Clean up monitors with individual settings for access, etc.

apereo · Feb 23, 2017 · 086e636 · 086e636
1 parent 578588b
commit 086e636
Show file tree

Hide file tree

Showing 15 changed files with 112 additions and 49 deletions.
diff --git a/...ava/org/apereo/cas/support/events/authentication/CasAuthenticationPolicyFailureEvent.java b/...ava/org/apereo/cas/support/events/authentication/CasAuthenticationPolicyFailureEvent.java
@@ -2,7 +2,6 @@
 
 import org.apereo.cas.authentication.Authentication;
 import org.apereo.cas.authentication.AuthenticationTransaction;
-import org.apereo.cas.authentication.Credential;
 
 import java.util.Map;
 

diff --git a/...tion/src/main/java/org/apereo/cas/configuration/model/core/monitor/MonitorProperties.java b/...tion/src/main/java/org/apereo/cas/configuration/model/core/monitor/MonitorProperties.java
@@ -1,10 +1,9 @@
 package org.apereo.cas.configuration.model.core.monitor;
 
+import org.apereo.cas.configuration.model.support.ConnectionPoolingProperties;
 import org.apereo.cas.configuration.model.support.jpa.AbstractJpaProperties;
 import org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties;
 import org.apereo.cas.configuration.support.Beans;
-import org.apereo.cas.configuration.model.support.ConnectionPoolingProperties;
-import org.springframework.boot.actuate.endpoint.EndpointProperties;
 import org.springframework.boot.context.properties.NestedConfigurationProperty;
 
 /**

diff --git a/docs/cas-server-documentation/installation/Configuration-Properties.md b/docs/cas-server-documentation/installation/Configuration-Properties.md
@@ -3672,7 +3672,7 @@ To learn more about this topic, [please review this guide](Webflow-Customization
 ### Acceptable Usage Policy
 
 Decide how CAS should attempt to determine whether AUP is accepted.
-To learn more about this topic, [please review this guide](User-Interface-Customization-AUP.html).
+To learn more about this topic, [please review this guide](Webflow-Customization-AUP.html).
 
