Commit 3fafbb8f authored by Matija Obreza's avatar Matija Obreza

Merged updates from application-blocks-1.6 release

parents 8c24e32f ad1dafdb
# Changelog # Changelog
## 1.6 Release
March 31, 2020.
- c03a202 Removed deprecated methods
- e17d758 Added missing Javadoc
- 2b84c84 Log more information on login events
- cfd9a0c Handle successful login only for users
- 66a63f0 Account expired
- 2edabb5 Introduce `SuperModelFilter`
- 2409f4e Fixed generation of NULL/NOTNULL paths for collection paths
- d6c0215 @Cacheable `ClassPKServiceImpl#getClassPk()`
- 8690dff Use object mapper with default config in filter copy method
- ca1faeb Fixed appearing of default values in the NOT filter
- eb82757 Fix: ensure `ROLE_EVERYONE` authority
- 169882e ACL: Setting parent ACL object
- ab6dc88 Support for runtime-define authorities granted to users
- 2452397 Fixed generation of NULL/NOTNULL paths for nested fields
- fb0bc5c Added `normalize()` method to filters
- 2fe361d Drop all OAuth token related code
- df1f2a0 Enhanced filter handling
- 695991b Changed building of filter predicate to collecting them into list
- 61e0b5f Extended clearFilters functionality
- 2819f03 Fixed generating of `NULL` filter predicate
- c3a0777 Fixed json serialization of Boolean filters
- f6372ec Added clearing of NULL and NOTNULL sets in clearFilter
- eeea83b Fix: check Referrer header if Origin header is missing or method is GET
- 9fa2323 Handling for arrays
- f5f1a31 Updated BasicModelFilter to fix issues with NULL and NOTNULL
- 6090c3d Fix: Request Origin filter logging
- 843d1e7 Added method for clearing one of Filter fields
- a782127 CI: Cache maven dependencies
- 4a2ef15 Fix JsonSidConverter
- 3aadc3d Added accessors to object filters
- 35d4621 ES: Store UUID field
- e27ee1f Use `@Type(type = "uuid-binary")` for UUID
- 6dc323d Audit logs: ignore order of referenced entity IDs
- 83ed6a5 OriginCheckFilter: check Referrer header for GET requests
- 75c2294 Serialize @Transitive properties with Jackson
- 1459ebd Fix: ACL cache should be cleared on `#removeAclAwareModel()`
- 205daff Fix: ACL cache should be cleared in createOrUpdatePermissions
- 73599ef FIX: Missing @CacheEvict on OAuth updateClient()
- 158cecf FIX: allowedOrigins not copied on update
- da0a58c Implemented a CORS Origins filter
- 4f1122a Sort set values before writing audit log change
## 1.5 Release ## 1.5 Release
January 24, 2019. January 24, 2019.
......
...@@ -21,7 +21,7 @@ The **core** provides common data models: `BasicModel`, `VersionedModel`, `Audit ...@@ -21,7 +21,7 @@ The **core** provides common data models: `BasicModel`, `VersionedModel`, `Audit
<dependency> <dependency>
<groupId>org.genesys-pgr</groupId> <groupId>org.genesys-pgr</groupId>
<artifactId>application-blocks-core</artifactId> <artifactId>application-blocks-core</artifactId>
<version>1.5</version> <version>2.0-SNAPSHOT</version>
</dependency> </dependency>
``` ```
...@@ -33,7 +33,7 @@ The **security** module provides generic `User` declaration, ACL model and servi ...@@ -33,7 +33,7 @@ The **security** module provides generic `User` declaration, ACL model and servi
<dependency> <dependency>
<groupId>org.genesys-pgr</groupId> <groupId>org.genesys-pgr</groupId>
<artifactId>application-blocks-security</artifactId> <artifactId>application-blocks-security</artifactId>
<version>1.5</version> <version>2.0-SNAPSHOT</version>
</dependency> </dependency>
``` ```
...@@ -45,6 +45,6 @@ The **auditlog** provides the model and services to capture changes to JPA entit ...@@ -45,6 +45,6 @@ The **auditlog** provides the model and services to capture changes to JPA entit
<dependency> <dependency>
<groupId>org.genesys-pgr</groupId> <groupId>org.genesys-pgr</groupId>
<artifactId>application-blocks-auditlog</artifactId> <artifactId>application-blocks-auditlog</artifactId>
<version>1.5</version> <version>2.0-SNAPSHOT</version>
</dependency> </dependency>
``` ```
...@@ -15,17 +15,13 @@ ...@@ -15,17 +15,13 @@
*/ */
package org.genesys.blocks.auditlog.test; package org.genesys.blocks.auditlog.test;
import java.util.Arrays;
import org.genesys.blocks.security.component.AclAssignerAspect; import org.genesys.blocks.security.component.AclAssignerAspect;
import org.genesys.blocks.security.service.CustomAclService; import org.genesys.blocks.security.service.CustomAclService;
import org.genesys.blocks.security.service.impl.CustomAclServiceImpl; import org.genesys.blocks.security.service.impl.CustomAclServiceImpl;
import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer; import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
import org.springframework.cache.CacheManager; import org.springframework.cache.CacheManager;
import org.springframework.cache.annotation.EnableCaching; import org.springframework.cache.annotation.EnableCaching;
import org.springframework.cache.concurrent.ConcurrentMapCache;
import org.springframework.cache.support.NoOpCacheManager; import org.springframework.cache.support.NoOpCacheManager;
import org.springframework.cache.support.SimpleCacheManager;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
......
