Remove attributes for specific user

README.md

@@ -224,8 +224,20 @@ curl -v -H "Accept: application/json" \
         http://localhost:8080/api/signing-credential
 ```
 
+Adding a user
+-------------
+
+This API is only available on the IDP.
+
+```bash
+curl -v -H "Accept: application/json" \
+        -H "Content-type: application/json" \
+        -X PUT -d '{"name": "hacker", "password": "iamgod", "authorities": ["ROLE_USER", "ROLE_ADMIN"]}' \
+        http://localhost:8080/api/users
+```
+
 Setting attribute foo to bar (e.g. urn:mace:dir:attribute-def:foo to bar)
--------------------------------------------------------
+-------------------------------------------------------------------------
 
 This API is only available on the IDP. **Note:** An attribute is always a list.
 
@@ -240,6 +252,20 @@ Or to test the UTF-8 encoding:
 curl -v -H "Accept: application/json" -H "Content-type: application/json" -X PUT -d '["髙橋 大輔"]' https://mujina-idp.test2.surfconext.nl/api/attributes/urn:mace:dir:attribute-def:cn
 ```
 
+Setting attribute for specific user
+-----------------------------------
+
+The call to set an attribute is global for all users. With this call you set an attribute for a specific user.
+This API is only available on the IDP. **Note:** The user must exists and will NOT be provisioned on the fly.
+
+```bash
+curl -v -H "Accept: application/json" \
+        -H "Content-type: application/json" \
+        -X PUT -d '["bar"]' \
+        http://localhost:8080/api/attributes/urn:mace:dir:attribute-def:foo/user
+```
+
+
 Removing an attribute
 ---------------------
 
@@ -252,16 +278,16 @@ curl -v -H "Accept: application/json" \
         http://localhost:8080/api/attributes/urn:mace:dir:attribute-def:foo
 ```
 
-Adding a user
--------------
+Removing an attribute for a user
+--------------------------------
 
 This API is only available on the IDP.
 