 
 ```properties

diff --git a/...pport-reports/src/main/java/org/apereo/cas/web/report/AuthenticationEventsController.java b/...pport-reports/src/main/java/org/apereo/cas/web/report/AuthenticationEventsController.java
@@ -3,7 +3,6 @@
 import org.apereo.cas.configuration.CasConfigurationProperties;
 import org.apereo.cas.support.events.dao.CasEvent;
 import org.apereo.cas.support.events.CasEventRepository;
-import org.springframework.boot.actuate.endpoint.mvc.AbstractNamedMvcEndpoint;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.ResponseBody;
@@ -40,6 +39,7 @@ public AuthenticationEventsController(final CasEventRepository eventRepository,
     @GetMapping
     protected ModelAndView handleRequestInternal(final HttpServletRequest request,
                                                  final HttpServletResponse response) throws Exception {
+        ensureEndpointAccessIsAuthorized(request, response);
         return new ModelAndView("monitoring/viewAuthenticationEvents");
     }
 
@@ -54,6 +54,7 @@ protected ModelAndView handleRequestInternal(final HttpServletRequest request,
     @GetMapping(value = "/getEvents")
     @ResponseBody
     public Collection<CasEvent> getRecords(final HttpServletRequest request, final HttpServletResponse response) throws Exception {
+        ensureEndpointAccessIsAuthorized(request, response);
         return this.eventRepository.load();
     }
 }
diff --git a/...as-server-support-reports/src/main/java/org/apereo/cas/web/report/BaseCasMvcEndpoint.java b/...as-server-support-reports/src/main/java/org/apereo/cas/web/report/BaseCasMvcEndpoint.java
@@ -23,6 +23,7 @@ public abstract class BaseCasMvcEndpoint extends AbstractNamedMvcEndpoint {
     /**
      * Instantiates a new Base cas mvc endpoint.
      * Endpoints are by default sensitive.
+     *
      * @param name     the name
      * @param path     the path
      * @param endpoint the endpoint
@@ -38,11 +39,9 @@ public BaseCasMvcEndpoint(final String name, final String path, final MonitorPro
      *
      * @param request  the request
      * @param response the response
-     * @throws Exception the exception
      */
-
     protected void ensureEndpointAccessIsAuthorized(final HttpServletRequest request,
-                                                    final HttpServletResponse response) throws Exception {
+                                                    final HttpServletResponse response) {
         if (!isEnabled()) {
             response.setStatus(HttpStatus.UNAUTHORIZED.value());
             throw new UnuauthorizedEndpointException();

diff --git a/...support-reports/src/main/java/org/apereo/cas/web/report/ConfigurationStateController.java b/...support-reports/src/main/java/org/apereo/cas/web/report/ConfigurationStateController.java
@@ -7,7 +7,6 @@
 import org.apereo.cas.web.report.util.ControllerUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.actuate.endpoint.EnvironmentEndpoint;
-import org.springframework.boot.actuate.endpoint.mvc.AbstractNamedMvcEndpoint;
 import org.springframework.cloud.bus.BusProperties;
 import org.springframework.cloud.config.server.config.ConfigServerProperties;
 import org.springframework.context.ApplicationEventPublisher;
@@ -80,6 +79,8 @@ public void init() {
     @GetMapping
     protected ModelAndView handleRequestInternal(final HttpServletRequest request,
                                                  final HttpServletResponse response) throws Exception {
+        ensureEndpointAccessIsAuthorized(request, response);
+
         final Map<String, Object> model = new HashMap<>();
         final String path = request.getContextPath();
         ControllerUtils.configureModelMapForConfigServerCloudBusEndpoints(busProperties, configServerProperties, path, model);
@@ -96,6 +97,8 @@ protected ModelAndView handleRequestInternal(final HttpServletRequest request,
     @GetMapping("/getConfiguration")
     @ResponseBody
     protected Map getConfiguration(final HttpServletRequest request, final HttpServletResponse response) {
+        ensureEndpointAccessIsAuthorized(request, response);
+
         final String patternStr = String.format("(%s|configService:|applicationConfig:).+(application|cas).+", CasOverridingPropertySource.SOURCE_NAME);
         final Pattern pattern = RegexUtils.createPattern(patternStr);
 
@@ -135,6 +138,8 @@ protected void updateConfiguration(@RequestBody final Map<String, Map<String, St
                                        final HttpServletRequest request,
                                        final HttpServletResponse response) {
 
+        ensureEndpointAccessIsAuthorized(request, response);
+
         final Map<String, String> oldData = jsonInput.get("old");
         final Map<String, String> newData = jsonInput.get("new");
 

