Merged in SHIBUI-1218 (pull request #291)

SHIBUI-1218

Approved-by: Bill Smith <wsmith@unicon.net>

backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/UserBootstrap.groovy

@@ -29,6 +29,13 @@ class UserBootstrap {
     @Transactional
     @EventListener
     void bootstrapUsersAndRoles(ApplicationStartedEvent e) {
+        if (shibUIConfiguration.roles) {
+            log.info("bootstrapping roles")
+            shibUIConfiguration.roles.each { it ->
+                def role = roleRepository.findByName(it).orElse(new Role(name: it))
+                roleRepository.saveAndFlush(role)
+            }
+        }
         if (shibUIConfiguration.userBootstrapResource) {
             log.info("configuring users from ${shibUIConfiguration.userBootstrapResource.URI}")
             new CSVReader(new InputStreamReader(shibUIConfiguration.userBootstrapResource.inputStream)).each { it ->

backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/ShibUIConfiguration.java

@@ -8,6 +8,7 @@
 
 import java.util.List;
 import java.util.Optional;
+import java.util.Set;
 
 @Configuration
 @ConfigurationProperties(prefix = "shibui")
@@ -24,7 +25,7 @@ public class ShibUIConfiguration {
      * A Resource containing a CSV of users to bootstrap into the system. Currently, this must be in format
      *
      * <code>
-     * username,password,firstName,lastName,role
+     * username,password,firstName,lastName,role,email
      * </code>
      *
      * Note that the password must be encrypted in the file. Ensure that you prepend the encoder to the value, e.g.
@@ -34,4 +35,9 @@ public class ShibUIConfiguration {
      * </code>
      */
     private Resource userBootstrapResource;
+
+    /**
+     * A list of roles to bootstrap into the system.
+     */
+    private Set<String> roles;
 }

backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/UserBootstrapTests.groovy

@@ -44,4 +44,19 @@ class UserBootstrapTests extends Specification {
         assert userRepository.findAll().size() == 2
         assert roleRepository.findAll().size() == 2
     }
+
+    def "bootstrap roles"() {
+        setup:
+        shibUIConfiguration.roles = ['ROLE_ADMIN', 'ROLE_USER']
+        def userbootstrap = new UserBootstrap(shibUIConfiguration, userRepository, roleRepository)
+
+        when:
+        userbootstrap.bootstrapUsersAndRoles(null)
+
+        then:
+        noExceptionThrown()
+        assert roleRepository.findAll().size() == 2
+        assert roleRepository.findByName('ROLE_ADMIN').get()
+        assert roleRepository.findByName('ROLE_USER').get()
+    }
 }

pac4j-module/src/test/docker/conf/application.yml

@@ -1,6 +1,6 @@
 spring:
   profiles:
-    include: dev
+    include:
 server:
   port: 8443
   ssl:
@@ -9,6 +9,8 @@ server:
     keyStoreType: "PKCS12"
     keyAlias: "tomcat"
 shibui:
+  user-bootstrap-resource: file:/conf/users.csv
+  roles: ROLE_ADMIN,ROLE_NONE,ROLE_USER,ROLE_PONY
   pac4j:
     keystorePath: "/conf/samlKeystore.jks"
     keystorePassword: "changeit"
@@ -19,6 +21,11 @@ shibui:
     forceServiceProviderMetadataGeneration: true
     callbackUrl: "https://localhost:8443/callback"
     maximumAuthenticationLifetime: 3600000
+    saml2ProfileMapping:
+      username: urn:oid:0.9.2342.19200300.100.1.1
+      firstName: urn:oid:2.5.4.42
+      lastName: urn:oid:2.5.4.4
+      email: urn:oid:0.9.2342.19200300.100.1.3
 logging:
   level:
     org.pac4j: "TRACE"