From 07366c2ca25e15ae52fcd4341ee05275e4d7f07d Mon Sep 17 00:00:00 2001 From: Adrian Hoelzl Date: Wed, 27 Mar 2024 16:35:16 +0100 Subject: [PATCH 01/26] Reject deletion of entities if alias exists and alias feature is disabled --- .../uaa/alias/EntityAliasHandler.java | 3 + .../provider/IdentityProviderEndpoints.java | 20 +++--- .../IdentityProviderEndpointsTest.java | 45 +++---------- ...ityProviderEndpointsAliasMockMvcTests.java | 67 +++++++++++++------ 4 files changed, 69 insertions(+), 66 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/alias/EntityAliasHandler.java b/server/src/main/java/org/cloudfoundry/identity/uaa/alias/EntityAliasHandler.java index 6636310f3ae..02ab73c5e98 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/alias/EntityAliasHandler.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/alias/EntityAliasHandler.java @@ -225,6 +225,9 @@ private T buildAliasEntity(final T originalEntity) { protected abstract T cloneEntity(final T originalEntity); public final Optional retrieveAliasEntity(final T originalEntity) { + if (!hasText(originalEntity.getAliasId()) || !hasText(originalEntity.getAliasZid())) { + return Optional.empty(); + } return retrieveEntity(originalEntity.getAliasId(), originalEntity.getAliasZid()); } diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpoints.java b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpoints.java index c83d415dd4c..4eed2f59592 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpoints.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpoints.java @@ -185,11 +185,19 @@ public ResponseEntity deleteIdentityProvider(@PathVariable Str return new ResponseEntity<>(UNPROCESSABLE_ENTITY); } + // reject deletion if the IdP has an alias, but alias feature is disabled + final boolean idpHasAlias = hasText(existing.getAliasZid()) || hasText(existing.getAliasId()); + if (idpHasAlias && !aliasEntitiesEnabled) { + return new ResponseEntity<>(BAD_REQUEST); + } + + // delete the IdP existing.setSerializeConfigRaw(rawConfig); publisher.publishEvent(new EntityDeletedEvent<>(existing, authentication, identityZoneId)); redactSensitiveData(existing); - if (hasText(existing.getAliasZid()) && hasText(existing.getAliasId())) { + // delete the alias IdP if present + if (idpHasAlias) { final Optional> aliasIdpOpt = idpAliasHandler.retrieveAliasEntity(existing); if (aliasIdpOpt.isEmpty()) { // ignore dangling reference to alias @@ -202,16 +210,6 @@ public ResponseEntity deleteIdentityProvider(@PathVariable Str } final IdentityProvider aliasIdp = aliasIdpOpt.get(); - if (!aliasEntitiesEnabled) { - // if alias entities are not enabled, just break the reference - aliasIdp.setAliasId(null); - aliasIdp.setAliasZid(null); - identityProviderProvisioning.update(aliasIdp, aliasIdp.getIdentityZoneId()); - - return new ResponseEntity<>(existing, OK); - } - - // also delete the alias IdP aliasIdp.setSerializeConfigRaw(rawConfig); publisher.publishEvent(new EntityDeletedEvent<>(aliasIdp, authentication, identityZoneId)); } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpointsTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpointsTest.java index 9c7b20c0e3c..7bf03cad3e4 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpointsTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpointsTest.java @@ -670,45 +670,22 @@ void testDeleteIdpWithAlias_DanglingReference() { void