Permalink
Browse files

Merge branch 'release/1.2.0'

Change-Id: I4e3513a4b76a67c4e08309536141ba21785d3282
  • Loading branch information...
2 parents c430116 + 817b38b commit 8d0ae84a800f976c07c0b37f6cddd69229396ce7 @joeldsa joeldsa committed Oct 1, 2012
Showing with 6,073 additions and 8,113 deletions.
  1. +2 −2 common/pom.xml
  2. +19 −2 common/src/main/java/org/cloudfoundry/identity/uaa/authentication/AuthzAuthenticationFilter.java
  3. +2 −2 common/src/main/java/org/cloudfoundry/identity/uaa/authentication/AuthzAuthenticationRequest.java
  4. +64 −26 ...rc/main/java/org/cloudfoundry/identity/uaa/authentication/manager/AuthzAuthenticationManager.java
  5. +23 −13 ...rc/main/java/org/cloudfoundry/identity/uaa/authentication/manager/LoginAuthenticationManager.java
  6. +5 −5 common/src/main/java/org/cloudfoundry/identity/uaa/config/HandlerAdapterFactoryBean.java
  7. +4 −0 common/src/main/java/org/cloudfoundry/identity/uaa/error/UaaException.java
  8. +0 −4 common/src/main/java/org/cloudfoundry/identity/uaa/integration/UaaTestAccounts.java
  9. +5 −2 common/src/main/java/org/cloudfoundry/identity/uaa/oauth/AccessController.java
  10. +20 −10 common/src/main/java/org/cloudfoundry/identity/uaa/oauth/ClientAdminEndpoints.java
  11. +60 −0 common/src/main/java/org/cloudfoundry/identity/uaa/oauth/ClientInfoEndpoint.java
  12. +6 −4 ...ception.java → common/src/main/java/org/cloudfoundry/identity/uaa/oauth/NoSuchTokenException.java
  13. +19 −21 common/src/main/java/org/cloudfoundry/identity/uaa/oauth/TokenAdminEndpoints.java
  14. +3 −2 common/src/main/java/org/cloudfoundry/identity/uaa/password/PasswordCheckEndpoint.java
  15. +3 −1 common/src/main/java/org/cloudfoundry/identity/uaa/password/PasswordScoreCalculator.java
  16. +4 −2 common/src/main/java/org/cloudfoundry/identity/uaa/password/ZxcvbnPasswordScoreCalculator.java
  17. +62 −0 common/src/main/java/org/cloudfoundry/identity/uaa/rest/SimpleMessage.java
  18. +16 −0 common/src/main/java/org/cloudfoundry/identity/uaa/scim/AttributeNameMapper.java
  19. +2 −2 ...rg/cloudfoundry/identity/uaa/scim/{InvalidUserException.java → InvalidScimResourceException.java}
  20. +106 −11 common/src/main/java/org/cloudfoundry/identity/uaa/scim/JdbcPagingList.java
  21. +45 −214 common/src/main/java/org/cloudfoundry/identity/uaa/scim/JdbcScimUserProvisioning.java
  22. +5 −5 common/src/main/java/org/cloudfoundry/identity/uaa/scim/RemoteScimUserProvisioning.java
  23. +83 −0 common/src/main/java/org/cloudfoundry/identity/uaa/scim/ScimCore.java
  24. +54 −0 common/src/main/java/org/cloudfoundry/identity/uaa/scim/ScimMeta.java
  25. +2 −2 ...dry/identity/uaa/scim/{UserAlreadyExistsException.java → ScimResourceAlreadyExistsException.java}
  26. +2 −2 .../cloudfoundry/identity/uaa/scim/{UserConflictException.java → ScimResourceConflictException.java}
  27. +2 −2 .../cloudfoundry/identity/uaa/scim/{UserNotFoundException.java → ScimResourceNotFoundException.java}
  28. +138 −0 common/src/main/java/org/cloudfoundry/identity/uaa/scim/ScimSearchQueryConverter.java
  29. +27 −106 common/src/main/java/org/cloudfoundry/identity/uaa/scim/ScimUser.java
  30. +52 −19 common/src/main/java/org/cloudfoundry/identity/uaa/scim/ScimUserBootstrap.java
  31. +53 −47 common/src/main/java/org/cloudfoundry/identity/uaa/scim/ScimUserEndpoints.java
  32. +5 −5 common/src/main/java/org/cloudfoundry/identity/uaa/scim/ScimUserProvisioning.java
  33. +34 −0 common/src/main/java/org/cloudfoundry/identity/uaa/scim/SearchQueryConverter.java
  34. +41 −0 common/src/main/java/org/cloudfoundry/identity/uaa/scim/SearchResultsFactory.java