...@@ -269,7 +269,7 @@ public abstract class SuperModelFilter<T extends SuperModelFilter<T, R>, R> { ...@@ -269,7 +269,7 @@ public abstract class SuperModelFilter<T extends SuperModelFilter<T, R>, R> {
* *
* @param <Q> any SuperModelFilter subtype * @param <Q> any SuperModelFilter subtype
* @param filter the filter * @param filter the filter
* @return * @return the normalized valid filter
*/ */
public static <Q extends SuperModelFilter<?, ?>> Q normalize(final Q filter) { public static <Q extends SuperModelFilter<?, ?>> Q normalize(final Q filter) {
Set<String> toClear = new HashSet<>(); Set<String> toClear = new HashSet<>();
...@@ -317,6 +317,7 @@ public abstract class SuperModelFilter<T extends SuperModelFilter<T, R>, R> { ...@@ -317,6 +317,7 @@ public abstract class SuperModelFilter<T extends SuperModelFilter<T, R>, R> {
return parsed; return parsed;
} }
@SuppressWarnings("unchecked")
@Override @Override
public JsonDeserializer<?> createContextual(DeserializationContext deserializationContext, BeanProperty beanProperty) throws JsonMappingException { public JsonDeserializer<?> createContextual(DeserializationContext deserializationContext, BeanProperty beanProperty) throws JsonMappingException {
final JavaType type; final JavaType type;
......
...@@ -37,6 +37,7 @@ public interface OAuthClientDetailsService extends ClientDetailsService { ...@@ -37,6 +37,7 @@ public interface OAuthClientDetailsService extends ClientDetailsService {
/** /**
* List client details. * List client details.
* *
* @param pageable the pageable
* @return page with Client details * @return page with Client details
*/ */
Page<OAuthClient> listClientDetails(Pageable pageable); Page<OAuthClient> listClientDetails(Pageable pageable);
...@@ -49,19 +50,6 @@ public interface OAuthClientDetailsService extends ClientDetailsService { ...@@ -49,19 +50,6 @@ public interface OAuthClientDetailsService extends ClientDetailsService {
*/ */
OAuthClient getClient(String clientId); OAuthClient getClient(String clientId);
/**
* Adds the client.
*
* @param title the title
* @param description the description
* @param redirectUris the redirect uris
* @param accessTokenValiditySeconds the access token validity seconds
* @param refreshTokenValiditySeconds the refresh token validity seconds
* @return the OAuth client
* @deprecated Use {@link #addClient(OAuthClient)} instead
*/
OAuthClient addClient(String title, String description, String redirectUris, Integer accessTokenValiditySeconds, Integer refreshTokenValiditySeconds);
/** /**
* Register a new OAuth client. * Register a new OAuth client.
* *
......
...@@ -136,36 +136,6 @@ public class OAuthServiceImpl implements OAuthClientDetailsService { ...@@ -136,36 +136,6 @@ public class OAuthServiceImpl implements OAuthClientDetailsService {
return client; return client;
} }
/*
* (non-Javadoc)
* @see
* org.genesys.blocks.oauth.service.OAuthClientDetailsService#addClient(java.
