Merged in bug-fix/shibui-2327 (pull request #599)

Bug fix/shibui 2327

Approved-by: Bill Smith
Former-commit-id: e9efc640c057db62b3844c3916ac8c064320ce48

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/X509Data.java

@@ -19,6 +19,7 @@
 import javax.xml.namespace.QName;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.List;
 import java.util.stream.Collectors;
 
@@ -74,10 +75,11 @@ public void addX509Certificate(edu.internet2.tier.shibboleth.admin.ui.domain.X50
         this.xmlObjects.add(x509Certificate);
     }
 
+    // TODO: might need to really implement this
     @Nonnull
     @Override
     public List<X509CRL> getX509CRLs() {
-        return null;
+        return Collections.EMPTY_LIST;
     }
 
     @Nonnull

backend/src/main/resources/jpa-signature-config.xml

@@ -39,7 +39,275 @@
             <MarshallingClass className="org.opensaml.xmlsec.signature.impl.X509DataMarshaller"/>
             <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.X509DataUnmarshaller"/>
         </ObjectProvider>
+
+        <!-- Jj! -->
+
+        <!-- CryptoBinary type -->
+        <ObjectProvider qualifiedName="ds:CryptoBinary">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- DigestMethod -->
+        <ObjectProvider qualifiedName="ds:DigestMethod">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.DigestMethodBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.DigestMethodMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.DigestMethodUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- DSAKeyValue -->
+        <ObjectProvider qualifiedName="ds:DSAKeyValue">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.DSAKeyValueBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.DSAKeyValueMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.DSAKeyValueUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- Exponent -->
+        <ObjectProvider qualifiedName="ds:Exponent">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.ExponentBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- G -->
+        <ObjectProvider qualifiedName="ds:G">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.GBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- J -->
+        <ObjectProvider qualifiedName="ds:J">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.JBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- KeyValue -->
+        <ObjectProvider qualifiedName="ds:KeyValue">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.KeyValueBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.KeyValueMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.KeyValueUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- MgmtData -->
+        <ObjectProvider qualifiedName="ds:MgmtData">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.MgmtDataBuilder"/>
+            <MarshallingClass className="org.opensaml.core.xml.schema.impl.XSStringMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSStringUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- Modulus -->
+        <ObjectProvider qualifiedName="ds:Modulus">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.ModulusBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- P -->
+        <ObjectProvider qualifiedName="ds:P">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.PBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- PgenCounter -->
+        <ObjectProvider qualifiedName="ds:PgenCounter">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.PgenCounterBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- PGPData -->
+        <ObjectProvider qualifiedName="ds:PGPData">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.PGPDataBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.PGPDataMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.PGPDataUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- PGPKeyID -->
+        <ObjectProvider qualifiedName="ds:PGPKeyID">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.PGPKeyIDBuilder"/>
+            <MarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- PGPKeyPacket -->
+        <ObjectProvider qualifiedName="ds:PGPKeyPacket">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.PGPKeyPacketBuilder"/>
+            <MarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- Q -->
+        <ObjectProvider qualifiedName="ds:Q">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.QBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- RetrievalMethod -->
+        <ObjectProvider qualifiedName="ds:RetrievalMethod">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.RetrievalMethodBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.RetrievalMethodMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.RetrievalMethodUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- RSAKeyValue -->
+        <ObjectProvider qualifiedName="ds:RSAKeyValue">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.RSAKeyValueBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.RSAKeyValueMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.RSAKeyValueUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- Seed -->
+        <ObjectProvider qualifiedName="ds:Seed">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.SeedBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- Signature -->
+        <ObjectProvider qualifiedName="ds:Signature">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.SignatureBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.SignatureMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.SignatureUnmarshaller"/>
+        </ObjectProvider>
+        <ObjectProvider qualifiedName="ds:SignatureType">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.SignatureBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.SignatureMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.SignatureUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- SPKIData -->
+        <ObjectProvider qualifiedName="ds:SPKIData">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.SPKIDataBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.SPKIDataMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.SPKIDataUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- SPKISexp -->
+        <ObjectProvider qualifiedName="ds:SPKISexp">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.SPKISexpBuilder"/>
+            <MarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- Transform -->
+        <ObjectProvider qualifiedName="ds:Transform">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.TransformBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.TransformMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.TransformUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- Transforms -->
+        <ObjectProvider qualifiedName="ds:Transforms">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.TransformsBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.TransformsMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.TransformsUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- XPath -->
+        <ObjectProvider qualifiedName="ds:XPath">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.XPathBuilder"/>
+            <MarshallingClass className="org.opensaml.core.xml.schema.impl.XSStringMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSStringUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- X509CRL -->
+        <ObjectProvider qualifiedName="ds:X509CRL">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.X509CRLBuilder"/>
+            <MarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- X509IssuerName -->
+        <ObjectProvider qualifiedName="ds:X509IssuerName">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.X509IssuerNameBuilder"/>
+            <MarshallingClass className="org.opensaml.core.xml.schema.impl.XSStringMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSStringUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- X509IssuerSerial -->
+        <ObjectProvider qualifiedName="ds:X509IssuerSerial">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.X509IssuerSerialBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.X509IssuerSerialMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.X509IssuerSerialUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- X509SerialNumber -->
+        <ObjectProvider qualifiedName="ds:X509SerialNumber">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.X509SerialNumberBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.X509SerialNumberMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.X509SerialNumberUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- X509SKI -->
+        <ObjectProvider qualifiedName="ds:X509SKI">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.X509SKIBuilder"/>
+            <MarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSBase64BinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- X509SubjectName : CONFLICT/BREAKING to add this
+        <ObjectProvider qualifiedName="ds:X509SubjectName">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.X509SubjectNameBuilder"/>
+            <MarshallingClass className="org.opensaml.core.xml.schema.impl.XSStringMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.core.xml.schema.impl.XSStringUnmarshaller"/>
+        </ObjectProvider>-->
+
+        <!-- Y -->
+        <ObjectProvider qualifiedName="ds:Y">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.YBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- 1.1 Stuff -->
+
+        <!-- DEREncodedKeyValue -->
+        <ObjectProvider qualifiedName="ds11:DEREncodedKeyValue">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.DEREncodedKeyValueBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.DEREncodedKeyValueMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.DEREncodedKeyValueUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- ECKeyValue -->
+        <ObjectProvider qualifiedName="ds11:ECKeyValue">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.ECKeyValueBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.ECKeyValueMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.ECKeyValueUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- KeyInfoReference -->
+        <ObjectProvider qualifiedName="ds11:KeyInfoReference">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.KeyInfoReferenceBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.KeyInfoReferenceMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.KeyInfoReferenceUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- NamedCurve -->
+        <ObjectProvider qualifiedName="ds11:NamedCurve">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.NamedCurveBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.NamedCurveMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.NamedCurveUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- PublicKey -->
+        <ObjectProvider qualifiedName="ds11:PublicKey">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.PublicKeyBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.CryptoBinaryUnmarshaller"/>
+        </ObjectProvider>
+
+        <!-- X509Digest -->
+        <ObjectProvider qualifiedName="ds11:X509Digest">
+            <BuilderClass className="org.opensaml.xmlsec.signature.impl.X509DigestBuilder"/>
+            <MarshallingClass className="org.opensaml.xmlsec.signature.impl.X509DigestMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.xmlsec.signature.impl.X509DigestUnmarshaller"/>
+        </ObjectProvider>
 
