You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by il...@apache.org on 2021/06/07 13:55:09 UTC
[syncope] branch master updated: Upgrading Nimbus JOSE JWT and
commons-jexl3
This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/master by this push:
new 2770bff Upgrading Nimbus JOSE JWT and commons-jexl3
2770bff is described below
commit 2770bffe9f4aea52d1e2510b822e9b0771bd8339
Author: Francesco Chicchiriccò <il...@apache.org>
AuthorDate: Mon Jun 7 10:06:34 2021 +0200
Upgrading Nimbus JOSE JWT and commons-jexl3
---
.../rest/api/service/AuthProfileService.java | 4 +
.../rest/api/service/SAML2IdPEntityService.java | 5 ++
.../rest/api/service/SAML2SPEntityService.java | 5 ++
.../client/ElasticsearchIndexManager.java | 4 +-
.../elasticsearch/client/ElasticsearchUtils.java | 98 ++++++++++++++--------
.../java/job/ElasticsearchReindex.java | 8 +-
pom.xml | 4 +-
7 files changed, 83 insertions(+), 45 deletions(-)
diff --git a/common/am/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/AuthProfileService.java b/common/am/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/AuthProfileService.java
index ad75ce0..0919c7e 100644
--- a/common/am/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/AuthProfileService.java
+++ b/common/am/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/AuthProfileService.java
@@ -21,6 +21,8 @@ package org.apache.syncope.common.rest.api.service;
import static org.apache.syncope.common.rest.api.service.JAXRSService.PARAM_PAGE;
import static org.apache.syncope.common.rest.api.service.JAXRSService.PARAM_SIZE;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.enums.ParameterIn;
import io.swagger.v3.oas.annotations.headers.Header;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
@@ -107,6 +109,8 @@ public interface AuthProfileService extends JAXRSService {
*
* @param authProfileTO auth profile
*/
+ @Parameter(name = "key", description = "AuthProfile's key", in = ParameterIn.PATH, schema =
+ @Schema(type = "string"))
@PUT
@Path("{key}")
@Consumes({ MediaType.APPLICATION_JSON, RESTHeaders.APPLICATION_YAML, MediaType.APPLICATION_XML })
diff --git a/common/am/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/SAML2IdPEntityService.java b/common/am/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/SAML2IdPEntityService.java
index d2f58ad..fa84239 100644
--- a/common/am/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/SAML2IdPEntityService.java
+++ b/common/am/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/SAML2IdPEntityService.java
@@ -18,6 +18,9 @@
*/
package org.apache.syncope.common.rest.api.service;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.enums.ParameterIn;
+import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import io.swagger.v3.oas.annotations.security.SecurityRequirements;
import io.swagger.v3.oas.annotations.tags.Tag;
@@ -70,6 +73,8 @@ public interface SAML2IdPEntityService extends JAXRSService {
*
* @param entityTO entity to be created
*/
+ @Parameter(name = "key", description = "SAML2IdPEntityTO's key", in = ParameterIn.PATH, schema =
+ @Schema(type = "string"))
@POST
@Path("{key}")
@Consumes({ MediaType.APPLICATION_JSON, RESTHeaders.APPLICATION_YAML, MediaType.APPLICATION_XML })
diff --git a/common/am/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/SAML2SPEntityService.java b/common/am/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/SAML2SPEntityService.java
index 5009cb7..47de0dd 100644
--- a/common/am/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/SAML2SPEntityService.java
+++ b/common/am/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/SAML2SPEntityService.java
@@ -18,6 +18,9 @@
*/
package org.apache.syncope.common.rest.api.service;
+import io.swagger.v3.oas.annotations.Parameter;
+import io.swagger.v3.oas.annotations.enums.ParameterIn;
+import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import io.swagger.v3.oas.annotations.security.SecurityRequirements;
import io.swagger.v3.oas.annotations.tags.Tag;
@@ -69,6 +72,8 @@ public interface SAML2SPEntityService extends JAXRSService {
*
* @param entityTO entity to be created
*/
+ @Parameter(name = "key", description = "SAML2SPEntityTO's key", in = ParameterIn.PATH, schema =
+ @Schema(type = "string"))
@POST
@Path("{key}")
@Consumes({ MediaType.APPLICATION_JSON, RESTHeaders.APPLICATION_YAML, MediaType.APPLICATION_XML })
diff --git a/ext/elasticsearch/client-elasticsearch/src/main/java/org/apache/syncope/ext/elasticsearch/client/ElasticsearchIndexManager.java b/ext/elasticsearch/client-elasticsearch/src/main/java/org/apache/syncope/ext/elasticsearch/client/ElasticsearchIndexManager.java
index 69ebe5a..bcdbb91 100644
--- a/ext/elasticsearch/client-elasticsearch/src/main/java/org/apache/syncope/ext/elasticsearch/client/ElasticsearchIndexManager.java
+++ b/ext/elasticsearch/client-elasticsearch/src/main/java/org/apache/syncope/ext/elasticsearch/client/ElasticsearchIndexManager.java
@@ -141,7 +141,7 @@ public class ElasticsearchIndexManager {
AuthContextUtils.getDomain(), event.getAny().getType().getKind()),
event.getAny().getKey()).
