Merged updates from application-blocks-1.6 release

3fafbb8f · Matija Obreza · 8c24e32f · ad1dafdb · 3fafbb8f · 3fafbb8f
Commit 3fafbb8f authored Mar 31, 2020 by Matija Obreza
13 changed files
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
 # Changelog
+## 1.6 Release
+March 31, 2020.
+- c03a202 Removed deprecated methods
+- e17d758 Added missing Javadoc
+- 2b84c84 Log more information on login events
+- cfd9a0c Handle successful login only for users
+- 66a63f0 Account expired
+- 2edabb5 Introduce `SuperModelFilter`
+- 2409f4e Fixed generation of NULL/NOTNULL paths for collection paths
+- d6c0215 @Cacheable `ClassPKServiceImpl#getClassPk()`
+- 8690dff Use object mapper with default config in filter copy method
+- ca1faeb Fixed appearing of default values in the NOT filter
+- eb82757 Fix: ensure `ROLE_EVERYONE` authority
+- 169882e ACL: Setting parent ACL object
+- ab6dc88 Support for runtime-define authorities granted to users
+- 2452397 Fixed generation of NULL/NOTNULL paths for nested fields
+- fb0bc5c Added `normalize()` method to filters
+- 2fe361d Drop all OAuth token related code
+- df1f2a0 Enhanced filter handling
+- 695991b Changed building of filter predicate to collecting them into list
+- 61e0b5f Extended clearFilters functionality
+- 2819f03 Fixed generating of `NULL` filter predicate
+- c3a0777 Fixed json serialization of Boolean filters
+- f6372ec Added clearing of NULL and NOTNULL sets in clearFilter
+- eeea83b Fix: check Referrer header if Origin header is missing or method is GET
+- 9fa2323 Handling for arrays
+- f5f1a31 Updated BasicModelFilter to fix issues with NULL and NOTNULL
+- 6090c3d Fix: Request Origin filter logging
+- 843d1e7 Added method for clearing one of Filter fields
+- a782127 CI: Cache maven dependencies
+- 4a2ef15 Fix JsonSidConverter
+- 3aadc3d Added accessors to object filters
+- 35d4621 ES: Store UUID field
+- e27ee1f Use `@Type(type = "uuid-binary")` for UUID
+- 6dc323d Audit logs: ignore order of referenced entity IDs
+- 83ed6a5 OriginCheckFilter: check Referrer header for GET requests
+- 75c2294 Serialize @Transitive properties with Jackson
+- 1459ebd Fix: ACL cache should be cleared on `#removeAclAwareModel()`
+- 205daff Fix: ACL cache should be cleared in createOrUpdatePermissions
+- 73599ef FIX: Missing @CacheEvict on OAuth updateClient()
+- 158cecf FIX: allowedOrigins not copied on update
+- da0a58c Implemented a CORS Origins filter
+- 4f1122a Sort set values before writing audit log change
 ## 1.5 Release
 January 24, 2019.

