You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@usergrid.apache.org by sn...@apache.org on 2016/08/22 15:00:20 UTC
[16/50] usergrid git commit: Update error messages thrown when
external SSO is enabled.
Update error messages thrown when external SSO is enabled.
Project: http://git-wip-us.apache.org/repos/asf/usergrid/repo
Commit: http://git-wip-us.apache.org/repos/asf/usergrid/commit/0b840237
Tree: http://git-wip-us.apache.org/repos/asf/usergrid/tree/0b840237
Diff: http://git-wip-us.apache.org/repos/asf/usergrid/diff/0b840237
Branch: refs/heads/asf-site
Commit: 0b84023705eac7765fda8f8ecb8fc277a3bfcfc5
Parents: f385b07
Author: Michael Russo <mr...@apigee.com>
Authored: Tue Aug 2 08:41:11 2016 -0700
Committer: Michael Russo <mr...@apigee.com>
Committed: Tue Aug 2 08:41:11 2016 -0700
----------------------------------------------------------------------
.../rest/management/ManagementResource.java | 11 +++---
.../rest/management/users/UserResource.java | 37 ++++++++++----------
.../rest/management/users/UsersResource.java | 5 +--
.../rest/management/ExternalSSOEnabledIT.java | 2 +-
.../rest/management/ManagementResourceIT.java | 6 ++--
5 files changed, 31 insertions(+), 30 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/usergrid/blob/0b840237/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java
index f36c4ff..83f06ed 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/ManagementResource.java
@@ -61,6 +61,7 @@ import java.util.Map;
import static javax.servlet.http.HttpServletResponse.*;
import static javax.ws.rs.core.MediaType.*;
import static org.apache.commons.lang.StringUtils.isNotBlank;
+import static org.apache.usergrid.security.tokens.cassandra.TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER;
import static org.apache.usergrid.security.tokens.cassandra.TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER_URL;
import static org.apache.usergrid.security.tokens.cassandra.TokenServiceImpl.USERGRID_EXTERNAL_SSO_ENABLED;
import static org.apache.usergrid.utils.JsonUtils.mapToJsonString;
@@ -398,7 +399,7 @@ public class ManagementResource extends AbstractContextResource {
&& !userServiceAdmin(username) ){
OAuthResponse response =
OAuthResponse.errorResponse( SC_BAD_REQUEST ).setError( OAuthError.TokenResponse.INVALID_GRANT )
- .setErrorDescription( "SSO Integration is enabled, Admin users must login via provider: "+
+ .setErrorDescription( "External SSO integration is enabled, admin users must login via provider: "+
properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) ).buildJSONMessage();
return Response.status( response.getResponseStatus() ).type( jsonMediaType( callback ) )
.entity( wrapWithCallback( response.getBody(), callback ) ).build();
@@ -625,16 +626,12 @@ public class ManagementResource extends AbstractContextResource {
return; // we only care about username/password auth
}
- //why !isexternal_sso_enabled ?
-// final boolean externalTokensEnabled =
-// !StringUtils.isEmpty( properties.getProperty( USERGRID_EXTERNAL_SSO_ENABLED ) );
-
if ( tokens.isExternalSSOProviderEnabled() ) {
// when external tokens enabled then only superuser can obtain an access token
if ( !userServiceAdmin(username)) {
// this guy is not the superuser
- throw new IllegalArgumentException( "Admin Users must login via " +
- properties.getProperty(USERGRID_EXTERNAL_SSO_PROVIDER_URL) );
+ throw new IllegalArgumentException( "External SSO integration is enabled, admin users must login via provider: "+
+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) );
}
}
}
http://git-wip-us.apache.org/repos/asf/usergrid/blob/0b840237/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
index 21d4c23..e511e2e 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UserResource.java
@@ -30,6 +30,7 @@ import org.apache.usergrid.rest.management.users.organizations.OrganizationsReso
import org.apache.usergrid.rest.security.annotations.RequireAdminUserAccess;
import org.apache.usergrid.security.shiro.principals.PrincipalIdentifier;
import org.apache.usergrid.security.tokens.TokenInfo;
+import org.apache.usergrid.security.tokens.cassandra.TokenServiceImpl;
import org.apache.usergrid.security.tokens.exceptions.TokenException;
import org.apache.usergrid.services.ServiceResults;
import org.glassfish.jersey.server.mvc.Viewable;
@@ -137,8 +138,8 @@ public class UserResource extends AbstractContextResource {
throws Exception {
if ( tokens.isExternalSSOProviderEnabled() ) {
- throw new IllegalArgumentException( "Admin Users must reset passwords via " +
- properties.getProperty(USERGRID_EXTERNAL_SSO_PROVIDER_URL) );
+ throw new IllegalArgumentException( "External SSO integration is enabled, admin users must reset passwords via" +
+ " provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) );
}
if ( json == null ) {
@@ -205,8 +206,8 @@ public class UserResource extends AbstractContextResource {
ApiResponse response = createApiResponse();
response.setAction( "get admin user" );
-// commenting out creation of token each time and setting the token value to the one sent in the request.