retryOnConflict(elasticsearchUtils.getRetryOnConflict()).
- doc(elasticsearchUtils.builder(event.getAny()));
+ doc(elasticsearchUtils.builder(event.getAny(), event.getDomain()));
UpdateResponse response = client.update(request, RequestOptions.DEFAULT);
LOG.debug("Index successfully updated for {}: {}", event.getAny(), response);
} else {
@@ -151,7 +151,7 @@ public class ElasticsearchIndexManager {
ElasticsearchUtils.getContextDomainName(
AuthContextUtils.getDomain(), event.getAny().getType().getKind())).
id(event.getAny().getKey()).
- source(elasticsearchUtils.builder(event.getAny()));
+ source(elasticsearchUtils.builder(event.getAny(), event.getDomain()));
IndexResponse response = client.index(request, RequestOptions.DEFAULT);
LOG.debug("Index successfully created for {}: {}", event.getAny(), response);
}
diff --git a/ext/elasticsearch/client-elasticsearch/src/main/java/org/apache/syncope/ext/elasticsearch/client/ElasticsearchUtils.java b/ext/elasticsearch/client-elasticsearch/src/main/java/org/apache/syncope/ext/elasticsearch/client/ElasticsearchUtils.java
index 47bc2c1..122c96f 100644
--- a/ext/elasticsearch/client-elasticsearch/src/main/java/org/apache/syncope/ext/elasticsearch/client/ElasticsearchUtils.java
+++ b/ext/elasticsearch/client-elasticsearch/src/main/java/org/apache/syncope/ext/elasticsearch/client/ElasticsearchUtils.java
@@ -35,6 +35,7 @@ import org.apache.syncope.core.persistence.api.entity.Privilege;
import org.apache.syncope.core.persistence.api.entity.anyobject.AnyObject;
import org.apache.syncope.core.persistence.api.entity.group.Group;
import org.apache.syncope.core.persistence.api.entity.user.User;
+import org.apache.syncope.core.spring.security.AuthContextUtils;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.common.xcontent.XContentFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -102,53 +103,62 @@ public class ElasticsearchUtils {
* Returns the builder specialized with content from the provided any.
*
* @param any user, group or any object to index
+ * @param domain tenant information
* @return builder specialized with content from the provided any
* @throws IOException in case of errors
*/
@Transactional
- public XContentBuilder builder(final Any<?> any) throws IOException {
+ public XContentBuilder builder(final Any<?> any, final String domain) throws IOException {
+ Set<String> resources = new HashSet<>();
+ List<String> dynRealms = new ArrayList<>();
+ AuthContextUtils.callAsAdmin(domain, () -> {
+ resources.addAll(any instanceof User
+ ? userDAO.findAllResourceKeys(any.getKey())
+ : any instanceof AnyObject
+ ? anyObjectDAO.findAllResourceKeys(any.getKey())
+ : groupDAO.findAllResourceKeys(any.getKey()));
+ dynRealms.addAll(any instanceof User
+ ? userDAO.findDynRealms(any.getKey())
+ : any instanceof AnyObject
+ ? anyObjectDAO.findDynRealms(any.getKey())
+ : groupDAO.findDynRealms(any.getKey()));
+ return null;
+ });
+
XContentBuilder builder = XContentFactory.jsonBuilder().
startObject().
field("id", any.getKey()).
field("realm", any.getRealm().getFullPath()).
field("anyType", any.getType().getKey()).
field("creationDate", any.getCreationDate()).
- field("creationContext", any.getCreationContext()).
field("creator", any.getCreator()).
field("lastChangeDate", any.getLastChangeDate()).
field("lastModifier", any.getLastModifier()).
- field("lastChangeContext", any.getLastChangeContext()).
field("status", any.getStatus()).
- field("resources",
- any instanceof User
- ? userDAO.findAllResourceKeys(any.getKey())
- : any instanceof AnyObject
- ? anyObjectDAO.findAllResourceKeys(any.getKey())
- : groupDAO.findAllResourceKeys(any.getKey())).
