Merge branch 'releases/2.3.0'

common/build.gradle

@@ -1,15 +1,15 @@
 description = 'CloudFoundry Identity Common Jar'
 
 dependencies {
-  compile group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version:'1.47'
-  compile group: 'org.bouncycastle', name: 'bcprov-jdk15on', version:'1.47'
+  compile group: 'org.bouncycastle', name: 'bcpkix-jdk15on', version:parent.bcpkixVersion
+  compile group: 'org.bouncycastle', name: 'bcprov-jdk15on', version:parent.bcpkixVersion
   compile group: 'org.springframework.security', name: 'spring-security-ldap', version:parent.springSecurityVersion
   compile group: 'org.springframework.ldap', name: 'spring-ldap-core', version:parent.springSecurityLdapVersion
   compile group: 'org.springframework.ldap', name: 'spring-ldap-core-tiger', version:parent.springSecurityLdapVersion
-  compile(group: 'org.apache.directory.api', name: 'api-ldap-model', version:'1.0.0-M22') {
+  compile(group: 'org.apache.directory.api', name: 'api-ldap-model', version:parent.apacheLdapApiVersion) {
     exclude(module: 'slf4j-api')
   }
-  compile group: 'org.springframework.security', name: 'spring-security-jwt', version:'1.0.2.RELEASE'
+  compile group: 'org.springframework.security', name: 'spring-security-jwt', version:parent.springSecurityJwtVersion
   compile(group: 'org.springframework.security.oauth', name: 'spring-security-oauth2', version:parent.springSecurityOAuthVersion) {
     exclude(module: 'commons-codec')
   }
@@ -42,13 +42,15 @@ dependencies {
   compile group: 'org.slf4j', name: 'slf4j-api', version:'1.7.7'
   compile group: 'org.hibernate', name: 'hibernate-validator', version:'4.3.1.Final'
   compile group: 'org.aspectj', name: 'aspectjrt', version:'1.6.9'
-  compile group: 'org.codehaus.jackson', name: 'jackson-mapper-asl', version:'1.9.2'
+  //compile group: 'org.codehaus.jackson', name: 'jackson-mapper-asl', version:'1.9.2'
+  compile group: 'com.fasterxml.jackson.core', name: 'jackson-core', version:parent.jacksonVersion
+  compile group: 'com.fasterxml.jackson.core', name: 'jackson-databind', version:parent.jacksonVersion
   compile group: 'org.yaml', name: 'snakeyaml', version:'1.12'
   compile group: 'org.mariadb.jdbc', name: 'mariadb-java-client', version:'1.1.7'
   compile group: 'com.googlecode.flyway', name: 'flyway-core', version:'2.3.1'
   compile group: 'org.hsqldb', name: 'hsqldb', version:'2.3.1'
 
-  compile(group: 'org.springframework.security.extensions', name: 'spring-security-saml2-core', version:'1.0.0.RELEASE') {
+  compile(group: 'org.springframework.security.extensions', name: 'spring-security-saml2-core', version:parent.springSecuritySamlVersion) {
     exclude(module: 'bcprov-jdk15')
   }
 
@@ -63,6 +65,7 @@ dependencies {
   testCompile group: 'postgresql', name: 'postgresql', version:parent.postgresqlVersion
   testCompile group: 'org.mockito', name: 'mockito-all', version:'1.8.5'
   testCompile group: 'org.apache.tomcat', name: 'tomcat-jdbc', version:parent.tomcatVersion
+  testCompile group: 'org.springframework.security', name: 'spring-security-test', version:parent.springSecurityVersion
 }
 
 apply from: file('build_properties.gradle')

common/src/main/java/org/cloudfoundry/identity/uaa/audit/event/AbstractUaaEvent.java

@@ -1,5 +1,5 @@
 /*******************************************************************************
- *     Cloud Foundry 
+ *     Cloud Foundry
  *     Copyright (c) [2009-2014] Pivotal Software, Inc. All Rights Reserved.
  *
  *     This product is licensed to you under the Apache License, Version 2.0 (the "License").
@@ -12,21 +12,16 @@
  *******************************************************************************/
 package org.cloudfoundry.identity.uaa.audit.event;
 