diff --git a/...s-server-support-reports/src/main/java/org/apereo/cas/web/report/DashboardController.java b/...s-server-support-reports/src/main/java/org/apereo/cas/web/report/DashboardController.java
@@ -6,7 +6,6 @@
 import org.springframework.boot.actuate.endpoint.EndpointProperties;
 import org.springframework.boot.actuate.endpoint.EnvironmentEndpoint;
 import org.springframework.boot.actuate.endpoint.ShutdownEndpoint;
-import org.springframework.boot.actuate.endpoint.mvc.AbstractNamedMvcEndpoint;
 import org.springframework.cloud.bus.BusProperties;
 import org.springframework.cloud.config.server.config.ConfigServerProperties;
 import org.springframework.cloud.context.restart.RestartEndpoint;
@@ -71,6 +70,9 @@ public DashboardController(final CasConfigurationProperties casProperties) {
     @GetMapping
     public ModelAndView handle(final HttpServletRequest request,
                                final HttpServletResponse response) throws Exception {
+
+        ensureEndpointAccessIsAuthorized(request, response);
+
         final Map<String, Object> model = new HashMap<>();
         final String path = request.getContextPath();
         ControllerUtils.configureModelMapForConfigServerCloudBusEndpoints(busProperties, configServerProperties, path, model);

diff --git a/...server-support-reports/src/main/java/org/apereo/cas/web/report/HealthCheckController.java b/...server-support-reports/src/main/java/org/apereo/cas/web/report/HealthCheckController.java
@@ -50,6 +50,8 @@ public HealthCheckController(final Monitor<HealthStatus> healthCheckMonitor, fin
     @ResponseBody
     protected WebAsyncTask<HealthStatus> handleRequestInternal(final HttpServletRequest request, final HttpServletResponse response) throws Exception {
 
+        ensureEndpointAccessIsAuthorized(request, response);
+
         final Callable<HealthStatus> asyncTask = () -> {
             final HealthStatus healthStatus = healthCheckMonitor.observe();
             response.setStatus(healthStatus.getCode().value());

diff --git a/...rver-support-reports/src/main/java/org/apereo/cas/web/report/LoggingConfigController.java b/...rver-support-reports/src/main/java/org/apereo/cas/web/report/LoggingConfigController.java
@@ -90,11 +90,16 @@ public void initialize() {
     /**
      * Gets default view.
      *
+     * @param request  the request
+     * @param response the response
      * @return the default view
      * @throws Exception the exception
      */
     @GetMapping
-    public ModelAndView getDefaultView() throws Exception {
+    public ModelAndView getDefaultView(final HttpServletRequest request,
+                                       final HttpServletResponse response) throws Exception {
+        ensureEndpointAccessIsAuthorized(request, response);
+
         final Map<String, Object> model = new HashMap<>();
         model.put("logConfigurationFile", logConfigurationFile.getURI().toString());
         return new ModelAndView(VIEW_CONFIG, model);
@@ -111,6 +116,8 @@ public ModelAndView getDefaultView() throws Exception {
     @GetMapping(value = "/getActiveLoggers")
     @ResponseBody
     public Map<String, Object> getActiveLoggers(final HttpServletRequest request, final HttpServletResponse response) throws Exception {
+        ensureEndpointAccessIsAuthorized(request, response);
+
         final Map<String, Object> responseMap = new HashMap<>();
         final Map<String, Logger> loggers = getActiveLoggersInFactory();
         responseMap.put("activeLoggers", loggers.values());
@@ -130,6 +137,7 @@ public Map<String, Object> getActiveLoggers(final HttpServletRequest request, fi
     @GetMapping(value = "/getConfiguration")
     @ResponseBody
     public Map<String, Object> getConfiguration(final HttpServletRequest request, final HttpServletResponse response) throws Exception {
+        ensureEndpointAccessIsAuthorized(request, response);
 
         final Collection<Map<String, Object>> configuredLoggers = new HashSet<>();
         getLoggerConfigurations().forEach(config -> {
@@ -222,8 +230,9 @@ public void updateLoggerLevel(@RequestParam final String loggerName,
                                   @RequestParam final String loggerLevel,
                                   @RequestParam(defaultValue = "false") final boolean additive,
                                   final HttpServletRequest request,
-                                  final HttpServletResponse response)
-            throws Exception {
+                                  final HttpServletResponse response) throws Exception {
+
+        ensureEndpointAccessIsAuthorized(request, response);
 
         final Collection<LoggerConfig> loggerConfigs = getLoggerConfigurations();
         loggerConfigs.stream().
@@ -246,6 +255,7 @@ public void updateLoggerLevel(@RequestParam final String loggerName,