- field("dynRealms",
- any instanceof User
- ? userDAO.findDynRealms(any.getKey())
- : any instanceof AnyObject
- ? anyObjectDAO.findDynRealms(any.getKey())
- : groupDAO.findDynRealms(any.getKey()));
+ field("resources", resources).
+ field("dynRealms", dynRealms);
if (any instanceof AnyObject) {
AnyObject anyObject = ((AnyObject) any);
builder = builder.field("name", anyObject.getName());
- List<Object> memberships = new ArrayList<>(anyObjectDAO.findAllGroupKeys(anyObject));
+ Collection<String> memberships = AuthContextUtils.callAsAdmin(
+ domain, () -> anyObjectDAO.findAllGroupKeys(anyObject));
builder = builder.field("memberships", memberships);
- List<Object> relationships = new ArrayList<>();
- List<Object> relationshipTypes = new ArrayList<>();
- anyObjectDAO.findAllRelationships(anyObject).forEach(relationship -> {
- relationships.add(relationship.getRightEnd().getKey());
- relationshipTypes.add(relationship.getType().getKey());
+ List<String> relationships = new ArrayList<>();
+ List<String> relationshipTypes = new ArrayList<>();
+ AuthContextUtils.callAsAdmin(domain, () -> {
+ anyObjectDAO.findAllRelationships(anyObject).forEach(relationship -> {
+ relationships.add(relationship.getRightEnd().getKey());
+ relationshipTypes.add(relationship.getType().getKey());
+ });
+ return null;
});
builder = builder.field("relationships", relationships);
builder = builder.field("relationshipTypes", relationshipTypes);
- builder = customizeBuilder(builder, anyObject);
+ builder = customizeBuilder(builder, anyObject, domain);
} else if (any instanceof Group) {
Group group = ((Group) any);
builder = builder.field("name", group.getName());
@@ -159,15 +169,19 @@ public class ElasticsearchUtils {
builder = builder.field("groupOwner", group.getGroupOwner().getKey());
}
- List<Object> members = groupDAO.findUMemberships(group).stream().
- map(membership -> membership.getLeftEnd().getKey()).collect(Collectors.toList());
- members.add(groupDAO.findUDynMembers(group));
- members.addAll(groupDAO.findAMemberships(group).stream().
- map(membership -> membership.getLeftEnd().getKey()).collect(Collectors.toList()));
- members.add(groupDAO.findADynMembers(group));
+ List<String> members = new ArrayList<>();
+ AuthContextUtils.callAsAdmin(domain, () -> {
+ members.addAll(groupDAO.findUMemberships(group).stream().
+ map(membership -> membership.getLeftEnd().getKey()).collect(Collectors.toList()));
+ members.addAll(groupDAO.findUDynMembers(group));
+ members.addAll(groupDAO.findAMemberships(group).stream().
+ map(membership -> membership.getLeftEnd().getKey()).collect(Collectors.toList()));
+ members.addAll(groupDAO.findADynMembers(group));
+ return null;
+ });
builder = builder.field("members", members);
- builder = customizeBuilder(builder, group);
+ builder = customizeBuilder(builder, group, domain);
} else if (any instanceof User) {
User user = ((User) any);
builder = builder.
