SHIBUI-1262 [1307 WIP]

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/AbstractDescriptor.java

@@ -2,6 +2,7 @@
 
 import lombok.EqualsAndHashCode;
 import org.hibernate.annotations.Type;
+import org.hibernate.envers.Audited;
 import org.joda.time.DateTime;
 import org.opensaml.core.xml.XMLObject;
 import org.opensaml.saml.saml2.common.CacheableSAMLObject;
@@ -18,6 +19,7 @@
 
 @MappedSuperclass
 @EqualsAndHashCode(callSuper = true)
+@Audited
 public abstract class AbstractDescriptor extends AbstractAttributeExtensibleXMLObject implements CacheableSAMLObject, TimeBoundSAMLObject, SignableXMLObject {
     private Long cacheDuration;
 

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ArtifactResolutionService.java

@@ -1,11 +1,13 @@
 package edu.internet2.tier.shibboleth.admin.ui.domain;
 
 import lombok.EqualsAndHashCode;
+import org.hibernate.envers.Audited;
 
 import javax.persistence.Entity;
 
 
 @Entity
 @EqualsAndHashCode(callSuper = true)
+@Audited
 public class ArtifactResolutionService extends IndexedEndpoint implements org.opensaml.saml.saml2.metadata.ArtifactResolutionService {
 }

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/AssertionConsumerService.java

@@ -1,11 +1,13 @@
 package edu.internet2.tier.shibboleth.admin.ui.domain;
 
 import lombok.EqualsAndHashCode;
+import org.hibernate.envers.Audited;
 
 import javax.persistence.Entity;
 
 
 @Entity
 @EqualsAndHashCode(callSuper = true)
+@Audited
 public class AssertionConsumerService extends IndexedEndpoint implements org.opensaml.saml.saml2.metadata.AssertionConsumerService {
 }

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/Attribute.java

@@ -1,6 +1,7 @@
 package edu.internet2.tier.shibboleth.admin.ui.domain;
 
 import lombok.EqualsAndHashCode;
+import org.hibernate.envers.Audited;
 import org.opensaml.core.xml.XMLObject;
 
 import javax.annotation.Nullable;
@@ -15,6 +16,7 @@
 
 @Entity
 @EqualsAndHashCode(callSuper = true)
+@Audited
 public class Attribute extends AbstractAttributeExtensibleXMLObject implements org.opensaml.saml.saml2.core.Attribute {
 
     private String name;

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/AttributeConsumingService.java

@@ -1,6 +1,7 @@
 package edu.internet2.tier.shibboleth.admin.ui.domain;
 
 import lombok.EqualsAndHashCode;
+import org.hibernate.envers.Audited;
 import org.opensaml.core.xml.schema.XSBooleanValue;
 
 import javax.persistence.CascadeType;
@@ -14,6 +15,7 @@
 
 @Entity
 @EqualsAndHashCode(callSuper = true)
+@Audited
 public class AttributeConsumingService extends AbstractXMLObject implements org.opensaml.saml.saml2.metadata.AttributeConsumingService {
 
     private int acsIndex;

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/IndexedEndpoint.java

@@ -1,13 +1,15 @@
 package edu.internet2.tier.shibboleth.admin.ui.domain;
 
 import lombok.EqualsAndHashCode;
+import org.hibernate.envers.Audited;
 import org.opensaml.core.xml.schema.XSBooleanValue;
 
 import javax.persistence.Entity;
 
 
 @Entity
 @EqualsAndHashCode(callSuper = true)
+@Audited
 public class IndexedEndpoint extends Endpoint implements org.opensaml.saml.saml2.metadata.IndexedEndpoint {
 
     private Integer endpointIndex;

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ManageNameIDService.java

@@ -1,11 +1,13 @@
 package edu.internet2.tier.shibboleth.admin.ui.domain;
 
 import lombok.EqualsAndHashCode;
+import org.hibernate.envers.Audited;
 
 import javax.persistence.Entity;
 
 @Entity
 @EqualsAndHashCode(callSuper = true)
+@Audited
 public class ManageNameIDService extends Endpoint implements org.opensaml.saml.saml2.metadata.ManageNameIDService {
 
 }

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/NameIDFormat.java

@@ -1,11 +1,13 @@
 package edu.internet2.tier.shibboleth.admin.ui.domain;
 
 import lombok.EqualsAndHashCode;
+import org.hibernate.envers.Audited;
 
 import javax.persistence.Entity;
 
 @Entity
 @EqualsAndHashCode(callSuper = true)
+@Audited
 public class NameIDFormat extends AbstractXMLObject implements org.opensaml.saml.saml2.metadata.NameIDFormat {
 
     private String format;

