Merged in feature/shibui-2568 (pull request #657)

Feature/shibui 2568 Approved-by: Chad Redman
TIER · Jun 1, 2023 · b2de084 · b2de084
2 parents ef6bd77 + 4f19807
commit b2de084
Show file tree

Hide file tree

Showing 51 changed files with 677 additions and 396 deletions.
diff --git a/backend/build.gradle b/backend/build.gradle
@@ -245,9 +245,6 @@ dependencies {
     //Pacj4 sub-project
     runtimeOnly project(':pac4j-module')
 
-    //Beacon
-    runtimeOnly project(':beacon:spring')
-
     enversTestCompile sourceSets.main.output
     enversTestCompile sourceSets.test.output
     enversTestCompile configurations.compile

diff --git a/backend/src/main/app-resources/default.yml b/backend/src/main/app-resources/default.yml
@@ -19,6 +19,20 @@
 ## The first time the scheduler executes on this node, write out the entity descriptors to file [true|false] (default is true)
 #  entityDescriptor:
 #    writeOnStartup: true
+### BEACON SETTINGS
+## Set enabled to false to disable sending beacon data
+## Only set the installationID if you wish to define the ID used by the beacon. RECOMMENDED: ignore - a default random value will be used
+## Only change the urls if instructed or if you wish to redirect for testing (if multiple, separate list with commas
+## Only change the productName for testing purposes
+## Set the cron time to send the beacon data at a specific time - if unset, the system will send at a random time between 12AM and 4AM once per day
+#  beacon:
+#    enabled: ture
+#    installationID: [user-defined value]
+#    urls: http://collector.testbed.tier.internet2.edu:5001
+#    productName: ShibUI
+#    send:
+#      cron: 0 4 * * * *
+
 #  pac4j-enabled: true
 #  pac4j:
 #    keystorePath: "/etc/shibui/samlKeystore.jks"

diff --git a/...in/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java b/...in/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java
@@ -1,8 +1,11 @@
 package edu.internet2.tier.shibboleth.admin.ui.configuration;
 
 import com.fasterxml.jackson.databind.Module;
+import edu.internet2.tier.shibboleth.admin.ui.domain.BeaconConfiguration;
 import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects;
+import edu.internet2.tier.shibboleth.admin.ui.repository.BeaconConfigurationRepository;
 import edu.internet2.tier.shibboleth.admin.ui.repository.EntityDescriptorRepository;
+import edu.internet2.tier.shibboleth.admin.ui.repository.FilterRepository;
 import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverRepository;
 import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolversPositionOrderContainerRepository;
 import edu.internet2.tier.shibboleth.admin.ui.scheduled.EntityDescriptorFilesScheduledTasks;
@@ -19,6 +22,7 @@
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository;
 import edu.internet2.tier.shibboleth.admin.ui.security.service.IGroupService;
 import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService;
+import edu.internet2.tier.shibboleth.admin.ui.service.BeaconDataServiceImpl;
 import edu.internet2.tier.shibboleth.admin.ui.service.DefaultMetadataResolversPositionOrderContainerService;
 import edu.internet2.tier.shibboleth.admin.ui.service.DirectoryService;
 import edu.internet2.tier.shibboleth.admin.ui.service.DirectoryServiceImpl;
@@ -29,6 +33,7 @@
 import edu.internet2.tier.shibboleth.admin.ui.service.FileCheckingFileWritingService;
 import edu.internet2.tier.shibboleth.admin.ui.service.FileWritingService;
 import edu.internet2.tier.shibboleth.admin.ui.service.FilterTargetService;
+import edu.internet2.tier.shibboleth.admin.ui.service.IBeaconDataService;
 import edu.internet2.tier.shibboleth.admin.ui.service.JPADynamicRegistrationServiceImpl;
 import edu.internet2.tier.shibboleth.admin.ui.service.JPAEntityServiceImpl;
 import edu.internet2.tier.shibboleth.admin.ui.service.JPAFilterTargetServiceImpl;
@@ -41,20 +46,28 @@
 import edu.internet2.tier.shibboleth.admin.util.ModelRepresentationConversions;
 import net.javacrumbs.shedlock.core.LockProvider;
 import net.javacrumbs.shedlock.provider.jdbctemplate.JdbcTemplateLockProvider;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.lucene.analysis.Analyzer;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.actuate.health.HealthEndpoint;
+import org.springframework.boot.actuate.info.InfoEndpoint;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.boot.web.client.RestTemplateBuilder;
+import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 import org.springframework.context.support.ResourceBundleMessageSource;
 import org.springframework.core.io.Resource;
 import org.springframework.jdbc.core.JdbcTemplate;
+import org.springframework.security.authentication.AuthenticationEventPublisher;
+import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.web.servlet.LocaleResolver;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.PathMatchConfigurer;
@@ -64,6 +77,12 @@
 
