Some housekeeping:

* Fix README for spring profiles
* Remove unused methods in ServerRunning
* Fix an integration test
* Remove unnecessary sec: jsp elements
* Use new method in SECOAUTH - test proxy config on Jenkins

Change-Id: I7d3144e6c9f89218f33e59ccef12b92e0da65695

README.md

@@ -130,30 +130,32 @@ pre-populated with some test users: e.g. `dale` has password
 `password` and `marissa` has password `koala`.
 
 To use a RDBMS for user data activate the Spring profiles `jdbc` and
-one of `hsqldb` or `postgresql`.  The `hsqldb` profile will start up
-with an in-memory RDBMS by default.  Warning: the database will start
-empty, so no users can log in until the first account is created.
+one of `hsqldb` or `postgresql`.  The opposite is `!jdbc` which needs
+to be specified explicitly if any other profiles are active.  The
+`hsqldb` profile will start up with an in-memory RDBMS by default.
+Warning: the database will start empty, so no users can log in until
+the first account is created.
 
 The active profiles can be configured by passing the
 `spring.profiles.active` parameter to the JVM. For, example to run
 with an embedded HSQL database:
 
-     mvn -Dspring.profiles.active=default,jdbc tomcat:run
+     mvn -Dspring.profiles.active=jdbc,hsqldb,!private,!legacy tomcat:run
 
 Or to use PostgreSQL instead of HSQL:
 
-     mvn -Dspring.profiles.active=default,jdbc,postgresql tomcat:run
+     mvn -Dspring.profiles.active=jdbc,postgresql,!private,!legacy tomcat:run
 
-To launch in a microcloud type environment you need the SCIM user
+To bootstrap a microcloud type environment you need the SCIM user
 endpoints to be unsecure so that a user can create an account and set
 its password to bootstrap the system.  For this use the Spring profile
 `private`.  The opposite is `!private` which needs to be specified
-explicitly if the any other profiles are active.
+explicitly if any other profiles are active.
 
 To launch in legacy mode with the CF.com cloud controller as the
 authentication and token source use profile `legacy`.  The opposite is
-`!legacy` which needs to be specified explicitly if the any other
-profiles are active.
+`!legacy` which needs to be specified explicitly if any other profiles
+are active.
 
 ## The API Application
 

samples/api/src/main/java/org/cloudfoundry/identity/api/oauth/RemoteTokenServices.java

@@ -112,10 +112,6 @@ public OAuth2Authentication loadAuthentication(String accessToken) throws Authen
 			userAuthorities.addAll(getAuthorities(values));
 		}
 		String remoteClientId = (String) map.get("client_id");
-		String remoteClientSecret = null;
-		if (map.containsKey("clilent_secret")) {
-			remoteClientSecret = (String) map.get("client_secret");
-		}
 		AuthorizationRequest clientAuthentication = new AuthorizationRequest(remoteClientId, scope, clientAuthorities, resourceIds);
 		String username = (String) map.get("user_name");
 		Authentication userAuthentication = new UsernamePasswordAuthenticationToken(username, null, userAuthorities);

uaa/pom.xml

@@ -67,7 +67,7 @@
 			<!-- Use this profile in conjunction with 'integration' profile to run tests against a legacy mode server -->
 			<id>legacy</id>
 			<properties>
-				<spring.profiles.active>dev,!private,legacy</spring.profiles.active>
+				<spring.profiles.active>!jdbc,!private,legacy</spring.profiles.active>
 			</properties>
 			<build>
 				<pluginManagement>

uaa/src/main/java/org/cloudfoundry/identity/uaa/scim/InMemoryScimUserProvisioning.java

@@ -12,7 +12,6 @@
  */
 package org.cloudfoundry.identity.uaa.scim;
 
-import java.sql.Types;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Map;

uaa/src/main/java/org/cloudfoundry/identity/uaa/security/DefaultSecurityContextAccessor.java

@@ -30,7 +30,7 @@ public boolean isClient() {
 			throw new IllegalStateException("Must be an OAuth2Authentication to check if user is a client");
 		}
 
-		return ((OAuth2Authentication) a).getUserAuthentication() == null;
+		return ((OAuth2Authentication) a).isClientOnly();
 	}
 
 	@Override

uaa/src/main/webapp/WEB-INF/jsp/access_confirmation.jsp

@@ -65,13 +65,15 @@ img.gsc-branding-img,img.gsc-branding-img-noclear,img.gcsc-branding-img,img.gcsc
 	rel='stylesheet' type='text/css' />
 <script type="text/javascript" src="${baseUrl}/javascripts/jquery.js"></script>
 <script type="text/javascript">
-  (function(){
-    // force ssl if cf.com
-    var loc = window.location;
-    if (loc.hostname.indexOf('cloudfoundry.com') >= 0 && loc.protocol == "http:") {
-      window.location = "https://" + loc.host + loc.pathname + loc.search + loc.hash;
-    }
-  })();
+	(function() {
+		// force ssl if cf.com
+		var loc = window.location;
+		if (loc.hostname.indexOf('cloudfoundry.com') >= 0
+				&& loc.protocol == "http:") {
+			window.location = "https://" + loc.host + loc.pathname + loc.search
+					+ loc.hash;
+		}
+	})();
 </script>
 </head>
 <body id="micro">
@@ -129,29 +131,28 @@ img.gsc-branding-img,img.gsc-branding-img-noclear,img.gcsc-branding-img,img.gcsc
 								</div>
 							</c:if>
 
