZoneResolvingFilter(); filter.setDefaultInternalHostnames(null); assertTrue(filter.getDefaultZoneHostnames().isEmpty()); } @Test - public void setAdditionalZoneHostnamesWithNull() { + public void setAdditionalZoneHostNamesWithNull() { IdentityZoneResolvingFilter filter = new IdentityZoneResolvingFilter(); filter.setAdditionalInternalHostnames(null); assertTrue(filter.getDefaultZoneHostnames().isEmpty()); } @Test - public void setRestoreZoneHostnamesWithNull() { + public void setRestoreZoneHostNamesWithNull() { IdentityZoneResolvingFilter filter = new IdentityZoneResolvingFilter(); filter.setDefaultInternalHostnames(new HashSet<>(Collections.singletonList("uaa.mycf.com"))); filter.restoreDefaultHostnames(null); @@ -178,7 +165,7 @@ public void setRestoreZoneHostnamesWithNull() { } @Test - public void setDefaultZoneHostnames() { + public void setDefaultZoneHostNames() { IdentityZoneResolvingFilter filter = new IdentityZoneResolvingFilter(); filter.setDefaultInternalHostnames(new HashSet<>(Collections.singletonList("uaa.mycf.com"))); filter.setDefaultInternalHostnames(new HashSet<>(Collections.singletonList("uaa.MYCF2.com"))); @@ -188,7 +175,7 @@ public void setDefaultZoneHostnames() { } @Test - public void setAdditionalZoneHostnames() { + public void setAdditionalZoneHostNames() { IdentityZoneResolvingFilter filter = new IdentityZoneResolvingFilter(); filter.setAdditionalInternalHostnames(new HashSet<>(Collections.singletonList("uaa.mycf.com"))); filter.setAdditionalInternalHostnames(new HashSet<>(Collections.singletonList("uaa.MYCF2.com"))); @@ -198,7 +185,7 @@ public void setAdditionalZoneHostnames() { } @Test - public void setRestoreZoneHostnames() { + public void setRestoreZoneHostNames() { IdentityZoneResolvingFilter filter = new IdentityZoneResolvingFilter(); filter.setDefaultInternalHostnames(new HashSet<>(Collections.singletonList("uaa.mycf.com"))); filter.restoreDefaultHostnames(new HashSet<>(Collections.singletonList("uaa.MYCF2.com"))); From a76e5a5f3d12c024e497449c3e9c24fb057ff223 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 3 Dec 2019 13:15:52 -0600 Subject: [PATCH 027/111] Test Refactor - IdentityZoneResolvingFilterTests - Use WithDatabaseContext - Use JUnit5 [#170083097] --- .../IdentityZoneResolvingFilterTests.java | 48 ++++++++++--------- 1 file changed, 26 insertions(+), 22 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneResolvingFilterTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneResolvingFilterTests.java index 5ab0e4096d0..d659d2acb89 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneResolvingFilterTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneResolvingFilterTests.java @@ -1,9 +1,12 @@ package org.cloudfoundry.identity.uaa.zone; +import org.cloudfoundry.identity.uaa.annotations.WithDatabaseContext; import org.cloudfoundry.identity.uaa.test.JdbcTestBase; -import org.junit.Before; -import org.junit.Test; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; import org.mockito.Mockito; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.mock.web.MockFilterChain; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; @@ -18,55 +21,56 @@ import java.util.Collections; import java.util.HashSet; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertTrue; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertTrue; -public class IdentityZoneResolvingFilterTests extends JdbcTestBase { +@WithDatabaseContext +class IdentityZoneResolvingFilterTests { private boolean wasFilterExecuted; private IdentityZoneProvisioning dao; - @Before - public void createDao() { + @BeforeEach + void setUp(@Autowired JdbcTemplate jdbcTemplate) { dao = new JdbcIdentityZoneProvisioning(jdbcTemplate); wasFilterExecuted = false; } @Test - public void holderIsSetWithDefaultIdentityZone() { + void holderIsSetWithDefaultIdentityZone() { IdentityZoneHolder.clear(); assertEquals(IdentityZone.getUaa(), IdentityZoneHolder.get()); } @Test - public void holderIsSetWithMatchingIdentityZone() throws Exception { + void holderIsSetWithMatchingIdentityZone() throws Exception { assertFindsCorrectSubdomain("myzone", "myzone.uaa.mycf.com", "uaa.mycf.com", "login.mycf.com"); } @Test - public void holderIsSetWithMatchingIdentityZoneWhenSubdomainContainsUaaHostname() throws Exception { + void holderIsSetWithMatchingIdentityZoneWhenSubdomainContainsUaaHostname() throws Exception { assertFindsCorrectSubdomain("foo.uaa.mycf.com", "foo.uaa.mycf.com.uaa.mycf.com", "uaa.mycf.com", "login.mycf.com"); } @Test - public void holderIsSetWithUAAIdentityZone() throws Exception { + void holderIsSetWithUAAIdentityZone() throws Exception { assertFindsCorrectSubdomain("", "uaa.mycf.com", "uaa.mycf.com", "login.mycf.com"); assertFindsCorrectSubdomain("", "login.mycf.com", "uaa.mycf.com", "login.mycf.com"); } @Test - public void holderIsResolvedWithCaseInsensitiveIdentityZone() throws Exception { + void holderIsResolvedWithCaseInsensitiveIdentityZone() throws Exception { assertFindsCorrectSubdomain("", "Login.MyCF.COM", "uaa.mycf.com", "login.mycf.com"); } @Test - public void holderIsSetWithCaseInsensitiveIdentityZone() throws Exception { + void holderIsSetWithCaseInsensitiveIdentityZone() throws Exception { assertFindsCorrectSubdomain("", "login.mycf.com", "uaa.mycf.com", "Login.MyCF.COM"); } @Test - public void doNotThrowException_InCase_RetrievingZoneFails() throws Exception { + void doNotThrowException_InCase_RetrievingZoneFails() throws Exception { MockHttpServletRequest request = new MockHttpServletRequest(); String incomingSubdomain = "not_a_zone"; String uaaHostname = "uaa.mycf.com"; @@ -118,7 +122,7 @@ public void doFilter(ServletRequest request, ServletResponse response) { } @Test - public void holderIsNotSetWithNonMatchingIdentityZone() throws Exception { + void holderIsNotSetWithNonMatchingIdentityZone() throws Exception { String incomingSubdomain = "not_a_zone"; String uaaHostname = "uaa.mycf.com"; String incomingHostname = incomingSubdomain + "." + uaaHostname; @@ -143,21 +147,21 @@ public void holderIsNotSetWithNonMatchingIdentityZone() throws Exception { } @Test - public void setDefaultZoneHostNamesWithNull() { + void setDefaultZoneHostNamesWithNull() { IdentityZoneResolvingFilter filter = new IdentityZoneResolvingFilter(); filter.setDefaultInternalHostnames(null); assertTrue(filter.getDefaultZoneHostnames().isEmpty()); } @Test - public void setAdditionalZoneHostNamesWithNull() { + void setAdditionalZoneHostNamesWithNull() { IdentityZoneResolvingFilter filter = new IdentityZoneResolvingFilter(); filter.setAdditionalInternalHostnames(null); assertTrue(filter.getDefaultZoneHostnames().isEmpty()); } @Test - public void setRestoreZoneHostNamesWithNull() { + void setRestoreZoneHostNamesWithNull() { IdentityZoneResolvingFilter filter = new IdentityZoneResolvingFilter(); filter.setDefaultInternalHostnames(new HashSet<>(Collections.singletonList("uaa.mycf.com"))); filter.restoreDefaultHostnames(null); @@ -165,7 +169,7 @@ public void setRestoreZoneHostNamesWithNull() { } @Test - public void setDefaultZoneHostNames() { + void setDefaultZoneHostNames() { IdentityZoneResolvingFilter filter = new IdentityZoneResolvingFilter(); filter.setDefaultInternalHostnames(new HashSet<>(Collections.singletonList("uaa.mycf.com"))); filter.setDefaultInternalHostnames(new HashSet<>(Collections.singletonList("uaa.MYCF2.com"))); @@ -175,7 +179,7 @@ public void setDefaultZoneHostNames() { } @Test - public void setAdditionalZoneHostNames() { + void setAdditionalZoneHostNames() { IdentityZoneResolvingFilter filter = new IdentityZoneResolvingFilter(); filter.setAdditionalInternalHostnames(new HashSet<>(Collections.singletonList("uaa.mycf.com"))); filter.setAdditionalInternalHostnames(new HashSet<>(Collections.singletonList("uaa.MYCF2.com"))); @@ -185,7 +189,7 @@ public void setAdditionalZoneHostNames() { } @Test - public void setRestoreZoneHostNames() { + void setRestoreZoneHostNames() { IdentityZoneResolvingFilter filter = new IdentityZoneResolvingFilter(); filter.setDefaultInternalHostnames(new HashSet<>(Collections.singletonList("uaa.mycf.com"))); filter.restoreDefaultHostnames(new HashSet<>(Collections.singletonList("uaa.MYCF2.com"))); From 47717cc0e979c850c689bdeb802a4bbb698b5c4d Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 3 Dec 2019 13:18:12 -0600 Subject: [PATCH 028/111] Test Refactor - UserInfoTableTest - Apply IntelliJ sanitizations [#170083097] --- .../identity/uaa/db/UserInfoTableTest.java | 38 ++++++------------- 1 file changed, 11 insertions(+), 27 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/db/UserInfoTableTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/db/UserInfoTableTest.java index e703ae8144a..f08c973727d 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/db/UserInfoTableTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/db/UserInfoTableTest.java @@ -1,17 +1,3 @@ -/* - * **************************************************************************** - * Cloud Foundry - * Copyright (c) [2009-2016] Pivotal Software, Inc. All Rights Reserved. - * - * This product is licensed to you under the Apache License, Version 2.0 (the "License"). - * You may not use this product except in compliance with the License. - * - * This product includes a number of subcomponents with - * separate copyright notices and license terms. Your use of these - * subcomponents is subject to the terms and conditions of the - * subcomponent's license, as noted in the LICENSE file. - * **************************************************************************** - */ package org.cloudfoundry.identity.uaa.db; import org.cloudfoundry.identity.uaa.test.JdbcTestBase; @@ -29,38 +15,35 @@ public class UserInfoTableTest extends JdbcTestBase { - private String tableName = "user_info"; - - private List TEST_COLUMNS = Arrays.asList( - new TestColumn("user_id", "varchar", 36), - new TestColumn("info", "longvarchar/mediumtext", 0) + private static List TEST_COLUMNS = Arrays.asList( + new TestColumn("user_id", "varchar", 36), + new TestColumn("info", "longvarchar/mediumtext", 0) ); - @Override public void setUp() { MockEnvironment environment = new MockEnvironment(); - if (System.getProperty("spring.active.profiles")!=null) { + if (System.getProperty("spring.active.profiles") != null) { environment.setActiveProfiles(System.getProperty("spring.active.profiles")); } setUp(environment); } - public boolean testColumn(String name, String type, int size) { + private static boolean testColumn(String name, String type, int size) { return testColumn(TEST_COLUMNS, name, type, size); } - public boolean testColumn(List columns, String name, String type, int size) { + + private static boolean testColumn(List columns, String name, String type, int size) { for (TestColumn c : columns) { if (c.name.equalsIgnoreCase(name)) { + final boolean contains = c.type.toLowerCase().contains(type.toLowerCase()); return "varchar".equalsIgnoreCase(type) && !"info".equalsIgnoreCase(name) ? - c.type.toLowerCase().contains(type.toLowerCase()) && c.size == size : - c.type.toLowerCase().contains(type.toLowerCase()); + contains && c.size == size : contains; } } return false; } - @Test public void validate_table() throws Exception { try (Connection connection = dataSource.getConnection()) { @@ -68,6 +51,7 @@ public void validate_table() throws Exception { boolean foundTable = false; int foundColumn = 0; ResultSet rs = meta.getColumns(connection.getCatalog(), null, null, null); + String tableName = "user_info"; while (rs.next()) { String rstableName = rs.getString("TABLE_NAME"); String rscolumnName = rs.getString("COLUMN_NAME"); @@ -95,7 +79,7 @@ public static class TestColumn { public final String type; public final int size; - public TestColumn(String name, String type, int size) { + TestColumn(String name, String type, int size) { this.name = name; this.type = type; this.size = size; From e061513d22f1736cf445712a9dd9d235e2502c4e Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 3 Dec 2019 13:21:29 -0600 Subject: [PATCH 029/111] Test Refactor - UserInfoTableTest - Use WithDatabaseContext - Use JUnit5 [#170083097] --- .../identity/uaa/db/UserInfoTableTest.java | 33 ++++++++----------- 1 file changed, 14 insertions(+), 19 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/db/UserInfoTableTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/db/UserInfoTableTest.java index f08c973727d..b8829fa2a99 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/db/UserInfoTableTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/db/UserInfoTableTest.java @@ -1,34 +1,27 @@ package org.cloudfoundry.identity.uaa.db; -import org.cloudfoundry.identity.uaa.test.JdbcTestBase; -import org.junit.Test; -import org.springframework.mock.env.MockEnvironment; +import org.cloudfoundry.identity.uaa.annotations.WithDatabaseContext; +import org.junit.jupiter.api.Test; +import org.springframework.beans.factory.annotation.Autowired; +import javax.sql.DataSource; import java.sql.Connection; import java.sql.DatabaseMetaData; import java.sql.ResultSet; import java.util.Arrays; import java.util.List; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertTrue; -public class UserInfoTableTest extends JdbcTestBase { +@WithDatabaseContext +class UserInfoTableTest { private static List TEST_COLUMNS = Arrays.asList( new TestColumn("user_id", "varchar", 36), new TestColumn("info", "longvarchar/mediumtext", 0) ); - @Override - public void setUp() { - MockEnvironment environment = new MockEnvironment(); - if (System.getProperty("spring.active.profiles") != null) { - environment.setActiveProfiles(System.getProperty("spring.active.profiles")); - } - setUp(environment); - } - private static boolean testColumn(String name, String type, int size) { return testColumn(TEST_COLUMNS, name, type, size); } @@ -45,7 +38,9 @@ private static boolean testColumn(List columns, String name, String } @Test - public void validate_table() throws Exception { + void validate_table( + @Autowired DataSource dataSource + ) throws Exception { try (Connection connection = dataSource.getConnection()) { DatabaseMetaData meta = connection.getMetaData(); boolean foundTable = false; @@ -57,14 +52,14 @@ public void validate_table() throws Exception { String rscolumnName = rs.getString("COLUMN_NAME"); int columnSize = rs.getInt("COLUMN_SIZE"); if (tableName.equalsIgnoreCase(rstableName)) { - assertTrue("Testing column:" + rscolumnName, testColumn(rscolumnName, rs.getString("TYPE_NAME"), columnSize)); + assertTrue(testColumn(rscolumnName, rs.getString("TYPE_NAME"), columnSize), "Testing column:" + rscolumnName); foundTable = true; foundColumn++; } } rs.close(); - assertTrue("Table " + tableName + " not found!", foundTable); - assertEquals("Table " + tableName + " is missing columns!", TEST_COLUMNS.size(), foundColumn); + assertTrue(foundTable, "Table " + tableName + " not found!"); + assertEquals(TEST_COLUMNS.size(), foundColumn, "Table " + tableName + " is missing columns!"); rs = meta.getIndexInfo(connection.getCatalog(), null, tableName, false, false); if (!rs.next()) { From 46163bb989f5ed79458a4339dcf3310f55cfc18e Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 3 Dec 2019 13:22:51 -0600 Subject: [PATCH 030/111] Test Refactor - TableAndColumnNormalizationTest - Apply IntelliJ sanitizations [#170083097] --- .../db/TableAndColumnNormalizationTest.java | 20 ++++--------------- 1 file changed, 4 insertions(+), 16 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/db/TableAndColumnNormalizationTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/db/TableAndColumnNormalizationTest.java index 1a4b14dd4a2..8008104d58a 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/db/TableAndColumnNormalizationTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/db/TableAndColumnNormalizationTest.java @@ -1,23 +1,11 @@ -/******************************************************************************* - * Cloud Foundry - * Copyright (c) [2009-2016] Pivotal Software, Inc. All Rights Reserved. - * - * This product is licensed to you under the Apache License, Version 2.0 (the "License"). - * You may not use this product except in compliance with the License. - * - * This product includes a number of subcomponents with - * separate copyright notices and license terms. Your use of these - * subcomponents is subject to the terms and conditions of the - * subcomponent's license, as noted in the LICENSE file. - *******************************************************************************/ package org.cloudfoundry.identity.uaa.db; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.cloudfoundry.identity.uaa.test.JdbcTestBase; import org.junit.Assume; import org.junit.Before; import org.junit.Test; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import java.sql.Connection; import java.sql.DatabaseMetaData; @@ -34,8 +22,8 @@ public class TableAndColumnNormalizationTest extends JdbcTestBase { @Before public void checkMysqlOrPostgresqlProfile() { Assume.assumeTrue( - Arrays.asList(webApplicationContext.getEnvironment().getActiveProfiles()).contains("mysql") || - Arrays.asList(webApplicationContext.getEnvironment().getActiveProfiles()).contains("postgresql") + Arrays.asList(webApplicationContext.getEnvironment().getActiveProfiles()).contains("mysql") || + Arrays.asList(webApplicationContext.getEnvironment().getActiveProfiles()).contains("postgresql") ); } From 45ea7ecc164dc3b0379696656406107fb090c346 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 3 Dec 2019 13:29:36 -0600 Subject: [PATCH 031/111] Test Refactor - TableAndColumnNormalizationTest - Can't use WithDatabaseContext - Has custom Spring context :( - Use JUnit5 [#170083097] --- .../db/TableAndColumnNormalizationTest.java | 66 ++++++++++++++----- 1 file changed, 48 insertions(+), 18 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/db/TableAndColumnNormalizationTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/db/TableAndColumnNormalizationTest.java index 8008104d58a..a7d2439a640 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/db/TableAndColumnNormalizationTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/db/TableAndColumnNormalizationTest.java @@ -1,43 +1,74 @@ package org.cloudfoundry.identity.uaa.db; -import org.cloudfoundry.identity.uaa.test.JdbcTestBase; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.util.beans.PasswordEncoderConfig; import org.junit.Assume; -import org.junit.Before; -import org.junit.Test; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.ImportResource; +import org.springframework.test.context.ActiveProfiles; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit.jupiter.SpringExtension; +import org.springframework.test.context.web.WebAppConfiguration; +import org.springframework.web.context.WebApplicationContext; +import javax.sql.DataSource; import java.sql.Connection; import java.sql.DatabaseMetaData; import java.sql.ResultSet; import java.util.Arrays; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertTrue; -public class TableAndColumnNormalizationTest extends JdbcTestBase { +@Configuration +@ImportResource(locations = { + "classpath:spring/env.xml", + "classpath:spring/use_uaa_db_in_mysql_url.xml", // adds this one + "classpath:spring/data-source.xml", +}) +class TableAndColumnNormalizationTestConfiguration { +} + +@ExtendWith(SpringExtension.class) +@ExtendWith(PollutionPreventionExtension.class) +@ActiveProfiles("default") +@WebAppConfiguration +@ContextConfiguration(classes = { + TableAndColumnNormalizationTestConfiguration.class, + PasswordEncoderConfig.class +}) +class TableAndColumnNormalizationTest { private final Logger logger = LoggerFactory.getLogger(getClass()); - @Before - public void checkMysqlOrPostgresqlProfile() { + @Autowired + private DataSource dataSource; + + @BeforeEach + void checkMysqlOrPostgresqlProfile( + @Autowired WebApplicationContext webApplicationContext + ) { Assume.assumeTrue( Arrays.asList(webApplicationContext.getEnvironment().getActiveProfiles()).contains("mysql") || Arrays.asList(webApplicationContext.getEnvironment().getActiveProfiles()).contains("postgresql") ); } - @Override public String[] getWebApplicationContextConfigFiles() { return new String[]{ "classpath:spring/env.xml", - "classpath:spring/use_uaa_db_in_mysql_url.xml", // adds this one "classpath:spring/data-source.xml" }; } @Test - public void checkTables() throws Exception { + void checkTables() throws Exception { try (Connection connection = dataSource.getConnection()) { DatabaseMetaData metaData = connection.getMetaData(); ResultSet rs = metaData.getTables(null, null, null, new String[]{"TABLE"}); @@ -48,18 +79,17 @@ public void checkTables() throws Exception { if (name != null && DatabaseInformation1_5_3.tableNames.contains(name.toLowerCase())) { count++; logger.info("Validating table [" + name + "]"); - assertEquals(String.format("Table[%s] is not lower case.", name), - name.toLowerCase(), - name); + assertEquals(name.toLowerCase(), + name, + String.format("Table[%s] is not lower case.", name)); } } - assertEquals("Table count:", DatabaseInformation1_5_3.tableNames.size(), count); - + assertEquals(DatabaseInformation1_5_3.tableNames.size(), count, "Table count:"); } } @Test - public void checkColumns() throws Exception { + void checkColumns() throws Exception { try (Connection connection = dataSource.getConnection()) { DatabaseMetaData metaData = connection.getMetaData(); ResultSet rs = metaData.getColumns(null, null, null, null); @@ -74,7 +104,7 @@ public void checkColumns() throws Exception { assertEquals(String.format("Column[%s.%s] is not lower case.", name, col), col.toLowerCase(), col); } } - assertTrue("Getting columns from db metadata should have returned some results", hadSomeResults); + assertTrue(hadSomeResults, "Getting columns from db metadata should have returned some results"); } } } From 8d4122e3c657483cc2599c90cfcf21d0ea42f295 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 3 Dec 2019 13:34:06 -0600 Subject: [PATCH 032/111] Test Refactor - IdentityProviderBootstrapTest - Apply IntelliJ sanitizations [#170083097] --- .../config/IdentityProviderBootstrapTest.java | 186 +++++++++--------- 1 file changed, 89 insertions(+), 97 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrapTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrapTest.java index c2061be58b5..42f1d9d3ead 100755 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrapTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrapTest.java @@ -1,17 +1,3 @@ -/* - * ***************************************************************************** - * Cloud Foundry - * Copyright (c) [2009-2015] Pivotal Software, Inc. All Rights Reserved. - * This product is licensed to you under the Apache License, Version 2.0 (the "License"). - * You may not use this product except in compliance with the License. - * - * This product includes a number of subcomponents with - * separate copyright notices and license terms. Your use of these - * subcomponents is subject to the terms and conditions of the - * subcomponent's license, as noted in the LICENSE file. - * ***************************************************************************** - */ - package org.cloudfoundry.identity.uaa.config; import org.cloudfoundry.identity.uaa.audit.event.EntityDeletedEvent; @@ -48,7 +34,13 @@ import java.net.MalformedURLException; import java.net.URL; -import java.util.*; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; import static java.util.stream.Collectors.toList; import static org.cloudfoundry.identity.uaa.constants.OriginKeys.KEYSTONE; @@ -129,14 +121,14 @@ public void setup() throws Exception { } @Test - public void testUpgradeLDAPProvider() throws Exception { + public void upgradeLDAPProvider() throws Exception { String insertSQL = "INSERT INTO identity_provider (id,identity_zone_id,name,origin_key,type,config)VALUES ('ldap','uaa','ldap','ldap2','ldap','{\"ldapdebug\":\"Test debug\",\"profile\":{\"file\":\"ldap/ldap-search-and-bind.xml\"},\"base\":{\"url\":\"ldap://localhost:389/\",\"userDn\":\"cn=admin,dc=test,dc=com\",\"password\":\"password\",\"searchBase\":\"dc=test,dc=com\",\"searchFilter\":\"cn={0}\",\"referral\":\"follow\"},\"groups\":{\"file\":\"ldap/ldap-groups-map-to-scopes.xml\",\"searchBase\":\"dc=test,dc=com\",\"groupSearchFilter\":\"member={0}\",\"searchSubtree\":true,\"maxSearchDepth\":10,\"autoAdd\":true,\"ignorePartialResultException\":true}}')"; jdbcTemplate.update(insertSQL); bootstrap.afterPropertiesSet(); } @Test - public void testLdapProfileBootstrap() throws Exception { + public void ldapProfileBootstrap() throws Exception { environment.setActiveProfiles(LDAP); bootstrap.afterPropertiesSet(); @@ -151,18 +143,19 @@ public void testLdapProfileBootstrap() throws Exception { } @Test - public void testLdapBootstrap() throws Exception { + public void ldapBootstrap() throws Exception { final String idpDescription = "Test LDAP Provider Description"; - HashMap ldapConfig = getGenericLdapConfig(idpDescription); + HashMap ldapConfig = getGenericLdapConfig(); bootstrap.setLdapConfig(ldapConfig); bootstrap.afterPropertiesSet(); IdentityProvider ldapProvider = provisioning.retrieveByOriginIgnoreActiveFlag(LDAP, IdentityZoneHolder.get().getId()); - validateGenericLdapProvider(idpDescription, ldapProvider); + validateGenericLdapProvider(ldapProvider); } - public void validateGenericLdapProvider(String idpDescription, IdentityProvider ldapProvider) { + private static void validateGenericLdapProvider( + IdentityProvider ldapProvider) { assertNotNull(ldapProvider); assertNotNull(ldapProvider.getCreated()); assertNotNull(ldapProvider.getLastModified()); @@ -170,16 +163,16 @@ public void validateGenericLdapProvider(String idpDescription, IdentityProvider< assertThat(ldapProvider.getConfig().getEmailDomain(), containsInAnyOrder("test.domain")); assertEquals(Collections.singletonList("value"), ldapProvider.getConfig().getExternalGroupsWhitelist()); assertEquals("first_name", ldapProvider.getConfig().getAttributeMappings().get("given_name")); - assertEquals(idpDescription, ldapProvider.getConfig().getProviderDescription()); + assertEquals("Test LDAP Provider Description", ldapProvider.getConfig().getProviderDescription()); assertFalse(ldapProvider.getConfig().isStoreCustomAttributes()); } - private HashMap getGenericLdapConfig(String idpDescription) { + private static HashMap getGenericLdapConfig() { HashMap ldapConfig = new HashMap<>(); ldapConfig.put(EMAIL_DOMAIN_ATTR, Collections.singletonList("test.domain")); ldapConfig.put(STORE_CUSTOM_ATTRIBUTES_NAME, false); - ldapConfig.put(PROVIDER_DESCRIPTION, idpDescription); + ldapConfig.put(PROVIDER_DESCRIPTION, "Test LDAP Provider Description"); List attrMap = new ArrayList<>(); attrMap.add("value"); ldapConfig.put(EXTERNAL_GROUPS_WHITELIST, attrMap); @@ -191,31 +184,31 @@ private HashMap getGenericLdapConfig(String idpDescription) { } @Test - public void test_ldap_override_false() throws Exception { + public void ldapOverrideFalse() throws Exception { environment.setActiveProfiles(LDAP); final String idpDescription = "Test LDAP Provider Description"; - HashMap ldapConfig = getGenericLdapConfig(idpDescription); + HashMap ldapConfig = getGenericLdapConfig(); ldapConfig.put("override", false); bootstrap.setLdapConfig(ldapConfig); bootstrap.afterPropertiesSet(); IdentityProvider ldapProvider = provisioning.retrieveByOriginIgnoreActiveFlag(LDAP, IdentityZoneHolder.get().getId()); - validateGenericLdapProvider(idpDescription, ldapProvider); + validateGenericLdapProvider(ldapProvider); ldapConfig.put(EMAIL_DOMAIN_ATTR, Arrays.asList("test.domain", "test2.domain")); bootstrap.setLdapConfig(ldapConfig); bootstrap.afterPropertiesSet(); ldapProvider = provisioning.retrieveByOriginIgnoreActiveFlag(LDAP, IdentityZoneHolder.get().getId()); //no changes - validateGenericLdapProvider(idpDescription, ldapProvider); + validateGenericLdapProvider(ldapProvider); } @Test - public void testRemovedLdapBootstrapRemainsActive() throws Exception { + public void removedLdapBootstrapRemainsActive() throws Exception { environment.setActiveProfiles(LDAP); HashMap ldapConfig = new HashMap<>(); - ldapConfig.put("base.url","ldap://localhost:389/"); + ldapConfig.put("base.url", "ldap://localhost:389/"); bootstrap.setLdapConfig(ldapConfig); bootstrap.afterPropertiesSet(); @@ -255,7 +248,7 @@ public void testRemovedLdapBootstrapRemainsActive() throws Exception { } @Test - public void testKeystoneProfileBootstrap() throws Exception { + public void keystoneProfileBootstrap() throws Exception { environment.setActiveProfiles(KEYSTONE); bootstrap.afterPropertiesSet(); @@ -270,7 +263,7 @@ public void testKeystoneProfileBootstrap() throws Exception { } @Test - public void testKeystoneBootstrap() throws Exception { + public void keystoneBootstrap() throws Exception { HashMap keystoneConfig = new HashMap<>(); keystoneConfig.put("testkey", "testvalue"); bootstrap.setKeystoneConfig(keystoneConfig); @@ -285,7 +278,7 @@ public void testKeystoneBootstrap() throws Exception { } @Test - public void testRemovedKeystoneBootstrapIsInactive() throws Exception { + public void removedKeystoneBootstrapIsInactive() throws Exception { environment.setActiveProfiles(KEYSTONE); HashMap keystoneConfig = new HashMap<>(); keystoneConfig.put("testkey", "testvalue"); @@ -320,9 +313,8 @@ public void testRemovedKeystoneBootstrapIsInactive() throws Exception { assertTrue(keystoneProvider.isActive()); } - @Test - public void test_oauth_and_oidc_provider_deletion() throws Exception { + public void oauthAndOidcProviderDeletion() throws Exception { setOauthIDPWrappers(); bootstrap.setOriginsToDelete(new LinkedList(oauthProviderConfig.keySet())); bootstrap.afterPropertiesSet(); @@ -336,33 +328,33 @@ public void test_oauth_and_oidc_provider_deletion() throws Exception { } } - public void setOauthIDPWrappers() { + private void setOauthIDPWrappers() { List wrappers = new LinkedList<>(); oauthProviderConfig - .entrySet() - .forEach( - p -> { - IdentityProvider provider = new IdentityProvider(); - if (p.getValue() instanceof OIDCIdentityProviderDefinition) { - provider.setType(OIDC10); - } else if (p.getValue() instanceof RawXOAuthIdentityProviderDefinition) { - provider.setType(OAUTH20); - } - wrappers.add( - OauthIDPWrapperFactoryBean.getIdentityProviderWrapper( - p.getKey(), - p.getValue(), - provider, - true - ) - ); - } - ); + .entrySet() + .forEach( + p -> { + IdentityProvider provider = new IdentityProvider(); + if (p.getValue() instanceof OIDCIdentityProviderDefinition) { + provider.setType(OIDC10); + } else if (p.getValue() instanceof RawXOAuthIdentityProviderDefinition) { + provider.setType(OAUTH20); + } + wrappers.add( + OauthIDPWrapperFactoryBean.getIdentityProviderWrapper( + p.getKey(), + p.getValue(), + provider, + true + ) + ); + } + ); bootstrap.setOauthIdpDefinitions(wrappers); } @Test - public void test_oauth_and_oidc_provider_activation() throws Exception { + public void oauthAndOidcProviderActivation() throws Exception { setOauthIDPWrappers(); oidcProvider.setResponseType("code id_token"); bootstrap.afterPropertiesSet(); @@ -386,7 +378,7 @@ public void test_oauth_and_oidc_provider_activation() throws Exception { } - public void validateOauthOidcProvider(Map.Entry provider, IdentityProvider bootstrapOauthProvider) { + private void validateOauthOidcProvider(Map.Entry provider, IdentityProvider bootstrapOauthProvider) { assertNotNull(bootstrapOauthProvider); assertThat(oauthProviderConfig.values(), PredicateMatcher.has(c -> c.equals(bootstrapOauthProvider.getConfig()))); assertNotNull(bootstrapOauthProvider.getCreated()); @@ -402,7 +394,7 @@ public void validateOauthOidcProvider(Map.Entry originsToDelete = Arrays.asList( - samlIdentityProviderDefinition.getIdpEntityAlias(), - OIDC10 + samlIdentityProviderDefinition.getIdpEntityAlias(), + OIDC10 ); bootstrap.setSamlProviders(configurator); @@ -474,35 +466,35 @@ public void test_providers_deleted_and_not_created() throws Exception { ArgumentCaptor> captor = ArgumentCaptor.forClass(EntityDeletedEvent.class); verify(publisher, times(2)).publishEvent(captor.capture()); assertThat( - captor - .getAllValues() - .stream() - .map( - p -> p.getDeleted().getOriginKey() - ).collect(toList() - ), - containsInAnyOrder(originsToDelete.toArray()) + captor + .getAllValues() + .stream() + .map( + p -> p.getDeleted().getOriginKey() + ).collect(toList() + ), + containsInAnyOrder(originsToDelete.toArray()) ); } - public void configureSamlProviders(boolean override, SamlIdentityProviderDefinition... definitions) { + private void configureSamlProviders(boolean override, SamlIdentityProviderDefinition... definitions) { reset(configurator); List> wrappers = new LinkedList<>(); for (SamlIdentityProviderDefinition def : definitions) { IdentityProviderWrapper w = new IdentityProviderWrapper( - BootstrapSamlIdentityProviderData.parseSamlProvider(def) + BootstrapSamlIdentityProviderData.parseSamlProvider(def) ); w.setOverride(override); wrappers.add( - w + w ); } when(configurator.getSamlProviders()).thenReturn(wrappers); } @Test - public void test_saml_provider_override_false() throws Exception { - configureSamlProviders(true,samlIdentityProviderDefinition, samlIdentityProviderDefinition1); + public void samlProviderOverrideFalse() throws Exception { + configureSamlProviders(true, samlIdentityProviderDefinition, samlIdentityProviderDefinition1); bootstrap.setSamlProviders(configurator); bootstrap.afterPropertiesSet(); @@ -515,7 +507,7 @@ public void test_saml_provider_override_false() throws Exception { samlIdentityProviderDefinition.setMetaDataLocation("http://some.other.location"); samlIdentityProviderDefinition1.setMetaDataLocation("http://some.other.location"); - configureSamlProviders(false,samlIdentityProviderDefinition, samlIdentityProviderDefinition1); + configureSamlProviders(false, samlIdentityProviderDefinition, samlIdentityProviderDefinition1); bootstrap.setSamlProviders(configurator); bootstrap.afterPropertiesSet(); @@ -530,8 +522,8 @@ public void test_saml_provider_override_false() throws Exception { } @Test - public void test_saml_provider_not_deactivated() throws Exception { - configureSamlProviders(true,samlIdentityProviderDefinition, samlIdentityProviderDefinition1); + public void samlProviderNotDeactivated() throws Exception { + configureSamlProviders(true, samlIdentityProviderDefinition, samlIdentityProviderDefinition1); bootstrap.setSamlProviders(configurator); bootstrap.afterPropertiesSet(); @@ -553,7 +545,7 @@ public void test_saml_provider_not_deactivated() throws Exception { assertEquals(OriginKeys.SAML, samlProvider2.getType()); assertTrue(samlProvider2.isActive()); - configureSamlProviders(true,samlIdentityProviderDefinition); + configureSamlProviders(true, samlIdentityProviderDefinition); bootstrap.setSamlProviders(configurator); bootstrap.afterPropertiesSet(); @@ -573,7 +565,7 @@ public void test_saml_provider_not_deactivated() throws Exception { assertEquals(OriginKeys.SAML, samlProvider2.getType()); assertTrue(samlProvider2.isActive()); - configureSamlProviders(true,samlIdentityProviderDefinition1); + configureSamlProviders(true, samlIdentityProviderDefinition1); bootstrap.setSamlProviders(configurator); bootstrap.afterPropertiesSet(); @@ -652,7 +644,7 @@ public void setInternalUserManagementNotSet() throws Exception { } private void setDisableInternalUserManagement(String expectedValue) throws Exception { - bootstrap.setDisableInternalUserManagement(Boolean.valueOf(expectedValue)); + bootstrap.setDisableInternalUserManagement(Boolean.parseBoolean(expectedValue)); bootstrap.afterPropertiesSet(); IdentityProvider internalIDP = provisioning.retrieveByOriginIgnoreActiveFlag(OriginKeys.UAA, IdentityZone.getUaaZoneId()); @@ -696,24 +688,24 @@ public void setLockoutPolicyToInternalIDP() throws Exception { } @Test - public void deactivate_and_activate_InternalIDP() throws Exception { + public void deactivateAndActivateInternalIDP() throws Exception { environment.setProperty("disableInternalAuth", "true"); bootstrap.afterPropertiesSet(); - IdentityProvider internalIdp = provisioning.retrieveByOriginIgnoreActiveFlag(OriginKeys.UAA, IdentityZone.getUaaZoneId()); + IdentityProvider internalIdp = provisioning.retrieveByOriginIgnoreActiveFlag(OriginKeys.UAA, IdentityZone.getUaaZoneId()); assertFalse(internalIdp.isActive()); environment.setProperty("disableInternalAuth", "false"); bootstrap.afterPropertiesSet(); - internalIdp = provisioning.retrieveByOriginIgnoreActiveFlag(OriginKeys.UAA, IdentityZone.getUaaZoneId()); + internalIdp = provisioning.retrieveByOriginIgnoreActiveFlag(OriginKeys.UAA, IdentityZone.getUaaZoneId()); assertTrue(internalIdp.isActive()); } @Test public void defaultActiveFlagOnInternalIDP() throws Exception { bootstrap.afterPropertiesSet(); - IdentityProvider internalIdp = provisioning.retrieveByOriginIgnoreActiveFlag(OriginKeys.UAA, IdentityZone.getUaaZoneId()); + IdentityProvider internalIdp = provisioning.retrieveByOriginIgnoreActiveFlag(OriginKeys.UAA, IdentityZone.getUaaZoneId()); assertTrue(internalIdp.isActive()); } } From e162c3a9f8eed7e3cbca12dbdc58eed397b0141a Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 3 Dec 2019 13:43:33 -0600 Subject: [PATCH 033/111] Test Refactor - JdbcMfaProviderProvisioningTest - Apply IntelliJ sanitizations [#170083097] --- .../mfa/JdbcMfaProviderProvisioningTest.java | 42 +++++++++---------- 1 file changed, 20 insertions(+), 22 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/JdbcMfaProviderProvisioningTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/JdbcMfaProviderProvisioningTest.java index 24633ab45d4..6e938b923d0 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/JdbcMfaProviderProvisioningTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/JdbcMfaProviderProvisioningTest.java @@ -18,7 +18,8 @@ import static org.mockito.Mockito.mock; public class JdbcMfaProviderProvisioningTest extends JdbcTestBase { - JdbcMfaProviderProvisioning mfaProviderProvisioning; + + private JdbcMfaProviderProvisioning mfaProviderProvisioning; private MfaProviderValidator mfaProviderValidator; @Rule @@ -31,7 +32,7 @@ public void setup() { } @Test - public void testCreateAndRetrieve() { + public void createAndRetrieve() { MfaProvider mfaProvider = constructGoogleProvider(); String zoneId = IdentityZoneHolder.get().getId(); assertEquals(0, (int) jdbcTemplate.queryForObject("select count(*) from mfa_providers where identity_zone_id=? and name=?", new Object[]{zoneId, mfaProvider.getName()}, Integer.class)); @@ -47,7 +48,7 @@ public void testCreateAndRetrieve() { } @Test - public void testCreateDuplicate() { + public void createDuplicate() { MfaProvider mfaProvider = constructGoogleProvider(); String zoneId = IdentityZoneHolder.get().getId(); assertEquals(0, (int) jdbcTemplate.queryForObject("select count(*) from mfa_providers where identity_zone_id=? and name=?", new Object[]{zoneId, mfaProvider.getName()}, Integer.class)); @@ -56,21 +57,20 @@ public void testCreateDuplicate() { expection.expectMessage("An MFA Provider with that name already exists."); mfaProviderProvisioning.create(mfaProvider, zoneId); mfaProviderProvisioning.create(mfaProvider, zoneId); - } @Test - public void testCreateDuplicateWorksAcrossZones() { + public void createDuplicateWorksAcrossZones() { MfaProvider mfaProvider = constructGoogleProvider(); String zoneId = IdentityZoneHolder.get().getId(); assertEquals(0, (int) jdbcTemplate.queryForObject("select count(*) from mfa_providers where identity_zone_id=? and name=?", new Object[]{zoneId, mfaProvider.getName()}, Integer.class)); doNothing().when(mfaProviderValidator); mfaProviderProvisioning.create(mfaProvider, zoneId); - mfaProviderProvisioning.create(mfaProvider, zoneId+"-other-zone"); - + mfaProviderProvisioning.create(mfaProvider, zoneId + "-other-zone"); } + @Test - public void testUpdateDuplicate() { + public void updateDuplicate() { MfaProvider firstProvider = mfaProviderProvisioning.create(constructGoogleProvider(), IdentityZoneHolder.get().getId()); MfaProvider secondProvider = mfaProviderProvisioning.create(constructGoogleProvider(), IdentityZoneHolder.get().getId()); @@ -82,7 +82,7 @@ public void testUpdateDuplicate() { } @Test - public void testCreateAndUpdate() { + public void createAndUpdate() { MfaProvider mfaProvider = constructGoogleProvider(); String zoneId = IdentityZoneHolder.get().getId(); assertEquals(0, (int) jdbcTemplate.queryForObject("select count(*) from mfa_providers where identity_zone_id=? and name=?", new Object[]{zoneId, mfaProvider.getName()}, Integer.class)); @@ -104,7 +104,7 @@ public void testCreateAndUpdate() { } @Test - public void testRetrieveAll() { + public void retrieveAll() { String zoneId = IdentityZoneHolder.get().getId(); List providers = mfaProviderProvisioning.retrieveAll(zoneId); doNothing().when(mfaProviderValidator); @@ -115,11 +115,11 @@ public void testRetrieveAll() { providers = mfaProviderProvisioning.retrieveAll(zoneId); int afterCount = providers.size(); - assertEquals(1, afterCount-beforeCount); + assertEquals(1, afterCount - beforeCount); } @Test - public void testRetrieve() { + public void retrieve() { MfaProvider mfaProvider = constructGoogleProvider(); doNothing().when(mfaProviderValidator); String zoneId = IdentityZoneHolder.get().getId(); @@ -127,17 +127,18 @@ public void testRetrieve() { assertEquals(mfaProvider.getName(), created.getName()); assertNotNull(created.getId()); } + @Test - public void testRetrieveByName() { + public void retrieveByName() { MfaProvider createdProvider = mfaProviderProvisioning.create(constructGoogleProvider(), IdentityZoneHolder.get().getId()); assertEquals( - createdProvider.getId(), - mfaProviderProvisioning.retrieveByName(createdProvider.getName(), createdProvider.getIdentityZoneId()).getId() + createdProvider.getId(), + mfaProviderProvisioning.retrieveByName(createdProvider.getName(), createdProvider.getIdentityZoneId()).getId() ); } @Test - public void testDelete() { + public void delete() { String zoneId = IdentityZoneHolder.get().getId(); doNothing().when(mfaProviderValidator); MfaProvider mfaProvider = mfaProviderProvisioning.create(constructGoogleProvider(), zoneId); @@ -150,7 +151,7 @@ public void testDelete() { } @Test - public void testDeleteByIdentityZone() { + public void deleteByIdentityZone() { String zoneId = IdentityZoneHolder.get().getId(); doNothing().when(mfaProviderValidator); MfaProvider mfaProvider = mfaProviderProvisioning.create(constructGoogleProvider(), zoneId); @@ -162,15 +163,12 @@ public void testDeleteByIdentityZone() { mfaProviderProvisioning.retrieve(mfaProvider.getId(), zoneId); } - private MfaProvider constructGoogleProvider() { + private static MfaProvider constructGoogleProvider() { return new MfaProvider() .setName(new RandomValueStringGenerator(10).generate()) .setType(MfaProvider.MfaProviderType.GOOGLE_AUTHENTICATOR) .setIdentityZoneId(IdentityZoneHolder.get().getId()) - .setConfig(constructGoogleProviderConfiguration()); + .setConfig(new GoogleMfaProviderConfig()); } - private GoogleMfaProviderConfig constructGoogleProviderConfiguration() { - return new GoogleMfaProviderConfig(); - } } \ No newline at end of file From 02386f9c98eb212d61e5496cad42f233b2d2cc89 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 3 Dec 2019 13:49:02 -0600 Subject: [PATCH 034/111] Test Refactor - JdbcMfaProviderProvisioningTest - Use WithDatabaseContext - Use JUnit5 [#170083097] --- .../mfa/JdbcMfaProviderProvisioningTest.java | 64 ++++++++++--------- 1 file changed, 34 insertions(+), 30 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/JdbcMfaProviderProvisioningTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/JdbcMfaProviderProvisioningTest.java index 6e938b923d0..877ecdd0bf1 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/JdbcMfaProviderProvisioningTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/JdbcMfaProviderProvisioningTest.java @@ -1,38 +1,42 @@ package org.cloudfoundry.identity.uaa.mfa; +import org.cloudfoundry.identity.uaa.annotations.WithDatabaseContext; import org.cloudfoundry.identity.uaa.mfa.exception.MfaAlreadyExistsException; -import org.cloudfoundry.identity.uaa.test.JdbcTestBase; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; -import org.junit.Before; -import org.junit.Rule; -import org.junit.Test; -import org.junit.rules.ExpectedException; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.dao.EmptyResultDataAccessException; +import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; import java.util.List; +import static org.cloudfoundry.identity.uaa.util.AssertThrowsWithMessage.assertThrowsWithMessageThat; +import static org.hamcrest.Matchers.is; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertThrows; import static org.mockito.Mockito.doNothing; import static org.mockito.Mockito.mock; -public class JdbcMfaProviderProvisioningTest extends JdbcTestBase { +@WithDatabaseContext +class JdbcMfaProviderProvisioningTest { private JdbcMfaProviderProvisioning mfaProviderProvisioning; private MfaProviderValidator mfaProviderValidator; - @Rule - public ExpectedException expection = ExpectedException.none(); + @Autowired + private JdbcTemplate jdbcTemplate; - @Before - public void setup() { + @BeforeEach + void setUp() { mfaProviderValidator = mock(GeneralMfaProviderValidator.class); mfaProviderProvisioning = new JdbcMfaProviderProvisioning(jdbcTemplate, mfaProviderValidator); } @Test - public void createAndRetrieve() { + void createAndRetrieve() { MfaProvider mfaProvider = constructGoogleProvider(); String zoneId = IdentityZoneHolder.get().getId(); assertEquals(0, (int) jdbcTemplate.queryForObject("select count(*) from mfa_providers where identity_zone_id=? and name=?", new Object[]{zoneId, mfaProvider.getName()}, Integer.class)); @@ -48,19 +52,19 @@ public void createAndRetrieve() { } @Test - public void createDuplicate() { + void createDuplicate() { MfaProvider mfaProvider = constructGoogleProvider(); String zoneId = IdentityZoneHolder.get().getId(); assertEquals(0, (int) jdbcTemplate.queryForObject("select count(*) from mfa_providers where identity_zone_id=? and name=?", new Object[]{zoneId, mfaProvider.getName()}, Integer.class)); doNothing().when(mfaProviderValidator); - expection.expect(MfaAlreadyExistsException.class); - expection.expectMessage("An MFA Provider with that name already exists."); - mfaProviderProvisioning.create(mfaProvider, zoneId); mfaProviderProvisioning.create(mfaProvider, zoneId); + assertThrowsWithMessageThat(MfaAlreadyExistsException.class, + () -> mfaProviderProvisioning.create(mfaProvider, zoneId), + is("An MFA Provider with that name already exists.")); } @Test - public void createDuplicateWorksAcrossZones() { + void createDuplicateWorksAcrossZones() { MfaProvider mfaProvider = constructGoogleProvider(); String zoneId = IdentityZoneHolder.get().getId(); assertEquals(0, (int) jdbcTemplate.queryForObject("select count(*) from mfa_providers where identity_zone_id=? and name=?", new Object[]{zoneId, mfaProvider.getName()}, Integer.class)); @@ -70,19 +74,19 @@ public void createDuplicateWorksAcrossZones() { } @Test - public void updateDuplicate() { + void updateDuplicate() { MfaProvider firstProvider = mfaProviderProvisioning.create(constructGoogleProvider(), IdentityZoneHolder.get().getId()); MfaProvider secondProvider = mfaProviderProvisioning.create(constructGoogleProvider(), IdentityZoneHolder.get().getId()); secondProvider.setName(firstProvider.getName()); - expection.expect(MfaAlreadyExistsException.class); - expection.expectMessage("An MFA Provider with that name already exists."); - mfaProviderProvisioning.update(secondProvider, IdentityZoneHolder.get().getId()); + assertThrowsWithMessageThat(MfaAlreadyExistsException.class, + () -> mfaProviderProvisioning.update(secondProvider, IdentityZoneHolder.get().getId()), + is("An MFA Provider with that name already exists.")); } @Test - public void createAndUpdate() { + void createAndUpdate() { MfaProvider mfaProvider = constructGoogleProvider(); String zoneId = IdentityZoneHolder.get().getId(); assertEquals(0, (int) jdbcTemplate.queryForObject("select count(*) from mfa_providers where identity_zone_id=? and name=?", new Object[]{zoneId, mfaProvider.getName()}, Integer.class)); @@ -104,7 +108,7 @@ public void createAndUpdate() { } @Test - public void retrieveAll() { + void retrieveAll() { String zoneId = IdentityZoneHolder.get().getId(); List providers = mfaProviderProvisioning.retrieveAll(zoneId); doNothing().when(mfaProviderValidator); @@ -119,7 +123,7 @@ public void retrieveAll() { } @Test - public void retrieve() { + void retrieve() { MfaProvider mfaProvider = constructGoogleProvider(); doNothing().when(mfaProviderValidator); String zoneId = IdentityZoneHolder.get().getId(); @@ -129,7 +133,7 @@ public void retrieve() { } @Test - public void retrieveByName() { + void retrieveByName() { MfaProvider createdProvider = mfaProviderProvisioning.create(constructGoogleProvider(), IdentityZoneHolder.get().getId()); assertEquals( createdProvider.getId(), @@ -138,7 +142,7 @@ public void retrieveByName() { } @Test - public void delete() { + void delete() { String zoneId = IdentityZoneHolder.get().getId(); doNothing().when(mfaProviderValidator); MfaProvider mfaProvider = mfaProviderProvisioning.create(constructGoogleProvider(), zoneId); @@ -146,12 +150,12 @@ public void delete() { mfaProviderProvisioning.deleteByMfaProvider(mfaProvider.getId(), zoneId); - expection.expect(EmptyResultDataAccessException.class); - mfaProviderProvisioning.retrieve(mfaProvider.getId(), zoneId); + assertThrows(EmptyResultDataAccessException.class, + () -> mfaProviderProvisioning.retrieve(mfaProvider.getId(), zoneId)); } @Test - public void deleteByIdentityZone() { + void deleteByIdentityZone() { String zoneId = IdentityZoneHolder.get().getId(); doNothing().when(mfaProviderValidator); MfaProvider mfaProvider = mfaProviderProvisioning.create(constructGoogleProvider(), zoneId); @@ -159,8 +163,8 @@ public void deleteByIdentityZone() { mfaProviderProvisioning.deleteByIdentityZone(zoneId); - expection.expect(EmptyResultDataAccessException.class); - mfaProviderProvisioning.retrieve(mfaProvider.getId(), zoneId); + assertThrows(EmptyResultDataAccessException.class, + () -> mfaProviderProvisioning.retrieve(mfaProvider.getId(), zoneId)); } private static MfaProvider constructGoogleProvider() { From 18b2b1966ce920a5fd627c31c603bb1d30750733 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 3 Dec 2019 13:51:48 -0600 Subject: [PATCH 035/111] Test Refactor - LimitSqlAdapterTests - Apply IntelliJ sanitizations [#170083097] --- .../resources/jdbc/LimitSqlAdapterTests.java | 39 ++++++------------- 1 file changed, 11 insertions(+), 28 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/resources/jdbc/LimitSqlAdapterTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/resources/jdbc/LimitSqlAdapterTests.java index fc1cb3e99d1..406e9804f53 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/resources/jdbc/LimitSqlAdapterTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/resources/jdbc/LimitSqlAdapterTests.java @@ -1,18 +1,3 @@ -/* - * **************************************************************************** - * Cloud Foundry - * Copyright (c) [2009-2017] Pivotal Software, Inc. All Rights Reserved. - * - * This product is licensed to you under the Apache License, Version 2.0 (the "License"). - * You may not use this product except in compliance with the License. - * - * This product includes a number of subcomponents with - * separate copyright notices and license terms. Your use of these - * subcomponents is subject to the terms and conditions of the - * subcomponent's license, as noted in the LICENSE file. - * **************************************************************************** - */ - package org.cloudfoundry.identity.uaa.resources.jdbc; import org.cloudfoundry.identity.uaa.test.JdbcTestBase; @@ -25,7 +10,7 @@ public class LimitSqlAdapterTests extends JdbcTestBase { @Before - public void setup() { + public void setUpLimitSqlAdapterTests() { jdbcTemplate.update("create table delete_top_rows_test (id varchar(10), expires integer, payload varchar(20))"); jdbcTemplate.update("insert into delete_top_rows_test values (?,?,?)", "X", 1, "some-data"); jdbcTemplate.update("insert into delete_top_rows_test values (?,?,?)", "M", 2, "some-data"); @@ -35,35 +20,33 @@ public void setup() { } @After - public void dropTable() { + public void tearDown() { jdbcTemplate.update("drop table delete_top_rows_test"); } @Test - public void revocable_token_delete_syntax() { + public void revocableTokenDeleteSyntax() { //tests that the query succeed, nothing else String query = limitSqlAdapter.getDeleteExpiredQuery("revocable_tokens", "token_id", "expires_at", 500); jdbcTemplate.update(query, System.currentTimeMillis()); } @Test - public void test_delete_top_rows() { + public void deleteTopRows() { assertEquals(1, (int) jdbcTemplate.queryForObject("select count(*) from delete_top_rows_test where id = 'X'", Integer.class)); assertEquals(1, (int) jdbcTemplate.queryForObject("select count(*) from delete_top_rows_test where id = 'A'", Integer.class)); jdbcTemplate.update( - limitSqlAdapter.getDeleteExpiredQuery( - "delete_top_rows_test", - "id", - "expires", - 2 - ), - 5 + limitSqlAdapter.getDeleteExpiredQuery( + "delete_top_rows_test", + "id", + "expires", + 2 + ), + 5 ); assertEquals(1, (int) jdbcTemplate.queryForObject("select count(*) from delete_top_rows_test where id = 'K'", Integer.class)); assertEquals(1, (int) jdbcTemplate.queryForObject("select count(*) from delete_top_rows_test where id = 'D'", Integer.class)); assertEquals(1, (int) jdbcTemplate.queryForObject("select count(*) from delete_top_rows_test where id = 'A'", Integer.class)); assertEquals(3, (int) jdbcTemplate.queryForObject("select count(*) from delete_top_rows_test", Integer.class)); } - - } \ No newline at end of file From dc55e0d576c9e45973f6a1ef8f811ae8ee2b88f8 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 3 Dec 2019 13:53:44 -0600 Subject: [PATCH 036/111] Test Refactor - LimitSqlAdapterTests - Use WithDatabaseContext - Use JUnit5 [#170083097] --- .../resources/jdbc/LimitSqlAdapterTests.java | 33 ++++++++++++------- 1 file changed, 21 insertions(+), 12 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/resources/jdbc/LimitSqlAdapterTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/resources/jdbc/LimitSqlAdapterTests.java index 406e9804f53..d1ddf43e99d 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/resources/jdbc/LimitSqlAdapterTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/resources/jdbc/LimitSqlAdapterTests.java @@ -1,16 +1,25 @@ package org.cloudfoundry.identity.uaa.resources.jdbc; -import org.cloudfoundry.identity.uaa.test.JdbcTestBase; -import org.junit.After; -import org.junit.Before; -import org.junit.Test; +import org.cloudfoundry.identity.uaa.annotations.WithDatabaseContext; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.jdbc.core.JdbcTemplate; -import static org.junit.Assert.assertEquals; +import static org.junit.jupiter.api.Assertions.assertEquals; -public class LimitSqlAdapterTests extends JdbcTestBase { +@WithDatabaseContext +class LimitSqlAdapterTests { - @Before - public void setUpLimitSqlAdapterTests() { + @Autowired + private JdbcTemplate jdbcTemplate; + + @Autowired + private LimitSqlAdapter limitSqlAdapter; + + @BeforeEach + void setUpLimitSqlAdapterTests() { jdbcTemplate.update("create table delete_top_rows_test (id varchar(10), expires integer, payload varchar(20))"); jdbcTemplate.update("insert into delete_top_rows_test values (?,?,?)", "X", 1, "some-data"); jdbcTemplate.update("insert into delete_top_rows_test values (?,?,?)", "M", 2, "some-data"); @@ -19,20 +28,20 @@ public void setUpLimitSqlAdapterTests() { jdbcTemplate.update("insert into delete_top_rows_test values (?,?,?)", "A", 5, "some-data"); } - @After - public void tearDown() { + @AfterEach + void tearDown() { jdbcTemplate.update("drop table delete_top_rows_test"); } @Test - public void revocableTokenDeleteSyntax() { + void revocableTokenDeleteSyntax() { //tests that the query succeed, nothing else String query = limitSqlAdapter.getDeleteExpiredQuery("revocable_tokens", "token_id", "expires_at", 500); jdbcTemplate.update(query, System.currentTimeMillis()); } @Test - public void deleteTopRows() { + void deleteTopRows() { assertEquals(1, (int) jdbcTemplate.queryForObject("select count(*) from delete_top_rows_test where id = 'X'", Integer.class)); assertEquals(1, (int) jdbcTemplate.queryForObject("select count(*) from delete_top_rows_test where id = 'A'", Integer.class)); jdbcTemplate.update( From 5babeb49513cdd480e3d1c48eb4556c5e2fbea6b Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 3 Dec 2019 13:55:26 -0600 Subject: [PATCH 037/111] Test Refactor - ScimExternalGroupBootstrapTests - Apply IntelliJ sanitizations - Also remove unused import from IdentityZoneResolvingFilterTests [#170083097] --- .../ScimExternalGroupBootstrapTests.java | 24 ++++--------------- .../IdentityZoneResolvingFilterTests.java | 1 - 2 files changed, 5 insertions(+), 20 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimExternalGroupBootstrapTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimExternalGroupBootstrapTests.java index 38b5872b5ca..298156930ac 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimExternalGroupBootstrapTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimExternalGroupBootstrapTests.java @@ -1,15 +1,3 @@ -/******************************************************************************* -* Cloud Foundry -* Copyright (c) [2009-2016] Pivotal Software, Inc. All Rights Reserved. -* -* This product is licensed to you under the Apache License, Version 2.0 (the "License"). -* You may not use this product except in compliance with the License. -* -* This product includes a number of subcomponents with -* separate copyright notices and license terms. Your use of these -* subcomponents is subject to the terms and conditions of the -* subcomponent's license, as noted in the LICENSE file. -*******************************************************************************/ package org.cloudfoundry.identity.uaa.scim.bootstrap; import org.apache.commons.lang3.RandomStringUtils; @@ -36,8 +24,6 @@ public class ScimExternalGroupBootstrapTests extends JdbcTestBase { - private JdbcScimGroupProvisioning gDB; - private ScimGroupExternalMembershipManager eDB; private ScimExternalGroupBootstrap bootstrap; @@ -49,7 +35,7 @@ public void initScimExternalGroupBootstrapTests() { IdentityZoneHolder.set(zone); JdbcPagingListFactory pagingListFactory = new JdbcPagingListFactory(jdbcTemplate, limitSqlAdapter); - gDB = new JdbcScimGroupProvisioning(jdbcTemplate, pagingListFactory); + JdbcScimGroupProvisioning gDB = new JdbcScimGroupProvisioning(jdbcTemplate, pagingListFactory); eDB = new JdbcScimGroupExternalMembershipManager(jdbcTemplate); ((JdbcScimGroupExternalMembershipManager) eDB).setScimGroupProvisioning(gDB); assertEquals(0, gDB.retrieveAll(IdentityZoneHolder.get().getId()).size()); @@ -61,7 +47,7 @@ public void initScimExternalGroupBootstrapTests() { } @Test - public void canAddExternalGroups() throws Exception { + public void canAddExternalGroups() { Map> originMap = new HashMap<>(); Map externalGroupMap = new HashMap<>(); externalGroupMap.put("cn=Engineering Department,ou=groups,dc=example,dc=com", Arrays.asList("acme", "acme.dev")); @@ -80,7 +66,7 @@ public void canAddExternalGroups() throws Exception { } @Test - public void cannotAddExternalGroupsThatDoNotExist() throws Exception { + public void cannotAddExternalGroupsThatDoNotExist() { Map> originMap = new HashMap<>(); Map externalGroupMap = new HashMap<>(); externalGroupMap.put("cn=Engineering Department,ou=groups,dc=example,dc=com", Arrays.asList("acme", "acme.dev")); @@ -99,7 +85,7 @@ public void cannotAddExternalGroupsThatDoNotExist() throws Exception { } @Test - public void cannotAddExternalGroupsThatMapToNull() throws Exception { + public void cannotAddExternalGroupsThatMapToNull() { Map> originMap = new HashMap<>(); Map externalGroupMap = new HashMap<>(); externalGroupMap.put("cn=Engineering Department,ou=groups,dc=example,dc=com", null); @@ -111,7 +97,7 @@ public void cannotAddExternalGroupsThatMapToNull() throws Exception { } @Test - public void cannotAddOriginMapToNull() throws Exception { + public void cannotAddOriginMapToNull() { Map> originMap = new HashMap<>(); originMap.put(OriginKeys.LDAP, null); bootstrap.setExternalGroupMaps(originMap); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneResolvingFilterTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneResolvingFilterTests.java index d659d2acb89..cc800220200 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneResolvingFilterTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneResolvingFilterTests.java @@ -1,7 +1,6 @@ package org.cloudfoundry.identity.uaa.zone; import org.cloudfoundry.identity.uaa.annotations.WithDatabaseContext; -import org.cloudfoundry.identity.uaa.test.JdbcTestBase; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.mockito.Mockito; From 5b564382d7463f8c7b613e58b834805ac5f906fe Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 3 Dec 2019 13:58:10 -0600 Subject: [PATCH 038/111] Test Refactor - ScimExternalGroupBootstrapTests - Use WithDatabaseContext - Use JUnit5 [#170083097] --- .../ScimExternalGroupBootstrapTests.java | 31 ++++++++++++------- 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimExternalGroupBootstrapTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimExternalGroupBootstrapTests.java index 298156930ac..558b44be5b0 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimExternalGroupBootstrapTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/bootstrap/ScimExternalGroupBootstrapTests.java @@ -1,17 +1,20 @@ package org.cloudfoundry.identity.uaa.scim.bootstrap; import org.apache.commons.lang3.RandomStringUtils; +import org.cloudfoundry.identity.uaa.annotations.WithDatabaseContext; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.resources.jdbc.JdbcPagingListFactory; +import org.cloudfoundry.identity.uaa.resources.jdbc.LimitSqlAdapter; import org.cloudfoundry.identity.uaa.scim.ScimGroup; import org.cloudfoundry.identity.uaa.scim.ScimGroupExternalMembershipManager; import org.cloudfoundry.identity.uaa.scim.jdbc.JdbcScimGroupExternalMembershipManager; import org.cloudfoundry.identity.uaa.scim.jdbc.JdbcScimGroupProvisioning; -import org.cloudfoundry.identity.uaa.test.JdbcTestBase; import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; -import org.junit.Before; -import org.junit.Test; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.jdbc.core.JdbcTemplate; import java.util.Arrays; import java.util.Collections; @@ -19,17 +22,21 @@ import java.util.List; import java.util.Map; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNull; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNull; -public class ScimExternalGroupBootstrapTests extends JdbcTestBase { +@WithDatabaseContext +class ScimExternalGroupBootstrapTests { private ScimGroupExternalMembershipManager eDB; private ScimExternalGroupBootstrap bootstrap; - @Before - public void initScimExternalGroupBootstrapTests() { + @BeforeEach + void setUp( + @Autowired JdbcTemplate jdbcTemplate, + @Autowired LimitSqlAdapter limitSqlAdapter + ) { IdentityZone zone = new IdentityZone(); zone.setId(RandomStringUtils.randomAlphabetic(10)); IdentityZoneHolder.set(zone); @@ -47,7 +54,7 @@ public void initScimExternalGroupBootstrapTests() { } @Test - public void canAddExternalGroups() { + void canAddExternalGroups() { Map> originMap = new HashMap<>(); Map externalGroupMap = new HashMap<>(); externalGroupMap.put("cn=Engineering Department,ou=groups,dc=example,dc=com", Arrays.asList("acme", "acme.dev")); @@ -66,7 +73,7 @@ public void canAddExternalGroups() { } @Test - public void cannotAddExternalGroupsThatDoNotExist() { + void cannotAddExternalGroupsThatDoNotExist() { Map> originMap = new HashMap<>(); Map externalGroupMap = new HashMap<>(); externalGroupMap.put("cn=Engineering Department,ou=groups,dc=example,dc=com", Arrays.asList("acme", "acme.dev")); @@ -85,7 +92,7 @@ public void cannotAddExternalGroupsThatDoNotExist() { } @Test - public void cannotAddExternalGroupsThatMapToNull() { + void cannotAddExternalGroupsThatMapToNull() { Map> originMap = new HashMap<>(); Map externalGroupMap = new HashMap<>(); externalGroupMap.put("cn=Engineering Department,ou=groups,dc=example,dc=com", null); @@ -97,7 +104,7 @@ public void cannotAddExternalGroupsThatMapToNull() { } @Test - public void cannotAddOriginMapToNull() { + void cannotAddOriginMapToNull() { Map> originMap = new HashMap<>(); originMap.put(OriginKeys.LDAP, null); bootstrap.setExternalGroupMaps(originMap); From cfad97055a5ab73560085c29fb6c264ff1fd7efa Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 3 Dec 2019 14:01:33 -0600 Subject: [PATCH 039/111] Test Refactor - UaaTokenStoreTests - Apply IntelliJ sanitizations [#170083097] --- .../uaa/oauth/UaaTokenStoreTests.java | 134 ++++++++---------- 1 file changed, 62 insertions(+), 72 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenStoreTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenStoreTests.java index 1c41b325146..114dfcfa076 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenStoreTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenStoreTests.java @@ -1,24 +1,9 @@ -/* - * ***************************************************************************** - * Cloud Foundry - * Copyright (c) [2009-2015] Pivotal Software, Inc. All Rights Reserved. - * This product is licensed to you under the Apache License, Version 2.0 (the "License"). - * You may not use this product except in compliance with the License. - * - * This product includes a number of subcomponents with - * separate copyright notices and license terms. Your use of these - * subcomponents is subject to the terms and conditions of the - * subcomponent's license, as noted in the LICENSE file. - * ***************************************************************************** - */ - package org.cloudfoundry.identity.uaa.oauth; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; import org.cloudfoundry.identity.uaa.constants.OriginKeys; -import org.cloudfoundry.identity.uaa.oauth.UaaTokenStore; import org.cloudfoundry.identity.uaa.test.JdbcTestBase; import org.cloudfoundry.identity.uaa.util.UaaStringUtils; import org.cloudfoundry.identity.uaa.zone.IdentityZone; @@ -46,10 +31,15 @@ import java.lang.reflect.Proxy; import java.sql.Connection; import java.sql.PreparedStatement; -import java.sql.SQLException; -import java.sql.SQLFeatureNotSupportedException; import java.sql.Timestamp; -import java.util.*; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import java.util.Set; import java.util.logging.Logger; import static org.hamcrest.CoreMatchers.is; @@ -68,29 +58,28 @@ public class UaaTokenStoreTests extends JdbcTestBase { private OAuth2Authentication clientAuthentication; private OAuth2Authentication usernamePasswordAuthentication; private OAuth2Authentication uaaAuthentication; - public static final String LONG_CLIENT_ID = "a-client-id-that-is-longer-than-thirty-six-characters-but-less-than-two-hundred-fifty-five-characters-wow-two-hundred-fifty-five-characters-is-actually-a-very-long-client-id-and-we-hope-that-size-limit-should-be-sufficient-for-any-reasonable-application"; - private UaaPrincipal principal = new UaaPrincipal("userid","username","username@test.org", OriginKeys.UAA, null, IdentityZone.getUaaZoneId()); + private UaaPrincipal principal = new UaaPrincipal("userid", "username", "username@test.org", OriginKeys.UAA, null, IdentityZone.getUaaZoneId()); @Before public void createTokenStore() { jdbcTemplate.update("delete from oauth_code"); - List userAuthorities = Collections.singletonList(new SimpleGrantedAuthority( + List userAuthorities = Collections.singletonList(new SimpleGrantedAuthority( "openid")); store = new UaaTokenStore(dataSource); legacyCodeServices = new JdbcAuthorizationCodeServices(dataSource); - BaseClientDetails client = new BaseClientDetails("clientid", null, "openid","client_credentials,password", "oauth.login", null); - Map parameters = new HashMap<>(); + BaseClientDetails client = new BaseClientDetails("clientid", null, "openid", "client_credentials,password", "oauth.login", null); + Map parameters = new HashMap<>(); parameters.put(OAuth2Utils.CLIENT_ID, client.getClientId()); TokenRequest clientRequest = new TokenRequest(new HashMap<>(parameters), client.getClientId(), UaaStringUtils.getStringsFromAuthorities(client.getAuthorities()), "client_credentials"); clientAuthentication = new OAuth2Authentication(clientRequest.createOAuth2Request(client), null); - parameters.put("scope","openid"); - parameters.put("grant_type","password"); - UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(principal,null,userAuthorities); + parameters.put("scope", "openid"); + parameters.put("grant_type", "password"); + UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(principal, null, userAuthorities); clientRequest = new TokenRequest(new HashMap<>(parameters), client.getClientId(), client.getScope(), "password"); usernamePasswordAuthentication = new OAuth2Authentication(clientRequest.createOAuth2Request(client), usernamePasswordAuthenticationToken); @@ -104,20 +93,20 @@ public void createTokenStore() { } @Test - public void test_deserialization_of_uaa_authentication() { + public void deserializationOfUaaAuthentication() { UaaAuthentication modifiedAuthentication = (UaaAuthentication) uaaAuthentication.getUserAuthentication(); - MultiValueMap userAttributes = new LinkedMultiValueMap<>(); - userAttributes.put("atest", Arrays.asList("test1","test2","test3")); - userAttributes.put("btest", Arrays.asList("test1","test2","test3")); + MultiValueMap userAttributes = new LinkedMultiValueMap<>(); + userAttributes.put("atest", Arrays.asList("test1", "test2", "test3")); + userAttributes.put("btest", Arrays.asList("test1", "test2", "test3")); modifiedAuthentication.setUserAttributes(userAttributes); - Set externalGroups = new HashSet<>(Arrays.asList("group1","group2","group3")); + Set externalGroups = new HashSet<>(Arrays.asList("group1", "group2", "group3")); modifiedAuthentication.setExternalGroups(externalGroups); String code = store.createAuthorizationCode(uaaAuthentication); - assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[] {code}, Integer.class), is(1)); + assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[]{code}, Integer.class), is(1)); OAuth2Authentication authentication = store.consumeAuthorizationCode(code); - assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[] {code}, Integer.class), is(0)); + assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[]{code}, Integer.class), is(0)); assertNotNull(authentication); UaaAuthentication userAuthentication = (UaaAuthentication) authentication.getUserAuthentication(); @@ -128,88 +117,88 @@ public void test_deserialization_of_uaa_authentication() { assertNotNull(userAuthentication.getExternalGroups()); assertEquals(3, userAuthentication.getExternalGroups().size()); - assertThat(userAuthentication.getExternalGroups(), containsInAnyOrder("group1","group2","group3")); + assertThat(userAuthentication.getExternalGroups(), containsInAnyOrder("group1", "group2", "group3")); } @Test - public void test_ConsumeClientCredentials_From_OldStore() { + public void consumeClientCredentialsFromOldStore() { String code = legacyCodeServices.createAuthorizationCode(clientAuthentication); - assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[] {code}, Integer.class), is(1)); + assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[]{code}, Integer.class), is(1)); OAuth2Authentication authentication = store.consumeAuthorizationCode(code); assertNotNull(authentication); assertTrue(authentication.isClientOnly()); - assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[] {code}, Integer.class), is(0)); + assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[]{code}, Integer.class), is(0)); } @Test - public void testStoreToken_ClientCredentials() { + public void storeTokenClientCredentials() { String code = store.createAuthorizationCode(clientAuthentication); - assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[] {code}, Integer.class), is(1)); + assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[]{code}, Integer.class), is(1)); assertNotNull(code); } @Test - public void testStoreToken_PasswordGrant_UsernamePasswordAuthentication() { + public void storeTokenPasswordGrantUsernamePasswordAuthentication() { String code = store.createAuthorizationCode(usernamePasswordAuthentication); - assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[] {code}, Integer.class), is(1)); + assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[]{code}, Integer.class), is(1)); assertNotNull(code); } @Test - public void testStoreToken_PasswordGrant_UaaAuthentication() { + public void storeTokenPasswordGrantUaaAuthentication() { String code = store.createAuthorizationCode(uaaAuthentication); - assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[] {code}, Integer.class), is(1)); + assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[]{code}, Integer.class), is(1)); assertNotNull(code); } @Test - public void deserialize_from_old_format() { + public void deserializeFromOldFormat() { OAuth2Authentication authentication = store.deserializeOauth2Authentication(UAA_AUTHENTICATION_DATA_OLD_STYLE); assertNotNull(authentication); assertEquals(principal, authentication.getUserAuthentication().getPrincipal()); } @Test - public void testRetrieveToken() { + public void retrieveToken() { String code = store.createAuthorizationCode(clientAuthentication); - assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[] {code}, Integer.class), is(1)); + assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[]{code}, Integer.class), is(1)); OAuth2Authentication authentication = store.consumeAuthorizationCode(code); - assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[] {code}, Integer.class), is(0)); + assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[]{code}, Integer.class), is(0)); assertNotNull(authentication); code = store.createAuthorizationCode(usernamePasswordAuthentication); - assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[] {code}, Integer.class), is(1)); + assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[]{code}, Integer.class), is(1)); authentication = store.consumeAuthorizationCode(code); - assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[] {code}, Integer.class), is(0)); + assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[]{code}, Integer.class), is(0)); assertNotNull(authentication); code = store.createAuthorizationCode(uaaAuthentication); - assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[] {code}, Integer.class), is(1)); + assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[]{code}, Integer.class), is(1)); authentication = store.consumeAuthorizationCode(code); - assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[] {code}, Integer.class), is(0)); + assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[]{code}, Integer.class), is(0)); assertNotNull(authentication); } @Test(expected = InvalidGrantException.class) - public void testRetrieve_Expired_Token() { + public void retrieveExpiredToken() { String code = store.createAuthorizationCode(clientAuthentication); - assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[] {code}, Integer.class), is(1)); + assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[]{code}, Integer.class), is(1)); jdbcTemplate.update("update oauth_code set expiresat = 1"); store.consumeAuthorizationCode(code); } @Test(expected = InvalidGrantException.class) - public void testRetrieve_Non_Existent_Token() { + public void retrieveNonExistentToken() { String code = store.createAuthorizationCode(clientAuthentication); - assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[] {code}, Integer.class), is(1)); + assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[]{code}, Integer.class), is(1)); store.consumeAuthorizationCode("non-existent"); } @Test - public void testCleanUpExpiredTokensBasedOnExpiresField() { + public void cleanUpExpiredTokensBasedOnExpiresField() { int count = 10; String lastCode = null; - for (int i=0; i dbProfile = Arrays.stream(environment.getActiveProfiles()).filter(s -> s.contains("sql")).findFirst(); String db = dbProfile.orElse("hsqldb"); @@ -310,7 +301,7 @@ public void testCleanUpUnusedOldTokens_MySQL_In_Another_Timezone() throws Except } @Test - public void testCleanUpExpiredTokensDeadlockLoser() throws Exception { + public void cleanUpExpiredTokensDeadlockLoser() throws Exception { try (Connection con = dataSource.getConnection()) { Connection expirationLoser = (Connection) Proxy.newProxyInstance(getClass().getClassLoader(), new Class[]{Connection.class}, @@ -332,8 +323,7 @@ public void testCleanUpExpiredTokensDeadlockLoser() throws Exception { } } - - public class SameConnectionDataSource implements DataSource { + public static class SameConnectionDataSource implements DataSource { private final Connection con; public SameConnectionDataSource(Connection con) { @@ -386,7 +376,7 @@ public boolean isWrapperFor(Class iface) { } } - public class DontCloseConnection implements InvocationHandler { + public static class DontCloseConnection implements InvocationHandler { public static final String CLOSE_VAL = "close"; private final Connection con; @@ -404,7 +394,7 @@ public Object invoke(Object proxy, Method method, Object[] args) throws Throwabl } } - public class ExpirationLoserConnection implements InvocationHandler { + public static class ExpirationLoserConnection implements InvocationHandler { static final String CLOSE_VAL = "close"; static final String PREPARE_VAL = "prepareStatement"; private final Connection con; @@ -451,5 +441,5 @@ public Object invoke(Object proxy, Method method, Object[] args) throws Throwabl } } - private static final byte[] UAA_AUTHENTICATION_DATA_OLD_STYLE = new byte[] {123, 34, 111, 97, 117, 116, 104, 50, 82, 101, 113, 117, 101, 115, 116, 46, 114, 101, 115, 112, 111, 110, 115, 101, 84, 121, 112, 101, 115, 34, 58, 91, 93, 44, 34, 111, 97, 117, 116, 104, 50, 82, 101, 113, 117, 101, 115, 116, 46, 114, 101, 115, 111, 117, 114, 99, 101, 73, 100, 115, 34, 58, 91, 93, 44, 34, 117, 115, 101, 114, 65, 117, 116, 104, 101, 110, 116, 105, 99, 97, 116, 105, 111, 110, 46, 117, 97, 97, 80, 114, 105, 110, 99, 105, 112, 97, 108, 34, 58, 34, 123, 92, 34, 105, 100, 92, 34, 58, 92, 34, 117, 115, 101, 114, 105, 100, 92, 34, 44, 92, 34, 110, 97, 109, 101, 92, 34, 58, 92, 34, 117, 115, 101, 114, 110, 97, 109, 101, 92, 34, 44, 92, 34, 101, 109, 97, 105, 108, 92, 34, 58, 92, 34, 117, 115, 101, 114, 110, 97, 109, 101, 64, 116, 101, 115, 116, 46, 111, 114, 103, 92, 34, 44, 92, 34, 111, 114, 105, 103, 105, 110, 92, 34, 58, 92, 34, 117, 97, 97, 92, 34, 44, 92, 34, 101, 120, 116, 101, 114, 110, 97, 108, 73, 100, 92, 34, 58, 110, 117, 108, 108, 44, 92, 34, 122, 111, 110, 101, 73, 100, 92, 34, 58, 92, 34, 117, 97, 97, 92, 34, 125, 34, 44, 34, 111, 97, 117, 116, 104, 50, 82, 101, 113, 117, 101, 115, 116, 46, 114, 101, 113, 117, 101, 115, 116, 80, 97, 114, 97, 109, 101, 116, 101, 114, 115, 34, 58, 123, 34, 103, 114, 97, 110, 116, 95, 116, 121, 112, 101, 34, 58, 34, 112, 97, 115, 115, 119, 111, 114, 100, 34, 44, 34, 99, 108, 105, 101, 110, 116, 95, 105, 100, 34, 58, 34, 99, 108, 105, 101, 110, 116, 105, 100, 34, 44, 34, 115, 99, 111, 112, 101, 34, 58, 34, 111, 112, 101, 110, 105, 100, 34, 125, 44, 34, 111, 97, 117, 116, 104, 50, 82, 101, 113, 117, 101, 115, 116, 46, 114, 101, 100, 105, 114, 101, 99, 116, 85, 114, 105, 34, 58, 110, 117, 108, 108, 44, 34, 117, 115, 101, 114, 65, 117, 116, 104, 101, 110, 116, 105, 99, 97, 116, 105, 111, 110, 46, 97, 117, 116, 104, 111, 114, 105, 116, 105, 101, 115, 34, 58, 91, 34, 111, 112, 101, 110, 105, 100, 34, 93, 44, 34, 111, 97, 117, 116, 104, 50, 82, 101, 113, 117, 101, 115, 116, 46, 97, 117, 116, 104, 111, 114, 105, 116, 105, 101, 115, 34, 58, 91, 34, 111, 97, 117, 116, 104, 46, 108, 111, 103, 105, 110, 34, 93, 44, 34, 111, 97, 117, 116, 104, 50, 82, 101, 113, 117, 101, 115, 116, 46, 99, 108, 105, 101, 110, 116, 73, 100, 34, 58, 34, 99, 108, 105, 101, 110, 116, 105, 100, 34, 44, 34, 111, 97, 117, 116, 104, 50, 82, 101, 113, 117, 101, 115, 116, 46, 97, 112, 112, 114, 111, 118, 101, 100, 34, 58, 116, 114, 117, 101, 44, 34, 111, 97, 117, 116, 104, 50, 82, 101, 113, 117, 101, 115, 116, 46, 115, 99, 111, 112, 101, 34, 58, 91, 34, 111, 112, 101, 110, 105, 100, 34, 93, 125}; + private static final byte[] UAA_AUTHENTICATION_DATA_OLD_STYLE = new byte[]{123, 34, 111, 97, 117, 116, 104, 50, 82, 101, 113, 117, 101, 115, 116, 46, 114, 101, 115, 112, 111, 110, 115, 101, 84, 121, 112, 101, 115, 34, 58, 91, 93, 44, 34, 111, 97, 117, 116, 104, 50, 82, 101, 113, 117, 101, 115, 116, 46, 114, 101, 115, 111, 117, 114, 99, 101, 73, 100, 115, 34, 58, 91, 93, 44, 34, 117, 115, 101, 114, 65, 117, 116, 104, 101, 110, 116, 105, 99, 97, 116, 105, 111, 110, 46, 117, 97, 97, 80, 114, 105, 110, 99, 105, 112, 97, 108, 34, 58, 34, 123, 92, 34, 105, 100, 92, 34, 58, 92, 34, 117, 115, 101, 114, 105, 100, 92, 34, 44, 92, 34, 110, 97, 109, 101, 92, 34, 58, 92, 34, 117, 115, 101, 114, 110, 97, 109, 101, 92, 34, 44, 92, 34, 101, 109, 97, 105, 108, 92, 34, 58, 92, 34, 117, 115, 101, 114, 110, 97, 109, 101, 64, 116, 101, 115, 116, 46, 111, 114, 103, 92, 34, 44, 92, 34, 111, 114, 105, 103, 105, 110, 92, 34, 58, 92, 34, 117, 97, 97, 92, 34, 44, 92, 34, 101, 120, 116, 101, 114, 110, 97, 108, 73, 100, 92, 34, 58, 110, 117, 108, 108, 44, 92, 34, 122, 111, 110, 101, 73, 100, 92, 34, 58, 92, 34, 117, 97, 97, 92, 34, 125, 34, 44, 34, 111, 97, 117, 116, 104, 50, 82, 101, 113, 117, 101, 115, 116, 46, 114, 101, 113, 117, 101, 115, 116, 80, 97, 114, 97, 109, 101, 116, 101, 114, 115, 34, 58, 123, 34, 103, 114, 97, 110, 116, 95, 116, 121, 112, 101, 34, 58, 34, 112, 97, 115, 115, 119, 111, 114, 100, 34, 44, 34, 99, 108, 105, 101, 110, 116, 95, 105, 100, 34, 58, 34, 99, 108, 105, 101, 110, 116, 105, 100, 34, 44, 34, 115, 99, 111, 112, 101, 34, 58, 34, 111, 112, 101, 110, 105, 100, 34, 125, 44, 34, 111, 97, 117, 116, 104, 50, 82, 101, 113, 117, 101, 115, 116, 46, 114, 101, 100, 105, 114, 101, 99, 116, 85, 114, 105, 34, 58, 110, 117, 108, 108, 44, 34, 117, 115, 101, 114, 65, 117, 116, 104, 101, 110, 116, 105, 99, 97, 116, 105, 111, 110, 46, 97, 117, 116, 104, 111, 114, 105, 116, 105, 101, 115, 34, 58, 91, 34, 111, 112, 101, 110, 105, 100, 34, 93, 44, 34, 111, 97, 117, 116, 104, 50, 82, 101, 113, 117, 101, 115, 116, 46, 97, 117, 116, 104, 111, 114, 105, 116, 105, 101, 115, 34, 58, 91, 34, 111, 97, 117, 116, 104, 46, 108, 111, 103, 105, 110, 34, 93, 44, 34, 111, 97, 117, 116, 104, 50, 82, 101, 113, 117, 101, 115, 116, 46, 99, 108, 105, 101, 110, 116, 73, 100, 34, 58, 34, 99, 108, 105, 101, 110, 116, 105, 100, 34, 44, 34, 111, 97, 117, 116, 104, 50, 82, 101, 113, 117, 101, 115, 116, 46, 97, 112, 112, 114, 111, 118, 101, 100, 34, 58, 116, 114, 117, 101, 44, 34, 111, 97, 117, 116, 104, 50, 82, 101, 113, 117, 101, 115, 116, 46, 115, 99, 111, 112, 101, 34, 58, 91, 34, 111, 112, 101, 110, 105, 100, 34, 93, 125}; } From 348990fc34dff0f678c73bf58357a14f0c3916e1 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 3 Dec 2019 14:06:33 -0600 Subject: [PATCH 040/111] Test Refactor - UaaTokenStoreTests - Use WithDatabaseContext - Use JUnit5 [#170083097] --- .../uaa/oauth/UaaTokenStoreTests.java | 102 +++++++++--------- 1 file changed, 50 insertions(+), 52 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenStoreTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenStoreTests.java index 114dfcfa076..59377b07f4b 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenStoreTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenStoreTests.java @@ -1,14 +1,16 @@ package org.cloudfoundry.identity.uaa.oauth; +import org.cloudfoundry.identity.uaa.annotations.WithDatabaseContext; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; import org.cloudfoundry.identity.uaa.constants.OriginKeys; -import org.cloudfoundry.identity.uaa.test.JdbcTestBase; import org.cloudfoundry.identity.uaa.util.UaaStringUtils; import org.cloudfoundry.identity.uaa.zone.IdentityZone; -import org.junit.Before; -import org.junit.Test; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.env.Environment; import org.springframework.dao.DeadlockLoserDataAccessException; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.mock.web.MockHttpServletRequest; @@ -43,15 +45,16 @@ import java.util.logging.Logger; import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.containsInAnyOrder; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertThat; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertThrows; +import static org.junit.jupiter.api.Assertions.assertTrue; -public class UaaTokenStoreTests extends JdbcTestBase { +@WithDatabaseContext +class UaaTokenStoreTests { private UaaTokenStore store; private JdbcAuthorizationCodeServices legacyCodeServices; @@ -61,8 +64,14 @@ public class UaaTokenStoreTests extends JdbcTestBase { private UaaPrincipal principal = new UaaPrincipal("userid", "username", "username@test.org", OriginKeys.UAA, null, IdentityZone.getUaaZoneId()); - @Before - public void createTokenStore() { + @Autowired + private JdbcTemplate jdbcTemplate; + + @Autowired + private DataSource dataSource; + + @BeforeEach + void setUp() { jdbcTemplate.update("delete from oauth_code"); List userAuthorities = Collections.singletonList(new SimpleGrantedAuthority( @@ -89,11 +98,10 @@ public void createTokenStore() { UaaAuthentication authentication = new UaaAuthentication(principal, userAuthorities, new UaaAuthenticationDetails(request)); uaaAuthentication = new OAuth2Authentication(clientRequest.createOAuth2Request(client), authentication); - } @Test - public void deserializationOfUaaAuthentication() { + void deserializationOfUaaAuthentication() { UaaAuthentication modifiedAuthentication = (UaaAuthentication) uaaAuthentication.getUserAuthentication(); MultiValueMap userAttributes = new LinkedMultiValueMap<>(); userAttributes.put("atest", Arrays.asList("test1", "test2", "test3")); @@ -121,7 +129,7 @@ public void deserializationOfUaaAuthentication() { } @Test - public void consumeClientCredentialsFromOldStore() { + void consumeClientCredentialsFromOldStore() { String code = legacyCodeServices.createAuthorizationCode(clientAuthentication); assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[]{code}, Integer.class), is(1)); OAuth2Authentication authentication = store.consumeAuthorizationCode(code); @@ -131,35 +139,35 @@ public void consumeClientCredentialsFromOldStore() { } @Test - public void storeTokenClientCredentials() { + void storeTokenClientCredentials() { String code = store.createAuthorizationCode(clientAuthentication); assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[]{code}, Integer.class), is(1)); assertNotNull(code); } @Test - public void storeTokenPasswordGrantUsernamePasswordAuthentication() { + void storeTokenPasswordGrantUsernamePasswordAuthentication() { String code = store.createAuthorizationCode(usernamePasswordAuthentication); assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[]{code}, Integer.class), is(1)); assertNotNull(code); } @Test - public void storeTokenPasswordGrantUaaAuthentication() { + void storeTokenPasswordGrantUaaAuthentication() { String code = store.createAuthorizationCode(uaaAuthentication); assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[]{code}, Integer.class), is(1)); assertNotNull(code); } @Test - public void deserializeFromOldFormat() { + void deserializeFromOldFormat() { OAuth2Authentication authentication = store.deserializeOauth2Authentication(UAA_AUTHENTICATION_DATA_OLD_STYLE); assertNotNull(authentication); assertEquals(principal, authentication.getUserAuthentication().getPrincipal()); } @Test - public void retrieveToken() { + void retrieveToken() { String code = store.createAuthorizationCode(clientAuthentication); assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[]{code}, Integer.class), is(1)); OAuth2Authentication authentication = store.consumeAuthorizationCode(code); @@ -179,23 +187,23 @@ public void retrieveToken() { assertNotNull(authentication); } - @Test(expected = InvalidGrantException.class) - public void retrieveExpiredToken() { + @Test + void retrieveExpiredToken() { String code = store.createAuthorizationCode(clientAuthentication); assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[]{code}, Integer.class), is(1)); jdbcTemplate.update("update oauth_code set expiresat = 1"); - store.consumeAuthorizationCode(code); + assertThrows(InvalidGrantException.class, () -> store.consumeAuthorizationCode(code)); } - @Test(expected = InvalidGrantException.class) - public void retrieveNonExistentToken() { + @Test + void retrieveNonExistentToken() { String code = store.createAuthorizationCode(clientAuthentication); assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code WHERE code = ?", new Object[]{code}, Integer.class), is(1)); - store.consumeAuthorizationCode("non-existent"); + assertThrows(InvalidGrantException.class, () -> store.consumeAuthorizationCode("non-existent")); } @Test - public void cleanUpExpiredTokensBasedOnExpiresField() { + void cleanUpExpiredTokensBasedOnExpiresField() { int count = 10; String lastCode = null; for (int i = 0; i < count; i++) { @@ -205,17 +213,13 @@ public void cleanUpExpiredTokensBasedOnExpiresField() { jdbcTemplate.update("UPDATE oauth_code SET expiresat = ?", System.currentTimeMillis() - 60000); - try { - store.consumeAuthorizationCode(lastCode); - fail(); - } catch (InvalidGrantException ignored) { - } + final String finalLastCode = lastCode; + assertThrows(InvalidGrantException.class, () -> store.consumeAuthorizationCode(finalLastCode)); assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code", Integer.class), is(0)); - } @Test - public void cleanUpLegacyCodesCodesWithoutExpiresAtAfter3Days() { + void cleanUpLegacyCodesCodesWithoutExpiresAtAfter3Days() { int count = 10; long oneday = 1000 * 60 * 60 * 24; for (int i = 0; i < count; i++) { @@ -223,29 +227,21 @@ public void cleanUpLegacyCodesCodesWithoutExpiresAtAfter3Days() { } assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code", Integer.class), is(count)); jdbcTemplate.update("UPDATE oauth_code SET created = ?", new Timestamp(System.currentTimeMillis() - (2 * oneday))); - try { - store.consumeAuthorizationCode("non-existent"); - fail(); - } catch (InvalidGrantException ignored) { - } + assertThrows(InvalidGrantException.class, () -> store.consumeAuthorizationCode("non-existent")); assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code", Integer.class), is(count)); jdbcTemplate.update("UPDATE oauth_code SET created = ?", new Timestamp(System.currentTimeMillis() - (4 * oneday))); - try { - store.consumeAuthorizationCode("non-existent"); - fail(); - } catch (InvalidGrantException ignored) { - } + assertThrows(InvalidGrantException.class, () -> store.consumeAuthorizationCode("non-existent")); assertThat(jdbcTemplate.queryForObject("SELECT count(*) FROM oauth_code", Integer.class), is(0)); } @Test - public void expiresAtOnCode() { + void expiresAtOnCode() { UaaTokenStore.TokenCode code = store.createTokenCode("code", "userid", "clientid", System.currentTimeMillis() - 1000, new Timestamp(System.currentTimeMillis()), new byte[0]); assertTrue(code.isExpired()); } @Test - public void expiresAtOnCreated() { + void expiresAtOnCreated() { UaaTokenStore.TokenCode code = store.createTokenCode("code", "userid", "clientid", 0, new Timestamp(System.currentTimeMillis()), new byte[0]); assertFalse(code.isExpired()); @@ -254,7 +250,9 @@ public void expiresAtOnCreated() { } @Test - public void cleanUpUnusedOldTokensMySQLInAnotherTimezone() throws Exception { + void cleanUpUnusedOldTokensMySQLInAnotherTimezone( + @Autowired Environment environment + ) throws Exception { //only run tests for MySQL for now. Optional dbProfile = Arrays.stream(environment.getActiveProfiles()).filter(s -> s.contains("sql")).findFirst(); String db = dbProfile.orElse("hsqldb"); @@ -277,7 +275,7 @@ public void cleanUpUnusedOldTokensMySQLInAnotherTimezone() throws Exception { template.update("SET TIME ZONE INTERVAL '-11:00' HOUR TO MINUTE"); break; default: - fail("Unknown DB profile:" + db); + throw new RuntimeException("Unknown DB profile:" + db); } store = new UaaTokenStore(sameConnectionDataSource); @@ -301,7 +299,7 @@ public void cleanUpUnusedOldTokensMySQLInAnotherTimezone() throws Exception { } @Test - public void cleanUpExpiredTokensDeadlockLoser() throws Exception { + void cleanUpExpiredTokensDeadlockLoser() throws Exception { try (Connection con = dataSource.getConnection()) { Connection expirationLoser = (Connection) Proxy.newProxyInstance(getClass().getClassLoader(), new Class[]{Connection.class}, @@ -326,7 +324,7 @@ public void cleanUpExpiredTokensDeadlockLoser() throws Exception { public static class SameConnectionDataSource implements DataSource { private final Connection con; - public SameConnectionDataSource(Connection con) { + SameConnectionDataSource(Connection con) { this.con = con; } @@ -377,10 +375,10 @@ public boolean isWrapperFor(Class iface) { } public static class DontCloseConnection implements InvocationHandler { - public static final String CLOSE_VAL = "close"; + static final String CLOSE_VAL = "close"; private final Connection con; - public DontCloseConnection(Connection con) { + DontCloseConnection(Connection con) { this.con = con; } From fad5ca9f7d01d933d725d4a273e9e7d3e0d63bb4 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 3 Dec 2019 14:20:57 -0600 Subject: [PATCH 041/111] Test Refactor - ClientDetailsHasRequiredUserScopes - Turns out this class wasn't Parameterized - Hardcode all the parameterized stuff - Apply IntelliJ sanitizations [#170083097] --- .../ClientDetailsHasRequiredUserScopes.java | 61 +++---------------- 1 file changed, 7 insertions(+), 54 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/db/ClientDetailsHasRequiredUserScopes.java b/server/src/test/java/org/cloudfoundry/identity/uaa/db/ClientDetailsHasRequiredUserScopes.java index 39a29ba398a..9ff54040c77 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/db/ClientDetailsHasRequiredUserScopes.