Merge branch '3.7.x'

Jenkinsfile

@@ -36,9 +36,9 @@ pipeline {
       post {
         always {
             junit 'integration-test/target/surefire-reports/*.xml'
-            sh 'tar -cvf ./integration-test/target/test-logs.tar ./integration-test/target/surefire-reports/ --transform s#./integration-test/target/##'
-            sh 'gzip ./integration-test/target/test-logs.tar'
-            archiveArtifacts 'integration-test/target/test-logs.tar.gz'
+            sh 'tar -cvf ./integration-test/target/surefire-reports.tar ./integration-test/target/surefire-reports/ --transform s#./integration-test/target/##'
+            sh 'gzip ./integration-test/target/surefire-reports.tar'
+            archiveArtifacts 'integration-test/target/surefire-reports.tar.gz'
         }
       }
     }

docs/installazione/dispiegamento/index.rst

@@ -80,4 +80,9 @@ Per abilitare/disabilitare ulteriori modalità di autenticazione, rispetto a que
 
 Eventuali modifiche richiedono il riavvio dell'applicazione per renderle operative. Per i dettagli sulle modalità di autenticazione supportate si faccia riferimento alla sezione :ref:`integrazione_autenticazione`.
 
+.. _inst_troubleshooting:
 
+Troubleshooting
+--------------------------
+
+In caso di deploy su versioni non supportate di WildFly e' possibile incorrere nell'errore `Caused by: org.jboss.modules.ModuleNotFoundException: jdk.unsupported` in fase di deploy. Un efficace workaround e' quello di registrare un modulo fittizio come suggerito in `https://stackoverflow.com/a/68318243`_

ear/pom.xml

@@ -5,7 +5,7 @@
 	<parent>
 		<artifactId>bom</artifactId>
 		<groupId>it.govpay</groupId>
-		<version>3.7.0</version>
+		<version>3.7.1</version>
 	</parent>
 
 	<artifactId>ear</artifactId>

integration-test/src/test/java/test/api/pagamento/v2/avvisi/get/verifica-avviso-anonimo.feature

@@ -188,11 +188,11 @@ And header cookie = cookie1
 When method get
 Then status 200
 
-Given url pagamentiBaseurl
-And path '/avvisi', idDominio, numeroAvviso
-And header cookie = cookie1
-When method get
-Then status 406
+#Given url pagamentiBaseurl
+#And path '/avvisi', idDominio, numeroAvviso
+#And header cookie = cookie1
+#When method get
+#Then status 406
 
 
 @test3

integration-test/src/test/java/test/api/pagamento/v2/avvisi/get/verifica-avviso-basic.feature

@@ -51,11 +51,11 @@ And header Accept = 'application/pdf'
 When method get
 Then status 200
 
-Given url pagamentiBaseurl
-And path '/avvisi', idDominio, numeroAvviso
-And headers basicAutenticationHeader
-When method get
-Then status 406
+#Given url pagamentiBaseurl
+#And path '/avvisi', idDominio, numeroAvviso
+#And headers basicAutenticationHeader
+#When method get
+#Then status 406
 
 @test2
 Scenario: Verifica avviso non presente basic

integration-test/src/test/java/test/api/pagamento/v2/avvisi/get/verifica-avviso-spid.feature

@@ -54,11 +54,11 @@ And header Accept = 'application/pdf'
 When method get
 Then status 200
 
-Given url pagamentiBaseurl
-And path '/avvisi', idDominio, numeroAvviso
-And headers spidHeaders
-When method get
-Then status 406
+#Given url pagamentiBaseurl
+#And path '/avvisi', idDominio, numeroAvviso
+#And headers spidHeaders
+#When method get
+#Then status 406
 
 @test2
 Scenario: Verifica avviso non presente cittadino

jars/api-commons/pom.xml

@@ -7,7 +7,7 @@
 	<parent>
 		<artifactId>jars</artifactId>
 		<groupId>it.govpay</groupId>
-		<version>3.7.0</version>
+		<version>3.7.1</version>
 	</parent>
 
 	<artifactId>api-commons</artifactId>

jars/api-commons/src/main/java/it/govpay/rs/v1/authentication/ldap/mapper/GovPayLdapUserDetailsMapper.java

