Merge branch 'releases/2.2.5'

common/src/main/java/org/cloudfoundry/identity/uaa/UaaConfiguration.java

@@ -1,5 +1,5 @@
 /*******************************************************************************
- *     Cloud Foundry 
+ *     Cloud Foundry
  *     Copyright (c) [2009-2014] Pivotal Software, Inc. All Rights Reserved.
  *
  *     This product is licensed to you under the Apache License, Version 2.0 (the "License").
@@ -47,6 +47,7 @@ public class UaaConfiguration {
     @Pattern(regexp = "(default|postgresql|hsqldb|mysql|oracle)")
     public String platform;
     public String spring_profiles;
+    public String internalHostnames;
     @URL(message = "issuer.uri must be a valid URL")
     public String issuerUri;
     public boolean dump_requests;
@@ -73,6 +74,8 @@ public class UaaConfiguration {
     @Valid
     public Map<String,Object> login;
     @Valid
+    public Map<String,Object> logout;
+    @Valid
     public Map<String,Object> links;
     @Valid
     public Map<String,Object> smtp;

common/src/main/java/org/cloudfoundry/identity/uaa/authorization/UaaAuthorizationEndpoint.java

@@ -274,7 +274,7 @@ private ModelAndView getImplicitGrantResponse(AuthorizationRequest authorization
             if (accessToken == null) {
                 throw new UnsupportedResponseTypeException("Unsupported response type: token");
             }
-            return new ModelAndView(new RedirectView(appendAccessToken(authorizationRequest, accessToken, authentication), false, true,
+            return new ModelAndView(new RedirectView(appendAccessToken(authorizationRequest, accessToken, authentication, true), false, true,
                 false));
         } catch (OAuth2Exception e) {
             if (authorizationRequest.getResponseTypes().contains("token") || fallbackToAuthcode == false) {
@@ -307,17 +307,14 @@ private View getAuthorizationCodeResponse(AuthorizationRequest authorizationRequ
 
     private String appendAccessToken(AuthorizationRequest authorizationRequest,
                                      OAuth2AccessToken accessToken,
-                                     Authentication authUser) {
+                                     Authentication authUser,
+                                     boolean fragment) {
 
         String requestedRedirect = authorizationRequest.getRedirectUri();
         if (accessToken == null) {
             throw new InvalidRequestException("An implicit grant could not be made");
         }
 
-        boolean fragment = true;
-        if (requestedRedirect.contains("#")) {
-            fragment = false;
-        }
         StringBuilder url = new StringBuilder();
         url.append("token_type=").append(encode(accessToken.getTokenType()));
 
@@ -359,7 +356,7 @@ private String appendAccessToken(AuthorizationRequest authorizationRequest,
             }
         }
 
-        UriComponentsBuilder builder = UriComponentsBuilder.fromHttpUrl(requestedRedirect);
+        UriComponentsBuilder builder = UriComponentsBuilder.fromUriString(requestedRedirect);
         if (fragment) {
             String existingFragment = builder.build(true).getFragment();
             if (StringUtils.hasText(existingFragment)) {

common/src/main/java/org/cloudfoundry/identity/uaa/oauth/JdbcQueryableClientDetailsService.java

@@ -38,15 +38,13 @@ public class JdbcQueryableClientDetailsService extends AbstractQueryable<ClientD
 
     private JdbcClientDetailsService delegate;
 
-    private static final String CLIENT_FIELDS_FOR_UPDATE = "resource_ids, scope, "
+    private static final String CLIENT_FIELDS = "client_id, client_secret, resource_ids, scope, "
                     + "authorized_grant_types, web_server_redirect_uri, authorities, access_token_validity, "
-                    + "refresh_token_validity, additional_information";
-
-    private static final String CLIENT_FIELDS = "client_secret, " + CLIENT_FIELDS_FOR_UPDATE;
+                    + "refresh_token_validity, additional_information, autoapprove, lastmodified";
 