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/db/ClientDetailsHasRequiredUserScopes.java @@ -1,72 +1,25 @@ -/* - * **************************************************************************** - * Cloud Foundry - * Copyright (c) [2009-2017] Pivotal Software, Inc. All Rights Reserved. - * - * This product is licensed to you under the Apache License, Version 2.0 (the "License"). - * You may not use this product except in compliance with the License. - * - * This product includes a number of subcomponents with - * separate copyright notices and license terms. Your use of these - * subcomponents is subject to the terms and conditions of the - * subcomponent's license, as noted in the LICENSE file. - * **************************************************************************** - */ package org.cloudfoundry.identity.uaa.db; import org.cloudfoundry.identity.uaa.test.JdbcTestBase; import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.Parameterized; -import org.springframework.mock.env.MockEnvironment; import java.sql.Connection; import java.sql.DatabaseMetaData; import java.sql.ResultSet; import java.util.Arrays; -import java.util.Collection; +import static org.hamcrest.Matchers.in; +import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.isIn; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertThat; import static org.junit.Assert.assertTrue; -@RunWith(Parameterized.class) public class ClientDetailsHasRequiredUserScopes extends JdbcTestBase { - private String springProfile; - private String tableName; - private String columnName; - - public ClientDetailsHasRequiredUserScopes(String springProfile, String tableName, String columnName) { - this.springProfile = springProfile; - this.tableName = tableName; - this.columnName = columnName; - } - - @Parameterized.Parameters(name = "{index}: org.cloudfoundry.identity.uaa.db[{0}]; table[{1}]") - public static Collection data() { - return Arrays.asList(new Object[][]{ - {null, "oauth_client_details", "required_user_groups"}, -// {"mysql", "oauth_client_details", "required_user_groups"}, -// {"hsqldb", "oauth_client_details", "required_user_groups"}, -// {"postgresql", "oauth_client_details", "required_user_groups"}, - }); - } - - @Override - public void setUp() { - MockEnvironment environment = new MockEnvironment(); - if ( springProfile!=null ) { - environment.setActiveProfiles(springProfile); - } - setUp(environment); - } - - @Test - public void test_That_required_user_groups_is_1024() throws Exception { + public void requiredUserGroupsIs1024() throws Exception { try (Connection connection = dataSource.getConnection()) { DatabaseMetaData meta = connection.getMetaData(); boolean foundTable = false; @@ -76,19 +29,19 @@ public void test_That_required_user_groups_is_1024() throws Exception { String rstableName = rs.getString("TABLE_NAME"); String rscolumnName = rs.getString("COLUMN_NAME"); int columnSize = rs.getInt("COLUMN_SIZE"); - if ((foundTable = tableName.equalsIgnoreCase(rstableName)) && columnName.equalsIgnoreCase(rscolumnName)) { + if ((foundTable = "oauth_client_details".equalsIgnoreCase(rstableName)) && "required_user_groups".equalsIgnoreCase(rscolumnName)) { assertEquals("Table:" + rstableName + " Column:" + rscolumnName + " should be 1024 in size.", 1024, columnSize); foundColumn = true; String columnType = rs.getString("TYPE_NAME"); assertNotNull("Table:" + rstableName + " Column:" + rscolumnName + " should have a column type.", columnType); - assertThat("Table:" + rstableName + " Column:" + rscolumnName + " should be varchar", columnType.toLowerCase(), isIn(Arrays.asList("varchar", "nvarchar"))); + assertThat("Table:" + rstableName + " Column:" + rscolumnName + " should be varchar", columnType.toLowerCase(), is(in(Arrays.asList("varchar", "nvarchar")))); break; } } rs.close(); - assertTrue("[" + springProfile + "] I was expecting to find table:" + tableName, foundTable); - assertTrue("[" + springProfile + "] I was expecting to find column: " + columnName, foundColumn); + assertTrue("I was expecting to find table: oauth_client_details", foundTable); + assertTrue("I was expecting to find column: required_user_groups", foundColumn); } } } From db53df7cac242f665af68145195f33b359731eca Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 3 Dec 2019 14:23:05 -0600 Subject: [PATCH 042/111] Test Refactor - ClientDetailsHasRequiredUserScopes - Use WithDatabaseContext - Use JUnit5 [#170083097] --- .../ClientDetailsHasRequiredUserScopes.java | 28 +++++++++++-------- 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/db/ClientDetailsHasRequiredUserScopes.java b/server/src/test/java/org/cloudfoundry/identity/uaa/db/ClientDetailsHasRequiredUserScopes.java index 9ff54040c77..9b58229d91e 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/db/ClientDetailsHasRequiredUserScopes.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/db/ClientDetailsHasRequiredUserScopes.java @@ -1,25 +1,29 @@ package org.cloudfoundry.identity.uaa.db; -import org.cloudfoundry.identity.uaa.test.JdbcTestBase; -import org.junit.Test; +import org.cloudfoundry.identity.uaa.annotations.WithDatabaseContext; +import org.junit.jupiter.api.Test; +import org.springframework.beans.factory.annotation.Autowired; +import javax.sql.DataSource; import java.sql.Connection; import java.sql.DatabaseMetaData; import java.sql.ResultSet; import java.util.Arrays; +import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.in; import static org.hamcrest.Matchers.is; -import static org.hamcrest.Matchers.isIn; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertThat; -import static org.junit.Assert.assertTrue; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertTrue; -public class ClientDetailsHasRequiredUserScopes extends JdbcTestBase { +@WithDatabaseContext +class ClientDetailsHasRequiredUserScopes { @Test - public void requiredUserGroupsIs1024() throws Exception { + void requiredUserGroupsIs1024( + @Autowired DataSource dataSource + ) throws Exception { try (Connection connection = dataSource.getConnection()) { DatabaseMetaData meta = connection.getMetaData(); boolean foundTable = false; @@ -30,7 +34,7 @@ public void requiredUserGroupsIs1024() throws Exception { String rscolumnName = rs.getString("COLUMN_NAME"); int columnSize = rs.getInt("COLUMN_SIZE"); if ((foundTable = "oauth_client_details".equalsIgnoreCase(rstableName)) && "required_user_groups".equalsIgnoreCase(rscolumnName)) { - assertEquals("Table:" + rstableName + " Column:" + rscolumnName + " should be 1024 in size.", 1024, columnSize); + assertEquals(1024, columnSize, "Table:" + rstableName + " Column:" + rscolumnName + " should be 1024 in size."); foundColumn = true; String columnType = rs.getString("TYPE_NAME"); assertNotNull("Table:" + rstableName + " Column:" + rscolumnName + " should have a column type.", columnType); @@ -40,8 +44,8 @@ public void requiredUserGroupsIs1024() throws Exception { } rs.close(); - assertTrue("I was expecting to find table: oauth_client_details", foundTable); - assertTrue("I was expecting to find column: required_user_groups", foundColumn); + assertTrue(foundTable, "I was expecting to find table: oauth_client_details"); + assertTrue(foundColumn, "I was expecting to find column: required_user_groups"); } } } From c09517391180c374613273b06accd26624054c0b Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 3 Dec 2019 16:06:54 -0600 Subject: [PATCH 043/111] Test Refactor - OauthCodeIndexTest - Apply IntelliJ sanitizations [#170083097] --- .../identity/uaa/db/OauthCodeIndexTest.java | 27 +++++-------------- 1 file changed, 6 insertions(+), 21 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/db/OauthCodeIndexTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/db/OauthCodeIndexTest.java index e3cb1cdf064..5696bd22fef 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/db/OauthCodeIndexTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/db/OauthCodeIndexTest.java @@ -1,17 +1,3 @@ -/* - * **************************************************************************** - * Cloud Foundry - * Copyright (c) [2009-2017] Pivotal Software, Inc. All Rights Reserved. - * - * This product is licensed to you under the Apache License, Version 2.0 (the "License"). - * You may not use this product except in compliance with the License. - * - * This product includes a number of subcomponents with - * separate copyright notices and license terms. Your use of these - * subcomponents is subject to the terms and conditions of the - * subcomponent's license, as noted in the LICENSE file. - * **************************************************************************** - */ package org.cloudfoundry.identity.uaa.db; import org.cloudfoundry.identity.uaa.test.JdbcTestBase; @@ -45,28 +31,27 @@ public OauthCodeIndexTest(String springProfile, String tableName, String indexNa @Parameterized.Parameters(name = "{index}: org.cloudfoundry.identity.uaa.db[{0}]; table[{1}]; name[{2}]; unique[{3}];") public static Collection data() { return Arrays.asList(new Object[][]{ - {null, "oauth_code", "oauth_code_uq_idx", true}, - {null, "oauth_code", "oauth_code_expiresat_idx", false}, + {null, "oauth_code", "oauth_code_uq_idx", true}, + {null, "oauth_code", "oauth_code_expiresat_idx", false}, }); } @Override public void setUp() { MockEnvironment environment = new MockEnvironment(); - if ( springProfile!=null ) { + if (springProfile != null) { environment.setActiveProfiles(springProfile); } setUp(environment); } - @Test - public void test_existing_indicies() throws Exception { + public void existingIndicies() throws Exception { boolean found = false; for (String tableName : Arrays.asList(tableName.toLowerCase(), tableName.toUpperCase())) { try ( - Connection connection = dataSource.getConnection(); - ResultSet rs = connection.getMetaData().getIndexInfo(connection.getCatalog(), null, tableName, unique, true) + Connection connection = dataSource.getConnection(); + ResultSet rs = connection.getMetaData().getIndexInfo(connection.getCatalog(), null, tableName, unique, true) ) { while (!found && rs.next()) { found = indexName.equalsIgnoreCase(rs.getString("INDEX_NAME")); From 54fa6d8fbcfec2777f53abf73ce2907367293fbc Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 3 Dec 2019 16:13:07 -0600 Subject: [PATCH 044/111] Test Refactor - OauthCodeIndexTest - Use WithDatabaseContext - Use JUnit5 - Turns out there's only one @Test method. Parameterize it instead of the class [#170083097] --- .../identity/uaa/db/OauthCodeIndexTest.java | 69 +++++++++---------- 1 file changed, 31 insertions(+), 38 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/db/OauthCodeIndexTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/db/OauthCodeIndexTest.java index 5696bd22fef..262b46a4388 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/db/OauthCodeIndexTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/db/OauthCodeIndexTest.java @@ -1,54 +1,47 @@ package org.cloudfoundry.identity.uaa.db; -import org.cloudfoundry.identity.uaa.test.JdbcTestBase; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.Parameterized; -import org.springframework.mock.env.MockEnvironment; - +import org.cloudfoundry.identity.uaa.annotations.WithDatabaseContext; +import org.junit.jupiter.api.extension.ExtensionContext; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.Arguments; +import org.junit.jupiter.params.provider.ArgumentsProvider; +import org.junit.jupiter.params.provider.ArgumentsSource; +import org.springframework.beans.factory.annotation.Autowired; + +import javax.sql.DataSource; import java.sql.Connection; import java.sql.ResultSet; import java.util.Arrays; -import java.util.Collection; - -import static org.junit.Assert.assertTrue; +import java.util.stream.Stream; -@RunWith(Parameterized.class) -public class OauthCodeIndexTest extends JdbcTestBase { +import static org.junit.jupiter.api.Assertions.assertTrue; - private String springProfile; - private String tableName; - private String indexName; - private boolean unique; +@WithDatabaseContext +class OauthCodeIndexTest { - public OauthCodeIndexTest(String springProfile, String tableName, String indexName, boolean unique) { - this.springProfile = springProfile; - this.tableName = tableName; - this.indexName = indexName; - this.unique = unique; - } + @Autowired + private DataSource dataSource; - @Parameterized.Parameters(name = "{index}: org.cloudfoundry.identity.uaa.db[{0}]; table[{1}]; name[{2}]; unique[{3}];") - public static Collection data() { - return Arrays.asList(new Object[][]{ - {null, "oauth_code", "oauth_code_uq_idx", true}, - {null, "oauth_code", "oauth_code_expiresat_idx", false}, - }); - } + static class ExistingIndiciesProvider implements ArgumentsProvider { - @Override - public void setUp() { - MockEnvironment environment = new MockEnvironment(); - if (springProfile != null) { - environment.setActiveProfiles(springProfile); + @Override + public Stream provideArguments(ExtensionContext context) { + return Stream.of( + Arguments.of("oauth_code", "oauth_code_uq_idx", true), + Arguments.of("oauth_code", "oauth_code_expiresat_idx", false) + ); } - setUp(environment); } - @Test - public void existingIndicies() throws Exception { + @ParameterizedTest + @ArgumentsSource(ExistingIndiciesProvider.class) + void existingIndicies( + final String uncasedTableName, + final String indexName, + final boolean unique + ) throws Exception { boolean found = false; - for (String tableName : Arrays.asList(tableName.toLowerCase(), tableName.toUpperCase())) { + for (String tableName : Arrays.asList(uncasedTableName.toLowerCase(), uncasedTableName.toUpperCase())) { try ( Connection connection = dataSource.getConnection(); ResultSet rs = connection.getMetaData().getIndexInfo(connection.getCatalog(), null, tableName, unique, true) @@ -62,7 +55,7 @@ public void existingIndicies() throws Exception { } } - assertTrue(String.format("Expected to find index %s.%s", tableName, indexName), found); + assertTrue(found, String.format("Expected to find index %s.%s", uncasedTableName, indexName)); } } From 07f6b47782a60d0b182cfe0ccd6200bfea4ed5d0 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 3 Dec 2019 16:26:37 -0600 Subject: [PATCH 045/111] Test Refactor - StoreSubDomainAsLowerCase_V2_7_3_Tests - Apply IntelliJ sanitizations - Make methods static if they can be static [#170083097] --- ...toreSubDomainAsLowerCase_V2_7_3_Tests.java | 34 +++++++------------ 1 file changed, 12 insertions(+), 22 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/db/StoreSubDomainAsLowerCase_V2_7_3_Tests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/db/StoreSubDomainAsLowerCase_V2_7_3_Tests.java index 2a5578eacb7..9411d8d5147 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/db/StoreSubDomainAsLowerCase_V2_7_3_Tests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/db/StoreSubDomainAsLowerCase_V2_7_3_Tests.java @@ -1,17 +1,3 @@ -/* - * ***************************************************************************** - * Cloud Foundry - * Copyright (c) [2009-2015] Pivotal Software, Inc. All Rights Reserved. - * This product is licensed to you under the Apache License, Version 2.0 (the "License"). - * You may not use this product except in compliance with the License. - * - * This product includes a number of subcomponents with - * separate copyright notices and license terms. Your use of these - * subcomponents is subject to the terms and conditions of the - * subcomponent's license, as noted in the LICENSE file. - * ***************************************************************************** - */ - package org.cloudfoundry.identity.uaa.db; import org.cloudfoundry.identity.uaa.test.JdbcTestBase; @@ -22,6 +8,7 @@ import org.junit.Before; import org.junit.Test; import org.springframework.dao.DuplicateKeyException; +import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; import java.sql.Timestamp; @@ -47,7 +34,7 @@ public void setUpDuplicateZones() { } @Test - public void ensure_that_subdomains_get_lower_cased() throws Exception { + public void ensureThatSubdomainsGetLowerCased() { List subdomains = Arrays.asList( "Zone1" + generator.generate(), "Zone2" + generator.generate(), @@ -80,8 +67,8 @@ public void ensure_that_subdomains_get_lower_cased() throws Exception { } @Test - public void test_duplicate_subdomains() throws Exception { - check_db_is_case_sensitive(); + public void duplicateSubdomains() { + checkDbIsCaseSensitive(jdbcTemplate, generator); List ids = Arrays.asList( "id1" + generator.generate().toLowerCase(), "id2" + generator.generate().toLowerCase(), @@ -99,7 +86,7 @@ public void test_duplicate_subdomains() throws Exception { for (int i = 0; i < ids.size(); i++) { IdentityZone zone = MultitenancyFixture.identityZone(ids.get(i), subdomains.get(i)); zone.setSubdomain(subdomains.get(i)); //mixed case - createIdentityZoneThroughSQL(zone); + createIdentityZoneThroughSQL(zone, jdbcTemplate); } IdentityZone lowercase = provisioning.retrieveBySubdomain("domain1"); IdentityZone mixedcase = provisioning.retrieveBySubdomain("Domain1"); @@ -113,8 +100,9 @@ public void test_duplicate_subdomains() throws Exception { } } - - public void check_db_is_case_sensitive() { + private static void checkDbIsCaseSensitive( + final JdbcTemplate jdbcTemplate, + final RandomValueStringGenerator generator) { String usubdomain = "TEST_UPPER_" + generator.generate(); String lsubdomain = usubdomain.toLowerCase(); @@ -123,14 +111,16 @@ public void check_db_is_case_sensitive() { try { IdentityZone identityZone = MultitenancyFixture.identityZone(subdomain + generator.generate(), subdomain); identityZone.setSubdomain(subdomain); - createIdentityZoneThroughSQL(identityZone); + createIdentityZoneThroughSQL(identityZone, jdbcTemplate); } catch (DuplicateKeyException x) { assumeTrue("DB is not case sensitive. No need for this test", false); } } } - protected void createIdentityZoneThroughSQL(IdentityZone identityZone) { + private static void createIdentityZoneThroughSQL( + final IdentityZone identityZone, + final JdbcTemplate jdbcTemplate) { String ID_ZONE_FIELDS = "id,version,created,lastmodified,name,subdomain,description"; String CREATE_IDENTITY_ZONE_SQL = "insert into identity_zone(" + ID_ZONE_FIELDS + ") values (?,?,?,?,?,?,?)"; From 0d861dfe8b7a66b79b9cf05eb2ed118f3145ef5e Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 3 Dec 2019 16:31:37 -0600 Subject: [PATCH 046/111] Test Refactor - StoreSubDomainAsLowerCase_V2_7_3_Tests - Use @WithDatabaseContext - Use JUnit5 [#170083097] --- ...toreSubDomainAsLowerCase_V2_7_3_Tests.java | 29 +++++++++++-------- 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/db/StoreSubDomainAsLowerCase_V2_7_3_Tests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/db/StoreSubDomainAsLowerCase_V2_7_3_Tests.java index 9411d8d5147..052f6391ae9 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/db/StoreSubDomainAsLowerCase_V2_7_3_Tests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/db/StoreSubDomainAsLowerCase_V2_7_3_Tests.java @@ -1,12 +1,13 @@ package org.cloudfoundry.identity.uaa.db; -import org.cloudfoundry.identity.uaa.test.JdbcTestBase; +import org.cloudfoundry.identity.uaa.annotations.WithDatabaseContext; import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.cloudfoundry.identity.uaa.zone.IdentityZoneProvisioning; import org.cloudfoundry.identity.uaa.zone.JdbcIdentityZoneProvisioning; import org.cloudfoundry.identity.uaa.zone.MultitenancyFixture; -import org.junit.Before; -import org.junit.Test; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.dao.DuplicateKeyException; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; @@ -16,25 +17,29 @@ import java.util.Date; import java.util.List; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assume.assumeTrue; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assumptions.assumeTrue; -public class StoreSubDomainAsLowerCase_V2_7_3_Tests extends JdbcTestBase { +@WithDatabaseContext +class StoreSubDomainAsLowerCase_V2_7_3_Tests { private IdentityZoneProvisioning provisioning; private StoreSubDomainAsLowerCase_V2_7_3 migration; private RandomValueStringGenerator generator; - @Before - public void setUpDuplicateZones() { + @Autowired + private JdbcTemplate jdbcTemplate; + + @BeforeEach + void setUpDuplicateZones() { provisioning = new JdbcIdentityZoneProvisioning(jdbcTemplate); migration = new StoreSubDomainAsLowerCase_V2_7_3(); generator = new RandomValueStringGenerator(6); } @Test - public void ensureThatSubdomainsGetLowerCased() { + void ensureThatSubdomainsGetLowerCased() { List subdomains = Arrays.asList( "Zone1" + generator.generate(), "Zone2" + generator.generate(), @@ -67,7 +72,7 @@ public void ensureThatSubdomainsGetLowerCased() { } @Test - public void duplicateSubdomains() { + void duplicateSubdomains() { checkDbIsCaseSensitive(jdbcTemplate, generator); List ids = Arrays.asList( "id1" + generator.generate().toLowerCase(), @@ -113,7 +118,7 @@ private static void checkDbIsCaseSensitive( identityZone.setSubdomain(subdomain); createIdentityZoneThroughSQL(identityZone, jdbcTemplate); } catch (DuplicateKeyException x) { - assumeTrue("DB is not case sensitive. No need for this test", false); + assumeTrue(false, "DB is not case sensitive. No need for this test"); } } } From 5da47a01042023a615aaaff94ee8a6e07695c4aa Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 3 Dec 2019 22:21:27 -0600 Subject: [PATCH 047/111] Integration Test Refactor - Simplify properties [nostory] --- .../resources/integration.test.properties | 2 -- .../feature/DefaultIntegrationTestConfig.java | 9 +++---- .../integration/feature/InvitationsIT.java | 17 +++++------- .../feature/OpenIdTokenGrantsIT.java | 27 ++++++++----------- .../uaa/integration/feature/SamlLoginIT.java | 2 +- .../uaa/integration/feature/TestClient.java | 14 +++++----- 6 files changed, 29 insertions(+), 42 deletions(-) diff --git a/server/src/test/resources/integration.test.properties b/server/src/test/resources/integration.test.properties index 654c44d77c7..ebe846c6d5b 100644 --- a/server/src/test/resources/integration.test.properties +++ b/server/src/test/resources/integration.test.properties @@ -1,5 +1,3 @@ integration.test.base_url=http://localhost:8080/uaa -integration.test.uaa_url=http://localhost:8080/uaa integration.test.app_url=http://localhost:8080/app/ -integration.test.api_url=http://localhost:8080/api smtp.port=2525 \ No newline at end of file diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/DefaultIntegrationTestConfig.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/DefaultIntegrationTestConfig.java index 47e1bcb77ce..721ea1bde73 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/DefaultIntegrationTestConfig.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/DefaultIntegrationTestConfig.java @@ -40,7 +40,8 @@ public class DefaultIntegrationTestConfig { @Bean - public IntegrationTestRule integrationTestRule(@Value("${integration.test.uaa_url}") String baseUrl, Environment environment) { + public IntegrationTestRule integrationTestRule( + final @Value("${integration.test.base_url}") String baseUrl) { return new IntegrationTestRule(baseUrl); } @@ -80,7 +81,6 @@ public ChromeDriver webDriver() { return driver; } - @Bean(destroyMethod = "stop") public SimpleSmtpServer simpleSmtpServer(@Value("${smtp.port}") int port) { return SimpleSmtpServer.start(port); @@ -93,9 +93,8 @@ public RestTemplate restTemplate() { @Bean public TestClient testClient(RestTemplate restTemplate, - @Value("${integration.test.uaa_url}") String baseUrl, - @Value("${integration.test.uaa_url}") String uaaUrl) { - return new TestClient(restTemplate, baseUrl, uaaUrl); + final @Value("${integration.test.base_url}") String baseUrl) { + return new TestClient(restTemplate, baseUrl); } @Bean diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/InvitationsIT.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/InvitationsIT.java index 855666940e3..e52f1875aca 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/InvitationsIT.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/InvitationsIT.java @@ -86,9 +86,6 @@ public class InvitationsIT { @Autowired TestClient testClient; - @Value("${integration.test.uaa_url}") - String uaaUrl; - @Value("${integration.test.base_url}") String baseUrl; @@ -157,7 +154,7 @@ protected boolean hasError(HttpStatus statusCode) { HttpHeaders headers = new HttpHeaders(); headers.setContentType(APPLICATION_JSON); HttpEntity request = new HttpEntity<>("{\"emails\":[\"marissa@test.org\"]}", headers); - ResponseEntity response = uaaTemplate.exchange(uaaUrl + "/invite_users/?client_id=admin&redirect_uri={uri}", POST, request, Void.class, "https://www.google.com"); + ResponseEntity response = uaaTemplate.exchange(baseUrl + "/invite_users/?client_id=admin&redirect_uri={uri}", POST, request, Void.class, "https://www.google.com"); assertThat(response.getStatusCode(), is(HttpStatus.UNAUTHORIZED)); } @@ -280,7 +277,7 @@ public void invitedOIDCUserVerified() throws Exception { String[] emailList = new String[]{"marissa@test.org"}; body.setEmails(emailList); HttpEntity request = new HttpEntity<>(body, headers); - ResponseEntity response = uaaTemplate.exchange(uaaUrl + "/invite_users?client_id=app&redirect_uri=" + appUrl, POST, request, InvitationsResponse.class); + ResponseEntity response = uaaTemplate.exchange(baseUrl + "/invite_users?client_id=app&redirect_uri=" + appUrl, POST, request, InvitationsResponse.class); assertThat(response.getStatusCode(), is(HttpStatus.OK)); String userId = response.getBody().getNewInvites().get(0).getUserId(); @@ -306,10 +303,10 @@ private String createInvitation() { } private String createInvitation(String username, String userEmail, String redirectUri, String origin) { - return createInvitation(baseUrl, uaaUrl, username, userEmail, origin, redirectUri, loginToken, scimToken); + return createInvitation(baseUrl, username, userEmail, origin, redirectUri, loginToken, scimToken); } - public static String createInvitation(String baseUrl, String uaaUrl, String username, String userEmail, String origin, String redirectUri, String loginToken, String scimToken) { + public static String createInvitation(String baseUrl, String username, String userEmail, String origin, String redirectUri, String loginToken, String scimToken) { HttpHeaders headers = new HttpHeaders(); headers.add("Authorization", "Bearer " + scimToken); RestTemplate uaaTemplate = new RestTemplate(); @@ -328,14 +325,14 @@ public static String createInvitation(String baseUrl, String uaaUrl, String user } if (userId == null) { HttpEntity request = new HttpEntity<>(scimUser, headers); - ResponseEntity response = uaaTemplate.exchange(uaaUrl + "/Users", POST, request, ScimUser.class); + ResponseEntity response = uaaTemplate.exchange(baseUrl + "/Users", POST, request, ScimUser.class); if (response.getStatusCode().value()!= HttpStatus.CREATED.value()) { throw new IllegalStateException("Unable to create test user:"+scimUser); } userId = response.getBody().getId(); } else { scimUser.setVerified(false); - IntegrationTestUtils.updateUser(scimToken, uaaUrl, scimUser); + IntegrationTestUtils.updateUser(scimToken, baseUrl, scimUser); } HttpHeaders invitationHeaders = new HttpHeaders(); @@ -344,7 +341,7 @@ public static String createInvitation(String baseUrl, String uaaUrl, String user Timestamp expiry = new Timestamp(System.currentTimeMillis() + TimeUnit.MILLISECONDS.convert(System.currentTimeMillis() + 24 * 3600, TimeUnit.MILLISECONDS)); ExpiringCode expiringCode = new ExpiringCode(null, expiry, "{\"origin\":\"" + origin + "\", \"client_id\":\"app\", \"redirect_uri\":\"" + redirectUri + "\", \"user_id\":\"" + userId + "\", \"email\":\"" + userEmail + "\"}", null); HttpEntity expiringCodeRequest = new HttpEntity<>(expiringCode, invitationHeaders); - ResponseEntity expiringCodeResponse = uaaTemplate.exchange(uaaUrl + "/Codes", POST, expiringCodeRequest, ExpiringCode.class); + ResponseEntity expiringCodeResponse = uaaTemplate.exchange(baseUrl + "/Codes", POST, expiringCodeRequest, ExpiringCode.class); expiringCode = expiringCodeResponse.getBody(); return expiringCode.getCode(); } diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/OpenIdTokenGrantsIT.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/OpenIdTokenGrantsIT.java index edac8073a2b..d386e1e7cb0 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/OpenIdTokenGrantsIT.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/OpenIdTokenGrantsIT.java @@ -73,10 +73,7 @@ public class OpenIdTokenGrantsIT { WebDriver webDriver; @Value("${integration.test.base_url}") - String loginUrl; - - @Value("${integration.test.uaa_url}") - String uaaUrl; + String baseUrl; @Value("${integration.test.app_url}") String appUrl; @@ -108,12 +105,10 @@ public void setUp() { @After public void logout_and_clear_cookies() { try { - webDriver.get(loginUrl + "/logout.do"); - webDriver.get(uaaUrl + "/logout.do"); + webDriver.get(baseUrl + "/logout.do"); }catch (org.openqa.selenium.TimeoutException x) { //try again - this should not be happening - 20 second timeouts - webDriver.get(loginUrl + "/logout.do"); - webDriver.get(uaaUrl + "/logout.do"); + webDriver.get(baseUrl + "/logout.do"); } webDriver.get(appUrl+"/j_spring_security_logout"); webDriver.manage().deleteAllCookies(); @@ -121,12 +116,12 @@ public void logout_and_clear_cookies() { private ClientCredentialsResourceDetails getClientCredentialsResource(String[] scope, String clientId, String clientSecret) { - return IntegrationTestUtils.getClientCredentialsResource(uaaUrl,scope,clientId,clientSecret); + return IntegrationTestUtils.getClientCredentialsResource(baseUrl,scope,clientId,clientSecret); } private ScimUser createUser(String username, String firstName, String lastName, String email, boolean verified) { - return IntegrationTestUtils.createUser(client, uaaUrl, username, firstName, lastName, email, verified); + return IntegrationTestUtils.createUser(client, baseUrl, username, firstName, lastName, email, verified); } @Test @@ -143,7 +138,7 @@ public void testImplicitGrant() { postBody.add("password", secret); ResponseEntity responseEntity = restOperations.exchange( - loginUrl + "/oauth/authorize", + baseUrl + "/oauth/authorize", HttpMethod.POST, new HttpEntity<>(postBody, headers), Void.class @@ -206,7 +201,7 @@ public void testPasswordGrant() { postBody.add("username", user.getUserName()); postBody.add("password", secret); - ResponseEntity responseEntity = restOperations.exchange(loginUrl + "/oauth/token", + ResponseEntity responseEntity = restOperations.exchange(baseUrl + "/oauth/token", HttpMethod.POST, new HttpEntity<>(postBody, headers), Map.class); @@ -268,7 +263,7 @@ private void doOpenIdHybridFlowIdTokenAndCode(Set responseTypes, String String clientId = "app"; String clientSecret = "appclientsecret"; String redirectUri = "http://localhost:8080/app/"; - String uri = loginUrl + + String uri = baseUrl + "/oauth/authorize?response_type={response_type}&"+ "state={state}&client_id={client_id}&redirect_uri={redirect_uri}"; @@ -316,7 +311,7 @@ private void doOpenIdHybridFlowIdTokenAndCode(Set responseTypes, String formData.add(CookieBasedCsrfTokenRepository.DEFAULT_CSRF_COOKIE_NAME, csrf); // Should be redirected to the original URL, but now authenticated - result = restOperations.exchange(loginUrl + "/login.do", HttpMethod.POST, new HttpEntity<>(formData, getHeaders(cookies)), Void.class); + result = restOperations.exchange(baseUrl + "/login.do", HttpMethod.POST, new HttpEntity<>(formData, getHeaders(cookies)), Void.class); assertEquals(HttpStatus.FOUND, result.getStatusCode()); cookies.clear(); @@ -347,7 +342,7 @@ private void doOpenIdHybridFlowIdTokenAndCode(Set responseTypes, String formData.clear(); formData.add(USER_OAUTH_APPROVAL, "true"); formData.add(DEFAULT_CSRF_COOKIE_NAME, IntegrationTestUtils.extractCookieCsrf(response.getBody())); - result = restOperations.exchange(loginUrl + "/oauth/authorize", HttpMethod.POST, new HttpEntity<>(formData, getHeaders(cookies)), Void.class); + result = restOperations.exchange(baseUrl + "/oauth/authorize", HttpMethod.POST, new HttpEntity<>(formData, getHeaders(cookies)), Void.class); assertEquals(HttpStatus.FOUND, result.getStatusCode()); location = UriUtils.decode(result.getHeaders().getLocation().toString(), "UTF-8"); } @@ -370,7 +365,7 @@ private void doOpenIdHybridFlowIdTokenAndCode(Set responseTypes, String tokenHeaders.set("Authorization", basicDigestHeaderValue); @SuppressWarnings("rawtypes") - ResponseEntity tokenResponse = restOperations.exchange(loginUrl+"/oauth/token", HttpMethod.POST, new HttpEntity<>(formData, tokenHeaders), Map.class); + ResponseEntity tokenResponse = restOperations.exchange(baseUrl+"/oauth/token", HttpMethod.POST, new HttpEntity<>(formData, tokenHeaders), Map.class); assertEquals(HttpStatus.OK, tokenResponse.getStatusCode()); @SuppressWarnings("unchecked") Map body = tokenResponse.getBody(); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginIT.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginIT.java index 2cd07ef747b..5399ab49c97 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginIT.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginIT.java @@ -602,7 +602,7 @@ public void perform_SamlInvitation_Automatic_Redirect_In_Zone2(String username, String uaaAdminToken = testClient.getOAuthAccessToken(zoneUrl, "admin", "adminsecret", "client_credentials", ""); String useremail = username + "@test.org"; - String code = InvitationsIT.createInvitation(zoneUrl, zoneUrl, useremail, useremail, samlIdentityProviderDefinition.getIdpEntityAlias(), "", uaaAdminToken, uaaAdminToken); + String code = InvitationsIT.createInvitation(zoneUrl, useremail, useremail, samlIdentityProviderDefinition.getIdpEntityAlias(), "", uaaAdminToken, uaaAdminToken); String invitedUserId = IntegrationTestUtils.getUserId(uaaAdminToken, zoneUrl, samlIdentityProviderDefinition.getIdpEntityAlias(), useremail); String existingUserId = IntegrationTestUtils.getUserId(uaaAdminToken, zoneUrl, samlIdentityProviderDefinition.getIdpEntityAlias(), useremail); webDriver.get(zoneUrl + "/logout.do"); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/TestClient.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/TestClient.java index 970d9fb2065..dbea3a4493f 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/TestClient.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/TestClient.java @@ -34,15 +34,14 @@ public class TestClient { private final RestTemplate restTemplate; private final String baseUrl; - private final String uaaUrl; - public TestClient(RestTemplate restTemplate, String baseUrl, String uaaUrl ) { + public TestClient(final RestTemplate restTemplate, + final String baseUrl) { this.restTemplate = restTemplate; this.baseUrl = baseUrl; - this.uaaUrl = uaaUrl; } - public String getBasicAuthHeaderValue(String username, String password) { + String getBasicAuthHeaderValue(String username, String password) { return "Basic " + new String(Base64.encodeBase64((username + ":" + password).getBytes())); } @@ -69,7 +68,7 @@ public void createClient(String adminAccessToken, BaseClientDetails clientDetail restfulCreate( adminAccessToken, JsonUtils.writeValueAsString(clientDetails), - uaaUrl + "/oauth/clients" + baseUrl + "/oauth/clients" ); } @@ -85,7 +84,7 @@ public void createScimClient(String adminAccessToken, String clientId) { "\"redirect_uri\":[\"http://example.redirect.com\"]," + "\"authorities\":[\"password.write\",\"scim.write\",\"scim.read\",\"oauth.approvals\"]" + "}", - uaaUrl + "/oauth/clients" + baseUrl + "/oauth/clients" ); } @@ -103,7 +102,7 @@ public void createUser(String scimAccessToken, String userName, String email, St "\"verified\":" + verified + "," + "\"schemas\":[\"urn:scim:schemas:core:1.0\"]" + "}", - uaaUrl + "/Users" + baseUrl + "/Users" ); } @@ -118,7 +117,6 @@ private void restfulCreate(String adminAccessToken, String json, String url) { Assert.assertEquals(HttpStatus.CREATED, exchange.getStatusCode()); } - public String extractLink(String messageBody) { Pattern linkPattern = Pattern.compile(".*?"); Matcher matcher = linkPattern.matcher(messageBody); From 0eea7979f653d74e81163918a071f78a7f2df07e Mon Sep 17 00:00:00 2001 From: Fan Shang Xiang Date: Tue, 5 Nov 2019 09:28:54 +0800 Subject: [PATCH 048/111] use source compatibility in parent project instead Signed-off-by: Fan Shang Xiang --- statsd/build.gradle | 2 -- 1 file changed, 2 deletions(-) diff --git a/statsd/build.gradle b/statsd/build.gradle index b8a6d049aac..9896255ddf0 100644 --- a/statsd/build.gradle +++ b/statsd/build.gradle @@ -10,8 +10,6 @@ repositories { mavenCentral() } -sourceCompatibility = 1.8 -targetCompatibility = 1.8 dependencies { compile project(":cloudfoundry-identity-metrics-data") From 86a286fe962c85231f33818a76bab95315c41e02 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Wed, 4 Dec 2019 16:08:56 -0600 Subject: [PATCH 049/111] Inline configuration locations into YamlServletProfileInitializer [#169991138] --- .../config/YamlServletProfileInitializer.java | 55 ++++--- .../YamlServletProfileInitializerTest.java | 143 +++++++++--------- uaa/src/main/webapp/WEB-INF/web.xml | 10 -- .../identity/uaa/login/BootstrapTests.java | 6 +- 4 files changed, 99 insertions(+), 115 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java index 69961dd389d..617c4e4bbd5 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java @@ -19,7 +19,6 @@ import org.springframework.web.context.support.WebApplicationContextUtils; import org.yaml.snakeyaml.Yaml; -import javax.servlet.ServletConfig; import javax.servlet.ServletContext; import java.io.FileNotFoundException; import java.net.URISyntaxException; @@ -49,10 +48,6 @@ */ public class YamlServletProfileInitializer implements ApplicationContextInitializer { - private static final String PROFILE_CONFIG_FILE_LOCATIONS = "environmentConfigLocations"; - - private static final String PROFILE_CONFIG_FILE_DEFAULT = "environmentConfigDefaults"; - private static final String[] DEFAULT_PROFILE_CONFIG_FILE_LOCATIONS = new String[]{ "${APPLICATION_CONFIG_URL}", "file:${APPLICATION_CONFIG_FILE}"}; @@ -68,19 +63,21 @@ public class YamlServletProfileInitializer implements ApplicationContextInitiali public void initialize(ConfigurableWebApplicationContext applicationContext) { ServletContext servletContext = applicationContext.getServletContext(); + final String contextPath = servletContext != null ? servletContext.getContextPath() : "/"; - HttpSessionEventPublisher publisher = new HttpSessionEventPublisher(); - servletContext.addListener(publisher); + if (servletContext != null) { + HttpSessionEventPublisher publisher = new HttpSessionEventPublisher(); + servletContext.addListener(publisher); + } WebApplicationContextUtils.initServletPropertySources(applicationContext.getEnvironment().getPropertySources(), servletContext, applicationContext.getServletConfig()); - ServletConfig servletConfig = applicationContext.getServletConfig(); - String locations = servletConfig == null ? null : servletConfig.getInitParameter(PROFILE_CONFIG_FILE_LOCATIONS); + String locations = "${LOGIN_CONFIG_URL},file:${LOGIN_CONFIG_PATH}/login.yml,file:${CLOUDFOUNDRY_CONFIG_PATH}/login.yml,${UAA_CONFIG_URL},file:${UAA_CONFIG_FILE},file:${UAA_CONFIG_PATH}/uaa.yml,file:${CLOUDFOUNDRY_CONFIG_PATH}/uaa.yml"; List resources = new ArrayList<>(); //add default locations first - Set defaultLocation = StringUtils.commaDelimitedListToSet(servletConfig == null ? null : servletConfig.getInitParameter(PROFILE_CONFIG_FILE_DEFAULT)); + Set defaultLocation = StringUtils.commaDelimitedListToSet("uaa.yml,login.yml"); if (defaultLocation != null && defaultLocation.size() > 0) { for (String s : defaultLocation) { Resource defaultResource = new ClassPathResource(s); @@ -90,7 +87,7 @@ public void initialize(ConfigurableWebApplicationContext applicationContext) { } } - resources.addAll(getResource(servletContext, applicationContext, locations)); + resources.addAll(getResource(applicationContext, locations)); Resource yamlFromEnv = getYamlFromEnvironmentVariable(); if (yamlFromEnv != null) { @@ -98,13 +95,13 @@ public void initialize(ConfigurableWebApplicationContext applicationContext) { } if (resources.isEmpty()) { - servletContext.log("No YAML environment properties from servlet. Defaulting to servlet context."); - locations = servletContext.getInitParameter(PROFILE_CONFIG_FILE_LOCATIONS); - resources.addAll(getResource(servletContext, applicationContext, locations)); + System.out.println("No YAML environment properties from servlet. Defaulting to servlet context."); + locations = "${LOGIN_CONFIG_URL},file:${LOGIN_CONFIG_PATH}/login.yml,file:${CLOUDFOUNDRY_CONFIG_PATH}/login.yml,${UAA_CONFIG_URL},file:${UAA_CONFIG_FILE},file:${UAA_CONFIG_PATH}/uaa.yml,file:${CLOUDFOUNDRY_CONFIG_PATH}/uaa.yml"; + resources.addAll(getResource(applicationContext, locations)); } try { - servletContext.log("Loading YAML environment properties from location: " + resources.toString()); + System.out.println("Loading YAML environment properties from location: " + resources.toString()); YamlMapFactoryBean factory = new YamlMapFactoryBean(); factory.setResolutionMethod(ResolutionMethod.OVERRIDE_AND_IGNORE); @@ -115,11 +112,12 @@ public void initialize(ConfigurableWebApplicationContext applicationContext) { map.put(DEFAULT_YAML_KEY, yamlStr); NestedMapPropertySource properties = new NestedMapPropertySource("servletConfigYaml", map); applicationContext.getEnvironment().getPropertySources().addLast(properties); - applySpringProfiles(applicationContext.getEnvironment(), servletContext); - applyLog4jConfiguration(applicationContext.getEnvironment(), servletContext); + applySpringProfiles(applicationContext.getEnvironment()); + applyLog4jConfiguration(applicationContext.getEnvironment(), contextPath); } catch (Exception e) { - servletContext.log("Error loading YAML environment properties from location: " + resources.toString(), e); + System.err.println("Error loading YAML environment properties from location: " + resources.toString()); + e.printStackTrace(); } } @@ -134,14 +132,14 @@ private Resource getYamlFromEnvironmentVariable() { return null; } - private List getResource(ServletContext servletContext, ConfigurableWebApplicationContext applicationContext, + private List getResource(ConfigurableWebApplicationContext applicationContext, String locations) { List resources = new LinkedList<>(); String[] configFileLocations = locations == null ? DEFAULT_PROFILE_CONFIG_FILE_LOCATIONS : StringUtils .commaDelimitedListToStringArray(locations); for (String location : configFileLocations) { location = applicationContext.getEnvironment().resolvePlaceholders(location); - servletContext.log("Testing for YAML resources at: " + location); + System.out.println("Testing for YAML resources at: " + location); Resource resource = applicationContext.getResource(location); if (resource != null && resource.exists()) { resources.add(resource); @@ -150,7 +148,7 @@ private List getResource(ServletContext servletContext, ConfigurableWe return resources; } - private void applyLog4jConfiguration(ConfigurableEnvironment environment, ServletContext servletContext) { + private void applyLog4jConfiguration(ConfigurableEnvironment environment, String contextPath) { String log4jConfigLocation = "classpath:log4j2.properties"; if (environment.containsProperty("logging.config")) { @@ -161,15 +159,15 @@ private void applyLog4jConfiguration(ConfigurableEnvironment environment, Servle if (location != null && location.trim().length() > 0) { PropertySource environmentPropertySource = environment.getPropertySources().get(StandardEnvironment.SYSTEM_ENVIRONMENT_PROPERTY_SOURCE_NAME); if ((location.startsWith("-D") && environmentPropertySource != null && location.equals(environmentPropertySource.getProperty("LOGGING_CONFIG")))) { - servletContext.log("Ignoring Log Config Location: " + location + ". Location is suspect to be a Tomcat startup script environment variable"); + System.out.println("Ignoring Log Config Location: " + location + ". Location is suspect to be a Tomcat startup script environment variable"); } else { - servletContext.log("Setting Log Config Location: " + location + " based on logging.config setting."); + System.out.println("Setting Log Config Location: " + location + " based on logging.config setting."); log4jConfigLocation = environment.getProperty("logging.config"); } } } - servletContext.log("Loading log4j config from location: " + log4jConfigLocation); + System.out.println("Loading log4j config from location: " + log4jConfigLocation); try { String resolvedLocation = SystemPropertyUtils.resolvePlaceholders(log4jConfigLocation); URL url = ResourceUtils.getURL(resolvedLocation); @@ -181,18 +179,19 @@ private void applyLog4jConfiguration(ConfigurableEnvironment environment, Servle loggerContext.setConfigLocation(ResourceUtils.toURI(url)); } catch (FileNotFoundException | URISyntaxException e) { - servletContext.log("Error loading log4j config from location: " + log4jConfigLocation, e); + System.err.println("Error loading log4j config from location: " + log4jConfigLocation); + e.printStackTrace(); } - MDC.put("context", servletContext.getContextPath()); // used to fill in %X{context} in our `property.log_pattern` log format + MDC.put("context", contextPath); // used to fill in %X{context} in our `property.log_pattern` log format } - void applySpringProfiles(ConfigurableEnvironment environment, ServletContext servletContext) { + void applySpringProfiles(ConfigurableEnvironment environment) { String systemProfiles = System.getProperty("spring.profiles.active"); environment.setDefaultProfiles(new String[0]); if (environment.containsProperty("spring_profiles")) { String profiles = environment.getProperty("spring_profiles"); - servletContext.log("Setting active profiles: " + profiles); + System.out.println("Setting active profiles: " + profiles); environment.setActiveProfiles(StringUtils.tokenizeToStringArray(profiles, ",", true, true)); } else { if (isEmpty(systemProfiles)) { diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializerTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializerTest.java index dcfb14b1ce0..e34c8866a5d 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializerTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializerTest.java @@ -5,6 +5,7 @@ import org.apache.logging.log4j.core.LoggerContext; import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.extensions.SpringProfileCleanupExtension; +import org.hamcrest.Matchers; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Nested; @@ -26,9 +27,9 @@ import org.springframework.web.context.ConfigurableWebApplicationContext; import org.springframework.web.context.support.StandardServletEnvironment; -import javax.servlet.ServletConfig; import javax.servlet.ServletContext; import java.io.File; +import java.io.PrintStream; import java.net.URI; import java.util.Enumeration; @@ -38,8 +39,8 @@ import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertThat; -import static org.junit.Assert.assertTrue; import static org.mockito.Mockito.atLeastOnce; +import static org.mockito.Mockito.description; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; @@ -53,25 +54,17 @@ class YamlServletProfileInitializerTest { private YamlServletProfileInitializer initializer; private ConfigurableWebApplicationContext context; private StandardServletEnvironment environment; - private ServletConfig servletConfig; private ServletContext servletContext; - private String originalApplicationConfigUrl; - private String originalApplicationConfigFile; - private static final String APPLICATION_CONFIG_URL = "APPLICATION_CONFIG_URL"; - private static final String APPLICATION_CONFIG_FILE = "APPLICATION_CONFIG_FILE"; @BeforeEach void setup() { initializer = new YamlServletProfileInitializer(); context = mock(ConfigurableWebApplicationContext.class); environment = new StandardServletEnvironment(); - servletConfig = mock(ServletConfig.class); servletContext = mock(ServletContext.class); - when(servletConfig.getInitParameterNames()).thenReturn(new EmptyEnumerationOfString()); when(servletContext.getInitParameterNames()).thenReturn(new EmptyEnumerationOfString()); - when(context.getServletConfig()).thenReturn(servletConfig); when(context.getServletContext()).thenReturn(servletContext); when(context.getEnvironment()).thenReturn(environment); Mockito.doAnswer((Answer) invocation -> { @@ -79,29 +72,16 @@ void setup() { return null; }).when(servletContext).log(ArgumentMatchers.anyString()); when(servletContext.getContextPath()).thenReturn("/context"); - - originalApplicationConfigUrl = System.getProperty(APPLICATION_CONFIG_URL); - originalApplicationConfigFile = System.getProperty(APPLICATION_CONFIG_FILE); } @AfterEach void cleanup() { - if (originalApplicationConfigUrl == null) { - System.clearProperty(APPLICATION_CONFIG_URL); - } else { - System.setProperty(APPLICATION_CONFIG_URL, originalApplicationConfigUrl); - } - - if (originalApplicationConfigFile == null) { - System.clearProperty(APPLICATION_CONFIG_FILE); - } else { - System.setProperty(APPLICATION_CONFIG_FILE, originalApplicationConfigFile); - } + System.clearProperty("CLOUDFOUNDRY_CONFIG_PATH"); } @Test void loadDefaultResource() { - when(context.getResource(ArgumentMatchers.contains("${APPLICATION_CONFIG_URL}"))).thenReturn( + when(context.getResource(ArgumentMatchers.contains("${CLOUDFOUNDRY_CONFIG_PATH}"))).thenReturn( new ByteArrayResource("foo: bar\nspam:\n foo: baz".getBytes())); initializer.initialize(context); @@ -112,7 +92,7 @@ void loadDefaultResource() { @Test void loadSessionEventPublisher() { - when(context.getResource(ArgumentMatchers.contains("${APPLICATION_CONFIG_URL}"))).thenReturn( + when(context.getResource(ArgumentMatchers.contains("${CLOUDFOUNDRY_CONFIG_PATH}"))).thenReturn( new ByteArrayResource("foo: bar\nspam:\n foo: baz".getBytes())); initializer.initialize(context); @@ -153,8 +133,8 @@ void log4jConfigurationFromYaml() { @Test void loadServletConfiguredFilename() { - when(servletConfig.getInitParameter(APPLICATION_CONFIG_FILE)).thenReturn("/config/path/foo.yml"); - when(context.getResource(ArgumentMatchers.eq("file:/config/path/foo.yml"))).thenReturn( + System.setProperty("CLOUDFOUNDRY_CONFIG_PATH", "/config/path"); + when(context.getResource(ArgumentMatchers.eq("file:/config/path/uaa.yml"))).thenReturn( new ByteArrayResource("foo: bar\nspam:\n foo: baz".getBytes())); initializer.initialize(context); @@ -165,8 +145,8 @@ void loadServletConfiguredFilename() { @Test void loadServletConfiguredResource() { - when(servletConfig.getInitParameter("environmentConfigLocations")).thenReturn("foo.yml"); - when(context.getResource(ArgumentMatchers.eq("foo.yml"))).thenReturn( + System.setProperty("CLOUDFOUNDRY_CONFIG_PATH", "anywhere"); + when(context.getResource(ArgumentMatchers.eq("file:anywhere/uaa.yml"))).thenReturn( new ByteArrayResource("foo: bar\nspam:\n foo: baz-from-config".getBytes())); initializer.initialize(context); @@ -177,8 +157,8 @@ void loadServletConfiguredResource() { @Test void loadContextConfiguredResource() { - when(servletContext.getInitParameter("environmentConfigLocations")).thenReturn("foo.yml"); - when(context.getResource(ArgumentMatchers.eq("foo.yml"))).thenReturn( + System.setProperty("CLOUDFOUNDRY_CONFIG_PATH", "foo/bar"); + when(context.getResource(ArgumentMatchers.eq("file:foo/bar/uaa.yml"))).thenReturn( new ByteArrayResource("foo: bar\nspam:\n foo: baz-from-context".getBytes())); initializer.initialize(context); @@ -189,7 +169,7 @@ void loadContextConfiguredResource() { @Test void loadReplacedResource() { - System.setProperty(APPLICATION_CONFIG_URL, "file:foo/uaa.yml"); + System.setProperty("CLOUDFOUNDRY_CONFIG_PATH", "foo"); when(context.getResource(ArgumentMatchers.eq("file:foo/uaa.yml"))).thenReturn( new ByteArrayResource("foo: bar\nspam:\n foo: baz".getBytes())); @@ -202,9 +182,9 @@ void loadReplacedResource() { @Test void loadReplacedResourceFromFileLocation() { - System.setProperty(APPLICATION_CONFIG_FILE, "foo/uaa.yml"); + System.setProperty("CLOUDFOUNDRY_CONFIG_PATH", "bar"); - when(context.getResource(ArgumentMatchers.eq("file:foo/uaa.yml"))).thenReturn( + when(context.getResource(ArgumentMatchers.eq("file:bar/uaa.yml"))).thenReturn( new ByteArrayResource("foo: bar\nspam:\n foo: baz".getBytes())); initializer.initialize(context); @@ -215,8 +195,8 @@ void loadReplacedResourceFromFileLocation() { @Test void loggingConfigVariableWorks() { - System.setProperty(APPLICATION_CONFIG_FILE, "foo/uaa.yml"); - when(context.getResource(ArgumentMatchers.eq("file:foo/uaa.yml"))).thenReturn( + System.setProperty("CLOUDFOUNDRY_CONFIG_PATH", "somewhere"); + when(context.getResource(ArgumentMatchers.eq("file:somewhere/uaa.yml"))).thenReturn( new ByteArrayResource("logging:\n config: /some/path".getBytes())); initializer.initialize(context); assertEquals("/some/path", environment.getProperty("logging.config")); @@ -258,43 +238,56 @@ public String getEnvironmentVariable(String name) { assertEquals("http://login.test.url/", environment.getProperty("login.url")); } - @Test - void ignoreDashDTomcatLoggingConfigVariable() { - final String tomcatLogConfig = "-Djava.util.logging.config=/some/path/logging.properties"; - System.setProperty(APPLICATION_CONFIG_FILE, "foo/uaa.yml"); - ArgumentCaptor servletLogCaptor = ArgumentCaptor.forClass(String.class); - when(context.getResource(ArgumentMatchers.eq("file:foo/uaa.yml"))) - .thenReturn(new ByteArrayResource(("logging:\n config: " + tomcatLogConfig).getBytes())); - environment.getPropertySources().addFirst(new PropertySource(StandardEnvironment.SYSTEM_ENVIRONMENT_PROPERTY_SOURCE_NAME) { - @Override - public boolean containsProperty(String name) { - if ("LOGGING_CONFIG".equals(name)) { - return true; - } else { - return super.containsProperty(name); + @Nested + class WithFakeStdOut { + + private PrintStream originalOut; + private PrintStream mockPrintStream; + + @BeforeEach + void setUp() { + originalOut = System.out; + mockPrintStream = mock(PrintStream.class); + System.setOut(mockPrintStream); + } + + @AfterEach + void tearDown() { + System.setOut(originalOut); + } + + @Test + void ignoreDashDTomcatLoggingConfigVariable() { + final String tomcatLogConfig = "-Djava.util.logging.config=/some/path/logging.properties"; + System.setProperty("CLOUDFOUNDRY_CONFIG_PATH", "foo"); + when(context.getResource(ArgumentMatchers.eq("file:foo/uaa.yml"))) + .thenReturn(new ByteArrayResource(("logging:\n config: " + tomcatLogConfig).getBytes())); + environment.getPropertySources().addFirst(new PropertySource(StandardEnvironment.SYSTEM_ENVIRONMENT_PROPERTY_SOURCE_NAME) { + @Override + public boolean containsProperty(String name) { + if ("LOGGING_CONFIG".equals(name)) { + return true; + } else { + return super.containsProperty(name); + } } - } - @Override - public Object getProperty(String name) { - if ("LOGGING_CONFIG".equals(name)) { - return tomcatLogConfig; - } else { - return System.getenv(name); + @Override + public Object getProperty(String name) { + if ("LOGGING_CONFIG".equals(name)) { + return tomcatLogConfig; + } else { + return System.getenv(name); + } + } + }); + initializer.initialize(context); + assertEquals("-Djava.util.logging.config=/some/path/logging.properties", environment.getProperty("logging.config")); - } - }); - initializer.initialize(context); - assertEquals("-Djava.util.logging.config=/some/path/logging.properties", environment.getProperty("logging.config")); - Mockito.verify(servletContext, atLeastOnce()).log(servletLogCaptor.capture()); - boolean logEntryFound = false; - for (String s : servletLogCaptor.getAllValues()) { - if (s.startsWith("Ignoring Log Config Location") && s.contains("Tomcat startup script environment variable")) { - logEntryFound = true; - } + verify(mockPrintStream, description("Expected to find a log entry indicating that the LOGGING_CONFIG variable was found.")) + .println("Ignoring Log Config Location: -Djava.util.logging.config=/some/path/logging.properties. Location is suspect to be a Tomcat startup script environment variable"); } - assertTrue("Expected to find a log entry indicating that the LOGGING_CONFIG variable was found.", logEntryFound); } private static class EmptyEnumerationOfString implements Enumeration { @@ -341,21 +334,21 @@ void tokenizeToStringArray_RemovesSpaces() { @Test void ifNoProfilesAreSetUseHsqldb() { System.clearProperty("spring.profiles.active"); - initializer.applySpringProfiles(environment, context); + initializer.applySpringProfiles(environment); assertArrayEquals(new String[]{"hsqldb"}, environment.getActiveProfiles()); } @Test void ifProfilesAreSetUseThem() { System.setProperty("spring.profiles.active", "hsqldb,default"); - initializer.applySpringProfiles(environment, context); + initializer.applySpringProfiles(environment); assertArrayEquals(new String[]{"hsqldb", "default"}, environment.getActiveProfiles()); } @Test void defaultProfileUnset() { System.setProperty("spring.profiles.active", "hsqldb"); - initializer.applySpringProfiles(environment, context); + initializer.applySpringProfiles(environment); assertArrayEquals(new String[]{"hsqldb"}, environment.getActiveProfiles()); assertArrayEquals(new String[0], environment.getDefaultProfiles()); } @@ -364,7 +357,7 @@ void defaultProfileUnset() { void yamlConfiguredProfilesAreUsed() { System.setProperty("spring.profiles.active", "hsqldb,default"); environment.setProperty("spring_profiles", "mysql,default"); - initializer.applySpringProfiles(environment, context); + initializer.applySpringProfiles(environment); assertArrayEquals(new String[]{"mysql", "default"}, environment.getActiveProfiles()); } } @@ -387,8 +380,8 @@ void appliesCustomClassPathLogProperties() throws Exception { FileUtils.copyFile(validLog4j2PropertyFile, tempFile); - System.setProperty(APPLICATION_CONFIG_FILE, "anything"); - when(context.getResource("file:anything")) + System.setProperty("CLOUDFOUNDRY_CONFIG_PATH", "anything"); + when(context.getResource("file:anything/uaa.yml")) .thenReturn(new ByteArrayResource(("logging:\n config: " + tempFile.getAbsolutePath()).getBytes())); initializer.initialize(context); diff --git a/uaa/src/main/webapp/WEB-INF/web.xml b/uaa/src/main/webapp/WEB-INF/web.xml index 65baa0c1ce0..8804b3bc74c 100755 --- a/uaa/src/main/webapp/WEB-INF/web.xml +++ b/uaa/src/main/webapp/WEB-INF/web.xml @@ -87,16 +87,6 @@ contextInitializerClasses org.cloudfoundry.identity.uaa.impl.config.YamlServletProfileInitializer - - environmentConfigDefaults - uaa.yml,login.yml - - - environmentConfigLocations - - ${LOGIN_CONFIG_URL},file:${LOGIN_CONFIG_PATH}/login.yml,file:${CLOUDFOUNDRY_CONFIG_PATH}/login.yml,${UAA_CONFIG_URL},file:${UAA_CONFIG_FILE},file:${UAA_CONFIG_PATH}/uaa.yml,file:${CLOUDFOUNDRY_CONFIG_PATH}/uaa.yml - - 1 diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java index ed9822d406d..9549538e18a 100755 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java @@ -205,15 +205,17 @@ private static SamlIdentityProviderDefinition findProvider( private static ConfigurableApplicationContext getServletContext( final String profiles, final String uaaYamlPath) { - String[] yamlFiles = new String[]{"required_configuration.yml", uaaYamlPath}; + System.setProperty("LOGIN_CONFIG_URL", "classpath:required_configuration.yml"); + System.setProperty("UAA_CONFIG_URL", "classpath:" + uaaYamlPath); abstractRefreshableWebApplicationContext.setServletContext(mockServletContext); MockServletConfig servletConfig = new MockServletConfig(mockServletContext); - servletConfig.addInitParameter("environmentConfigLocations", StringUtils.arrayToCommaDelimitedString(yamlFiles)); abstractRefreshableWebApplicationContext.setServletConfig(servletConfig); YamlServletProfileInitializer initializer = new YamlServletProfileInitializer(); initializer.initialize(abstractRefreshableWebApplicationContext); + System.clearProperty("LOGIN_CONFIG_URL"); + System.clearProperty("UAA_CONFIG_URL"); if (profiles != null) { abstractRefreshableWebApplicationContext.getEnvironment().setActiveProfiles(StringUtils.commaDelimitedListToStringArray(profiles)); From 5e16631f174f6cf78bee03b481e10d6907c91b09 Mon Sep 17 00:00:00 2001 From: Andrew Edstrom Date: Thu, 5 Dec 2019 11:11:26 -0800 Subject: [PATCH 050/111] Fix test broken by pollution [nostory] Signed-off-by: Andrew Wittrock --- .../identity/uaa/oauth/ClientInfoEndpointTests.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ClientInfoEndpointTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ClientInfoEndpointTests.java index 34d95768215..2d2c3492c55 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ClientInfoEndpointTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ClientInfoEndpointTests.java @@ -14,6 +14,7 @@ package org.cloudfoundry.identity.uaa.oauth; import org.cloudfoundry.identity.uaa.client.ClientInfoEndpoint; +import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.cloudfoundry.identity.uaa.zone.MultitenantClientServices; import org.junit.Test; import org.mockito.Mockito; @@ -47,7 +48,7 @@ public class ClientInfoEndpointTests { @Test public void testClientinfo() { - Mockito.when(clientDetailsService.loadClientByClientId("foo", "uaa")).thenReturn(foo); + Mockito.when(clientDetailsService.loadClientByClientId("foo", IdentityZoneHolder.get().getId())).thenReturn(foo); ClientDetails client = endpoint.clientinfo(new UsernamePasswordAuthenticationToken("foo", "")); assertEquals("foo", client.getClientId()); assertNull(client.getClientSecret()); From 0f86a5a5b97787d78807e9b353a8238f1752da26 Mon Sep 17 00:00:00 2001 From: Andrew Edstrom Date: Thu, 5 Dec 2019 11:21:16 -0800 Subject: [PATCH 051/111] Test refactor - ClientInfoEndpointTests - Bump to Junit5 - Stop using init block for setup - Generally prettify Signed-off-by: Andrew Wittrock --- .../uaa/oauth/ClientInfoEndpointTests.java | 72 +++++++++---------- 1 file changed, 33 insertions(+), 39 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ClientInfoEndpointTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ClientInfoEndpointTests.java index 2d2c3492c55..95cfb1e7134 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ClientInfoEndpointTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ClientInfoEndpointTests.java @@ -1,23 +1,16 @@ -/******************************************************************************* - * Cloud Foundry - * Copyright (c) [2009-2016] Pivotal Software, Inc. All Rights Reserved. - * - * This product is licensed to you under the Apache License, Version 2.0 (the "License"). - * You may not use this product except in compliance with the License. - * - * This product includes a number of subcomponents with - * separate copyright notices and license terms. Your use of these - * subcomponents is subject to the terms and conditions of the - * subcomponent's license, as noted in the LICENSE file. - *******************************************************************************/ - package org.cloudfoundry.identity.uaa.oauth; import org.cloudfoundry.identity.uaa.client.ClientInfoEndpoint; +import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.cloudfoundry.identity.uaa.zone.MultitenantClientServices; -import org.junit.Test; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.extension.ExtendWith; +import org.mockito.InjectMocks; +import org.mockito.Mock; import org.mockito.Mockito; +import org.mockito.junit.jupiter.MockitoExtension; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.oauth2.provider.ClientDetails; import org.springframework.security.oauth2.provider.client.BaseClientDetails; @@ -25,34 +18,35 @@ import java.util.Collections; import static org.cloudfoundry.identity.uaa.oauth.token.TokenConstants.GRANT_TYPE_AUTHORIZATION_CODE; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertTrue; - -/** - * @author Dave Syer - * - */ -public class ClientInfoEndpointTests { - - private MultitenantClientServices clientDetailsService = Mockito.mock(MultitenantClientServices.class); - private ClientInfoEndpoint endpoint = new ClientInfoEndpoint(clientDetailsService); - - - private BaseClientDetails foo = new BaseClientDetails("foo", "none", "read,write", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.none"); - - { - foo.setClientSecret("bar"); - foo.setAdditionalInformation(Collections.singletonMap("key", "value")); +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; + +@ExtendWith(MockitoExtension.class) +@ExtendWith(PollutionPreventionExtension.class) +class ClientInfoEndpointTests { + + @Mock + private MultitenantClientServices mockMultitenantClientServices; + + @InjectMocks + private ClientInfoEndpoint endpoint; + + @BeforeEach + void setUp() { + BaseClientDetails baseClientDetails = new BaseClientDetails("foo", "none", "read,write", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.none"); + baseClientDetails.setClientSecret("bar"); + baseClientDetails.setAdditionalInformation(Collections.singletonMap("key", "value")); + Mockito.when(mockMultitenantClientServices.loadClientByClientId("foo", IdentityZoneHolder.get().getId())).thenReturn(baseClientDetails); } @Test - public void testClientinfo() { - Mockito.when(clientDetailsService.loadClientByClientId("foo", IdentityZoneHolder.get().getId())).thenReturn(foo); - ClientDetails client = endpoint.clientinfo(new UsernamePasswordAuthenticationToken("foo", "")); - assertEquals("foo", client.getClientId()); - assertNull(client.getClientSecret()); - assertTrue(client.getAdditionalInformation().isEmpty()); + void clientinfo() { + ClientDetails clientDetails = endpoint.clientinfo(new UsernamePasswordAuthenticationToken("foo", "")); + + assertEquals("foo", clientDetails.getClientId()); + assertNull(clientDetails.getClientSecret()); + assertTrue(clientDetails.getAdditionalInformation().isEmpty()); } } From 8fe4fa64b9b1a640a6e3f2cf843fb5efa58cb8ca Mon Sep 17 00:00:00 2001 From: Andrew Edstrom Date: Thu, 5 Dec 2019 11:26:53 -0800 Subject: [PATCH 052/111] Refactor - ClientInfoEndpoint uses IdentityZoneManager Signed-off-by: Andrew Wittrock --- .../uaa/client/ClientInfoEndpoint.java | 10 +++++--- .../uaa/oauth/ClientInfoEndpointTests.java | 25 +++++++++++++------ 2 files changed, 24 insertions(+), 11 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/client/ClientInfoEndpoint.java b/server/src/main/java/org/cloudfoundry/identity/uaa/client/ClientInfoEndpoint.java index 440414be3bf..d28ed0e0a28 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/client/ClientInfoEndpoint.