  35. +50 −0 common/src/main/java/org/cloudfoundry/identity/uaa/scim/SimpleAttributeNameMapper.java
  36. +40 −31 ...a/org/cloudfoundry/identity/uaa/scim/{GroupsUsersEndpoints.java → UserIdConversionEndpoints.java}
  37. +299 −0 common/src/main/java/org/cloudfoundry/identity/uaa/scim/groups/JdbcScimGroupMembershipManager.java
  38. +177 −0 common/src/main/java/org/cloudfoundry/identity/uaa/scim/groups/JdbcScimGroupProvisioning.java
  39. +11 −0 common/src/main/java/org/cloudfoundry/identity/uaa/scim/groups/MemberAlreadyExistsException.java
  40. +11 −0 common/src/main/java/org/cloudfoundry/identity/uaa/scim/groups/MemberNotFoundException.java
  41. +57 −0 common/src/main/java/org/cloudfoundry/identity/uaa/scim/groups/ScimGroup.java
  42. +168 −0 common/src/main/java/org/cloudfoundry/identity/uaa/scim/groups/ScimGroupBootstrap.java
  43. +211 −0 common/src/main/java/org/cloudfoundry/identity/uaa/scim/groups/ScimGroupEndpoints.java
  44. +81 −0 common/src/main/java/org/cloudfoundry/identity/uaa/scim/groups/ScimGroupMember.java
  45. +94 −0 common/src/main/java/org/cloudfoundry/identity/uaa/scim/groups/ScimGroupMembershipManager.java
  46. +24 −0 common/src/main/java/org/cloudfoundry/identity/uaa/scim/groups/ScimGroupProvisioning.java
  47. +18 −0 common/src/main/java/org/cloudfoundry/identity/uaa/security/DefaultSecurityContextAccessor.java
  48. +7 −2 common/src/main/java/org/cloudfoundry/identity/uaa/security/SecurityContextAccessor.java
  49. +12 −113 common/src/main/java/org/cloudfoundry/identity/uaa/social/SocialClientAuthenticationFilter.java
  50. +171 −0 common/src/main/java/org/cloudfoundry/identity/uaa/social/SocialClientUserDetailsSource.java
  51. +10 −0 common/src/main/java/org/cloudfoundry/identity/uaa/test/TestUtils.java
  52. +31 −0 common/src/main/java/org/cloudfoundry/identity/uaa/varz/HealthzEndpoint.java
  53. +0 −6 common/src/main/java/org/cloudfoundry/identity/uaa/varz/VarzEndpoint.java
  54. +3 −1 common/src/main/resources/org/cloudfoundry/identity/uaa/schema-drop-hsqldb.sql
  55. +3 −1 common/src/main/resources/org/cloudfoundry/identity/uaa/schema-drop-postgresql.sql
  56. +18 −0 common/src/main/resources/org/cloudfoundry/identity/uaa/schema-hsqldb.sql
  57. +18 −0 common/src/main/resources/org/cloudfoundry/identity/uaa/schema-postgresql.sql
  58. +4 −0 common/src/test/java/org/cloudfoundry/identity/uaa/authentication/UaaAuthenticationTestFactory.java
  59. +136 −0 ...st/java/org/cloudfoundry/identity/uaa/authentication/manager/LoginAuthenticationManagerTests.java
  60. +23 −58 common/src/test/java/org/cloudfoundry/identity/uaa/oauth/ClientAdminEndpointsTests.java
  61. +56 −0 common/src/test/java/org/cloudfoundry/identity/uaa/oauth/ClientInfoEndpointTests.java
  62. +16 −17 common/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenAdminEndpointsTests.java
  63. +2 −37 common/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthorizationRequestFactoryTests.java
  64. +2 −2 common/src/test/java/org/cloudfoundry/identity/uaa/password/PasswordCheckEndpointTests.java
  65. +44 −0 common/src/test/java/org/cloudfoundry/identity/uaa/rest/MessageTests.java
  66. +42 −0 common/src/test/java/org/cloudfoundry/identity/uaa/scim/JdbcPagingListTests.java
  67. +29 −31 common/src/test/java/org/cloudfoundry/identity/uaa/scim/JdbcScimUserProvisioningTests.java
  68. +24 −0 common/src/test/java/org/cloudfoundry/identity/uaa/scim/ScimCoreTests.java
  69. +59 −0 common/src/test/java/org/cloudfoundry/identity/uaa/scim/ScimSearchQueryConverterTests.java
  70. +26 −7 common/src/test/java/org/cloudfoundry/identity/uaa/scim/ScimUserBootstrapTests.java
