From ff0c36d2099b8a1fc5f961e544b37eaa58ce2f95 Mon Sep 17 00:00:00 2001 From: jdotcms Date: Fri, 5 Jun 2020 17:29:06 -0600 Subject: [PATCH 1/9] Adding some enhacements in order to fetch the user by id or email on the assertion nameID, also adding a new variable on the configuration to avoid sync of the user assersion with the dotcms database --- build.gradle | 13 ++ .../DotsamlDefaultPropertiesService.java | 5 + .../saml/v3/parameters/DotsamlProperties.java | 11 +- .../v3/parameters/DotsamlPropertyName.java | 10 +- .../OpenSamlAuthenticationServiceImpl.java | 118 ++++++++++-------- 5 files changed, 100 insertions(+), 57 deletions(-) create mode 100644 build.gradle diff --git a/build.gradle b/build.gradle new file mode 100644 index 0000000..aeb970d --- /dev/null +++ b/build.gradle @@ -0,0 +1,13 @@ +apply plugin: 'java' + +repositories { + maven { url "http://repo.dotcms.com/artifactory/libs-release" } +} + +dependencies { + compile('com.dotcms:dotcms:5.3.1') { transitive = true } + compile fileTree(dir: 'ROOT/dotserver/tomcat-8.5.32/webapps/ROOT/WEB-INF/lib', include: ['*.jar']) +} + +sourceSets.main.java.srcDirs += ['src'] + diff --git a/src/com/dotcms/plugin/saml/v3/parameters/DotsamlDefaultPropertiesService.java b/src/com/dotcms/plugin/saml/v3/parameters/DotsamlDefaultPropertiesService.java index 3960fa9..73bfe94 100644 --- a/src/com/dotcms/plugin/saml/v3/parameters/DotsamlDefaultPropertiesService.java +++ b/src/com/dotcms/plugin/saml/v3/parameters/DotsamlDefaultPropertiesService.java @@ -215,6 +215,9 @@ public static void updateDefaultParameter(DotsamlPropertyName property, String v case DOTCMS_SAML_LOGIN_UPDATE_EMAIL: defaultParams.setDotcmsSamlLoginEmailUpdate(Boolean.parseBoolean(value)); break; + case DOT_SAML_ALLOW_USER_SYNCHRONIZATION: + defaultParams.setAllowUserSynchronization(Boolean.parseBoolean(value)); + break; default: Logger.warn(DotsamlDefaultPropertiesService.class, NOT_FOUND_ERROR + property.getPropertyName() + ":" + value); @@ -317,6 +320,8 @@ public static boolean getDefaultBooleanParameter(DotsamlPropertyName property) t return defaultParams.isDotcmsSamlClearLocationQueryParams(); case DOTCMS_SAML_LOGIN_UPDATE_EMAIL: return defaultParams.isDotcmsSamlLoginEmailUpdate(); + case DOT_SAML_ALLOW_USER_SYNCHRONIZATION: + return defaultParams.isAllowUserSynchronization(); default: break; } diff --git a/src/com/dotcms/plugin/saml/v3/parameters/DotsamlProperties.java b/src/com/dotcms/plugin/saml/v3/parameters/DotsamlProperties.java index fc5655f..31f5eff 100644 --- a/src/com/dotcms/plugin/saml/v3/parameters/DotsamlProperties.java +++ b/src/com/dotcms/plugin/saml/v3/parameters/DotsamlProperties.java @@ -48,6 +48,7 @@ public class DotsamlProperties { private Boolean dotSamlVerifySignatureProfile = true; private Boolean dotcmsSamlClearLocationQueryParams = true; private Boolean dotcmsSamlLoginEmailUpdate = true; + private boolean allowUserSynchronization = true; public String getDotSamlAccessFilterValues() { return dotSamlAccessFilterValues; @@ -354,4 +355,12 @@ public Boolean isDotcmsSamlLoginEmailUpdate() { public void setDotcmsSamlLoginEmailUpdate(Boolean dotcmsSamlLoginEmailUpdate) { this.dotcmsSamlLoginEmailUpdate = dotcmsSamlLoginEmailUpdate; } -} \ No newline at end of file + + public boolean isAllowUserSynchronization() { + return allowUserSynchronization; + } + + public void setAllowUserSynchronization(final Boolean allowUserSynchronization) { + this.allowUserSynchronization = allowUserSynchronization; + } +} diff --git a/src/com/dotcms/plugin/saml/v3/parameters/DotsamlPropertyName.java b/src/com/dotcms/plugin/saml/v3/parameters/DotsamlPropertyName.java index 50627ef..3b245ac 100644 --- a/src/com/dotcms/plugin/saml/v3/parameters/DotsamlPropertyName.java +++ b/src/com/dotcms/plugin/saml/v3/parameters/DotsamlPropertyName.java @@ -219,7 +219,15 @@ public enum DotsamlPropertyName { * SAML User */ DOTCMS_SAML_OPTIONAL_USER_ROLE("role.extra"), - + + /** + * By default dotcms will allows the user synchronization, this means if the user does not exists on their database the user will be added to their storage, roles, etc. + * In case you do not want any synchronization set this to false. + * + */ + DOT_SAML_ALLOW_USER_SYNCHRONIZATION("allow.user.synchronization"), + + /** * If you want to allow to create an user that does not exists on the IdP, * set this to true, otherwise false. By default it is false, so won't allow diff --git a/src/com/dotcms/plugin/saml/v3/service/OpenSamlAuthenticationServiceImpl.java b/src/com/dotcms/plugin/saml/v3/service/OpenSamlAuthenticationServiceImpl.java index 016789a..45f9652 100644 --- a/src/com/dotcms/plugin/saml/v3/service/OpenSamlAuthenticationServiceImpl.java +++ b/src/com/dotcms/plugin/saml/v3/service/OpenSamlAuthenticationServiceImpl.java @@ -1,44 +1,5 @@ package com.dotcms.plugin.saml.v3.service; -import static com.dotcms.plugin.saml.v3.key.DotSamlConstants.DOTCMS_SAML_BUILD_ROLES_ALL_VALUE; -import static com.dotcms.plugin.saml.v3.key.DotSamlConstants.DOTCMS_SAML_BUILD_ROLES_IDP_VALUE; -import static com.dotcms.plugin.saml.v3.key.DotSamlConstants.DOTCMS_SAML_BUILD_ROLES_NONE_VALUE; -import static com.dotcms.plugin.saml.v3.key.DotSamlConstants.DOTCMS_SAML_BUILD_ROLES_STATIC_ADD_VALUE; -import static com.dotcms.plugin.saml.v3.key.DotSamlConstants.SAML_USER_ID; -import static com.dotcms.plugin.saml.v3.util.SamlUtils.buildAuthnRequest; -import static com.dotcms.plugin.saml.v3.util.SamlUtils.buildLogoutRequest; -import static com.dotcms.plugin.saml.v3.util.SamlUtils.getCredential; -import static com.dotcms.plugin.saml.v3.util.SamlUtils.getIdentityProviderDestinationEndpoint; -import static com.dotcms.plugin.saml.v3.util.SamlUtils.getIdentityProviderSLODestinationEndpoint; -import static com.dotcms.plugin.saml.v3.util.SamlUtils.toXMLObjectString; -import static com.dotmarketing.util.UtilMethods.isSet; - -import java.io.IOException; -import java.io.UnsupportedEncodingException; -import java.net.URLDecoder; -import java.util.Arrays; -import java.util.Date; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - -import org.opensaml.core.xml.XMLObject; -import org.opensaml.messaging.context.MessageContext; -import org.opensaml.messaging.encoder.MessageEncodingException; -import org.opensaml.saml.common.messaging.context.SAMLEndpointContext; -import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext; -import org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder; -import org.opensaml.saml.saml2.core.Assertion; -import org.opensaml.saml.saml2.core.Attribute; -import org.opensaml.saml.saml2.core.AttributeStatement; -import org.opensaml.saml.saml2.core.AuthnRequest; -import org.opensaml.saml.saml2.core.LogoutRequest; -import org.opensaml.saml.saml2.core.NameID; -import org.opensaml.xmlsec.SignatureSigningParameters; -import org.opensaml.xmlsec.context.SecurityParametersContext; -import org.opensaml.xmlsec.signature.support.SignatureConstants; - import com.dotcms.plugin.saml.v3.beans.AttributesBean; import com.dotcms.plugin.saml.v3.config.IdpConfig; import com.dotcms.plugin.saml.v3.config.SamlSiteValidator; @@ -53,11 +14,10 @@ import com.dotcms.plugin.saml.v3.parameters.DotsamlPropertyName; import com.dotcms.plugin.saml.v3.util.SiteIdpConfigResolver; import com.dotcms.repackage.com.google.common.annotations.VisibleForTesting; -import org.apache.commons.lang.StringUtils; import com.dotmarketing.business.APILocator; import com.dotmarketing.business.DotStateException; -import com.dotmarketing.business.NoSuchUserException; import com.dotmarketing.business.DuplicateUserException; +import com.dotmarketing.business.NoSuchUserException; import com.dotmarketing.business.Role; import com.dotmarketing.business.RoleAPI; import com.dotmarketing.business.UserAPI; @@ -71,9 +31,47 @@ import com.dotmarketing.util.UUIDGenerator; import com.dotmarketing.util.UtilMethods; import com.dotmarketing.util.json.JSONException; +import com.liferay.portal.model.Company; import com.liferay.portal.model.User; - import net.shibboleth.utilities.java.support.component.ComponentInitializationException; +import org.apache.commons.lang.StringUtils; +import org.opensaml.core.xml.XMLObject; +import org.opensaml.messaging.context.MessageContext; +import org.opensaml.messaging.encoder.MessageEncodingException; +import org.opensaml.saml.common.messaging.context.SAMLEndpointContext; +import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext; +import org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder; +import org.opensaml.saml.saml2.core.Assertion; +import org.opensaml.saml.saml2.core.Attribute; +import org.opensaml.saml.saml2.core.AttributeStatement; +import org.opensaml.saml.saml2.core.AuthnRequest; +import org.opensaml.saml.saml2.core.LogoutRequest; +import org.opensaml.saml.saml2.core.NameID; +import org.opensaml.xmlsec.SignatureSigningParameters; +import org.opensaml.xmlsec.context.SecurityParametersContext; +import org.opensaml.xmlsec.signature.support.SignatureConstants; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.net.URLDecoder; +import java.util.Arrays; +import java.util.Date; + +import static com.dotcms.plugin.saml.v3.key.DotSamlConstants.DOTCMS_SAML_BUILD_ROLES_ALL_VALUE; +import static com.dotcms.plugin.saml.v3.key.DotSamlConstants.DOTCMS_SAML_BUILD_ROLES_IDP_VALUE; +import static com.dotcms.plugin.saml.v3.key.DotSamlConstants.DOTCMS_SAML_BUILD_ROLES_NONE_VALUE; +import static com.dotcms.plugin.saml.v3.key.DotSamlConstants.DOTCMS_SAML_BUILD_ROLES_STATIC_ADD_VALUE; +import static com.dotcms.plugin.saml.v3.key.DotSamlConstants.SAML_USER_ID; +import static com.dotcms.plugin.saml.v3.util.SamlUtils.buildAuthnRequest; +import static com.dotcms.plugin.saml.v3.util.SamlUtils.buildLogoutRequest; +import static com.dotcms.plugin.saml.v3.util.SamlUtils.getCredential; +import static com.dotcms.plugin.saml.v3.util.SamlUtils.getIdentityProviderDestinationEndpoint; +import static com.dotcms.plugin.saml.v3.util.SamlUtils.getIdentityProviderSLODestinationEndpoint; +import static com.dotcms.plugin.saml.v3.util.SamlUtils.toXMLObjectString; +import static com.dotmarketing.util.UtilMethods.isSet; /** * Authentication with Open SAML @@ -759,7 +757,11 @@ public User resolveUser(final Assertion assertion, final IdpConfig idpConfig) { systemUser = this.userAPI.getSystemUser(); - user = this.userAPI.loadUserById(attributesBean.getNameID().getValue(), systemUser, false); + final Company company = APILocator.getCompanyAPI().getDefaultCompany(); + final String authType = company.getAuthType(); + user = Company.AUTH_TYPE_ID.equals(authType )? + this.userAPI.loadUserById(attributesBean.getNameID().getValue(), systemUser, false): + this.userAPI.loadByUserByEmail(attributesBean.getNameID().getValue(), systemUser, false); } catch (AttributesNotFoundException e) { Logger.error(this, e.getMessage()); return null; @@ -772,19 +774,25 @@ public User resolveUser(final Assertion assertion, final IdpConfig idpConfig) { user = null; } - if (null == user) { - // if user does not exists, create a new one. - user = this.createNewUser(systemUser, attributesBean, idpConfig); - } else { - // update it, since exists - user = this.updateUser(user, systemUser, attributesBean, idpConfig); - } + // check if the client wants synchronization + final boolean createUserWhenDoesNotExists = DotsamlPropertiesService.getOptionBoolean(idpConfig, + DotsamlPropertyName.DOT_SAML_ALLOW_USER_SYNCHRONIZATION); + if (createUserWhenDoesNotExists) { + if (null == user) { + // if user does not exists, create a new one. + user = this.createNewUser(systemUser, attributesBean, idpConfig); + } else { + // update it, since exists + user = this.updateUser(user, systemUser, attributesBean, idpConfig); + } - if (user.isActive()) { - this.addRoles(user, attributesBean, idpConfig); - } else { - Logger.info(this, "User with ID '" + attributesBean.getNameID().getValue() + "' is not active. No roles " + - "were added."); + if (user.isActive()) { + + this.addRoles(user, attributesBean, idpConfig); + } else { + Logger.info(this, "User with ID '" + attributesBean.getNameID().getValue() + "' is not active. No roles " + + "were added."); + } } return user; From 3963e5c3d1ee66c620c2410b1190cda424e2b5b4 Mon Sep 17 00:00:00 2001 From: jdotcms Date: Thu, 18 Jun 2020 14:22:45 -0600 Subject: [PATCH 2/9] adding logs for the migration --- src/com/dotcms/plugin/saml/v3/beans/AttributesBean.java | 1 + src/com/dotcms/plugin/saml/v3/cache/SamlCache.java | 1 + src/com/dotcms/plugin/saml/v3/cache/SamlCacheImpl.java | 1 + src/com/dotcms/plugin/saml/v3/config/CredentialHelper.java | 1 + src/com/dotcms/plugin/saml/v3/config/CredentialProvider.java | 2 +- src/com/dotcms/plugin/saml/v3/config/IdpConfig.java | 1 + src/com/dotcms/plugin/saml/v3/config/IdpConfigComparator.java | 1 + src/com/dotcms/plugin/saml/v3/config/IdpConfigFileHelper.java | 1 + src/com/dotcms/plugin/saml/v3/config/IdpConfigHelper.java | 1 + .../dotcms/plugin/saml/v3/config/IdpConfigWriterReader.java | 1 + src/com/dotcms/plugin/saml/v3/config/IdpJsonTransformer.java | 1 + src/com/dotcms/plugin/saml/v3/config/MetaDataHelper.java | 1 + .../plugin/saml/v3/config/OptionalPropertiesHelper.java | 1 + src/com/dotcms/plugin/saml/v3/config/SamlSiteValidator.java | 1 + src/com/dotcms/plugin/saml/v3/config/SiteJsonTransformer.java | 1 + .../plugin/saml/v3/exception/AttributesNotFoundException.java | 1 + src/com/dotcms/plugin/saml/v3/exception/DotSamlException.java | 1 + .../saml/v3/exception/NotNullEmailAllowedException.java | 1 + .../plugin/saml/v3/exception/SamlUnauthorizedException.java | 1 + src/com/dotcms/plugin/saml/v3/filter/AutoLoginResult.java | 1 + src/com/dotcms/plugin/saml/v3/filter/SamlAccessFilter.java | 1 + src/com/dotcms/plugin/saml/v3/filter/SamlFilter.java | 1 + .../plugin/saml/v3/handler/AssertionResolverHandler.java | 1 + .../saml/v3/handler/AssertionResolverHandlerFactory.java | 2 +- .../saml/v3/handler/HttpPostAssertionResolverHandlerImpl.java | 2 +- src/com/dotcms/plugin/saml/v3/init/Initializer.java | 1 + src/com/dotcms/plugin/saml/v3/init/SamlInitializer.java | 1 + src/com/dotcms/plugin/saml/v3/key/BindingType.java | 1 + src/com/dotcms/plugin/saml/v3/key/DotSamlConstants.java | 2 +- .../plugin/saml/v3/meta/DefaultMetaDescriptorServiceImpl.java | 2 +- src/com/dotcms/plugin/saml/v3/meta/MetaDescriptorService.java | 1 + .../saml/v3/parameters/DotsamlDefaultPropertiesService.java | 1 + .../dotcms/plugin/saml/v3/parameters/DotsamlProperties.java | 1 + .../plugin/saml/v3/parameters/DotsamlPropertiesService.java | 1 + .../dotcms/plugin/saml/v3/parameters/DotsamlPropertyName.java | 1 + .../plugin/saml/v3/service/DotHTTPRedirectDeflateEncoder.java | 4 ++-- src/org/opensaml/xml/util/Base64.java | 4 ++-- 37 files changed, 39 insertions(+), 9 deletions(-) diff --git a/src/com/dotcms/plugin/saml/v3/beans/AttributesBean.java b/src/com/dotcms/plugin/saml/v3/beans/AttributesBean.java index 64d3d92..2367fcb 100644 --- a/src/com/dotcms/plugin/saml/v3/beans/AttributesBean.java +++ b/src/com/dotcms/plugin/saml/v3/beans/AttributesBean.java @@ -13,6 +13,7 @@ * * @author jsanca */ +// Migrated public class AttributesBean implements Serializable { private static final long serialVersionUID = 1836313856887837731L; diff --git a/src/com/dotcms/plugin/saml/v3/cache/SamlCache.java b/src/com/dotcms/plugin/saml/v3/cache/SamlCache.java index 7f0c98d..e7eb44a 100644 --- a/src/com/dotcms/plugin/saml/v3/cache/SamlCache.java +++ b/src/com/dotcms/plugin/saml/v3/cache/SamlCache.java @@ -16,6 +16,7 @@ * @version 4.3.2 * @since 03-27-2018 */ +// Not-need public abstract class SamlCache implements Cachable { protected static final String DEFAULT = "default"; diff --git a/src/com/dotcms/plugin/saml/v3/cache/SamlCacheImpl.java b/src/com/dotcms/plugin/saml/v3/cache/SamlCacheImpl.java index 237ad62..411f464 100644 --- a/src/com/dotcms/plugin/saml/v3/cache/SamlCacheImpl.java +++ b/src/com/dotcms/plugin/saml/v3/cache/SamlCacheImpl.java @@ -31,6 +31,7 @@ * @version 4.3.2 * @since 03-27-2018 */ +// Not-need public class SamlCacheImpl extends SamlCache { protected DotCacheAdministrator cache = null; diff --git a/src/com/dotcms/plugin/saml/v3/config/CredentialHelper.java b/src/com/dotcms/plugin/saml/v3/config/CredentialHelper.java index c512ae6..35f7711 100644 --- a/src/com/dotcms/plugin/saml/v3/config/CredentialHelper.java +++ b/src/com/dotcms/plugin/saml/v3/config/CredentialHelper.java @@ -5,6 +5,7 @@ import com.dotcms.plugin.saml.v3.parameters.DotsamlPropertyName; import com.dotcms.plugin.saml.v3.util.InstanceUtil; +// Migrated public class CredentialHelper { /** diff --git a/src/com/dotcms/plugin/saml/v3/config/CredentialProvider.java b/src/com/dotcms/plugin/saml/v3/config/CredentialProvider.java index 86ba8d1..ce71a61 100644 --- a/src/com/dotcms/plugin/saml/v3/config/CredentialProvider.java +++ b/src/com/dotcms/plugin/saml/v3/config/CredentialProvider.java @@ -11,6 +11,7 @@ * * @author jsanca */ +// Migrated public interface CredentialProvider extends Serializable { /** @@ -20,4 +21,3 @@ public interface CredentialProvider extends Serializable */ Credential createCredential(); } - \ No newline at end of file diff --git a/src/com/dotcms/plugin/saml/v3/config/IdpConfig.java b/src/com/dotcms/plugin/saml/v3/config/IdpConfig.java index 608ca73..b1f5bd1 100644 --- a/src/com/dotcms/plugin/saml/v3/config/IdpConfig.java +++ b/src/com/dotcms/plugin/saml/v3/config/IdpConfig.java @@ -6,6 +6,7 @@ import java.util.Properties; import java.util.stream.Collectors; +// TODO: partially migrated public class IdpConfig { private String id; diff --git a/src/com/dotcms/plugin/saml/v3/config/IdpConfigComparator.java b/src/com/dotcms/plugin/saml/v3/config/IdpConfigComparator.java index 1a8dce7..5134c80 100644 --- a/src/com/dotcms/plugin/saml/v3/config/IdpConfigComparator.java +++ b/src/com/dotcms/plugin/saml/v3/config/IdpConfigComparator.java @@ -2,6 +2,7 @@ import java.util.Comparator; +// todo: not migrated yet public class IdpConfigComparator implements Comparator { @Override diff --git a/src/com/dotcms/plugin/saml/v3/config/IdpConfigFileHelper.java b/src/com/dotcms/plugin/saml/v3/config/IdpConfigFileHelper.java index 77c94d4..5c22444 100644 --- a/src/com/dotcms/plugin/saml/v3/config/IdpConfigFileHelper.java +++ b/src/com/dotcms/plugin/saml/v3/config/IdpConfigFileHelper.java @@ -12,6 +12,7 @@ import java.nio.file.Path; import java.nio.file.StandardCopyOption; +// todo: not migrated public class IdpConfigFileHelper implements Serializable { private static final long serialVersionUID = 2810853018482556705L; diff --git a/src/com/dotcms/plugin/saml/v3/config/IdpConfigHelper.java b/src/com/dotcms/plugin/saml/v3/config/IdpConfigHelper.java index 8186718..302d302 100644 --- a/src/com/dotcms/plugin/saml/v3/config/IdpConfigHelper.java +++ b/src/com/dotcms/plugin/saml/v3/config/IdpConfigHelper.java @@ -17,6 +17,7 @@ import java.util.List; import java.util.Map; +// todo: partially migrated public class IdpConfigHelper extends IdpConfigFileHelper implements Serializable { private static class SingletonHolder diff --git a/src/com/dotcms/plugin/saml/v3/config/IdpConfigWriterReader.java b/src/com/dotcms/plugin/saml/v3/config/IdpConfigWriterReader.java index 3e3c9c9..fce1723 100644 --- a/src/com/dotcms/plugin/saml/v3/config/IdpConfigWriterReader.java +++ b/src/com/dotcms/plugin/saml/v3/config/IdpConfigWriterReader.java @@ -14,6 +14,7 @@ import java.util.List; import java.util.Map; +// todo: not migrated public class IdpConfigWriterReader { public static final String IDP_CONFIGS = "samlConfigs"; diff --git a/src/com/dotcms/plugin/saml/v3/config/IdpJsonTransformer.java b/src/com/dotcms/plugin/saml/v3/config/IdpJsonTransformer.java index 7a3833d..d32fa2f 100644 --- a/src/com/dotcms/plugin/saml/v3/config/IdpJsonTransformer.java +++ b/src/com/dotcms/plugin/saml/v3/config/IdpJsonTransformer.java @@ -10,6 +10,7 @@ import java.util.Iterator; import java.util.Properties; +// todo: not migrated public class IdpJsonTransformer { private static String getCanonicalPathIfExists( File file ) throws IOException diff --git a/src/com/dotcms/plugin/saml/v3/config/MetaDataHelper.java b/src/com/dotcms/plugin/saml/v3/config/MetaDataHelper.java index fb9f4bc..798e2b7 100644 --- a/src/com/dotcms/plugin/saml/v3/config/MetaDataHelper.java +++ b/src/com/dotcms/plugin/saml/v3/config/MetaDataHelper.java @@ -20,6 +20,7 @@ * @version 4.3.2 * @since 03-31-2018 */ +// todo: not migrated yet public class MetaDataHelper { /** * Gets the metadata, null if it can not be created. diff --git a/src/com/dotcms/plugin/saml/v3/config/OptionalPropertiesHelper.java b/src/com/dotcms/plugin/saml/v3/config/OptionalPropertiesHelper.java index ae582b5..4cbf729 100755 --- a/src/com/dotcms/plugin/saml/v3/config/OptionalPropertiesHelper.java +++ b/src/com/dotcms/plugin/saml/v3/config/OptionalPropertiesHelper.java @@ -13,6 +13,7 @@ * @version 4.3.2 * @since 03-31-2018 */ +// todo; not migrated public class OptionalPropertiesHelper { /** diff --git a/src/com/dotcms/plugin/saml/v3/config/SamlSiteValidator.java b/src/com/dotcms/plugin/saml/v3/config/SamlSiteValidator.java index c1ef9ad..2150989 100755 --- a/src/com/dotcms/plugin/saml/v3/config/SamlSiteValidator.java +++ b/src/com/dotcms/plugin/saml/v3/config/SamlSiteValidator.java @@ -8,6 +8,7 @@ * * @author jsanca */ +// todo: not migrated yet public class SamlSiteValidator { public static boolean checkBuildRoles( final String buildRolesProperty ) diff --git a/src/com/dotcms/plugin/saml/v3/config/SiteJsonTransformer.java b/src/com/dotcms/plugin/saml/v3/config/SiteJsonTransformer.java index 21878c7..c5067ff 100644 --- a/src/com/dotcms/plugin/saml/v3/config/SiteJsonTransformer.java +++ b/src/com/dotcms/plugin/saml/v3/config/SiteJsonTransformer.java @@ -8,6 +8,7 @@ import java.util.Iterator; import java.util.Map; +// todo: not migrated public class SiteJsonTransformer { public static JSONObject getJsonObjecFromtMap( Map map ) throws JSONException diff --git a/src/com/dotcms/plugin/saml/v3/exception/AttributesNotFoundException.java b/src/com/dotcms/plugin/saml/v3/exception/AttributesNotFoundException.java index 86a1ea7..42fdd31 100755 --- a/src/com/dotcms/plugin/saml/v3/exception/AttributesNotFoundException.java +++ b/src/com/dotcms/plugin/saml/v3/exception/AttributesNotFoundException.java @@ -4,6 +4,7 @@ * Runtime exception used to handle errors when attributes might not be * extracted from the Assertion object Created by nollymar on 3/15/17. */ +// migrated public class AttributesNotFoundException extends RuntimeException { private static final long serialVersionUID = 4345557895408407837L; diff --git a/src/com/dotcms/plugin/saml/v3/exception/DotSamlException.java b/src/com/dotcms/plugin/saml/v3/exception/DotSamlException.java index 8efb526..419663b 100755 --- a/src/com/dotcms/plugin/saml/v3/exception/DotSamlException.java +++ b/src/com/dotcms/plugin/saml/v3/exception/DotSamlException.java @@ -5,6 +5,7 @@ * * @author jsanca */ +// migrated public class DotSamlException extends RuntimeException { private static final long serialVersionUID = -3569526825729783600L; diff --git a/src/com/dotcms/plugin/saml/v3/exception/NotNullEmailAllowedException.java b/src/com/dotcms/plugin/saml/v3/exception/NotNullEmailAllowedException.java index ed4658b..e70c9d3 100755 --- a/src/com/dotcms/plugin/saml/v3/exception/NotNullEmailAllowedException.java +++ b/src/com/dotcms/plugin/saml/v3/exception/NotNullEmailAllowedException.java @@ -2,6 +2,7 @@ import javax.servlet.http.HttpServletResponse; +// migrated public class NotNullEmailAllowedException extends AttributesNotFoundException { private static final long serialVersionUID = -3622432364873488814L; diff --git a/src/com/dotcms/plugin/saml/v3/exception/SamlUnauthorizedException.java b/src/com/dotcms/plugin/saml/v3/exception/SamlUnauthorizedException.java index 0a0c785..803073e 100755 --- a/src/com/dotcms/plugin/saml/v3/exception/SamlUnauthorizedException.java +++ b/src/com/dotcms/plugin/saml/v3/exception/SamlUnauthorizedException.java @@ -7,6 +7,7 @@ * * @author jsanca */ +// migrated public class SamlUnauthorizedException extends DotSamlException { private static final long serialVersionUID = 2827175662161844965L; diff --git a/src/com/dotcms/plugin/saml/v3/filter/AutoLoginResult.java b/src/com/dotcms/plugin/saml/v3/filter/AutoLoginResult.java index db266f9..7331a7a 100755 --- a/src/com/dotcms/plugin/saml/v3/filter/AutoLoginResult.java +++ b/src/com/dotcms/plugin/saml/v3/filter/AutoLoginResult.java @@ -2,6 +2,7 @@ import javax.servlet.http.HttpSession; +// todo: no migrated public class AutoLoginResult { private final HttpSession session; diff --git a/src/com/dotcms/plugin/saml/v3/filter/SamlAccessFilter.java b/src/com/dotcms/plugin/saml/v3/filter/SamlAccessFilter.java index 9e37ab1..5a4cea2 100755 --- a/src/com/dotcms/plugin/saml/v3/filter/SamlAccessFilter.java +++ b/src/com/dotcms/plugin/saml/v3/filter/SamlAccessFilter.java @@ -46,6 +46,7 @@ * * @author jsanca */ +// todo: not migrated