@@ -0,0 +1,197 @@
+package it.govpay.rs.v1.authentication.ldap.mapper;
+
+import java.util.Collection;
+
+import org.openspcoop2.utils.LoggerWrapperFactory;
+import org.slf4j.Logger;
+import org.springframework.ldap.core.DirContextAdapter;
+import org.springframework.ldap.core.DirContextOperations;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.ldap.ppolicy.PasswordPolicyControl;
+import org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl;
+import org.springframework.security.ldap.userdetails.LdapUserDetailsImpl;
+import org.springframework.security.ldap.userdetails.LdapUserDetailsMapper;
+import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;
+import org.springframework.util.Assert;
+
+import it.govpay.core.autorizzazione.beans.GovpayLdapUserDetails;
+import it.govpay.core.dao.autorizzazione.AutenticazioneUtenzeRegistrateDAO;
+import it.govpay.core.dao.autorizzazione.BaseAutenticazioneDAO;
+
+/**
+ * Based on {@link LdapUserDetailsMapper}, aggiunge le informazioni lette dal db di GovPay a quelle ricevute dall'autenticatore Ldap.
+ * 
+ * 
+ * @author zulio
+ *
+ */
+public class GovPayLdapUserDetailsMapper implements UserDetailsContextMapper {
+	// ~ Instance fields
+	// ================================================================================================
+
+	private Logger logger = LoggerWrapperFactory.getLogger(GovPayLdapUserDetailsMapper.class);
+	private String passwordAttributeName = "userPassword";
+	private String rolePrefix = "ROLE_";
+	private String[] roleAttributes = null;
+	private boolean convertToUpperCase = true;
+	private BaseAutenticazioneDAO userDetailService;
+
+	// ~ Methods
+	// ========================================================================================================
+
+	@Override
+	public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) {
+		String dn = ctx.getNameInNamespace();
+
+		this.logger.debug("Mapping user details from context with DN: " + dn);
+
+		LdapUserDetailsImpl.Essence essence = new LdapUserDetailsImpl.Essence();
+		essence.setDn(dn);
+
+		Object passwordValue = ctx.getObjectAttribute(this.passwordAttributeName);
+
+		if (passwordValue != null) {
+			essence.setPassword(mapPassword(passwordValue));
+		}
+
+		essence.setUsername(username);
+
+		// Map the roles
+		for (int i = 0; (this.roleAttributes != null)
+				&& (i < this.roleAttributes.length); i++) {
+			String[] rolesForAttribute = ctx.getStringAttributes(this.roleAttributes[i]);
+
+			if (rolesForAttribute == null) {
+				this.logger.debug("Couldn't read role attribute '"
+						+ this.roleAttributes[i] + "' for user " + dn);
+				continue;
+			}
+
+			for (String role : rolesForAttribute) {
+				GrantedAuthority authority = createAuthority(role);
+
+				if (authority != null) {
+					essence.addAuthority(authority);
+				}
+			}
+		}
+
+		// Add the supplied authorities
+
+		for (GrantedAuthority authority : authorities) {
+			essence.addAuthority(authority);
+		}
+
+		// Check for PPolicy data
+
+		PasswordPolicyResponseControl ppolicy = (PasswordPolicyResponseControl) ctx
+				.getObjectAttribute(PasswordPolicyControl.OID);
+
+		if (ppolicy != null) {
+			essence.setTimeBeforeExpiration(ppolicy.getTimeBeforeExpiration());
+			essence.setGraceLoginsRemaining(ppolicy.getGraceLoginsRemaining());
+		}
+
+		GovpayLdapUserDetails details = new GovpayLdapUserDetails();
+		details.setLdapUserDetailsImpl(essence.createUserDetails());
+		return this.userDetailService.loadUserByLdapUserDetail(username, details);
+	}
+
+	@Override
+	public void mapUserToContext(UserDetails user, DirContextAdapter ctx) {
+		throw new UnsupportedOperationException(
+				"LdapUserDetailsMapper only supports reading from a context. Please"
+						+ "use a subclass if mapUserToContext() is required.");