  71. +140 −9 common/src/test/java/org/cloudfoundry/identity/uaa/scim/ScimUserEndpointsTests.java
  72. +9 −22 ...dfoundry/identity/uaa/scim/{GroupsUsersEndpointsTests.java → UserIdConversionEndpointsTests.java}
  73. +307 −0 .../src/test/java/org/cloudfoundry/identity/uaa/scim/groups/JdbcScimGroupMembershipManagerTests.java
  74. +189 −0 common/src/test/java/org/cloudfoundry/identity/uaa/scim/groups/JdbcScimGroupProvisioningTests.java
  75. +115 −0 common/src/test/java/org/cloudfoundry/identity/uaa/scim/groups/ScimGroupBootstrapTests.java
  76. +241 −0 common/src/test/java/org/cloudfoundry/identity/uaa/scim/groups/ScimGroupEndpointsTests.java
  77. +41 −0 common/src/test/java/org/cloudfoundry/identity/uaa/scim/groups/ScimGroupMemberTests.java
  78. +58 −0 common/src/test/java/org/cloudfoundry/identity/uaa/security/StubSecurityContextAccessor.java
  79. +10 −0 common/src/test/java/org/cloudfoundry/identity/uaa/security/web/UaaRequestMatcherTests.java
  80. +7 −17 common/src/test/java/org/cloudfoundry/identity/uaa/social/OAuth2ClientAuthenticationFilterTests.java
  81. +5 −14 common/src/test/java/org/cloudfoundry/identity/uaa/social/OAuthClientAuthenticationFilterTests.java
  82. +28 −0 common/src/test/java/org/cloudfoundry/identity/uaa/varz/HealthzEndpointTests.java
  83. +0 −5 common/src/test/java/org/cloudfoundry/identity/uaa/varz/VarzEndpointTests.java
  84. +64 −70 docs/UAA-APIs.rst
  85. +20 −14 docs/UAA-Security.md
  86. +1 −0 gem/Rakefile
  87. +80 −0 gem/bin/completion-helper
  88. +1 −3 gem/bin/uaac
  89. +34 −0 gem/bin/uaac-completion.sh
  90. +1 −1 gem/cf-uaa-client.gemspec
  91. +76 −19 gem/lib/cli/base.rb
  92. +31 −41 gem/lib/cli/client_reg.rb
  93. +55 −58 gem/lib/cli/common.rb
  94. +23 −17 gem/lib/cli/config.rb
  95. +29 −16 gem/lib/cli/group.rb
  96. +11 −14 gem/lib/cli/info.rb
  97. +4 −4 gem/lib/cli/runner.rb
  98. +40 −37 gem/lib/cli/token.rb
  99. +64 −32 gem/lib/cli/user.rb
  100. +2 −2 gem/lib/uaa/client_reg.rb
  101. +37 −43 gem/lib/uaa/http.rb
  102. +0 −2 gem/lib/uaa/misc.rb
  103. +18 −8 gem/lib/uaa/token_issuer.rb
  104. +82 −37 gem/lib/uaa/user_account.rb
  105. +4 −3 gem/lib/uaa/util.rb
  106. +1 −1 gem/lib/uaa/version.rb
  107. +122 −45 gem/spec/cli_spec.rb
  108. +7 −14 gem/spec/http_spec.rb
  109. +25 −25 gem/spec/integration_spec.rb
  110. +16 −97 gem/spec/misc_spec.rb
  111. +131 −89 gem/spec/stub_scim.rb
  112. +240 −181 gem/spec/stub_uaa.rb
  113. +44 −123 gem/spec/token_issuer_spec.rb
  114. +28 −4 gem/spec/user_account_spec.rb
  115. +3 −3 pom.xml
  116. +1 −1 samples/api/pom.xml
  117. +40 −0 samples/api/src/main/java/org/cloudfoundry/identity/api/web/CorsFilter.java
  118. +14 −14 samples/api/src/main/webapp/WEB-INF/web.xml
  119. +2 −0 samples/app/.gitignore
  120. +1 −1 samples/app/pom.xml
  121. +25 −8 samples/app/src/main/java/org/cloudfoundry/identity/app/web/HomeController.java
  122. +11 −7 samples/app/src/main/webapp/WEB-INF/spring-servlet.xml
  123. +6 −2 samples/app/src/main/webapp/browse.jsp
  124. +1 −1 samples/app/src/main/webapp/resources/js/libs/jso.js
  125. +1 −1 samples/login/pom.xml
  126. +0 −20 samples/login/src/main/java/org/cloudfoundry/identity/uaa/login/RemoteUaaController.java
  127. +8 −160 samples/login/src/main/webapp/WEB-INF/jsp/access_confirmation.jsp
  128. +13 −149 samples/login/src/main/webapp/WEB-INF/jsp/home.jsp
  129. +10 −182 samples/login/src/main/webapp/WEB-INF/jsp/login.jsp
  130. BIN samples/login/src/main/webapp/favicon.ico
  131. BIN samples/login/src/main/webapp/resources/images/404.jpg
  132. BIN samples/login/src/main/webapp/resources/images/beta.png
  133. BIN samples/login/src/main/webapp/resources/images/bg_stripy.png
