Merge branch 'develop' into feature/SHIBUI-1978-loading-spinners

Former-commit-id: fc60c5bf6d841c42f8371c644b5292e6a7cd7642
TIER · Aug 2, 2022 · 75b2c3e · 75b2c3e
2 parents 34b46b7 + c050260
commit 75b2c3e
Show file tree

Hide file tree

Showing 8 changed files with 324 additions and 11 deletions.
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Data.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Data.java
@@ -19,6 +19,7 @@
 import javax.xml.namespace.QName;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.List;
 import java.util.stream.Collectors;
 
@@ -74,10 +75,11 @@ public void addX509Certificate(edu.internet2.tier.shibboleth.admin.ui.domain.X50
         this.xmlObjects.add(x509Certificate);
     }
 
+    // TODO: might need to really implement this
     @Nonnull
     @Override
     public List<X509CRL> getX509CRLs() {
-        return null;
+        return Collections.EMPTY_LIST;
     }
 
     @Nonnull

diff --git a/backend/src/main/resources/jpa-signature-config.xml b/backend/src/main/resources/jpa-signature-config.xml
diff --git a/backend/src/main/resources/modified-saml2-assertion-config.xml b/backend/src/main/resources/modified-saml2-assertion-config.xml
@@ -230,7 +230,19 @@
             <MarshallingClass className="org.opensaml.saml.saml2.core.impl.NameIDTypeMarshaller"/>
             <UnmarshallingClass className="org.opensaml.saml.saml2.core.impl.NameIDTypeUnmarshaller"/>
         </ObjectProvider>
-
+
+        <ObjectProvider qualifiedName="saml2:Issuer">
+            <BuilderClass className="org.opensaml.saml.saml2.core.impl.IssuerBuilder"/>
+            <MarshallingClass className="org.opensaml.saml.saml2.core.impl.NameIDTypeMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.saml.saml2.core.impl.NameIDTypeUnmarshaller"/>
+        </ObjectProvider>
+
+        <ObjectProvider qualifiedName="saml2:IssuerType">
+            <BuilderClass className="org.opensaml.saml.saml2.core.impl.IssuerBuilder"/>
+            <MarshallingClass className="org.opensaml.saml.saml2.core.impl.NameIDTypeMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.saml.saml2.core.impl.NameIDTypeUnmarshaller"/>
+        </ObjectProvider>
+
         <!-- OneTimeUse -->
         <ObjectProvider qualifiedName="saml2:OneTimeUse">
             <BuilderClass className="org.opensaml.saml.saml2.core.impl.OneTimeUseBuilder"/>

diff --git a/pac4j-module/build.gradle b/pac4j-module/build.gradle
@@ -46,8 +46,11 @@ dependencies {
         exclude group: 'org.opensaml'
         exclude group: 'commons-collections'
     }
+    // But we do need this opensaml lib that wasn't provided
+    implementation "org.opensaml:opensaml-storage-impl:${project.'opensamlVersion'}"
     compile "org.apache.commons:commons-collections4:${project.'commonsCollections4Version'}"
 
+
     testCompile project(':backend')
     testCompile "org.opensaml:opensaml-saml-api:${project.'opensamlVersion'}"
 

diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java
@@ -5,7 +5,7 @@
 import edu.internet2.tier.shibboleth.admin.ui.security.service.IRolesService;
 import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService;
 import edu.internet2.tier.shibboleth.admin.ui.service.EmailService;
-import static net.unicon.shibui.pac4j.Pac4jConfiguration.PAC4J_CLIENT_NAME;
+import org.pac4j.core.authorization.authorizer.DefaultAuthorizers;
 import org.pac4j.core.config.Config;
 import org.pac4j.core.matching.matcher.Matcher;
 import org.pac4j.springframework.security.web.CallbackFilter;
@@ -26,6 +26,8 @@
 import javax.servlet.Filter;
 import java.util.Optional;
 