-// String token = management.getAccessTokenForAdminUser( user.getUuid(), ttl );
+ // commenting out creation of token each time and setting the token value to the one sent in the request.
+ // String token = management.getAccessTokenForAdminUser( user.getUuid(), ttl );
Map<String, Object> userOrganizationData = management.getAdminUserOrganizationData( user, !shallow );
//userOrganizationData.put( "token", token );
@@ -223,8 +224,8 @@ public class UserResource extends AbstractContextResource {
public Viewable showPasswordResetForm( @Context UriInfo ui, @QueryParam( "token" ) String token ) {
if ( tokens.isExternalSSOProviderEnabled() ) {
- throw new IllegalArgumentException( "Admin Users must reset passwords via " +
- properties.getProperty(USERGRID_EXTERNAL_SSO_PROVIDER_URL) );
+ throw new IllegalArgumentException( "External SSO integration is enabled, admin users must reset password via" +
+ " provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) );
}
UUID organizationId = null;
@@ -267,8 +268,8 @@ public class UserResource extends AbstractContextResource {
}
if ( tokens.isExternalSSOProviderEnabled() ) {
- throw new IllegalArgumentException( "Admin Users must reset passwords via " +
- properties.getProperty(USERGRID_EXTERNAL_SSO_PROVIDER_URL) );
+ throw new IllegalArgumentException( "External SSO integration is enabled, admin users must reset password via" +
+ " provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) );
}
UUID organizationId = null;
@@ -353,8 +354,8 @@ public class UserResource extends AbstractContextResource {
public Viewable activate( @Context UriInfo ui, @QueryParam( "token" ) String token ) {
if ( tokens.isExternalSSOProviderEnabled() ) {
- throw new IllegalArgumentException( "Admin Users must activate via " +
- properties.getProperty(USERGRID_EXTERNAL_SSO_PROVIDER_URL) );
+ throw new IllegalArgumentException( "External SSO integration is enabled, admin users must activate via" +
+ " provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) );
}
UUID organizationId = null;
@@ -383,8 +384,8 @@ public class UserResource extends AbstractContextResource {
public Viewable confirm( @Context UriInfo ui, @QueryParam( "token" ) String token ) {
if ( tokens.isExternalSSOProviderEnabled() ) {
- throw new IllegalArgumentException( "Admin Users must confirm via " +
- properties.getProperty(USERGRID_EXTERNAL_SSO_PROVIDER_URL) );
+ throw new IllegalArgumentException( "External SSO integration is enabled, admin users must confirm " +
+ "via provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER ) );
}
UUID organizationId = null;
@@ -419,8 +420,8 @@ public class UserResource extends AbstractContextResource {
throws Exception {
if ( tokens.isExternalSSOProviderEnabled() ) {
- throw new IllegalArgumentException( "Admin Users must reactivate via " +
- properties.getProperty(USERGRID_EXTERNAL_SSO_PROVIDER_URL) );
+ throw new IllegalArgumentException( "External SSO integration is enabled, admin user must re-activate " +
+ "via provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER ) );
}
logger.info( "Send activation email for user: {}" , user.getUuid() );
@@ -443,8 +444,8 @@ public class UserResource extends AbstractContextResource {
throws Exception {
if ( tokens.isExternalSSOProviderEnabled() ) {
- throw new IllegalArgumentException( "Admin Users must tokens must be revoked via " +
- properties.getProperty(USERGRID_EXTERNAL_SSO_PROVIDER_URL) );
+ throw new IllegalArgumentException( "External SSO integration is enabled, admin user tokens must be revoked " +
+ "via provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) );
}
UUID adminId = user.getUuid();
@@ -480,8 +481,8 @@ public class UserResource extends AbstractContextResource {
@QueryParam( "token" ) String token ) throws Exception {
if ( tokens.isExternalSSOProviderEnabled() ) {
- throw new IllegalArgumentException( "Admin Users must tokens must be revoked via " +
- properties.getProperty(USERGRID_EXTERNAL_SSO_PROVIDER_URL) );
+ throw new IllegalArgumentException( "External SSO integration is enabled, admin user token must be revoked via " +
+ "via provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER ) );
}
UUID adminId = user.getUuid();
http://git-wip-us.apache.org/repos/asf/usergrid/blob/0b840237/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java
