You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by mm...@apache.org on 2020/03/19 11:43:23 UTC
[syncope] branch SYNCOPE-163-1 updated: SYNCOPE-160: add support
for syncope client,
and relevant dependencies to construct service objects for OIDC and SAML2.
Also turn on SAML2 IDP support,
and provide a skeleton for syncope-based service registry
This is an automated email from the ASF dual-hosted git repository.
mmoayyed pushed a commit to branch SYNCOPE-163-1
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/SYNCOPE-163-1 by this push:
new 5a73a34 SYNCOPE-160: add support for syncope client, and relevant dependencies to construct service objects for OIDC and SAML2. Also turn on SAML2 IDP support, and provide a skeleton for syncope-based service registry
5a73a34 is described below
commit 5a73a3406105ebb94e2ebaa104a8c82ab7c2046e
Author: Misagh Moayyed <mm...@gmail.com>
AuthorDate: Thu Mar 19 15:13:02 2020 +0330
SYNCOPE-160: add support for syncope client, and relevant dependencies
to construct service objects for OIDC and SAML2.
Also turn on SAML2 IDP support, and provide a skeleton for syncope-based
service registry
---
fit/wa-reference/src/main/resources/wa.properties | 8 +++
pom.xml | 1 -
wa/pom.xml | 34 +++++++++--
.../syncope/wa/config/SyncopeWAConfiguration.java | 45 +++++++++++----
.../wa/config/rest/SyncopeServiceRegistry.java | 66 ++++++++++++++++++++++
.../syncope/wa/config/rest/WARestClient.java | 65 +++++++++++++++++++++
wa/src/main/resources/wa.properties | 10 ++++
7 files changed, 212 insertions(+), 17 deletions(-)
diff --git a/fit/wa-reference/src/main/resources/wa.properties b/fit/wa-reference/src/main/resources/wa.properties
index a208075..77b3b51 100644
--- a/fit/wa-reference/src/main/resources/wa.properties
+++ b/fit/wa-reference/src/main/resources/wa.properties
@@ -22,4 +22,12 @@ useGZIPCompression=true
# Conf directories
conf.directory=${conf.directory}
cas.standalone.configurationDirectory=${conf.directory}
+
+cas.server.name=http://localhost:8080
+cas.server.prefix=${cas.server.name}/syncope-wa
+cas.server.scope=syncope.org
+
cas.authn.oidc.jwksFile=file:${conf.directory}/oidc.keystore
+
+cas.authn.samlIdp.entityId=https://syncope.apache.org/saml
+cas.authn.samlIdp.metadata.location=file:${conf.directory}
diff --git a/pom.xml b/pom.xml
index 309d55e..c4a1158 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1818,7 +1818,6 @@ under the License.
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>1.64</version>
- <scope>test</scope>
</dependency>
<dependency>
<groupId>org.eclipse.jetty</groupId>
diff --git a/wa/pom.xml b/wa/pom.xml
index 8cb9d18..cee60b8 100644
--- a/wa/pom.xml
+++ b/wa/pom.xml
@@ -105,6 +105,14 @@ under the License.
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
+ <artifactId>cas-server-core-services-registry</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apereo.cas</groupId>
+ <artifactId>cas-server-core-services-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apereo.cas</groupId>
<artifactId>cas-server-core-tickets</artifactId>
</dependency>
<dependency>
@@ -165,6 +173,22 @@ under the License.
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
+ <artifactId>cas-server-support-oidc-services</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apereo.cas</groupId>
+ <artifactId>cas-server-support-oauth-services</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apereo.cas</groupId>
+ <artifactId>cas-server-support-saml-idp</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apereo.cas</groupId>
+ <artifactId>cas-server-support-saml-idp-core</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apereo.cas</groupId>
<artifactId>cas-server-support-validation</artifactId>
</dependency>
<dependency>
@@ -185,10 +209,6 @@ under the License.
