From d15ed453be65974d5452cbb839297b281fd254f6 Mon Sep 17 00:00:00 2001 From: Jj! Date: Tue, 5 Mar 2019 14:40:16 -0600 Subject: [PATCH 1/8] [NOISSUE] mark default inverted booleans --- backend/src/main/resources/application.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml index 12bfd55cc..8e823e8a3 100644 --- a/backend/src/main/resources/application.yml +++ b/backend/src/main/resources/application.yml @@ -61,6 +61,7 @@ custom: helpText: tooltip.dont-sign-response attributeName: http://shibboleth.net/ns/profiles/saml2/sso/browser/signResponses attributeFriendlyName: signResponses + invert: true - name: turnOffEncryption displayName: label.turn-off-encryption-of-response displayType: boolean @@ -68,6 +69,7 @@ custom: helpText: tooltip.turn-off-encryption attributeName: http://shibboleth.net/ns/profiles/encryptAssertions attributeFriendlyName: encryptAssertions + invert: true - name: useSha displayName: label.use-sha1-signing-algorithm displayType: boolean @@ -93,6 +95,7 @@ custom: helpText: tooltip.omit-not-before-condition attributeName: http://shibboleth.net/ns/profiles/includeConditionsNotBefore attributeFriendlyName: includeConditionsNotBefore + invert: true - name: responderId displayName: label.responder-id displayType: string From 1985d3618aebdd3372b324a29b431edb1badc64d Mon Sep 17 00:00:00 2001 From: Jj! Date: Tue, 5 Mar 2019 14:40:35 -0600 Subject: [PATCH 2/8] [NOISSUE] fix logic --- .../tier/shibboleth/admin/ui/service/JPAEntityServiceImpl.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityServiceImpl.java index 5724e8dd4..7afbac551 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityServiceImpl.java @@ -97,7 +97,7 @@ public List getAttributeListFromAttributeReleaseList(List att edu.internet2.tier.shibboleth.admin.ui.domain.Attribute getAttributeFromObjectAndRelyingPartyOverrideProperty(Object o, RelyingPartyOverrideProperty overrideProperty) { switch (ModelRepresentationConversions.AttributeTypes.valueOf(overrideProperty.getDisplayType().toUpperCase())) { case BOOLEAN: - if ((o instanceof Boolean && ((Boolean)o) || (!(Boolean)o && Boolean.valueOf(overrideProperty.getInvert()))) || + if ((o instanceof Boolean && ((Boolean)o)) || (o instanceof String) && Boolean.valueOf((String)o)) { if (overrideProperty.getPersistType() != null && !overrideProperty.getPersistType().equalsIgnoreCase("boolean")) { From da58b4d32598aadc520df369b01cda045842c9b7 Mon Sep 17 00:00:00 2001 From: Jj! Date: Tue, 5 Mar 2019 15:17:16 -0600 Subject: [PATCH 3/8] [NOISSUE] remove unneeded test --- .../admin/ui/service/AuxiliaryJPAEntityServiceTests.groovy | 1 - 1 file changed, 1 deletion(-) diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/AuxiliaryJPAEntityServiceTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/AuxiliaryJPAEntityServiceTests.groovy index dccf8c8fd..92c2627aa 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/AuxiliaryJPAEntityServiceTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/AuxiliaryJPAEntityServiceTests.groovy @@ -41,6 +41,5 @@ class AuxiliaryJPAEntityServiceTests extends Specification { where: input | output true | false - false | true } } From 88384a5468bdaa82cf68a0d4ffee993914e5e16a Mon Sep 17 00:00:00 2001 From: Jj! Date: Tue, 5 Mar 2019 15:49:39 -0600 Subject: [PATCH 4/8] [NOISSUE] bootstrap root user into database --- .../configuration/auto/WebSecurityConfig.java | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java index 1dcdc6ce7..3858ad10e 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java @@ -1,6 +1,9 @@ package edu.internet2.tier.shibboleth.admin.ui.configuration.auto; import edu.internet2.tier.shibboleth.admin.ui.security.DefaultAuditorAware; +import edu.internet2.tier.shibboleth.admin.ui.security.model.Role; +import edu.internet2.tier.shibboleth.admin.ui.security.model.User; +import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository; import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository; import edu.internet2.tier.shibboleth.admin.ui.security.springsecurity.AdminUserService; import org.springframework.beans.factory.annotation.Autowired; @@ -23,6 +26,8 @@ import org.springframework.security.web.firewall.StrictHttpFirewall; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; +import java.util.Collections; + /** * Web security configuration. *