 ```bash
 curl -v -H "Accept: application/json" \
         -H "Content-type: application/json" \
-        -X PUT -d '{"name": "hacker", "password": "iamgod", "authorities": ["ROLE_USER", "ROLE_ADMIN"]}' \
-        http://localhost:8080/api/users
+        -X DELETE \
+        http://localhost:8080/api/attributes/urn:mace:dir:attribute-def:foo/user
 ```
 
 Setting the authentication method

mujina-common/pom.xml

@@ -20,7 +20,7 @@
   <parent>
     <groupId>org.openconext</groupId>
     <artifactId>mujina</artifactId>
-    <version>6.0.0-SNAPSHOT</version>
+    <version>6.0.0</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
 

mujina-common/src/main/java/mujina/api/SharedController.java

@@ -19,31 +19,31 @@ public SharedController(SharedConfiguration configuration) {
 
   @PostMapping("/reset")
   public void reset() {
-    LOG.debug("Resetting to default configuration");
+    LOG.info("Resetting to default configuration");
     configuration.reset();
   }
 
   @PutMapping("/entityid")
   public void setEntityID(@RequestBody String entityID) {
-    LOG.debug("Request to set entityID {}", entityID);
+    LOG.info("Request to set entityID {}", entityID);
     configuration.setEntityId(entityID);
   }
 
   @PostMapping("/signing-credential")
   public void setSigningCredential(@RequestBody Credential credential) {
-    LOG.debug("Request to set signing credential {}", credential);
+    LOG.info("Request to set signing credential {}", credential);
     configuration.injectCredential(credential.getCertificate(), credential.getKey());
   }
 
   @PutMapping("/needs-signing")
   public void setSigningNeeded(@RequestBody boolean needsSigning) {
-    LOG.debug("Request to set signing needed {}", needsSigning);
+    LOG.info("Request to set signing needed {}", needsSigning);
     configuration.setNeedsSigning(needsSigning);
   }
 
   @PutMapping("/signatureAlgorithm")
   public void setSignatureAlgorithm(@RequestBody String signatureAlgorithm) {
-    LOG.debug("Request to set signatureAlgorithm to {}", signatureAlgorithm);
+    LOG.info("Request to set signatureAlgorithm to {}", signatureAlgorithm);
     configuration.setSignatureAlgorithm(signatureAlgorithm);
   }
 

mujina-idp/pom.xml

@@ -20,7 +20,7 @@
   <parent>
     <groupId>org.openconext</groupId>
     <artifactId>mujina</artifactId>
-    <version>6.0.0-SNAPSHOT</version>
+    <version>6.0.0</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
 

mujina-idp/src/main/java/mujina/api/IdpController.java

@@ -26,51 +26,59 @@ public IdpController(IdpConfiguration configuration) {
 
   @PutMapping("/attributes")
   public void setAttributes(@RequestBody Map<String, List<String>> attributes) {
-    LOG.debug("Request to replace all attributes {}", attributes);
+    LOG.info("Request to replace all attributes {}", attributes);
     configuration().setAttributes(attributes);
   }
 
   @PutMapping("/attributes/{name:.+}")
   public void setAttribute(@PathVariable String name, @RequestBody List<String> values) {
-    LOG.debug("Request to set attribute {} to {}", name, values);
+    LOG.info("Request to set attribute {} to {}", name, values);
     configuration().getAttributes().put(name, values);
   }
 
   @PutMapping("/attributes/{name:.+}/{userName:.+}")
   public void setAttributeForUser(@PathVariable String name, @PathVariable String userName,
                                   @RequestBody List<String> values) {
-    LOG.debug("Request to set attribute {} to {}", name, values);
+    LOG.info("Request to set attribute {} to {} for user {}", name, values, userName);
     configuration().getUsers().stream().filter(userAuthenticationToken -> userAuthenticationToken.getName().equals
       (userName)).findFirst().orElseThrow(() -> new IllegalArgumentException(String.format("User %s first " +
       "must be created", userName))).getAttributes().put(name, values);
   }
 
   @DeleteMapping("/attributes/{name:.+}")
   public void removeAttribute(@PathVariable String name) {
-    LOG.debug("Request to remove attribute {}", name);
+    LOG.info("Request to remove attribute {}", name);
     configuration().getAttributes().remove(name);
   }
 
+  @DeleteMapping("/attributes/{name:.+}/{userName:.+}")
+  public void removeAttributeForUser(@PathVariable String name, @PathVariable String userName) {
+    LOG.info("Request to remove attribute {} for user {}", name, userName);
+    configuration().getUsers().stream().filter(userAuthenticationToken -> userAuthenticationToken.getName().equals
+      (userName)).findFirst().orElseThrow(() -> new IllegalArgumentException(String.format("User %s first " +
+      "must be created", userName))).getAttributes().remove(name);
+  }
+
   @PutMapping("/users")
   public void addUser(@RequestBody User user) {
-    LOG.debug("Request to add user {}", user);
+    LOG.info("Request to add user {}", user);
     FederatedUserAuthenticationToken userAuthenticationToken = new FederatedUserAuthenticationToken(
       user.getName(),
       user.getPassword(),
       user.getAuthorities().stream().map(SimpleGrantedAuthority::new).collect(toList()));
-    userAuthenticationToken.setAttributes(configuration().getAttributes());
+    userAuthenticationToken.getAttributes().putAll(configuration().getAttributes());
     configuration().getUsers().add(userAuthenticationToken);
   }
 
   @PutMapping("authmethod")
   public void setAuthenticationMethod(@RequestBody String authenticationMethod) {
