You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sling.apache.org by cr...@apache.org on 2021/04/06 22:44:35 UTC

[sling-whiteboard] branch SLING-10193/test-coverage updated (64e8eda -> ea9cd4b)

This is an automated email from the ASF dual-hosted git repository.

cris pushed a change to branch SLING-10193/test-coverage
in repository https://gitbox.apache.org/repos/asf/sling-whiteboard.git.


    from 64e8eda  continued improving test coverage
     add efafd69  Sling 10193/test coverage (#72)
     add deb946c  Added setup for Java Keystore tests, added tests for JksCredentials, KeyPairCredentials and VerifySignatureCredentials
     add e2b6108  Merge branch 'SLING-10193/test-coverage' into SLING-9397/update-removed-saml-config-service
     add b5de761  Merge branch 'SLING-10193/test-coverage' into SLING-9397/update-removed-saml-config-service
     add 8fc9c8a  text coverage
     add 015a141  text coverage
     new ea9cd4b  SLING-10193 set and remove JAAS config upon bundle activator start and stop

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../org/apache/sling/auth/saml2/Activator.java     | 60 ++++++++++++++++++++--
 .../saml2/impl/AuthenticationHandlerSAML2Impl.java | 39 +++++++++-----
 .../org/apache/sling/auth/saml2/SamlHandlerIT.java | 18 ++-----
 .../impl/AuthenticationHandlerSAML2ImplTest.java   | 11 ++--
 4 files changed, 92 insertions(+), 36 deletions(-)

[sling-whiteboard] 01/01: SLING-10193 set and remove JAAS config upon bundle activator start and stop

Posted by cr...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

cris pushed a commit to branch SLING-10193/test-coverage
in repository https://gitbox.apache.org/repos/asf/sling-whiteboard.git

commit ea9cd4b64666d957b2b1413c5c48877ef1f00346
Author: Cris Rockwell, College of LSA University of Michigan <cm...@umich.edu>
AuthorDate: Tue Apr 6 18:44:15 2021 -0400

    SLING-10193 set and remove JAAS config upon bundle activator start and stop
---
 .../org/apache/sling/auth/saml2/Activator.java     | 60 ++++++++++++++++++++--
 .../saml2/impl/AuthenticationHandlerSAML2Impl.java | 32 +++++++++---
 .../org/apache/sling/auth/saml2/SamlHandlerIT.java |  6 ---
 .../apache/sling/auth/saml2/impl/OsgiSamlTest.java |  4 --
 4 files changed, 80 insertions(+), 22 deletions(-)

diff --git a/saml-handler/src/main/java/org/apache/sling/auth/saml2/Activator.java b/saml-handler/src/main/java/org/apache/sling/auth/saml2/Activator.java
index e438371..a97c94c 100644
--- a/saml-handler/src/main/java/org/apache/sling/auth/saml2/Activator.java
+++ b/saml-handler/src/main/java/org/apache/sling/auth/saml2/Activator.java
@@ -24,16 +24,29 @@ import org.opensaml.core.config.InitializationService;
 import org.opensaml.xmlsec.config.impl.JavaCryptoValidationInitializer;
 import org.osgi.framework.BundleActivator;
 import org.osgi.framework.BundleContext;
+import org.osgi.framework.FrameworkUtil;
+import org.osgi.framework.InvalidSyntaxException;
+import org.osgi.framework.ServiceReference;
 import org.osgi.framework.wiring.BundleWiring;
+import org.osgi.service.cm.Configuration;
+import org.osgi.service.cm.ConfigurationAdmin;
+import org.osgi.service.component.annotations.Reference;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import java.security.*;
+
+import java.io.IOException;
+import java.security.Provider;
+import java.security.Security;
+import java.util.Dictionary;
+import java.util.Hashtable;
 
 public class Activator implements BundleActivator {
 
     private static final Logger logger = LoggerFactory.getLogger(BundleActivator.class);
 
-    public void start(BundleContext context) throws Exception {
+    private ConfigurationAdmin configAdmin;
+
+    public void start(BundleContext context) throws IOException, InvalidSyntaxException {
         // Classloading
         BundleWiring bundleWiring = context.getBundle().adapt(BundleWiring.class);
         ClassLoader loader = bundleWiring.getClassLoader();
@@ -47,11 +60,16 @@ public class Activator implements BundleActivator {
         } finally {
             thread.setContextClassLoader(loader);
         }
-        // TODO add the Jaas config related to SAML2 so it's one less thing to configure
+        setConfigAdmin(context);
+        if ( needsSamlJaas()){
+            configureSamlJaas();
+        }
     }
 