public class SamlAccessFilter extends SamlFilter implements Filter { public SamlAccessFilter() { super(InstanceUtil.newInstance( diff --git a/src/com/dotcms/plugin/saml/v3/filter/SamlFilter.java b/src/com/dotcms/plugin/saml/v3/filter/SamlFilter.java index e23cded..53a4acb 100644 --- a/src/com/dotcms/plugin/saml/v3/filter/SamlFilter.java +++ b/src/com/dotcms/plugin/saml/v3/filter/SamlFilter.java @@ -63,6 +63,7 @@ import com.liferay.portal.model.User; import com.liferay.portal.servlet.PortletSessionPool; +// todo: not migrated public class SamlFilter implements Filter { protected static final String BY_PASS_KEY = "native"; protected static final String BY_PASS_VALUE = "true"; diff --git a/src/com/dotcms/plugin/saml/v3/handler/AssertionResolverHandler.java b/src/com/dotcms/plugin/saml/v3/handler/AssertionResolverHandler.java index 5f9f515..f26ddb1 100755 --- a/src/com/dotcms/plugin/saml/v3/handler/AssertionResolverHandler.java +++ b/src/com/dotcms/plugin/saml/v3/handler/AssertionResolverHandler.java @@ -18,6 +18,7 @@ * * @author jsanca */ +// migrated public interface AssertionResolverHandler extends Serializable { public static final int DOT_SAML_CLOCK_SKEW_DEFAULT_VALUE = 1000; diff --git a/src/com/dotcms/plugin/saml/v3/handler/AssertionResolverHandlerFactory.java b/src/com/dotcms/plugin/saml/v3/handler/AssertionResolverHandlerFactory.java index 8be1853..d044d87 100755 --- a/src/com/dotcms/plugin/saml/v3/handler/AssertionResolverHandlerFactory.java +++ b/src/com/dotcms/plugin/saml/v3/handler/AssertionResolverHandlerFactory.java @@ -15,7 +15,7 @@ * * @author jsanca */ - +// migrated public class AssertionResolverHandlerFactory implements Serializable { private static final long serialVersionUID = 2434118681822205248L; diff --git a/src/com/dotcms/plugin/saml/v3/handler/HttpPostAssertionResolverHandlerImpl.java b/src/com/dotcms/plugin/saml/v3/handler/HttpPostAssertionResolverHandlerImpl.java index ea5620c..5d933d1 100755 --- a/src/com/dotcms/plugin/saml/v3/handler/HttpPostAssertionResolverHandlerImpl.java +++ b/src/com/dotcms/plugin/saml/v3/handler/HttpPostAssertionResolverHandlerImpl.java @@ -43,7 +43,7 @@ * * @author jsanca */ - +// migrated public class HttpPostAssertionResolverHandlerImpl implements AssertionResolverHandler { private static final long serialVersionUID = 3479922364325870009L; diff --git a/src/com/dotcms/plugin/saml/v3/init/Initializer.java b/src/com/dotcms/plugin/saml/v3/init/Initializer.java index 41f6763..9e140fe 100755 --- a/src/com/dotcms/plugin/saml/v3/init/Initializer.java +++ b/src/com/dotcms/plugin/saml/v3/init/Initializer.java @@ -7,6 +7,7 @@ * Defines a contract to initialize the plugin * @author jsanca */ +// migrated public interface Initializer extends Serializable { diff --git a/src/com/dotcms/plugin/saml/v3/init/SamlInitializer.java b/src/com/dotcms/plugin/saml/v3/init/SamlInitializer.java index 770a0fc..679397e 100644 --- a/src/com/dotcms/plugin/saml/v3/init/SamlInitializer.java +++ b/src/com/dotcms/plugin/saml/v3/init/SamlInitializer.java @@ -25,6 +25,7 @@ * * @author jsanca */ +// migrated public class SamlInitializer implements Initializer { diff --git a/src/com/dotcms/plugin/saml/v3/key/BindingType.java b/src/com/dotcms/plugin/saml/v3/key/BindingType.java index b88e3dd..36a3ed1 100644 --- a/src/com/dotcms/plugin/saml/v3/key/BindingType.java +++ b/src/com/dotcms/plugin/saml/v3/key/BindingType.java @@ -5,6 +5,7 @@ * * @author jsanca */ +// migrated public enum BindingType { AUTHN_REQUEST( "urn:mace:shibboleth:1.0:profiles:AuthnRequest" ), diff --git a/src/com/dotcms/plugin/saml/v3/key/DotSamlConstants.java b/src/com/dotcms/plugin/saml/v3/key/DotSamlConstants.java index 4d4b3db..0e9699a 100644 --- a/src/com/dotcms/plugin/saml/v3/key/DotSamlConstants.java +++ b/src/com/dotcms/plugin/saml/v3/key/DotSamlConstants.java @@ -8,7 +8,7 @@ * * @author jsanca */ - +// Migrated public class DotSamlConstants { public static final char ARRAY_SEPARATOR_CHAR = ','; public static final String HTTP_SCHEMA = "http://"; diff --git a/src/com/dotcms/plugin/saml/v3/meta/DefaultMetaDescriptorServiceImpl.java b/src/com/dotcms/plugin/saml/v3/meta/DefaultMetaDescriptorServiceImpl.java index 3aef9f6..401e068 100755 --- a/src/com/dotcms/plugin/saml/v3/meta/DefaultMetaDescriptorServiceImpl.java +++ b/src/com/dotcms/plugin/saml/v3/meta/DefaultMetaDescriptorServiceImpl.java @@ -54,7 +54,7 @@ * * @author jsanca */ - +// migrated public class DefaultMetaDescriptorServiceImpl implements MetaDescriptorService { private static final long serialVersionUID = 7259833793217618045L; diff --git a/src/com/dotcms/plugin/saml/v3/meta/MetaDescriptorService.java b/src/com/dotcms/plugin/saml/v3/meta/MetaDescriptorService.java index 6809038..c9cdba8 100755 --- a/src/com/dotcms/plugin/saml/v3/meta/MetaDescriptorService.java +++ b/src/com/dotcms/plugin/saml/v3/meta/MetaDescriptorService.java @@ -12,6 +12,7 @@ * * @author jsanca */ +// migrated public interface MetaDescriptorService extends Serializable { String X_509 = "X.509"; diff --git a/src/com/dotcms/plugin/saml/v3/parameters/DotsamlDefaultPropertiesService.java b/src/com/dotcms/plugin/saml/v3/parameters/DotsamlDefaultPropertiesService.java index 73bfe94..f6229a5 100644 --- a/src/com/dotcms/plugin/saml/v3/parameters/DotsamlDefaultPropertiesService.java +++ b/src/com/dotcms/plugin/saml/v3/parameters/DotsamlDefaultPropertiesService.java @@ -11,6 +11,7 @@ import com.dotmarketing.util.Logger; import com.liferay.util.FileUtil; +// todo: should migrated public class DotsamlDefaultPropertiesService { public static final String INTEGER_PARSE_ERROR = "Unable to parse Integer value: "; diff --git a/src/com/dotcms/plugin/saml/v3/parameters/DotsamlProperties.java b/src/com/dotcms/plugin/saml/v3/parameters/DotsamlProperties.java index 31f5eff..526bc98 100644 --- a/src/com/dotcms/plugin/saml/v3/parameters/DotsamlProperties.java +++ b/src/com/dotcms/plugin/saml/v3/parameters/DotsamlProperties.java @@ -8,6 +8,7 @@ import com.dotcms.plugin.saml.v3.key.DotSamlConstants; import org.apache.commons.lang.StringUtils; +// todo: partially migrated public class DotsamlProperties { private String dotSamlAccessFilterValues = null; diff --git a/src/com/dotcms/plugin/saml/v3/parameters/DotsamlPropertiesService.java b/src/com/dotcms/plugin/saml/v3/parameters/DotsamlPropertiesService.java index a0b2622..f34059c 100644 --- a/src/com/dotcms/plugin/saml/v3/parameters/DotsamlPropertiesService.java +++ b/src/com/dotcms/plugin/saml/v3/parameters/DotsamlPropertiesService.java @@ -12,6 +12,7 @@ * @version 4.3.2 * @since 03-31-2018 */ +// todo: partially migrated public class DotsamlPropertiesService { /** diff --git a/src/com/dotcms/plugin/saml/v3/parameters/DotsamlPropertyName.java b/src/com/dotcms/plugin/saml/v3/parameters/DotsamlPropertyName.java index 3b245ac..52e8c62 100644 --- a/src/com/dotcms/plugin/saml/v3/parameters/DotsamlPropertyName.java +++ b/src/com/dotcms/plugin/saml/v3/parameters/DotsamlPropertyName.java @@ -5,6 +5,7 @@ import com.dotcms.plugin.saml.v3.meta.DefaultMetaDescriptorServiceImpl; import com.dotcms.plugin.saml.v3.meta.MetaDescriptorService; +// migrated public enum DotsamlPropertyName { //@formatter:off diff --git a/src/com/dotcms/plugin/saml/v3/service/DotHTTPRedirectDeflateEncoder.java b/src/com/dotcms/plugin/saml/v3/service/DotHTTPRedirectDeflateEncoder.java index 5c79d08..1b016e3 100644 --- a/src/com/dotcms/plugin/saml/v3/service/DotHTTPRedirectDeflateEncoder.java +++ b/src/com/dotcms/plugin/saml/v3/service/DotHTTPRedirectDeflateEncoder.java @@ -19,7 +19,7 @@ import java.net.MalformedURLException; import java.util.List; - +// migrated public class DotHTTPRedirectDeflateEncoder extends HTTPRedirectDeflateEncoder { private final boolean clearQueryParams; @@ -78,4 +78,4 @@ protected String buildRedirectURL(MessageContext messageContext, Str return urlBuilder.buildURL(); } -} \ No newline at end of file +} diff --git a/src/org/opensaml/xml/util/Base64.java b/src/org/opensaml/xml/util/Base64.java index 7ee971d..1040d25 100755 --- a/src/org/opensaml/xml/util/Base64.java +++ b/src/org/opensaml/xml/util/Base64.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.opensaml.xml.util; +package org.opensaml.xml.util; /** * Encodes and decodes to and from Base64 notation. @@ -1290,4 +1290,4 @@ public void resumeEncoding() { } // end inner class OutputStream -} // end class Base64 \ No newline at end of file +} // end class Base64 From d156ed964d7bdc37b44f366583773e528cbb7984 Mon Sep 17 00:00:00 2001 From: jdotcms Date: Mon, 27 Jul 2020 12:17:39 -0600 Subject: [PATCH 3/9] Added change to be align with 5.3.4 --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index aeb970d..89cbaa8 100644 --- a/build.gradle +++ b/build.gradle @@ -5,7 +5,7 @@ repositories { } dependencies { - compile('com.dotcms:dotcms:5.3.1') { transitive = true } + compile('com.dotcms:dotcms:5.3.4.1') { transitive = true } compile fileTree(dir: 'ROOT/dotserver/tomcat-8.5.32/webapps/ROOT/WEB-INF/lib', include: ['*.jar']) } From 91d50f4e012bac8ba8805bccbebb686e027c5243 Mon Sep 17 00:00:00 2001 From: jdotcms Date: Mon, 27 Jul 2020 13:55:31 -0600 Subject: [PATCH 4/9] Added changes to be align with 5.3.4 --- .../saml/v3/config/IdpConfigHelper.java | 5 +- .../saml/v3/filter/AutoLoginResult.java | 2 +- .../plugin/saml/v3/filter/SamlFilter.java | 6 +- .../rest/config/DotRestApplication.java | 242 ++++++++------ .../dotmarketing/business/CacheLocator.java | 302 +----------------- 5 files changed, 155 insertions(+), 402 deletions(-) diff --git a/src/com/dotcms/plugin/saml/v3/config/IdpConfigHelper.java b/src/com/dotcms/plugin/saml/v3/config/IdpConfigHelper.java index 302d302..b8fc68a 100644 --- a/src/com/dotcms/plugin/saml/v3/config/IdpConfigHelper.java +++ b/src/com/dotcms/plugin/saml/v3/config/IdpConfigHelper.java @@ -2,9 +2,8 @@ import com.dotcms.plugin.saml.v3.cache.SamlCache; -import com.dotmarketing.business.CacheLocator; +import com.dotcms.plugin.saml.v3.cache.SamlCacheImpl; import com.dotmarketing.exception.DotDataException; -import com.dotmarketing.util.Logger; import com.dotmarketing.util.UUIDGenerator; import com.dotmarketing.util.UtilMethods; import com.dotmarketing.util.json.JSONException; @@ -32,7 +31,7 @@ public static IdpConfigHelper getInstance() return IdpConfigHelper.SingletonHolder.INSTANCE; } - private SamlCache samlCache = CacheLocator.getSamlCache(); + private SamlCache samlCache = new SamlCacheImpl(); public IdpConfigHelper() { diff --git a/src/com/dotcms/plugin/saml/v3/filter/AutoLoginResult.java b/src/com/dotcms/plugin/saml/v3/filter/AutoLoginResult.java index 7331a7a..7e96293 100755 --- a/src/com/dotcms/plugin/saml/v3/filter/AutoLoginResult.java +++ b/src/com/dotcms/plugin/saml/v3/filter/AutoLoginResult.java @@ -2,7 +2,7 @@ import javax.servlet.http.HttpSession; -// todo: no migrated +// todo: migrated public class AutoLoginResult { private final HttpSession session; diff --git a/src/com/dotcms/plugin/saml/v3/filter/SamlFilter.java b/src/com/dotcms/plugin/saml/v3/filter/SamlFilter.java index 53a4acb..493a97a 100644 --- a/src/com/dotcms/plugin/saml/v3/filter/SamlFilter.java +++ b/src/com/dotcms/plugin/saml/v3/filter/SamlFilter.java @@ -341,7 +341,7 @@ protected void doAuthenticationLoginSecurityLog(final HttpServletRequest request */ protected boolean isNotLogged(final HttpServletRequest request, final HttpSession session) { boolean isNotLogged = true; - boolean isBackend = this.isBackEndAdmin(session, request.getRequestURI()); + boolean isBackend = this.isBackEndAdmin(request, request.getRequestURI()); try { isNotLogged = (isBackend) ? !this.userWebAPI.isLoggedToBackend(request) : null == this.userWebAPI.getLoggedInFrontendUser(request); @@ -477,10 +477,6 @@ protected HttpSession renewSession(final HttpServletRequest request, HttpSession * @return If the user or its URI can be associated to the dotCMS back-end login, returns {@code true}. Otherwise, * returns {@code false}. */ - protected boolean isBackEndAdmin(final HttpSession session, final String uri) { - return PageMode.get(session).isAdmin || this.isBackEndLoginPage(uri); - } - protected boolean isBackEndAdmin(final HttpServletRequest request, final String uri) { return PageMode.get(request).isAdmin || this.isBackEndLoginPage(uri); } diff --git a/src/com/dotcms/rest/config/DotRestApplication.java b/src/com/dotcms/rest/config/DotRestApplication.java index 2bdf715..f4b819c 100755 --- a/src/com/dotcms/rest/config/DotRestApplication.java +++ b/src/com/dotcms/rest/config/DotRestApplication.java @@ -1,14 +1,16 @@ package com.dotcms.rest.config; -import com.dotcms.contenttype.model.field.FieldTypeResource; +import java.util.Map; +import java.util.Set; +import java.util.concurrent.ConcurrentHashMap; + import com.dotcms.plugin.saml.v3.rest.DotSamlRestService; import com.dotcms.plugin.saml.v3.rest.api.v1.DotSamlResource; -import com.dotcms.rest.api.v1.personalization.PersonalizationResource; -import com.dotcms.rest.api.v1.system.UpgradeTaskResource; -import com.dotcms.rest.api.v1.temp.TempFileResource; import org.glassfish.jersey.media.multipart.MultiPartFeature; +import com.dotcms.contenttype.model.field.FieldTypeResource; import com.dotcms.rest.RulesEnginePortlet; import com.dotcms.rest.TagResource; +import com.dotcms.rest.api.v1.apps.AppsResource; import com.dotcms.rest.api.v1.authentication.ApiTokenResource; import com.dotcms.rest.api.v1.authentication.AuthenticationResource; import com.dotcms.rest.api.v1.authentication.CreateJsonWebTokenResource; @@ -16,11 +18,13 @@ import com.dotcms.rest.api.v1.authentication.LoginFormResource; import com.dotcms.rest.api.v1.authentication.LogoutResource; import com.dotcms.rest.api.v1.authentication.ResetPasswordResource; +import com.dotcms.rest.api.v1.browser.BrowserResource; import com.dotcms.rest.api.v1.browsertree.BrowserTreeResource; import com.dotcms.rest.api.v1.categories.CategoriesResource; import com.dotcms.rest.api.v1.container.ContainerResource; import com.dotcms.rest.api.v1.content.ContentRelationshipsResource; import com.dotcms.rest.api.v1.content.ContentVersionResource; +import com.dotcms.rest.api.v1.content.ResourceLinkResource; import com.dotcms.rest.api.v1.contenttype.ContentTypeResource; import com.dotcms.rest.api.v1.contenttype.FieldResource; import com.dotcms.rest.api.v1.contenttype.FieldVariableResource; @@ -31,8 +35,10 @@ import com.dotcms.rest.api.v1.menu.MenuResource; import com.dotcms.rest.api.v1.page.NavResource; import com.dotcms.rest.api.v1.page.PageResource; +import com.dotcms.rest.api.v1.personalization.PersonalizationResource; import com.dotcms.rest.api.v1.personas.PersonaResource; import com.dotcms.rest.api.v1.portlet.PortletResource; +import com.dotcms.rest.api.v1.pushpublish.PushPublishFilterResource; import com.dotcms.rest.api.v1.relationships.RelationshipsResource; import com.dotcms.rest.api.v1.site.SiteResource; import com.dotcms.rest.api.v1.sites.ruleengine.rules.RuleResource; @@ -42,18 +48,20 @@ import com.dotcms.rest.api.v1.sites.ruleengine.rules.conditions.ConditionValueResource; import com.dotcms.rest.api.v1.system.AppContextInitResource; import com.dotcms.rest.api.v1.system.ConfigurationResource; +import com.dotcms.rest.api.v1.system.UpgradeTaskResource; import com.dotcms.rest.api.v1.system.i18n.I18NResource; import com.dotcms.rest.api.v1.system.monitor.MonitorResource; import com.dotcms.rest.api.v1.system.role.RoleResource; import com.dotcms.rest.api.v1.system.ruleengine.actionlets.ActionletsResource; import com.dotcms.rest.api.v1.system.ruleengine.conditionlets.ConditionletsResource; +import com.dotcms.rest.api.v1.temp.TempFileResource; import com.dotcms.rest.api.v1.theme.ThemeResource; import com.dotcms.rest.api.v1.user.UserResource; import com.dotcms.rest.api.v1.vtl.VTLResource; import com.dotcms.rest.personas.PersonasResourcePortlet; - -import java.util.HashSet; -import java.util.Set; +import com.dotcms.rest.servlet.ReloadableServletContainer; +import com.google.common.collect.ImmutableSet; +import com.dotcms.rest.api.v1.pushpublish.PushPublishFilterResource; /** * This class provides the list of all the REST end-points in dotCMS. Every new @@ -66,110 +74,132 @@ */ public class DotRestApplication extends javax.ws.rs.core.Application { - protected volatile static Set> REST_CLASSES = null; - - @Override - public Set> getClasses() { - if(REST_CLASSES == null){ - synchronized (this.getClass().getName().intern()) { - if(REST_CLASSES == null){ - REST_CLASSES = new HashSet<>(); - REST_CLASSES.add(MultiPartFeature.class); - REST_CLASSES.add(com.dotcms.rest.ESIndexResource.class); - REST_CLASSES.add(com.dotcms.rest.api.v1.index.ESIndexResource.class); - REST_CLASSES.add(com.dotcms.rest.RoleResource.class); - REST_CLASSES.add(com.dotcms.rest.BundleResource.class); - REST_CLASSES.add(com.dotcms.rest.StructureResource.class); - REST_CLASSES.add(com.dotcms.rest.ContentResource.class); - REST_CLASSES.add(com.dotcms.rest.BundlePublisherResource.class); - REST_CLASSES.add(com.dotcms.rest.JSPPortlet.class); - REST_CLASSES.add(com.dotcms.rest.AuditPublishingResource.class); - REST_CLASSES.add(com.dotcms.rest.WidgetResource.class); - REST_CLASSES.add(com.dotcms.rest.CMSConfigResource.class); - REST_CLASSES.add(com.dotcms.rest.OSGIResource.class); - REST_CLASSES.add(com.dotcms.rest.UserResource.class); - REST_CLASSES.add(com.dotcms.rest.ClusterResource.class); - REST_CLASSES.add(com.dotcms.rest.EnvironmentResource.class); - REST_CLASSES.add(com.dotcms.rest.api.v1.notification.NotificationResource.class); - REST_CLASSES.add(com.dotcms.rest.IntegrityResource.class); - REST_CLASSES.add(com.dotcms.rest.LicenseResource.class); - REST_CLASSES.add(com.dotcms.rest.WorkflowResource.class); - - REST_CLASSES.add(com.dotcms.rest.RestExamplePortlet.class); - REST_CLASSES.add(com.dotcms.rest.elasticsearch.ESContentResourcePortlet.class); - REST_CLASSES.add(PersonaResource.class); - REST_CLASSES.add(UserResource.class); - REST_CLASSES.add(com.dotcms.rest.api.v2.user.UserResource.class); - REST_CLASSES.add(TagResource.class); - - REST_CLASSES.add(RulesEnginePortlet.class); - REST_CLASSES.add(RuleResource.class); - REST_CLASSES.add(ConditionGroupResource.class); - REST_CLASSES.add(ConditionResource.class); - REST_CLASSES.add(ConditionValueResource.class); - REST_CLASSES.add(PersonasResourcePortlet.class); - - REST_CLASSES.add(ConditionletsResource.class); - REST_CLASSES.add(MonitorResource.class); - REST_CLASSES.add(ActionResource.class); - REST_CLASSES.add(ActionletsResource.class); - REST_CLASSES.add(I18NResource.class); - REST_CLASSES.add(LanguagesResource.class); - REST_CLASSES.add(com.dotcms.rest.api.v2.languages.LanguagesResource.class); - - REST_CLASSES.add(MenuResource.class); - - REST_CLASSES.add(AuthenticationResource.class); - REST_CLASSES.add(LogoutResource.class); - REST_CLASSES.add(LoginFormResource.class); - REST_CLASSES.add(ForgotPasswordResource.class); - REST_CLASSES.add(ConfigurationResource.class); - REST_CLASSES.add(AppContextInitResource.class); - REST_CLASSES.add(SiteResource.class); - REST_CLASSES.add(ContentTypeResource.class); - REST_CLASSES.add(FieldResource.class); - REST_CLASSES.add(com.dotcms.rest.api.v2.contenttype.FieldResource.class); - REST_CLASSES.add(com.dotcms.rest.api.v3.contenttype.FieldResource.class); - REST_CLASSES.add(FieldTypeResource.class); - REST_CLASSES.add(FieldVariableResource.class); - REST_CLASSES.add(ResetPasswordResource.class); - REST_CLASSES.add(RoleResource.class); - REST_CLASSES.add(CreateJsonWebTokenResource.class); - REST_CLASSES.add(ApiTokenResource.class); - REST_CLASSES.add(PortletResource.class); - REST_CLASSES.add(EventsResource.class); - REST_CLASSES.add(FolderResource.class); - - REST_CLASSES.add(BrowserTreeResource.class); - - REST_CLASSES.add(CategoriesResource.class); - REST_CLASSES.add(PageResource.class); - REST_CLASSES.add(ContentRelationshipsResource.class); - - REST_CLASSES.add(com.dotcms.rest.api.v1.workflow.WorkflowResource.class); - REST_CLASSES.add(ContainerResource.class); + /** + * these are system resources and should never change + */ + private final static Set> INTERNAL_CLASSES = ImmutableSet.>builder() + .add(MultiPartFeature.class) + .add(com.dotcms.rest.api.v1.index.ESIndexResource.class) + .add(com.dotcms.rest.RoleResource.class) + .add(com.dotcms.rest.BundleResource.class) + .add(com.dotcms.rest.StructureResource.class) + .add(com.dotcms.rest.ContentResource.class) + .add(com.dotcms.rest.BundlePublisherResource.class) + .add(com.dotcms.rest.JSPPortlet.class) + .add(com.dotcms.rest.AuditPublishingResource.class) + .add(com.dotcms.rest.WidgetResource.class) + .add(com.dotcms.rest.CMSConfigResource.class) + .add(com.dotcms.rest.OSGIResource.class) + .add(com.dotcms.rest.UserResource.class) + .add(com.dotcms.rest.ClusterResource.class) + .add(com.dotcms.rest.EnvironmentResource.class) + .add(com.dotcms.rest.api.v1.notification.NotificationResource.class) + .add(com.dotcms.rest.IntegrityResource.class) + .add(com.dotcms.rest.LicenseResource.class) + .add(com.dotcms.rest.WorkflowResource.class) + .add(com.dotcms.rest.RestExamplePortlet.class) + .add(com.dotcms.rest.elasticsearch.ESContentResourcePortlet.class) + .add(PersonaResource.class) + .add(UserResource.class) + .add(com.dotcms.rest.api.v2.user.UserResource.class) + .add(TagResource.class) + .add(RulesEnginePortlet.class) + .add(RuleResource.class) + .add(ConditionGroupResource.class) + .add(ConditionResource.class) + .add(ConditionValueResource.class) + .add(PersonasResourcePortlet.class) + .add(ConditionletsResource.class) + .add(MonitorResource.class) + .add(ActionResource.class) + .add(ActionletsResource.class) + .add(I18NResource.class) + .add(LanguagesResource.class) + .add(com.dotcms.rest.api.v2.languages.LanguagesResource.class) + .add(MenuResource.class) + .add(AuthenticationResource.class) + .add(LogoutResource.class) + .add(LoginFormResource.class) + .add(ForgotPasswordResource.class) + .add(ConfigurationResource.class) + .add(AppContextInitResource.class) + .add(SiteResource.class) + .add(ContentTypeResource.class) + .add(FieldResource.class) + .add(com.dotcms.rest.api.v2.contenttype.FieldResource.class) + .add(com.dotcms.rest.api.v3.contenttype.FieldResource.class) + .add(FieldTypeResource.class) + .add(FieldVariableResource.class) + .add(ResetPasswordResource.class) + .add(RoleResource.class) + .add(CreateJsonWebTokenResource.class) + .add(ApiTokenResource.class) + .add(PortletResource.class) + .add(EventsResource.class) + .add(FolderResource.class) + .add(BrowserTreeResource.class) + .add(CategoriesResource.class) + .add(PageResource.class) + .add(ContentRelationshipsResource.class) + .add(com.dotcms.rest.api.v1.workflow.WorkflowResource.class) + .add(ContainerResource.class) + .add(ThemeResource.class) + .add(NavResource.class) + .add(RelationshipsResource.class) + .add(VTLResource.class) + .add(ContentVersionResource.class) + .add(FileAssetsResource.class) + .add(PersonalizationResource.class) + .add(TempFileResource.class) + .add(UpgradeTaskResource.class) + .add(AppsResource.class) + .add(BrowserResource.class) + .add(ResourceLinkResource.class) + .add(PushPublishFilterResource.class) + .add(DotSamlResource.class) + .add(DotSamlRestService.class) + .build(); + + + /** + * This is the cheap way to create a concurrent set of user provided classes + */ + private final static Map, Boolean> customClasses = new ConcurrentHashMap<>(); + + /** + * adds a class and reloads + * @param clazz + */ + public synchronized static void addClass(Class clazz) { + if(clazz==null)return; + if(!customClasses.containsKey(clazz)) { + customClasses.put(clazz, true); + ReloadableServletContainer.reload(new DotRestApplication()); + } + } - REST_CLASSES.add(ThemeResource.class); - REST_CLASSES.add(NavResource.class); - REST_CLASSES.add(RelationshipsResource.class); + /** + * removes a class and reloads + * @param clazz + */ + public synchronized static void removeClass(Class clazz) { + if(clazz==null)return; + if(customClasses.containsKey(clazz)) { + customClasses.remove(clazz); + ReloadableServletContainer.reload(new DotRestApplication()); + } + } - REST_CLASSES.add(VTLResource.class); - REST_CLASSES.add(ContentVersionResource.class); - REST_CLASSES.add(FileAssetsResource.class); + @Override + public Set> getClasses() { + return ImmutableSet.