  134. BIN samples/login/src/main/webapp/resources/images/bullet.png
  135. BIN samples/login/src/main/webapp/resources/images/button_close.png
  136. BIN samples/login/src/main/webapp/resources/images/button_regenerate.png
  137. BIN samples/login/src/main/webapp/resources/images/callout_spotlight.png
  138. BIN samples/login/src/main/webapp/resources/images/cloud_foundry_logo.png
  139. BIN samples/login/src/main/webapp/resources/images/dots.png
  140. BIN samples/login/src/main/webapp/resources/images/form_field.png
  141. BIN samples/login/src/main/webapp/resources/images/icon_document.png
  142. BIN samples/login/src/main/webapp/resources/images/icon_download.png
  143. BIN samples/login/src/main/webapp/resources/images/icon_follow.png
  144. BIN samples/login/src/main/webapp/resources/images/icon_forums.png
  145. BIN samples/login/src/main/webapp/resources/images/icon_magnify.png
  146. BIN samples/login/src/main/webapp/resources/images/icon_rss.png
  147. BIN samples/login/src/main/webapp/resources/images/icon_slides.png
  148. BIN samples/login/src/main/webapp/resources/images/icon_speech_bubble.png
  149. BIN samples/login/src/main/webapp/resources/images/icon_video.png
  150. BIN samples/login/src/main/webapp/resources/images/logo-small.png
  151. BIN samples/login/src/main/webapp/resources/images/logo_header_cloudfoundry.png
  152. BIN samples/login/src/main/webapp/resources/images/page_header.png
  153. BIN samples/login/src/main/webapp/resources/images/social_icons.png
  154. BIN samples/login/src/main/webapp/resources/images/super_nav_separator.png
  155. BIN samples/login/src/main/webapp/resources/images/vmware.png
  156. +0 −81 samples/login/src/main/webapp/resources/stylesheets/PIE.htc
  157. +0 −673 samples/login/src/main/webapp/resources/stylesheets/core.css
  158. +0 −36 samples/login/src/main/webapp/resources/stylesheets/hosted.css
  159. +0 −99 samples/login/src/main/webapp/resources/stylesheets/ie.css
  160. +0 −127 samples/login/src/main/webapp/resources/stylesheets/ie7.css
  161. +0 −384 samples/login/src/main/webapp/resources/stylesheets/master-cf.css
  162. +0 −2,533 samples/login/src/main/webapp/resources/stylesheets/master.css
  163. +0 −105 samples/login/src/main/webapp/resources/stylesheets/micro.css
  164. +0 −26 samples/login/src/main/webapp/resources/stylesheets/passwd.css
  165. +0 −49 samples/login/src/main/webapp/resources/stylesheets/print.css
  166. +1 −1 samples/pom.xml
  167. +0 −1 uaa/.springBeans
  168. +2 −15 uaa/pom.xml
  169. +0 −70 uaa/src/main/java/org/cloudfoundry/identity/uaa/scim/job/AdminUsersTasklet.java
  170. +0 −96 .../main/java/org/cloudfoundry/identity/uaa/scim/job/CloudControllerLastModifiedFilterProcessor.java
  171. +0 −113 uaa/src/main/java/org/cloudfoundry/identity/uaa/scim/job/CloudControllerUserItemProcessor.java
  172. +0 −60 uaa/src/main/java/org/cloudfoundry/identity/uaa/scim/job/GenericSqlTasklet.java
  173. +0 −28 uaa/src/main/java/org/cloudfoundry/identity/uaa/scim/job/MapItemSqlParameterSourceProvider.java
  174. +0 −102 uaa/src/main/java/org/cloudfoundry/identity/uaa/scim/job/UaaUserItemProcessor.java
  175. +0 −210 uaa/src/main/resources/META-INF/spring/batch/jobs/jobs.xml
  176. +0 −9 uaa/src/main/resources/batch-default.properties
  177. 0 uaa/src/main/resources/business-schema-hsqldb.sql
  178. +0 −25 uaa/src/main/resources/messages.properties
  179. +18 −0 uaa/src/main/resources/org/cloudfoundry/identity/uaa/schema-cloudfoundry.sql
  180. +3 −1 uaa/src/main/resources/org/cloudfoundry/identity/uaa/schema-drop-cloudfoundry.sql
  181. +3 −16 uaa/src/main/resources/uaa.yml
