Commit 3fafbb8f authored by Matija Obreza's avatar Matija Obreza

Merged updates from application-blocks-1.6 release

parents 8c24e32f ad1dafdb
# Changelog
## 1.6 Release
March 31, 2020.
- c03a202 Removed deprecated methods
- e17d758 Added missing Javadoc
- 2b84c84 Log more information on login events
- cfd9a0c Handle successful login only for users
- 66a63f0 Account expired
- 2edabb5 Introduce `SuperModelFilter`
- 2409f4e Fixed generation of NULL/NOTNULL paths for collection paths
- d6c0215 @Cacheable `ClassPKServiceImpl#getClassPk()`
- 8690dff Use object mapper with default config in filter copy method
- ca1faeb Fixed appearing of default values in the NOT filter
- eb82757 Fix: ensure `ROLE_EVERYONE` authority
- 169882e ACL: Setting parent ACL object
- ab6dc88 Support for runtime-define authorities granted to users
- 2452397 Fixed generation of NULL/NOTNULL paths for nested fields
- fb0bc5c Added `normalize()` method to filters
- 2fe361d Drop all OAuth token related code
- df1f2a0 Enhanced filter handling
- 695991b Changed building of filter predicate to collecting them into list
- 61e0b5f Extended clearFilters functionality
- 2819f03 Fixed generating of `NULL` filter predicate
- c3a0777 Fixed json serialization of Boolean filters
- f6372ec Added clearing of NULL and NOTNULL sets in clearFilter
- eeea83b Fix: check Referrer header if Origin header is missing or method is GET
- 9fa2323 Handling for arrays
- f5f1a31 Updated BasicModelFilter to fix issues with NULL and NOTNULL
- 6090c3d Fix: Request Origin filter logging
- 843d1e7 Added method for clearing one of Filter fields
- a782127 CI: Cache maven dependencies
- 4a2ef15 Fix JsonSidConverter
- 3aadc3d Added accessors to object filters
- 35d4621 ES: Store UUID field
- e27ee1f Use `@Type(type = "uuid-binary")` for UUID
- 6dc323d Audit logs: ignore order of referenced entity IDs
- 83ed6a5 OriginCheckFilter: check Referrer header for GET requests
- 75c2294 Serialize @Transitive properties with Jackson
- 1459ebd Fix: ACL cache should be cleared on `#removeAclAwareModel()`
- 205daff Fix: ACL cache should be cleared in createOrUpdatePermissions
- 73599ef FIX: Missing @CacheEvict on OAuth updateClient()
- 158cecf FIX: allowedOrigins not copied on update
- da0a58c Implemented a CORS Origins filter
- 4f1122a Sort set values before writing audit log change
## 1.5 Release
January 24, 2019.
......
......@@ -21,7 +21,7 @@ The **core** provides common data models: `BasicModel`, `VersionedModel`, `Audit
<dependency>
<groupId>org.genesys-pgr</groupId>
<artifactId>application-blocks-core</artifactId>
<version>1.5</version>
<version>2.0-SNAPSHOT</version>
</dependency>
```
......@@ -33,7 +33,7 @@ The **security** module provides generic `User` declaration, ACL model and servi
<dependency>
<groupId>org.genesys-pgr</groupId>
<artifactId>application-blocks-security</artifactId>
<version>1.5</version>
<version>2.0-SNAPSHOT</version>
</dependency>
```
......@@ -45,6 +45,6 @@ The **auditlog** provides the model and services to capture changes to JPA entit
<dependency>
<groupId>org.genesys-pgr</groupId>
<artifactId>application-blocks-auditlog</artifactId>
<version>1.5</version>
<version>2.0-SNAPSHOT</version>
</dependency>
```
......@@ -15,17 +15,13 @@
*/
package org.genesys.blocks.auditlog.test;
import java.util.Arrays;
import org.genesys.blocks.security.component.AclAssignerAspect;
import org.genesys.blocks.security.service.CustomAclService;
import org.genesys.blocks.security.service.impl.CustomAclServiceImpl;
import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
import org.springframework.cache.CacheManager;
import org.springframework.cache.annotation.EnableCaching;
import org.springframework.cache.concurrent.ConcurrentMapCache;
import org.springframework.cache.support.NoOpCacheManager;
import org.springframework.cache.support.SimpleCacheManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
......