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/client/ClientInfoEndpoint.java @@ -12,8 +12,8 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.client; -import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.cloudfoundry.identity.uaa.zone.MultitenantClientServices; +import org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.security.oauth2.provider.ClientDetails; import org.springframework.security.oauth2.provider.client.BaseClientDetails; @@ -33,16 +33,20 @@ public class ClientInfoEndpoint { private final MultitenantClientServices clientDetailsService; + private final IdentityZoneManager identityZoneManager; - public ClientInfoEndpoint(final @Qualifier("jdbcClientDetailsService") MultitenantClientServices clientDetailsService) { + public ClientInfoEndpoint( + final @Qualifier("jdbcClientDetailsService") MultitenantClientServices clientDetailsService, + final IdentityZoneManager identityZoneManager) { this.clientDetailsService = clientDetailsService; + this.identityZoneManager = identityZoneManager; } @RequestMapping(value = "/clientinfo") @ResponseBody public ClientDetails clientinfo(Principal principal) { String clientId = principal.getName(); - BaseClientDetails client = new BaseClientDetails(clientDetailsService.loadClientByClientId(clientId, IdentityZoneHolder.get().getId())); + BaseClientDetails client = new BaseClientDetails(clientDetailsService.loadClientByClientId(clientId, identityZoneManager.getCurrentIdentityZoneId())); client.setClientSecret(null); client.setAdditionalInformation(Collections. emptyMap()); return client; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ClientInfoEndpointTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ClientInfoEndpointTests.java index 95cfb1e7134..7ada9747f30 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ClientInfoEndpointTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ClientInfoEndpointTests.java @@ -1,50 +1,59 @@ package org.cloudfoundry.identity.uaa.oauth; import org.cloudfoundry.identity.uaa.client.ClientInfoEndpoint; -import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; -import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.cloudfoundry.identity.uaa.zone.MultitenantClientServices; +import org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; import org.mockito.InjectMocks; import org.mockito.Mock; -import org.mockito.Mockito; import org.mockito.junit.jupiter.MockitoExtension; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.oauth2.provider.ClientDetails; import org.springframework.security.oauth2.provider.client.BaseClientDetails; import java.util.Collections; +import java.util.UUID; import static org.cloudfoundry.identity.uaa.oauth.token.TokenConstants.GRANT_TYPE_AUTHORIZATION_CODE; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertNull; import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.mockito.Mockito.when; @ExtendWith(MockitoExtension.class) -@ExtendWith(PollutionPreventionExtension.class) class ClientInfoEndpointTests { @Mock private MultitenantClientServices mockMultitenantClientServices; + @Mock + private IdentityZoneManager mockIdentityZoneManager; + @InjectMocks private ClientInfoEndpoint endpoint; + private String clientId; + @BeforeEach void setUp() { - BaseClientDetails baseClientDetails = new BaseClientDetails("foo", "none", "read,write", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.none"); + clientId = "clientId-" + UUID.randomUUID().toString(); + BaseClientDetails baseClientDetails = new BaseClientDetails(clientId, "none", "read,write", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.none"); baseClientDetails.setClientSecret("bar"); baseClientDetails.setAdditionalInformation(Collections.singletonMap("key", "value")); - Mockito.when(mockMultitenantClientServices.loadClientByClientId("foo", IdentityZoneHolder.get().getId())).thenReturn(baseClientDetails); + + final var currentZoneId = "currentZoneId-" + UUID.randomUUID().toString(); + when(mockIdentityZoneManager.getCurrentIdentityZoneId()).thenReturn(currentZoneId); + + when(mockMultitenantClientServices.loadClientByClientId(clientId, currentZoneId)).thenReturn(baseClientDetails); } @Test void clientinfo() { - ClientDetails clientDetails = endpoint.clientinfo(new UsernamePasswordAuthenticationToken("foo", "")); + ClientDetails clientDetails = endpoint.clientinfo(new UsernamePasswordAuthenticationToken(clientId, "")); - assertEquals("foo", clientDetails.getClientId()); + assertEquals(clientId, clientDetails.getClientId()); assertNull(clientDetails.getClientSecret()); assertTrue(clientDetails.getAdditionalInformation().isEmpty()); } From 46c476254dc1160ead10f71f73aa16fe8efd64ad Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Wed, 4 Dec 2019 13:22:27 -0600 Subject: [PATCH 053/111] Using `./gradlew run` now uses ROOT context path - Unit tests pass [#170107012] --- README.md | 6 +-- build.gradle | 3 +- docs/Sysadmin-Guide.rst | 2 +- docs/UAA-APIs.rst | 52 +++++++++---------- docs/UAA-Tokens.md | 4 +- docs/google-oidc-provider.md | 2 +- docs/login/Okta-README.md | 8 +-- docs/login/OpenAM-README.md | 4 +- .../identity/api/web/ApiController.java | 4 +- .../src/main/resources/application.properties | 4 +- .../main/webapp/WEB-INF/spring-servlet.xml | 4 +- .../identity/api/web/ServerRunning.java | 4 +- samples/app/README.md | 2 +- .../identity/app/web/HomeController.java | 2 +- .../application-local-vcap.properties | 8 +-- .../resources/application-local.properties | 12 ++--- .../application-ruby-local.properties | 6 +-- .../src/main/resources/application.properties | 12 ++--- .../identity/uaa/home/BuildInfo.java | 2 +- .../identity/uaa/util/UaaUrlUtils.java | 2 +- server/src/main/resources/spring/login-ui.xml | 4 +- .../identity/uaa/ServerRunning.java | 2 +- ...asswordGrantAuthenticationManagerTest.java | 14 ++--- .../uaa/cache/ExpiringUrlCacheTests.java | 2 +- .../uaa/login/AccountsControllerTest.java | 2 +- .../uaa/login/LoginInfoEndpointTests.java | 22 ++++---- .../uaa/mfa/MfaUiRequiredFilterTests.java | 2 +- .../uaa/oauth/CheckTokenEndpointTests.java | 14 ++--- .../DeprecatedUaaTokenServicesTests.java | 14 ++--- .../identity/uaa/oauth/TokenTestSupport.java | 4 +- .../uaa/oauth/TokenValidationServiceTest.java | 2 +- .../uaa/oauth/openid/IdTokenCreatorTest.java | 6 +-- .../IdentityProviderEndpointsTest.java | 2 +- ...thIdentityProviderConfigValidatorTest.java | 2 +- .../saml/ZoneAwareMetadataGeneratorTests.java | 4 +- .../uaa/provider/saml/idp/SamlTestUtils.java | 44 ++++++++-------- .../ZoneAwareIdpMetadataGeneratorTest.java | 2 +- .../identity/uaa/scim/util/ScimUtilsTest.java | 6 +-- .../uaa/util/TokenValidationTest.java | 8 +-- .../identity/uaa/util/UaaUrlUtilsTest.java | 12 ++--- .../HttpHeadersFilterRequestWrapperTest.java | 2 +- .../ServiceProviderModifiedEventTest.java | 2 +- .../resources/integration.test.properties | 2 +- .../integration/IntegrationTestUtils.java | 2 +- .../source/index.html.md.erb | 24 ++++----- .../main/resources/required_configuration.yml | 2 +- uaa/src/main/resources/uaa.yml | 16 +++--- .../main/webapp/WEB-INF/spring-servlet.xml | 6 +-- .../webapp/WEB-INF/spring/oauth-clients.xml | 8 +-- .../main/webapp/WEB-INF/spring/saml-idp.xml | 2 +- .../webapp/WEB-INF/spring/saml-providers.xml | 2 +- ...uthorizationCodeGrantIntegrationTests.java | 6 +-- .../ImplicitTokenGrantIntegrationTests.java | 2 +- .../LoginInfoEndpointIntegrationTests.java | 2 +- ...orizationWithApprovalIntegrationTests.java | 2 +- ...asswordChangeEndpointIntegrationTests.java | 2 +- .../PasswordGrantIntegrationTests.java | 2 +- .../RefreshTokenSupportIntegrationTests.java | 2 +- .../ScimUserEndpointsIntegrationTests.java | 16 +++--- .../integration/feature/CreateAccountIT.java | 4 +- .../feature/IdentityZoneNotAvailableIT.java | 6 +-- .../uaa/integration/feature/OIDCLoginIT.java | 4 +- .../uaa/integration/feature/SamlLoginIT.java | 2 +- .../feature/SamlLoginWithLocalIdpIT.java | 10 ++-- .../identity/uaa/login/TokenEndpointDocs.java | 4 +- .../mock/audit/AuditCheckMockMvcTests.java | 4 +- .../saml/SamlAuthenticationMockMvcTests.java | 20 +++---- .../token/JwtBearerGrantMockMvcTests.java | 2 +- .../uaa/mock/token/TokenMvcMockTests.java | 25 +++++---- .../mock/zones/IdentityZoneEndpointDocs.java | 2 +- .../IdentityZoneEndpointsMockMvcTests.java | 18 +++---- ...lServiceProviderEndpointsMockMvcTests.java | 8 +-- .../provider/saml/UaaSamlIDPEndpointDocs.java | 2 +- .../OpenIdConnectEndpointsMockMvcTests.java | 2 +- .../resources/integration_test_properties.yml | 16 +++--- .../test/resources/session_frame_test.html | 2 +- uaa/src/test/resources/test/config/uaa.yml | 4 +- 77 files changed, 273 insertions(+), 275 deletions(-) diff --git a/README.md b/README.md index d3a3e98add2..3e20e494f0d 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ The authentication service is `uaa`. It's a plain Spring MVC webapp. Deploy as normal in Tomcat or your container of choice, or execute `./gradlew run` to run it directly from `uaa` directory in the source tree. When running with gradle it listens on port 8080 and the URL is -`http://localhost:8080/uaa` +`http://localhost:8080` The UAA Server supports the APIs defined in the UAA-APIs document. To summarise: @@ -82,7 +82,7 @@ If this works you are in business: The apps all work together with the apps running on the same port -(8080) as [`/uaa`](http://localhost:8080/uaa), [`/app`](http://localhost:8080/app) and [`/api`](http://localhost:8080/api). +(8080) as [`/uaa`](http://localhost:8080), [`/app`](http://localhost:8080/app) and [`/api`](http://localhost:8080/api). UAA will log to a file called `uaa.log` which can be found using the following command:- @@ -101,7 +101,7 @@ First run the UAA server as described above: From another terminal you can use curl to verify that UAA has started by requesting system information: - $ curl -H "Accept: application/json" localhost:8080/uaa/login + $ curl -H "Accept: application/json" localhost:8080/login { "timestamp":"2012-03-28T18:25:49+0100", "commit_id":"111274e", diff --git a/build.gradle b/build.gradle index 511002f27ec..73c8210e206 100644 --- a/build.gradle +++ b/build.gradle @@ -167,7 +167,7 @@ cargo { deployable { file = file("uaa/build/libs/cloudfoundry-identity-uaa-" + version + ".war") - context = "uaa" + context = "/" } local { @@ -235,7 +235,6 @@ task integrationTest(dependsOn: subprojects.integrationTest) { finalizedBy cargoStopLocal } - // task dependencies assemble.dependsOn subprojects.assemble test.dependsOn subprojects.test diff --git a/docs/Sysadmin-Guide.rst b/docs/Sysadmin-Guide.rst index 8fc05b6ca1f..620021a58b8 100644 --- a/docs/Sysadmin-Guide.rst +++ b/docs/Sysadmin-Guide.rst @@ -301,7 +301,7 @@ cf and uaac each need a target. cf points to a cloud controller and uaac to a ua cf target api.cf116.dev.las01.vcsops.com uaac target uaa.cf116.dev.las01.vcsops.com # dev deployment uaac target uaa.cfpartners.cloudfoundry.com # production - uaac target localhost:8080/uaa # local dev + uaac target localhost:8080 # local dev uaac context will contain clients or an end user id. These are added to your context after authenticating. diff --git a/docs/UAA-APIs.rst b/docs/UAA-APIs.rst index e742242db5f..70c70557581 100644 --- a/docs/UAA-APIs.rst +++ b/docs/UAA-APIs.rst @@ -268,10 +268,10 @@ Browser Requests Code: ``GET /oauth/authorize`` *Sample curl commands for this flow* -* ``curl -v "http://localhost:8080/uaa/oauth/authorize?response_type=code&client_id=app&scope=password.write&redirect_uri=http%3A%2F%2Fwww.example.com%2Fcallback" --cookie cookies.txt --cookie-jar cookies.txt`` -* ``curl -v http://localhost:8080/uaa/login.do -H "Referer: http://login.cloudfoundry.example.com/login" -H "Accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -d "username=marissa&password=koala&X-Uaa-Csrf=abcdef" --cookie cookies.txt --cookie-jar cookies.txt`` -* ``curl -v "http://localhost:8080/uaa/oauth/authorize?response_type=code&client_id=app&scope=password.write&redirect_uri=http%3A%2F%2Fwww.example.com%2Fcallback" --cookie cookies.txt --cookie-jar cookies.txt`` -* ``curl -v http://localhost:8080/uaa/oauth/authorize -d "scope.0=scope.password.write&user_oauth_approval=true" --cookie cookies.txt --cookie-jar cookies.txt`` +* ``curl -v "http://localhost:8080/oauth/authorize?response_type=code&client_id=app&scope=password.write&redirect_uri=http%3A%2F%2Fwww.example.com%2Fcallback" --cookie cookies.txt --cookie-jar cookies.txt`` +* ``curl -v http://localhost:8080/login.do -H "Referer: http://login.cloudfoundry.example.com/login" -H "Accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -d "username=marissa&password=koala&X-Uaa-Csrf=abcdef" --cookie cookies.txt --cookie-jar cookies.txt`` +* ``curl -v "http://localhost:8080/oauth/authorize?response_type=code&client_id=app&scope=password.write&redirect_uri=http%3A%2F%2Fwww.example.com%2Fcallback" --cookie cookies.txt --cookie-jar cookies.txt`` +* ``curl -v http://localhost:8080/oauth/authorize -d "scope.0=scope.password.write&user_oauth_approval=true" --cookie cookies.txt --cookie-jar cookies.txt`` Non-Browser Requests Code: ``GET /oauth/authorize`` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -305,10 +305,10 @@ URI. *Sample curl commands for this flow* -* ``curl -v -H "Accept:application/json" "http://localhost:8080/uaa/oauth/authorize?response_type=code&client_id=app&scope=password.write&redirect_uri=http%3A%2F%2Fwww.example.com%2Fcallback" --cookie cookies.txt --cookie-jar cookies.txt`` -* ``curl -v -H "Accept:application/json" http://localhost:8080/uaa/login.do -H "Referer: http://login.cloudfoundry.example.com/login" -H "Accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -d "username=marissa&password=koala&X-Uaa-Csrf=abcdef" --cookie cookies.txt --cookie-jar cookies.txt`` -* ``curl -v -H "Accept:application/json" "http://localhost:8080/uaa/oauth/authorize?response_type=code&client_id=app&scope=password.write&redirect_uri=http%3A%2F%2Fwww.example.com%2Fcallback" --cookie cookies.txt --cookie-jar cookies.txt`` -* ``curl -v -H "Accept:application/json" http://localhost:8080/uaa/oauth/authorize -d "scope.0=scope.password.write&user_oauth_approval=true" --cookie cookies.txt --cookie-jar cookies.txt`` +* ``curl -v -H "Accept:application/json" "http://localhost:8080/oauth/authorize?response_type=code&client_id=app&scope=password.write&redirect_uri=http%3A%2F%2Fwww.example.com%2Fcallback" --cookie cookies.txt --cookie-jar cookies.txt`` +* ``curl -v -H "Accept:application/json" http://localhost:8080/login.do -H "Referer: http://login.cloudfoundry.example.com/login" -H "Accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -d "username=marissa&password=koala&X-Uaa-Csrf=abcdef" --cookie cookies.txt --cookie-jar cookies.txt`` +* ``curl -v -H "Accept:application/json" "http://localhost:8080/oauth/authorize?response_type=code&client_id=app&scope=password.write&redirect_uri=http%3A%2F%2Fwww.example.com%2Fcallback" --cookie cookies.txt --cookie-jar cookies.txt`` +* ``curl -v -H "Accept:application/json" http://localhost:8080/oauth/authorize -d "scope.0=scope.password.write&user_oauth_approval=true" --cookie cookies.txt --cookie-jar cookies.txt`` API Authorization Requests Code: ``GET /oauth/authorize`` (non standard /oauth/authorize) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -346,8 +346,8 @@ API Authorization Requests Code: ``GET /oauth/authorize`` (non standard /oauth/a *Sample curl commands for this flow* -* curl -v -H"Authorization: Bearer $TOKEN" "http://localhost:8080/uaa/oauth/authorize?grant_type=authorization_code&client_id=identity&state=mystate&response_type=code&redirect_uri=http://localhost" -* TOKEN can be fetched by: curl -v -XPOST -H"Application/json" -u "cf:" --data "username=marissa&password=koala&client_id=cf&grant_type=password" http://localhost:8080/uaa/oauth/token +* curl -v -H"Authorization: Bearer $TOKEN" "http://localhost:8080/oauth/authorize?grant_type=authorization_code&client_id=identity&state=mystate&response_type=code&redirect_uri=http://localhost" +* TOKEN can be fetched by: curl -v -XPOST -H"Application/json" -u "cf:" --data "username=marissa&password=koala&client_id=cf&grant_type=password" http://localhost:8080/oauth/token Client Obtains Token: ``POST /oauth/token`` @@ -939,7 +939,7 @@ Curl Example POST (Token contains ``zones.write`` scope) :: -H"Accept:application/json" \ -H"Content-Type:application/json" \ -XPOST \ - http://localhost:8080/uaa/identity-zones + http://localhost:8080/identity-zones PUT (Token contains ``zones.write`` scope) :: @@ -947,7 +947,7 @@ Curl Example POST (Token contains ``zones.write`` scope) :: -d '{"id":"testzone1","subdomain":"testzone-1","name":"The Twiglet Dash Zone","description":"Like the Twilight Zone but tastier."}' \ -H"Accept:application/json" \ -H"Content-Type:application/json" \ - -XPUT http://localhost:8080/uaa/identity-zones/testzone1 + -XPUT http://localhost:8080/identity-zones/testzone1 ================ ============================================================================================================= @@ -958,7 +958,7 @@ Sequential example of creating a zone and creating an admin client in that zone ------------------------------------------------------------------------------- Example:: - uaac target http://localhost:8080/uaa + uaac target http://localhost:8080 uaac token client get admin -s adminsecret @@ -970,7 +970,7 @@ Example:: uaac -t curl -H"X-Identity-Zone-Id:testzone1" -XPOST -H"Content-Type:application/json" -H"Accept:application/json" --data '{ "client_id" : "admin", "client_secret" : "adminsecret", "scope" : ["uaa.none"], "resource_ids" : ["none"], "authorities" : ["uaa.admin","clients.read","clients.write","clients.secret","scim.read","scim.write","clients.admin"], "authorized_grant_types" : ["client_credentials"]}' /oauth/clients - uaac target http://testzone1.localhost:8080/uaa + uaac target http://testzone1.localhost:8080 uaac token client get admin -s adminsecret @@ -1136,7 +1136,7 @@ Curl Example POST (Token contains ``zones.write`` scope) :: curl -v -H"Authorization:Bearer $TOKEN" \ -XPOST -H'Content-type: application/json' \ -d '{"client_id" : "limited-client", "client_secret" : "limited-client-secret", "authorized_grant_types" : ["authorization_code"],"scope" : ["openid"],"authorities" : ["uaa.resource"], "allowedproviders" : ["uaa"]}' \ - http://localhost:8080/uaa/identity-zones/testzone1/clients + http://localhost:8080/identity-zones/testzone1/clients ================ ==================================================================================================================================================== @@ -1175,7 +1175,7 @@ Response body *example* :: Curl Example POST (Token contains ``zones.write`` scope) :: :: - curl -v -H"Authorization:Bearer $TOKEN" -XDELETE http://localhost:8080/uaa/identity-zones/testzone1/clients/limited-client + curl -v -H"Authorization:Bearer $TOKEN" -XDELETE http://localhost:8080/identity-zones/testzone1/clients/limited-client ================ ======================================================================================== @@ -1204,7 +1204,7 @@ A zone administrator has the scope ``zones.{zone id}.admin`` scope. In this exam * Target the UAA and get a token for the ``identity`` client :: - uaac target http://localhost:8080/uaa + uaac target http://localhost:8080 uaac token client get identity -s identitysecret * Create the ``testzone1`` zone @@ -1400,7 +1400,7 @@ Curl Example POST (Creating a SAML provider):: -H"Content-Type:application/json" \ -H"X-Identity-Zone-Id:testzone1" \ -d '{"originKey":"simplesamlphp","name":"simplesamlphp for testzone1","type":"saml","config":"{\"metaDataLocation\":\"\\n\\n \\n \\n begl1WVCsXSn7iHixtWPP8d/X+k=BmbKqA3A0oSLcn5jImz/l5WbpVXj+8JIpT/ENWjOjSd/gcAsZm1QvYg+RxYPBk+iV2bBxD+/yAE/w0wibsHrl0u9eDhoMRUJBUSmeyuN1lYzBuoVa08PdAGtb5cGm4DMQT5Rzakb1P0hhEPPEDDHgTTxop89LUu6xx97t2Q03Khy8mXEmBmNt2NlFxJPNt0FwHqLKOHRKBOE/+BpswlBocjOQKFsI9tG3TyjFC68mM2jo0fpUQCgj5ZfhzolvS7z7c6V201d9Tqig0/mMFFJLTN8WuZPavw22AJlMjsDY9my+4R9HKhK5U53DhcTeECs9fb4gd7p5BJy4vVp7tqqOg==\\nMIIEEzCCAvugAwIBAgIJAIc1qzLrv+5nMA0GCSqGSIb3DQEBCwUAMIGfMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ08xFDASBgNVBAcMC0Nhc3RsZSBSb2NrMRwwGgYDVQQKDBNTYW1sIFRlc3RpbmcgU2VydmVyMQswCQYDVQQLDAJJVDEgMB4GA1UEAwwXc2ltcGxlc2FtbHBocC5jZmFwcHMuaW8xIDAeBgkqhkiG9w0BCQEWEWZoYW5pa0BwaXZvdGFsLmlvMB4XDTE1MDIyMzIyNDUwM1oXDTI1MDIyMjIyNDUwM1owgZ8xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDTzEUMBIGA1UEBwwLQ2FzdGxlIFJvY2sxHDAaBgNVBAoME1NhbWwgVGVzdGluZyBTZXJ2ZXIxCzAJBgNVBAsMAklUMSAwHgYDVQQDDBdzaW1wbGVzYW1scGhwLmNmYXBwcy5pbzEgMB4GCSqGSIb3DQEJARYRZmhhbmlrQHBpdm90YWwuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4cn62E1xLqpN34PmbrKBbkOXFjzWgJ9b+pXuaRft6A339uuIQeoeH5qeSKRVTl32L0gdz2ZivLwZXW+cqvftVW1tvEHvzJFyxeTW3fCUeCQsebLnA2qRa07RkxTo6Nf244mWWRDodcoHEfDUSbxfTZ6IExSojSIU2RnD6WllYWFdD1GFpBJOmQB8rAc8wJIBdHFdQnX8Ttl7hZ6rtgqEYMzYVMuJ2F2r1HSU1zSAvwpdYP6rRGFRJEfdA9mm3WKfNLSc5cljz0X/TXy0vVlAV95l9qcfFzPmrkNIst9FZSwpvB49LyAVke04FQPPwLgVH4gphiJH3jvZ7I+J5lS8VAgMBAAGjUDBOMB0GA1UdDgQWBBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAfBgNVHSMEGDAWgBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAvMS4EQeP/ipV4jOG5lO6/tYCb/iJeAduOnRhkJk0DbX329lDLZhTTL/x/w/9muCVcvLrzEp6PN+VWfw5E5FWtZN0yhGtP9R+vZnrV+oc2zGD+no1/ySFOe3EiJCO5dehxKjYEmBRv5sU/LZFKZpozKN/BMEa6CqLuxbzb7ykxVr7EVFXwltPxzE9TmL9OACNNyF5eJHWMRMllarUvkcXlh4pux4ks9e6zV9DQBy2zds9f1I3qxg0eX6JnGrXi/ZiCT+lJgVe3ZFXiejiLAiKB04sXW3ti0LW3lx13Y1YlQ4/tlpgTgfIJxKV6nyPiLoK0nywbMd+vpAirDt2Oc+hk\\n \\n \\n \\n \\n MIIEEzCCAvugAwIBAgIJAIc1qzLrv+5nMA0GCSqGSIb3DQEBCwUAMIGfMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ08xFDASBgNVBAcMC0Nhc3RsZSBSb2NrMRwwGgYDVQQKDBNTYW1sIFRlc3RpbmcgU2VydmVyMQswCQYDVQQLDAJJVDEgMB4GA1UEAwwXc2ltcGxlc2FtbHBocC5jZmFwcHMuaW8xIDAeBgkqhkiG9w0BCQEWEWZoYW5pa0BwaXZvdGFsLmlvMB4XDTE1MDIyMzIyNDUwM1oXDTI1MDIyMjIyNDUwM1owgZ8xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDTzEUMBIGA1UEBwwLQ2FzdGxlIFJvY2sxHDAaBgNVBAoME1NhbWwgVGVzdGluZyBTZXJ2ZXIxCzAJBgNVBAsMAklUMSAwHgYDVQQDDBdzaW1wbGVzYW1scGhwLmNmYXBwcy5pbzEgMB4GCSqGSIb3DQEJARYRZmhhbmlrQHBpdm90YWwuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4cn62E1xLqpN34PmbrKBbkOXFjzWgJ9b+pXuaRft6A339uuIQeoeH5qeSKRVTl32L0gdz2ZivLwZXW+cqvftVW1tvEHvzJFyxeTW3fCUeCQsebLnA2qRa07RkxTo6Nf244mWWRDodcoHEfDUSbxfTZ6IExSojSIU2RnD6WllYWFdD1GFpBJOmQB8rAc8wJIBdHFdQnX8Ttl7hZ6rtgqEYMzYVMuJ2F2r1HSU1zSAvwpdYP6rRGFRJEfdA9mm3WKfNLSc5cljz0X/TXy0vVlAV95l9qcfFzPmrkNIst9FZSwpvB49LyAVke04FQPPwLgVH4gphiJH3jvZ7I+J5lS8VAgMBAAGjUDBOMB0GA1UdDgQWBBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAfBgNVHSMEGDAWgBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAvMS4EQeP/ipV4jOG5lO6/tYCb/iJeAduOnRhkJk0DbX329lDLZhTTL/x/w/9muCVcvLrzEp6PN+VWfw5E5FWtZN0yhGtP9R+vZnrV+oc2zGD+no1/ySFOe3EiJCO5dehxKjYEmBRv5sU/LZFKZpozKN/BMEa6CqLuxbzb7ykxVr7EVFXwltPxzE9TmL9OACNNyF5eJHWMRMllarUvkcXlh4pux4ks9e6zV9DQBy2zds9f1I3qxg0eX6JnGrXi/ZiCT+lJgVe3ZFXiejiLAiKB04sXW3ti0LW3lx13Y1YlQ4/tlpgTgfIJxKV6nyPiLoK0nywbMd+vpAirDt2Oc+hk\\n \\n \\n \\n \\n \\n \\n MIIEEzCCAvugAwIBAgIJAIc1qzLrv+5nMA0GCSqGSIb3DQEBCwUAMIGfMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ08xFDASBgNVBAcMC0Nhc3RsZSBSb2NrMRwwGgYDVQQKDBNTYW1sIFRlc3RpbmcgU2VydmVyMQswCQYDVQQLDAJJVDEgMB4GA1UEAwwXc2ltcGxlc2FtbHBocC5jZmFwcHMuaW8xIDAeBgkqhkiG9w0BCQEWEWZoYW5pa0BwaXZvdGFsLmlvMB4XDTE1MDIyMzIyNDUwM1oXDTI1MDIyMjIyNDUwM1owgZ8xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDTzEUMBIGA1UEBwwLQ2FzdGxlIFJvY2sxHDAaBgNVBAoME1NhbWwgVGVzdGluZyBTZXJ2ZXIxCzAJBgNVBAsMAklUMSAwHgYDVQQDDBdzaW1wbGVzYW1scGhwLmNmYXBwcy5pbzEgMB4GCSqGSIb3DQEJARYRZmhhbmlrQHBpdm90YWwuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4cn62E1xLqpN34PmbrKBbkOXFjzWgJ9b+pXuaRft6A339uuIQeoeH5qeSKRVTl32L0gdz2ZivLwZXW+cqvftVW1tvEHvzJFyxeTW3fCUeCQsebLnA2qRa07RkxTo6Nf244mWWRDodcoHEfDUSbxfTZ6IExSojSIU2RnD6WllYWFdD1GFpBJOmQB8rAc8wJIBdHFdQnX8Ttl7hZ6rtgqEYMzYVMuJ2F2r1HSU1zSAvwpdYP6rRGFRJEfdA9mm3WKfNLSc5cljz0X/TXy0vVlAV95l9qcfFzPmrkNIst9FZSwpvB49LyAVke04FQPPwLgVH4gphiJH3jvZ7I+J5lS8VAgMBAAGjUDBOMB0GA1UdDgQWBBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAfBgNVHSMEGDAWgBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAvMS4EQeP/ipV4jOG5lO6/tYCb/iJeAduOnRhkJk0DbX329lDLZhTTL/x/w/9muCVcvLrzEp6PN+VWfw5E5FWtZN0yhGtP9R+vZnrV+oc2zGD+no1/ySFOe3EiJCO5dehxKjYEmBRv5sU/LZFKZpozKN/BMEa6CqLuxbzb7ykxVr7EVFXwltPxzE9TmL9OACNNyF5eJHWMRMllarUvkcXlh4pux4ks9e6zV9DQBy2zds9f1I3qxg0eX6JnGrXi/ZiCT+lJgVe3ZFXiejiLAiKB04sXW3ti0LW3lx13Y1YlQ4/tlpgTgfIJxKV6nyPiLoK0nywbMd+vpAirDt2Oc+hk\\n \\n \\n \\n \\n urn:oasis:names:tc:SAML:2.0:nameid-format:transient\\n \\n \\n \\n Filip\\n Hanik\\n fhanik@pivotal.io\\n \\n\",\"idpEntityAlias\":\"simplesamlphp\",\"zoneId\":\"testzone1\",\"nameID\":\"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\",\"assertionConsumerIndex\":0,\"metadataTrustCheck\":false,\"showSamlLink\":true,\"socketFactoryClassName\":\"org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory\",\"linkText\":\"Login with TestZone1 Simple SAML PHP\",\"iconUrl\":null}","active":true,"identityZoneId":"testzone1"}' \ - http://localhost:8080/uaa/identity-providers + http://localhost:8080/identity-providers Curl Example POST (Creating a OAuth provider):: curl -v -H"Authorization:Bearer $TOKEN" \ @@ -1409,7 +1409,7 @@ Curl Example POST (Creating a OAuth provider):: -H"Content-Type:application/json" \ -H"X-Identity-Zone-Id:testzone1" \ -d '{"originKey":"my-oauth-provider","name":"oauth-provider","type":"oauth","config":"{\"authUrl\":\"http://auth.url\",\"tokenUrl\":\"http://token.url\",\"tokenKey\":\"my-token-key\",\"alias\":\"oauth-idp-alias\",\"linkText\":\"My Oauth\",\"showLinkText\":true,\"skipSslValidation\":false,\"relyingPartyId\":\"my-uaa\",\"relyingPartySecret\":\"secret\"}"}' \ - http://localhost:8080/uaa/identity-providers + http://localhost:8080/identity-providers Curl Example POST (Creating an LDAP provider):: @@ -1418,7 +1418,7 @@ Curl Example POST (Creating an LDAP provider):: -H"Content-Type:application/json" \ -H"X-Identity-Zone-Id:testzone1" \ -d '{"originKey":"ldap","name":"myldap for testzone1","type":"ldap","config":"{\"baseUrl\":\"ldaps://localhost:33636\",\"skipSSLVerification\":true,\"bindUserDn\":\"cn=admin,ou=Users,dc=test,dc=com\",\"bindPassword\":\"adminsecret\",\"userSearchBase\":\"dc=test,dc=com\",\"userSearchFilter\":\"cn={0}\",\"groupSearchBase\":\"ou=scopes,dc=test,dc=com\",\"groupSearchFilter\":\"member={0}\",\"mailAttributeName\":\"mail\",\"mailSubstitute\":null,\"ldapProfileFile\":\"ldap/ldap-search-and-bind.xml\",\"ldapGroupFile\":\"ldap/ldap-groups-map-to-scopes.xml\",\"mailSubstituteOverridesLdap\":false,\"autoAddGroups\":true,\"groupSearchSubTree\":true,\"maxGroupSearchDepth\":10,\"emailDomain\":[\"example.com\",\"another.example.com\"]}",\"attributeMappings\":{"phone_number":"phone","given_name":"firstName","external_groups":"roles","family_name":"lastName","email":"email"},"externalGroupsWhitelist":["admin","user"],"active":true,"identityZoneId":"testzone1"}' \ - http://localhost:8080/uaa/identity-providers + http://localhost:8080/identity-providers Curl Example PUT (Updating a UAA provider):: @@ -1427,7 +1427,7 @@ Curl Example PUT (Updating a UAA provider):: -H"Content-Type:application/json" \ -H"X-Identity-Zone-Id:testzone1" \ -d '{"originKey":"uaa","name":"uaa","type":"uaa","config":"{\"passwordPolicy\":{\"minLength\":6,\"maxLength\":128,\"requireUpperCaseCharacter\":1,\"requireLowerCaseCharacter\":1,\"requireDigit\":1,\"requireSpecialCharacter\":0,\"expirePasswordInMonths\":0}}"' \ - http://localhost:8080/uaa/identity-providers/[identity_provider_id] + http://localhost:8080/identity-providers/[identity_provider_id] ================ ========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================== @@ -1485,7 +1485,7 @@ Curl Example POST (Testing an LDAP provider):: -H"Content-Type:application/json" \ -H"X-Identity-Zone-Id:testzone1" \ -d '{"provider":{"id":null,"originKey":"ldap","name":"Test ldap provider","type":"ldap","config":"{\"baseUrl\":\"ldap://localhost:33389\",\"bindUserDn\":\"cn=admin,ou=Users,dc=test,dc=com\",\"bindPassword\":\"adminsecret\",\"userSearchBase\":\"dc=test,dc=com\",\"userSearchFilter\":\"cn={0}\",\"groupSearchBase\":\"ou=scopes,dc=test,dc=com\",\"groupSearchFilter\":\"member={0}\",\"mailAttributeName\":\"mail\",\"mailSubstitute\":null,\"ldapProfileFile\":\"ldap/ldap-search-and-bind.xml\",\"ldapGroupFile\":\"ldap/ldap-groups-map-to-scopes.xml\",\"mailSubstituteOverridesLdap\":false,\"autoAddGroups\":true,\"groupSearchSubTree\":true,\"maxGroupSearchDepth\":10}","version":0,"created":1427829319730,"active":true,"identityZoneId":"testzone1","last_modified":1427829319730},"credentials":{"username":"marissa2","password":"ldap"}}' \ - http://localhost:8080/uaa/identity-providers/test + http://localhost:8080/identity-providers/test ================ ========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================== @@ -1626,7 +1626,7 @@ Curl Example POST Create a user:: -XPOST -H"Accept:application/json" -H"Content-Type:application/json" --data '{"userName":"JOE_tpcqlm","name":{"formatted":"Joe User","familyName":"User","givenName":"Joe"},"emails":[{"value":"joe@blah.com"}]}' - http://localhost:8080/uaa/Users + http://localhost:8080/Users ================ ========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================== @@ -1730,7 +1730,7 @@ Curl Example PUT Create a user:: -H"Accept:application/json" -H"Content-Type:application/json" --data '{"userName":"JOE_tpcqlsm","name":{"formatted":"Joe User","familyName":"User","givenName":"Joe"},"emails":[{"value":"joe@blah.com"}]}' - http://localhost:8080/uaa/Users/24c1c1a9-9b30-4eaa-b8e3-d2e1aabf1dc7 + http://localhost:8080/Users/24c1c1a9-9b30-4eaa-b8e3-d2e1aabf1dc7 ================ ========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================== @@ -1829,7 +1829,7 @@ Curl Example PATCH Update a user:: -H"Accept:application/json" -H"Content-Type:application/json" --data '{"name":{"formatted":"Joe User","familyName":"User","givenName":"Joe"}}' - http://localhost:8080/uaa/Users/24c1c1a9-9b30-4eaa-b8e3-d2e1aabf1dc7 + http://localhost:8080/Users/24c1c1a9-9b30-4eaa-b8e3-d2e1aabf1dc7 ================ ========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================== @@ -1897,7 +1897,7 @@ Curl Example DELETE Delete a user:: -H"Authorization: Bearer $TOKEN" -XDELETE -H"Accept:application/json" - http://localhost:8080/uaa/Users/24c1c1a9-9b30-4eaa-b8e3-d2e1aabf1dc7 + http://localhost:8080/Users/24c1c1a9-9b30-4eaa-b8e3-d2e1aabf1dc7 ================ ========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================== diff --git a/docs/UAA-Tokens.md b/docs/UAA-Tokens.md index c8b23061c41..c8b97f5ba4e 100644 --- a/docs/UAA-Tokens.md +++ b/docs/UAA-Tokens.md @@ -21,7 +21,7 @@ This step requires that you have Java 1.7 or higher installed. You now have a UAA server running. There is a Ruby gem called cf-uaac, that one can use to communicate with the UAA. But for sake of clarity, we will use ```curl``` commands. - curl -v -d"username=marissa&password=koala&client_id=app&grant_type=password" -u "app:appclientsecret" http://localhost:8080/uaa/oauth/token + curl -v -d"username=marissa&password=koala&client_id=app&grant_type=password" -u "app:appclientsecret" http://localhost:8080/oauth/token This yields a return token @@ -46,7 +46,7 @@ More on Tokens can be found [here](https://developers.google.com/accounts/docs/O "user_id": "7f791ea9-99b9-423d-988b-931f0222a79f", "sub": "7f791ea9-99b9-423d-988b-931f0222a79f", "cid": "app", - "iss": "http://localhost:8080/uaa/oauth/token", + "iss": "http://localhost:8080/oauth/token", "jti": "bc3e7456-91f5-4961-b88d-db705626ba77", "client_id": "app", "iat": 1406568935, diff --git a/docs/google-oidc-provider.md b/docs/google-oidc-provider.md index 4bfad0b65fd..f47437d2e72 100644 --- a/docs/google-oidc-provider.md +++ b/docs/google-oidc-provider.md @@ -18,7 +18,7 @@ Please refer to 'https://accounts.google.com/.well-known/openid-configuration' f tokenUrl: https://www.googleapis.com/oauth2/v4/token tokenKeyUrl: https://www.googleapis.com/oauth2/v3/certs issuer: https://accounts.google.com - redirectUrl: http://localhost:8080/uaa + redirectUrl: http://localhost:8080 scopes: - openid - email diff --git a/docs/login/Okta-README.md b/docs/login/Okta-README.md index 59083d57811..cf89b17a419 100644 --- a/docs/login/Okta-README.md +++ b/docs/login/Okta-README.md @@ -5,7 +5,7 @@ It assumes that you have a SAML application setup on Okta Preview with admin rig ##Pivotal Preview and Standalone Login Server The UAA comes with with a `sample-okta-metadata.xml` file -that will redirect your SAML request back to http://localhost:8080/uaa +that will redirect your SAML request back to http://localhost:8080 This configuration requires you to have an account on https://pivotal.oktapreview.com @@ -36,7 +36,7 @@ Test SAML authentication - a) Go to http://localhost:8080/login - b) Click `Okta Preview 1` - c) Authenticate on the Okta server - - d) You should be redirected to 'localhost:8080/uaa' and be signed in with your credentials (email address) + - d) You should be redirected to 'localhost:8080' and be signed in with your credentials (email address) ##Pivotal Preview - Configure Custom Application To configure a custom redirect URL on the https://pivotal.oktapreview.com @@ -68,7 +68,7 @@ Configure Okta to have UAA as a service that wishes to authenticate - a) Go to your Okta application and click on the 'General' tab - b) Edit the SAML settings - - c) Fill in the 'SingleSignOnURL' field with 'http://localhost:8080/uaa/saml/SSO/alias/cloudfoundry-saml-login' + - c) Fill in the 'SingleSignOnURL' field with 'http://localhost:8080/saml/SSO/alias/cloudfoundry-saml-login' and select 'Use this for Recipient URL and Destination URL' - d) Fill in the 'Audience URI' field with 'cloudfoundry-saml-login' which is the entityID for the UAA This field can be set using login.entityID or login.saml.entityIDAlias. If the login.entityID is a URL, the alias @@ -81,7 +81,7 @@ Test SAML authentication - a) Go to 'My Applications' on Octa Preview - b) Click on your SAML application - - c) You should be redirected to 'localhost:8080/uaa' and be signed in with your credentials + - c) You should be redirected to 'localhost:8080' and be signed in with your credentials diff --git a/docs/login/OpenAM-README.md b/docs/login/OpenAM-README.md index 9130ba21409..38d4a1ccaac 100644 --- a/docs/login/OpenAM-README.md +++ b/docs/login/OpenAM-README.md @@ -66,7 +66,7 @@ Configure and start UAA Configure OpenAM to have UAA as a service that wishes to authenticate - a) Click 'register a service provider' - - b) Put the 'http://localhost:8080/uaa/saml/metadata' as the URL + - b) Put the 'http://localhost:8080/saml/metadata' as the URL - c) Click 'Configure' ###Step 7 @@ -83,6 +83,6 @@ Create a SAML user ###Step 8 Test SAML Authentication - - a) Go to http://localhost:8080/uaa + - a) Go to http://localhost:8080 - b) Click "Use your corporate credentials" (or the link name you configured in login.yml) - c) Sign in with the user you created diff --git a/samples/api/src/main/java/org/cloudfoundry/identity/api/web/ApiController.java b/samples/api/src/main/java/org/cloudfoundry/identity/api/web/ApiController.java index 54432167835..80d6d4b6b6c 100644 --- a/samples/api/src/main/java/org/cloudfoundry/identity/api/web/ApiController.java +++ b/samples/api/src/main/java/org/cloudfoundry/identity/api/web/ApiController.java @@ -24,8 +24,8 @@ public class ApiController { private String infoResource; - private String loginUrl = "http://localhost:8080/uaa"; - private String uaaUrl = "http://localhost:8080/uaa"; + private String loginUrl = "http://localhost:8080"; + private String uaaUrl = "http://localhost:8080"; /** * @param loginUrl the loginUrl to set diff --git a/samples/api/src/main/resources/application.properties b/samples/api/src/main/resources/application.properties index eb42e2221cd..a548f09c9ee 100755 --- a/samples/api/src/main/resources/application.properties +++ b/samples/api/src/main/resources/application.properties @@ -12,5 +12,5 @@ ############################################################################### -auth.url=http://localhost:8080/uaa/login -checkTokenEndpointUrl=http://localhost:8080/uaa/check_token +auth.url=http://localhost:8080/login +checkTokenEndpointUrl=http://localhost:8080/check_token diff --git a/samples/api/src/main/webapp/WEB-INF/spring-servlet.xml b/samples/api/src/main/webapp/WEB-INF/spring-servlet.xml index 90a80a60330..723318972b4 100755 --- a/samples/api/src/main/webapp/WEB-INF/spring-servlet.xml +++ b/samples/api/src/main/webapp/WEB-INF/spring-servlet.xml @@ -98,8 +98,8 @@ - - + + diff --git a/samples/api/src/test/java/org/cloudfoundry/identity/api/web/ServerRunning.java b/samples/api/src/test/java/org/cloudfoundry/identity/api/web/ServerRunning.java index 94e2fddc338..330b79149ed 100644 --- a/samples/api/src/test/java/org/cloudfoundry/identity/api/web/ServerRunning.java +++ b/samples/api/src/test/java/org/cloudfoundry/identity/api/web/ServerRunning.java @@ -73,7 +73,7 @@ public class ServerRunning extends TestWatchman implements RestTemplateHolder, U private static String DEFAULT_HOST = "localhost"; - private static final String DEFAULT_AUTH_SERVER_ROOT = "/uaa"; + private static final String DEFAULT_AUTH_SERVER_ROOT = "/"; private String authServerRoot = DEFAULT_AUTH_SERVER_ROOT; @@ -121,7 +121,7 @@ public void setHostName(String hostName) { public Statement apply(Statement base, FrameworkMethod method, Object target) { try { RestTemplate client = new RestTemplate(); - client.getForEntity(new UriTemplate(getUrl("/uaa/login", uaaPort)).toString(), String.class); + client.getForEntity(new UriTemplate(getUrl("/login", uaaPort)).toString(), String.class); client.getForEntity(new UriTemplate(getUrl("/api/index.html")).toString(), String.class); logger.debug("Basic connectivity test passed"); } catch (RestClientException e) { diff --git a/samples/app/README.md b/samples/app/README.md index 1dff65e37f5..dae32ff2fb1 100644 --- a/samples/app/README.md +++ b/samples/app/README.md @@ -9,7 +9,7 @@ resources in the API service. Run it with `./gradlew run` from the The application can operate in multiple different profiles according to the location (and presence) of the UAA server and the Login application. By default it will look for a UAA on -`localhost:8080/uaa`, but you can change this by setting an +`localhost:8080`, but you can change this by setting an environment variable (or System property) called `UAA_PROFILE`. In the application source code (`samples/app/src/main/resources`) you will find multiple properties files pre-configured with different likely diff --git a/samples/app/src/main/java/org/cloudfoundry/identity/app/web/HomeController.java b/samples/app/src/main/java/org/cloudfoundry/identity/app/web/HomeController.java index 6dfe484bd57..21f73ded98e 100644 --- a/samples/app/src/main/java/org/cloudfoundry/identity/app/web/HomeController.java +++ b/samples/app/src/main/java/org/cloudfoundry/identity/app/web/HomeController.java @@ -22,7 +22,7 @@ @Controller public class HomeController { - private String userAuthorizationUri = "http://localhost:8080/uaa/oauth/authorize"; + private String userAuthorizationUri = "http://localhost:8080/oauth/authorize"; private String dataUri = "http://localhost:8080/api/apps"; diff --git a/samples/app/src/main/resources/application-local-vcap.properties b/samples/app/src/main/resources/application-local-vcap.properties index 8808e211257..72e7987abbc 100755 --- a/samples/app/src/main/resources/application-local-vcap.properties +++ b/samples/app/src/main/resources/application-local-vcap.properties @@ -14,9 +14,9 @@ userInfoUri=http://uaa.vcap.me/userinfo checkTokenUrl=http://uaa.vcap.me/check_token -accessTokenUri=http://localhost:8080/uaa/oauth/token -userAuthorizationUri=http://localhost:8080/uaa/oauth/authorize -approvalsUri=http://localhost:8080/uaa/approvals +accessTokenUri=http://localhost:8080/oauth/token +userAuthorizationUri=http://localhost:8080/oauth/authorize +approvalsUri=http://localhost:8080/approvals treeUrlPattern=http://api.vcap.me/{type} dataUri=http://api.vcap.me/apps -cloudFoundryLogoutUrl=http://localhost:8080/uaa/logout.do \ No newline at end of file +cloudFoundryLogoutUrl=http://localhost:8080/logout.do \ No newline at end of file diff --git a/samples/app/src/main/resources/application-local.properties b/samples/app/src/main/resources/application-local.properties index 7cce2787e61..5bb1070101d 100755 --- a/samples/app/src/main/resources/application-local.properties +++ b/samples/app/src/main/resources/application-local.properties @@ -12,11 +12,11 @@ ############################################################################### -userInfoUri=http://localhost:8080/uaa/userinfo -checkTokenUrl=http://localhost:8080/uaa/check_token -accessTokenUri=http://localhost:8080/uaa/oauth/token -userAuthorizationUri=http://localhost:8080/uaa/oauth/authorize -approvalsUri=http://localhost:8080/uaa/approvals +userInfoUri=http://localhost:8080/userinfo +checkTokenUrl=http://localhost:8080/check_token +accessTokenUri=http://localhost:8080/oauth/token +userAuthorizationUri=http://localhost:8080/oauth/authorize +approvalsUri=http://localhost:8080/approvals treeUrlPattern=http://localhost:8080/api/{type} dataUri=http://localhost:8080/api/apps -cloudFoundryLogoutUrl=http://localhost:8080/uaa/logout.do +cloudFoundryLogoutUrl=http://localhost:8080/logout.do diff --git a/samples/app/src/main/resources/application-ruby-local.properties b/samples/app/src/main/resources/application-ruby-local.properties index ad4bcffa472..f3871f9b1ec 100755 --- a/samples/app/src/main/resources/application-ruby-local.properties +++ b/samples/app/src/main/resources/application-ruby-local.properties @@ -12,9 +12,9 @@ ############################################################################### -userInfoUri=http://localhost:8080/uaa/userinfo -checkTokenUrl=http://localhost:8080/uaa/check_token -accessTokenUri=http://localhost:8080/uaa/oauth/token +userInfoUri=http://localhost:8080/userinfo +checkTokenUrl=http://localhost:8080/check_token +accessTokenUri=http://localhost:8080/oauth/token userAuthorizationUri=http://localhost:3000/oauth/authorize approvalsUri=http://localhost:3000/approvals treeUrlPattern=http://localhost:8080/api/{type} diff --git a/samples/app/src/main/resources/application.properties b/samples/app/src/main/resources/application.properties index b60bc631952..3d888138597 100755 --- a/samples/app/src/main/resources/application.properties +++ b/samples/app/src/main/resources/application.properties @@ -12,11 +12,11 @@ ############################################################################### -userInfoUri=http://localhost:8080/uaa/userinfo -checkTokenUrl=http://localhost:8080/uaa/check_token -accessTokenUri=http://localhost:8080/uaa/oauth/token -approvalsUri=http://localhost:8080/uaa/approvals -userAuthorizationUri=http://localhost:8080/uaa/oauth/authorize +userInfoUri=http://localhost:8080/userinfo +checkTokenUrl=http://localhost:8080/check_token +accessTokenUri=http://localhost:8080/oauth/token +approvalsUri=http://localhost:8080/approvals +userAuthorizationUri=http://localhost:8080/oauth/authorize treeUrlPattern=http://localhost:8080/api/{type} dataUri=http://localhost:8080/api/apps -cloudFoundryLogoutUrl=http://localhost:8080/uaa/logout.do +cloudFoundryLogoutUrl=http://localhost:8080/logout.do diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/home/BuildInfo.java b/server/src/main/java/org/cloudfoundry/identity/uaa/home/BuildInfo.java index 5a98c468537..e6e9cb0d41a 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/home/BuildInfo.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/home/BuildInfo.java @@ -15,7 +15,7 @@ public class BuildInfo implements InitializingBean { private final Logger logger = LoggerFactory.getLogger(getClass()); - @Value("${uaa.url:http://localhost:8080/uaa}") + @Value("${uaa.url:http://localhost:8080}") private String uaaUrl; private String version; private String commitId; diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/util/UaaUrlUtils.java b/server/src/main/java/org/cloudfoundry/identity/uaa/util/UaaUrlUtils.java index d14b91b8c12..7c9167738d1 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/util/UaaUrlUtils.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/util/UaaUrlUtils.java @@ -102,7 +102,7 @@ public static String getHostForURI(String uri) { public static String getBaseURL(HttpServletRequest request) { //returns scheme, host and context path - //for example http://localhost:8080/uaa or http://login.uaa-acceptance.cf-app.com + //for example http://localhost:8080 or http://login.uaa-acceptance.cf-app.com String requestURL = request.getRequestURL().toString(); return hasText(request.getServletPath()) ? requestURL.substring(0, requestURL.lastIndexOf(request.getServletPath())) : diff --git a/server/src/main/resources/spring/login-ui.xml b/server/src/main/resources/spring/login-ui.xml index ab9bc85a0f6..dc764dfc6de 100644 --- a/server/src/main/resources/spring/login-ui.xml +++ b/server/src/main/resources/spring/login-ui.xml @@ -30,7 +30,7 @@ - @@ -468,7 +468,7 @@ - + diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/ServerRunning.java b/server/src/test/java/org/cloudfoundry/identity/uaa/ServerRunning.java index 639bef8fea5..9ea06eca7b0 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/ServerRunning.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/ServerRunning.java @@ -91,7 +91,7 @@ public class ServerRunning implements MethodRule, RestTemplateHolder, UrlHelper private static String DEFAULT_HOST = "localhost"; - private static String DEFAULT_ROOT_PATH = "/uaa"; + private static String DEFAULT_ROOT_PATH = "/"; private int port; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/PasswordGrantAuthenticationManagerTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/PasswordGrantAuthenticationManagerTest.java index 2f617374929..9ac9310f35a 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/PasswordGrantAuthenticationManagerTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/PasswordGrantAuthenticationManagerTest.java @@ -96,7 +96,7 @@ void setUp() throws Exception { when(idp.getConfig()).thenReturn(idpConfig); when(idp.getType()).thenReturn(OriginKeys.OIDC10); when(idpConfig.isPasswordGrantEnabled()).thenReturn(true); - when(idpConfig.getTokenUrl()).thenReturn(new URL("http://localhost:8080/uaa/oauth/token")); + when(idpConfig.getTokenUrl()).thenReturn(new URL("http://localhost:8080/oauth/token")); when(idpConfig.getRelyingPartyId()).thenReturn("identity"); when(idpConfig.getRelyingPartySecret()).thenReturn("identitysecret"); @@ -170,7 +170,7 @@ void testOIDCPasswordGrant() { instance.authenticate(auth); ArgumentCaptor httpEntityArgumentCaptor = ArgumentCaptor.forClass(HttpEntity.class); - verify(rt, times(1)).exchange(eq("http://localhost:8080/uaa/oauth/token"), eq(HttpMethod.POST), httpEntityArgumentCaptor.capture(),eq(new ParameterizedTypeReference>(){})); + verify(rt, times(1)).exchange(eq("http://localhost:8080/oauth/token"), eq(HttpMethod.POST), httpEntityArgumentCaptor.capture(),eq(new ParameterizedTypeReference>(){})); ArgumentCaptor tokenArgumentCaptor = ArgumentCaptor.forClass(XOAuthCodeToken.class); verify(xoAuthAuthenticationManager, times(1)).authenticate(tokenArgumentCaptor.capture()); verify(zoneAwareAuthzAuthenticationManager, times(0)).authenticate(any()); @@ -222,7 +222,7 @@ void testOIDCPasswordGrantWithForwardHeader() { instance.authenticate(auth); ArgumentCaptor httpEntityArgumentCaptor = ArgumentCaptor.forClass(HttpEntity.class); - verify(rt, times(1)).exchange(eq("http://localhost:8080/uaa/oauth/token"), eq(HttpMethod.POST), httpEntityArgumentCaptor.capture(),eq(new ParameterizedTypeReference>(){})); + verify(rt, times(1)).exchange(eq("http://localhost:8080/oauth/token"), eq(HttpMethod.POST), httpEntityArgumentCaptor.capture(),eq(new ParameterizedTypeReference>(){})); ArgumentCaptor tokenArgumentCaptor = ArgumentCaptor.forClass(XOAuthCodeToken.class); verify(xoAuthAuthenticationManager, times(1)).authenticate(tokenArgumentCaptor.capture()); verify(zoneAwareAuthzAuthenticationManager, times(0)).authenticate(any()); @@ -471,7 +471,7 @@ void testOIDCPasswordGrantWithPrompts() { instance.authenticate(auth); ArgumentCaptor httpEntityArgumentCaptor = ArgumentCaptor.forClass(HttpEntity.class); - verify(rt, times(1)).exchange(eq("http://localhost:8080/uaa/oauth/token"), eq(HttpMethod.POST), httpEntityArgumentCaptor.capture(),eq(new ParameterizedTypeReference>(){})); + verify(rt, times(1)).exchange(eq("http://localhost:8080/oauth/token"), eq(HttpMethod.POST), httpEntityArgumentCaptor.capture(),eq(new ParameterizedTypeReference>(){})); ArgumentCaptor tokenArgumentCaptor = ArgumentCaptor.forClass(XOAuthCodeToken.class); verify(xoAuthAuthenticationManager, times(1)).authenticate(tokenArgumentCaptor.capture()); verify(zoneAwareAuthzAuthenticationManager, times(0)).authenticate(any()); @@ -601,7 +601,7 @@ void testOIDCPasswordGrant_NoLoginHintWithDefaultOIDC() { instance.authenticate(auth); ArgumentCaptor httpEntityArgumentCaptor = ArgumentCaptor.forClass(HttpEntity.class); - verify(rt, times(1)).exchange(eq("http://localhost:8080/uaa/oauth/token"), eq(HttpMethod.POST), httpEntityArgumentCaptor.capture(),eq(new ParameterizedTypeReference>(){})); + verify(rt, times(1)).exchange(eq("http://localhost:8080/oauth/token"), eq(HttpMethod.POST), httpEntityArgumentCaptor.capture(),eq(new ParameterizedTypeReference>(){})); ArgumentCaptor tokenArgumentCaptor = ArgumentCaptor.forClass(XOAuthCodeToken.class); verify(xoAuthAuthenticationManager, times(1)).authenticate(tokenArgumentCaptor.capture()); verify(zoneAwareAuthzAuthenticationManager, times(0)).authenticate(any()); @@ -647,7 +647,7 @@ void testOIDCPasswordGrant_LoginHintOidcOverridesDefaultUaa() { instance.authenticate(auth); - verify(rt, times(1)).exchange(eq("http://localhost:8080/uaa/oauth/token"), eq(HttpMethod.POST), any(HttpEntity.class),eq(new ParameterizedTypeReference>(){})); + verify(rt, times(1)).exchange(eq("http://localhost:8080/oauth/token"), eq(HttpMethod.POST), any(HttpEntity.class),eq(new ParameterizedTypeReference>(){})); verify(xoAuthAuthenticationManager, times(1)).authenticate(any(XOAuthCodeToken.class)); verify(zoneAwareAuthzAuthenticationManager, times(0)).authenticate(any()); } @@ -691,7 +691,7 @@ void testOIDCPasswordGrant_NoLoginHintDefaultNotAllowedSingleIdpOIDC() { instance.authenticate(auth); - verify(rt, times(1)).exchange(eq("http://localhost:8080/uaa/oauth/token"), eq(HttpMethod.POST), any(HttpEntity.class),eq(new ParameterizedTypeReference>(){})); + verify(rt, times(1)).exchange(eq("http://localhost:8080/oauth/token"), eq(HttpMethod.POST), any(HttpEntity.class),eq(new ParameterizedTypeReference>(){})); verify(xoAuthAuthenticationManager, times(1)).authenticate(any(XOAuthCodeToken.class)); verify(zoneAwareAuthzAuthenticationManager, times(0)).authenticate(any()); } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/cache/ExpiringUrlCacheTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/cache/ExpiringUrlCacheTests.java index fb76ec649b2..8877ad71bc7 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/cache/ExpiringUrlCacheTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/cache/ExpiringUrlCacheTests.java @@ -50,7 +50,7 @@ void setup() { cache = new ExpiringUrlCache(CACHE_EXPIRATION, mockTimeService, 2); template = mock(RestTemplate.class); when(template.getForObject(any(URI.class), any())).thenReturn(content, new byte[1024]); - uri = "http://localhost:8080/uaa/.well-known/openid-configuration"; + uri = "http://localhost:8080/.well-known/openid-configuration"; } @Test diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerTest.java index 8dea90db64b..7120698c43f 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerTest.java @@ -126,7 +126,7 @@ void attemptCreateAccountWithEmailDomainRestriction() throws Exception { .param("client_id", "app") .param("redirect_uri", "http://example.com/redirect"); IdentityProvider oidcProvider = new IdentityProvider().setActive(true).setType(OriginKeys.OIDC10).setOriginKey(OriginKeys.OIDC10).setConfig(new OIDCIdentityProviderDefinition()); - oidcProvider.getConfig().setAuthUrl(new URL("http://localhost:8080/uaa/idp_login")); + oidcProvider.getConfig().setAuthUrl(new URL("http://localhost:8080/idp_login")); oidcProvider.getConfig().setEmailDomain(Collections.singletonList("example.com")); when(identityProviderProvisioning.retrieveAll(true, OriginKeys.UAA)).thenReturn(Collections.singletonList(oidcProvider)); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpointTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpointTests.java index e78baaaf03b..cbc6cf5993e 100755 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpointTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpointTests.java @@ -60,7 +60,7 @@ @ExtendWith(PollutionPreventionExtension.class) class LoginInfoEndpointTests { - private static final String HTTP_LOCALHOST_8080_UAA = "http://localhost:8080/uaa"; + private static final String HTTP_LOCALHOST_8080_UAA = "http://localhost:8080"; private static final Links DEFAULT_GLOBAL_LINKS = new Links().setSelfService(new Links.SelfService().setPasswd(null).setSignup(null)); private UaaPrincipal marissa; private List prompts; @@ -616,7 +616,7 @@ void filterIdpsForDefaultZone() throws Exception { MockHttpSession session = new MockHttpSession(); SavedRequest savedRequest = mock(SavedRequest.class); when(savedRequest.getParameterValues("client_id")).thenReturn(new String[]{"client-id"}); - when(savedRequest.getRedirectUrl()).thenReturn("http://localhost:8080/uaa"); + when(savedRequest.getRedirectUrl()).thenReturn("http://localhost:8080"); session.setAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE, savedRequest); request.setSession(session); // mock SamlIdentityProviderConfigurator @@ -896,7 +896,7 @@ void loginHintEmailDomain() throws Exception { when(mockProvider.getOriginKey()).thenReturn("my-OIDC-idp1"); when(mockProvider.getType()).thenReturn(OriginKeys.OIDC10); AbstractXOAuthIdentityProviderDefinition mockOidcConfig = mock(OIDCIdentityProviderDefinition.class); - when(mockOidcConfig.getAuthUrl()).thenReturn(new URL("http://localhost:8080/uaa")); + when(mockOidcConfig.getAuthUrl()).thenReturn(new URL("http://localhost:8080")); when(mockOidcConfig.getRelyingPartyId()).thenReturn("client-id"); when(mockOidcConfig.getResponseType()).thenReturn("token"); when(mockOidcConfig.getEmailDomain()).thenReturn(singletonList("example.com")); @@ -912,7 +912,7 @@ void loginHintEmailDomain() throws Exception { String redirect = endpoint.loginForHtml(extendedModelMap, null, mockHttpServletRequest, singletonList(MediaType.TEXT_HTML)); - assertThat(redirect, startsWith("redirect:http://localhost:8080/uaa")); + assertThat(redirect, startsWith("redirect:http://localhost:8080")); assertThat(redirect, containsString("my-OIDC-idp1")); assertNull(extendedModelMap.get("login_hint")); } @@ -1073,7 +1073,7 @@ void loginHintOriginOidc() throws Exception { String redirect = endpoint.loginForHtml(extendedModelMap, null, mockHttpServletRequest, singletonList(MediaType.TEXT_HTML)); - assertThat(redirect, startsWith("redirect:http://localhost:8080/uaa")); + assertThat(redirect, startsWith("redirect:http://localhost:8080")); assertThat(redirect, containsString("my-OIDC-idp1")); assertNull(extendedModelMap.get("login_hint")); } @@ -1254,7 +1254,7 @@ void defaultProviderOIDC() throws Exception { String redirect = endpoint.loginForHtml(extendedModelMap, null, mockHttpServletRequest, singletonList(MediaType.TEXT_HTML)); - assertThat(redirect, startsWith("redirect:http://localhost:8080/uaa")); + assertThat(redirect, startsWith("redirect:http://localhost:8080")); assertThat(redirect, containsString("my-OIDC-idp1")); } @@ -1294,7 +1294,7 @@ void defaultProviderBeforeDiscovery() throws Exception { String redirect = endpoint.loginForHtml(extendedModelMap, null, mockHttpServletRequest, singletonList(MediaType.TEXT_HTML)); - assertThat(redirect, startsWith("redirect:http://localhost:8080/uaa")); + assertThat(redirect, startsWith("redirect:http://localhost:8080")); assertThat(redirect, containsString("my-OIDC-idp1")); } @@ -1315,7 +1315,7 @@ void loginHintOverridesDefaultProvider() throws Exception { String redirect = endpoint.loginForHtml(extendedModelMap, null, mockHttpServletRequest, singletonList(MediaType.TEXT_HTML)); - assertThat(redirect, startsWith("redirect:http://localhost:8080/uaa")); + assertThat(redirect, startsWith("redirect:http://localhost:8080")); assertThat(redirect, containsString("my-OIDC-idp1")); assertNull(extendedModelMap.get("login_hint")); } @@ -1371,7 +1371,7 @@ void defaultProviderLdapWithAllowedOnlyOIDC() throws Exception { String redirect = endpoint.loginForHtml(extendedModelMap, null, mockHttpServletRequest, singletonList(MediaType.TEXT_HTML)); - assertThat(redirect, startsWith("redirect:http://localhost:8080/uaa")); + assertThat(redirect, startsWith("redirect:http://localhost:8080")); assertThat(redirect, containsString("my-OIDC-idp1")); assertFalse(extendedModelMap.containsKey("login_hint")); } @@ -1443,7 +1443,7 @@ private MockHttpServletRequest getMockHttpServletRequest() { SavedRequest savedRequest = mock(SavedRequest.class); when(savedRequest.getParameterValues("client_id")).thenReturn(new String[]{"client-id"}); when(savedRequest.getRedirectUrl()) - .thenReturn("http://localhost:8080/uaa/oauth/authorize?client_id=identity&redirect_uri=http%3A%2F%2Flocalhost%3A8888%2Flogin&response_type=code&state=8tp0tR"); + .thenReturn("http://localhost:8080/oauth/authorize?client_id=identity&redirect_uri=http%3A%2F%2Flocalhost%3A8888%2Flogin&response_type=code&state=8tp0tR"); session.setAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE, savedRequest); request.setSession(session); return request; @@ -1549,7 +1549,7 @@ private static void mockOidcProvider(IdentityProviderProvisioning mockIdentityPr when(mockProvider.getOriginKey()).thenReturn("my-OIDC-idp1"); when(mockProvider.getType()).thenReturn(OriginKeys.OIDC10); AbstractXOAuthIdentityProviderDefinition mockOidcConfig = mock(OIDCIdentityProviderDefinition.class); - when(mockOidcConfig.getAuthUrl()).thenReturn(new URL("http://localhost:8080/uaa")); + when(mockOidcConfig.getAuthUrl()).thenReturn(new URL("http://localhost:8080")); when(mockOidcConfig.getRelyingPartyId()).thenReturn("client-id"); when(mockOidcConfig.getResponseType()).thenReturn("token"); when(mockProvider.getConfig()).thenReturn(mockOidcConfig); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/MfaUiRequiredFilterTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/MfaUiRequiredFilterTests.java index 70273dd89c0..2adadd0f428 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/MfaUiRequiredFilterTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/MfaUiRequiredFilterTests.java @@ -275,7 +275,7 @@ void do_filter_mfa_completed_no_saved_request() throws Exception { @Test void do_filter_mfa_completed_with_saved_request() throws Exception { SavedRequest savedRequest = mock(SavedRequest.class); - String redirect = "http://localhost:8080/uaa/oauth/authorize"; + String redirect = "http://localhost:8080/oauth/authorize"; when(savedRequest.getRedirectUrl()).thenReturn(redirect); when(requestCache.getRequest(same(request), same(response))).thenReturn(savedRequest); request.setContextPath("/uaa"); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/CheckTokenEndpointTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/CheckTokenEndpointTests.java index 5b6cf3b63a2..236326a6883 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/CheckTokenEndpointTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/CheckTokenEndpointTests.java @@ -285,7 +285,7 @@ public void setUp(boolean opaque) throws Exception { .setStatus(ApprovalStatus.APPROVED) .setLastUpdatedAt(oneSecondAgo), IdentityZoneHolder.get().getId()); - defaultClient = new BaseClientDetails("client", "scim, cc", "read, write", "authorization_code, password", "scim.read, scim.write, cat.pet", "http://localhost:8080/uaa"); + defaultClient = new BaseClientDetails("client", "scim, cc", "read, write", "authorization_code, password", "scim.read, scim.write, cat.pet", "http://localhost:8080"); clientDetailsStore = Collections.singletonMap( "client", @@ -294,9 +294,9 @@ public void setUp(boolean opaque) throws Exception { clientDetailsService.setClientDetailsStore(zone.getId(), clientDetailsStore); clientDetailsService.setClientDetailsStore(IdentityZoneHolder.get().getId(), clientDetailsStore); - tokenEndpointBuilder = new TokenEndpointBuilder("http://localhost:8080/uaa"); + tokenEndpointBuilder = new TokenEndpointBuilder("http://localhost:8080"); userDatabase = mock(UaaUserDatabase.class); - KeyInfoService keyInfoService = new KeyInfoService("http://localhost:8080/uaa"); + KeyInfoService keyInfoService = new KeyInfoService("http://localhost:8080"); tokenValidationService = new TokenValidationService(tokenProvisioning, tokenEndpointBuilder, userDatabase, clientDetailsService, keyInfoService); ApprovalService approvalService = new ApprovalService(timeService, approvalStore); tokenServices = new UaaTokenServices( @@ -341,7 +341,7 @@ private void resetAndMockUserDatabase(String userId, UaaUser user) { public void testClientWildcard() throws Exception { BaseClientDetails client = new BaseClientDetails("client", "zones", "zones.*.admin", "authorization_code, password", - "scim.read, scim.write", "http://localhost:8080/uaa"); + "scim.read, scim.write", "http://localhost:8080"); client.setAutoApproveScopes(Collections.singletonList("zones.*.admin")); Map clientDetailsStore = Collections.singletonMap("client", client); @@ -552,7 +552,7 @@ public void revokingScopesFromUser_invalidatesToken() throws Exception { @Test(expected = InvalidTokenException.class) public void revokingScopesFromClient_invalidatesToken() throws Exception { OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); - defaultClient = new BaseClientDetails("client", "scim, cc", "write", "authorization_code, password", "scim.read, scim.write", "http://localhost:8080/uaa"); + defaultClient = new BaseClientDetails("client", "scim, cc", "write", "authorization_code, password", "scim.read, scim.write", "http://localhost:8080"); clientDetailsStore = Collections.singletonMap("client", defaultClient); clientDetailsService.setClientDetailsStore(IdentityZoneHolder.get().getId(), clientDetailsStore); @@ -561,7 +561,7 @@ public void revokingScopesFromClient_invalidatesToken() throws Exception { @Test(expected = InvalidTokenException.class) public void revokingAuthoritiesFromClients_invalidatesToken() throws Exception { - defaultClient = new BaseClientDetails("client", "scim, cc", "write,read", "authorization_code, password", "scim.write", "http://localhost:8080/uaa"); + defaultClient = new BaseClientDetails("client", "scim, cc", "write,read", "authorization_code, password", "scim.write", "http://localhost:8080"); clientDetailsStore = Collections.singletonMap( "client", defaultClient @@ -900,7 +900,7 @@ public void testClientAuthoritiesNotInResult() throws Exception { @Test(expected = InvalidTokenException.class) public void testExpiredToken() throws Exception { BaseClientDetails clientDetails = new BaseClientDetails("client", "scim, cc", "read, write", - "authorization_code, password", "scim.read, scim.write", "http://localhost:8080/uaa"); + "authorization_code, password", "scim.read, scim.write", "http://localhost:8080"); Integer validitySeconds = 1; clientDetails.setAccessTokenValiditySeconds(validitySeconds); Map clientDetailsStore = Collections.singletonMap("client", clientDetails); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/DeprecatedUaaTokenServicesTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/DeprecatedUaaTokenServicesTests.java index 79341adad37..df99f603ef8 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/DeprecatedUaaTokenServicesTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/DeprecatedUaaTokenServicesTests.java @@ -387,7 +387,7 @@ public void testCreateAccessTokenForAnotherIssuer() throws Exception { IdentityZone identityZone = getIdentityZone(subdomain); identityZone.setConfig( JsonUtils.readValue( - "{\"issuer\": \"http://uaamaster:8080/uaa\"}", + "{\"issuer\": \"http://uaamaster:8080\"}", IdentityZoneConfiguration.class ) ); @@ -402,12 +402,12 @@ public void testCreateAccessTokenForAnotherIssuer() throws Exception { OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), null); - tokenServices.setTokenEndpointBuilder(new TokenEndpointBuilder("http://uaaslave:8080/uaa")); + tokenServices.setTokenEndpointBuilder(new TokenEndpointBuilder("http://uaaslave:8080")); OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); assertCommonClientAccessTokenProperties(accessToken); assertThat(accessToken, validFor(is(tokenSupport.accessTokenValidity))); - assertThat(accessToken, issuerUri(is("http://uaamaster:8080/uaa/oauth/token"))); + assertThat(accessToken, issuerUri(is("http://uaamaster:8080/oauth/token"))); assertThat(accessToken, zoneId(is(IdentityZoneHolder.get().getId()))); assertThat(accessToken.getRefreshToken(), is(nullValue())); validateExternalAttributes(accessToken); @@ -511,7 +511,7 @@ public void testCreateAccessTokenForAClientInAnotherIdentityZone() { this.assertCommonClientAccessTokenProperties(accessToken); assertThat(accessToken, validFor(is(3600))); - assertThat(accessToken, issuerUri(is("http://" + subdomain + ".localhost:8080/uaa/oauth/token"))); + assertThat(accessToken, issuerUri(is("http://" + subdomain + ".localhost:8080/oauth/token"))); assertThat(accessToken.getRefreshToken(), is(nullValue())); validateExternalAttributes(accessToken); @@ -750,7 +750,7 @@ public void createAccessToken_usingRefreshGrant_inOtherZone() { assertEquals(refreshedAccessToken.getRefreshToken().getValue(), accessToken.getRefreshToken().getValue()); this.assertCommonUserAccessTokenProperties(refreshedAccessToken, CLIENT_ID); - assertThat(refreshedAccessToken, issuerUri(is("http://test-zone-subdomain.localhost:8080/uaa/oauth/token"))); + assertThat(refreshedAccessToken, issuerUri(is("http://test-zone-subdomain.localhost:8080/oauth/token"))); assertThat(refreshedAccessToken, scope(is(tokenSupport.requestedAuthScopes))); assertThat(refreshedAccessToken, validFor(is(3600))); validateExternalAttributes(accessToken); @@ -1156,14 +1156,14 @@ public void createAccessToken_forUser_inanotherzone() { OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); this.assertCommonUserAccessTokenProperties(accessToken, CLIENT_ID); - assertThat(accessToken, issuerUri(is("http://test-zone-subdomain.localhost:8080/uaa/oauth/token"))); + assertThat(accessToken, issuerUri(is("http://test-zone-subdomain.localhost:8080/oauth/token"))); assertThat(accessToken, scope(is(tokenSupport.requestedAuthScopes))); assertThat(accessToken, validFor(is(3600))); assertThat(accessToken.getRefreshToken(), is(not(nullValue()))); OAuth2RefreshToken refreshToken = accessToken.getRefreshToken(); this.assertCommonUserRefreshTokenProperties(refreshToken); - assertThat(refreshToken, OAuth2RefreshTokenMatchers.issuerUri(is("http://test-zone-subdomain.localhost:8080/uaa/oauth/token"))); + assertThat(refreshToken, OAuth2RefreshTokenMatchers.issuerUri(is("http://test-zone-subdomain.localhost:8080/oauth/token"))); assertThat(refreshToken, OAuth2RefreshTokenMatchers.validFor(is(9600))); this.assertCommonEventProperties(accessToken, tokenSupport.userId, buildJsonString(tokenSupport.requestedAuthScopes)); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenTestSupport.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenTestSupport.java index e28db27cdb1..4d247e93e00 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenTestSupport.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenTestSupport.java @@ -87,7 +87,7 @@ public class TokenTestSupport { public static final String CLIENT_ID_NO_REFRESH_TOKEN_GRANT = "client_without_refresh_grant"; public static final String GRANT_TYPE = "grant_type"; public static final String CLIENT_AUTHORITIES = "read,update,write,openid"; - public static final String ISSUER_URI = "http://localhost:8080/uaa/oauth/token"; + public static final String ISSUER_URI = "http://localhost:8080/oauth/token"; public static final String READ = "read"; public static final String WRITE = "write"; public static final String DELETE = "delete"; @@ -97,7 +97,7 @@ public class TokenTestSupport { public static final String OPENID = "openid"; public static final String ROLES = "roles"; public static final String PROFILE = "profile"; - public static final String DEFAULT_ISSUER = "http://localhost:8080/uaa"; + public static final String DEFAULT_ISSUER = "http://localhost:8080"; String userId = "12345"; String username = "jdsa"; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenValidationServiceTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenValidationServiceTest.java index 44f4ed1d3eb..de04f57e4b4 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenValidationServiceTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenValidationServiceTest.java @@ -74,7 +74,7 @@ public void setup() { tokenEndpointBuilder, userDatabase, mockMultitenantClientServices, - new KeyInfoService("http://localhost:8080/uaa") + new KeyInfoService("http://localhost:8080") ); } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/openid/IdTokenCreatorTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/openid/IdTokenCreatorTest.java index 018188e879f..7450ae67e7f 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/openid/IdTokenCreatorTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/openid/IdTokenCreatorTest.java @@ -71,8 +71,8 @@ class IdTokenCreatorTest { @BeforeEach void setup() throws Exception { - issuerUrl = "http://localhost:8080/uaa/oauth/token"; - uaaUrl = "http://localhost:8080/uaa"; + issuerUrl = "http://localhost:8080/oauth/token"; + uaaUrl = "http://localhost:8080"; clientId = "clientId"; clientsecret = "clientsecret"; tokensalt = "tokensalt"; @@ -378,6 +378,6 @@ void idToken_containsZonifiedIssuerUrl() throws Exception { IdToken idToken = tokenCreator.create(clientId, userId, userAuthenticationData); - assertThat(idToken.iss, is("http://myzone.localhost:8080/uaa/oauth/token")); + assertThat(idToken.iss, is("http://myzone.localhost:8080/oauth/token")); } } \ No newline at end of file diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpointsTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpointsTest.java index 9ad544a266a..985a32aab7b 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpointsTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpointsTest.java @@ -74,7 +74,7 @@ public IdentityProvider getXOAuthProvi config.addAttributeMapping("user.attribute." + "the_client_id", "cid"); config.setStoreCustomAttributes(true); - String urlBase = "http://localhost:8080/"; + String urlBase = "http://localhost:8080"; try { config.setAuthUrl(new URL(urlBase + "/oauth/authorize")); config.setTokenUrl(new URL(urlBase + "/oauth/token")); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthIdentityProviderConfigValidatorTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthIdentityProviderConfigValidatorTest.java index 2b11f37ba28..b8f8d1fda63 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthIdentityProviderConfigValidatorTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthIdentityProviderConfigValidatorTest.java @@ -33,7 +33,7 @@ public void discovery_url_renders_other_urls_nullable() throws Exception { definition.setTokenUrl(null); definition.setTokenKeyUrl(null); definition.setTokenKey(null); - ((OIDCIdentityProviderDefinition)definition).setDiscoveryUrl(new URL("http://localhost:8080/uaa/.well-known/openid-configuration")); + ((OIDCIdentityProviderDefinition)definition).setDiscoveryUrl(new URL("http://localhost:8080/.well-known/openid-configuration")); validator = new XOAuthIdentityProviderConfigValidator(); validator.validate(definition); } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/ZoneAwareMetadataGeneratorTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/ZoneAwareMetadataGeneratorTests.java index 7fa2c1f823f..5983fbbcf21 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/ZoneAwareMetadataGeneratorTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/ZoneAwareMetadataGeneratorTests.java @@ -70,7 +70,7 @@ void setUp() { otherZone.setConfig(otherZoneDefinition); generator = new ZoneAwareMetadataGenerator(); - generator.setEntityBaseURL("http://localhost:8080/uaa"); + generator.setEntityBaseURL("http://localhost:8080"); generator.setEntityId("entityIdValue"); extendedMetadata = new org.springframework.security.saml.metadata.ExtendedMetadata(); @@ -109,7 +109,7 @@ void testRequestAndWantAssertionSignedInAnotherZone() { @Test void testMetadataContainsSamlBearerGrantEndpoint() throws Exception { String metadata = getMetadata(otherZone, keyManager, generator, extendedMetadata); - assertThat(metadata, containsString("md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:URI\" Location=\"http://zone-id.localhost:8080/uaa/oauth/token/alias/zone-id.entityAlias\" index=\"1\"/>")); + assertThat(metadata, containsString("md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:URI\" Location=\"http://zone-id.localhost:8080/oauth/token/alias/zone-id.entityAlias\" index=\"1\"/>")); } @Test diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/idp/SamlTestUtils.java b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/idp/SamlTestUtils.java index cccb9cfc90b..16c770ea06c 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/idp/SamlTestUtils.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/idp/SamlTestUtils.java @@ -144,7 +144,7 @@ public class SamlTestUtils { "EwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\n" + "MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\n" + "2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\n" + - "ePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"; + "ePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"; public static final String SAML_IDP_METADATA_REDIRECT_ONLY = "\n" + "8rJXCEVOlzN2dmhPBlxbYdTS1Dc=GQgfzz5mSlUxFLeCdDFI76IeG8Y4kpvRtASHypPwFi8usO6uuuaESxiqd97pBz79TNXEoxRkVurbPOEA6Am4sV35GZD5TEAqnjhFN1ZVl4Pe0aW23BN/RoA7lECfom7ONcOKMLePmLJuFSKQb4FioIzF2oCoY9ZQbcTYgrTwJVI=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\n" + @@ -192,7 +192,7 @@ public class SamlTestUtils { "ePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=" + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:persistent" + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" + - "" + + "" + ""; public static final String SAML_IDP_METADATA_POST_ONLY = "\n" + @@ -241,7 +241,7 @@ public class SamlTestUtils { "ePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=" + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:persistent" + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" + - "" + + "" + ""; private XMLObjectBuilderFactory builderFactory; @@ -326,7 +326,7 @@ IdpMetadataGenerator mockIdpMetadataGenerator() { IdpMetadataGenerator metadataGenerator = new IdpMetadataGenerator(); metadataGenerator.setEntityId(IDP_ENTITY_ID); - metadataGenerator.setEntityBaseURL("http://localhost:8080/uaa/saml/idp"); + metadataGenerator.setEntityBaseURL("http://localhost:8080/saml/idp"); metadataGenerator.setExtendedMetadata(extendedMetadata); KeyManager keyManager = mock(KeyManager.class); @@ -341,7 +341,7 @@ private EntityDescriptor mockSpMetadata() { MetadataGenerator metadataGenerator = new MetadataGenerator(); metadataGenerator.setExtendedMetadata(extendedMetadata); metadataGenerator.setEntityId(SP_ENTITY_ID); - metadataGenerator.setEntityBaseURL("http://localhost:8080/uaa/saml"); + metadataGenerator.setEntityBaseURL("http://localhost:8080/saml"); metadataGenerator.setWantAssertionSigned(false); KeyManager keyManager = mock(KeyManager.class); @@ -554,14 +554,14 @@ UaaAuthentication mockUaaAuthentication(String id) { + "" + "" + "" - + "" - + "" + + "" + + "" + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName" - + "" + + "" + "" + ""; @@ -614,14 +614,14 @@ UaaAuthentication mockUaaAuthentication(String id) { + "" + "" + "" - + "" - + "" + + "" + + "" + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName" - + "" + + "" + "" + ""; @@ -674,14 +674,14 @@ UaaAuthentication mockUaaAuthentication(String id) { + "" + "" + "" - + "" - + "" + + "" + + "" + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName" - + "" + + "" + "" + ""; @@ -734,10 +734,10 @@ UaaAuthentication mockUaaAuthentication(String id) { + "" + "" + "" - + "" - + "" + + "" + + "" + "%s" - + "" + + "" + "" + ""; @@ -784,7 +784,7 @@ UaaAuthentication mockUaaAuthentication(String id) { "EwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\n" + "MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\n" + "2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\n" + - "ePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"; + "ePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"; public static final String SAML_IDP_METADATA_ARTIFACT_FIRST = "\n" + "8rJXCEVOlzN2dmhPBlxbYdTS1Dc=GQgfzz5mSlUxFLeCdDFI76IeG8Y4kpvRtASHypPwFi8usO6uuuaESxiqd97pBz79TNXEoxRkVurbPOEA6Am4sV35GZD5TEAqnjhFN1ZVl4Pe0aW23BN/RoA7lECfom7ONcOKMLePmLJuFSKQb4FioIzF2oCoY9ZQbcTYgrTwJVI=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\n" + @@ -832,9 +832,9 @@ UaaAuthentication mockUaaAuthentication(String id) { "ePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=" + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:persistent" + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" + - "" + - "" + - ""; + "" + + "" + + ""; public static final String SAML_IDP_METADATA_ARTIFACT_ONLY = "\n" + "8rJXCEVOlzN2dmhPBlxbYdTS1Dc=GQgfzz5mSlUxFLeCdDFI76IeG8Y4kpvRtASHypPwFi8usO6uuuaESxiqd97pBz79TNXEoxRkVurbPOEA6Am4sV35GZD5TEAqnjhFN1ZVl4Pe0aW23BN/RoA7lECfom7ONcOKMLePmLJuFSKQb4FioIzF2oCoY9ZQbcTYgrTwJVI=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\n" + @@ -882,7 +882,7 @@ UaaAuthentication mockUaaAuthentication(String id) { "ePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=" + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:persistent" + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" + - ""; + ""; private static final String DEFAULT_NAME_ID_FORMATS = diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/idp/ZoneAwareIdpMetadataGeneratorTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/idp/ZoneAwareIdpMetadataGeneratorTest.java index ffebcb18c10..e67a02c1030 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/idp/ZoneAwareIdpMetadataGeneratorTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/idp/ZoneAwareIdpMetadataGeneratorTest.java @@ -68,7 +68,7 @@ void setup() { extendedMetadata.setAlias("entityAlias"); extendedMetadata.setSignMetadata(true); zoneAwareIdpMetadataGenerator.setExtendedMetadata((IdpExtendedMetadata) extendedMetadata); - zoneAwareIdpMetadataGenerator.setEntityBaseURL("http://localhost:8080/uaa"); + zoneAwareIdpMetadataGenerator.setEntityBaseURL("http://localhost:8080"); keyManager = new ZoneAwareKeyManager(); zoneAwareIdpMetadataGenerator.setKeyManager(keyManager); } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/util/ScimUtilsTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/util/ScimUtilsTest.java index 6e41409d82a..a166132db2b 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/util/ScimUtilsTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/util/ScimUtilsTest.java @@ -79,7 +79,7 @@ void setUp() { request.setScheme("http"); request.setServerName("localhost"); request.setServerPort(8080); - request.setContextPath("/uaa"); + request.setContextPath("/"); ServletRequestAttributes attrs = new ServletRequestAttributes(request); @@ -101,7 +101,7 @@ class WhenZoneIsUaa { void getVerificationURL() throws MalformedURLException { URL actual = ScimUtils.getVerificationURL(mockExpiringCode, IdentityZone.getUaa()); - URL expected = new URL("http://localhost:8080/uaa/verify_user?code=code"); + URL expected = new URL("http://localhost:8080/verify_user?code=code"); assertThat(actual.toString(), is(expected.toString())); } @@ -118,7 +118,7 @@ void getVerificationURL() throws MalformedURLException { URL actual = ScimUtils.getVerificationURL(mockExpiringCode, mockIdentityZone); - URL expected = new URL("http://subdomain.localhost:8080/uaa/verify_user?code=code"); + URL expected = new URL("http://subdomain.localhost:8080/verify_user?code=code"); assertThat(actual.toString(), is(expected.toString())); } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/util/TokenValidationTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/util/TokenValidationTest.java index 6abeefdd3f9..7ffa3daf089 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/util/TokenValidationTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/util/TokenValidationTest.java @@ -160,7 +160,7 @@ public void setup() { entry("rev_sig", "fa1c787d"), entry("iat", 1458953932), entry("exp", 1458997132), - entry("iss", "http://localhost:8080/uaa/oauth/token"), + entry("iss", "http://localhost:8080/oauth/token"), entry("zid", "uaa"), entry("aud", Arrays.asList("app", "acme")), entry("revocable", true) @@ -333,7 +333,7 @@ public void required_groups_are_missing() { @Test public void checking_token_happy_case() { buildAccessTokenValidator(getToken(), new KeyInfoService("https://localhost")) - .checkIssuer("http://localhost:8080/uaa/oauth/token") + .checkIssuer("http://localhost:8080/oauth/token") .checkClient((clientId) -> inMemoryMultitenantClientServices.loadClientByClientId(clientId)) .checkExpiry(oneSecondBeforeTheTokenExpires) .checkUser((uid) -> userDb.retrieveUserById(uid)) @@ -379,7 +379,7 @@ public void validateToken_Without_Email_And_Username_should_not_throw_exception( buildAccessTokenValidator( getToken(Arrays.asList(EMAIL, USER_NAME)), new KeyInfoService("https://localhost")) .checkSignature(verifier) - .checkIssuer("http://localhost:8080/uaa/oauth/token") + .checkIssuer("http://localhost:8080/oauth/token") .checkClient((clientId) -> inMemoryMultitenantClientServices.loadClientByClientId(clientId)) .checkExpiry(oneSecondBeforeTheTokenExpires) .checkUser((uid) -> userDb.retrieveUserById(uid)) @@ -444,7 +444,7 @@ public void emptyBodyJwt_failsCheckingIssuer() { TokenValidation validation = buildAccessTokenValidator(getToken(), new KeyInfoService("https://localhost")); expectedException.expect(InvalidTokenException.class); - validation.checkIssuer("http://localhost:8080/uaa/oauth/token"); + validation.checkIssuer("http://localhost:8080/oauth/token"); } @Test diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/util/UaaUrlUtilsTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/util/UaaUrlUtilsTest.java index 9e0e096ddd2..8ad4732b043 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/util/UaaUrlUtilsTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/util/UaaUrlUtilsTest.java @@ -57,7 +57,7 @@ class UaaUrlUtilsTest { private List validUrls = Arrays.asList( "http://localhost", "http://localhost:8080", - "http://localhost:8080/uaa", + "http://localhost:8080", "http://valid.com", "http://sub.valid.com", "http://valid.com/with/path", @@ -100,7 +100,7 @@ void tearDown() { @Test void getParameterMapFromQueryString() { - String url = "http://localhost:8080/uaa/oauth/authorize?client_id=app-addnew-false4cEsLB&response_type=code&redirect_uri=http%3A%2F%2Fnosuchhostname%3A0%2Fnosuchendpoint"; + String url = "http://localhost:8080/oauth/authorize?client_id=app-addnew-false4cEsLB&response_type=code&redirect_uri=http%3A%2F%2Fnosuchhostname%3A0%2Fnosuchendpoint"; Map map = UaaUrlUtils.getParameterMap(url); assertNotNull(map); assertEquals("app-addnew-false4cEsLB", map.get("client_id")[0]); @@ -144,12 +144,12 @@ void getBaseURLOnLocalhost() { request.setScheme("http"); request.setServerName("localhost"); request.setServerPort(8080); - request.setRequestURI("/uaa/something"); + request.setRequestURI("/something"); request.setServletPath("/something"); ServletRequestAttributes attrs = new ServletRequestAttributes(request); RequestContextHolder.setRequestAttributes(attrs); - assertEquals("http://localhost:8080/uaa", UaaUrlUtils.getBaseURL(request)); + assertEquals("http://localhost:8080", UaaUrlUtils.getBaseURL(request)); } @Test @@ -219,14 +219,14 @@ void localhostPortAndContextPathUrl() { request.setScheme("http"); request.setServerName("localhost"); request.setServerPort(8080); - request.setContextPath("/uaa"); + request.setContextPath("/"); ServletRequestAttributes attrs = new ServletRequestAttributes(request); RequestContextHolder.setRequestAttributes(attrs); String url = UaaUrlUtils.getUaaUrl("/something", IdentityZone.getUaa()); - assertThat(url, is("http://localhost:8080/uaa/something")); + assertThat(url, is("http://localhost:8080/something")); } @Test diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/web/HttpHeadersFilterRequestWrapperTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/web/HttpHeadersFilterRequestWrapperTest.java index 5eedb4f6aec..4c60dcc0539 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/web/HttpHeadersFilterRequestWrapperTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/web/HttpHeadersFilterRequestWrapperTest.java @@ -44,7 +44,7 @@ public class HttpHeadersFilterRequestWrapperTest { @Before public void setUp() { - mock = new MockHttpServletRequest(HttpMethod.GET.name(), "http://localhost:8080/uaa/login"); + mock = new MockHttpServletRequest(HttpMethod.GET.name(), "http://localhost:8080/login"); mock.addHeader("X-Forwarded-For", "proxy-ip"); mock.addHeader("X-Forwarded-Host", "proxy-host"); mock.addHeader("X-Forwarded-Proto", "proxy-host"); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/zone/event/ServiceProviderModifiedEventTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/zone/event/ServiceProviderModifiedEventTest.java index 838f8e28f54..446e9ec761e 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/zone/event/ServiceProviderModifiedEventTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/zone/event/ServiceProviderModifiedEventTest.java @@ -35,7 +35,7 @@ public void setup() { " \"name\" : \"" + name + "\",\n" + " \"entityId\" : \""+ name +".cloudfoundry-saml-login\",\n" + " \"active\" : true,\n" + - " \"config\" : \"{\\\"metaDataLocation\\\" : \\\"zALgjEFJ7jJSwn2AOBH5H8CX93U=Rp5XH8eT0ek/vlFGzHgIFOeESchOwSYZ9oh4JA9WqQ0jJtvNQ9IttY2QY9XK3n6TbbtPcEKVgljyTfwD5ymp+oMKfIYQC9JsN8mPADN5rjLFgC+xGceWLbcjoNsCJ7x2ZjyWRblSxoOU5qnzxEA3k3Bu+OkV+ZXcSbmgMWoQACg=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\\\",\\\"metadataTrustCheck\\\" : true }\"" + + " \"config\" : \"{\\\"metaDataLocation\\\" : \\\"zALgjEFJ7jJSwn2AOBH5H8CX93U=Rp5XH8eT0ek/vlFGzHgIFOeESchOwSYZ9oh4JA9WqQ0jJtvNQ9IttY2QY9XK3n6TbbtPcEKVgljyTfwD5ymp+oMKfIYQC9JsN8mPADN5rjLFgC+xGceWLbcjoNsCJ7x2ZjyWRblSxoOU5qnzxEA3k3Bu+OkV+ZXcSbmgMWoQACg=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\\\",\\\"metadataTrustCheck\\\" : true }\"" + "}"; provider = JsonUtils.readValue(requestBody, SamlServiceProvider.class); diff --git a/server/src/test/resources/integration.test.properties b/server/src/test/resources/integration.test.properties index ebe846c6d5b..dd9cf45939f 100644 --- a/server/src/test/resources/integration.test.properties +++ b/server/src/test/resources/integration.test.properties @@ -1,3 +1,3 @@ -integration.test.base_url=http://localhost:8080/uaa +integration.test.base_url=http://localhost:8080 integration.test.app_url=http://localhost:8080/app/ smtp.port=2525 \ No newline at end of file diff --git a/statsd/src/test/java/org/cloudfoundry/identity/statsd/integration/IntegrationTestUtils.java b/statsd/src/test/java/org/cloudfoundry/identity/statsd/integration/IntegrationTestUtils.java index dce799e0703..c989661e10a 100644 --- a/statsd/src/test/java/org/cloudfoundry/identity/statsd/integration/IntegrationTestUtils.java +++ b/statsd/src/test/java/org/cloudfoundry/identity/statsd/integration/IntegrationTestUtils.java @@ -8,7 +8,7 @@ public class IntegrationTestUtils { - static final String UAA_BASE_URL = "http://localhost:8080/uaa"; + static final String UAA_BASE_URL = "http://localhost:8080"; static final String TEST_USERNAME = "marissa"; static final String TEST_PASSWORD = "koala"; diff --git a/uaa/slateCustomizations/source/index.html.md.erb b/uaa/slateCustomizations/source/index.html.md.erb index 62f72d7e9ac..addd73df076 100644 --- a/uaa/slateCustomizations/source/index.html.md.erb +++ b/uaa/slateCustomizations/source/index.html.md.erb @@ -316,7 +316,7 @@ The trust to the assertion issuer is reused from the SAML 2.0 WebSSO profiles. This grant enables an App2App mechanism with SSO. Typical scenarios are applications outside of CF, which consume a service within the CF world. The endpoint of the bearer assertion is `/oauth/token` so the Recipient attribute in -the bearer assertion must point to the corresponding URI, e.g. http://localhost:8080/uaa/oauth/token. +the bearer assertion must point to the corresponding URI, e.g. http://localhost:8080/oauth/token. <%= render('TokenEndpointDocs/getTokenUsingSaml2BearerGrant/curl-request.md') %> <%= render('TokenEndpointDocs/getTokenUsingSaml2BearerGrant/http-request.md') %> @@ -724,7 +724,7 @@ _Error Codes_ >Sequential example of creating a zone and creating an admin client in that zone: ```bash -uaac target http://localhost:8080/uaa +uaac target http://localhost:8080 uaac token client get admin -s adminsecret @@ -736,7 +736,7 @@ uaac -t curl -XPOST -H"Content-Type:application/json" -H"Accept:application/json uaac -t curl -H"X-Identity-Zone-Id:testzone1" -XPOST -H"Content-Type:application/json" -H"Accept:application/json" --data '{ "client_id" : "admin", "client_secret" : "adminsecret", "scope" : ["uaa.none"], "resource_ids" : ["none"], "authorities" : ["uaa.admin","clients.read","clients.write","clients.secret","scim.read","scim.write","clients.admin"], "authorized_grant_types" : ["client_credentials"]}' /oauth/clients -uaac target http://testzone1.localhost:8080/uaa +uaac target http://testzone1.localhost:8080 uaac token client get admin -s adminsecret @@ -1224,7 +1224,7 @@ Obtaining the UAA SAML IdP metadata: In order to establish trust, a SAML IdP and SAML SP exchange SAML metadata which contains pulbic certificates as well as the endpoints used to communicate amongst each other. Your SAML SP will likely require the UAA SAML IdP metadata in order to make authentication requests to UAA. You can obtain this metadata by making a GET request to the /saml/idp/metadata endpoint. -GET http://localhost:8080/uaa/saml/idp/metadata +GET http://localhost:8080/saml/idp/metadata ## Initiate IDP Login Flow @@ -1531,7 +1531,7 @@ _Error Codes_ >Example using uaac to get users: ```bash -uaac target http://localhost:8080/uaa +uaac target http://localhost:8080 uaac token client get admin -s adminsecret @@ -1571,7 +1571,7 @@ _Error Codes_ >Example using uaac to view users: ```bash -uaac target http://localhost:8080/uaa +uaac target http://localhost:8080 uaac token client get admin -s adminsecret @@ -1631,7 +1631,7 @@ _Error Codes_ >Example using uaac to view users: ```bash -uaac target http://localhost:8080/uaa +uaac target http://localhost:8080 uaac token client get admin -s adminsecret @@ -1672,7 +1672,7 @@ _Error Codes_ >Example using uaac to view users: ```bash -uaac target http://localhost:8080/uaa +uaac target http://localhost:8080 uaac token client get admin -s adminsecret @@ -1713,7 +1713,7 @@ _Error Codes_ >Example using uaac to patch users: ```bash -uaac target http://localhost:8080/uaa +uaac target http://localhost:8080 uaac token client get admin -s adminsecret @@ -1746,7 +1746,7 @@ _Error Codes_ >Example using uaac to delete users: ```bash -uaac target http://localhost:8080/uaa +uaac target http://localhost:8080 uaac token client get admin -s adminsecret @@ -1780,7 +1780,7 @@ _Error Codes_ >Example using uaac to view user info: ```bash -uaac target http://localhost:8080/uaa +uaac target http://localhost:8080 uaac token authcode get admin -s adminsecret @@ -1818,7 +1818,7 @@ _Error Codes_ >Example using uaac to view users: ```bash -uaac target http://localhost:8080/uaa +uaac target http://localhost:8080 uaac token owner get cf testuser -s "" -p "secret" diff --git a/uaa/src/main/resources/required_configuration.yml b/uaa/src/main/resources/required_configuration.yml index d6b47b0e751..ea98b47cb76 100644 --- a/uaa/src/main/resources/required_configuration.yml +++ b/uaa/src/main/resources/required_configuration.yml @@ -1,5 +1,5 @@ issuer: - uri: http://localhost:8080/uaa + uri: http://localhost:8080 encryption: active_key_label: CHANGE-THIS-KEY diff --git a/uaa/src/main/resources/uaa.yml b/uaa/src/main/resources/uaa.yml index ee4f26b8a1f..5f6da2ec83c 100755 --- a/uaa/src/main/resources/uaa.yml +++ b/uaa/src/main/resources/uaa.yml @@ -306,7 +306,7 @@ oauth: # - https://url1.domain1.com/logout-success # - https://url2.domain2.com/logout-success issuer: - uri: http://localhost:8080/uaa + uri: http://localhost:8080 login: # Enable create account and forgot password links on the Login Server (enabled by default) #selfServiceLinksEnabled: true @@ -360,7 +360,7 @@ login: # - name: passcode # type: password # text: MyTemporary Authentication Code (Get on at /passcode) - url: http://localhost:8080/uaa + url: http://localhost:8080 # defaultIdentityProvider: uaa # idpDiscoveryEnabled: true # accountChooserEnabled: true @@ -394,7 +394,7 @@ login: # SAML - The entity base url is the location of this application # (The host and port of the application that will accept assertions) - entityBaseURL: http://localhost:8080/uaa + entityBaseURL: http://localhost:8080 # The entityID of this SP entityID: cloudfoundry-saml-login saml: @@ -497,7 +497,7 @@ login: #END SAML PROVIDERS authorize: - url: http://localhost:8080/uaa/oauth/authorize + url: http://localhost:8080/oauth/authorize # homeRedirect: http://example.com/ @@ -522,13 +522,13 @@ login: uaa: # The hostname of the UAA that this login server will connect to - url: http://localhost:8080/uaa + url: http://localhost:8080 token: - url: http://localhost:8080/uaa/oauth/token + url: http://localhost:8080/oauth/token approvals: - url: http://localhost:8080/uaa/approvals + url: http://localhost:8080/approvals login: - url: http://localhost:8080/uaa/authenticate + url: http://localhost:8080/authenticate limitedFunctionality: enabled: false whitelist: diff --git a/uaa/src/main/webapp/WEB-INF/spring-servlet.xml b/uaa/src/main/webapp/WEB-INF/spring-servlet.xml index 923eb0a6585..35171866203 100755 --- a/uaa/src/main/webapp/WEB-INF/spring-servlet.xml +++ b/uaa/src/main/webapp/WEB-INF/spring-servlet.xml @@ -294,11 +294,11 @@ - + - + @@ -411,7 +411,7 @@ + value="Temporary Authentication Code ( Get one at ${login.entityBaseURL:http://localhost:8080}/passcode )"/> diff --git a/uaa/src/main/webapp/WEB-INF/spring/oauth-clients.xml b/uaa/src/main/webapp/WEB-INF/spring/oauth-clients.xml index 73aacef10a0..2879b1e3e41 100644 --- a/uaa/src/main/webapp/WEB-INF/spring/oauth-clients.xml +++ b/uaa/src/main/webapp/WEB-INF/spring/oauth-clients.xml @@ -93,7 +93,7 @@ - + @@ -114,7 +114,7 @@ value="scim.zones,zones.read,cloud_controller.read,uaa.resource,zones.write"/> + value="http://localhost/*,http://localhost:8080/**,http://oidcloginit.localhost:8080/**"/> @@ -123,7 +123,7 @@ - + uaa @@ -152,7 +152,7 @@ - + diff --git a/uaa/src/main/webapp/WEB-INF/spring/saml-idp.xml b/uaa/src/main/webapp/WEB-INF/spring/saml-idp.xml index ef6c04c7bb9..89b7acddfc2 100644 --- a/uaa/src/main/webapp/WEB-INF/spring/saml-idp.xml +++ b/uaa/src/main/webapp/WEB-INF/spring/saml-idp.xml @@ -107,7 +107,7 @@ + value="${login.entityBaseURL:http://localhost:8080}"/> diff --git a/uaa/src/main/webapp/WEB-INF/spring/saml-providers.xml b/uaa/src/main/webapp/WEB-INF/spring/saml-providers.xml index 14fbe076dbe..808f20f602a 100644 --- a/uaa/src/main/webapp/WEB-INF/spring/saml-providers.xml +++ b/uaa/src/main/webapp/WEB-INF/spring/saml-providers.xml @@ -78,7 +78,7 @@ - + diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/AuthorizationCodeGrantIntegrationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/AuthorizationCodeGrantIntegrationTests.java index 9d85ee9b560..2d2187e1b21 100755 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/AuthorizationCodeGrantIntegrationTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/AuthorizationCodeGrantIntegrationTests.java @@ -60,7 +60,7 @@ public void testZoneDoesNotExist() { .queryParam("response_type", "code") .queryParam("state", "mystateid") .queryParam("client_id", "clientId") - .queryParam("redirect_uri", "http://localhost:8080/uaa"); + .queryParam("redirect_uri", "http://localhost:8080"); URI uri = builder.build(); @@ -79,12 +79,12 @@ public void testZoneInactive() { RestTemplate identityClient = IntegrationTestUtils .getClientCredentialsTemplate(IntegrationTestUtils.getClientCredentialsResource(serverRunning.getBaseUrl(), new String[]{"zones.write", "zones.read", "scim.zones"}, "identity", "identitysecret")); - IntegrationTestUtils.createInactiveIdentityZone(identityClient, "http://localhost:8080/uaa"); + IntegrationTestUtils.createInactiveIdentityZone(identityClient, "http://localhost:8080"); ServerRunning.UriBuilder builder = serverRunning.buildUri(serverRunning.getAuthorizationUri().replace("localhost", "testzoneinactive.localhost")) .queryParam("response_type", "code") .queryParam("state", "mystateid") .queryParam("client_id", "clientId") - .queryParam("redirect_uri", "http://localhost:8080/uaa"); + .queryParam("redirect_uri", "http://localhost:8080"); URI uri = builder.build(); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ImplicitTokenGrantIntegrationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ImplicitTokenGrantIntegrationTests.java index 8f5ab60203a..437cf139ddf 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ImplicitTokenGrantIntegrationTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ImplicitTokenGrantIntegrationTests.java @@ -174,7 +174,7 @@ public void authzWithInactiveIdentityZone() { RestTemplate identityClient = IntegrationTestUtils .getClientCredentialsTemplate(IntegrationTestUtils.getClientCredentialsResource(serverRunning.getBaseUrl(), new String[]{"zones.write", "zones.read", "scim.zones"}, "identity", "identitysecret")); - IntegrationTestUtils.createInactiveIdentityZone(identityClient, "http://localhost:8080/uaa"); + IntegrationTestUtils.createInactiveIdentityZone(identityClient, "http://localhost:8080"); ResponseEntity result = serverRunning.getForResponse(implicitUrl().replace("localhost", "testzoneinactive.localhost"), new HttpHeaders()); assertEquals(HttpStatus.NOT_FOUND, result.getStatusCode()); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/LoginInfoEndpointIntegrationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/LoginInfoEndpointIntegrationTests.java index a1164a47ee6..9e9c2491304 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/LoginInfoEndpointIntegrationTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/LoginInfoEndpointIntegrationTests.java @@ -60,7 +60,7 @@ public void testHappyDayHtml() { String body = response.getBody(); // System.err.println(body); assertNotNull(body); - assertTrue("Wrong body: " + body, body.contains("
