[SYNCOPE-1582] Adding CAS client support

core/am/logic/src/main/java/org/apache/syncope/core/logic/wa/WAClientAppLogic.java

@@ -29,8 +29,10 @@
 import org.apache.syncope.common.lib.types.ClientAppType;
 import org.apache.syncope.common.lib.types.IdRepoEntitlement;
 import org.apache.syncope.core.persistence.api.dao.NotFoundException;
+import org.apache.syncope.core.persistence.api.dao.auth.CASSPDAO;
 import org.apache.syncope.core.persistence.api.dao.auth.OIDCRPDAO;
 import org.apache.syncope.core.persistence.api.dao.auth.SAML2SPDAO;
+import org.apache.syncope.core.persistence.api.entity.auth.CASSP;
 import org.apache.syncope.core.persistence.api.entity.auth.OIDCRP;
 import org.apache.syncope.core.persistence.api.entity.auth.SAML2SP;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -51,6 +53,9 @@ public class WAClientAppLogic {
     @Autowired
     private OIDCRPDAO oidcrpDAO;
 
+    @Autowired
+    private CASSPDAO casspDAO;
+
     @PreAuthorize("hasRole('" + IdRepoEntitlement.ANONYMOUS + "')")
     @Transactional(readOnly = true)
     public List<WAClientApp> list() {
@@ -64,9 +69,14 @@ public List<WAClientApp> list() {
                     break;
 
                 case SAML2SP:
-                default:
                     clientApps.addAll(saml2spDAO.findAll().stream().
                             map(binder::getWAClientApp).collect(Collectors.toList()));
+                    break;
+
+                case CASSP:
+                default:
+                    clientApps.addAll(casspDAO.findAll().stream().
+                            map(binder::getWAClientApp).collect(Collectors.toList()));
             }
         });
 
@@ -91,6 +101,13 @@ private WAClientApp doRead(final Long clientAppId, final ClientAppType type) {
                 }
                 break;
 
+            case CASSP:
+                CASSP cassp = casspDAO.findByClientAppId(clientAppId);
+                if (cassp != null) {
+                    clientApp = binder.getWAClientApp(cassp);
+                }
+                break;
+
             default:
         }
 
@@ -134,6 +151,13 @@ private WAClientApp doRead(final String name, final ClientAppType type) {
                 }
                 break;
 
+            case CASSP:
+                CASSP cassp = casspDAO.findByName(name);
+                if (cassp != null) {
+                    clientApp = binder.getWAClientApp(cassp);
+                }
+                break;
+
             default:
         }
 

fit/wa-reference/src/test/java/org/apache/syncope/fit/sra/AbstractITCase.java

@@ -44,6 +44,7 @@
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.http.Consts;
 import org.apache.http.HttpStatus;
@@ -96,6 +97,9 @@ public abstract class AbstractITCase {
 
     protected static final String SRA_ADDRESS = "http://localhost:" + PORT;
 
+    protected static final String QUERY_STRING =
+            "key1=value1&key2=value2&key2=value3&key3=an%20url%20encoded%20value%3A%20this%21";
+
     protected static final String LOGGED_OUT_HEADER = "X-LOGGED-OUT";
 
     protected static SyncopeClientFactoryBean clientFactory;
@@ -332,12 +336,16 @@ protected static ObjectNode checkGetResponse(
         assertEquals("value2", key2.get(0).asText());
         assertEquals("value3", key2.get(1).asText());
 
+        assertEquals("an url encoded value: this!", args.get("key3").asText());
+
         ObjectNode headers = (ObjectNode) json.get("headers");
         assertEquals(MediaType.TEXT_HTML, headers.get(HttpHeaders.ACCEPT).asText());
         assertEquals(EN_LANGUAGE, headers.get(HttpHeaders.ACCEPT_LANGUAGE).asText());
         assertEquals("localhost:" + PORT, headers.get("X-Forwarded-Host").asText());
 
-        assertEquals(originalRequestURI, json.get("url").asText());
+        assertEquals(
+                StringUtils.substringBefore(originalRequestURI, "?"),
+                StringUtils.substringBefore(json.get("url").asText(), "?"));
 