......@@ -269,7 +269,7 @@ public abstract class SuperModelFilter<T extends SuperModelFilter<T, R>, R> {
*
* @param <Q> any SuperModelFilter subtype
* @param filter the filter
* @return
* @return the normalized valid filter
*/
public static <Q extends SuperModelFilter<?, ?>> Q normalize(final Q filter) {
Set<String> toClear = new HashSet<>();
......@@ -317,6 +317,7 @@ public abstract class SuperModelFilter<T extends SuperModelFilter<T, R>, R> {
return parsed;
}
@SuppressWarnings("unchecked")
@Override
public JsonDeserializer<?> createContextual(DeserializationContext deserializationContext, BeanProperty beanProperty) throws JsonMappingException {
final JavaType type;
......
......@@ -37,6 +37,7 @@ public interface OAuthClientDetailsService extends ClientDetailsService {
/**
* List client details.
*
* @param pageable the pageable
* @return page with Client details
*/
Page<OAuthClient> listClientDetails(Pageable pageable);
......@@ -49,19 +50,6 @@ public interface OAuthClientDetailsService extends ClientDetailsService {
*/
OAuthClient getClient(String clientId);
/**
* Adds the client.
*
* @param title the title
* @param description the description
* @param redirectUris the redirect uris
* @param accessTokenValiditySeconds the access token validity seconds
* @param refreshTokenValiditySeconds the refresh token validity seconds
* @return the OAuth client
* @deprecated Use {@link #addClient(OAuthClient)} instead
*/
OAuthClient addClient(String title, String description, String redirectUris, Integer accessTokenValiditySeconds, Integer refreshTokenValiditySeconds);
/**
* Register a new OAuth client.
*
......
......@@ -136,36 +136,6 @@ public class OAuthServiceImpl implements OAuthClientDetailsService {
return client;
}
/*
* (non-Javadoc)
* @see
* org.genesys.blocks.oauth.service.OAuthClientDetailsService#addClient(java.
* lang.String, java.lang.String, java.lang.String, java.lang.Integer,
* java.lang.Integer)
*/
@Override
@Transactional
public OAuthClient addClient(final String title, final String description, final String redirectUris, final Integer accessTokenValidity, final Integer refreshTokenValidity) {
final String clientId = RandomStringUtils.randomAlphanumeric(5) + "." + RandomStringUtils.randomAlphanumeric(20) + "@" + hostname;
final String clientSecret = RandomStringUtils.randomAlphanumeric(32);
final OAuthClient client = new OAuthClient();
client.setTitle(title);
client.setDescription(description);
client.setRedirect(StringUtils.defaultIfBlank(redirectUris, null));
client.setAccessTokenValidity(accessTokenValidity);
client.setRefreshTokenValidity(refreshTokenValidity);
client.setClientId(clientId);
client.setClientSecret(passwordEncoder.encode(clientSecret));
client.getScope().add("read");
client.getScope().add("write");
client.getAuthorizedGrantTypes().add("authorization_code");
client.getAuthorizedGrantTypes().add("refresh_token");
client.getRoles().add(OAuthRole.CLIENT);
return oauthClientRepository.save(client);
}
/*
* (non-Javadoc)
* @see
......
......@@ -59,6 +59,13 @@ public class SecurityContextUtil {
return (permissionEvaluator = updateBean(PermissionEvaluator.class)) != null;
}
/**
* Update bean.