  182. +0 −49 uaa/src/main/webapp/WEB-INF/applicationContext.xml
  183. +0 −90 uaa/src/main/webapp/WEB-INF/batch-servlet.xml
  184. +1 −1 uaa/src/main/webapp/WEB-INF/jsp/access_confirmation.jsp
  185. +31 −13 uaa/src/main/webapp/WEB-INF/spring-servlet.xml
  186. +29 −0 uaa/src/main/webapp/WEB-INF/spring/audit.xml
  187. +2 −2 uaa/src/main/webapp/WEB-INF/spring/login-server-security.xml
  188. +13 −0 uaa/src/main/webapp/WEB-INF/spring/resource-endpoints.xml
  189. +110 −20 uaa/src/main/webapp/WEB-INF/spring/scim-endpoints.xml
  190. +17 −9 uaa/src/main/webapp/WEB-INF/varz-servlet.xml
  191. +4 −41 uaa/src/main/webapp/WEB-INF/web.xml
  192. +0 −142 uaa/src/main/webapp/WEB-INF/web/manager/jobs/html/execution.ftl
  193. +1 −3 uaa/src/test/java/org/cloudfoundry/identity/uaa/AdhocTestSuite.java
  194. +0 −11 uaa/src/test/java/org/cloudfoundry/identity/uaa/BootstrapTests.java
  195. +3 −3 ...src/test/java/org/cloudfoundry/identity/uaa/integration/ClientAdminEndpointsIntegrationTests.java
  196. +88 −0 uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ClientInfoEndpointIntegrationTests.java
  197. +109 −0 uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/FormLoginIntegrationTests.java
  198. +5 −26 ...ntity/uaa/integration/{BatchEndpointIntegrationTests.java → HealthzEndpointIntegrationTests.java}
  199. +13 −5 uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/LoginServerSecurityIntegrationTests.java
  200. +17 −0 ...rc/test/java/org/cloudfoundry/identity/uaa/integration/PasswordCheckEndpointIntegrationTests.java
  201. +64 −13 uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ScimUserEndpointsIntegrationTests.java
  202. +5 −10 uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/TokenAdminEndpointsIntegrationTests.java
  203. +3 −3 uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/VmcScimUserEndpointIntegrationTests.java
  204. +9 −30 ...{VmcGroupsUsersEndpointIntegrationTests.java → VmcUserIdTranslationEndpointIntegrationTests.java}
  205. +0 −97 uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/jobs/AbstractJobIntegrationTests.java
  206. +0 −60 uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/jobs/BackwardMigrationJobIntegrationTests.java
  207. +0 −64 uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/jobs/UserMigrationJobIntegrationTests.java
  208. +0 −84 uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/jobs/UserSyncJobIntegrationTests.java
  209. +0 −22 uaa/src/test/resources/org/cloudfoundry/identity/uaa/cloud-controller-schema-hsqldb.sql
  210. +0 −22 uaa/src/test/resources/org/cloudfoundry/identity/uaa/cloud-controller-schema-postgresql.sql
View
@@ -6,7 +6,7 @@
<parent>
<groupId>org.cloudfoundry.identity</groupId>
<artifactId>cloudfoundry-identity-parent</artifactId>
- <version>1.2.0.BUILD-SNAPSHOT</version>
+ <version>1.2.0</version>
<relativePath>..</relativePath>
</parent>
@@ -247,7 +247,7 @@
<dependency>
<groupId>eu.tekul</groupId>
<artifactId>szxcvbn_2.8.2</artifactId>
- <version>0.1</version>
+ <version>0.2</version>
<scope>compile</scope>
<optional>true</optional>
</dependency>
@@ -15,8 +15,10 @@
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
@@ -31,6 +33,7 @@
import org.apache.commons.logging.LogFactory;
import org.codehaus.jackson.map.ObjectMapper;
import org.codehaus.jackson.type.TypeReference;
+import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
@@ -66,6 +69,20 @@
private AuthenticationEntryPoint authenticationEntryPoint = new OAuth2AuthenticationEntryPoint();
+ private Set<String> methods = Collections.singleton(HttpMethod.POST.toString());
+
+ /**
+ * The filter fails on requests that don't have one of these HTTP methods.
