Merge branch 'develop' into new-saml-lib-186822654

dependencies.gradle

@@ -9,14 +9,14 @@ versions.apacheDsVersion = "2.0.0.AM27"
 versions.bouncyCastleVersion = "1.0.2.4"
 versions.hamcrestVersion = "2.2"
 versions.springBootVersion = "2.7.18"
-versions.springFrameworkVersion = "5.3.33"
-versions.springSecurityVersion = "5.8.11"
+versions.springFrameworkVersion = "5.3.34"
+versions.springSecurityVersion = "5.8.12"
 versions.springSecurityOAuthVersion = "2.5.2.RELEASE"
 versions.springSecuritySamlVersion = "1.0.10.RELEASE"
 versions.tomcatCargoVersion = "9.0.87"
 versions.guavaVersion = "33.1.0-jre"
 versions.seleniumVersion = "4.18.1"
-versions.braveVersion = "6.0.2"
+versions.braveVersion = "6.0.3"
 versions.jacksonVersion = "2.17.0"
 versions.jsonPathVersion = "2.9.0"
 
@@ -48,7 +48,7 @@ libraries.bouncyCastlePkix = "org.bouncycastle:bcpkix-fips:1.0.7"
 libraries.bouncyCastleProv = "org.bouncycastle:bc-fips:${versions.bouncyCastleVersion}"
 libraries.braveInstrumentationSpringWebmvc = "io.zipkin.brave:brave-instrumentation-spring-webmvc:${versions.braveVersion}"
 libraries.braveContextSlf4j = "io.zipkin.brave:brave-context-slf4j:${versions.braveVersion}"
-libraries.commonsIo = "commons-io:commons-io:2.16.0"
+libraries.commonsIo = "commons-io:commons-io:2.16.1"
 libraries.dumbster = "dumbster:dumbster:1.6"
 libraries.eclipseJgit = "org.eclipse.jgit:org.eclipse.jgit:6.9.0.202403050737-r"
 libraries.flywayCore = "org.flywaydb:flyway-core"
@@ -131,7 +131,6 @@ libraries.xmlSecurity = "org.apache.santuario:xmlsec:4.0.2"
 libraries.orgJson = "org.json:json:20240303"
 libraries.owaspEsapi = "org.owasp.esapi:esapi:2.5.3.1"
 libraries.jodaTime = "joda-time:joda-time:2.12.7"
-libraries.commonsHttpClient = "commons-httpclient:commons-httpclient:3.1"
 libraries.apacheHttpClient = "org.apache.httpcomponents:httpclient:4.5.14"
 
 // gradle plugins

model/build.gradle

@@ -22,6 +22,11 @@ dependencies {
 
     implementation(libraries.slf4jApi)
 
+    testImplementation(libraries.springBootStarterTest)
+    testImplementation(libraries.hamcrest)
+    testImplementation(libraries.junit5JupiterApi)
+    testImplementation(libraries.junit5JupiterParams)
+
     testImplementation(libraries.junit)
 
     testImplementation(libraries.jsonAssert)

model/src/main/java/org/cloudfoundry/identity/uaa/client/InMemoryClientDetailsService.java

@@ -0,0 +1,46 @@
+package org.cloudfoundry.identity.uaa.client;
+
+import org.cloudfoundry.identity.uaa.provider.ClientAlreadyExistsException;
+import org.cloudfoundry.identity.uaa.provider.ClientRegistrationException;
+import org.cloudfoundry.identity.uaa.provider.NoSuchClientException;
+import org.springframework.security.oauth2.provider.ClientDetails;
+import org.springframework.security.oauth2.provider.ClientDetailsService;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Optional;
+
+/**
+ * Moved class InMemoryClientDetailsService implementation of from spring-security-oauth2 into UAA
+ *
+ * The class was taken over from the legacy project with minor refactorings
+ * based on sonar.
+ *
+ * Serves mainly for tests
+ */
+public class InMemoryClientDetailsService implements ClientDetailsService {
+
+  private Map<String, UaaClientDetails> clientDetailsStore = new HashMap<>();
+
+  public UaaClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {
+    UaaClientDetails details = clientDetailsStore.get(clientId);
+    if (details == null) {
+      throw new NoSuchClientException("No client with requested id");
+    }
+    return details;
+  }
+
+  protected void addClientDetails(ClientDetails clientDetails) throws ClientAlreadyExistsException {
+    String clientId = Optional.ofNullable(clientDetails).orElseThrow(() -> new ClientRegistrationException("No details")).getClientId();
+    UaaClientDetails details = clientDetailsStore.get(clientId);
+    if (details != null) {
+      throw new ClientAlreadyExistsException("Client with this id exists aleady");
+    }
+    clientDetailsStore.put(clientId, new UaaClientDetails(clientDetails));
+  }
+
+  public void setClientDetailsStore(Map<String, ? extends UaaClientDetails> clientDetailsStore) {
+    this.clientDetailsStore = new HashMap<>(clientDetailsStore);
+  }
+
+}

model/src/main/java/org/cloudfoundry/identity/uaa/client/Jackson2ArrayOrStringDeserializer.java

@@ -0,0 +1,47 @@
+package org.cloudfoundry.identity.uaa.client;
+
+import com.fasterxml.jackson.core.JsonParser;
+import com.fasterxml.jackson.core.JsonToken;
+import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.DeserializationContext;
+import com.fasterxml.jackson.databind.JavaType;
+import com.fasterxml.jackson.databind.deser.std.StdDeserializer;
+import com.fasterxml.jackson.databind.type.SimpleType;
+import org.springframework.util.StringUtils;
+
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.LinkedHashSet;
+import java.util.Set;
+
+/**
+ * Moved class Jackson2ArrayOrStringDeserializer implementation of from spring-security-oauth2 into UAA
+ *
+ * The class was taken over from the legacy project with minor refactorings
+ * based on sonar.
+ *
+ */
+@SuppressWarnings("serial")
+public class Jackson2ArrayOrStringDeserializer extends StdDeserializer<Set<String>> {
+
+	public Jackson2ArrayOrStringDeserializer() {
+		super(Set.class);
+	}
+
+	@Override
+	public JavaType getValueType() {
+		return SimpleType.construct(String.class);
+	}
+
+	@Override
+	public Set<String> deserialize(JsonParser jp, DeserializationContext ctxt) throws IOException {
+		JsonToken token = jp.getCurrentToken();
+		if (token.isScalarValue()) {
+			String list = jp.getText();
+			list = list.replaceAll("\\s+", ",");
+			return new LinkedHashSet<>(Arrays.asList(StringUtils.commaDelimitedListToStringArray(list)));
+		}
+		return jp.readValueAs(new TypeReference<Set<String>>() {
+		});
+	}
+}