refactor degraded mode into limited functionality mode

[#151223422] https://www.pivotaltracker.com/story/show/151223422
Signed-off-by: Henry Zhao <henryzh16@gmail.com>

server/src/main/java/org/cloudfoundry/identity/uaa/web/DegradedModeUaaFilter.java → server/src/main/java/org/cloudfoundry/identity/uaa/web/LimitedModeUaaFilter.java

@@ -39,11 +39,11 @@
 import static java.util.stream.Collectors.toList;
 import static javax.servlet.http.HttpServletResponse.SC_SERVICE_UNAVAILABLE;
 
-public class DegradedModeUaaFilter extends OncePerRequestFilter {
+public class LimitedModeUaaFilter extends OncePerRequestFilter {
 
     public static final String ERROR_CODE = "uaa_unavailable";
-    public static final String ERROR_MESSAGE = "UAA intentionally in degraded mode, operation not permitted. Please try later.";
-    private static Log logger = LogFactory.getLog(DegradedModeUaaFilter.class);
+    public static final String ERROR_MESSAGE = "UAA intentionally in limited mode, operation not permitted. Please try later.";
+    private static Log logger = LogFactory.getLog(LimitedModeUaaFilter.class);
 
     private Set<String> permittedEndpoints = emptySet();
     private Set<String> permittedMethods = emptySet();
@@ -57,7 +57,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
             if ( isMethodAllowed(request) || isEndpointAllowed(request)) {
                 filterChain.doFilter(request, response);
             } else {
-                logger.debug(format("Operation Not permitted in degraded mode for URL:%s and method:%s",
+                logger.debug(format("Operation Not permitted in limited mode for URL:%s and method:%s",
                                     request.getRequestURI(),
                                     request.getMethod()
                              )

server/src/test/java/org/cloudfoundry/identity/uaa/web/DegradedModeUaaFilterTests.java → server/src/test/java/org/cloudfoundry/identity/uaa/web/LimitedModeUaaFilterTests.java

@@ -37,20 +37,20 @@
 import static org.springframework.http.HttpMethod.GET;
 import static org.springframework.http.HttpMethod.POST;
 
-public class DegradedModeUaaFilterTests {
+public class LimitedModeUaaFilterTests {
 
     private MockHttpServletRequest request;
     private MockHttpServletResponse response;
     private FilterChain chain;
-    private DegradedModeUaaFilter filter;
+    private LimitedModeUaaFilter filter;
 
     @Before
     public void setup() throws Exception {
         request = new MockHttpServletRequest();
         request.addHeader(ACCEPT, "*/*");
         response = new MockHttpServletResponse();
         chain = mock(FilterChain.class);
-        filter = new DegradedModeUaaFilter();
+        filter = new LimitedModeUaaFilter();
     }
 
     public void setPathInfo(String pathInfo) {

uaa/src/main/resources/uaa.yml

@@ -589,7 +589,7 @@ uaa:
     url: http://localhost:8080/uaa/approvals
   login:
     url: http://localhost:8080/uaa/authenticate
-  degraded:
+  limited_functionality:
     enabled: false
     whitelist:
       endpoints:

uaa/src/main/webapp/WEB-INF/spring-servlet.xml

@@ -230,7 +230,7 @@
                        key="#{T(org.cloudfoundry.identity.uaa.security.web.SecurityFilterChainPostProcessor.FilterPosition).position(2)}" />
                 <entry value-ref="corsFilter"
                        key="#{T(org.cloudfoundry.identity.uaa.security.web.SecurityFilterChainPostProcessor.FilterPosition).position(3)}" />
-                <entry value-ref="degradedModeUaaFilter"
+                <entry value-ref="limitedModeUaaFilter"
                        key="#{T(org.cloudfoundry.identity.uaa.security.web.SecurityFilterChainPostProcessor.FilterPosition).position(4)}" />
                 <entry value-ref="identityZoneResolvingFilter"
                        key="#{T(org.cloudfoundry.identity.uaa.security.web.SecurityFilterChainPostProcessor.FilterPosition).position(5)}"/>
@@ -550,18 +550,18 @@
         <property name="userDatabase" ref="userDatabase"/>
     </bean>
 