     @GetMapping(value = "/getAuditLog")
     @ResponseBody
     public Set<AuditActionContext> getAuditLog(final HttpServletRequest request, final HttpServletResponse response) throws Exception {
+        ensureEndpointAccessIsAuthorized(request, response);
         return this.auditTrailManager.get();
     }
 }
diff --git a/...cas-server-support-reports/src/main/java/org/apereo/cas/web/report/MetricsController.java b/...cas-server-support-reports/src/main/java/org/apereo/cas/web/report/MetricsController.java
@@ -5,7 +5,6 @@
 import org.apereo.cas.configuration.CasConfigurationProperties;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
-import org.springframework.boot.actuate.endpoint.mvc.AbstractNamedMvcEndpoint;
 import org.springframework.context.ApplicationContext;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.context.WebApplicationContext;
@@ -47,6 +46,7 @@ public MetricsController(final CasConfigurationProperties casProperties) {
      */
     @GetMapping
     public void handle(final HttpServletRequest request, final HttpServletResponse response) throws Exception {
+        ensureEndpointAccessIsAuthorized(request, response);
         final MetricsServlet servlet = new MetricsServlet(this.metrics);
         servlet.init(new DelegatingServletConfig());
         servlet.service(request, response);

diff --git a/...src/main/java/org/apereo/cas/web/report/PersonDirectoryAttributeResolutionController.java b/...src/main/java/org/apereo/cas/web/report/PersonDirectoryAttributeResolutionController.java
@@ -6,7 +6,6 @@
 import org.apereo.cas.configuration.CasConfigurationProperties;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
-import org.springframework.boot.actuate.endpoint.mvc.AbstractNamedMvcEndpoint;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -25,7 +24,7 @@
  * @since 5.0.0
  */
 public class PersonDirectoryAttributeResolutionController extends BaseCasMvcEndpoint {
-    
+
     @Autowired
     @Qualifier("personDirectoryPrincipalResolver")
     private PrincipalResolver personDirectoryPrincipalResolver;
@@ -45,20 +44,25 @@ public PersonDirectoryAttributeResolutionController(final CasConfigurationProper
     @GetMapping
     protected ModelAndView handleRequestInternal(final HttpServletRequest request,
                                                  final HttpServletResponse response) throws Exception {
+        ensureEndpointAccessIsAuthorized(request, response);
         return new ModelAndView("monitoring/attrresolution");
     }
 
     /**
      * Resolve principal attributes map.
      *
-     * @param uid     the uid
-     * @param request the request
+     * @param uid      the uid
+     * @param request  the request
+     * @param response the response
      * @return the map
      * @throws Exception the exception
      */
     @PostMapping(value = "/resolveattrs")
     @ResponseBody
-    public Map<String, Object> resolvePrincipalAttributes(@RequestParam final String uid, final HttpServletRequest request) throws Exception {
+    public Map<String, Object> resolvePrincipalAttributes(@RequestParam final String uid,
+                                                          final HttpServletRequest request,
+                                                          final HttpServletResponse response) throws Exception {
+        ensureEndpointAccessIsAuthorized(request, response);
         final Principal p = personDirectoryPrincipalResolver.resolve(new BasicIdentifiableCredential(uid));
         final Map<String, Object> map = new LinkedHashMap<>();
         map.put("uid", p.getId());

diff --git a/...-reports/src/main/java/org/apereo/cas/web/report/SingleSignOnSessionStatusController.java b/...-reports/src/main/java/org/apereo/cas/web/report/SingleSignOnSessionStatusController.java
@@ -6,7 +6,6 @@
 import org.apereo.cas.configuration.CasConfigurationProperties;
 import org.apereo.cas.ticket.registry.TicketRegistrySupport;
 import org.apereo.cas.web.support.CookieRetrievingCookieGenerator;
-import org.springframework.boot.actuate.endpoint.mvc.AbstractNamedMvcEndpoint;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -42,8 +41,9 @@ public SingleSignOnSessionStatusController(final CookieRetrievingCookieGenerator
      */
     @GetMapping(produces = MediaType.TEXT_PLAIN_VALUE)
     @ResponseBody
-    public String getStatus(final HttpServletRequest request,
-                            final HttpServletResponse response) {
+    public String getStatus(final HttpServletRequest request, final HttpServletResponse response) {
+        ensureEndpointAccessIsAuthorized(request, response);
+
         final String tgtId = this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request);
         if (StringUtils.isBlank(tgtId)) {
             response.setStatus(HttpStatus.GONE.value());