+ *
+ * @param methods the methods to set (defaults to POST)
+ */
+ public void setMethods(Set<String> methods) {
+ this.methods = new HashSet<String>();
+ for (String method : methods) {
+ this.methods.add(method.toUpperCase());
+ }
+ }
+
/**
* @param authenticationEntryPoint the authenticationEntryPoint to set
*/
@@ -103,8 +120,8 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
else {
logger.debug("Located credentials in request, with keys: " + loginInfo.keySet());
try {
- if (!"POST".equals(req.getMethod().toUpperCase())) {
- throw new BadCredentialsException("Credentials must be sent via POST");
+ if (methods!=null && !methods.contains(req.getMethod().toUpperCase())) {
+ throw new BadCredentialsException("Credentials must be sent by (one of methods): " + methods);
}
Authentication result = authenticationManager.authenticate(new AuthzAuthenticationRequest(loginInfo,
new UaaAuthenticationDetails(req)));
@@ -41,8 +41,8 @@ public AuthzAuthenticationRequest(Map<String,String> info, UaaAuthenticationDeta
}
public AuthzAuthenticationRequest(String username, String password, UaaAuthenticationDetails details) {
- Assert.hasText("username", "username cannot be empty");
- Assert.hasText("password", "password cannot be empty");
+ Assert.hasText(username, "username cannot be empty");
+ Assert.hasText(password, "password cannot be empty");
HashMap<String, String> info = new HashMap<String, String>();
info.put("username", username.trim());
info.put("password", password.trim());
@@ -12,7 +12,10 @@
*/
package org.cloudfoundry.identity.uaa.authentication.manager;
+import java.security.SecureRandom;
+import java.util.List;
import java.util.Locale;
+import java.util.UUID;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -30,8 +33,10 @@
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.codec.Hex;
import org.springframework.security.crypto.password.PasswordEncoder;
/**
@@ -46,6 +51,11 @@
private final UaaUserDatabase userDatabase;
private ApplicationEventPublisher eventPublisher;
private AccountLoginPolicy accountLoginPolicy = new PermitAllAccountLoginPolicy();
+ /**
+ * Dummy user allows the authentication process for non-existent and locked out users to be as close to
+ * that of normal users as possible to avoid differences in timing.
+ */
+ private final UaaUser dummyUser;
public AuthzAuthenticationManager(UaaUserDatabase cfusers) {
this(cfusers, new BCryptPasswordEncoder());
@@ -54,44 +64,52 @@ public AuthzAuthenticationManager(UaaUserDatabase cfusers) {
public AuthzAuthenticationManager(UaaUserDatabase userDatabase, PasswordEncoder encoder) {
this.userDatabase = userDatabase;
this.encoder = encoder;
+ this.dummyUser = createDummyUser();
}
@Override
public Authentication authenticate(Authentication req) throws AuthenticationException {
+ logger.debug("Processing authentication request for " + req.getName());
+
+ if (req.getCredentials() == null) {
+ throw new BadCredentialsException("No password supplied");
+ }
+
+ UaaUser user;
try {
- logger.debug("Processing authentication request for " + req.getName());
- UaaUser user = userDatabase.retrieveUserByName(req.getName().toLowerCase(Locale.US));
-
- if (!accountLoginPolicy.isAllowed(user, req)) {
- logger.warn("Login policy rejected authentication for " + user.getUsername() + ", " + user.getId()
- + ". Ignoring login request.");
- // TODO: We should perhaps have another audit event type here
- // since this will not be logged as an authentication failure.
