From 086e63614f6c4083a64f6c0ad66d7375eca3bb98 Mon Sep 17 00:00:00 2001 From: Misagh Moayyed Date: Thu, 23 Feb 2017 22:39:47 +0330 Subject: [PATCH] Clean up monitors with individual settings for access, etc. --- .../CasAuthenticationPolicyFailureEvent.java | 1 - .../model/core/monitor/MonitorProperties.java | 3 +- .../installation/Configuration-Properties.md | 2 +- .../AuthenticationEventsController.java | 3 +- .../cas/web/report/BaseCasMvcEndpoint.java | 5 +-- .../report/ConfigurationStateController.java | 7 +++- .../cas/web/report/DashboardController.java | 4 +- .../cas/web/report/HealthCheckController.java | 2 + .../web/report/LoggingConfigController.java | 16 ++++++-- .../cas/web/report/MetricsController.java | 2 +- ...irectoryAttributeResolutionController.java | 14 ++++--- .../SingleSignOnSessionStatusController.java | 6 +-- .../SingleSignOnSessionsReportController.java | 39 ++++++++++++++----- .../cas/web/report/StatisticsController.java | 32 +++++++++------ .../web/report/TrustedDevicesController.java | 25 +++++++++--- 15 files changed, 112 insertions(+), 49 deletions(-) diff --git a/api/cas-server-core-api-events/src/main/java/org/apereo/cas/support/events/authentication/CasAuthenticationPolicyFailureEvent.java b/api/cas-server-core-api-events/src/main/java/org/apereo/cas/support/events/authentication/CasAuthenticationPolicyFailureEvent.java index 801e01871b85..6b779ad80cad 100644 --- a/api/cas-server-core-api-events/src/main/java/org/apereo/cas/support/events/authentication/CasAuthenticationPolicyFailureEvent.java +++ b/api/cas-server-core-api-events/src/main/java/org/apereo/cas/support/events/authentication/CasAuthenticationPolicyFailureEvent.java @@ -2,7 +2,6 @@ import org.apereo.cas.authentication.Authentication; import org.apereo.cas.authentication.AuthenticationTransaction; -import org.apereo.cas.authentication.Credential; import java.util.Map; diff --git a/core/cas-server-core-configuration/src/main/java/org/apereo/cas/configuration/model/core/monitor/MonitorProperties.java b/core/cas-server-core-configuration/src/main/java/org/apereo/cas/configuration/model/core/monitor/MonitorProperties.java index 3f820142c7b9..6d10b9789b14 100644 --- a/core/cas-server-core-configuration/src/main/java/org/apereo/cas/configuration/model/core/monitor/MonitorProperties.java +++ b/core/cas-server-core-configuration/src/main/java/org/apereo/cas/configuration/model/core/monitor/MonitorProperties.java @@ -1,10 +1,9 @@ package org.apereo.cas.configuration.model.core.monitor; +import org.apereo.cas.configuration.model.support.ConnectionPoolingProperties; import org.apereo.cas.configuration.model.support.jpa.AbstractJpaProperties; import org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties; import org.apereo.cas.configuration.support.Beans; -import org.apereo.cas.configuration.model.support.ConnectionPoolingProperties; -import org.springframework.boot.actuate.endpoint.EndpointProperties; import org.springframework.boot.context.properties.NestedConfigurationProperty; /** diff --git a/docs/cas-server-documentation/installation/Configuration-Properties.md b/docs/cas-server-documentation/installation/Configuration-Properties.md index ed6b08a49353..4641c5f5675d 100644 --- a/docs/cas-server-documentation/installation/Configuration-Properties.md +++ b/docs/cas-server-documentation/installation/Configuration-Properties.md @@ -3672,7 +3672,7 @@ To learn more about this topic, [please review this guide](Webflow-Customization ### Acceptable Usage Policy Decide how CAS should attempt to determine whether AUP is accepted. -To learn more about this topic, [please review this guide](User-Interface-Customization-AUP.html). +To learn more about this topic, [please review this guide](Webflow-Customization-AUP.html). ```properties diff --git a/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/AuthenticationEventsController.java b/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/AuthenticationEventsController.java index d901d195baac..68e8551908e5 100644 --- a/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/AuthenticationEventsController.java +++ b/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/AuthenticationEventsController.java @@ -3,7 +3,6 @@ import org.apereo.cas.configuration.CasConfigurationProperties; import org.apereo.cas.support.events.dao.CasEvent; import org.apereo.cas.support.events.CasEventRepository; -import org.springframework.boot.actuate.endpoint.mvc.AbstractNamedMvcEndpoint; import org.springframework.boot.autoconfigure.condition.ConditionalOnClass; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.ResponseBody; @@ -40,6 +39,7 @@ public AuthenticationEventsController(final CasEventRepository eventRepository, @GetMapping protected ModelAndView