-    LOG.debug("Request to set auth method to {}", authenticationMethod);
+    LOG.info("Request to set auth method to {}", authenticationMethod);
     configuration().setAuthenticationMethod(AuthenticationMethod.valueOf(authenticationMethod));
   }
 
   @PutMapping("/acsendpoint")
   public void setAcsEndpoint(@RequestBody String acsEndpoint) {
-    LOG.debug("Request to set Assertion Consumer Service Endpoint to {}", acsEndpoint);
+    LOG.info("Request to set Assertion Consumer Service Endpoint to {}", acsEndpoint);
     configuration().setAcsEndpoint(acsEndpoint);
   }
 

mujina-idp/src/main/java/mujina/idp/AuthenticationProvider.java

@@ -31,7 +31,7 @@ public Authentication authenticate(Authentication authentication) throws Authent
           token.getPrincipal().equals(authentication.getPrincipal()) &&
             token.getCredentials().equals(authentication.getCredentials()))
         .findFirst().map(userAuthenticationToken ->
-          //need top copy or else credentials are erased for future logins
+          //need to copy or else credentials are erased for future logins
           userAuthenticationToken.clone())
         .orElseThrow(() -> new AuthenticationException("User not found or bad credentials") {
         });

mujina-idp/src/main/java/mujina/idp/SsoController.java

@@ -27,6 +27,7 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 
 import static java.util.Collections.singletonList;
 import static java.util.stream.Collectors.toList;
@@ -71,10 +72,14 @@ private void doSSO(HttpServletRequest request, HttpServletResponse response, Aut
   }
 
   private List<SAMLAttribute> attributes(String uid) {
-    Map<String, List<String>> attributes = idpConfiguration.getUsers().stream().filter(user -> user.getPrincipal()
-      .equals(uid)).findAny().map(user -> user.getAttributes()).orElse(new HashMap<>());
-    attributes.putAll(idpConfiguration.getAttributes());
-    return attributes.entrySet().stream()
+    Map<String, List<String>> result = new HashMap<>();
+    result.putAll(idpConfiguration.getAttributes());
+
+    Optional<Map<String, List<String>>> optionalMap = idpConfiguration.getUsers().stream().filter(user -> user
+      .getPrincipal()
+      .equals(uid)).findAny().map(user -> user.getAttributes());
+    optionalMap.ifPresent(map -> result.putAll(map));
+    return result.entrySet().stream()
       .map(entry ->  entry.getKey().equals("urn:mace:dir:attribute-def:uid") ?
         new SAMLAttribute(entry.getKey(), singletonList(uid)) :
         new SAMLAttribute(entry.getKey(), entry.getValue()))

mujina-idp/src/main/resources/application.yml

@@ -29,7 +29,7 @@ idp:
   # Number of seconds after a message issue instant after which the message is considered expired
   expires: 300
   # Authentication method ALL for every username / password combination and USER for the configured users
-  auth_method: USER
+  auth_method: ALL
   # Are endpoints compared. If so then pay notice to the base_url when behind a load balancer
   compare_endpoints: true
 

mujina-idp/src/main/resources/logback.xml

@@ -7,8 +7,8 @@
     </encoder>
   </appender>
 
-  <logger name="mujina" level="DEBUG"/>
-  <logger name="org.springframework.security" level="DEBUG"/>
+  <!--<logger name="mujina" level="DEBUG"/>-->
+  <!--<logger name="org.springframework.security" level="DEBUG"/>-->
 
   <root level="INFO">
     <appender-ref ref="STDOUT"/>

mujina-sp/pom.xml

@@ -20,7 +20,7 @@
   <parent>
     <groupId>org.openconext</groupId>
     <artifactId>mujina</artifactId>
-    <version>6.0.0-SNAPSHOT</version>
+    <version>6.0.0</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
 

mujina-sp/src/main/java/mujina/api/SpController.java

@@ -17,19 +17,19 @@ public SpController(final SpConfiguration configuration) {
 
   @PutMapping(value = {"/ssoServiceURL"})
   public void setSsoServiceURL(@RequestBody String ssoServiceURL) {
-    LOG.debug("Request to set ssoServiceURL to {}", ssoServiceURL);
+    LOG.info("Request to set ssoServiceURL to {}", ssoServiceURL);
     configuration().setIdpSSOServiceURL(ssoServiceURL);
   }
 
   @PutMapping("/protocolBinding")
   public void setProtocolBinding(@RequestBody String protocolBinding) {
-    LOG.debug("Request to set protocolBinding to {}", protocolBinding);
+    LOG.info("Request to set protocolBinding to {}", protocolBinding);
     configuration().setProtocolBinding(protocolBinding);
   }
 
   @PutMapping("/assertionConsumerServiceURL")
   public void setAssertionConsumerServiceURL(@RequestBody String assertionConsumerServiceURL) {
-    LOG.debug("Request to set assertionConsumerServiceURL to {}", assertionConsumerServiceURL);
+    LOG.info("Request to set assertionConsumerServiceURL to {}", assertionConsumerServiceURL);
     configuration().setAssertionConsumerServiceURL(assertionConsumerServiceURL);
   }
 

mujina-sp/src/main/resources/logback.xml

@@ -7,8 +7,8 @@
         </encoder>
     </appender>
 
-    <logger name="mujina" level="DEBUG"/>
-    <logger name="org.springframework.security" level="DEBUG"/>
+    <!--<logger name="mujina" level="DEBUG"/>-->
+    <!--<logger name="org.springframework.security" level="DEBUG"/>-->
 
     <root level="INFO">
         <appender-ref ref="STDOUT"/>

pom.xml

@@ -20,7 +20,7 @@
 
   <groupId>org.openconext</groupId>
   <artifactId>mujina</artifactId>
-  <version>6.0.0-SNAPSHOT</version>
+  <version>6.0.0</version>
   <packaging>pom</packaging>
 
   <properties>