You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by mm...@apache.org on 2020/03/04 10:31:01 UTC
[syncope] branch SYNCOPE-163-1 updated: working on oidc ITs
This is an automated email from the ASF dual-hosted git repository.
mmoayyed pushed a commit to branch SYNCOPE-163-1
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/SYNCOPE-163-1 by this push:
new 5093dfc working on oidc ITs
new 54f4309 Merge branch 'SYNCOPE-163-1' of github.com:apache/syncope into SYNCOPE-163-1
5093dfc is described below
commit 5093dfc57c1f872ec2151c42782c6e652c8d5c6b
Author: Misagh Moayyed <mm...@gmail.com>
AuthorDate: Wed Mar 4 13:44:19 2020 +0330
working on oidc ITs
---
.../syncope/common/lib/to/ClientApplicationTO.java | 13 +++++
.../core/persistence/api/dao/PolicyDAO.java | 6 +++
.../core/persistence/jpa/dao/JPAPolicyDAO.java | 18 +++++++
.../OpenIdConnectRelyingPartyDataBinderImpl.java | 56 +++++++++++++++-------
.../fit/core/OpenIdConnectRelyingPartyITCase.java | 56 ++++++++++++++++++++++
5 files changed, 131 insertions(+), 18 deletions(-)
diff --git a/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/ClientApplicationTO.java b/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/ClientApplicationTO.java
index 0c58ea9..5004248 100644
--- a/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/ClientApplicationTO.java
+++ b/common/am/lib/src/main/java/org/apache/syncope/common/lib/to/ClientApplicationTO.java
@@ -25,6 +25,7 @@ import io.swagger.v3.oas.annotations.media.Schema;
import org.apache.commons.lang3.builder.EqualsBuilder;
import org.apache.commons.lang3.builder.HashCodeBuilder;
import org.apache.syncope.common.lib.BaseBean;
+import org.apache.syncope.common.lib.policy.AccessPolicyTO;
import org.apache.syncope.common.lib.policy.AuthenticationPolicyTO;
import javax.xml.bind.annotation.XmlSeeAlso;
@@ -47,6 +48,16 @@ public abstract class ClientApplicationTO extends BaseBean implements EntityTO {
private AuthenticationPolicyTO authenticationPolicy;
+ private AccessPolicyTO accessPolicy;
+
+ public AccessPolicyTO getAccessPolicy() {
+ return accessPolicy;
+ }
+
+ public void setAccessPolicy(final AccessPolicyTO accessPolicy) {
+ this.accessPolicy = accessPolicy;
+ }
+
public AuthenticationPolicyTO getAuthenticationPolicy() {
return authenticationPolicy;
}
@@ -92,6 +103,7 @@ public abstract class ClientApplicationTO extends BaseBean implements EntityTO {
.append(name)
.append(description)
.append(authenticationPolicy)
+ .append(accessPolicy)
.toHashCode();
}
@@ -113,6 +125,7 @@ public abstract class ClientApplicationTO extends BaseBean implements EntityTO {
.append(this.name, rhs.name)
.append(this.description, rhs.description)
.append(this.authenticationPolicy, rhs.authenticationPolicy)
+ .append(this.accessPolicy, rhs.accessPolicy)
.isEquals();
}
}
diff --git a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/PolicyDAO.java b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/PolicyDAO.java
index 6765030..e378732 100644
--- a/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/PolicyDAO.java
+++ b/core/persistence-api/src/main/java/org/apache/syncope/core/persistence/api/dao/PolicyDAO.java
@@ -20,7 +20,9 @@ package org.apache.syncope.core.persistence.api.dao;
import java.util.List;
import org.apache.syncope.core.persistence.api.entity.Implementation;
+import org.apache.syncope.core.persistence.api.entity.policy.AccessPolicy;
import org.apache.syncope.core.persistence.api.entity.policy.AccountPolicy;
+import org.apache.syncope.core.persistence.api.entity.policy.AuthenticationPolicy;
import org.apache.syncope.core.persistence.api.entity.policy.PasswordPolicy;
import org.apache.syncope.core.persistence.api.entity.policy.Policy;
import org.apache.syncope.core.persistence.api.entity.policy.PullPolicy;
@@ -39,6 +41,10 @@ public interface PolicyDAO extends DAO<Policy> {
List<PullPolicy> findByPullCorrelationRule(Implementation correlationRule);
+ List<AuthenticationPolicy> findByAuthenticationPolicy(Implementation policy);
+
+ List<AccessPolicy> findByAccessPolicy(Implementation policy);
+
List<PushPolicy> findByPushCorrelationRule(Implementation correlationRule);
List<AccountPolicy> findByResource(ExternalResource resource);
diff --git a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAPolicyDAO.java b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAPolicyDAO.java
