Merge branch 'feature/shibui-2269' of bitbucket.org:unicon/shib-idp-u…

…i into feature/shibui-2269

backend/build.gradle

@@ -171,9 +171,10 @@ dependencies {
     runtimeOnly 'org.glassfish.jaxb:jaxb-runtime:2.3.0'
 
     compile "com.h2database:h2"
-    runtimeOnly 'org.postgresql:postgresql:42.3.4'
-    runtimeOnly 'org.mariadb.jdbc:mariadb-java-client:3.0.4'
-    runtimeOnly 'mysql:mysql-connector-java:8.0.29'
+    runtimeOnly "org.postgresql:postgresql:${project.'postgresVersion'}"
+    runtimeOnly "org.mariadb.jdbc:mariadb-java-client:${project.'mariadbVersion'}"
+    runtimeOnly "mysql:mysql-connector-java:${project.'mysqlVersion'}"
+    runtimeOnly "com.microsoft.sqlserver:mssql-jdbc:${project.'sqlserverVersion'}"
 
     //Swagger 3
     implementation 'org.springdoc:springdoc-openapi-ui:1.6.8'

backend/src/enversTest/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/envers/MetadataResolverEnversVersioningTests.groovy

@@ -14,7 +14,6 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.LocalDynamicMetad
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ReloadableMetadataResolverAttributes
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ResourceBackedMetadataResolver
 import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.TemplateScheme
-import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects
 import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverRepository
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.autoconfigure.domain.EntityScan
@@ -269,7 +268,7 @@ class MetadataResolverEnversVersioningTests extends Specification {
         when:
         ResourceBackedMetadataResolver resolver = new ResourceBackedMetadataResolver(name: 'rbmr').with {
             it.reloadableMetadataResolverAttributes = new ReloadableMetadataResolverAttributes(taskTimerRef: 'taskTimerRef')
-            it.classpathMetadataResource = new ClasspathMetadataResource(file: 'metadata.xml')
+            it.classpathMetadataResource = new ClasspathMetadataResource(fileResource: 'metadata.xml')
             it
         }
 
@@ -283,15 +282,15 @@ class MetadataResolverEnversVersioningTests extends Specification {
         resolverHistory.size() == 1
         getTargetEntityForRevisionIndex(resolverHistory, 0).name == 'rbmr'
         getTargetEntityForRevisionIndex(resolverHistory, 0).reloadableMetadataResolverAttributes.taskTimerRef == 'taskTimerRef'
-        getTargetEntityForRevisionIndex(resolverHistory, 0).classpathMetadataResource.file == 'metadata.xml'
+        getTargetEntityForRevisionIndex(resolverHistory, 0).classpathMetadataResource.fileResource == 'metadata.xml'
         getRevisionEntityForRevisionIndex(resolverHistory, 0).principalUserName == 'anonymousUser'
         getRevisionEntityForRevisionIndex(resolverHistory, 0).timestamp > 0L
         getModifiedEntityNames(resolverHistory, 0).sort() == expectedModifiedPersistentEntities.sort()
 
         when:
         resolver.name = 'rbmrUPDATED'
         resolver.reloadableMetadataResolverAttributes.taskTimerRef = 'taskTimerRefUPDATED'
-        resolver.classpathMetadataResource.file = 'metadataUPDATED.xml'
+        resolver.classpathMetadataResource.fileResource = 'metadataUPDATED.xml'
 
         resolverHistory = updateAndGetRevisionHistoryOfMetadataResolver(resolver,
                 metadataResolverRepository,
@@ -303,16 +302,16 @@ class MetadataResolverEnversVersioningTests extends Specification {
         resolverHistory.size() == 2
         getTargetEntityForRevisionIndex(resolverHistory, 1).name == 'rbmrUPDATED'
         getTargetEntityForRevisionIndex(resolverHistory, 1).reloadableMetadataResolverAttributes.taskTimerRef == 'taskTimerRefUPDATED'
-        getTargetEntityForRevisionIndex(resolverHistory, 1).classpathMetadataResource.file == 'metadataUPDATED.xml'
+        getTargetEntityForRevisionIndex(resolverHistory, 1).classpathMetadataResource.fileResource == 'metadataUPDATED.xml'
         getRevisionEntityForRevisionIndex(resolverHistory, 1).principalUserName == 'anonymousUser'
         getRevisionEntityForRevisionIndex(resolverHistory, 1).timestamp > 0L
         getModifiedEntityNames(resolverHistory, 1).sort() == expectedModifiedPersistentEntities.sort()
 
