diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/AbstractAttributeExtensibleXMLObject.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/AbstractAttributeExtensibleXMLObject.java index 60aef53e8..1d35bfc49 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/AbstractAttributeExtensibleXMLObject.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/AbstractAttributeExtensibleXMLObject.java @@ -1,6 +1,7 @@ package edu.internet2.tier.shibboleth.admin.ui.domain; import lombok.EqualsAndHashCode; +import org.hibernate.annotations.Type; import org.hibernate.envers.Audited; import org.hibernate.envers.NotAudited; import org.opensaml.core.xml.AttributeExtensibleXMLObject; @@ -34,10 +35,7 @@ public AttributeMap getUnknownAttributes() { return this.unknownAttributes; } - //@ElementCollection - //@MapKeyColumn(length = 1000) - //@NotAudited - @Transient + @ElementCollection private Map storageAttributeMap = new HashMap<>(); @PrePersist diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/RequestInitiator.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/RequestInitiator.java index 96e08ca11..4405d2797 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/RequestInitiator.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/RequestInitiator.java @@ -53,9 +53,7 @@ public void setResponseLocation(String location) { this.responseLocation = location; } - //@ElementCollection - //@MapKeyColumn(length = 1000) - @Transient + @ElementCollection private Map storageAttributeMap = new HashMap<>(); @Transient diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/hibernate/QNameTypeContributor.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/hibernate/QNameTypeContributor.java new file mode 100644 index 000000000..0cca1f713 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/hibernate/QNameTypeContributor.java @@ -0,0 +1,15 @@ +package edu.internet2.tier.shibboleth.admin.ui.hibernate; + +import org.hibernate.boot.model.TypeContributions; +import org.hibernate.boot.model.TypeContributor; +import org.hibernate.service.ServiceRegistry; + +import javax.xml.namespace.QName; + +public class QNameTypeContributor implements TypeContributor { + + @Override + public void contribute(TypeContributions typeContributions, ServiceRegistry serviceRegistry) { + typeContributions.contributeType(new QNameUserType(), "qname", QName.class.getName()); + } +} diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/hibernate/QNameUserType.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/hibernate/QNameUserType.java new file mode 100644 index 000000000..5c14dd1dd --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/hibernate/QNameUserType.java @@ -0,0 +1,150 @@ +package edu.internet2.tier.shibboleth.admin.ui.hibernate; + +import org.hibernate.HibernateException; +import org.hibernate.engine.spi.SharedSessionContractImplementor; +import org.hibernate.usertype.UserType; + +import javax.xml.namespace.QName; +import java.io.Serializable; +import java.sql.PreparedStatement; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.sql.Types; + +public class QNameUserType implements UserType { + + private static final int[] SQL_TYPES = new int[] { Types.VARCHAR }; + + /* + * (non-Javadoc) + * + * @see org.hibernate.usertype.UserType#assemble(java.io.Serializable, java.lang.Object) + */ + public Object assemble(Serializable cached, Object owner) throws HibernateException { + return cached; + } + + /* + * (non-Javadoc) + * + * @see org.hibernate.usertype.UserType#deepCopy(java.lang.Object) + */ + public Object deepCopy(Object value) throws HibernateException { + return value; + } + + /* + * (non-Javadoc) + * + * @see org.hibernate.usertype.UserType#disassemble(java.lang.Object) + */ + public Serializable disassemble(Object value) throws HibernateException { + return (Serializable) value; + } + + /** Compares the int values of the enumerates */ + public boolean equals(Object x, Object y) throws HibernateException { + // todo: check compare on null values + if (x == null && y == null) { + return true; + } + + if (x == null || y == null) { + return false; + } + + if (x.getClass() != y.getClass()) { + return false; + } + + final QName q1 = (QName) x; + final QName q2 = (QName) y; + + return q1.toString().compareTo(q2.toString()) == 0; + } + + /* + * (non-Javadoc) + * + * @see org.hibernate.usertype.UserType#hashCode(java.lang.Object) + */ + public int hashCode(Object x) throws HibernateException { + return x.toString().hashCode(); + } + + /** Not mutable */ + public boolean isMutable() { + return false; + } + + /* + * (non-Javadoc) + * + * @see