 import javax.servlet.http.HttpServletRequest;
 import javax.sql.DataSource;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Optional;
 
 @Configuration
 @Import(SearchConfiguration.class)
@@ -254,4 +273,49 @@ public DynamicRegistrationService dynamicRegistrationService(DynamicRegistration
     public LockProvider lockProvider(DataSource dataSource) {
         return new JdbcTemplateLockProvider(JdbcTemplateLockProvider.Configuration.builder().withJdbcTemplate(new JdbcTemplate(dataSource)).usingDbTime().build());
     }
+
+    @Bean
+    public String getBeaconCronValue(BeaconConfigurationRepository repo)
+    {
+        Optional<BeaconConfiguration> bc = repo.findById(1);
+        return bc.isPresent() ? bc.get().getSendCron() : "0 3 * * * *";
+    }
+
+    @Bean
+    public IBeaconDataService getBeaconDataService(@Value("${shibui.beacon.productName:ShibUi}") String productName, InfoEndpoint info, @Value("#{environment.TIERVERSION}") String tierVersion,
+                                                   EntityDescriptorRepository entityDescriptorRepository, MetadataResolverRepository metadataResolverRepository, FilterRepository filterRepository,
+                                                   GroupsRepository groupsRepository, RoleRepository roleRepository, BeaconConfigurationRepository beaconConfigurationRepository,
+                                                   UserService userService, HealthEndpoint healthEndpoint) {
+        BeaconDataServiceImpl result = new BeaconDataServiceImpl(productName, info, tierVersion, entityDescriptorRepository, metadataResolverRepository, filterRepository, groupsRepository, roleRepository, beaconConfigurationRepository, userService, healthEndpoint);
+        return result;
+    }
+
+    @Bean
+    public List<URL> beaconEndpointUrl(@Value("${shibui.beacon.url}") String urls) throws MalformedURLException {
+        List<URL> result = new ArrayList<>();
+        for (String url : Arrays.asList(urls.split(","))) {
+            result.add(new URL(url));
+        }
+        return result;
+    }
+
+    @Bean
+    public AuthenticationEventPublisher authenticationEventPublisher(ApplicationEventPublisher applicationEventPublisher, UserService userService) {
+        return new RecordLoginHandler(applicationEventPublisher, userService);
+    }
+
+    class RecordLoginHandler extends DefaultAuthenticationEventPublisher {
+        private UserService userService;
+
+        public RecordLoginHandler(ApplicationEventPublisher applicationEventPublisher, UserService userService) {
+            super(applicationEventPublisher);
+            this.userService = userService;
+        }
+
+        @Override
+        public void publishAuthenticationSuccess(Authentication authentication) {
+            super.publishAuthenticationSuccess(authentication);
+            userService.updateLoginRecord(authentication.getName());
+        }
+    }
 }
diff --git a/...ain/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java b/...ain/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/WebSecurityConfig.java
@@ -1,5 +1,6 @@
 package edu.internet2.tier.shibboleth.admin.ui.configuration.auto;
 
+import edu.internet2.tier.shibboleth.admin.ui.domain.BeaconConfiguration;
 import edu.internet2.tier.shibboleth.admin.ui.security.DefaultAuditorAware;
 import edu.internet2.tier.shibboleth.admin.ui.security.model.Role;
 import edu.internet2.tier.shibboleth.admin.ui.security.model.User;
@@ -14,10 +15,13 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
 import org.springframework.data.domain.AuditorAware;
+import org.springframework.security.authentication.AuthenticationEventPublisher;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
@@ -80,6 +84,7 @@ public AuditorAware<String> defaultAuditorAware() {
     @Bean
     @Profile("!no-auth")
     public WebSecurityConfigurerAdapter defaultAuth() {
+        BeaconConfiguration.setAuthMechanisms("default");
         return new WebSecurityConfigurerAdapter() {
 
             @Override
@@ -88,7 +93,7 @@ protected void configure(HttpSecurity http) throws Exception {
                         .csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
                         .and()
                         .authorizeRequests()
-                        .antMatchers("/unsecured/**/*","/entities/**/*").permitAll()
+                        .antMatchers("/unsecured/**/*","/entities/**/*", "/health").permitAll()
                         .anyRequest().hasAnyRole(acceptedAuthenticationRoles)
                         .and()
                         .exceptionHandling().accessDeniedHandler((request, response, accessDeniedException) -> response.sendRedirect("/unsecured/error.html"))

diff --git a/...hibboleth/admin/ui/configuration/postprocessors/BeaconConfigurationStartupProcessing.java b/...hibboleth/admin/ui/configuration/postprocessors/BeaconConfigurationStartupProcessing.java
@@ -0,0 +1,68 @@
+package edu.internet2.tier.shibboleth.admin.ui.configuration.postprocessors;
+
+import edu.internet2.tier.shibboleth.admin.ui.domain.BeaconConfiguration;
+import edu.internet2.tier.shibboleth.admin.ui.repository.BeaconConfigurationRepository;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.event.ContextRefreshedEvent;
+import org.springframework.context.event.EventListener;
+import org.springframework.stereotype.Component;
+
+import javax.persistence.EntityExistsException;
+import javax.transaction.Transactional;
+import java.util.UUID;
+import java.util.concurrent.ThreadLocalRandom;
+
+/**
+ * This approach for running logic waits until after the Spring context has been initialized.
+ * We will always use an ID of 1 for the beaconConfiguration, so if the data doesn't exist, we can try to write the data. If the
+ * data exists, we don't need to do anything.
+ *
+ * Because multiple instances could be starting at the same time, we must account for a save "losing" to another entity - that's ok
+ * and if we get an exception because the entity with the id already exists, we can just bail out.
+ */
+@Component
+public class BeaconConfigurationStartupProcessing {
+    @Autowired
+    BeaconConfigurationRepository beaconRepo;
+
+    @EventListener
+    @Transactional
+    public void onApplicationEvent(ContextRefreshedEvent event) {
+        // If there is nothing in the db, create the entry to use going forward
+        if (beaconRepo.count() == 0) {
+            String appId = event.getApplicationContext().getEnvironment().getProperty("shibui.beacon.installationID");
+            BeaconConfiguration bc = new BeaconConfiguration();
+            bc.setInstallationId(StringUtils.isBlank(appId) ? UUID.randomUUID().toString() : appId);
+
+            String cronDef = event.getApplicationContext().getEnvironment().getProperty("shibui.beacon.send.cron");
+
+            // If not set, set a random time between 12AM-4AM
+            if (StringUtils.isBlank(cronDef)) {
+                int randomMin = ThreadLocalRandom.current().nextInt(0, 60);
+                int randomHour = ThreadLocalRandom.current().nextInt(0, 5);
+                cronDef = "" + randomMin + " " + randomHour + " * * * *";
+            }
+
+            bc.setSendCron(cronDef);
+
+            try {
+                beaconRepo.save(bc);
+            }
+            catch (EntityExistsException ignore) {
+                // Race between startup instances - as long as one of them won...
+            }
+        }
+        // if the entry exists, check that the cron timing hasn't changed
+        else {
+            String cronDef = event.getApplicationContext().getEnvironment().getProperty("shibui.beacon.send.cron");
+            if (StringUtils.isNotBlank(cronDef)) {
+                BeaconConfiguration bc = beaconRepo.getReferenceById(1);
+                if (StringUtils.isNotBlank(cronDef) && !cronDef.equals(bc.getSendCron())) {
+                    bc.setSendCron(cronDef);
+                    beaconRepo.save(bc);
+                }
+            }
+        }
+    }
+}
diff --git a/...end/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/BeaconController.java b/...end/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/BeaconController.java
@@ -0,0 +1,34 @@
+package edu.internet2.tier.shibboleth.admin.ui.controller;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import edu.internet2.tier.shibboleth.admin.ui.scheduled.BeaconReportingTask;
+import edu.internet2.tier.shibboleth.admin.ui.service.IBeaconDataService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Profile;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@Profile({"dev", "very-dangerous"})
+@RestController
+@RequestMapping(value = "/api/beacon")
+public class BeaconController {
+    @Autowired
+    BeaconReportingTask beaconReporter;
+
+    @Autowired
+    private IBeaconDataService service;
+
+    @GetMapping(value = "/detail")
+    public ResponseEntity<?> getDetail() throws JsonProcessingException {
+        return ResponseEntity.ok(service.getBeaconData());
+    }
+
+    @PostMapping("/send")
+    public ResponseEntity<?> forceSendBeaconData() {
+        beaconReporter.sendBeaconData();
+        return ResponseEntity.ok("Manual push of beacon data completed");
+    }
+}
diff --git a/...src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/RootUiViewController.java b/...src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/RootUiViewController.java
@@ -1,6 +1,7 @@
 package edu.internet2.tier.shibboleth.admin.ui.controller;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.actuate.health.HealthEndpoint;
 import org.springframework.boot.actuate.info.InfoEndpoint;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
@@ -18,6 +19,7 @@
 