>builder() + .addAll(customClasses.keySet()) + .addAll(INTERNAL_CLASSES) + .build(); - REST_CLASSES.add(PersonalizationResource.class); - REST_CLASSES.add(TempFileResource.class); + } - REST_CLASSES.add(UpgradeTaskResource.class); - // SAML RESOURCES - REST_CLASSES.add(DotSamlResource.class); - REST_CLASSES.add(DotSamlRestService.class); - } - } - } - return REST_CLASSES; - } } diff --git a/src/com/dotmarketing/business/CacheLocator.java b/src/com/dotmarketing/business/CacheLocator.java index ef3de89..b11089a 100644 --- a/src/com/dotmarketing/business/CacheLocator.java +++ b/src/com/dotmarketing/business/CacheLocator.java @@ -4,8 +4,10 @@ import com.dotcms.business.SystemCache; import com.dotcms.cache.KeyValueCache; import com.dotcms.cache.KeyValueCacheImpl; -import com.dotcms.cache.VanityUrlCache; -import com.dotcms.cache.VanityUrlCacheImpl; + +import com.dotcms.vanityurl.cache.VanityUrlCache; +import com.dotcms.vanityurl.cache.VanityUrlCacheImpl; +import com.dotcms.content.elasticsearch.ESQueryCache; import com.dotcms.content.elasticsearch.business.IndiciesCache; import com.dotcms.content.elasticsearch.business.IndiciesCacheImpl; import com.dotcms.contenttype.business.ContentTypeCache2; @@ -14,8 +16,6 @@ import com.dotcms.csspreproc.CSSCacheImpl; import com.dotcms.notifications.business.NewNotificationCache; import com.dotcms.notifications.business.NewNotificationCacheImpl; -import com.dotcms.plugin.saml.v3.cache.SamlCache; -import com.dotcms.plugin.saml.v3.cache.SamlCacheImpl; import com.dotcms.publisher.assets.business.PushedAssetsCache; import com.dotcms.publisher.assets.business.PushedAssetsCacheImpl; import com.dotcms.publisher.endpoint.business.PublishingEndPointCache; @@ -23,6 +23,11 @@ import com.dotcms.rendering.velocity.services.DotResourceCache; import com.dotcms.rendering.velocity.viewtools.navigation.NavToolCache; import com.dotcms.rendering.velocity.viewtools.navigation.NavToolCacheImpl; + +import com.dotcms.security.apps.AppsCache; +import com.dotcms.security.apps.AppsCacheImpl; + + import com.dotmarketing.business.cache.transport.CacheTransport; import com.dotmarketing.business.portal.PortletCache; import com.dotmarketing.cache.ContentTypeCache; @@ -70,285 +75,6 @@ import com.dotmarketing.util.WebKeys; - -/** - * FactoryLocator is a factory method to get single(ton) service objects. - * This is a kind of implementation, and there may be others. - * - * @author Carlos Rivas (crivas) - * @author Jason Tesser - * @author Nathan (Ethode) - * @author Jose Castro - * @version 1.6 - * @since 5.1.6 - */ -public class CacheLocator extends Locator{ - - - - private static CacheLocator instance; - private static DotCacheAdministrator adminCache; - - private CacheLocator() { - super(); - } - - public synchronized static void init(){ - long start = System.currentTimeMillis(); - if(instance != null) - return; - - String clazz = Config.getStringProperty("cache.locator.class", ChainableCacheAdministratorImpl.class.getCanonicalName()); - Logger.info(CacheLocator.class, "loading cache administrator: "+clazz); - try{ - adminCache = new CommitListenerCacheWrapper((DotCacheAdministrator) Class.forName(clazz).newInstance()); - - String cTransClass = Config.getStringProperty("CACHE_INVALIDATION_TRANSPORT_CLASS","com.dotmarketing.business.jgroups.JGroupsCacheTransport"); - CacheTransport cTrans = (CacheTransport)Class.forName(cTransClass).newInstance(); - adminCache.setTransport(cTrans); - - } - catch(Exception e){ - Logger.fatal(CacheLocator.class, "Unable to load Cache Admin:" + clazz, e); - } - - instance = new CacheLocator(); - - /* - Initializing the Cache Providers: - - It needs to be initialized in a different call as the providers depend on the - license level, and the license level needs an already created instance of the CacheLocator - to work. - */ - adminCache.initProviders(); - System.setProperty(WebKeys.DOTCMS_STARTUP_TIME_CACHE, String.valueOf(System.currentTimeMillis() - start)); - } - - public static SystemCache getSystemCache() { - return (SystemCache)getInstance(CacheIndex.System); - } - - /** - * Returns the caching mechanism for the SAML Authentication plugin. - * - * @return The {@link SamlCache} instance. - */ - public static SamlCache getSamlCache() { - return (SamlCache) getInstance( CacheIndex.Saml ); - } - - public static PermissionCache getPermissionCache() { - return (PermissionCache)getInstance(CacheIndex.Permission); - } - - public static RoleCache getRoleCache() { - return (RoleCache)getInstance(CacheIndex.Role); - } - - public static com.dotmarketing.business.RoleCache getCmsRoleCache() { - return (com.dotmarketing.business.RoleCache)getInstance(CacheIndex.CMSRole); - } - - public static CategoryCache getCategoryCache() { - return (CategoryCache)getInstance(CacheIndex.Category); - } - - public static TagCache getTagCache() { - return (TagCache)getInstance(CacheIndex.Tag); - } - - public static TagInodeCache getTagInodeCache() { - return (TagInodeCache)getInstance(CacheIndex.TagInode); - } - - public static ContentletCache getContentletCache() { - return (ContentletCache)getInstance(CacheIndex.Contentlet); - } - - - public static DotResourceCache getVeloctyResourceCache(){ - return (DotResourceCache)getInstance(CacheIndex.Velocity2); - } - public static LogMapperCache getLogMapperCache () { - return ( LogMapperCache ) getInstance( CacheIndex.LogMapper ); - } - - public static RelationshipCache getRelationshipCache() { - return (RelationshipCache)getInstance(CacheIndex.Relationship); - } - - public static PluginCache getPluginCache() { - return (PluginCache)getInstance(CacheIndex.Plugin); - } - - public static LanguageCache getLanguageCache() { - return (LanguageCache)getInstance(CacheIndex.Language); - } - - public static UserCache getUserCache() { - return (UserCache)getInstance(CacheIndex.User); - } - - public static UserProxyCache getUserProxyCache() { - return (UserProxyCache)getInstance(CacheIndex.Userproxy); - } - - public static LayoutCache getLayoutCache() { - return (LayoutCache)getInstance(CacheIndex.Layout); - } - public static PortletCache getPortletCache() { - return (PortletCache)getInstance(CacheIndex.PortletCache); - } - public static IdentifierCache getIdentifierCache() { - return (IdentifierCache)getInstance(CacheIndex.Identifier); - } - - public static HTMLPageCache getHTMLPageCache() { - return (HTMLPageCache)getInstance(CacheIndex.HTMLPage); - } - - public static MenuLinkCache getMenuLinkCache() { - return (MenuLinkCache)getInstance(CacheIndex.Menulink); - } - - public static ContainerCache getContainerCache() { - return (ContainerCache)getInstance(CacheIndex.Container); - } - - public static TemplateCache getTemplateCache() { - return (TemplateCache)getInstance(CacheIndex.Template); - } - - public static HostCache getHostCache() { - return (HostCache)getInstance(CacheIndex.Host); - } - - public static BlockDirectiveCache getBlockDirectiveCache() { - return (BlockDirectiveCache)getInstance(CacheIndex.Block_Directive); - } - - public static BlockPageCache getBlockPageCache() { - return (BlockPageCache) getInstance(CacheIndex.Block_Page); - } - - public static VersionableCache getVersionableCache() { - return (VersionableCache)getInstance(CacheIndex.Versionable); - } - - public static FolderCache getFolderCache() { - return (FolderCache)getInstance(CacheIndex.FolderCache); - } - public static WorkflowCache getWorkFlowCache() { - return (WorkflowCache) getInstance(CacheIndex.WorkflowCache); - } - - public static HostVariablesCache getHostVariablesCache() { - return (HostVariablesCache)getInstance(CacheIndex.HostVariables); - } - - public static IndiciesCache getIndiciesCache() { - return (IndiciesCache)getInstance(CacheIndex.Indicies); - } - - - public static NavToolCache getNavToolCache() { - return (NavToolCache) getInstance(CacheIndex.NavTool); - } - - public static PublishingEndPointCache getPublishingEndPointCache() { - return (PublishingEndPointCache)getInstance(CacheIndex.PublishingEndPoint); - } - - public static PushedAssetsCache getPushedAssetsCache() { - return (PushedAssetsCache)getInstance(CacheIndex.PushedAssets); - } - - public static CSSCache getCSSCache() { - return (CSSCache)getInstance(CacheIndex.CSSCache); - } - - public static NewNotificationCache getNewNotificationCache() { - return (NewNotificationCache)getInstance(CacheIndex.NewNotification); - } - - public static RulesCache getRulesCache() { - return (RulesCache) getInstance(CacheIndex.RulesCache); - } - - public static SiteVisitCache getSiteVisitCache() { - return (SiteVisitCache) getInstance(CacheIndex.SiteVisitCache); - } - public static ContentTypeCache getContentTypeCache() { - return (ContentTypeCache) getInstance(CacheIndex.ContentTypeCache); - } - - public static ContentTypeCache2 getContentTypeCache2() { - return (ContentTypeCache2) getInstance(CacheIndex.ContentTypeCache2); - } - - public static VanityUrlCache getVanityURLCache() { - return (VanityUrlCache) getInstance(CacheIndex.VanityURLCache); - } - - public static MultiTreeCache getMultiTreeCache() { - return (MultiTreeCache) getInstance(CacheIndex.MultiTreeCache); - } - /** - * - * @return - */ - public static KeyValueCache getKeyValueCache() { - return (KeyValueCache) getInstance(CacheIndex.KeyValueCache); - } - public static ApiTokenCache getApiTokenCache() { - return (ApiTokenCache) getInstance(CacheIndex.ApiTokenCache); - } - /** - * The legacy cache administrator will invalidate cache entries within a cluster - * on a put where the non legacy one will not. - * @return - */ - public static DotCacheAdministrator getCacheAdministrator(){ - return adminCache; - } - - private static Object getInstance(CacheIndex index) { - if(instance == null){ - init(); - if(instance == null){ - Logger.fatal(CacheLocator.class, "CACHE IS NOT INITIALIZED : THIS SHOULD NEVER HAPPEN"); - throw new DotRuntimeException("CACHE IS NOT INITIALIZED : THIS SHOULD NEVER HAPPEN"); - } - } - - Object serviceRef = instance.getServiceInstance(index); - - Logger.debug(CacheLocator.class, instance.audit(index)); - - return serviceRef; - } - - @Override - protected Object createService(CacheIndex enumObj) { - return enumObj.create(); - } - - @Override - protected Locator getLocatorInstance() { - return instance; - } - - public static CacheIndex[] getCacheIndexes(){ - return CacheIndex.values(); - } - - public static Cachable getCache (String value) { - return (Cachable)getInstance(CacheIndex.getCacheIndex(value)); - } - -} - /** * * @author Carlos Rivas (crivas) @@ -360,7 +86,6 @@ public static Cachable getCache (String value) { enum CacheIndex { System("System"), - Saml( "Saml" ), Permission("Permission"), CMSRole("CMS Role"), Role("Role"), @@ -403,12 +128,13 @@ enum CacheIndex MultiTreeCache("MultiTree Cache"), ApiTokenCache("ApiTokenCache"), PortletCache("PortletCache"), - KeyValueCache("Key/Value Cache"); + ESQueryCache("ESQueryCache"), + KeyValueCache("Key/Value Cache"), + AppsCache("Apps"); Cachable create() { switch(this) { case System: return new SystemCache(); - case Saml: return new SamlCacheImpl(); case Permission: return new PermissionCacheImpl(); case Category: return new CategoryCacheImpl(); case Tag: return new TagCacheImpl(); @@ -451,6 +177,8 @@ Cachable create() { case MultiTreeCache : return new MultiTreeCache(); case ApiTokenCache : return new ApiTokenCache(); case PortletCache : return new PortletCache(); + case AppsCache: return new AppsCacheImpl(); + case ESQueryCache : return new com.dotcms.content.elasticsearch.ESQueryCache(); } throw new AssertionError("Unknown Cache index: " + this); @@ -475,4 +203,4 @@ public static CacheIndex getCacheIndex (String value) { return null; } -} \ No newline at end of file +} From 3a85665672efd7a59e238513cc0346bffaa6daaf Mon Sep 17 00:00:00 2001 From: jdotcms Date: Mon, 27 Jul 2020 14:00:15 -0600 Subject: [PATCH 5/9] removed unnecessary files --- .../dotmarketing/business/CacheLocator.java | 206 ------------------ 1 file changed, 206 deletions(-) delete mode 100644 src/com/dotmarketing/business/CacheLocator.java diff --git a/src/com/dotmarketing/business/CacheLocator.java b/src/com/dotmarketing/business/CacheLocator.java deleted file mode 100644 index b11089a..0000000 --- a/src/com/dotmarketing/business/CacheLocator.java +++ /dev/null @@ -1,206 +0,0 @@ -package com.dotmarketing.business; - -import com.dotcms.auth.providers.jwt.factories.ApiTokenCache; -import com.dotcms.business.SystemCache; -import com.dotcms.cache.KeyValueCache; -import com.dotcms.cache.KeyValueCacheImpl; - -import com.dotcms.vanityurl.cache.VanityUrlCache; -import com.dotcms.vanityurl.cache.VanityUrlCacheImpl; -import com.dotcms.content.elasticsearch.ESQueryCache; -import com.dotcms.content.elasticsearch.business.IndiciesCache; -import com.dotcms.content.elasticsearch.business.IndiciesCacheImpl; -import com.dotcms.contenttype.business.ContentTypeCache2; -import com.dotcms.contenttype.business.ContentTypeCache2Impl; -import com.dotcms.csspreproc.CSSCache; -import com.dotcms.csspreproc.CSSCacheImpl; -import com.dotcms.notifications.business.NewNotificationCache; -import com.dotcms.notifications.business.NewNotificationCacheImpl; -import