Merge branch 'feature/shibui-2262' into feature/shibui-2273

# Conflicts:
#	backend/build.gradle

backend/build.gradle

@@ -174,7 +174,7 @@ dependencies {
     runtimeOnly 'org.postgresql:postgresql:42.3.4'
     runtimeOnly 'org.mariadb.jdbc:mariadb-java-client:3.0.4'
     runtimeOnly 'mysql:mysql-connector-java:8.0.29'
-    //SQL Server?
+    runtimeOnly 'com.microsoft.sqlserver:mssql-jdbc:9.4.1.jre11'
 
     //Swagger
     compile 'io.springfox:springfox-swagger2:2.9.2'

backend/src/enversTest/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/envers/MetadataResolverEnversVersioningTests.groovy

@@ -14,7 +14,6 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.LocalDynamicMetad
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ReloadableMetadataResolverAttributes
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ResourceBackedMetadataResolver
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.TemplateScheme
-import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects
 import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverRepository
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.autoconfigure.domain.EntityScan
@@ -269,7 +268,7 @@ class MetadataResolverEnversVersioningTests extends Specification {
         when:
         ResourceBackedMetadataResolver resolver = new ResourceBackedMetadataResolver(name: 'rbmr').with {
             it.reloadableMetadataResolverAttributes = new ReloadableMetadataResolverAttributes(taskTimerRef: 'taskTimerRef')
-            it.classpathMetadataResource = new ClasspathMetadataResource(file: 'metadata.xml')
+            it.classpathMetadataResource = new ClasspathMetadataResource(fileResource: 'metadata.xml')
             it
         }
 
@@ -283,15 +282,15 @@ class MetadataResolverEnversVersioningTests extends Specification {
         resolverHistory.size() == 1
         getTargetEntityForRevisionIndex(resolverHistory, 0).name == 'rbmr'
         getTargetEntityForRevisionIndex(resolverHistory, 0).reloadableMetadataResolverAttributes.taskTimerRef == 'taskTimerRef'
-        getTargetEntityForRevisionIndex(resolverHistory, 0).classpathMetadataResource.file == 'metadata.xml'
+        getTargetEntityForRevisionIndex(resolverHistory, 0).classpathMetadataResource.fileResource == 'metadata.xml'
         getRevisionEntityForRevisionIndex(resolverHistory, 0).principalUserName == 'anonymousUser'
         getRevisionEntityForRevisionIndex(resolverHistory, 0).timestamp > 0L
         getModifiedEntityNames(resolverHistory, 0).sort() == expectedModifiedPersistentEntities.sort()
 
         when:
         resolver.name = 'rbmrUPDATED'
         resolver.reloadableMetadataResolverAttributes.taskTimerRef = 'taskTimerRefUPDATED'
-        resolver.classpathMetadataResource.file = 'metadataUPDATED.xml'
+        resolver.classpathMetadataResource.fileResource = 'metadataUPDATED.xml'
 
         resolverHistory = updateAndGetRevisionHistoryOfMetadataResolver(resolver,
                 metadataResolverRepository,
@@ -303,16 +302,16 @@ class MetadataResolverEnversVersioningTests extends Specification {
         resolverHistory.size() == 2
         getTargetEntityForRevisionIndex(resolverHistory, 1).name == 'rbmrUPDATED'
         getTargetEntityForRevisionIndex(resolverHistory, 1).reloadableMetadataResolverAttributes.taskTimerRef == 'taskTimerRefUPDATED'
-        getTargetEntityForRevisionIndex(resolverHistory, 1).classpathMetadataResource.file == 'metadataUPDATED.xml'
+        getTargetEntityForRevisionIndex(resolverHistory, 1).classpathMetadataResource.fileResource == 'metadataUPDATED.xml'
         getRevisionEntityForRevisionIndex(resolverHistory, 1).principalUserName == 'anonymousUser'
         getRevisionEntityForRevisionIndex(resolverHistory, 1).timestamp > 0L
         getModifiedEntityNames(resolverHistory, 1).sort() == expectedModifiedPersistentEntities.sort()
 