--- a/README.md
+++ b/README.md
@@ -21,7 +21,7 @@ The **core** provides common data models: `BasicModel`, `VersionedModel`, `Audit
 <dependency>
    <groupId>org.genesys-pgr</groupId>
    <artifactId>application-blocks-core</artifactId>
-    <version>1.5</version>
+    <version>2.0-SNAPSHOT</version>
 </dependency>
 ```
@@ -33,7 +33,7 @@ The **security** module provides generic `User` declaration, ACL model and servi
 <dependency>
  <groupId>org.genesys-pgr</groupId>
  <artifactId>application-blocks-security</artifactId>
-  <version>1.5</version>
+  <version>2.0-SNAPSHOT</version>
 </dependency>
 ```
@@ -45,6 +45,6 @@ The **auditlog** provides the model and services to capture changes to JPA entit
 <dependency>
    <groupId>org.genesys-pgr</groupId>
    <artifactId>application-blocks-auditlog</artifactId>
-    <version>1.5</version>
+    <version>2.0-SNAPSHOT</version>
 </dependency>
 ```
--- a/auditlog/src/test/java/org/genesys/blocks/auditlog/test/ApplicationConfig.java
+++ b/auditlog/src/test/java/org/genesys/blocks/auditlog/test/ApplicationConfig.java
@@ -15,17 +15,13 @@
 */
 package org.genesys.blocks.auditlog.test;
-import java.util.Arrays;
 import org.genesys.blocks.security.component.AclAssignerAspect;
 import org.genesys.blocks.security.service.CustomAclService;
 import org.genesys.blocks.security.service.impl.CustomAclServiceImpl;
 import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
 import org.springframework.cache.CacheManager;
 import org.springframework.cache.annotation.EnableCaching;
-import org.springframework.cache.concurrent.ConcurrentMapCache;
 import org.springframework.cache.support.NoOpCacheManager;
-import org.springframework.cache.support.SimpleCacheManager;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;

--- a/core/src/main/java/org/genesys/blocks/model/filters/SuperModelFilter.java
+++ b/core/src/main/java/org/genesys/blocks/model/filters/SuperModelFilter.java
@@ -269,7 +269,7 @@ public abstract class SuperModelFilter<T extends SuperModelFilter<T, R>, R> {
 	 *
 	 * @param <Q> any SuperModelFilter subtype
 	 * @param filter the filter
-	 * @return
+	 * @return the normalized valid filter
 	 */
 	public static <Q extends SuperModelFilter<?, ?>> Q normalize(final Q filter) {
 		Set<String> toClear = new HashSet<>();
@@ -317,6 +317,7 @@ public abstract class SuperModelFilter<T extends SuperModelFilter<T, R>, R> {
 			return parsed;
 		}
+		@SuppressWarnings("unchecked")
 		@Override
 		public JsonDeserializer<?> createContextual(DeserializationContext deserializationContext, BeanProperty beanProperty) throws JsonMappingException {
 			final JavaType type;

--- a/security/src/main/java/org/genesys/blocks/oauth/service/OAuthClientDetailsService.java
+++ b/security/src/main/java/org/genesys/blocks/oauth/service/OAuthClientDetailsService.java
@@ -37,6 +37,7 @@ public interface OAuthClientDetailsService extends ClientDetailsService {
 	/**
 	 * List client details.
 	 *
+	 * @param pageable the pageable
 	 * @return page with Client details
 	 */
 	Page<OAuthClient> listClientDetails(Pageable pageable);
@@ -49,19 +50,6 @@ public interface OAuthClientDetailsService extends ClientDetailsService {
 	 */
 	OAuthClient getClient(String clientId);
-	/**
-	 * Adds the client.
-	 *
-	 * @param title the title
-	 * @param description the description
-	 * @param redirectUris the redirect uris
-	 * @param accessTokenValiditySeconds the access token validity seconds
-	 * @param refreshTokenValiditySeconds the refresh token validity seconds
-	 * @return the OAuth client
-	 * @deprecated Use {@link #addClient(OAuthClient)} instead
-	 */
-	OAuthClient addClient(String title, String description, String redirectUris, Integer accessTokenValiditySeconds, Integer refreshTokenValiditySeconds);
 	/**
 	 * Register a new OAuth client.
 	 *

--- a/security/src/main/java/org/genesys/blocks/oauth/service/OAuthServiceImpl.java
+++ b/security/src/main/java/org/genesys/blocks/oauth/service/OAuthServiceImpl.java
@@ -136,36 +136,6 @@ public class OAuthServiceImpl implements OAuthClientDetailsService {
 		return client;
 	}
-	/*
-	 * (non-Javadoc)
-	 * @see
-	 * org.genesys.blocks.oauth.service.OAuthClientDetailsService#addClient(java.