 @Controller
 public class RootUiViewController {
+    @Autowired HealthEndpoint healthEndpoint;
 
     @Autowired InfoEndpoint infoEndpoint;
 
@@ -46,4 +48,9 @@ public void indexHtml(HttpServletRequest request, HttpServletResponse response)
             writer.write(content.getBytes());
         }
     }
+
+    @GetMapping(value = "/health")
+    public ResponseEntity<?> getHealth() {
+        return ResponseEntity.ok(healthEndpoint.health());
+    }
 }
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/BeaconConfiguration.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/BeaconConfiguration.java
@@ -0,0 +1,35 @@
+package edu.internet2.tier.shibboleth.admin.ui.domain;
+
+import lombok.Data;
+import lombok.Setter;
+
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.Transient;
+
+@Data
+@Entity
+public class BeaconConfiguration {
+    @Id
+    private int id = 1;
+
+    private String installationId;
+
+    private String sendCron;
+
+    // Comma separated list of the auth mechanisms used.
+    @Setter
+    @Transient
+    private static String authMechanisms = "unset";
+
+    public static String getAuthMechanisms() {
+        return authMechanisms;
+    }
+
+    /**
+     * enforce that id will only ever be 1
+     */
+    public void setId(int ignored) {
+        this.id = 1;
+    }
+}
diff --git a/...java/edu/internet2/tier/shibboleth/admin/ui/repository/BeaconConfigurationRepository.java b/...java/edu/internet2/tier/shibboleth/admin/ui/repository/BeaconConfigurationRepository.java
@@ -0,0 +1,8 @@
+package edu.internet2.tier.shibboleth.admin.ui.repository;
+
+import edu.internet2.tier.shibboleth.admin.ui.domain.BeaconConfiguration;
+import org.springframework.data.jpa.repository.JpaRepository;
+
+public interface BeaconConfigurationRepository extends JpaRepository<BeaconConfiguration, Integer> {
+
+}
diff --git a/...in/java/edu/internet2/tier/shibboleth/admin/ui/repository/EntityDescriptorRepository.java b/...in/java/edu/internet2/tier/shibboleth/admin/ui/repository/EntityDescriptorRepository.java
@@ -60,4 +60,6 @@ public interface EntityDescriptorRepository extends JpaRepository<EntityDescript
                    "   and e.approved = false")
     List<EntityDescriptorProjection> getEntityDescriptorsNeedingApproval(@Param("groupIds") List<String> groupIds);
 
+    @Query("SELECT COUNT(ed) FROM EntityDescriptor ed WHERE ed.serviceEnabled = true")
+    int getActiveEntityCount();
 }
diff --git a/...end/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/FilterRepository.java b/...end/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/FilterRepository.java
@@ -1,8 +1,12 @@
 package edu.internet2.tier.shibboleth.admin.ui.repository;
 
 import edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter;
+import org.springframework.data.jpa.repository.Query;
 import org.springframework.data.repository.CrudRepository;
 
 public interface FilterRepository extends CrudRepository<MetadataFilter, Long> {
     MetadataFilter findByResourceId(String resourceId);
-}
+
+    @Query("SELECT COUNT(f) FROM MetadataFilter f WHERE f.filterEnabled = true")
+    int getActiveFilterCount();
+}