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/RequestedAttribute.java

@@ -1,12 +1,14 @@
 package edu.internet2.tier.shibboleth.admin.ui.domain;
 
 import lombok.EqualsAndHashCode;
+import org.hibernate.envers.Audited;
 import org.opensaml.core.xml.schema.XSBooleanValue;
 
 import javax.persistence.Entity;
 
 @Entity
 @EqualsAndHashCode(callSuper = true)
+@Audited
 public class RequestedAttribute extends Attribute implements org.opensaml.saml.saml2.metadata.RequestedAttribute {
 
     private boolean isRequired;

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/SPSSODescriptor.java

@@ -2,6 +2,7 @@
 
 import com.google.common.collect.Lists;
 import lombok.EqualsAndHashCode;
+import org.hibernate.envers.Audited;
 import org.opensaml.core.xml.XMLObject;
 import org.opensaml.core.xml.schema.XSBooleanValue;
 
@@ -14,6 +15,7 @@
 
 @Entity
 @EqualsAndHashCode(callSuper = true)
+@Audited
 public class SPSSODescriptor extends SSODescriptor implements org.opensaml.saml.saml2.metadata.SPSSODescriptor {
 
     private Boolean isAuthnRequestsSigned;

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/SSODescriptor.java

@@ -2,6 +2,7 @@
 
 import com.google.common.collect.Lists;
 import lombok.EqualsAndHashCode;
+import org.hibernate.envers.Audited;
 import org.opensaml.core.xml.XMLObject;
 
 import javax.annotation.Nullable;
@@ -17,6 +18,7 @@
 
 @Entity
 @EqualsAndHashCode(callSuper = true)
+@Audited
 public class SSODescriptor extends RoleDescriptor implements org.opensaml.saml.saml2.metadata.SSODescriptor {
 
     @OneToMany(cascade = CascadeType.ALL)

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ServiceDescription.java

@@ -1,11 +1,13 @@
 package edu.internet2.tier.shibboleth.admin.ui.domain;
 
 import lombok.EqualsAndHashCode;
+import org.hibernate.envers.Audited;
 
 import javax.persistence.Entity;
 
 @Entity
 @EqualsAndHashCode(callSuper = true)
+@Audited
 public class ServiceDescription extends LocalizedName implements org.opensaml.saml.saml2.metadata.ServiceDescription {
 
 }

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ServiceName.java

@@ -1,11 +1,13 @@
 package edu.internet2.tier.shibboleth.admin.ui.domain;
 
 import lombok.EqualsAndHashCode;
+import org.hibernate.envers.Audited;
 
 import javax.persistence.Entity;
 
 @Entity
 @EqualsAndHashCode(callSuper = true)
+@Audited
 public class ServiceName extends LocalizedName implements org.opensaml.saml.saml2.metadata.ServiceName {
 
 }

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/SingleLogoutService.java

@@ -1,11 +1,13 @@
 package edu.internet2.tier.shibboleth.admin.ui.domain;
 
 import lombok.EqualsAndHashCode;
+import org.hibernate.envers.Audited;
 
 import javax.persistence.Entity;
 
 @Entity
 @EqualsAndHashCode(callSuper = true)
+@Audited
 public class SingleLogoutService extends Endpoint implements org.opensaml.saml.saml2.metadata.SingleLogoutService {
 
 }

backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/envers/EntityDescriptorEnversVersioningTests.groovy

@@ -8,6 +8,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.EntityDescriptor
 import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.ContactRepresentation
 import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityDescriptorRepresentation
 import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.OrganizationRepresentation
+import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.ServiceProviderSsoDescriptorRepresentation
 import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects
 import edu.internet2.tier.shibboleth.admin.ui.repository.EntityDescriptorRepository
 import edu.internet2.tier.shibboleth.admin.ui.service.EntityDescriptorService
@@ -20,6 +21,7 @@ import org.springframework.transaction.PlatformTransactionManager
 import spock.lang.Specification
 