handleRequestInternal(final HttpServletRequest request, final HttpServletResponse response) throws Exception { + ensureEndpointAccessIsAuthorized(request, response); return new ModelAndView("monitoring/viewAuthenticationEvents"); } @@ -54,6 +54,7 @@ protected ModelAndView handleRequestInternal(final HttpServletRequest request, @GetMapping(value = "/getEvents") @ResponseBody public Collection getRecords(final HttpServletRequest request, final HttpServletResponse response) throws Exception { + ensureEndpointAccessIsAuthorized(request, response); return this.eventRepository.load(); } } diff --git a/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/BaseCasMvcEndpoint.java b/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/BaseCasMvcEndpoint.java index b842d82f254f..dfa9f7ffcf21 100644 --- a/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/BaseCasMvcEndpoint.java +++ b/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/BaseCasMvcEndpoint.java @@ -23,6 +23,7 @@ public abstract class BaseCasMvcEndpoint extends AbstractNamedMvcEndpoint { /** * Instantiates a new Base cas mvc endpoint. * Endpoints are by default sensitive. + * * @param name the name * @param path the path * @param endpoint the endpoint @@ -38,11 +39,9 @@ public BaseCasMvcEndpoint(final String name, final String path, final MonitorPro * * @param request the request * @param response the response - * @throws Exception the exception */ - protected void ensureEndpointAccessIsAuthorized(final HttpServletRequest request, - final HttpServletResponse response) throws Exception { + final HttpServletResponse response) { if (!isEnabled()) { response.setStatus(HttpStatus.UNAUTHORIZED.value()); throw new UnuauthorizedEndpointException(); diff --git a/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/ConfigurationStateController.java b/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/ConfigurationStateController.java index eaac560bf667..56eda8791190 100644 --- a/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/ConfigurationStateController.java +++ b/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/ConfigurationStateController.java @@ -7,7 +7,6 @@ import org.apereo.cas.web.report.util.ControllerUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.actuate.endpoint.EnvironmentEndpoint; -import org.springframework.boot.actuate.endpoint.mvc.AbstractNamedMvcEndpoint; import org.springframework.cloud.bus.BusProperties; import org.springframework.cloud.config.server.config.ConfigServerProperties; import org.springframework.context.ApplicationEventPublisher; @@ -80,6 +79,8 @@ public void init() { @GetMapping protected ModelAndView handleRequestInternal(final HttpServletRequest request, final HttpServletResponse response) throws Exception { + ensureEndpointAccessIsAuthorized(request, response); + final Map model = new HashMap<>(); final String path = request.getContextPath(); ControllerUtils.configureModelMapForConfigServerCloudBusEndpoints(busProperties, configServerProperties, path, model); @@ -96,6 +97,8 @@ protected ModelAndView handleRequestInternal(final HttpServletRequest request, @GetMapping("/getConfiguration") @ResponseBody protected Map getConfiguration(final HttpServletRequest request, final HttpServletResponse response) { + ensureEndpointAccessIsAuthorized(request, response); + final String patternStr = String.format("(%s|configService:|applicationConfig:).+(application|cas).+", CasOverridingPropertySource.SOURCE_NAME); final Pattern pattern = RegexUtils.createPattern(patternStr); @@ -135,6 +138,8 @@ protected void updateConfiguration(@RequestBody final Map oldData = jsonInput.get("old"); final Map newData = jsonInput.get("new"); diff --git a/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/DashboardController.java b/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/DashboardController.java index dfed0efbf5bd..33883771c656 100644 --- a/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/DashboardController.java +++ b/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/DashboardController.java @@ -6,7 +6,6 @@ import org.springframework.boot.actuate.endpoint.EndpointProperties; import org.springframework.boot.actuate.endpoint.EnvironmentEndpoint; import org.springframework.boot.actuate.endpoint.ShutdownEndpoint; -import org.springframework.boot.actuate.endpoint.mvc.AbstractNamedMvcEndpoint; import org.springframework.cloud.bus.BusProperties; import org.springframework.cloud.config.server.config.ConfigServerProperties; import org.springframework.cloud.context.restart.RestartEndpoint; @@ -71,6 +70,9 @@ public DashboardController(final CasConfigurationProperties casProperties) { @GetMapping public ModelAndView handle(final HttpServletRequest request, final HttpServletResponse