-import java.security.Principal;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Map;
-
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import org.cloudfoundry.identity.uaa.audit.AuditEvent;
 import org.cloudfoundry.identity.uaa.audit.AuditEventType;
 import org.cloudfoundry.identity.uaa.audit.UaaAuditService;
 import org.cloudfoundry.identity.uaa.oauth.Claims;
 import org.cloudfoundry.identity.uaa.util.JsonUtils;
 import org.cloudfoundry.identity.uaa.zone.IdentityZone;
 import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
-import org.codehaus.jackson.map.ObjectMapper;
-import org.codehaus.jackson.map.annotate.JsonSerialize.Inclusion;
-import org.codehaus.jackson.type.TypeReference;
 import org.springframework.context.ApplicationEvent;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
@@ -36,21 +31,26 @@
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
 
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Map;
+
 /**
  * Base class for UAA events that want to publish audit records.
- * 
+ *
  * @author Luke Taylor
  * @author Dave Syer
- * 
+ *
  */
 public abstract class AbstractUaaEvent extends ApplicationEvent {
-    
+
     private static final long serialVersionUID = -7639844193401892160L;
     private static ObjectMapper mapper = new ObjectMapper();
     private transient final IdentityZone identityZone = IdentityZoneHolder.get();
 
     {
-        mapper.setSerializationConfig(mapper.getSerializationConfig().withSerializationInclusion(Inclusion.NON_NULL));
+        mapper.setConfig(mapper.getSerializationConfig().withSerializationInclusion(JsonInclude.Include.NON_NULL));
     }
 
     private Authentication authentication;
@@ -102,7 +102,7 @@ protected String getOrigin(Principal principal) {
             else {
                 builder.append("caller=").append(caller.getName());
             }
-            
+
 
             if (caller.getDetails() != null) {
                 builder.append(", details=(");
@@ -140,13 +140,13 @@ protected String getOrigin(Principal principal) {
     }
 
     public abstract AuditEvent getAuditEvent();
-    
+
     protected static Authentication getContextAuthentication() {
         Authentication a = SecurityContextHolder.getContext().getAuthentication();
         if (a==null) {
             a = new Authentication() {
                 private static final long serialVersionUID = 1748694836774597624L;
-                
+
                 ArrayList<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
                 @Override
                 public Collection<? extends GrantedAuthority> getAuthorities() {

common/src/main/java/org/cloudfoundry/identity/uaa/audit/event/ApprovalModifiedEvent.java

@@ -1,5 +1,5 @@
 /*******************************************************************************
- *     Cloud Foundry 
+ *     Cloud Foundry
  *     Copyright (c) [2009-2014] Pivotal Software, Inc. All Rights Reserved.
  *
  *     This product is licensed to you under the Apache License, Version 2.0 (the "License").
@@ -17,7 +17,7 @@
 import org.cloudfoundry.identity.uaa.audit.AuditEvent;
 import org.cloudfoundry.identity.uaa.audit.AuditEventType;
 import org.cloudfoundry.identity.uaa.oauth.approval.Approval;
-import org.codehaus.jackson.map.ObjectMapper;
+import org.cloudfoundry.identity.uaa.util.JsonUtils;
 import org.springframework.security.core.Authentication;
 
 import java.io.IOException;
@@ -46,8 +46,8 @@ public AuditEvent getAuditEvent() {
 
     private String getData(Approval source) {
         try {
-            return new ObjectMapper().writeValueAsString(new ApprovalModifiedEventData(source));
-        } catch (IOException e) {
+            return JsonUtils.writeValueAsString(new ApprovalModifiedEventData(source));
+        } catch (JsonUtils.JsonUtilException e) {
             logger.error("error writing approval event data", e);
         }
         return null;

common/src/main/java/org/cloudfoundry/identity/uaa/audit/event/GroupModifiedEvent.java

@@ -15,12 +15,12 @@
 
 package org.cloudfoundry.identity.uaa.audit.event;
 
+import com.fasterxml.jackson.annotation.JsonCreator;
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.fasterxml.jackson.annotation.JsonProperty;
 import org.cloudfoundry.identity.uaa.audit.AuditEvent;
 import org.cloudfoundry.identity.uaa.audit.AuditEventType;
-import org.codehaus.jackson.annotate.JsonCreator;
-import org.codehaus.jackson.annotate.JsonIgnore;
-import org.codehaus.jackson.annotate.JsonProperty;
-import org.codehaus.jackson.map.ObjectMapper;
+import org.cloudfoundry.identity.uaa.util.JsonUtils;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -74,10 +74,7 @@ public static GroupModifiedEvent groupDeleted(String group, String name, String[
 