         return headers;
     }

fit/wa-reference/src/test/java/org/apache/syncope/fit/sra/CASSRAITCase.java

@@ -0,0 +1,154 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.fit.sra;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.fail;
+import static org.junit.jupiter.api.Assumptions.assumeTrue;
+
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import java.io.IOException;
+import java.lang.invoke.MethodHandles;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.TimeoutException;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import org.apache.http.Consts;
+import org.apache.http.HttpStatus;
+import org.apache.http.NameValuePair;
+import org.apache.http.client.entity.UrlEncodedFormEntity;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.client.protocol.HttpClientContext;
+import org.apache.http.impl.client.BasicCookieStore;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.message.BasicNameValuePair;
+import org.apache.http.util.EntityUtils;
+import org.apache.syncope.common.lib.to.client.CASSPTO;
+import org.apache.syncope.common.lib.types.ClientAppType;
+import org.apache.syncope.common.rest.api.RESTHeaders;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+
+public class CASSRAITCase extends AbstractITCase {
+
+    @BeforeAll
+    public static void startSRA() throws IOException, InterruptedException, TimeoutException {
+        assumeTrue(CASSRAITCase.class.equals(MethodHandles.lookup().lookupClass()));
+
+        doStartSRA("cas");
+    }
+
+    @BeforeAll
+    public static void clientAppSetup() {
+        String appName = CASSRAITCase.class.getName();
+        CASSPTO clientApp = clientAppService.list(ClientAppType.CASSP).stream().
+                filter(app -> appName.equals(app.getName())).
+                map(CASSPTO.class::cast).
+                findFirst().
+                orElseGet(() -> {
+                    CASSPTO app = new CASSPTO();
+                    app.setName(appName);
+                    app.setClientAppId(4L);
+                    app.setServiceId("http://localhost:8080/.*");
+
+                    Response response = clientAppService.create(ClientAppType.CASSP, app);
+                    if (response.getStatusInfo().getStatusCode() != Response.Status.CREATED.getStatusCode()) {
+                        fail("Could not create CAS Client App");
+                    }
+
+                    return clientAppService.read(
+                            ClientAppType.CASSP, response.getHeaderString(RESTHeaders.RESOURCE_KEY));
+                });
+
+        clientApp.setAuthPolicy(getAuthPolicy().getKey());
+
+        clientAppService.update(ClientAppType.CASSP, clientApp);
+        clientAppService.pushToWA();
+    }
+
+    @Test
+    public void web() throws IOException {
+        CloseableHttpClient httpclient = HttpClients.createDefault();
+        HttpClientContext context = HttpClientContext.create();
+        context.setCookieStore(new BasicCookieStore());
+
+        // 1. public
+        HttpGet get = new HttpGet(SRA_ADDRESS + "/public/get?" + QUERY_STRING);
+        get.addHeader(HttpHeaders.ACCEPT, MediaType.TEXT_HTML);
+        get.addHeader(HttpHeaders.ACCEPT_LANGUAGE, EN_LANGUAGE);
+        CloseableHttpResponse response = httpclient.execute(get, context);
+
+        ObjectNode headers = checkGetResponse(response, get.getURI().toASCIIString().replace("/public", ""));
+        assertFalse(headers.has(HttpHeaders.COOKIE));
+
+        // 2. protected
+        get = new HttpGet(SRA_ADDRESS + "/protected/get?" + QUERY_STRING);
+        String originalRequestURI = get.getURI().toASCIIString();
+        get.addHeader(HttpHeaders.ACCEPT, MediaType.TEXT_HTML);
+        get.addHeader(HttpHeaders.ACCEPT_LANGUAGE, EN_LANGUAGE);
+        response = httpclient.execute(get, context);
+        assertEquals(HttpStatus.SC_OK, response.getStatusLine().getStatusCode());
+
+        // 2a. authenticate
+        String responseBody = EntityUtils.toString(response.getEntity());
+        response = authenticateToCas(responseBody, httpclient, context);
+
+        // 2b. WA attribute consent screen
+        if (response.getStatusLine().getStatusCode() == HttpStatus.SC_OK) {
+            responseBody = EntityUtils.toString(response.getEntity());
+            String execution = extractCASExecution(responseBody);
+
+            List<NameValuePair> form = new ArrayList<>();
+            form.add(new BasicNameValuePair("_eventId", "confirm"));
+            form.add(new BasicNameValuePair("execution", execution));
+            form.add(new BasicNameValuePair("option", "1"));
+            form.add(new BasicNameValuePair("reminder", "30"));
+            form.add(new BasicNameValuePair("reminderTimeUnit", "days"));
+
+            HttpPost post = new HttpPost(WA_ADDRESS + "/login");
+            post.addHeader(HttpHeaders.ACCEPT, MediaType.TEXT_HTML);
+            post.addHeader(HttpHeaders.ACCEPT_LANGUAGE, EN_LANGUAGE);
+            post.setEntity(new UrlEncodedFormEntity(form, Consts.UTF_8));
+            response = httpclient.execute(post, context);
+        }
+        assertEquals(HttpStatus.SC_MOVED_TEMPORARILY, response.getStatusLine().getStatusCode());
+
+        // 2c. finally get requested content
+        get = new HttpGet(response.getFirstHeader(HttpHeaders.LOCATION).getValue());
+        get.addHeader(HttpHeaders.ACCEPT, MediaType.TEXT_HTML);
+        get.addHeader(HttpHeaders.ACCEPT_LANGUAGE, EN_LANGUAGE);
+        response = httpclient.execute(get, context);
+
+        headers = checkGetResponse(response, originalRequestURI.replace("/protected", ""));
+        assertFalse(headers.get(HttpHeaders.COOKIE).asText().isBlank());
+
+        // 3. logout
+        get = new HttpGet(SRA_ADDRESS + "/protected/logout");
+        get.addHeader(HttpHeaders.ACCEPT_LANGUAGE, EN_LANGUAGE);
+        response = httpclient.execute(get, context);
+
+        checkLogout(response);
+    }
+}

fit/wa-reference/src/test/java/org/apache/syncope/fit/sra/OIDCSRAITCase.java

@@ -144,7 +144,7 @@ public void web() throws IOException {
         context.setCookieStore(new BasicCookieStore());
 