index b295743..bdf72dc 100644
--- a/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAPolicyDAO.java
+++ b/core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/dao/JPAPolicyDAO.java
@@ -107,6 +107,24 @@ public class JPAPolicyDAO extends AbstractDAO<Policy> implements PolicyDAO {
}
@Override
+ public List<AuthenticationPolicy> findByAuthenticationPolicy(final Implementation policy) {
+ TypedQuery<AuthenticationPolicy> query = entityManager().createQuery(
+ "SELECT e FROM " + JPAAuthenticationPolicy.class.getSimpleName() + " e "
+ + "WHERE :authenticationPolicy MEMBER OF e.rules", AuthenticationPolicy.class);
+ query.setParameter("authenticationPolicy", policy);
+ return query.getResultList();
+ }
+
+ @Override
+ public List<AccessPolicy> findByAccessPolicy(final Implementation policy) {
+ TypedQuery<AccessPolicy> query = entityManager().createQuery(
+ "SELECT e FROM " + JPAAuthenticationPolicy.class.getSimpleName() + " e "
+ + "WHERE :accessPolicy MEMBER OF e.rules", AccessPolicy.class);
+ query.setParameter("accessPolicy", policy);
+ return query.getResultList();
+ }
+
+ @Override
public List<PullPolicy> findByPullCorrelationRule(final Implementation correlationRule) {
TypedQuery<PullPolicy> query = entityManager().createQuery(
"SELECT DISTINCT e.pullPolicy FROM " + JPAPullCorrelationRuleEntity.class.getSimpleName() + " e "
diff --git a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/OpenIdConnectRelyingPartyDataBinderImpl.java b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/OpenIdConnectRelyingPartyDataBinderImpl.java
index 0c5457b..9f832c2 100644
--- a/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/OpenIdConnectRelyingPartyDataBinderImpl.java
+++ b/core/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/data/OpenIdConnectRelyingPartyDataBinderImpl.java
@@ -18,23 +18,23 @@
*/
package org.apache.syncope.core.provisioning.java.data;
+import org.apache.syncope.common.lib.SyncopeClientException;
+import org.apache.syncope.common.lib.policy.AccessPolicyTO;
+import org.apache.syncope.common.lib.policy.AuthenticationPolicyTO;
import org.apache.syncope.common.lib.to.OpenIdConnectRelyingPartyTO;
-import org.apache.syncope.core.persistence.api.dao.authentication.AuthenticationPolicyDAO;
+import org.apache.syncope.common.lib.types.ClientExceptionType;
+import org.apache.syncope.core.persistence.api.dao.PolicyDAO;
import org.apache.syncope.core.persistence.api.dao.authentication.OpenIdConnectRelyingPartyDAO;
import org.apache.syncope.core.persistence.api.entity.EntityFactory;
import org.apache.syncope.core.persistence.api.entity.authentication.OpenIdConnectRelyingParty;
+import org.apache.syncope.core.persistence.api.entity.policy.AccessPolicy;
import org.apache.syncope.core.persistence.api.entity.policy.AuthenticationPolicy;
import org.apache.syncope.core.provisioning.api.data.OpenIdConnectRelyingPartyDataBinder;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@Component
public class OpenIdConnectRelyingPartyDataBinderImpl implements OpenIdConnectRelyingPartyDataBinder {
-
- private static final Logger LOG = LoggerFactory.getLogger(OpenIdConnectRelyingPartyDataBinderImpl.class);
-
@Autowired
private OpenIdConnectRelyingPartyDAO openIdConnectRelyingPartyDAO;
@@ -42,7 +42,7 @@ public class OpenIdConnectRelyingPartyDataBinderImpl implements OpenIdConnectRel
private EntityFactory entityFactory;
@Autowired
- private AuthenticationPolicyDAO authenticationPolicyDAO;
+ private PolicyDAO policyDAO;
@Override
public OpenIdConnectRelyingParty create(final OpenIdConnectRelyingPartyTO applicationTO) {
@@ -51,8 +51,8 @@ public class OpenIdConnectRelyingPartyDataBinderImpl implements OpenIdConnectRel
@Override
public OpenIdConnectRelyingParty update(
- final OpenIdConnectRelyingParty toBeUpdated,
- final OpenIdConnectRelyingPartyTO applicationTO) {
+ final OpenIdConnectRelyingParty toBeUpdated,
+ final OpenIdConnectRelyingPartyTO applicationTO) {
OpenIdConnectRelyingParty application = openIdConnectRelyingPartyDAO.save(toBeUpdated);
@@ -62,24 +62,44 @@ public class OpenIdConnectRelyingPartyDataBinderImpl implements OpenIdConnectRel
application.setClientId(applicationTO.getClientId());
application.setRedirectUris(applicationTO.getRedirectUris());
- AuthenticationPolicy authenticationPolicy = authenticationPolicyDAO.