-    public void stop(BundleContext context) throws Exception {
-        // TODO remove the Jaas config related to SAML2 so authentication in general isn't broken when bundle is deactivated
+    public void stop(BundleContext context) throws IOException, InvalidSyntaxException {
+        if (configAdmin != null){
+            removeSamlJaas();
+        }
     }
 
     public static void initializeOpenSaml() throws InitializationException{
@@ -63,4 +81,36 @@ public class Activator implements BundleActivator {
             logger.info(jceProvider.getInfo());
         }
     }
+
+    protected void configureSamlJaas() throws IOException {
+        Dictionary props = new Hashtable();
+        props.put("jaas.classname", "org.apache.sling.auth.saml2.sp.Saml2LoginModule");
+        props.put("jaas.controlFlag", "Sufficient");
+        props.put("jaas.realmName", "jackrabbit.oak");
+        props.put("jaas.ranking", 110);
+        configAdmin.createFactoryConfiguration("org.apache.felix.jaas.Configuration.factory", null).update(props);
+    }
+
+    protected boolean needsSamlJaas() throws IOException, InvalidSyntaxException {
+        Configuration[] configs = configAdmin.listConfigurations("(jaas.classname=org.apache.sling.auth.saml2.sp.Saml2LoginModule)");
+        if (configs == null){
+            return true;
+        }
+        return false;
+    }
+
+    protected void removeSamlJaas() throws IOException, InvalidSyntaxException {
+        Configuration[] configs = configAdmin.listConfigurations("(jaas.classname=org.apache.sling.auth.saml2.sp.Saml2LoginModule)");
+        if (configs == null){
+            return;
+        }
+        for ( Configuration config : configs){
+            config.delete();
+        }
+    }
+
+    public void setConfigAdmin(BundleContext bundleContext) {
+        ServiceReference serviceReference = bundleContext.getServiceReference(ConfigurationAdmin.class.getName());
+        this.configAdmin = (ConfigurationAdmin) bundleContext.getService(serviceReference);
+    }
 }
\ No newline at end of file
diff --git a/saml-handler/src/main/java/org/apache/sling/auth/saml2/impl/AuthenticationHandlerSAML2Impl.java b/saml-handler/src/main/java/org/apache/sling/auth/saml2/impl/AuthenticationHandlerSAML2Impl.java
index 1cb12a9..fb0a11a 100644
--- a/saml-handler/src/main/java/org/apache/sling/auth/saml2/impl/AuthenticationHandlerSAML2Impl.java
+++ b/saml-handler/src/main/java/org/apache/sling/auth/saml2/impl/AuthenticationHandlerSAML2Impl.java
@@ -24,13 +24,18 @@ import net.shibboleth.utilities.java.support.component.ComponentInitializationEx
 import net.shibboleth.utilities.java.support.xml.ParserPool;
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.sling.auth.core.AuthUtil;
+import org.apache.sling.auth.core.spi.AuthenticationHandler;
+import org.apache.sling.auth.core.spi.AuthenticationInfo;
 import org.apache.sling.auth.saml2.AuthenticationHandlerSAML2;
 import org.apache.sling.auth.saml2.AuthenticationHandlerSAML2Config;
 import org.apache.sling.auth.saml2.Helpers;
 import org.apache.sling.auth.saml2.SAML2RuntimeException;
 import org.apache.sling.auth.saml2.Saml2User;
 import org.apache.sling.auth.saml2.Saml2UserMgtService;
-import org.apache.sling.auth.saml2.sp.*;
+import org.apache.sling.auth.saml2.sp.KeyPairCredentials;
+import org.apache.sling.auth.saml2.sp.SamlReason;
+import org.apache.sling.auth.saml2.sp.SessionStorage;
+import org.apache.sling.auth.saml2.sp.VerifySignatureCredentials;
 import org.opensaml.core.xml.XMLObject;
 import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
 import org.opensaml.core.xml.schema.XSString;
@@ -40,10 +45,20 @@ import org.opensaml.messaging.encoder.MessageEncodingException;
 import org.opensaml.saml.common.messaging.context.SAMLBindingContext;
 import org.opensaml.saml.common.messaging.context.SAMLEndpointContext;
 import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
+import org.opensaml.saml.common.xml.SAMLConstants;
 import org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder;
 import org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder;
-import org.opensaml.saml.saml2.core.*;
-import org.opensaml.saml.common.xml.SAMLConstants;
+import org.opensaml.saml.saml2.core.Assertion;
+import org.opensaml.saml.saml2.core.Attribute;
+import org.opensaml.saml.saml2.core.AuthnRequest;
+import org.opensaml.saml.saml2.core.EncryptedAssertion;
+import org.opensaml.saml.saml2.core.Issuer;
+import org.opensaml.saml.saml2.core.NameIDPolicy;
+import org.opensaml.saml.saml2.core.NameIDType;
+import org.opensaml.saml.saml2.core.RequestAbstractType;
+import org.opensaml.saml.saml2.core.Response;
+import org.opensaml.saml.saml2.core.SubjectConfirmation;
+import org.opensaml.saml.saml2.core.SubjectConfirmationData;
 import org.opensaml.saml.saml2.encryption.Decrypter;
 import org.opensaml.saml.saml2.metadata.Endpoint;
 import org.opensaml.saml.saml2.metadata.SingleLogoutService;
@@ -61,13 +76,16 @@ import org.opensaml.xmlsec.signature.support.SignatureValidator;
 import org.osgi.framework.BundleContext;
 import org.osgi.framework.FrameworkUtil;
 import org.osgi.framework.wiring.BundleWiring;
-import org.apache.sling.auth.core.spi.AuthenticationHandler;
-import org.apache.sling.auth.core.spi.AuthenticationInfo;
 import org.osgi.service.component.ComponentContext;
-import org.osgi.service.component.annotations.*;
+import org.osgi.service.component.annotations.Activate;
+import org.osgi.service.component.annotations.Component;
+import org.osgi.service.component.annotations.ConfigurationPolicy;
+import org.osgi.service.component.annotations.Modified;
+import org.osgi.service.component.annotations.Reference;
 import org.osgi.service.metatype.annotations.Designate;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+
 import javax.jcr.RepositoryException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -128,7 +146,7 @@ public class AuthenticationHandlerSAML2Impl extends AbstractSamlHandler implemen
 
