From 6d82935b580e4bb940be2d831caa890e216d1832 Mon Sep 17 00:00:00 2001 From: oharsta Date: Wed, 9 May 2018 15:25:38 +0200 Subject: [PATCH] Remove attributes for specific user --- README.md | 36 ++++++++++++++++--- mujina-common/pom.xml | 2 +- .../java/mujina/api/SharedController.java | 10 +++--- mujina-idp/pom.xml | 2 +- .../main/java/mujina/api/IdpController.java | 24 ++++++++----- .../mujina/idp/AuthenticationProvider.java | 2 +- .../main/java/mujina/idp/SsoController.java | 13 ++++--- mujina-idp/src/main/resources/application.yml | 2 +- mujina-idp/src/main/resources/logback.xml | 4 +-- mujina-sp/pom.xml | 2 +- .../main/java/mujina/api/SpController.java | 6 ++-- mujina-sp/src/main/resources/logback.xml | 4 +-- pom.xml | 2 +- 13 files changed, 74 insertions(+), 35 deletions(-) diff --git a/README.md b/README.md index 4a86cab9..cfc7b945 100644 --- a/README.md +++ b/README.md @@ -224,8 +224,20 @@ curl -v -H "Accept: application/json" \ http://localhost:8080/api/signing-credential ``` +Adding a user +------------- + +This API is only available on the IDP. + +```bash +curl -v -H "Accept: application/json" \ + -H "Content-type: application/json" \ + -X PUT -d '{"name": "hacker", "password": "iamgod", "authorities": ["ROLE_USER", "ROLE_ADMIN"]}' \ + http://localhost:8080/api/users +``` + Setting attribute foo to bar (e.g. urn:mace:dir:attribute-def:foo to bar) -------------------------------------------------------- +------------------------------------------------------------------------- This API is only available on the IDP. **Note:** An attribute is always a list. @@ -240,6 +252,20 @@ Or to test the UTF-8 encoding: curl -v -H "Accept: application/json" -H "Content-type: application/json" -X PUT -d '["髙橋 大輔"]' https://mujina-idp.test2.surfconext.nl/api/attributes/urn:mace:dir:attribute-def:cn ``` +Setting attribute for specific user +----------------------------------- + +The call to set an attribute is global for all users. With this call you set an attribute for a specific user. +This API is only available on the IDP. **Note:** The user must exists and will NOT be provisioned on the fly. + +```bash +curl -v -H "Accept: application/json" \ + -H "Content-type: application/json" \ + -X PUT -d '["bar"]' \ + http://localhost:8080/api/attributes/urn:mace:dir:attribute-def:foo/user +``` + + Removing an attribute --------------------- @@ -252,16 +278,16 @@ curl -v -H "Accept: application/json" \ http://localhost:8080/api/attributes/urn:mace:dir:attribute-def:foo ``` -Adding a user -------------- +Removing an attribute for a user +-------------------------------- This API is only available on the IDP. ```bash curl -v -H "Accept: application/json" \ -H "Content-type: application/json" \ - -X PUT -d '{"name": "hacker", "password": "iamgod", "authorities": ["ROLE_USER", "ROLE_ADMIN"]}' \ - http://localhost:8080/api/users + -X DELETE \ + http://localhost:8080/api/attributes/urn:mace:dir:attribute-def:foo/user ``` Setting the authentication method diff --git a/mujina-common/pom.xml b/mujina-common/pom.xml index 6188bb63..420f8b24 100644 --- a/mujina-common/pom.xml +++ b/mujina-common/pom.xml @@ -20,7 +20,7 @@ org.openconext mujina - 6.0.0-SNAPSHOT + 6.0.0 ../pom.xml diff --git a/mujina-common/src/main/java/mujina/api/SharedController.java b/mujina-common/src/main/java/mujina/api/SharedController.java index 0e5cef92..492e5bd9 100644 --- a/mujina-common/src/main/java/mujina/api/SharedController.java +++ b/mujina-common/src/main/java/mujina/api/SharedController.java @@ -19,31 +19,31 @@ public SharedController(SharedConfiguration configuration) { @PostMapping("/reset") public void reset() { - LOG.debug("Resetting to default configuration"); + LOG.info("Resetting to default configuration"); configuration.reset(); } @PutMapping("/entityid") public void setEntityID(@RequestBody String entityID) { - LOG.debug("Request to set entityID {}", entityID); + LOG.info("Request to set entityID {}", entityID); configuration.setEntityId(entityID); } @PostMapping("/signing-credential") public void setSigningCredential(@RequestBody Credential credential) { - LOG.debug("Request to set signing credential {}", credential); + LOG.info("Request to set signing credential {}", credential); configuration.injectCredential(credential.getCertificate(), credential.getKey()); } @PutMapping("/needs-signing") public void setSigningNeeded(@RequestBody boolean needsSigning) { - LOG.debug("Request to set signing needed {}", needsSigning); + LOG.info("Request to set signing needed {}", needsSigning); configuration.setNeedsSigning(needsSigning); } @PutMapping("/signatureAlgorithm") public