testDeleteIdpWithAlias_AliasFeatureDisabled() { arrangeAliasEntitiesEnabled(false); + // ensure event publisher is present + final ApplicationEventPublisher mockEventPublisher = mock(ApplicationEventPublisher.class); + identityProviderEndpoints.setApplicationEventPublisher(mockEventPublisher); + // arrange IdP with alias exists final String customZoneId = UUID.randomUUID().toString(); final Pair, IdentityProvider> idpAndAlias = arrangeIdpWithAliasExists(UAA, customZoneId); final IdentityProvider idp = idpAndAlias.getLeft(); - final IdentityProvider aliasIdp = idpAndAlias.getRight(); - - final ApplicationEventPublisher mockEventPublisher = mock(ApplicationEventPublisher.class); - identityProviderEndpoints.setApplicationEventPublisher(mockEventPublisher); - doNothing().when(mockEventPublisher).publishEvent(any()); - identityProviderEndpoints.deleteIdentityProvider(idp.getId(), true); - - // the original IdP should be deleted - final ArgumentCaptor> entityDeletedEventCaptor = ArgumentCaptor.forClass(EntityDeletedEvent.class); - verify(mockEventPublisher, times(1)).publishEvent(entityDeletedEventCaptor.capture()); - final EntityDeletedEvent event = entityDeletedEventCaptor.getValue(); - Assertions.assertThat(event).isNotNull(); - Assertions.assertThat(event.getIdentityZoneId()).isEqualTo(UAA); - Assertions.assertThat(((IdentityProvider) event.getSource()).getId()).isEqualTo(idp.getId()); - - // instead of being deleted, the alias IdP should just have its reference to the original IdP removed - final ArgumentCaptor updateIdpParamCaptor = ArgumentCaptor.forClass(IdentityProvider.class); - verify(mockIdentityProviderProvisioning).update(updateIdpParamCaptor.capture(), eq(customZoneId)); - final IdentityProvider updateIdpParam = updateIdpParamCaptor.getValue(); - Assertions.assertThat(updateIdpParam).isNotNull(); - Assertions.assertThat(updateIdpParam.getAliasId()).isBlank(); - Assertions.assertThat(updateIdpParam.getAliasZid()).isBlank(); - assertIdpsAreEqualApartFromAliasProperties(updateIdpParam, aliasIdp); - } + final ResponseEntity response = identityProviderEndpoints.deleteIdentityProvider( + idp.getId(), + true + ); - private static void assertIdpsAreEqualApartFromAliasProperties( - final IdentityProvider idp1, - final IdentityProvider idp2 - ) { - idp2.setAliasId(null); - idp1.setAliasId(null); - idp2.setAliasZid(null); - idp1.setAliasZid(null); - Assertions.assertThat(idp1).isEqualTo(idp2); + // deletion should be rejected + assertThat(response.getStatusCode()).isEqualTo(HttpStatus.BAD_REQUEST); } private Pair, IdentityProvider> arrangeIdpWithAliasExists(final String zone1Id, final String zone2Id) { @@ -734,7 +711,7 @@ private Pair, IdentityProvider> arrangeIdpWithAliasExists aliasIdp.setIdentityZoneId(zone2Id); aliasIdp.setAliasId(idpId); aliasIdp.setAliasZid(zone1Id); - when(mockIdpAliasHandler.retrieveAliasEntity(idp)).thenReturn(Optional.of(aliasIdp)); + lenient().when(mockIdpAliasHandler.retrieveAliasEntity(idp)).thenReturn(Optional.of(aliasIdp)); return Pair.of(idp, aliasIdp); } diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java index 8dbc2863f37..7063db5e278 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java @@ -1091,6 +1091,13 @@ public DeleteBase(final boolean aliasFeatureEnabled) { void setUp() { arrangeAliasFeatureEnabled(aliasFeatureEnabled); } + } + + @Nested + class AliasFeatureEnabled extends DeleteBase { + public AliasFeatureEnabled() { + super(true); + } @Test void