* lang.String, java.lang.String, java.lang.String, java.lang.Integer,
* java.lang.Integer)
*/
@Override
@Transactional
public OAuthClient addClient(final String title, final String description, final String redirectUris, final Integer accessTokenValidity, final Integer refreshTokenValidity) {
final String clientId = RandomStringUtils.randomAlphanumeric(5) + "." + RandomStringUtils.randomAlphanumeric(20) + "@" + hostname;
final String clientSecret = RandomStringUtils.randomAlphanumeric(32);
final OAuthClient client = new OAuthClient();
client.setTitle(title);
client.setDescription(description);
client.setRedirect(StringUtils.defaultIfBlank(redirectUris, null));
client.setAccessTokenValidity(accessTokenValidity);
client.setRefreshTokenValidity(refreshTokenValidity);
client.setClientId(clientId);
client.setClientSecret(passwordEncoder.encode(clientSecret));
client.getScope().add("read");
client.getScope().add("write");
client.getAuthorizedGrantTypes().add("authorization_code");
client.getAuthorizedGrantTypes().add("refresh_token");
client.getRoles().add(OAuthRole.CLIENT);
return oauthClientRepository.save(client);
}
/* /*
* (non-Javadoc) * (non-Javadoc)
* @see * @see
......
...@@ -59,6 +59,13 @@ public class SecurityContextUtil { ...@@ -59,6 +59,13 @@ public class SecurityContextUtil {
return (permissionEvaluator = updateBean(PermissionEvaluator.class)) != null; return (permissionEvaluator = updateBean(PermissionEvaluator.class)) != null;
} }
/**
* Update bean.
*
* @param <T> the generic type
* @param clazz the clazz
* @return the t
*/
static final <T> T updateBean(Class<T> clazz) { static final <T> T updateBean(Class<T> clazz) {
ApplicationContext context = CurrentApplicationContext.getContext(); ApplicationContext context = CurrentApplicationContext.getContext();
if (context != null) { if (context != null) {
...@@ -175,11 +182,11 @@ public class SecurityContextUtil { ...@@ -175,11 +182,11 @@ public class SecurityContextUtil {
} }
/** /**
* Check if ROLE_EVERYONE has permission on target object * Check if ROLE_EVERYONE has permission on target object.
* *
* @param targetDomainObject * @param targetDomainObject the target domain object
* @param permission * @param permission the permission
* @return * @return true, if successful
*/ */
public static boolean anyoneHasPermission(Object targetDomainObject, Object permission) { public static boolean anyoneHasPermission(Object targetDomainObject, Object permission) {
if (permissionEvaluator == null) { if (permissionEvaluator == null) {
......
...@@ -455,9 +455,9 @@ public abstract class BasicUser<R extends GrantedAuthority> extends AclSid imple ...@@ -455,9 +455,9 @@ public abstract class BasicUser<R extends GrantedAuthority> extends AclSid imple
} }
/** /**
* Additional authorities * Set additional authorities at runtime.
* *
* @param authorities * @param authorities the new runtime authorities
*/ */
public void setRuntimeAuthorities(Set<String> authorities) { public void setRuntimeAuthorities(Set<String> authorities) {
this.runtimeAuthorities = authorities; this.runtimeAuthorities = authorities;
......
...@@ -56,7 +56,7 @@ public interface BasicUserService<R extends GrantedAuthority, T extends BasicUse ...@@ -56,7 +56,7 @@ public interface BasicUserService<R extends GrantedAuthority, T extends BasicUse
T getUserByEmail(String email); T getUserByEmail(String email);
/** /**
* Create a new user account with {@link #getDefaultUserRole()} assigned. * Create a new user account.
* *
* @param email unique email address * @param email unique email address
* @param fullName Full name * @param fullName Full name
...@@ -70,8 +70,8 @@ public interface BasicUserService<R extends GrantedAuthority, T extends BasicUse ...@@ -70,8 +70,8 @@ public interface BasicUserService<R extends GrantedAuthority, T extends BasicUse
T createUser(String email, String fullName, String password, BasicUser.AccountType accountType) throws NotUniqueUserException, PasswordPolicyException, UserException; T createUser(String email, String fullName, String password, BasicUser.AccountType accountType) throws NotUniqueUserException, PasswordPolicyException, UserException;
/** /**
* Grant specified roles to user. The {@link #getDefaultUserRole()} will be * Grant specified roles to user. The {@link #getDefaultUserRoles()} will not be
* added if missing. * persisted.
* *
* @param user the user * @param user the user
* @param roles the roles * @param roles the roles
...@@ -133,14 +133,6 @@ public interface BasicUserService<R extends GrantedAuthority, T extends BasicUse ...@@ -133,14 +133,6 @@ public interface BasicUserService<R extends GrantedAuthority, T extends BasicUse
*/ */
List<R> listAvailableRoles(); List<R> listAvailableRoles();
/**
* Gets the default user role.
*
* @return the default user role
* @deprecated Use {@link #getDefaultUserRoles()}
*/
R getDefaultUserRole();
/** /**
* Get default roles assigned to users. These are transient and not persisted to the database. * Get default roles assigned to users. These are transient and not persisted to the database.
* *
......