- find(applicationTO.getAuthenticationPolicy().getKey());
+ AuthenticationPolicy authenticationPolicy = policyDAO.
+ find(applicationTO.getAuthenticationPolicy().getKey());
+ if (authenticationPolicy == null) {
+ SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.InvalidEntity);
+ sce.getElements().add("Unable to locate authentication policy "
+ + applicationTO.getAuthenticationPolicy().getKey());
+ throw sce;
+ }
application.setAuthenticationPolicy(authenticationPolicy);
+ AccessPolicy accessPolicy = policyDAO.find(applicationTO.getAccessPolicy().getKey());
+ application.setAccessPolicy(accessPolicy);
+
return application;
}
@Override
- public OpenIdConnectRelyingPartyTO getClientApplicationTO(final OpenIdConnectRelyingParty serviceProvider) {
+ public OpenIdConnectRelyingPartyTO getClientApplicationTO(final OpenIdConnectRelyingParty rp) {
OpenIdConnectRelyingPartyTO applicationTO = new OpenIdConnectRelyingPartyTO();
- applicationTO.setKey(serviceProvider.getKey());
- applicationTO.setDescription(serviceProvider.getDescription());
- applicationTO.setClientId(serviceProvider.getClientId());
- applicationTO.setClientSecret(serviceProvider.getClientSecret());
- applicationTO.setRedirectUris(serviceProvider.getRedirectUris());
- applicationTO.setName(serviceProvider.getName());
+ applicationTO.setKey(rp.getKey());
+ applicationTO.setDescription(rp.getDescription());
+ applicationTO.setClientId(rp.getClientId());
+ applicationTO.setClientSecret(rp.getClientSecret());
+ applicationTO.setRedirectUris(rp.getRedirectUris());
+ applicationTO.setName(rp.getName());
+
+ AuthenticationPolicyTO authenticationPolicyTO = new AuthenticationPolicyTO();
+ authenticationPolicyTO.setDescription(rp.getAuthenticationPolicy().getDescription());
+ authenticationPolicyTO.setKey(rp.getAuthenticationPolicy().getKey());
+ applicationTO.setAuthenticationPolicy(authenticationPolicyTO);
+ if (rp.getAccessPolicy() != null) {
+ AccessPolicyTO accessPolicyTO = new AccessPolicyTO();
+ accessPolicyTO.setDescription(rp.getAccessPolicy().getDescription());
+ accessPolicyTO.setKey(rp.getAccessPolicy().getKey());
+ applicationTO.setAccessPolicy(accessPolicyTO);
+ }
return applicationTO;
}
}
diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/OpenIdConnectRelyingPartyITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/OpenIdConnectRelyingPartyITCase.java
new file mode 100644
index 0000000..5aa79ab
--- /dev/null
+++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/OpenIdConnectRelyingPartyITCase.java
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ *
+ */
+
+package org.apache.syncope.fit.core;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.syncope.common.lib.policy.AuthenticationPolicyTO;
+import org.apache.syncope.common.lib.to.OpenIdConnectRelyingPartyTO;
+import org.apache.syncope.common.lib.types.PolicyType;
+import org.apache.syncope.fit.AbstractITCase;
+import org.junit.jupiter.api.Test;
+
+import javax.ws.rs.core.Response;
+
+import java.io.IOException;
+import java.util.UUID;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+public class OpenIdConnectRelyingPartyITCase extends AbstractITCase {
+
+ @Test
+ public void createRelyingParty() throws IOException {
+ AuthenticationPolicyTO authPolicyTO = new AuthenticationPolicyTO();
+ authPolicyTO.setKey(UUID.randomUUID().toString());
+ authPolicyTO.setDescription("Authentication Policy");
+
+ Response response = policyService.create(PolicyType.AUTHENTICATION, authPolicyTO);
+
+ OpenIdConnectRelyingPartyTO rpTO = new OpenIdConnectRelyingPartyTO();
+ rpTO.setName("ExampleRP");
+ rpTO.setDescription("Example OIDC RP application");
+ rpTO.setClientId("clientid");
+ rpTO.setClientSecret(StringUtils.EMPTY);
+ rpTO.setAuthenticationPolicy(authPolicyTO);
+
+ response = openIdConnectRelyingPartyService.create(rpTO);
+ assertEquals(200, response.getStatus());
+ }
+}