     @Override
     public AuditEvent getAuditEvent() {
-        String data = null;
-        try {
-            data = new ObjectMapper().writeValueAsString(new GroupInfo(groupName, members));
-        } catch (IOException e) { }
+        String data = JsonUtils.writeValueAsString(new GroupInfo(groupName, members));
         return createAuditRecord(
             groupId,
             eventType,

common/src/main/java/org/cloudfoundry/identity/uaa/audit/event/TokenIssuedEvent.java

@@ -1,5 +1,5 @@
 /*******************************************************************************
- *     Cloud Foundry 
+ *     Cloud Foundry
  *     Copyright (c) [2009-2014] Pivotal Software, Inc. All Rights Reserved.
  *
  *     This product is licensed to you under the Apache License, Version 2.0 (the "License").
@@ -12,22 +12,20 @@
  *******************************************************************************/
 package org.cloudfoundry.identity.uaa.audit.event;
 
+import com.fasterxml.jackson.core.type.TypeReference;
 import org.cloudfoundry.identity.uaa.audit.AuditEvent;
 import org.cloudfoundry.identity.uaa.audit.AuditEventType;
-import org.codehaus.jackson.map.ObjectMapper;
-import org.codehaus.jackson.type.TypeReference;
+import org.cloudfoundry.identity.uaa.util.JsonUtils;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.jwt.Jwt;
 import org.springframework.security.jwt.JwtHelper;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
 
 import java.io.IOException;
-import java.security.Principal;
 import java.util.Map;
 
 public class TokenIssuedEvent extends AbstractUaaEvent {
 
-    private ObjectMapper mapper = new ObjectMapper();
 
     public TokenIssuedEvent(OAuth2AccessToken source, Authentication principal) {
         super(source, principal);
@@ -43,21 +41,14 @@ public OAuth2AccessToken getSource() {
 
     @Override
     public AuditEvent getAuditEvent() {
-        String data = null;
-        try {
-            data = mapper.writeValueAsString(getSource().getScope());
-        } catch (IOException e) { }
+        String data = JsonUtils.writeValueAsString(getSource().getScope());
         return createAuditRecord(getPrincipalId(), AuditEventType.TokenIssuedEvent, getOrigin(getAuthentication()), data);
     }
 
     private String getPrincipalId() {
         OAuth2AccessToken token = getSource();
         Jwt jwt = JwtHelper.decode(token.getValue());
-        try {
-            Map<String, Object> claims = mapper.readValue(jwt.getClaims(), new TypeReference<Map<String, Object>>() {});
-            return (claims.get("user_id") != null ? claims.get("user_id") : claims.get("client_id")).toString();
-        } catch (IOException e) {
-            return null;
-        }
+        Map<String, Object> claims = JsonUtils.readValue(jwt.getClaims(), new TypeReference<Map<String, Object>>() {});
+        return (claims.get("user_id") != null ? claims.get("user_id") : claims.get("client_id")).toString();
     }
 }

common/src/main/java/org/cloudfoundry/identity/uaa/audit/event/UserModifiedEvent.java

@@ -17,7 +17,7 @@
 
 import org.cloudfoundry.identity.uaa.audit.AuditEvent;
 import org.cloudfoundry.identity.uaa.audit.AuditEventType;
-import org.codehaus.jackson.map.ObjectMapper;
+import org.cloudfoundry.identity.uaa.util.JsonUtils;
 import org.springframework.security.core.Authentication;
 
 import java.io.IOException;
@@ -90,10 +90,7 @@ public static UserModifiedEvent emailChanged(String userId, String username, Str
     @Override
     public AuditEvent getAuditEvent() {
         String[] details = {"user_id="+userId, "username="+username};
-        String data = null;
-        try {
-            data = new ObjectMapper().writeValueAsString(details);
-        } catch (IOException e) { }
+        String data = JsonUtils.writeValueAsString(details);
         return createAuditRecord(
             userId,
             eventType,

common/src/main/java/org/cloudfoundry/identity/uaa/authentication/AuthzAuthenticationFilter.java

@@ -1,5 +1,5 @@
 /*******************************************************************************
- *     Cloud Foundry 
+ *     Cloud Foundry
  *     Copyright (c) [2009-2014] Pivotal Software, Inc. All Rights Reserved.
  *
  *     This product is licensed to you under the Apache License, Version 2.0 (the "License").
@@ -31,10 +31,10 @@
 import javax.servlet.http.HttpServletRequestWrapper;
 import javax.servlet.http.HttpServletResponse;
 