shouldIgnoreDanglingReferenceToAliasIdp_UaaToCustomZone() throws Throwable { @@ -1102,7 +1109,10 @@ void shouldIgnoreDanglingReferenceToAliasIdp_CustomToUaaZone() throws Throwable shouldIgnoreDanglingReferenceToAliasIdp(customZone, IdentityZone.getUaa()); } - private void shouldIgnoreDanglingReferenceToAliasIdp(final IdentityZone zone1, final IdentityZone zone2) throws Throwable { + private void shouldIgnoreDanglingReferenceToAliasIdp( + final IdentityZone zone1, + final IdentityZone zone2 + ) throws Throwable { final IdentityProvider originalIdp = executeWithTemporarilyEnabledAliasFeature( aliasFeatureEnabled, () -> createIdpWithAlias(zone1, zone2) @@ -1155,21 +1165,6 @@ private void deletionWithExistingAliasIdp( final MvcResult deleteResult = deleteIdpAndReturnResult(zone1, id); assertThat(deleteResult.getResponse().getStatus()).isEqualTo(HttpStatus.OK.value()); - // alias IdP should still exist, but without reference to original IdP - assertAliasIdpAfterDeletion(aliasId, aliasZid); - } - - protected abstract void assertAliasIdpAfterDeletion(final String aliasId, final String aliasZid) throws Exception; - } - - @Nested - class AliasFeatureEnabled extends DeleteBase { - public AliasFeatureEnabled() { - super(true); - } - - @Override - protected void assertAliasIdpAfterDeletion(final String aliasId, final String aliasZid) throws Exception { // if the alias feature is enabled, the alias should also be removed assertIdpDoesNotExist(aliasId, aliasZid); } @@ -1181,13 +1176,43 @@ public AliasFeatureDisabled() { super(false); } - @Override - protected void assertAliasIdpAfterDeletion(final String aliasId, final String aliasZid) throws Exception { - // if the alias feature is disabled, only the reference should be removed from the alias IdP - assertReferenceWasRemovedFromAlias(aliasId, aliasZid); + @Test + void shouldRejectDeletion_WhenAliasIdpExists_UaaToCustomZone() throws Throwable { + shouldRejectDeletion_WhenAliasIdpExists(IdentityZone.getUaa(), customZone); + } + + @Test + void shouldRejectDeletion_WhenAliasIdpExists_CustomToUaaZone() throws Throwable { + shouldRejectDeletion_WhenAliasIdpExists(customZone, IdentityZone.getUaa()); } - } + private void shouldRejectDeletion_WhenAliasIdpExists( + final IdentityZone zone1, + final IdentityZone zone2 + ) throws Throwable { + // create IdP in zone 1 with alias in zone 2 + final IdentityProvider idpInZone1 = executeWithTemporarilyEnabledAliasFeature( + aliasFeatureEnabled, + () -> createIdpWithAlias(zone1, zone2) + ); + final String id = idpInZone1.getId(); + assertThat(id).isNotBlank(); + final String aliasId = idpInZone1.getAliasId(); + assertThat(aliasId).isNotBlank(); + final String aliasZid = idpInZone1.getAliasZid(); + assertThat(aliasZid).isNotBlank().isEqualTo(zone2.getId()); + + // check if alias IdP is available in zone 2 + final Optional> aliasIdp = readIdpFromZoneIfExists(zone2.getId(), aliasId); + assertThat(aliasIdp).isPresent(); + assertThat(aliasIdp.get().getAliasId()).isNotBlank().isEqualTo(id); + assertThat(aliasIdp.get().getAliasZid()).isNotBlank().isEqualTo(idpInZone1.getIdentityZoneId()); + + // delete IdP in zone 1 -> should be rejected since alias feature is disabled + final MvcResult deleteResult = deleteIdpAndReturnResult(zone1, id); + assertThat(deleteResult.getResponse().getStatus()).isEqualTo(HttpStatus.BAD_REQUEST.value()); + } + } private MvcResult deleteIdpAndReturnResult(final IdentityZone zone, final