void setSignatureAlgorithm(@RequestBody String signatureAlgorithm) { - LOG.debug("Request to set signatureAlgorithm to {}", signatureAlgorithm); + LOG.info("Request to set signatureAlgorithm to {}", signatureAlgorithm); configuration.setSignatureAlgorithm(signatureAlgorithm); } diff --git a/mujina-idp/pom.xml b/mujina-idp/pom.xml index cf20c08b..765666f2 100644 --- a/mujina-idp/pom.xml +++ b/mujina-idp/pom.xml @@ -20,7 +20,7 @@ org.openconext mujina - 6.0.0-SNAPSHOT + 6.0.0 ../pom.xml diff --git a/mujina-idp/src/main/java/mujina/api/IdpController.java b/mujina-idp/src/main/java/mujina/api/IdpController.java index adffd33b..b1c334b7 100644 --- a/mujina-idp/src/main/java/mujina/api/IdpController.java +++ b/mujina-idp/src/main/java/mujina/api/IdpController.java @@ -26,20 +26,20 @@ public IdpController(IdpConfiguration configuration) { @PutMapping("/attributes") public void setAttributes(@RequestBody Map> attributes) { - LOG.debug("Request to replace all attributes {}", attributes); + LOG.info("Request to replace all attributes {}", attributes); configuration().setAttributes(attributes); } @PutMapping("/attributes/{name:.+}") public void setAttribute(@PathVariable String name, @RequestBody List values) { - LOG.debug("Request to set attribute {} to {}", name, values); + LOG.info("Request to set attribute {} to {}", name, values); configuration().getAttributes().put(name, values); } @PutMapping("/attributes/{name:.+}/{userName:.+}") public void setAttributeForUser(@PathVariable String name, @PathVariable String userName, @RequestBody List values) { - LOG.debug("Request to set attribute {} to {}", name, values); + LOG.info("Request to set attribute {} to {} for user {}", name, values, userName); configuration().getUsers().stream().filter(userAuthenticationToken -> userAuthenticationToken.getName().equals (userName)).findFirst().orElseThrow(() -> new IllegalArgumentException(String.format("User %s first " + "must be created", userName))).getAttributes().put(name, values); @@ -47,30 +47,38 @@ public void setAttributeForUser(@PathVariable String name, @PathVariable String @DeleteMapping("/attributes/{name:.+}") public void removeAttribute(@PathVariable String name) { - LOG.debug("Request to remove attribute {}", name); + LOG.info("Request to remove attribute {}", name); configuration().getAttributes().remove(name); } + @DeleteMapping("/attributes/{name:.+}/{userName:.+}") + public void removeAttributeForUser(@PathVariable String name, @PathVariable String userName) { + LOG.info("Request to remove attribute {} for user {}", name, userName); + configuration().getUsers().stream().filter(userAuthenticationToken -> userAuthenticationToken.getName().equals + (userName)).findFirst().orElseThrow(() -> new IllegalArgumentException(String.format("User %s first " + + "must be created", userName))).getAttributes().remove(name); + } + @PutMapping("/users") public void addUser(@RequestBody User user) { - LOG.debug("Request to add user {}", user); + LOG.info("Request to add user {}", user); FederatedUserAuthenticationToken userAuthenticationToken = new FederatedUserAuthenticationToken( user.getName(), user.getPassword(), user.getAuthorities().stream().map(SimpleGrantedAuthority::new).collect(toList())); - userAuthenticationToken.setAttributes(configuration().getAttributes()); + userAuthenticationToken.getAttributes().putAll(configuration().getAttributes()); configuration().getUsers().add(userAuthenticationToken); } @PutMapping("authmethod") public void setAuthenticationMethod(@RequestBody String authenticationMethod) { - LOG.debug("Request to set auth method to {}", authenticationMethod); + LOG.info("Request to set auth method to {}", authenticationMethod); configuration().setAuthenticationMethod(AuthenticationMethod.valueOf(authenticationMethod)); } @PutMapping("/acsendpoint") public void setAcsEndpoint(@RequestBody String acsEndpoint) { - LOG.debug("Request to set Assertion Consumer Service Endpoint to {}", acsEndpoint); + LOG.info("Request to set Assertion Consumer Service Endpoint to {}", acsEndpoint); configuration().setAcsEndpoint(acsEndpoint); } diff --git a/mujina-idp/src/main/java/mujina/idp/AuthenticationProvider.java b/mujina-idp/src/main/java/mujina/idp/AuthenticationProvider.java index ba66052b..45df89fa 100644 --- a/mujina-idp/src/main/java/mujina/idp/AuthenticationProvider.java +++ b/mujina-idp/src/main/java/mujina/idp/AuthenticationProvider.java @@ -31,7 +31,7 @@ public Authentication authenticate(Authentication authentication) throws Authent