     public static final String CLIENT_DETAILS_TABLE = "oauth_client_details";
-    private static final String BASE_FIND_STATEMENT = "select client_id, " + CLIENT_FIELDS
-        + ",autoapprove from " + CLIENT_DETAILS_TABLE;
+    private static final String BASE_FIND_STATEMENT = "select " + CLIENT_FIELDS
+        + " from " + CLIENT_DETAILS_TABLE;
 
     public JdbcQueryableClientDetailsService(JdbcClientDetailsService delegate, JdbcTemplate jdbcTemplate,
                     JdbcPagingListFactory pagingListFactory) {
@@ -129,6 +127,9 @@ public ClientDetails mapRow(ResultSet rs, int rowNum) throws SQLException {
             if (scopes != null) {
                 details.setAutoApproveScopes(StringUtils.commaDelimitedListToSet(scopes));
             }
+            if (rs.getTimestamp(12) != null) {
+                details.addAdditionalInformation("lastModified", rs.getTimestamp(12));
+            }
             return details;
         }
     }

common/src/main/java/org/cloudfoundry/identity/uaa/util/JsonUtils.java

@@ -44,14 +44,22 @@ public static <T> T readValue(String s, Class<T> clazz) throws JsonUtilException
         }
     }
 
-    public static <T> T readValue(String s, TypeReference<T> typeReference) {
+    public static <T> T readValue(String s, TypeReference typeReference) {
         try {
             return objectMapper.readValue(s, typeReference);
         } catch (IOException e) {
             throw new JsonUtilException(e);
         }
     }
 
+    public static <T> T convertValue(Object object, Class<T> toClazz) throws JsonUtilException {
+        try {
+            return objectMapper.convertValue(object, toClazz);
+        } catch (IllegalArgumentException e) {
+            throw new JsonUtilException(e);
+        }
+    }
+
     public static class JsonUtilException extends RuntimeException {
 
         private static final long serialVersionUID = -4804245225960963421L;

common/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneResolvingFilter.java

@@ -12,6 +12,7 @@
  *******************************************************************************/
 package org.cloudfoundry.identity.uaa.zone;
 
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.dao.EmptyResultDataAccessException;
 import org.springframework.web.filter.OncePerRequestFilter;
 
@@ -20,6 +21,7 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Set;
@@ -36,7 +38,6 @@
 public class IdentityZoneResolvingFilter extends OncePerRequestFilter {
 
     private IdentityZoneProvisioning dao;
-
     private Set<String> internalHostnames = new HashSet<>();
 
     @Override
@@ -81,11 +82,12 @@ public void setIdentityZoneProvisioning(IdentityZoneProvisioning dao) {
         this.dao = dao;
     }
 
-    public void setInternalHostnames(Set<String> hostnames) {
-        internalHostnames = Collections.unmodifiableSet(hostnames);
+    @Value("${internalHostnames:localhost}")
+    public void setInternalHostnames(String hostnames) {
+        this.internalHostnames.addAll(Arrays.asList(hostnames.split("[ ,]+")));
     }
 
-    public Set<String> getInternalHostnames() {
-        return internalHostnames;
+    public void setInternalHostnames(Set<String> hostnames) {
+        this.internalHostnames.addAll(Collections.unmodifiableSet(hostnames));
     }
 }

common/src/main/java/org/cloudfoundry/identity/uaa/zone/JdbcIdentityProviderProvisioning.java

@@ -34,11 +34,11 @@
 
 public class JdbcIdentityProviderProvisioning implements IdentityProviderProvisioning {
 
-    public static final String ID_PROVIDER_FIELDS = "id,version,created,lastModified,name,origin_key,type,config,identity_zone_id,active";
+    public static final String ID_PROVIDER_FIELDS = "id,version,created,lastmodified,name,origin_key,type,config,identity_zone_id,active";
 
     public static final String CREATE_IDENTITY_PROVIDER_SQL = "insert into identity_provider(" + ID_PROVIDER_FIELDS + ") values (?,?,?,?,?,?,?,?,?,?)";
 
