feat: Enhance x509 authentication scheme to support client certificates (part 3) #2285
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…es (part 1) move the logic which gets authentication source from request to scheme
…es (part 2) - validate extended key usage for X509 certificate in getAuthSourceFromRequest() method; - use AuthSourceService in X509Scheme. Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com>
# Conflicts: # gateway-service/src/main/java/org/zowe/apiml/gateway/security/service/ServiceAuthenticationServiceImpl.java # gateway-service/src/main/java/org/zowe/apiml/gateway/security/service/schema/AuthenticationSchemeFactory.java # gateway-service/src/main/java/org/zowe/apiml/gateway/security/service/schema/ServiceAuthenticationService.java # gateway-service/src/main/java/org/zowe/apiml/gateway/security/service/schema/X509Scheme.java # gateway-service/src/test/java/org/zowe/apiml/gateway/security/service/ServiceAuthenticationServiceImplTest.java # gateway-service/src/test/java/org/zowe/apiml/gateway/security/service/schema/AuthenticationSchemeFactoryTest.java
Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com>
…es (part 2) -remove unnecessary usage of Serializable Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com>
…es (part 2) - cleanup Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com>
…headers # Conflicts: # gateway-service/src/test/java/org/zowe/apiml/gateway/security/service/schema/source/X509AuthSourceServiceTest.java
# Conflicts: # gateway-service/src/test/java/org/zowe/apiml/gateway/security/service/schema/source/X509AuthSourceServiceTest.java
…-with-auth-failure-headers
…es (part 3) - add "X-Zowe-Auth-Failure" headers for X509Scheme error situations Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com>
…es (part 3) - add "X-Zowe-Auth-Failure" header when client certificate is missing or invalid Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com>
…es (part 3) - add IT for X509Scheme Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com>
…es (part 3) - store information about X509 validation error in context to set error header later Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com>
…headers # Conflicts: # gateway-service/src/main/java/org/zowe/apiml/gateway/security/service/schema/X509Scheme.java # gateway-service/src/main/java/org/zowe/apiml/gateway/security/service/schema/source/X509AuthSourceService.java # gateway-service/src/main/java/org/zowe/apiml/gateway/security/service/schema/source/X509CNAuthSourceService.java # gateway-service/src/test/java/org/zowe/apiml/acceptance/X509SchemeTest.java # gateway-service/src/test/java/org/zowe/apiml/gateway/security/service/schema/X509SchemeTest.java # gateway-service/src/test/java/org/zowe/apiml/gateway/security/service/schema/source/X509AuthSourceServiceTest.java # gateway-service/src/test/java/org/zowe/apiml/gateway/security/service/schema/source/X509CNAuthSourceServiceTest.java
…es (part 3) - resolve merge conflicts Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com>
…es (part 3) - fix IT for X509 scheme Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com>
achmelo
approved these changes
Apr 8, 2022
| @@ -115,5 +151,10 @@ private void setHeader(RequestContext context, X509Certificate clientCert) throw | |||
| } | |||
| } | |||
| } | |||
|
|
|||
| private void setErrorHeader(RequestContext context, String value) { | |||
There was a problem hiding this comment.
could be used static method from JwtCommand?
There was a problem hiding this comment.
making note to fix this in cleanup story
| @@ -15,6 +15,8 @@ | |||
| * Interface represents main methods of service which gets the source of authentication and process it. | |||
| */ | |||
| public interface AuthSourceService { | |||
| // Default expiration time for client certificate 15 min | |||
| Long X509_DEFAULT_EXPIRATION = 15L * 60 * 1000; | |||
There was a problem hiding this comment.
I am not sure if this is the best place to have x509 related fields, and maybe it could be also configurable
There was a problem hiding this comment.
this will be fixed in upcoming PR
| return false; | ||
| } | ||
|
|
||
| final RequestContext context = RequestContext.getCurrentContext(); |
There was a problem hiding this comment.
seems like this method does not need to work with RequestContext, if that is true, could we move it to storeErrorHeader?
Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com>
|
Kudos, SonarCloud Quality Gate passed! |
delete-merged-branch
bot
deleted the
apiml/GH2198/X509scheme-with-auth-failure-headers
branch
achmelo
pushed a commit
that referenced
this pull request
Apr 19, 2022
…es (part 3) (#2285) * feat: Enhance x509 authentication scheme to support client certificates (part 1) move the logic which gets authentication source from request to scheme * feat: Enhance x509 authentication scheme to support client certificates (part 2) - validate extended key usage for X509 certificate in getAuthSourceFromRequest() method; - use AuthSourceService in X509Scheme. Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * merge with master branch Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 2) -remove unnecessary usage of Serializable Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 2) - cleanup Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - add "X-Zowe-Auth-Failure" headers for X509Scheme error situations Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - add "X-Zowe-Auth-Failure" header when client certificate is missing or invalid Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - add IT for X509Scheme Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - store information about X509 validation error in context to set error header later Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - resolve merge conflicts Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - fix IT for X509 scheme Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * Resolve PR review suggestions Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> (cherry picked from commit a053b00)
achmelo
added a commit
that referenced
this pull request
Apr 28, 2022
* refactor: Refactoring for gateway.filters classes (#2157) Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> (cherry picked from commit ab36819) Signed-off-by: achmelo <a.chmelo@gmail.com> * refactor: introduce dedicated origin of the authentication source (#2163) * refactor: use dedicated origin of the authentication source instead of QueryResponse.Source Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * refactor: improve code coverage Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * refactor: resolve licence issue Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * refactor: refactor JUnit test Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> (cherry picked from commit d18f388) Signed-off-by: achmelo <a.chmelo@gmail.com> * refactor: Refactored PostStoreLoadBalancerCacheFilter and LocationFilter (#2168) * Refactored PostStoreLoadBalancerCacheFilter Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * Refactored LocationFilter Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * addressed code review Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> (cherry picked from commit c6f018b) Signed-off-by: achmelo <a.chmelo@gmail.com> * chore: publish coverage from internal port tests, provide comment where resu… (#2195) * publish coverage from internal port tests, provide comment where results are not stored, remove integration test count publish Signed-off-by: achmelo <a.chmelo@gmail.com> * merge Signed-off-by: achmelo <a.chmelo@gmail.com> * correct job name Signed-off-by: achmelo <a.chmelo@gmail.com> (cherry picked from commit d471bed) Signed-off-by: achmelo <a.chmelo@gmail.com> * apiml/GH2062/add-x509-auth-source (#2185) * feat(authentication): introduce x509 authentication source Introduce the object and basic service for a client certificate as source of authentication Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * refactor: use dedicated origin of the authentication source instead of QueryResponse.Source Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * refactor: improve code coverage Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * refactor: resolve licence issue Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Add implementation of AuthSourceService interface to process client certificate authentication Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: add JUnits Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: return BAD REQUEST (400) when X509 certificate which cannot be used for client authentication is used in authentication scheme Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: fix error in acceptance test (ZosmfSchemeTest) Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: fix Sonar issues Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: define X509 authentication source