-							<sec:authorize ifAllGranted="ROLE_USER">
-								<h2>Please Confirm</h2>
+							<h2>Please Confirm</h2>
 
-								<p>Do you authorize ${client.clientId} to access your
-									protected resources in scope ${auth_request.scope}.</p>
+							<p>Do you authorize ${client.clientId} to access your
+								protected resources in scope ${auth_request.scope}.</p>
+
+							<form id="confirmationForm" name="confirmationForm"
+								action="${options.confirm.location}" method="POST">
+								<input name="${options.confirm.key}"
+									value="${options.confirm.value}" type="hidden" />
+								<div class="buttons">
+									<button type="submit">Authorize</button>
+								</div>
+							</form>
+							<form id="denialForm" name="denialForm"
+								action="${options.deny.location}" method="POST">
+								<input name="${options.deny.key}" value="${options.deny.value}"
+									type="hidden" />
+								<div class="buttons">
+									<button type="submit">Deny</button>
+								</div>
+							</form>
 
-								<form id="confirmationForm" name="confirmationForm"
-									action="${options.confirm.location}" method="POST">
-									<input name="${options.confirm.key}"
-										value="${options.confirm.value}" type="hidden" />
-									<div class="buttons">
-										<button type="submit">Authorize</button>
-									</div>
-								</form>
-								<form id="denialForm" name="denialForm"
-									action="${options.deny.location}" method="POST">
-									<input name="${options.deny.key}" value="${options.deny.value}"
-										type="hidden" />
-									<div class="buttons">
-										<button type="submit">Deny</button>
-									</div>
-								</form>
-							</sec:authorize>
 						</div>
 					</div>
 				</div>

uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ServerRunning.java

@@ -23,6 +23,7 @@
 import org.apache.commons.logging.LogFactory;
 import org.apache.http.client.HttpClient;
 import org.apache.http.client.params.ClientPNames;
+import org.apache.http.client.params.CookiePolicy;
 import org.junit.Assert;
 import org.junit.Assume;
 import org.junit.internal.AssumptionViolatedException;
@@ -35,15 +36,12 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
-import org.springframework.http.client.ClientHttpRequest;
 import org.springframework.http.client.ClientHttpResponse;
 import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
 import org.springframework.util.StringUtils;
-import org.springframework.web.client.RequestCallback;
 import org.springframework.web.client.ResponseErrorHandler;
-import org.springframework.web.client.ResponseExtractor;
 import org.springframework.web.client.RestClientException;
 import org.springframework.web.client.RestTemplate;
 import org.springframework.web.util.UriTemplate;
@@ -328,27 +326,6 @@ public ResponseEntity<Void> postForRedirect(String path, HttpHeaders headers, Mu
 		return client.exchange(location, HttpMethod.GET, new HttpEntity<Void>(null, headers), null);
 	}
 
-	public HttpStatus getStatusCode(String path, final HttpHeaders headers) {
-		RequestCallback requestCallback = new NullRequestCallback();
-		if (headers != null) {
-			requestCallback = new RequestCallback() {
-				public void doWithRequest(ClientHttpRequest request) throws IOException {
-					request.getHeaders().putAll(headers);
-				}
-			};
-		}
-		return client.execute(getUrl(path), HttpMethod.GET, requestCallback,
-				new ResponseExtractor<ResponseEntity<String>>() {
-					public ResponseEntity<String> extractData(ClientHttpResponse response) throws IOException {
-						return new ResponseEntity<String>(response.getStatusCode());
-					}
-				}).getStatusCode();
-	}
-
-	public HttpStatus getStatusCode(String path) {
-		return getStatusCode(getUrl(path), null);
-	}
-
 	public RestTemplate getRestTemplate() {
 		if (client == null) {
 			client = createRestTemplate();
@@ -367,6 +344,7 @@ public RestTemplate createRestTemplate() {
 			public HttpClient getHttpClient() {
 				HttpClient client = super.getHttpClient();
 				client.getParams().setBooleanParameter(ClientPNames.HANDLE_REDIRECTS, false);
+				client.getParams().setParameter(ClientPNames.COOKIE_POLICY, CookiePolicy.IGNORE_COOKIES);
 				return client;
 			}
 		});
@@ -386,11 +364,6 @@ public UriBuilder buildUri(String url) {
 		return UriBuilder.fromUri(url.startsWith("http:") ? url : getUrl(url));
 	}
 
-	private static final class NullRequestCallback implements RequestCallback {
-		public void doWithRequest(ClientHttpRequest request) throws IOException {
-		}
-	}
-
 	public static class UriBuilder {
 
 		private final String url;