         //Check the original revision is intact
         getTargetEntityForRevisionIndex(resolverHistory, 0).name == 'rbmr'
         getTargetEntityForRevisionIndex(resolverHistory, 0).reloadableMetadataResolverAttributes.taskTimerRef == 'taskTimerRef'
-        getTargetEntityForRevisionIndex(resolverHistory, 0).classpathMetadataResource.file == 'metadata.xml'
+        getTargetEntityForRevisionIndex(resolverHistory, 0).classpathMetadataResource.fileResource == 'metadata.xml'
         getRevisionEntityForRevisionIndex(resolverHistory, 0).principalUserName == 'anonymousUser'
         getRevisionEntityForRevisionIndex(resolverHistory, 0).timestamp > 0L
     }
-}
+}

backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy

@@ -419,7 +419,7 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
                 MetadataResource(
                         'xmlns:resource': 'urn:mace:shibboleth:2.0:resource',
                         'xsi:type': 'resource:ClasspathResource',
-                        'file': resolver.classpathMetadataResource.file)
+                        'file': resolver.classpathMetadataResource.fileResource)
             }
 
             childNodes()

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/ClasspathMetadataResource.java

@@ -15,6 +15,6 @@
 @Setter
 @EqualsAndHashCode
 public class ClasspathMetadataResource {
-
-    private String file;
-}
+    // renamed from "file" to work with SQLServer
+    private String fileResource;
+}

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverConverterServiceImpl.java

@@ -99,7 +99,7 @@ private OpenSamlResourceBackedMetadataResolver convertToOpenSamlRepresentation(R
                 break;
             case CLASSPATH:
                 resource = ResourceHelper.of(new ClassPathResource(placeholderResolverService()
-                        .resolveValueFromPossibleTokenPlaceholder(resolver.getClasspathMetadataResource().getFile())));
+                        .resolveValueFromPossibleTokenPlaceholder(resolver.getClasspathMetadataResource().getFileResource())));
                 break;
             default:
                 throw new RuntimeException("Unsupported resource type!");
@@ -153,4 +153,4 @@ public boolean isDirectory() {
             return true;
         }
     }
-}
+}

backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/OpenSamlResourceBackedMetadataResolverTests.groovy

@@ -15,10 +15,10 @@ class OpenSamlResourceBackedMetadataResolverTests extends Specification {
     def 'test refresh'() {
         when:
         def rbmr = new ResourceBackedMetadataResolver(name: 'test', xmlId: 'test', classpathMetadataResource: new ClasspathMetadataResource('metadata/metadata.xml'))
-        def x = new OpenSamlResourceBackedMetadataResolver(openSamlObjects.parserPool, null, rbmr, ResourceHelper.of(new ClassPathResource(rbmr.classpathMetadataResource.file)))
+        def x = new OpenSamlResourceBackedMetadataResolver(openSamlObjects.parserPool, null, rbmr, ResourceHelper.of(new ClassPathResource(rbmr.classpathMetadataResource.fileResource)))
         x.refilter()
 
         then:
         noExceptionThrown()
     }
-}
+}

backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy

@@ -108,7 +108,7 @@ class JPAMetadataResolverServiceImplTests extends AbstractBaseDataJpaTest {
             it.resourceId = "testme"
             it.name = "testme"
             it.classpathMetadataResource = new ClasspathMetadataResource().with {
-                it.file = "metadata/aggregate.xml"
+                it.fileResource = "metadata/aggregate.xml"
                 it
             }
             it.metadataFilters.add(new EntityAttributesFilter().with {
@@ -275,7 +275,7 @@ class JPAMetadataResolverServiceImplTests extends AbstractBaseDataJpaTest {
         def resolver = new edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ResourceBackedMetadataResolver().with {
             it.xmlId = 'ClasspathResourceMetadata'
             it.classpathMetadataResource = new ClasspathMetadataResource().with {
-                it.file = '/path/to/a/classpath/location/metadata.xml'
+                it.fileResource = '/path/to/a/classpath/location/metadata.xml'
                 it
             }
             it

backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/util/TestObjectGenerator.groovy