         // 1. public
-        HttpGet get = new HttpGet(SRA_ADDRESS + "/public/get?key1=value1&key2=value2&key2=value3");
+        HttpGet get = new HttpGet(SRA_ADDRESS + "/public/get?" + QUERY_STRING);
         get.addHeader(HttpHeaders.ACCEPT, MediaType.TEXT_HTML);
         get.addHeader(HttpHeaders.ACCEPT_LANGUAGE, EN_LANGUAGE);
         CloseableHttpResponse response = httpclient.execute(get, context);
@@ -153,7 +153,7 @@ public void web() throws IOException {
         assertFalse(headers.has(HttpHeaders.COOKIE));
 
         // 2. protected
-        get = new HttpGet(SRA_ADDRESS + "/protected/get?key1=value1&key2=value2&key2=value3");
+        get = new HttpGet(SRA_ADDRESS + "/protected/get?" + QUERY_STRING);
         String originalRequestURI = get.getURI().toASCIIString();
         get.addHeader(HttpHeaders.ACCEPT, MediaType.TEXT_HTML);
         get.addHeader(HttpHeaders.ACCEPT_LANGUAGE, EN_LANGUAGE);

fit/wa-reference/src/test/java/org/apache/syncope/fit/sra/SAML2SRAITCase.java

@@ -35,7 +35,6 @@
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
-import org.apache.commons.lang3.tuple.Pair;
 import org.apache.commons.lang3.tuple.Triple;
 import org.apache.commons.text.StringEscapeUtils;
 import org.apache.http.Consts;
@@ -156,7 +155,7 @@ public void web() throws IOException {
         context.setCookieStore(new BasicCookieStore());
 
         // 1. public
-        HttpGet get = new HttpGet(SRA_ADDRESS + "/public/get?key1=value1&key2=value2&key2=value3");
+        HttpGet get = new HttpGet(SRA_ADDRESS + "/public/get?" + QUERY_STRING);
         get.addHeader(HttpHeaders.ACCEPT, MediaType.TEXT_HTML);
         get.addHeader(HttpHeaders.ACCEPT_LANGUAGE, EN_LANGUAGE);
         CloseableHttpResponse response = httpclient.execute(get, context);
@@ -165,7 +164,7 @@ public void web() throws IOException {
         assertFalse(headers.has(HttpHeaders.COOKIE));
 
         // 2. protected
-        get = new HttpGet(SRA_ADDRESS + "/protected/get?key1=value1&key2=value2&key2=value3");
+        get = new HttpGet(SRA_ADDRESS + "/protected/get?" + QUERY_STRING);
         String originalRequestURI = get.getURI().toASCIIString();
         get.addHeader(HttpHeaders.ACCEPT, MediaType.TEXT_HTML);
         get.addHeader(HttpHeaders.ACCEPT_LANGUAGE, EN_LANGUAGE);

fit/wa-reference/src/test/resources/application-cas.properties

@@ -0,0 +1,21 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+am.type=CAS
+am.cas.server.name=http://localhost:80
+am.cas.url.prefix=http://localhost:9080/syncope-wa/
+
+global.postLogout=http://localhost:8080/logout

pom.xml

@@ -450,6 +450,7 @@ under the License.
     <pac4j.version>4.0.3</pac4j.version>
 
     <cas.version>6.3.0-SNAPSHOT</cas.version>
+    <cas-client.version>3.6.1</cas-client.version>
 
     <h2.version>1.4.200</h2.version>
 
@@ -1374,6 +1375,12 @@ under the License.
         <groupId>org.pac4j</groupId>
         <artifactId>pac4j-saml</artifactId>
         <version>${pac4j.version}</version>
+        <exclusions>
+          <exclusion>
+            <groupId>org.apache.velocity</groupId>
+            <artifactId>velocity</artifactId>            
+          </exclusion>
+        </exclusions>
       </dependency>
       <dependency>
         <groupId>org.pac4j</groupId>
@@ -1643,6 +1650,12 @@ under the License.
         <artifactId>cas-server-webapp-config</artifactId>
         <version>${cas.version}</version>
       </dependency>
+
+      <dependency>
+        <groupId>org.jasig.cas.client</groupId>
+        <artifactId>cas-client-core</artifactId>
+        <version>${cas-client.version}</version>
+      </dependency>
       <!-- /CAS -->
 
       <!-- Wicket -->

sra/pom.xml

@@ -82,7 +82,12 @@ under the License.
       <artifactId>pac4j-saml</artifactId>
     </dependency>
 
-    <dependency> 
+    <dependency>
+      <groupId>org.jasig.cas.client</groupId>
+      <artifactId>cas-client-core</artifactId>
+    </dependency>
+
+    <dependency>
       <groupId>org.springframework.session</groupId>
       <artifactId>spring-session-core</artifactId> 
     </dependency>