@@ -182,14 +196,18 @@ public class ElasticsearchUtils {
List<String> roles = new ArrayList<>();
Set<String> privileges = new HashSet<>();
- userDAO.findAllRoles(user).forEach(role -> {
- roles.add(role.getKey());
- privileges.addAll(role.getPrivileges().stream().map(Privilege::getKey).collect(Collectors.toSet()));
+ AuthContextUtils.callAsAdmin(domain, () -> {
+ userDAO.findAllRoles(user).forEach(role -> {
+ roles.add(role.getKey());
+ privileges.addAll(role.getPrivileges().stream().map(Privilege::getKey).collect(Collectors.toSet()));
+ });
+ return null;
});
builder = builder.field("roles", roles);
builder = builder.field("privileges", privileges);
- Collection<String> memberships = userDAO.findAllGroupKeys(user);
+ Collection<String> memberships = AuthContextUtils.callAsAdmin(
+ domain, () -> userDAO.findAllGroupKeys(user));
builder = builder.field("memberships", memberships);
List<String> relationships = new ArrayList<>();
@@ -201,7 +219,7 @@ public class ElasticsearchUtils {
builder = builder.field("relationships", relationships);
builder = builder.field("relationshipTypes", relationshipTypes);
- builder = customizeBuilder(builder, user);
+ builder = customizeBuilder(builder, user, domain);
}
for (PlainAttr<?> plainAttr : any.getPlainAttrs()) {
@@ -218,17 +236,23 @@ public class ElasticsearchUtils {
return builder.endObject();
}
- protected XContentBuilder customizeBuilder(final XContentBuilder builder, final AnyObject anyObject)
+ protected XContentBuilder customizeBuilder(
+ final XContentBuilder builder, final AnyObject anyObject, final String domain)
throws IOException {
return builder;
}
- protected XContentBuilder customizeBuilder(final XContentBuilder builder, final Group group) throws IOException {
+ protected XContentBuilder customizeBuilder(
+ final XContentBuilder builder, final Group group, final String domain)
+ throws IOException {
+
return builder;
}
- protected XContentBuilder customizeBuilder(final XContentBuilder builder, final User user) throws IOException {
+ protected XContentBuilder customizeBuilder(final XContentBuilder builder, final User user, final String domain)
+ throws IOException {
+
return builder;
}
}
diff --git a/ext/elasticsearch/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/job/ElasticsearchReindex.java b/ext/elasticsearch/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/job/ElasticsearchReindex.java
index 0e0c1e3..2fe1591 100644
--- a/ext/elasticsearch/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/job/ElasticsearchReindex.java
+++ b/ext/elasticsearch/provisioning-java/src/main/java/org/apache/syncope/core/provisioning/java/job/ElasticsearchReindex.java
@@ -49,7 +49,7 @@ public class ElasticsearchReindex extends AbstractSchedTaskJobDelegate {
protected ElasticsearchIndexManager indexManager;
@Autowired
- protected ElasticsearchUtils elasticsearchUtils;
+ protected ElasticsearchUtils utils;
@Autowired
protected UserDAO userDAO;
@@ -117,7 +117,7 @@ public class ElasticsearchReindex extends AbstractSchedTaskJobDelegate {
ElasticsearchUtils.getContextDomainName(
AuthContextUtils.getDomain(), AnyTypeKind.USER)).
id(user).
- source(elasticsearchUtils.builder(userDAO.find(user)));
+ source(utils.builder(userDAO.find(user), AuthContextUtils.getDomain()));
IndexResponse response = client.index(request, RequestOptions.DEFAULT);
LOG.debug("Index successfully created for {}: {}", user, response);
}
@@ -130,7 +130,7 @@ public class ElasticsearchReindex extends AbstractSchedTaskJobDelegate {
ElasticsearchUtils.getContextDomainName(
AuthContextUtils.getDomain(), AnyTypeKind.GROUP)).
id(group).
- source(elasticsearchUtils.builder(groupDAO.find(group)));
+ source(utils.builder(groupDAO.find(group), AuthContextUtils.getDomain()));
IndexResponse response = client.index(request, RequestOptions.DEFAULT);
LOG.debug("Index successfully created for {}: {}", group, response);
}
@@ -143,7 +143,7 @@ public class ElasticsearchReindex extends AbstractSchedTaskJobDelegate {
ElasticsearchUtils.getContextDomainName(
AuthContextUtils.getDomain(), AnyTypeKind.ANY_OBJECT)).
id(anyObject).
- source(elasticsearchUtils.builder(anyObjectDAO.find(anyObject)));
+ source(utils.builder(anyObjectDAO.find(anyObject), AuthContextUtils.getDomain()));
IndexResponse response = client.index(request, RequestOptions.DEFAULT);
LOG.debug("Index successfully created for {}: {}", anyObject, response);
}
diff --git a/pom.xml b/pom.xml
index f1f4409..2b44260 100644
--- a/pom.xml
+++ b/pom.xml
@@ -406,7 +406,7 @@ under the License.
<cxf.version>3.4.3</cxf.version>
<bouncycastle.version>1.68</bouncycastle.version>
- <nimbus-jose-jwt.version>9.9.3</nimbus-jose-jwt.version>
+ <nimbus-jose-jwt.version>9.10</nimbus-jose-jwt.version>
<jackson.version>2.12.3</jackson.version>
@@ -439,7 +439,7 @@ under the License.
<log4j.version>2.14.1</log4j.version>
<disruptor.version>3.4.4</disruptor.version>
- <commons-jexl.version>3.1</commons-jexl.version>
+ <commons-jexl.version>3.2</commons-jexl.version>
<commons-lang.version>3.12.0</commons-lang.version>
<commons-text.version>1.9</commons-text.version>
<commons-codec.version>1.15</commons-codec.version>