-	 * lang.String, java.lang.String, java.lang.String, java.lang.Integer,
-	 * java.lang.Integer)
-	 */
-	@Override
-	@Transactional
-	public OAuthClient addClient(final String title, final String description, final String redirectUris, final Integer accessTokenValidity, final Integer refreshTokenValidity) {
-		final String clientId = RandomStringUtils.randomAlphanumeric(5) + "." + RandomStringUtils.randomAlphanumeric(20) + "@" + hostname;
-		final String clientSecret = RandomStringUtils.randomAlphanumeric(32);
-		final OAuthClient client = new OAuthClient();
-		client.setTitle(title);
-		client.setDescription(description);
-		client.setRedirect(StringUtils.defaultIfBlank(redirectUris, null));
-		client.setAccessTokenValidity(accessTokenValidity);
-		client.setRefreshTokenValidity(refreshTokenValidity);
-		client.setClientId(clientId);
-		client.setClientSecret(passwordEncoder.encode(clientSecret));
-		client.getScope().add("read");
-		client.getScope().add("write");
-		client.getAuthorizedGrantTypes().add("authorization_code");
-		client.getAuthorizedGrantTypes().add("refresh_token");
-		client.getRoles().add(OAuthRole.CLIENT);
-		return oauthClientRepository.save(client);
-	}
 	/*
 	 * (non-Javadoc)
 	 * @see

--- a/security/src/main/java/org/genesys/blocks/security/SecurityContextUtil.java
+++ b/security/src/main/java/org/genesys/blocks/security/SecurityContextUtil.java
@@ -59,6 +59,13 @@ public class SecurityContextUtil {
 		return (permissionEvaluator = updateBean(PermissionEvaluator.class)) != null;
 	}
+	/**
+	 * Update bean.
+	 *
+	 * @param <T> the generic type
+	 * @param clazz the clazz
+	 * @return the t
+	 */
 	static final <T> T updateBean(Class<T> clazz) {
 		ApplicationContext context = CurrentApplicationContext.getContext();
 		if (context != null) {
@@ -175,11 +182,11 @@ public class SecurityContextUtil {
 	}
 	/**
-	 * Check if ROLE_EVERYONE has permission on target object
+	 * Check if ROLE_EVERYONE has permission on target object.
-	 * 
+	 *
-	 * @param targetDomainObject
+	 * @param targetDomainObject the target domain object
-	 * @param permission
+	 * @param permission the permission
-	 * @return
+	 * @return true, if successful
 	 */
 	public static boolean anyoneHasPermission(Object targetDomainObject, Object permission) {
 		if (permissionEvaluator == null) {

--- a/security/src/main/java/org/genesys/blocks/security/model/BasicUser.java
+++ b/security/src/main/java/org/genesys/blocks/security/model/BasicUser.java
@@ -455,9 +455,9 @@ public abstract class BasicUser<R extends GrantedAuthority> extends AclSid imple
 	}
 	/**
-	 * Additional authorities
+	 * Set additional authorities at runtime.
-	 * 
+	 *
-	 * @param authorities
+	 * @param authorities the new runtime authorities
 	 */
 	public void setRuntimeAuthorities(Set<String> authorities) {
 		this.runtimeAuthorities = authorities;

--- a/security/src/main/java/org/genesys/blocks/security/service/BasicUserService.java
+++ b/security/src/main/java/org/genesys/blocks/security/service/BasicUserService.java
@@ -56,7 +56,7 @@ public interface BasicUserService<R extends GrantedAuthority, T extends BasicUse
 	T getUserByEmail(String email);
 	/**
-	 * Create a new user account with {@link #getDefaultUserRole()} assigned.
+	 * Create a new user account.
 	 *
 	 * @param email unique email address
 	 * @param fullName Full name
@@ -70,8 +70,8 @@ public interface BasicUserService<R extends GrantedAuthority, T extends BasicUse
 	T createUser(String email, String fullName, String password, BasicUser.AccountType accountType) throws NotUniqueUserException, PasswordPolicyException, UserException;
 	/**
-	 * Grant specified roles to user. The {@link #getDefaultUserRole()} will be
+	 * Grant specified roles to user. The {@link #getDefaultUserRoles()} will not be
-	 * added if missing.