</dependency>
<dependency>
<groupId>org.apereo.cas</groupId>
- <artifactId>cas-server-support-rest-service-registry</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apereo.cas</groupId>
<artifactId>cas-server-webapp-config</artifactId>
</dependency>
@@ -210,7 +230,11 @@ under the License.
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
-
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcpkix-jdk15on</artifactId>
+ </dependency>
+
<dependency>
<groupId>org.apache.syncope.common.keymaster</groupId>
<artifactId>syncope-common-keymaster-client-zookeeper</artifactId>
diff --git a/wa/src/main/java/org/apache/syncope/wa/config/SyncopeWAConfiguration.java b/wa/src/main/java/org/apache/syncope/wa/config/SyncopeWAConfiguration.java
index 701cb53..28b1695 100644
--- a/wa/src/main/java/org/apache/syncope/wa/config/SyncopeWAConfiguration.java
+++ b/wa/src/main/java/org/apache/syncope/wa/config/SyncopeWAConfiguration.java
@@ -18,27 +18,27 @@
*/
package org.apache.syncope.wa.config;
-import java.io.Serializable;
-import org.apereo.cas.services.DefaultRegisteredServiceEntityMapper;
-import org.apereo.cas.services.RegisteredServiceEntityMapper;
+import org.apereo.cas.services.ServiceRegistry;
+import org.apereo.cas.services.ServiceRegistryExecutionPlanConfigurer;
+import org.apereo.cas.services.ServiceRegistryListener;
+
import org.apache.syncope.common.keymaster.client.api.model.NetworkService;
import org.apache.syncope.common.keymaster.client.api.startstop.KeymasterStart;
import org.apache.syncope.common.keymaster.client.api.startstop.KeymasterStop;
-import org.apereo.cas.services.RegisteredService;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.apache.syncope.wa.config.rest.SyncopeServiceRegistry;
+import org.apache.syncope.wa.config.rest.WARestClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
+import java.util.Collection;
+
@Configuration(proxyBeanMethods = false)
public class SyncopeWAConfiguration {
@Bean
- @ConditionalOnProperty(name = "cas.serviceRegistry.rest.url")
- public RegisteredServiceEntityMapper<RegisteredService, Serializable> registeredServiceEntityMapper() {
- return new DefaultRegisteredServiceEntityMapper();
- }
-
- @Bean
public KeymasterStart keymasterStart() {
return new KeymasterStart(NetworkService.Type.WA);
}
@@ -47,4 +47,27 @@ public class SyncopeWAConfiguration {
public KeymasterStop keymasterStop() {
return new KeymasterStop(NetworkService.Type.WA);
}
+
+ @Configuration
+ public static class SyncopeServiceRegistryConfiguration {
+ @Autowired
+ private ConfigurableApplicationContext applicationContext;
+
+ @Autowired
+ @Qualifier("serviceRegistryListeners")
+ private Collection<ServiceRegistryListener> serviceRegistryListeners;
+
+ @Bean
+ public WARestClient serviceRegistryRestClient() {
+ return new WARestClient();
+ }
+
+ @Bean
+ public ServiceRegistryExecutionPlanConfigurer syncopeServiceRegistryExecutionPlanConfigurer() {
+ SyncopeServiceRegistry registry = new SyncopeServiceRegistry(serviceRegistryRestClient(),
+ applicationContext, serviceRegistryListeners);
+ return plan -> plan.registerServiceRegistry(registry);
+ }
+ }
+
}
diff --git a/wa/src/main/java/org/apache/syncope/wa/config/rest/SyncopeServiceRegistry.java b/wa/src/main/java/org/apache/syncope/wa/config/rest/SyncopeServiceRegistry.java
new file mode 100644
index 0000000..adf4007
--- /dev/null
+++ b/wa/src/main/java/org/apache/syncope/wa/config/rest/SyncopeServiceRegistry.java
@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.syncope.wa.config.rest;
+
+import org.apereo.cas.services.AbstractServiceRegistry;
+import org.apereo.cas.services.RegisteredService;