*
* @param <T> the generic type
* @param clazz the clazz
* @return the t
*/
static final <T> T updateBean(Class<T> clazz) {
ApplicationContext context = CurrentApplicationContext.getContext();
if (context != null) {
......@@ -175,11 +182,11 @@ public class SecurityContextUtil {
}
/**
* Check if ROLE_EVERYONE has permission on target object
*
* @param targetDomainObject
* @param permission
* @return
* Check if ROLE_EVERYONE has permission on target object.
*
* @param targetDomainObject the target domain object
* @param permission the permission
* @return true, if successful
*/
public static boolean anyoneHasPermission(Object targetDomainObject, Object permission) {
if (permissionEvaluator == null) {
......
......@@ -455,9 +455,9 @@ public abstract class BasicUser<R extends GrantedAuthority> extends AclSid imple
}
/**
* Additional authorities
*
* @param authorities
* Set additional authorities at runtime.
*
* @param authorities the new runtime authorities
*/
public void setRuntimeAuthorities(Set<String> authorities) {
this.runtimeAuthorities = authorities;
......
......@@ -56,7 +56,7 @@ public interface BasicUserService<R extends GrantedAuthority, T extends BasicUse
T getUserByEmail(String email);
/**
* Create a new user account with {@link #getDefaultUserRole()} assigned.
* Create a new user account.
*
* @param email unique email address
* @param fullName Full name
......@@ -70,8 +70,8 @@ public interface BasicUserService<R extends GrantedAuthority, T extends BasicUse
T createUser(String email, String fullName, String password, BasicUser.AccountType accountType) throws NotUniqueUserException, PasswordPolicyException, UserException;
/**
* Grant specified roles to user. The {@link #getDefaultUserRole()} will be
* added if missing.
* Grant specified roles to user. The {@link #getDefaultUserRoles()} will not be
* persisted.
*
* @param user the user
* @param roles the roles
......@@ -133,14 +133,6 @@ public interface BasicUserService<R extends GrantedAuthority, T extends BasicUse
*/
List<R> listAvailableRoles();
/**
* Gets the default user role.
*
* @return the default user role
* @deprecated Use {@link #getDefaultUserRoles()}
*/
R getDefaultUserRole();
/**
* Get default roles assigned to users. These are transient and not persisted to the database.
*
......
......@@ -70,7 +70,10 @@ public interface CustomAclService extends JsonSidConverter.SidProvider {
AclSid ensureAuthoritySid(String authority);
/**
* Removes the sid of the specified authority
* Removes the sid of the specified authority.
*
* @param authorityName the authority name
* @return the acl sid
*/
AclSid removeAuthoritySid(String authorityName);
......@@ -82,34 +85,36 @@ public interface CustomAclService extends JsonSidConverter.SidProvider {
List<AclSid> listAuthoritySids();
/**
* Adds the creator permissions or updates permission inheritance
* Adds the creator permissions or updates permission inheritance.
*
* @param entity the target
*/
void createOrUpdatePermissions(AclAwareModel entity);
/**
* Updates inheriting status of object identity
* Updates inheriting status of object identity.
*
* @param objectIdIdentity the id of object identity
* @param entriesInheriting the inheriting status
* @return the acl object identity
*/
AclObjectIdentity updateInheriting(long objectIdIdentity, boolean entriesInheriting);
/**
* Updates parent object of object identity
* Updates parent object of object identity.
*
* @param objectIdIdentity the id of object identity
* @param parentObjectId the id of parent object identity
* @return the acl object identity
*/
AclObjectIdentity updateParentObject(long objectIdIdentity, long parentObjectId);
/**
* Set ACL parent object for inherited permissions
*
* Set ACL parent object for inherited permissions.
*
* @param target the target ACL object on which to change ACL
* @param parent the parent ACL object
* @return
* @return the acl object identity
*/
AclObjectIdentity setAclParent(AclAwareModel target, AclAwareModel parent);
......@@ -198,7 +203,7 @@ public interface CustomAclService extends JsonSidConverter.SidProvider {
AclObjectIdentity setPermissions(AclObjectIdentity objectIdentity, AclSid sid, final Permissions permissions);
/**
* Removes the permissions for SID on ACL OID
* Removes the permissions for SID on ACL OID.