")); + assertTrue("Wrong body: " + body, body.contains("")); } diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/OpenIdTokenAuthorizationWithApprovalIntegrationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/OpenIdTokenAuthorizationWithApprovalIntegrationTests.java index 890172e68a1..bba9ff48b25 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/OpenIdTokenAuthorizationWithApprovalIntegrationTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/OpenIdTokenAuthorizationWithApprovalIntegrationTests.java @@ -210,7 +210,7 @@ public void testOpenIdHybridFlowZoneInactive() { RestTemplate identityClient = IntegrationTestUtils .getClientCredentialsTemplate(IntegrationTestUtils.getClientCredentialsResource(serverRunning.getBaseUrl(), new String[]{"zones.write", "zones.read", "scim.zones"}, "identity", "identitysecret")); - IntegrationTestUtils.createInactiveIdentityZone(identityClient, "http://localhost:8080/uaa"); + IntegrationTestUtils.createInactiveIdentityZone(identityClient, "http://localhost:8080"); AuthorizationCodeResourceDetails resource = testAccounts.getDefaultAuthorizationCodeResource(); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/PasswordChangeEndpointIntegrationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/PasswordChangeEndpointIntegrationTests.java index 935c2f552dd..d5c36cda262 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/PasswordChangeEndpointIntegrationTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/PasswordChangeEndpointIntegrationTests.java @@ -106,7 +106,7 @@ public void createAccount() { // curl -v -H "Content-Type: application/json" -X PUT -H // "Accept: application/json" --data // "{\"password\":\"newpassword\",\"schemas\":[\"urn:scim:schemas:core:1.0\"]}" - // http://localhost:8080/uaa/User/{id}/password + // http://localhost:8080/User/{id}/password @Test @OAuth2ContextConfiguration(OAuth2ContextConfiguration.ClientCredentials.class) public void testChangePasswordSucceeds() { diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/PasswordGrantIntegrationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/PasswordGrantIntegrationTests.java index 5f25766a8d8..cfa883b79d4 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/PasswordGrantIntegrationTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/PasswordGrantIntegrationTests.java @@ -60,7 +60,7 @@ public void passwordGrantInactiveZone() { RestTemplate identityClient = IntegrationTestUtils .getClientCredentialsTemplate(IntegrationTestUtils.getClientCredentialsResource(serverRunning.getBaseUrl(), new String[]{"zones.write", "zones.read", "scim.zones"}, "identity", "identitysecret")); - IntegrationTestUtils.createInactiveIdentityZone(identityClient, "http://localhost:8080/uaa"); + IntegrationTestUtils.createInactiveIdentityZone(identityClient, "http://localhost:8080"); String accessTokenUri = serverRunning.getAccessTokenUri().replace("localhost", "testzoneinactive.localhost"); ResponseEntity response = makePasswordGrantRequest(testAccounts.getUserName(), testAccounts.getPassword(), "cf", "", accessTokenUri); assertEquals(HttpStatus.NOT_FOUND, response.getStatusCode()); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/RefreshTokenSupportIntegrationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/RefreshTokenSupportIntegrationTests.java index 681f288a94f..5c146a7b158 100755 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/RefreshTokenSupportIntegrationTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/RefreshTokenSupportIntegrationTests.java @@ -178,7 +178,7 @@ public void testRefreshTokenWithInactiveZone() { RestTemplate identityClient = IntegrationTestUtils .getClientCredentialsTemplate(IntegrationTestUtils.getClientCredentialsResource(serverRunning.getBaseUrl(), new String[]{"zones.write", "zones.read", "scim.zones"}, "identity", "identitysecret")); - IntegrationTestUtils.createInactiveIdentityZone(identityClient, "http://localhost:8080/uaa"); + IntegrationTestUtils.createInactiveIdentityZone(identityClient, "http://localhost:8080"); LinkedMultiValueMap formData = new LinkedMultiValueMap<>(); formData.add("grant_type", "refresh_token"); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ScimUserEndpointsIntegrationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ScimUserEndpointsIntegrationTests.java index 74a19c6fdc6..c2ae0a22138 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ScimUserEndpointsIntegrationTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ScimUserEndpointsIntegrationTests.java @@ -121,7 +121,7 @@ private ResponseEntity createUser(String username, String firstName, S // curl -v -H "Content-Type: application/json" -H "Accept: application/json" // --data // "{\"userName\":\"joe\",\"schemas\":[\"urn:scim:schemas:core:1.0\"]}" - // http://localhost:8080/uaa/User + // http://localhost:8080/User @Test public void createUserSucceeds() { ResponseEntity response = createUser(JOE, "Joe", "User", "joe@blah.com"); @@ -138,7 +138,7 @@ public void createUserSucceeds() { // curl -v -H "Content-Type: application/json" -H "Accept: application/json" // --data // "{\"userName\":\"joe\",\"schemas\":[\"urn:scim:schemas:core:1.0\"]}" - // http://localhost:8080/uaa/User + // http://localhost:8080/User @Test public void createUserSucceedsWithVerifiedIsFalse() { ResponseEntity response = createUser(JOE, "Joe", "User", "joe@blah.com", false); @@ -155,7 +155,7 @@ public void createUserSucceedsWithVerifiedIsFalse() { // curl -v -H "Content-Type: application/json" -H "Accept: application/json" // --data // "{\"userName\":\"joe\",\"schemas\":[\"urn:scim:schemas:core:1.0\"]}" - // http://localhost:8080/uaa/User + // http://localhost:8080/User @Test public void verifyUser() { ResponseEntity response = createUser(JOE, "Joe", "User", "joe@blah.com", false); @@ -175,7 +175,7 @@ public void verifyUser() { // curl -v -H "Content-Type: application/json" -H "Accept: application/json" // --data // "{\"userName\":\"joe\",\"schemas\":[\"urn:scim:schemas:core:1.0\"]}" - // http://localhost:8080/uaa/User + // http://localhost:8080/User @Test public void verifyUserNotFound() { HttpHeaders headers = new HttpHeaders(); @@ -223,7 +223,7 @@ public void getUserHasEtag() { // curl -v -H "Content-Type: application/json" -X PUT -H // "Accept: application/json" --data // "{\"userName\":\"joe\",\"schemas\":[\"urn:scim:schemas:core:1.0\"]}" - // http://localhost:8080/uaa/User + // http://localhost:8080/User @Test public void updateUserSucceeds() { ResponseEntity response = createUser(JOE, "Joe", "User", "joe@blah.com"); @@ -344,7 +344,7 @@ public void updateUserGroupsDoesNothing() { // curl -v -H "Content-Type: application/json" -H "Accept: application/json" // -H 'If-Match: "0"' --data // "{\"userName\":\"joe\",\"schemas\":[\"urn:scim:schemas:core:1.0\"]}" - // http://localhost:8080/uaa/User + // http://localhost:8080/User @Test public void createUserTwiceFails() { ScimUser user = new ScimUser(); @@ -400,7 +400,7 @@ public void createUserWithJustACaseChangeFails() { // curl -v -H "Content-Type: application/json" -H "Accept: application/json" // -X DELETE - // -H "If-Match: 0" http://localhost:8080/uaa/User/joel + // -H "If-Match: 0" http://localhost:8080/User/joel @Test public void deleteUserWithWrongIdFails() { @SuppressWarnings("rawtypes") @@ -414,7 +414,7 @@ public void deleteUserWithWrongIdFails() { // curl -v -H "Content-Type: application/json" -H "Accept: application/json" // -X DELETE - // http://localhost:8080/uaa/User/joel + // http://localhost:8080/User/joel @Test public void deleteUserWithNoEtagSucceeds() { ScimUser deleteMe = createUser(DELETE_ME, "Delete", "Me", "deleteme@blah.com").getBody(); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/CreateAccountIT.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/CreateAccountIT.java index 5b5a9e8d4f5..7d761d53568 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/CreateAccountIT.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/CreateAccountIT.java @@ -185,8 +185,8 @@ public void testEmailDomainRegisteredWithIDPDoesNotAllowAccountCreation() throws IdentityProvider oidcProvider = new IdentityProvider().setName("oidc_provider").setActive(true).setType(OriginKeys.OIDC10).setOriginKey(OriginKeys.OIDC10).setConfig(new OIDCIdentityProviderDefinition()); oidcProvider.getConfig().setAuthUrl(new URL("http://example.com")); oidcProvider.getConfig().setShowLinkText(false); - oidcProvider.getConfig().setTokenUrl(new URL("http://localhost:8080/uaa/idp_login")); - oidcProvider.getConfig().setTokenKeyUrl(new URL("http://localhost:8080/uaa/idp_login")); + oidcProvider.getConfig().setTokenUrl(new URL("http://localhost:8080/idp_login")); + oidcProvider.getConfig().setTokenKeyUrl(new URL("http://localhost:8080/idp_login")); oidcProvider.getConfig().setEmailDomain(Collections.singletonList("example.com")); oidcProvider.getConfig().setRelyingPartyId("client_id"); oidcProvider.getConfig().setRelyingPartySecret("client_secret"); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/IdentityZoneNotAvailableIT.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/IdentityZoneNotAvailableIT.java index c7649197a89..67e01830b03 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/IdentityZoneNotAvailableIT.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/IdentityZoneNotAvailableIT.java @@ -33,8 +33,8 @@ public class IdentityZoneNotAvailableIT { @Parameterized.Parameters(name = "{index}: zoneUrl[{0}];") public static List data() { return Arrays.asList(new Object[][]{ - {"http://testzonedoesnotexist.localhost:8080/uaa"}, - {"http://testzoneinactive.localhost:8080/uaa"} + {"http://testzonedoesnotexist.localhost:8080"}, + {"http://testzoneinactive.localhost:8080"} }); } @@ -45,7 +45,7 @@ public IdentityZoneNotAvailableIT(String zoneUrl) { @Before public void setUp() { String[] scope = {"uaa.admin"}; - String baseUrl = "http://localhost:8080/uaa"; + String baseUrl = "http://localhost:8080"; ClientCredentialsResourceDetails adminResource = IntegrationTestUtils.getClientCredentialsResource(baseUrl, scope, "admin", "adminsecret"); restTemplate = IntegrationTestUtils.getClientCredentialsTemplate( adminResource); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/OIDCLoginIT.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/OIDCLoginIT.java index 42375ab5c09..136d38fe1bb 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/OIDCLoginIT.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/OIDCLoginIT.java @@ -140,12 +140,12 @@ public void setUp() throws Exception { adminToken = IntegrationTestUtils.getClientCredentialsToken(baseUrl, "admin", "adminsecret"); String zoneHost = zone.getSubdomain() + ".localhost"; - zoneUrl = "http://" + zoneHost + ":8080/uaa"; + zoneUrl = "http://" + zoneHost + ":8080"; String createdGroupName = new RandomValueStringGenerator(10).generate() + ".created.scope"; - String urlBase = "http://localhost:8080/uaa"; + String urlBase = "http://localhost:8080"; identityProvider = new IdentityProvider<>(); identityProvider.setName("my oidc provider"); identityProvider.setIdentityZoneId(OriginKeys.UAA); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginIT.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginIT.java index 5399ab49c97..a464ce33702 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginIT.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginIT.java @@ -1345,7 +1345,7 @@ public void testLoginSamlOnlyProviderNoUsernamePassword() throws Exception { String adminAccessToken = testClient.getOAuthAccessToken("admin", "adminsecret", "client_credentials", "clients.read clients.write clients.secret clients.admin"); String clientId = UUID.randomUUID().toString(); - BaseClientDetails clientDetails = new BaseClientDetails(clientId, null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.none", "http://localhost:8080/uaa/login"); + BaseClientDetails clientDetails = new BaseClientDetails(clientId, null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.none", "http://localhost:8080/login"); clientDetails.setClientSecret("secret"); clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, idps); testClient.createClient(adminAccessToken, clientDetails); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginWithLocalIdpIT.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginWithLocalIdpIT.java index 2b965354fe4..9d227c66ea0 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginWithLocalIdpIT.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginWithLocalIdpIT.java @@ -249,7 +249,7 @@ public void testValidSaml2Bearer() throws Exception { postBody.add("client_secret", "secret"); postBody.add("assertion", samlTestUtils.mockAssertionEncoded(IDP_ENTITY_ID, "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - "Saml2BearerIntegrationUser", "http://localhost:8080/uaa/oauth/token/alias/cloudfoundry-saml-login", "cloudfoundry-saml-login")); + "Saml2BearerIntegrationUser", "http://localhost:8080/oauth/token/alias/cloudfoundry-saml-login", "cloudfoundry-saml-login")); ResponseEntity token = restOperations.exchange(baseUrl + "/oauth/token/alias/cloudfoundry-saml-login", HttpMethod.POST, new HttpEntity<>(postBody, headers), @@ -1015,9 +1015,9 @@ public SamlIdentityProviderDefinition createZone3IdpDefinition(String alias) { public static SamlIdentityProviderDefinition createLocalSamlIdpDefinition(String alias, String zoneId) { String url; if (StringUtils.isNotEmpty(zoneId) && !zoneId.equals("uaa")) { - url = "http://" + zoneId + ".localhost:8080/uaa/saml/idp/metadata"; + url = "http://" + zoneId + ".localhost:8080/saml/idp/metadata"; } else { - url = "http://localhost:8080/uaa/saml/idp/metadata"; + url = "http://localhost:8080/saml/idp/metadata"; } String idpMetaData = getIdpMetadata(url); return SamlTestUtils.createLocalSamlIdpDefinition(alias, zoneId, idpMetaData); @@ -1037,9 +1037,9 @@ public static SamlServiceProviderDefinition createLocalSamlSpDefinition(String a String url; if (StringUtils.isNotEmpty(zoneId) && !zoneId.equals("uaa")) { - url = "http://" + zoneId + ".localhost:8080/uaa/saml/metadata/alias/" + zoneId + "." + alias; + url = "http://" + zoneId + ".localhost:8080/saml/metadata/alias/" + zoneId + "." + alias; } else { - url = "http://localhost:8080/uaa/saml/metadata/alias/" + alias; + url = "http://localhost:8080/saml/metadata/alias/" + alias; } String spMetaData = getIdpMetadata(url); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/TokenEndpointDocs.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/TokenEndpointDocs.java index 6fd5215c65d..1b502195165 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/TokenEndpointDocs.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/TokenEndpointDocs.java @@ -412,7 +412,7 @@ void getTokenUsingSaml2BearerGrant() throws Exception { samlTestUtils.initializeSimple(); String subdomain = generator.generate().toLowerCase(); - //all our SAML defaults use :8080/uaa/ so we have to use that here too + //all our SAML defaults use :8080 so we have to use that here too String host = subdomain + ".localhost"; String fullPath = "/uaa/oauth/token/alias/" + subdomain + ".cloudfoundry-saml-login"; String origin = subdomain + ".cloudfoundry-saml-login"; @@ -438,7 +438,7 @@ void getTokenUsingSaml2BearerGrant() throws Exception { String assertion = samlTestUtils.mockAssertionEncoded(subdomain + ".cloudfoundry-saml-login", "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "Saml2BearerIntegrationUser", - "http://" + subdomain + ".localhost:8080/uaa/oauth/token/alias/" + subdomain + ".cloudfoundry-saml-login", + "http://" + subdomain + ".localhost:8080/oauth/token/alias/" + subdomain + ".cloudfoundry-saml-login", subdomain + ".cloudfoundry-saml-login" ); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/audit/AuditCheckMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/audit/AuditCheckMockMvcTests.java index 9165ff4dc6b..3f06a486d22 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/audit/AuditCheckMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/audit/AuditCheckMockMvcTests.java @@ -909,7 +909,7 @@ void generateUserDeletedEvent_whenDeletingUser( @Test void generateUserCreatedEvent_DuringLoginServerAuthorize() throws Exception { - clientRegistrationService.updateClientDetails(new BaseClientDetails("login", "oauth", "oauth.approvals", "authorization_code,password,client_credentials", "oauth.login", "http://localhost:8080/uaa")); + clientRegistrationService.updateClientDetails(new BaseClientDetails("login", "oauth", "oauth.approvals", "authorization_code,password,client_credentials", "oauth.login", "http://localhost:8080")); String username = "jacob" + new RandomValueStringGenerator().generate(); String loginToken = testClient.getClientCredentialsOAuthAccessToken( "login", @@ -932,7 +932,7 @@ void generateUserCreatedEvent_DuringLoginServerAuthorize() throws Exception { .param("external_id", "jacob") .param("response_type", "code") .param("client_id", "login") - .param("redirect_uri", "http://localhost:8080/uaa") + .param("redirect_uri", "http://localhost:8080") .param("state", "erw342"); mockMvc.perform(userPost) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/saml/SamlAuthenticationMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/saml/SamlAuthenticationMockMvcTests.java index 2665cff07f3..cfa4df781dc 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/saml/SamlAuthenticationMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/saml/SamlAuthenticationMockMvcTests.java @@ -135,8 +135,8 @@ void sendAuthnRequestToIdp() throws Exception { String idpEntityId = idpZone.getSubdomain() + ".cloudfoundry-saml-login"; MvcResult mvcResult = mockMvc.perform( - get("/uaa/saml/discovery") - .contextPath("/uaa") + get("/saml/discovery") + .contextPath("") .header(HOST, spZone.getSubdomain() + ".localhost:8080") .param("returnIDParam", "idp") .param("entityID", spZoneEntityId) @@ -148,7 +148,7 @@ void sendAuthnRequestToIdp() throws Exception { mvcResult = mockMvc.perform( get(mvcResult.getResponse().getRedirectedUrl()) - .contextPath("/uaa") + .contextPath("") .header(HOST, spZone.getSubdomain() + ".localhost:8080") .session((MockHttpSession) mvcResult.getRequest().getSession()) @@ -161,14 +161,14 @@ void sendAuthnRequestToIdp() throws Exception { String relayState = extractRelayState(body); String samlRequest = extractSamlRequest(body); mockMvc.perform( - post("/uaa/saml/idp/SSO/alias/" + idpEntityId) - .contextPath("/uaa") + post("/saml/idp/SSO/alias/" + idpEntityId) + .contextPath("") .header(HOST, idpZone.getSubdomain() + ".localhost:8080") .param("RelayState", relayState) .param("SAMLRequest", samlRequest) ) .andExpect(status().isFound()) - .andExpect(redirectedUrl("http://" + idpZone.getSubdomain() + ".localhost:8080/uaa/login")); + .andExpect(redirectedUrl("http://" + idpZone.getSubdomain() + ".localhost:8080/login")); } @Test @@ -216,8 +216,8 @@ void spIsAuthenticated() throws Exception { testLogger.reset(); mockMvc.perform( - post("/uaa/saml/SSO/alias/" + spZoneEntityId) - .contextPath("/uaa") + post("/saml/SSO/alias/" + spZoneEntityId) + .contextPath("") .header(HOST, subdomain + ".localhost:8080") .header(CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE) .param("SAMLResponse", xml) @@ -270,8 +270,8 @@ void passcodeGrantIdTokenContainsExternalGroupsAsRolesClaim() throws Exception { String samlResponse = performIdpAuthentication(samlAuthorityNamesForMockAuthentication); String xml = extractAssertion(samlResponse, false); MockHttpSession session = (MockHttpSession) mockMvc.perform( - post("/uaa/saml/SSO/alias/" + spZoneEntityId) - .contextPath("/uaa") + post("/saml/SSO/alias/" + spZoneEntityId) + .contextPath("") .header(HOST, spZoneHost) .header(CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE) .param("SAMLResponse", xml) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/JwtBearerGrantMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/JwtBearerGrantMockMvcTests.java index c1d8ac68e69..521806fab3c 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/JwtBearerGrantMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/JwtBearerGrantMockMvcTests.java @@ -167,7 +167,7 @@ ResultActions perform_grant_in_zone(IdentityZone theZone, String assertion) thro void createProvider(IdentityZone theZone, String verificationKey) throws Exception { createOIDCProvider(theZone, verificationKey, - "http://" + originZone.getIdentityZone().getSubdomain() + ".localhost:8080/uaa/oauth/token", + "http://" + originZone.getIdentityZone().getSubdomain() + ".localhost:8080/oauth/token", originClient.getClientId()); } diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenMvcMockTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenMvcMockTests.java index 236ad7d2485..4a0cea222a7 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenMvcMockTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenMvcMockTests.java @@ -653,9 +653,9 @@ void test_token_ids() throws Exception { @Test void test_saml_bearer_grant() throws Exception { String subdomain = generator.generate().toLowerCase(); - //all our SAML defaults use :8080/uaa/ so we have to use that here too + //all our SAML defaults use :8080/ so we have to use that here too String host = subdomain + ".localhost"; - String fullPath = "/uaa/oauth/token/alias/" + subdomain + ".cloudfoundry-saml-login"; + String fullPath = "/oauth/token/alias/" + subdomain + ".cloudfoundry-saml-login"; String origin = subdomain + ".cloudfoundry-saml-login"; MockMvcUtils.IdentityZoneCreationResult zone = MockMvcUtils.createOtherIdentityZoneAndReturnResult(subdomain, @@ -683,7 +683,7 @@ void test_saml_bearer_grant() throws Exception { String assertion = samlTestUtils.mockAssertionEncoded(subdomain + ".cloudfoundry-saml-login", "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "Saml2BearerIntegrationUser", - "http://" + subdomain + ".localhost:8080/uaa/oauth/token/alias/" + subdomain + ".cloudfoundry-saml-login", + "http://" + subdomain + ".localhost:8080/oauth/token/alias/" + subdomain + ".cloudfoundry-saml-login", subdomain + ".cloudfoundry-saml-login" ); @@ -700,7 +700,6 @@ void test_saml_bearer_grant() throws Exception { request.setServerName(host); return request; }) - .contextPath("/uaa") .accept(APPLICATION_JSON) .header(HOST, host) .contentType(APPLICATION_FORM_URLENCODED) @@ -725,8 +724,8 @@ void test_saml_bearer_grant() throws Exception { @Test void test_two_zone_saml_bearer_grant() throws Exception { String subdomain = generator.generate().toLowerCase(); - //all our SAML defaults use :8080/uaa/ so we have to use that here too - String spInvocationEndpoint = "/uaa/oauth/token/alias/cloudfoundry-saml-login"; + //all our SAML defaults use :8080/ so we have to use that here too + String spInvocationEndpoint = "/oauth/token/alias/cloudfoundry-saml-login"; String idpOrigin = subdomain + ".cloudfoundry-saml-login"; //create an zone - that zone will be our IDP @@ -755,7 +754,7 @@ void test_two_zone_saml_bearer_grant() throws Exception { String assertion = samlTestUtils.mockAssertionEncoded(subdomain + ".cloudfoundry-saml-login", "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "Saml2BearerIntegrationUser", - "http://localhost:8080/uaa/oauth/token/alias/cloudfoundry-saml-login", + "http://localhost:8080/oauth/token/alias/cloudfoundry-saml-login", "cloudfoundry-saml-login" ); @@ -771,7 +770,7 @@ void test_two_zone_saml_bearer_grant() throws Exception { request.setServerName("localhost"); return request; }) - .contextPath("/uaa") + .contextPath("") .accept(APPLICATION_JSON) .header(HOST, "localhost") .contentType(APPLICATION_FORM_URLENCODED) @@ -3591,7 +3590,7 @@ void password_grant_with_default_user_groups_in_zone() throws Exception { .andReturn(); String claimsJSON = JwtHelper.decode(JsonUtils.readValue(result.getResponse().getContentAsString(), OAuthToken.class).accessToken).getClaims(); Claims claims = JsonUtils.readValue(claimsJSON, Claims.class); - assertEquals(claims.getIss(), "http://" + subdomain.toLowerCase() + ".localhost:8080/uaa/oauth/token"); + assertEquals(claims.getIss(), "http://" + subdomain.toLowerCase() + ".localhost:8080/oauth/token"); assertThat(claims.getScope(), containsInAnyOrder("openid", "custom.default.group")); } @@ -3613,7 +3612,7 @@ void testGetPasswordGrantTokenForOtherZone() throws Exception { .andReturn(); String claimsJSON = JwtHelper.decode(JsonUtils.readValue(result.getResponse().getContentAsString(), OAuthToken.class).accessToken).getClaims(); Claims claims = JsonUtils.readValue(claimsJSON, Claims.class); - assertEquals(claims.getIss(), "http://" + subdomain.toLowerCase() + ".localhost:8080/uaa/oauth/token"); + assertEquals(claims.getIss(), "http://" + subdomain.toLowerCase() + ".localhost:8080/oauth/token"); } @Test @@ -3975,7 +3974,7 @@ void testJkuHeaderIsSet_andNonRfcHeadersNotSet_forAccessToken() throws Exception JsonUtils.readValue(accessTokenHeaderJson, new TypeReference>() { }); - assertThat(headerMap.get("jku"), is("https://localhost:8080/uaa/token_keys")); + assertThat(headerMap.get("jku"), is("https://localhost:8080/token_keys")); // `enc` and `iv` are not required by JWT or OAuth spec, so should not be set and thus not returned in the token's header assertThat(headerMap, not(hasKey("enc"))); assertThat(headerMap, not(hasKey("iv"))); @@ -4006,7 +4005,7 @@ void testJkuHeaderIsSet_andNonRfcHeadersNotSet_forRefreshToken() throws Exceptio JsonUtils.readValue(refreshTokenHeaderJson, new TypeReference>() { }); - assertThat(headerMap.get("jku"), is("https://localhost:8080/uaa/token_keys")); + assertThat(headerMap.get("jku"), is("https://localhost:8080/token_keys")); // `enc` and `iv` are not required by JWT or OAuth spec, so should not be set and thus not returned in the token's header assertThat(headerMap, not(hasKey("enc"))); assertThat(headerMap, not(hasKey("iv"))); @@ -4038,7 +4037,7 @@ void testJkuHeaderIsSet_andNonRfcHeadersNotSet_forIdToken() throws Exception { JsonUtils.readValue(idTokenHeaderJson, new TypeReference>() { }); - assertThat(headerMap.get("jku"), is("https://localhost:8080/uaa/token_keys")); + assertThat(headerMap.get("jku"), is("https://localhost:8080/token_keys")); // `enc` and `iv` are not required by JWT or OAuth spec, so should not be set and thus not returned in the token's header assertThat(headerMap, not(hasKey("enc"))); assertThat(headerMap, not(hasKey("iv"))); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointDocs.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointDocs.java index b2298c536a2..0ba4d2bbed3 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointDocs.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointDocs.java @@ -159,7 +159,7 @@ class IdentityZoneEndpointDocs extends EndpointDocs { private static final String MFA_CONFIG_IDENTITY_PROVIDER_DESC = "Only trigger MFA when user is using an identity provider whose origin key matches one of these values"; private static final String ZONE_ISSUER_DESC = "Issuer of this zone. Must be a valid URL."; private static final String DEFAULT_IDP_DESC = "This value can be set to the origin key of an identity provider. If set, the user will be directed to this identity provider automatically if no other identity provider is discovered or selected via login_hint."; - private static final String DEFAULT_ISSUER_URI = "http://localhost:8080/uaa"; + private static final String DEFAULT_ISSUER_URI = "http://localhost:8080"; private static final HeaderDescriptor IDENTITY_ZONE_ID_HEADER = headerWithName(IdentityZoneSwitchingFilter.HEADER).description("May include this header to administer another zone if using `zones..admin` or `uaa.admin` scope against the default UAA zone.").optional(); private static final HeaderDescriptor IDENTITY_ZONE_SUBDOMAIN_HEADER = headerWithName(IdentityZoneSwitchingFilter.SUBDOMAIN_HEADER).optional().description("If using a `zones..admin` scope/token, indicates what Identity Zone this request goes to by supplying a subdomain."); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java index b322bd888dc..cfb0ff3e650 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java @@ -1738,7 +1738,7 @@ void testCreateAndDeleteLimitedClientInNewZoneUsingZoneEndpoint() throws Excepti assertEquals("zones.write", created.getAdditionalInformation().get(ClientConstants.CREATED_WITH)); assertEquals(Collections.singletonList(UAA), created.getAdditionalInformation().get(ClientConstants.ALLOWED_PROVIDERS)); assertEquals("bar", created.getAdditionalInformation().get("foo")); - checkAuditEventListener(1, AuditEventType.ClientCreateSuccess, clientCreateEventListener, id, "http://localhost:8080/uaa/oauth/token", "identity"); + checkAuditEventListener(1, AuditEventType.ClientCreateSuccess, clientCreateEventListener, id, "http://localhost:8080/oauth/token", "identity"); for (String url : Arrays.asList("", "/")) { mockMvc.perform( @@ -1753,7 +1753,7 @@ void testCreateAndDeleteLimitedClientInNewZoneUsingZoneEndpoint() throws Excepti .accept(APPLICATION_JSON)) .andExpect(status().isOk()); - checkAuditEventListener(1, AuditEventType.ClientDeleteSuccess, clientDeleteEventListener, id, "http://localhost:8080/uaa/oauth/token", "identity"); + checkAuditEventListener(1, AuditEventType.ClientDeleteSuccess, clientDeleteEventListener, id, "http://localhost:8080/oauth/token", "identity"); } @Test @@ -1887,12 +1887,12 @@ void testSuccessfulUserManagementInZoneUsingAdminClient() throws Exception { IdentityZone identityZone = creationResult.getIdentityZone(); checkZoneAuditEventInUaa(1, AuditEventType.IdentityZoneCreatedEvent); - checkAuditEventListener(1, AuditEventType.GroupCreatedEvent, groupModifiedEventListener, IdentityZone.getUaaZoneId(), "http://localhost:8080/uaa/oauth/token", "identity"); - checkAuditEventListener(1, AuditEventType.ClientCreateSuccess, clientCreateEventListener, identityZone.getId(), "http://localhost:8080/uaa/oauth/token", creationResult.getZoneAdminUser().getId()); + checkAuditEventListener(1, AuditEventType.GroupCreatedEvent, groupModifiedEventListener, IdentityZone.getUaaZoneId(), "http://localhost:8080/oauth/token", "identity"); + checkAuditEventListener(1, AuditEventType.ClientCreateSuccess, clientCreateEventListener, identityZone.getId(), "http://localhost:8080/oauth/token", creationResult.getZoneAdminUser().getId()); String scimAdminToken = testClient.getClientCredentialsOAuthAccessToken("admin", "admin-secret", "scim.write,scim.read", subdomain); ScimUser user = createUser(scimAdminToken, subdomain); - checkAuditEventListener(1, AuditEventType.UserCreatedEvent, userModifiedEventListener, identityZone.getId(), "http://" + subdomain + ".localhost:8080/uaa/oauth/token", "admin"); + checkAuditEventListener(1, AuditEventType.UserCreatedEvent, userModifiedEventListener, identityZone.getId(), "http://" + subdomain + ".localhost:8080/oauth/token", "admin"); user.setUserName("updated-username@test.com"); MockHttpServletRequestBuilder put = put("/Users/" + user.getId()) @@ -1907,7 +1907,7 @@ void testSuccessfulUserManagementInZoneUsingAdminClient() throws Exception { .andExpect(jsonPath("$.userName").value(user.getUserName())) .andReturn(); - checkAuditEventListener(2, AuditEventType.UserModifiedEvent, userModifiedEventListener, identityZone.getId(), "http://" + subdomain + ".localhost:8080/uaa/oauth/token", "admin"); + checkAuditEventListener(2, AuditEventType.UserModifiedEvent, userModifiedEventListener, identityZone.getId(), "http://" + subdomain + ".localhost:8080/oauth/token", "admin"); user = JsonUtils.readValue(result.getResponse().getContentAsString(), ScimUser.class); List users = getUsersInZone(subdomain, scimAdminToken); assertTrue(users.contains(user)); @@ -1924,7 +1924,7 @@ void testSuccessfulUserManagementInZoneUsingAdminClient() throws Exception { .andExpect(jsonPath("$.id").value(user.getId())) .andReturn(); - checkAuditEventListener(3, AuditEventType.UserDeletedEvent, userModifiedEventListener, identityZone.getId(), "http://" + subdomain + ".localhost:8080/uaa/oauth/token", "admin"); + checkAuditEventListener(3, AuditEventType.UserDeletedEvent, userModifiedEventListener, identityZone.getId(), "http://" + subdomain + ".localhost:8080/oauth/token", "admin"); users = getUsersInZone(subdomain, scimAdminToken); assertEquals(0, users.size()); } @@ -2252,7 +2252,7 @@ private IdentityZone createZoneReturn() throws Exception { assertEquals(id.toLowerCase(), zone.getSubdomain()); assertFalse(zone.getConfig().getTokenPolicy().isRefreshTokenUnique()); assertEquals(JWT.getStringValue(), zone.getConfig().getTokenPolicy().getRefreshTokenFormat()); - checkAuditEventListener(1, AuditEventType.IdentityZoneCreatedEvent, zoneModifiedEventListener, IdentityZone.getUaaZoneId(), "http://localhost:8080/uaa/oauth/token", "identity"); + checkAuditEventListener(1, AuditEventType.IdentityZoneCreatedEvent, zoneModifiedEventListener, IdentityZone.getUaaZoneId(), "http://localhost:8080/oauth/token", "identity"); //validate that default groups got created ScimGroupProvisioning groupProvisioning = webApplicationContext.getBean(ScimGroupProvisioning.class); @@ -2386,7 +2386,7 @@ private IdentityZone updateZone(IdentityZone identityZone, HttpStatus expect, St } private void checkZoneAuditEventInUaa(int eventCount, AuditEventType eventType) { - checkAuditEventListener(eventCount, eventType, zoneModifiedEventListener, IdentityZone.getUaaZoneId(), "http://localhost:8080/uaa/oauth/token", "identity"); + checkAuditEventListener(eventCount, eventType, zoneModifiedEventListener, IdentityZone.getUaaZoneId(), "http://localhost:8080/oauth/token", "identity"); } private void checkAuditEventListener(int eventCount, AuditEventType eventType, TestApplicationEventListener eventListener, String identityZoneId, String issuer, String subject) { diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/BaseSamlServiceProviderEndpointsMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/BaseSamlServiceProviderEndpointsMockMvcTests.java index 035b2af53e5..c0efac00d1d 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/BaseSamlServiceProviderEndpointsMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/BaseSamlServiceProviderEndpointsMockMvcTests.java @@ -65,7 +65,7 @@ void setup() throws Exception { " \"name\" : \"" + name + "\",\n" + " \"entityId\" : \"" + name + ".cloudfoundry-saml-login\",\n" + " \"active\" : true,\n" + - " \"config\" : \"{\\\"metaDataLocation\\\" : \\\"zALgjEFJ7jJSwn2AOBH5H8CX93U=Rp5XH8eT0ek/vlFGzHgIFOeESchOwSYZ9oh4JA9WqQ0jJtvNQ9IttY2QY9XK3n6TbbtPcEKVgljyTfwD5ymp+oMKfIYQC9JsN8mPADN5rjLFgC+xGceWLbcjoNsCJ7x2ZjyWRblSxoOU5qnzxEA3k3Bu+OkV+ZXcSbmgMWoQACg=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\\\",\\\"metadataTrustCheck\\\" : true }\"" + + " \"config\" : \"{\\\"metaDataLocation\\\" : \\\"zALgjEFJ7jJSwn2AOBH5H8CX93U=Rp5XH8eT0ek/vlFGzHgIFOeESchOwSYZ9oh4JA9WqQ0jJtvNQ9IttY2QY9XK3n6TbbtPcEKVgljyTfwD5ymp+oMKfIYQC9JsN8mPADN5rjLFgC+xGceWLbcjoNsCJ7x2ZjyWRblSxoOU5qnzxEA3k3Bu+OkV+ZXcSbmgMWoQACg=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\\\",\\\"metadataTrustCheck\\\" : true }\"" + "}"; } @@ -154,7 +154,7 @@ void createServiceProviderInvalidEntityId() throws Exception { " \"name\" : \"" + name + "\",\n" + " \"entityId\" : \"invalid.cloudfoundry-saml-login\",\n" + " \"active\" : true,\n" + - " \"config\" : \"{\\\"metaDataLocation\\\" : \\\"zALgjEFJ7jJSwn2AOBH5H8CX93U=Rp5XH8eT0ek/vlFGzHgIFOeESchOwSYZ9oh4JA9WqQ0jJtvNQ9IttY2QY9XK3n6TbbtPcEKVgljyTfwD5ymp+oMKfIYQC9JsN8mPADN5rjLFgC+xGceWLbcjoNsCJ7x2ZjyWRblSxoOU5qnzxEA3k3Bu+OkV+ZXcSbmgMWoQACg=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\\\",\\\"metadataTrustCheck\\\" : true }\"" + + " \"config\" : \"{\\\"metaDataLocation\\\" : \\\"zALgjEFJ7jJSwn2AOBH5H8CX93U=Rp5XH8eT0ek/vlFGzHgIFOeESchOwSYZ9oh4JA9WqQ0jJtvNQ9IttY2QY9XK3n6TbbtPcEKVgljyTfwD5ymp+oMKfIYQC9JsN8mPADN5rjLFgC+xGceWLbcjoNsCJ7x2ZjyWRblSxoOU5qnzxEA3k3Bu+OkV+ZXcSbmgMWoQACg=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\\\",\\\"metadataTrustCheck\\\" : true }\"" + "}"; mockMvc.perform(post("/saml/service-providers") .header("Authorization", "bearer" + adminToken) @@ -178,7 +178,7 @@ void createServiceProviderAttributeMappings() throws Exception { " \"name\" : \"" + name + "\",\n" + " \"entityId\" : \"" + name + ".cloudfoundry-saml-login\",\n" + " \"active\" : true,\n" + - " \"config\" : \"{\\\"metaDataLocation\\\" : \\\"zALgjEFJ7jJSwn2AOBH5H8CX93U=Rp5XH8eT0ek/vlFGzHgIFOeESchOwSYZ9oh4JA9WqQ0jJtvNQ9IttY2QY9XK3n6TbbtPcEKVgljyTfwD5ymp+oMKfIYQC9JsN8mPADN5rjLFgC+xGceWLbcjoNsCJ7x2ZjyWRblSxoOU5qnzxEA3k3Bu+OkV+ZXcSbmgMWoQACg=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\\\",\\\"metadataTrustCheck\\\" : true " + + " \"config\" : \"{\\\"metaDataLocation\\\" : \\\"zALgjEFJ7jJSwn2AOBH5H8CX93U=Rp5XH8eT0ek/vlFGzHgIFOeESchOwSYZ9oh4JA9WqQ0jJtvNQ9IttY2QY9XK3n6TbbtPcEKVgljyTfwD5ymp+oMKfIYQC9JsN8mPADN5rjLFgC+xGceWLbcjoNsCJ7x2ZjyWRblSxoOU5qnzxEA3k3Bu+OkV+ZXcSbmgMWoQACg=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\\\",\\\"metadataTrustCheck\\\" : true " + ", \\\"attributeMappings\\\": {\\\"given_name\\\" : \\\"firstname\\\"" + " ,\\\"family_name\\\" : \\\"lastname\\\"," + " \\\"phone_number\\\" : \\\"phone\\\" }" + @@ -202,7 +202,7 @@ void updateServiceProviderAttributeMappings() throws Exception { " \"name\" : \"" + name + "\",\n" + " \"entityId\" : \"" + name + ".cloudfoundry-saml-login\",\n" + " \"active\" : true,\n" + - " \"config\" : \"{\\\"metaDataLocation\\\" : \\\"zALgjEFJ7jJSwn2AOBH5H8CX93U=Rp5XH8eT0ek/vlFGzHgIFOeESchOwSYZ9oh4JA9WqQ0jJtvNQ9IttY2QY9XK3n6TbbtPcEKVgljyTfwD5ymp+oMKfIYQC9JsN8mPADN5rjLFgC+xGceWLbcjoNsCJ7x2ZjyWRblSxoOU5qnzxEA3k3Bu+OkV+ZXcSbmgMWoQACg=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\\\",\\\"metadataTrustCheck\\\" : true " + + " \"config\" : \"{\\\"metaDataLocation\\\" : \\\"zALgjEFJ7jJSwn2AOBH5H8CX93U=Rp5XH8eT0ek/vlFGzHgIFOeESchOwSYZ9oh4JA9WqQ0jJtvNQ9IttY2QY9XK3n6TbbtPcEKVgljyTfwD5ymp+oMKfIYQC9JsN8mPADN5rjLFgC+xGceWLbcjoNsCJ7x2ZjyWRblSxoOU5qnzxEA3k3Bu+OkV+ZXcSbmgMWoQACg=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\\\",\\\"metadataTrustCheck\\\" : true " + ", \\\"attributeMappings\\\": {\\\"given_name\\\" : \\\"firstname\\\"" + " ,\\\"family_name\\\" : \\\"lastname\\\"," + " \\\"phone_number\\\" : \\\"phone\\\" }" + diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/UaaSamlIDPEndpointDocs.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/UaaSamlIDPEndpointDocs.java index 7a4a1250d0e..b268e96e769 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/UaaSamlIDPEndpointDocs.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/UaaSamlIDPEndpointDocs.java @@ -124,7 +124,7 @@ void setup() throws Exception { " \"name\" : \"" + name + "\",\n" + " \"entityId\" : \"" + spEntityID + "\",\n" + " \"active\" : true,\n" + - " \"config\" : \"{\\\"enableIdpInitiatedSso\\\" : true,\\\"metaDataLocation\\\" : \\\"zALgjEFJ7jJSwn2AOBH5H8CX93U=Rp5XH8eT0ek/vlFGzHgIFOeESchOwSYZ9oh4JA9WqQ0jJtvNQ9IttY2QY9XK3n6TbbtPcEKVgljyTfwD5ymp+oMKfIYQC9JsN8mPADN5rjLFgC+xGceWLbcjoNsCJ7x2ZjyWRblSxoOU5qnzxEA3k3Bu+OkV+ZXcSbmgMWoQACg=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\\\"" + + " \"config\" : \"{\\\"enableIdpInitiatedSso\\\" : true,\\\"metaDataLocation\\\" : \\\"zALgjEFJ7jJSwn2AOBH5H8CX93U=Rp5XH8eT0ek/vlFGzHgIFOeESchOwSYZ9oh4JA9WqQ0jJtvNQ9IttY2QY9XK3n6TbbtPcEKVgljyTfwD5ymp+oMKfIYQC9JsN8mPADN5rjLFgC+xGceWLbcjoNsCJ7x2ZjyWRblSxoOU5qnzxEA3k3Bu+OkV+ZXcSbmgMWoQACg=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\\\"" + ",\\\"metadataTrustCheck\\\" : true " + ",\\\"attributeMappings\\\" : { \\\"given_name\\\" : \\\"firstname\\\", \\\"family_name\\\" : \\\"lastname\\\", \\\"phone_number\\\" : \\\"phone\\\" }" + "}\"" + diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/OpenIdConnectEndpointsMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/OpenIdConnectEndpointsMockMvcTests.java index 128980f047c..d6ee0ada9a3 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/OpenIdConnectEndpointsMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/OpenIdConnectEndpointsMockMvcTests.java @@ -65,7 +65,7 @@ void testWellKnownEndpoint() throws Exception { OpenIdConfiguration openIdConfiguration = JsonUtils.readValue(response.getContentAsString(), OpenIdConfiguration.class); assertNotNull(openIdConfiguration); - assertEquals("http://" + host + ":8080/uaa/oauth/token", openIdConfiguration.getIssuer()); + assertEquals("http://" + host + ":8080/oauth/token", openIdConfiguration.getIssuer()); assertEquals("http://" + host + "/oauth/authorize", openIdConfiguration.getAuthUrl()); assertEquals("http://" + host + "/oauth/token", openIdConfiguration.getTokenUrl()); assertArrayEquals(new String[]{"client_secret_basic", "client_secret_post"}, openIdConfiguration.getTokenAMR()); diff --git a/uaa/src/test/resources/integration_test_properties.yml b/uaa/src/test/resources/integration_test_properties.yml index ed6c0caad84..7fc85dddd18 100644 --- a/uaa/src/test/resources/integration_test_properties.yml +++ b/uaa/src/test/resources/integration_test_properties.yml @@ -17,13 +17,13 @@ jwt: uaa: # The hostname of the UAA that this login server will connect to - url: http://localhost:8080/uaa + url: http://localhost:8080 token: - url: http://localhost:8080/uaa/oauth/token + url: http://localhost:8080/oauth/token approvals: - url: http://localhost:8080/uaa/approvals + url: http://localhost:8080/approvals login: - url: http://localhost:8080/uaa/authenticate + url: http://localhost:8080/authenticate limitedFunctionality: enabled: false whitelist: @@ -104,7 +104,7 @@ oauth: - uaa.offline_token issuer: - uri: http://localhost:8080/uaa + uri: http://localhost:8080 login: @@ -146,8 +146,8 @@ login: KdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3oePe84k8jm3A7EvH5wi5hvCkK RpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0= -----END CERTIFICATE----- - url: http://localhost:8080/uaa - entityBaseURL: http://localhost:8080/uaa + url: http://localhost:8080 + entityBaseURL: http://localhost:8080 entityID: cloudfoundry-saml-login saml: #Entity ID Alias to login at /saml/SSO/alias/{login.saml.entityIDAlias} @@ -170,7 +170,7 @@ login: # URL metadata fetch - read timeout soTimeout: 10000 authorize: - url: http://localhost:8080/uaa/oauth/authorize + url: http://localhost:8080/oauth/authorize ldap: diff --git a/uaa/src/test/resources/session_frame_test.html b/uaa/src/test/resources/session_frame_test.html index 76a5042eb98..a795038c214 100644 --- a/uaa/src/test/resources/session_frame_test.html +++ b/uaa/src/test/resources/session_frame_test.html @@ -8,7 +8,7 @@ window.onload = function () { sessionFrame = document.getElementById('sessionFrame'); - sessionFrame.src = "http://localhost:8080/uaa/session?clientId=testClient&messageOrigin=" + encodeURIComponent(window.location.origin); + sessionFrame.src = "http://localhost:8080/session?clientId=testClient&messageOrigin=" + encodeURIComponent(window.location.origin); messageDiv = document.getElementById('message'); }; diff --git a/uaa/src/test/resources/test/config/uaa.yml b/uaa/src/test/resources/test/config/uaa.yml index 53972dbb8f8..dddd860cca9 100644 --- a/uaa/src/test/resources/test/config/uaa.yml +++ b/uaa/src/test/resources/test/config/uaa.yml @@ -1,7 +1,7 @@ uaa: - url: http://localhost:8080/uaa + url: http://localhost:8080 issuer: - uri: http://localhost:8080/uaa + uri: http://localhost:8080 encryption: active_key_label: key-1 encryption_keys: From e2923908d83a91e441160fb0da1ebf454c395491 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Thu, 5 Dec 2019 16:10:54 -0600 Subject: [PATCH 054/111] Run UAA at ROOT context - Fix TokenEndpointDocs [#170107012] --- .../cloudfoundry/identity/uaa/login/TokenEndpointDocs.java | 5 ++--- .../identity/uaa/test/JUnitRestDocumentationExtension.java | 2 +- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/TokenEndpointDocs.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/TokenEndpointDocs.java index 1b502195165..7410618fcb7 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/TokenEndpointDocs.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/TokenEndpointDocs.java @@ -414,7 +414,7 @@ void getTokenUsingSaml2BearerGrant() throws Exception { String subdomain = generator.generate().toLowerCase(); //all our SAML defaults use :8080 so we have to use that here too String host = subdomain + ".localhost"; - String fullPath = "/uaa/oauth/token/alias/" + subdomain + ".cloudfoundry-saml-login"; + String fullPath = "/oauth/token/alias/" + subdomain + ".cloudfoundry-saml-login"; String origin = subdomain + ".cloudfoundry-saml-login"; MockMvcUtils.IdentityZoneCreationResult zone = MockMvcUtils.createOtherIdentityZoneAndReturnResult(subdomain, mockMvc, this.webApplicationContext, null, IdentityZoneHolder.getCurrentZoneId()); @@ -447,7 +447,7 @@ void getTokenUsingSaml2BearerGrant() throws Exception { setUpClients(clientId, "uaa.none", "uaa.user,openid", GRANT_TYPE_SAML2_BEARER + ",password,refresh_token", true, TEST_REDIRECT_URI, null, 600, zone.getIdentityZone()); - //String fullPath = "/uaa/oauth/token"; + //String fullPath = "/oauth/token"; MockHttpServletRequestBuilder post = MockMvcRequestBuilders.post(fullPath) .with(request -> { request.setServerPort(8080); @@ -455,7 +455,6 @@ void getTokenUsingSaml2BearerGrant() throws Exception { request.setServerName(host); return request; }) - .contextPath("/uaa") .accept(APPLICATION_JSON) .header(HOST, host) .contentType(APPLICATION_FORM_URLENCODED) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/test/JUnitRestDocumentationExtension.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/test/JUnitRestDocumentationExtension.java index 71ce2913a77..be2d25dfede 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/test/JUnitRestDocumentationExtension.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/test/JUnitRestDocumentationExtension.java @@ -4,7 +4,7 @@ import org.springframework.restdocs.ManualRestDocumentation; public class JUnitRestDocumentationExtension implements BeforeEachCallback, AfterEachCallback, ParameterResolver { - ManualRestDocumentation restDocumentation = new ManualRestDocumentation(System.getProperty("docs.build.generated.snippets.dir")); + ManualRestDocumentation restDocumentation = new ManualRestDocumentation(System.getProperty("docs.build.generated.snippets.dir", "build/generated-snippets")); @Override public void beforeEach(ExtensionContext context) { From 9c1f29dcb36efd61b6bd59921f0af67e360cacbe Mon Sep 17 00:00:00 2001 From: UAA Team Date: Fri, 6 Dec 2019 15:27:20 -0800 Subject: [PATCH 055/111] Revert "Run UAA at ROOT context - Fix TokenEndpointDocs" This reverts commit e2923908d83a91e441160fb0da1ebf454c395491. --- .../cloudfoundry/identity/uaa/login/TokenEndpointDocs.java | 5 +++-- .../identity/uaa/test/JUnitRestDocumentationExtension.java | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/TokenEndpointDocs.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/TokenEndpointDocs.java index 7410618fcb7..1b502195165 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/TokenEndpointDocs.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/TokenEndpointDocs.java @@ -414,7 +414,7 @@ void getTokenUsingSaml2BearerGrant() throws Exception { String subdomain = generator.generate().toLowerCase(); //all our SAML defaults use :8080 so we have to use that here too String host = subdomain + ".localhost"; - String fullPath = "/oauth/token/alias/" + subdomain + ".cloudfoundry-saml-login"; + String fullPath = "/uaa/oauth/token/alias/" + subdomain + ".cloudfoundry-saml-login"; String origin = subdomain + ".cloudfoundry-saml-login"; MockMvcUtils.IdentityZoneCreationResult zone = MockMvcUtils.createOtherIdentityZoneAndReturnResult(subdomain, mockMvc, this.webApplicationContext, null, IdentityZoneHolder.getCurrentZoneId()); @@ -447,7 +447,7 @@ void getTokenUsingSaml2BearerGrant() throws Exception { setUpClients(clientId, "uaa.none", "uaa.user,openid", GRANT_TYPE_SAML2_BEARER + ",password,refresh_token", true, TEST_REDIRECT_URI, null, 600, zone.getIdentityZone()); - //String fullPath = "/oauth/token"; + //String fullPath = "/uaa/oauth/token"; MockHttpServletRequestBuilder post = MockMvcRequestBuilders.post(fullPath) .with(request -> { request.setServerPort(8080); @@ -455,6 +455,7 @@ void getTokenUsingSaml2BearerGrant() throws Exception { request.setServerName(host); return request; }) + .contextPath("/uaa") .accept(APPLICATION_JSON) .header(HOST, host) .contentType(APPLICATION_FORM_URLENCODED) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/test/JUnitRestDocumentationExtension.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/test/JUnitRestDocumentationExtension.java index be2d25dfede..71ce2913a77 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/test/JUnitRestDocumentationExtension.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/test/JUnitRestDocumentationExtension.java @@ -4,7 +4,7 @@ import org.springframework.restdocs.ManualRestDocumentation; public class JUnitRestDocumentationExtension implements BeforeEachCallback, AfterEachCallback, ParameterResolver { - ManualRestDocumentation restDocumentation = new ManualRestDocumentation(System.getProperty("docs.build.generated.snippets.dir", "build/generated-snippets")); + ManualRestDocumentation restDocumentation = new ManualRestDocumentation(System.getProperty("docs.build.generated.snippets.dir")); @Override public void beforeEach(ExtensionContext context) { From 65952b1b53b8d01cf93e68493a3f6ac85ad8a825 Mon Sep 17 00:00:00 2001 From: UAA Team Date: Fri, 6 Dec 2019 15:27:25 -0800 Subject: [PATCH 056/111] Revert "Using `./gradlew run` now uses ROOT context path" This reverts commit 46c476254dc1160ead10f71f73aa16fe8efd64ad. --- README.md | 6 +-- build.gradle | 3 +- docs/Sysadmin-Guide.rst | 2 +- docs/UAA-APIs.rst | 52 +++++++++---------- docs/UAA-Tokens.md | 4 +- docs/google-oidc-provider.md | 2 +- docs/login/Okta-README.md | 8 +-- docs/login/OpenAM-README.md | 4 +- .../identity/api/web/ApiController.java | 4 +- .../src/main/resources/application.properties | 4 +- .../main/webapp/WEB-INF/spring-servlet.xml | 4 +- .../identity/api/web/ServerRunning.java | 4 +- samples/app/README.md | 2 +- .../identity/app/web/HomeController.java | 2 +- .../application-local-vcap.properties | 8 +-- .../resources/application-local.properties | 12 ++--- .../application-ruby-local.properties | 6 +-- .../src/main/resources/application.properties | 12 ++--- .../identity/uaa/home/BuildInfo.java | 2 +- .../identity/uaa/util/UaaUrlUtils.java | 2 +- server/src/main/resources/spring/login-ui.xml | 4 +- .../identity/uaa/ServerRunning.java | 2 +- ...asswordGrantAuthenticationManagerTest.java | 14 ++--- .../uaa/cache/ExpiringUrlCacheTests.java | 2 +- .../uaa/login/AccountsControllerTest.java | 2 +- .../uaa/login/LoginInfoEndpointTests.java | 22 ++++---- .../uaa/mfa/MfaUiRequiredFilterTests.java | 2 +- .../uaa/oauth/CheckTokenEndpointTests.java | 14 ++--- .../DeprecatedUaaTokenServicesTests.java | 14 ++--- .../identity/uaa/oauth/TokenTestSupport.java | 4 +- .../uaa/oauth/TokenValidationServiceTest.java | 2 +- .../uaa/oauth/openid/IdTokenCreatorTest.java | 6 +-- .../IdentityProviderEndpointsTest.java | 2 +- ...thIdentityProviderConfigValidatorTest.java | 2 +- .../saml/ZoneAwareMetadataGeneratorTests.java | 4 +- .../uaa/provider/saml/idp/SamlTestUtils.java | 44 ++++++++-------- .../ZoneAwareIdpMetadataGeneratorTest.java | 2 +- .../identity/uaa/scim/util/ScimUtilsTest.java | 6 +-- .../uaa/util/TokenValidationTest.java | 8 +-- .../identity/uaa/util/UaaUrlUtilsTest.java | 12 ++--- .../HttpHeadersFilterRequestWrapperTest.java | 2 +- .../ServiceProviderModifiedEventTest.java | 2 +- .../resources/integration.test.properties | 2 +- .../integration/IntegrationTestUtils.java | 2 +- .../source/index.html.md.erb | 24 ++++----- .../main/resources/required_configuration.yml | 2 +- uaa/src/main/resources/uaa.yml | 16 +++--- .../main/webapp/WEB-INF/spring-servlet.xml | 6 +-- .../webapp/WEB-INF/spring/oauth-clients.xml | 8 +-- .../main/webapp/WEB-INF/spring/saml-idp.xml | 2 +- .../webapp/WEB-INF/spring/saml-providers.xml | 2 +- ...uthorizationCodeGrantIntegrationTests.java | 6 +-- .../ImplicitTokenGrantIntegrationTests.java | 2 +- .../LoginInfoEndpointIntegrationTests.java | 2 +- ...orizationWithApprovalIntegrationTests.java | 2 +- ...asswordChangeEndpointIntegrationTests.java | 2 +- .../PasswordGrantIntegrationTests.java | 2 +- .../RefreshTokenSupportIntegrationTests.java | 2 +- .../ScimUserEndpointsIntegrationTests.java | 16 +++--- .../integration/feature/CreateAccountIT.java | 4 +- .../feature/IdentityZoneNotAvailableIT.java | 6 +-- .../uaa/integration/feature/OIDCLoginIT.java | 4 +- .../uaa/integration/feature/SamlLoginIT.java | 2 +- .../feature/SamlLoginWithLocalIdpIT.java | 10 ++-- .../identity/uaa/login/TokenEndpointDocs.java | 4 +- .../mock/audit/AuditCheckMockMvcTests.java | 4 +- .../saml/SamlAuthenticationMockMvcTests.java | 20 +++---- .../token/JwtBearerGrantMockMvcTests.java | 2 +- .../uaa/mock/token/TokenMvcMockTests.java | 25 ++++----- .../mock/zones/IdentityZoneEndpointDocs.java | 2 +- .../IdentityZoneEndpointsMockMvcTests.java | 18 +++---- ...lServiceProviderEndpointsMockMvcTests.java | 8 +-- .../provider/saml/UaaSamlIDPEndpointDocs.java | 2 +- .../OpenIdConnectEndpointsMockMvcTests.java | 2 +- .../resources/integration_test_properties.yml | 16 +++--- .../test/resources/session_frame_test.html | 2 +- uaa/src/test/resources/test/config/uaa.yml | 4 +- 77 files changed, 275 insertions(+), 273 deletions(-) diff --git a/README.md b/README.md index 3e20e494f0d..d3a3e98add2 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ The authentication service is `uaa`. It's a plain Spring MVC webapp. Deploy as normal in Tomcat or your container of choice, or execute `./gradlew run` to run it directly from `uaa` directory in the source tree. When running with gradle it listens on port 8080 and the URL is -`http://localhost:8080` +`http://localhost:8080/uaa` The UAA Server supports the APIs defined in the UAA-APIs document. To summarise: @@ -82,7 +82,7 @@ If this works you are in business: The apps all work together with the apps running on the same port -(8080) as [`/uaa`](http://localhost:8080), [`/app`](http://localhost:8080/app) and [`/api`](http://localhost:8080/api). +(8080) as [`/uaa`](http://localhost:8080/uaa), [`/app`](http://localhost:8080/app) and [`/api`](http://localhost:8080/api). UAA will log to a file called `uaa.log` which can be found using the following command:- @@ -101,7 +101,7 @@ First run the UAA server as described above: From another terminal you can use curl to verify that UAA has started by requesting system information: - $ curl -H "Accept: application/json" localhost:8080/login + $ curl -H "Accept: application/json" localhost:8080/uaa/login { "timestamp":"2012-03-28T18:25:49+0100", "commit_id":"111274e", diff --git a/build.gradle b/build.gradle index 73c8210e206..511002f27ec 100644 --- a/build.gradle +++ b/build.gradle @@ -167,7 +167,7 @@ cargo { deployable { file = file("uaa/build/libs/cloudfoundry-identity-uaa-" + version + ".war") - context = "/" + context = "uaa" } local { @@ -235,6 +235,7 @@ task integrationTest(dependsOn: subprojects.integrationTest) { finalizedBy cargoStopLocal } + // task dependencies assemble.dependsOn subprojects.assemble test.dependsOn subprojects.test diff --git a/docs/Sysadmin-Guide.rst b/docs/Sysadmin-Guide.rst index 620021a58b8..8fc05b6ca1f 100644 --- a/docs/Sysadmin-Guide.rst +++ b/docs/Sysadmin-Guide.rst @@ -301,7 +301,7 @@ cf and uaac each need a target. cf points to a cloud controller and uaac to a ua cf target api.cf116.dev.las01.vcsops.com uaac target uaa.cf116.dev.las01.vcsops.com # dev deployment uaac target uaa.cfpartners.cloudfoundry.com # production - uaac target localhost:8080 # local dev + uaac target localhost:8080/uaa # local dev uaac context will contain clients or an end user id. These are added to your context after authenticating. diff --git a/docs/UAA-APIs.rst b/docs/UAA-APIs.rst index 70c70557581..e742242db5f 100644 --- a/docs/UAA-APIs.rst +++ b/docs/UAA-APIs.rst @@ -268,10 +268,10 @@ Browser Requests Code: ``GET /oauth/authorize`` *Sample curl commands for this flow* -* ``curl -v "http://localhost:8080/oauth/authorize?response_type=code&client_id=app&scope=password.write&redirect_uri=http%3A%2F%2Fwww.example.com%2Fcallback" --cookie cookies.txt --cookie-jar cookies.txt`` -* ``curl -v http://localhost:8080/login.do -H "Referer: http://login.cloudfoundry.example.com/login" -H "Accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -d "username=marissa&password=koala&X-Uaa-Csrf=abcdef" --cookie cookies.txt --cookie-jar cookies.txt`` -* ``curl -v "http://localhost:8080/oauth/authorize?response_type=code&client_id=app&scope=password.write&redirect_uri=http%3A%2F%2Fwww.example.com%2Fcallback" --cookie cookies.txt --cookie-jar cookies.txt`` -* ``curl -v http://localhost:8080/oauth/authorize -d "scope.0=scope.password.write&user_oauth_approval=true" --cookie cookies.txt --cookie-jar cookies.txt`` +* ``curl -v "http://localhost:8080/uaa/oauth/authorize?response_type=code&client_id=app&scope=password.write&redirect_uri=http%3A%2F%2Fwww.example.com%2Fcallback" --cookie cookies.txt --cookie-jar cookies.txt`` +* ``curl -v http://localhost:8080/uaa/login.do -H "Referer: http://login.cloudfoundry.example.com/login" -H "Accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -d "username=marissa&password=koala&X-Uaa-Csrf=abcdef" --cookie cookies.txt --cookie-jar cookies.txt`` +* ``curl -v "http://localhost:8080/uaa/oauth/authorize?response_type=code&client_id=app&scope=password.write&redirect_uri=http%3A%2F%2Fwww.example.com%2Fcallback" --cookie cookies.txt --cookie-jar cookies.txt`` +* ``curl -v http://localhost:8080/uaa/oauth/authorize -d "scope.0=scope.password.write&user_oauth_approval=true" --cookie cookies.txt --cookie-jar cookies.txt`` Non-Browser Requests Code: ``GET /oauth/authorize`` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -305,10 +305,10 @@ URI. *Sample curl commands for this flow* -* ``curl -v -H "Accept:application/json" "http://localhost:8080/oauth/authorize?response_type=code&client_id=app&scope=password.write&redirect_uri=http%3A%2F%2Fwww.example.com%2Fcallback" --cookie cookies.txt --cookie-jar cookies.txt`` -* ``curl -v -H "Accept:application/json" http://localhost:8080/login.do -H "Referer: http://login.cloudfoundry.example.com/login" -H "Accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -d "username=marissa&password=koala&X-Uaa-Csrf=abcdef" --cookie cookies.txt --cookie-jar cookies.txt`` -* ``curl -v -H "Accept:application/json" "http://localhost:8080/oauth/authorize?response_type=code&client_id=app&scope=password.write&redirect_uri=http%3A%2F%2Fwww.example.com%2Fcallback" --cookie cookies.txt --cookie-jar cookies.txt`` -* ``curl -v -H "Accept:application/json" http://localhost:8080/oauth/authorize -d "scope.0=scope.password.write&user_oauth_approval=true" --cookie cookies.txt --cookie-jar cookies.txt`` +* ``curl -v -H "Accept:application/json" "http://localhost:8080/uaa/oauth/authorize?response_type=code&client_id=app&scope=password.write&redirect_uri=http%3A%2F%2Fwww.example.com%2Fcallback" --cookie cookies.txt --cookie-jar cookies.txt`` +* ``curl -v -H "Accept:application/json" http://localhost:8080/uaa/login.do -H "Referer: http://login.cloudfoundry.example.com/login" -H "Accept: application/json" -H "Content-Type: application/x-www-form-urlencoded" -d "username=marissa&password=koala&X-Uaa-Csrf=abcdef" --cookie cookies.txt --cookie-jar cookies.txt`` +* ``curl -v -H "Accept:application/json" "http://localhost:8080/uaa/oauth/authorize?response_type=code&client_id=app&scope=password.write&redirect_uri=http%3A%2F%2Fwww.example.com%2Fcallback" --cookie cookies.txt --cookie-jar cookies.txt`` +* ``curl -v -H "Accept:application/json" http://localhost:8080/uaa/oauth/authorize -d "scope.0=scope.password.write&user_oauth_approval=true" --cookie cookies.txt --cookie-jar cookies.txt`` API Authorization Requests Code: ``GET /oauth/authorize`` (non standard /oauth/authorize) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ @@ -346,8 +346,8 @@ API Authorization Requests Code: ``GET /oauth/authorize`` (non standard /oauth/a *Sample curl commands for this flow* -* curl -v -H"Authorization: Bearer $TOKEN" "http://localhost:8080/oauth/authorize?grant_type=authorization_code&client_id=identity&state=mystate&response_type=code&redirect_uri=http://localhost" -* TOKEN can be fetched by: curl -v -XPOST -H"Application/json" -u "cf:" --data "username=marissa&password=koala&client_id=cf&grant_type=password" http://localhost:8080/oauth/token +* curl -v -H"Authorization: Bearer $TOKEN" "http://localhost:8080/uaa/oauth/authorize?grant_type=authorization_code&client_id=identity&state=mystate&response_type=code&redirect_uri=http://localhost" +* TOKEN can be fetched by: curl -v -XPOST -H"Application/json" -u "cf:" --data "username=marissa&password=koala&client_id=cf&grant_type=password" http://localhost:8080/uaa/oauth/token Client Obtains Token: ``POST /oauth/token`` @@ -939,7 +939,7 @@ Curl Example POST (Token contains ``zones.write`` scope) :: -H"Accept:application/json" \ -H"Content-Type:application/json" \ -XPOST \ - http://localhost:8080/identity-zones + http://localhost:8080/uaa/identity-zones PUT (Token contains ``zones.write`` scope) :: @@ -947,7 +947,7 @@ Curl Example POST (Token contains ``zones.write`` scope) :: -d '{"id":"testzone1","subdomain":"testzone-1","name":"The Twiglet Dash Zone","description":"Like the Twilight Zone but tastier."}' \ -H"Accept:application/json" \ -H"Content-Type:application/json" \ - -XPUT http://localhost:8080/identity-zones/testzone1 + -XPUT http://localhost:8080/uaa/identity-zones/testzone1 ================ ============================================================================================================= @@ -958,7 +958,7 @@ Sequential example of creating a zone and creating an admin client in that zone ------------------------------------------------------------------------------- Example:: - uaac target http://localhost:8080 + uaac target http://localhost:8080/uaa uaac token client get admin -s adminsecret @@ -970,7 +970,7 @@ Example:: uaac -t curl -H"X-Identity-Zone-Id:testzone1" -XPOST -H"Content-Type:application/json" -H"Accept:application/json" --data '{ "client_id" : "admin", "client_secret" : "adminsecret", "scope" : ["uaa.none"], "resource_ids" : ["none"], "authorities" : ["uaa.admin","clients.read","clients.write","clients.secret","scim.read","scim.write","clients.admin"], "authorized_grant_types" : ["client_credentials"]}' /oauth/clients - uaac target http://testzone1.localhost:8080 + uaac target http://testzone1.localhost:8080/uaa uaac token client get admin -s adminsecret @@ -1136,7 +1136,7 @@ Curl Example POST (Token contains ``zones.write`` scope) :: curl -v -H"Authorization:Bearer $TOKEN" \ -XPOST -H'Content-type: application/json' \ -d '{"client_id" : "limited-client", "client_secret" : "limited-client-secret", "authorized_grant_types" : ["authorization_code"],"scope" : ["openid"],"authorities" : ["uaa.resource"], "allowedproviders" : ["uaa"]}' \ - http://localhost:8080/identity-zones/testzone1/clients + http://localhost:8080/uaa/identity-zones/testzone1/clients ================ ==================================================================================================================================================== @@ -1175,7 +1175,7 @@ Response body *example* :: Curl Example POST (Token contains ``zones.write`` scope) :: :: - curl -v -H"Authorization:Bearer $TOKEN" -XDELETE http://localhost:8080/identity-zones/testzone1/clients/limited-client + curl -v -H"Authorization:Bearer $TOKEN" -XDELETE http://localhost:8080/uaa/identity-zones/testzone1/clients/limited-client ================ ======================================================================================== @@ -1204,7 +1204,7 @@ A zone administrator has the scope ``zones.{zone id}.admin`` scope. In this exam * Target the UAA and get a token for the ``identity`` client :: - uaac target http://localhost:8080 + uaac target http://localhost:8080/uaa uaac token client get identity -s identitysecret * Create the ``testzone1`` zone @@ -1400,7 +1400,7 @@ Curl Example POST (Creating a SAML provider):: -H"Content-Type:application/json" \ -H"X-Identity-Zone-Id:testzone1" \ -d '{"originKey":"simplesamlphp","name":"simplesamlphp for testzone1","type":"saml","config":"{\"metaDataLocation\":\"\\n\\n \\n \\n begl1WVCsXSn7iHixtWPP8d/X+k=BmbKqA3A0oSLcn5jImz/l5WbpVXj+8JIpT/ENWjOjSd/gcAsZm1QvYg+RxYPBk+iV2bBxD+/yAE/w0wibsHrl0u9eDhoMRUJBUSmeyuN1lYzBuoVa08PdAGtb5cGm4DMQT5Rzakb1P0hhEPPEDDHgTTxop89LUu6xx97t2Q03Khy8mXEmBmNt2NlFxJPNt0FwHqLKOHRKBOE/+BpswlBocjOQKFsI9tG3TyjFC68mM2jo0fpUQCgj5ZfhzolvS7z7c6V201d9Tqig0/mMFFJLTN8WuZPavw22AJlMjsDY9my+4R9HKhK5U53DhcTeECs9fb4gd7p5BJy4vVp7tqqOg==\\nMIIEEzCCAvugAwIBAgIJAIc1qzLrv+5nMA0GCSqGSIb3DQEBCwUAMIGfMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ08xFDASBgNVBAcMC0Nhc3RsZSBSb2NrMRwwGgYDVQQKDBNTYW1sIFRlc3RpbmcgU2VydmVyMQswCQYDVQQLDAJJVDEgMB4GA1UEAwwXc2ltcGxlc2FtbHBocC5jZmFwcHMuaW8xIDAeBgkqhkiG9w0BCQEWEWZoYW5pa0BwaXZvdGFsLmlvMB4XDTE1MDIyMzIyNDUwM1oXDTI1MDIyMjIyNDUwM1owgZ8xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDTzEUMBIGA1UEBwwLQ2FzdGxlIFJvY2sxHDAaBgNVBAoME1NhbWwgVGVzdGluZyBTZXJ2ZXIxCzAJBgNVBAsMAklUMSAwHgYDVQQDDBdzaW1wbGVzYW1scGhwLmNmYXBwcy5pbzEgMB4GCSqGSIb3DQEJARYRZmhhbmlrQHBpdm90YWwuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4cn62E1xLqpN34PmbrKBbkOXFjzWgJ9b+pXuaRft6A339uuIQeoeH5qeSKRVTl32L0gdz2ZivLwZXW+cqvftVW1tvEHvzJFyxeTW3fCUeCQsebLnA2qRa07RkxTo6Nf244mWWRDodcoHEfDUSbxfTZ6IExSojSIU2RnD6WllYWFdD1GFpBJOmQB8rAc8wJIBdHFdQnX8Ttl7hZ6rtgqEYMzYVMuJ2F2r1HSU1zSAvwpdYP6rRGFRJEfdA9mm3WKfNLSc5cljz0X/TXy0vVlAV95l9qcfFzPmrkNIst9FZSwpvB49LyAVke04FQPPwLgVH4gphiJH3jvZ7I+J5lS8VAgMBAAGjUDBOMB0GA1UdDgQWBBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAfBgNVHSMEGDAWgBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAvMS4EQeP/ipV4jOG5lO6/tYCb/iJeAduOnRhkJk0DbX329lDLZhTTL/x/w/9muCVcvLrzEp6PN+VWfw5E5FWtZN0yhGtP9R+vZnrV+oc2zGD+no1/ySFOe3EiJCO5dehxKjYEmBRv5sU/LZFKZpozKN/BMEa6CqLuxbzb7ykxVr7EVFXwltPxzE9TmL9OACNNyF5eJHWMRMllarUvkcXlh4pux4ks9e6zV9DQBy2zds9f1I3qxg0eX6JnGrXi/ZiCT+lJgVe3ZFXiejiLAiKB04sXW3ti0LW3lx13Y1YlQ4/tlpgTgfIJxKV6nyPiLoK0nywbMd+vpAirDt2Oc+hk\\n \\n \\n \\n \\n MIIEEzCCAvugAwIBAgIJAIc1qzLrv+5nMA0GCSqGSIb3DQEBCwUAMIGfMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ08xFDASBgNVBAcMC0Nhc3RsZSBSb2NrMRwwGgYDVQQKDBNTYW1sIFRlc3RpbmcgU2VydmVyMQswCQYDVQQLDAJJVDEgMB4GA1UEAwwXc2ltcGxlc2FtbHBocC5jZmFwcHMuaW8xIDAeBgkqhkiG9w0BCQEWEWZoYW5pa0BwaXZvdGFsLmlvMB4XDTE1MDIyMzIyNDUwM1oXDTI1MDIyMjIyNDUwM1owgZ8xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDTzEUMBIGA1UEBwwLQ2FzdGxlIFJvY2sxHDAaBgNVBAoME1NhbWwgVGVzdGluZyBTZXJ2ZXIxCzAJBgNVBAsMAklUMSAwHgYDVQQDDBdzaW1wbGVzYW1scGhwLmNmYXBwcy5pbzEgMB4GCSqGSIb3DQEJARYRZmhhbmlrQHBpdm90YWwuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4cn62E1xLqpN34PmbrKBbkOXFjzWgJ9b+pXuaRft6A339uuIQeoeH5qeSKRVTl32L0gdz2ZivLwZXW+cqvftVW1tvEHvzJFyxeTW3fCUeCQsebLnA2qRa07RkxTo6Nf244mWWRDodcoHEfDUSbxfTZ6IExSojSIU2RnD6WllYWFdD1GFpBJOmQB8rAc8wJIBdHFdQnX8Ttl7hZ6rtgqEYMzYVMuJ2F2r1HSU1zSAvwpdYP6rRGFRJEfdA9mm3WKfNLSc5cljz0X/TXy0vVlAV95l9qcfFzPmrkNIst9FZSwpvB49LyAVke04FQPPwLgVH4gphiJH3jvZ7I+J5lS8VAgMBAAGjUDBOMB0GA1UdDgQWBBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAfBgNVHSMEGDAWgBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAvMS4EQeP/ipV4jOG5lO6/tYCb/iJeAduOnRhkJk0DbX329lDLZhTTL/x/w/9muCVcvLrzEp6PN+VWfw5E5FWtZN0yhGtP9R+vZnrV+oc2zGD+no1/ySFOe3EiJCO5dehxKjYEmBRv5sU/LZFKZpozKN/BMEa6CqLuxbzb7ykxVr7EVFXwltPxzE9TmL9OACNNyF5eJHWMRMllarUvkcXlh4pux4ks9e6zV9DQBy2zds9f1I3qxg0eX6JnGrXi/ZiCT+lJgVe3ZFXiejiLAiKB04sXW3ti0LW3lx13Y1YlQ4/tlpgTgfIJxKV6nyPiLoK0nywbMd+vpAirDt2Oc+hk\\n \\n \\n \\n \\n \\n \\n MIIEEzCCAvugAwIBAgIJAIc1qzLrv+5nMA0GCSqGSIb3DQEBCwUAMIGfMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ08xFDASBgNVBAcMC0Nhc3RsZSBSb2NrMRwwGgYDVQQKDBNTYW1sIFRlc3RpbmcgU2VydmVyMQswCQYDVQQLDAJJVDEgMB4GA1UEAwwXc2ltcGxlc2FtbHBocC5jZmFwcHMuaW8xIDAeBgkqhkiG9w0BCQEWEWZoYW5pa0BwaXZvdGFsLmlvMB4XDTE1MDIyMzIyNDUwM1oXDTI1MDIyMjIyNDUwM1owgZ8xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDTzEUMBIGA1UEBwwLQ2FzdGxlIFJvY2sxHDAaBgNVBAoME1NhbWwgVGVzdGluZyBTZXJ2ZXIxCzAJBgNVBAsMAklUMSAwHgYDVQQDDBdzaW1wbGVzYW1scGhwLmNmYXBwcy5pbzEgMB4GCSqGSIb3DQEJARYRZmhhbmlrQHBpdm90YWwuaW8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4cn62E1xLqpN34PmbrKBbkOXFjzWgJ9b+pXuaRft6A339uuIQeoeH5qeSKRVTl32L0gdz2ZivLwZXW+cqvftVW1tvEHvzJFyxeTW3fCUeCQsebLnA2qRa07RkxTo6Nf244mWWRDodcoHEfDUSbxfTZ6IExSojSIU2RnD6WllYWFdD1GFpBJOmQB8rAc8wJIBdHFdQnX8Ttl7hZ6rtgqEYMzYVMuJ2F2r1HSU1zSAvwpdYP6rRGFRJEfdA9mm3WKfNLSc5cljz0X/TXy0vVlAV95l9qcfFzPmrkNIst9FZSwpvB49LyAVke04FQPPwLgVH4gphiJH3jvZ7I+J5lS8VAgMBAAGjUDBOMB0GA1UdDgQWBBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAfBgNVHSMEGDAWgBTTyP6Cc5HlBJ5+ucVCwGc5ogKNGzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAvMS4EQeP/ipV4jOG5lO6/tYCb/iJeAduOnRhkJk0DbX329lDLZhTTL/x/w/9muCVcvLrzEp6PN+VWfw5E5FWtZN0yhGtP9R+vZnrV+oc2zGD+no1/ySFOe3EiJCO5dehxKjYEmBRv5sU/LZFKZpozKN/BMEa6CqLuxbzb7ykxVr7EVFXwltPxzE9TmL9OACNNyF5eJHWMRMllarUvkcXlh4pux4ks9e6zV9DQBy2zds9f1I3qxg0eX6JnGrXi/ZiCT+lJgVe3ZFXiejiLAiKB04sXW3ti0LW3lx13Y1YlQ4/tlpgTgfIJxKV6nyPiLoK0nywbMd+vpAirDt2Oc+hk\\n \\n \\n \\n \\n urn:oasis:names:tc:SAML:2.0:nameid-format:transient\\n \\n \\n \\n Filip\\n Hanik\\n fhanik@pivotal.io\\n \\n\",\"idpEntityAlias\":\"simplesamlphp\",\"zoneId\":\"testzone1\",\"nameID\":\"urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress\",\"assertionConsumerIndex\":0,\"metadataTrustCheck\":false,\"showSamlLink\":true,\"socketFactoryClassName\":\"org.apache.commons.httpclient.protocol.DefaultProtocolSocketFactory\",\"linkText\":\"Login with TestZone1 Simple SAML PHP\",\"iconUrl\":null}","active":true,"identityZoneId":"testzone1"}' \ - http://localhost:8080/identity-providers + http://localhost:8080/uaa/identity-providers Curl Example POST (Creating a OAuth provider):: curl -v -H"Authorization:Bearer $TOKEN" \ @@ -1409,7 +1409,7 @@ Curl Example POST (Creating a OAuth provider):: -H"Content-Type:application/json" \ -H"X-Identity-Zone-Id:testzone1" \ -d '{"originKey":"my-oauth-provider","name":"oauth-provider","type":"oauth","config":"{\"authUrl\":\"http://auth.url\",\"tokenUrl\":\"http://token.url\",\"tokenKey\":\"my-token-key\",\"alias\":\"oauth-idp-alias\",\"linkText\":\"My Oauth\",\"showLinkText\":true,\"skipSslValidation\":false,\"relyingPartyId\":\"my-uaa\",\"relyingPartySecret\":\"secret\"}"}' \ - http://localhost:8080/identity-providers + http://localhost:8080/uaa/identity-providers Curl Example POST (Creating an LDAP provider):: @@ -1418,7 +1418,7 @@ Curl Example POST (Creating an LDAP provider):: -H"Content-Type:application/json" \ -H"X-Identity-Zone-Id:testzone1" \ -d '{"originKey":"ldap","name":"myldap for testzone1","type":"ldap","config":"{\"baseUrl\":\"ldaps://localhost:33636\",\"skipSSLVerification\":true,\"bindUserDn\":\"cn=admin,ou=Users,dc=test,dc=com\",\"bindPassword\":\"adminsecret\",\"userSearchBase\":\"dc=test,dc=com\",\"userSearchFilter\":\"cn={0}\",\"groupSearchBase\":\"ou=scopes,dc=test,dc=com\",\"groupSearchFilter\":\"member={0}\",\"mailAttributeName\":\"mail\",\"mailSubstitute\":null,\"ldapProfileFile\":\"ldap/ldap-search-and-bind.xml\",\"ldapGroupFile\":\"ldap/ldap-groups-map-to-scopes.xml\",\"mailSubstituteOverridesLdap\":false,\"autoAddGroups\":true,\"groupSearchSubTree\":true,\"maxGroupSearchDepth\":10,\"emailDomain\":[\"example.com\",\"another.example.com\"]}",\"attributeMappings\":{"phone_number":"phone","given_name":"firstName","external_groups":"roles","family_name":"lastName","email":"email"},"externalGroupsWhitelist":["admin","user"],"active":true,"identityZoneId":"testzone1"}' \ - http://localhost:8080/identity-providers + http://localhost:8080/uaa/identity-providers Curl Example PUT (Updating a UAA provider):: @@ -1427,7 +1427,7 @@ Curl Example PUT (Updating a UAA provider):: -H"Content-Type:application/json" \ -H"X-Identity-Zone-Id:testzone1" \ -d '{"originKey":"uaa","name":"uaa","type":"uaa","config":"{\"passwordPolicy\":{\"minLength\":6,\"maxLength\":128,\"requireUpperCaseCharacter\":1,\"requireLowerCaseCharacter\":1,\"requireDigit\":1,\"requireSpecialCharacter\":0,\"expirePasswordInMonths\":0}}"' \ - http://localhost:8080/identity-providers/[identity_provider_id] + http://localhost:8080/uaa/identity-providers/[identity_provider_id] ================ ========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================== @@ -1485,7 +1485,7 @@ Curl Example POST (Testing an LDAP provider):: -H"Content-Type:application/json" \ -H"X-Identity-Zone-Id:testzone1" \ -d '{"provider":{"id":null,"originKey":"ldap","name":"Test ldap provider","type":"ldap","config":"{\"baseUrl\":\"ldap://localhost:33389\",\"bindUserDn\":\"cn=admin,ou=Users,dc=test,dc=com\",\"bindPassword\":\"adminsecret\",\"userSearchBase\":\"dc=test,dc=com\",\"userSearchFilter\":\"cn={0}\",\"groupSearchBase\":\"ou=scopes,dc=test,dc=com\",\"groupSearchFilter\":\"member={0}\",\"mailAttributeName\":\"mail\",\"mailSubstitute\":null,\"ldapProfileFile\":\"ldap/ldap-search-and-bind.xml\",\"ldapGroupFile\":\"ldap/ldap-groups-map-to-scopes.xml\",\"mailSubstituteOverridesLdap\":false,\"autoAddGroups\":true,\"groupSearchSubTree\":true,\"maxGroupSearchDepth\":10}","version":0,"created":1427829319730,"active":true,"identityZoneId":"testzone1","last_modified":1427829319730},"credentials":{"username":"marissa2","password":"ldap"}}' \ - http://localhost:8080/identity-providers/test + http://localhost:8080/uaa/identity-providers/test ================ ========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================== @@ -1626,7 +1626,7 @@ Curl Example POST Create a user:: -XPOST -H"Accept:application/json" -H"Content-Type:application/json" --data '{"userName":"JOE_tpcqlm","name":{"formatted":"Joe User","familyName":"User","givenName":"Joe"},"emails":[{"value":"joe@blah.com"}]}' - http://localhost:8080/Users + http://localhost:8080/uaa/Users ================ ========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================== @@ -1730,7 +1730,7 @@ Curl Example PUT Create a user:: -H"Accept:application/json" -H"Content-Type:application/json" --data '{"userName":"JOE_tpcqlsm","name":{"formatted":"Joe User","familyName":"User","givenName":"Joe"},"emails":[{"value":"joe@blah.com"}]}' - http://localhost:8080/Users/24c1c1a9-9b30-4eaa-b8e3-d2e1aabf1dc7 + http://localhost:8080/uaa/Users/24c1c1a9-9b30-4eaa-b8e3-d2e1aabf1dc7 ================ ========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================== @@ -1829,7 +1829,7 @@ Curl Example PATCH Update a user:: -H"Accept:application/json" -H"Content-Type:application/json" --data '{"name":{"formatted":"Joe User","familyName":"User","givenName":"Joe"}}' - http://localhost:8080/Users/24c1c1a9-9b30-4eaa-b8e3-d2e1aabf1dc7 + http://localhost:8080/uaa/Users/24c1c1a9-9b30-4eaa-b8e3-d2e1aabf1dc7 ================ ========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================== @@ -1897,7 +1897,7 @@ Curl Example DELETE Delete a user:: -H"Authorization: Bearer $TOKEN" -XDELETE -H"Accept:application/json" - http://localhost:8080/Users/24c1c1a9-9b30-4eaa-b8e3-d2e1aabf1dc7 + http://localhost:8080/uaa/Users/24c1c1a9-9b30-4eaa-b8e3-d2e1aabf1dc7 ================ ========================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================================== diff --git a/docs/UAA-Tokens.md b/docs/UAA-Tokens.md index c8b97f5ba4e..c8b23061c41 100644 --- a/docs/UAA-Tokens.md +++ b/docs/UAA-Tokens.md @@ -21,7 +21,7 @@ This step requires that you have Java 1.7 or higher installed. You now have a UAA server running. There is a Ruby gem called cf-uaac, that one can use to communicate with the UAA. But for sake of clarity, we will use ```curl``` commands. - curl -v -d"username=marissa&password=koala&client_id=app&grant_type=password" -u "app:appclientsecret" http://localhost:8080/oauth/token + curl -v -d"username=marissa&password=koala&client_id=app&grant_type=password" -u "app:appclientsecret" http://localhost:8080/uaa/oauth/token This yields a return token @@ -46,7 +46,7 @@ More on Tokens can be found [here](https://developers.google.com/accounts/docs/O "user_id": "7f791ea9-99b9-423d-988b-931f0222a79f", "sub": "7f791ea9-99b9-423d-988b-931f0222a79f", "cid": "app", - "iss": "http://localhost:8080/oauth/token", + "iss": "http://localhost:8080/uaa/oauth/token", "jti": "bc3e7456-91f5-4961-b88d-db705626ba77", "client_id": "app", "iat": 1406568935, diff --git a/docs/google-oidc-provider.md b/docs/google-oidc-provider.md index f47437d2e72..4bfad0b65fd 100644 --- a/docs/google-oidc-provider.md +++ b/docs/google-oidc-provider.md @@ -18,7 +18,7 @@ Please refer to 'https://accounts.google.com/.well-known/openid-configuration' f tokenUrl: https://www.googleapis.com/oauth2/v4/token tokenKeyUrl: https://www.googleapis.com/oauth2/v3/certs issuer: https://accounts.google.com - redirectUrl: http://localhost:8080 + redirectUrl: http://localhost:8080/uaa scopes: - openid - email diff --git a/docs/login/Okta-README.md b/docs/login/Okta-README.md index cf89b17a419..59083d57811 100644 --- a/docs/login/Okta-README.md +++ b/docs/login/Okta-README.md @@ -5,7 +5,7 @@ It assumes that you have a SAML application setup on Okta Preview with admin rig ##Pivotal Preview and Standalone Login Server The UAA comes with with a `sample-okta-metadata.xml` file -that will redirect your SAML request back to http://localhost:8080 +that will redirect your SAML request back to http://localhost:8080/uaa This configuration requires you to have an account on https://pivotal.oktapreview.com @@ -36,7 +36,7 @@ Test SAML authentication - a) Go to http://localhost:8080/login - b) Click `Okta Preview 1` - c) Authenticate on the Okta server - - d) You should be redirected to 'localhost:8080' and be signed in with your credentials (email address) + - d) You should be redirected to 'localhost:8080/uaa' and be signed in with your credentials (email address) ##Pivotal Preview - Configure Custom Application To configure a custom redirect URL on the https://pivotal.oktapreview.com @@ -68,7 +68,7 @@ Configure Okta to have UAA as a service that wishes to authenticate - a) Go to your Okta application and click on the 'General' tab - b) Edit the SAML settings - - c) Fill in the 'SingleSignOnURL' field with 'http://localhost:8080/saml/SSO/alias/cloudfoundry-saml-login' + - c) Fill in the 'SingleSignOnURL' field with 'http://localhost:8080/uaa/saml/SSO/alias/cloudfoundry-saml-login' and select 'Use this for Recipient URL and Destination URL' - d) Fill in the 'Audience URI' field with 'cloudfoundry-saml-login' which is the entityID for the UAA This field can be set using login.entityID or login.saml.entityIDAlias. If the login.entityID is a URL, the alias @@ -81,7 +81,7 @@ Test SAML authentication - a) Go to 'My Applications' on Octa Preview - b) Click on your SAML application - - c) You should be redirected to 'localhost:8080' and be signed in with your credentials + - c) You should be redirected to 'localhost:8080/uaa' and be signed in with your credentials diff --git a/docs/login/OpenAM-README.md b/docs/login/OpenAM-README.md index 38d4a1ccaac..9130ba21409 100644 --- a/docs/login/OpenAM-README.md +++ b/docs/login/OpenAM-README.md @@ -66,7 +66,7 @@ Configure and start UAA Configure OpenAM to have UAA as a service that wishes to authenticate - a) Click 'register a service provider' - - b) Put the 'http://localhost:8080/saml/metadata' as the URL + - b) Put the 'http://localhost:8080/uaa/saml/metadata' as the URL - c) Click 'Configure' ###Step 7 @@ -83,6 +83,6 @@ Create a SAML user ###Step 8 Test SAML Authentication - - a) Go to http://localhost:8080 + - a) Go to http://localhost:8080/uaa - b) Click "Use your corporate credentials" (or the link name you configured in login.yml) - c) Sign in with the user you created diff --git a/samples/api/src/main/java/org/cloudfoundry/identity/api/web/ApiController.java b/samples/api/src/main/java/org/cloudfoundry/identity/api/web/ApiController.java index 80d6d4b6b6c..54432167835 100644 --- a/samples/api/src/main/java/org/cloudfoundry/identity/api/web/ApiController.java +++ b/samples/api/src/main/java/org/cloudfoundry/identity/api/web/ApiController.java @@ -24,8 +24,8 @@ public class ApiController { private String infoResource; - private String loginUrl = "http://localhost:8080"; - private String uaaUrl = "http://localhost:8080"; + private String loginUrl = "http://localhost:8080/uaa"; + private String uaaUrl = "http://localhost:8080/uaa"; /** * @param loginUrl the loginUrl to set diff --git a/samples/api/src/main/resources/application.properties b/samples/api/src/main/resources/application.properties index a548f09c9ee..eb42e2221cd 100755 --- a/samples/api/src/main/resources/application.properties +++ b/samples/api/src/main/resources/application.properties @@ -12,5 +12,5 @@ ############################################################################### -auth.url=http://localhost:8080/login -checkTokenEndpointUrl=http://localhost:8080/check_token +auth.url=http://localhost:8080/uaa/login +checkTokenEndpointUrl=http://localhost:8080/uaa/check_token diff --git a/samples/api/src/main/webapp/WEB-INF/spring-servlet.xml b/samples/api/src/main/webapp/WEB-INF/spring-servlet.xml index 723318972b4..90a80a60330 100755 --- a/samples/api/src/main/webapp/WEB-INF/spring-servlet.xml +++ b/samples/api/src/main/webapp/WEB-INF/spring-servlet.xml @@ -98,8 +98,8 @@ - - + + diff --git a/samples/api/src/test/java/org/cloudfoundry/identity/api/web/ServerRunning.java b/samples/api/src/test/java/org/cloudfoundry/identity/api/web/ServerRunning.java index 330b79149ed..94e2fddc338 100644 --- a/samples/api/src/test/java/org/cloudfoundry/identity/api/web/ServerRunning.java +++ b/samples/api/src/test/java/org/cloudfoundry/identity/api/web/ServerRunning.java @@ -73,7 +73,7 @@ public class ServerRunning extends TestWatchman implements RestTemplateHolder, U private static String DEFAULT_HOST = "localhost"; - private static final String DEFAULT_AUTH_SERVER_ROOT = "/"; + private static final String DEFAULT_AUTH_SERVER_ROOT = "/uaa"; private String authServerRoot = DEFAULT_AUTH_SERVER_ROOT; @@ -121,7 +121,7 @@ public void setHostName(String hostName) { public Statement apply(Statement base, FrameworkMethod method, Object target) { try { RestTemplate client = new RestTemplate(); - client.getForEntity(new UriTemplate(getUrl("/login", uaaPort)).toString(), String.class); + client.getForEntity(new UriTemplate(getUrl("/uaa/login", uaaPort)).toString(), String.class); client.getForEntity(new UriTemplate(getUrl("/api/index.html")).toString(), String.class); logger.debug("Basic connectivity test passed"); } catch (RestClientException e) { diff --git a/samples/app/README.md b/samples/app/README.md index dae32ff2fb1..1dff65e37f5 100644 --- a/samples/app/README.md +++ b/samples/app/README.md @@ -9,7 +9,7 @@ resources in the API service. Run it with `./gradlew run` from the The application can operate in multiple different profiles according to the location (and presence) of the UAA server and the Login application. By default it will look for a UAA on -`localhost:8080`, but you can change this by setting an +`localhost:8080/uaa`, but you can change this by setting an environment variable (or System property) called `UAA_PROFILE`. In the application source code (`samples/app/src/main/resources`) you will find multiple properties files pre-configured with different likely diff --git a/samples/app/src/main/java/org/cloudfoundry/identity/app/web/HomeController.java b/samples/app/src/main/java/org/cloudfoundry/identity/app/web/HomeController.java index 21f73ded98e..6dfe484bd57 100644 --- a/samples/app/src/main/java/org/cloudfoundry/identity/app/web/HomeController.java +++ b/samples/app/src/main/java/org/cloudfoundry/identity/app/web/HomeController.java @@ -22,7 +22,7 @@ @Controller public class HomeController { - private String userAuthorizationUri = "http://localhost:8080/oauth/authorize"; + private String userAuthorizationUri = "http://localhost:8080/uaa/oauth/authorize"; private String dataUri = "http://localhost:8080/api/apps"; diff --git a/samples/app/src/main/resources/application-local-vcap.properties b/samples/app/src/main/resources/application-local-vcap.properties index 72e7987abbc..8808e211257 100755 --- a/samples/app/src/main/resources/application-local-vcap.properties +++ b/samples/app/src/main/resources/application-local-vcap.properties @@ -14,9 +14,9 @@ userInfoUri=http://uaa.vcap.me/userinfo checkTokenUrl=http://uaa.vcap.me/check_token -accessTokenUri=http://localhost:8080/oauth/token -userAuthorizationUri=http://localhost:8080/oauth/authorize -approvalsUri=http://localhost:8080/approvals +accessTokenUri=http://localhost:8080/uaa/oauth/token +userAuthorizationUri=http://localhost:8080/uaa/oauth/authorize +approvalsUri=http://localhost:8080/uaa/approvals treeUrlPattern=http://api.vcap.me/{type} dataUri=http://api.vcap.me/apps -cloudFoundryLogoutUrl=http://localhost:8080/logout.do \ No newline at end of file +cloudFoundryLogoutUrl=http://localhost:8080/uaa/logout.do \ No newline at end of file diff --git a/samples/app/src/main/resources/application-local.properties b/samples/app/src/main/resources/application-local.properties index 5bb1070101d..7cce2787e61 100755 --- a/samples/app/src/main/resources/application-local.properties +++ b/samples/app/src/main/resources/application-local.properties @@ -12,11 +12,11 @@ ############################################################################### -userInfoUri=http://localhost:8080/userinfo -checkTokenUrl=http://localhost:8080/check_token -accessTokenUri=http://localhost:8080/oauth/token -userAuthorizationUri=http://localhost:8080/oauth/authorize -approvalsUri=http://localhost:8080/approvals +userInfoUri=http://localhost:8080/uaa/userinfo +checkTokenUrl=http://localhost:8080/uaa/check_token +accessTokenUri=http://localhost:8080/uaa/oauth/token +userAuthorizationUri=http://localhost:8080/uaa/oauth/authorize +approvalsUri=http://localhost:8080/uaa/approvals treeUrlPattern=http://localhost:8080/api/{type} dataUri=http://localhost:8080/api/apps -cloudFoundryLogoutUrl=http://localhost:8080/logout.do +cloudFoundryLogoutUrl=http://localhost:8080/uaa/logout.do diff --git a/samples/app/src/main/resources/application-ruby-local.properties b/samples/app/src/main/resources/application-ruby-local.properties index f3871f9b1ec..ad4bcffa472 100755 --- a/samples/app/src/main/resources/application-ruby-local.properties +++ b/samples/app/src/main/resources/application-ruby-local.properties @@ -12,9 +12,9 @@ ############################################################################### -userInfoUri=http://localhost:8080/userinfo -checkTokenUrl=http://localhost:8080/check_token -accessTokenUri=http://localhost:8080/oauth/token +userInfoUri=http://localhost:8080/uaa/userinfo +checkTokenUrl=http://localhost:8080/uaa/check_token +accessTokenUri=http://localhost:8080/uaa/oauth/token userAuthorizationUri=http://localhost:3000/oauth/authorize approvalsUri=http://localhost:3000/approvals treeUrlPattern=http://localhost:8080/api/{type} diff --git a/samples/app/src/main/resources/application.properties b/samples/app/src/main/resources/application.properties index 3d888138597..b60bc631952 100755 --- a/samples/app/src/main/resources/application.properties +++ b/samples/app/src/main/resources/application.properties @@ -12,11 +12,11 @@ ############################################################################### -userInfoUri=http://localhost:8080/userinfo -checkTokenUrl=http://localhost:8080/check_token -accessTokenUri=http://localhost:8080/oauth/token -approvalsUri=http://localhost:8080/approvals -userAuthorizationUri=http://localhost:8080/oauth/authorize +userInfoUri=http://localhost:8080/uaa/userinfo +checkTokenUrl=http://localhost:8080/uaa/check_token +accessTokenUri=http://localhost:8080/uaa/oauth/token +approvalsUri=http://localhost:8080/uaa/approvals +userAuthorizationUri=http://localhost:8080/uaa/oauth/authorize treeUrlPattern=http://localhost:8080/api/{type} dataUri=http://localhost:8080/api/apps -cloudFoundryLogoutUrl=http://localhost:8080/logout.do +cloudFoundryLogoutUrl=http://localhost:8080/uaa/logout.do diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/home/BuildInfo.java b/server/src/main/java/org/cloudfoundry/identity/uaa/home/BuildInfo.java index e6e9cb0d41a..5a98c468537 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/home/BuildInfo.