com.dotcms.publisher.assets.business.PushedAssetsCache; -import com.dotcms.publisher.assets.business.PushedAssetsCacheImpl; -import com.dotcms.publisher.endpoint.business.PublishingEndPointCache; -import com.dotcms.publisher.endpoint.business.PublishingEndPointCacheImpl; -import com.dotcms.rendering.velocity.services.DotResourceCache; -import com.dotcms.rendering.velocity.viewtools.navigation.NavToolCache; -import com.dotcms.rendering.velocity.viewtools.navigation.NavToolCacheImpl; - -import com.dotcms.security.apps.AppsCache; -import com.dotcms.security.apps.AppsCacheImpl; - - -import com.dotmarketing.business.cache.transport.CacheTransport; -import com.dotmarketing.business.portal.PortletCache; -import com.dotmarketing.cache.ContentTypeCache; -import com.dotmarketing.cache.FolderCache; -import com.dotmarketing.cache.FolderCacheImpl; -import com.dotmarketing.cache.LegacyContentTypeCacheImpl; -import com.dotmarketing.cache.MultiTreeCache; -import com.dotmarketing.exception.DotRuntimeException; -import com.dotmarketing.logConsole.model.LogMapperCache; -import com.dotmarketing.logConsole.model.LogMapperCacheImpl; -import com.dotmarketing.plugin.business.PluginCache; -import com.dotmarketing.plugin.business.PluginCacheImpl; -import com.dotmarketing.portlets.categories.business.CategoryCache; -import com.dotmarketing.portlets.categories.business.CategoryCacheImpl; -import com.dotmarketing.portlets.containers.business.ContainerCache; -import com.dotmarketing.portlets.containers.business.ContainerCacheImpl; -import com.dotmarketing.portlets.contentlet.business.ContentletCache; -import com.dotmarketing.portlets.contentlet.business.ContentletCacheImpl; -import com.dotmarketing.portlets.contentlet.business.HostCache; -import com.dotmarketing.portlets.contentlet.business.HostCacheImpl; -import com.dotmarketing.portlets.hostvariable.bussiness.HostVariablesCache; -import com.dotmarketing.portlets.hostvariable.bussiness.HostVariablesCacheImpl; -import com.dotmarketing.portlets.htmlpages.business.HTMLPageCache; -import com.dotmarketing.portlets.htmlpages.business.HTMLPageCacheImpl; -import com.dotmarketing.portlets.languagesmanager.business.LanguageCache; -import com.dotmarketing.portlets.languagesmanager.business.LanguageCacheImpl; -import com.dotmarketing.portlets.links.business.MenuLinkCache; -import com.dotmarketing.portlets.links.business.MenuLinkCacheImpl; -import com.dotmarketing.portlets.rules.business.RulesCache; -import com.dotmarketing.portlets.rules.business.RulesCacheImpl; -import com.dotmarketing.portlets.rules.business.SiteVisitCache; -import com.dotmarketing.portlets.rules.business.SiteVisitCacheImpl; -import com.dotmarketing.portlets.structure.factories.RelationshipCache; -import com.dotmarketing.portlets.structure.factories.RelationshipCacheImpl; -import com.dotmarketing.portlets.templates.business.TemplateCache; -import com.dotmarketing.portlets.templates.business.TemplateCacheImpl; -import com.dotmarketing.portlets.workflows.business.WorkflowCache; -import com.dotmarketing.portlets.workflows.business.WorkflowCacheImpl; -import com.dotmarketing.tag.business.TagCache; -import com.dotmarketing.tag.business.TagCacheImpl; -import com.dotmarketing.tag.business.TagInodeCache; -import com.dotmarketing.tag.business.TagInodeCacheImpl; -import com.dotmarketing.util.Config; -import com.dotmarketing.util.Logger; -import com.dotmarketing.util.WebKeys; - - -/** - * - * @author Carlos Rivas (crivas) - * @author Jason Tesser - * @version 1.6 - * @since 1.6 - * - */ -enum CacheIndex -{ - System("System"), - Permission("Permission"), - CMSRole("CMS Role"), - Role("Role"), - Category("Category"), - Tag("Tag"), - TagInode("TagInode"), - Contentlet("Contentlet"), - LogMapper("LogMapper"), - Relationship("Relationship"), - Plugin("Plugin"), - Language("Language"), - User("User"), - Layout("Layout"), - Userproxy("User Proxy"), - Host("Host"), - HTMLPage("Page"), - Menulink("Menu Link"), - Container("Container"), - Template("Template"), - Identifier("Identifier"), - Versionable("Versionable"), - FolderCache("FolderCache"), - WorkflowCache("Workflow Cache"), - HostVariables("Host Variables"), - Block_Directive("Block Directive"), - Block_Page("Block Page"), - Indicies("Indicies"), - NavTool("Navigation Tool"), - PublishingEndPoint("PublishingEndPoint Cache"), - PushedAssets("PushedAssets Cache"), - CSSCache("Processed CSS Cache"), - RulesCache("Rules Cache"), - SiteVisitCache("Rules Engine - Site Visits"), - NewNotification("NewNotification Cache"), - VanityURLCache("Vanity URL Cache"), - ContentTypeCache("Legacy Content Type Cache"), - ContentTypeCache2("New Content Type Cache"), - Velocity2("Velocity2"), - NavTool2("Navigation Tool2"), - MultiTreeCache("MultiTree Cache"), - ApiTokenCache("ApiTokenCache"), - PortletCache("PortletCache"), - ESQueryCache("ESQueryCache"), - KeyValueCache("Key/Value Cache"), - AppsCache("Apps"); - - Cachable create() { - switch(this) { - case System: return new SystemCache(); - case Permission: return new PermissionCacheImpl(); - case Category: return new CategoryCacheImpl(); - case Tag: return new TagCacheImpl(); - case TagInode: return new TagInodeCacheImpl(); - case Role: return new RoleCacheImpl(); - case Contentlet: return new ContentletCacheImpl(); - case Velocity2 : return new DotResourceCache(); - case Relationship: return new RelationshipCacheImpl(); - case LogMapper: return new LogMapperCacheImpl(); - case Plugin : return new PluginCacheImpl(); - case Language : return new LanguageCacheImpl(); - case User : return new UserCacheImpl(); - case Userproxy : return new UserProxyCacheImpl(); - case Layout : return new LayoutCacheImpl(); - case CMSRole : return new com.dotmarketing.business.RoleCacheImpl(); - case HTMLPage : return new HTMLPageCacheImpl(); - case Menulink : return new MenuLinkCacheImpl(); - case Container : return new ContainerCacheImpl(); - case Template : return new TemplateCacheImpl(); - case Host : return new HostCacheImpl(); - case Identifier : return new IdentifierCacheImpl(); - case HostVariables : return new HostVariablesCacheImpl(); - case Block_Directive : return new BlockDirectiveCacheImpl(); - case Block_Page : return new BlockPageCacheImpl(); - case Versionable : return new VersionableCacheImpl(); - case FolderCache : return new FolderCacheImpl(); - case WorkflowCache : return new WorkflowCacheImpl(); - case Indicies: return new IndiciesCacheImpl(); - case NavTool: return new NavToolCacheImpl(); - case PublishingEndPoint: return new PublishingEndPointCacheImpl(); - case PushedAssets: return new PushedAssetsCacheImpl(); - case CSSCache: return new CSSCacheImpl(); - case NewNotification: return new NewNotificationCacheImpl(); - case RulesCache : return new RulesCacheImpl(); - case SiteVisitCache : return new SiteVisitCacheImpl(); - case ContentTypeCache: return new LegacyContentTypeCacheImpl(); - case ContentTypeCache2: return new ContentTypeCache2Impl(); - case VanityURLCache : return new VanityUrlCacheImpl(); - case KeyValueCache : return new KeyValueCacheImpl(); - case MultiTreeCache : return new MultiTreeCache(); - case ApiTokenCache : return new ApiTokenCache(); - case PortletCache : return new PortletCache(); - case AppsCache: return new AppsCacheImpl(); - case ESQueryCache : return new com.dotcms.content.elasticsearch.ESQueryCache(); - - } - throw new AssertionError("Unknown Cache index: " + this); - } - - private String value; - - CacheIndex (String value) { - this.value = value; - } - - public String toString () { - return value; - } - - public static CacheIndex getCacheIndex (String value) { - CacheIndex[] types = CacheIndex.values(); - for (CacheIndex type : types) { - if (type.value.equals(value)) - return type; - } - return null; - } - -} From 3fa423166953711f5ab236a4d1c247fc53c4f8b5 Mon Sep 17 00:00:00 2001 From: jdotcms Date: Mon, 27 Jul 2020 14:58:46 -0600 Subject: [PATCH 6/9] removed some comments --- src/com/dotcms/plugin/saml/v3/filter/SamlFilter.java | 4 ---- 1 file changed, 4 deletions(-) diff --git a/src/com/dotcms/plugin/saml/v3/filter/SamlFilter.java b/src/com/dotcms/plugin/saml/v3/filter/SamlFilter.java index 493a97a..bee67e8 100644 --- a/src/com/dotcms/plugin/saml/v3/filter/SamlFilter.java +++ b/src/com/dotcms/plugin/saml/v3/filter/SamlFilter.java @@ -303,8 +303,6 @@ public void doRequestLoginSecurityLog(final HttpServletRequest request, final Id final String log = new Date() + ": SAML login request for Site '" + host.getHostname() + "' with IdP ID: " + idpConfig.getId() + " (" + env + ") from " + request.getRemoteAddr(); - // “$TIMEDATE: SAML login request for $host (frontend|backend)from - // $REQUEST_ADDR” SecurityLogger.logInfo(SecurityLogger.class, SamlFilter.class + " - " + log); Logger.debug(this, log); } catch (Exception e) { @@ -321,8 +319,6 @@ protected void doAuthenticationLoginSecurityLog(final HttpServletRequest request "ID: " + idpConfig.getId() + " (" + env + ") from " + request.getRemoteAddr() + " for user: " + user.getEmailAddress(); - // “$TIMEDATE: SAML login success for $host (frontend|backend)from - // $REQUEST_ADDR for user $username” SecurityLogger.logInfo(SecurityLogger.class, SamlFilter.class + " - " + log); Logger.info(this, log); } catch (Exception e) { From 9758b79059e0addb06a251b70f4cc2d4f95fb02a Mon Sep 17 00:00:00 2001 From: jdotcms Date: Mon, 27 Jul 2020 15:10:59 -0600 Subject: [PATCH 7/9] removing smartquotes from the comments --- src/com/dotcms/plugin/saml/v3/util/SamlUtils.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/com/dotcms/plugin/saml/v3/util/SamlUtils.java b/src/com/dotcms/plugin/saml/v3/util/SamlUtils.java index 69c911b..c4bdd56 100644 --- a/src/com/dotcms/plugin/saml/v3/util/SamlUtils.java +++ b/src/com/dotcms/plugin/saml/v3/util/SamlUtils.java @@ -339,10 +339,10 @@ public static NameIDPolicy buildNameIdPolicy(final IdpConfig idpConfig) { // it supports several formats, such as Kerberos, email, Windows Domain // Qualified Name, etc. - // “The transient identifier is a random identifier that does not have + // The transient identifier is a random identifier that does not have // any connection to the user. // A transient identifier will be different for every time the user - // signs in.” + // signs in. nameIDPolicy.setFormat(DotsamlPropertiesService.getOptionString(idpConfig, DotsamlPropertyName.DOTCMS_SAML_NAME_ID_POLICY_FORMAT)); From 739bdc74c9bcd331c323e2624beb893aea95d3bb Mon Sep 17 00:00:00 2001 From: jdotcms Date: Wed, 29 Jul 2020 14:19:56 -0600 Subject: [PATCH 8/9] adding the logic to support http post for authentication --- .../v3/handler/AuthenticationHandler.java | 21 +++++ .../AuthenticationResolverHandlerFactory.java | 44 +++++++++ .../HttpPOSTAuthenticationHandler.java | 93 +++++++++++++++++++ .../HttpRedirectAuthenticationHandler.java | 92 ++++++++++++++++++ .../plugin/saml/v3/key/DotSamlConstants.java | 4 + .../v3/parameters/DotsamlPropertyName.java | 8 +- .../v3/service/DotHTTPPOSTDeflateEncoder.java | 11 +++ .../OpenSamlAuthenticationServiceImpl.java | 28 +++--- .../dotcms/plugin/saml/v3/util/SamlUtils.java | 14 ++- 9 files changed, 297 insertions(+), 18 deletions(-) create mode 100644 src/com/dotcms/plugin/saml/v3/handler/AuthenticationHandler.java create mode 100755 src/com/dotcms/plugin/saml/v3/handler/AuthenticationResolverHandlerFactory.java create mode 100644 src/com/dotcms/plugin/saml/v3/handler/HttpPOSTAuthenticationHandler.java create mode 100644 src/com/dotcms/plugin/saml/v3/handler/HttpRedirectAuthenticationHandler.java create mode 100644 src/com/dotcms/plugin/saml/v3/service/DotHTTPPOSTDeflateEncoder.java diff --git a/src/com/dotcms/plugin/saml/v3/handler/AuthenticationHandler.java b/src/com/dotcms/plugin/saml/v3/handler/AuthenticationHandler.java new file mode 100644 index 0000000..933fe25 --- /dev/null +++ b/src/com/dotcms/plugin/saml/v3/handler/AuthenticationHandler.java @@ -0,0 +1,21 @@ +package com.dotcms.plugin.saml.v3.handler; + +import com.dotcms.plugin.saml.v3.config.IdpConfig; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +/** + * Encapsulates the Authentication Handler, could be POST or Redirect (default) + * @author jsanca + */ +public interface AuthenticationHandler { + + /** + * Handles the authentication method + * @param request + * @param response + * @param idpConfig + */ + void handle (final HttpServletRequest request, final HttpServletResponse response, final IdpConfig idpConfig ); +} diff --git