diff --git a/backend/build.gradle b/backend/build.gradle index 887d2e86e..90cc83503 100644 --- a/backend/build.gradle +++ b/backend/build.gradle @@ -174,7 +174,7 @@ dependencies { runtimeOnly 'org.postgresql:postgresql:42.3.4' runtimeOnly 'org.mariadb.jdbc:mariadb-java-client:3.0.4' runtimeOnly 'mysql:mysql-connector-java:8.0.29' - //SQL Server? + runtimeOnly 'com.microsoft.sqlserver:mssql-jdbc:9.4.1.jre11' //Swagger compile 'io.springfox:springfox-swagger2:2.9.2' diff --git a/backend/src/enversTest/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/envers/MetadataResolverEnversVersioningTests.groovy b/backend/src/enversTest/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/envers/MetadataResolverEnversVersioningTests.groovy index b468a2ffa..6d976a033 100644 --- a/backend/src/enversTest/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/envers/MetadataResolverEnversVersioningTests.groovy +++ b/backend/src/enversTest/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/envers/MetadataResolverEnversVersioningTests.groovy @@ -14,7 +14,6 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.LocalDynamicMetad import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ReloadableMetadataResolverAttributes import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ResourceBackedMetadataResolver import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.TemplateScheme -import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverRepository import org.springframework.beans.factory.annotation.Autowired import org.springframework.boot.autoconfigure.domain.EntityScan @@ -269,7 +268,7 @@ class MetadataResolverEnversVersioningTests extends Specification { when: ResourceBackedMetadataResolver resolver = new ResourceBackedMetadataResolver(name: 'rbmr').with { it.reloadableMetadataResolverAttributes = new ReloadableMetadataResolverAttributes(taskTimerRef: 'taskTimerRef') - it.classpathMetadataResource = new ClasspathMetadataResource(file: 'metadata.xml') + it.classpathMetadataResource = new ClasspathMetadataResource(fileResource: 'metadata.xml') it } @@ -283,7 +282,7 @@ class MetadataResolverEnversVersioningTests extends Specification { resolverHistory.size() == 1 getTargetEntityForRevisionIndex(resolverHistory, 0).name == 'rbmr' getTargetEntityForRevisionIndex(resolverHistory, 0).reloadableMetadataResolverAttributes.taskTimerRef == 'taskTimerRef' - getTargetEntityForRevisionIndex(resolverHistory, 0).classpathMetadataResource.file == 'metadata.xml' + getTargetEntityForRevisionIndex(resolverHistory, 0).classpathMetadataResource.fileResource == 'metadata.xml' getRevisionEntityForRevisionIndex(resolverHistory, 0).principalUserName == 'anonymousUser' getRevisionEntityForRevisionIndex(resolverHistory, 0).timestamp > 0L getModifiedEntityNames(resolverHistory, 0).sort() == expectedModifiedPersistentEntities.sort() @@ -291,7 +290,7 @@ class MetadataResolverEnversVersioningTests extends Specification { when: resolver.name = 'rbmrUPDATED' resolver.reloadableMetadataResolverAttributes.taskTimerRef = 'taskTimerRefUPDATED' - resolver.classpathMetadataResource.file = 'metadataUPDATED.xml' + resolver.classpathMetadataResource.fileResource = 'metadataUPDATED.xml' resolverHistory = updateAndGetRevisionHistoryOfMetadataResolver(resolver, metadataResolverRepository, @@ -303,7 +302,7 @@ class MetadataResolverEnversVersioningTests extends Specification { resolverHistory.size() == 2 getTargetEntityForRevisionIndex(resolverHistory, 1).name == 'rbmrUPDATED' getTargetEntityForRevisionIndex(resolverHistory, 1).reloadableMetadataResolverAttributes.taskTimerRef == 'taskTimerRefUPDATED' - getTargetEntityForRevisionIndex(resolverHistory, 1).classpathMetadataResource.file == 