+import static net.unicon.shibui.pac4j.Pac4jConfiguration.PAC4J_CLIENT_NAME;
+
 @Configuration
 @AutoConfigureOrder(-1)
 @ConditionalOnProperty(name = "shibui.pac4j-enabled", havingValue = "true")
@@ -62,7 +64,8 @@ public Pac4jWebSecurityConfigurerAdapter(final Config config, UserService userSe
         protected void configure(HttpSecurity http) throws Exception {
             http.authorizeRequests().antMatchers("/unsecured/**/*").permitAll();
 
-            final SecurityFilter securityFilter = new SecurityFilter(this.config, PAC4J_CLIENT_NAME);
+            // adding the authorizor bypasses the default behavior of checking CSRF in Pac4J's default securitylogic+defaultauthorizationchecker
+            final SecurityFilter securityFilter = new SecurityFilter(this.config, PAC4J_CLIENT_NAME, DefaultAuthorizers.IS_AUTHENTICATED);
 
             // add filter based on auth type 
             http.antMatcher("/**").addFilterBefore(getFilter(config, pac4jConfigurationProperties.getTypeOfAuth()), BasicAuthenticationFilter.class);

diff --git a/testbed/authentication/docker-compose.yml b/testbed/authentication/docker-compose.yml
@@ -20,7 +20,7 @@ services:
       - "8080:8080"
       - "443:443"
       - "8443:8443"
-#      - "8000:8000"
+      - "9090:9090"
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ../reverse-proxy/:/configuration/
@@ -72,6 +72,7 @@ services:
       - ./shibui/application.yml:/application.yml
     ports:
       - "8000:8000"
+#      - "9090:9090"
     entrypoint: ["/usr/bin/java", "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:8000", "-jar", "app.war"]
 networks:
   reverse-proxy:

diff --git a/ui/src/app/App.js b/ui/src/app/App.js
@@ -33,6 +33,7 @@ import { SessionModal } from './core/user/SessionModal';
 import { Roles } from './admin/Roles';
 import { Groups } from './admin/Groups';
 import { BASE_PATH } from './App.constant';
+import { ProtectRoute } from './core/components/ProtectRoute';
 
 
 function App() {
@@ -81,12 +82,32 @@ function App() {
                                                     </Route>
                                                     <Route path="/dashboard" component={Dashboard} />
                                                     <Route path="/metadata/source/new" component={NewSource} />
-                                                    <Route path="/metadata/provider/new" component={NewProvider} />
-                                                    <Route path="/metadata/attributes" component={Attribute} />
-                                                    <Route path="/metadata/provider/:id/filter" component={Filter} />
+                                                    <Route path="/metadata/provider/new" render={() =>
+                                                        <ProtectRoute redirectTo="/dashboard">
+                                                            <NewProvider />
+                                                        </ProtectRoute>
+                                                    } />
+                                                    <Route path="/metadata/attributes"  render={() =>
+                                                        <ProtectRoute redirectTo="/dashboard">
+                                                            <Attribute />
+                                                        </ProtectRoute>
+                                                    } />
+                                                    <Route path="/metadata/provider/:id/filter"  render={() =>
+                                                        <ProtectRoute redirectTo="/dashboard">
+                                                            <Filter />
+                                                        </ProtectRoute>
+                                                    } />
                                                     <Route path="/metadata/:type/:id" component={Metadata} />
-                                                    <Route path="/roles" component={Roles} />
-                                                    <Route path="/groups" component={Groups} />
+                                                    <Route path="/roles" render={() =>
+                                                        <ProtectRoute redirectTo="/dashboard">
+                                                            <Roles />
+                                                        </ProtectRoute>
+                                                    } />
+                                                    <Route path="/groups" render={() =>
+                                                        <ProtectRoute redirectTo="/dashboard">
+                                                            <Groups />
+                                                        </ProtectRoute>
+                                                    } />
                                                     <Route path="*">
                                                         <Redirect to="/dashboard" />
                                                     </Route>

diff --git a/ui/src/app/dashboard/view/Dashboard.js b/ui/src/app/dashboard/view/Dashboard.js
@@ -118,6 +118,9 @@ export function Dashboard () {
                             loadingUsers={loading} />
                     </ProtectRoute>
                 } />
+                <Route exact path={`${path}/*`}>
+                    <Redirect to={`${url}/metadata/manager/resolvers`} />
+                </Route>
             </Switch></>
             }
         </div>