+	}
+
+	/**
+	 * Extension point to allow customized creation of the user's password from the
+	 * attribute stored in the directory.
+	 *
+	 * @param passwordValue the value of the password attribute
+	 * @return a String representation of the password.
+	 */
+	protected String mapPassword(Object passwordValue) {
+
+		if (!(passwordValue instanceof String)) {
+			// Assume it's binary
+			passwordValue = new String((byte[]) passwordValue);
+		}
+
+		return (String) passwordValue;
+
+	}
+
+	/**
+	 * Creates a GrantedAuthority from a role attribute. Override to customize authority
+	 * object creation.
+	 * <p>
+	 * The default implementation converts string attributes to roles, making use of the
+	 * <tt>rolePrefix</tt> and <tt>convertToUpperCase</tt> properties. Non-String
+	 * attributes are ignored.
+	 * </p>
+	 *
+	 * @param role the attribute returned from
+	 * @return the authority to be added to the list of authorities for the user, or null
+	 * if this attribute should be ignored.
+	 */
+	protected GrantedAuthority createAuthority(Object role) {
+		if (role instanceof String) {
+			if (this.convertToUpperCase) {
+				role = ((String) role).toUpperCase();
+			}
+			return new SimpleGrantedAuthority(this.rolePrefix + role);
+		}
+		return null;
+	}
+
+	/**
+	 * Determines whether role field values will be converted to upper case when loaded.
+	 * The default is true.
+	 *
+	 * @param convertToUpperCase true if the roles should be converted to upper case.
+	 */
+	public void setConvertToUpperCase(boolean convertToUpperCase) {
+		this.convertToUpperCase = convertToUpperCase;
+	}
+
+	/**
+	 * The name of the attribute which contains the user's password. Defaults to
+	 * "userPassword".
+	 *
+	 * @param passwordAttributeName the name of the attribute
+	 */
+	public void setPasswordAttributeName(String passwordAttributeName) {
+		this.passwordAttributeName = passwordAttributeName;
+	}
+
+	/**
+	 * The names of any attributes in the user's entry which represent application roles.
+	 * These will be converted to <tt>GrantedAuthority</tt>s and added to the list in the
+	 * returned LdapUserDetails object. The attribute values must be Strings by default.
+	 *
+	 * @param roleAttributes the names of the role attributes.
+	 */
+	public void setRoleAttributes(String[] roleAttributes) {
+		Assert.notNull(roleAttributes, "roleAttributes array cannot be null");
+		this.roleAttributes = roleAttributes;
+	}
+
+	/**
+	 * The prefix that should be applied to the role names
+	 * @param rolePrefix the prefix (defaults to "ROLE_").
+	 */
+	public void setRolePrefix(String rolePrefix) {
+		this.rolePrefix = rolePrefix;
+	}
+
+	public BaseAutenticazioneDAO getUserDetailService() {
+		return userDetailService;
+	}
+
+	public void setUserDetailService(BaseAutenticazioneDAO userDetailService) {
+		this.userDetailService = userDetailService;
+	}
+}

jars/appio-beans/pom.xml

@@ -8,7 +8,7 @@
 	<parent>
 		<artifactId>jars</artifactId>
 		<groupId>it.govpay</groupId>
-		<version>3.7.0</version>
+		<version>3.7.1</version>
 	</parent>
 
 	<artifactId>appio-beans</artifactId>

jars/client-api-ente/pom.xml

@@ -5,7 +5,7 @@
 	<parent>
 		<artifactId>jars</artifactId>
 		<groupId>it.govpay</groupId>
-		<version>3.7.0</version>
+		<version>3.7.1</version>
 	</parent>
 
 	<artifactId>client-api-ente</artifactId>

jars/core-beans/pom.xml

@@ -5,7 +5,7 @@
 	<parent>
 		<artifactId>jars</artifactId>
 		<groupId>it.govpay</groupId>
-		<version>3.7.0</version>
+		<version>3.7.1</version>
 	</parent>
 
 	<artifactId>core-beans</artifactId>

jars/core/pom.xml

@@ -8,7 +8,7 @@
 	<parent>
 		<artifactId>jars</artifactId>
 		<groupId>it.govpay</groupId>
-		<version>3.7.0</version>
+		<version>3.7.1</version>
 	</parent>
 
 	<artifactId>core</artifactId>