...@@ -70,7 +70,10 @@ public interface CustomAclService extends JsonSidConverter.SidProvider { ...@@ -70,7 +70,10 @@ public interface CustomAclService extends JsonSidConverter.SidProvider {
AclSid ensureAuthoritySid(String authority); AclSid ensureAuthoritySid(String authority);
/** /**
* Removes the sid of the specified authority * Removes the sid of the specified authority.
*
* @param authorityName the authority name
* @return the acl sid
*/ */
AclSid removeAuthoritySid(String authorityName); AclSid removeAuthoritySid(String authorityName);
...@@ -82,34 +85,36 @@ public interface CustomAclService extends JsonSidConverter.SidProvider { ...@@ -82,34 +85,36 @@ public interface CustomAclService extends JsonSidConverter.SidProvider {
List<AclSid> listAuthoritySids(); List<AclSid> listAuthoritySids();
/** /**
* Adds the creator permissions or updates permission inheritance * Adds the creator permissions or updates permission inheritance.
* *
* @param entity the target * @param entity the target
*/ */
void createOrUpdatePermissions(AclAwareModel entity); void createOrUpdatePermissions(AclAwareModel entity);
/** /**
* Updates inheriting status of object identity * Updates inheriting status of object identity.
* *
* @param objectIdIdentity the id of object identity * @param objectIdIdentity the id of object identity
* @param entriesInheriting the inheriting status * @param entriesInheriting the inheriting status
* @return the acl object identity
*/ */
AclObjectIdentity updateInheriting(long objectIdIdentity, boolean entriesInheriting); AclObjectIdentity updateInheriting(long objectIdIdentity, boolean entriesInheriting);
/** /**
* Updates parent object of object identity * Updates parent object of object identity.
* *
* @param objectIdIdentity the id of object identity * @param objectIdIdentity the id of object identity
* @param parentObjectId the id of parent object identity * @param parentObjectId the id of parent object identity
* @return the acl object identity
*/ */
AclObjectIdentity updateParentObject(long objectIdIdentity, long parentObjectId); AclObjectIdentity updateParentObject(long objectIdIdentity, long parentObjectId);
/** /**
* Set ACL parent object for inherited permissions * Set ACL parent object for inherited permissions.
* *
* @param target the target ACL object on which to change ACL * @param target the target ACL object on which to change ACL
* @param parent the parent ACL object * @param parent the parent ACL object
* @return * @return the acl object identity
*/ */
AclObjectIdentity setAclParent(AclAwareModel target, AclAwareModel parent); AclObjectIdentity setAclParent(AclAwareModel target, AclAwareModel parent);
...@@ -198,7 +203,7 @@ public interface CustomAclService extends JsonSidConverter.SidProvider { ...@@ -198,7 +203,7 @@ public interface CustomAclService extends JsonSidConverter.SidProvider {
AclObjectIdentity setPermissions(AclObjectIdentity objectIdentity, AclSid sid, final Permissions permissions); AclObjectIdentity setPermissions(AclObjectIdentity objectIdentity, AclSid sid, final Permissions permissions);
/** /**
* Removes the permissions for SID on ACL OID * Removes the permissions for SID on ACL OID.
* *
* @param objectIdentity the object identity * @param objectIdentity the object identity
* @param aclSid the acl sid * @param aclSid the acl sid
...@@ -283,7 +288,7 @@ public interface CustomAclService extends JsonSidConverter.SidProvider { ...@@ -283,7 +288,7 @@ public interface CustomAclService extends JsonSidConverter.SidProvider {
String getSidName(long id); String getSidName(long id);
/** /**
* Load object identity extended information * Load object identity extended information.
* *
* @param objectIdentity the object identity * @param objectIdentity the object identity
* @return the acl object identity ext * @return the acl object identity ext
...@@ -294,11 +299,20 @@ public interface CustomAclService extends JsonSidConverter.SidProvider { ...@@ -294,11 +299,20 @@ public interface CustomAclService extends JsonSidConverter.SidProvider {
* Wraps {@link AclObjectIdentity} and adds list of inherited permissions. * Wraps {@link AclObjectIdentity} and adds list of inherited permissions.
*/ */
public static class AclObjectIdentityExt { public static class AclObjectIdentityExt {
/** The original. */
@JsonUnwrapped @JsonUnwrapped
public AclObjectIdentity original; public AclObjectIdentity original;
/** The inherited. */
@JsonSerialize(converter = AclEntriesToPermissions.class) @JsonSerialize(converter = AclEntriesToPermissions.class)
public List<AclEntry> inherited = new ArrayList<>(); public List<AclEntry> inherited = new ArrayList<>();
/**
* Instantiates a new acl object identity ext.