-    <bean id="degradedModeUaaFilter" class="org.cloudfoundry.identity.uaa.web.DegradedModeUaaFilter">
-        <property name="enabled" value="${uaa.degraded.enabled:false}"/>
+    <bean id="limitedModeUaaFilter" class="org.cloudfoundry.identity.uaa.web.LimitedModeUaaFilter">
+        <property name="enabled" value="${uaa.limited_functionality.enabled:false}"/>
         <property name="permittedEndpoints"
                   value="#{@config['uaa']==null ? null :
-                           @config['uaa']['degraded']==null ? null :
-                           @config['uaa']['degraded']['whitelist']==null ? null :
-                           @config['uaa']['degraded']['whitelist']['endpoints']}"/>
+                           @config['uaa']['limited_functionality']==null ? null :
+                           @config['uaa']['limited_functionality']['whitelist']==null ? null :
+                           @config['uaa']['limited_functionality']['whitelist']['endpoints']}"/>
         <property name="permittedMethods"
                   value="#{@config['uaa']==null ? null :
-                           @config['uaa']['degraded']==null ? null :
-                           @config['uaa']['degraded']['whitelist']==null ? null :
-                           @config['uaa']['degraded']['whitelist']['methods']}"/>
+                           @config['uaa']['limited_functionality']==null ? null :
+                           @config['uaa']['limited_functionality']['whitelist']==null ? null :
+                           @config['uaa']['limited_functionality']['whitelist']['methods']}"/>
     </bean>
 
 </beans>

uaa/src/test/java/org/cloudfoundry/identity/uaa/login/BootstrapTests.java

@@ -24,7 +24,7 @@
 import org.cloudfoundry.identity.uaa.message.NotificationsService;
 import org.cloudfoundry.identity.uaa.message.util.FakeJavaMailSender;
 import org.cloudfoundry.identity.uaa.mock.oauth.CheckDefaultAuthoritiesMvcMockTests;
-import org.cloudfoundry.identity.uaa.web.DegradedModeUaaFilter;
+import org.cloudfoundry.identity.uaa.web.LimitedModeUaaFilter;
 import org.cloudfoundry.identity.uaa.oauth.CheckTokenEndpoint;
 import org.cloudfoundry.identity.uaa.oauth.UaaTokenServices;
 import org.cloudfoundry.identity.uaa.oauth.UaaTokenStore;
@@ -200,9 +200,9 @@ public void defaults_and_required_properties() throws Exception {
 
         context = getServletContext(profiles, false, new String[] {"login.yml", "uaa.yml", "required_configuration.yml"}, "file:./src/main/webapp/WEB-INF/spring-servlet.xml");
 
-        DegradedModeUaaFilter degradedModeUaaFilter = context.getBean(DegradedModeUaaFilter.class);
-        assertFalse(degradedModeUaaFilter.isEnabled());
-        assertThat(degradedModeUaaFilter.getPermittedEndpoints(),
+        LimitedModeUaaFilter limitedModeUaaFilter = context.getBean(LimitedModeUaaFilter.class);
+        assertFalse(limitedModeUaaFilter.isEnabled());
+        assertThat(limitedModeUaaFilter.getPermittedEndpoints(),
                    containsInAnyOrder(
                         "/oauth/authorize/**",
                         "/oauth/token/**",
@@ -217,7 +217,7 @@ public void defaults_and_required_properties() throws Exception {
                         "/idp_discovery/**"
                    )
         );
-        assertThat(degradedModeUaaFilter.getPermittedMethods(),
+        assertThat(limitedModeUaaFilter.getPermittedMethods(),
                    containsInAnyOrder(
                        "GET",
                        "HEAD",
@@ -447,9 +447,9 @@ public void all_properties_set() throws Exception {
         String profiles = System.getProperty("spring.profiles.active");
         context = getServletContext(profiles, false, new String[] {"login.yml", "uaa.yml", "test/bootstrap/all-properties-set.yml"}, "file:./src/main/webapp/WEB-INF/spring-servlet.xml");
 
