WIP for optionally put attributes through the API for specific users

mujina-common/pom.xml

@@ -20,7 +20,7 @@
   <parent>
     <groupId>org.openconext</groupId>
     <artifactId>mujina</artifactId>
-    <version>5.0.7</version>
+    <version>6.0.0-SNAPSHOT</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
 

mujina-idp/pom.xml

@@ -20,7 +20,7 @@
   <parent>
     <groupId>org.openconext</groupId>
     <artifactId>mujina</artifactId>
-    <version>5.0.7</version>
+    <version>6.0.0-SNAPSHOT</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
 

mujina-idp/src/main/java/mujina/api/IdpConfiguration.java

@@ -1,11 +1,10 @@
 package mujina.api;
 
-import com.fasterxml.jackson.annotation.JsonIgnore;
 import lombok.Getter;
 import lombok.Setter;
+import mujina.idp.FederatedUserAuthenticationToken;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.saml.key.JKSKeyManager;
 import org.springframework.stereotype.Component;
@@ -23,7 +22,7 @@ public class IdpConfiguration extends SharedConfiguration {
 
   private String defaultEntityId;
   private Map<String, List<String>> attributes = new TreeMap<>();
-  private List<UsernamePasswordAuthenticationToken> users = new ArrayList<>();
+  private List<FederatedUserAuthenticationToken> users = new ArrayList<>();
   private String acsEndpoint;
   private AuthenticationMethod authenticationMethod;
   private AuthenticationMethod defaultAuthenticationMethod;
@@ -58,9 +57,9 @@ public void reset() {
   private void resetUsers() {
     users.clear();
     users.addAll(Arrays.asList(
-      new UsernamePasswordAuthenticationToken("admin", "secret", Arrays.asList(new SimpleGrantedAuthority("ROLE_USER"),
+      new FederatedUserAuthenticationToken("admin", "secret", Arrays.asList(new SimpleGrantedAuthority("ROLE_USER"),
         new SimpleGrantedAuthority("ROLE_ADMIN"))),
-      new UsernamePasswordAuthenticationToken("user", "secret", Arrays.asList(new SimpleGrantedAuthority("ROLE_USER")))));
+      new FederatedUserAuthenticationToken("user", "secret", Arrays.asList(new SimpleGrantedAuthority("ROLE_USER")))));
   }
 
   private void resetAttributes() {

mujina-idp/src/main/java/mujina/api/IdpController.java

@@ -1,7 +1,7 @@
 package mujina.api;
 
+import mujina.idp.FederatedUserAuthenticationToken;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -36,6 +36,15 @@ public void setAttribute(@PathVariable String name, @RequestBody List<String> va
     configuration().getAttributes().put(name, values);
   }
 
+  @PutMapping("/attributes/{name:.+}/{userName:.+}")
+  public void setAttributeForUser(@PathVariable String name, @PathVariable String userName,
+                                  @RequestBody List<String> values) {
+    LOG.debug("Request to set attribute {} to {}", name, values);
+    configuration().getUsers().stream().filter(userAuthenticationToken -> userAuthenticationToken.getName().equals
+      (userName)).findFirst().orElseThrow(() -> new IllegalArgumentException(String.format("User %s first " +
+      "must be created", userName))).getAttributes().put(name, values);
+  }
+
   @DeleteMapping("/attributes/{name:.+}")
   public void removeAttribute(@PathVariable String name) {
     LOG.debug("Request to remove attribute {}", name);
@@ -45,10 +54,12 @@ public void removeAttribute(@PathVariable String name) {
   @PutMapping("/users")
   public void addUser(@RequestBody User user) {
     LOG.debug("Request to add user {}", user);
-    configuration().getUsers().add(new UsernamePasswordAuthenticationToken(
+    FederatedUserAuthenticationToken userAuthenticationToken = new FederatedUserAuthenticationToken(
       user.getName(),
       user.getPassword(),
-      user.getAuthorities().stream().map(SimpleGrantedAuthority::new).collect(toList())));
+      user.getAuthorities().stream().map(SimpleGrantedAuthority::new).collect(toList()));
+    userAuthenticationToken.setAttributes(configuration().getAttributes());
+    configuration().getUsers().add(userAuthenticationToken);
   }
 
   @PutMapping("authmethod")

mujina-idp/src/main/java/mujina/api/User.java

@@ -6,6 +6,8 @@
 
 import java.io.Serializable;
 import java.util.List;
+import java.util.Map;
+import java.util.TreeMap;
 