String id) throws Exception { final String accessTokenForZone1 = getAccessTokenForZone(zone.getId()); From 2b116b995cc33b6f0ecb9c8f3145e63748cac171 Mon Sep 17 00:00:00 2001 From: Adrian Hoelzl Date: Thu, 28 Mar 2024 13:38:35 +0100 Subject: [PATCH 02/26] Adapt test to new behavior: Update -> AliasFeatureDisabled -> ExistingAlias -> shouldAccept_ShouldIgnoreDanglingReference (renamed to "shouldReject_EvenIfAliasReferenceIsBroken") --- ...ityProviderEndpointsAliasMockMvcTests.java | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java index 7063db5e278..1498636cef0 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java @@ -921,16 +921,16 @@ private void shouldAccept_ShouldIgnoreAliasIdOfExistingIdpMissing( } @Test - void shouldAccept_ShouldIgnoreDanglingReference_UaaToCustomZone() throws Throwable { - shouldAccept_ShouldIgnoreDanglingReference(IdentityZone.getUaa(), customZone); + void shouldReject_EvenIfAliasReferenceIsBroken_UaaToCustomZone() throws Throwable { + shouldReject_EvenIfAliasReferenceIsBroken(IdentityZone.getUaa(), customZone); } @Test - void shouldAccept_ShouldIgnoreDanglingReference_CustomToUaaZone() throws Throwable { - shouldAccept_ShouldIgnoreDanglingReference(customZone, IdentityZone.getUaa()); + void shouldReject_EvenIfAliasReferenceIsBroken_CustomToUaaZone() throws Throwable { + shouldReject_EvenIfAliasReferenceIsBroken(customZone, IdentityZone.getUaa()); } - private void shouldAccept_ShouldIgnoreDanglingReference( + private void shouldReject_EvenIfAliasReferenceIsBroken( final IdentityZone zone1, final IdentityZone zone2 ) throws Throwable { @@ -942,14 +942,9 @@ private void shouldAccept_ShouldIgnoreDanglingReference( // create dangling reference by removing alias IdP directly in DB deleteIdpViaDb(existingIdp.getOriginKey(), zone2.getId()); - // update original IdP - existingIdp.setAliasId(null); - existingIdp.setAliasZid(null); + // try to update IdP -> should still fail, even if the alias reference is broken existingIdp.setName("some-new-name"); - final IdentityProvider updatedIdp = updateIdp(zone1, existingIdp); - assertThat(updatedIdp.getName()).isEqualTo("some-new-name"); - assertThat(updatedIdp.getAliasId()).isBlank(); - assertThat(updatedIdp.getAliasZid()).isBlank(); + shouldRejectUpdate(zone1, existingIdp, HttpStatus.UNPROCESSABLE_ENTITY); } @Test From a7dbc53a6dff971fa21cb872dd1228165453ce7f Mon Sep 17 00:00:00 2001 From: Adrian Hoelzl Date: Thu, 28 Mar 2024 14:00:37 +0100 Subject: [PATCH 03/26] Adapt test to new behavior: Update -> AliasFeatureDisabled -> ExistingAlias -> shouldAccept_SetAliasPropertiesToNullAndChangeOtherProperties (renamed to "shouldReject_SetAliasPropertiesToNullAndChangeOtherProperties") --- ...ityProviderEndpointsAliasMockMvcTests.java | 24 ++++++------------- 1 file changed, 7 insertions(+), 17 deletions(-) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java index 1498636cef0..7945903fc51 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java @@ -833,16 +833,16 @@ private void shouldAccept_SetOnlyAliasPropertiesToNull( } @Test - void shouldAccept_SetAliasPropertiesToNullAndChangeOtherProperties_UaaToCustomZone() throws Throwable { - shouldAccept_SetAliasPropertiesToNullAndChangeOtherProperties(IdentityZone.getUaa(), customZone); + void shouldReject_SetAliasPropertiesToNullAndChangeOtherProperties_UaaToCustomZone() throws Throwable { + shouldReject_SetAliasPropertiesToNullAndChangeOtherProperties(IdentityZone.getUaa(), customZone); } @Test - void shouldAccept_SetAliasPropertiesToNullAndChangeOtherProperties_CustomToUaaZone() throws Throwable { - shouldAccept_SetAliasPropertiesToNullAndChangeOtherProperties(customZone, IdentityZone.getUaa()); + void shouldReject_SetAliasPropertiesToNullAndChangeOtherProperties_CustomToUaaZone() throws Throwable { + shouldReject_SetAliasPropertiesToNullAndChangeOtherProperties(customZone, IdentityZone.getUaa()); } - private void shouldAccept_SetAliasPropertiesToNullAndChangeOtherProperties( + private void shouldReject_SetAliasPropertiesToNullAndChangeOtherProperties( final IdentityZone zone1, final IdentityZone zone2 ) throws Throwable { @@ -858,21 +858,11 @@ private void shouldAccept_SetAliasPropertiesToNullAndChangeOtherProperties( final String initialName = originalIdp.getName(); assertThat(initialName).isNotBlank(); - // change non-alias property without setting alias properties to null + // should reject update originalIdp.setAliasId(null); originalIdp.setAliasZid(null); originalIdp.setName("some-new-name"); - final IdentityProvider updatedIdp = updateIdp(zone1, originalIdp); - assertThat(updatedIdp.getAliasId()).isBlank(); - assertThat(updatedIdp.getAliasZid()).isBlank(); - assertThat(updatedIdp.getName()).isEqualTo("some-new-name"); - - // apart from the alias reference being removed, the alias IdP should be left unchanged - final Optional> aliasIdpAfterUpdate = readIdpFromZoneIfExists(zone2.getId(), initialAliasId); - assertThat(aliasIdpAfterUpdate).isPresent(); - assertThat(aliasIdpAfterUpdate.get().getAliasId()).isBlank(); - assertThat(aliasIdpAfterUpdate.get().getAliasZid()).isBlank(); - assertThat(aliasIdpAfterUpdate.get().getName()).isEqualTo(initialName); + shouldRejectUpdate(zone1, originalIdp, HttpStatus.UNPROCESSABLE_ENTITY); } @Test From cff69a3e8f6a5210a2037b118706b094a234d3ea Mon Sep 17 00:00:00 2001 From: Adrian Hoelzl Date: Thu, 28 Mar 2024 14:11:50 +0100 Subject: [PATCH 04/26] Adapt test to new behavior: Update -> AliasFeatureDisabled -> ExistingAlias -> shouldAccept_SetOnlyAliasPropertiesToNull (renamed to "shouldReject_SetOnlyAliasPropertiesToNull") --- ...ntityProviderEndpointsAliasMockMvcTests.java | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java index 7945903fc51..a511bc86cfd 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java @@ -798,16 +798,16 @@ private void shouldReject_OtherPropertiesChangedWhileAliasPropertiesUnchanged( } @Test - void shouldAccept_SetOnlyAliasPropertiesToNull_UaaToCustomZone() throws Throwable { - shouldAccept_SetOnlyAliasPropertiesToNull(IdentityZone.getUaa(), customZone); + void shouldReject_SetOnlyAliasPropertiesToNull_UaaToCustomZone() throws Throwable { + shouldReject_SetOnlyAliasPropertiesToNull(IdentityZone.getUaa(), customZone); } @Test - void shouldAccept_SetOnlyAliasPropertiesToNull_CustomToUaaZone() throws Throwable { - shouldAccept_SetOnlyAliasPropertiesToNull(customZone, IdentityZone.getUaa()); + void shouldReject_SetOnlyAliasPropertiesToNull_CustomToUaaZone() throws Throwable { + shouldReject_SetOnlyAliasPropertiesToNull(customZone, IdentityZone.getUaa()); } - private void shouldAccept_SetOnlyAliasPropertiesToNull( + private void shouldReject_SetOnlyAliasPropertiesToNull( final IdentityZone zone1, final IdentityZone zone2 ) throws Throwable { @@ -824,12 +824,7 @@ private void shouldAccept_SetOnlyAliasPropertiesToNull( // change non-alias property