org.hibernate.usertype.UserType#nullSafeGet(java.sql.ResultSet, java.lang.String[], + * java.lang.Object) + */ + public Object nullSafeGet(ResultSet rs, String[] names, SharedSessionContractImplementor sessionContractImplementor, Object owner) throws HibernateException, SQLException { + final String str = rs.getString(names[0]); + if (rs.wasNull()) { + return null; + } + return convertFromString(str); + } + + /* + * (non-Javadoc) + * + * @see org.hibernate.usertype.UserType#nullSafeSet(java.sql.PreparedStatement, + * java.lang.Object, int) + */ + public void nullSafeSet(PreparedStatement st, Object value, int index, SharedSessionContractImplementor sessionContractImplementor) throws HibernateException, SQLException { + if (value == null) { + st.setNull(index, Types.VARCHAR); + } else { + st.setString(index, convertToString((QName) value)); + } + } + + /* + * (non-Javadoc) + * + * @see org.hibernate.usertype.UserType#replace(java.lang.Object, java.lang.Object, + * java.lang.Object) + */ + public Object replace(Object original, Object target, Object owner) throws HibernateException { + return original; + } + + /** Returns the parameterizezd enumType */ + public Class returnedClass() { + return QName.class; + } + + /** An enum is stored in one varchar */ + public int[] sqlTypes() { + return SQL_TYPES; + } + + protected String convertToString(QName qName) { + return "{" + qName.getNamespaceURI() + "}" + qName.getPrefix() + ":" + qName.getLocalPart(); + } + + protected QName convertFromString(String str) { + if (str.indexOf("{") == -1) { + throw new HibernateException("String " + str + " can not be converted to a QName, missing starting {"); + } + final int endIndexNS = str.indexOf("}"); + if (endIndexNS == -1) { + throw new HibernateException("String " + str + + " can not be converted to a QName, missing end ns delimiter } "); + } + final int prefixIndex = str.indexOf(":", endIndexNS); + if (prefixIndex == -1) { + throw new HibernateException("String " + str + " can not be converted to a QName, missing prefix delimiter :"); + } + final String ns = str.substring(1, endIndexNS); + final String prefix = str.substring(endIndexNS + 1, prefixIndex); + final String localPart = str.substring(prefixIndex + 1); + return new QName(ns, localPart, prefix); + } +} diff --git a/backend/src/main/resources/META-INF/services/org.hibernate.boot.model.TypeContributor b/backend/src/main/resources/META-INF/services/org.hibernate.boot.model.TypeContributor new file mode 100644 index 000000000..5f1ae5827 --- /dev/null +++ b/backend/src/main/resources/META-INF/services/org.hibernate.boot.model.TypeContributor @@ -0,0 +1 @@ +edu.internet2.tier.shibboleth.admin.ui.hibernate.QNameTypeContributor diff --git a/testbed/mariadb/conf/application.yml b/testbed/mariadb/conf/application.yml new file mode 100644 index 000000000..68018a4b9 --- /dev/null +++ b/testbed/mariadb/conf/application.yml @@ -0,0 +1,138 @@ +spring: + profiles: + include: + datasource: + platform: mysql + driver-class-name: org.mariadb.jdbc.Driver + url: jdbc:mariadb://db:3306/shibui + username: shibui + password: shibui + jpa: + properties: + hibernate: + dialect: org.hibernate.dialect.MariaDBDialect +server: + port: 8443 + ssl: + key-store: "/conf/keystore.p12" + key-store-password: "changeit" + keyStoreType: "PKCS12" + keyAlias: "tomcat" +shibui: + user-bootstrap-resource: file:/conf/users.csv + roles: ROLE_ADMIN,ROLE_NONE,ROLE_USER,ROLE_PONY +custom: + attributes: + # Default attributes + - name: eduPersonPrincipalName + displayName: label.attribute-eduPersonPrincipalName + - name: uid + displayName: label.attribute-uid + - name: mail + displayName: label.attribute-mail + - name: surname + displayName: label.attribute-surname + - name: givenName + displayName: label.attribute-givenName + - name: eduPersonAffiliation + displayName: label.attribute-eduPersonAffiliation + - name: eduPersonScopedAffiliation + displayName: label.attribute-eduPersonScopedAffiliation + - name: eduPersonPrimaryAffiliation + displayName: label.attribute-eduPersonPrimaryAffiliation + - name: eduPersonEntitlement + displayName: label.attribute-eduPersonEntitlement + - name: eduPersonAssurance + displayName: label.attribute-eduPersonAssurance + - name: eduPersonUniqueId + displayName: label.attribute-eduPersonUniqueId + - name: employeeNumber + displayName: label.attribute-employeeNumber + # Custom attributes + overrides: + # Default overrides + - name: signAssertion + displayName: label.sign-the-assertion + displayType: boolean + defaultValue: false + helpText: tooltip.sign-assertion + attributeName: http://shibboleth.net/ns/profiles/saml2/sso/browser/signAssertions + attributeFriendlyName: signAssertions + - name: dontSignResponse + displayName: label.dont-sign-the-response + displayType: boolean + defaultValue: false + helpText: tooltip.dont-sign-response + attributeName: http://shibboleth.net/ns/profiles/saml2/sso/browser/signResponses + attributeFriendlyName: signResponses + - name: turnOffEncryption + displayName: label.turn-off-encryption-of-response + displayType: boolean + defaultValue: false + helpText: tooltip.turn-off-encryption + attributeName: http://shibboleth.net/ns/profiles/encryptAssertions + attributeFriendlyName: encryptAssertions + - name: useSha + displayName: label.use-sha1-signing-algorithm + displayType: boolean + defaultValue: false + helpText: tooltip.usa-sha-algorithm + persistType: string + persistValue: shibboleth.SecurityConfiguration.SHA1 + attributeName: http://shibboleth.net/ns/profiles/securityConfiguration + attributeFriendlyName: securityConfiguration + - name: ignoreAuthenticationMethod + displayName: label.ignore-any-sp-requested-authentication-method + displayType: boolean + defaultValue: false + helpText: tooltip.ignore-auth-method + persistType: string + persistValue: 0x1 + attributeName: http://shibboleth.net/ns/profiles/disallowedFeatures + attributeFriendlyName: disallowedFeatures + - name: omitNotBefore + displayName: label.omit-not-before-condition + displayType: boolean + defaultValue: false + helpText: tooltip.omit-not-before-condition + attributeName: http://shibboleth.net/ns/profiles/includeConditionsNotBefore + attributeFriendlyName: includeConditionsNotBefore + - name: responderId + displayName: label.responder-id + displayType: string + defaultValue: null + helpText: tooltip.responder-id + attributeName: http://shibboleth.net/ns/profiles/responderId + attributeFriendlyName: responderId + - name: nameIdFormats + displayName: label.nameid-format-to-send + displayType: set + helpText: tooltip.nameid-format + defaultValues: + - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified + - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress + - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent + - urn:oasis:names:tc:SAML:2.0:nameid-format:transient + attributeName: http://shibboleth.net/ns/profiles/nameIDFormatPrecedence + attributeFriendlyName: nameIDFormatPrecedence + - name: authenticationMethods + displayName: label.authentication-methods-to-use + displayType: set + helpText: tooltip.authentication-methods-to-use + defaultValues: + - https://refeds.org/profile/mfa + - urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken + - urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport + attributeName: http://shibboleth.net/ns/profiles/defaultAuthenticationMethods + attributeFriendlyName: defaultAuthenticationMethods + - name: forceAuthn + displayName: label.force-authn + displayType: boolean + defaultValue: false + helpText: tooltip.force-authn + attributeName: http://shibboleth.net/ns/profiles/forceAuthn + attributeFriendlyName: forceAuthn +logging: + level: + org.pac4j: "TRACE" + org.opensaml: "INFO" diff --git a/testbed/mariadb/conf/keystore.p12 b/testbed/mariadb/conf/keystore.p12 new file mode 100644 index 000000000..57f9c162a Binary files /dev/null and b/testbed/mariadb/conf/keystore.p12 differ diff --git a/testbed/mariadb/conf/users.csv b/testbed/mariadb/conf/users.csv new file mode 100644 index 000000000..db290662e --- /dev/null +++ b/testbed/mariadb/conf/users.csv @@ -0,0 +1,2 @@ +root,{bcrypt}$2a$10$V1jeTIc0b2u7Y3yU.LqkXOPRVTBFc7SW07QaJR4KrBAmWGgTcO9H.,first,last,ROLE_ADMIN,user1@example.org +jj,{bcrypt}$2a$10$V1jeTIc0b2u7Y3yU.LqkXOPRVTBFc7SW07QaJR4KrBAmWGgTcO9H.,first,last,ROLE_ADMIN,jj@example.org \ No newline at end of file diff --git a/testbed/mariadb/docker-compose.yml b/testbed/mariadb/docker-compose.yml new file mode 100644 index 000000000..bbdfde0c5 --- /dev/null +++ b/testbed/mariadb/docker-compose.yml @@ -0,0 +1,41 @@ +version: "3.7" + +services: + db: + image: mariadb + container_name: db + environment: + MYSQL_DATABASE: shibui + MYSQL_USER: shibui + MYSQL_PASSWORD: shibui + MYSQL_ROOT_PASSWORD: root + + networks: + - front + ports: + - 3306:3306 + shibui: + image: unicon/shibui + ports: + - 8080:8080 + - 5005:5005 + - 8443:8443 + volumes: + - ./conf:/conf + - ./conf/application.yml:/application.yml + networks: + - front + depends_on: + - db + mailhog: + image: mailhog/mailhog:latest + ports: + - 1025:1025 + - 8025:8025 + container_name: mailhog + networks: + - front + +networks: + front: + driver: bridge