 @Getter
 @ToString

mujina-idp/src/main/java/mujina/idp/AuthenticationProvider.java

@@ -21,20 +21,18 @@ public AuthenticationProvider(IdpConfiguration idpConfiguration) {
   @Override
   public Authentication authenticate(Authentication authentication) throws AuthenticationException {
     if (idpConfiguration.getAuthenticationMethod().equals(ALL)) {
-      return new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), Arrays.asList(
-        new SimpleGrantedAuthority("ROLE_ADMIN"), new SimpleGrantedAuthority("ROLE_USER")
-      ));
+      return new FederatedUserAuthenticationToken(
+        authentication.getPrincipal(),
+        authentication.getCredentials(),
+        Arrays.asList(new SimpleGrantedAuthority("ROLE_ADMIN"), new SimpleGrantedAuthority("ROLE_USER")));
     } else {
       return idpConfiguration.getUsers().stream()
         .filter(token ->
           token.getPrincipal().equals(authentication.getPrincipal()) &&
             token.getCredentials().equals(authentication.getCredentials()))
-        .findFirst().map(usernamePasswordAuthenticationToken -> new UsernamePasswordAuthenticationToken(
+        .findFirst().map(userAuthenticationToken ->
           //need top copy or else credentials are erased for future logins
-          usernamePasswordAuthenticationToken.getPrincipal(),
-          usernamePasswordAuthenticationToken.getCredentials(),
-          usernamePasswordAuthenticationToken.getAuthorities()
-        ))
+          userAuthenticationToken.clone())
         .orElseThrow(() -> new AuthenticationException("User not found or bad credentials") {
         });
     }

mujina-idp/src/main/java/mujina/idp/FederatedUserAuthenticationToken.java

@@ -0,0 +1,28 @@
+package mujina.idp;
+
+import lombok.Getter;
+import lombok.Setter;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
+
+import java.util.Collection;
+import java.util.List;
+import java.util.Map;
+import java.util.TreeMap;
+
+@Getter
+@Setter
+public class FederatedUserAuthenticationToken extends UsernamePasswordAuthenticationToken {
+
+  private Map<String, List<String>> attributes = new TreeMap<>();
+
+  public FederatedUserAuthenticationToken(Object principal, Object credentials, Collection<? extends GrantedAuthority> authorities) {
+    super(principal, credentials, authorities);
+  }
+
+  public FederatedUserAuthenticationToken clone() {
+    FederatedUserAuthenticationToken clone = new FederatedUserAuthenticationToken(getPrincipal(), getCredentials(), getAuthorities());
+    clone.setAttributes(attributes);
+    return clone;
+  }
+}

mujina-idp/src/main/java/mujina/idp/SsoController.java

@@ -24,7 +24,9 @@
 import java.io.IOException;
 import java.util.Arrays;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
 import static java.util.Collections.singletonList;
 import static java.util.stream.Collectors.toList;
@@ -69,7 +71,10 @@ private void doSSO(HttpServletRequest request, HttpServletResponse response, Aut
   }
 
   private List<SAMLAttribute> attributes(String uid) {
-    return idpConfiguration.getAttributes().entrySet().stream()
+    Map<String, List<String>> attributes = idpConfiguration.getUsers().stream().filter(user -> user.getPrincipal()
+      .equals(uid)).findAny().map(user -> user.getAttributes()).orElse(new HashMap<>());
+    attributes.putAll(idpConfiguration.getAttributes());
+    return attributes.entrySet().stream()
       .map(entry ->  entry.getKey().equals("urn:mace:dir:attribute-def:uid") ?
         new SAMLAttribute(entry.getKey(), singletonList(uid)) :
         new SAMLAttribute(entry.getKey(), entry.getValue()))

mujina-sp/pom.xml

@@ -20,7 +20,7 @@
   <parent>
     <groupId>org.openconext</groupId>
     <artifactId>mujina</artifactId>
-    <version>5.0.7</version>
+    <version>6.0.0-SNAPSHOT</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
 

pom.xml

@@ -14,12 +14,13 @@
   limitations under the License.
   -->
 
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
   <modelVersion>4.0.0</modelVersion>
 
   <groupId>org.openconext</groupId>
   <artifactId>mujina</artifactId>
-  <version>5.0.7</version>
+  <version>6.0.0-SNAPSHOT</version>
   <packaging>pom</packaging>
 
   <properties>
@@ -35,7 +36,7 @@
     <groupId>org.springframework.boot</groupId>
     <artifactId>spring-boot-starter-parent</artifactId>
     <version>1.5.2.RELEASE</version>
-    <relativePath />
+    <relativePath/>
   </parent>
 
   <modules>
@@ -117,9 +118,13 @@
     </plugins>
     <extensions>
       <extension>
+        <!--<groupId>org.apache.maven.wagon</groupId>-->
+        <!--<artifactId>wagon-webdav</artifactId>-->
+        <!--<version>1.0-beta-2</version>-->
+        <!-- https://mvnrepository.com/artifact/org.apache.maven.wagon/wagon-webdav-jackrabbit -->
         <groupId>org.apache.maven.wagon</groupId>
-        <artifactId>wagon-webdav</artifactId>
-        <version>1.0-beta-2</version>
+        <artifactId>wagon-webdav-jackrabbit</artifactId>
+        <version>3.0.0</version>
       </extension>
     </extensions>
   </build>