-    public static final String ID_PROVIDER_UPDATE_FIELDS = "version,lastModified,name,type,config,active".replace(",","=?,")+"=?";
+    public static final String ID_PROVIDER_UPDATE_FIELDS = "version,lastmodified,name,type,config,active".replace(",","=?,")+"=?";
 
     public static final String IDENTITY_PROVIDERS_QUERY = "select " + ID_PROVIDER_FIELDS + " from identity_provider where identity_zone_id=?";
 

common/src/main/java/org/cloudfoundry/identity/uaa/zone/JdbcIdentityZoneProvisioning.java

@@ -28,9 +28,9 @@
 
 public class JdbcIdentityZoneProvisioning implements IdentityZoneProvisioning {
 
-    public static final String ID_ZONE_FIELDS = "id,version,created,lastModified,name,subdomain,description";
+    public static final String ID_ZONE_FIELDS = "id,version,created,lastmodified,name,subdomain,description";
 
-    public static final String ID_ZONE_UPDATE_FIELDS = "version,lastModified,name,subdomain,description".replace(",","=?,")+"=?";
+    public static final String ID_ZONE_UPDATE_FIELDS = "version,lastmodified,name,subdomain,description".replace(",","=?,")+"=?";
 
     public static final String CREATE_IDENTITY_ZONE_SQL = "insert into identity_zone(" + ID_ZONE_FIELDS + ") values (?,?,?,?,?,?,?)";
 

common/src/main/java/org/cloudfoundry/identity/uaa/zone/MultitenantJdbcClientDetailsService.java

@@ -14,7 +14,10 @@
 
 import java.sql.ResultSet;
 import java.sql.SQLException;
+import java.sql.Timestamp;
 import java.util.Collections;
+import java.util.Date;
+import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
@@ -58,7 +61,7 @@ public class MultitenantJdbcClientDetailsService extends JdbcClientDetailsServic
 
     private static final String CLIENT_FIELDS_FOR_UPDATE = "resource_ids, scope, "
             + "authorized_grant_types, web_server_redirect_uri, authorities, access_token_validity, "
-            + "refresh_token_validity, additional_information, autoapprove";
+            + "refresh_token_validity, additional_information, autoapprove, lastmodified";
 
     private static final String CLIENT_FIELDS = "client_secret, " + CLIENT_FIELDS_FOR_UPDATE;
 
@@ -70,7 +73,7 @@ public class MultitenantJdbcClientDetailsService extends JdbcClientDetailsServic
     private static final String DEFAULT_SELECT_STATEMENT = BASE_FIND_STATEMENT + " where client_id = ? and identity_zone_id = ?";
 
     private static final String DEFAULT_INSERT_STATEMENT = "insert into oauth_client_details (" + CLIENT_FIELDS
-            + ", client_id, identity_zone_id) values (?,?,?,?,?,?,?,?,?,?,?,?)";
+            + ", client_id, identity_zone_id) values (?,?,?,?,?,?,?,?,?,?,?,?,?)";
 
     private static final String DEFAULT_UPDATE_STATEMENT = "update oauth_client_details " + "set "
             + CLIENT_FIELDS_FOR_UPDATE.replaceAll(", ", "=?, ") + "=? where client_id = ? and identity_zone_id = ?";
@@ -187,7 +190,8 @@ private Object[] getFieldsForUpdate(ClientDetails clientDetails) {
                 clientDetails.getAuthorities() != null ? StringUtils.collectionToCommaDelimitedString(clientDetails
                         .getAuthorities()) : null, clientDetails.getAccessTokenValiditySeconds(),
                 clientDetails.getRefreshTokenValiditySeconds(), json, getAutoApproveScopes(clientDetails),
-                clientDetails.getClientId(), IdentityZoneHolder.get().getId() };
+                new Timestamp(System.currentTimeMillis()),
+                clientDetails.getClientId(), IdentityZoneHolder.get().getId()};
     }
 