*
* @param objectIdentity the object identity
* @param aclSid the acl sid
......@@ -283,7 +288,7 @@ public interface CustomAclService extends JsonSidConverter.SidProvider {
String getSidName(long id);
/**
* Load object identity extended information
* Load object identity extended information.
*
* @param objectIdentity the object identity
* @return the acl object identity ext
......@@ -294,11 +299,20 @@ public interface CustomAclService extends JsonSidConverter.SidProvider {
* Wraps {@link AclObjectIdentity} and adds list of inherited permissions.
*/
public static class AclObjectIdentityExt {
/** The original. */
@JsonUnwrapped
public AclObjectIdentity original;
/** The inherited. */
@JsonSerialize(converter = AclEntriesToPermissions.class)
public List<AclEntry> inherited = new ArrayList<>();
/**
* Instantiates a new acl object identity ext.
*
* @param source the source
*/
public AclObjectIdentityExt(AclObjectIdentity source) {
this.original = source;
}
......
......@@ -125,14 +125,6 @@ public abstract class BasicUserServiceImpl<R extends GrantedAuthority, T extends
this.accountLockoutTime = accountLockoutTime;
}
/*
* (non-Javadoc)
* @see
* org.genesys.blocks.security.service.BasicUserService#getDefaultUserRole()
*/
@Override
public abstract R getDefaultUserRole();
/* (non-Javadoc)
* @see org.genesys.blocks.security.service.BasicUserService#getDefaultUserRoles()
*/
......@@ -163,9 +155,9 @@ public abstract class BasicUserServiceImpl<R extends GrantedAuthority, T extends
}
/**
* Allow the application to register additional authorities
*
* @param user
* Allow the application to register additional authorities.
*
* @param user the user
* @return the same object
*/
protected abstract Set<String> getRuntimeAuthorities(T user);
......
......@@ -151,16 +151,10 @@ public class ApplicationConfig {
user.setEmail(email);
user.setFullName(fullName);
user.setAccountType(accountType);
user.setRoles(Sets.newHashSet(getDefaultUserRole()));
setPassword(user, password);
return testUserRepository.save(user);
return deepLoad(testUserRepository.save(user));
}
@Override
public UserRole getDefaultUserRole() {
return UserRole.USER;
}
@Override
public Collection<UserRole> getDefaultUserRoles() {
return Sets.newHashSet(UserRole.USER, UserRole.EVERYONE);
......
......@@ -140,8 +140,6 @@ public class BasicUserServiceTest extends ServiceTest {
*/
@Test
public void testDefaultUserRole() {
assertThat(testUserService.getDefaultUserRole(), not(nullValue()));
assertThat(testUserService.getDefaultUserRole(), is(UserRole.USER));
assertThat(testUserService.getDefaultUserRoles(), containsInAnyOrder(UserRole.USER, UserRole.EVERYONE));
}
......@@ -155,9 +153,6 @@ public class BasicUserServiceTest extends ServiceTest {
@Test
public void testDefaultRoleAlwaysAssigned() throws NotUniqueUserException, PasswordPolicyException, UserException {
TestUser user = testUserService.createUser(USER_EMAIL, USER_FULLNAME, "password", AccountType.SYSTEM);
assertThat("Default user role was not assigned automatically", user.getRoles(), contains(UserRole.USER));
user = testUserService.setRoles(user, Sets.newHashSet(UserRole.USER));
assertThat("Default user role was not assigned automatically", user.getRoles(), containsInAnyOrder(testUserService.getDefaultUserRoles().toArray()));
user = testUserService.setRoles(user, Sets.newHashSet(UserRole.EXTRAROLE));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment