Merge branch 'releases/2.6.1'

build.gradle

@@ -12,7 +12,7 @@ buildscript {
   dependencies {
     classpath group: 'org.gradle.api.plugins', name: 'gradle-cargo-plugin', version: '1.5'
     classpath group: 'org.jfrog.buildinfo', name: 'build-info-extractor-gradle', version: '2.2.4'
-    classpath group: 'net.saliman', name: 'gradle-cobertura-plugin', version: '2.2.2'
+    classpath group: 'net.saliman', name: 'gradle-cobertura-plugin', version: '2.2.8'
     classpath group: 'org.kt3k.gradle.plugin', name: 'coveralls-gradle-plugin', version: '0.4.1'
     classpath group: 'org.mariadb.jdbc', name: 'mariadb-java-client', version:'1.1.8'
     classpath group: 'postgresql', name: 'postgresql', version:'9.1-901.jdbc3'

common/src/main/java/org/cloudfoundry/identity/uaa/authentication/SessionResetFilter.java

@@ -31,6 +31,7 @@
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 import java.io.IOException;
+import java.util.Date;
 
 public class SessionResetFilter extends OncePerRequestFilter {
 
@@ -64,12 +65,15 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
                 try {
                     logger.debug("Evaluating user-id for session reset:"+userId);
                     UaaUser user = userDatabase.retrieveUserById(userId);
-                    long lastAuthTime = authentication.getAuthenticatedTime();
-                    long passwordModTime = user.getPasswordLastModified().getTime() ;
-                    //if the password has changed after authentication time
-                    if (hasPasswordChangedAfterAuthentication(lastAuthTime, passwordModTime)) {
-                        logger.debug(String.format("Resetting user session for user ID: %s Auth Time: %s Password Change Time: %s",userId, lastAuthTime, passwordModTime));
-                        redirect = true;
+                    Date lastModified;
+                    if ((lastModified = user.getPasswordLastModified()) != null) {
+                        long lastAuthTime = authentication.getAuthenticatedTime();
+                        long passwordModTime = lastModified.getTime();
+                        //if the password has changed after authentication time
+                        if (hasPasswordChangedAfterAuthentication(lastAuthTime, passwordModTime)) {
+                            logger.debug(String.format("Resetting user session for user ID: %s Auth Time: %s Password Change Time: %s",userId, lastAuthTime, passwordModTime));
+                            redirect = true;
+                        }
                     }
                 } catch (UsernameNotFoundException x) {
                     logger.info("Authenticated user ["+userId+"] was not found in DB.");

common/src/main/java/org/cloudfoundry/identity/uaa/ldap/LdapIdentityProviderDefinition.java

@@ -18,6 +18,7 @@
 import org.springframework.core.env.MapPropertySource;
 
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 
 public class LdapIdentityProviderDefinition {
@@ -38,6 +39,7 @@ public class LdapIdentityProviderDefinition {
     private boolean groupSearchSubTree;
     private int maxGroupSearchDepth;
     private boolean skipSSLVerification;
+    private List<String> emailDomain;
 
     public static LdapIdentityProviderDefinition searchAndBindMapGroupToScopes(
         String baseUrl,
@@ -289,6 +291,14 @@ public int hashCode() {
         return result;
     }
 
+    public void setEmailDomain(List<String> emailDomain) {
+        this.emailDomain = emailDomain;
+    }
+
+    public List<String> getEmailDomain() {
+        return emailDomain;
+    }
+
     public static class LdapConfigEnvironment extends AbstractEnvironment {
         public LdapConfigEnvironment(MapPropertySource source) {
             getPropertySources().addFirst(source);

common/src/main/java/org/cloudfoundry/identity/uaa/login/saml/ComparableProvider.java

@@ -13,7 +13,51 @@
  */
 package org.cloudfoundry.identity.uaa.login.saml;
 
-public interface ComparableProvider {
-    public String getAlias();
-    public String getZoneId();
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.xml.XMLObject;
+
+public interface ComparableProvider extends Comparable<ComparableProvider> {
+
+    String getAlias();
+    String getZoneId();
+
+    XMLObject doGetMetadata() throws MetadataProviderException;
+    byte[] fetchMetadata() throws MetadataProviderException;
+
+    default String getEntityID() throws MetadataProviderException {
+        fetchMetadata();
+        XMLObject metadata = doGetMetadata();
+        if (metadata instanceof EntityDescriptor) {
+            EntityDescriptor entityDescriptor = (EntityDescriptor) metadata;
+            return entityDescriptor.getEntityID();
+        } else if (metadata instanceof EntitiesDescriptor) {
+            EntitiesDescriptor desc = (EntitiesDescriptor)metadata;
+            if (desc.getEntityDescriptors().size()!=1) {
+                throw new MetadataProviderException("Invalid metadata. Number of descriptors must be 1, but is "+desc.getEntityDescriptors().size());
+            } else {
+                return desc.getEntityDescriptors().get(0).getEntityID();
+            }
+        } else {
+            throw new MetadataProviderException("Unknown descriptor class:"+metadata.getClass().getName());
+        }
+    }
+
+    default int compareTo(ComparableProvider that) {
+        if (this == that) return 0;
+        int result = this.getAlias().compareTo(that.getAlias());
+        if (0!=result) return result;
+        result = this.getZoneId().compareTo(that.getZoneId());
+        if (0!=result) return result;
+        return 0;
+    }
+
+    default int getHashCode() {
+        int result = getZoneId().hashCode();
+        result = 31 * result + getAlias().hashCode();
+        return result;
+    }
+
+
 }

common/src/main/java/org/cloudfoundry/identity/uaa/login/saml/ConfigMetadataProvider.java

@@ -25,8 +25,12 @@ public ConfigMetadataProvider(String zoneId, String alias, String metadata) {
         this.zoneId = zoneId;
     }
 
+    public byte[] fetchMetadata() throws MetadataProviderException {
+        return metadata.getBytes(StandardCharsets.UTF_8);
+    }
+
     @Override
-    protected XMLObject doGetMetadata() throws MetadataProviderException {
+    public XMLObject doGetMetadata() throws MetadataProviderException {
 
         InputStream stream = new ByteArrayInputStream(metadata.getBytes(StandardCharsets.UTF_8));
 
@@ -42,20 +46,12 @@ protected XMLObject doGetMetadata() throws MetadataProviderException {
     public boolean equals(Object o) {
         if (this == o) return true;
         if (o == null || !(o instanceof ComparableProvider)) return false;
-
-        ComparableProvider that = (ComparableProvider) o;
-
-        if (!alias.equals(that.getAlias())) return false;
-        if (!zoneId.equals(that.getZoneId())) return false;
-
-        return true;
+        return this.compareTo((ComparableProvider)o) == 0;
     }
 
     @Override
     public int hashCode() {
-        int result = zoneId.hashCode();
-        result = 31 * result + alias.hashCode();
-        return result;
+        return getHashCode();
     }
 
     @Override

common/src/main/java/org/cloudfoundry/identity/uaa/login/saml/FilesystemMetadataProvider.java

@@ -18,44 +18,14 @@
 import java.io.File;
 import java.util.Timer;
 
-public class FilesystemMetadataProvider extends org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider implements ComparableProvider {
+public class FilesystemMetadataProvider extends org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider {
 
-    private final String zoneId;
-    private final String alias;
-
-    public FilesystemMetadataProvider(String zoneId, String alias, Timer backgroundTaskTimer, File metadata) throws MetadataProviderException {
+    public FilesystemMetadataProvider(Timer backgroundTaskTimer, File metadata) throws MetadataProviderException {
         super(backgroundTaskTimer, metadata);
-        this.zoneId = zoneId;
-        this.alias = alias;
-    }
-
-    @Override
-    public boolean equals(Object o) {
-        if (this == o) return true;
-        if (o == null || !(o instanceof ComparableProvider)) return false;
-
-        ComparableProvider that = (ComparableProvider) o;
-
-        if (!alias.equals(that.getAlias())) return false;
-        if (!zoneId.equals(that.getZoneId())) return false;
-
-        return true;
-    }
-
-    @Override
-    public int hashCode() {
-        int result = zoneId.hashCode();
-        result = 31 * result + alias.hashCode();
-        return result;
-    }
-
-    @Override
-    public String getAlias() {
-        return alias;
     }
 