*
* @param source the source
*/
public AclObjectIdentityExt(AclObjectIdentity source) { public AclObjectIdentityExt(AclObjectIdentity source) {
this.original = source; this.original = source;
} }
......
...@@ -125,14 +125,6 @@ public abstract class BasicUserServiceImpl<R extends GrantedAuthority, T extends ...@@ -125,14 +125,6 @@ public abstract class BasicUserServiceImpl<R extends GrantedAuthority, T extends
this.accountLockoutTime = accountLockoutTime; this.accountLockoutTime = accountLockoutTime;
} }
/*
* (non-Javadoc)
* @see
* org.genesys.blocks.security.service.BasicUserService#getDefaultUserRole()
*/
@Override
public abstract R getDefaultUserRole();
/* (non-Javadoc) /* (non-Javadoc)
* @see org.genesys.blocks.security.service.BasicUserService#getDefaultUserRoles() * @see org.genesys.blocks.security.service.BasicUserService#getDefaultUserRoles()
*/ */
...@@ -163,9 +155,9 @@ public abstract class BasicUserServiceImpl<R extends GrantedAuthority, T extends ...@@ -163,9 +155,9 @@ public abstract class BasicUserServiceImpl<R extends GrantedAuthority, T extends
} }
/** /**
* Allow the application to register additional authorities * Allow the application to register additional authorities.
* *
* @param user * @param user the user
* @return the same object * @return the same object
*/ */
protected abstract Set<String> getRuntimeAuthorities(T user); protected abstract Set<String> getRuntimeAuthorities(T user);
......
...@@ -151,16 +151,10 @@ public class ApplicationConfig { ...@@ -151,16 +151,10 @@ public class ApplicationConfig {
user.setEmail(email); user.setEmail(email);
user.setFullName(fullName); user.setFullName(fullName);
user.setAccountType(accountType); user.setAccountType(accountType);
user.setRoles(Sets.newHashSet(getDefaultUserRole()));
setPassword(user, password); setPassword(user, password);
return testUserRepository.save(user); return deepLoad(testUserRepository.save(user));
} }
@Override
public UserRole getDefaultUserRole() {
return UserRole.USER;
}
@Override @Override
public Collection<UserRole> getDefaultUserRoles() { public Collection<UserRole> getDefaultUserRoles() {
return Sets.newHashSet(UserRole.USER, UserRole.EVERYONE); return Sets.newHashSet(UserRole.USER, UserRole.EVERYONE);
......
...@@ -140,8 +140,6 @@ public class BasicUserServiceTest extends ServiceTest { ...@@ -140,8 +140,6 @@ public class BasicUserServiceTest extends ServiceTest {
*/ */
@Test @Test
public void testDefaultUserRole() { public void testDefaultUserRole() {
assertThat(testUserService.getDefaultUserRole(), not(nullValue()));
assertThat(testUserService.getDefaultUserRole(), is(UserRole.USER));
assertThat(testUserService.getDefaultUserRoles(), containsInAnyOrder(UserRole.USER, UserRole.EVERYONE)); assertThat(testUserService.getDefaultUserRoles(), containsInAnyOrder(UserRole.USER, UserRole.EVERYONE));
} }
...@@ -155,9 +153,6 @@ public class BasicUserServiceTest extends ServiceTest { ...@@ -155,9 +153,6 @@ public class BasicUserServiceTest extends ServiceTest {
@Test @Test
public void testDefaultRoleAlwaysAssigned() throws NotUniqueUserException, PasswordPolicyException, UserException { public void testDefaultRoleAlwaysAssigned() throws NotUniqueUserException, PasswordPolicyException, UserException {
TestUser user = testUserService.createUser(USER_EMAIL, USER_FULLNAME, "password", AccountType.SYSTEM); TestUser user = testUserService.createUser(USER_EMAIL, USER_FULLNAME, "password", AccountType.SYSTEM);
assertThat("Default user role was not assigned automatically", user.getRoles(), contains(UserRole.USER));
user = testUserService.setRoles(user, Sets.newHashSet(UserRole.USER));
assertThat("Default user role was not assigned automatically", user.getRoles(), containsInAnyOrder(testUserService.getDefaultUserRoles().toArray())); assertThat("Default user role was not assigned automatically", user.getRoles(), containsInAnyOrder(testUserService.getDefaultUserRoles().toArray()));
user = testUserService.setRoles(user, Sets.newHashSet(UserRole.EXTRAROLE)); user = testUserService.setRoles(user, Sets.newHashSet(UserRole.EXTRAROLE));
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment