From 3c4526ca2bc0d6b5bd92d93c8ef585854525b353 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Wed, 6 Jul 2022 13:13:28 -0700 Subject: [PATCH 1/9] Fixed access to non-admin pages --- ui/src/app/App.js | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) diff --git a/ui/src/app/App.js b/ui/src/app/App.js index 20331e4e8..546241f10 100644 --- a/ui/src/app/App.js +++ b/ui/src/app/App.js @@ -33,6 +33,7 @@ import { SessionModal } from './core/user/SessionModal'; import { Roles } from './admin/Roles'; import { Groups } from './admin/Groups'; import { BASE_PATH } from './App.constant'; +import { ProtectRoute } from './core/components/ProtectRoute'; function App() { @@ -81,12 +82,32 @@ function App() { - - - + + + + + } /> + + + + + } /> + + + + + } /> - - + + + + + } /> + + + + + } /> From f5a59a7b73a6014fddc1b16313d5ba3991993206 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Wed, 27 Jul 2022 12:39:22 -0700 Subject: [PATCH 2/9] Fixed admin route --- ui/src/app/dashboard/view/Dashboard.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ui/src/app/dashboard/view/Dashboard.js b/ui/src/app/dashboard/view/Dashboard.js index e5f145572..b1d058eaf 100644 --- a/ui/src/app/dashboard/view/Dashboard.js +++ b/ui/src/app/dashboard/view/Dashboard.js @@ -112,6 +112,9 @@ export function Dashboard () { } /> + + + } From 6fdc603a8533de020fe813736396a37beda3c94d Mon Sep 17 00:00:00 2001 From: chasegawa Date: Wed, 27 Jul 2022 13:31:27 -0700 Subject: [PATCH 3/9] SHIBUI-2327 Adding missing libraries and needed marshalling configuration for using pac4j Former-commit-id: 9c5571b7a80f91563d119e6d5d685e428e4a4505 --- .../resources/modified-saml2-assertion-config.xml | 14 +++++++++++++- pac4j-module/build.gradle | 3 +++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/backend/src/main/resources/modified-saml2-assertion-config.xml b/backend/src/main/resources/modified-saml2-assertion-config.xml index 2f09fa77b..3349e4558 100644 --- a/backend/src/main/resources/modified-saml2-assertion-config.xml +++ b/backend/src/main/resources/modified-saml2-assertion-config.xml @@ -230,7 +230,19 @@ - + + + + + + + + + + + + + diff --git a/pac4j-module/build.gradle b/pac4j-module/build.gradle index 6a1295758..4080df12a 100644 --- a/pac4j-module/build.gradle +++ b/pac4j-module/build.gradle @@ -46,8 +46,11 @@ dependencies { exclude group: 'org.opensaml' exclude group: 'commons-collections' } + // But we do need this opensaml lib that wasn't provided + implementation "org.opensaml:opensaml-storage-impl:${project.'opensamlVersion'}" compile "org.apache.commons:commons-collections4:${project.'commonsCollections4Version'}" + testCompile project(':backend') testCompile "org.opensaml:opensaml-saml-api:${project.'opensamlVersion'}" From 540f2693d2843c576d00b93901430ccddd5591fc Mon Sep 17 00:00:00 2001 From: Jj! Date: Fri, 29 Jul 2022 16:21:52 -0500 Subject: [PATCH 4/9] [SHIBUI-2327] add provider configuration for signatures implement method for X509 Former-commit-id: d0db1c5de489d2ebc92a5f25908107272f0f7db5 --- .../shibboleth/admin/ui/domain/X509Data.java | 4 +- .../main/resources/jpa-signature-config.xml | 268 ++++++++++++++++++ 2 files changed, 271 insertions(+), 1 deletion(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Data.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Data.java index e875932cd..7afd88814 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Data.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Data.java @@ -19,6 +19,7 @@ import javax.xml.namespace.QName; import java.util.ArrayList; import java.util.Arrays; +import java.util.Collections; import java.util.List; import java.util.stream.Collectors; @@ -74,10 +75,11 @@ public void addX509Certificate(edu.internet2.tier.shibboleth.admin.ui.domain.X50 this.xmlObjects.add(x509Certificate); } + // TODO: might need to really implement this @Nonnull @Override public List getX509CRLs() { - return null; + return Collections.EMPTY_LIST; } @Nonnull diff --git a/backend/src/main/resources/jpa-signature-config.xml b/backend/src/main/resources/jpa-signature-config.xml index 0a6696db5..22f00e04b 100644 --- a/backend/src/main/resources/jpa-signature-config.xml +++ b/backend/src/main/resources/jpa-signature-config.xml @@ -39,6 +39,274 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From 789d9f7680cb1801f138b84c281d67b4d0b5ce25 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Fri, 29 Jul 2022 15:56:56 -0700 Subject: [PATCH 5/9] SHIBUI-2327 Commented out block of builder-marshaller-unmarshaller that was causing conflict with testing Former-commit-id: cc4893a54a815f4046e28ad30fc70ad3f92cb585 --- backend/src/main/resources/jpa-signature-config.