+	 * persisted.
 	 *
 	 * @param user the user
 	 * @param roles the roles
@@ -133,14 +133,6 @@ public interface BasicUserService<R extends GrantedAuthority, T extends BasicUse
 	 */
 	List<R> listAvailableRoles();
-	/**
-	 * Gets the default user role.
-	 *
-	 * @return the default user role
-	 * @deprecated Use {@link #getDefaultUserRoles()}
-	 */
-	R getDefaultUserRole();
 	/**
 	 * Get default roles assigned to users. These are transient and not persisted to the database.
 	 * 

--- a/security/src/main/java/org/genesys/blocks/security/service/CustomAclService.java
+++ b/security/src/main/java/org/genesys/blocks/security/service/CustomAclService.java
@@ -70,7 +70,10 @@ public interface CustomAclService extends JsonSidConverter.SidProvider {
 	AclSid ensureAuthoritySid(String authority);
 	/**
-	 * Removes the sid of the specified authority
+	 * Removes the sid of the specified authority.
+	 *
+	 * @param authorityName the authority name
+	 * @return the acl sid
 	 */
 	AclSid removeAuthoritySid(String authorityName);
@@ -82,34 +85,36 @@ public interface CustomAclService extends JsonSidConverter.SidProvider {
 	List<AclSid> listAuthoritySids();
 	/**
-	 * Adds the creator permissions or updates permission inheritance
+	 * Adds the creator permissions or updates permission inheritance.
 	 *
 	 * @param entity the target
 	 */
 	void createOrUpdatePermissions(AclAwareModel entity);
 	/**
-	 * Updates inheriting status of object identity
+	 * Updates inheriting status of object identity.
 	 *
 	 * @param objectIdIdentity the id of object identity
 	 * @param entriesInheriting the inheriting status
+	 * @return the acl object identity
 	 */
 	AclObjectIdentity updateInheriting(long objectIdIdentity, boolean entriesInheriting);
 	/**
-	 * Updates parent object of object identity
+	 * Updates parent object of object identity.
 	 *
 	 * @param objectIdIdentity the id of object identity
 	 * @param parentObjectId the id of parent object identity
+	 * @return the acl object identity
 	 */
 	AclObjectIdentity updateParentObject(long objectIdIdentity, long parentObjectId);
 	/**
-	 * Set ACL parent object for inherited permissions
+	 * Set ACL parent object for inherited permissions.
-	 * 
+	 *
 	 * @param target the target ACL object on which to change ACL
 	 * @param parent the parent ACL object
-	 * @return
+	 * @return the acl object identity
 	 */
 	AclObjectIdentity setAclParent(AclAwareModel target, AclAwareModel parent);
@@ -198,7 +203,7 @@ public interface CustomAclService extends JsonSidConverter.SidProvider {
 	AclObjectIdentity setPermissions(AclObjectIdentity objectIdentity, AclSid sid, final Permissions permissions);
 	/**
-	 * Removes the permissions for SID on ACL OID
+	 * Removes the permissions for SID on ACL OID.
 	 *
 	 * @param objectIdentity the object identity
 	 * @param aclSid the acl sid
@@ -283,7 +288,7 @@ public interface CustomAclService extends JsonSidConverter.SidProvider {
 	String getSidName(long id);
 	/**
-	 * Load object identity extended information
+	 * Load object identity extended information.
 	 *
 	 * @param objectIdentity the object identity
 	 * @return the acl object identity ext
@@ -294,11 +299,20 @@ public interface CustomAclService extends JsonSidConverter.SidProvider {
 	 * Wraps {@link AclObjectIdentity} and adds list of inherited permissions.