@@ -42,6 +47,9 @@ public class WebSecurityConfig { @Autowired private UserRepository userRepository; + @Autowired + private RoleRepository roleRepository; + @Bean public HttpFirewall allowUrlEncodedSlashHttpFirewall() { StrictHttpFirewall firewall = new StrictHttpFirewall(); @@ -72,6 +80,25 @@ protected void configure(AuthenticationManagerBuilder auth) throws Exception { // TODO: more configurable authentication PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder(); if (defaultPassword != null && !"".equals(defaultPassword)) { + // TODO: yeah, this isn't good, but we gotta initialize this user for now + Role adminRole = roleRepository.findByName("ROLE_ADMIN").orElseGet(() -> { + Role r = new Role(); + r.setName("ROLE_ADMIN"); + return roleRepository.saveAndFlush(r); + }); + User adminUser = userRepository.findByUsername("root").orElseGet(() ->{ + User u = new User(); + u.setUsername("root"); + u.setPassword(defaultPassword); + u.setFirstName("admin"); + u.setLastName("user"); + u.setRoles(Collections.singleton(adminRole)); + u.setEmailAddress("admin@localhost"); + return userRepository.saveAndFlush(u); + }); + adminUser.setPassword(defaultPassword); + userRepository.saveAndFlush(adminUser); + auth .inMemoryAuthentication() .withUser("root") From 0b8bee12d2c30cfde6ef9411374e1d99a08f24a8 Mon Sep 17 00:00:00 2001 From: Jj! Date: Tue, 5 Mar 2019 15:52:46 -0600 Subject: [PATCH 5/8] [NOISSUE] move scope --- .../admin/ui/configuration/auto/WebSecurityConfig.java | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java index 3858ad10e..5d64ab623 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java @@ -81,17 +81,17 @@ protected void configure(AuthenticationManagerBuilder auth) throws Exception { PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder(); if (defaultPassword != null && !"".equals(defaultPassword)) { // TODO: yeah, this isn't good, but we gotta initialize this user for now - Role adminRole = roleRepository.findByName("ROLE_ADMIN").orElseGet(() -> { - Role r = new Role(); - r.setName("ROLE_ADMIN"); - return roleRepository.saveAndFlush(r); - }); User adminUser = userRepository.findByUsername("root").orElseGet(() ->{ User u = new User(); u.setUsername("root"); u.setPassword(defaultPassword); u.setFirstName("admin"); u.setLastName("user"); + Role adminRole = roleRepository.findByName("ROLE_ADMIN").orElseGet(() -> { + Role r = new Role(); + r.setName("ROLE_ADMIN"); + return roleRepository.saveAndFlush(r); + }); u.setRoles(Collections.singleton(adminRole)); u.setEmailAddress("admin@localhost"); return userRepository.saveAndFlush(u); From f4531f0830d23d269ef6ec24b2651bcf8fdbd8bc Mon Sep 17 00:00:00 2001 From: Jj! Date: Tue, 5 Mar 2019 16:57:41 -0600 Subject: [PATCH 6/8] [NOISSUE] update documentation --- README.md | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/README.md b/README.md index a03a53d0b..4ec4f8196 100644 --- a/README.md +++ b/README.md @@ -47,12 +47,7 @@ The easiest way to do this in a servlet container is through the use of system p ## Authentication Currently, the application is wired with very simple authentication. A password for the user `root` -can be set with the `shibui.default-password` property. If none is set, a default password -will be generated and logged: - -``` -Using default security password: a3d9ab96-9c63-414f-b199-26fcf59e1ffa -``` +can be set with the `shibui.default-password` property. ## Default Properties From 5c2f4179ba75fc5ab61bacbb72116a66a4801448 Mon Sep 17 00:00:00 2001 From: Jj! Date: Wed, 6 Mar 2019 08:33:09 -0600 Subject: [PATCH 7/8] [NOISSUE] update default configuration --- backend/src/main/resources/application.properties | 1 + 1 file changed, 1 insertion(+) diff --git a/backend/src/main/resources/application.properties b/backend/src/main/resources/application.properties index 3a18fb01a..a84f4a3a3 100644 --- a/backend/src/main/resources/application.properties +++ b/backend/src/main/resources/application.properties @@ -19,6 +19,7 @@ spring.datasource.driverClassName=org.h2.Driver spring.jpa.database-platform=org.hibernate.dialect.H2Dialect spring.h2.console.enabled=true +spring.jackson.default-property-inclusion=non_absent # Database Configuration PostgreSQL #spring.datasource.url=jdbc:postgresql://localhost:5432/shibui From 58599fe808d65fdff7276bb4c0365f3b8d1ed968 Mon Sep 17 00:00:00 2001 From: Jj! Date: Wed, 6 Mar 2019 08:39:37 -0600 Subject: [PATCH 8/8] [NOISSUE] comment out configuration for now --- backend/src/main/resources/application.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/src/main/resources/application.properties b/backend/src/main/resources/application.properties index a84f4a3a3..b0f63bd34 100644 --- a/backend/src/main/resources/application.properties +++ b/backend/src/main/resources/application.properties @@ -19,7 +19,7 @@ spring.datasource.driverClassName=org.h2.Driver spring.jpa.database-platform=org.hibernate.dialect.H2Dialect spring.h2.console.enabled=true -spring.jackson.default-property-inclusion=non_absent +# spring.jackson.default-property-inclusion=non_absent # Database Configuration PostgreSQL #spring.datasource.url=jdbc:postgresql://localhost:5432/shibui