Merge branch 'feature/alias-handler-for-scim-users' into feature/alia…

…s-id-and-alias-zid-for-users

dependencies.gradle

@@ -10,7 +10,7 @@ versions.bouncyCastleVersion = "1.0.2.4"
 versions.hamcrestVersion = "2.2"
 versions.springBootVersion = "2.7.18"
 versions.springFrameworkVersion = "5.3.34"
-versions.springSecurityVersion = "5.8.11"
+versions.springSecurityVersion = "5.8.12"
 versions.springSecurityOAuthVersion = "2.5.2.RELEASE"
 versions.springSecuritySamlVersion = "1.0.10.RELEASE"
 versions.tomcatCargoVersion = "9.0.87"
@@ -131,7 +131,6 @@ libraries.xmlSecurity = "org.apache.santuario:xmlsec:4.0.2"
 libraries.orgJson = "org.json:json:20240303"
 libraries.owaspEsapi = "org.owasp.esapi:esapi:2.5.3.1"
 libraries.jodaTime = "joda-time:joda-time:2.12.7"
-libraries.commonsHttpClient = "commons-httpclient:commons-httpclient:3.1"
 libraries.apacheHttpClient = "org.apache.httpcomponents:httpclient:4.5.14"
 
 // gradle plugins

server/build.gradle

@@ -30,7 +30,6 @@ dependencies {
         exclude(module: "xalan")
     }
     implementation(libraries.jodaTime)
-    implementation(libraries.commonsHttpClient)
     implementation(libraries.xmlSecurity)
     implementation(libraries.springSessionJdbc)
 

server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/ExternalOAuthAuthenticationFilter.java

@@ -1,6 +1,6 @@
 package org.cloudfoundry.identity.uaa.provider.oauth;
 
-import org.apache.commons.httpclient.util.URIUtil;
+import org.apache.commons.io.FilenameUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails;
 import org.cloudfoundry.identity.uaa.login.AccountSavingAuthenticationSuccessHandler;
@@ -92,7 +92,7 @@ private boolean containsCredentials(final HttpServletRequest request) {
   private boolean authenticationWasSuccessful(
       final HttpServletRequest request,
       final HttpServletResponse response) throws IOException {
-    final String origin = URIUtil.getName(String.valueOf(request.getRequestURL()));
+    final String origin = FilenameUtils.getName(request.getRequestURI());
     final String code = request.getParameter("code");
     final String idToken = request.getParameter("id_token");
     final String accessToken = request.getParameter("access_token");

server/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneResolvingFilter.java

@@ -12,6 +12,7 @@
  *******************************************************************************/
 package org.cloudfoundry.identity.uaa.zone;
 
+import org.cloudfoundry.identity.uaa.util.UaaUrlUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.InitializingBean;
@@ -36,6 +37,7 @@
 public class IdentityZoneResolvingFilter extends OncePerRequestFilter implements InitializingBean {
 
     private final IdentityZoneProvisioning dao;
+    private final Set<String> staticResources = Set.of("/resources/", "/vendor/font-awesome/");
     private Set<String> defaultZoneHostnames = new HashSet<>();
     private Logger logger = LoggerFactory.getLogger(getClass());
 
@@ -63,7 +65,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
         }
         if (identityZone == null) {
             // skip filter to static resources in order to serve images and css in case of invalid zones
-            boolean isStaticResource = request.getRequestURI().startsWith("/uaa/resources/");
+            boolean isStaticResource = staticResources.stream().anyMatch(UaaUrlUtils.getRequestPath(request)::startsWith);
             if(isStaticResource) {
                 filterChain.doFilter(request, response);
                 return;

server/src/test/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneResolvingFilterTests.java

@@ -89,13 +89,26 @@ void doNotThrowException_InCase_RetrievingZoneFails() throws Exception {
     }
 
     @Test
-    public void serveStaticContent_InCase_RetrievingZoneFails() throws Exception {
+    void serveStaticContent_InCase_RetrievingZoneFails_local() throws Exception {
+        checkStaticContent("/uaa", "/resources/css/application.css");
+        checkStaticContent("/uaa", "/vendor/font-awesome/css/font-awesome.min.css");
+    }
+
+    @Test
+    void serveStaticContent_InCase_RetrievingZoneFails() throws Exception {
+        checkStaticContent(null, "/resources/css/application.css");
+        checkStaticContent(null, "/vendor/font-awesome/css/font-awesome.min.css");
+    }
+
+    private void checkStaticContent(String context, String path) throws Exception {
         MockHttpServletRequest request = new MockHttpServletRequest();
         String incomingSubdomain = "not_a_zone";
         String uaaHostname = "uaa.mycf.com";
         String incomingHostname = incomingSubdomain+"."+uaaHostname;
         request.setServerName(incomingHostname);
-        request.setRequestURI("/uaa/resources/css/application.css");
+        request.setRequestURI(context + path);
+        request.setContextPath(context);
+        request.setServletPath(path);
         MockHttpServletResponse response = new MockHttpServletResponse();
 
         MockFilterChain filterChain = new MockFilterChain() {

uaa/build.gradle

@@ -86,7 +86,9 @@ dependencies {
     testImplementation(libraries.springSessionJdbc)
     testImplementation(libraries.springTest)
     testImplementation(libraries.springSecurityLdap)
-    testImplementation(libraries.springSecuritySaml)
+    testImplementation(libraries.springSecuritySaml) {
+        exclude(module: "commons-httpclient")
+    }
     testImplementation(libraries.springSecurityTest)
     testImplementation(libraries.springBootStarterMail)
     testImplementation(libraries.mockito)
@@ -95,7 +97,6 @@ dependencies {
     testImplementation(libraries.greenmail)
     testImplementation(libraries.jodaTime)
     testImplementation(libraries.commonsIo)
-    testImplementation(libraries.commonsHttpClient)
     testImplementation(libraries.owaspEsapi)
     testImplementation(libraries.apacheHttpClient)
 }

uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenMvcMockTests.java

@@ -3,6 +3,7 @@
 import java.net.URI;
 import java.net.URL;
 import java.net.URLDecoder;
+import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
 import java.sql.Timestamp;
 import java.util.ArrayList;
@@ -22,7 +23,6 @@
 import java.util.TreeSet;
 import javax.servlet.http.HttpSession;
 
-import org.cloudfoundry.identity.uaa.client.UaaClientDetails;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
 import org.springframework.jdbc.core.JdbcTemplate;
@@ -38,7 +38,6 @@
 import org.springframework.security.oauth2.common.util.OAuth2Utils;
 import org.springframework.security.oauth2.provider.AuthorizationRequest;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
-import org.cloudfoundry.identity.uaa.client.UaaClientDetails;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 import org.springframework.security.web.savedrequest.SavedRequest;
 import org.springframework.test.context.TestPropertySource;
@@ -55,12 +54,12 @@
 
 import com.fasterxml.jackson.core.type.TypeReference;
 import org.apache.commons.collections4.map.HashedMap;
-import org.apache.commons.httpclient.util.URIUtil;
 import org.cloudfoundry.identity.uaa.DefaultTestContext;
 import org.cloudfoundry.identity.uaa.account.UserInfoResponse;
 import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication;
 import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails;
 import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
+import org.cloudfoundry.identity.uaa.client.UaaClientDetails;
 import org.cloudfoundry.identity.uaa.constants.OriginKeys;
 import org.cloudfoundry.identity.uaa.login.util.RandomValueStringGenerator;
 import org.cloudfoundry.identity.uaa.mock.util.OAuthToken;
@@ -1542,7 +1541,7 @@ void invalidScopeErrorMessageIsNotShowingAllClientScopes() throws Exception {
 
         UriComponents locationComponents = UriComponentsBuilder.fromUri(URI.create(mvcResult.getResponse().getHeader("Location"))).build();
         MultiValueMap<String, String> queryParams = locationComponents.getQueryParams();
-        String errorMessage = URIUtil.encodeQuery("scim.write is invalid. Please use a valid scope name in the request");
+        String errorMessage = UriUtils.encodeQuery("scim.write is invalid. Please use a valid scope name in the request", Charset.defaultCharset());
         assertFalse(queryParams.containsKey("scope"));
         assertEquals(errorMessage, queryParams.getFirst("error_description"));
     }
@@ -1571,7 +1570,7 @@ void invalidScopeErrorMessageIsNotShowingAllUserScopes() throws Exception {
 
         UriComponents locationComponents = UriComponentsBuilder.fromUri(URI.create(mvcResult.getResponse().getHeader("Location"))).build();
         MultiValueMap<String, String> queryParams = locationComponents.getQueryParams();
-        String errorMessage = URIUtil.encodeQuery("[something.else] is invalid. This user is not allowed any of the requested scopes");
+        String errorMessage = UriUtils.encodeQuery("[something.else] is invalid. This user is not allowed any of the requested scopes", Charset.defaultCharset());
         assertFalse(queryParams.containsKey("scope"));
         assertEquals(errorMessage, queryParams.getFirst("error_description"));
     }