-        DegradedModeUaaFilter degradedModeUaaFilter = context.getBean(DegradedModeUaaFilter.class);
-        assertTrue(degradedModeUaaFilter.isEnabled());
-        assertThat(degradedModeUaaFilter.getPermittedEndpoints(),
+        LimitedModeUaaFilter limitedModeUaaFilter = context.getBean(LimitedModeUaaFilter.class);
+        assertTrue(limitedModeUaaFilter.isEnabled());
+        assertThat(limitedModeUaaFilter.getPermittedEndpoints(),
                    containsInAnyOrder(
                        "/oauth/authorize/**",
                        "/oauth/token/**",
@@ -460,7 +460,7 @@ public void all_properties_set() throws Exception {
                        "/other-url/**"
                    )
         );
-        assertThat(degradedModeUaaFilter.getPermittedMethods(),
+        assertThat(limitedModeUaaFilter.getPermittedMethods(),
                    containsInAnyOrder(
                        "GET",
                        "HEAD",

uaa/src/test/java/org/cloudfoundry/identity/uaa/login/LoginMockMvcTests.java

@@ -42,7 +42,7 @@
 import org.cloudfoundry.identity.uaa.user.UaaAuthority;
 import org.cloudfoundry.identity.uaa.util.JsonUtils;
 import org.cloudfoundry.identity.uaa.util.SetServerNameRequestPostProcessor;
-import org.cloudfoundry.identity.uaa.web.DegradedModeUaaFilter;
+import org.cloudfoundry.identity.uaa.web.LimitedModeUaaFilter;
 import org.cloudfoundry.identity.uaa.zone.BrandingInformation;
 import org.cloudfoundry.identity.uaa.zone.IdentityZone;
 import org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration;
@@ -662,7 +662,7 @@ public void testForgotPasswordPageDoesNotHaveCsrf() throws Exception {
 
     @Test
     public void testForgotPasswordSubmitDoesNotValidateCsrf() throws Exception {
-        assumeFalse("Test only runs in non degraded mode.", isDegraded());
+        assumeFalse("Test only runs in non limited mode.", isLimitedMode());
         getMockMvc().perform(
             post("/forgot_password.do")
                 .param("username", "marissa")
@@ -685,7 +685,7 @@ public void testChangePasswordPageDoesHaveCsrf() throws Exception {
 
     @Test
     public void testChangePasswordSubmitDoesValidateCsrf() throws Exception {
-        assumeFalse("Test only runs in non degraded mode.", isDegraded());
+        assumeFalse("Test only runs in non limited mode.", isLimitedMode());
         ScimUser user = createUser(getUaa().getId());
         getMockMvc().perform(
             post("/change_password.do")
@@ -1622,7 +1622,7 @@ public String[] getParameterValues(String name) {
 
     @Test
     public void testDeactivatedProviderIsRemovedFromSamlLoginLinks() throws Exception {
-        assumeFalse("Test only runs in non degraded mode.", isDegraded());
+        assumeFalse("Test only runs in non limited mode.", isLimitedMode());
         String alias = "login-saml-"+generator.generate();
         BaseClientDetails zoneAdminClient = new BaseClientDetails("admin", null, null, "client_credentials", "clients.admin,scim.read,scim.write");
         zoneAdminClient.setClientSecret("admin-secret");
@@ -1680,7 +1680,7 @@ public void testChangeEmailPageHasCsrf() throws Exception {
 
     @Test
     public void testChangeEmailSubmitWithMissingCsrf() throws Exception {
-        assumeFalse("Test only runs in non degraded mode.", isDegraded());
+        assumeFalse("Test only runs in non limited mode.", isLimitedMode());
         SecurityContext marissaContext = getMarissaSecurityContext(getWebApplicationContext());
 
         MockHttpServletRequestBuilder get = get("/change_email")
@@ -1705,7 +1705,7 @@ public void testChangeEmailSubmitWithMissingCsrf() throws Exception {
 
     @Test
     public void testChangeEmailSubmitWithInvalidCsrf() throws Exception {
-        assumeFalse("Test only runs in non degraded mode.", isDegraded());
+        assumeFalse("Test only runs in non limited mode.", isLimitedMode());
         SecurityContext marissaContext = getMarissaSecurityContext(getWebApplicationContext());
 