     @Activate @Modified
     protected void activate(final AuthenticationHandlerSAML2Config config, ComponentContext componentContext)
-            throws InvalidKeyException, NoSuchAlgorithmException, IllegalStateException, UnsupportedEncodingException {
+            throws InvalidKeyException, NoSuchAlgorithmException, IllegalStateException, IOException {
         this.setConfigs(config);
         final File tokenFile = getTokenFile(componentContext.getBundleContext());
         initializeTokenStore(tokenFile);
diff --git a/saml-handler/src/test/java/org/apache/sling/auth/saml2/SamlHandlerIT.java b/saml-handler/src/test/java/org/apache/sling/auth/saml2/SamlHandlerIT.java
index 1a10cbd..63db979 100644
--- a/saml-handler/src/test/java/org/apache/sling/auth/saml2/SamlHandlerIT.java
+++ b/saml-handler/src/test/java/org/apache/sling/auth/saml2/SamlHandlerIT.java
@@ -190,12 +190,6 @@ public class SamlHandlerIT extends TestSupport {
             factoryConfiguration("org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended")
                 .put("user.mapping", new String[]{"org.apache.sling.auth.saml2:Saml2UserMgtService=saml2-user-mgt"})
                 .asOption(),
-            factoryConfiguration("org.apache.felix.jaas.Configuration.factory")
-                .put("jaas.classname", "org.apache.sling.auth.saml2.sp.Saml2LoginModule")
-                .put("jaas.controlFlag", "Sufficient")
-                .put("jaas.realmName", "jackrabbit.oak")
-                .put("jaas.ranking", 110)
-                .asOption(),
             newConfiguration("org.apache.sling.engine.impl.auth.SlingAuthenticator")
                 .put("auth.annonymous", false)
                 .asOption(),
diff --git a/saml-handler/src/test/java/org/apache/sling/auth/saml2/impl/OsgiSamlTest.java b/saml-handler/src/test/java/org/apache/sling/auth/saml2/impl/OsgiSamlTest.java
index 0a0d5f1..e4dc435 100644
--- a/saml-handler/src/test/java/org/apache/sling/auth/saml2/impl/OsgiSamlTest.java
+++ b/saml-handler/src/test/java/org/apache/sling/auth/saml2/impl/OsgiSamlTest.java
@@ -106,10 +106,6 @@ public class OsgiSamlTest {
         try {
             bundleContext = MockOsgi.newBundleContext();
             ResourceResolverFactory mockFactory = Mockito.mock(ResourceResolverFactory.class);
-//            Saml2UserMgtService saml2UserMgtService = new Saml2UserMgtServiceImpl();
-//            MockOsgi.injectServices(mockFactory, bundleContext);
-//            MockOsgi.injectServices(saml2UserMgtService, bundleContext);
-//            MockOsgi.activate(saml2UserMgtService, bundleContext);
             osgiContext.registerService(ResourceResolverFactory.class, mockFactory);
             userMgtService = osgiContext.registerService(new Saml2UserMgtServiceImpl());
             samlHandler = osgiContext.registerInjectActivateService(new AuthenticationHandlerSAML2Impl());