     </ObjectProviders>
 
-</XMLTooling>
+</XMLTooling>

backend/src/main/resources/modified-saml2-assertion-config.xml

@@ -230,7 +230,19 @@
             <MarshallingClass className="org.opensaml.saml.saml2.core.impl.NameIDTypeMarshaller"/>
             <UnmarshallingClass className="org.opensaml.saml.saml2.core.impl.NameIDTypeUnmarshaller"/>
         </ObjectProvider>
-
+
+        <ObjectProvider qualifiedName="saml2:Issuer">
+            <BuilderClass className="org.opensaml.saml.saml2.core.impl.IssuerBuilder"/>
+            <MarshallingClass className="org.opensaml.saml.saml2.core.impl.NameIDTypeMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.saml.saml2.core.impl.NameIDTypeUnmarshaller"/>
+        </ObjectProvider>
+
+        <ObjectProvider qualifiedName="saml2:IssuerType">
+            <BuilderClass className="org.opensaml.saml.saml2.core.impl.IssuerBuilder"/>
+            <MarshallingClass className="org.opensaml.saml.saml2.core.impl.NameIDTypeMarshaller"/>
+            <UnmarshallingClass className="org.opensaml.saml.saml2.core.impl.NameIDTypeUnmarshaller"/>
+        </ObjectProvider>
+
         <!-- OneTimeUse -->
         <ObjectProvider qualifiedName="saml2:OneTimeUse">
             <BuilderClass className="org.opensaml.saml.saml2.core.impl.OneTimeUseBuilder"/>

pac4j-module/build.gradle

@@ -46,8 +46,11 @@ dependencies {
         exclude group: 'org.opensaml'
         exclude group: 'commons-collections'
     }
+    // But we do need this opensaml lib that wasn't provided
+    implementation "org.opensaml:opensaml-storage-impl:${project.'opensamlVersion'}"
     compile "org.apache.commons:commons-collections4:${project.'commonsCollections4Version'}"
 
+
     testCompile project(':backend')
     testCompile "org.opensaml:opensaml-saml-api:${project.'opensamlVersion'}"
 

pac4j-module/src/main/java/net/unicon/shibui/pac4j/WebSecurity.java

@@ -5,7 +5,7 @@
 import edu.internet2.tier.shibboleth.admin.ui.security.service.IRolesService;
 import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService;
 import edu.internet2.tier.shibboleth.admin.ui.service.EmailService;
-import static net.unicon.shibui.pac4j.Pac4jConfiguration.PAC4J_CLIENT_NAME;
+import org.pac4j.core.authorization.authorizer.DefaultAuthorizers;
 import org.pac4j.core.config.Config;
 import org.pac4j.core.matching.matcher.Matcher;
 import org.pac4j.springframework.security.web.CallbackFilter;
@@ -26,6 +26,8 @@
 import javax.servlet.Filter;
 import java.util.Optional;
 
+import static net.unicon.shibui.pac4j.Pac4jConfiguration.PAC4J_CLIENT_NAME;
+
 @Configuration
 @AutoConfigureOrder(-1)
 @ConditionalOnProperty(name = "shibui.pac4j-enabled", havingValue = "true")
@@ -62,7 +64,8 @@ public Pac4jWebSecurityConfigurerAdapter(final Config config, UserService userSe
         protected void configure(HttpSecurity http) throws Exception {
             http.authorizeRequests().antMatchers("/unsecured/**/*").permitAll();
 
-            final SecurityFilter securityFilter = new SecurityFilter(this.config, PAC4J_CLIENT_NAME);
+            // adding the authorizor bypasses the default behavior of checking CSRF in Pac4J's default securitylogic+defaultauthorizationchecker
+            final SecurityFilter securityFilter = new SecurityFilter(this.config, PAC4J_CLIENT_NAME, DefaultAuthorizers.IS_AUTHENTICATED);
 
             // add filter based on auth type 
             http.antMatcher("/**").addFilterBefore(getFilter(config, pac4jConfigurationProperties.getTypeOfAuth()), BasicAuthenticationFilter.class);