response) throws Exception { + + ensureEndpointAccessIsAuthorized(request, response); + final Map model = new HashMap<>(); final String path = request.getContextPath(); ControllerUtils.configureModelMapForConfigServerCloudBusEndpoints(busProperties, configServerProperties, path, model); diff --git a/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/HealthCheckController.java b/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/HealthCheckController.java index 97154579d767..cfa156beb819 100644 --- a/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/HealthCheckController.java +++ b/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/HealthCheckController.java @@ -50,6 +50,8 @@ public HealthCheckController(final Monitor healthCheckMonitor, fin @ResponseBody protected WebAsyncTask handleRequestInternal(final HttpServletRequest request, final HttpServletResponse response) throws Exception { + ensureEndpointAccessIsAuthorized(request, response); + final Callable asyncTask = () -> { final HealthStatus healthStatus = healthCheckMonitor.observe(); response.setStatus(healthStatus.getCode().value()); diff --git a/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/LoggingConfigController.java b/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/LoggingConfigController.java index aed2acee084e..3100a331950e 100644 --- a/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/LoggingConfigController.java +++ b/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/LoggingConfigController.java @@ -90,11 +90,16 @@ public void initialize() { /** * Gets default view. * + * @param request the request + * @param response the response * @return the default view * @throws Exception the exception */ @GetMapping - public ModelAndView getDefaultView() throws Exception { + public ModelAndView getDefaultView(final HttpServletRequest request, + final HttpServletResponse response) throws Exception { + ensureEndpointAccessIsAuthorized(request, response); + final Map model = new HashMap<>(); model.put("logConfigurationFile", logConfigurationFile.getURI().toString()); return new ModelAndView(VIEW_CONFIG, model); @@ -111,6 +116,8 @@ public ModelAndView getDefaultView() throws Exception { @GetMapping(value = "/getActiveLoggers") @ResponseBody public Map getActiveLoggers(final HttpServletRequest request, final HttpServletResponse response) throws Exception { + ensureEndpointAccessIsAuthorized(request, response); + final Map responseMap = new HashMap<>(); final Map loggers = getActiveLoggersInFactory(); responseMap.put("activeLoggers", loggers.values()); @@ -130,6 +137,7 @@ public Map getActiveLoggers(final HttpServletRequest request, fi @GetMapping(value = "/getConfiguration") @ResponseBody public Map getConfiguration(final HttpServletRequest request, final HttpServletResponse response) throws Exception { + ensureEndpointAccessIsAuthorized(request, response); final Collection> configuredLoggers = new HashSet<>(); getLoggerConfigurations().forEach(config -> { @@ -222,8 +230,9 @@ public void updateLoggerLevel(@RequestParam final String loggerName, @RequestParam final String loggerLevel, @RequestParam(defaultValue = "false") final boolean additive, final HttpServletRequest request, - final HttpServletResponse response) - throws Exception { + final HttpServletResponse response) throws Exception { + + ensureEndpointAccessIsAuthorized(request, response); final Collection loggerConfigs = getLoggerConfigurations(); loggerConfigs.stream(). @@ -246,6 +255,7 @@ public void updateLoggerLevel(@RequestParam final String loggerName, @GetMapping(value = "/getAuditLog") @ResponseBody public Set getAuditLog(final HttpServletRequest request, final HttpServletResponse response) throws Exception { + ensureEndpointAccessIsAuthorized(request, response); return this.auditTrailManager.get(); } } diff --git a/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/MetricsController.java b/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/MetricsController.java index 8499253d0912..eed308f1558e 100644 --- a/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/MetricsController.java +++ b/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/MetricsController.java @@ -5,7 +5,6 @@ import org.apereo.cas.configuration.CasConfigurationProperties; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; -import org.springframework.boot.actuate.endpoint.mvc.AbstractNamedMvcEndpoint; import org.springframework.context.ApplicationContext; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.context.WebApplicationContext; @@ -47,6 +46,7 @@ public MetricsController(final CasConfigurationProperties casProperties) { */ @GetMapping public void handle(final HttpServletRequest request, final HttpServletResponse response) throws Exception { + ensureEndpointAccessIsAuthorized(request, response); final MetricsServlet servlet = new MetricsServlet(this.metrics); servlet.init(new DelegatingServletConfig()); servlet.service(request, response); diff --git a/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/PersonDirectoryAttributeResolutionController.java b/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/PersonDirectoryAttributeResolutionController.java index 07bc1a2306ed..3096b9653776 100644 --- a/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/PersonDirectoryAttributeResolutionController.java +++ b/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/PersonDirectoryAttributeResolutionController.java @@ -6,7 +6,6 @@ import org.apereo.cas.configuration.CasConfigurationProperties; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; -import org.springframework.boot.actuate.endpoint.mvc.AbstractNamedMvcEndpoint; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; @@ -25,7 +24,7 @@ * @since 5.0.0 */ public class PersonDirectoryAttributeResolutionController extends BaseCasMvcEndpoint { - + @Autowired @Qualifier("personDirectoryPrincipalResolver") private PrincipalResolver personDirectoryPrincipalResolver; @@ -45,20 +44,25 @@ public PersonDirectoryAttributeResolutionController(final CasConfigurationProper @GetMapping protected ModelAndView handleRequestInternal(final HttpServletRequest request, final HttpServletResponse response) throws Exception { + ensureEndpointAccessIsAuthorized(request, response); return new ModelAndView("monitoring/attrresolution"); } /** * Resolve principal attributes map. * - * @param uid the uid - * @param request the request + * @param uid the uid + * @param request the request + * @param response the response * @return the map * @throws Exception the exception */ @PostMapping(value = "/resolveattrs") @ResponseBody - public Map resolvePrincipalAttributes(@RequestParam final String uid, final HttpServletRequest request) throws Exception { + public Map resolvePrincipalAttributes(@RequestParam final String uid, + final HttpServletRequest request, + final HttpServletResponse response) throws Exception { + ensureEndpointAccessIsAuthorized(request, response); final Principal p = personDirectoryPrincipalResolver.resolve(new BasicIdentifiableCredential(uid)); final Map map = new LinkedHashMap<>(); map.put("uid", p.getId()); diff --git a/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/SingleSignOnSessionStatusController.java b/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/SingleSignOnSessionStatusController.java index d04d7fddec52..671649763bec 100644 --- a/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/SingleSignOnSessionStatusController.java +++ b/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/SingleSignOnSessionStatusController.java @@ -6,7 +6,6 @@ import org.apereo.cas.configuration.CasConfigurationProperties; import org.apereo.cas.ticket.registry.TicketRegistrySupport; import org.apereo.cas.web.support.CookieRetrievingCookieGenerator; -import org.springframework.boot.actuate.endpoint.mvc.AbstractNamedMvcEndpoint; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.web.bind.annotation.GetMapping; @@ -42,8 +41,9 @@ public SingleSignOnSessionStatusController(final CookieRetrievingCookieGenerator */ @GetMapping(produces = MediaType.TEXT_PLAIN_VALUE) @ResponseBody - public String getStatus(final HttpServletRequest request, - final HttpServletResponse response) { + public String getStatus(final HttpServletRequest request, final HttpServletResponse response) { + ensureEndpointAccessIsAuthorized(request, response); + final String tgtId = this.ticketGrantingTicketCookieGenerator.retrieveCookieValue(request); if (StringUtils.isBlank(tgtId)) { response.setStatus(HttpStatus.GONE.value()); diff --git a/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/SingleSignOnSessionsReportController.java b/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/SingleSignOnSessionsReportController.java index 45bf91d768e3..aac010fac08d 100644 --- a/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/SingleSignOnSessionsReportController.java +++ b/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/SingleSignOnSessionsReportController.java @@ -10,8 +10,6 @@ import org.apereo.cas.util.ISOStandardDateFormat; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.actuate.endpoint.mvc.AbstractNamedMvcEndpoint; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestParam; @@ -19,6 +17,7 @@ import org.springframework.web.context.request.async.WebAsyncTask; import org.springframework.web.servlet.ModelAndView; +import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.util.ArrayList; import java.util.Collection; @@ -41,7 +40,7 @@ public class SingleSignOnSessionsReportController