token.getPrincipal().equals(authentication.getPrincipal()) && token.getCredentials().equals(authentication.getCredentials())) .findFirst().map(userAuthenticationToken -> - //need top copy or else credentials are erased for future logins + //need to copy or else credentials are erased for future logins userAuthenticationToken.clone()) .orElseThrow(() -> new AuthenticationException("User not found or bad credentials") { }); diff --git a/mujina-idp/src/main/java/mujina/idp/SsoController.java b/mujina-idp/src/main/java/mujina/idp/SsoController.java index 78aec905..fc0e36a0 100644 --- a/mujina-idp/src/main/java/mujina/idp/SsoController.java +++ b/mujina-idp/src/main/java/mujina/idp/SsoController.java @@ -27,6 +27,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Optional; import static java.util.Collections.singletonList; import static java.util.stream.Collectors.toList; @@ -71,10 +72,14 @@ private void doSSO(HttpServletRequest request, HttpServletResponse response, Aut } private List attributes(String uid) { - Map> attributes = idpConfiguration.getUsers().stream().filter(user -> user.getPrincipal() - .equals(uid)).findAny().map(user -> user.getAttributes()).orElse(new HashMap<>()); - attributes.putAll(idpConfiguration.getAttributes()); - return attributes.entrySet().stream() + Map> result = new HashMap<>(); + result.putAll(idpConfiguration.getAttributes()); + + Optional>> optionalMap = idpConfiguration.getUsers().stream().filter(user -> user + .getPrincipal() + .equals(uid)).findAny().map(user -> user.getAttributes()); + optionalMap.ifPresent(map -> result.putAll(map)); + return result.entrySet().stream() .map(entry -> entry.getKey().equals("urn:mace:dir:attribute-def:uid") ? new SAMLAttribute(entry.getKey(), singletonList(uid)) : new SAMLAttribute(entry.getKey(), entry.getValue())) diff --git a/mujina-idp/src/main/resources/application.yml b/mujina-idp/src/main/resources/application.yml index 1702af7c..8f30cd75 100644 --- a/mujina-idp/src/main/resources/application.yml +++ b/mujina-idp/src/main/resources/application.yml @@ -29,7 +29,7 @@ idp: # Number of seconds after a message issue instant after which the message is considered expired expires: 300 # Authentication method ALL for every username / password combination and USER for the configured users - auth_method: USER + auth_method: ALL # Are endpoints compared. If so then pay notice to the base_url when behind a load balancer compare_endpoints: true diff --git a/mujina-idp/src/main/resources/logback.xml b/mujina-idp/src/main/resources/logback.xml index c36e16eb..449687cd 100644 --- a/mujina-idp/src/main/resources/logback.xml +++ b/mujina-idp/src/main/resources/logback.xml @@ -7,8 +7,8 @@ - - + + diff --git a/mujina-sp/pom.xml b/mujina-sp/pom.xml index 3413b3c5..3a16e204 100644 --- a/mujina-sp/pom.xml +++ b/mujina-sp/pom.xml @@ -20,7 +20,7 @@ org.openconext mujina - 6.0.0-SNAPSHOT + 6.0.0 ../pom.xml diff --git a/mujina-sp/src/main/java/mujina/api/SpController.java b/mujina-sp/src/main/java/mujina/api/SpController.java index ae046df2..b128a5df 100644 --- a/mujina-sp/src/main/java/mujina/api/SpController.java +++ b/mujina-sp/src/main/java/mujina/api/SpController.java @@ -17,19 +17,19 @@ public SpController(final SpConfiguration configuration) { @PutMapping(value = {"/ssoServiceURL"}) public void setSsoServiceURL(@RequestBody String ssoServiceURL) { - LOG.debug("Request to set ssoServiceURL to {}", ssoServiceURL); + LOG.info("Request to set ssoServiceURL to {}", ssoServiceURL); configuration().setIdpSSOServiceURL(ssoServiceURL); } @PutMapping("/protocolBinding") public void setProtocolBinding(@RequestBody String protocolBinding) { - LOG.debug("Request to set protocolBinding to {}", protocolBinding); + LOG.info("Request to set protocolBinding to {}", protocolBinding); configuration().setProtocolBinding(protocolBinding); } @PutMapping("/assertionConsumerServiceURL") public void setAssertionConsumerServiceURL(@RequestBody String assertionConsumerServiceURL) { - LOG.debug("Request to set assertionConsumerServiceURL to {}", assertionConsumerServiceURL); + LOG.info("Request to set assertionConsumerServiceURL to {}", assertionConsumerServiceURL); configuration().setAssertionConsumerServiceURL(assertionConsumerServiceURL); } diff --git a/mujina-sp/src/main/resources/logback.xml b/mujina-sp/src/main/resources/logback.xml index b5b99cb6..50636102 100644 --- a/mujina-sp/src/main/resources/logback.xml +++ b/mujina-sp/src/main/resources/logback.xml @@ -7,8 +7,8 @@ - - + + diff --git a/pom.xml b/pom.xml index cd349ded..f7e76e32 100644 --- a/pom.xml +++ b/pom.xml @@ -20,7 +20,7 @@ org.openconext mujina - 6.0.0-SNAPSHOT + 6.0.0 pom