 	 */
 	public static class AclObjectIdentityExt {
+		/** The original. */
 		@JsonUnwrapped
 		public AclObjectIdentity original;
+		/** The inherited. */
 		@JsonSerialize(converter = AclEntriesToPermissions.class)
 		public List<AclEntry> inherited = new ArrayList<>();
+		/**
+		 * Instantiates a new acl object identity ext.
+		 *
+		 * @param source the source
+		 */
 		public AclObjectIdentityExt(AclObjectIdentity source) {
 			this.original = source;
 		}

--- a/security/src/main/java/org/genesys/blocks/security/service/impl/BasicUserServiceImpl.java
+++ b/security/src/main/java/org/genesys/blocks/security/service/impl/BasicUserServiceImpl.java
@@ -125,14 +125,6 @@ public abstract class BasicUserServiceImpl<R extends GrantedAuthority, T extends
 		this.accountLockoutTime = accountLockoutTime;
 	}
-	/*
-	 * (non-Javadoc)
-	 * @see
-	 * org.genesys.blocks.security.service.BasicUserService#getDefaultUserRole()
-	 */
-	@Override
-	public abstract R getDefaultUserRole();
 	/* (non-Javadoc)
 	 * @see org.genesys.blocks.security.service.BasicUserService#getDefaultUserRoles()
 	 */
@@ -163,9 +155,9 @@ public abstract class BasicUserServiceImpl<R extends GrantedAuthority, T extends
 	}
 	/**
-	 * Allow the application to register additional authorities
+	 * Allow the application to register additional authorities.
-	 * 
+	 *
-	 * @param user
+	 * @param user the user
 	 * @return the same object
 	 */
 	protected abstract Set<String> getRuntimeAuthorities(T user);

--- a/security/src/test/java/org/genesys/blocks/security/config/ApplicationConfig.java
+++ b/security/src/test/java/org/genesys/blocks/security/config/ApplicationConfig.java
@@ -151,16 +151,10 @@ public class ApplicationConfig {
 				user.setEmail(email);
 				user.setFullName(fullName);
 				user.setAccountType(accountType);
-				user.setRoles(Sets.newHashSet(getDefaultUserRole()));
 				setPassword(user, password);
-				return testUserRepository.save(user);
+				return deepLoad(testUserRepository.save(user));
 			}
-			@Override
-			public UserRole getDefaultUserRole() {
-				return UserRole.USER;
-			}
 			@Override
 			public Collection<UserRole> getDefaultUserRoles() {
 				return Sets.newHashSet(UserRole.USER, UserRole.EVERYONE);

--- a/security/src/test/java/org/genesys/blocks/security/test/BasicUserServiceTest.java
+++ b/security/src/test/java/org/genesys/blocks/security/test/BasicUserServiceTest.java
@@ -140,8 +140,6 @@ public class BasicUserServiceTest extends ServiceTest {
 	 */
 	@Test
 	public void testDefaultUserRole() {
-		assertThat(testUserService.getDefaultUserRole(), not(nullValue()));
-		assertThat(testUserService.getDefaultUserRole(), is(UserRole.USER));
 		assertThat(testUserService.getDefaultUserRoles(), containsInAnyOrder(UserRole.USER, UserRole.EVERYONE));
 	}
@@ -155,9 +153,6 @@ public class BasicUserServiceTest extends ServiceTest {
 	@Test
 	public void testDefaultRoleAlwaysAssigned() throws NotUniqueUserException, PasswordPolicyException, UserException {
 		TestUser user = testUserService.createUser(USER_EMAIL, USER_FULLNAME, "password", AccountType.SYSTEM);
-		assertThat("Default user role was not assigned automatically", user.getRoles(), contains(UserRole.USER));
-		user = testUserService.setRoles(user, Sets.newHashSet(UserRole.USER));
 		assertThat("Default user role was not assigned automatically", user.getRoles(), containsInAnyOrder(testUserService.getDefaultUserRoles().toArray()));
 		user = testUserService.setRoles(user, Sets.newHashSet(UserRole.EXTRAROLE));