Merge branch 'master' into for-mary

TIER · Mar 6, 2019 · 3e0f12d · 3e0f12d
2 parents ffd105f + 58599fe
commit 3e0f12d
Show file tree

Hide file tree

Showing 6 changed files with 32 additions and 14 deletions.
diff --git a/README.md b/README.md
@@ -47,12 +47,7 @@ The easiest way to do this in a servlet container is through the use of system p
 ## Authentication
 
 Currently, the application is wired with very simple authentication. A password for the user `root`
-can be set with the `shibui.default-password` property. If none is set, a default password
-will be generated and logged:
-
-```
-Using default security password: a3d9ab96-9c63-414f-b199-26fcf59e1ffa
-```
+can be set with the `shibui.default-password` property.
 
 ## Default Properties
 

diff --git a/...ain/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java b/...ain/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java
@@ -1,6 +1,9 @@
 package edu.internet2.tier.shibboleth.admin.ui.configuration.auto;
 
 import edu.internet2.tier.shibboleth.admin.ui.security.DefaultAuditorAware;
+import edu.internet2.tier.shibboleth.admin.ui.security.model.Role;
+import edu.internet2.tier.shibboleth.admin.ui.security.model.User;
+import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository;
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository;
 import edu.internet2.tier.shibboleth.admin.ui.security.springsecurity.AdminUserService;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -12,23 +15,18 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
 import org.springframework.data.domain.AuditorAware;
-import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.web.access.AccessDeniedHandler;
 import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
 import org.springframework.security.web.firewall.HttpFirewall;
 import org.springframework.security.web.firewall.StrictHttpFirewall;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
+import java.util.Collections;
 
 /**
  * Web security configuration.
@@ -49,6 +47,9 @@ public class WebSecurityConfig {
     @Autowired
     private UserRepository userRepository;
 
+    @Autowired
+    private RoleRepository roleRepository;
+
     @Bean
     public HttpFirewall allowUrlEncodedSlashHttpFirewall() {
         StrictHttpFirewall firewall = new StrictHttpFirewall();
@@ -82,6 +83,25 @@ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
                 // TODO: more configurable authentication
                 PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
                 if (defaultPassword != null && !"".equals(defaultPassword)) {
+                    // TODO: yeah, this isn't good, but we gotta initialize this user for now
+                    User adminUser = userRepository.findByUsername("root").orElseGet(() ->{
+                        User u = new User();
+                        u.setUsername("root");
+                        u.setPassword(defaultPassword);
+                        u.setFirstName("admin");
+                        u.setLastName("user");
+                        Role adminRole = roleRepository.findByName("ROLE_ADMIN").orElseGet(() -> {
+                            Role r = new Role();
+                            r.setName("ROLE_ADMIN");
+                            return roleRepository.saveAndFlush(r);
+                        });
+                        u.setRoles(Collections.singleton(adminRole));
+                        u.setEmailAddress("admin@localhost");
+                        return userRepository.saveAndFlush(u);
+                    });
+                    adminUser.setPassword(defaultPassword);
+                    userRepository.saveAndFlush(adminUser);
+
                     auth
                             .inMemoryAuthentication()
                             .withUser("root")

diff --git a/...nd/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityServiceImpl.java b/...nd/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityServiceImpl.java
@@ -97,7 +97,7 @@ public List<Attribute> getAttributeListFromAttributeReleaseList(List<String> att
     edu.internet2.tier.shibboleth.admin.ui.domain.Attribute getAttributeFromObjectAndRelyingPartyOverrideProperty(Object o, RelyingPartyOverrideProperty overrideProperty) {
         switch (ModelRepresentationConversions.AttributeTypes.valueOf(overrideProperty.getDisplayType().toUpperCase())) {
             case BOOLEAN:
-                if ((o instanceof Boolean && ((Boolean)o) || (!(Boolean)o && Boolean.valueOf(overrideProperty.getInvert()))) ||
+                if ((o instanceof Boolean && ((Boolean)o)) ||
                         (o instanceof String) && Boolean.valueOf((String)o)) {
                     if (overrideProperty.getPersistType() != null &&
                             !overrideProperty.getPersistType().equalsIgnoreCase("boolean")) {

diff --git a/backend/src/main/resources/application.properties b/backend/src/main/resources/application.properties
@@ -19,6 +19,7 @@ spring.datasource.driverClassName=org.h2.Driver
 spring.jpa.database-platform=org.hibernate.dialect.H2Dialect
 spring.h2.console.enabled=true
 
+# spring.jackson.default-property-inclusion=non_absent
 
 # Database Configuration PostgreSQL
 #spring.datasource.url=jdbc:postgresql://localhost:5432/shibui

diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml
@@ -61,13 +61,15 @@ custom:
       helpText: tooltip.dont-sign-response
       attributeName: http://shibboleth.net/ns/profiles/saml2/sso/browser/signResponses
       attributeFriendlyName: signResponses
+      invert: true
     - name: turnOffEncryption
       displayName: label.turn-off-encryption-of-response
       displayType: boolean
       defaultValue: false
       helpText: tooltip.turn-off-encryption
       attributeName: http://shibboleth.net/ns/profiles/encryptAssertions
       attributeFriendlyName: encryptAssertions
+      invert: true
     - name: useSha
       displayName: label.use-sha1-signing-algorithm
       displayType: boolean
@@ -93,6 +95,7 @@ custom:
       helpText: tooltip.omit-not-before-condition
       attributeName: http://shibboleth.net/ns/profiles/includeConditionsNotBefore
       attributeFriendlyName: includeConditionsNotBefore
+      invert: true
     - name: responderId
       displayName: label.responder-id
       displayType: string

diff --git a/...oovy/edu/internet2/tier/shibboleth/admin/ui/service/AuxiliaryJPAEntityServiceTests.groovy b/...oovy/edu/internet2/tier/shibboleth/admin/ui/service/AuxiliaryJPAEntityServiceTests.groovy
@@ -41,6 +41,5 @@ class AuxiliaryJPAEntityServiceTests extends Specification {
         where:
         input | output
         true  | false
-        false | true
     }
 }