Move IdentityZone model into the payload JAR

[#107504490] https://www.pivotaltracker.com/story/show/107504490

common/src/main/java/org/cloudfoundry/identity/uaa/authentication/Origin.java

@@ -21,15 +21,6 @@
 
 public class Origin {
 
-    public static final String ORIGIN = "origin";
-    public static final String UAA = "uaa";
-    public static final String LOGIN_SERVER = "login-server";
-    public static final String LDAP = "ldap";
-    public static final String KEYSTONE = "keystone";
-    public static final String SAML = "saml";
-    public static final String NotANumber = "NaN";
-    public static final String UNKNOWN = "unknown";
-
     public static String getUserId(Authentication authentication) {
         String id;
         if (authentication.getPrincipal() instanceof UaaPrincipal) {

common/src/main/java/org/cloudfoundry/identity/uaa/authentication/SessionResetFilter.java

@@ -17,6 +17,7 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.cloudfoundry.identity.uaa.constants.OriginKeys;
 import org.cloudfoundry.identity.uaa.user.UaaUser;
 import org.cloudfoundry.identity.uaa.user.UaaUserDatabase;
 import org.springframework.security.core.context.SecurityContext;
@@ -57,7 +58,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
         if (context!=null && context.getAuthentication()!=null && context.getAuthentication() instanceof UaaAuthentication) {
             UaaAuthentication authentication = (UaaAuthentication)context.getAuthentication();
             if (authentication.isAuthenticated() &&
-                Origin.UAA.equals(authentication.getPrincipal().getOrigin()) &&
+                OriginKeys.UAA.equals(authentication.getPrincipal().getOrigin()) &&
                 null != request.getSession(false)) {
 
                 boolean redirect = false;

common/src/main/java/org/cloudfoundry/identity/uaa/authentication/login/LoginInfoEndpoint.java

@@ -13,13 +13,13 @@
 package org.cloudfoundry.identity.uaa.authentication.login;
 
 import org.cloudfoundry.identity.uaa.authentication.AuthzAuthenticationRequest;
-import org.cloudfoundry.identity.uaa.authentication.Origin;
 import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication;
 import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
 import org.cloudfoundry.identity.uaa.client.ClientConstants;
 import org.cloudfoundry.identity.uaa.codestore.ExpiringCode;
 import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore;
 import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeType;
+import org.cloudfoundry.identity.uaa.constants.OriginKeys;
 import org.cloudfoundry.identity.uaa.login.AutologinRequest;
 import org.cloudfoundry.identity.uaa.login.AutologinResponse;
 import org.cloudfoundry.identity.uaa.login.PasscodeInformation;
@@ -81,7 +81,7 @@
 @Controller
 public class LoginInfoEndpoint {
 
-    public static final String NotANumber = Origin.NotANumber;
+    public static final String NotANumber = OriginKeys.NotANumber;
     public static final String CREATE_ACCOUNT_LINK = "createAccountLink";
     public static final String FORGOT_PASSWORD_LINK = "forgotPasswordLink";
     public static final String LINK_CREATE_ACCOUNT_SHOW = "linkCreateAccountShow";
@@ -226,9 +226,9 @@ private String login(Model model, Principal principal, List<String> excludedProm
         boolean fieldUsernameShow = true;
 
         if (allowedIdps==null ||
-            allowedIdps.contains(Origin.LDAP) ||
-            allowedIdps.contains(Origin.UAA) ||
-            allowedIdps.contains(Origin.KEYSTONE)) {
+            allowedIdps.contains(OriginKeys.LDAP) ||
+            allowedIdps.contains(OriginKeys.UAA) ||
+            allowedIdps.contains(OriginKeys.KEYSTONE)) {
             fieldUsernameShow = true;
         } else if (idps!=null && idps.size()==1) {
             String url = SamlRedirectUtils.getIdpRedirectUrl(idps.get(0), entityID);
@@ -237,7 +237,7 @@ private String login(Model model, Principal principal, List<String> excludedProm
             fieldUsernameShow = false;
         }
         boolean linkCreateAccountShow = fieldUsernameShow;
-        if (fieldUsernameShow && (allowedIdps!=null && !allowedIdps.contains(Origin.UAA))) {
+        if (fieldUsernameShow && (allowedIdps!=null && !allowedIdps.contains(OriginKeys.UAA))) {
             linkCreateAccountShow = false;
         }
         String zonifiedEntityID = getZonifiedEntityId();
@@ -378,7 +378,7 @@ public AutologinResponse generateAutologinCode(@RequestBody AutologinRequest req
             UaaPrincipal p = (UaaPrincipal)userAuthentication.getPrincipal();
             if (p!=null) {
                 codeData.put("user_id", p.getId());
-                codeData.put(Origin.ORIGIN, p.getOrigin());
+                codeData.put(OriginKeys.ORIGIN, p.getOrigin());
             }
         }
         ExpiringCode expiringCode = expiringCodeStore.generateCode(JsonUtils.writeValueAsString(codeData), new Timestamp(System.currentTimeMillis() + 5 * 60 * 1000));
@@ -442,11 +442,11 @@ protected ExpiringCode doGenerateCode(Object o) throws IOException {
 