service as bean in configuration Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * rerun Signed-off-by: achmelo <a.chmelo@gmail.com> Co-authored-by: achmelo <a.chmelo@gmail.com> (cherry picked from commit efd53a8) Signed-off-by: achmelo <a.chmelo@gmail.com> * resolve additional conflicts Signed-off-by: achmelo <a.chmelo@gmail.com> * fix: Add BearerContent filter to enable bearer auth (#2197) * Add BearerContent filter to enable bearer auth Signed-off-by: at670475 <andrea.tabone@broadcom.com> * Add BearerContent filter to enable bearer auth Signed-off-by: at670475 <andrea.tabone@broadcom.com> * Add functional test to test bearer auth Signed-off-by: at670475 <andrea.tabone@broadcom.com> * Convert to given_when_then Signed-off-by: at670475 <andrea.tabone@broadcom.com> * Add functional test for gateway Signed-off-by: at670475 <andrea.tabone@broadcom.com> * Add functional tests for DS Signed-off-by: at670475 <andrea.tabone@broadcom.com> * Fix git diff Signed-off-by: at670475 <andrea.tabone@broadcom.com> (cherry picked from commit 1d41704) Signed-off-by: achmelo <a.chmelo@gmail.com> * refactor: Introduce applid to the SafIdtProvider (#2219) * Failing acceptance tests Signed-off-by: Jakub Balhar <jakub.balhar@broadcom.net> * Fix tests and limit the certificate related ones Signed-off-by: Jakub Balhar <jakub.balhar@broadcom.net> Co-authored-by: Jakub Balhar <jakub.balhar@broadcom.net> (cherry picked from commit 2536f4d) Signed-off-by: achmelo <a.chmelo@gmail.com> * feat: Enhance zosmf authentication scheme to support client certificates (#2207) * get JWT from authsource Signed-off-by: achmelo <a.chmelo@gmail.com> * create JWT auth source if X509 is provided Signed-off-by: achmelo <a.chmelo@gmail.com> * update original authsource Signed-off-by: achmelo <a.chmelo@gmail.com> * expect token in header for valid client cert Signed-off-by: achmelo <a.chmelo@gmail.com> * remove imports Signed-off-by: achmelo <a.chmelo@gmail.com> * accept client cert auth after loadbalancer Signed-off-by: achmelo <a.chmelo@gmail.com> * reject request if zosmf scheme is not available Signed-off-by: achmelo <a.chmelo@gmail.com> * test config refactoring Signed-off-by: achmelo <a.chmelo@gmail.com> * update and add unit tests Signed-off-by: achmelo <a.chmelo@gmail.com> * Acceptance tests with check of X509 transformation to JWT. Signed-off-by: Petr Weinfurt <weipe03@ca.com> * Remove unused imports. Signed-off-by: Petr Weinfurt <weipe03@ca.com> * access zosmf with client cert Signed-off-by: achmelo <a.chmelo@gmail.com> * remove unused test Signed-off-by: achmelo <a.chmelo@gmail.com> * refactor, code smells Signed-off-by: achmelo <a.chmelo@gmail.com> * code coverage Signed-off-by: achmelo <a.chmelo@gmail.com> * udpate comment Signed-off-by: achmelo <a.chmelo@gmail.com> * extract duplication Signed-off-by: achmelo <a.chmelo@gmail.com> Co-authored-by: achmelo <a.chmelo@gmail.com> Co-authored-by: Petr Weinfurt <weipe03@ca.com> Co-authored-by: achmelo <37397715+achmelo@users.noreply.github.com> (cherry picked from commit 5750072) Signed-off-by: achmelo <a.chmelo@gmail.com> * chore: improved testing for zaas client compatibility for both v1 and v2 base urls (#2239) Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> (cherry picked from commit 046bce0) Signed-off-by: achmelo <a.chmelo@gmail.com> * feat: Enhance x509 authentication scheme to support client certificates (part 1) (#2244) * feat: Enhance x509 authentication scheme to support client certificates (part 1) move the logic which gets authentication source from request to scheme Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 1) add more JUnit tests Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 1) get authentication source from scheme in ServiceAuthenticationDecorator Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 1) fix tests for ServiceAuthenticationDecorator Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> (cherry picked from commit 615badf) Signed-off-by: achmelo <a.chmelo@gmail.com> * chore: rename AbstractAuthenticationScheme interface (#2247) Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> (cherry picked from commit 90fa300) Signed-off-by: achmelo <a.chmelo@gmail.com> * fixes after merge Signed-off-by: achmelo <a.chmelo@gmail.com> * feat: zowe jwt from x509 (#2245) * zowe jwt Signed-off-by: achmelo <a.chmelo@gmail.com> * translate x509 into zoweJWT Signed-off-by: achmelo <a.chmelo@gmail.com> * update header after LB Signed-off-by: achmelo <a.chmelo@gmail.com> * integration tests for zowejwtscheme Signed-off-by: achmelo <a.chmelo@gmail.com> * fix tests Signed-off-by: achmelo <a.chmelo@gmail.com> * run when zosmf auth tests Signed-off-by: achmelo <a.chmelo@gmail.com> * hostname Signed-off-by: achmelo <a.chmelo@gmail.com> * cleanup Signed-off-by: achmelo <a.chmelo@gmail.com> * common string Signed-off-by: achmelo <a.chmelo@gmail.com> * get JWT in create command Signed-off-by: achmelo <a.chmelo@gmail.com> * send empty header in case of missing auth in request Signed-off-by: achmelo <a.chmelo@gmail.com> * return empty command Signed-off-by: achmelo <a.chmelo@gmail.com> * translate all exceptions from createTokenWithoutCreds into custom so it can be propagated with zuul exception Signed-off-by: achmelo <a.chmelo@gmail.com> * use header to inform about transformation failure Signed-off-by: achmelo <a.chmelo@gmail.com> * styles Signed-off-by: achmelo <a.chmelo@gmail.com> * custom exception, code smells Signed-off-by: achmelo <a.chmelo@gmail.com> * override default method Signed-off-by: achmelo <a.chmelo@gmail.com> * documentation, mark applyToRequest as deprecated Signed-off-by: achmelo <a.chmelo@gmail.com> * return failure header to client Signed-off-by: achmelo <a.chmelo@gmail.com> * inform about invalid token Signed-off-by: achmelo <a.chmelo@gmail.com> * higher timeout Signed-off-by: achmelo <a.chmelo@gmail.com> * higher timeout all container tests Signed-off-by: achmelo <a.chmelo@gmail.com> * remove cookie and add error header if token is expired Signed-off-by: achmelo <a.chmelo@gmail.com> (cherry picked from commit aedbbda) Signed-off-by: achmelo <a.chmelo@gmail.com> * feat: Enhance x509 authentication scheme to support client certificates (part 2) (#2260) * feat: Enhance x509 authentication scheme to support client certificates (part 1) move the logic which gets authentication source from request to scheme * feat: Enhance x509 authentication scheme to support client certificates (part 2) - validate extended key usage for X509 certificate in getAuthSourceFromRequest() method; - use AuthSourceService in X509Scheme. Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * merge with master branch Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 2) -remove unnecessary usage of Serializable Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 2) - cleanup Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> (cherry picked from commit d888a11) * fix: Improve metrics in mocked-backend for metrics service (#2274) * Emit one metric event at a time Signed-off-by: Carson Cook <carson.cook@ibm.com> * Convert metrics to json with values Signed-off-by: Carson Cook <carson.cook@ibm.com> (cherry picked from commit f12ebe8) * feat: Enhance x509 authentication scheme to support client certificates (part 3) (#2285) * feat: Enhance x509 authentication scheme to support client certificates (part 1) move the logic which gets authentication source from request to scheme * feat: Enhance x509 authentication scheme to support client certificates (part 2) - validate extended key usage for X509 certificate in getAuthSourceFromRequest() method; - use AuthSourceService in X509Scheme. Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * merge with master branch Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 2) -remove unnecessary usage of Serializable Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 2) - cleanup Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - add "X-Zowe-Auth-Failure" headers for X509Scheme error situations Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - add "X-Zowe-Auth-Failure" header when client certificate is missing or invalid Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - add IT for X509Scheme Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - store information about X509 validation error in context to set error header later Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - resolve merge conflicts Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - fix IT for X509 scheme Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * Resolve PR review suggestions Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> (cherry picked from commit a053b00) * feat: zowe jwt from x509 (update) (#2292) * feat: Enhance x509 authentication scheme to support client certificates (part 1) move the logic which gets authentication source from request to scheme * feat: Enhance x509 authentication scheme to support client certificates (part 2) - validate extended key usage for X509 certificate in getAuthSourceFromRequest() method; - use AuthSourceService in X509Scheme. Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * merge with master branch Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 2) -remove unnecessary usage of Serializable Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 2) - cleanup Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - add "X-Zowe-Auth-Failure" headers for X509Scheme error situations Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - add "X-Zowe-Auth-Failure" header when client certificate is missing or invalid Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - add IT for X509Scheme Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - store information about X509 validation error in context to set error header later Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - resolve merge conflicts Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - fix IT for X509 scheme Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * Add isExpired() method to ZoweJwtScheme to correctly detect expiration Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * Check for validation errors in context to propagate them into "X-Zowe-Auth-Failure" header Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * Move default expiration for X509 certificate into AuthConfigurationProperties Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * Fix merge issues Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> (cherry picked from commit c602080) * fix: preserve request cookies (#2293) * chore: more generic changlog action (#2269) * checkout specified branch Signed-off-by: achmelo <a.chmelo@gmail.com> * branch to merge for PR Signed-off-by: achmelo <a.chmelo@gmail.com> * hardcode value Signed-off-by: achmelo <a.chmelo@gmail.com> * revert Signed-off-by: achmelo <a.chmelo@gmail.com> * different format Signed-off-by: achmelo <a.chmelo@gmail.com> * github ref Signed-off-by: achmelo <a.chmelo@gmail.com> * tag name Signed-off-by: achmelo <a.chmelo@gmail.com> * do not clone repository again Signed-off-by: achmelo <a.chmelo@gmail.com> * get cookies from original request Signed-off-by: achmelo <a.chmelo@gmail.com> * integration test to verify cookies preservation Signed-off-by: achmelo <a.chmelo@gmail.com> (cherry picked from commit 71c6649) * refactor: move ZOSMF transformation logic into createCommand() (#2294) * Move ZOSMF transformation logic from apply() method to createCommand() Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * refactor: resolve Sonar issue Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> (cherry picked from commit 38601c4) Signed-off-by: achmelo <a.chmelo@gmail.com> * fix tests Signed-off-by: achmelo <a.chmelo@gmail.com> * chore: remove unused code Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: use default expiration time in Zosmf scheme for auth. source without expiration (#2298) Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> (cherry picked from commit 122837e) * feat: functionality for error message in HttpBasicPassTicketScheme (#2301) * functionality for error message in HttpBasicPassTicketScheme Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * updated HttpBasicPassTicketSchemeTest to reflect new PassTicketCommand containing error messages Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * cleanup with exceptions, error messages Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * revert back to throwing exception when generating pass ticket Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * only x-zowe-auth-failure before creating command Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * updating apply and applyToRequest with authorizationValue=null Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * added back messageService, and message for auth source error Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * add x-zowe-auth header in apply and applyToRequest, error messages in generating passTicket and authSource Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * moved logic - add request header with cookie only if authorizationValue is not null Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * empty commit to trigger job build Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * removed import in HttpBasicPassTicketSchemeTest Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * moved logic for applyToRequest - add request header with cookie only if authorizationValue is not null Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * added error messages when parsed auth source is null and when its userId is null Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * added try catch block for parse Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * removing TokenExpireException from try catch block Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * removing only TokenNotValidException from try catch block Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * added back catch block for exception TokenNotValidException Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * Fix NPE in HttpBasicPassTicketScheme.isExpired() method Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * Use dedicated method to remove cookie Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * Fix JUnit test Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> Co-authored-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> (cherry picked from commit 9eb006f) Signed-off-by: achmelo <a.chmelo@gmail.com> * fix: replication of data for infinispan nodes (#2308) * chore: more generic changlog action (#2269) * checkout specified branch Signed-off-by: achmelo <a.chmelo@gmail.com> * branch to merge for PR Signed-off-by: achmelo <a.chmelo@gmail.com> * hardcode value Signed-off-by: achmelo <a.chmelo@gmail.com> * revert Signed-off-by: achmelo <a.chmelo@gmail.com> * different format Signed-off-by: achmelo <a.chmelo@gmail.com> * github ref Signed-off-by: achmelo <a.chmelo@gmail.com> * tag name Signed-off-by: achmelo <a.chmelo@gmail.com> * do not clone repository again Signed-off-by: achmelo <a.chmelo@gmail.com> * replica mode Signed-off-by: achmelo <a.chmelo@gmail.com> * run infinispan tests only Signed-off-by: achmelo <a.chmelo@gmail.com> * Revert "run infinispan tests only" This reverts commit cb19682. * different hostname for CS with infinispan Signed-off-by: achmelo <a.chmelo@gmail.com> * revert hostname Signed-off-by: achmelo <a.chmelo@gmail.com> (cherry picked from commit 5b5880c) * feat: Discovery service health check (#2312) * Discovery service health check Signed-off-by: Boris Petkov <boris.petkov@broadcom.com> * Discovery service health check with Partial status Signed-off-by: Boris Petkov <boris.petkov@broadcom.com> (cherry picked from commit 2f167ff) * feat: TLSv1.3 configuration (#2314) * chore: more generic changlog action (#2269) * checkout specified branch Signed-off-by: achmelo <a.chmelo@gmail.com> * branch to merge for PR Signed-off-by: achmelo <a.chmelo@gmail.com> * hardcode value Signed-off-by: achmelo <a.chmelo@gmail.com> * revert Signed-off-by: achmelo <a.chmelo@gmail.com> * different format Signed-off-by: achmelo <a.chmelo@gmail.com> * github ref Signed-off-by: achmelo <a.chmelo@gmail.com> * tag name Signed-off-by: achmelo <a.chmelo@gmail.com> * do not clone repository again Signed-off-by: achmelo <a.chmelo@gmail.com> * enable 1.3, add supported ciphers Signed-off-by: achmelo <a.chmelo@gmail.com> * Add TLSv1.3 support in onboarding-enabler sample app Signed-off-by: at670475 <andrea.tabone@broadcom.com> Co-authored-by: Andrea Tabone <andrea.tabone@broadcom.com> Co-authored-by: Andrea Tabone <39694626+taban03@users.noreply.github.com> (cherry picked from commit e96135a) * Refactor: authentication schemes exception handling (#2317) * refactor: change exception handling in authentication schemes Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * Fix IT Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * Fix IT Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * Improve test coverage Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * Rename unit test Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> (cherry picked from commit 5db1b80) Signed-off-by: achmelo <a.chmelo@gmail.com> * fixes after merge Signed-off-by: achmelo <a.chmelo@gmail.com> * merge Signed-off-by: achmelo <a.chmelo@gmail.com> Co-authored-by: Amanda D'Errico <40764145+amandaderrico@users.noreply.github.com> Co-authored-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> Co-authored-by: Andrea Tabone <39694626+taban03@users.noreply.github.com> Co-authored-by: Jakub Balhar <jakub@balhar.net> Co-authored-by: Jakub Balhar <jakub.balhar@broadcom.net> Co-authored-by: Petr Weinfurt <petr.weinfurt@broadcom.com> Co-authored-by: Petr Weinfurt <weipe03@ca.com> Co-authored-by: Carson Cook <CarsonCook@users.noreply.github.com> Co-authored-by: Boris Petkov <boris.petkov@broadcom.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Set "X-Zowe-Auth-Failure" header to reflect error messages related to transformation
Linked to #2198
Type of change
Please delete options that are not relevant.
Checklist:
For more details about how should the code look like read the Contributing guideline