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/home/BuildInfo.java @@ -15,7 +15,7 @@ public class BuildInfo implements InitializingBean { private final Logger logger = LoggerFactory.getLogger(getClass()); - @Value("${uaa.url:http://localhost:8080}") + @Value("${uaa.url:http://localhost:8080/uaa}") private String uaaUrl; private String version; private String commitId; diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/util/UaaUrlUtils.java b/server/src/main/java/org/cloudfoundry/identity/uaa/util/UaaUrlUtils.java index 7c9167738d1..d14b91b8c12 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/util/UaaUrlUtils.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/util/UaaUrlUtils.java @@ -102,7 +102,7 @@ public static String getHostForURI(String uri) { public static String getBaseURL(HttpServletRequest request) { //returns scheme, host and context path - //for example http://localhost:8080 or http://login.uaa-acceptance.cf-app.com + //for example http://localhost:8080/uaa or http://login.uaa-acceptance.cf-app.com String requestURL = request.getRequestURL().toString(); return hasText(request.getServletPath()) ? requestURL.substring(0, requestURL.lastIndexOf(request.getServletPath())) : diff --git a/server/src/main/resources/spring/login-ui.xml b/server/src/main/resources/spring/login-ui.xml index dc764dfc6de..ab9bc85a0f6 100644 --- a/server/src/main/resources/spring/login-ui.xml +++ b/server/src/main/resources/spring/login-ui.xml @@ -30,7 +30,7 @@ - @@ -468,7 +468,7 @@ - + diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/ServerRunning.java b/server/src/test/java/org/cloudfoundry/identity/uaa/ServerRunning.java index 9ea06eca7b0..639bef8fea5 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/ServerRunning.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/ServerRunning.java @@ -91,7 +91,7 @@ public class ServerRunning implements MethodRule, RestTemplateHolder, UrlHelper private static String DEFAULT_HOST = "localhost"; - private static String DEFAULT_ROOT_PATH = "/"; + private static String DEFAULT_ROOT_PATH = "/uaa"; private int port; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/PasswordGrantAuthenticationManagerTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/PasswordGrantAuthenticationManagerTest.java index 9ac9310f35a..2f617374929 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/PasswordGrantAuthenticationManagerTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/manager/PasswordGrantAuthenticationManagerTest.java @@ -96,7 +96,7 @@ void setUp() throws Exception { when(idp.getConfig()).thenReturn(idpConfig); when(idp.getType()).thenReturn(OriginKeys.OIDC10); when(idpConfig.isPasswordGrantEnabled()).thenReturn(true); - when(idpConfig.getTokenUrl()).thenReturn(new URL("http://localhost:8080/oauth/token")); + when(idpConfig.getTokenUrl()).thenReturn(new URL("http://localhost:8080/uaa/oauth/token")); when(idpConfig.getRelyingPartyId()).thenReturn("identity"); when(idpConfig.getRelyingPartySecret()).thenReturn("identitysecret"); @@ -170,7 +170,7 @@ void testOIDCPasswordGrant() { instance.authenticate(auth); ArgumentCaptor httpEntityArgumentCaptor = ArgumentCaptor.forClass(HttpEntity.class); - verify(rt, times(1)).exchange(eq("http://localhost:8080/oauth/token"), eq(HttpMethod.POST), httpEntityArgumentCaptor.capture(),eq(new ParameterizedTypeReference>(){})); + verify(rt, times(1)).exchange(eq("http://localhost:8080/uaa/oauth/token"), eq(HttpMethod.POST), httpEntityArgumentCaptor.capture(),eq(new ParameterizedTypeReference>(){})); ArgumentCaptor tokenArgumentCaptor = ArgumentCaptor.forClass(XOAuthCodeToken.class); verify(xoAuthAuthenticationManager, times(1)).authenticate(tokenArgumentCaptor.capture()); verify(zoneAwareAuthzAuthenticationManager, times(0)).authenticate(any()); @@ -222,7 +222,7 @@ void testOIDCPasswordGrantWithForwardHeader() { instance.authenticate(auth); ArgumentCaptor httpEntityArgumentCaptor = ArgumentCaptor.forClass(HttpEntity.class); - verify(rt, times(1)).exchange(eq("http://localhost:8080/oauth/token"), eq(HttpMethod.POST), httpEntityArgumentCaptor.capture(),eq(new ParameterizedTypeReference>(){})); + verify(rt, times(1)).exchange(eq("http://localhost:8080/uaa/oauth/token"), eq(HttpMethod.POST), httpEntityArgumentCaptor.capture(),eq(new ParameterizedTypeReference>(){})); ArgumentCaptor tokenArgumentCaptor = ArgumentCaptor.forClass(XOAuthCodeToken.class); verify(xoAuthAuthenticationManager, times(1)).authenticate(tokenArgumentCaptor.capture()); verify(zoneAwareAuthzAuthenticationManager, times(0)).authenticate(any()); @@ -471,7 +471,7 @@ void testOIDCPasswordGrantWithPrompts() { instance.authenticate(auth); ArgumentCaptor httpEntityArgumentCaptor = ArgumentCaptor.forClass(HttpEntity.class); - verify(rt, times(1)).exchange(eq("http://localhost:8080/oauth/token"), eq(HttpMethod.POST), httpEntityArgumentCaptor.capture(),eq(new ParameterizedTypeReference>(){})); + verify(rt, times(1)).exchange(eq("http://localhost:8080/uaa/oauth/token"), eq(HttpMethod.POST), httpEntityArgumentCaptor.capture(),eq(new ParameterizedTypeReference>(){})); ArgumentCaptor tokenArgumentCaptor = ArgumentCaptor.forClass(XOAuthCodeToken.class); verify(xoAuthAuthenticationManager, times(1)).authenticate(tokenArgumentCaptor.capture()); verify(zoneAwareAuthzAuthenticationManager, times(0)).authenticate(any()); @@ -601,7 +601,7 @@ void testOIDCPasswordGrant_NoLoginHintWithDefaultOIDC() { instance.authenticate(auth); ArgumentCaptor httpEntityArgumentCaptor = ArgumentCaptor.forClass(HttpEntity.class); - verify(rt, times(1)).exchange(eq("http://localhost:8080/oauth/token"), eq(HttpMethod.POST), httpEntityArgumentCaptor.capture(),eq(new ParameterizedTypeReference>(){})); + verify(rt, times(1)).exchange(eq("http://localhost:8080/uaa/oauth/token"), eq(HttpMethod.POST), httpEntityArgumentCaptor.capture(),eq(new ParameterizedTypeReference>(){})); ArgumentCaptor tokenArgumentCaptor = ArgumentCaptor.forClass(XOAuthCodeToken.class); verify(xoAuthAuthenticationManager, times(1)).authenticate(tokenArgumentCaptor.capture()); verify(zoneAwareAuthzAuthenticationManager, times(0)).authenticate(any()); @@ -647,7 +647,7 @@ void testOIDCPasswordGrant_LoginHintOidcOverridesDefaultUaa() { instance.authenticate(auth); - verify(rt, times(1)).exchange(eq("http://localhost:8080/oauth/token"), eq(HttpMethod.POST), any(HttpEntity.class),eq(new ParameterizedTypeReference>(){})); + verify(rt, times(1)).exchange(eq("http://localhost:8080/uaa/oauth/token"), eq(HttpMethod.POST), any(HttpEntity.class),eq(new ParameterizedTypeReference>(){})); verify(xoAuthAuthenticationManager, times(1)).authenticate(any(XOAuthCodeToken.class)); verify(zoneAwareAuthzAuthenticationManager, times(0)).authenticate(any()); } @@ -691,7 +691,7 @@ void testOIDCPasswordGrant_NoLoginHintDefaultNotAllowedSingleIdpOIDC() { instance.authenticate(auth); - verify(rt, times(1)).exchange(eq("http://localhost:8080/oauth/token"), eq(HttpMethod.POST), any(HttpEntity.class),eq(new ParameterizedTypeReference>(){})); + verify(rt, times(1)).exchange(eq("http://localhost:8080/uaa/oauth/token"), eq(HttpMethod.POST), any(HttpEntity.class),eq(new ParameterizedTypeReference>(){})); verify(xoAuthAuthenticationManager, times(1)).authenticate(any(XOAuthCodeToken.class)); verify(zoneAwareAuthzAuthenticationManager, times(0)).authenticate(any()); } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/cache/ExpiringUrlCacheTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/cache/ExpiringUrlCacheTests.java index 8877ad71bc7..fb76ec649b2 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/cache/ExpiringUrlCacheTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/cache/ExpiringUrlCacheTests.java @@ -50,7 +50,7 @@ void setup() { cache = new ExpiringUrlCache(CACHE_EXPIRATION, mockTimeService, 2); template = mock(RestTemplate.class); when(template.getForObject(any(URI.class), any())).thenReturn(content, new byte[1024]); - uri = "http://localhost:8080/.well-known/openid-configuration"; + uri = "http://localhost:8080/uaa/.well-known/openid-configuration"; } @Test diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerTest.java index 7120698c43f..8dea90db64b 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerTest.java @@ -126,7 +126,7 @@ void attemptCreateAccountWithEmailDomainRestriction() throws Exception { .param("client_id", "app") .param("redirect_uri", "http://example.com/redirect"); IdentityProvider oidcProvider = new IdentityProvider().setActive(true).setType(OriginKeys.OIDC10).setOriginKey(OriginKeys.OIDC10).setConfig(new OIDCIdentityProviderDefinition()); - oidcProvider.getConfig().setAuthUrl(new URL("http://localhost:8080/idp_login")); + oidcProvider.getConfig().setAuthUrl(new URL("http://localhost:8080/uaa/idp_login")); oidcProvider.getConfig().setEmailDomain(Collections.singletonList("example.com")); when(identityProviderProvisioning.retrieveAll(true, OriginKeys.UAA)).thenReturn(Collections.singletonList(oidcProvider)); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpointTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpointTests.java index cbc6cf5993e..e78baaaf03b 100755 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpointTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpointTests.java @@ -60,7 +60,7 @@ @ExtendWith(PollutionPreventionExtension.class) class LoginInfoEndpointTests { - private static final String HTTP_LOCALHOST_8080_UAA = "http://localhost:8080"; + private static final String HTTP_LOCALHOST_8080_UAA = "http://localhost:8080/uaa"; private static final Links DEFAULT_GLOBAL_LINKS = new Links().setSelfService(new Links.SelfService().setPasswd(null).setSignup(null)); private UaaPrincipal marissa; private List prompts; @@ -616,7 +616,7 @@ void filterIdpsForDefaultZone() throws Exception { MockHttpSession session = new MockHttpSession(); SavedRequest savedRequest = mock(SavedRequest.class); when(savedRequest.getParameterValues("client_id")).thenReturn(new String[]{"client-id"}); - when(savedRequest.getRedirectUrl()).thenReturn("http://localhost:8080"); + when(savedRequest.getRedirectUrl()).thenReturn("http://localhost:8080/uaa"); session.setAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE, savedRequest); request.setSession(session); // mock SamlIdentityProviderConfigurator @@ -896,7 +896,7 @@ void loginHintEmailDomain() throws Exception { when(mockProvider.getOriginKey()).thenReturn("my-OIDC-idp1"); when(mockProvider.getType()).thenReturn(OriginKeys.OIDC10); AbstractXOAuthIdentityProviderDefinition mockOidcConfig = mock(OIDCIdentityProviderDefinition.class); - when(mockOidcConfig.getAuthUrl()).thenReturn(new URL("http://localhost:8080")); + when(mockOidcConfig.getAuthUrl()).thenReturn(new URL("http://localhost:8080/uaa")); when(mockOidcConfig.getRelyingPartyId()).thenReturn("client-id"); when(mockOidcConfig.getResponseType()).thenReturn("token"); when(mockOidcConfig.getEmailDomain()).thenReturn(singletonList("example.com")); @@ -912,7 +912,7 @@ void loginHintEmailDomain() throws Exception { String redirect = endpoint.loginForHtml(extendedModelMap, null, mockHttpServletRequest, singletonList(MediaType.TEXT_HTML)); - assertThat(redirect, startsWith("redirect:http://localhost:8080")); + assertThat(redirect, startsWith("redirect:http://localhost:8080/uaa")); assertThat(redirect, containsString("my-OIDC-idp1")); assertNull(extendedModelMap.get("login_hint")); } @@ -1073,7 +1073,7 @@ void loginHintOriginOidc() throws Exception { String redirect = endpoint.loginForHtml(extendedModelMap, null, mockHttpServletRequest, singletonList(MediaType.TEXT_HTML)); - assertThat(redirect, startsWith("redirect:http://localhost:8080")); + assertThat(redirect, startsWith("redirect:http://localhost:8080/uaa")); assertThat(redirect, containsString("my-OIDC-idp1")); assertNull(extendedModelMap.get("login_hint")); } @@ -1254,7 +1254,7 @@ void defaultProviderOIDC() throws Exception { String redirect = endpoint.loginForHtml(extendedModelMap, null, mockHttpServletRequest, singletonList(MediaType.TEXT_HTML)); - assertThat(redirect, startsWith("redirect:http://localhost:8080")); + assertThat(redirect, startsWith("redirect:http://localhost:8080/uaa")); assertThat(redirect, containsString("my-OIDC-idp1")); } @@ -1294,7 +1294,7 @@ void defaultProviderBeforeDiscovery() throws Exception { String redirect = endpoint.loginForHtml(extendedModelMap, null, mockHttpServletRequest, singletonList(MediaType.TEXT_HTML)); - assertThat(redirect, startsWith("redirect:http://localhost:8080")); + assertThat(redirect, startsWith("redirect:http://localhost:8080/uaa")); assertThat(redirect, containsString("my-OIDC-idp1")); } @@ -1315,7 +1315,7 @@ void loginHintOverridesDefaultProvider() throws Exception { String redirect = endpoint.loginForHtml(extendedModelMap, null, mockHttpServletRequest, singletonList(MediaType.TEXT_HTML)); - assertThat(redirect, startsWith("redirect:http://localhost:8080")); + assertThat(redirect, startsWith("redirect:http://localhost:8080/uaa")); assertThat(redirect, containsString("my-OIDC-idp1")); assertNull(extendedModelMap.get("login_hint")); } @@ -1371,7 +1371,7 @@ void defaultProviderLdapWithAllowedOnlyOIDC() throws Exception { String redirect = endpoint.loginForHtml(extendedModelMap, null, mockHttpServletRequest, singletonList(MediaType.TEXT_HTML)); - assertThat(redirect, startsWith("redirect:http://localhost:8080")); + assertThat(redirect, startsWith("redirect:http://localhost:8080/uaa")); assertThat(redirect, containsString("my-OIDC-idp1")); assertFalse(extendedModelMap.containsKey("login_hint")); } @@ -1443,7 +1443,7 @@ private MockHttpServletRequest getMockHttpServletRequest() { SavedRequest savedRequest = mock(SavedRequest.class); when(savedRequest.getParameterValues("client_id")).thenReturn(new String[]{"client-id"}); when(savedRequest.getRedirectUrl()) - .thenReturn("http://localhost:8080/oauth/authorize?client_id=identity&redirect_uri=http%3A%2F%2Flocalhost%3A8888%2Flogin&response_type=code&state=8tp0tR"); + .thenReturn("http://localhost:8080/uaa/oauth/authorize?client_id=identity&redirect_uri=http%3A%2F%2Flocalhost%3A8888%2Flogin&response_type=code&state=8tp0tR"); session.setAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE, savedRequest); request.setSession(session); return request; @@ -1549,7 +1549,7 @@ private static void mockOidcProvider(IdentityProviderProvisioning mockIdentityPr when(mockProvider.getOriginKey()).thenReturn("my-OIDC-idp1"); when(mockProvider.getType()).thenReturn(OriginKeys.OIDC10); AbstractXOAuthIdentityProviderDefinition mockOidcConfig = mock(OIDCIdentityProviderDefinition.class); - when(mockOidcConfig.getAuthUrl()).thenReturn(new URL("http://localhost:8080")); + when(mockOidcConfig.getAuthUrl()).thenReturn(new URL("http://localhost:8080/uaa")); when(mockOidcConfig.getRelyingPartyId()).thenReturn("client-id"); when(mockOidcConfig.getResponseType()).thenReturn("token"); when(mockProvider.getConfig()).thenReturn(mockOidcConfig); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/MfaUiRequiredFilterTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/MfaUiRequiredFilterTests.java index 2adadd0f428..70273dd89c0 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/MfaUiRequiredFilterTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/mfa/MfaUiRequiredFilterTests.java @@ -275,7 +275,7 @@ void do_filter_mfa_completed_no_saved_request() throws Exception { @Test void do_filter_mfa_completed_with_saved_request() throws Exception { SavedRequest savedRequest = mock(SavedRequest.class); - String redirect = "http://localhost:8080/oauth/authorize"; + String redirect = "http://localhost:8080/uaa/oauth/authorize"; when(savedRequest.getRedirectUrl()).thenReturn(redirect); when(requestCache.getRequest(same(request), same(response))).thenReturn(savedRequest); request.setContextPath("/uaa"); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/CheckTokenEndpointTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/CheckTokenEndpointTests.java index 236326a6883..5b6cf3b63a2 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/CheckTokenEndpointTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/CheckTokenEndpointTests.java @@ -285,7 +285,7 @@ public void setUp(boolean opaque) throws Exception { .setStatus(ApprovalStatus.APPROVED) .setLastUpdatedAt(oneSecondAgo), IdentityZoneHolder.get().getId()); - defaultClient = new BaseClientDetails("client", "scim, cc", "read, write", "authorization_code, password", "scim.read, scim.write, cat.pet", "http://localhost:8080"); + defaultClient = new BaseClientDetails("client", "scim, cc", "read, write", "authorization_code, password", "scim.read, scim.write, cat.pet", "http://localhost:8080/uaa"); clientDetailsStore = Collections.singletonMap( "client", @@ -294,9 +294,9 @@ public void setUp(boolean opaque) throws Exception { clientDetailsService.setClientDetailsStore(zone.getId(), clientDetailsStore); clientDetailsService.setClientDetailsStore(IdentityZoneHolder.get().getId(), clientDetailsStore); - tokenEndpointBuilder = new TokenEndpointBuilder("http://localhost:8080"); + tokenEndpointBuilder = new TokenEndpointBuilder("http://localhost:8080/uaa"); userDatabase = mock(UaaUserDatabase.class); - KeyInfoService keyInfoService = new KeyInfoService("http://localhost:8080"); + KeyInfoService keyInfoService = new KeyInfoService("http://localhost:8080/uaa"); tokenValidationService = new TokenValidationService(tokenProvisioning, tokenEndpointBuilder, userDatabase, clientDetailsService, keyInfoService); ApprovalService approvalService = new ApprovalService(timeService, approvalStore); tokenServices = new UaaTokenServices( @@ -341,7 +341,7 @@ private void resetAndMockUserDatabase(String userId, UaaUser user) { public void testClientWildcard() throws Exception { BaseClientDetails client = new BaseClientDetails("client", "zones", "zones.*.admin", "authorization_code, password", - "scim.read, scim.write", "http://localhost:8080"); + "scim.read, scim.write", "http://localhost:8080/uaa"); client.setAutoApproveScopes(Collections.singletonList("zones.*.admin")); Map clientDetailsStore = Collections.singletonMap("client", client); @@ -552,7 +552,7 @@ public void revokingScopesFromUser_invalidatesToken() throws Exception { @Test(expected = InvalidTokenException.class) public void revokingScopesFromClient_invalidatesToken() throws Exception { OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); - defaultClient = new BaseClientDetails("client", "scim, cc", "write", "authorization_code, password", "scim.read, scim.write", "http://localhost:8080"); + defaultClient = new BaseClientDetails("client", "scim, cc", "write", "authorization_code, password", "scim.read, scim.write", "http://localhost:8080/uaa"); clientDetailsStore = Collections.singletonMap("client", defaultClient); clientDetailsService.setClientDetailsStore(IdentityZoneHolder.get().getId(), clientDetailsStore); @@ -561,7 +561,7 @@ public void revokingScopesFromClient_invalidatesToken() throws Exception { @Test(expected = InvalidTokenException.class) public void revokingAuthoritiesFromClients_invalidatesToken() throws Exception { - defaultClient = new BaseClientDetails("client", "scim, cc", "write,read", "authorization_code, password", "scim.write", "http://localhost:8080"); + defaultClient = new BaseClientDetails("client", "scim, cc", "write,read", "authorization_code, password", "scim.write", "http://localhost:8080/uaa"); clientDetailsStore = Collections.singletonMap( "client", defaultClient @@ -900,7 +900,7 @@ public void testClientAuthoritiesNotInResult() throws Exception { @Test(expected = InvalidTokenException.class) public void testExpiredToken() throws Exception { BaseClientDetails clientDetails = new BaseClientDetails("client", "scim, cc", "read, write", - "authorization_code, password", "scim.read, scim.write", "http://localhost:8080"); + "authorization_code, password", "scim.read, scim.write", "http://localhost:8080/uaa"); Integer validitySeconds = 1; clientDetails.setAccessTokenValiditySeconds(validitySeconds); Map clientDetailsStore = Collections.singletonMap("client", clientDetails); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/DeprecatedUaaTokenServicesTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/DeprecatedUaaTokenServicesTests.java index df99f603ef8..79341adad37 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/DeprecatedUaaTokenServicesTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/DeprecatedUaaTokenServicesTests.java @@ -387,7 +387,7 @@ public void testCreateAccessTokenForAnotherIssuer() throws Exception { IdentityZone identityZone = getIdentityZone(subdomain); identityZone.setConfig( JsonUtils.readValue( - "{\"issuer\": \"http://uaamaster:8080\"}", + "{\"issuer\": \"http://uaamaster:8080/uaa\"}", IdentityZoneConfiguration.class ) ); @@ -402,12 +402,12 @@ public void testCreateAccessTokenForAnotherIssuer() throws Exception { OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), null); - tokenServices.setTokenEndpointBuilder(new TokenEndpointBuilder("http://uaaslave:8080")); + tokenServices.setTokenEndpointBuilder(new TokenEndpointBuilder("http://uaaslave:8080/uaa")); OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); assertCommonClientAccessTokenProperties(accessToken); assertThat(accessToken, validFor(is(tokenSupport.accessTokenValidity))); - assertThat(accessToken, issuerUri(is("http://uaamaster:8080/oauth/token"))); + assertThat(accessToken, issuerUri(is("http://uaamaster:8080/uaa/oauth/token"))); assertThat(accessToken, zoneId(is(IdentityZoneHolder.get().getId()))); assertThat(accessToken.getRefreshToken(), is(nullValue())); validateExternalAttributes(accessToken); @@ -511,7 +511,7 @@ public void testCreateAccessTokenForAClientInAnotherIdentityZone() { this.assertCommonClientAccessTokenProperties(accessToken); assertThat(accessToken, validFor(is(3600))); - assertThat(accessToken, issuerUri(is("http://" + subdomain + ".localhost:8080/oauth/token"))); + assertThat(accessToken, issuerUri(is("http://" + subdomain + ".localhost:8080/uaa/oauth/token"))); assertThat(accessToken.getRefreshToken(), is(nullValue())); validateExternalAttributes(accessToken); @@ -750,7 +750,7 @@ public void createAccessToken_usingRefreshGrant_inOtherZone() { assertEquals(refreshedAccessToken.getRefreshToken().getValue(), accessToken.getRefreshToken().getValue()); this.assertCommonUserAccessTokenProperties(refreshedAccessToken, CLIENT_ID); - assertThat(refreshedAccessToken, issuerUri(is("http://test-zone-subdomain.localhost:8080/oauth/token"))); + assertThat(refreshedAccessToken, issuerUri(is("http://test-zone-subdomain.localhost:8080/uaa/oauth/token"))); assertThat(refreshedAccessToken, scope(is(tokenSupport.requestedAuthScopes))); assertThat(refreshedAccessToken, validFor(is(3600))); validateExternalAttributes(accessToken); @@ -1156,14 +1156,14 @@ public void createAccessToken_forUser_inanotherzone() { OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); this.assertCommonUserAccessTokenProperties(accessToken, CLIENT_ID); - assertThat(accessToken, issuerUri(is("http://test-zone-subdomain.localhost:8080/oauth/token"))); + assertThat(accessToken, issuerUri(is("http://test-zone-subdomain.localhost:8080/uaa/oauth/token"))); assertThat(accessToken, scope(is(tokenSupport.requestedAuthScopes))); assertThat(accessToken, validFor(is(3600))); assertThat(accessToken.getRefreshToken(), is(not(nullValue()))); OAuth2RefreshToken refreshToken = accessToken.getRefreshToken(); this.assertCommonUserRefreshTokenProperties(refreshToken); - assertThat(refreshToken, OAuth2RefreshTokenMatchers.issuerUri(is("http://test-zone-subdomain.localhost:8080/oauth/token"))); + assertThat(refreshToken, OAuth2RefreshTokenMatchers.issuerUri(is("http://test-zone-subdomain.localhost:8080/uaa/oauth/token"))); assertThat(refreshToken, OAuth2RefreshTokenMatchers.validFor(is(9600))); this.assertCommonEventProperties(accessToken, tokenSupport.userId, buildJsonString(tokenSupport.requestedAuthScopes)); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenTestSupport.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenTestSupport.java index 4d247e93e00..e28db27cdb1 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenTestSupport.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenTestSupport.java @@ -87,7 +87,7 @@ public class TokenTestSupport { public static final String CLIENT_ID_NO_REFRESH_TOKEN_GRANT = "client_without_refresh_grant"; public static final String GRANT_TYPE = "grant_type"; public static final String CLIENT_AUTHORITIES = "read,update,write,openid"; - public static final String ISSUER_URI = "http://localhost:8080/oauth/token"; + public static final String ISSUER_URI = "http://localhost:8080/uaa/oauth/token"; public static final String READ = "read"; public static final String WRITE = "write"; public static final String DELETE = "delete"; @@ -97,7 +97,7 @@ public class TokenTestSupport { public static final String OPENID = "openid"; public static final String ROLES = "roles"; public static final String PROFILE = "profile"; - public static final String DEFAULT_ISSUER = "http://localhost:8080"; + public static final String DEFAULT_ISSUER = "http://localhost:8080/uaa"; String userId = "12345"; String username = "jdsa"; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenValidationServiceTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenValidationServiceTest.java index de04f57e4b4..44f4ed1d3eb 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenValidationServiceTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenValidationServiceTest.java @@ -74,7 +74,7 @@ public void setup() { tokenEndpointBuilder, userDatabase, mockMultitenantClientServices, - new KeyInfoService("http://localhost:8080") + new KeyInfoService("http://localhost:8080/uaa") ); } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/openid/IdTokenCreatorTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/openid/IdTokenCreatorTest.java index 7450ae67e7f..018188e879f 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/openid/IdTokenCreatorTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/openid/IdTokenCreatorTest.java @@ -71,8 +71,8 @@ class IdTokenCreatorTest { @BeforeEach void setup() throws Exception { - issuerUrl = "http://localhost:8080/oauth/token"; - uaaUrl = "http://localhost:8080"; + issuerUrl = "http://localhost:8080/uaa/oauth/token"; + uaaUrl = "http://localhost:8080/uaa"; clientId = "clientId"; clientsecret = "clientsecret"; tokensalt = "tokensalt"; @@ -378,6 +378,6 @@ void idToken_containsZonifiedIssuerUrl() throws Exception { IdToken idToken = tokenCreator.create(clientId, userId, userAuthenticationData); - assertThat(idToken.iss, is("http://myzone.localhost:8080/oauth/token")); + assertThat(idToken.iss, is("http://myzone.localhost:8080/uaa/oauth/token")); } } \ No newline at end of file diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpointsTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpointsTest.java index 985a32aab7b..9ad544a266a 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpointsTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpointsTest.java @@ -74,7 +74,7 @@ public IdentityProvider getXOAuthProvi config.addAttributeMapping("user.attribute." + "the_client_id", "cid"); config.setStoreCustomAttributes(true); - String urlBase = "http://localhost:8080"; + String urlBase = "http://localhost:8080/"; try { config.setAuthUrl(new URL(urlBase + "/oauth/authorize")); config.setTokenUrl(new URL(urlBase + "/oauth/token")); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthIdentityProviderConfigValidatorTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthIdentityProviderConfigValidatorTest.java index b8f8d1fda63..2b11f37ba28 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthIdentityProviderConfigValidatorTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthIdentityProviderConfigValidatorTest.java @@ -33,7 +33,7 @@ public void discovery_url_renders_other_urls_nullable() throws Exception { definition.setTokenUrl(null); definition.setTokenKeyUrl(null); definition.setTokenKey(null); - ((OIDCIdentityProviderDefinition)definition).setDiscoveryUrl(new URL("http://localhost:8080/.well-known/openid-configuration")); + ((OIDCIdentityProviderDefinition)definition).setDiscoveryUrl(new URL("http://localhost:8080/uaa/.well-known/openid-configuration")); validator = new XOAuthIdentityProviderConfigValidator(); validator.validate(definition); } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/ZoneAwareMetadataGeneratorTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/ZoneAwareMetadataGeneratorTests.java index 5983fbbcf21..7fa2c1f823f 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/ZoneAwareMetadataGeneratorTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/ZoneAwareMetadataGeneratorTests.java @@ -70,7 +70,7 @@ void setUp() { otherZone.setConfig(otherZoneDefinition); generator = new ZoneAwareMetadataGenerator(); - generator.setEntityBaseURL("http://localhost:8080"); + generator.setEntityBaseURL("http://localhost:8080/uaa"); generator.setEntityId("entityIdValue"); extendedMetadata = new org.springframework.security.saml.metadata.ExtendedMetadata(); @@ -109,7 +109,7 @@ void testRequestAndWantAssertionSignedInAnotherZone() { @Test void testMetadataContainsSamlBearerGrantEndpoint() throws Exception { String metadata = getMetadata(otherZone, keyManager, generator, extendedMetadata); - assertThat(metadata, containsString("md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:URI\" Location=\"http://zone-id.localhost:8080/oauth/token/alias/zone-id.entityAlias\" index=\"1\"/>")); + assertThat(metadata, containsString("md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:URI\" Location=\"http://zone-id.localhost:8080/uaa/oauth/token/alias/zone-id.entityAlias\" index=\"1\"/>")); } @Test diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/idp/SamlTestUtils.java b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/idp/SamlTestUtils.java index 16c770ea06c..cccb9cfc90b 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/idp/SamlTestUtils.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/idp/SamlTestUtils.java @@ -144,7 +144,7 @@ public class SamlTestUtils { "EwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\n" + "MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\n" + "2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\n" + - "ePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"; + "ePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"; public static final String SAML_IDP_METADATA_REDIRECT_ONLY = "\n" + "8rJXCEVOlzN2dmhPBlxbYdTS1Dc=GQgfzz5mSlUxFLeCdDFI76IeG8Y4kpvRtASHypPwFi8usO6uuuaESxiqd97pBz79TNXEoxRkVurbPOEA6Am4sV35GZD5TEAqnjhFN1ZVl4Pe0aW23BN/RoA7lECfom7ONcOKMLePmLJuFSKQb4FioIzF2oCoY9ZQbcTYgrTwJVI=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\n" + @@ -192,7 +192,7 @@ public class SamlTestUtils { "ePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=" + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:persistent" + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" + - "" + + "" + ""; public static final String SAML_IDP_METADATA_POST_ONLY = "\n" + @@ -241,7 +241,7 @@ public class SamlTestUtils { "ePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=" + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:persistent" + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" + - "" + + "" + ""; private XMLObjectBuilderFactory builderFactory; @@ -326,7 +326,7 @@ IdpMetadataGenerator mockIdpMetadataGenerator() { IdpMetadataGenerator metadataGenerator = new IdpMetadataGenerator(); metadataGenerator.setEntityId(IDP_ENTITY_ID); - metadataGenerator.setEntityBaseURL("http://localhost:8080/saml/idp"); + metadataGenerator.setEntityBaseURL("http://localhost:8080/uaa/saml/idp"); metadataGenerator.setExtendedMetadata(extendedMetadata); KeyManager keyManager = mock(KeyManager.class); @@ -341,7 +341,7 @@ private EntityDescriptor mockSpMetadata() { MetadataGenerator metadataGenerator = new MetadataGenerator(); metadataGenerator.setExtendedMetadata(extendedMetadata); metadataGenerator.setEntityId(SP_ENTITY_ID); - metadataGenerator.setEntityBaseURL("http://localhost:8080/saml"); + metadataGenerator.setEntityBaseURL("http://localhost:8080/uaa/saml"); metadataGenerator.setWantAssertionSigned(false); KeyManager keyManager = mock(KeyManager.class); @@ -554,14 +554,14 @@ UaaAuthentication mockUaaAuthentication(String id) { + "" + "" + "" - + "" - + "" + + "" + + "" + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName" - + "" + + "" + "" + ""; @@ -614,14 +614,14 @@ UaaAuthentication mockUaaAuthentication(String id) { + "" + "" + "" - + "" - + "" + + "" + + "" + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName" - + "" + + "" + "" + ""; @@ -674,14 +674,14 @@ UaaAuthentication mockUaaAuthentication(String id) { + "" + "" + "" - + "" - + "" + + "" + + "" + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient" + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName" - + "" + + "" + "" + ""; @@ -734,10 +734,10 @@ UaaAuthentication mockUaaAuthentication(String id) { + "" + "" + "" - + "" - + "" + + "" + + "" + "%s" - + "" + + "" + "" + ""; @@ -784,7 +784,7 @@ UaaAuthentication mockUaaAuthentication(String id) { "EwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\n" + "MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\n" + "2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\n" + - "ePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"; + "ePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"; public static final String SAML_IDP_METADATA_ARTIFACT_FIRST = "\n" + "8rJXCEVOlzN2dmhPBlxbYdTS1Dc=GQgfzz5mSlUxFLeCdDFI76IeG8Y4kpvRtASHypPwFi8usO6uuuaESxiqd97pBz79TNXEoxRkVurbPOEA6Am4sV35GZD5TEAqnjhFN1ZVl4Pe0aW23BN/RoA7lECfom7ONcOKMLePmLJuFSKQb4FioIzF2oCoY9ZQbcTYgrTwJVI=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\n" + @@ -832,9 +832,9 @@ UaaAuthentication mockUaaAuthentication(String id) { "ePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=" + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:persistent" + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" + - "" + - "" + - ""; + "" + + "" + + ""; public static final String SAML_IDP_METADATA_ARTIFACT_ONLY = "\n" + "8rJXCEVOlzN2dmhPBlxbYdTS1Dc=GQgfzz5mSlUxFLeCdDFI76IeG8Y4kpvRtASHypPwFi8usO6uuuaESxiqd97pBz79TNXEoxRkVurbPOEA6Am4sV35GZD5TEAqnjhFN1ZVl4Pe0aW23BN/RoA7lECfom7ONcOKMLePmLJuFSKQb4FioIzF2oCoY9ZQbcTYgrTwJVI=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\n" + @@ -882,7 +882,7 @@ UaaAuthentication mockUaaAuthentication(String id) { "ePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=" + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:persistent" + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" + - ""; + ""; private static final String DEFAULT_NAME_ID_FORMATS = diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/idp/ZoneAwareIdpMetadataGeneratorTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/idp/ZoneAwareIdpMetadataGeneratorTest.java index e67a02c1030..ffebcb18c10 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/idp/ZoneAwareIdpMetadataGeneratorTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/idp/ZoneAwareIdpMetadataGeneratorTest.java @@ -68,7 +68,7 @@ void setup() { extendedMetadata.setAlias("entityAlias"); extendedMetadata.setSignMetadata(true); zoneAwareIdpMetadataGenerator.setExtendedMetadata((IdpExtendedMetadata) extendedMetadata); - zoneAwareIdpMetadataGenerator.setEntityBaseURL("http://localhost:8080"); + zoneAwareIdpMetadataGenerator.setEntityBaseURL("http://localhost:8080/uaa"); keyManager = new ZoneAwareKeyManager(); zoneAwareIdpMetadataGenerator.setKeyManager(keyManager); } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/util/ScimUtilsTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/util/ScimUtilsTest.java index a166132db2b..6e41409d82a 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/util/ScimUtilsTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/util/ScimUtilsTest.java @@ -79,7 +79,7 @@ void setUp() { request.setScheme("http"); request.setServerName("localhost"); request.setServerPort(8080); - request.setContextPath("/"); + request.setContextPath("/uaa"); ServletRequestAttributes attrs = new ServletRequestAttributes(request); @@ -101,7 +101,7 @@ class WhenZoneIsUaa { void getVerificationURL() throws MalformedURLException { URL actual = ScimUtils.getVerificationURL(mockExpiringCode, IdentityZone.getUaa()); - URL expected = new URL("http://localhost:8080/verify_user?code=code"); + URL expected = new URL("http://localhost:8080/uaa/verify_user?code=code"); assertThat(actual.toString(), is(expected.toString())); } @@ -118,7 +118,7 @@ void getVerificationURL() throws MalformedURLException { URL actual = ScimUtils.getVerificationURL(mockExpiringCode, mockIdentityZone); - URL expected = new URL("http://subdomain.localhost:8080/verify_user?code=code"); + URL expected = new URL("http://subdomain.localhost:8080/uaa/verify_user?code=code"); assertThat(actual.toString(), is(expected.toString())); } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/util/TokenValidationTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/util/TokenValidationTest.java index 7ffa3daf089..6abeefdd3f9 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/util/TokenValidationTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/util/TokenValidationTest.java @@ -160,7 +160,7 @@ public void setup() { entry("rev_sig", "fa1c787d"), entry("iat", 1458953932), entry("exp", 1458997132), - entry("iss", "http://localhost:8080/oauth/token"), + entry("iss", "http://localhost:8080/uaa/oauth/token"), entry("zid", "uaa"), entry("aud", Arrays.asList("app", "acme")), entry("revocable", true) @@ -333,7 +333,7 @@ public void required_groups_are_missing() { @Test public void checking_token_happy_case() { buildAccessTokenValidator(getToken(), new KeyInfoService("https://localhost")) - .checkIssuer("http://localhost:8080/oauth/token") + .checkIssuer("http://localhost:8080/uaa/oauth/token") .checkClient((clientId) -> inMemoryMultitenantClientServices.loadClientByClientId(clientId)) .checkExpiry(oneSecondBeforeTheTokenExpires) .checkUser((uid) -> userDb.retrieveUserById(uid)) @@ -379,7 +379,7 @@ public void validateToken_Without_Email_And_Username_should_not_throw_exception( buildAccessTokenValidator( getToken(Arrays.asList(EMAIL, USER_NAME)), new KeyInfoService("https://localhost")) .checkSignature(verifier) - .checkIssuer("http://localhost:8080/oauth/token") + .checkIssuer("http://localhost:8080/uaa/oauth/token") .checkClient((clientId) -> inMemoryMultitenantClientServices.loadClientByClientId(clientId)) .checkExpiry(oneSecondBeforeTheTokenExpires) .checkUser((uid) -> userDb.retrieveUserById(uid)) @@ -444,7 +444,7 @@ public void emptyBodyJwt_failsCheckingIssuer() { TokenValidation validation = buildAccessTokenValidator(getToken(), new KeyInfoService("https://localhost")); expectedException.expect(InvalidTokenException.class); - validation.checkIssuer("http://localhost:8080/oauth/token"); + validation.checkIssuer("http://localhost:8080/uaa/oauth/token"); } @Test diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/util/UaaUrlUtilsTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/util/UaaUrlUtilsTest.java index 8ad4732b043..9e0e096ddd2 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/util/UaaUrlUtilsTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/util/UaaUrlUtilsTest.java @@ -57,7 +57,7 @@ class UaaUrlUtilsTest { private List validUrls = Arrays.asList( "http://localhost", "http://localhost:8080", - "http://localhost:8080", + "http://localhost:8080/uaa", "http://valid.com", "http://sub.valid.com", "http://valid.com/with/path", @@ -100,7 +100,7 @@ void tearDown() { @Test void getParameterMapFromQueryString() { - String url = "http://localhost:8080/oauth/authorize?client_id=app-addnew-false4cEsLB&response_type=code&redirect_uri=http%3A%2F%2Fnosuchhostname%3A0%2Fnosuchendpoint"; + String url = "http://localhost:8080/uaa/oauth/authorize?client_id=app-addnew-false4cEsLB&response_type=code&redirect_uri=http%3A%2F%2Fnosuchhostname%3A0%2Fnosuchendpoint"; Map map = UaaUrlUtils.getParameterMap(url); assertNotNull(map); assertEquals("app-addnew-false4cEsLB", map.get("client_id")[0]); @@ -144,12 +144,12 @@ void getBaseURLOnLocalhost() { request.setScheme("http"); request.setServerName("localhost"); request.setServerPort(8080); - request.setRequestURI("/something"); + request.setRequestURI("/uaa/something"); request.setServletPath("/something"); ServletRequestAttributes attrs = new ServletRequestAttributes(request); RequestContextHolder.setRequestAttributes(attrs); - assertEquals("http://localhost:8080", UaaUrlUtils.getBaseURL(request)); + assertEquals("http://localhost:8080/uaa", UaaUrlUtils.getBaseURL(request)); } @Test @@ -219,14 +219,14 @@ void localhostPortAndContextPathUrl() { request.setScheme("http"); request.setServerName("localhost"); request.setServerPort(8080); - request.setContextPath("/"); + request.setContextPath("/uaa"); ServletRequestAttributes attrs = new ServletRequestAttributes(request); RequestContextHolder.setRequestAttributes(attrs); String url = UaaUrlUtils.getUaaUrl("/something", IdentityZone.getUaa()); - assertThat(url, is("http://localhost:8080/something")); + assertThat(url, is("http://localhost:8080/uaa/something")); } @Test diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/web/HttpHeadersFilterRequestWrapperTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/web/HttpHeadersFilterRequestWrapperTest.java index 4c60dcc0539..5eedb4f6aec 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/web/HttpHeadersFilterRequestWrapperTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/web/HttpHeadersFilterRequestWrapperTest.java @@ -44,7 +44,7 @@ public class HttpHeadersFilterRequestWrapperTest { @Before public void setUp() { - mock = new MockHttpServletRequest(HttpMethod.GET.name(), "http://localhost:8080/login"); + mock = new MockHttpServletRequest(HttpMethod.GET.name(), "http://localhost:8080/uaa/login"); mock.addHeader("X-Forwarded-For", "proxy-ip"); mock.addHeader("X-Forwarded-Host", "proxy-host"); mock.addHeader("X-Forwarded-Proto", "proxy-host"); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/zone/event/ServiceProviderModifiedEventTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/zone/event/ServiceProviderModifiedEventTest.java index 446e9ec761e..838f8e28f54 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/zone/event/ServiceProviderModifiedEventTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/zone/event/ServiceProviderModifiedEventTest.java @@ -35,7 +35,7 @@ public void setup() { " \"name\" : \"" + name + "\",\n" + " \"entityId\" : \""+ name +".cloudfoundry-saml-login\",\n" + " \"active\" : true,\n" + - " \"config\" : \"{\\\"metaDataLocation\\\" : \\\"zALgjEFJ7jJSwn2AOBH5H8CX93U=Rp5XH8eT0ek/vlFGzHgIFOeESchOwSYZ9oh4JA9WqQ0jJtvNQ9IttY2QY9XK3n6TbbtPcEKVgljyTfwD5ymp+oMKfIYQC9JsN8mPADN5rjLFgC+xGceWLbcjoNsCJ7x2ZjyWRblSxoOU5qnzxEA3k3Bu+OkV+ZXcSbmgMWoQACg=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\\\",\\\"metadataTrustCheck\\\" : true }\"" + + " \"config\" : \"{\\\"metaDataLocation\\\" : \\\"zALgjEFJ7jJSwn2AOBH5H8CX93U=Rp5XH8eT0ek/vlFGzHgIFOeESchOwSYZ9oh4JA9WqQ0jJtvNQ9IttY2QY9XK3n6TbbtPcEKVgljyTfwD5ymp+oMKfIYQC9JsN8mPADN5rjLFgC+xGceWLbcjoNsCJ7x2ZjyWRblSxoOU5qnzxEA3k3Bu+OkV+ZXcSbmgMWoQACg=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\\\",\\\"metadataTrustCheck\\\" : true }\"" + "}"; provider = JsonUtils.readValue(requestBody, SamlServiceProvider.class); diff --git a/server/src/test/resources/integration.test.properties b/server/src/test/resources/integration.test.properties index dd9cf45939f..ebe846c6d5b 100644 --- a/server/src/test/resources/integration.test.properties +++ b/server/src/test/resources/integration.test.properties @@ -1,3 +1,3 @@ -integration.test.base_url=http://localhost:8080 +integration.test.base_url=http://localhost:8080/uaa integration.test.app_url=http://localhost:8080/app/ smtp.port=2525 \ No newline at end of file diff --git a/statsd/src/test/java/org/cloudfoundry/identity/statsd/integration/IntegrationTestUtils.java b/statsd/src/test/java/org/cloudfoundry/identity/statsd/integration/IntegrationTestUtils.java index c989661e10a..dce799e0703 100644 --- a/statsd/src/test/java/org/cloudfoundry/identity/statsd/integration/IntegrationTestUtils.java +++ b/statsd/src/test/java/org/cloudfoundry/identity/statsd/integration/IntegrationTestUtils.java @@ -8,7 +8,7 @@ public class IntegrationTestUtils { - static final String UAA_BASE_URL = "http://localhost:8080"; + static final String UAA_BASE_URL = "http://localhost:8080/uaa"; static final String TEST_USERNAME = "marissa"; static final String TEST_PASSWORD = "koala"; diff --git a/uaa/slateCustomizations/source/index.html.md.erb b/uaa/slateCustomizations/source/index.html.md.erb index addd73df076..62f72d7e9ac 100644 --- a/uaa/slateCustomizations/source/index.html.md.erb +++ b/uaa/slateCustomizations/source/index.html.md.erb @@ -316,7 +316,7 @@ The trust to the assertion issuer is reused from the SAML 2.0 WebSSO profiles. This grant enables an App2App mechanism with SSO. Typical scenarios are applications outside of CF, which consume a service within the CF world. The endpoint of the bearer assertion is `/oauth/token` so the Recipient attribute in -the bearer assertion must point to the corresponding URI, e.g. http://localhost:8080/oauth/token. +the bearer assertion must point to the corresponding URI, e.g. http://localhost:8080/uaa/oauth/token. <%= render('TokenEndpointDocs/getTokenUsingSaml2BearerGrant/curl-request.md') %> <%= render('TokenEndpointDocs/getTokenUsingSaml2BearerGrant/http-request.md') %> @@ -724,7 +724,7 @@ _Error Codes_ >Sequential example of creating a zone and creating an admin client in that zone: ```bash -uaac target http://localhost:8080 +uaac target http://localhost:8080/uaa uaac token client get admin -s adminsecret @@ -736,7 +736,7 @@ uaac -t curl -XPOST -H"Content-Type:application/json" -H"Accept:application/json uaac -t curl -H"X-Identity-Zone-Id:testzone1" -XPOST -H"Content-Type:application/json" -H"Accept:application/json" --data '{ "client_id" : "admin", "client_secret" : "adminsecret", "scope" : ["uaa.none"], "resource_ids" : ["none"], "authorities" : ["uaa.admin","clients.read","clients.write","clients.secret","scim.read","scim.write","clients.admin"], "authorized_grant_types" : ["client_credentials"]}' /oauth/clients -uaac target http://testzone1.localhost:8080 +uaac target http://testzone1.localhost:8080/uaa uaac token client get admin -s adminsecret @@ -1224,7 +1224,7 @@ Obtaining the UAA SAML IdP metadata: In order to establish trust, a SAML IdP and SAML SP exchange SAML metadata which contains pulbic certificates as well as the endpoints used to communicate amongst each other. Your SAML SP will likely require the UAA SAML IdP metadata in order to make authentication requests to UAA. You can obtain this metadata by making a GET request to the /saml/idp/metadata endpoint. -GET http://localhost:8080/saml/idp/metadata +GET http://localhost:8080/uaa/saml/idp/metadata ## Initiate IDP Login Flow @@ -1531,7 +1531,7 @@ _Error Codes_ >Example using uaac to get users: ```bash -uaac target http://localhost:8080 +uaac target http://localhost:8080/uaa uaac token client get admin -s adminsecret @@ -1571,7 +1571,7 @@ _Error Codes_ >Example using uaac to view users: ```bash -uaac target http://localhost:8080 +uaac target http://localhost:8080/uaa uaac token client get admin -s adminsecret @@ -1631,7 +1631,7 @@ _Error Codes_ >Example using uaac to view users: ```bash -uaac target http://localhost:8080 +uaac target http://localhost:8080/uaa uaac token client get admin -s adminsecret @@ -1672,7 +1672,7 @@ _Error Codes_ >Example using uaac to view users: ```bash -uaac target http://localhost:8080 +uaac target http://localhost:8080/uaa uaac token client get admin -s adminsecret @@ -1713,7 +1713,7 @@ _Error Codes_ >Example using uaac to patch users: ```bash -uaac target http://localhost:8080 +uaac target http://localhost:8080/uaa uaac token client get admin -s adminsecret @@ -1746,7 +1746,7 @@ _Error Codes_ >Example using uaac to delete users: ```bash -uaac target http://localhost:8080 +uaac target http://localhost:8080/uaa uaac token client get admin -s adminsecret @@ -1780,7 +1780,7 @@ _Error Codes_ >Example using uaac to view user info: ```bash -uaac target http://localhost:8080 +uaac target http://localhost:8080/uaa uaac token authcode get admin -s adminsecret @@ -1818,7 +1818,7 @@ _Error Codes_ >Example using uaac to view users: ```bash -uaac target http://localhost:8080 +uaac target http://localhost:8080/uaa uaac token owner get cf testuser -s "" -p "secret" diff --git a/uaa/src/main/resources/required_configuration.yml b/uaa/src/main/resources/required_configuration.yml index ea98b47cb76..d6b47b0e751 100644 --- a/uaa/src/main/resources/required_configuration.yml +++ b/uaa/src/main/resources/required_configuration.yml @@ -1,5 +1,5 @@ issuer: - uri: http://localhost:8080 + uri: http://localhost:8080/uaa encryption: active_key_label: CHANGE-THIS-KEY diff --git a/uaa/src/main/resources/uaa.yml b/uaa/src/main/resources/uaa.yml index 5f6da2ec83c..ee4f26b8a1f 100755 --- a/uaa/src/main/resources/uaa.yml +++ b/uaa/src/main/resources/uaa.yml @@ -306,7 +306,7 @@ oauth: # - https://url1.domain1.com/logout-success # - https://url2.domain2.com/logout-success issuer: - uri: http://localhost:8080 + uri: http://localhost:8080/uaa login: # Enable create account and forgot password links on the Login Server (enabled by default) #selfServiceLinksEnabled: true @@ -360,7 +360,7 @@ login: # - name: passcode # type: password # text: MyTemporary Authentication Code (Get on at /passcode) - url: http://localhost:8080 + url: http://localhost:8080/uaa # defaultIdentityProvider: uaa # idpDiscoveryEnabled: true # accountChooserEnabled: true @@ -394,7 +394,7 @@ login: # SAML - The entity base url is the location of this application # (The host and port of the application that will accept assertions) - entityBaseURL: http://localhost:8080 + entityBaseURL: http://localhost:8080/uaa # The entityID of this SP entityID: cloudfoundry-saml-login saml: @@ -497,7 +497,7 @@ login: #END SAML PROVIDERS authorize: - url: http://localhost:8080/oauth/authorize + url: http://localhost:8080/uaa/oauth/authorize # homeRedirect: http://example.com/ @@ -522,13 +522,13 @@ login: uaa: # The hostname of the UAA that this login server will connect to - url: http://localhost:8080 + url: http://localhost:8080/uaa token: - url: http://localhost:8080/oauth/token + url: http://localhost:8080/uaa/oauth/token approvals: - url: http://localhost:8080/approvals + url: http://localhost:8080/uaa/approvals login: - url: http://localhost:8080/authenticate + url: http://localhost:8080/uaa/authenticate limitedFunctionality: enabled: false whitelist: diff --git a/uaa/src/main/webapp/WEB-INF/spring-servlet.xml b/uaa/src/main/webapp/WEB-INF/spring-servlet.xml index 35171866203..923eb0a6585 100755 --- a/uaa/src/main/webapp/WEB-INF/spring-servlet.xml +++ b/uaa/src/main/webapp/WEB-INF/spring-servlet.xml @@ -294,11 +294,11 @@ - + - + @@ -411,7 +411,7 @@ + value="Temporary Authentication Code ( Get one at ${login.entityBaseURL:http://localhost:8080/uaa}/passcode )"/> diff --git a/uaa/src/main/webapp/WEB-INF/spring/oauth-clients.xml b/uaa/src/main/webapp/WEB-INF/spring/oauth-clients.xml index 2879b1e3e41..73aacef10a0 100644 --- a/uaa/src/main/webapp/WEB-INF/spring/oauth-clients.xml +++ b/uaa/src/main/webapp/WEB-INF/spring/oauth-clients.xml @@ -93,7 +93,7 @@ - + @@ -114,7 +114,7 @@ value="scim.zones,zones.read,cloud_controller.read,uaa.resource,zones.write"/> + value="http://localhost/*,http://localhost:8080/**,http://oidcloginit.localhost:8080/uaa/**"/> @@ -123,7 +123,7 @@ - + uaa @@ -152,7 +152,7 @@ - + diff --git a/uaa/src/main/webapp/WEB-INF/spring/saml-idp.xml b/uaa/src/main/webapp/WEB-INF/spring/saml-idp.xml index 89b7acddfc2..ef6c04c7bb9 100644 --- a/uaa/src/main/webapp/WEB-INF/spring/saml-idp.xml +++ b/uaa/src/main/webapp/WEB-INF/spring/saml-idp.xml @@ -107,7 +107,7 @@ + value="${login.entityBaseURL:http://localhost:8080/uaa}"/> diff --git a/uaa/src/main/webapp/WEB-INF/spring/saml-providers.xml b/uaa/src/main/webapp/WEB-INF/spring/saml-providers.xml index 808f20f602a..14fbe076dbe 100644 --- a/uaa/src/main/webapp/WEB-INF/spring/saml-providers.xml +++ b/uaa/src/main/webapp/WEB-INF/spring/saml-providers.xml @@ -78,7 +78,7 @@ - + diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/AuthorizationCodeGrantIntegrationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/AuthorizationCodeGrantIntegrationTests.java index 2d2187e1b21..9d85ee9b560 100755 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/AuthorizationCodeGrantIntegrationTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/AuthorizationCodeGrantIntegrationTests.java @@ -60,7 +60,7 @@ public void testZoneDoesNotExist() { .queryParam("response_type", "code") .queryParam("state", "mystateid") .queryParam("client_id", "clientId") - .queryParam("redirect_uri", "http://localhost:8080"); + .queryParam("redirect_uri", "http://localhost:8080/uaa"); URI uri = builder.build(); @@ -79,12 +79,12 @@ public void testZoneInactive() { RestTemplate identityClient = IntegrationTestUtils .getClientCredentialsTemplate(IntegrationTestUtils.getClientCredentialsResource(serverRunning.getBaseUrl(), new String[]{"zones.write", "zones.read", "scim.zones"}, "identity", "identitysecret")); - IntegrationTestUtils.createInactiveIdentityZone(identityClient, "http://localhost:8080"); + IntegrationTestUtils.createInactiveIdentityZone(identityClient, "http://localhost:8080/uaa"); ServerRunning.UriBuilder builder = serverRunning.buildUri(serverRunning.getAuthorizationUri().replace("localhost", "testzoneinactive.localhost")) .queryParam("response_type", "code") .queryParam("state", "mystateid") .queryParam("client_id", "clientId") - .queryParam("redirect_uri", "http://localhost:8080"); + .queryParam("redirect_uri", "http://localhost:8080/uaa"); URI uri = builder.build(); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ImplicitTokenGrantIntegrationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ImplicitTokenGrantIntegrationTests.java index 437cf139ddf..8f5ab60203a 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ImplicitTokenGrantIntegrationTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ImplicitTokenGrantIntegrationTests.java @@ -174,7 +174,7 @@ public void authzWithInactiveIdentityZone() { RestTemplate identityClient = IntegrationTestUtils .getClientCredentialsTemplate(IntegrationTestUtils.getClientCredentialsResource(serverRunning.getBaseUrl(), new String[]{"zones.write", "zones.read", "scim.zones"}, "identity", "identitysecret")); - IntegrationTestUtils.createInactiveIdentityZone(identityClient, "http://localhost:8080"); + IntegrationTestUtils.createInactiveIdentityZone(identityClient, "http://localhost:8080/uaa"); ResponseEntity result = serverRunning.getForResponse(implicitUrl().replace("localhost", "testzoneinactive.localhost"), new HttpHeaders()); assertEquals(HttpStatus.NOT_FOUND, result.getStatusCode()); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/LoginInfoEndpointIntegrationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/LoginInfoEndpointIntegrationTests.java index 9e9c2491304..a1164a47ee6 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/LoginInfoEndpointIntegrationTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/LoginInfoEndpointIntegrationTests.java @@ -60,7 +60,7 @@ public void testHappyDayHtml() { String body = response.getBody(); // System.err.println(body); assertNotNull(body); - assertTrue("Wrong body: " + body, body.contains("")); + assertTrue("Wrong body: " + body, body.contains("")); } diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/OpenIdTokenAuthorizationWithApprovalIntegrationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/OpenIdTokenAuthorizationWithApprovalIntegrationTests.java index bba9ff48b25..890172e68a1 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/OpenIdTokenAuthorizationWithApprovalIntegrationTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/OpenIdTokenAuthorizationWithApprovalIntegrationTests.java @@ -210,7 +210,7 @@ public void testOpenIdHybridFlowZoneInactive() { RestTemplate identityClient = IntegrationTestUtils .getClientCredentialsTemplate(IntegrationTestUtils.getClientCredentialsResource(serverRunning.getBaseUrl(), new String[]{"zones.write", "zones.read", "scim.zones"}, "identity", "identitysecret")); - IntegrationTestUtils.createInactiveIdentityZone(identityClient, "http://localhost:8080"); + IntegrationTestUtils.createInactiveIdentityZone(identityClient, "http://localhost:8080/uaa"); AuthorizationCodeResourceDetails resource = testAccounts.getDefaultAuthorizationCodeResource(); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/PasswordChangeEndpointIntegrationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/PasswordChangeEndpointIntegrationTests.java index d5c36cda262..935c2f552dd 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/PasswordChangeEndpointIntegrationTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/PasswordChangeEndpointIntegrationTests.java @@ -106,7 +106,7 @@ public void createAccount() { // curl -v -H "Content-Type: application/json" -X PUT -H // "Accept: application/json" --data // "{\"password\":\"newpassword\",\"schemas\":[\"urn:scim:schemas:core:1.0\"]}" - // http://localhost:8080/User/{id}/password + // http://localhost:8080/uaa/User/{id}/password @Test @OAuth2ContextConfiguration(OAuth2ContextConfiguration.ClientCredentials.class) public void testChangePasswordSucceeds() { diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/PasswordGrantIntegrationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/PasswordGrantIntegrationTests.java index cfa883b79d4..5f25766a8d8 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/PasswordGrantIntegrationTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/PasswordGrantIntegrationTests.java @@ -60,7 +60,7 @@ public void passwordGrantInactiveZone() { RestTemplate identityClient = IntegrationTestUtils .getClientCredentialsTemplate(IntegrationTestUtils.getClientCredentialsResource(serverRunning.getBaseUrl(), new String[]{"zones.write", "zones.read", "scim.zones"}, "identity", "identitysecret")); - IntegrationTestUtils.createInactiveIdentityZone(identityClient, "http://localhost:8080"); + IntegrationTestUtils.createInactiveIdentityZone(identityClient, "http://localhost:8080/uaa"); String accessTokenUri = serverRunning.getAccessTokenUri().replace("localhost", "testzoneinactive.localhost"); ResponseEntity response = makePasswordGrantRequest(testAccounts.getUserName(), testAccounts.getPassword(), "cf", "", accessTokenUri); assertEquals(HttpStatus.NOT_FOUND, response.getStatusCode()); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/RefreshTokenSupportIntegrationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/RefreshTokenSupportIntegrationTests.java index 5c146a7b158..681f288a94f 100755 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/RefreshTokenSupportIntegrationTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/RefreshTokenSupportIntegrationTests.java @@ -178,7 +178,7 @@ public void testRefreshTokenWithInactiveZone() { RestTemplate identityClient = IntegrationTestUtils .getClientCredentialsTemplate(IntegrationTestUtils.getClientCredentialsResource(serverRunning.getBaseUrl(), new String[]{"zones.write", "zones.read", "scim.zones"}, "identity", "identitysecret")); - IntegrationTestUtils.createInactiveIdentityZone(identityClient, "http://localhost:8080"); + IntegrationTestUtils.createInactiveIdentityZone(identityClient, "http://localhost:8080/uaa"); LinkedMultiValueMap formData = new LinkedMultiValueMap<>(); formData.add("grant_type", "refresh_token"); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ScimUserEndpointsIntegrationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ScimUserEndpointsIntegrationTests.java index c2ae0a22138..74a19c6fdc6 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ScimUserEndpointsIntegrationTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ScimUserEndpointsIntegrationTests.java @@ -121,7 +121,7 @@ private ResponseEntity createUser(String username, String firstName, S // curl -v -H "Content-Type: application/json" -H "Accept: application/json" // --data // "{\"userName\":\"joe\",\"schemas\":[\"urn:scim:schemas:core:1.0\"]}" - // http://localhost:8080/User + // http://localhost:8080/uaa/User @Test public void createUserSucceeds() { ResponseEntity response = createUser(JOE, "Joe", "User", "joe@blah.com"); @@ -138,7 +138,7 @@ public void createUserSucceeds() { // curl -v -H "Content-Type: application/json" -H "Accept: application/json" // --data // "{\"userName\":\"joe\",\"schemas\":[\"urn:scim:schemas:core:1.0\"]}" - // http://localhost:8080/User + // http://localhost:8080/uaa/User @Test public void createUserSucceedsWithVerifiedIsFalse() { ResponseEntity response = createUser(JOE, "Joe", "User", "joe@blah.com", false); @@ -155,7 +155,7 @@ public void createUserSucceedsWithVerifiedIsFalse() { // curl -v -H "Content-Type: application/json" -H "Accept: application/json" // --data // "{\"userName\":\"joe\",\"schemas\":[\"urn:scim:schemas:core:1.0\"]}" - // http://localhost:8080/User + // http://localhost:8080/uaa/User @Test public void verifyUser() { ResponseEntity response = createUser(JOE, "Joe", "User", "joe@blah.com", false); @@ -175,7 +175,7 @@ public void verifyUser() { // curl -v -H "Content-Type: application/json" -H "Accept: application/json" // --data // "{\"userName\":\"joe\",\"schemas\":[\"urn:scim:schemas:core:1.0\"]}" - // http://localhost:8080/User + // http://localhost:8080/uaa/User @Test public void verifyUserNotFound() { HttpHeaders headers = new HttpHeaders(); @@ -223,7 +223,7 @@ public void getUserHasEtag() { // curl -v -H "Content-Type: application/json" -X PUT -H // "Accept: application/json" --data // "{\"userName\":\"joe\",\"schemas\":[\"urn:scim:schemas:core:1.0\"]}" - // http://localhost:8080/User + // http://localhost:8080/uaa/User @Test public void updateUserSucceeds() { ResponseEntity response = createUser(JOE, "Joe", "User", "joe@blah.com"); @@ -344,7 +344,7 @@ public void updateUserGroupsDoesNothing() { // curl -v -H "Content-Type: application/json" -H "Accept: application/json" // -H 'If-Match: "0"' --data // "{\"userName\":\"joe\",\"schemas\":[\"urn:scim:schemas:core:1.0\"]}" - // http://localhost:8080/User + // http://localhost:8080/uaa/User @Test public void createUserTwiceFails() { ScimUser user = new ScimUser(); @@ -400,7 +400,7 @@ public void createUserWithJustACaseChangeFails() { // curl -v -H "Content-Type: application/json" -H "Accept: application/json" // -X DELETE - // -H "If-Match: 0" http://localhost:8080/User/joel + // -H "If-Match: 0" http://localhost:8080/uaa/User/joel @Test public void deleteUserWithWrongIdFails() { @SuppressWarnings("rawtypes") @@ -414,7 +414,7 @@ public void deleteUserWithWrongIdFails() { // curl -v -H "Content-Type: application/json" -H "Accept: application/json" // -X DELETE - // http://localhost:8080/User/joel + // http://localhost:8080/uaa/User/joel @Test public void deleteUserWithNoEtagSucceeds() { ScimUser deleteMe = createUser(DELETE_ME, "Delete", "Me", "deleteme@blah.com").getBody(); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/CreateAccountIT.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/CreateAccountIT.java index 7d761d53568..5b5a9e8d4f5 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/CreateAccountIT.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/CreateAccountIT.java @@ -185,8 +185,8 @@ public void testEmailDomainRegisteredWithIDPDoesNotAllowAccountCreation() throws IdentityProvider oidcProvider = new IdentityProvider().setName("oidc_provider").setActive(true).setType(OriginKeys.OIDC10).setOriginKey(OriginKeys.OIDC10).setConfig(new OIDCIdentityProviderDefinition()); oidcProvider.getConfig().setAuthUrl(new URL("http://example.com")); oidcProvider.getConfig().setShowLinkText(false); - oidcProvider.getConfig().setTokenUrl(new URL("http://localhost:8080/idp_login")); - oidcProvider.getConfig().setTokenKeyUrl(new URL("http://localhost:8080/idp_login")); + oidcProvider.getConfig().setTokenUrl(new URL("http://localhost:8080/uaa/idp_login")); + oidcProvider.getConfig().setTokenKeyUrl(new URL("http://localhost:8080/uaa/idp_login")); oidcProvider.getConfig().setEmailDomain(Collections.singletonList("example.com")); oidcProvider.getConfig().setRelyingPartyId("client_id"); oidcProvider.getConfig().setRelyingPartySecret("client_secret"); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/IdentityZoneNotAvailableIT.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/IdentityZoneNotAvailableIT.java index 67e01830b03..c7649197a89 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/IdentityZoneNotAvailableIT.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/IdentityZoneNotAvailableIT.java @@ -33,8 +33,8 @@ public class IdentityZoneNotAvailableIT { @Parameterized.Parameters(name = "{index}: zoneUrl[{0}];") public static List data() { return Arrays.asList(new Object[][]{ - {"http://testzonedoesnotexist.localhost:8080"}, - {"http://testzoneinactive.localhost:8080"} + {"http://testzonedoesnotexist.localhost:8080/uaa"}, + {"http://testzoneinactive.localhost:8080/uaa"} }); } @@ -45,7 +45,7 @@ public IdentityZoneNotAvailableIT(String zoneUrl) { @Before public void setUp() { String[] scope = {"uaa.admin"}; - String baseUrl = "http://localhost:8080"; + String baseUrl = "http://localhost:8080/uaa"; ClientCredentialsResourceDetails adminResource = IntegrationTestUtils.getClientCredentialsResource(baseUrl, scope, "admin", "adminsecret"); restTemplate = IntegrationTestUtils.getClientCredentialsTemplate( adminResource); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/OIDCLoginIT.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/OIDCLoginIT.java index 136d38fe1bb..42375ab5c09 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/OIDCLoginIT.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/OIDCLoginIT.java @@ -140,12 +140,12 @@ public void setUp() throws Exception { adminToken = IntegrationTestUtils.getClientCredentialsToken(baseUrl, "admin", "adminsecret"); String zoneHost = zone.getSubdomain() + ".localhost"; - zoneUrl = "http://" + zoneHost + ":8080"; + zoneUrl = "http://" + zoneHost + ":8080/uaa"; String createdGroupName = new RandomValueStringGenerator(10).generate() + ".created.scope"; - String urlBase = "http://localhost:8080"; + String urlBase = "http://localhost:8080/uaa"; identityProvider = new IdentityProvider<>(); identityProvider.setName("my oidc provider"); identityProvider.setIdentityZoneId(OriginKeys.UAA); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginIT.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginIT.java index a464ce33702..5399ab49c97 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginIT.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginIT.java @@ -1345,7 +1345,7 @@ public void testLoginSamlOnlyProviderNoUsernamePassword() throws Exception { String adminAccessToken = testClient.getOAuthAccessToken("admin", "adminsecret", "client_credentials", "clients.read clients.write clients.secret clients.admin"); String clientId = UUID.randomUUID().toString(); - BaseClientDetails clientDetails = new BaseClientDetails(clientId, null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.none", "http://localhost:8080/login"); + BaseClientDetails clientDetails = new BaseClientDetails(clientId, null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.none", "http://localhost:8080/uaa/login"); clientDetails.setClientSecret("secret"); clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, idps); testClient.createClient(adminAccessToken, clientDetails); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginWithLocalIdpIT.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginWithLocalIdpIT.java index 9d227c66ea0..2b965354fe4 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginWithLocalIdpIT.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginWithLocalIdpIT.java @@ -249,7 +249,7 @@ public void testValidSaml2Bearer() throws Exception { postBody.add("client_secret", "secret"); postBody.add("assertion", samlTestUtils.mockAssertionEncoded(IDP_ENTITY_ID, "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", - "Saml2BearerIntegrationUser", "http://localhost:8080/oauth/token/alias/cloudfoundry-saml-login", "cloudfoundry-saml-login")); + "Saml2BearerIntegrationUser", "http://localhost:8080/uaa/oauth/token/alias/cloudfoundry-saml-login", "cloudfoundry-saml-login")); ResponseEntity token = restOperations.exchange(baseUrl + "/oauth/token/alias/cloudfoundry-saml-login", HttpMethod.POST, new HttpEntity<>(postBody, headers), @@ -1015,9 +1015,9 @@ public SamlIdentityProviderDefinition createZone3IdpDefinition(String alias) { public static SamlIdentityProviderDefinition createLocalSamlIdpDefinition(String alias, String zoneId) { String url; if (StringUtils.isNotEmpty(zoneId) && !zoneId.equals("uaa")) { - url = "http://" + zoneId + ".localhost:8080/saml/idp/metadata"; + url = "http://" + zoneId + ".localhost:8080/uaa/saml/idp/metadata"; } else { - url = "http://localhost:8080/saml/idp/metadata"; + url = "http://localhost:8080/uaa/saml/idp/metadata"; } String idpMetaData = getIdpMetadata(url); return SamlTestUtils.createLocalSamlIdpDefinition(alias, zoneId, idpMetaData); @@ -1037,9 +1037,9 @@ public static SamlServiceProviderDefinition createLocalSamlSpDefinition(String a String url; if (StringUtils.isNotEmpty(zoneId) && !zoneId.equals("uaa")) { - url = "http://" + zoneId + ".localhost:8080/saml/metadata/alias/" + zoneId + "." + alias; + url = "http://" + zoneId + ".localhost:8080/uaa/saml/metadata/alias/" + zoneId + "." + alias; } else { - url = "http://localhost:8080/saml/metadata/alias/" + alias; + url = "http://localhost:8080/uaa/saml/metadata/alias/" + alias; } String spMetaData = getIdpMetadata(url); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/TokenEndpointDocs.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/TokenEndpointDocs.java index 1b502195165..6fd5215c65d 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/TokenEndpointDocs.