without setting alias properties to null originalIdp.setAliasId(null); originalIdp.setAliasZid(null); - final IdentityProvider updatedIdp = updateIdp(zone1, originalIdp); - assertThat(updatedIdp.getAliasId()).isBlank(); - assertThat(updatedIdp.getAliasZid()).isBlank(); - - // the alias IdP should have its reference removed - assertReferenceWasRemovedFromAlias(initialAliasId, initialAliasZid); + shouldRejectUpdate(zone1, originalIdp, HttpStatus.UNPROCESSABLE_ENTITY); } @Test From 195612ed0b09706cc62c4fa3315183e570d50b43 Mon Sep 17 00:00:00 2001 From: Adrian Hoelzl Date: Thu, 28 Mar 2024 14:20:52 +0100 Subject: [PATCH 05/26] Adapt test to new behavior: Update -> AliasFeatureDisabled -> ExistingAlias -> shouldAccept_ShouldIgnoreAliasIdOfExistingIdpMissing (renamed to "shouldReject_AliasIdOfExistingIdpMissing") --- ...ityProviderEndpointsAliasMockMvcTests.java | 22 +++++-------------- 1 file changed, 6 insertions(+), 16 deletions(-) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java index a511bc86cfd..81be6bbf4f9 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java @@ -861,16 +861,16 @@ private void shouldReject_SetAliasPropertiesToNullAndChangeOtherProperties( } @Test - void shouldAccept_ShouldIgnoreAliasIdOfExistingIdpMissing_UaaToCustomZone() throws Throwable { - shouldAccept_ShouldIgnoreAliasIdOfExistingIdpMissing(IdentityZone.getUaa(), customZone); + void shouldReject_AliasIdOfExistingIdpMissing_UaaToCustomZone() throws Throwable { + shouldReject_AliasIdOfExistingIdpMissing(IdentityZone.getUaa(), customZone); } @Test - void shouldAccept_ShouldIgnoreAliasIdOfExistingIdpMissing_CustomToUaaZone() throws Throwable { - shouldAccept_ShouldIgnoreAliasIdOfExistingIdpMissing(customZone, IdentityZone.getUaa()); + void shouldReject_AliasIdOfExistingIdpMissing_CustomToUaaZone() throws Throwable { + shouldReject_AliasIdOfExistingIdpMissing(customZone, IdentityZone.getUaa()); } - private void shouldAccept_ShouldIgnoreAliasIdOfExistingIdpMissing( + private void shouldReject_AliasIdOfExistingIdpMissing( final IdentityZone zone1, final IdentityZone zone2 ) throws Throwable { @@ -892,17 +892,7 @@ private void shouldAccept_ShouldIgnoreAliasIdOfExistingIdpMissing( existingIdp.setAliasId(null); existingIdp.setAliasZid(null); existingIdp.setName("some-new-name"); - final IdentityProvider updatedIdp = updateIdp(zone1, existingIdp); - assertThat(updatedIdp.getName()).isEqualTo("some-new-name"); - assertThat(updatedIdp.getAliasId()).isBlank(); - assertThat(updatedIdp.getAliasZid()).isBlank(); - - // alias IdP should still exist and not be modified - final Optional> aliasIdp = readIdpViaDb(initialAliasId, zone2.getId()); - assertThat(aliasIdp).isPresent(); - assertThat(aliasIdp.get().getAliasId()).isNotBlank().isEqualTo(existingIdp.getId()); - assertThat(aliasIdp.get().getAliasZid()).isNotBlank().isEqualTo(existingIdp.getIdentityZoneId()); - assertThat(aliasIdp.get().getName()).isNotBlank().isEqualTo(initialName); + shouldRejectUpdate(zone1, existingIdp, HttpStatus.UNPROCESSABLE_ENTITY); } @Test From 9acea9d6b0f7b7cef5046c6f3b7c33222c9d6642 Mon Sep 17 00:00:00 2001 From: Adrian Hoelzl Date: Thu, 28 Mar 2024 14:23:57 +0100 Subject: [PATCH 06/26] Remove unused method "assertReferenceWasRemovedFromAlias" from IdentityProviderEndpointsAliasMockMvcTests --- .../IdentityProviderEndpointsAliasMockMvcTests.java | 7 ------- 1 file changed, 7 deletions(-) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java