a/src/com/dotcms/plugin/saml/v3/handler/AuthenticationResolverHandlerFactory.java b/src/com/dotcms/plugin/saml/v3/handler/AuthenticationResolverHandlerFactory.java new file mode 100755 index 0000000..a27345c --- /dev/null +++ b/src/com/dotcms/plugin/saml/v3/handler/AuthenticationResolverHandlerFactory.java @@ -0,0 +1,44 @@ +package com.dotcms.plugin.saml.v3.handler; + +import com.dotcms.plugin.saml.v3.config.IdpConfig; +import com.dotcms.plugin.saml.v3.key.DotSamlConstants; +import com.dotcms.plugin.saml.v3.parameters.DotsamlPropertiesService; +import com.dotcms.plugin.saml.v3.parameters.DotsamlPropertyName; +import com.dotmarketing.util.Logger; +import com.dotmarketing.util.UtilMethods; +import com.liferay.util.InstancePool; + +import java.io.Serializable; + +/** + * A factory for the {@link AuthenticationHandler} + * + * @author jsanca + */ +// migrated +public class AuthenticationResolverHandlerFactory implements Serializable { + private static final long serialVersionUID = 2434118681822205248L; + + /** + * Get the resolver assertion depending on the site. + * + * @param idpConfig + * {@link IdpConfig} + * @return + */ + public AuthenticationHandler getAuthenticationHandlerForSite(final IdpConfig idpConfig) { + + final String authenticationProtocolBinding = DotsamlPropertiesService.getOptionString(idpConfig, DotsamlPropertyName.DOTCMS_SAML_AUTHN_PROTOCOL_BINDING, + DotSamlConstants.DOTCMS_SAML_AUTHN_PROTOCOL_BINDING_REDIRECT); + + switch (authenticationProtocolBinding) { + + case DotSamlConstants.DOTCMS_SAML_AUTHN_PROTOCOL_BINDING_REDIRECT: + return new HttpRedirectAuthenticationHandler(); + case DotSamlConstants.DOTCMS_SAML_AUTHN_PROTOCOL_BINDING_POST: + return new HttpPOSTAuthenticationHandler(); + } + + return new HttpRedirectAuthenticationHandler(); + } +} diff --git a/src/com/dotcms/plugin/saml/v3/handler/HttpPOSTAuthenticationHandler.java b/src/com/dotcms/plugin/saml/v3/handler/HttpPOSTAuthenticationHandler.java new file mode 100644 index 0000000..75f64ef --- /dev/null +++ b/src/com/dotcms/plugin/saml/v3/handler/HttpPOSTAuthenticationHandler.java @@ -0,0 +1,93 @@ +package com.dotcms.plugin.saml.v3.handler; + +import com.dotcms.plugin.saml.v3.config.IdpConfig; +import com.dotcms.plugin.saml.v3.exception.DotSamlException; +import com.dotcms.plugin.saml.v3.parameters.DotsamlPropertiesService; +import com.dotcms.plugin.saml.v3.parameters.DotsamlPropertyName; +import com.dotcms.plugin.saml.v3.service.DotHTTPPOSTDeflateEncoder; +import com.dotcms.plugin.saml.v3.service.DotHTTPRedirectDeflateEncoder; +import com.dotmarketing.util.Logger; +import net.shibboleth.utilities.java.support.component.ComponentInitializationException; +import org.opensaml.core.xml.XMLObject; +import org.opensaml.messaging.context.MessageContext; +import org.opensaml.messaging.encoder.MessageEncodingException; +import org.opensaml.saml.common.messaging.context.SAMLEndpointContext; +import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext; +import org.opensaml.saml.common.xml.SAMLConstants; +import org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder; +import org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder; +import org.opensaml.saml.saml2.core.AuthnRequest; +import org.opensaml.xmlsec.SignatureSigningParameters; +import org.opensaml.xmlsec.context.SecurityParametersContext; +import org.opensaml.xmlsec.signature.support.SignatureConstants; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import static com.dotcms.plugin.saml.v3.util.SamlUtils.buildAuthnRequest; +import static com.dotcms.plugin.saml.v3.util.SamlUtils.getCredential; +import static com.dotcms.plugin.saml.v3.util.SamlUtils.getIdentityProviderDestinationEndpoint; +import static com.dotcms.plugin.saml.v3.util.SamlUtils.toXMLObjectString; + +/** + * Implements the authentication handler by POST + * @author jsanca + */ +public class HttpPOSTAuthenticationHandler implements AuthenticationHandler { + @Override + public void handle(final HttpServletRequest request, final HttpServletResponse response, final IdpConfig idpConfig) { + + final MessageContext context = new MessageContext(); // main context + final AuthnRequest authnRequest = buildAuthnRequest(request, idpConfig, SAMLConstants.SAML2_POST_BINDING_URI); + + context.setMessage(authnRequest); + + // peer entity (Idp to SP and viceversa) + final SAMLPeerEntityContext peerEntityContext = context.getSubcontext(SAMLPeerEntityContext.class, true); + // info about the endpoint of the peer entity + final SAMLEndpointContext endpointContext = peerEntityContext.getSubcontext(SAMLEndpointContext.class, true); + + endpointContext.setEndpoint(getIdentityProviderDestinationEndpoint(idpConfig)); + + this.setSignatureSigningParams(context, idpConfig); + this.doPost(context, response, authnRequest, idpConfig); + } + + private void setSignatureSigningParams(final MessageContext context, final IdpConfig idpConfig) { + final SignatureSigningParameters signatureSigningParameters = new SignatureSigningParameters(); + + signatureSigningParameters.setSigningCredential(getCredential(idpConfig)); + signatureSigningParameters.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); + + context.getSubcontext(SecurityParametersContext.class, true) + .setSignatureSigningParameters(signatureSigningParameters); + } + + // this makes the post to the IdP + @SuppressWarnings({ "rawtypes", "unchecked" }) + private void doPost(final MessageContext context, final HttpServletResponse response, + final XMLObject xmlObject, final IdpConfig idpConfig) { + final HTTPPostEncoder encoder; + + try { + encoder = new DotHTTPPOSTDeflateEncoder(); + + encoder.setMessageContext(context); + encoder.setHttpServletResponse(response); + + encoder.initialize(); + + Logger.debug(this, "Printing XMLObject:"); + Logger.debug(this, "\n\n" + toXMLObjectString(xmlObject)); + Logger.debug(this, "Redirecting to IdP '" + idpConfig.getIdpName() + "'"); + + encoder.encode(); + } catch (ComponentInitializationException | MessageEncodingException e) { + final String errorMsg = "An error occurred when executing redirect to IdP '" + idpConfig.getIdpName() + + "': " + e.getMessage(); + Logger.error(this, errorMsg, e); + throw new DotSamlException(errorMsg, e); + } + + } +} diff --git a/src/com/dotcms/plugin/saml/v3/handler/HttpRedirectAuthenticationHandler.java b/src/com/dotcms/plugin/saml/v3/handler/HttpRedirectAuthenticationHandler.java new file mode 100644 index 0000000..af1a80f --- /dev/null +++ b/src/com/dotcms/plugin/saml/v3/handler/HttpRedirectAuthenticationHandler.java @@ -0,0 +1,92 @@ +package com.dotcms.plugin.saml.v3.handler; + +import com.dotcms.plugin.saml.v3.config.IdpConfig; +import com.dotcms.plugin.saml.v3.exception.DotSamlException; +import com.dotcms.plugin.saml.v3.parameters.DotsamlPropertiesService; +import com.dotcms.plugin.saml.v3.parameters.DotsamlPropertyName; +import com.dotcms.plugin.saml.v3.service.DotHTTPRedirectDeflateEncoder; +import com.dotmarketing.util.Logger; +import net.shibboleth.utilities.java.support.component.ComponentInitializationException; +import org.opensaml.core.xml.XMLObject; +import org.opensaml.messaging.context.MessageContext; +import org.opensaml.messaging.encoder.MessageEncodingException; +import org.opensaml.saml.common.messaging.context.SAMLEndpointContext; +import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext; +import org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder; +import org.opensaml.saml.saml2.core.AuthnRequest; +import org.opensaml.xmlsec.SignatureSigningParameters; +import org.opensaml.xmlsec.context.SecurityParametersContext; +import org.opensaml.xmlsec.signature.support.SignatureConstants; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import static com.dotcms.plugin.saml.v3.util.SamlUtils.buildAuthnRequest; +import static com.dotcms.plugin.saml.v3.util.SamlUtils.getCredential; +import static com.dotcms.plugin.saml.v3.util.SamlUtils.getIdentityProviderDestinationEndpoint; +import static com.dotcms.plugin.saml.v3.util.SamlUtils.toXMLObjectString; + +/** + * Implements the authentication handler by redirect + * @author jsanca + */ +public class HttpRedirectAuthenticationHandler implements AuthenticationHandler { + @Override + public void handle(final HttpServletRequest request, final HttpServletResponse response, final IdpConfig idpConfig) { + + final MessageContext context = new MessageContext(); // main context + final AuthnRequest authnRequest = buildAuthnRequest(request, idpConfig); + + context.setMessage(authnRequest); + + // peer entity (Idp to SP and viceversa) + final SAMLPeerEntityContext peerEntityContext = context.getSubcontext(SAMLPeerEntityContext.class, true); + // info about the endpoint of the peer entity + final SAMLEndpointContext endpointContext = peerEntityContext.getSubcontext(SAMLEndpointContext.class, true); + + endpointContext.setEndpoint(getIdentityProviderDestinationEndpoint(idpConfig)); + + this.setSignatureSigningParams(context, idpConfig); + this.doRedirect(context, response, authnRequest, idpConfig); + } + + private void setSignatureSigningParams(final MessageContext context, final IdpConfig idpConfig) { + final SignatureSigningParameters signatureSigningParameters = new SignatureSigningParameters(); + + signatureSigningParameters.setSigningCredential(getCredential(idpConfig)); + signatureSigningParameters.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); + + context.getSubcontext(SecurityParametersContext.class, true) + .setSignatureSigningParameters(signatureSigningParameters); + } + + // this makes the redirect to the IdP + @SuppressWarnings({ "rawtypes", "unchecked" }) + private void doRedirect(final MessageContext context, final HttpServletResponse response, + final XMLObject xmlObject, final IdpConfig idpConfig) { + final HTTPRedirectDeflateEncoder encoder; + + final boolean clearQueryParams = DotsamlPropertiesService.getOptionBoolean(idpConfig, DotsamlPropertyName.DOTCMS_SAML_CLEAR_LOCATION_QUERY_PARAMS); + + try { + encoder = new DotHTTPRedirectDeflateEncoder(clearQueryParams); + + encoder.setMessageContext(context); + encoder.setHttpServletResponse(response); + + encoder.initialize(); + + Logger.debug(this, "Printing XMLObject:"); + Logger.debug(this, "\n\n" + toXMLObjectString(xmlObject)); + Logger.debug(this, "Redirecting to IdP '" + idpConfig.getIdpName() + "'"); + + encoder.encode(); + } catch (ComponentInitializationException | MessageEncodingException e) { + final String errorMsg = "An error occurred when executing redirect to IdP '" + idpConfig.getIdpName() + + "': " + e.getMessage(); + Logger.error(this, errorMsg, e); + throw new DotSamlException(errorMsg, e); + } + + } +} diff --git a/src/com/dotcms/plugin/saml/v3/key/DotSamlConstants.java b/src/com/dotcms/plugin/saml/v3/key/DotSamlConstants.java index 0e9699a..0a5fc4b 100644 --- a/src/com/dotcms/plugin/saml/v3/key/DotSamlConstants.java +++ b/src/com/dotcms/plugin/saml/v3/key/DotSamlConstants.java @@ -81,5 +81,9 @@ public class DotSamlConstants { * Default SAML User role */ public static final String DOTCMS_SAML_USER_ROLE = "SAML User"; + + // defines the method to do the authentication, redirect by default + public static final String DOTCMS_SAML_AUTHN_PROTOCOL_BINDING_REDIRECT = "Http-Redirect"; + public static final String DOTCMS_SAML_AUTHN_PROTOCOL_BINDING_POST = "Http-POST"; } diff --git a/src/com/dotcms/plugin/saml/v3/parameters/DotsamlPropertyName.java b/src/com/dotcms/plugin/saml/v3/parameters/DotsamlPropertyName.java index 52e8c62..c2cc4b2 100644 --- a/src/com/dotcms/plugin/saml/v3/parameters/DotsamlPropertyName.java +++ b/src/com/dotcms/plugin/saml/v3/parameters/DotsamlPropertyName.java @@ -162,7 +162,13 @@ public enum DotsamlPropertyName { * authentication. */ DOTCMS_SAML_FORCE_AUTHN("force.authn"), - + + /** + * By default the authentication uses the Http-Redirect but you can set to Http-POST if needed + * + */ + DOTCMS_SAML_AUTHN_PROTOCOL_BINDING("authn.protocol.binding"), + /** * In case you need a custom credentials for the ID Provider (DotCMS) * overrides the implementation class on the configuration properties. diff --git a/src/com/dotcms/plugin/saml/v3/service/DotHTTPPOSTDeflateEncoder.java b/src/com/dotcms/plugin/saml/v3/service/DotHTTPPOSTDeflateEncoder.java new file mode 100644 index 0000000..5dd8636 --- /dev/null +++ b/src/com/dotcms/plugin/saml/v3/service/DotHTTPPOSTDeflateEncoder.java @@ -0,0 +1,11 @@ +package com.dotcms.plugin.saml.v3.service; + +import org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder; + +// migrated +public class DotHTTPPOSTDeflateEncoder extends HTTPPostEncoder { + + + public DotHTTPPOSTDeflateEncoder() { + } +} diff --git a/src/com/dotcms/plugin/saml/v3/service/OpenSamlAuthenticationServiceImpl.java b/src/com/dotcms/plugin/saml/v3/service/OpenSamlAuthenticationServiceImpl.java index 45f9652..ebd350e 100644 --- a/src/com/dotcms/plugin/saml/v3/service/OpenSamlAuthenticationServiceImpl.java +++ b/src/com/dotcms/plugin/saml/v3/service/OpenSamlAuthenticationServiceImpl.java @@ -9,6 +9,8 @@ import com.dotcms.plugin.saml.v3.exception.SamlUnauthorizedException; import com.dotcms.plugin.saml.v3.handler.AssertionResolverHandler; import com.dotcms.plugin.saml.v3.handler.AssertionResolverHandlerFactory; +import com.dotcms.plugin.saml.v3.handler.AuthenticationHandler; +import com.dotcms.plugin.saml.v3.handler.AuthenticationResolverHandlerFactory; import com.dotcms.plugin.saml.v3.key.DotSamlConstants; import com.dotcms.plugin.saml.v3.parameters.DotsamlPropertiesService; import com.dotcms.plugin.saml.v3.parameters.DotsamlPropertyName; @@ -90,17 +92,22 @@ public class OpenSamlAuthenticationServiceImpl implements SamlAuthenticationServ protected final UserAPI userAPI; protected final RoleAPI roleAPI; protected final AssertionResolverHandlerFactory assertionResolverHandlerFactory; + protected final AuthenticationResolverHandlerFactory authenticationResolverHandlerFactory; public OpenSamlAuthenticationServiceImpl() { - this(APILocator.getUserAPI(), APILocator.getRoleAPI(), new AssertionResolverHandlerFactory()); + this(APILocator.getUserAPI(), APILocator.getRoleAPI(), + new AssertionResolverHandlerFactory(), new AuthenticationResolverHandlerFactory()); } @VisibleForTesting protected OpenSamlAuthenticationServiceImpl(final UserAPI userAPI, final RoleAPI roleAPI, - final AssertionResolverHandlerFactory assertionResolverHandlerFactory) { + final AssertionResolverHandlerFactory assertionResolverHandlerFactory, + final AuthenticationResolverHandlerFactory authenticationResolverHandlerFactory) { + this.userAPI = userAPI; this.roleAPI = roleAPI; - this.assertionResolverHandlerFactory = assertionResolverHandlerFactory; + this.assertionResolverHandlerFactory = assertionResolverHandlerFactory; + this.authenticationResolverHandlerFactory = authenticationResolverHandlerFactory; } private void addRole(final User user, final String roleKey, final boolean createRole, final boolean isSystem) @@ -233,20 +240,11 @@ private boolean anyAttributeNullOrBlank(final AttributesBean originalAttributes) public void authentication(final HttpServletRequest request, final HttpServletResponse response) throws DotDataException, IOException, JSONException { final IdpConfig idpConfig = SiteIdpConfigResolver.getInstance().resolveIdpConfig(request); - final MessageContext context = new MessageContext(); // main context - final AuthnRequest authnRequest = buildAuthnRequest(request, idpConfig); - context.setMessage(authnRequest); + final AuthenticationHandler authenticationHandler = + this.authenticationResolverHandlerFactory.getAuthenticationHandlerForSite(idpConfig); - // peer entity (Idp to SP and viceversa) - final SAMLPeerEntityContext peerEntityContext = context.getSubcontext(SAMLPeerEntityContext.class, true); - // info about the endpoint of the peer entity - final SAMLEndpointContext endpointContext = peerEntityContext.getSubcontext(SAMLEndpointContext.class, true); - - endpointContext.setEndpoint(getIdentityProviderDestinationEndpoint(idpConfig)); - - this.setSignatureSigningParams(context, idpConfig); - this.doRedirect(context, response, authnRequest, idpConfig); + authenticationHandler.handle(request, response, idpConfig); } /** diff --git a/src/com/dotcms/plugin/saml/v3/util/SamlUtils.java b/src/com/dotcms/plugin/saml/v3/util/SamlUtils.java index c4bdd56..554e882 100644 --- a/src/com/dotcms/plugin/saml/v3/util/SamlUtils.java +++ b/src/com/dotcms/plugin/saml/v3/util/SamlUtils.java @@ -203,6 +203,17 @@ public static String getSessionIndex(final Assertion assertion) { * @return AuthnRequest */ public static AuthnRequest buildAuthnRequest(final HttpServletRequest request, final IdpConfig idpConfig) { + + return buildAuthnRequest(request, idpConfig, + DotsamlPropertiesService.getOptionString(idpConfig, DotsamlPropertyName.DOTCMS_SAML_PROTOCOL_BINDING)); + } + + /** + * Build an authentication request. + * + * @return AuthnRequest + */ + public static AuthnRequest buildAuthnRequest(final HttpServletRequest request, final IdpConfig idpConfig, final String protocolBinding) { final String ipDSSODestination = getIPDSSODestination(idpConfig); final AuthnRequest authnRequest = buildSAMLObject(AuthnRequest.class); @@ -222,8 +233,7 @@ public static AuthnRequest buildAuthnRequest(final HttpServletRequest request, f // Get the protocol from the user, or use a default one: // SAMLConstants.SAML2_ARTIFACT_BINDING_URI - authnRequest.setProtocolBinding( - DotsamlPropertiesService.getOptionString(idpConfig, DotsamlPropertyName.DOTCMS_SAML_PROTOCOL_BINDING)); + authnRequest.setProtocolBinding(protocolBinding); // this is the address that receives the SAML Assertion, after a // successful authentication on the IdP. From d4060a88e5f87c28289fdadb0953ae466ec840b4 Mon Sep 17 00:00:00 2001 From: jdotcms Date: Wed, 29 Jul 2020 16:30:39 -0600 Subject: [PATCH 9/9] Added the support for http post --- .../templates/add-html-body-content.vm | 2 + .../templates/add-html-head-content.vm | 2 + .../velocity/templates/saml1-post-binding.vm | 43 +++++++++++++++ .../templates/saml2-post-artifact-binding.vm | 40 ++++++++++++++ .../velocity/templates/saml2-post-binding.vm | 42 +++++++++++++++ .../saml2-post-simplesign-binding.vm | 52 +++++++++++++++++++ .../v3/service/DotHTTPPOSTDeflateEncoder.java | 3 ++ 7 files changed, 184 insertions(+) create mode 100644 ROOT/dotserver/tomcat-8.5.32/webapps/ROOT/WEB-INF/velocity/templates/add-html-body-content.vm create mode 100644 ROOT/dotserver/tomcat-8.5.32/webapps/ROOT/WEB-INF/velocity/templates/add-html-head-content.vm create mode 100644 ROOT/dotserver/tomcat-8.5.32/webapps/ROOT/WEB-INF/velocity/templates/saml1-post-binding.vm create mode 100644 ROOT/dotserver/tomcat-8.5.32/webapps/ROOT/WEB-INF/velocity/templates/saml2-post-artifact-binding.vm create mode 100644 ROOT/dotserver/tomcat-8.5.32/webapps/ROOT/WEB-INF/velocity/templates/saml2-post-binding.vm create mode 100644 ROOT/dotserver/tomcat-8.5.32/webapps/ROOT/WEB-INF/velocity/templates/saml2-post-simplesign-binding.vm diff --git a/ROOT/dotserver/tomcat-8.5.32/webapps/ROOT/WEB-INF/velocity/templates/add-html-body-content.vm b/ROOT/dotserver/tomcat-8.5.32/webapps/ROOT/WEB-INF/velocity/templates/add-html-body-content.vm new file mode 100644 index 0000000..bcb4b5a --- /dev/null +++ b/ROOT/dotserver/tomcat-8.5.32/webapps/ROOT/WEB-INF/velocity/templates/add-html-body-content.vm @@ -0,0 +1,2 @@ +## Stub file that one can replace with Velocity template (and thus HTML) content +## to be placed into the BODY section of the response \ No newline at end of file diff --git a/ROOT/dotserver/tomcat-8.5.32/webapps/ROOT/WEB-INF/velocity/templates/add-html-head-content.vm b/ROOT/dotserver/tomcat-8.5.32/webapps/ROOT/WEB-INF/velocity/templates/add-html-head-content.vm new file mode 100644 index 0000000..08aaeaa --- /dev/null +++ b/ROOT/dotserver/tomcat-8.5.32/webapps/ROOT/WEB-INF/velocity/templates/add-html-head-content.vm @@ -0,0 +1,2 @@ +## Stub file that one can replace with Velocity template (and thus HTML) content +## to be placed into the HEAD section of the response \ No newline at end of file diff --git a/ROOT/dotserver/tomcat-8.5.32/webapps/ROOT/WEB-INF/velocity/templates/saml1-post-binding.vm b/ROOT/dotserver/tomcat-8.5.32/webapps/ROOT/WEB-INF/velocity/templates/saml1-post-binding.vm new file mode 100644 index 0000000..f4807d3 --- /dev/null +++ b/ROOT/dotserver/tomcat-8.5.32/webapps/ROOT/WEB-INF/velocity/templates/saml1-post-binding.vm @@ -0,0 +1,43 @@ +## +## Velocity Template for SAML 1 HTTP-POST binding +## +## Velocity context may contain the following properties +## action - String - the action URL for the form +## binding - String - the SAML binding type in use +## TARGET - String - the relay state for the message +## SAMLResponse - String - the Base64 encoded SAML Response +## + + + + + + #parse ( "/templates/add-html-head-content.vm" ) + + + + + +
+
+ #if($SAMLResponse)#end + + #if($TARGET)#end + +
+ +
+ + #parse ( "/templates/add-html-body-content.vm" ) + + + \ No newline at end of file diff --git a/ROOT/dotserver/tomcat-8.5.32/webapps/ROOT/WEB-INF/velocity/templates/saml2-post-artifact-binding.vm b/ROOT/dotserver/tomcat-8.5.32/webapps/ROOT/WEB-INF/velocity/templates/saml2-post-artifact-binding.vm new file mode 100644 index 0000000..25a91eb --- /dev/null +++ b/ROOT/dotserver/tomcat-8.5.32/webapps/ROOT/WEB-INF/velocity/templates/saml2-post-artifact-binding.vm @@ -0,0 +1,40 @@ +## +## Velocity Template for SAML 2 HTTP-POST binding +## +## Velocity context may contain the following properties +## action - String - the action URL for the form +## binding - String - the SAML binding type in use +## RelayState - String - the relay state for the message +## SAMLArt - String - SAML 2 artifact +## + + + + + #parse ( "/templates/add-html-head-content.vm" ) + + + + +
+
+ #if($RelayState) + + #end + + +
+ +
+ #parse ( "/templates/add-html-body-content.vm" ) + + \ No newline at end of file diff --git a/ROOT/dotserver/tomcat-8.5.32/webapps/ROOT/WEB-INF/velocity/templates/saml2-post-binding.vm b/ROOT/dotserver/tomcat-8.5.32/webapps/ROOT/WEB-INF/velocity/templates/saml2-post-binding.vm new file mode 100644 index 0000000..c0473e0 --- /dev/null +++ b/ROOT/dotserver/tomcat-8.5.32/webapps/ROOT/WEB-INF/velocity/templates/saml2-post-binding.vm @@ -0,0 +1,42 @@ +## +## Velocity Template for SAML 2 HTTP-POST binding +## +## Velocity context may contain the following properties +## action - String - the action URL for the form +## binding - String - the SAML binding type in use +## RelayState - String - the relay state for the message +## SAMLRequest - String - the Base64 encoded SAML Request +## SAMLResponse - String - the Base64 encoded SAML Response +## + + + + + #parse ( "/templates/add-html-head-content.vm" ) + + + + +
+
+ #if($RelayState)#end + + #if($SAMLRequest)#end + + #if($SAMLResponse)#end + +
+ +
+ #parse ( "/templates/add-html-body-content.vm" ) + + \ No newline at end of file diff --git a/ROOT/dotserver/tomcat-8.5.32/webapps/ROOT/WEB-INF/velocity/templates/saml2-post-simplesign-binding.vm b/ROOT/dotserver/tomcat-8.5.32/webapps/ROOT/WEB-INF/velocity/templates/saml2-post-simplesign-binding.vm new file mode 100644 index 0000000..0c7b7df --- /dev/null +++ b/ROOT/dotserver/tomcat-8.5.32/webapps/ROOT/WEB-INF/velocity/templates/saml2-post-simplesign-binding.vm @@ -0,0 +1,52 @@ +## +## Velocity Template for SAML 2 HTTP-POST-SimpleSign binding +## +## Velocity context may contain the following properties +## action - String - the action URL for the form +## binding - String - the SAML binding type in use +## RelayState - String - the relay state for the message +## SAMLRequest - String - the Base64 encoded SAML Request +## SAMLResponse - String - the Base64 encoded SAML Response +## Signature - String - the Base64 encoded simple signature +## SigAlg - String - the signature algorithm URI +## KeyInfo - String - the Base64 encoded ds:KeyInfo (optional) +## + + + + + #parse ( "/templates/add-html-head-content.vm" ) + + + + +
+
+ #if($RelayState)#end + + #if($SAMLRequest)#end + + #if($SAMLResponse)#end + + #if($Signature)#end + + #if($SigAlg)#end + + #if($KeyInfo)#end + +
+ +
+ #parse ( "/templates/add-html-body-content.vm" ) + + + \ No newline at end of file diff --git a/src/com/dotcms/plugin/saml/v3/service/DotHTTPPOSTDeflateEncoder.java b/src/com/dotcms/plugin/saml/v3/service/DotHTTPPOSTDeflateEncoder.java index 5dd8636..ac94d23 100644 --- a/src/com/dotcms/plugin/saml/v3/service/DotHTTPPOSTDeflateEncoder.java +++ b/src/com/dotcms/plugin/saml/v3/service/DotHTTPPOSTDeflateEncoder.java @@ -1,5 +1,6 @@ package com.dotcms.plugin.saml.v3.service; +import com.dotmarketing.util.VelocityUtil; import org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder; // migrated @@ -7,5 +8,7 @@ public class DotHTTPPOSTDeflateEncoder extends HTTPPostEncoder { public DotHTTPPOSTDeflateEncoder() { + this.setVelocityTemplateId("/templates/saml2-post-binding.vm"); + this.setVelocityEngine(VelocityUtil.getEngine()); } }