     protected Map<String, ?> getLinksInfo() {
         Map<String, Object> model = new HashMap<>();
-        model.put(Origin.UAA, getUaaBaseUrl());
+        model.put(OriginKeys.UAA, getUaaBaseUrl());
         if (getBaseUrl().contains("localhost:")) {
             model.put("login", getUaaBaseUrl());
         } else {
-            model.put("login", getUaaBaseUrl().replaceAll(Origin.UAA, "login"));
+            model.put("login", getUaaBaseUrl().replaceAll(OriginKeys.UAA, "login"));
         }
         if (selfServiceLinksEnabled && !disableInternalUserManagement) {
             model.put(CREATE_ACCOUNT_LINK, "/create_account");

common/src/main/java/org/cloudfoundry/identity/uaa/authentication/login/RemoteAuthenticationEndpoint.java

@@ -22,9 +22,9 @@
 import org.apache.commons.logging.LogFactory;
 import org.cloudfoundry.identity.uaa.authentication.AccountNotVerifiedException;
 import org.cloudfoundry.identity.uaa.authentication.AuthzAuthenticationRequest;
-import org.cloudfoundry.identity.uaa.authentication.Origin;
 import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails;
 import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
+import org.cloudfoundry.identity.uaa.constants.OriginKeys;
 import org.springframework.http.HttpEntity;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
@@ -100,7 +100,7 @@ public HttpEntity<Map<String, String>> authenticate(HttpServletRequest request,
     @ResponseBody
     public HttpEntity<Map<String, String>> authenticate(HttpServletRequest request,
                                                         @RequestParam(value = "username", required = true) String username,
-                                                        @RequestParam(value = Origin.ORIGIN, required = true) String origin,
+                                                        @RequestParam(value = OriginKeys.ORIGIN, required = true) String origin,
                                                         @RequestParam(value = "email", required = false) String email) {
         Map<String, String> responseBody = new HashMap<>();
         HttpStatus status = HttpStatus.UNAUTHORIZED;
@@ -112,7 +112,7 @@ public HttpEntity<Map<String, String>> authenticate(HttpServletRequest request,
 
         Map<String, String> userInfo = new HashMap<>();
         userInfo.put("username", username);
-        userInfo.put(Origin.ORIGIN, origin);
+        userInfo.put(OriginKeys.ORIGIN, origin);
         if (StringUtils.hasText(email)) {
             userInfo.put("email", email);
         }
@@ -138,7 +138,7 @@ private void processAdditionalInformation(Map<String, String> responseBody, Auth
         if (hasClientOauth2Authentication()) {
             UaaPrincipal principal = getPrincipal(a);
             if (principal!=null) {
-                responseBody.put(Origin.ORIGIN, principal.getOrigin());
+                responseBody.put(OriginKeys.ORIGIN, principal.getOrigin());
                 responseBody.put("user_id", principal.getId());
             }
         }

common/src/main/java/org/cloudfoundry/identity/uaa/authentication/manager/AuthzAuthenticationManager.java