         //Check the original revision is intact
         getTargetEntityForRevisionIndex(resolverHistory, 0).name == 'rbmr'
         getTargetEntityForRevisionIndex(resolverHistory, 0).reloadableMetadataResolverAttributes.taskTimerRef == 'taskTimerRef'
-        getTargetEntityForRevisionIndex(resolverHistory, 0).classpathMetadataResource.file == 'metadata.xml'
+        getTargetEntityForRevisionIndex(resolverHistory, 0).classpathMetadataResource.fileResource == 'metadata.xml'
         getRevisionEntityForRevisionIndex(resolverHistory, 0).principalUserName == 'anonymousUser'
         getRevisionEntityForRevisionIndex(resolverHistory, 0).timestamp > 0L
     }
-}
+}

backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy

@@ -426,7 +426,7 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService {
                 MetadataResource(
                         'xmlns:resource': 'urn:mace:shibboleth:2.0:resource',
                         'xsi:type': 'resource:ClasspathResource',
-                        'file': resolver.classpathMetadataResource.file)
+                        'file': resolver.classpathMetadataResource.fileResource)
             }
 
             childNodes()

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/CustomEntityAttributeDefinition.java

@@ -35,7 +35,7 @@ public class CustomEntityAttributeDefinition implements IRelyingPartyOverridePro
     @ElementCollection
     @CollectionTable(name = "custom_entity_attr_list_items", joinColumns = @JoinColumn(name = "name"))
     @Fetch(FetchMode.JOIN)
-    @Column(name = "value", nullable = false)
+    @Column(name = "item_value", nullable = false)
     Set<String> customAttrListDefinitions = new HashSet<>();
 
     @Column(name = "default_value", nullable = true)
@@ -114,4 +114,4 @@ public void setName(String name) {
     public void updateExamplesList() {
         examples = customAttrListDefinitions;
     }
-}
+}

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/LocalizedName.java

@@ -3,6 +3,7 @@
 import org.hibernate.envers.Audited;
 
 import javax.annotation.Nullable;
+import javax.persistence.Column;
 import javax.persistence.MappedSuperclass;
 
 @MappedSuperclass
@@ -11,6 +12,7 @@ public class LocalizedName extends AbstractXMLObject implements org.opensaml.sam
 
     private String xMLLang;
 
+    @Column(name = "name_value")
     private String value;
 
     @Nullable
@@ -34,4 +36,4 @@ public String getValue() {
     public void setValue(@Nullable String value) {
         this.value = value;
     }
-}
+}

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/OrganizationURL.java

@@ -14,7 +14,7 @@ public class OrganizationURL extends AbstractXMLObject implements org.opensaml.s
 
     private String xMLLang;
 
-    @Column(name="value")
+    @Column(name="uri_value")
     private String uri;
 
     @Nullable

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Certificate.java

@@ -1,6 +1,7 @@
 package edu.internet2.tier.shibboleth.admin.ui.domain;
 
 import lombok.EqualsAndHashCode;
+import org.hibernate.annotations.Type;
 import org.hibernate.envers.Audited;
 
 import javax.annotation.Nullable;
@@ -14,6 +15,7 @@
 public class X509Certificate extends AbstractXMLObject implements org.opensaml.xmlsec.signature.X509Certificate {
     @Column(name = "x509CertificateValue")
     @Lob
+    @Type(type = "org.hibernate.type.TextType")
     private String value;
 