         MockHttpServletRequestBuilder get = get("/change_email")
@@ -1731,7 +1731,7 @@ public void testChangeEmailSubmitWithInvalidCsrf() throws Exception {
 
     @Test
     public void testChangeEmailSubmitWithSpringSecurityForcedCsrf() throws Exception {
-        assumeFalse("Test only runs in non degraded mode.", isDegraded());
+        assumeFalse("Test only runs in non limited mode.", isLimitedMode());
         SecurityContext marissaContext = getMarissaSecurityContext(getWebApplicationContext());
         //example shows to to test a request that is secured by csrf and you wish to bypass it
         MockHttpServletRequestBuilder changeEmail = post("/change_email.do")
@@ -1750,7 +1750,7 @@ public void testChangeEmailSubmitWithSpringSecurityForcedCsrf() throws Exception
 
     @Test
     public void testChangeEmailSubmitWithCorrectCsrf() throws Exception {
-        assumeFalse("Test only runs in non degraded mode.", isDegraded());
+        assumeFalse("Test only runs in non limited mode.", isLimitedMode());
         SecurityContext marissaContext = getMarissaSecurityContext(getWebApplicationContext());
 
         MockHttpServletRequestBuilder get = get("/change_email")
@@ -1780,7 +1780,7 @@ public void testChangeEmailSubmitWithCorrectCsrf() throws Exception {
 
     @Test
     public void testChangeEmailDoNotLoggedIn() throws Exception {
-        assumeFalse("Test only runs in non degraded mode.", isDegraded());
+        assumeFalse("Test only runs in non limited mode.", isLimitedMode());
         SecurityContext marissaContext = getMarissaSecurityContext(getWebApplicationContext());
 
         MockHttpServletRequestBuilder changeEmail = post("/change_email.do")
@@ -1808,7 +1808,7 @@ public void testChangeEmailDoNotLoggedIn() throws Exception {
 
     @Test
     public void testChangeEmailNoCsrfReturns403AndInvalidRequest() throws Exception {
-        assumeFalse("Test only runs in non degraded mode.", isDegraded());
+        assumeFalse("Test only runs in non limited mode.", isLimitedMode());
         SecurityContext marissaContext = getMarissaSecurityContext(getWebApplicationContext());
 
         MockHttpServletRequestBuilder get = get("/change_email")
@@ -1833,7 +1833,7 @@ public void testChangeEmailNoCsrfReturns403AndInvalidRequest() throws Exception
 
     @Test
     public void testCsrfForInvitationAcceptPost() throws Exception {
-        assumeFalse("Test only runs in non degraded mode.", isDegraded());
+        assumeFalse("Test only runs in non limited mode.", isLimitedMode());
         SecurityContext marissaContext = getMarissaSecurityContext(getWebApplicationContext());
         AnonymousAuthenticationToken inviteToken = new AnonymousAuthenticationToken("invited-test", marissaContext.getAuthentication().getPrincipal(), asList(UaaAuthority.UAA_INVITED));
         MockHttpSession inviteSession = new MockHttpSession();
@@ -2588,7 +2588,7 @@ public String[] getParameterValues(String name) {
         };
     }
 
-    public boolean isDegraded() throws Exception {
-        return getWebApplicationContext().getBean(DegradedModeUaaFilter.class).isEnabled();
+    public boolean isLimitedMode() throws Exception {
+        return getWebApplicationContext().getBean(LimitedModeUaaFilter.class).isEnabled();
     }
 }

uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/DefaultConfigurationTestSuite.java