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/TokenEndpointDocs.java @@ -412,7 +412,7 @@ void getTokenUsingSaml2BearerGrant() throws Exception { samlTestUtils.initializeSimple(); String subdomain = generator.generate().toLowerCase(); - //all our SAML defaults use :8080 so we have to use that here too + //all our SAML defaults use :8080/uaa/ so we have to use that here too String host = subdomain + ".localhost"; String fullPath = "/uaa/oauth/token/alias/" + subdomain + ".cloudfoundry-saml-login"; String origin = subdomain + ".cloudfoundry-saml-login"; @@ -438,7 +438,7 @@ void getTokenUsingSaml2BearerGrant() throws Exception { String assertion = samlTestUtils.mockAssertionEncoded(subdomain + ".cloudfoundry-saml-login", "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "Saml2BearerIntegrationUser", - "http://" + subdomain + ".localhost:8080/oauth/token/alias/" + subdomain + ".cloudfoundry-saml-login", + "http://" + subdomain + ".localhost:8080/uaa/oauth/token/alias/" + subdomain + ".cloudfoundry-saml-login", subdomain + ".cloudfoundry-saml-login" ); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/audit/AuditCheckMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/audit/AuditCheckMockMvcTests.java index 3f06a486d22..9165ff4dc6b 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/audit/AuditCheckMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/audit/AuditCheckMockMvcTests.java @@ -909,7 +909,7 @@ void generateUserDeletedEvent_whenDeletingUser( @Test void generateUserCreatedEvent_DuringLoginServerAuthorize() throws Exception { - clientRegistrationService.updateClientDetails(new BaseClientDetails("login", "oauth", "oauth.approvals", "authorization_code,password,client_credentials", "oauth.login", "http://localhost:8080")); + clientRegistrationService.updateClientDetails(new BaseClientDetails("login", "oauth", "oauth.approvals", "authorization_code,password,client_credentials", "oauth.login", "http://localhost:8080/uaa")); String username = "jacob" + new RandomValueStringGenerator().generate(); String loginToken = testClient.getClientCredentialsOAuthAccessToken( "login", @@ -932,7 +932,7 @@ void generateUserCreatedEvent_DuringLoginServerAuthorize() throws Exception { .param("external_id", "jacob") .param("response_type", "code") .param("client_id", "login") - .param("redirect_uri", "http://localhost:8080") + .param("redirect_uri", "http://localhost:8080/uaa") .param("state", "erw342"); mockMvc.perform(userPost) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/saml/SamlAuthenticationMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/saml/SamlAuthenticationMockMvcTests.java index cfa4df781dc..2665cff07f3 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/saml/SamlAuthenticationMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/saml/SamlAuthenticationMockMvcTests.java @@ -135,8 +135,8 @@ void sendAuthnRequestToIdp() throws Exception { String idpEntityId = idpZone.getSubdomain() + ".cloudfoundry-saml-login"; MvcResult mvcResult = mockMvc.perform( - get("/saml/discovery") - .contextPath("") + get("/uaa/saml/discovery") + .contextPath("/uaa") .header(HOST, spZone.getSubdomain() + ".localhost:8080") .param("returnIDParam", "idp") .param("entityID", spZoneEntityId) @@ -148,7 +148,7 @@ void sendAuthnRequestToIdp() throws Exception { mvcResult = mockMvc.perform( get(mvcResult.getResponse().getRedirectedUrl()) - .contextPath("") + .contextPath("/uaa") .header(HOST, spZone.getSubdomain() + ".localhost:8080") .session((MockHttpSession) mvcResult.getRequest().getSession()) @@ -161,14 +161,14 @@ void sendAuthnRequestToIdp() throws Exception { String relayState = extractRelayState(body); String samlRequest = extractSamlRequest(body); mockMvc.perform( - post("/saml/idp/SSO/alias/" + idpEntityId) - .contextPath("") + post("/uaa/saml/idp/SSO/alias/" + idpEntityId) + .contextPath("/uaa") .header(HOST, idpZone.getSubdomain() + ".localhost:8080") .param("RelayState", relayState) .param("SAMLRequest", samlRequest) ) .andExpect(status().isFound()) - .andExpect(redirectedUrl("http://" + idpZone.getSubdomain() + ".localhost:8080/login")); + .andExpect(redirectedUrl("http://" + idpZone.getSubdomain() + ".localhost:8080/uaa/login")); } @Test @@ -216,8 +216,8 @@ void spIsAuthenticated() throws Exception { testLogger.reset(); mockMvc.perform( - post("/saml/SSO/alias/" + spZoneEntityId) - .contextPath("") + post("/uaa/saml/SSO/alias/" + spZoneEntityId) + .contextPath("/uaa") .header(HOST, subdomain + ".localhost:8080") .header(CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE) .param("SAMLResponse", xml) @@ -270,8 +270,8 @@ void passcodeGrantIdTokenContainsExternalGroupsAsRolesClaim() throws Exception { String samlResponse = performIdpAuthentication(samlAuthorityNamesForMockAuthentication); String xml = extractAssertion(samlResponse, false); MockHttpSession session = (MockHttpSession) mockMvc.perform( - post("/saml/SSO/alias/" + spZoneEntityId) - .contextPath("") + post("/uaa/saml/SSO/alias/" + spZoneEntityId) + .contextPath("/uaa") .header(HOST, spZoneHost) .header(CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE) .param("SAMLResponse", xml) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/JwtBearerGrantMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/JwtBearerGrantMockMvcTests.java index 521806fab3c..c1d8ac68e69 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/JwtBearerGrantMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/JwtBearerGrantMockMvcTests.java @@ -167,7 +167,7 @@ ResultActions perform_grant_in_zone(IdentityZone theZone, String assertion) thro void createProvider(IdentityZone theZone, String verificationKey) throws Exception { createOIDCProvider(theZone, verificationKey, - "http://" + originZone.getIdentityZone().getSubdomain() + ".localhost:8080/oauth/token", + "http://" + originZone.getIdentityZone().getSubdomain() + ".localhost:8080/uaa/oauth/token", originClient.getClientId()); } diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenMvcMockTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenMvcMockTests.java index 4a0cea222a7..236ad7d2485 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenMvcMockTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenMvcMockTests.java @@ -653,9 +653,9 @@ void test_token_ids() throws Exception { @Test void test_saml_bearer_grant() throws Exception { String subdomain = generator.generate().toLowerCase(); - //all our SAML defaults use :8080/ so we have to use that here too + //all our SAML defaults use :8080/uaa/ so we have to use that here too String host = subdomain + ".localhost"; - String fullPath = "/oauth/token/alias/" + subdomain + ".cloudfoundry-saml-login"; + String fullPath = "/uaa/oauth/token/alias/" + subdomain + ".cloudfoundry-saml-login"; String origin = subdomain + ".cloudfoundry-saml-login"; MockMvcUtils.IdentityZoneCreationResult zone = MockMvcUtils.createOtherIdentityZoneAndReturnResult(subdomain, @@ -683,7 +683,7 @@ void test_saml_bearer_grant() throws Exception { String assertion = samlTestUtils.mockAssertionEncoded(subdomain + ".cloudfoundry-saml-login", "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "Saml2BearerIntegrationUser", - "http://" + subdomain + ".localhost:8080/oauth/token/alias/" + subdomain + ".cloudfoundry-saml-login", + "http://" + subdomain + ".localhost:8080/uaa/oauth/token/alias/" + subdomain + ".cloudfoundry-saml-login", subdomain + ".cloudfoundry-saml-login" ); @@ -700,6 +700,7 @@ void test_saml_bearer_grant() throws Exception { request.setServerName(host); return request; }) + .contextPath("/uaa") .accept(APPLICATION_JSON) .header(HOST, host) .contentType(APPLICATION_FORM_URLENCODED) @@ -724,8 +725,8 @@ void test_saml_bearer_grant() throws Exception { @Test void test_two_zone_saml_bearer_grant() throws Exception { String subdomain = generator.generate().toLowerCase(); - //all our SAML defaults use :8080/ so we have to use that here too - String spInvocationEndpoint = "/oauth/token/alias/cloudfoundry-saml-login"; + //all our SAML defaults use :8080/uaa/ so we have to use that here too + String spInvocationEndpoint = "/uaa/oauth/token/alias/cloudfoundry-saml-login"; String idpOrigin = subdomain + ".cloudfoundry-saml-login"; //create an zone - that zone will be our IDP @@ -754,7 +755,7 @@ void test_two_zone_saml_bearer_grant() throws Exception { String assertion = samlTestUtils.mockAssertionEncoded(subdomain + ".cloudfoundry-saml-login", "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "Saml2BearerIntegrationUser", - "http://localhost:8080/oauth/token/alias/cloudfoundry-saml-login", + "http://localhost:8080/uaa/oauth/token/alias/cloudfoundry-saml-login", "cloudfoundry-saml-login" ); @@ -770,7 +771,7 @@ void test_two_zone_saml_bearer_grant() throws Exception { request.setServerName("localhost"); return request; }) - .contextPath("") + .contextPath("/uaa") .accept(APPLICATION_JSON) .header(HOST, "localhost") .contentType(APPLICATION_FORM_URLENCODED) @@ -3590,7 +3591,7 @@ void password_grant_with_default_user_groups_in_zone() throws Exception { .andReturn(); String claimsJSON = JwtHelper.decode(JsonUtils.readValue(result.getResponse().getContentAsString(), OAuthToken.class).accessToken).getClaims(); Claims claims = JsonUtils.readValue(claimsJSON, Claims.class); - assertEquals(claims.getIss(), "http://" + subdomain.toLowerCase() + ".localhost:8080/oauth/token"); + assertEquals(claims.getIss(), "http://" + subdomain.toLowerCase() + ".localhost:8080/uaa/oauth/token"); assertThat(claims.getScope(), containsInAnyOrder("openid", "custom.default.group")); } @@ -3612,7 +3613,7 @@ void testGetPasswordGrantTokenForOtherZone() throws Exception { .andReturn(); String claimsJSON = JwtHelper.decode(JsonUtils.readValue(result.getResponse().getContentAsString(), OAuthToken.class).accessToken).getClaims(); Claims claims = JsonUtils.readValue(claimsJSON, Claims.class); - assertEquals(claims.getIss(), "http://" + subdomain.toLowerCase() + ".localhost:8080/oauth/token"); + assertEquals(claims.getIss(), "http://" + subdomain.toLowerCase() + ".localhost:8080/uaa/oauth/token"); } @Test @@ -3974,7 +3975,7 @@ void testJkuHeaderIsSet_andNonRfcHeadersNotSet_forAccessToken() throws Exception JsonUtils.readValue(accessTokenHeaderJson, new TypeReference>() { }); - assertThat(headerMap.get("jku"), is("https://localhost:8080/token_keys")); + assertThat(headerMap.get("jku"), is("https://localhost:8080/uaa/token_keys")); // `enc` and `iv` are not required by JWT or OAuth spec, so should not be set and thus not returned in the token's header assertThat(headerMap, not(hasKey("enc"))); assertThat(headerMap, not(hasKey("iv"))); @@ -4005,7 +4006,7 @@ void testJkuHeaderIsSet_andNonRfcHeadersNotSet_forRefreshToken() throws Exceptio JsonUtils.readValue(refreshTokenHeaderJson, new TypeReference>() { }); - assertThat(headerMap.get("jku"), is("https://localhost:8080/token_keys")); + assertThat(headerMap.get("jku"), is("https://localhost:8080/uaa/token_keys")); // `enc` and `iv` are not required by JWT or OAuth spec, so should not be set and thus not returned in the token's header assertThat(headerMap, not(hasKey("enc"))); assertThat(headerMap, not(hasKey("iv"))); @@ -4037,7 +4038,7 @@ void testJkuHeaderIsSet_andNonRfcHeadersNotSet_forIdToken() throws Exception { JsonUtils.readValue(idTokenHeaderJson, new TypeReference>() { }); - assertThat(headerMap.get("jku"), is("https://localhost:8080/token_keys")); + assertThat(headerMap.get("jku"), is("https://localhost:8080/uaa/token_keys")); // `enc` and `iv` are not required by JWT or OAuth spec, so should not be set and thus not returned in the token's header assertThat(headerMap, not(hasKey("enc"))); assertThat(headerMap, not(hasKey("iv"))); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointDocs.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointDocs.java index 0ba4d2bbed3..b2298c536a2 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointDocs.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointDocs.java @@ -159,7 +159,7 @@ class IdentityZoneEndpointDocs extends EndpointDocs { private static final String MFA_CONFIG_IDENTITY_PROVIDER_DESC = "Only trigger MFA when user is using an identity provider whose origin key matches one of these values"; private static final String ZONE_ISSUER_DESC = "Issuer of this zone. Must be a valid URL."; private static final String DEFAULT_IDP_DESC = "This value can be set to the origin key of an identity provider. If set, the user will be directed to this identity provider automatically if no other identity provider is discovered or selected via login_hint."; - private static final String DEFAULT_ISSUER_URI = "http://localhost:8080"; + private static final String DEFAULT_ISSUER_URI = "http://localhost:8080/uaa"; private static final HeaderDescriptor IDENTITY_ZONE_ID_HEADER = headerWithName(IdentityZoneSwitchingFilter.HEADER).description("May include this header to administer another zone if using `zones..admin` or `uaa.admin` scope against the default UAA zone.").optional(); private static final HeaderDescriptor IDENTITY_ZONE_SUBDOMAIN_HEADER = headerWithName(IdentityZoneSwitchingFilter.SUBDOMAIN_HEADER).optional().description("If using a `zones..admin` scope/token, indicates what Identity Zone this request goes to by supplying a subdomain."); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java index cfb0ff3e650..b322bd888dc 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java @@ -1738,7 +1738,7 @@ void testCreateAndDeleteLimitedClientInNewZoneUsingZoneEndpoint() throws Excepti assertEquals("zones.write", created.getAdditionalInformation().get(ClientConstants.CREATED_WITH)); assertEquals(Collections.singletonList(UAA), created.getAdditionalInformation().get(ClientConstants.ALLOWED_PROVIDERS)); assertEquals("bar", created.getAdditionalInformation().get("foo")); - checkAuditEventListener(1, AuditEventType.ClientCreateSuccess, clientCreateEventListener, id, "http://localhost:8080/oauth/token", "identity"); + checkAuditEventListener(1, AuditEventType.ClientCreateSuccess, clientCreateEventListener, id, "http://localhost:8080/uaa/oauth/token", "identity"); for (String url : Arrays.asList("", "/")) { mockMvc.perform( @@ -1753,7 +1753,7 @@ void testCreateAndDeleteLimitedClientInNewZoneUsingZoneEndpoint() throws Excepti .accept(APPLICATION_JSON)) .andExpect(status().isOk()); - checkAuditEventListener(1, AuditEventType.ClientDeleteSuccess, clientDeleteEventListener, id, "http://localhost:8080/oauth/token", "identity"); + checkAuditEventListener(1, AuditEventType.ClientDeleteSuccess, clientDeleteEventListener, id, "http://localhost:8080/uaa/oauth/token", "identity"); } @Test @@ -1887,12 +1887,12 @@ void testSuccessfulUserManagementInZoneUsingAdminClient() throws Exception { IdentityZone identityZone = creationResult.getIdentityZone(); checkZoneAuditEventInUaa(1, AuditEventType.IdentityZoneCreatedEvent); - checkAuditEventListener(1, AuditEventType.GroupCreatedEvent, groupModifiedEventListener, IdentityZone.getUaaZoneId(), "http://localhost:8080/oauth/token", "identity"); - checkAuditEventListener(1, AuditEventType.ClientCreateSuccess, clientCreateEventListener, identityZone.getId(), "http://localhost:8080/oauth/token", creationResult.getZoneAdminUser().getId()); + checkAuditEventListener(1, AuditEventType.GroupCreatedEvent, groupModifiedEventListener, IdentityZone.getUaaZoneId(), "http://localhost:8080/uaa/oauth/token", "identity"); + checkAuditEventListener(1, AuditEventType.ClientCreateSuccess, clientCreateEventListener, identityZone.getId(), "http://localhost:8080/uaa/oauth/token", creationResult.getZoneAdminUser().getId()); String scimAdminToken = testClient.getClientCredentialsOAuthAccessToken("admin", "admin-secret", "scim.write,scim.read", subdomain); ScimUser user = createUser(scimAdminToken, subdomain); - checkAuditEventListener(1, AuditEventType.UserCreatedEvent, userModifiedEventListener, identityZone.getId(), "http://" + subdomain + ".localhost:8080/oauth/token", "admin"); + checkAuditEventListener(1, AuditEventType.UserCreatedEvent, userModifiedEventListener, identityZone.getId(), "http://" + subdomain + ".localhost:8080/uaa/oauth/token", "admin"); user.setUserName("updated-username@test.com"); MockHttpServletRequestBuilder put = put("/Users/" + user.getId()) @@ -1907,7 +1907,7 @@ void testSuccessfulUserManagementInZoneUsingAdminClient() throws Exception { .andExpect(jsonPath("$.userName").value(user.getUserName())) .andReturn(); - checkAuditEventListener(2, AuditEventType.UserModifiedEvent, userModifiedEventListener, identityZone.getId(), "http://" + subdomain + ".localhost:8080/oauth/token", "admin"); + checkAuditEventListener(2, AuditEventType.UserModifiedEvent, userModifiedEventListener, identityZone.getId(), "http://" + subdomain + ".localhost:8080/uaa/oauth/token", "admin"); user = JsonUtils.readValue(result.getResponse().getContentAsString(), ScimUser.class); List users = getUsersInZone(subdomain, scimAdminToken); assertTrue(users.contains(user)); @@ -1924,7 +1924,7 @@ void testSuccessfulUserManagementInZoneUsingAdminClient() throws Exception { .andExpect(jsonPath("$.id").value(user.getId())) .andReturn(); - checkAuditEventListener(3, AuditEventType.UserDeletedEvent, userModifiedEventListener, identityZone.getId(), "http://" + subdomain + ".localhost:8080/oauth/token", "admin"); + checkAuditEventListener(3, AuditEventType.UserDeletedEvent, userModifiedEventListener, identityZone.getId(), "http://" + subdomain + ".localhost:8080/uaa/oauth/token", "admin"); users = getUsersInZone(subdomain, scimAdminToken); assertEquals(0, users.size()); } @@ -2252,7 +2252,7 @@ private IdentityZone createZoneReturn() throws Exception { assertEquals(id.toLowerCase(), zone.getSubdomain()); assertFalse(zone.getConfig().getTokenPolicy().isRefreshTokenUnique()); assertEquals(JWT.getStringValue(), zone.getConfig().getTokenPolicy().getRefreshTokenFormat()); - checkAuditEventListener(1, AuditEventType.IdentityZoneCreatedEvent, zoneModifiedEventListener, IdentityZone.getUaaZoneId(), "http://localhost:8080/oauth/token", "identity"); + checkAuditEventListener(1, AuditEventType.IdentityZoneCreatedEvent, zoneModifiedEventListener, IdentityZone.getUaaZoneId(), "http://localhost:8080/uaa/oauth/token", "identity"); //validate that default groups got created ScimGroupProvisioning groupProvisioning = webApplicationContext.getBean(ScimGroupProvisioning.class); @@ -2386,7 +2386,7 @@ private IdentityZone updateZone(IdentityZone identityZone, HttpStatus expect, St } private void checkZoneAuditEventInUaa(int eventCount, AuditEventType eventType) { - checkAuditEventListener(eventCount, eventType, zoneModifiedEventListener, IdentityZone.getUaaZoneId(), "http://localhost:8080/oauth/token", "identity"); + checkAuditEventListener(eventCount, eventType, zoneModifiedEventListener, IdentityZone.getUaaZoneId(), "http://localhost:8080/uaa/oauth/token", "identity"); } private void checkAuditEventListener(int eventCount, AuditEventType eventType, TestApplicationEventListener eventListener, String identityZoneId, String issuer, String subject) { diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/BaseSamlServiceProviderEndpointsMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/BaseSamlServiceProviderEndpointsMockMvcTests.java index c0efac00d1d..035b2af53e5 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/BaseSamlServiceProviderEndpointsMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/BaseSamlServiceProviderEndpointsMockMvcTests.java @@ -65,7 +65,7 @@ void setup() throws Exception { " \"name\" : \"" + name + "\",\n" + " \"entityId\" : \"" + name + ".cloudfoundry-saml-login\",\n" + " \"active\" : true,\n" + - " \"config\" : \"{\\\"metaDataLocation\\\" : \\\"zALgjEFJ7jJSwn2AOBH5H8CX93U=Rp5XH8eT0ek/vlFGzHgIFOeESchOwSYZ9oh4JA9WqQ0jJtvNQ9IttY2QY9XK3n6TbbtPcEKVgljyTfwD5ymp+oMKfIYQC9JsN8mPADN5rjLFgC+xGceWLbcjoNsCJ7x2ZjyWRblSxoOU5qnzxEA3k3Bu+OkV+ZXcSbmgMWoQACg=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\\\",\\\"metadataTrustCheck\\\" : true }\"" + + " \"config\" : \"{\\\"metaDataLocation\\\" : \\\"zALgjEFJ7jJSwn2AOBH5H8CX93U=Rp5XH8eT0ek/vlFGzHgIFOeESchOwSYZ9oh4JA9WqQ0jJtvNQ9IttY2QY9XK3n6TbbtPcEKVgljyTfwD5ymp+oMKfIYQC9JsN8mPADN5rjLFgC+xGceWLbcjoNsCJ7x2ZjyWRblSxoOU5qnzxEA3k3Bu+OkV+ZXcSbmgMWoQACg=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\\\",\\\"metadataTrustCheck\\\" : true }\"" + "}"; } @@ -154,7 +154,7 @@ void createServiceProviderInvalidEntityId() throws Exception { " \"name\" : \"" + name + "\",\n" + " \"entityId\" : \"invalid.cloudfoundry-saml-login\",\n" + " \"active\" : true,\n" + - " \"config\" : \"{\\\"metaDataLocation\\\" : \\\"zALgjEFJ7jJSwn2AOBH5H8CX93U=Rp5XH8eT0ek/vlFGzHgIFOeESchOwSYZ9oh4JA9WqQ0jJtvNQ9IttY2QY9XK3n6TbbtPcEKVgljyTfwD5ymp+oMKfIYQC9JsN8mPADN5rjLFgC+xGceWLbcjoNsCJ7x2ZjyWRblSxoOU5qnzxEA3k3Bu+OkV+ZXcSbmgMWoQACg=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\\\",\\\"metadataTrustCheck\\\" : true }\"" + + " \"config\" : \"{\\\"metaDataLocation\\\" : \\\"zALgjEFJ7jJSwn2AOBH5H8CX93U=Rp5XH8eT0ek/vlFGzHgIFOeESchOwSYZ9oh4JA9WqQ0jJtvNQ9IttY2QY9XK3n6TbbtPcEKVgljyTfwD5ymp+oMKfIYQC9JsN8mPADN5rjLFgC+xGceWLbcjoNsCJ7x2ZjyWRblSxoOU5qnzxEA3k3Bu+OkV+ZXcSbmgMWoQACg=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\\\",\\\"metadataTrustCheck\\\" : true }\"" + "}"; mockMvc.perform(post("/saml/service-providers") .header("Authorization", "bearer" + adminToken) @@ -178,7 +178,7 @@ void createServiceProviderAttributeMappings() throws Exception { " \"name\" : \"" + name + "\",\n" + " \"entityId\" : \"" + name + ".cloudfoundry-saml-login\",\n" + " \"active\" : true,\n" + - " \"config\" : \"{\\\"metaDataLocation\\\" : \\\"zALgjEFJ7jJSwn2AOBH5H8CX93U=Rp5XH8eT0ek/vlFGzHgIFOeESchOwSYZ9oh4JA9WqQ0jJtvNQ9IttY2QY9XK3n6TbbtPcEKVgljyTfwD5ymp+oMKfIYQC9JsN8mPADN5rjLFgC+xGceWLbcjoNsCJ7x2ZjyWRblSxoOU5qnzxEA3k3Bu+OkV+ZXcSbmgMWoQACg=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\\\",\\\"metadataTrustCheck\\\" : true " + + " \"config\" : \"{\\\"metaDataLocation\\\" : \\\"zALgjEFJ7jJSwn2AOBH5H8CX93U=Rp5XH8eT0ek/vlFGzHgIFOeESchOwSYZ9oh4JA9WqQ0jJtvNQ9IttY2QY9XK3n6TbbtPcEKVgljyTfwD5ymp+oMKfIYQC9JsN8mPADN5rjLFgC+xGceWLbcjoNsCJ7x2ZjyWRblSxoOU5qnzxEA3k3Bu+OkV+ZXcSbmgMWoQACg=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\\\",\\\"metadataTrustCheck\\\" : true " + ", \\\"attributeMappings\\\": {\\\"given_name\\\" : \\\"firstname\\\"" + " ,\\\"family_name\\\" : \\\"lastname\\\"," + " \\\"phone_number\\\" : \\\"phone\\\" }" + @@ -202,7 +202,7 @@ void updateServiceProviderAttributeMappings() throws Exception { " \"name\" : \"" + name + "\",\n" + " \"entityId\" : \"" + name + ".cloudfoundry-saml-login\",\n" + " \"active\" : true,\n" + - " \"config\" : \"{\\\"metaDataLocation\\\" : \\\"zALgjEFJ7jJSwn2AOBH5H8CX93U=Rp5XH8eT0ek/vlFGzHgIFOeESchOwSYZ9oh4JA9WqQ0jJtvNQ9IttY2QY9XK3n6TbbtPcEKVgljyTfwD5ymp+oMKfIYQC9JsN8mPADN5rjLFgC+xGceWLbcjoNsCJ7x2ZjyWRblSxoOU5qnzxEA3k3Bu+OkV+ZXcSbmgMWoQACg=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\\\",\\\"metadataTrustCheck\\\" : true " + + " \"config\" : \"{\\\"metaDataLocation\\\" : \\\"zALgjEFJ7jJSwn2AOBH5H8CX93U=Rp5XH8eT0ek/vlFGzHgIFOeESchOwSYZ9oh4JA9WqQ0jJtvNQ9IttY2QY9XK3n6TbbtPcEKVgljyTfwD5ymp+oMKfIYQC9JsN8mPADN5rjLFgC+xGceWLbcjoNsCJ7x2ZjyWRblSxoOU5qnzxEA3k3Bu+OkV+ZXcSbmgMWoQACg=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\\\",\\\"metadataTrustCheck\\\" : true " + ", \\\"attributeMappings\\\": {\\\"given_name\\\" : \\\"firstname\\\"" + " ,\\\"family_name\\\" : \\\"lastname\\\"," + " \\\"phone_number\\\" : \\\"phone\\\" }" + diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/UaaSamlIDPEndpointDocs.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/UaaSamlIDPEndpointDocs.java index b268e96e769..7a4a1250d0e 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/UaaSamlIDPEndpointDocs.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/UaaSamlIDPEndpointDocs.java @@ -124,7 +124,7 @@ void setup() throws Exception { " \"name\" : \"" + name + "\",\n" + " \"entityId\" : \"" + spEntityID + "\",\n" + " \"active\" : true,\n" + - " \"config\" : \"{\\\"enableIdpInitiatedSso\\\" : true,\\\"metaDataLocation\\\" : \\\"zALgjEFJ7jJSwn2AOBH5H8CX93U=Rp5XH8eT0ek/vlFGzHgIFOeESchOwSYZ9oh4JA9WqQ0jJtvNQ9IttY2QY9XK3n6TbbtPcEKVgljyTfwD5ymp+oMKfIYQC9JsN8mPADN5rjLFgC+xGceWLbcjoNsCJ7x2ZjyWRblSxoOU5qnzxEA3k3Bu+OkV+ZXcSbmgMWoQACg=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\\\"" + + " \"config\" : \"{\\\"enableIdpInitiatedSso\\\" : true,\\\"metaDataLocation\\\" : \\\"zALgjEFJ7jJSwn2AOBH5H8CX93U=Rp5XH8eT0ek/vlFGzHgIFOeESchOwSYZ9oh4JA9WqQ0jJtvNQ9IttY2QY9XK3n6TbbtPcEKVgljyTfwD5ymp+oMKfIYQC9JsN8mPADN5rjLFgC+xGceWLbcjoNsCJ7x2ZjyWRblSxoOU5qnzxEA3k3Bu+OkV+ZXcSbmgMWoQACg=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=MIIDSTCCArKgAwIBAgIBADANBgkqhkiG9w0BAQQFADB8MQswCQYDVQQGEwJhdzEOMAwGA1UECBMF\\\\nYXJ1YmExDjAMBgNVBAoTBWFydWJhMQ4wDAYDVQQHEwVhcnViYTEOMAwGA1UECxMFYXJ1YmExDjAM\\\\nBgNVBAMTBWFydWJhMR0wGwYJKoZIhvcNAQkBFg5hcnViYUBhcnViYS5hcjAeFw0xNTExMjAyMjI2\\\\nMjdaFw0xNjExMTkyMjI2MjdaMHwxCzAJBgNVBAYTAmF3MQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UE\\\\nChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQLEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmEx\\\\nHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB\\\\ngQDHtC5gUXxBKpEqZTLkNvFwNGnNIkggNOwOQVNbpO0WVHIivig5L39WqS9u0hnA+O7MCA/KlrAR\\\\n4bXaeVVhwfUPYBKIpaaTWFQR5cTR1UFZJL/OF9vAfpOwznoD66DDCnQVpbCjtDYWX+x6imxn8HCY\\\\nxhMol6ZnTbSsFW6VZjFMjQIDAQABo4HaMIHXMB0GA1UdDgQWBBTx0lDzjH/iOBnOSQaSEWQLx1sy\\\\nGDCBpwYDVR0jBIGfMIGcgBTx0lDzjH/iOBnOSQaSEWQLx1syGKGBgKR+MHwxCzAJBgNVBAYTAmF3\\\\nMQ4wDAYDVQQIEwVhcnViYTEOMAwGA1UEChMFYXJ1YmExDjAMBgNVBAcTBWFydWJhMQ4wDAYDVQQL\\\\nEwVhcnViYTEOMAwGA1UEAxMFYXJ1YmExHTAbBgkqhkiG9w0BCQEWDmFydWJhQGFydWJhLmFyggEA\\\\nMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADgYEAYvBJ0HOZbbHClXmGUjGs+GS+xC1FO/am\\\\n2suCSYqNB9dyMXfOWiJ1+TLJk+o/YZt8vuxCKdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3o\\\\nePe84k8jm3A7EvH5wi5hvCkKRpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0=urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:2.0:nameid-format:transienturn:oasis:names:tc:SAML:2.0:nameid-format:persistenturn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName\\\"" + ",\\\"metadataTrustCheck\\\" : true " + ",\\\"attributeMappings\\\" : { \\\"given_name\\\" : \\\"firstname\\\", \\\"family_name\\\" : \\\"lastname\\\", \\\"phone_number\\\" : \\\"phone\\\" }" + "}\"" + diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/OpenIdConnectEndpointsMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/OpenIdConnectEndpointsMockMvcTests.java index d6ee0ada9a3..128980f047c 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/OpenIdConnectEndpointsMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/OpenIdConnectEndpointsMockMvcTests.java @@ -65,7 +65,7 @@ void testWellKnownEndpoint() throws Exception { OpenIdConfiguration openIdConfiguration = JsonUtils.readValue(response.getContentAsString(), OpenIdConfiguration.class); assertNotNull(openIdConfiguration); - assertEquals("http://" + host + ":8080/oauth/token", openIdConfiguration.getIssuer()); + assertEquals("http://" + host + ":8080/uaa/oauth/token", openIdConfiguration.getIssuer()); assertEquals("http://" + host + "/oauth/authorize", openIdConfiguration.getAuthUrl()); assertEquals("http://" + host + "/oauth/token", openIdConfiguration.getTokenUrl()); assertArrayEquals(new String[]{"client_secret_basic", "client_secret_post"}, openIdConfiguration.getTokenAMR()); diff --git a/uaa/src/test/resources/integration_test_properties.yml b/uaa/src/test/resources/integration_test_properties.yml index 7fc85dddd18..ed6c0caad84 100644 --- a/uaa/src/test/resources/integration_test_properties.yml +++ b/uaa/src/test/resources/integration_test_properties.yml @@ -17,13 +17,13 @@ jwt: uaa: # The hostname of the UAA that this login server will connect to - url: http://localhost:8080 + url: http://localhost:8080/uaa token: - url: http://localhost:8080/oauth/token + url: http://localhost:8080/uaa/oauth/token approvals: - url: http://localhost:8080/approvals + url: http://localhost:8080/uaa/approvals login: - url: http://localhost:8080/authenticate + url: http://localhost:8080/uaa/authenticate limitedFunctionality: enabled: false whitelist: @@ -104,7 +104,7 @@ oauth: - uaa.offline_token issuer: - uri: http://localhost:8080 + uri: http://localhost:8080/uaa login: @@ -146,8 +146,8 @@ login: KdcZYgl4l/L6PxJ982SRhc83ZW2dkAZI4M0/Ud3oePe84k8jm3A7EvH5wi5hvCkK RpuRBwn3Ei+jCRouxTbzKPsuCVB+1sNyxMTXzf0= -----END CERTIFICATE----- - url: http://localhost:8080 - entityBaseURL: http://localhost:8080 + url: http://localhost:8080/uaa + entityBaseURL: http://localhost:8080/uaa entityID: cloudfoundry-saml-login saml: #Entity ID Alias to login at /saml/SSO/alias/{login.saml.entityIDAlias} @@ -170,7 +170,7 @@ login: # URL metadata fetch - read timeout soTimeout: 10000 authorize: - url: http://localhost:8080/oauth/authorize + url: http://localhost:8080/uaa/oauth/authorize ldap: diff --git a/uaa/src/test/resources/session_frame_test.html b/uaa/src/test/resources/session_frame_test.html index a795038c214..76a5042eb98 100644 --- a/uaa/src/test/resources/session_frame_test.html +++ b/uaa/src/test/resources/session_frame_test.html @@ -8,7 +8,7 @@ window.onload = function () { sessionFrame = document.getElementById('sessionFrame'); - sessionFrame.src = "http://localhost:8080/session?clientId=testClient&messageOrigin=" + encodeURIComponent(window.location.origin); + sessionFrame.src = "http://localhost:8080/uaa/session?clientId=testClient&messageOrigin=" + encodeURIComponent(window.location.origin); messageDiv = document.getElementById('message'); }; diff --git a/uaa/src/test/resources/test/config/uaa.yml b/uaa/src/test/resources/test/config/uaa.yml index dddd860cca9..53972dbb8f8 100644 --- a/uaa/src/test/resources/test/config/uaa.yml +++ b/uaa/src/test/resources/test/config/uaa.yml @@ -1,7 +1,7 @@ uaa: - url: http://localhost:8080 + url: http://localhost:8080/uaa issuer: - uri: http://localhost:8080 + uri: http://localhost:8080/uaa encryption: active_key_label: key-1 encryption_keys: From c48cbeecf467720bd105b078e002789d548fd01d Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2019 11:13:03 +0000 Subject: [PATCH 057/111] Bump versions.springBootVersion from 2.2.1.RELEASE to 2.2.2.RELEASE Bumps `versions.springBootVersion` from 2.2.1.RELEASE to 2.2.2.RELEASE. Updates `spring-boot-dependencies` from 2.2.1.RELEASE to 2.2.2.RELEASE - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v2.2.1.RELEASE...v2.2.2.RELEASE) Updates `spring-boot-gradle-plugin` from 2.2.1.RELEASE to 2.2.2.RELEASE - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v2.2.1.RELEASE...v2.2.2.RELEASE) Signed-off-by: dependabot-preview[bot] --- dependencies.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependencies.gradle b/dependencies.gradle index a0717f31a0b..db100d26fc1 100644 --- a/dependencies.gradle +++ b/dependencies.gradle @@ -14,7 +14,7 @@ versions.aspectJVersion = "1.9.4" versions.apacheDsVersion = "2.0.0.AM25" versions.bouncyCastleVersion = "1.64" versions.hamcrestVersion = "2.2" -versions.springBootVersion = "2.2.1.RELEASE" +versions.springBootVersion = "2.2.2.RELEASE" versions.springSecurityJwtVersion = "1.1.0.RELEASE" versions.springSecurityOAuthVersion = "2.4.0.RELEASE" versions.springSecuritySamlVersion = "1.0.10.RELEASE" From 3aed6651b1cd4c5587800990972b4bebf5945896 Mon Sep 17 00:00:00 2001 From: Andrew Edstrom Date: Mon, 9 Dec 2019 17:01:47 -0800 Subject: [PATCH 058/111] reintroduce set-version.sh script [#169720342] Signed-off-by: Stephane Jolicoeur Co-authored-by: Stephane Jolicoeur --- scripts/set-version.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100755 scripts/set-version.sh diff --git a/scripts/set-version.sh b/scripts/set-version.sh new file mode 100755 index 00000000000..571ad3a2a16 --- /dev/null +++ b/scripts/set-version.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +if [ "$#" -lt 1 ]; then + echo "Usage: $(basename $0) version" + echo "Example: $(basename $0) 2.1.1" + exit 1 +fi + +set -x +set -e + +cd `dirname $0`/.. + +sed -e "s/^version=.*/version=$1/" gradle.properties > gradle.properties.new +mv gradle.properties.new gradle.properties \ No newline at end of file From 020398f9c94827194d27809554ffca0acb68b069 Mon Sep 17 00:00:00 2001 From: Markus Strehle Date: Tue, 10 Dec 2019 14:40:53 +0100 Subject: [PATCH 059/111] data-source configuration add more properties to dynamic configuration. Set default for new properties --- server/src/main/resources/spring/data-source.xml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/server/src/main/resources/spring/data-source.xml b/server/src/main/resources/spring/data-source.xml index 99ae4512268..8e01d8f17b1 100755 --- a/server/src/main/resources/spring/data-source.xml +++ b/server/src/main/resources/spring/data-source.xml @@ -34,18 +34,21 @@ - + + + + From 2b017472e57f970e86d5d11f7e97d6e736e8f251 Mon Sep 17 00:00:00 2001 From: Andrew Edstrom Date: Tue, 10 Dec 2019 12:17:52 -0800 Subject: [PATCH 060/111] Minimal server.xml for UAA image This server.xml should represent the minimal configuration necessary for the UAA to successfully run. Tomcat behavior cannot be configured yet and logging will go to the console for now. Configuration of the UAA, however, is possible by providing the location of the UAA config file via one of the supported environment variables. [#169713142] Signed-off-by: Jeremy Morony --- k8s/image/tomcat/conf/server.xml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 k8s/image/tomcat/conf/server.xml diff --git a/k8s/image/tomcat/conf/server.xml b/k8s/image/tomcat/conf/server.xml new file mode 100644 index 00000000000..f9c11ec6a14 --- /dev/null +++ b/k8s/image/tomcat/conf/server.xml @@ -0,0 +1,17 @@ + + + + + + + + + + + + + + From 14aa78a22cd45fc14c600e05832d98f00ec43a1f Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Wed, 11 Dec 2019 11:26:36 +0000 Subject: [PATCH 061/111] Bump org.eclipse.jgit from 5.5.1.201910021850-r to 5.6.0.201912101111-r Bumps org.eclipse.jgit from 5.5.1.201910021850-r to 5.6.0.201912101111-r. Signed-off-by: dependabot-preview[bot] --- dependencies.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependencies.gradle b/dependencies.gradle index db100d26fc1..c162935996a 100644 --- a/dependencies.gradle +++ b/dependencies.gradle @@ -32,7 +32,7 @@ libraries.bouncyCastlePkix = "org.bouncycastle:bcpkix-jdk15on:${versions.bouncyC libraries.bouncyCastleProv = "org.bouncycastle:bcprov-jdk15on:${versions.bouncyCastleVersion}" libraries.commonsIo = "commons-io:commons-io:2.6" libraries.dumbster = "dumbster:dumbster:1.6" -libraries.eclipseJgit = "org.eclipse.jgit:org.eclipse.jgit:5.5.1.201910021850-r" +libraries.eclipseJgit = "org.eclipse.jgit:org.eclipse.jgit:5.6.0.201912101111-r" libraries.flywayCore = "org.flywaydb:flyway-core" libraries.googleAuth = "com.warrenstrange:googleauth:1.4.0" libraries.gradleCargoPlugin = "com.bmuschko:gradle-cargo-plugin:2.6.1" From 447940cf23524250e2715370711987fe0a4fdc91 Mon Sep 17 00:00:00 2001 From: Stephane Jolicoeur Date: Wed, 11 Dec 2019 14:12:41 -0600 Subject: [PATCH 062/111] Add logging to YamlServletProfileInitializer - To make it easier to know what's happening in K8s [#169718245] Signed-off-by: Joshua Casey --- .../uaa/impl/config/YamlServletProfileInitializer.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java index 617c4e4bbd5..7dd8b477c41 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java @@ -188,6 +188,7 @@ private void applyLog4jConfiguration(ConfigurableEnvironment environment, String void applySpringProfiles(ConfigurableEnvironment environment) { String systemProfiles = System.getProperty("spring.profiles.active"); + System.out.format("System property spring.profiles.active=[%s]%n", systemProfiles); environment.setDefaultProfiles(new String[0]); if (environment.containsProperty("spring_profiles")) { String profiles = environment.getProperty("spring_profiles"); @@ -195,8 +196,10 @@ void applySpringProfiles(ConfigurableEnvironment environment) { environment.setActiveProfiles(StringUtils.tokenizeToStringArray(profiles, ",", true, true)); } else { if (isEmpty(systemProfiles)) { + System.out.println("Setting active profiles: [hsqldb]"); environment.setActiveProfiles("hsqldb"); } else { + System.out.format("Setting active profiles: [%s]%n", systemProfiles); environment.setActiveProfiles(commaDelimitedListToStringArray(systemProfiles)); } } From 4fc481ddf19e6823d3bd7481d8f153734b46c610 Mon Sep 17 00:00:00 2001 From: Andrew Wittrock Date: Tue, 10 Dec 2019 17:09:46 -0800 Subject: [PATCH 063/111] Add K8s Deployment Manifest - Deploys a pinned identity/uaa image digest - No templating / configuration options (yet) [#169718245] Signed-off-by: Joshua Casey Co-authored-by: Joshua Casey --- k8s/deployment/deployment.yaml | 42 ++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 k8s/deployment/deployment.yaml diff --git a/k8s/deployment/deployment.yaml b/k8s/deployment/deployment.yaml new file mode 100644 index 00000000000..57997a26f43 --- /dev/null +++ b/k8s/deployment/deployment.yaml @@ -0,0 +1,42 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: http-uaa-service + labels: + app: uaa-deployment +spec: + type: NodePort + ports: + - port: 8080 + targetPort: 8080 + protocol: TCP + nodePort: 30000 + selector: + app: uaa-deployment +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: uaa +spec: + selector: + matchLabels: + app: uaa-deployment + replicas: 1 + template: + metadata: + labels: + app: uaa-deployment + spec: # pod spec + containers: + - name: uaa + image: cfidentity/uaa@sha256:93b70b26fbb3de88d93728b0daf1ea7b001fde89a24e283c3db36bf4c6af087c + ports: + - containerPort: 8080 + protocol: TCP + env: + - name: LOGIN_CONFIG_URL + value: "classpath:required_configuration.yml" + - name: spring_profiles + value: "default,hsqldb" From 267d764f27e6fa88889b32a30afa7ce5c4c96c8b Mon Sep 17 00:00:00 2001 From: Jeremy Morony Date: Wed, 11 Dec 2019 15:17:21 -0800 Subject: [PATCH 064/111] Do not report tomcat internals in access logs [#170193262] Signed-off-by: Andrew Wittrock --- k8s/image/tomcat/conf/server.xml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/k8s/image/tomcat/conf/server.xml b/k8s/image/tomcat/conf/server.xml index f9c11ec6a14..5d5c3e62223 100644 --- a/k8s/image/tomcat/conf/server.xml +++ b/k8s/image/tomcat/conf/server.xml @@ -8,6 +8,9 @@ + From aa6b9e604ad33bfcb7d856f5b4ce58ec118f164a Mon Sep 17 00:00:00 2001 From: Stephane Jolicoeur Date: Wed, 11 Dec 2019 15:48:59 -0800 Subject: [PATCH 065/111] Named the service port for istio compatibility - renamed the service [#169718451] Signed-off-by: Joshua Casey Co-authored-by: Joshua Casey --- k8s/deployment/deployment.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/k8s/deployment/deployment.yaml b/k8s/deployment/deployment.yaml index 57997a26f43..c24c8e9731b 100644 --- a/k8s/deployment/deployment.yaml +++ b/k8s/deployment/deployment.yaml @@ -2,13 +2,14 @@ apiVersion: v1 kind: Service metadata: - name: http-uaa-service + name: uaa-service labels: app: uaa-deployment spec: type: NodePort ports: - port: 8080 + name: http-uaa targetPort: 8080 protocol: TCP nodePort: 30000 From 045325a68fad12b212f4caced98f153aaccebaee Mon Sep 17 00:00:00 2001 From: Jeremy Morony Date: Wed, 11 Dec 2019 16:54:21 -0800 Subject: [PATCH 066/111] Temporarily ignoring test blocking story delivery. - Test is unrelated to stories needing delivery. - Ignoring PostgresDbMigrationIntegrationTest > mfaTableAddsTwoNewColumns. [nostory] Signed-off-by: Andrew Wittrock --- .../identity/uaa/db/PostgresDbMigrationIntegrationTest.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/db/PostgresDbMigrationIntegrationTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/db/PostgresDbMigrationIntegrationTest.java index d39427d14aa..775d1a29e69 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/db/PostgresDbMigrationIntegrationTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/db/PostgresDbMigrationIntegrationTest.java @@ -1,5 +1,6 @@ package org.cloudfoundry.identity.uaa.db; +import org.junit.Ignore; import org.junit.Test; import java.util.List; @@ -43,6 +44,7 @@ public void everyTableShouldHaveAPrimaryKeyColumn() throws Exception { } } + @Ignore("Ignored temporarily to unblock other work. Ignore will be reverted following unblock.") @Test public void mfaTableAddsTwoNewColumns() { MigrationTest migrationTest = new MigrationTest() { From a98c9f380053cd1f5f217713274737cd8c3c173c Mon Sep 17 00:00:00 2001 From: Jeremy Morony Date: Wed, 11 Dec 2019 17:48:13 -0800 Subject: [PATCH 067/111] Revert "Temporarily ignoring test blocking story delivery." This reverts commit 045325a68fad12b212f4caced98f153aaccebaee. --- .../identity/uaa/db/PostgresDbMigrationIntegrationTest.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/db/PostgresDbMigrationIntegrationTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/db/PostgresDbMigrationIntegrationTest.java index 775d1a29e69..d39427d14aa 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/db/PostgresDbMigrationIntegrationTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/db/PostgresDbMigrationIntegrationTest.java @@ -1,6 +1,5 @@ package org.cloudfoundry.identity.uaa.db; -import org.junit.Ignore; import org.junit.Test; import java.util.List; @@ -44,7 +43,6 @@ public void everyTableShouldHaveAPrimaryKeyColumn() throws Exception { } } - @Ignore("Ignored temporarily to unblock other work. Ignore will be reverted following unblock.") @Test public void mfaTableAddsTwoNewColumns() { MigrationTest migrationTest = new MigrationTest() { From 41e1ee9e661a116de0a7c383e7a7e5558f35d364 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Thu, 12 Dec 2019 17:10:11 -0600 Subject: [PATCH 068/111] Refactor - YamlServletProfileInitializer - Use Java Set directly instead of parsing a hardcoded string [#170136573] --- .../impl/config/YamlServletProfileInitializer.java | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java index 7dd8b477c41..b6466b4240f 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java @@ -76,14 +76,12 @@ public void initialize(ConfigurableWebApplicationContext applicationContext) { String locations = "${LOGIN_CONFIG_URL},file:${LOGIN_CONFIG_PATH}/login.yml,file:${CLOUDFOUNDRY_CONFIG_PATH}/login.yml,${UAA_CONFIG_URL},file:${UAA_CONFIG_FILE},file:${UAA_CONFIG_PATH}/uaa.yml,file:${CLOUDFOUNDRY_CONFIG_PATH}/uaa.yml"; List resources = new ArrayList<>(); - //add default locations first - Set defaultLocation = StringUtils.commaDelimitedListToSet("uaa.yml,login.yml"); - if (defaultLocation != null && defaultLocation.size() > 0) { - for (String s : defaultLocation) { - Resource defaultResource = new ClassPathResource(s); - if (defaultResource.exists()) { - resources.add(defaultResource); - } + // add default locations first + final Set defaultLocation = Set.of("uaa.yml", "login.yml"); + for (final String location : defaultLocation) { + final Resource defaultResource = new ClassPathResource(location); + if (defaultResource.exists()) { + resources.add(defaultResource); } } From ed9b709bf446589926c5ae7104406f7bd3f6a544 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Thu, 12 Dec 2019 17:24:19 -0600 Subject: [PATCH 069/111] Refactor - YamlServletProfileInitializer - Use Streams and Lambdas over imperative - Also - last commit did not preserve order! [#170136573] --- .../impl/config/YamlServletProfileInitializer.java | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java index b6466b4240f..8e025c2b156 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java @@ -27,7 +27,7 @@ import java.util.LinkedList; import java.util.List; import java.util.Map; -import java.util.Set; +import java.util.stream.Stream; import static org.springframework.util.StringUtils.commaDelimitedListToStringArray; import static org.springframework.util.StringUtils.hasText; @@ -77,13 +77,10 @@ public void initialize(ConfigurableWebApplicationContext applicationContext) { List resources = new ArrayList<>(); // add default locations first - final Set defaultLocation = Set.of("uaa.yml", "login.yml"); - for (final String location : defaultLocation) { - final Resource defaultResource = new ClassPathResource(location); - if (defaultResource.exists()) { - resources.add(defaultResource); - } - } + Stream.of("uaa.yml", "login.yml") + .map(ClassPathResource::new) + .filter(ClassPathResource::exists) + .forEach(resources::add); resources.addAll(getResource(applicationContext, locations)); From 340c6281a4267902ed684356899d313335d231e3 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Thu, 12 Dec 2019 17:34:12 -0600 Subject: [PATCH 070/111] Refactor - YamlServletProfileInitializer - Use newlines to make string legible [#170136573] --- .../uaa/impl/config/YamlServletProfileInitializer.java | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java index 8e025c2b156..29214bab8fb 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java @@ -73,7 +73,14 @@ public void initialize(ConfigurableWebApplicationContext applicationContext) { WebApplicationContextUtils.initServletPropertySources(applicationContext.getEnvironment().getPropertySources(), servletContext, applicationContext.getServletConfig()); - String locations = "${LOGIN_CONFIG_URL},file:${LOGIN_CONFIG_PATH}/login.yml,file:${CLOUDFOUNDRY_CONFIG_PATH}/login.yml,${UAA_CONFIG_URL},file:${UAA_CONFIG_FILE},file:${UAA_CONFIG_PATH}/uaa.yml,file:${CLOUDFOUNDRY_CONFIG_PATH}/uaa.yml"; + final String locations = + "${LOGIN_CONFIG_URL}" + + ",file:${LOGIN_CONFIG_PATH}/login.yml" + + ",file:${CLOUDFOUNDRY_CONFIG_PATH}/login.yml" + + ",${UAA_CONFIG_URL}" + + ",file:${UAA_CONFIG_FILE}" + + ",file:${UAA_CONFIG_PATH}/uaa.yml" + + ",file:${CLOUDFOUNDRY_CONFIG_PATH}/uaa.yml"; List resources = new ArrayList<>(); // add default locations first @@ -91,7 +98,6 @@ public void initialize(ConfigurableWebApplicationContext applicationContext) { if (resources.isEmpty()) { System.out.println("No YAML environment properties from servlet. Defaulting to servlet context."); - locations = "${LOGIN_CONFIG_URL},file:${LOGIN_CONFIG_PATH}/login.yml,file:${CLOUDFOUNDRY_CONFIG_PATH}/login.yml,${UAA_CONFIG_URL},file:${UAA_CONFIG_FILE},file:${UAA_CONFIG_PATH}/uaa.yml,file:${CLOUDFOUNDRY_CONFIG_PATH}/uaa.yml"; resources.addAll(getResource(applicationContext, locations)); } From 5b9a55b201cd8989617409daff21426e3f7b7bbb Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Thu, 12 Dec 2019 18:06:44 -0600 Subject: [PATCH 071/111] Refactor - YamlServletProfileInitializer - Pull Locations into static final - Because it doesn't change [#170136573] --- .../config/YamlServletProfileInitializer.java | 29 ++++++++++--------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java index 29214bab8fb..7473e3e0831 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java @@ -59,6 +59,15 @@ public class YamlServletProfileInitializer implements ApplicationContextInitiali private SystemEnvironmentAccessor environmentAccessor = new SystemEnvironmentAccessor() { }; + private static final String FILE_CONFIG_LOCATIONS = + "${LOGIN_CONFIG_URL}" + + ",file:${LOGIN_CONFIG_PATH}/login.yml" + + ",file:${CLOUDFOUNDRY_CONFIG_PATH}/login.yml" + + ",${UAA_CONFIG_URL}" + + ",file:${UAA_CONFIG_FILE}" + + ",file:${UAA_CONFIG_PATH}/uaa.yml" + + ",file:${CLOUDFOUNDRY_CONFIG_PATH}/uaa.yml"; + @Override public void initialize(ConfigurableWebApplicationContext applicationContext) { @@ -73,14 +82,6 @@ public void initialize(ConfigurableWebApplicationContext applicationContext) { WebApplicationContextUtils.initServletPropertySources(applicationContext.getEnvironment().getPropertySources(), servletContext, applicationContext.getServletConfig()); - final String locations = - "${LOGIN_CONFIG_URL}" + - ",file:${LOGIN_CONFIG_PATH}/login.yml" + - ",file:${CLOUDFOUNDRY_CONFIG_PATH}/login.yml" + - ",${UAA_CONFIG_URL}" + - ",file:${UAA_CONFIG_FILE}" + - ",file:${UAA_CONFIG_PATH}/uaa.yml" + - ",file:${CLOUDFOUNDRY_CONFIG_PATH}/uaa.yml"; List resources = new ArrayList<>(); // add default locations first @@ -89,7 +90,7 @@ public void initialize(ConfigurableWebApplicationContext applicationContext) { .filter(ClassPathResource::exists) .forEach(resources::add); - resources.addAll(getResource(applicationContext, locations)); + resources.addAll(getResource(applicationContext)); Resource yamlFromEnv = getYamlFromEnvironmentVariable(); if (yamlFromEnv != null) { @@ -98,7 +99,7 @@ public void initialize(ConfigurableWebApplicationContext applicationContext) { if (resources.isEmpty()) { System.out.println("No YAML environment properties from servlet. Defaulting to servlet context."); - resources.addAll(getResource(applicationContext, locations)); + resources.addAll(getResource(applicationContext)); } try { @@ -133,11 +134,11 @@ private Resource getYamlFromEnvironmentVariable() { return null; } - private List getResource(ConfigurableWebApplicationContext applicationContext, - String locations) { + private List getResource(ConfigurableWebApplicationContext applicationContext) { List resources = new LinkedList<>(); - String[] configFileLocations = locations == null ? DEFAULT_PROFILE_CONFIG_FILE_LOCATIONS : StringUtils - .commaDelimitedListToStringArray(locations); + String[] configFileLocations = FILE_CONFIG_LOCATIONS == null + ? DEFAULT_PROFILE_CONFIG_FILE_LOCATIONS + : StringUtils.commaDelimitedListToStringArray(FILE_CONFIG_LOCATIONS); for (String location : configFileLocations) { location = applicationContext.getEnvironment().resolvePlaceholders(location); System.out.println("Testing for YAML resources at: " + location); From 0bed30088d16279d0b57bac1408e1df31a76accb Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Thu, 12 Dec 2019 16:17:55 -0600 Subject: [PATCH 072/111] Hardcode reference to env var UAA_CONFIG_YAML - There's no way to change or set it [#170136573] --- .../config/YamlServletProfileInitializer.java | 12 ++---------- .../YamlServletProfileInitializerTest.java | 19 +++---------------- 2 files changed, 5 insertions(+), 26 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java index 7473e3e0831..e86addbd880 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java @@ -54,7 +54,7 @@ public class YamlServletProfileInitializer implements ApplicationContextInitiali private static final String DEFAULT_YAML_KEY = "environmentYamlKey"; - private String yamlEnvironmentVariableName = "UAA_CONFIG_YAML"; + static final String YML_ENV_VAR_NAME = "UAA_CONFIG_YAML"; private SystemEnvironmentAccessor environmentAccessor = new SystemEnvironmentAccessor() { }; @@ -125,7 +125,7 @@ public void initialize(ConfigurableWebApplicationContext applicationContext) { private Resource getYamlFromEnvironmentVariable() { if (environmentAccessor != null) { - String data = environmentAccessor.getEnvironmentVariable(getYamlEnvironmentVariableName()); + String data = environmentAccessor.getEnvironmentVariable(YML_ENV_VAR_NAME); if (hasText(data)) { //validate the Yaml? We don't do that for the others return new InMemoryResource(data); @@ -207,14 +207,6 @@ void applySpringProfiles(ConfigurableEnvironment environment) { } } - String getYamlEnvironmentVariableName() { - return yamlEnvironmentVariableName; - } - - void setYamlEnvironmentVariableName(String yamlEnvironmentVariableName) { - this.yamlEnvironmentVariableName = yamlEnvironmentVariableName; - } - void setEnvironmentAccessor(SystemEnvironmentAccessor environmentAccessor) { this.environmentAccessor = environmentAccessor; } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializerTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializerTest.java index e34c8866a5d..e9637f4f3b6 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializerTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializerTest.java @@ -5,7 +5,6 @@ import org.apache.logging.log4j.core.LoggerContext; import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.extensions.SpringProfileCleanupExtension; -import org.hamcrest.Matchers; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Nested; @@ -33,6 +32,7 @@ import java.net.URI; import java.util.Enumeration; +import static org.cloudfoundry.identity.uaa.impl.config.YamlServletProfileInitializer.YML_ENV_VAR_NAME; import static org.hamcrest.Matchers.is; import static org.junit.Assert.assertArrayEquals; import static org.junit.Assert.assertEquals; @@ -44,7 +44,6 @@ import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; -import static org.springframework.util.StringUtils.hasText; @ExtendWith(PollutionPreventionExtension.class) @ExtendWith(SpringProfileCleanupExtension.class) @@ -205,23 +204,11 @@ void loggingConfigVariableWorks() { } @Test - void readingYamlFromEnvironment_WithNullVariableName() { - readingYamlFromEnvironment(null); - } - - @Test - void readingYamlFromEnvironment_WithNonNullVariableName() { - readingYamlFromEnvironment("Renaming environment variable"); - } - - private void readingYamlFromEnvironment(String variableName) { - if (hasText(variableName)) { - initializer.setYamlEnvironmentVariableName(variableName); - } + void readingYamlFromEnvironment() { SystemEnvironmentAccessor env = new SystemEnvironmentAccessor() { @Override public String getEnvironmentVariable(String name) { - return name.equals(initializer.getYamlEnvironmentVariableName()) ? + return name.equals(YML_ENV_VAR_NAME) ? "uaa.url: http://uaa.test.url/\n" + "login.url: http://login.test.url/\n" + "smtp:\n" + From 480760e909aab6de77e4bb41da5401aa34e87565 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Thu, 12 Dec 2019 16:32:32 -0800 Subject: [PATCH 073/111] Fix postgres migration test failure Using `CREATE INDEX CONCURRENTLY` in our new migration causes flyway to automatically run the migration in `autocommit` mode. `connection.commit()` is only supposed to be called when autocommit mode is off. This change makes our migration test runner able to handle migrations that run in `autocommit` mode. [#169775896] Signed-off-by: Andrew Edstrom Co-authored-by: Andrew Edstrom Signed-off-by: Andrew Edstrom --- .../org/cloudfoundry/identity/uaa/db/MigrationTestRunner.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/db/MigrationTestRunner.java b/server/src/test/java/org/cloudfoundry/identity/uaa/db/MigrationTestRunner.java index 9b85eb015a4..35507a755cd 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/db/MigrationTestRunner.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/db/MigrationTestRunner.java @@ -25,7 +25,9 @@ public void run(MigrationTest... tests) { public void afterEachMigrate(Connection connection, MigrationInfo info) { super.afterEachMigrate(connection, info); try { - connection.commit(); + if (!connection.getAutoCommit()) { + connection.commit(); + } } catch (SQLException e) { Assert.fail(e.getMessage()); } From 5b9b4f67e08feeebae0fc5ab574287fdde0a9a06 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Fri, 13 Dec 2019 16:54:18 -0600 Subject: [PATCH 074/111] Refactor - autoformat HomeController [nostory] --- .../identity/uaa/home/HomeController.java | 40 ++++++------------- 1 file changed, 13 insertions(+), 27 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/home/HomeController.java b/server/src/main/java/org/cloudfoundry/identity/uaa/home/HomeController.java index af71012ae95..f1364a1bdc8 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/home/HomeController.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/home/HomeController.java @@ -1,25 +1,13 @@ -/******************************************************************************* - * Cloud Foundry - * Copyright (c) [2009-2017] Pivotal Software, Inc. All Rights Reserved. - * - * This product is licensed to you under the Apache License, Version 2.0 (the "License"). - * You may not use this product except in compliance with the License. - * - * This product includes a number of subcomponents with - * separate copyright notices and license terms. Your use of these - * subcomponents is subject to the terms and conditions of the - * subcomponent's license, as noted in the LICENSE file. - *******************************************************************************/ package org.cloudfoundry.identity.uaa.home; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.cloudfoundry.identity.uaa.client.ClientMetadata; import org.cloudfoundry.identity.uaa.client.JdbcClientMetadataProvisioning; import org.cloudfoundry.identity.uaa.util.UaaStringUtils; import org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.cloudfoundry.identity.uaa.zone.Links; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.WebAttributes; @@ -28,7 +16,6 @@ import org.springframework.web.bind.annotation.RequestMapping; import javax.servlet.http.HttpServletRequest; -import java.net.URISyntaxException; import java.security.Principal; import java.util.ArrayList; import java.util.HashMap; @@ -44,7 +31,6 @@ public class HomeController { private final Links globalLinks; /** - * * @param buildInfo This is required for Thymeleaf templates */ public HomeController( @@ -60,13 +46,13 @@ private void populateBuildAndLinkInfo(Model model) { model.addAllAttributes(attributes); } - @RequestMapping(value = { "/", "/home" }) + @RequestMapping(value = {"/", "/home"}) public String home(Model model, Principal principal) { IdentityZoneConfiguration config = IdentityZoneHolder.get().getConfig(); String homePage = - config != null && config.getLinks().getHomeRedirect() != null ? config.getLinks().getHomeRedirect() : - globalLinks != null && globalLinks.getHomeRedirect() != null ? - globalLinks.getHomeRedirect() : null; + config != null && config.getLinks().getHomeRedirect() != null ? config.getLinks().getHomeRedirect() : + globalLinks != null && globalLinks.getHomeRedirect() != null ? + globalLinks.getHomeRedirect() : null; if (homePage != null && !"/".equals(homePage) && !"/home".equals(homePage)) { homePage = UaaStringUtils.replaceZoneVariables(homePage, IdentityZoneHolder.get()); return "redirect:" + homePage; @@ -78,9 +64,9 @@ public String home(Model model, Principal principal) { List clientMetadataList = clientMetadataProvisioning.retrieveAll(IdentityZoneHolder.get().getId()); clientMetadataList.stream() - .filter(this::shouldShowClient) - .map(this::tileDataForClient) - .forEach(tiles::add); + .filter(this::shouldShowClient) + .map(this::tileDataForClient) + .forEach(tiles::add); model.addAttribute("tiles", tiles); @@ -99,10 +85,10 @@ private TileData tileDataForClient(ClientMetadata clientMetadata) { } return new TileData( - clientMetadata.getClientId(), - clientMetadata.getAppLaunchUrl().toString(), - "data:image/png;base64," + clientMetadata.getAppIcon(), - clientName + clientMetadata.getClientId(), + clientMetadata.getAppLaunchUrl().toString(), + "data:image/png;base64," + clientMetadata.getAppIcon(), + clientName ); } From 3c07ab5b67dd01c3cec999ce31f812f306cc867c Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Fri, 13 Dec 2019 16:57:58 -0600 Subject: [PATCH 075/111] Refactor - autoformat SamlServiceProviderEndpoints [nostory] --- .../SamlServiceProviderEndpoints.java | 32 ++++++------------- 1 file changed, 10 insertions(+), 22 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/SamlServiceProviderEndpoints.java b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/SamlServiceProviderEndpoints.java index 2ba594539ea..44dfa91c63f 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/SamlServiceProviderEndpoints.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/SamlServiceProviderEndpoints.java @@ -1,20 +1,5 @@ -/* - * ***************************************************************************** - * Cloud Foundry - * Copyright (c) [2009-2016] Pivotal Software, Inc. All Rights Reserved. - * This product is licensed to you under the Apache License, Version 2.0 (the "License"). - * You may not use this product except in compliance with the License. - * - * This product includes a number of subcomponents with - * separate copyright notices and license terms. Your use of these - * subcomponents is subject to the terms and conditions of the - * subcomponent's license, as noted in the LICENSE file. - * ***************************************************************************** - */ package org.cloudfoundry.identity.uaa.provider; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.cloudfoundry.identity.uaa.provider.saml.idp.SamlServiceProvider; import org.cloudfoundry.identity.uaa.provider.saml.idp.SamlServiceProviderConfigurator; import org.cloudfoundry.identity.uaa.provider.saml.idp.SamlServiceProviderProvisioning; @@ -22,6 +7,8 @@ import org.cloudfoundry.identity.uaa.util.JsonUtils; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.dao.EmptyResultDataAccessException; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -50,15 +37,16 @@ public class SamlServiceProviderEndpoints { private final SamlServiceProviderProvisioning serviceProviderProvisioning; private final SamlServiceProviderConfigurator samlConfigurator; - public SamlServiceProviderEndpoints(SamlServiceProviderProvisioning serviceProviderProvisioning, - SamlServiceProviderConfigurator samlConfigurator) { + public SamlServiceProviderEndpoints( + final SamlServiceProviderProvisioning serviceProviderProvisioning, + final SamlServiceProviderConfigurator samlConfigurator) { this.serviceProviderProvisioning = serviceProviderProvisioning; this.samlConfigurator = samlConfigurator; } @RequestMapping(method = POST) public ResponseEntity createServiceProvider(@RequestBody SamlServiceProvider body) - throws MetadataProviderException { + throws MetadataProviderException { String zoneId = IdentityZoneHolder.get().getId(); body.setIdentityZoneId(zoneId); samlConfigurator.validateSamlServiceProvider(body); @@ -86,11 +74,11 @@ public ResponseEntity updateServiceProvider(@PathVariable S @RequestMapping(method = GET) public ResponseEntity> retrieveServiceProviders( - @RequestParam(value = "active_only", required = false) String activeOnly) { + @RequestParam(value = "active_only", required = false) String activeOnly) { boolean retrieveActiveOnly = Boolean.parseBoolean(activeOnly); List serviceProviderList = - serviceProviderProvisioning.retrieveAll(retrieveActiveOnly, - IdentityZoneHolder.get().getId()); + serviceProviderProvisioning.retrieveAll(retrieveActiveOnly, + IdentityZoneHolder.get().getId()); return new ResponseEntity<>(serviceProviderList, OK); } @@ -127,7 +115,7 @@ public ResponseEntity handleProviderNotFoundException() { } @ExceptionHandler(SamlSpAlreadyExistsException.class) - public ResponseEntity handleDuplicateServiceProvider(){ + public ResponseEntity handleDuplicateServiceProvider() { return new ResponseEntity<>("SAML SP with the same entity id already exists.", HttpStatus.CONFLICT); } From c4013af219ff2d0a4e91e8cadcc5c6f7ba37d0cd Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Fri, 13 Dec 2019 16:59:03 -0600 Subject: [PATCH 076/111] Refactor - SamlServiceProviderEndpoints - Use inline @Qualifier instead of XML definition [nostory] --- .../identity/uaa/provider/SamlServiceProviderEndpoints.java | 5 +++-- uaa/src/main/webapp/WEB-INF/spring/multitenant-endpoints.xml | 5 +---- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/SamlServiceProviderEndpoints.java b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/SamlServiceProviderEndpoints.java index 44dfa91c63f..f933a9d0ee5 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/SamlServiceProviderEndpoints.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/SamlServiceProviderEndpoints.java @@ -9,6 +9,7 @@ import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.dao.EmptyResultDataAccessException; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -38,8 +39,8 @@ public class SamlServiceProviderEndpoints { private final SamlServiceProviderConfigurator samlConfigurator; public SamlServiceProviderEndpoints( - final SamlServiceProviderProvisioning serviceProviderProvisioning, - final SamlServiceProviderConfigurator samlConfigurator) { + final @Qualifier("serviceProviderProvisioning") SamlServiceProviderProvisioning serviceProviderProvisioning, + final @Qualifier("spMetaDataProviders") SamlServiceProviderConfigurator samlConfigurator) { this.serviceProviderProvisioning = serviceProviderProvisioning; this.samlConfigurator = samlConfigurator; } diff --git a/uaa/src/main/webapp/WEB-INF/spring/multitenant-endpoints.xml b/uaa/src/main/webapp/WEB-INF/spring/multitenant-endpoints.xml index 0990a6df7f0..4c2e78c40f6 100644 --- a/uaa/src/main/webapp/WEB-INF/spring/multitenant-endpoints.xml +++ b/uaa/src/main/webapp/WEB-INF/spring/multitenant-endpoints.xml @@ -204,10 +204,7 @@ - - - + class="org.cloudfoundry.identity.uaa.provider.SamlServiceProviderEndpoints" /> Date: Fri, 13 Dec 2019 17:03:34 -0600 Subject: [PATCH 077/111] Refactor - @ContextConfiguration - spring/env.xml works just fine - list can end with "," [nostory] --- .../identity/uaa/annotations/WithDatabaseContext.java | 6 ++++-- .../identity/uaa/db/DbMigrationIntegrationTestParent.java | 5 ++++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/annotations/WithDatabaseContext.java b/server/src/test/java/org/cloudfoundry/identity/uaa/annotations/WithDatabaseContext.java index 1a0bbb5f461..67fe1749080 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/annotations/WithDatabaseContext.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/annotations/WithDatabaseContext.java @@ -23,9 +23,10 @@ @WebAppConfiguration @ContextConfiguration(classes = { DatabaseOnlyConfiguration.class, - PasswordEncoderConfig.class + PasswordEncoderConfig.class, }) public @interface WithDatabaseContext { + } @Configuration @@ -34,4 +35,5 @@ "classpath:spring/data-source.xml" }) class DatabaseOnlyConfiguration { -} \ No newline at end of file + +} diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/db/DbMigrationIntegrationTestParent.java b/server/src/test/java/org/cloudfoundry/identity/uaa/db/DbMigrationIntegrationTestParent.java index fcb13e8deed..f7c7b36ed2c 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/db/DbMigrationIntegrationTestParent.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/db/DbMigrationIntegrationTestParent.java @@ -14,7 +14,10 @@ import static org.junit.Assume.assumeTrue; @RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration(locations = {"classpath*:/spring/data-source.xml", "classpath*:/spring/env.xml"}) +@ContextConfiguration(locations = { + "classpath:spring/data-source.xml", + "classpath:spring/env.xml", +}) public abstract class DbMigrationIntegrationTestParent { @Autowired From a4b9391dd01e6332368d2151ecf6418ceb7c0f37 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Fri, 13 Dec 2019 16:02:46 -0600 Subject: [PATCH 078/111] Refactor - YamlServletProfileInitializer - Remove Dead Code - Not a behavioral change! - ${APPLICATION_CONFIG_URL} and file:${APPLICATION_CONFIG_FILE} would never be checked because the ternary would shortcircuit to true - resources.isEmpty() would always be false because classpath:uaa.yml always exists [#170136573] --- .../impl/config/YamlServletProfileInitializer.java | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java index e86addbd880..7d9c3529287 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java @@ -48,10 +48,6 @@ */ public class YamlServletProfileInitializer implements ApplicationContextInitializer { - private static final String[] DEFAULT_PROFILE_CONFIG_FILE_LOCATIONS = new String[]{ - "${APPLICATION_CONFIG_URL}", - "file:${APPLICATION_CONFIG_FILE}"}; - private static final String DEFAULT_YAML_KEY = "environmentYamlKey"; static final String YML_ENV_VAR_NAME = "UAA_CONFIG_YAML"; @@ -97,11 +93,6 @@ public void initialize(ConfigurableWebApplicationContext applicationContext) { resources.add(yamlFromEnv); } - if (resources.isEmpty()) { - System.out.println("No YAML environment properties from servlet. Defaulting to servlet context."); - resources.addAll(getResource(applicationContext)); - } - try { System.out.println("Loading YAML environment properties from location: " + resources.toString()); YamlMapFactoryBean factory = new YamlMapFactoryBean(); @@ -136,9 +127,7 @@ private Resource getYamlFromEnvironmentVariable() { private List getResource(ConfigurableWebApplicationContext applicationContext) { List resources = new LinkedList<>(); - String[] configFileLocations = FILE_CONFIG_LOCATIONS == null - ? DEFAULT_PROFILE_CONFIG_FILE_LOCATIONS - : StringUtils.commaDelimitedListToStringArray(FILE_CONFIG_LOCATIONS); + String[] configFileLocations = StringUtils.commaDelimitedListToStringArray(FILE_CONFIG_LOCATIONS); for (String location : configFileLocations) { location = applicationContext.getEnvironment().resolvePlaceholders(location); System.out.println("Testing for YAML resources at: " + location); From 045b0d72bacc49c3b4c82e5fd6ac6c3379cd5414 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Fri, 13 Dec 2019 16:46:43 -0600 Subject: [PATCH 079/111] Refactor - YamlServletProfileInitializer - Use collections and streams instead of CSV and imperative [#170136573] --- .../config/YamlServletProfileInitializer.java | 47 +++++++++++-------- 1 file changed, 27 insertions(+), 20 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java index 7d9c3529287..140f5b7547c 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/YamlServletProfileInitializer.java @@ -24,9 +24,10 @@ import java.net.URISyntaxException; import java.net.URL; import java.util.ArrayList; -import java.util.LinkedList; import java.util.List; import java.util.Map; +import java.util.Objects; +import java.util.stream.Collectors; import java.util.stream.Stream; import static org.springframework.util.StringUtils.commaDelimitedListToStringArray; @@ -55,14 +56,18 @@ public class YamlServletProfileInitializer implements ApplicationContextInitiali private SystemEnvironmentAccessor environmentAccessor = new SystemEnvironmentAccessor() { }; - private static final String FILE_CONFIG_LOCATIONS = - "${LOGIN_CONFIG_URL}" + - ",file:${LOGIN_CONFIG_PATH}/login.yml" + - ",file:${CLOUDFOUNDRY_CONFIG_PATH}/login.yml" + - ",${UAA_CONFIG_URL}" + - ",file:${UAA_CONFIG_FILE}" + - ",file:${UAA_CONFIG_PATH}/uaa.yml" + - ",file:${CLOUDFOUNDRY_CONFIG_PATH}/uaa.yml"; + private static final List FILE_CONFIG_LOCATIONS; + + static { + FILE_CONFIG_LOCATIONS = List.of( + "${LOGIN_CONFIG_URL}", + "file:${LOGIN_CONFIG_PATH}/login.yml", + "file:${CLOUDFOUNDRY_CONFIG_PATH}/login.yml", + "${UAA_CONFIG_URL}", + "file:${UAA_CONFIG_FILE}", + "file:${UAA_CONFIG_PATH}/uaa.yml", + "file:${CLOUDFOUNDRY_CONFIG_PATH}/uaa.yml"); + } @Override public void initialize(ConfigurableWebApplicationContext applicationContext) { @@ -126,17 +131,19 @@ private Resource getYamlFromEnvironmentVariable() { } private List getResource(ConfigurableWebApplicationContext applicationContext) { - List resources = new LinkedList<>(); - String[] configFileLocations = StringUtils.commaDelimitedListToStringArray(FILE_CONFIG_LOCATIONS); - for (String location : configFileLocations) { - location = applicationContext.getEnvironment().resolvePlaceholders(location); - System.out.println("Testing for YAML resources at: " + location); - Resource resource = applicationContext.getResource(location); - if (resource != null && resource.exists()) { - resources.add(resource); - } - } - return resources; + final List resolvedLocations = FILE_CONFIG_LOCATIONS.stream() + .map(applicationContext.getEnvironment()::resolvePlaceholders) + .collect(Collectors.toList()); + + resolvedLocations.stream() + .map(location -> String.format("Testing for YAML resources at: %s", location)) + .forEach(System.out::println); + + return resolvedLocations.stream() + .map(applicationContext::getResource) + .filter(Objects::nonNull) + .filter(Resource::exists) + .collect(Collectors.toList()); } private void applyLog4jConfiguration(ConfigurableEnvironment environment, String contextPath) { From c25774eac882f6c78855f9a56632b2d2bae4add2 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Fri, 13 Dec 2019 17:21:24 -0600 Subject: [PATCH 080/111] Test Refactor - remove unnecessary @Configuration - @Configuration annotation is unnecessary when the class is brought into the Spring Context using @ContextConfiguration [#170295071] --- .../uaa/annotations/WithDatabaseContext.java | 2 -- .../db/TableAndColumnNormalizationTest.java | 4 +--- .../InvitationsControllerTest.java | 2 -- .../uaa/login/AccountsControllerTest.java | 2 -- .../uaa/login/ChangeEmailControllerTest.java | 2 -- .../uaa/login/HomeControllerViewTests.java | 2 -- .../login/ProfileControllerMockMvcTests.java | 2 -- .../login/ResetPasswordControllerTest.java | 3 --- .../uaa/login/ThymeleafAdditional.java | 2 -- .../uaa/util/beans/PasswordEncoderConfig.java | 2 -- .../identity/uaa/DefaultTestContext.java | 2 +- .../identity/uaa/SpringServletTestConfig.java | 2 -- .../uaa/TestClientAndMockMvcTestConfig.java | 2 -- .../feature/DefaultIntegrationTestConfig.java | 3 --- .../test/DefaultIntegrationTestConfig.java | 22 ------------------- 15 files changed, 2 insertions(+), 52 deletions(-) delete mode 100644 uaa/src/test/java/org/cloudfoundry/identity/uaa/test/DefaultIntegrationTestConfig.java diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/annotations/WithDatabaseContext.java b/server/src/test/java/org/cloudfoundry/identity/uaa/annotations/WithDatabaseContext.java index 67fe1749080..16ac8affd26 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/annotations/WithDatabaseContext.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/annotations/WithDatabaseContext.java @@ -3,7 +3,6 @@ import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.util.beans.PasswordEncoderConfig; import org.junit.jupiter.api.extension.ExtendWith; -import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.ImportResource; import org.springframework.test.context.ActiveProfiles; import org.springframework.test.context.ContextConfiguration; @@ -29,7 +28,6 @@ } -@Configuration @ImportResource(locations = { "classpath:spring/env.xml", "classpath:spring/data-source.xml" diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/db/TableAndColumnNormalizationTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/db/TableAndColumnNormalizationTest.java index a7d2439a640..f084faeee8f 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/db/TableAndColumnNormalizationTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/db/TableAndColumnNormalizationTest.java @@ -9,7 +9,6 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.ImportResource; import org.springframework.test.context.ActiveProfiles; import org.springframework.test.context.ContextConfiguration; @@ -26,7 +25,6 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertTrue; -@Configuration @ImportResource(locations = { "classpath:spring/env.xml", "classpath:spring/use_uaa_db_in_mysql_url.xml", // adds this one @@ -41,7 +39,7 @@ class TableAndColumnNormalizationTestConfiguration { @WebAppConfiguration @ContextConfiguration(classes = { TableAndColumnNormalizationTestConfiguration.class, - PasswordEncoderConfig.class + PasswordEncoderConfig.class, }) class TableAndColumnNormalizationTest { diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/invitations/InvitationsControllerTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/invitations/InvitationsControllerTest.java index dd5ed81e0ca..a0fb69ab4af 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/invitations/InvitationsControllerTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/invitations/InvitationsControllerTest.java @@ -33,7 +33,6 @@ import org.mockito.ArgumentCaptor; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Import; import org.springframework.context.support.ResourceBundleMessageSource; import org.springframework.security.authentication.AnonymousAuthenticationToken; @@ -756,7 +755,6 @@ public void testAcceptInvite_worksWithConsentProvided() throws Exception { defaultZone.getConfig().setBranding(null); } - @Configuration @EnableWebMvc @Import(ThymeleafConfig.class) static class ContextConfiguration implements WebMvcConfigurer { diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerTest.java index 8dea90db64b..f995eb778d3 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerTest.java @@ -19,7 +19,6 @@ import org.mockito.Mockito; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Import; import org.springframework.context.support.ResourceBundleMessageSource; import org.springframework.mock.web.MockHttpSession; @@ -217,7 +216,6 @@ void verifyUser() throws Exception { assertNull(SecurityContextHolder.getContext().getAuthentication()); } - @Configuration @EnableWebMvc @Import(ThymeleafConfig.class) static class ContextConfiguration implements WebMvcConfigurer { diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/ChangeEmailControllerTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/ChangeEmailControllerTest.java index 1b58a4d92ae..46b1f1840a3 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/login/ChangeEmailControllerTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/login/ChangeEmailControllerTest.java @@ -19,7 +19,6 @@ import org.mockito.Mockito; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Import; import org.springframework.context.support.ResourceBundleMessageSource; import org.springframework.security.authentication.AnonymousAuthenticationToken; @@ -374,7 +373,6 @@ private void setupSecurityContext() { SecurityContextHolder.getContext().setAuthentication(authentication); } - @Configuration @EnableWebMvc @Import(ThymeleafConfig.class) static class ContextConfiguration implements WebMvcConfigurer { diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/HomeControllerViewTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/HomeControllerViewTests.java index 8a9bbc3b2c4..ad69397d2c0 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/login/HomeControllerViewTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/login/HomeControllerViewTests.java @@ -15,7 +15,6 @@ import org.junit.jupiter.params.provider.ValueSource; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Import; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.test.annotation.DirtiesContext; @@ -183,7 +182,6 @@ void configuredGlobalHomePage() throws Exception { .andExpect(header().string("Location", customHomePage)); } - @Configuration @EnableWebMvc @Import(ThymeleafConfig.class) static class ContextConfiguration extends WebMvcConfigurerAdapter { diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/ProfileControllerMockMvcTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/ProfileControllerMockMvcTests.java index cf47f3b2c0d..c215721af13 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/login/ProfileControllerMockMvcTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/login/ProfileControllerMockMvcTests.java @@ -20,7 +20,6 @@ import org.mockito.Mockito; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Import; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.context.SecurityContextHolder; @@ -58,7 +57,6 @@ @ContextConfiguration(classes = ProfileControllerMockMvcTests.ContextConfiguration.class) class ProfileControllerMockMvcTests { - @Configuration @EnableWebMvc @Import(ThymeleafConfig.class) static class ContextConfiguration extends WebMvcConfigurerAdapter { diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/ResetPasswordControllerTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/ResetPasswordControllerTest.java index 9514e239458..feb804e5c18 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/login/ResetPasswordControllerTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/login/ResetPasswordControllerTest.java @@ -21,7 +21,6 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Import; import org.springframework.context.support.ResourceBundleMessageSource; import org.springframework.security.core.context.SecurityContextHolder; @@ -301,8 +300,6 @@ void testResetPasswordPageWhenExpiringCodeNull() throws Exception { .andExpect(model().attribute("message_code", "bad_code")); } - - @Configuration @EnableWebMvc @Import(ThymeleafConfig.class) static class ContextConfiguration extends WebMvcConfigurerAdapter { diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/ThymeleafAdditional.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/ThymeleafAdditional.java index 59445b47ac8..85ae80e8824 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/login/ThymeleafAdditional.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/login/ThymeleafAdditional.java @@ -16,10 +16,8 @@ package org.cloudfoundry.identity.uaa.login; import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; import org.springframework.web.accept.ContentNegotiationManager; -@Configuration public class ThymeleafAdditional { @Bean diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/util/beans/PasswordEncoderConfig.java b/server/src/test/java/org/cloudfoundry/identity/uaa/util/beans/PasswordEncoderConfig.java index 17e82643db7..4591170a3fd 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/util/beans/PasswordEncoderConfig.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/util/beans/PasswordEncoderConfig.java @@ -3,7 +3,6 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.DelegatingPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; @@ -11,7 +10,6 @@ import java.util.HashMap; import java.util.Map; -@Configuration public class PasswordEncoderConfig { private static Logger logger = LoggerFactory.getLogger(PasswordEncoderConfig.class); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/DefaultTestContext.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/DefaultTestContext.java index 62c4d7b9f45..f09c471b282 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/DefaultTestContext.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/DefaultTestContext.java @@ -20,7 +20,7 @@ @WebAppConfiguration @ContextConfiguration(classes = { SpringServletTestConfig.class, - TestClientAndMockMvcTestConfig.class + TestClientAndMockMvcTestConfig.class, }) public @interface DefaultTestContext { } diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/SpringServletTestConfig.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/SpringServletTestConfig.java index 7797512b60b..b353f23ce6e 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/SpringServletTestConfig.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/SpringServletTestConfig.java @@ -1,12 +1,10 @@ package org.cloudfoundry.identity.uaa; import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.ImportResource; import org.springframework.context.annotation.PropertySource; import org.springframework.context.support.PropertySourcesPlaceholderConfigurer; -@Configuration @ImportResource(locations = {"file:./src/main/webapp/WEB-INF/spring-servlet.xml"}) @PropertySource(value = "classpath:integration_test_properties.yml", factory = NestedMapPropertySourceFactory.class) public class SpringServletTestConfig { diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/TestClientAndMockMvcTestConfig.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/TestClientAndMockMvcTestConfig.java index f878cf2f182..60ac9200cad 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/TestClientAndMockMvcTestConfig.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/TestClientAndMockMvcTestConfig.java @@ -2,13 +2,11 @@ import org.cloudfoundry.identity.uaa.test.TestClient; import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; import org.springframework.security.web.FilterChainProxy; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.setup.MockMvcBuilders; import org.springframework.web.context.WebApplicationContext; -@Configuration public class TestClientAndMockMvcTestConfig { @Bean public MockMvc mockMvc( diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/DefaultIntegrationTestConfig.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/DefaultIntegrationTestConfig.java index 721ea1bde73..8df323fe0af 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/DefaultIntegrationTestConfig.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/DefaultIntegrationTestConfig.java @@ -22,10 +22,8 @@ import org.openqa.selenium.remote.CapabilityType; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.PropertySource; import org.springframework.context.support.PropertySourcesPlaceholderConfigurer; -import org.springframework.core.env.Environment; import org.springframework.http.client.SimpleClientHttpRequestFactory; import org.springframework.security.oauth2.client.test.TestAccounts; import org.springframework.web.client.RestTemplate; @@ -35,7 +33,6 @@ import java.util.concurrent.TimeUnit; import java.util.logging.Level; -@Configuration @PropertySource("classpath:integration.test.properties") public class DefaultIntegrationTestConfig { diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/test/DefaultIntegrationTestConfig.