@@ -30,7 +30,6 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataQueryProt
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ReloadableMetadataResolverAttributes
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ResourceBackedMetadataResolver
-import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.SvnMetadataResource
 import edu.internet2.tier.shibboleth.admin.util.AttributeUtility
 import edu.internet2.tier.shibboleth.admin.util.MDDCConstants
 import edu.internet2.tier.shibboleth.admin.util.ModelRepresentationConversions
@@ -607,7 +606,7 @@ class TestObjectGenerator {
             it.name = 'ClasspathResourceMetadata'
             it.xmlId = 'ClasspathResourceMetadata'
             it.classpathMetadataResource = new ClasspathMetadataResource().with {
-                it.file = 'metadata/metadata.xml'
+                it.fileResource = 'metadata/metadata.xml'
                 it
             }
             it.reloadableMetadataResolverAttributes = new ReloadableMetadataResolverAttributes().with {

testbed/sqlServer/conf/application.yml

@@ -0,0 +1,138 @@
+spring:
+  profiles:
+    include:
+  datasource:
+    platform: sqlserver
+    driver-class-name: com.microsoft.sqlserver.jdbc.SQLServerDriver
+    url: jdbc:sqlserver://db:1433
+    username: sa
+    password: Password1
+  jpa:
+    properties:
+      hibernate:
+        dialect: org.hibernate.dialect.SQLServerDialect
+#server:
+#  port: 8443
+#  ssl:
+#    key-store: "/conf/keystore.p12"
+#    key-store-password: "changeit"
+#    keyStoreType: "PKCS12"
+#    keyAlias: "tomcat"
+shibui:
+  user-bootstrap-resource: file:/conf/users.csv
+  roles: ROLE_ADMIN,ROLE_NONE,ROLE_USER,ROLE_PONY
+custom:
+  attributes:
+    # Default attributes
+    - name: eduPersonPrincipalName
+      displayName: label.attribute-eduPersonPrincipalName
+    - name: uid
+      displayName: label.attribute-uid
+    - name: mail
+      displayName: label.attribute-mail
+    - name: surname
+      displayName: label.attribute-surname
+    - name: givenName
+      displayName: label.attribute-givenName
+    - name: eduPersonAffiliation
+      displayName: label.attribute-eduPersonAffiliation
+    - name: eduPersonScopedAffiliation
+      displayName: label.attribute-eduPersonScopedAffiliation
+    - name: eduPersonPrimaryAffiliation
+      displayName: label.attribute-eduPersonPrimaryAffiliation
+    - name: eduPersonEntitlement
+      displayName: label.attribute-eduPersonEntitlement
+    - name: eduPersonAssurance
+      displayName: label.attribute-eduPersonAssurance
+    - name: eduPersonUniqueId
+      displayName: label.attribute-eduPersonUniqueId
+    - name: employeeNumber
+      displayName: label.attribute-employeeNumber
+  # Custom attributes
+  overrides:
+    # Default overrides
+    - name: signAssertion
+      displayName: label.sign-the-assertion
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.sign-assertion
+      attributeName: http://shibboleth.net/ns/profiles/saml2/sso/browser/signAssertions
+      attributeFriendlyName: signAssertions
+    - name: dontSignResponse
+      displayName: label.dont-sign-the-response
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.dont-sign-response
+      attributeName: http://shibboleth.net/ns/profiles/saml2/sso/browser/signResponses
+      attributeFriendlyName: signResponses
+    - name: turnOffEncryption
+      displayName: label.turn-off-encryption-of-response
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.turn-off-encryption
+      attributeName: http://shibboleth.net/ns/profiles/encryptAssertions
+      attributeFriendlyName: encryptAssertions
+    - name: useSha
+      displayName: label.use-sha1-signing-algorithm
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.usa-sha-algorithm
+      persistType: string
+      persistValue: shibboleth.SecurityConfiguration.SHA1
+      attributeName: http://shibboleth.net/ns/profiles/securityConfiguration
+      attributeFriendlyName: securityConfiguration
+    - name: ignoreAuthenticationMethod
+      displayName: label.ignore-any-sp-requested-authentication-method
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.ignore-auth-method
+      persistType: string
+      persistValue: 0x1
+      attributeName: http://shibboleth.net/ns/profiles/disallowedFeatures
+      attributeFriendlyName: disallowedFeatures
+    - name: omitNotBefore
+      displayName: label.omit-not-before-condition
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.omit-not-before-condition
+      attributeName: http://shibboleth.net/ns/profiles/includeConditionsNotBefore
+      attributeFriendlyName: includeConditionsNotBefore
+    - name: responderId
+      displayName: label.responder-id
+      displayType: string
+      defaultValue: null
+      helpText: tooltip.responder-id
+      attributeName: http://shibboleth.net/ns/profiles/responderId
+      attributeFriendlyName: responderId
+    - name: nameIdFormats
+      displayName: label.nameid-format-to-send
+      displayType: set
+      helpText: tooltip.nameid-format
+      defaultValues:
+        - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
+        - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
+        - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
+        - urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+      attributeName: http://shibboleth.net/ns/profiles/nameIDFormatPrecedence
+      attributeFriendlyName: nameIDFormatPrecedence
+    - name: authenticationMethods
+      displayName: label.authentication-methods-to-use
+      displayType: set
+      helpText: tooltip.authentication-methods-to-use
+      defaultValues:
+        - https://refeds.org/profile/mfa
+        - urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken
+        - urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
+      attributeName: http://shibboleth.net/ns/profiles/defaultAuthenticationMethods
+      attributeFriendlyName: defaultAuthenticationMethods
+    - name: forceAuthn
+      displayName: label.force-authn
+      displayType: boolean
+      defaultValue: false
+      helpText: tooltip.force-authn
+      attributeName: http://shibboleth.net/ns/profiles/forceAuthn
+      attributeFriendlyName: forceAuthn
+logging:
+  level:
+    org.pac4j: "TRACE"
+    org.opensaml: "INFO"

testbed/sqlServer/conf/users.csv

@@ -0,0 +1,2 @@
+root,{bcrypt}$2a$10$V1jeTIc0b2u7Y3yU.LqkXOPRVTBFc7SW07QaJR4KrBAmWGgTcO9H.,first,last,ROLE_ADMIN,user1@example.org
+admin,{bcrypt}$2a$10$V1jeTIc0b2u7Y3yU.LqkXOPRVTBFc7SW07QaJR4KrBAmWGgTcO9H.,first,last,ROLE_ADMIN,jj@example.org

testbed/sqlServer/docker-compose.yml

@@ -0,0 +1,29 @@
+version: "3.7"
+
+services:
+  db:
+    container_name: db
+    ports:
+      - 1433:1433
+    build:
+      context: .
+      dockerfile: docker/Dockerfile
+    networks:
+      - front
+  shibui:
+    image: unicon/shibui
+    ports:
+      - 8080:8080
+      - 5005:5005
+      - 8443:8443
+    volumes:
+      - ./conf:/conf
+      - ./conf/application.yml:/application.yml
+    depends_on:
+      - db
+    networks:
+      - front
+
+networks:
+  front:
+    driver: bridge

testbed/sqlServer/docker/Dockerfile

@@ -0,0 +1,9 @@
+FROM mcr.microsoft.com/mssql/server:2019-latest
+
+ENV ACCEPT_EULA=Y
+ENV SA_PASSWORD=Password1
+
+COPY ./docker/scripts /
+
+ENTRYPOINT [ "/bin/bash", "entrypoint.sh" ]
+CMD [ "/opt/mssql/bin/sqlservr" ]

testbed/sqlServer/docker/scripts/entrypoint.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+set -e
+
+if [ "$1" = '/opt/mssql/bin/sqlservr' ]; then
+  # If this is the container's first run, initialize the application database
+  if [ ! -f /tmp/app-initialized ]; then
+    # Initialize the application database asynchronously in a background process. This allows a) the SQL Server process to be the main process in the container, which allows graceful shutdown and other goodies, and b) us to only start the SQL Server process once, as opposed to starting, stopping, then starting it again.
+    function initialize_app_database() {
+      # Wait a bit for SQL Server to start. SQL Server's process doesn't provide a clever way to check if it's up or not, and it needs to be up before we can import the application database
+      sleep 15s
+
+      #run the setup script to create the DB and the schema in the DB
+      /opt/mssql-tools/bin/sqlcmd -S db -U sa -P Password1 -d master -i setup.sql
+
+      # Note that the container has been initialized so future starts won't wipe changes to the data
+      touch /tmp/app-initialized
+    }
+    initialize_app_database &
+  fi
+fi
+
+exec "$@"

testbed/sqlServer/docker/scripts/setup.sql

@@ -0,0 +1,10 @@
+CREATE DATABASE shibui;
+GO
+USE shibui;
+GO
+CREATE LOGIN shibui WITH PASSWORD = 'shibuiPass1';
+GO
+CREATE USER shibui FOR LOGIN shibui;
+GO
+EXEC sp_addrolemember 'db_owner', 'shibui';
+GO