'metadataUPDATED.xml' + getTargetEntityForRevisionIndex(resolverHistory, 1).classpathMetadataResource.fileResource == 'metadataUPDATED.xml' getRevisionEntityForRevisionIndex(resolverHistory, 1).principalUserName == 'anonymousUser' getRevisionEntityForRevisionIndex(resolverHistory, 1).timestamp > 0L getModifiedEntityNames(resolverHistory, 1).sort() == expectedModifiedPersistentEntities.sort() @@ -311,8 +310,8 @@ class MetadataResolverEnversVersioningTests extends Specification { //Check the original revision is intact getTargetEntityForRevisionIndex(resolverHistory, 0).name == 'rbmr' getTargetEntityForRevisionIndex(resolverHistory, 0).reloadableMetadataResolverAttributes.taskTimerRef == 'taskTimerRef' - getTargetEntityForRevisionIndex(resolverHistory, 0).classpathMetadataResource.file == 'metadata.xml' + getTargetEntityForRevisionIndex(resolverHistory, 0).classpathMetadataResource.fileResource == 'metadata.xml' getRevisionEntityForRevisionIndex(resolverHistory, 0).principalUserName == 'anonymousUser' getRevisionEntityForRevisionIndex(resolverHistory, 0).timestamp > 0L } -} +} \ No newline at end of file diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy index ed3f794c0..4c1f3a118 100644 --- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy @@ -419,7 +419,7 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService { MetadataResource( 'xmlns:resource': 'urn:mace:shibboleth:2.0:resource', 'xsi:type': 'resource:ClasspathResource', - 'file': resolver.classpathMetadataResource.file) + 'file': resolver.classpathMetadataResource.fileResource) } childNodes() diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/ClasspathMetadataResource.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/ClasspathMetadataResource.java index a3dc076ab..a76943378 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/ClasspathMetadataResource.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/ClasspathMetadataResource.java @@ -15,6 +15,6 @@ @Setter @EqualsAndHashCode public class ClasspathMetadataResource { - - private String file; -} + // renamed from "file" to work with SQLServer + private String fileResource; +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverConverterServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverConverterServiceImpl.java index 2343206a7..d0d20bd61 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverConverterServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverConverterServiceImpl.java @@ -99,7 +99,7 @@ private OpenSamlResourceBackedMetadataResolver convertToOpenSamlRepresentation(R break; case CLASSPATH: resource = ResourceHelper.of(new ClassPathResource(placeholderResolverService() - .resolveValueFromPossibleTokenPlaceholder(resolver.getClasspathMetadataResource().getFile()))); + .resolveValueFromPossibleTokenPlaceholder(resolver.getClasspathMetadataResource().getFileResource()))); break; default: throw new RuntimeException("Unsupported resource type!"); @@ -153,4 +153,4 @@ public boolean isDirectory() { return true; } } -} +} \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/OpenSamlResourceBackedMetadataResolverTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/OpenSamlResourceBackedMetadataResolverTests.groovy index 28223b2f8..52ae52374 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/OpenSamlResourceBackedMetadataResolverTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/domain/resolvers/OpenSamlResourceBackedMetadataResolverTests.groovy @@ -15,10 +15,10 @@ class OpenSamlResourceBackedMetadataResolverTests extends Specification { def 'test refresh'() { when: def rbmr = new ResourceBackedMetadataResolver(name: 'test', xmlId: 'test', classpathMetadataResource: new ClasspathMetadataResource('metadata/metadata.xml')) - def x = new