@@ -13,7 +13,7 @@
 package org.cloudfoundry.identity.uaa.mock;
 
 import org.cloudfoundry.identity.uaa.login.LoginMockMvcTests;
-import org.cloudfoundry.identity.uaa.mock.degraded.DegradedModeLoginMockMvcTests;
+import org.cloudfoundry.identity.uaa.mock.limited.LimitedModeLoginMockMvcTests;
 import org.cloudfoundry.identity.uaa.test.YamlServletProfileInitializerContextInitializer;
 import org.flywaydb.core.Flyway;
 import org.junit.AfterClass;
@@ -32,7 +32,7 @@ public class DefaultConfigurationTestSuite extends UaaBaseSuite {
 
     public static Class<?>[] suiteClasses() {
         //Class<?>[] result = UaaJunitSuiteRunner.allSuiteClasses();
-        Class<?>[] result = new Class[] {DegradedModeLoginMockMvcTests.class, LoginMockMvcTests.class};
+        Class<?>[] result = new Class[] {LimitedModeLoginMockMvcTests.class, LoginMockMvcTests.class};
         //Class<?>[] result = new Class[] {IdentityProviderEndpointsMockMvcTests.class, SamlIDPRefreshMockMvcTests.class};
         //for now, sort the test classes until we have figured out all
         //test poisoning that is occurring

uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/degraded/DegradedModeJwtBearerGrantMockMvcTests.java → uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/limited/LimitedModeJwtBearerGrantMockMvcTests.java

@@ -13,25 +13,25 @@
  * ****************************************************************************
  */
 
-package org.cloudfoundry.identity.uaa.mock.degraded;
+package org.cloudfoundry.identity.uaa.mock.limited;
 
 import org.cloudfoundry.identity.uaa.mock.token.JwtBearerGrantMockMvcTests;
-import org.cloudfoundry.identity.uaa.web.DegradedModeUaaFilter;
+import org.cloudfoundry.identity.uaa.web.LimitedModeUaaFilter;
 import org.junit.After;
 import org.junit.Before;
 
-public class DegradedModeJwtBearerGrantMockMvcTests extends JwtBearerGrantMockMvcTests {
+public class LimitedModeJwtBearerGrantMockMvcTests extends JwtBearerGrantMockMvcTests {
     private boolean original;
 
     @Before
     public void setup () throws Exception {
-        DegradedModeUaaFilter bean = getWebApplicationContext().getBean(DegradedModeUaaFilter.class);
+        LimitedModeUaaFilter bean = getWebApplicationContext().getBean(LimitedModeUaaFilter.class);
         original = bean.isEnabled();
         bean.setEnabled(true);
     }
 
     @After
     public void teardown() throws Exception {
-        getWebApplicationContext().getBean(DegradedModeUaaFilter.class).setEnabled(original);
+        getWebApplicationContext().getBean(LimitedModeUaaFilter.class).setEnabled(original);
     }
 }

uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/degraded/DegradedModeLoginMockMvcTests.java → uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/limited/LimitedModeLoginMockMvcTests.java

@@ -13,22 +13,22 @@
  * ****************************************************************************
  */
 
-package org.cloudfoundry.identity.uaa.mock.degraded;
+package org.cloudfoundry.identity.uaa.mock.limited;
 
 import org.cloudfoundry.identity.uaa.login.LoginMockMvcTests;
-import org.cloudfoundry.identity.uaa.web.DegradedModeUaaFilter;
+import org.cloudfoundry.identity.uaa.web.LimitedModeUaaFilter;
 import org.junit.After;
 import org.junit.Before;
 
-public class DegradedModeLoginMockMvcTests extends LoginMockMvcTests {
+public class LimitedModeLoginMockMvcTests extends LoginMockMvcTests {
 
     private boolean original;
 
     @Before
     @Override
     public void setUpContext() throws Exception {
         super.setUpContext();
-        DegradedModeUaaFilter bean = getWebApplicationContext().getBean(DegradedModeUaaFilter.class);
+        LimitedModeUaaFilter bean = getWebApplicationContext().getBean(LimitedModeUaaFilter.class);
         original = bean.isEnabled();
         bean.setEnabled(true);
     }
@@ -38,7 +38,7 @@ public void setUpContext() throws Exception {
     @Override
     public void tearDown() throws Exception {
         super.tearDown();
-        getWebApplicationContext().getBean(DegradedModeUaaFilter.class).setEnabled(original);
+        getWebApplicationContext().getBean(LimitedModeUaaFilter.class).setEnabled(original);
     }
 
 }