     @Nullable
@@ -26,4 +28,4 @@ public String getValue() {
     public void setValue(@Nullable String value) {
         this.value = value;
     }
-}
+}

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/EntityAttributesFilterTarget.java

@@ -26,7 +26,7 @@ public class EntityAttributesFilterTarget extends AbstractAuditable implements I
 
     @ElementCollection (fetch = FetchType.EAGER)
     @OrderColumn
-    @Column(length = 760)
+    @Column(length = 760, name="target_value")
     private List<String> value;
 
     public EntityAttributesFilterTargetType getEntityAttributesFilterTargetType() {

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/filters/NameIdFormatFilterTarget.java

@@ -8,6 +8,7 @@
 import org.hibernate.envers.AuditOverride;
 import org.hibernate.envers.Audited;
 
+import javax.persistence.Column;
 import javax.persistence.ElementCollection;
 import javax.persistence.Entity;
 import javax.persistence.OrderColumn;
@@ -27,6 +28,7 @@ public class NameIdFormatFilterTarget extends AbstractAuditable implements IFilt
 
     @ElementCollection
     @OrderColumn
+    @Column(name="target_value")
     private List<String> value;
 
     public NameIdFormatFilterTargetType getNameIdFormatFilterTargetType() {

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/ClasspathMetadataResource.java

@@ -15,6 +15,6 @@
 @Setter
 @EqualsAndHashCode
 public class ClasspathMetadataResource {
-
-    private String file;
-}
+    // renamed from "file" to work with SQLServer
+    private String fileResource;
+}

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/opensaml/OpenSamlFileBackedHTTPMetadataResolver.java

@@ -15,6 +15,7 @@
 
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
+import java.io.File;
 import java.time.Duration;
 import java.time.Instant;
 
@@ -135,4 +136,16 @@ public synchronized void refresh() throws ResolverException {
             }
         }
     }
+
+    @Override
+    public void validateBackupFile(final File backupFile) throws ResolverException {
+        // NOPE, not going to validate this because the file reference is likely not to exist on the shibui server nor even be a
+        // valid path on the running server. The file is needed for the XML, but we shouldn't be validating it.
+    }
+
+    @Override
+    protected byte[] fetchMetadata() throws ResolverException {
+        // NOPE, we don't need to try and fetch the metadata from either the URI nor the file
+        return null;
+    }
 }

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/opensaml/OpenSamlFilesystemMetadataResolver.java

@@ -88,4 +88,16 @@ public void refilter() {
             logger.error("An error occurred while attempting to filter metadata!", e);
         }
     }
+
+    @Override
+    public void validateMetadataFile(@Nonnull final File file) throws ResolverException {
+        // NOPE, not going to validate this because the file reference is likely not to exist on the shibui server nor even be a
+        // valid path on the running server. The file is needed for the XML, but we shouldn't be validating it.
+    }
+
+    @Override
+    protected byte[] fetchMetadata() throws ResolverException {
+        // NOPE, we don't need to try and fetch the metadata
+        return null;
+    }
 }

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverConverterServiceImpl.java

@@ -99,7 +99,7 @@ private OpenSamlResourceBackedMetadataResolver convertToOpenSamlRepresentation(R
                 break;
             case CLASSPATH:
                 resource = ResourceHelper.of(new ClassPathResource(placeholderResolverService()
-                        .resolveValueFromPossibleTokenPlaceholder(resolver.getClasspathMetadataResource().getFile())));
+                        .resolveValueFromPossibleTokenPlaceholder(resolver.getClasspathMetadataResource().getFileResource())));
                 break;
             default:
                 throw new RuntimeException("Unsupported resource type!");
@@ -153,4 +153,4 @@ public boolean isDirectory() {
             return true;
         }
     }
-}
+}

backend/src/main/resources/application.properties

@@ -9,14 +9,17 @@ logging.level.org.springframework=INFO
 logging.level.edu.internet2.tier.shibboleth.admin.ui=INFO
 
 spring.main.allow-bean-definition-overriding=true
+# "In Spring MVC, the path was previously analyzed by AntPathMatcher, but it was changed to use PathPatternParser introduced in WebFlux from Spring 5.3.0."
+# we still have the option to use ant path matcher thus keeping existing configuration from having to change
+spring.mvc.pathmatch.matching-strategy=ant_path_matcher
 