     private String getAutoApproveScopes(ClientDetails clientDetails) {
@@ -262,6 +266,8 @@ public ClientDetails mapRow(ResultSet rs, int rowNum) throws SQLException {
             if (rs.getObject(9) != null) {
                 details.setRefreshTokenValiditySeconds(rs.getInt(9));
             }
+
+
             String json = rs.getString(10);
             if (json != null) {
                 try {
@@ -276,6 +282,12 @@ public ClientDetails mapRow(ResultSet rs, int rowNum) throws SQLException {
             if (scopes != null) {
                 details.setAutoApproveScopes(StringUtils.commaDelimitedListToSet(scopes));
             }
+
+            // lastModified
+            if (rs.getObject(12) != null) {
+                details.addAdditionalInformation("lastModified", rs.getTimestamp(12));
+            }
+
             return details;
         }
     }

common/src/main/resources/org/cloudfoundry/identity/uaa/db/hsqldb/V2_1_1__Add_Last_Modified_To_Client_Details.sql

@@ -0,0 +1 @@
+ALTER TABLE oauth_client_details ADD COLUMN lastmodified TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL;

common/src/main/resources/org/cloudfoundry/identity/uaa/db/mysql/V2_1_1__Add_Last_Modified_To_Client_Details.sql

@@ -0,0 +1,5 @@
+ALTER TABLE oauth_client_details ADD COLUMN lastmodified TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL;
+
+ALTER TABLE identity_provider CHANGE lastModified lastmodified TIMESTAMP NULL;
+
+ALTER TABLE identity_zone CHANGE lastModified lastmodified TIMESTAMP NULL;

common/src/main/resources/org/cloudfoundry/identity/uaa/db/postgresql/V2_1_1__Add_Last_Modified_To_Client_Details.sql

@@ -0,0 +1 @@
+ALTER TABLE oauth_client_details ADD COLUMN lastmodified TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL;

common/src/test/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneResolvingFilterTest.java

@@ -52,8 +52,8 @@ private void assertFindsCorrectSubdomain(final String expectedSubdomain, final S
         IdentityZoneResolvingFilter filter = new IdentityZoneResolvingFilter();
         IdentityZoneProvisioning dao = Mockito.mock(IdentityZoneProvisioning.class);
         filter.setIdentityZoneProvisioning(dao);
-        filter.setInternalHostnames(new HashSet<>(Arrays.asList(StringUtils.commaDelimitedListToStringArray(internalHostnames))));
-        
+        filter.setInternalHostnames(internalHostnames);
+
         IdentityZone identityZone = new IdentityZone();
         identityZone.setSubdomain(expectedSubdomain);
         Mockito.when(dao.retrieveBySubdomain(Mockito.eq(expectedSubdomain))).thenReturn(identityZone);
@@ -86,7 +86,7 @@ public void holderIsNotSetWithNonMatchingIdentityZone() throws Exception {
         IdentityZoneProvisioning dao = Mockito.mock(IdentityZoneProvisioning.class);
         FilterChain chain = Mockito.mock(FilterChain.class);
         filter.setIdentityZoneProvisioning(dao);
-        filter.setInternalHostnames(new HashSet<>(new LinkedList<>(Arrays.asList(uaaHostname))));
+        filter.setInternalHostnames(uaaHostname);
 
         IdentityZone identityZone = new IdentityZone();
         identityZone.setSubdomain(incomingSubdomain);

common/src/test/java/org/cloudfoundry/identity/uaa/zone/MultitenantJdbcClientDetailsServiceTests.java

@@ -6,8 +6,11 @@
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 
+import java.sql.Timestamp;
 import java.util.Arrays;
 import java.util.Collections;
+import java.util.Date;
+import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.Map;
@@ -35,9 +38,9 @@ public class MultitenantJdbcClientDetailsServiceTests {
 
     private EmbeddedDatabase db;
 
-    private static final String SELECT_SQL = "select client_id, client_secret, resource_ids, scope, authorized_grant_types, web_server_redirect_uri, authorities, access_token_validity, refresh_token_validity from oauth_client_details where client_id=?";
+    private static final String SELECT_SQL = "select client_id, client_secret, resource_ids, scope, authorized_grant_types, web_server_redirect_uri, authorities, access_token_validity, refresh_token_validity, lastmodified from oauth_client_details where client_id=?";
 