OpenSamlResourceBackedMetadataResolver(openSamlObjects.parserPool, null, rbmr, ResourceHelper.of(new ClassPathResource(rbmr.classpathMetadataResource.file))) + def x = new OpenSamlResourceBackedMetadataResolver(openSamlObjects.parserPool, null, rbmr, ResourceHelper.of(new ClassPathResource(rbmr.classpathMetadataResource.fileResource))) x.refilter() then: noExceptionThrown() } -} +} \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy index 594ee6750..0a53d5173 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImplTests.groovy @@ -108,7 +108,7 @@ class JPAMetadataResolverServiceImplTests extends AbstractBaseDataJpaTest { it.resourceId = "testme" it.name = "testme" it.classpathMetadataResource = new ClasspathMetadataResource().with { - it.file = "metadata/aggregate.xml" + it.fileResource = "metadata/aggregate.xml" it } it.metadataFilters.add(new EntityAttributesFilter().with { @@ -275,7 +275,7 @@ class JPAMetadataResolverServiceImplTests extends AbstractBaseDataJpaTest { def resolver = new edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ResourceBackedMetadataResolver().with { it.xmlId = 'ClasspathResourceMetadata' it.classpathMetadataResource = new ClasspathMetadataResource().with { - it.file = '/path/to/a/classpath/location/metadata.xml' + it.fileResource = '/path/to/a/classpath/location/metadata.xml' it } it diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/util/TestObjectGenerator.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/util/TestObjectGenerator.groovy index bf17b107e..7b2865462 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/util/TestObjectGenerator.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/util/TestObjectGenerator.groovy @@ -30,7 +30,6 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataQueryProt import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ReloadableMetadataResolverAttributes import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ResourceBackedMetadataResolver -import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.SvnMetadataResource import edu.internet2.tier.shibboleth.admin.util.AttributeUtility import edu.internet2.tier.shibboleth.admin.util.MDDCConstants import edu.internet2.tier.shibboleth.admin.util.ModelRepresentationConversions @@ -607,7 +606,7 @@ class TestObjectGenerator { it.name = 'ClasspathResourceMetadata' it.xmlId = 'ClasspathResourceMetadata' it.classpathMetadataResource = new ClasspathMetadataResource().with { - it.file = 'metadata/metadata.xml' + it.fileResource = 'metadata/metadata.xml' it } it.reloadableMetadataResolverAttributes = new ReloadableMetadataResolverAttributes().with { diff --git a/testbed/sqlServer/conf/application.yml b/testbed/sqlServer/conf/application.yml new file mode 100644 index 000000000..1e48abf4d --- /dev/null +++ b/testbed/sqlServer/conf/application.yml @@ -0,0 +1,138 @@ +spring: + profiles: + include: + datasource: + platform: sqlserver + driver-class-name: com.microsoft.sqlserver.jdbc.SQLServerDriver + url: jdbc:sqlserver://db:1433 + username: sa + password: Password1 + jpa: + properties: + hibernate: + dialect: org.hibernate.dialect.SQLServerDialect +#server: +# port: 8443 +# ssl: +# key-store: "/conf/keystore.p12" +# key-store-password: "changeit" +# keyStoreType: "PKCS12" +# keyAlias: "tomcat" +shibui: + user-bootstrap-resource: file:/conf/users.csv + roles: ROLE_ADMIN,ROLE_NONE,ROLE_USER,ROLE_PONY +custom: + attributes: + # Default attributes + - name: eduPersonPrincipalName + displayName: label.attribute-eduPersonPrincipalName + - name: uid + displayName: label.attribute-uid + - name: mail + displayName: label.attribute-mail + - name: surname + displayName: label.attribute-surname + - name: givenName + displayName: label.attribute-givenName + - name: eduPersonAffiliation + displayName: label.attribute-eduPersonAffiliation + - name: eduPersonScopedAffiliation + displayName: label.attribute-eduPersonScopedAffiliation + - name: eduPersonPrimaryAffiliation + displayName: label.attribute-eduPersonPrimaryAffiliation + - name: eduPersonEntitlement + displayName: label.attribute-eduPersonEntitlement + - name: eduPersonAssurance + displayName: label.attribute-eduPersonAssurance + - name: eduPersonUniqueId + displayName: label.attribute-eduPersonUniqueId + - name: employeeNumber + displayName: label.attribute-employeeNumber + # Custom attributes + overrides: + # Default overrides + - name: signAssertion + displayName: label.sign-the-assertion + displayType: boolean + defaultValue: false + helpText: tooltip.sign-assertion + attributeName: http://shibboleth.net/ns/profiles/saml2/sso/browser/signAssertions + attributeFriendlyName: signAssertions + - name: dontSignResponse + displayName: label.dont-sign-the-response + displayType: boolean + defaultValue: false + helpText: tooltip.dont-sign-response + attributeName: http://shibboleth.net/ns/profiles/saml2/sso/browser/signResponses + attributeFriendlyName: signResponses + - name: turnOffEncryption + displayName: label.turn-off-encryption-of-response + displayType: boolean + defaultValue: false + helpText: tooltip.turn-off-encryption + attributeName: http://shibboleth.net/ns/profiles/encryptAssertions + attributeFriendlyName: encryptAssertions + - name: useSha + displayName: label.use-sha1-signing-algorithm + displayType: boolean + defaultValue: false + helpText: tooltip.usa-sha-algorithm + persistType: string + persistValue: shibboleth.SecurityConfiguration.SHA1 + attributeName: http://shibboleth.net/ns/profiles/securityConfiguration + attributeFriendlyName: securityConfiguration + - name: ignoreAuthenticationMethod + displayName: label.ignore-any-sp-requested-authentication-method + displayType: boolean + defaultValue: false + helpText: tooltip.ignore-auth-method + persistType: string + persistValue: 0x1 + attributeName: http://shibboleth.net/ns/profiles/disallowedFeatures + attributeFriendlyName: disallowedFeatures + - name: omitNotBefore + displayName: label.omit-not-before-condition + displayType: boolean + defaultValue: false + helpText: tooltip.omit-not-before-condition + attributeName: http://shibboleth.net/ns/profiles/includeConditionsNotBefore + attributeFriendlyName: includeConditionsNotBefore + - name: responderId + displayName: label.responder-id + displayType: string + defaultValue: null + helpText: tooltip.responder-id + attributeName: http://shibboleth.net/ns/profiles/responderId + attributeFriendlyName: responderId + - name: nameIdFormats + displayName: label.nameid-format-to-send + displayType: set + helpText: tooltip.nameid-format + defaultValues: + - urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified + - urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress + - urn:oasis:names:tc:SAML:2.0:nameid-format:persistent + - urn:oasis:names:tc:SAML:2.0:nameid-format:transient + attributeName: http://shibboleth.net/ns/profiles/nameIDFormatPrecedence + attributeFriendlyName: nameIDFormatPrecedence + - name: authenticationMethods + displayName: label.authentication-methods-to-use + displayType: set + helpText: tooltip.authentication-methods-to-use + defaultValues: + - https://refeds.org/profile/mfa + - urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken + - urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport + attributeName: http://shibboleth.net/ns/profiles/defaultAuthenticationMethods + attributeFriendlyName: defaultAuthenticationMethods + - name: forceAuthn + displayName: label.force-authn + displayType: boolean + defaultValue: false + helpText: tooltip.force-authn + attributeName: http://shibboleth.net/ns/profiles/forceAuthn + attributeFriendlyName: forceAuthn +logging: + level: + org.pac4j: "TRACE" + org.opensaml: "INFO" \ No newline at end of file diff --git a/testbed/sqlServer/conf/keystore.p12 b/testbed/sqlServer/conf/keystore.p12 new file mode 100644 index 000000000..57f9c162a Binary files /dev/null and b/testbed/sqlServer/conf/keystore.p12 differ diff --git a/testbed/sqlServer/conf/users.csv b/testbed/sqlServer/conf/users.csv new file mode 100644 index 000000000..0ff75785d --- /dev/null +++ b/testbed/sqlServer/conf/users.csv @@ -0,0 +1,2 @@ +root,{bcrypt}$2a$10$V1jeTIc0b2u7Y3yU.LqkXOPRVTBFc7SW07QaJR4KrBAmWGgTcO9H.,first,last,ROLE_ADMIN,user1@example.org +admin,{bcrypt}$2a$10$V1jeTIc0b2u7Y3yU.LqkXOPRVTBFc7SW07QaJR4KrBAmWGgTcO9H.,first,last,ROLE_ADMIN,jj@example.org \ No newline at end of file diff --git a/testbed/sqlServer/docker-compose.yml b/testbed/sqlServer/docker-compose.yml new file mode 100644 index 000000000..a7509fe37 --- /dev/null +++ b/testbed/sqlServer/docker-compose.yml @@ -0,0 +1,29 @@ +version: "3.7" + +services: + db: + container_name: db + ports: + - 1433:1433 + build: + context: . + dockerfile: docker/Dockerfile + networks: + - front + shibui: + image: unicon/shibui + ports: + - 8080:8080 + - 5005:5005 + - 8443:8443 + volumes: + - ./conf:/conf + - ./conf/application.yml:/application.yml + depends_on: + - db + networks: + - front + +networks: + front: + driver: bridge \ No newline at end of file diff --git a/testbed/sqlServer/docker/Dockerfile b/testbed/sqlServer/docker/Dockerfile new file mode 100644 index 000000000..4d8379c31 --- /dev/null +++ b/testbed/sqlServer/docker/Dockerfile @@ -0,0 +1,9 @@ +FROM mcr.microsoft.com/mssql/server:2019-latest + +ENV ACCEPT_EULA=Y +ENV SA_PASSWORD=Password1 + +COPY ./docker/scripts / + +ENTRYPOINT [ "/bin/bash", "entrypoint.sh" ] +CMD [ "/opt/mssql/bin/sqlservr" ] \ No newline at end of file diff --git a/testbed/sqlServer/docker/scripts/entrypoint.sh b/testbed/sqlServer/docker/scripts/entrypoint.sh new file mode 100755 index 000000000..8b861beef --- /dev/null +++ b/testbed/sqlServer/docker/scripts/entrypoint.sh @@ -0,0 +1,22 @@ +#!/bin/bash +set -e + +if [ "$1" = '/opt/mssql/bin/sqlservr' ]; then + # If this is the container's first run, initialize the application database + if [ ! -f /tmp/app-initialized ]; then + # Initialize the application database asynchronously in a background process. This allows a) the SQL Server process to be the main process in the container, which allows graceful shutdown and other goodies, and b) us to only start the SQL Server process once, as opposed to starting, stopping, then starting it again. + function initialize_app_database() { + # Wait a bit for SQL Server to start. SQL Server's process doesn't provide a clever way to check if it's up or not, and it needs to be up before we can import the application database + sleep 15s + + #run the setup script to create the DB and the schema in the DB + /opt/mssql-tools/bin/sqlcmd -S db -U sa -P Password1 -d master -i setup.sql + + # Note that the container has been initialized so future starts won't wipe changes to the data + touch /tmp/app-initialized + } + initialize_app_database & + fi +fi + +exec "$@" \ No newline at end of file diff --git a/testbed/sqlServer/docker/scripts/setup.sql b/testbed/sqlServer/docker/scripts/setup.sql new file mode 100644 index 000000000..9c49fede4 --- /dev/null +++ b/testbed/sqlServer/docker/scripts/setup.sql @@ -0,0 +1,10 @@ +CREATE DATABASE shibui; +GO +USE shibui; +GO +CREATE LOGIN shibui WITH PASSWORD = 'shibuiPass1'; +GO +CREATE USER shibui FOR LOGIN shibui; +GO +EXEC sp_addrolemember 'db_owner', 'shibui'; +GO \ No newline at end of file