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/backend/src/main/resources/jpa-signature-config.xml b/backend/src/main/resources/jpa-signature-config.xml index 22f00e04b..9a8da32e8 100644 --- a/backend/src/main/resources/jpa-signature-config.xml +++ b/backend/src/main/resources/jpa-signature-config.xml @@ -250,12 +250,12 @@ - + @@ -310,4 +310,4 @@ - + \ No newline at end of file From effede98577e87aa87290aa616a6c76a17d13ccc Mon Sep 17 00:00:00 2001 From: chasegawa Date: Mon, 1 Aug 2022 12:27:39 -0700 Subject: [PATCH 6/9] SHIBUI-2327 Correcting security filter to work properly using the pac4j settup Former-commit-id: 563d725369ed11e770e802d14393b33fefc53ae1 --- .../src/main/java/net/unicon/shibui/pac4j/WebSecurity.java | 7 +++++-- testbed/authentication/docker-compose.yml | 3 ++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java index a67bf4a96..884569ac7 100644 --- a/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java +++ b/pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java @@ -5,7 +5,7 @@ import edu.internet2.tier.shibboleth.admin.ui.security.service.IRolesService; import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService; import edu.internet2.tier.shibboleth.admin.ui.service.EmailService; -import static net.unicon.shibui.pac4j.Pac4jConfiguration.PAC4J_CLIENT_NAME; +import org.pac4j.core.authorization.authorizer.DefaultAuthorizers; import org.pac4j.core.config.Config; import org.pac4j.core.matching.matcher.Matcher; import org.pac4j.springframework.security.web.CallbackFilter; @@ -26,6 +26,8 @@ import javax.servlet.Filter; import java.util.Optional; +import static net.unicon.shibui.pac4j.Pac4jConfiguration.PAC4J_CLIENT_NAME; + @Configuration @AutoConfigureOrder(-1) @ConditionalOnProperty(name = "shibui.pac4j-enabled", havingValue = "true") @@ -62,7 +64,8 @@ public Pac4jWebSecurityConfigurerAdapter(final Config config, UserService userSe protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/unsecured/**/*").permitAll(); - final SecurityFilter securityFilter = new SecurityFilter(this.config, PAC4J_CLIENT_NAME); + // adding the authorizor bypasses the default behavior of checking CSRF in Pac4J's default securitylogic+defaultauthorizationchecker + final SecurityFilter securityFilter = new SecurityFilter(this.config, PAC4J_CLIENT_NAME, DefaultAuthorizers.IS_AUTHENTICATED); // add filter based on auth type http.antMatcher("/**").addFilterBefore(getFilter(config, pac4jConfigurationProperties.getTypeOfAuth()), BasicAuthenticationFilter.class); diff --git a/testbed/authentication/docker-compose.yml b/testbed/authentication/docker-compose.yml index 884042c4a..42b12cb6a 100644 --- a/testbed/authentication/docker-compose.yml +++ b/testbed/authentication/docker-compose.yml @@ -20,7 +20,7 @@ services: - "8080:8080" - "443:443" - "8443:8443" -# - "8000:8000" + - "9090:9090" volumes: - /var/run/docker.sock:/var/run/docker.sock - ../reverse-proxy/:/configuration/ @@ -72,6 +72,7 @@ services: - ./shibui/application.yml:/application.yml ports: - "8000:8000" +# - "9090:9090" entrypoint: ["/usr/bin/java", "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:8000", "-jar", "app.war"] networks: reverse-proxy: From f3c7b62ec667d642a00d376fec851854485b30b3 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Mon, 1 Aug 2022 14:16:55 -0700 Subject: [PATCH 7/9] [Gradle Release Plugin] - pre tag commit: '1.11.1'. Former-commit-id: 48a76662aa94f342dfe8c7c51401c343d36463cc --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index 7efe1ae08..a834b2548 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,6 +1,6 @@ name=shibui group=edu.internet2.tier.shibboleth.admin.ui -version=1.12.0-SNAPSHOT +version=1.11.1 ### library versions ### commonsCollections4Version=4.4 From 3a4eda32e073dc2edc602a32f11e1fae07453602 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Mon, 1 Aug 2022 14:37:46 -0700 Subject: [PATCH 8/9] NOJIRA Reverting version to fix release Former-commit-id: 70eeff2b9d5105b6a2daa75703619399aeff49da --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index a834b2548..f5fa06b55 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,6 +1,6 @@ name=shibui group=edu.internet2.tier.shibboleth.admin.ui -version=1.11.1 +version=1.11.0-SNAPSHOT ### library versions ### commonsCollections4Version=4.4 From 21b417909a389e029b27823f050b746fa1219131 Mon Sep 17 00:00:00 2001 From: Charles Hasegawa Date: Mon, 1 Aug 2022 22:53:09 +0000 Subject: [PATCH 9/9] gradle.properties edited online with Bitbucket - correcting version number Former-commit-id: e25dcd42fd857d05e0bd4418f6bbe6d502426c12 --- gradle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle.properties b/gradle.properties index f5fa06b55..7efe1ae08 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,6 +1,6 @@ name=shibui group=edu.internet2.tier.shibboleth.admin.ui -version=1.11.0-SNAPSHOT +version=1.12.0-SNAPSHOT ### library versions ### commonsCollections4Version=4.4