-    private static final String INSERT_SQL = "insert into oauth_client_details (client_id, client_secret, resource_ids, scope, authorized_grant_types, web_server_redirect_uri, authorities, access_token_validity, refresh_token_validity, autoapprove, identity_zone_id) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
+    private static final String INSERT_SQL = "insert into oauth_client_details (client_id, client_secret, resource_ids, scope, authorized_grant_types, web_server_redirect_uri, authorities, access_token_validity, refresh_token_validity, autoapprove, identity_zone_id, lastmodified) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
 
     private IdentityZone otherIdentityZone;
 
@@ -75,7 +78,7 @@ public void testLoadingClientForNonExistingClientId() {
     @Test
     public void testLoadingClientIdWithNoDetails() {
         int rowsInserted = jdbcTemplate.update(INSERT_SQL, "clientIdWithNoDetails", null, null,
-                null, null, null, null, null, null, null, IdentityZoneHolder.get().getId());
+                null, null, null, null, null, null, null, IdentityZoneHolder.get().getId(), new Timestamp(System.currentTimeMillis()));
 
         assertEquals(1, rowsInserted);
 
@@ -96,8 +99,11 @@ public void testLoadingClientIdWithNoDetails() {
 
     @Test
     public void testLoadingClientIdWithAdditionalInformation() {
+
+        Timestamp lastModifiedDate = new Timestamp(System.currentTimeMillis());
+
         jdbcTemplate.update(INSERT_SQL, "clientIdWithAddInfo", null, null,
-                null, null, null, null, null, null, null, IdentityZoneHolder.get().getId());
+                null, null, null, null, null, null, null, IdentityZoneHolder.get().getId(), lastModifiedDate);
         jdbcTemplate
                 .update("update oauth_client_details set additional_information=? where client_id=?",
                         "{\"foo\":\"bar\"}", "clientIdWithAddInfo");
@@ -106,15 +112,20 @@ public void testLoadingClientIdWithAdditionalInformation() {
                 .loadClientByClientId("clientIdWithAddInfo");
 
         assertEquals("clientIdWithAddInfo", clientDetails.getClientId());
-        assertEquals(Collections.singletonMap("foo", "bar"),
-                clientDetails.getAdditionalInformation());
+
+        Map<String, Object> additionalInfoMap = new HashMap<>();
+        additionalInfoMap.put("foo", "bar");
+        additionalInfoMap.put("lastModified", lastModifiedDate);
+
+        assertEquals(additionalInfoMap, clientDetails.getAdditionalInformation());
+        assertEquals(lastModifiedDate, clientDetails.getAdditionalInformation().get("lastModified"));
     }
 
     @Test
     public void testLoadingClientIdWithSingleDetails() {
         jdbcTemplate.update(INSERT_SQL, "clientIdWithSingleDetails",
                 "mySecret", "myResource", "myScope", "myAuthorizedGrantType",
-                "myRedirectUri", "myAuthority", 100, 200, "true", IdentityZoneHolder.get().getId());
+                "myRedirectUri", "myAuthority", 100, 200, "true", IdentityZoneHolder.get().getId(), new Timestamp(System.currentTimeMillis()));
 
         ClientDetails clientDetails = service
                 .loadClientByClientId("clientIdWithSingleDetails");
@@ -148,7 +159,7 @@ public void testLoadingClientIdWithMultipleDetails() {
                 "mySecret", "myResource1,myResource2", "myScope1,myScope2",
                 "myAuthorizedGrantType1,myAuthorizedGrantType2",
                 "myRedirectUri1,myRedirectUri2", "myAuthority1,myAuthority2",
-                100, 200, "read,write", IdentityZoneHolder.get().getId());
+                100, 200, "read,write", IdentityZoneHolder.get().getId(), new Timestamp(System.currentTimeMillis()));
 
         ClientDetails clientDetails = service
                 .loadClientByClientId("clientIdWithMultipleDetails");