 # Database Credentials
 spring.datasource.username=shibui
 spring.datasource.password=shibui
 
 # Database Configuration H2
 spring.datasource.url=jdbc:h2:mem:shibui;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
-spring.datasource.platform=h2
+spring.sql.init.platform=h2
 spring.datasource.driverClassName=org.h2.Driver
 spring.jpa.database-platform=org.hibernate.dialect.H2Dialect
 spring.h2.console.enabled=true
@@ -37,14 +40,15 @@ spring.jackson.mapper.accept-case-insensitive-enums=true
 #spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MariaDBDialect
 
 # Liquibase properties
-spring.liquibase.enabled=false
+spring.liquibase.enabled=true
+spring.liquibase.change-log=db/changelog/changelog.sql
 
 # Hibernate properties
 # for production never ever use create, create-drop. It's BEST to use validate
 spring.jpa.hibernate.ddl-auto=update
 spring.jpa.hibernate.naming.implicit-strategy=org.hibernate.boot.model.naming.ImplicitNamingStrategyJpaCompliantImpl
 spring.jpa.show-sql=false
-spring.jpa.properties.hibernate.format_sql=false
+spring.jpa.properties.hibernate.format_sql=true
 spring.jpa.properties.hibernate.check_nullability=true
 spring.jpa.hibernate.use-new-id-generator-mappings=true
 
@@ -114,10 +118,13 @@ shibui.roles.authenticated=ADMIN,ENABLE,USER
 #docker container
 shibui.beacon-enabled=true
 
+### Swagger/Springdoc patterns
 springdoc.use-management-port=true
 springdoc.swagger-ui.tagsSorter: alpha
 springdoc.writer-with-order-by-keys: true
 springdoc.pathsToMatch=/entities, /api/**
 # This property enables the openapi and swagger-ui endpoints to be exposed beneath the actuator base path.
-management.endpoints.web.exposure.include=openapi, swagger-ui
-management.server.port=9090
+management.endpoints.web.exposure.include=openapi, swagger-ui, info
+management.server.port=9090
+management.endpoints.web.cors.allowed-origins=*
+management.endpoints.web.cors.allowed-headers=*

backend/src/main/resources/application.yml

@@ -1,3 +1,12 @@
+#spring:
+#  jpa:
+#    show-sql: false
+#    properties:
+#      hibernate:
+#        format_sql: true
+#        dialect: org.hibernate.dialect.PostgreSQL95Dialect
+# OR SEE: https://access.redhat.com/webassets/avalon/d/red-hat-jboss-enterprise-application-platform/7.2/javadocs/org/hibernate/dialect/package-summary.html
+
 #shibui:
 ## Default password must be set for the default user to be configured and setup
 #  default-rootuser:root

backend/src/main/resources/db/changelog/README.txt

@@ -0,0 +1,18 @@
+Understanding the liquidbase changelog.sql file
+
+" -- liquibase formatted sql" - this is required at the top of this file "
+
+" -- changeset liquibase:1.11.0 dbms:mariadb,mysql,postgresql "
+This indicates a change set and the version - please use the release version that the change matches so that looking at the DB should
+give a good indication of what has been run.
+
+The dbms section indicates which DBs the changeset that follows is valid to be run on. If this is not present, Liquidbase will try
+to run the changeset always.
+
+" -- preconditions onFail:MARK_RAN "
+" -- precondition-sql-check expectedResult:1 SELECT count(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = N'users' "
+
+@see - https://docs.liquibase.com/concepts/changelogs/preconditions.html
+The check here is looking to see if the schema has been built out yet. If it has not, then the db is new and will be created
+correctly without needing to be updated, so MARK_RAN ensures that the given changeset will not be run, but will be added to the
+liquibase changesetlog table indicating that it was checked.