- throw new BadCredentialsException("Login policy rejected authentication");
- }
+ user = userDatabase.retrieveUserByName(req.getName().toLowerCase(Locale.US));
+ }
+ catch (UsernameNotFoundException e) {
+ user = dummyUser;
+ }
- if (req.getCredentials() == null) {
- throw new BadCredentialsException("No password supplied");
- }
+ final boolean passwordMatches = encoder.matches((CharSequence) req.getCredentials(), user.getPassword());
- if (encoder.matches((CharSequence) req.getCredentials(), user.getPassword())) {
- logger.debug("Password successfully matched");
- Authentication success = new UaaAuthentication(new UaaPrincipal(user),
- user.getAuthorities(), (UaaAuthenticationDetails) req.getDetails());
- eventPublisher.publishEvent(new UserAuthenticationSuccessEvent(user, success));
+ if (!accountLoginPolicy.isAllowed(user, req)) {
+ logger.warn("Login policy rejected authentication for " + user.getUsername() + ", " + user.getId()
+ + ". Ignoring login request.");
+ // TODO: We should perhaps have another audit event type here
+ // since this will not be logged as an authentication failure.
+ throw new BadCredentialsException("Login policy rejected authentication");
+ }
- return success;
- }
- logger.debug("Password did not match");
- eventPublisher.publishEvent(new UserAuthenticationFailureEvent(user, req));
+ if (passwordMatches) {
+ logger.debug("Password successfully matched");
+ Authentication success = new UaaAuthentication(new UaaPrincipal(user),
+ user.getAuthorities(), (UaaAuthenticationDetails) req.getDetails());
+ eventPublisher.publishEvent(new UserAuthenticationSuccessEvent(user, success));
- throw new BadCredentialsException("Bad credentials");
+ return success;
}
- catch (UsernameNotFoundException e) {
- eventPublisher.publishEvent(new UserNotFoundEvent(req));
+
+ if (user == dummyUser) {
logger.debug("No user named '" + req.getName() + "' was found");
- throw new BadCredentialsException("Bad credentials");
+ eventPublisher.publishEvent(new UserNotFoundEvent(req));
+ } else {
+ logger.debug("Password did not match for user " + req.getName());
+ eventPublisher.publishEvent(new UserAuthenticationFailureEvent(user, req));
}
+ throw new BadCredentialsException("Bad credentials");
}
@Override
@@ -102,4 +120,24 @@ public void setApplicationEventPublisher(ApplicationEventPublisher eventPublishe
public void setAccountLoginPolicy(AccountLoginPolicy accountLoginPolicy) {
this.accountLoginPolicy = accountLoginPolicy;
}
+
+ private UaaUser createDummyUser() {
+ // Create random unguessable password
+ SecureRandom random = new SecureRandom();
+ byte[] passBytes = new byte[16];
+ random.nextBytes(passBytes);
+ String password = encoder.encode(new String(Hex.encode(passBytes)));
+ // Unique ID which isn't in the database
+ final String id = UUID.randomUUID().toString();
+
+ return new UaaUser("dummy_user", password, "dummy_user", "dummy", "dummy") {
+ public final String getId() {
+ return id;
+ }
+
+ public final List<? extends GrantedAuthority> getAuthorities() {
+ throw new IllegalStateException();
+ }
+ };
+ }
}
@@ -32,7 +32,7 @@
private ApplicationEventPublisher eventPublisher;
private ScimUserBootstrap scimUserBootstrap;
-
+
private UaaUserDatabase userDatabase;
boolean addNewAccounts = false;
@@ -62,18 +62,19 @@ public void setApplicationEventPublisher(ApplicationEventPublisher eventPublishe
public void setScimUserBootstrap(ScimUserBootstrap scimUserBootstrap) {
this.scimUserBootstrap = scimUserBootstrap;
}
-
+
/**
* @param userDatabase the userDatabase to set
*/
public void setUserDatabase(UaaUserDatabase userDatabase) {
this.userDatabase = userDatabase;
}
-
+
@Override
public Authentication authenticate(Authentication request) throws AuthenticationException {
if (!(request instanceof AuthzAuthenticationRequest)) {
+ logger.debug("Cannot process request of type: " + request.getClass().getName());
return null;
}
@@ -88,13 +89,22 @@ public Authentication authenticate(Authentication request) throws Authentication
OAuth2Authentication authentication = (OAuth2Authentication) context.getAuthentication();
if (authentication.isClientOnly()) {
UaaUser user = getUser(req, info);
- if (scimUserBootstrap != null && addNewAccounts) {
- // Register new users automatically
- scimUserBootstrap.addUser(user);
- } else {
- try {
- user = userDatabase.retrieveUserByName(user.getUsername());
- } catch (UsernameNotFoundException e) {
+ try {
+ user = userDatabase.retrieveUserByName(user.getUsername());
+ }
+ catch (UsernameNotFoundException e) {