@@ -16,7 +16,6 @@
 import org.apache.commons.logging.LogFactory;
 import org.cloudfoundry.identity.uaa.authentication.AccountNotVerifiedException;
 import org.cloudfoundry.identity.uaa.authentication.AuthenticationPolicyRejectionException;
-import org.cloudfoundry.identity.uaa.authentication.Origin;
 import org.cloudfoundry.identity.uaa.authentication.PasswordExpiredException;
 import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication;
 import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails;
@@ -25,6 +24,7 @@
 import org.cloudfoundry.identity.uaa.authentication.event.UserAuthenticationFailureEvent;
 import org.cloudfoundry.identity.uaa.authentication.event.UserAuthenticationSuccessEvent;
 import org.cloudfoundry.identity.uaa.authentication.event.UserNotFoundEvent;
+import org.cloudfoundry.identity.uaa.constants.OriginKeys;
 import org.cloudfoundry.identity.uaa.user.UaaUser;
 import org.cloudfoundry.identity.uaa.user.UaaUserDatabase;
 import org.cloudfoundry.identity.uaa.util.ObjectUtils;
@@ -163,7 +163,7 @@ public Authentication authenticate(Authentication req) throws AuthenticationExce
 
     protected int getPasswordExpiresInMonths() {
         int result = 0;
-        IdentityProvider provider = providerProvisioning.retrieveByOrigin(Origin.UAA, IdentityZoneHolder.get().getId());
+        IdentityProvider provider = providerProvisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZoneHolder.get().getId());
         if (provider!=null) {
             UaaIdentityProviderDefinition idpDefinition = ObjectUtils.castInstance(provider.getConfig(),UaaIdentityProviderDefinition.class);
             if (idpDefinition!=null) {

common/src/main/java/org/cloudfoundry/identity/uaa/authentication/manager/LoginAuthenticationManager.java

@@ -15,11 +15,11 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.cloudfoundry.identity.uaa.authentication.AuthzAuthenticationRequest;
-import org.cloudfoundry.identity.uaa.authentication.Origin;
 import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication;
 import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails;
 import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
 import org.cloudfoundry.identity.uaa.authentication.event.UserAuthenticationSuccessEvent;
+import org.cloudfoundry.identity.uaa.constants.OriginKeys;
 import org.cloudfoundry.identity.uaa.user.UaaAuthority;
 import org.cloudfoundry.identity.uaa.user.UaaUser;
 import org.cloudfoundry.identity.uaa.user.UaaUserDatabase;
@@ -41,7 +41,7 @@
 import java.util.Map;
 
 public class LoginAuthenticationManager implements AuthenticationManager, ApplicationEventPublisherAware {
-    public static final String NotANumber = Origin.NotANumber;
+    public static final String NotANumber = OriginKeys.NotANumber;
 
     private final Log logger = LogFactory.getLog(getClass());
 
@@ -127,7 +127,7 @@ protected UaaUser getUser(AuthzAuthenticationRequest req, Map<String, String> in
         String name = req.getName();
         String email = info.get("email");
         String userId = info.get("user_id")!=null?info.get("user_id"):NotANumber;
-        String origin = info.get(Origin.ORIGIN)!=null?info.get(Origin.ORIGIN):Origin.LOGIN_SERVER;
+        String origin = info.get(OriginKeys.ORIGIN)!=null?info.get(OriginKeys.ORIGIN): OriginKeys.LOGIN_SERVER;
 
         if (name == null && email != null) {
             name = email;

common/src/main/java/org/cloudfoundry/identity/uaa/authentication/manager/PeriodLockoutPolicy.java

@@ -17,8 +17,8 @@
 import org.cloudfoundry.identity.uaa.audit.AuditEvent;
 import org.cloudfoundry.identity.uaa.audit.AuditEventType;
 import org.cloudfoundry.identity.uaa.audit.UaaAuditService;
-import org.cloudfoundry.identity.uaa.authentication.Origin;
 import org.cloudfoundry.identity.uaa.config.LockoutPolicy;
+import org.cloudfoundry.identity.uaa.constants.OriginKeys;
 import org.cloudfoundry.identity.uaa.user.UaaUser;
 import org.cloudfoundry.identity.uaa.util.ObjectUtils;
 import org.cloudfoundry.identity.uaa.zone.IdentityProvider;
@@ -107,7 +107,7 @@ public void setLockoutPolicy(LockoutPolicy lockoutPolicy) {
     }
 
     private LockoutPolicy getLockoutPolicyFromDb() {
-        IdentityProvider idp = providerProvisioning.retrieveByOrigin(Origin.UAA, IdentityZoneHolder.get().getId());
+        IdentityProvider idp = providerProvisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZoneHolder.get().getId());
         UaaIdentityProviderDefinition idpDefinition = ObjectUtils.castInstance(idp.getConfig(),UaaIdentityProviderDefinition.class);
         if (idpDefinition != null && idpDefinition.getLockoutPolicy() !=null ) {
             return idpDefinition.getLockoutPolicy();

common/src/main/java/org/cloudfoundry/identity/uaa/config/IdentityProviderBootstrap.java