 import javax.persistence.EntityManager
+import java.time.LocalDateTime
 
 import static edu.internet2.tier.shibboleth.admin.ui.repository.envers.EnversTestsSupport.updateAndGetRevisionHistory
 import static org.opensaml.saml.saml2.metadata.ContactPersonTypeEnumeration.ADMINISTRATIVE
@@ -158,4 +160,64 @@ class EntityDescriptorEnversVersioningTests extends Specification {
         entityDescriptorHistory[0][1].principalUserName == 'anonymous'
         entityDescriptorHistory[0][1].timestamp > 0L
     }
+
+    def "test versioning with sp sso descriptor"() {
+        when:
+        EntityDescriptor ed = new EntityDescriptor()
+        def representation = new EntityDescriptorRepresentation().with {
+            it.serviceProviderSsoDescriptor = new ServiceProviderSsoDescriptorRepresentation().with {
+                it.protocolSupportEnum = 'SAML 1.1'
+                it.nameIdFormats = ['format']
+                it
+            }
+            it
+        }
+        def entityDescriptorHistory = updateAndGetRevisionHistory(ed, representation, entityDescriptorService,
+                entityDescriptorRepository,
+                txMgr,
+                entityManager)
+
+        then:
+        entityDescriptorHistory.size() == 1
+        entityDescriptorHistory[0][0].roleDescriptors[0].nameIDFormats[0].format == 'format'
+        entityDescriptorHistory[0][0].roleDescriptors[0].supportedProtocols[0] == 'urn:oasis:names:tc:SAML:1.1:protocol'
+        entityDescriptorHistory[0][0].roleDescriptors[0].supportedProtocols[1] == null
+        entityDescriptorHistory[0][1].principalUserName == 'anonymous'
+        entityDescriptorHistory[0][1].timestamp > 0L
+
+        when:
+        representation = new EntityDescriptorRepresentation().with {
+            it.serviceProviderSsoDescriptor = new ServiceProviderSsoDescriptorRepresentation().with {
+                it.protocolSupportEnum = 'SAML 1.1, SAML 2'
+                it.nameIdFormats = ['formatUPDATED']
+                it
+            }
+            it
+        }
+
+        //Currently this is the ONLY way to let envers recognize update revision type for EntityDescriptor type
+        //when modifying SPSSODescriptor inside RoleDescriptors collection. This date "touch" would need to be encapsulated
+        //perhaps in JPAEntityDescriptorServiceImpl#buildDescriptorFromRepresentation
+        ed.modifiedDate = LocalDateTime.now()
+
+        entityDescriptorHistory = updateAndGetRevisionHistory(ed, representation, entityDescriptorService,
+                entityDescriptorRepository,
+                txMgr,
+                entityManager)
+
+        then:
+        entityDescriptorHistory.size() == 2
+        entityDescriptorHistory[1][0].roleDescriptors[0].nameIDFormats[0].format == 'formatUPDATED'
+        entityDescriptorHistory[1][0].roleDescriptors[0].supportedProtocols[0] == 'urn:oasis:names:tc:SAML:1.1:protocol'
+        entityDescriptorHistory[1][0].roleDescriptors[0].supportedProtocols[1] == 'urn:oasis:names:tc:SAML:2.0:protocol'
+        entityDescriptorHistory[1][1].principalUserName == 'anonymous'
+        entityDescriptorHistory[1][1].timestamp > 0L
+
+        //Check the original revision is intact
+        entityDescriptorHistory[0][0].roleDescriptors[0].nameIDFormats[0].format == 'format'
+        entityDescriptorHistory[0][0].roleDescriptors[0].supportedProtocols[0] == 'urn:oasis:names:tc:SAML:1.1:protocol'
+        entityDescriptorHistory[0][0].roleDescriptors[0].supportedProtocols[1] == null
+        entityDescriptorHistory[0][1].principalUserName == 'anonymous'
+        entityDescriptorHistory[0][1].timestamp > 0L
+    }
 }

backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/envers/EnversTestsSupport.groovy

@@ -1,6 +1,7 @@
 package edu.internet2.tier.shibboleth.admin.ui.repository.envers
 
 import edu.internet2.tier.shibboleth.admin.ui.domain.EntityDescriptor
+import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityDescriptorRepresentation
 import edu.internet2.tier.shibboleth.admin.ui.repository.EntityDescriptorRepository
 import edu.internet2.tier.shibboleth.admin.ui.service.EntityDescriptorService
 import org.hibernate.envers.AuditReaderFactory
@@ -25,7 +26,7 @@ class EnversTestsSupport {
         entity
     }
 
-    static updateAndGetRevisionHistory(ed, representation,
+    static updateAndGetRevisionHistory(EntityDescriptor ed, EntityDescriptorRepresentation representation,
                                        EntityDescriptorService eds,
                                        EntityDescriptorRepository edr,
                                        PlatformTransactionManager txMgr,
@@ -34,6 +35,10 @@ class EnversTestsSupport {
         doInExplicitTransaction(txMgr) {
             edr.save(ed)
         }
+
+        //For temp debugging. Remove when done!
+        //def updated = edr.findByResourceId(ed.resourceId)
+
         getRevisionHistory(em)
     }