+ // Not necessarily fatal
+ if (scimUserBootstrap != null && addNewAccounts) {
+ // Register new users automatically
+ scimUserBootstrap.addUser(user);
+ try {
+ user = userDatabase.retrieveUserByName(user.getUsername());
+ }
+ catch (UsernameNotFoundException ex) {
+ throw new BadCredentialsException("Bad credentials");
+ }
+ }
+ else {
throw new BadCredentialsException("Bad credentials");
}
}
@@ -106,17 +116,17 @@ public Authentication authenticate(Authentication request) throws Authentication
}
logger.debug("Did not locate login credentials");
- throw new BadCredentialsException("Bad credentials");
+ return null;
}
protected UaaUser getUser(AuthzAuthenticationRequest req, Map<String, String> info) {
String name = req.getName();
String email = info.get("email");
- if (name==null && email!=null) {
+ if (name == null && email != null) {
name = email;
}
- if (name==null) {
+ if (name == null) {
throw new BadCredentialsException("Cannot determine username from credentials supplied");
}
if (email == null) {
@@ -18,7 +18,7 @@
import javax.servlet.http.HttpServletResponse;
-import org.cloudfoundry.identity.uaa.scim.ScimUser;
+import org.cloudfoundry.identity.uaa.scim.ScimCore;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.FactoryBean;
import org.springframework.context.ApplicationContext;
@@ -38,7 +38,7 @@
/**
* Factory for a handler adapter that sniffs the results from {@link RequestMapping} method executions and adds an ETag
- * header if the result is a {@link ScimUser}. Inject into application context as anonymous bean.
+ * header if the result is a {@link ScimCore}. Inject into application context as anonymous bean.
*
* @author Dave Syer
*
@@ -81,16 +81,16 @@ public ScimEtagHandlerMethodReturnValueHandler(List<HttpMessageConverter<?>> mes
@Override
public boolean supportsReturnType(MethodParameter returnType) {
- return ScimUser.class.isAssignableFrom(returnType.getMethod().getReturnType());
+ return ScimCore.class.isAssignableFrom(returnType.getMethod().getReturnType());
}
@Override
public void handleReturnValue(Object returnValue, MethodParameter returnType,
ModelAndViewContainer mavContainer, NativeWebRequest webRequest) throws IOException,
HttpMediaTypeNotAcceptableException {
- if (returnValue instanceof ScimUser) {
+ if (returnValue instanceof ScimCore) {
HttpServletResponse response = webRequest.getNativeResponse(HttpServletResponse.class);
- response.addHeader("ETag", "\"" + ((ScimUser) returnValue).getVersion() + "\"");
+ response.addHeader("ETag", "\"" + ((ScimCore) returnValue).getVersion() + "\"");
}
super.handleReturnValue(returnValue, returnType, mavContainer, webRequest);
}
@@ -54,6 +54,10 @@ public UaaException(String msg) {
this(DEFAULT_ERROR, msg, 400);
}
+ public UaaException(String msg, int status) {
+ this(DEFAULT_ERROR, msg, status);
+ }
+
public UaaException(String error, String description, int status) {
super(description);
this.error = error;
@@ -130,10 +130,6 @@ public String getVarzAuthorizationHeader() {
return getAuthorizationHeader("varz", "varz", "varzclientsecret");
}
- public String getBatchAuthorizationHeader() {
- return getAuthorizationHeader("batch", "batch", "batchsecret");
- }
-
public String getAuthorizationHeader(String prefix, String defaultUsername, String defaultPassword) {
String username = environment.getProperty(prefix + ".username", defaultUsername);
String password = environment.getProperty(prefix + ".password", defaultPassword);
@@ -22,6 +22,7 @@
import javax.servlet.http.HttpServletRequest;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
+import org.springframework.security.oauth2.provider.BaseClientDetails;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.stereotype.Controller;
@@ -68,9 +69,11 @@ public String confirm(Map<String, Object> model, final HttpServletRequest reques
// response.sendError(HttpServletResponse.SC_BAD_REQUEST);
}
else {
- ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId());
+ BaseClientDetails client = new BaseClientDetails(clientDetailsService.loadClientByClientId(clientAuth.getClientId()));
+ client.setClientSecret(null);
model.put("auth_request", clientAuth);
- model.put("client", client);
+ model.put("client", client); // TODO: remove this once it has gone from jsp pages
+ model.put("client_id", clientAuth.getClientId());
model.put("redirect_uri", getRedirectUri(client, clientAuth));
model.put("scopes", getScopes(client, clientAuth));
model.put("message",
Oops, something went wrong.

0 comments on commit 8d0ae84

Please sign in to comment.