@@ -13,6 +13,7 @@
 package org.cloudfoundry.identity.uaa.config;
 
 
+import org.cloudfoundry.identity.uaa.constants.OriginKeys;
 import org.cloudfoundry.identity.uaa.AbstractIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.KeystoneIdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.authentication.Origin;
@@ -71,7 +72,7 @@ protected void addSamlProviders() {
         }
         for (SamlIdentityProviderDefinition def : configurator.getIdentityProviderDefinitions()) {
             IdentityProvider provider = new IdentityProvider();
-            provider.setType(Origin.SAML);
+            provider.setType(OriginKeys.SAML);
             provider.setOriginKey(def.getIdpEntityAlias());
             provider.setName("UAA SAML Identity Provider["+provider.getOriginKey()+"]");
             provider.setActive(true);
@@ -89,12 +90,12 @@ public void setLdapConfig(HashMap<String, Object> ldapConfig) {
     }
 
     protected void addLdapProvider() {
-        boolean ldapProfile = Arrays.asList(environment.getActiveProfiles()).contains(Origin.LDAP);
+        boolean ldapProfile = Arrays.asList(environment.getActiveProfiles()).contains(OriginKeys.LDAP);
         if (ldapConfig != null || ldapProfile) {
             IdentityProvider provider = new IdentityProvider();
             provider.setActive(ldapProfile);
-            provider.setOriginKey(Origin.LDAP);
-            provider.setType(Origin.LDAP);
+            provider.setOriginKey(OriginKeys.LDAP);
+            provider.setType(OriginKeys.LDAP);
             provider.setName("UAA LDAP Provider");
             Map<String,Object> ldap = new HashMap<>();
             ldap.put(LDAP, ldapConfig);
@@ -144,12 +145,12 @@ protected AbstractIdentityProviderDefinition getKeystoneDefinition(Map<String, O
     }
 
     protected void addKeystoneProvider() {
-        boolean keystoneProfile = Arrays.asList(environment.getActiveProfiles()).contains(Origin.KEYSTONE);
+        boolean keystoneProfile = Arrays.asList(environment.getActiveProfiles()).contains(OriginKeys.KEYSTONE);
         if (keystoneConfig != null || keystoneProfile) {
             boolean active = keystoneProfile && keystoneConfig!=null;
             IdentityProvider provider = new IdentityProvider();
-            provider.setOriginKey(Origin.KEYSTONE);
-            provider.setType(Origin.KEYSTONE);
+            provider.setOriginKey(OriginKeys.KEYSTONE);
+            provider.setType(OriginKeys.KEYSTONE);
             provider.setName("UAA Keystone Provider");
             provider.setActive(active);
             provider.setConfig(getKeystoneDefinition(keystoneConfig));
@@ -192,9 +193,9 @@ public void afterPropertiesSet() throws Exception {
 
     private void deactivateUnusedProviders(String zoneId) {
         for (IdentityProvider provider: provisioning.retrieveAll(false, zoneId)) {
-            if (Origin.SAML.equals(provider.getType()) ||
-                Origin.LDAP.equals(provider.getType()) ||
-                Origin.KEYSTONE.equals(provider.getType())) {
+            if (OriginKeys.SAML.equals(provider.getType()) ||
+                OriginKeys.LDAP.equals(provider.getType()) ||
+                OriginKeys.KEYSTONE.equals(provider.getType())) {
                 if (!isAmongProviders(provider.getOriginKey())) {
                     provider.setActive(false);
                     provisioning.update(provider);
@@ -204,7 +205,7 @@ private void deactivateUnusedProviders(String zoneId) {
     }
 
     protected void updateDefaultZoneUaaIDP() throws JSONException {
-        IdentityProvider internalIDP = provisioning.retrieveByOrigin(Origin.UAA, IdentityZone.getUaa().getId());
+        IdentityProvider internalIDP = provisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZone.getUaa().getId());
         UaaIdentityProviderDefinition identityProviderDefinition = new UaaIdentityProviderDefinition(defaultPasswordPolicy, defaultLockoutPolicy, disableInternalUserManagement);
         internalIDP.setConfig(identityProviderDefinition);
         String disableInternalAuth = environment.getProperty("disableInternalAuth");

common/src/main/java/org/cloudfoundry/identity/uaa/db/BootstrapIdentityZones.java