+import org.apereo.cas.services.ServiceRegistryListener;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.ConfigurableApplicationContext;
+
+import java.util.Collection;
+import java.util.Collections;
+
+public class SyncopeServiceRegistry extends AbstractServiceRegistry {
+ private static final Logger LOG = LoggerFactory.getLogger(SyncopeServiceRegistry.class);
+
+ private final WARestClient restClient;
+
+ public SyncopeServiceRegistry(final WARestClient restClient,
+ final ConfigurableApplicationContext applicationContext,
+ final Collection<ServiceRegistryListener> serviceRegistryListeners) {
+ super(applicationContext, serviceRegistryListeners);
+ this.restClient = restClient;
+ }
+
+ @Override
+ public RegisteredService save(final RegisteredService registeredService) {
+ return null;
+ }
+
+ @Override
+ public boolean delete(final RegisteredService registeredService) {
+ return false;
+ }
+
+ @Override
+ public Collection<RegisteredService> load() {
+ LOG.info("Loading application definitions");
+ return Collections.emptyList();
+ }
+
+ @Override
+ public RegisteredService findServiceById(final long id) {
+ LOG.info("Searching for application definition by id {}", id);
+ return null;
+ }
+}
diff --git a/wa/src/main/java/org/apache/syncope/wa/config/rest/WARestClient.java b/wa/src/main/java/org/apache/syncope/wa/config/rest/WARestClient.java
new file mode 100644
index 0000000..555de0c
--- /dev/null
+++ b/wa/src/main/java/org/apache/syncope/wa/config/rest/WARestClient.java
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.wa.config.rest;
+
+import org.apache.syncope.client.lib.AnonymousAuthenticationHandler;
+import org.apache.syncope.client.lib.SyncopeClient;
+import org.apache.syncope.client.lib.SyncopeClientFactoryBean;
+import org.apache.syncope.common.keymaster.client.api.ServiceOps;
+import org.apache.syncope.common.keymaster.client.api.model.NetworkService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+
+public class WARestClient {
+
+ private static final Logger LOG = LoggerFactory.getLogger(WARestClient.class);
+
+ @Autowired
+ private ServiceOps serviceOps;
+
+ @Value("${anonymousUser}")
+ private String anonymousUser;
+
+ @Value("${anonymousKey}")
+ private String anonymousKey;
+
+ @Value("${useGZIPCompression}")
+ private boolean useGZIPCompression;
+
+ private SyncopeClient client;
+
+ public SyncopeClient getSyncopeClient() {
+ synchronized (this) {
+ if (client == null) {
+ try {
+ client = new SyncopeClientFactoryBean().
+ setAddress(serviceOps.get(NetworkService.Type.CORE).getAddress()).
+ setUseCompression(useGZIPCompression).
+ create(new AnonymousAuthenticationHandler(anonymousUser, anonymousKey));
+ } catch (Exception e) {
+ LOG.error("Could not init SyncopeClient", e);
+ }
+ }
+ }
+
+ return client;
+ }
+}
diff --git a/wa/src/main/resources/wa.properties b/wa/src/main/resources/wa.properties
index 9a0d56e..43cef41 100644
--- a/wa/src/main/resources/wa.properties
+++ b/wa/src/main/resources/wa.properties
@@ -22,8 +22,16 @@ useGZIPCompression=true
# Conf directories
conf.directory=${conf.directory}
cas.standalone.configurationDirectory=${conf.directory}
+
+cas.server.name=http://localhost:8080
+cas.server.prefix=${cas.server.name}/syncope-wa
+cas.server.scope=syncope.org
+
cas.authn.oidc.jwksFile=file:${conf.directory}/oidc.keystore
+cas.authn.samlIdp.entityId=https://syncope.apache.org/saml
+cas.authn.samlIdp.metadata.location=file:${conf.directory}
+
# Disable access to the login endpoint
# if no target application is specified.
cas.sso.allow-missing-service-parameter=true
@@ -31,3 +39,5 @@ cas.sso.allow-missing-service-parameter=true
# Disable the acceptable usage policy
# by default for now.
cas.acceptableUsagePolicy.enabled=false
+
+