extends BaseCasMvcEndpoint { private static final String STATUS = "status"; private static final String TICKET_GRANTING_TICKET = "ticketGrantingTicket"; private static final Logger LOGGER = LoggerFactory.getLogger(SingleSignOnSessionsReportController.class); - + private CasConfigurationProperties casProperties; private enum SsoSessionReportOptions { @@ -160,12 +159,17 @@ private Collection getNonExpiredTicketGrantingTickets() { /** * Endpoint for getting SSO Sessions in JSON format. * - * @param type the type + * @param type the type + * @param request the request + * @param response the response * @return the sso sessions */ @GetMapping(value = "/getSsoSessions") @ResponseBody - public WebAsyncTask> getSsoSessions(@RequestParam(defaultValue = "ALL") final String type) { + public WebAsyncTask> getSsoSessions(@RequestParam(defaultValue = "ALL") final String type, + final HttpServletRequest request, + final HttpServletResponse response) { + ensureEndpointAccessIsAuthorized(request, response); final Callable> asyncTask = () -> { final Map sessionsMap = new HashMap<>(1); @@ -214,11 +218,17 @@ public WebAsyncTask> getSsoSessions(@RequestParam(defaultVal * Endpoint for destroying a single SSO Session. * * @param ticketGrantingTicket the ticket granting ticket + * @param request the request + * @param response the response * @return result map */ @PostMapping(value = "/destroySsoSession") @ResponseBody - public Map destroySsoSession(@RequestParam final String ticketGrantingTicket) { + public Map destroySsoSession(@RequestParam final String ticketGrantingTicket, + final HttpServletRequest request, + final HttpServletResponse response) { + ensureEndpointAccessIsAuthorized(request, response); + final Map sessionsMap = new HashMap<>(1); try { this.centralAuthenticationService.destroyTicketGrantingTicket(ticketGrantingTicket); @@ -236,12 +246,18 @@ public Map destroySsoSession(@RequestParam final String ticketGr /** * Endpoint for destroying SSO Sessions. * - * @param type the type + * @param type the type + * @param request the request + * @param response the response * @return result map */ @PostMapping(value = "/destroySsoSessions") @ResponseBody - public Map destroySsoSessions(@RequestParam(defaultValue = "ALL") final String type) { + public Map destroySsoSessions(@RequestParam(defaultValue = "ALL") final String type, + final HttpServletRequest request, + final HttpServletResponse response) { + ensureEndpointAccessIsAuthorized(request, response); + final Map sessionsMap = new HashMap<>(); final Map failedTickets = new HashMap<>(); @@ -268,11 +284,16 @@ public Map destroySsoSessions(@RequestParam(defaultValue = "ALL" /** * Show sso sessions. * + * @param request the request + * @param response the response * @return the model and view where json data will be rendered * @throws Exception thrown during json processing */ @GetMapping - public ModelAndView showSsoSessions() throws Exception { + public ModelAndView showSsoSessions(final HttpServletRequest request, + final HttpServletResponse response) throws Exception { + ensureEndpointAccessIsAuthorized(request, response); + return new ModelAndView(VIEW_SSO_SESSIONS); } } diff --git a/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/StatisticsController.java b/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/StatisticsController.java index bdd94e35940b..9bc013a28c9c 100644 --- a/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/StatisticsController.java +++ b/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/StatisticsController.java @@ -53,14 +53,16 @@ public StatisticsController(final CentralAuthenticationService centralAuthentica /** * Gets availability times of the server. * - * @param httpServletRequest the http servlet request - * @param httpServletResponse the http servlet response + * @param request the http servlet request + * @param response the http servlet response * @return the availability */ @GetMapping(value = "/getAvailability") @ResponseBody - public Map getAvailability(final HttpServletRequest httpServletRequest, - final HttpServletResponse httpServletResponse) { + public Map getAvailability(final HttpServletRequest request, + final HttpServletResponse response) { + ensureEndpointAccessIsAuthorized(request, response); + final Map model = new HashMap<>(); final Duration diff = Duration.between(this.upTimeStartDate, ZonedDateTime.now(ZoneOffset.UTC)); model.put("upTime", diff.getSeconds()); @@ -70,14 +72,16 @@ public Map getAvailability(final HttpServletRequest httpServletR /** * Gets memory stats. * - * @param httpServletRequest the http servlet request - * @param httpServletResponse the http servlet response + * @param request the http servlet request + * @param response the http servlet