@@ -1,6 +1,6 @@
 package org.cloudfoundry.identity.uaa.db;
 
-import org.cloudfoundry.identity.uaa.authentication.Origin;
+import org.cloudfoundry.identity.uaa.constants.OriginKeys;
 import org.cloudfoundry.identity.uaa.zone.IdentityZone;
 import org.flywaydb.core.api.migration.spring.SpringJdbcMigration;
 import org.springframework.jdbc.core.JdbcTemplate;
@@ -23,7 +23,7 @@ public void migrate(JdbcTemplate jdbcTemplate) throws Exception {
         jdbcTemplate.update("insert into identity_zone VALUES (?,?,?,?,?,?,?)", uaa.getId(),t,t,uaa.getVersion(),uaa.getSubdomain(),uaa.getName(),uaa.getDescription());
         Map<String,String> originMap = new HashMap<String, String>();
         Set<String> origins = new LinkedHashSet<String>();
-        origins.addAll(Arrays.asList(new String[] {Origin.UAA,Origin.LOGIN_SERVER,Origin.LDAP,Origin.KEYSTONE}));
+        origins.addAll(Arrays.asList(new String[] {OriginKeys.UAA, OriginKeys.LOGIN_SERVER, OriginKeys.LDAP, OriginKeys.KEYSTONE}));
         origins.addAll(jdbcTemplate.queryForList("SELECT DISTINCT origin from users", String.class));
         for (String origin : origins) {
             String identityProviderId = UUID.randomUUID().toString();
@@ -33,7 +33,7 @@ public void migrate(JdbcTemplate jdbcTemplate) throws Exception {
         jdbcTemplate.update("update oauth_client_details set identity_zone_id = ?",uaa.getId());
         List<String> clientIds = jdbcTemplate.queryForList("SELECT client_id from oauth_client_details", String.class);
         for (String clientId : clientIds) {
-            jdbcTemplate.update("insert into client_idp values (?,?) ",clientId,originMap.get(Origin.UAA));
+            jdbcTemplate.update("insert into client_idp values (?,?) ",clientId,originMap.get(OriginKeys.UAA));
         }
         jdbcTemplate.update("update users set identity_provider_id = (select id from identity_provider where identity_provider.origin_key = users.origin), identity_zone_id = (select identity_zone_id from identity_provider where identity_provider.origin_key = users.origin);");
         jdbcTemplate.update("update group_membership set identity_provider_id = (select id from identity_provider where identity_provider.origin_key = group_membership.origin);");

common/src/main/java/org/cloudfoundry/identity/uaa/login/PasscodeAuthenticationFilter.java

@@ -32,12 +32,10 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.cloudfoundry.identity.uaa.authentication.BackwardsCompatibleTokenEndpointAuthenticationFilter;
-import org.cloudfoundry.identity.uaa.authentication.Origin;
 import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
-import org.cloudfoundry.identity.uaa.client.SocialClientUserDetails;
 import org.cloudfoundry.identity.uaa.codestore.ExpiringCode;
 import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore;
-import org.cloudfoundry.identity.uaa.user.UaaAuthority;
+import org.cloudfoundry.identity.uaa.constants.OriginKeys;
 import org.cloudfoundry.identity.uaa.user.UaaUser;
 import org.cloudfoundry.identity.uaa.user.UaaUserDatabase;
 import org.cloudfoundry.identity.uaa.util.JsonUtils;
@@ -224,7 +222,7 @@ public Authentication authenticate(Authentication authentication) throws Authent
                 PasscodeHttpServletRequest pcRequest = (PasscodeHttpServletRequest)expiringCodeAuthentication.getRequest();
                 //pcRequest.addParameter("user_id", new String[] {pi.getUserId()});
                 pcRequest.addParameter("username", new String[] {pi.getUsername()});
-                pcRequest.addParameter(Origin.ORIGIN, new String[] {pi.getOrigin()});
+                pcRequest.addParameter(OriginKeys.ORIGIN, new String[] {pi.getOrigin()});
 
                 return result;
             }
@@ -282,4 +280,4 @@ public void destroy() {
     public void setParameterNames(List<String> parameterNames) {
         this.parameterNames = parameterNames;
     }
-}
+}