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/test/DefaultIntegrationTestConfig.java deleted file mode 100644 index 0d0633bbe54..00000000000 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/test/DefaultIntegrationTestConfig.java +++ /dev/null @@ -1,22 +0,0 @@ -/******************************************************************************* - * Cloud Foundry - * Copyright (c) [2009-2016] Pivotal Software, Inc. All Rights Reserved. - * - * This product is licensed to you under the Apache License, Version 2.0 (the "License"). - * You may not use this product except in compliance with the License. - * - * This product includes a number of subcomponents with - * separate copyright notices and license terms. Your use of these - * subcomponents is subject to the terms and conditions of the - * subcomponent's license, as noted in the LICENSE file. - *******************************************************************************/ -package org.cloudfoundry.identity.uaa.test; - -import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.ImportResource; - -@Configuration -@ImportResource("file:./src/main/webapp/WEB-INF/spring-servlet.xml") -public class DefaultIntegrationTestConfig { - // empty Java config for test to allow @Autowired tests -} From af44d3760ab46b666c76292d140e325461f644e6 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Fri, 13 Dec 2019 17:53:11 -0600 Subject: [PATCH 081/111] Refactor - EncryptionKeyService - Inline @Value for cleaner XML [nostory] --- .../identity/uaa/cypto/EncryptionKeyService.java | 5 ++++- server/src/main/resources/spring/login-ui.xml | 7 ++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/cypto/EncryptionKeyService.java b/server/src/main/java/org/cloudfoundry/identity/uaa/cypto/EncryptionKeyService.java index 13ff6f80243..ee0130dff5d 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/cypto/EncryptionKeyService.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/cypto/EncryptionKeyService.java @@ -1,6 +1,7 @@ package org.cloudfoundry.identity.uaa.cypto; import org.apache.directory.api.util.Strings; +import org.springframework.beans.factory.annotation.Value; import java.util.ArrayList; import java.util.HashMap; @@ -14,7 +15,9 @@ public class EncryptionKeyService { private final EncryptionKey activeKey; private final List encryptionKeys; - public EncryptionKeyService(String activeKeyLabel, List encryptionKeys) { + public EncryptionKeyService( + final @Value("${encryption.active_key_label}") String activeKeyLabel, + final @Value("#{@config['encryption']['encryption_keys']}") List encryptionKeys) { if (Strings.isEmpty(activeKeyLabel)) { throw new NoActiveEncryptionKeyProvided( "UAA cannot be started without encryption key value uaa.encryption.active_key_label" diff --git a/server/src/main/resources/spring/login-ui.xml b/server/src/main/resources/spring/login-ui.xml index ab9bc85a0f6..40a8ec240ba 100644 --- a/server/src/main/resources/spring/login-ui.xml +++ b/server/src/main/resources/spring/login-ui.xml @@ -535,10 +535,7 @@ - - - - + @@ -552,7 +549,7 @@ - + From 86c0db40c83135ecdf1b7d3bdc4ff315764b9f9c Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Fri, 13 Dec 2019 17:55:17 -0600 Subject: [PATCH 082/111] Refactor - autoformat AccountsController [nostory] --- .../uaa/account/AccountsController.java | 29 ++++++------------- 1 file changed, 9 insertions(+), 20 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/account/AccountsController.java b/server/src/main/java/org/cloudfoundry/identity/uaa/account/AccountsController.java index aaf28b72f3c..5587c90f268 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/account/AccountsController.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/account/AccountsController.java @@ -1,15 +1,3 @@ -/******************************************************************************* - * Cloud Foundry - * Copyright (c) [2009-2016] Pivotal Software, Inc. All Rights Reserved. - * - * This product is licensed to you under the Apache License, Version 2.0 (the "License"). - * You may not use this product except in compliance with the License. - * - * This product includes a number of subcomponents with - * separate copyright notices and license terms. Your use of these - * subcomponents is subject to the terms and conditions of the - * subcomponent's license, as noted in the LICENSE file. - *******************************************************************************/ package org.cloudfoundry.identity.uaa.account; import org.cloudfoundry.identity.uaa.constants.OriginKeys; @@ -44,10 +32,11 @@ public class AccountsController { private final AccountCreationService accountCreationService; - private final IdentityProviderProvisioning identityProviderProvisioning; - public AccountsController(final AccountCreationService accountCreationService, final IdentityProviderProvisioning identityProviderProvisioning) { + public AccountsController( + final AccountCreationService accountCreationService, + final IdentityProviderProvisioning identityProviderProvisioning) { this.accountCreationService = accountCreationService; this.identityProviderProvisioning = identityProviderProvisioning; } @@ -57,7 +46,7 @@ public String activationEmail(Model model, @RequestParam(value = "client_id", required = false) String clientId, @RequestParam(value = "redirect_uri", required = false) String redirectUri, HttpServletResponse response) { - if(!IdentityZoneHolder.get().getConfig().getLinks().getSelfService().isSelfServiceLinksEnabled()) { + if (!IdentityZoneHolder.get().getConfig().getLinks().getSelfService().isSelfServiceLinksEnabled()) { return handleSelfServiceDisabled(model, response, "error_message_code", "self_service_disabled"); } model.addAttribute("client_id", clientId); @@ -80,16 +69,16 @@ public String sendActivationEmail(Model model, HttpServletResponse response, if (zoneBranding != null && zoneBranding.getConsent() != null && !doesUserConsent) { return handleUnprocessableEntity(model, response, "error_message_code", "missing_consent"); } - if(!IdentityZoneHolder.get().getConfig().getLinks().getSelfService().isSelfServiceLinksEnabled()) { + if (!IdentityZoneHolder.get().getConfig().getLinks().getSelfService().isSelfServiceLinksEnabled()) { return handleSelfServiceDisabled(model, response, "error_message_code", "self_service_disabled"); } - if(result.hasErrors()) { + if (result.hasErrors()) { return handleUnprocessableEntity(model, response, "error_message_code", "invalid_email"); } List identityProviderList = DomainFilter.getIdpsForEmailDomain(identityProviderProvisioning.retrieveAll(true, IdentityZoneHolder.get().getId()), email.getEmail()); identityProviderList = identityProviderList.stream().filter(idp -> !idp.getOriginKey().equals(OriginKeys.UAA)).collect(Collectors.toList()); - if(!identityProviderList.isEmpty()) { + if (!identityProviderList.isEmpty()) { model.addAttribute("email", email.getEmail()); return handleUnprocessableEntity(model, response, "error_message_code", "other_idp"); } @@ -114,8 +103,8 @@ public String emailSent() { @RequestMapping(value = "/verify_user", method = GET) public String verifyUser(Model model, - @RequestParam("code") String code, - HttpServletResponse response, HttpSession session) { + @RequestParam("code") String code, + HttpServletResponse response, HttpSession session) { AccountCreationService.AccountCreationResponse accountCreation; try { From 5516e22f4fba687e80d8af6495b1a69ab3a494a4 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Fri, 13 Dec 2019 17:57:23 -0600 Subject: [PATCH 083/111] Refactor - Remove duplicated @Bean Definition - AccountsController will be brought into the context already via component-scan on line https://github.com/cloudfoundry/uaa/blob/c25774eac882f6c78855f9a56632b2d2bae4add2/server/src/main/resources/spring/login-ui.xml#L516 [nostory] --- .../identity/uaa/impl/config/LoginServerConfig.java | 5 ----- 1 file changed, 5 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/LoginServerConfig.java b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/LoginServerConfig.java index 2beb717e082..a049e1bdd1b 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/LoginServerConfig.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/LoginServerConfig.java @@ -13,11 +13,6 @@ @Configuration public class LoginServerConfig { - @Bean - public AccountsController accountsController(AccountCreationService accountCreationService, IdentityProviderProvisioning identityProviderProvisioning) { - return new AccountsController(accountCreationService, identityProviderProvisioning); - } - @Bean public MessageService messageService(EmailService emailService, NotificationsService notificationsService, Environment environment) { if (environment.getProperty("notifications.url") != null && !environment.getProperty("notifications.url").equals("")) { From 0a7575185e2ad4942b466e466aa33911f4767163 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Fri, 13 Dec 2019 18:04:11 -0600 Subject: [PATCH 084/111] Test Refactor - Clean up Test Setup - Because this will make it easier to Boot [nostory] --- .../identity/uaa/annotations/WithDatabaseContext.java | 2 +- .../identity/uaa/db/DbMigrationIntegrationTestParent.java | 2 +- .../identity/uaa/db/TableAndColumnNormalizationTest.java | 7 ------- 3 files changed, 2 insertions(+), 9 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/annotations/WithDatabaseContext.java b/server/src/test/java/org/cloudfoundry/identity/uaa/annotations/WithDatabaseContext.java index 16ac8affd26..0b90ee01759 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/annotations/WithDatabaseContext.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/annotations/WithDatabaseContext.java @@ -30,7 +30,7 @@ @ImportResource(locations = { "classpath:spring/env.xml", - "classpath:spring/data-source.xml" + "classpath:spring/data-source.xml", }) class DatabaseOnlyConfiguration { diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/db/DbMigrationIntegrationTestParent.java b/server/src/test/java/org/cloudfoundry/identity/uaa/db/DbMigrationIntegrationTestParent.java index f7c7b36ed2c..ce72185e378 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/db/DbMigrationIntegrationTestParent.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/db/DbMigrationIntegrationTestParent.java @@ -15,8 +15,8 @@ @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration(locations = { - "classpath:spring/data-source.xml", "classpath:spring/env.xml", + "classpath:spring/data-source.xml", }) public abstract class DbMigrationIntegrationTestParent { diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/db/TableAndColumnNormalizationTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/db/TableAndColumnNormalizationTest.java index f084faeee8f..224e1b83954 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/db/TableAndColumnNormalizationTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/db/TableAndColumnNormalizationTest.java @@ -58,13 +58,6 @@ void checkMysqlOrPostgresqlProfile( ); } - public String[] getWebApplicationContextConfigFiles() { - return new String[]{ - "classpath:spring/env.xml", - "classpath:spring/data-source.xml" - }; - } - @Test void checkTables() throws Exception { try (Connection connection = dataSource.getConnection()) { From b8eea4eaae85cdb6df28009bfc88972f978ddd2b Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2019 11:13:55 +0000 Subject: [PATCH 085/111] Bump gradle-cargo-plugin from 2.6.1 to 2.6.2 Bumps [gradle-cargo-plugin](https://github.com/bmuschko/gradle-cargo-plugin) from 2.6.1 to 2.6.2. - [Release notes](https://github.com/bmuschko/gradle-cargo-plugin/releases) - [Changelog](https://github.com/bmuschko/gradle-cargo-plugin/blob/master/RELEASE_NOTES.md) - [Commits](https://github.com/bmuschko/gradle-cargo-plugin/commits/2.6.2) Signed-off-by: dependabot-preview[bot] --- dependencies.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependencies.gradle b/dependencies.gradle index c162935996a..fca843b0fad 100644 --- a/dependencies.gradle +++ b/dependencies.gradle @@ -35,7 +35,7 @@ libraries.dumbster = "dumbster:dumbster:1.6" libraries.eclipseJgit = "org.eclipse.jgit:org.eclipse.jgit:5.6.0.201912101111-r" libraries.flywayCore = "org.flywaydb:flyway-core" libraries.googleAuth = "com.warrenstrange:googleauth:1.4.0" -libraries.gradleCargoPlugin = "com.bmuschko:gradle-cargo-plugin:2.6.1" +libraries.gradleCargoPlugin = "com.bmuschko:gradle-cargo-plugin:2.6.2" libraries.gradleNodePlugin = "com.moowork.gradle:gradle-node-plugin:1.1.0" libraries.guava = "com.google.guava:guava:28.1-jre" libraries.hamcrest = "org.hamcrest:hamcrest:${versions.hamcrestVersion}" From d3895926c43f6113f2a1bf366153f6ebae694271 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Mon, 16 Dec 2019 10:01:07 -0600 Subject: [PATCH 086/111] Cleanup XML files - Remove Copyright notices - Put in Test dir if applicable [nostory] --- .../src/main/resources/spring/data-source.xml | 13 ---------- server/src/main/resources/spring/env.xml | 13 ---------- server/src/main/resources/spring/login-ui.xml | 14 ---------- uaa/src/main/resources/ldap-integration.xml | 15 ----------- .../resources/sample-okta-localhost-2.xml | 25 ------------------ .../resources/sample-okta-localhost-3.xml | 26 ------------------- .../resources/sample-okta-localhost.xml | 0 7 files changed, 106 deletions(-) delete mode 100644 uaa/src/main/resources/sample-okta-localhost-2.xml delete mode 100644 uaa/src/main/resources/sample-okta-localhost-3.xml rename uaa/src/{main => test}/resources/sample-okta-localhost.xml (100%) diff --git a/server/src/main/resources/spring/data-source.xml b/server/src/main/resources/spring/data-source.xml index 8e01d8f17b1..0d27d35fe47 100755 --- a/server/src/main/resources/spring/data-source.xml +++ b/server/src/main/resources/spring/data-source.xml @@ -1,17 +1,4 @@ - - - - - - - - diff --git a/uaa/src/main/resources/sample-okta-localhost-2.xml b/uaa/src/main/resources/sample-okta-localhost-2.xml deleted file mode 100644 index 147aa19e1e4..00000000000 --- a/uaa/src/main/resources/sample-okta-localhost-2.xml +++ /dev/null @@ -1,25 +0,0 @@ - -MIICmTCCAgKgAwIBAgIGAUPATqmEMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYDVQQGEwJVUzETMBEG - A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU - MBIGA1UECwwLU1NPUHJvdmlkZXIxEDAOBgNVBAMMB1Bpdm90YWwxHDAaBgkqhkiG9w0BCQEWDWlu - Zm9Ab2t0YS5jb20wHhcNMTQwMTIzMTgxMjM3WhcNNDQwMTIzMTgxMzM3WjCBjzELMAkGA1UEBhMC - VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoM - BE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRAwDgYDVQQDDAdQaXZvdGFsMRwwGgYJKoZIhvcN - AQkBFg1pbmZvQG9rdGEuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCeil67/TLOiTZU - WWgW2XEGgFZ94bVO90v5J1XmcHMwL8v5Z/8qjdZLpGdwI7Ph0CyXMMNklpaR/Ljb8fsls3amdT5O - Bw92Zo8ulcpjw2wuezTwL0eC0wY/GQDAZiXL59npE6U+fH1lbJIq92hx0HJSru/0O1q3+A/+jjZL - 3tL/SwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAI5BoWZoH6Mz9vhypZPOJCEKa/K+biZQsA4Zqsuk - vvphhSERhqk/Nv76Vkl8uvJwwHbQrR9KJx4L3PRkGCG24rix71jEuXVGZUsDNM3CUKnARx4MEab6 - GFHNkZ6DmoT/PFagngecHu+EwmuDtaG0rEkFrARwe+d8Ru0BN558abFburn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified \ No newline at end of file diff --git a/uaa/src/main/resources/sample-okta-localhost-3.xml b/uaa/src/main/resources/sample-okta-localhost-3.xml deleted file mode 100644 index 2e57a1bcf28..00000000000 --- a/uaa/src/main/resources/sample-okta-localhost-3.xml +++ /dev/null @@ -1,26 +0,0 @@ - - -MIICmTCCAgKgAwIBAgIGAUPATqmEMA0GCSqGSIb3DQEBBQUAMIGPMQswCQYDVQQGEwJVUzETMBEG - A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEU - MBIGA1UECwwLU1NPUHJvdmlkZXIxEDAOBgNVBAMMB1Bpdm90YWwxHDAaBgkqhkiG9w0BCQEWDWlu - Zm9Ab2t0YS5jb20wHhcNMTQwMTIzMTgxMjM3WhcNNDQwMTIzMTgxMzM3WjCBjzELMAkGA1UEBhMC - VVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xDTALBgNVBAoM - BE9rdGExFDASBgNVBAsMC1NTT1Byb3ZpZGVyMRAwDgYDVQQDDAdQaXZvdGFsMRwwGgYJKoZIhvcN - AQkBFg1pbmZvQG9rdGEuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCeil67/TLOiTZU - WWgW2XEGgFZ94bVO90v5J1XmcHMwL8v5Z/8qjdZLpGdwI7Ph0CyXMMNklpaR/Ljb8fsls3amdT5O - Bw92Zo8ulcpjw2wuezTwL0eC0wY/GQDAZiXL59npE6U+fH1lbJIq92hx0HJSru/0O1q3+A/+jjZL - 3tL/SwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAI5BoWZoH6Mz9vhypZPOJCEKa/K+biZQsA4Zqsuk - vvphhSERhqk/Nv76Vkl8uvJwwHbQrR9KJx4L3PRkGCG24rix71jEuXVGZUsDNM3CUKnARx4MEab6 - GFHNkZ6DmoT/PFagngecHu+EwmuDtaG0rEkFrARwe+d8Ru0BN558abFburn:oasis:names:tc:SAML:1.1:nameid-format:emailAddressurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified \ No newline at end of file diff --git a/uaa/src/main/resources/sample-okta-localhost.xml b/uaa/src/test/resources/sample-okta-localhost.xml similarity index 100% rename from uaa/src/main/resources/sample-okta-localhost.xml rename to uaa/src/test/resources/sample-okta-localhost.xml From 45e6f21bc06be969d2a9f383ff55c2525abb252e Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Mon, 16 Dec 2019 10:06:49 -0600 Subject: [PATCH 087/111] Cleanup - move files to test instead of main [nostory] --- scripts/integration-tests.sh | 4 ++-- scripts/ldap/install-ldap.sh | 4 ++-- scripts/unit-tests.sh | 4 ++-- .../uaa/provider/saml/ConfigMetadataProviderTest.java | 2 +- uaa/src/main/resources/endpoint_test_config.yml | 3 --- .../org/cloudfoundry/identity/uaa/login/BootstrapTests.java | 2 +- uaa/src/{main => test}/resources/idp.xml | 0 uaa/src/{main => test}/resources/ldap_db_init.ldif | 0 uaa/src/{main => test}/resources/ldap_init.ldif | 0 9 files changed, 8 insertions(+), 11 deletions(-) delete mode 100755 uaa/src/main/resources/endpoint_test_config.yml rename uaa/src/{main => test}/resources/idp.xml (100%) rename uaa/src/{main => test}/resources/ldap_db_init.ldif (100%) rename uaa/src/{main => test}/resources/ldap_init.ldif (100%) diff --git a/scripts/integration-tests.sh b/scripts/integration-tests.sh index 05162a150e3..f716f74553e 100755 --- a/scripts/integration-tests.sh +++ b/scripts/integration-tests.sh @@ -20,7 +20,7 @@ bootDB "${DB}" pushd $(dirname $DIR) /etc/init.d/slapd start - ldapadd -Y EXTERNAL -H ldapi:/// -f ./uaa/src/main/resources/ldap_db_init.ldif - ldapadd -x -D 'cn=admin,dc=test,dc=com' -w password -f ./uaa/src/main/resources/ldap_init.ldif + ldapadd -Y EXTERNAL -H ldapi:/// -f ./uaa/src/test/resources/ldap_db_init.ldif + ldapadd -x -D 'cn=admin,dc=test,dc=com' -w password -f ./uaa/src/test/resources/ldap_init.ldif ./gradlew "-Dspring.profiles.active=${TESTENV}" integrationTest --no-daemon --stacktrace --console=plain -x :cloudfoundry-identity-samples:assemble popd diff --git a/scripts/ldap/install-ldap.sh b/scripts/ldap/install-ldap.sh index e210dd19ad8..52027a8429b 100755 --- a/scripts/ldap/install-ldap.sh +++ b/scripts/ldap/install-ldap.sh @@ -49,5 +49,5 @@ olcTLSCertificateKeyFile: /etc/ssl/private/ldap01_slapd_key.pem" > /etc/ssl/cert fi -sudo ldapadd -Y EXTERNAL -H ldapi:/// -f uaa/src/main/resources/ldap_db_init.ldif -sudo ldapadd -x -D 'cn=admin,dc=test,dc=com' -w password -f uaa/src/main/resources/ldap_init.ldif +sudo ldapadd -Y EXTERNAL -H ldapi:/// -f uaa/src/test/resources/ldap_db_init.ldif +sudo ldapadd -x -D 'cn=admin,dc=test,dc=com' -w password -f uaa/src/test/resources/ldap_init.ldif diff --git a/scripts/unit-tests.sh b/scripts/unit-tests.sh index ed270dbfc39..ac2febf175d 100755 --- a/scripts/unit-tests.sh +++ b/scripts/unit-tests.sh @@ -21,8 +21,8 @@ bootDB "${DB}" # DB is set in the Dockerfile for each image pushd $(dirname $SCRIPT_DIR) /etc/init.d/slapd start - ldapadd -Y EXTERNAL -H ldapi:/// -f ./uaa/src/main/resources/ldap_db_init.ldif - ldapadd -x -D 'cn=admin,dc=test,dc=com' -w password -f ./uaa/src/main/resources/ldap_init.ldif + ldapadd -Y EXTERNAL -H ldapi:/// -f ./uaa/src/test/resources/ldap_db_init.ldif + ldapadd -x -D 'cn=admin,dc=test,dc=com' -w password -f ./uaa/src/test/resources/ldap_init.ldif ./gradlew "-Dspring.profiles.active=${TESTENV}" test --no-daemon --stacktrace --console=plain -x :cloudfoundry-identity-samples:assemble popd diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/ConfigMetadataProviderTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/ConfigMetadataProviderTest.java index 7483ee9c281..3710ce68033 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/ConfigMetadataProviderTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/saml/ConfigMetadataProviderTest.java @@ -15,7 +15,7 @@ public class ConfigMetadataProviderTest { @Test public void testDoGetMetadata() throws Exception { - String metadataString = new Scanner(new File("../uaa/src/main/resources/idp.xml")).useDelimiter("\\Z").next(); + String metadataString = new Scanner(new File("../uaa/src/test/resources/idp.xml")).useDelimiter("\\Z").next(); ConfigMetadataProvider provider = new ConfigMetadataProvider(IdentityZone.getUaaZoneId(), "testalias", metadataString); ConfigMetadataProvider provider2 = new ConfigMetadataProvider(IdentityZone.getUaaZoneId(), "testalias", metadataString); DefaultBootstrap.bootstrap(); diff --git a/uaa/src/main/resources/endpoint_test_config.yml b/uaa/src/main/resources/endpoint_test_config.yml deleted file mode 100755 index e136077c3ac..00000000000 --- a/uaa/src/main/resources/endpoint_test_config.yml +++ /dev/null @@ -1,3 +0,0 @@ -userMaxCount: 5 -groupMaxCount: 5 -clientMaxCount: 5 diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java index 9549538e18a..f3366348e09 100755 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java @@ -138,7 +138,7 @@ void legacySamlIdpAsTopLevelElement() { @Test void legacySamlMetadataAsXml() throws Exception { - String metadataString = new Scanner(new File("./src/main/resources/sample-okta-localhost.xml")).useDelimiter("\\Z").next(); + String metadataString = new Scanner(new File("./src/test/resources/sample-okta-localhost.xml")).useDelimiter("\\Z").next(); System.setProperty(LOGIN_IDP_METADATA, metadataString); System.setProperty(LOGIN_IDP_ENTITY_ALIAS, "testIDPData"); context = getServletContext("default,saml,configMetadata", "uaa.yml"); diff --git a/uaa/src/main/resources/idp.xml b/uaa/src/test/resources/idp.xml similarity index 100% rename from uaa/src/main/resources/idp.xml rename to uaa/src/test/resources/idp.xml diff --git a/uaa/src/main/resources/ldap_db_init.ldif b/uaa/src/test/resources/ldap_db_init.ldif similarity index 100% rename from uaa/src/main/resources/ldap_db_init.ldif rename to uaa/src/test/resources/ldap_db_init.ldif diff --git a/uaa/src/main/resources/ldap_init.ldif b/uaa/src/test/resources/ldap_init.ldif similarity index 100% rename from uaa/src/main/resources/ldap_init.ldif rename to uaa/src/test/resources/ldap_init.ldif From b51b55a21f6bfcdfa6d9a5261435d2e6396f26a7 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Sat, 14 Dec 2019 11:22:44 -0600 Subject: [PATCH 088/111] Use Global component-scan - Simplify XML files - Prep for Spring Boot [#170299042] --- .../uaa/impl/config/LoginServerConfig.java | 3 --- .../src/main/resources/spring/data-source.xml | 6 +----- server/src/main/resources/spring/login-ui.xml | 20 ------------------- .../uaa/annotations/WithDatabaseContext.java | 2 ++ .../db/DbMigrationIntegrationTestParent.java | 1 + .../db/TableAndColumnNormalizationTest.java | 1 + .../identity/uaa/test/JdbcTestBase.java | 3 ++- .../spring/jdbc-test-base-add-flyway.xml | 12 +++++++++++ .../main/webapp/WEB-INF/spring-servlet.xml | 13 ++++++------ .../WEB-INF/spring/approvals-endpoints.xml | 6 +----- .../WEB-INF/spring/client-admin-endpoints.xml | 4 ---- .../WEB-INF/spring/codestore-endpoints.xml | 5 +---- .../WEB-INF/spring/login-server-security.xml | 8 +------- .../WEB-INF/spring/multitenant-endpoints.xml | 7 ------- .../webapp/WEB-INF/spring/oauth-endpoints.xml | 18 +---------------- .../WEB-INF/spring/resource-endpoints.xml | 12 +---------- .../main/webapp/WEB-INF/spring/saml-idp.xml | 5 +---- .../webapp/WEB-INF/spring/scim-endpoints.xml | 6 ------ 18 files changed, 31 insertions(+), 101 deletions(-) create mode 100755 server/src/test/resources/spring/jdbc-test-base-add-flyway.xml diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/LoginServerConfig.java b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/LoginServerConfig.java index a049e1bdd1b..541cac60e5d 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/LoginServerConfig.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/LoginServerConfig.java @@ -1,11 +1,8 @@ package org.cloudfoundry.identity.uaa.impl.config; -import org.cloudfoundry.identity.uaa.account.AccountCreationService; -import org.cloudfoundry.identity.uaa.account.AccountsController; import org.cloudfoundry.identity.uaa.message.EmailService; import org.cloudfoundry.identity.uaa.message.MessageService; import org.cloudfoundry.identity.uaa.message.NotificationsService; -import org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.env.Environment; diff --git a/server/src/main/resources/spring/data-source.xml b/server/src/main/resources/spring/data-source.xml index 0d27d35fe47..501e5bcccc7 100755 --- a/server/src/main/resources/spring/data-source.xml +++ b/server/src/main/resources/spring/data-source.xml @@ -3,12 +3,10 @@ xmlns="http://www.springframework.org/schema/beans" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:util="http://www.springframework.org/schema/util" - xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation=" http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/util https://www.springframework.org/schema/util/spring-util.xsd - http://www.springframework.org/schema/tx https://www.springframework.org/schema/tx/spring-tx.xsd - http://www.springframework.org/schema/context https://www.springframework.org/schema/context/spring-context.xsd"> + http://www.springframework.org/schema/tx https://www.springframework.org/schema/tx/spring-tx.xsd"> @@ -43,8 +41,6 @@ - - diff --git a/server/src/main/resources/spring/login-ui.xml b/server/src/main/resources/spring/login-ui.xml index 475a21a9d79..39905fa9f41 100644 --- a/server/src/main/resources/spring/login-ui.xml +++ b/server/src/main/resources/spring/login-ui.xml @@ -3,13 +3,11 @@ xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:oauth="http://www.springframework.org/schema/security/oauth2" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security https://www.springframework.org/schema/security/spring-security.xsd - http://www.springframework.org/schema/context https://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/mvc https://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/util https://www.springframework.org/schema/util/spring-util.xsd http://www.springframework.org/schema/security/oauth2 https://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd"> @@ -21,8 +19,6 @@ - - @@ -189,9 +185,6 @@ - - @@ -350,10 +343,6 @@ - - - - @@ -437,13 +426,8 @@ - - - - - @@ -499,8 +483,6 @@ - - @@ -540,8 +522,6 @@ - - diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/annotations/WithDatabaseContext.java b/server/src/test/java/org/cloudfoundry/identity/uaa/annotations/WithDatabaseContext.java index 0b90ee01759..6361f6a3ae6 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/annotations/WithDatabaseContext.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/annotations/WithDatabaseContext.java @@ -1,5 +1,6 @@ package org.cloudfoundry.identity.uaa.annotations; +import org.cloudfoundry.identity.uaa.db.beans.FlywayConfiguration; import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.util.beans.PasswordEncoderConfig; import org.junit.jupiter.api.extension.ExtendWith; @@ -23,6 +24,7 @@ @ContextConfiguration(classes = { DatabaseOnlyConfiguration.class, PasswordEncoderConfig.class, + FlywayConfiguration.class, }) public @interface WithDatabaseContext { diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/db/DbMigrationIntegrationTestParent.java b/server/src/test/java/org/cloudfoundry/identity/uaa/db/DbMigrationIntegrationTestParent.java index ce72185e378..41c6b75bf17 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/db/DbMigrationIntegrationTestParent.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/db/DbMigrationIntegrationTestParent.java @@ -16,6 +16,7 @@ @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration(locations = { "classpath:spring/env.xml", + "classpath:spring/jdbc-test-base-add-flyway.xml", "classpath:spring/data-source.xml", }) public abstract class DbMigrationIntegrationTestParent { diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/db/TableAndColumnNormalizationTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/db/TableAndColumnNormalizationTest.java index 224e1b83954..2500feffbaf 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/db/TableAndColumnNormalizationTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/db/TableAndColumnNormalizationTest.java @@ -28,6 +28,7 @@ @ImportResource(locations = { "classpath:spring/env.xml", "classpath:spring/use_uaa_db_in_mysql_url.xml", // adds this one + "classpath:spring/jdbc-test-base-add-flyway.xml", "classpath:spring/data-source.xml", }) class TableAndColumnNormalizationTestConfiguration { diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/test/JdbcTestBase.java b/server/src/test/java/org/cloudfoundry/identity/uaa/test/JdbcTestBase.java index f8d88b038ad..b9f0df5c04c 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/test/JdbcTestBase.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/test/JdbcTestBase.java @@ -57,7 +57,8 @@ public void setUp(MockEnvironment environment) { public String[] getWebApplicationContextConfigFiles() { return new String[]{ "classpath:spring/env.xml", - "classpath:spring/data-source.xml" + "classpath:spring/jdbc-test-base-add-flyway.xml", + "classpath:spring/data-source.xml", }; } diff --git a/server/src/test/resources/spring/jdbc-test-base-add-flyway.xml b/server/src/test/resources/spring/jdbc-test-base-add-flyway.xml new file mode 100755 index 00000000000..3b9922455ba --- /dev/null +++ b/server/src/test/resources/spring/jdbc-test-base-add-flyway.xml @@ -0,0 +1,12 @@ + + + + + + + + diff --git a/uaa/src/main/webapp/WEB-INF/spring-servlet.xml b/uaa/src/main/webapp/WEB-INF/spring-servlet.xml index 923eb0a6585..a1bdc214166 100755 --- a/uaa/src/main/webapp/WEB-INF/spring-servlet.xml +++ b/uaa/src/main/webapp/WEB-INF/spring-servlet.xml @@ -11,6 +11,9 @@ http://www.springframework.org/schema/context https://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/util https://www.springframework.org/schema/util/spring-util.xsd"> + + + @@ -43,7 +46,9 @@ - + @@ -351,7 +356,6 @@ - @@ -439,11 +443,6 @@ - - - - - diff --git a/uaa/src/main/webapp/WEB-INF/spring/approvals-endpoints.xml b/uaa/src/main/webapp/WEB-INF/spring/approvals-endpoints.xml index b857045cd64..056e4625b62 100644 --- a/uaa/src/main/webapp/WEB-INF/spring/approvals-endpoints.xml +++ b/uaa/src/main/webapp/WEB-INF/spring/approvals-endpoints.xml @@ -2,11 +2,9 @@ + http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd"> @@ -14,8 +12,6 @@ - - - - - - diff --git a/uaa/src/main/webapp/WEB-INF/spring/codestore-endpoints.xml b/uaa/src/main/webapp/WEB-INF/spring/codestore-endpoints.xml index 285406d40d4..81b9af8fce0 100644 --- a/uaa/src/main/webapp/WEB-INF/spring/codestore-endpoints.xml +++ b/uaa/src/main/webapp/WEB-INF/spring/codestore-endpoints.xml @@ -1,13 +1,10 @@ + http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd"> - - + http://www.springframework.org/schema/util https://www.springframework.org/schema/util/spring-util.xsd"> @@ -181,15 +179,11 @@ - - - - diff --git a/uaa/src/main/webapp/WEB-INF/spring/multitenant-endpoints.xml b/uaa/src/main/webapp/WEB-INF/spring/multitenant-endpoints.xml index 4c2e78c40f6..6a7ba031f4a 100644 --- a/uaa/src/main/webapp/WEB-INF/spring/multitenant-endpoints.xml +++ b/uaa/src/main/webapp/WEB-INF/spring/multitenant-endpoints.xml @@ -2,10 +2,8 @@ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:util="http://www.springframework.org/schema/util" - xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/security https://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd - http://www.springframework.org/schema/context https://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/aop https://www.springframework.org/schema/aop/spring-aop.xsd http://www.springframework.org/schema/util https://www.springframework.org/schema/util/spring-util.xsd"> @@ -29,8 +27,6 @@ - - @@ -203,9 +199,6 @@ - - + http://www.springframework.org/schema/aop https://www.springframework.org/schema/aop/spring-aop.xsd"> @@ -43,8 +41,6 @@ - - - - - - @@ -360,8 +352,6 @@ - - @@ -603,10 +593,6 @@ - - - - @@ -725,7 +711,5 @@ - - \ No newline at end of file diff --git a/uaa/src/main/webapp/WEB-INF/spring/resource-endpoints.xml b/uaa/src/main/webapp/WEB-INF/spring/resource-endpoints.xml index 873059716ca..e7b0248d0cb 100755 --- a/uaa/src/main/webapp/WEB-INF/spring/resource-endpoints.xml +++ b/uaa/src/main/webapp/WEB-INF/spring/resource-endpoints.xml @@ -1,9 +1,7 @@ + http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd"> - - - - - - - - diff --git a/uaa/src/main/webapp/WEB-INF/spring/saml-idp.xml b/uaa/src/main/webapp/WEB-INF/spring/saml-idp.xml index ef6c04c7bb9..622eca3fc9e 100644 --- a/uaa/src/main/webapp/WEB-INF/spring/saml-idp.xml +++ b/uaa/src/main/webapp/WEB-INF/spring/saml-idp.xml @@ -41,16 +41,13 @@ + depends-on="spMetaDataProviders identityZoneConfigurationBootstrap identityZoneHolderInitializer" destroy-method="destroy"> - - diff --git a/uaa/src/main/webapp/WEB-INF/spring/scim-endpoints.xml b/uaa/src/main/webapp/WEB-INF/spring/scim-endpoints.xml index 7a6b4a87019..7014e090cea 100644 --- a/uaa/src/main/webapp/WEB-INF/spring/scim-endpoints.xml +++ b/uaa/src/main/webapp/WEB-INF/spring/scim-endpoints.xml @@ -138,10 +138,6 @@ - - - - - - Date: Mon, 16 Dec 2019 13:37:25 -0600 Subject: [PATCH 089/111] Fix Integration Test - https://hush-house.pivotal.io/teams/cf-uaa/pipelines/uaa-acceptance-gcp/jobs/integration-tests-mysql/builds/36 - One test creates a group that's deleted in the @After, meaning that the group is deleted three times - Something related to b51b55a means that no longer works, but it shouldn't have worked anyways [nostory] --- .../integration/IdentityZoneEndpointsIntegrationTests.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/IdentityZoneEndpointsIntegrationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/IdentityZoneEndpointsIntegrationTests.java index 0adbbb4d9d3..34931c0980d 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/IdentityZoneEndpointsIntegrationTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/IdentityZoneEndpointsIntegrationTests.java @@ -86,7 +86,9 @@ public void cleanup() { IntegrationTestUtils.getClientCredentialsResource(serverRunning.getBaseUrl(), new String[0], "admin", "adminsecret") ); String groupId = IntegrationTestUtils.findGroupId(client, serverRunning.getBaseUrl(), String.format("zones.%s.admin", zoneId)); - IntegrationTestUtils.deleteGroup(clientCredentialsToken, "", serverRunning.getBaseUrl(), groupId); + if (groupId != null) { + IntegrationTestUtils.deleteGroup(clientCredentialsToken, "", serverRunning.getBaseUrl(), groupId); + } } @Test From 0a802355a4e7873b8e0b3b8e3a2934cdf119203a Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Mon, 16 Dec 2019 16:56:26 -0600 Subject: [PATCH 090/111] Refactor - apply IntelliJ sanitizations [nostory] --- .../uaa/metrics/UaaMetricsFilter.java | 55 ++++----- .../uaa/metrics/UaaMetricsFilterTests.java | 116 +++++++++--------- 2 files changed, 78 insertions(+), 93 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/metrics/UaaMetricsFilter.java b/server/src/main/java/org/cloudfoundry/identity/uaa/metrics/UaaMetricsFilter.java index 0d56b5f79e5..d26cd23345c 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/metrics/UaaMetricsFilter.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/metrics/UaaMetricsFilter.java @@ -1,30 +1,16 @@ -/* - * **************************************************************************** - * Cloud Foundry - * Copyright (c) [2009-2017] Pivotal Software, Inc. All Rights Reserved. - * - * This product is licensed to you under the Apache License, Version 2.0 (the "License"). - * You may not use this product except in compliance with the License. - * - * This product includes a number of subcomponents with - * separate copyright notices and license terms. Your use of these - * subcomponents is subject to the terms and conditions of the - * subcomponent's license, as noted in the LICENSE file. - * **************************************************************************** - */ - package org.cloudfoundry.identity.uaa.metrics; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.cloudfoundry.identity.uaa.util.JsonUtils; import org.cloudfoundry.identity.uaa.util.TimeService; import org.cloudfoundry.identity.uaa.util.TimeServiceImpl; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.core.io.ClassPathResource; import org.springframework.jmx.export.annotation.ManagedMetric; import org.springframework.jmx.export.annotation.ManagedResource; import org.springframework.jmx.export.notification.NotificationPublisher; import org.springframework.jmx.export.notification.NotificationPublisherAware; +import org.springframework.lang.NonNull; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import org.springframework.web.filter.OncePerRequestFilter; import org.yaml.snakeyaml.Yaml; @@ -44,22 +30,22 @@ import java.util.stream.Collectors; @ManagedResource( - objectName="cloudfoundry.identity:name=ServerRequests", - description = "UAA Performance Metrics" + objectName = "cloudfoundry.identity:name=ServerRequests", + description = "UAA Performance Metrics" ) public class UaaMetricsFilter extends OncePerRequestFilter implements UaaMetrics, NotificationPublisherAware { - public static final int MAX_TIME = 3000; + private static final int MAX_TIME = 3000; public static final UrlGroup FALLBACK = new UrlGroup() - .setCategory("Unknown") - .setGroup("/unknown") - .setLimit(MAX_TIME) - .setPattern("/**"); + .setCategory("Unknown") + .setGroup("/unknown") + .setLimit(MAX_TIME) + .setPattern("/**"); private static Logger logger = LoggerFactory.getLogger(UaaMetricsFilter.class); private TimeService timeService = new TimeServiceImpl(); private IdleTimer inflight = new IdleTimer(); - private Map perUriMetrics = new ConcurrentHashMap<>(); + private Map perUriMetrics = new ConcurrentHashMap<>(); private LinkedHashMap urlGroups; private boolean enabled = true; private boolean perRequestMetrics = false; @@ -71,13 +57,16 @@ public UaaMetricsFilter() throws IOException { urlGroups = new LinkedHashMap<>(); List groups = getUrlGroups(); groups.forEach( - group -> urlGroups.put(new AntPathRequestMatcher(group.getPattern()), group) + group -> urlGroups.put(new AntPathRequestMatcher(group.getPattern()), group) ); } @Override - protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { + protected void doFilterInternal( + final @NonNull HttpServletRequest request, + final @NonNull HttpServletResponse response, + final @NonNull FilterChain filterChain) throws ServletException, IOException { UrlGroup uriGroup = enabled ? getUriGroup(request) : null; if (uriGroup != null) { RequestMetric metric = RequestMetric.start(request.getRequestURI(), uriGroup, timeService.getCurrentTimeMillis()); @@ -118,12 +107,10 @@ protected MetricsQueue getMetricsQueue(String uri) { } /** - * - * @param request * @return null if this request should not be measured. */ - protected UrlGroup getUriGroup(HttpServletRequest request) { - if (urlGroups!=null) { + protected UrlGroup getUriGroup(final HttpServletRequest request) { + if (urlGroups != null) { String uri = request.getRequestURI(); for (Map.Entry entry : urlGroups.entrySet()) { if (entry.getKey().matches(request)) { @@ -181,12 +168,12 @@ public void setTimeService(TimeService timeService) { public List getUrlGroups() throws IOException { ClassPathResource resource = new ClassPathResource("performance-url-groups.yml"); Yaml yaml = new Yaml(); - List> load = (List>) yaml.load(resource.getInputStream()); + List> load = (List>) yaml.load(resource.getInputStream()); return load.stream().map(map -> UrlGroup.from(map)).collect(Collectors.toList()); } public void sendRequestTime(String urlGroup, long time) { - if(notificationPublisher != null) { + if (notificationPublisher != null) { Notification note = new Notification(urlGroup, time, 0); notificationPublisher.sendNotification(note); } else { @@ -195,7 +182,7 @@ public void sendRequestTime(String urlGroup, long time) { } @Override - public void setNotificationPublisher(NotificationPublisher notificationPublisher) { + public void setNotificationPublisher(final @NonNull NotificationPublisher notificationPublisher) { this.notificationPublisher = notificationPublisher; } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/metrics/UaaMetricsFilterTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/metrics/UaaMetricsFilterTests.java index 047273605cc..e066c5cc5e5 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/metrics/UaaMetricsFilterTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/metrics/UaaMetricsFilterTests.java @@ -1,18 +1,3 @@ -/* - * **************************************************************************** - * Cloud Foundry - * Copyright (c) [2009-2017] Pivotal Software, Inc. All Rights Reserved. - * - * This product is licensed to you under the Apache License, Version 2.0 (the "License"). - * You may not use this product except in compliance with the License. - * - * This product includes a number of subcomponents with - * separate copyright notices and license terms. Your use of these - * subcomponents is subject to the terms and conditions of the - * subcomponent's license, as noted in the LICENSE file. - * **************************************************************************** - */ - package org.cloudfoundry.identity.uaa.metrics; import org.cloudfoundry.identity.uaa.util.JsonUtils; @@ -40,8 +25,21 @@ import static org.cloudfoundry.identity.uaa.metrics.UaaMetricsFilter.FALLBACK; import static org.cloudfoundry.identity.uaa.util.JsonUtils.readValue; import static org.hamcrest.Matchers.greaterThan; -import static org.junit.Assert.*; -import static org.mockito.Mockito.*; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertThat; +import static org.junit.Assert.assertTrue; +import static org.mockito.Mockito.anyLong; +import static org.mockito.Mockito.anyString; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.never; +import static org.mockito.Mockito.reset; +import static org.mockito.Mockito.same; +import static org.mockito.Mockito.spy; +import static org.mockito.Mockito.times; +import static org.mockito.Mockito.verify; public class UaaMetricsFilterTests { @@ -62,7 +60,6 @@ public void setup() throws Exception { chain = mock(FilterChain.class); } - @Test public void group_static_content() { for (String path : Arrays.asList("/vendor/test", "/resources/test")) { @@ -135,10 +132,10 @@ public void happy_path() throws Exception { assertEquals(2, summary.size()); for (String uri : Arrays.asList(path, MetricsUtil.GLOBAL_GROUP)) { MetricsQueue totals = readValue(summary.get(filter.getUriGroup(request).getGroup()), MetricsQueue.class); - assertNotNull("URI:"+uri, totals); + assertNotNull("URI:" + uri, totals); for (StatusCodeGroup status : Arrays.asList(StatusCodeGroup.SUCCESS, StatusCodeGroup.SERVER_ERROR)) { RequestMetricSummary total = totals.getDetailed().get(status); - assertEquals("URI:"+uri, 1, total.getCount()); + assertEquals("URI:" + uri, 1, total.getCount()); } } assertNull(MetricsAccessor.getCurrent()); @@ -147,13 +144,14 @@ public void happy_path() throws Exception { verify(publisher, times(2)).sendNotification(argumentCaptor.capture()); List capturedArg = argumentCaptor.getAllValues(); assertEquals(2, capturedArg.size()); - assertEquals("/api" , capturedArg.get(0).getType()); + assertEquals("/api", capturedArg.get(0).getType()); } @Test public void intolerable_request() throws Exception { TimeService slowRequestTimeService = new TimeService() { long now = System.currentTimeMillis(); + @Override public long getCurrentTimeMillis() { now += 5000; @@ -178,7 +176,7 @@ public long getCurrentTimeMillis() { ArgumentCaptor argumentCaptor = ArgumentCaptor.forClass(Notification.class); verify(publisher).sendNotification(argumentCaptor.capture()); Notification capturedArg = argumentCaptor.getValue(); - assertEquals("/api" , capturedArg.getType()); + assertEquals("/api", capturedArg.getType()); } } @@ -209,7 +207,7 @@ public void setRequestData(String requestURI) { public void deserialize_summary() throws Exception { String path = "/some/path"; setRequestData(path); - for (int status : Arrays.asList(200,500)) { + for (int status : Arrays.asList(200, 500)) { response.setStatus(status); filter.doFilterInternal(request, response, chain); } @@ -232,44 +230,44 @@ public void uri_groups_when_fails_to_load() { ReflectionTestUtils.setField(filter, "urlGroups", null); request.setContextPath(""); MultiValueMap map = new LinkedMultiValueMap<>(); - map.add("/oauth/token/list","/oauth/token/list"); - map.add("/oauth/token/list","/oauth/token/list/some-value"); - map.add("/oauth/token/revoke","/oauth/token/revoke"); - map.add("/oauth/token/revoke","/oauth/token/revoke/some-value"); - map.add("/oauth/token","/oauth/token"); - map.add("/oauth/token","/oauth/token/some-value"); - map.add("/oauth/authorize","/oauth/authorize"); - map.add("/oauth/authorize","/oauth/authorize/some-value"); - map.add("/Users","/Users"); - map.add("/Users","/Users/some-value"); - map.add("/oauth/clients/tx","/oauth/clients/tx"); - map.add("/oauth/clients/tx","/oauth/clients/tx/some-value"); - map.add("/oauth/clients","/oauth/clients"); - map.add("/oauth/clients","/oauth/clients/some-value"); - map.add("/Codes","/Codes"); - map.add("/Codes","/Codes/some-value"); - map.add("/approvals","/approvals"); - map.add("/approvals","/approvals/some-value"); - map.add("/login/callback","/login/callback"); - map.add("/login/callback","/login/callback/some-value"); - map.add("/identity-providers","/identity-providers"); - map.add("/identity-providers","/identity-providers/some-value"); - map.add("/saml/service-providers","/saml/service-providers"); - map.add("/Groups/external","/Groups/external"); - map.add("/Groups/external","/Groups/external/some-value"); - map.add("/Groups/zones","/Groups/zones"); - map.add("/Groups","/Groups"); - map.add("/Groups","/Groups/some/value"); - map.add("/identity-zones","/identity-zones"); - map.add("/identity-zones","/identity-zones/some/value"); - map.add("/saml/login","/saml/login/value"); + map.add("/oauth/token/list", "/oauth/token/list"); + map.add("/oauth/token/list", "/oauth/token/list/some-value"); + map.add("/oauth/token/revoke", "/oauth/token/revoke"); + map.add("/oauth/token/revoke", "/oauth/token/revoke/some-value"); + map.add("/oauth/token", "/oauth/token"); + map.add("/oauth/token", "/oauth/token/some-value"); + map.add("/oauth/authorize", "/oauth/authorize"); + map.add("/oauth/authorize", "/oauth/authorize/some-value"); + map.add("/Users", "/Users"); + map.add("/Users", "/Users/some-value"); + map.add("/oauth/clients/tx", "/oauth/clients/tx"); + map.add("/oauth/clients/tx", "/oauth/clients/tx/some-value"); + map.add("/oauth/clients", "/oauth/clients"); + map.add("/oauth/clients", "/oauth/clients/some-value"); + map.add("/Codes", "/Codes"); + map.add("/Codes", "/Codes/some-value"); + map.add("/approvals", "/approvals"); + map.add("/approvals", "/approvals/some-value"); + map.add("/login/callback", "/login/callback"); + map.add("/login/callback", "/login/callback/some-value"); + map.add("/identity-providers", "/identity-providers"); + map.add("/identity-providers", "/identity-providers/some-value"); + map.add("/saml/service-providers", "/saml/service-providers"); + map.add("/Groups/external", "/Groups/external"); + map.add("/Groups/external", "/Groups/external/some-value"); + map.add("/Groups/zones", "/Groups/zones"); + map.add("/Groups", "/Groups"); + map.add("/Groups", "/Groups/some/value"); + map.add("/identity-zones", "/identity-zones"); + map.add("/identity-zones", "/identity-zones/some/value"); + map.add("/saml/login", "/saml/login/value"); map.entrySet().forEach( - entry -> { - for (String s : entry.getValue()) { - setRequestData(s); - assertEquals("Testing URL: "+s, FALLBACK.getGroup(), filter.getUriGroup(request).getGroup()); + entry -> { + for (String s : entry.getValue()) { + setRequestData(s); + assertEquals("Testing URL: " + s, FALLBACK.getGroup(), filter.getUriGroup(request).getGroup()); + } } - } ); } From 0c816f26fb852a91e13a651354827e76fc50de66 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Mon, 16 Dec 2019 17:01:06 -0600 Subject: [PATCH 091/111] Test Refactor - UaaMetricsFilterTests - Use JUnit5 [nostory] --- .../uaa/metrics/UaaMetricsFilterTests.java | 58 +++++++++---------- 1 file changed, 29 insertions(+), 29 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/metrics/UaaMetricsFilterTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/metrics/UaaMetricsFilterTests.java index e066c5cc5e5..6412de50db8 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/metrics/UaaMetricsFilterTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/metrics/UaaMetricsFilterTests.java @@ -3,8 +3,8 @@ import org.cloudfoundry.identity.uaa.util.JsonUtils; import org.cloudfoundry.identity.uaa.util.TimeService; import org.cloudfoundry.identity.uaa.util.TimeServiceImpl; -import org.junit.Before; -import org.junit.Test; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; import org.mockito.ArgumentCaptor; import org.springframework.jmx.export.notification.NotificationPublisher; import org.springframework.mock.web.MockHttpServletRequest; @@ -24,13 +24,13 @@ import static org.cloudfoundry.identity.uaa.metrics.UaaMetricsFilter.FALLBACK; import static org.cloudfoundry.identity.uaa.util.JsonUtils.readValue; +import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.Matchers.greaterThan; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertThat; -import static org.junit.Assert.assertTrue; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; import static org.mockito.Mockito.anyLong; import static org.mockito.Mockito.anyString; import static org.mockito.Mockito.mock; @@ -41,7 +41,7 @@ import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; -public class UaaMetricsFilterTests { +class UaaMetricsFilterTests { private UaaMetricsFilter filter; private MockHttpServletRequest request; @@ -49,8 +49,8 @@ public class UaaMetricsFilterTests { private FilterChain chain; private NotificationPublisher publisher; - @Before - public void setup() throws Exception { + @BeforeEach + void setup() throws Exception { filter = spy(new UaaMetricsFilter()); filter.setEnabled(true); request = new MockHttpServletRequest(); @@ -61,7 +61,7 @@ public void setup() throws Exception { } @Test - public void group_static_content() { + void group_static_content() { for (String path : Arrays.asList("/vendor/test", "/resources/test")) { setRequestData(path); assertEquals("/static-content", filter.getUriGroup(request).getGroup()); @@ -70,20 +70,20 @@ public void group_static_content() { } @Test - public void enabled_by_default() throws Exception { + void enabled_by_default() throws Exception { filter = new UaaMetricsFilter(); assertTrue(filter.isEnabled()); } @Test - public void per_request_disabled_by_default() throws Exception { + void per_request_disabled_by_default() throws Exception { assertFalse(filter.isPerRequestMetrics()); performTwoSimpleRequests(); verify(filter, never()).sendRequestTime(anyString(), anyLong()); } @Test - public void per_request_enabled() throws Exception { + void per_request_enabled() throws Exception { filter.setPerRequestMetrics(true); assertTrue(filter.isPerRequestMetrics()); performTwoSimpleRequests(); @@ -92,7 +92,7 @@ public void per_request_enabled() throws Exception { @Test - public void url_groups_loaded() throws Exception { + void url_groups_loaded() throws Exception { List urlGroups = filter.getUrlGroups(); assertNotNull(urlGroups); assertThat(urlGroups.size(), greaterThan(0)); @@ -104,7 +104,7 @@ public void url_groups_loaded() throws Exception { } @Test - public void disabled() throws Exception { + void disabled() throws Exception { filter.setEnabled(false); performTwoSimpleRequests(); MetricsQueue queue = JsonUtils.readValue(filter.getGlobals(), MetricsQueue.class); @@ -112,7 +112,7 @@ public void disabled() throws Exception { assertEquals(0, queue.getTotals().getCount()); } - public String performTwoSimpleRequests() throws ServletException, IOException { + String performTwoSimpleRequests() throws ServletException, IOException { String path = "/authenticate/test"; setRequestData(path); for (int status : Arrays.asList(200, 500)) { @@ -123,7 +123,7 @@ public String performTwoSimpleRequests() throws ServletException, IOException { } @Test - public void happy_path() throws Exception { + void happy_path() throws Exception { filter.setPerRequestMetrics(true); String path = performTwoSimpleRequests(); Map summary = filter.getSummary(); @@ -132,10 +132,10 @@ public void happy_path() throws Exception { assertEquals(2, summary.size()); for (String uri : Arrays.asList(path, MetricsUtil.GLOBAL_GROUP)) { MetricsQueue totals = readValue(summary.get(filter.getUriGroup(request).getGroup()), MetricsQueue.class); - assertNotNull("URI:" + uri, totals); + assertNotNull(totals, "URI:" + uri); for (StatusCodeGroup status : Arrays.asList(StatusCodeGroup.SUCCESS, StatusCodeGroup.SERVER_ERROR)) { RequestMetricSummary total = totals.getDetailed().get(status); - assertEquals("URI:" + uri, 1, total.getCount()); + assertEquals(1, total.getCount(), "URI:" + uri); } } assertNull(MetricsAccessor.getCurrent()); @@ -148,7 +148,7 @@ public void happy_path() throws Exception { } @Test - public void intolerable_request() throws Exception { + void intolerable_request() throws Exception { TimeService slowRequestTimeService = new TimeService() { long now = System.currentTimeMillis(); @@ -181,7 +181,7 @@ public long getCurrentTimeMillis() { } @Test - public void idle_counter() throws Exception { + void idle_counter() throws Exception { IdleTimer mockIdleTimer = mock(IdleTimer.class); setRequestData("/oauth/token"); final FilterChain chain = mock(FilterChain.class); @@ -196,7 +196,7 @@ public void idle_counter() throws Exception { verify(mockIdleTimer, times(1)).endRequest(); } - public void setRequestData(String requestURI) { + void setRequestData(String requestURI) { request.setRequestURI("/uaa" + requestURI); request.setPathInfo(requestURI); request.setContextPath("/uaa"); @@ -204,7 +204,7 @@ public void setRequestData(String requestURI) { } @Test - public void deserialize_summary() throws Exception { + void deserialize_summary() throws Exception { String path = "/some/path"; setRequestData(path); for (int status : Arrays.asList(200, 500)) { @@ -217,7 +217,7 @@ public void deserialize_summary() throws Exception { } @Test - public void url_groups() { + void url_groups() { request.setServerName("localhost:8080"); setRequestData("/uaa/authenticate"); request.setPathInfo("/authenticate"); @@ -226,7 +226,7 @@ public void url_groups() { } @Test - public void uri_groups_when_fails_to_load() { + void uri_groups_when_fails_to_load() { ReflectionTestUtils.setField(filter, "urlGroups", null); request.setContextPath(""); MultiValueMap map = new LinkedMultiValueMap<>(); @@ -265,14 +265,14 @@ public void uri_groups_when_fails_to_load() { entry -> { for (String s : entry.getValue()) { setRequestData(s); - assertEquals("Testing URL: " + s, FALLBACK.getGroup(), filter.getUriGroup(request).getGroup()); + assertEquals(FALLBACK.getGroup(), filter.getUriGroup(request).getGroup(), "Testing URL: " + s); } } ); } @Test - public void validate_matcher() { + void validate_matcher() { //validates that patterns that end with /** still match at parent level setRequestData("/some/path"); AntPathRequestMatcher matcher = new AntPathRequestMatcher("/some/path/**"); From 5f9cb541e4f2bccdfca20105f9f6194e9e43d528 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Mon, 16 Dec 2019 17:10:02 -0600 Subject: [PATCH 092/111] Refactor - UaaMetricsFilter - Required properties should be put in the constructor [nostory] --- .../uaa/metrics/UaaMetricsFilter.java | 31 ++++++------------- .../uaa/metrics/UaaMetricsFilterTests.java | 25 +++++---------- .../main/webapp/WEB-INF/spring-servlet.xml | 5 +-- 3 files changed, 18 insertions(+), 43 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/metrics/UaaMetricsFilter.java b/server/src/main/java/org/cloudfoundry/identity/uaa/metrics/UaaMetricsFilter.java index d26cd23345c..610862164cf 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/metrics/UaaMetricsFilter.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/metrics/UaaMetricsFilter.java @@ -5,6 +5,7 @@ import org.cloudfoundry.identity.uaa.util.TimeServiceImpl; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Value; import org.springframework.core.io.ClassPathResource; import org.springframework.jmx.export.annotation.ManagedMetric; import org.springframework.jmx.export.annotation.ManagedResource; @@ -47,12 +48,17 @@ public class UaaMetricsFilter extends OncePerRequestFilter implements UaaMetrics private IdleTimer inflight = new IdleTimer(); private Map perUriMetrics = new ConcurrentHashMap<>(); private LinkedHashMap urlGroups; - private boolean enabled = true; - private boolean perRequestMetrics = false; + private final boolean enabled; + private final boolean perRequestMetrics; private NotificationPublisher notificationPublisher; - public UaaMetricsFilter() throws IOException { + public UaaMetricsFilter( + final @Value("${metrics.enabled:true}") boolean enabled, + final @Value("${metrics.perRequestMetrics:false}") boolean perRequestMetrics + ) throws IOException { + this.enabled = enabled; + this.perRequestMetrics = perRequestMetrics; perUriMetrics.put(MetricsUtil.GLOBAL_GROUP, new MetricsQueue()); urlGroups = new LinkedHashMap<>(); List groups = getUrlGroups(); @@ -61,7 +67,6 @@ public UaaMetricsFilter() throws IOException { ); } - @Override protected void doFilterInternal( final @NonNull HttpServletRequest request, @@ -78,7 +83,7 @@ protected void doFilterInternal( MetricsAccessor.clear(); inflight.endRequest(); metric.stop(response.getStatus(), timeService.getCurrentTimeMillis()); - if (isPerRequestMetrics()) { + if (perRequestMetrics) { sendRequestTime(uriGroup.getGroup(), metric.getRequestCompleteTime() - metric.getRequestStartTime()); } for (String group : Arrays.asList(uriGroup.getGroup(), MetricsUtil.GLOBAL_GROUP)) { @@ -91,14 +96,6 @@ protected void doFilterInternal( } } - public void setEnabled(boolean enabled) { - this.enabled = enabled; - } - - public boolean isEnabled() { - return enabled; - } - protected MetricsQueue getMetricsQueue(String uri) { if (!perUriMetrics.containsKey(uri)) { perUriMetrics.putIfAbsent(uri, new MetricsQueue()); @@ -186,14 +183,6 @@ public void setNotificationPublisher(final @NonNull NotificationPublisher notifi this.notificationPublisher = notificationPublisher; } - public boolean isPerRequestMetrics() { - return perRequestMetrics; - } - - public void setPerRequestMetrics(boolean perRequestMetrics) { - this.perRequestMetrics = perRequestMetrics; - } - public void setInflight(IdleTimer inflight) { this.inflight = inflight; } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/metrics/UaaMetricsFilterTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/metrics/UaaMetricsFilterTests.java index 6412de50db8..3c2d0c54567 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/metrics/UaaMetricsFilterTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/metrics/UaaMetricsFilterTests.java @@ -51,8 +51,7 @@ class UaaMetricsFilterTests { @BeforeEach void setup() throws Exception { - filter = spy(new UaaMetricsFilter()); - filter.setEnabled(true); + filter = spy(new UaaMetricsFilter(true, false)); request = new MockHttpServletRequest(); response = new MockHttpServletResponse(); publisher = mock(NotificationPublisher.class); @@ -69,28 +68,19 @@ void group_static_content() { } } - @Test - void enabled_by_default() throws Exception { - filter = new UaaMetricsFilter(); - assertTrue(filter.isEnabled()); - } - @Test void per_request_disabled_by_default() throws Exception { - assertFalse(filter.isPerRequestMetrics()); performTwoSimpleRequests(); verify(filter, never()).sendRequestTime(anyString(), anyLong()); } @Test void per_request_enabled() throws Exception { - filter.setPerRequestMetrics(true); - assertTrue(filter.isPerRequestMetrics()); + filter = spy(new UaaMetricsFilter(true, true)); performTwoSimpleRequests(); verify(filter, times(2)).sendRequestTime(anyString(), anyLong()); } - @Test void url_groups_loaded() throws Exception { List urlGroups = filter.getUrlGroups(); @@ -105,7 +95,7 @@ void url_groups_loaded() throws Exception { @Test void disabled() throws Exception { - filter.setEnabled(false); + filter = spy(new UaaMetricsFilter(false, false)); performTwoSimpleRequests(); MetricsQueue queue = JsonUtils.readValue(filter.getGlobals(), MetricsQueue.class); assertNotNull(queue); @@ -124,7 +114,8 @@ String performTwoSimpleRequests() throws ServletException, IOException { @Test void happy_path() throws Exception { - filter.setPerRequestMetrics(true); + filter = spy(new UaaMetricsFilter(true, true)); + filter.setNotificationPublisher(publisher); String path = performTwoSimpleRequests(); Map summary = filter.getSummary(); assertNotNull(summary); @@ -160,8 +151,7 @@ public long getCurrentTimeMillis() { }; for (TimeService timeService : Arrays.asList(slowRequestTimeService, new TimeServiceImpl())) { reset(publisher); - filter = new UaaMetricsFilter(); - filter.setPerRequestMetrics(true); + filter = new UaaMetricsFilter(true, true); filter.setTimeService(timeService); filter.setNotificationPublisher(publisher); String path = "/authenticate/test"; @@ -185,9 +175,8 @@ void idle_counter() throws Exception { IdleTimer mockIdleTimer = mock(IdleTimer.class); setRequestData("/oauth/token"); final FilterChain chain = mock(FilterChain.class); - final UaaMetricsFilter filter = new UaaMetricsFilter(); + final UaaMetricsFilter filter = new UaaMetricsFilter(true, false); filter.setInflight(mockIdleTimer); - filter.setEnabled(true); filter.doFilterInternal(request, response, chain); diff --git a/uaa/src/main/webapp/WEB-INF/spring-servlet.xml b/uaa/src/main/webapp/WEB-INF/spring-servlet.xml index a1bdc214166..ebb267cb5f9 100755 --- a/uaa/src/main/webapp/WEB-INF/spring-servlet.xml +++ b/uaa/src/main/webapp/WEB-INF/spring-servlet.xml @@ -265,10 +265,7 @@ value="#{@config['servlet']==null ? @defaultFilteredHeaders : @config['servlet']['filtered-headers'] == null ? @defaultFilteredHeaders : @config['servlet']['filtered-headers']}"/> - - - - + From 6c1eaca44552644c30c34adfebd75d5a63381a11 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 17 Dec 2019 08:02:45 -0600 Subject: [PATCH 093/111] Refactor - UaaMetricsFilter - Use TimeServiceBean - Mark internals as final and init them in c'tor [nostory] --- .../uaa/metrics/UaaMetricsFilter.java | 33 +++++++------------ .../uaa/metrics/UaaMetricsFilterTests.java | 15 ++++----- 2 files changed, 19 insertions(+), 29 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/metrics/UaaMetricsFilter.java b/server/src/main/java/org/cloudfoundry/identity/uaa/metrics/UaaMetricsFilter.java index 610862164cf..7c0a4b1ec6a 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/metrics/UaaMetricsFilter.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/metrics/UaaMetricsFilter.java @@ -2,7 +2,6 @@ import org.cloudfoundry.identity.uaa.util.JsonUtils; import org.cloudfoundry.identity.uaa.util.TimeService; -import org.cloudfoundry.identity.uaa.util.TimeServiceImpl; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Value; @@ -36,7 +35,7 @@ ) public class UaaMetricsFilter extends OncePerRequestFilter implements UaaMetrics, NotificationPublisherAware { private static final int MAX_TIME = 3000; - public static final UrlGroup FALLBACK = new UrlGroup() + static final UrlGroup FALLBACK = new UrlGroup() .setCategory("Unknown") .setGroup("/unknown") .setLimit(MAX_TIME) @@ -44,10 +43,10 @@ public class UaaMetricsFilter extends OncePerRequestFilter implements UaaMetrics private static Logger logger = LoggerFactory.getLogger(UaaMetricsFilter.class); - private TimeService timeService = new TimeServiceImpl(); - private IdleTimer inflight = new IdleTimer(); - private Map perUriMetrics = new ConcurrentHashMap<>(); - private LinkedHashMap urlGroups; + private final TimeService timeService; + private final IdleTimer inflight; + private final Map perUriMetrics; + private final LinkedHashMap urlGroups; private final boolean enabled; private final boolean perRequestMetrics; @@ -55,16 +54,20 @@ public class UaaMetricsFilter extends OncePerRequestFilter implements UaaMetrics public UaaMetricsFilter( final @Value("${metrics.enabled:true}") boolean enabled, - final @Value("${metrics.perRequestMetrics:false}") boolean perRequestMetrics + final @Value("${metrics.perRequestMetrics:false}") boolean perRequestMetrics, + final TimeService timeService ) throws IOException { this.enabled = enabled; this.perRequestMetrics = perRequestMetrics; - perUriMetrics.put(MetricsUtil.GLOBAL_GROUP, new MetricsQueue()); - urlGroups = new LinkedHashMap<>(); + this.timeService = timeService; + this.perUriMetrics = new ConcurrentHashMap<>(); + this.perUriMetrics.put(MetricsUtil.GLOBAL_GROUP, new MetricsQueue()); + this.urlGroups = new LinkedHashMap<>(); List groups = getUrlGroups(); groups.forEach( group -> urlGroups.put(new AntPathRequestMatcher(group.getPattern()), group) ); + this.inflight = new IdleTimer(); } @Override @@ -154,14 +157,6 @@ public String getGlobals() { return JsonUtils.writeValueAsString(perUriMetrics.get(MetricsUtil.GLOBAL_GROUP)); } - public TimeService getTimeService() { - return timeService; - } - - public void setTimeService(TimeService timeService) { - this.timeService = timeService; - } - public List getUrlGroups() throws IOException { ClassPathResource resource = new ClassPathResource("performance-url-groups.yml"); Yaml yaml = new Yaml(); @@ -182,8 +177,4 @@ public void sendRequestTime(String urlGroup, long time) { public void setNotificationPublisher(final @NonNull NotificationPublisher notificationPublisher) { this.notificationPublisher = notificationPublisher; } - - public void setInflight(IdleTimer inflight) { - this.inflight = inflight; - } } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/metrics/UaaMetricsFilterTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/metrics/UaaMetricsFilterTests.java index 3c2d0c54567..9840113a788 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/metrics/UaaMetricsFilterTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/metrics/UaaMetricsFilterTests.java @@ -51,7 +51,7 @@ class UaaMetricsFilterTests { @BeforeEach void setup() throws Exception { - filter = spy(new UaaMetricsFilter(true, false)); + filter = spy(new UaaMetricsFilter(true, false, new TimeServiceImpl())); request = new MockHttpServletRequest(); response = new MockHttpServletResponse(); publisher = mock(NotificationPublisher.class); @@ -76,7 +76,7 @@ void per_request_disabled_by_default() throws Exception { @Test void per_request_enabled() throws Exception { - filter = spy(new UaaMetricsFilter(true, true)); + filter = spy(new UaaMetricsFilter(true, true, new TimeServiceImpl())); performTwoSimpleRequests(); verify(filter, times(2)).sendRequestTime(anyString(), anyLong()); } @@ -95,7 +95,7 @@ void url_groups_loaded() throws Exception { @Test void disabled() throws Exception { - filter = spy(new UaaMetricsFilter(false, false)); + filter = spy(new UaaMetricsFilter(false, false, new TimeServiceImpl())); performTwoSimpleRequests(); MetricsQueue queue = JsonUtils.readValue(filter.getGlobals(), MetricsQueue.class); assertNotNull(queue); @@ -114,7 +114,7 @@ String performTwoSimpleRequests() throws ServletException, IOException { @Test void happy_path() throws Exception { - filter = spy(new UaaMetricsFilter(true, true)); + filter = spy(new UaaMetricsFilter(true, true, new TimeServiceImpl())); filter.setNotificationPublisher(publisher); String path = performTwoSimpleRequests(); Map summary = filter.getSummary(); @@ -151,8 +151,7 @@ public long getCurrentTimeMillis() { }; for (TimeService timeService : Arrays.asList(slowRequestTimeService, new TimeServiceImpl())) { reset(publisher); - filter = new UaaMetricsFilter(true, true); - filter.setTimeService(timeService); + filter = new UaaMetricsFilter(true, true, timeService); filter.setNotificationPublisher(publisher); String path = "/authenticate/test"; setRequestData(path); @@ -175,8 +174,8 @@ void idle_counter() throws Exception { IdleTimer mockIdleTimer = mock(IdleTimer.class); setRequestData("/oauth/token"); final FilterChain chain = mock(FilterChain.class); - final UaaMetricsFilter filter = new UaaMetricsFilter(true, false); - filter.setInflight(mockIdleTimer); + final UaaMetricsFilter filter = new UaaMetricsFilter(true, false, new TimeServiceImpl()); + ReflectionTestUtils.setField(filter, "inflight", mockIdleTimer); filter.doFilterInternal(request, response, chain); From cb88cf2c339b40484634dc26d79076a6157fb1f5 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 17 Dec 2019 13:21:00 -0600 Subject: [PATCH 094/111] Test Refactor - XFrameOptionsTheories - Use @DefaultTestContext [nostory] --- .../uaa/login/XFrameOptionsTheories.java | 34 ++++--------------- 1 file changed, 7 insertions(+), 27 deletions(-) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/XFrameOptionsTheories.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/XFrameOptionsTheories.java index 57558c28986..58a1d71ff9d 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/XFrameOptionsTheories.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/XFrameOptionsTheories.java @@ -1,51 +1,31 @@ package org.cloudfoundry.identity.uaa.login; -import org.cloudfoundry.identity.uaa.SpringServletTestConfig; -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; +import org.cloudfoundry.identity.uaa.DefaultTestContext; +import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; -import org.springframework.security.web.FilterChainProxy; -import org.springframework.test.context.ActiveProfiles; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import org.springframework.test.context.web.WebAppConfiguration; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.RequestBuilder; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; -import org.springframework.test.web.servlet.setup.MockMvcBuilders; -import org.springframework.web.context.WebApplicationContext; import static org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFRAME_OPTIONS_HEADER; import static org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter.XFrameOptionsMode.DENY; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header; -@RunWith(SpringJUnit4ClassRunner.class) -@ActiveProfiles("default") -@WebAppConfiguration -@ContextConfiguration(classes = SpringServletTestConfig.class) -public class XFrameOptionsTheories { +@DefaultTestContext +class XFrameOptionsTheories { + @Autowired - private WebApplicationContext webApplicationContext; private MockMvc mockMvc; - @Before - public void setup() { - FilterChainProxy springSecurityFilterChain = webApplicationContext.getBean("springSecurityFilterChain", FilterChainProxy.class); - mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext) - .addFilter(springSecurityFilterChain) - .build(); - } - @Test - public void responsesHaveXFrameOptionsHeaderHtml() throws Exception { + void responsesHaveXFrameOptionsHeaderHtml() throws Exception { RequestBuilder request = MockMvcRequestBuilders.get("/login").accept(MediaType.TEXT_HTML); mockMvc.perform(request).andExpect(header().string(XFRAME_OPTIONS_HEADER, DENY.toString())); } @Test - public void responsesHaveXFrameOptionsHeaderJson() throws Exception { + void responsesHaveXFrameOptionsHeaderJson() throws Exception { RequestBuilder request = MockMvcRequestBuilders.get("/login").accept(MediaType.APPLICATION_JSON); mockMvc.perform(request).andExpect(header().string(XFRAME_OPTIONS_HEADER, DENY.toString())); } From 105dbb0726e0f1846c17c8100945414b071acf09 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 17 Dec 2019 13:22:25 -0600 Subject: [PATCH 095/111] Test Refactor - PollutionPreventionExtensionTests - Use @DefaultTestContext [nostory][ --- .../PollutionPreventionExtensionTests.java | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/test/PollutionPreventionExtensionTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/test/PollutionPreventionExtensionTests.java index 27c3aed98ba..6927d86e437 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/test/PollutionPreventionExtensionTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/test/PollutionPreventionExtensionTests.java @@ -1,32 +1,18 @@ package org.cloudfoundry.identity.uaa.test; -import org.cloudfoundry.identity.uaa.SpringServletTestConfig; -import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.DefaultTestContext; import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.cloudfoundry.identity.uaa.zone.JdbcIdentityZoneProvisioning; import org.cloudfoundry.identity.uaa.zone.MultitenantJdbcClientDetailsService; import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.test.context.ActiveProfiles; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit.jupiter.SpringExtension; -import org.springframework.test.context.web.WebAppConfiguration; -import org.springframework.web.context.WebApplicationContext; import static org.junit.jupiter.api.Assertions.assertEquals; -@ExtendWith(SpringExtension.class) -@ExtendWith(PollutionPreventionExtension.class) -@ActiveProfiles("default") -@WebAppConfiguration -@ContextConfiguration(classes = SpringServletTestConfig.class) +@DefaultTestContext class PollutionPreventionExtensionTests { - @Autowired - private WebApplicationContext webApplicationContext; - @Autowired private JdbcIdentityZoneProvisioning jdbcIdentityZoneProvisioning; From 9c6aeaa788dfdbac7d7f38cd92dc72e4b644e9d9 Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 17 Dec 2019 13:23:57 -0600 Subject: [PATCH 096/111] Test Refactor - DefaultTestContext - Bring helper classes into same file - Reinforces that @DefaultTestContext is what to use [nostory] --- .../identity/uaa/DefaultTestContext.java | 37 +++++++++++++++++++ .../identity/uaa/SpringServletTestConfig.java | 15 -------- .../uaa/TestClientAndMockMvcTestConfig.java | 27 -------------- 3 files changed, 37 insertions(+), 42 deletions(-) delete mode 100644 uaa/src/test/java/org/cloudfoundry/identity/uaa/SpringServletTestConfig.java delete mode 100644 uaa/src/test/java/org/cloudfoundry/identity/uaa/TestClientAndMockMvcTestConfig.java diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/DefaultTestContext.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/DefaultTestContext.java index f09c471b282..eb10cd6bf05 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/DefaultTestContext.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/DefaultTestContext.java @@ -1,11 +1,20 @@ package org.cloudfoundry.identity.uaa; import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; +import org.cloudfoundry.identity.uaa.test.TestClient; import org.junit.jupiter.api.extension.ExtendWith; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.ImportResource; +import org.springframework.context.annotation.PropertySource; +import org.springframework.context.support.PropertySourcesPlaceholderConfigurer; +import org.springframework.security.web.FilterChainProxy; import org.springframework.test.context.ActiveProfiles; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.context.web.WebAppConfiguration; +import org.springframework.test.web.servlet.MockMvc; +import org.springframework.test.web.servlet.setup.MockMvcBuilders; +import org.springframework.web.context.WebApplicationContext; import java.lang.annotation.ElementType; import java.lang.annotation.Retention; @@ -24,3 +33,31 @@ }) public @interface DefaultTestContext { } + +@ImportResource(locations = {"file:./src/main/webapp/WEB-INF/spring-servlet.xml"}) +@PropertySource(value = "classpath:integration_test_properties.yml", factory = NestedMapPropertySourceFactory.class) +class SpringServletTestConfig { + @Bean + public static PropertySourcesPlaceholderConfigurer properties() { + return new PropertySourcesPlaceholderConfigurer(); + } +} + +class TestClientAndMockMvcTestConfig { + @Bean + public MockMvc mockMvc( + WebApplicationContext webApplicationContext, + @SuppressWarnings("SpringJavaInjectionPointsAutowiringInspection") FilterChainProxy springSecurityFilterChain + ) { + return MockMvcBuilders.webAppContextSetup(webApplicationContext) + .addFilter(springSecurityFilterChain) + .build(); + } + + @Bean + public TestClient testClient( + MockMvc mockMvc + ) { + return new TestClient(mockMvc); + } +} diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/SpringServletTestConfig.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/SpringServletTestConfig.java deleted file mode 100644 index b353f23ce6e..00000000000 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/SpringServletTestConfig.java +++ /dev/null @@ -1,15 +0,0 @@ -package org.cloudfoundry.identity.uaa; - -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.ImportResource; -import org.springframework.context.annotation.PropertySource; -import org.springframework.context.support.PropertySourcesPlaceholderConfigurer; - -@ImportResource(locations = {"file:./src/main/webapp/WEB-INF/spring-servlet.xml"}) -@PropertySource(value = "classpath:integration_test_properties.yml", factory = NestedMapPropertySourceFactory.class) -public class SpringServletTestConfig { - @Bean - public static PropertySourcesPlaceholderConfigurer properties() { - return new PropertySourcesPlaceholderConfigurer(); - } -} diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/TestClientAndMockMvcTestConfig.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/TestClientAndMockMvcTestConfig.java deleted file mode 100644 index 60ac9200cad..00000000000 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/TestClientAndMockMvcTestConfig.java +++ /dev/null @@ -1,27 +0,0 @@ -package org.cloudfoundry.identity.uaa; - -import org.cloudfoundry.identity.uaa.test.TestClient; -import org.springframework.context.annotation.Bean; -import org.springframework.security.web.FilterChainProxy; -import org.springframework.test.web.servlet.MockMvc; -import org.springframework.test.web.servlet.setup.MockMvcBuilders; -import org.springframework.web.context.WebApplicationContext; - -public class TestClientAndMockMvcTestConfig { - @Bean - public MockMvc mockMvc( - WebApplicationContext webApplicationContext, - @SuppressWarnings("SpringJavaInjectionPointsAutowiringInspection") FilterChainProxy springSecurityFilterChain - ) { - return MockMvcBuilders.webAppContextSetup(webApplicationContext) - .addFilter(springSecurityFilterChain) - .build(); - } - - @Bean - public TestClient testClient( - MockMvc mockMvc - ) { - return new TestClient(mockMvc); - } -} From 0d050052497c63dc82b2081531fadee5a60cecba Mon Sep 17 00:00:00 2001 From: Joshua Casey Date: Tue, 17 Dec 2019 13:27:46 -0600 Subject: [PATCH 097/111] Test Refactor - Use MockMvc from @DefaultTestContext [nostory] --- .../ClientMetadataAdminEndpointsMockMvcTest.java | 9 +-------- .../uaa/login/AccountsControllerMockMvcTests.java | 9 +-------- .../ForcePasswordChangeControllerMockMvcTest.java | 9 +-------- .../login/ResetPasswordControllerMockMvcTests.java | 11 +---------- .../uaa/mock/limited/LimitedModeNegativeTests.java | 8 +------- .../MfaProviderEndpointsMockMvcTests.java | 8 +------- ...AuthorizationPromptNoneEntryPointMockMvcTests.java | 8 +------- .../uaa/mock/token/TokenKeyEndpointMockMvcTests.java | 8 +------- .../endpoints/OpenIdConnectEndpointsMockMvcTests.java | 8 +------- .../scim/endpoints/ScimUserEndpointsMockMvcTests.java | 7 +------ .../scim/endpoints/UserInfoEndpointMockMvcTests.java | 7 +------ 11 files changed, 11 insertions(+), 81 deletions(-) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/client/ClientMetadataAdminEndpointsMockMvcTest.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/client/ClientMetadataAdminEndpointsMockMvcTest.java index 2cf2f9afe74..880f19078da 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/client/ClientMetadataAdminEndpointsMockMvcTest.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/client/ClientMetadataAdminEndpointsMockMvcTest.java @@ -14,11 +14,9 @@ import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; import org.springframework.security.oauth2.provider.client.BaseClientDetails; -import org.springframework.security.web.FilterChainProxy; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.ResultActions; import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder; -import org.springframework.test.web.servlet.setup.MockMvcBuilders; import org.springframework.web.context.WebApplicationContext; import java.net.URL; @@ -45,17 +43,12 @@ public class ClientMetadataAdminEndpointsMockMvcTest { private MultitenantJdbcClientDetailsService clients; private RandomValueStringGenerator generator = new RandomValueStringGenerator(8); private String adminClientTokenWithClientsRead; + @Autowired private MockMvc mockMvc; private TestClient testClient; @BeforeEach void setUp() throws Exception { - FilterChainProxy springSecurityFilterChain = webApplicationContext.getBean("springSecurityFilterChain", - FilterChainProxy.class); - mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext) - .addFilter(springSecurityFilterChain) - .build(); - testClient = new TestClient(mockMvc); UaaTestAccounts testAccounts = UaaTestAccounts.standard(null); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerMockMvcTests.java index 756d3984059..62c8a0b819b 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerMockMvcTests.java @@ -28,14 +28,12 @@ import org.springframework.security.core.context.SecurityContext; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; import org.springframework.security.oauth2.provider.client.BaseClientDetails; -import org.springframework.security.web.FilterChainProxy; import org.springframework.security.web.context.HttpSessionSecurityContextRepository; import org.springframework.security.web.savedrequest.SavedRequest; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MvcResult; import org.springframework.test.web.servlet.ResultActions; import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder; -import org.springframework.test.web.servlet.setup.MockMvcBuilders; import org.springframework.web.context.WebApplicationContext; import org.springframework.web.context.support.StandardServletEnvironment; @@ -66,6 +64,7 @@ class AccountsControllerMockMvcTests { @Autowired private WebApplicationContext webApplicationContext; + @Autowired private MockMvc mockMvc; private TestClient testClient; @Autowired @@ -74,12 +73,6 @@ class AccountsControllerMockMvcTests { @BeforeEach void setUp() { - FilterChainProxy springSecurityFilterChain = webApplicationContext.getBean("springSecurityFilterChain", FilterChainProxy.class); - mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext) - .alwaysDo(print()) - .addFilter(springSecurityFilterChain) - .build(); - testClient = new TestClient(mockMvc); EmailService emailService = webApplicationContext.getBean("emailService", EmailService.class); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/ForcePasswordChangeControllerMockMvcTest.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/ForcePasswordChangeControllerMockMvcTest.java index d731c8b5317..dc5f633da34 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/ForcePasswordChangeControllerMockMvcTest.