response * @return the memory stats */ @GetMapping(value = "/getMemStats") @ResponseBody - public Map getMemoryStats(final HttpServletRequest httpServletRequest, - final HttpServletResponse httpServletResponse) { + public Map getMemoryStats(final HttpServletRequest request, + final HttpServletResponse response) { + ensureEndpointAccessIsAuthorized(request, response); + final Map model = new HashMap<>(); model.put("totalMemory", convertToMegaBytes(Runtime.getRuntime().totalMemory())); model.put("maxMemory", convertToMegaBytes(Runtime.getRuntime().maxMemory())); @@ -88,14 +92,16 @@ public Map getMemoryStats(final HttpServletRequest httpServletRe /** * Gets ticket stats. * - * @param httpServletRequest the http servlet request - * @param httpServletResponse the http servlet response + * @param request the http servlet request + * @param response the http servlet response * @return the ticket stats */ @GetMapping(value = "/getTicketStats") @ResponseBody - public Map getTicketStats(final HttpServletRequest httpServletRequest, - final HttpServletResponse httpServletResponse) { + public Map getTicketStats(final HttpServletRequest request, + final HttpServletResponse response) { + ensureEndpointAccessIsAuthorized(request, response); + final Map model = new HashMap<>(); int unexpiredTgts = 0; @@ -140,6 +146,8 @@ public Map getTicketStats(final HttpServletRequest httpServletRe @GetMapping protected ModelAndView handleRequestInternal(final HttpServletRequest httpServletRequest, final HttpServletResponse httpServletResponse) throws Exception { + ensureEndpointAccessIsAuthorized(httpServletRequest, httpServletResponse); + final ModelAndView modelAndView = new ModelAndView(MONITORING_VIEW_STATISTICS); modelAndView.addObject("pageTitle", modelAndView.getViewName()); modelAndView.addObject("availableProcessors", Runtime.getRuntime().availableProcessors()); diff --git a/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/TrustedDevicesController.java b/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/TrustedDevicesController.java index c72700974949..80c0072bdd58 100644 --- a/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/TrustedDevicesController.java +++ b/support/cas-server-support-reports/src/main/java/org/apereo/cas/web/report/TrustedDevicesController.java @@ -1,6 +1,7 @@ package org.apereo.cas.web.report; import org.apereo.cas.configuration.CasConfigurationProperties; +import org.apereo.cas.configuration.model.support.mfa.MultifactorAuthenticationProperties; import org.apereo.cas.trusted.authentication.api.MultifactorAuthenticationTrustRecord; import org.apereo.cas.trusted.authentication.api.MultifactorAuthenticationTrustStorage; import org.apereo.cas.util.DateTimeUtils; @@ -47,20 +48,28 @@ public TrustedDevicesController(final MultifactorAuthenticationTrustStorage mfaT @GetMapping protected ModelAndView handleRequestInternal(final HttpServletRequest request, final HttpServletResponse response) throws Exception { + ensureEndpointAccessIsAuthorized(request, response); + return new ModelAndView("monitoring/viewTrustedDevices"); } /** * Gets records. * + * @param request the request + * @param response the response * @return the records * @throws Exception the exception */ @GetMapping(value = "/getRecords") @ResponseBody - public Set getRecords() throws Exception { - final LocalDate onOrAfter = LocalDate.now().minus(casProperties.getAuthn().getMfa().getTrusted().getExpiration(), - DateTimeUtils.toChronoUnit(casProperties.getAuthn().getMfa().getTrusted().getTimeUnit())); + public Set getRecords(final HttpServletRequest request, + final HttpServletResponse response) throws Exception { + ensureEndpointAccessIsAuthorized(request, response); + + final MultifactorAuthenticationProperties.Trusted trusted = casProperties.getAuthn().getMfa().getTrusted(); + final LocalDate onOrAfter = LocalDate.now().minus(trusted.getExpiration(), DateTimeUtils.toChronoUnit(trusted.getTimeUnit())); + this.mfaTrustEngine.expire(onOrAfter); return this.mfaTrustEngine.get(onOrAfter); } @@ -68,14 +77,18 @@ public Set getRecords() throws Exception { /** * Revoke record. * - * @param key the key - * @param request the request + * @param key the key + * @param request the request + * @param response the response * @return the integer * @throws Exception the exception */ @PostMapping(value = "/revokeRecord") @ResponseBody - public Integer revokeRecord(@RequestParam final String key, final HttpServletRequest request) throws Exception { + public Integer revokeRecord(@RequestParam final String key, final HttpServletRequest request, + final HttpServletResponse response) throws Exception { + ensureEndpointAccessIsAuthorized(request, response); + this.mfaTrustEngine.expire(key); return HttpStatus.OK.value(); }