diff --git a/...reports/src/main/java/org/apereo/cas/web/report/SingleSignOnSessionsReportController.java b/...reports/src/main/java/org/apereo/cas/web/report/SingleSignOnSessionsReportController.java
@@ -10,15 +10,14 @@
 import org.apereo.cas.util.ISOStandardDateFormat;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.actuate.endpoint.mvc.AbstractNamedMvcEndpoint;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.context.request.async.WebAsyncTask;
 import org.springframework.web.servlet.ModelAndView;
 
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -41,7 +40,7 @@ public class SingleSignOnSessionsReportController extends BaseCasMvcEndpoint {
     private static final String STATUS = "status";
     private static final String TICKET_GRANTING_TICKET = "ticketGrantingTicket";
     private static final Logger LOGGER = LoggerFactory.getLogger(SingleSignOnSessionsReportController.class);
-    
+
     private CasConfigurationProperties casProperties;
 
     private enum SsoSessionReportOptions {
@@ -160,12 +159,17 @@ private Collection<Ticket> getNonExpiredTicketGrantingTickets() {
     /**
      * Endpoint for getting SSO Sessions in JSON format.
      *
-     * @param type the type
+     * @param type     the type
+     * @param request  the request
+     * @param response the response
      * @return the sso sessions
      */
     @GetMapping(value = "/getSsoSessions")
     @ResponseBody
-    public WebAsyncTask<Map<String, Object>> getSsoSessions(@RequestParam(defaultValue = "ALL") final String type) {
+    public WebAsyncTask<Map<String, Object>> getSsoSessions(@RequestParam(defaultValue = "ALL") final String type,
+                                                            final HttpServletRequest request,
+                                                            final HttpServletResponse response) {
+        ensureEndpointAccessIsAuthorized(request, response);
 
         final Callable<Map<String, Object>> asyncTask = () -> {
             final Map<String, Object> sessionsMap = new HashMap<>(1);
@@ -214,11 +218,17 @@ public WebAsyncTask<Map<String, Object>> getSsoSessions(@RequestParam(defaultVal
      * Endpoint for destroying a single SSO Session.
      *
      * @param ticketGrantingTicket the ticket granting ticket
+     * @param request              the request
+     * @param response             the response
      * @return result map
      */
     @PostMapping(value = "/destroySsoSession")
     @ResponseBody
-    public Map<String, Object> destroySsoSession(@RequestParam final String ticketGrantingTicket) {
+    public Map<String, Object> destroySsoSession(@RequestParam final String ticketGrantingTicket,
+                                                 final HttpServletRequest request,
+                                                 final HttpServletResponse response) {
+        ensureEndpointAccessIsAuthorized(request, response);
+
         final Map<String, Object> sessionsMap = new HashMap<>(1);
         try {
             this.centralAuthenticationService.destroyTicketGrantingTicket(ticketGrantingTicket);
@@ -236,12 +246,18 @@ public Map<String, Object> destroySsoSession(@RequestParam final String ticketGr
     /**
      * Endpoint for destroying SSO Sessions.
      *
-     * @param type the type
+     * @param type     the type
+     * @param request  the request
+     * @param response the response
      * @return result map
      */
     @PostMapping(value = "/destroySsoSessions")
     @ResponseBody
-    public Map<String, Object> destroySsoSessions(@RequestParam(defaultValue = "ALL") final String type) {
+    public Map<String, Object> destroySsoSessions(@RequestParam(defaultValue = "ALL") final String type,
+                                                  final HttpServletRequest request,
+                                                  final HttpServletResponse response) {
+        ensureEndpointAccessIsAuthorized(request, response);
+
         final Map<String, Object> sessionsMap = new HashMap<>();
         final Map<String, String> failedTickets = new HashMap<>();
 
@@ -268,11 +284,16 @@ public Map<String, Object> destroySsoSessions(@RequestParam(defaultValue = "ALL"
     /**
      * Show sso sessions.
      *
+     * @param request  the request
+     * @param response the response
      * @return the model and view where json data will be rendered
      * @throws Exception thrown during json processing
      */
     @GetMapping
-    public ModelAndView showSsoSessions() throws Exception {
+    public ModelAndView showSsoSessions(final HttpServletRequest request,
+                                        final HttpServletResponse response) throws Exception {
+        ensureEndpointAccessIsAuthorized(request, response);
+
         return new ModelAndView(VIEW_SSO_SESSIONS);
     }
 }