index 81be6bbf4f9..3098480d1e1 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java @@ -1198,13 +1198,6 @@ private void assertIdpDoesNotExist(final String id, final String zoneId) throws } } - private void assertReferenceWasRemovedFromAlias(final String aliasId, final String aliasZid) throws Exception { - final Optional> aliasIdpAfterDeletion = readIdpFromZoneIfExists(aliasZid, aliasId); - assertThat(aliasIdpAfterDeletion).isPresent(); - assertThat(aliasIdpAfterDeletion.get().getAliasId()).isBlank(); - assertThat(aliasIdpAfterDeletion.get().getAliasZid()).isBlank(); - } - private static void assertIdpReferencesOtherIdp(final IdentityProvider idp, final IdentityProvider referencedIdp) { assertThat(idp).isNotNull(); assertThat(referencedIdp).isNotNull(); From 3ad9bc48a724888adc3dc51175a8ed5c6450f7a8 Mon Sep 17 00:00:00 2001 From: Adrian Hoelzl Date: Thu, 28 Mar 2024 14:25:45 +0100 Subject: [PATCH 07/26] Refactor assertion --- .../providers/IdentityProviderEndpointsAliasMockMvcTests.java | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java index 3098480d1e1..594833b770f 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java @@ -139,8 +139,7 @@ private void shouldStillReturnAliasPropertiesOfIdpsWithAliasCreatedBeforehand( final Optional> createdIdp = allIdps.stream() .filter(it -> it.getOriginKey().equals(existingIdp.getOriginKey())) .findFirst(); - assertThat(createdIdp).isPresent(); - assertThat(createdIdp.get()).isEqualTo(existingIdp); + assertThat(createdIdp).isPresent().contains(existingIdp); assertThat(createdIdp.get().getAliasZid()).isEqualTo(zone2.getId()); } } From 2ba70ce100bece71bf008e5b3ace4e07055f6208 Mon Sep 17 00:00:00 2001 From: Adrian Hoelzl Date: Thu, 28 Mar 2024 14:37:04 +0100 Subject: [PATCH 08/26] Adjust EntityAliasHandlerValidationTest to new update behavior --- .../alias/EntityAliasHandlerValidationTest.java | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/alias/EntityAliasHandlerValidationTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/alias/EntityAliasHandlerValidationTest.java index 34a3e0723b7..f4a44d3063e 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/alias/EntityAliasHandlerValidationTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/alias/EntityAliasHandlerValidationTest.java @@ -87,7 +87,7 @@ protected final boolean isAliasFeatureEnabled() { } @Test - final void shouldReturnFalse_NotBothAliasPropsEmptyInReqBody() { + final void shouldReturnFalse_UpdatesOfEntitiesWithExistingAliasForbidden() { final String initialAliasId = UUID.randomUUID().toString(); final String initialAliasZid = CUSTOM_ZONE_ID; @@ -124,16 +124,10 @@ final void shouldReturnFalse_NotBothAliasPropsEmptyInReqBody() { // (8) alias ID removed, alias ZID changed requestBody = buildEntityWithAliasProps(null, "some-other-zid"); assertThat(aliasHandler.aliasPropertiesAreValid(requestBody, existingEntity)).isFalse(); - } - @Test - final void shouldReturnTrue_BothAliasPropsEmptyInReqBody() { - final T existingEntity = buildEntityWithAliasProps( - UUID.randomUUID().toString(), - CUSTOM_ZONE_ID - ); - final T requestBody = buildEntityWithAliasProps(null, null); - assertThat(aliasHandler.aliasPropertiesAreValid(requestBody, existingEntity)).isTrue(); + // (9) alias ID removed, alias ZID removed + requestBody = buildEntityWithAliasProps(null, null); + assertThat(aliasHandler.aliasPropertiesAreValid(requestBody, existingEntity)).isFalse(); } } From 0cc9ffb0ffc299feb96b95ddbda4fa052be74fb6 Mon Sep 17 00:00:00 2001 From: Adrian Hoelzl Date: Thu, 28 Mar 2024 14:43:59 +0100 Subject: [PATCH 09/26] Adjust validation logic in EntityAliasHandler to reject updates when an alias exists but the alias feature is disabled --- .../cloudfoundry/identity/uaa/alias/EntityAliasHandler.