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/ForcePasswordChangeControllerMockMvcTest.java @@ -27,11 +27,9 @@ import org.springframework.mock.web.MockHttpSession; import org.springframework.security.core.context.SecurityContext; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.web.FilterChainProxy; import org.springframework.security.web.context.HttpSessionSecurityContextRepository; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder; -import org.springframework.test.web.servlet.setup.MockMvcBuilders; import org.springframework.web.context.WebApplicationContext; import javax.servlet.http.Cookie; @@ -62,16 +60,11 @@ class ForcePasswordChangeControllerMockMvcTest { @Autowired private WebApplicationContext webApplicationContext; + @Autowired private MockMvc mockMvc; @BeforeEach void setup() throws Exception { - FilterChainProxy springSecurityFilterChain = webApplicationContext.getBean("springSecurityFilterChain", FilterChainProxy.class); - mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext) - .addFilter(springSecurityFilterChain) - .build(); - - String username = new RandomValueStringGenerator().generate() + "@test.org"; user = new ScimUser(null, username, "givenname", "familyname"); user.setPrimaryEmail(username); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/ResetPasswordControllerMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/ResetPasswordControllerMockMvcTests.java index 3c0d2d7e132..b53df2734d7 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/ResetPasswordControllerMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/ResetPasswordControllerMockMvcTests.java @@ -27,13 +27,11 @@ import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpSession; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.web.FilterChainProxy; import org.springframework.security.web.PortResolverImpl; import org.springframework.security.web.savedrequest.DefaultSavedRequest; import org.springframework.security.web.savedrequest.SavedRequest; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder; -import org.springframework.test.web.servlet.setup.MockMvcBuilders; import org.springframework.web.context.WebApplicationContext; import javax.servlet.http.Cookie; @@ -69,16 +67,9 @@ public class ResetPasswordControllerMockMvcTests { @Autowired public WebApplicationContext webApplicationContext; private ExpiringCodeStore codeStore; + @Autowired private MockMvc mockMvc; - @BeforeEach - void setup() { - FilterChainProxy springSecurityFilterChain = webApplicationContext.getBean("springSecurityFilterChain", FilterChainProxy.class); - mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext) - .addFilter(springSecurityFilterChain) - .build(); - } - @BeforeEach void initResetPasswordTest() { codeStore = webApplicationContext.getBean(ExpiringCodeStore.class); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/limited/LimitedModeNegativeTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/limited/LimitedModeNegativeTests.java index 26f2ad53ef0..56480249d3c 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/limited/LimitedModeNegativeTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/limited/LimitedModeNegativeTests.java @@ -9,9 +9,7 @@ import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; -import org.springframework.security.web.FilterChainProxy; import org.springframework.test.web.servlet.MockMvc; -import org.springframework.test.web.servlet.setup.MockMvcBuilders; import org.springframework.web.context.WebApplicationContext; import java.io.File; @@ -34,15 +32,11 @@ class LimitedModeNegativeTests { @Autowired private WebApplicationContext webApplicationContext; + @Autowired private MockMvc mockMvc; @BeforeEach void setUp() throws Exception { - FilterChainProxy springSecurityFilterChain = webApplicationContext.getBean("springSecurityFilterChain", FilterChainProxy.class); - mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext) - .addFilter(springSecurityFilterChain) - .build(); - existingStatusFile = getLimitedModeStatusFile(webApplicationContext); setLimitedModeStatusFile(webApplicationContext); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/mfa_provider/MfaProviderEndpointsMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/mfa_provider/MfaProviderEndpointsMockMvcTests.java index 8f516d0fb27..129e6db8f12 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/mfa_provider/MfaProviderEndpointsMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/mfa_provider/MfaProviderEndpointsMockMvcTests.java @@ -21,11 +21,9 @@ import org.springframework.http.HttpStatus; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.web.FilterChainProxy; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MvcResult; import org.springframework.test.web.servlet.ResultActions; -import org.springframework.test.web.servlet.setup.MockMvcBuilders; import org.springframework.web.context.support.GenericWebApplicationContext; import java.util.List; @@ -58,15 +56,11 @@ public class MfaProviderEndpointsMockMvcTests { private MfaProviderProvisioning mfaProviderProvisioning; + @Autowired private MockMvc mockMvc; @BeforeEach void setup() throws Exception { - FilterChainProxy springSecurityFilterChain = webApplicationContext.getBean("springSecurityFilterChain", FilterChainProxy.class); - mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext) - .addFilter(springSecurityFilterChain) - .build(); - TestClient testClient = new TestClient(mockMvc); mfaProviderProvisioning = webApplicationContext.getBean(JdbcMfaProviderProvisioning.class); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/oauth/AuthorizationPromptNoneEntryPointMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/oauth/AuthorizationPromptNoneEntryPointMockMvcTests.java index 30f3f3b219b..01a43f9f62c 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/oauth/AuthorizationPromptNoneEntryPointMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/oauth/AuthorizationPromptNoneEntryPointMockMvcTests.java @@ -12,11 +12,9 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.mock.web.MockHttpSession; import org.springframework.security.oauth2.provider.client.BaseClientDetails; -import org.springframework.security.web.FilterChainProxy; import org.springframework.test.util.ReflectionTestUtils; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MvcResult; -import org.springframework.test.web.servlet.setup.MockMvcBuilders; import org.springframework.web.context.WebApplicationContext; import java.util.Collections; @@ -45,15 +43,11 @@ class AuthorizationPromptNoneEntryPointMockMvcTests { @Autowired private WebApplicationContext webApplicationContext; + @Autowired private MockMvc mockMvc; @BeforeEach void setup() throws Exception { - FilterChainProxy springSecurityFilterChain = webApplicationContext.getBean("springSecurityFilterChain", FilterChainProxy.class); - mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext) - .addFilter(springSecurityFilterChain) - .build(); - TestClient testClient = new TestClient(mockMvc); BaseClientDetails client = new BaseClientDetails("ant", "", "openid", "implicit", "", "http://example.com/**"); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenKeyEndpointMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenKeyEndpointMockMvcTests.java index 5c36d50424b..c9f614258dc 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenKeyEndpointMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenKeyEndpointMockMvcTests.java @@ -18,10 +18,8 @@ import org.springframework.http.MediaType; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; import org.springframework.security.oauth2.provider.client.BaseClientDetails; -import org.springframework.security.web.FilterChainProxy; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MvcResult; -import org.springframework.test.web.servlet.setup.MockMvcBuilders; import org.springframework.web.context.WebApplicationContext; import java.util.Collections; @@ -82,17 +80,13 @@ class TokenKeyEndpointMockMvcTests { "-----END PUBLIC KEY-----"; private BaseClientDetails defaultClient; private IdentityZone testZone; + @Autowired private MockMvc mockMvc; @Autowired private WebApplicationContext webApplicationContext; @BeforeEach void setSigningKeyAndDefaultClient() { - FilterChainProxy springSecurityFilterChain = webApplicationContext.getBean("springSecurityFilterChain", FilterChainProxy.class); - mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext) - .addFilter(springSecurityFilterChain) - .build(); - setSigningKeyAndDefaultClient(signKey); } diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/OpenIdConnectEndpointsMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/OpenIdConnectEndpointsMockMvcTests.java index 128980f047c..fbd5fdeb1c9 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/OpenIdConnectEndpointsMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/OpenIdConnectEndpointsMockMvcTests.java @@ -11,9 +11,7 @@ import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.security.web.FilterChainProxy; import org.springframework.test.web.servlet.MockMvc; -import org.springframework.test.web.servlet.setup.MockMvcBuilders; import org.springframework.web.context.WebApplicationContext; import java.util.Arrays; @@ -33,15 +31,11 @@ class OpenIdConnectEndpointsMockMvcTests { private IdentityZone identityZone; @Autowired private WebApplicationContext webApplicationContext; + @Autowired private MockMvc mockMvc; @BeforeEach void setUp() throws Exception { - FilterChainProxy springSecurityFilterChain = webApplicationContext.getBean("springSecurityFilterChain", FilterChainProxy.class); - mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext) - .addFilter(springSecurityFilterChain) - .build(); - identityZone = createOtherIdentityZone("subdomain", mockMvc, webApplicationContext, IdentityZoneHolder.getCurrentZoneId()); } diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpointsMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpointsMockMvcTests.java index 2b08a2580de..1dbea93ae24 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpointsMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpointsMockMvcTests.java @@ -53,13 +53,11 @@ import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; import org.springframework.security.oauth2.provider.ClientDetails; import org.springframework.security.oauth2.provider.client.BaseClientDetails; -import org.springframework.security.web.FilterChainProxy; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MvcResult; import org.springframework.test.web.servlet.ResultActions; import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder; import org.springframework.test.web.servlet.request.MockMvcRequestBuilders; -import org.springframework.test.web.servlet.setup.MockMvcBuilders; import org.springframework.web.context.WebApplicationContext; import java.nio.charset.Charset; @@ -123,6 +121,7 @@ class ScimUserEndpointsMockMvcTests { @Autowired private WebApplicationContext webApplicationContext; + @Autowired private MockMvc mockMvc; private TestClient testClient; @@ -133,10 +132,6 @@ class ScimUserEndpointsMockMvcTests { @BeforeEach void setUp() throws Exception { - FilterChainProxy springSecurityFilterChain = webApplicationContext.getBean("springSecurityFilterChain", FilterChainProxy.class); - mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext) - .addFilter(springSecurityFilterChain) - .build(); testClient = new TestClient(mockMvc); String adminToken = testClient.getClientCredentialsOAuthAccessToken("admin", "adminsecret", diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/UserInfoEndpointMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/UserInfoEndpointMockMvcTests.java index c8158f8a660..ed6609261c8 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/UserInfoEndpointMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/UserInfoEndpointMockMvcTests.java @@ -13,9 +13,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.web.FilterChainProxy; import org.springframework.test.web.servlet.MockMvc; -import org.springframework.test.web.servlet.setup.MockMvcBuilders; import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; import org.springframework.web.context.WebApplicationContext; @@ -47,15 +45,12 @@ class UserInfoEndpointMockMvcTests { @Autowired private WebApplicationContext webApplicationContext; + @Autowired private MockMvc mockMvc; private TestClient testClient; @BeforeEach void setUp() throws Exception { - FilterChainProxy springSecurityFilterChain = webApplicationContext.getBean("springSecurityFilterChain", FilterChainProxy.class); - mockMvc = MockMvcBuilders.webAppContextSetup(webApplicationContext) - .addFilter(springSecurityFilterChain) - .build(); testClient = new TestClient(mockMvc); String adminToken = testClient.getClientCredentialsOAuthAccessToken( From ef343b93e0bacf0cbc0e2d9d43292610cf97e92f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Dec 2019 03:40:25 +0000 Subject: [PATCH 098/111] Bump rack from 2.0.1 to 2.0.8 in /uaa/slate Bumps [rack](https://github.com/rack/rack) from 2.0.1 to 2.0.8. - [Release notes](https://github.com/rack/rack/releases) - [Changelog](https://github.com/rack/rack/blob/master/CHANGELOG.md) - [Commits](https://github.com/rack/rack/compare/2.0.1...2.0.8) Signed-off-by: dependabot[bot] --- uaa/slate/Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/uaa/slate/Gemfile.lock b/uaa/slate/Gemfile.lock index 3c9687ea265..5e1d87d2007 100644 --- a/uaa/slate/Gemfile.lock +++ b/uaa/slate/Gemfile.lock @@ -92,7 +92,7 @@ GEM activesupport (>= 3.1) parallel (1.10.0) public_suffix (2.0.5) - rack (2.0.1) + rack (2.0.8) rb-fsevent (0.9.8) rb-inotify (0.9.8) ffi (>= 0.5.0) From afdc83b3daa52d53ad282a6490ac5d7a15a7833e Mon Sep 17 00:00:00 2001 From: Markus Strehle Date: Fri, 20 Dec 2019 12:44:24 +0100 Subject: [PATCH 099/111] allow wildcard in port (#1140) * allow wildcard in port - during URI normalize the port wildcard info is lost and then laster in match it fails - check therefore only for clientRedirect if port is wildcard and store the info - in match adjust URis with port wildcard * test for default port * do not match if default port * remove space --- .../oauth/beans/LegacyRedirectResolver.java | 40 ++++++++++++++++++- .../beans/LegacyRedirectResolverTest.java | 26 ++++++++++++ 2 files changed, 64 insertions(+), 2 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/beans/LegacyRedirectResolver.java b/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/beans/LegacyRedirectResolver.java index 8424ae387e9..65be86b2977 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/beans/LegacyRedirectResolver.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/beans/LegacyRedirectResolver.java @@ -1,6 +1,7 @@ package org.cloudfoundry.identity.uaa.oauth.beans; import org.apache.commons.lang.ArrayUtils; +import org.apache.commons.lang.StringUtils; import org.cloudfoundry.identity.uaa.util.UaaUrlUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -10,6 +11,7 @@ import org.springframework.util.AntPathMatcher; import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; +import org.springframework.web.util.UriComponents; import org.springframework.web.util.UriComponentsBuilder; import java.net.URI; @@ -40,7 +42,7 @@ public class LegacyRedirectResolver extends org.cloudfoundry.identity.uaa.oauth. protected boolean redirectMatches(String requestedRedirect, String clientRedirect) { try { String normalizedRequestedRedirect = normalizeUri(requestedRedirect); - String normalizedClientRedirect = normalizeUri(clientRedirect); + String normalizedClientRedirect = normalizeWildcardUri(clientRedirect); URI requestedRedirectURI = URI.create(normalizedRequestedRedirect); ClientRedirectUriPattern clientRedirectUri = new ClientRedirectUriPattern(normalizedClientRedirect); @@ -109,6 +111,25 @@ private void logConfiguredRedirectUrisWhichOnlyMatchFuzzily(String clientId, Set ); } + private static String normalizeWildcardUri(String uriClient) { + boolean hasWildcarPort = uriClient.contains(":*"); + String uri = hasWildcarPort ? uriClient.replace(":*", StringUtils.EMPTY) : uriClient; + UriComponentsBuilder uriComponentsBuilder = UriComponentsBuilder.fromUriString(uri); + UriComponents nonNormalizedUri = uriComponentsBuilder.build(); + + try { + uriComponentsBuilder.host(nonNormalizedUri.getHost().toLowerCase()); + uriComponentsBuilder.scheme(nonNormalizedUri.getScheme().toLowerCase()); + if(hasWildcarPort) { + uriComponentsBuilder.port(99999); + } + } catch (NullPointerException e) { + throw new IllegalArgumentException("URI host and scheme must not be null"); + } + + return uriComponentsBuilder.build().toString().replace(":99999", ":*"); + } + private static String redactSensitiveInformation(String uri) { UriComponentsBuilder builder = UriComponentsBuilder.fromUriString(uri); redactQueryParams(builder); @@ -167,9 +188,12 @@ private static class ClientRedirectUriPattern { Pattern.compile("^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))?"); private static final int URI_EXTRACTOR_AUTHORITY_GROUP = 4; // "Authority" means "user:password@example.com" + private static final String WILDCARD_PORT = "99999"; + private static final String WILDCARD_PORT_PATTERN = ":" + WILDCARD_PORT; private Matcher redirectMatcher; private boolean isValidRedirect = true; + private boolean hasWildcardPort = false; private AntPathMatcher matcher; private String redirectUri; @@ -184,6 +208,7 @@ private static class ClientRedirectUriPattern { if (!redirectMatcher.matches()) { isValidRedirect = false; } + this.hasWildcardPort = isWildcardPort(redirectUri); } boolean isSafeRedirect(URI requestedRedirect) { @@ -208,11 +233,22 @@ boolean isValidRedirect() { } boolean match(URI requestedRedirect) { + if(hasWildcardPort) { + if(requestedRedirect.getPort() > 0) { + return matcher.match(redirectUri, requestedRedirect.toString().replace(String.valueOf(requestedRedirect.getPort()), WILDCARD_PORT)); + } else { + return matcher.match(redirectUri.replace(WILDCARD_PORT_PATTERN, StringUtils.EMPTY), requestedRedirect.toString()); + } + } return matcher.match(redirectUri, requestedRedirect.toString()); } private boolean isWildcard(String configuredRedirectPattern) { - return configuredRedirectPattern.contains("*"); + return configuredRedirectPattern.contains("*") || hasWildcardPort; + } + + private boolean isWildcardPort(String configuredRedirectPattern) { + return configuredRedirectPattern.contains(WILDCARD_PORT_PATTERN); } private String getHost() { diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/beans/LegacyRedirectResolverTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/beans/LegacyRedirectResolverTest.java index 536bfe2b828..d3f4ed90752 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/beans/LegacyRedirectResolverTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/beans/LegacyRedirectResolverTest.java @@ -602,6 +602,32 @@ void subdomainMatchingRejectsDomainRedirectOnAntPathVariableSubdomain() { String clientRedirectUri = "http://{foo:.*}.domain.com/"; assertFalse(resolver.redirectMatches("http://other-domain.com?stuff.domain.com/", clientRedirectUri)); } + + @Test + void matchesPortWithWildcardPort() { + final String clientRedirectUri = "https://example.com:*/"; + assertTrue(resolver.redirectMatches("https://example.com:65000/", clientRedirectUri)); + } + + @Test + void matchesPortWithWildcardPortAndPath() { + final String clientRedirectUri = "https://example.com:*/**"; + assertTrue(resolver.redirectMatches("https://example.com:65000/path/subpath", clientRedirectUri)); + } + + @Test + void matchesEmptyPortWithWildcardPort() { + final String clientRedirectUri = "https://example.com:*/"; + assertTrue(resolver.redirectMatches("https://example.com:80/", clientRedirectUri)); + assertFalse(resolver.redirectMatches("https://example.com/", clientRedirectUri)); + } + + @Test + void matchesEmptyPortWithWildcardPortAndPath() { + final String clientRedirectUri = "https://example.com:*/**"; + assertTrue(resolver.redirectMatches("https://example.com:80/path1/path2/path3", clientRedirectUri)); + assertFalse(resolver.redirectMatches("https://example.com/path1/path2/path3", clientRedirectUri)); + } } @Nested From bfc47692d02902771e761b78ed576eba240ce0cd Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Fri, 27 Dec 2019 11:12:59 +0000 Subject: [PATCH 100/111] Bump guava from 28.1-jre to 28.2-jre Bumps [guava](https://github.com/google/guava) from 28.1-jre to 28.2-jre. - [Release notes](https://github.com/google/guava/releases) - [Commits](https://github.com/google/guava/commits) Signed-off-by: dependabot-preview[bot] --- dependencies.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependencies.gradle b/dependencies.gradle index fca843b0fad..70f275a9774 100644 --- a/dependencies.gradle +++ b/dependencies.gradle @@ -37,7 +37,7 @@ libraries.flywayCore = "org.flywaydb:flyway-core" libraries.googleAuth = "com.warrenstrange:googleauth:1.4.0" libraries.gradleCargoPlugin = "com.bmuschko:gradle-cargo-plugin:2.6.2" libraries.gradleNodePlugin = "com.moowork.gradle:gradle-node-plugin:1.1.0" -libraries.guava = "com.google.guava:guava:28.1-jre" +libraries.guava = "com.google.guava:guava:28.2-jre" libraries.hamcrest = "org.hamcrest:hamcrest:${versions.hamcrestVersion}" libraries.hibernateValidator = "org.hibernate.validator:hibernate-validator" libraries.hsqldb = "org.hsqldb:hsqldb" From 2e294df193dbc5897517a41452146a3254a6e5ac Mon Sep 17 00:00:00 2001 From: Cloud Foundry Identity Team Date: Fri, 27 Dec 2019 12:15:45 +0000 Subject: [PATCH 101/111] Update version and regenerate POM files for components --- server/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/pom.xml b/server/pom.xml index 658cd452b0e..7d69338b019 100644 --- a/server/pom.xml +++ b/server/pom.xml @@ -854,7 +854,7 @@ com.google.guava guava - 28.1-jre + 28.2-jre compile From 5debb2047927fc890b224b9acb8c5d65223eae0c Mon Sep 17 00:00:00 2001 From: Andrew Edstrom Date: Thu, 2 Jan 2020 11:32:47 -0800 Subject: [PATCH 102/111] Update tomcat used for local development --- dependencies.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependencies.gradle b/dependencies.gradle index 70f275a9774..a6940b76d2d 100644 --- a/dependencies.gradle +++ b/dependencies.gradle @@ -1,5 +1,5 @@ ext { - tomcatVersion = "9.0.27" + tomcatVersion = "9.0.30" libraries = [:] } From 65db74db09c3263ade4779ed151ad024a638d89b Mon Sep 17 00:00:00 2001 From: Cloud Foundry Identity Team Date: Thu, 2 Jan 2020 19:34:47 +0000 Subject: [PATCH 103/111] Update version and regenerate POM files for components --- samples/api/pom.xml | 8 ++++---- samples/app/pom.xml | 8 ++++---- server/pom.xml | 8 ++++---- statsd/pom.xml | 2 +- uaa/pom.xml | 8 ++++---- 5 files changed, 17 insertions(+), 17 deletions(-) diff --git a/samples/api/pom.xml b/samples/api/pom.xml index 7c6e3353539..715c7552b0d 100644 --- a/samples/api/pom.xml +++ b/samples/api/pom.xml @@ -142,7 +142,7 @@ org.apache.tomcat.embed tomcat-embed-core - 9.0.27 + 9.0.30 provided @@ -573,7 +573,7 @@ org.apache.tomcat tomcat-el-api - 9.0.27 + 9.0.30 test @@ -613,7 +613,7 @@ org.apache.tomcat tomcat-jasper-el - 9.0.27 + 9.0.30 test @@ -653,7 +653,7 @@ org.apache.tomcat tomcat-jdbc - 9.0.27 + 9.0.30 test diff --git a/samples/app/pom.xml b/samples/app/pom.xml index 19d7ee03268..fa63eece821 100644 --- a/samples/app/pom.xml +++ b/samples/app/pom.xml @@ -56,7 +56,7 @@ org.apache.tomcat.embed tomcat-embed-core - 9.0.27 + 9.0.30 provided @@ -569,7 +569,7 @@ org.apache.tomcat tomcat-el-api - 9.0.27 + 9.0.30 test @@ -609,7 +609,7 @@ org.apache.tomcat tomcat-jasper-el - 9.0.27 + 9.0.30 test @@ -649,7 +649,7 @@ org.apache.tomcat tomcat-jdbc - 9.0.27 + 9.0.30 test diff --git a/server/pom.xml b/server/pom.xml index 7d69338b019..aefb2836acd 100644 --- a/server/pom.xml +++ b/server/pom.xml @@ -60,7 +60,7 @@ org.apache.tomcat tomcat-jdbc - 9.0.27 + 9.0.30 compile @@ -1870,7 +1870,7 @@ org.apache.tomcat.embed tomcat-embed-core - 9.0.27 + 9.0.30 provided @@ -2345,7 +2345,7 @@ org.apache.tomcat tomcat-el-api - 9.0.27 + 9.0.30 test @@ -2389,7 +2389,7 @@ org.apache.tomcat tomcat-jasper-el - 9.0.27 + 9.0.30 test diff --git a/statsd/pom.xml b/statsd/pom.xml index 2cbc4c2f944..8ebdc810656 100644 --- a/statsd/pom.xml +++ b/statsd/pom.xml @@ -291,7 +291,7 @@ org.apache.tomcat.embed tomcat-embed-core - 9.0.27 + 9.0.30 provided diff --git a/uaa/pom.xml b/uaa/pom.xml index 11e74691402..044816b813a 100644 --- a/uaa/pom.xml +++ b/uaa/pom.xml @@ -257,7 +257,7 @@ org.apache.tomcat.embed tomcat-embed-core - 9.0.27 + 9.0.30 provided @@ -805,7 +805,7 @@ org.apache.tomcat tomcat-el-api - 9.0.27 + 9.0.30 test @@ -845,7 +845,7 @@ org.apache.tomcat tomcat-jasper-el - 9.0.27 + 9.0.30 test @@ -885,7 +885,7 @@ org.apache.tomcat tomcat-jdbc - 9.0.27 + 9.0.30 test From ea4693f16047e29355017cf8855bd716c3498559 Mon Sep 17 00:00:00 2001 From: Andrew Wittrock Date: Thu, 2 Jan 2020 17:24:14 -0800 Subject: [PATCH 104/111] Do not report tomcat internals in error messages We put the Valve in the wrong spot in our first attempt. Coincidentally, since then the same change was made in the tomcat-cnb's server.xml: https://github.com/cloudfoundry/tomcat-cnb/blob/8ef1890ae95ad5a84adb288bd7cb739001bdcb96/server.xml#L31 [#170193262] Signed-off-by: Andrew Edstrom Co-authored-by: Andrew Edstrom --- k8s/image/tomcat/conf/server.xml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/k8s/image/tomcat/conf/server.xml b/k8s/image/tomcat/conf/server.xml index 5d5c3e62223..4ef4df95ad3 100644 --- a/k8s/image/tomcat/conf/server.xml +++ b/k8s/image/tomcat/conf/server.xml @@ -8,13 +8,12 @@ - + - + + \ No newline at end of file From afa78548140f0ace455e08102e7b9dc43eacccce Mon Sep 17 00:00:00 2001 From: Andrew Wittrock Date: Thu, 2 Jan 2020 17:26:28 -0800 Subject: [PATCH 105/111] Format server.xml to match tomcat-cnb's server.xml We want to keep these two as in-sync as possible: https://github.com/cloudfoundry/tomcat-cnb/blob/master/server.xml [#170193262] Signed-off-by: Andrew Edstrom Co-authored-by: Andrew Edstrom --- k8s/image/tomcat/conf/server.xml | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/k8s/image/tomcat/conf/server.xml b/k8s/image/tomcat/conf/server.xml index 4ef4df95ad3..7e5e0239134 100644 --- a/k8s/image/tomcat/conf/server.xml +++ b/k8s/image/tomcat/conf/server.xml @@ -1,19 +1,19 @@ - - + + - - - - - - - - - + + + + + + + + + \ No newline at end of file From 40224fcf0dce681fa522079dfed696e2888963bd Mon Sep 17 00:00:00 2001 From: Andrew Edstrom Date: Fri, 10 Jan 2020 14:50:21 -0800 Subject: [PATCH 106/111] Template testing support. This commit provides a set of matchers to facilitate - shelling out to YTT to generate k8s templates as - parsing the resulting yaml into k8s API structs - matchers for interacting with those structs. [#169718758] Signed-off-by: Joshua Casey --- k8s/go.mod | 10 ++ k8s/go.sum | 123 +++++++++++++++ .../deployment.yml} | 25 +--- k8s/templates/service.yml | 17 +++ k8s/test/deployment_test.go | 22 +++ k8s/test/k8s_suite_test.go | 37 +++++ k8s/test/matchers_test.go | 140 ++++++++++++++++++ 7 files changed, 354 insertions(+), 20 deletions(-) create mode 100644 k8s/go.mod create mode 100644 k8s/go.sum rename k8s/{deployment/deployment.yaml => templates/deployment.yml} (52%) create mode 100644 k8s/templates/service.yml create mode 100644 k8s/test/deployment_test.go create mode 100644 k8s/test/k8s_suite_test.go create mode 100644 k8s/test/matchers_test.go diff --git a/k8s/go.mod b/k8s/go.mod new file mode 100644 index 00000000000..2dbdb0ae939 --- /dev/null +++ b/k8s/go.mod @@ -0,0 +1,10 @@ +module github.com/cloudfoundry/uaa + +go 1.13 + +require ( + github.com/onsi/ginkgo v1.11.0 + github.com/onsi/gomega v1.8.1 + k8s.io/api v0.17.0 + k8s.io/client-go v11.0.0+incompatible +) diff --git a/k8s/go.sum b/k8s/go.sum new file mode 100644 index 00000000000..987c0edf756 --- /dev/null +++ b/k8s/go.sum @@ -0,0 +1,123 @@ +github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= +github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= +github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= +github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= +github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= +github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= +github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= +github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= +github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= +github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= +github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg= +github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc= +github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I= +github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d h1:3PaI8p3seN09VjbTYC/QWlUZdZ1qS1zGjy7LH2Wt07I= +github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= +github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs= +github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY= +github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= +github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= +github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= +github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v1.1.8 h1:QiWkFLKq0T7mpzwOTu6BzNDbfTE8OLrYhVKYMLF46Ok= +github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= +github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= +github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= +github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v0.0.0-20180320133207-05fbef0ca5da/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI= +github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= +github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/ginkgo v1.11.0 h1:JAKSXpt1YjtLA7YpPiqO9ss6sNXEsPfSGdwN0UHqzrw= +github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= +github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= +github.com/onsi/gomega v1.8.1 h1:C5Dqfs/LeauYDX0jJXIe2SWmwCbGzx9yF8C8xy3Lh34= +github.com/onsi/gomega v1.8.1/go.mod h1:Ho0h+IUsWyvy1OpqCwxlQ/21gkhVunqlU8fDGcoTdcA= +github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= +github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= +github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= +github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20191004110552-13f9640d40b9 h1:rjwSpXsdiK0dV8/Naq3kAw9ymfAeJIyd0upUIElB+lI= +golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456 h1:ng0gs1AKnRRuEMZoTLLlbOd+C17zUDepwGQBb/n+JVg= +golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= +golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= +golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7 h1:9zdDQZ7Thm29KFXgAX/+yaf3eVbP7djjWp/dXAppNCc= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY= +gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= +gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I= +gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +k8s.io/api v0.17.0 h1:H9d/lw+VkZKEVIUc8F3wgiQ+FUXTTr21M87jXLU7yqM= +k8s.io/api v0.17.0/go.mod h1:npsyOePkeP0CPwyGfXDHxvypiYMJxBWAMpQxCaJ4ZxI= +k8s.io/apimachinery v0.17.0 h1:xRBnuie9rXcPxUkDizUsGvPf1cnlZCFu210op7J7LJo= +k8s.io/apimachinery v0.17.0/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg= +k8s.io/client-go v11.0.0+incompatible h1:LBbX2+lOwY9flffWlJM7f1Ct8V2SRNiMRDFeiwnJo9o= +k8s.io/client-go v11.0.0+incompatible/go.mod h1:7vJpHMYJwNQCWgzmNV+VYUl1zCObLyodBc8nIyt8L5s= +k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= +k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= +k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= +k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= +k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E= +sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI= +sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs= +sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= diff --git a/k8s/deployment/deployment.yaml b/k8s/templates/deployment.yml similarity index 52% rename from k8s/deployment/deployment.yaml rename to k8s/templates/deployment.yml index c24c8e9731b..47cdefdcbb2 100644 --- a/k8s/deployment/deployment.yaml +++ b/k8s/templates/deployment.yml @@ -1,20 +1,5 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: uaa-service - labels: - app: uaa-deployment -spec: - type: NodePort - ports: - - port: 8080 - name: http-uaa - targetPort: 8080 - protocol: TCP - nodePort: 30000 - selector: - app: uaa-deployment +#@ load("@ytt:data", "data") +#@yaml/text-templated-strings --- apiVersion: apps/v1 kind: Deployment @@ -29,10 +14,10 @@ spec: metadata: labels: app: uaa-deployment - spec: # pod spec + spec: #! pod spec containers: - name: uaa - image: cfidentity/uaa@sha256:93b70b26fbb3de88d93728b0daf1ea7b001fde89a24e283c3db36bf4c6af087c + image: "cfidentity/uaa@sha256:93b70b26fbb3de88d93728b0daf1ea7b001fde89a24e283c3db36bf4c6af087c" ports: - containerPort: 8080 protocol: TCP @@ -40,4 +25,4 @@ spec: - name: LOGIN_CONFIG_URL value: "classpath:required_configuration.yml" - name: spring_profiles - value: "default,hsqldb" + value: "default,hsqldb" \ No newline at end of file diff --git a/k8s/templates/service.yml b/k8s/templates/service.yml new file mode 100644 index 00000000000..b521b0760f0 --- /dev/null +++ b/k8s/templates/service.yml @@ -0,0 +1,17 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: uaa-service + labels: + app: uaa-deployment +spec: + type: NodePort + ports: + - port: 8080 + name: http-uaa + targetPort: 8080 + protocol: TCP + nodePort: 30000 + selector: + app: uaa-deployment diff --git a/k8s/test/deployment_test.go b/k8s/test/deployment_test.go new file mode 100644 index 00000000000..6febc17d065 --- /dev/null +++ b/k8s/test/deployment_test.go @@ -0,0 +1,22 @@ +package k8s_test + +import ( + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" + "path/filepath" +) + +var _ = Describe("Deployment", func() { + var deploymentPath, valuesPath string + + BeforeEach(func() { + deploymentPath = pathToTemplate("deployment.yml") + valuesPath = pathToTemplate(filepath.Join("values", "values.yml")) + }) + + It("Constructs the YAML from a set of files", func() { + ctx := NewRenderingContext(deploymentPath, valuesPath) + + Expect(ctx).To(ProduceYAML(RepresentingContainer("uaa"))) + }) +}) diff --git a/k8s/test/k8s_suite_test.go b/k8s/test/k8s_suite_test.go new file mode 100644 index 00000000000..abe0d6f42a9 --- /dev/null +++ b/k8s/test/k8s_suite_test.go @@ -0,0 +1,37 @@ +package k8s_test + +import ( + "fmt" + "path/filepath" + "runtime" + "testing" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" +) + +var templateBasePath string + +func init() { + _, filename, _, ok := runtime.Caller(0) + if !ok { + panic("Could not initialize k8s_test package: can't find location of this file") + } + + relative := filepath.Join(filepath.Dir(filename), "..", "templates") + abs, err := filepath.Abs(relative) + if err != nil { + panic(fmt.Sprintf("Could not initialize k8s_test package: %v", err)) + } + + templateBasePath = abs +} + +func pathToTemplate(name string) string { + return filepath.Join(templateBasePath, name) +} + +func TestDeployment(t *testing.T) { + RegisterFailHandler(Fail) + RunSpecs(t, "Deployment Suite") +} diff --git a/k8s/test/matchers_test.go b/k8s/test/matchers_test.go new file mode 100644 index 00000000000..0e843b5e2c3 --- /dev/null +++ b/k8s/test/matchers_test.go @@ -0,0 +1,140 @@ +package k8s_test + +import ( + "fmt" + . "github.com/onsi/ginkgo" + "github.com/onsi/gomega/format" + "github.com/onsi/gomega/gbytes" + "github.com/onsi/gomega/gexec" + "github.com/onsi/gomega/types" + appV1 "k8s.io/api/apps/v1" + coreV1 "k8s.io/api/core/v1" + "k8s.io/client-go/kubernetes/scheme" + "os/exec" +) + +type RenderingContext struct { + templates []string + data map[string]string +} + +func (r RenderingContext) WithData(data map[string]string) RenderingContext { + r.data = data + return r +} + +func NewRenderingContext(templates ...string) RenderingContext { + return RenderingContext{templates, nil} +} + +type ProduceYAMLMatcher struct { + matcher types.GomegaMatcher +} + +func ProduceYAML(matcher types.GomegaMatcher) *ProduceYAMLMatcher { + return &ProduceYAMLMatcher{matcher} +} + +func (matcher *ProduceYAMLMatcher) Match(actual interface{}) (bool, error) { + rendering, ok := actual.(RenderingContext) + if !ok { + return false, fmt.Errorf("ProduceYAML must be passed a RenderingContext. Got\n%s", format.Object(actual, 1)) + } + + session, err := renderWithData(rendering.templates, rendering.data) + if err != nil { + return false, err + } + + obj, err := parseYAML(session.Out) + if err != nil { + return false, err + } + + return matcher.matcher.Match(obj) +} + +func (matcher *ProduceYAMLMatcher) FailureMessage(actual interface{}) string { + return matcher.matcher.FailureMessage(actual) +} + +func (matcher *ProduceYAMLMatcher) NegatedFailureMessage(actual interface{}) string { + return matcher.matcher.NegatedFailureMessage(actual) +} + +func renderWithData(templates []string, data map[string]string) (*gexec.Session, error) { + var args []string + for _, template := range templates { + args = append(args, "-f", template) + } + + for k, v := range data { + args = append(args, "-v", fmt.Sprintf("%s=%s", k, v)) + } + + command := exec.Command("ytt", args...) + session, err := gexec.Start(command, GinkgoWriter, GinkgoWriter) + if err != nil { + return session, err + } + + return session.Wait(), nil +} + +func parseYAML(yaml *gbytes.Buffer) (interface{}, error) { + decode := scheme.Codecs.UniversalDeserializer().Decode + obj, _, err := decode(yaml.Contents(), nil, nil) + if err != nil { + return nil, err + } + + return obj, nil +} + +type ContainerExpectation func(coreV1.Container) error + +type RepresentingContainerMatcher struct { + name string + tests []ContainerExpectation + err error +} + +func RepresentingContainer(name string) *RepresentingContainerMatcher { + return &RepresentingContainerMatcher{name, nil, nil} +} + +func (matcher *RepresentingContainerMatcher) Match(actual interface{}) (bool, error) { + deployment, ok := actual.(*appV1.Deployment) + if !ok { + return false, fmt.Errorf("RepresentingContainer must be passed a deployment. Got\n%s", format.Object(actual, 1)) + } + + var selected *coreV1.Container + for _, c := range deployment.Spec.Template.Spec.Containers { + if c.Name == matcher.name { + selected = &c + } + } + + if selected == nil { + matcher.err = fmt.Errorf("Expected container named %s, but did not find one", matcher.name) + return false, nil + } + + for _, test := range matcher.tests { + if err := test(*selected); err != nil { + matcher.err = err + return false, nil + } + } + + return true, nil +} + +func (matcher *RepresentingContainerMatcher) FailureMessage(actual interface{}) string { + return fmt.Sprintf("Container did not match expectation: %v", matcher.err) +} + +func (matcher *RepresentingContainerMatcher) NegatedFailureMessage(actual interface{}) string { + return fmt.Sprintf("Container should not to match expectation: %v", matcher.err) +} From 2b5f6a8eb9901130383e3b5f456306c3c2c0286b Mon Sep 17 00:00:00 2001 From: Jeremy Morony Date: Fri, 10 Jan 2020 15:56:10 -0800 Subject: [PATCH 107/111] Add Makefile for K8s template rendering - Includes running the template tests in Go [#169718758] Signed-off-by: Joshua Casey --- k8s/Makefile | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 k8s/Makefile diff --git a/k8s/Makefile b/k8s/Makefile new file mode 100644 index 00000000000..34cbaded903 --- /dev/null +++ b/k8s/Makefile @@ -0,0 +1,16 @@ +GOFILES=`find . -type f -name '*.go'` + +.PHONY: clean +clean: + go clean + +.PHONY: format +format: + gofmt -l -s -w ${GOFILES} + +.PHONY: test +test: + go test -count=1 ./... + +render: + @ytt -f templates From 1a45483bd5406376d230c0ab90d21e35a459987f Mon Sep 17 00:00:00 2001 From: Jeremy Morony Date: Sat, 11 Jan 2020 18:19:33 -0800 Subject: [PATCH 108/111] Touch templates/values/values.yml This file is required for the tests to pass. --- k8s/templates/values/values.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 k8s/templates/values/values.yml diff --git a/k8s/templates/values/values.yml b/k8s/templates/values/values.yml new file mode 100644 index 00000000000..e69de29bb2d From f6ef8bce0e92818704df62e0a2c6584a414b44b0 Mon Sep 17 00:00:00 2001 From: Jeremy Morony Date: Sun, 12 Jan 2020 11:16:38 -0800 Subject: [PATCH 109/111] Refactor matchers. Bringing the matchers closer to the underlying structure of the parsed YAML. This should ease both the extension of the matchers and their expressiveness. --- k8s/test/container_matcher_test.go | 52 ++++++++++++++ k8s/test/deployment_matcher_test.go | 48 +++++++++++++ k8s/test/deployment_test.go | 12 +++- k8s/test/pod_matcher_test.go | 55 +++++++++++++++ ...s_test.go => produce_yaml_matcher_test.go} | 70 +++++-------------- 5 files changed, 181 insertions(+), 56 deletions(-) create mode 100644 k8s/test/container_matcher_test.go create mode 100644 k8s/test/deployment_matcher_test.go create mode 100644 k8s/test/pod_matcher_test.go rename k8s/test/{matchers_test.go => produce_yaml_matcher_test.go} (55%) diff --git a/k8s/test/container_matcher_test.go b/k8s/test/container_matcher_test.go new file mode 100644 index 00000000000..6c724d47f78 --- /dev/null +++ b/k8s/test/container_matcher_test.go @@ -0,0 +1,52 @@ +package k8s_test + +import ( + "fmt" + "github.com/onsi/gomega" + "github.com/onsi/gomega/format" + "github.com/onsi/gomega/gstruct" + "github.com/onsi/gomega/types" + coreV1 "k8s.io/api/core/v1" +) + +type ContainerMatcher struct { + fields map[string]types.GomegaMatcher + + container *coreV1.Container + executed types.GomegaMatcher +} + +func NewContainerMatcher() *ContainerMatcher { + return &ContainerMatcher{map[string]types.GomegaMatcher{}, nil, nil} +} + +func (matcher *ContainerMatcher) WithName(name string) *ContainerMatcher { + matcher.fields["Name"] = gomega.Equal(name) + + return matcher +} + +func (matcher *ContainerMatcher) Match(actual interface{}) (bool, error) { + container, ok := actual.(coreV1.Container) + if !ok { + return false, fmt.Errorf("Expected a container. Got\n%s", format.Object(actual, 1)) + } + + matcher.container = &container + matcher.executed = gstruct.MatchFields(gstruct.IgnoreExtras, matcher.fields) + return matcher.executed.Match(container) +} + +func (matcher *ContainerMatcher) FailureMessage(actual interface{}) string { + return fmt.Sprintf( + "At least one container should match: \n%s", + matcher.executed.FailureMessage(&matcher.container), + ) +} + +func (matcher *ContainerMatcher) NegatedFailureMessage(actual interface{}) string { + return fmt.Sprintf( + "No container should match: \n%s", + matcher.executed.FailureMessage(&matcher.container), + ) +} diff --git a/k8s/test/deployment_matcher_test.go b/k8s/test/deployment_matcher_test.go new file mode 100644 index 00000000000..e2675ca74f7 --- /dev/null +++ b/k8s/test/deployment_matcher_test.go @@ -0,0 +1,48 @@ +package k8s_test + +import ( + "fmt" + "github.com/onsi/gomega/format" + "github.com/onsi/gomega/types" + appV1 "k8s.io/api/apps/v1" +) + +type PodMatcherConfig func(*PodMatcher) + +type DeploymentMatcher struct { + pod *PodMatcher + + executed types.GomegaMatcher +} + +func RepresentingDeployment() *DeploymentMatcher { + return &DeploymentMatcher{NewPodMatcher(), nil} +} + +func (matcher *DeploymentMatcher) WithPodMatching(config PodMatcherConfig) *DeploymentMatcher { + config(matcher.pod) + + return matcher +} + +func (matcher *DeploymentMatcher) Match(actual interface{}) (bool, error) { + deployment, ok := actual.(*appV1.Deployment) + if !ok { + return false, fmt.Errorf("Expected a deployment. Got\n%s", format.Object(actual, 1)) + } + + matcher.executed = matcher.pod + if pass, err := matcher.pod.Match(deployment.Spec.Template); !pass || err != nil { + return pass, err + } + + return true, nil +} + +func (matcher *DeploymentMatcher) FailureMessage(actual interface{}) string { + return matcher.executed.FailureMessage(actual) +} + +func (matcher *DeploymentMatcher) NegatedFailureMessage(actual interface{}) string { + return matcher.executed.NegatedFailureMessage(actual) +} diff --git a/k8s/test/deployment_test.go b/k8s/test/deployment_test.go index 6febc17d065..6b38ecf61e2 100644 --- a/k8s/test/deployment_test.go +++ b/k8s/test/deployment_test.go @@ -14,9 +14,17 @@ var _ = Describe("Deployment", func() { valuesPath = pathToTemplate(filepath.Join("values", "values.yml")) }) - It("Constructs the YAML from a set of files", func() { + It("Renders a deployment for the UAA", func() { ctx := NewRenderingContext(deploymentPath, valuesPath) - Expect(ctx).To(ProduceYAML(RepresentingContainer("uaa"))) + Expect(ctx).To( + ProduceYAML( + RepresentingDeployment().WithPodMatching(func(pod *PodMatcher) { + pod.WithContainerMatching(func(container *ContainerMatcher) { + container.WithName("uaa") + }) + }), + ), + ) }) }) diff --git a/k8s/test/pod_matcher_test.go b/k8s/test/pod_matcher_test.go new file mode 100644 index 00000000000..b76f1b95e90 --- /dev/null +++ b/k8s/test/pod_matcher_test.go @@ -0,0 +1,55 @@ +package k8s_test + +import ( + "fmt" + "github.com/onsi/gomega" + "github.com/onsi/gomega/format" + "github.com/onsi/gomega/types" + coreV1 "k8s.io/api/core/v1" +) + +type ContainerMatcherConfig func(*ContainerMatcher) + +type PodMatcher struct { + containers []types.GomegaMatcher + + executed types.GomegaMatcher +} + +func NewPodMatcher() *PodMatcher { + return &PodMatcher{[]types.GomegaMatcher{}, nil} +} + +func (matcher *PodMatcher) WithContainerMatching(config ContainerMatcherConfig) *PodMatcher { + container := NewContainerMatcher() + config(container) + matcher.containers = append(matcher.containers, container) + + return matcher +} + +func (matcher *PodMatcher) Match(actual interface{}) (bool, error) { + pod, ok := actual.(coreV1.PodTemplateSpec) + if !ok { + return false, fmt.Errorf("Expected pod. Got\n%s", format.Object(actual, 1)) + } + + for _, container := range matcher.containers { + contains := gomega.ContainElement(container) + + matcher.executed = container + if pass, err := contains.Match(pod.Spec.Containers); !pass || err != nil { + return pass, err + } + } + + return true, nil +} + +func (matcher *PodMatcher) FailureMessage(actual interface{}) string { + return matcher.executed.FailureMessage(actual) +} + +func (matcher *PodMatcher) NegatedFailureMessage(actual interface{}) string { + return matcher.executed.NegatedFailureMessage(actual) +} diff --git a/k8s/test/matchers_test.go b/k8s/test/produce_yaml_matcher_test.go similarity index 55% rename from k8s/test/matchers_test.go rename to k8s/test/produce_yaml_matcher_test.go index 0e843b5e2c3..79d31fccfd8 100644 --- a/k8s/test/matchers_test.go +++ b/k8s/test/produce_yaml_matcher_test.go @@ -7,8 +7,6 @@ import ( "github.com/onsi/gomega/gbytes" "github.com/onsi/gomega/gexec" "github.com/onsi/gomega/types" - appV1 "k8s.io/api/apps/v1" - coreV1 "k8s.io/api/core/v1" "k8s.io/client-go/kubernetes/scheme" "os/exec" ) @@ -28,11 +26,12 @@ func NewRenderingContext(templates ...string) RenderingContext { } type ProduceYAMLMatcher struct { - matcher types.GomegaMatcher + matcher types.GomegaMatcher + rendered string } func ProduceYAML(matcher types.GomegaMatcher) *ProduceYAMLMatcher { - return &ProduceYAMLMatcher{matcher} + return &ProduceYAMLMatcher{matcher, ""} } func (matcher *ProduceYAMLMatcher) Match(actual interface{}) (bool, error) { @@ -46,6 +45,7 @@ func (matcher *ProduceYAMLMatcher) Match(actual interface{}) (bool, error) { return false, err } + matcher.rendered = string(session.Out.Contents()) obj, err := parseYAML(session.Out) if err != nil { return false, err @@ -55,11 +55,21 @@ func (matcher *ProduceYAMLMatcher) Match(actual interface{}) (bool, error) { } func (matcher *ProduceYAMLMatcher) FailureMessage(actual interface{}) string { - return matcher.matcher.FailureMessage(actual) + msg := fmt.Sprintf( + "There is a problem with this YAML:\n\n%s\n\n%s", + matcher.rendered, + matcher.matcher.FailureMessage(actual), + ) + return msg } func (matcher *ProduceYAMLMatcher) NegatedFailureMessage(actual interface{}) string { - return matcher.matcher.NegatedFailureMessage(actual) + msg := fmt.Sprintf( + "There is a problem with this YAML:\n\n%s\n\n%s", + matcher.rendered, + matcher.matcher.NegatedFailureMessage(actual), + ) + return msg } func renderWithData(templates []string, data map[string]string) (*gexec.Session, error) { @@ -90,51 +100,3 @@ func parseYAML(yaml *gbytes.Buffer) (interface{}, error) { return obj, nil } - -type ContainerExpectation func(coreV1.Container) error - -type RepresentingContainerMatcher struct { - name string - tests []ContainerExpectation - err error -} - -func RepresentingContainer(name string) *RepresentingContainerMatcher { - return &RepresentingContainerMatcher{name, nil, nil} -} - -func (matcher *RepresentingContainerMatcher) Match(actual interface{}) (bool, error) { - deployment, ok := actual.(*appV1.Deployment) - if !ok { - return false, fmt.Errorf("RepresentingContainer must be passed a deployment. Got\n%s", format.Object(actual, 1)) - } - - var selected *coreV1.Container - for _, c := range deployment.Spec.Template.Spec.Containers { - if c.Name == matcher.name { - selected = &c - } - } - - if selected == nil { - matcher.err = fmt.Errorf("Expected container named %s, but did not find one", matcher.name) - return false, nil - } - - for _, test := range matcher.tests { - if err := test(*selected); err != nil { - matcher.err = err - return false, nil - } - } - - return true, nil -} - -func (matcher *RepresentingContainerMatcher) FailureMessage(actual interface{}) string { - return fmt.Sprintf("Container did not match expectation: %v", matcher.err) -} - -func (matcher *RepresentingContainerMatcher) NegatedFailureMessage(actual interface{}) string { - return fmt.Sprintf("Container should not to match expectation: %v", matcher.err) -} From 939b15df3d30374a4a95ae1e57da76a9035bf71c Mon Sep 17 00:00:00 2001 From: Andy Hunt Date: Thu, 11 Jul 2019 13:04:16 +0100 Subject: [PATCH 110/111] Implement multiple modes of issuer claim validation Some IDPs (e.g. Microsoft) create tokens whose `iss` claim can vary from user to user. Under the current version, UAA was unable to integrate with these providers because it requires a single, specific issuer value to be present. To enable UAA to integrate with providers who do this, we implement different modes for validating the `iss` claim, under the `issuerValidationMode` configuration property for OIDC providers The modes are STRICT The default behaviour. The string in the `iss` claim and the configured issuer URL must match exactly. DOMAIN_ONLY The value of the `iss` claim and the configured issuer URL must be URLs. They are considered to match if their domains match. Subdomains are not considered to match a parent domain. --- ...tractXOAuthIdentityProviderDefinition.java | 11 +++++ .../provider/XOAuthIssuerValidationMode.java | 6 +++ .../uaa/oauth/TokenValidationService.java | 3 +- .../oauth/OauthIDPWrapperFactoryBean.java | 13 ++++++ .../oauth/XOAuthAuthenticationManager.java | 14 ++++--- .../identity/uaa/util/TokenValidation.java | 41 +++++++++++++++++-- .../uaa/oauth/TokenValidationServiceTest.java | 20 ++++++++- .../oauth/XOAuthAuthenticationManagerIT.java | 1 + .../uaa/util/TokenValidationTest.java | 19 ++++++--- 9 files changed, 111 insertions(+), 17 deletions(-) create mode 100644 model/src/main/java/org/cloudfoundry/identity/uaa/provider/XOAuthIssuerValidationMode.java diff --git a/model/src/main/java/org/cloudfoundry/identity/uaa/provider/AbstractXOAuthIdentityProviderDefinition.java b/model/src/main/java/org/cloudfoundry/identity/uaa/provider/AbstractXOAuthIdentityProviderDefinition.java index 989530ab054..aaf7b61e440 100644 --- a/model/src/main/java/org/cloudfoundry/identity/uaa/provider/AbstractXOAuthIdentityProviderDefinition.java +++ b/model/src/main/java/org/cloudfoundry/identity/uaa/provider/AbstractXOAuthIdentityProviderDefinition.java @@ -36,6 +36,8 @@ public abstract class AbstractXOAuthIdentityProviderDefinition scopes; private String issuer; + + private XOAuthIssuerValidationMode issuerValidationMode = XOAuthIssuerValidationMode.STRICT; private String responseType = "code"; public URL getAuthUrl() { @@ -147,6 +149,13 @@ public T setIssuer(String issuer) { return (T) this; } + public XOAuthIssuerValidationMode getIssuerValidationMode() { return issuerValidationMode; } + + public T setIssuerValidationMode(XOAuthIssuerValidationMode issuerValidationMode) { + this.issuerValidationMode = issuerValidationMode; + return (T) this; + } + public String getResponseType() { return responseType; } @@ -184,6 +193,7 @@ public boolean equals(Object o) { return false; if (!Objects.equals(scopes, that.scopes)) return false; if (!Objects.equals(issuer, that.issuer)) return false; + if (!Objects.equals(issuerValidationMode, that.issuerValidationMode)) return false; return Objects.equals(responseType, that.responseType); } @@ -202,6 +212,7 @@ public int hashCode() { result = 31 * result + (relyingPartySecret != null ? relyingPartySecret.hashCode() : 0); result = 31 * result + (scopes != null ? scopes.hashCode() : 0); result = 31 * result + (issuer != null ? issuer.hashCode() : 0); + result = 31 * result + (issuerValidationMode != null ? issuerValidationMode.hashCode() : 0); result = 31 * result + (responseType != null ? responseType.hashCode() : 0); return result; } diff --git a/model/src/main/java/org/cloudfoundry/identity/uaa/provider/XOAuthIssuerValidationMode.java b/model/src/main/java/org/cloudfoundry/identity/uaa/provider/XOAuthIssuerValidationMode.java new file mode 100644 index 00000000000..d8f11db152f --- /dev/null +++ b/model/src/main/java/org/cloudfoundry/identity/uaa/provider/XOAuthIssuerValidationMode.java @@ -0,0 +1,6 @@ +package org.cloudfoundry.identity.uaa.provider; + +public enum XOAuthIssuerValidationMode { + STRICT, + DOMAIN_ONLY +} diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/TokenValidationService.java b/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/TokenValidationService.java index 51a3f95cd3f..f870ed83f5e 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/TokenValidationService.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/TokenValidationService.java @@ -2,6 +2,7 @@ import org.cloudfoundry.identity.uaa.oauth.token.RevocableToken; import org.cloudfoundry.identity.uaa.oauth.token.RevocableTokenProvisioning; +import org.cloudfoundry.identity.uaa.provider.XOAuthIssuerValidationMode; import org.cloudfoundry.identity.uaa.user.UaaUser; import org.cloudfoundry.identity.uaa.user.UaaUserDatabase; import org.cloudfoundry.identity.uaa.util.TokenValidation; @@ -52,7 +53,7 @@ public TokenValidation validateToken(String token, boolean isAccessToken) { buildAccessTokenValidator(token, keyInfoService) : buildRefreshTokenValidator(token, keyInfoService); tokenValidation .checkRevocableTokenStore(revocableTokenProvisioning) - .checkIssuer(tokenEndpointBuilder.getTokenEndpoint(IdentityZoneHolder.get())); + .checkIssuer(tokenEndpointBuilder.getTokenEndpoint(IdentityZoneHolder.get()), XOAuthIssuerValidationMode.STRICT); ClientDetails client = tokenValidation.getClientDetails(multitenantClientServices); UaaUser user = tokenValidation.getUserDetails(userDatabase); diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/OauthIDPWrapperFactoryBean.java b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/OauthIDPWrapperFactoryBean.java index d77931022ed..dd3c638f9ed 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/OauthIDPWrapperFactoryBean.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/OauthIDPWrapperFactoryBean.java @@ -19,6 +19,7 @@ import org.cloudfoundry.identity.uaa.provider.IdentityProviderWrapper; import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.provider.RawXOAuthIdentityProviderDefinition; +import org.cloudfoundry.identity.uaa.provider.XOAuthIssuerValidationMode; import org.cloudfoundry.identity.uaa.util.JsonUtils; import java.net.MalformedURLException; @@ -110,6 +111,18 @@ protected void setCommonProperties(Map idpDefinitionMap, Abstrac idpDefinition.setSkipSslValidation(idpDefinitionMap.get("skipSslValidation") == null ? false : (boolean) idpDefinitionMap.get("skipSslValidation")); idpDefinition.setTokenKey((String) idpDefinitionMap.get("tokenKey")); idpDefinition.setIssuer((String) idpDefinitionMap.get("issuer")); + + XOAuthIssuerValidationMode issuerValidationMode = XOAuthIssuerValidationMode.STRICT; + String issuerValidationModeText = (String)idpDefinitionMap.get("issuerValidationMode"); + if (hasText(issuerValidationModeText)) { + try { + issuerValidationMode = XOAuthIssuerValidationMode.valueOf(issuerValidationModeText.toUpperCase()); + } catch (IllegalArgumentException e) { + throw new IllegalArgumentException("issuer validation mode is malformed.", e); + } + } + idpDefinition.setIssuerValidationMode(issuerValidationMode); + idpDefinition.setAttributeMappings((Map) idpDefinitionMap.get(ATTRIBUTE_MAPPINGS)); idpDefinition.setScopes((List) idpDefinitionMap.get("scopes")); String responseType = (String) idpDefinitionMap.get("responseType"); diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthAuthenticationManager.java b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthAuthenticationManager.java index 11d7aef3937..d540756aedc 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthAuthenticationManager.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthAuthenticationManager.java @@ -15,6 +15,13 @@ import com.fasterxml.jackson.core.type.TypeReference; import org.apache.commons.codec.binary.Base64; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.cloudfoundry.identity.uaa.provider.AbstractXOAuthIdentityProviderDefinition; +import org.cloudfoundry.identity.uaa.provider.IdentityProvider; +import org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning; +import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition; +import org.cloudfoundry.identity.uaa.provider.RawXOAuthIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.manager.ExternalGroupAuthorizationEvent; import org.cloudfoundry.identity.uaa.authentication.manager.ExternalLoginAuthenticationManager; @@ -29,11 +36,6 @@ import org.cloudfoundry.identity.uaa.oauth.jwt.Jwt; import org.cloudfoundry.identity.uaa.oauth.jwt.JwtHelper; import org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants; -import org.cloudfoundry.identity.uaa.provider.AbstractXOAuthIdentityProviderDefinition; -import org.cloudfoundry.identity.uaa.provider.IdentityProvider; -import org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning; -import org.cloudfoundry.identity.uaa.provider.OIDCIdentityProviderDefinition; -import org.cloudfoundry.identity.uaa.provider.RawXOAuthIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.user.UaaUser; import org.cloudfoundry.identity.uaa.user.UaaUserPrototype; import org.cloudfoundry.identity.uaa.util.JsonUtils; @@ -521,7 +523,7 @@ private TokenValidation validateToken(String idToken, AbstractXOAuthIdentityProv } else { JsonWebKeySet tokenKeyFromOAuth = getTokenKeyFromOAuth(config); validation = buildIdTokenValidator(idToken, new ChainedSignatureVerifier(tokenKeyFromOAuth), keyInfoService) - .checkIssuer((isEmpty(config.getIssuer()) ? config.getTokenUrl().toString() : config.getIssuer())) + .checkIssuer((isEmpty(config.getIssuer()) ? config.getTokenUrl().toString() : config.getIssuer()), config.getIssuerValidationMode()) .checkAudience(config.getRelyingPartyId()); } return validation.checkExpiry(); diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/util/TokenValidation.java b/server/src/main/java/org/cloudfoundry/identity/uaa/util/TokenValidation.java index 77945f7b439..b7f063fe20f 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/util/TokenValidation.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/util/TokenValidation.java @@ -15,6 +15,7 @@ import com.google.common.collect.Lists; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.cloudfoundry.identity.uaa.provider.XOAuthIssuerValidationMode; import org.cloudfoundry.identity.uaa.oauth.KeyInfo; import org.cloudfoundry.identity.uaa.oauth.KeyInfoService; import org.cloudfoundry.identity.uaa.oauth.TokenRevokedException; @@ -39,6 +40,8 @@ import org.springframework.util.Assert; import javax.validation.constraints.NotNull; +import java.net.MalformedURLException; +import java.net.URL; import java.time.Instant; import java.util.*; import java.util.function.Function; @@ -124,7 +127,7 @@ public TokenValidation checkSignature(SignatureVerifier verifier) { return this; } - public TokenValidation checkIssuer(String issuer) { + public TokenValidation checkIssuer(String issuer, XOAuthIssuerValidationMode validationMode) { if (issuer == null) { return this; } @@ -133,10 +136,40 @@ public TokenValidation checkIssuer(String issuer) { throw new InvalidTokenException("Token does not bear an ISS claim.", null); } - if (!equals(issuer, claims.get(ISS))) { - throw new InvalidTokenException("Invalid issuer (" + claims.get(ISS) + ") for token did not match expected: " + issuer, null); + switch (validationMode) { + case STRICT: { + if (!equals(issuer, claims.get(ISS))) { + throw new InvalidTokenException("Invalid issuer (" + claims.get(ISS) + ") for token did not match expected: " + issuer, null); + } + return this; + } + case DOMAIN_ONLY: { + URL issuerUrl; + try { + issuerUrl = new URL(issuer); + } + catch (MalformedURLException e) { + throw new InvalidTokenException("Issuer is a malformed URL.", e); + } + + URL claimUrl; + try + { + claimUrl = new URL((String)claims.get(ISS)); + } + catch (MalformedURLException e) { + throw new InvalidTokenException("Issuer claim is a malformed URL.", e); + } + + if (!equals(issuerUrl.getHost(), claimUrl.getHost())) { + throw new InvalidTokenException("Invalid issuer domain (" + claimUrl.getHost() + ") for token did not match expected: " + issuerUrl.getHost(), null); + } + return this; + } + default: { + throw new IllegalArgumentException("Unknown enum value: " + validationMode); + } } - return this; } protected TokenValidation checkExpiry(Instant asOf) { diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenValidationServiceTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenValidationServiceTest.java index 44f4ed1d3eb..5d718e8ff6b 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenValidationServiceTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenValidationServiceTest.java @@ -124,6 +124,24 @@ public void validationFails_whenClientNotFound() { tokenValidationService.validateToken(accessToken, true); } + @Test + public void validationFails_whenIssuerDoesNotMatchTokenEndPointExactly() { + String tokenEndpoint = "https://token.endpoint"; + String issuer = tokenEndpoint + "/does/not/match"; + + when(tokenEndpointBuilder.getTokenEndpoint(IdentityZoneHolder.get())).thenReturn(tokenEndpoint); + + expectedException.expect(InvalidTokenException.class); + expectedException.expectMessage("Invalid issuer (" + issuer + ") for token did not match expected: " + tokenEndpoint); + + content.put(ISS, issuer); + + when(mockMultitenantClientServices.loadClientByClientId(clientId, IdentityZoneHolder.get().getId())).thenThrow(NoSuchClientException.class); + String accessToken = UaaTokenUtils.constructToken(header, content, signer); + + tokenValidationService.validateToken(accessToken, true); + } + @Test public void refreshToken_validatesWithScopeClaim_forBackwardsCompatibilityReasons() { Map content = map( @@ -155,4 +173,4 @@ private ArrayList buildGrantedAuthorities(String authority) { grantedAuthorities.add(UaaAuthority.authority(authority)); return grantedAuthorities; } -} \ No newline at end of file +} diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthAuthenticationManagerIT.java b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthAuthenticationManagerIT.java index 64e3a1720a0..941b9fcf977 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthAuthenticationManagerIT.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/oauth/XOAuthAuthenticationManagerIT.java @@ -222,6 +222,7 @@ public void setUp() throws Exception { .setAuthUrl(new URL("http://localhost/oauth/authorize")) .setTokenUrl(new URL("http://localhost/oauth/token")) .setIssuer("http://localhost/oauth/token") + .setIssuerValidationMode(XOAuthIssuerValidationMode.STRICT) .setShowLinkText(true) .setLinkText("My OIDC Provider") .setRelyingPartyId("identity") diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/util/TokenValidationTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/util/TokenValidationTest.java index 6abeefdd3f9..99fcc6313a6 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/util/TokenValidationTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/util/TokenValidationTest.java @@ -23,6 +23,7 @@ import org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants; import org.cloudfoundry.identity.uaa.oauth.token.RevocableToken; import org.cloudfoundry.identity.uaa.oauth.token.RevocableTokenProvisioning; +import org.cloudfoundry.identity.uaa.provider.XOAuthIssuerValidationMode; import org.cloudfoundry.identity.uaa.test.TestUtils; import org.cloudfoundry.identity.uaa.user.InMemoryUaaUserDatabase; import org.cloudfoundry.identity.uaa.user.MockUaaUserDatabase; @@ -333,7 +334,7 @@ public void required_groups_are_missing() { @Test public void checking_token_happy_case() { buildAccessTokenValidator(getToken(), new KeyInfoService("https://localhost")) - .checkIssuer("http://localhost:8080/uaa/oauth/token") + .checkIssuer("http://localhost:8080/uaa/oauth/token", XOAuthIssuerValidationMode.STRICT) .checkClient((clientId) -> inMemoryMultitenantClientServices.loadClientByClientId(clientId)) .checkExpiry(oneSecondBeforeTheTokenExpires) .checkUser((uid) -> userDb.retrieveUserById(uid)) @@ -379,7 +380,7 @@ public void validateToken_Without_Email_And_Username_should_not_throw_exception( buildAccessTokenValidator( getToken(Arrays.asList(EMAIL, USER_NAME)), new KeyInfoService("https://localhost")) .checkSignature(verifier) - .checkIssuer("http://localhost:8080/uaa/oauth/token") + .checkIssuer("http://localhost:8080/uaa/oauth/token", XOAuthIssuerValidationMode.STRICT) .checkClient((clientId) -> inMemoryMultitenantClientServices.loadClientByClientId(clientId)) .checkExpiry(oneSecondBeforeTheTokenExpires) .checkUser((uid) -> userDb.retrieveUserById(uid)) @@ -432,10 +433,18 @@ public void invalidJwt() { } @Test - public void tokenWithInvalidIssuer() { + public void tokenWithInvalidIssuer_AndStrictIssuerValidation() { expectedException.expect(InvalidTokenException.class); - buildAccessTokenValidator(getToken(), new KeyInfoService("https://localhost")).checkIssuer("http://wrong.issuer/"); + buildAccessTokenValidator(getToken(), new KeyInfoService("https://localhost")).checkIssuer("http://wrong.issuer/", XOAuthIssuerValidationMode.STRICT); + } + + @Test + public void tokenWithMatchingDomain_andDomainOnlyIssuerValidation_passesValidation() { + buildAccessTokenValidator( + getToken(), + new KeyInfoService("https://localhost") + ).checkIssuer("http://localhost/another/path/segment", XOAuthIssuerValidationMode.DOMAIN_ONLY); } @Test @@ -444,7 +453,7 @@ public void emptyBodyJwt_failsCheckingIssuer() { TokenValidation validation = buildAccessTokenValidator(getToken(), new KeyInfoService("https://localhost")); expectedException.expect(InvalidTokenException.class); - validation.checkIssuer("http://localhost:8080/uaa/oauth/token"); + validation.checkIssuer("http://localhost:8080/uaa/oauth/token", XOAuthIssuerValidationMode.STRICT); } @Test From ecff013a4bee7ce2d2530bb452eccd0b5473533d Mon Sep 17 00:00:00 2001 From: Richard Towers Date: Wed, 23 Oct 2019 17:27:46 +0100 Subject: [PATCH 111/111] Do not expire invitations on GET requests At the moment, when the user visits: ``` /invitations/accept?code=some-code ``` the invitation code from their email is immediately expired and replaced with a newly generated code which is put in a hidden input in the HTML form. Each time the user submits the form, the code is expired and (if necessary - e.g. if there's a validation issue) replaced with a new one. This is fine so long as the user fills the form in immediately, but there are a number of edge cases where this approach causes usability problems: 1) If the user refreshes the page it will tell them their invitation has expired. 2) If the user closes the tab without submitting the form, and then follows the invitation link from their email later it will show as expired. 3) If the user's email client or web browser pre-fetches the link for any reason (e.g. virus scanning / spam detection / performance optimisation) then the link will not work when they follow it for real. The third issue is the most serious. We (GOV.UK PaaS) have had some very users working in places that pre-fetch links in emails (for some reason or other), and this means they're completely unable to accept invitations. Judging from the irate support tickets we've had from these users the experience is pretty frustrating. This commit changes the GET request to /invitations/accept so that it does not expire the token (unless the invitation is being auto-accepted). The POST handler is unchanged, so if the user actually submits the form then the token will change (as it did before), even if there's a validation issue that prevents the invitation being accepted. This change fixes the usability issues, and makes the behaviour more consistent with HTTP's semantics (in the sense that GET requests should be "safe" - should not modify the state of the server). --- .../uaa/codestore/ExpiringCodeStore.java | 13 +++++++++++ .../uaa/codestore/JdbcExpiringCodeStore.java | 19 +++++++++++++++ .../invitations/InvitationsController.java | 11 ++++----- .../uaa/codestore/ExpiringCodeStoreTests.java | 13 +++++++++++ .../codestore/InMemoryExpiringCodeStore.java | 15 ++++++++++++ .../InvitationsControllerTest.java | 23 ++++++++----------- .../login/InvitationsServiceMockMvcTests.java | 7 +++--- 7 files changed, 78 insertions(+), 23 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/codestore/ExpiringCodeStore.java b/server/src/main/java/org/cloudfoundry/identity/uaa/codestore/ExpiringCodeStore.java index ed19be246e0..22ac65cfe8c 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/codestore/ExpiringCodeStore.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/codestore/ExpiringCodeStore.java @@ -30,6 +30,19 @@ public interface ExpiringCodeStore { */ ExpiringCode generateCode(String data, Timestamp expiresAt, String intent, String zoneId); + /** + * Retrieve a code BUT DO NOT DELETE IT. + * + * WARNING - if you intend to expire the code as soon as you read it, + * use {@link #retrieveCode(String, String)} instead. + * + * @param code the one-time code to look for + * @param zoneId + * @return code or null if the code is not found + * @throws java.lang.NullPointerException if the code is null + */ + ExpiringCode peekCode(String code, String zoneId); + /** * Retrieve a code and delete it if it exists. * diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/codestore/JdbcExpiringCodeStore.java b/server/src/main/java/org/cloudfoundry/identity/uaa/codestore/JdbcExpiringCodeStore.java index 27a5b9e8788..79fa9a4e05f 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/codestore/JdbcExpiringCodeStore.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/codestore/JdbcExpiringCodeStore.java @@ -111,6 +111,25 @@ public ExpiringCode generateCode(String data, Timestamp expiresAt, String intent return null; } + @Override + public ExpiringCode peekCode(String code, String zoneId) { + cleanExpiredEntries(); + + if (code == null) { + throw new NullPointerException(); + } + + try { + ExpiringCode expiringCode = jdbcTemplate.queryForObject(selectAllFields, rowMapper, code, zoneId); + if (expiringCode.getExpiresAt().getTime() < timeService.getCurrentTimeMillis()) { + expiringCode = null; + } + return expiringCode; + } catch (EmptyResultDataAccessException x) { + return null; + } + } + @Override public ExpiringCode retrieveCode(String code, String zoneId) { cleanExpiredEntries(); diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/invitations/InvitationsController.java b/server/src/main/java/org/cloudfoundry/identity/uaa/invitations/InvitationsController.java index 60bd2bda4c2..bacc251e6b6 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/invitations/InvitationsController.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/invitations/InvitationsController.java @@ -104,7 +104,7 @@ public void return404(HttpServletResponse response) { @RequestMapping(value = "/accept", method = GET, params = {"code"}) public String acceptInvitePage(@RequestParam String code, Model model, HttpServletRequest request, HttpServletResponse response) { - ExpiringCode expiringCode = expiringCodeStore.retrieveCode(code, IdentityZoneHolder.get().getId()); + ExpiringCode expiringCode = expiringCodeStore.peekCode(code, IdentityZoneHolder.get().getId()); if ((null == expiringCode) || (null != expiringCode.getIntent() && !INVITATION.name().equals(expiringCode.getIntent()))) { return handleUnprocessableEntity(model, response, "error_message_code", "code_expired", "invitations/accept_invite"); } @@ -116,7 +116,6 @@ public String acceptInvitePage(@RequestParam String code, Model model, HttpServl String origin = codeData.get(ORIGIN); try { IdentityProvider provider = identityProviderProvisioning.retrieveByOrigin(origin, IdentityZoneHolder.get().getId()); - final String newCode = expiringCodeStore.generateCode(expiringCode.getData(), new Timestamp(System.currentTimeMillis() + (10 * 60 * 1000)), expiringCode.getIntent(), IdentityZoneHolder.get().getId()).getCode(); UaaUser user = userDatabase.retrieveUserById(codeData.get("user_id")); boolean isUaaUserAndVerified = @@ -124,12 +123,12 @@ public String acceptInvitePage(@RequestParam String code, Model model, HttpServl boolean isExternalUserAndAcceptedInvite = !UAA.equals(provider.getType()) && UaaHttpRequestUtils.isAcceptedInvitationAuthentication(); if (isUaaUserAndVerified || isExternalUserAndAcceptedInvite) { - AcceptedInvitation accepted = invitationsService.acceptInvitation(newCode, ""); + AcceptedInvitation accepted = invitationsService.acceptInvitation(code, ""); String redirect = "redirect:" + accepted.getRedirectUri(); logger.debug(String.format("Redirecting accepted invitation for email:%s, id:%s to URL:%s", codeData.get("email"), codeData.get("user_id"), redirect)); return redirect; } else if (SAML.equals(provider.getType())) { - setRequestAttributes(request, newCode, user); + setRequestAttributes(request, code, user); SamlIdentityProviderDefinition definition = ObjectUtils.castInstance(provider.getConfig(), SamlIdentityProviderDefinition.class); @@ -137,7 +136,7 @@ public String acceptInvitePage(@RequestParam String code, Model model, HttpServl logger.debug(String.format("Redirecting invitation for email:%s, id:%s single SAML IDP URL:%s", codeData.get("email"), codeData.get("user_id"), redirect)); return redirect; } else if (OIDC10.equals(provider.getType()) || OAUTH20.equals(provider.getType())) { - setRequestAttributes(request, newCode, user); + setRequestAttributes(request, code, user); AbstractXOAuthIdentityProviderDefinition definition = ObjectUtils.castInstance(provider.getConfig(), AbstractXOAuthIdentityProviderDefinition.class); @@ -155,7 +154,7 @@ public String acceptInvitePage(@RequestParam String code, Model model, HttpServl Collections.singletonList(UaaAuthority.UAA_INVITED)); SecurityContextHolder.getContext().setAuthentication(token); model.addAttribute("provider", provider.getType()); - model.addAttribute("code", newCode); + model.addAttribute("code", code); model.addAttribute("email", codeData.get("email")); logger.debug(String.format("Sending user to accept invitation page email:%s, id:%s", codeData.get("email"), codeData.get("user_id"))); } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/codestore/ExpiringCodeStoreTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/codestore/ExpiringCodeStoreTests.java index 0c6b5c95224..04132055d5f 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/codestore/ExpiringCodeStoreTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/codestore/ExpiringCodeStoreTests.java @@ -133,6 +133,19 @@ public void testGenerateCodeWithDuplicateCode() { expiringCodeStore.generateCode(data, expiresAt, null, IdentityZoneHolder.get().getId()); } + @Test + public void testPeekCode() { + String data = "{}"; + Timestamp expiresAt = new Timestamp(System.currentTimeMillis() + 60000); + String zoneId = IdentityZoneHolder.get().getId(); + + ExpiringCode generatedCode = expiringCodeStore.generateCode(data, expiresAt, null, zoneId); + + Assert.assertEquals(generatedCode, expiringCodeStore.peekCode(generatedCode.getCode(), zoneId)); + Assert.assertEquals(generatedCode, expiringCodeStore.peekCode(generatedCode.getCode(), zoneId)); + Assert.assertEquals(generatedCode, expiringCodeStore.peekCode(generatedCode.getCode(), zoneId)); + } + @Test public void testRetrieveCode() { String data = "{}"; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/codestore/InMemoryExpiringCodeStore.java b/server/src/test/java/org/cloudfoundry/identity/uaa/codestore/InMemoryExpiringCodeStore.java index 2f12d353dd1..40d5c12e864 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/codestore/InMemoryExpiringCodeStore.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/codestore/InMemoryExpiringCodeStore.java @@ -40,6 +40,21 @@ public ExpiringCode generateCode(String data, Timestamp expiresAt, String intent return expiringCode; } + @Override + public ExpiringCode peekCode(String code, String zoneId) { + if (code == null) { + throw new NullPointerException(); + } + + ExpiringCode expiringCode = store.get(code + zoneId); + + if (expiringCode == null || isExpired(expiringCode)) { + expiringCode = null; + } + + return expiringCode; + } + @Override public ExpiringCode retrieveCode(String code, String zoneId) { if (code == null) { diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/invitations/InvitationsControllerTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/invitations/InvitationsControllerTest.java index a0fb69ab4af..b262c7abc1e 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/invitations/InvitationsControllerTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/invitations/InvitationsControllerTest.java @@ -147,8 +147,7 @@ public void testAcceptInvitationsPage() throws Exception { codeData.put("email", "user@example.com"); codeData.put("client_id", "client-id"); codeData.put("redirect_uri", "blah.test.com"); - when(expiringCodeStore.retrieveCode("code", IdentityZoneHolder.get().getId())).thenReturn(createCode(codeData), null); - when(expiringCodeStore.generateCode(anyString(), any(), eq(INVITATION.name()), eq(IdentityZoneHolder.get().getId()))).thenReturn(createCode(codeData)); + when(expiringCodeStore.peekCode("code", IdentityZoneHolder.get().getId())).thenReturn(createCode(codeData), null); IdentityProvider provider = new IdentityProvider(); provider.setType(OriginKeys.UAA); when(providerProvisioning.retrieveByOrigin(any(), any())).thenReturn(provider); @@ -190,8 +189,7 @@ public void incorrectCodeIntent() throws Exception { @Test public void acceptInvitePage_for_unverifiedSamlUser() throws Exception { Map codeData = getInvitationsCode("test-saml"); - when(expiringCodeStore.retrieveCode("the_secret_code", IdentityZoneHolder.get().getId())).thenReturn(createCode(codeData)); - when(expiringCodeStore.generateCode(anyString(), any(), eq(INVITATION.name()), eq(IdentityZoneHolder.get().getId()))).thenReturn(createCode(codeData)); + when(expiringCodeStore.peekCode("the_secret_code", IdentityZoneHolder.get().getId())).thenReturn(createCode(codeData)); IdentityProvider provider = new IdentityProvider(); SamlIdentityProviderDefinition definition = new SamlIdentityProviderDefinition() .setMetaDataLocation("http://test.saml.com") @@ -217,8 +215,7 @@ public void acceptInvitePage_for_unverifiedSamlUser() throws Exception { @Test public void acceptInvitePage_for_unverifiedOIDCUser() throws Exception { Map codeData = getInvitationsCode("test-oidc"); - when(expiringCodeStore.retrieveCode("the_secret_code", IdentityZoneHolder.get().getId())).thenReturn(createCode(codeData)); - when(expiringCodeStore.generateCode(anyString(), any(), eq(INVITATION.name()), eq(IdentityZoneHolder.get().getId()))).thenReturn(createCode(codeData)); + when(expiringCodeStore.peekCode("the_secret_code", IdentityZoneHolder.get().getId())).thenReturn(createCode(codeData)); OIDCIdentityProviderDefinition definition = new OIDCIdentityProviderDefinition(); definition.setAuthUrl(new URL("https://oidc10.auth.url")); @@ -242,8 +239,7 @@ public void acceptInvitePage_for_unverifiedOIDCUser() throws Exception { @Test public void acceptInvitePage_for_unverifiedLdapUser() throws Exception { Map codeData = getInvitationsCode(LDAP); - when(expiringCodeStore.retrieveCode("the_secret_code", IdentityZoneHolder.get().getId())).thenReturn(createCode(codeData)); - when(expiringCodeStore.generateCode(anyString(), any(), eq(INVITATION.name()), eq(IdentityZoneHolder.get().getId()))).thenReturn(createCode(codeData)); + when(expiringCodeStore.peekCode("the_secret_code", IdentityZoneHolder.get().getId())).thenReturn(createCode(codeData)); IdentityProvider provider = new IdentityProvider(); provider.setType(LDAP); @@ -258,7 +254,7 @@ public void acceptInvitePage_for_unverifiedLdapUser() throws Exception { .andExpect(content().string(containsString("Email: " + "user@example.com"))) .andExpect(content().string(containsString("Sign in with enterprise credentials:"))) .andExpect(content().string(containsString("username"))) - .andExpect(model().attribute("code", "code")) + .andExpect(model().attribute("code", "the_secret_code")) .andReturn(); } @@ -392,8 +388,7 @@ public void acceptInvitePage_for_verifiedUser() throws Exception { codeData.put("email", "user@example.com"); codeData.put("origin", "some-origin"); - when(expiringCodeStore.retrieveCode("the_secret_code", IdentityZoneHolder.get().getId())).thenReturn(createCode(codeData), null); - when(expiringCodeStore.generateCode(anyString(), any(), eq(INVITATION.name()), eq(IdentityZoneHolder.get().getId()))).thenReturn(createCode(codeData)); + when(expiringCodeStore.peekCode("the_secret_code", IdentityZoneHolder.get().getId())).thenReturn(createCode(codeData), null); when(invitationsService.acceptInvitation(anyString(), eq(""))).thenReturn(new AcceptedInvitation("blah.test.com", new ScimUser())); IdentityProvider provider = new IdentityProvider(); provider.setType(OriginKeys.UAA); @@ -663,10 +658,8 @@ public void testAcceptInvite_displaysConsentText() throws Exception { Map codeData = getInvitationsCode(OriginKeys.UAA); String codeDataString = JsonUtils.writeValueAsString(codeData); ExpiringCode expiringCode = new ExpiringCode("thecode", new Timestamp(1), codeDataString, INVITATION.name()); - when(expiringCodeStore.retrieveCode("thecode", IdentityZoneHolder.get().getId())) + when(expiringCodeStore.peekCode("thecode", IdentityZoneHolder.get().getId())) .thenReturn(expiringCode, null); - when(expiringCodeStore.generateCode(anyString(), any(), eq(INVITATION.name()), eq(IdentityZoneHolder.get().getId()))) - .thenReturn(expiringCode); mockMvc.perform(get("/invitations/accept") .param("code", "thecode")) @@ -709,6 +702,8 @@ public void testAcceptInvite_displaysErrorMessageIfConsentNotChecked() throws Ex Map codeData = getInvitationsCode(OriginKeys.UAA); String codeDataString = JsonUtils.writeValueAsString(codeData); ExpiringCode expiringCode = new ExpiringCode("thecode", new Timestamp(1), codeDataString, INVITATION.name()); + when(expiringCodeStore.peekCode(anyString(), eq(IdentityZoneHolder.get().getId()))) + .thenReturn(expiringCode); when(expiringCodeStore.retrieveCode(anyString(), eq(IdentityZoneHolder.get().getId()))) .thenReturn(expiringCode); when(expiringCodeStore.generateCode(anyString(), any(), eq(INVITATION.name()), eq(IdentityZoneHolder.get().getId()))) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/InvitationsServiceMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/InvitationsServiceMockMvcTests.java index 9c929b024b0..0dd9870385d 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/InvitationsServiceMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/InvitationsServiceMockMvcTests.java @@ -207,7 +207,7 @@ void acceptInvitationForVerifiedUserSendsRedirect() throws Exception { } @Test - void acceptInvitationForUaaUserShouldExpireInvitelink() throws Exception { + void acceptInvitationForUaaUserShouldNotExpireInvitelink() throws Exception { String email = new RandomValueStringGenerator().generate().toLowerCase() + "@test.org"; URL inviteLink = inviteUser(webApplicationContext, mockMvc, email, userInviteToken, null, clientId, OriginKeys.UAA); assertEquals(OriginKeys.UAA, queryUserForField(jdbcTemplate, email, OriginKeys.ORIGIN, String.class)); @@ -218,9 +218,10 @@ void acceptInvitationForUaaUserShouldExpireInvitelink() throws Exception { .accept(MediaType.TEXT_HTML); mockMvc.perform(get) .andExpect(status().isOk()); - mockMvc.perform(get) - .andExpect(status().isUnprocessableEntity()); + .andExpect(status().isOk()); + mockMvc.perform(get) + .andExpect(status().isOk()); } @Test