+import com.fasterxml.jackson.core.type.TypeReference;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.codehaus.jackson.map.ObjectMapper;
-import org.codehaus.jackson.type.TypeReference;
+import org.cloudfoundry.identity.uaa.util.JsonUtils;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.BadCredentialsException;
@@ -70,8 +70,6 @@ public class AuthzAuthenticationFilter implements Filter {
 
     private AuthenticationManager authenticationManager;
 
-    private ObjectMapper mapper = new ObjectMapper();
-
     private List<String> parameterNames = Collections.emptyList();
 
     private AuthenticationEntryPoint authenticationEntryPoint = new OAuth2AuthenticationEntryPoint();
@@ -190,11 +188,11 @@ private Map<String, String> getCredentials(HttpServletRequest request) {
             if (value != null) {
                 if (value.startsWith("{")) {
                     try {
-                        Map<String, String> jsonCredentials = mapper.readValue(value,
+                        Map<String, String> jsonCredentials = JsonUtils.readValue(value,
                             new TypeReference<Map<String, String>>() {
                             });
                         credentials.putAll(jsonCredentials);
-                    } catch (IOException e) {
+                    } catch (JsonUtils.JsonUtilException e) {
                         logger.warn("Unknown format of value for request param: " + paramName + ". Ignoring.");
                     }
                 }

common/src/main/java/org/cloudfoundry/identity/uaa/authentication/ClientParametersAuthenticationFilter.java

@@ -16,9 +16,6 @@
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.codehaus.jackson.map.ObjectMapper;
-import org.codehaus.jackson.type.TypeReference;
-import org.springframework.http.HttpMethod;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -28,10 +25,8 @@
 import org.springframework.security.oauth2.common.util.OAuth2Utils;
 import org.springframework.security.oauth2.provider.AuthorizationRequest;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
-import org.springframework.security.oauth2.provider.OAuth2Request;
 import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
 import org.springframework.security.web.AuthenticationEntryPoint;
-import org.springframework.util.Assert;
 
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
@@ -40,25 +35,19 @@
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.util.Collection;
-import java.util.Collections;
-import java.util.Enumeration;
 import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
 import java.util.Map;
-import java.util.Set;
 
 /**
  * Filter which processes and authenticates a client based on
  * parameters client_id and client_secret
  * It sets the authentication to a client only
  * Oauth2Authentication object as that is expected by
  * the LoginAuthenticationManager.
- * 
+ *
  */
 public class ClientParametersAuthenticationFilter implements Filter {
 

common/src/main/java/org/cloudfoundry/identity/uaa/authentication/login/LoginInfoEndpoint.java

@@ -27,10 +27,10 @@
 import org.cloudfoundry.identity.uaa.login.saml.IdentityProviderDefinition;
 import org.cloudfoundry.identity.uaa.login.saml.LoginSamlAuthenticationToken;
 import org.cloudfoundry.identity.uaa.user.UaaAuthority;
+import org.cloudfoundry.identity.uaa.util.JsonUtils;
 import org.cloudfoundry.identity.uaa.util.UaaStringUtils;
 import org.cloudfoundry.identity.uaa.util.UaaUrlUtils;
 import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
-import org.codehaus.jackson.map.ObjectMapper;
 import org.springframework.core.env.Environment;
 import org.springframework.core.io.support.PropertiesLoaderUtils;
 import org.springframework.http.HttpStatus;
@@ -53,7 +53,6 @@
 import org.springframework.web.util.UriComponentsBuilder;
 
 import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
 import javax.servlet.http.HttpSession;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
@@ -186,6 +185,11 @@ public String loginForHtml(Model model, Principal principal, HttpServletRequest
         return login(model, principal, Arrays.asList("passcode"), false, request);
     }
 
+    @RequestMapping(value = {"/invalid_request" })
+    public String invalidRequest(HttpServletRequest request) {
+        return "invalid_request";
+    }
+
     protected String getZonifiedEntityId() {
         if (UaaUrlUtils.isUrl(entityID)) {
             return UaaUrlUtils.addSubdomainToUrl(entityID);
@@ -400,7 +404,7 @@ public String generatePasscode(Map<String, Object> model, Principal principal)
 
     protected ExpiringCode doGenerateCode(Object o) throws IOException {
         return expiringCodeStore.generateCode(
-            new ObjectMapper().writeValueAsString(o),
+            JsonUtils.writeValueAsString(o),
             new Timestamp(System.currentTimeMillis() + (getCodeExpirationMillis()))
         );
     }