index ca7833b..607c3e0 100644
--- a/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java
+++ b/stack/rest/src/main/java/org/apache/usergrid/rest/management/users/UsersResource.java
@@ -29,6 +29,7 @@ import org.apache.usergrid.rest.RootResource;
import org.apache.usergrid.rest.exceptions.AuthErrorInfo;
import org.apache.usergrid.rest.exceptions.RedirectionException;
import org.apache.usergrid.security.shiro.utils.SubjectUtils;
+import org.apache.usergrid.security.tokens.cassandra.TokenServiceImpl;
import org.glassfish.jersey.server.mvc.Viewable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -115,8 +116,8 @@ public class UsersResource extends AbstractContextResource {
throws Exception {
if ( tokens.isExternalSSOProviderEnabled() ) {
- throw new IllegalArgumentException( "Admin Users must signup via " +
- properties.getProperty(USERGRID_EXTERNAL_SSO_PROVIDER_URL) );
+ throw new IllegalArgumentException( "External SSO integration is enabled, admin users registering without an org" +
+ " must do so via provider: "+ properties.getProperty(TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER) );
}
// email is only required parameter
http://git-wip-us.apache.org/repos/asf/usergrid/blob/0b840237/stack/rest/src/test/java/org/apache/usergrid/rest/management/ExternalSSOEnabledIT.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/test/java/org/apache/usergrid/rest/management/ExternalSSOEnabledIT.java b/stack/rest/src/test/java/org/apache/usergrid/rest/management/ExternalSSOEnabledIT.java
index 972ed05..cae65df 100644
--- a/stack/rest/src/test/java/org/apache/usergrid/rest/management/ExternalSSOEnabledIT.java
+++ b/stack/rest/src/test/java/org/apache/usergrid/rest/management/ExternalSSOEnabledIT.java
@@ -166,7 +166,7 @@ public class ExternalSSOEnabledIT extends AbstractRestIT {
// /managment/token -> adminusername and password --> should fail.
ApiResponse postResponse1 = pathResource("management/token").post(false, ApiResponse.class,loginInfo1);
-// fail( "SSO Integration is enabled, Admin users must login via provider: "+ USERGRID_EXTERNAL_SSO_PROVIDER_URL);
+// fail( "External SSO integration is enabled, admin users must login via provider: "+ USERGRID_EXTERNAL_SSO_PROVIDER_URL);
http://git-wip-us.apache.org/repos/asf/usergrid/blob/0b840237/stack/rest/src/test/java/org/apache/usergrid/rest/management/ManagementResourceIT.java
----------------------------------------------------------------------
diff --git a/stack/rest/src/test/java/org/apache/usergrid/rest/management/ManagementResourceIT.java b/stack/rest/src/test/java/org/apache/usergrid/rest/management/ManagementResourceIT.java
index b689527..1da00d4 100644
--- a/stack/rest/src/test/java/org/apache/usergrid/rest/management/ManagementResourceIT.java
+++ b/stack/rest/src/test/java/org/apache/usergrid/rest/management/ManagementResourceIT.java
@@ -25,6 +25,7 @@ import org.apache.usergrid.rest.management.organizations.OrganizationsResource;
import org.apache.usergrid.rest.test.resource.AbstractRestIT;
import org.apache.usergrid.rest.test.resource.model.*;
import org.apache.usergrid.rest.test.resource.model.Collection;
+import org.apache.usergrid.security.tokens.cassandra.TokenServiceImpl;
import org.junit.Before;
import org.junit.Test;
import org.slf4j.Logger;
@@ -687,14 +688,15 @@ public class ManagementResourceIT extends AbstractRestIT {
put( "grant_type", "password" );
}};
ApiResponse postResponse = pathResource( "management/token" ).post( false, ApiResponse.class, loginInfo );
- fail( "SSO Integration is enabled, Admin users must login via provider: "+ USERGRID_EXTERNAL_SSO_PROVIDER_URL);
+ fail( "External SSO integration is enabled, admin users must login via provider using configured property: "+
+ TokenServiceImpl.USERGRID_EXTERNAL_SSO_PROVIDER );
} catch (ClientErrorException actual) {
assertEquals( 400, actual.getResponse().getStatus() );
String errorMsg = actual.getResponse().readEntity( JsonNode.class )
.get( "error_description" ).toString();
logger.error( "ERROR: " + errorMsg );
- assertTrue( errorMsg.contains( "Admin Users must login via" ) );
+ assertTrue( errorMsg.contains( "admin users must login via" ) );
} catch (Exception e) {
fail( "We expected a ClientErrorException" );