     @Override
-    public String getZoneId() {
-        return zoneId;
+    public byte[] fetchMetadata() throws MetadataProviderException {
+        return super.fetchMetadata();
     }
 }

common/src/main/java/org/cloudfoundry/identity/uaa/login/saml/FixedHttpMetaDataProvider.java

@@ -1,5 +1,5 @@
 /*******************************************************************************
- *     Cloud Foundry 
+ *     Cloud Foundry
  *     Copyright (c) [2009-2014] Pivotal Software, Inc. All Rights Reserved.
  *
  *     This product is licensed to you under the Apache License, Version 2.0 (the "License").
@@ -13,40 +13,45 @@
 
 package org.cloudfoundry.identity.uaa.login.saml;
 
-import java.net.URISyntaxException;
-import java.util.Timer;
-
 import org.apache.commons.httpclient.HttpClient;
 import org.apache.commons.httpclient.protocol.ProtocolSocketFactory;
 import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 
+import java.net.URISyntaxException;
+import java.util.Timer;
+
 /**
  * This class works around the problem described in <a href="http://issues.apache.org/jira/browse/HTTPCLIENT-646">http://issues.apache.org/jira/browse/HTTPCLIENT-646</a> when a socket factory is set
  * on the OpenSAML
  * {@link HTTPMetadataProvider#setSocketFactory(ProtocolSocketFactory)} all
  * subsequent GET Methods should be executed using a relative URL, otherwise the
  * HttpClient
  * resets the underlying socket factory.
- * 
+ *
  * @author Filip Hanik
- * 
+ *
  */
-public class FixedHttpMetaDataProvider extends HTTPMetadataProvider implements ComparableProvider {
+public class FixedHttpMetaDataProvider extends HTTPMetadataProvider {
 
     /**
      * Track if we have a custom socket factory
      */
     private boolean socketFactorySet = false;
-    private final String zoneId;
-    private final String alias;
+    private byte[] metadata;
 
 
-    public FixedHttpMetaDataProvider(String zoneId, String alias, Timer backgroundTaskTimer, HttpClient client,
-                    String metadataURL) throws MetadataProviderException {
+    public FixedHttpMetaDataProvider(Timer backgroundTaskTimer, HttpClient client, String metadataURL) throws MetadataProviderException {
         super(backgroundTaskTimer, client, metadataURL);
-        this.alias = alias;
-        this.zoneId = zoneId;
+    }
+
+
+    @Override
+    public byte[] fetchMetadata() throws MetadataProviderException {
+        if (metadata==null) {
+            metadata = super.fetchMetadata();
+        }
+        return metadata;
     }
 
     /**
@@ -92,34 +97,4 @@ public String getMetadataURI() {
     public boolean isSocketFactorySet() {
         return socketFactorySet;
     }
-
-    @Override
-    public boolean equals(Object o) {
-        if (this == o) return true;
-        if (o == null || !(o instanceof ComparableProvider)) return false;
-
-        ComparableProvider that = (ComparableProvider) o;
-
-        if (!alias.equals(that.getAlias())) return false;
-        if (!zoneId.equals(that.getZoneId())) return false;
-
-        return true;
-    }
-
-    @Override
-    public int hashCode() {
-        int result = zoneId.hashCode();
-        result = 31 * result + alias.hashCode();
-        return result;
-    }
-
-    @Override
-    public String getAlias() {
-        return alias;
-    }
-
-    @Override
-    public String getZoneId() {
-        return zoneId;
-    }
 }