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/alias/EntityAliasHandler.java b/server/src/main/java/org/cloudfoundry/identity/uaa/alias/EntityAliasHandler.java index 02ab73c5e98..ad40f7be06e 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/alias/EntityAliasHandler.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/alias/EntityAliasHandler.java @@ -37,8 +37,8 @@ public final boolean aliasPropertiesAreValid( final boolean entityAlreadyHasAlias = existingEntity != null && hasText(existingEntity.getAliasZid()); if (entityAlreadyHasAlias) { if (!aliasEntitiesEnabled) { - // if the feature is disabled, we only allow setting both alias properties to null - return !hasText(requestBody.getAliasId()) && !hasText(requestBody.getAliasZid()); + // reject ANY update of an entity with an existing alias if the feature is disabled + return false; } if (!hasText(existingEntity.getAliasId())) { From 5d0060315c905bbb7594d9f376febe1b3eab7691 Mon Sep 17 00:00:00 2001 From: Adrian Hoelzl Date: Thu, 28 Mar 2024 15:00:30 +0100 Subject: [PATCH 10/26] Remove reference break logic from EntityAliasHandler.ensureConsistencyOfAliasEntity --- .../uaa/alias/EntityAliasHandler.java | 48 ++++--------------- 1 file changed, 8 insertions(+), 40 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/alias/EntityAliasHandler.java b/server/src/main/java/org/cloudfoundry/identity/uaa/alias/EntityAliasHandler.java index ad40f7be06e..6aef8b3884b 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/alias/EntityAliasHandler.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/alias/EntityAliasHandler.java @@ -10,7 +10,6 @@ import org.cloudfoundry.identity.uaa.zone.ZoneDoesNotExistsException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.dao.DataAccessException; import org.springframework.http.HttpStatus; import org.springframework.lang.NonNull; import org.springframework.lang.Nullable; @@ -121,46 +120,10 @@ public final T ensureConsistencyOfAliasEntity( @NonNull final T originalEntity, @Nullable final T existingEntity ) throws EntityAliasFailedException { - /* If the entity had an alias before the update and the alias feature is now turned off, we break the reference - * between the entity and its alias by setting aliasId and aliasZid to null for both of them. Then, all other - * changes are only applied to the original entity. */ final boolean entityHadAlias = existingEntity != null && hasText(existingEntity.getAliasZid()); - final boolean referenceBreakRequired = entityHadAlias && !aliasEntitiesEnabled; - if (referenceBreakRequired) { - if (!hasText(existingEntity.getAliasId())) { - LOGGER.warn( - "The state of the entity {} before the update had an aliasZid set, but no aliasId.", - existingEntity.getAliasDescription() - ); - return originalEntity; - } - - final Optional aliasEntityOpt = retrieveAliasEntity(existingEntity); - if (aliasEntityOpt.isEmpty()) { - LOGGER.warn( - "The alias referenced in entity {} does not exist, therefore cannot break reference.", - existingEntity.getAliasDescription() - ); - return originalEntity; - } - - final T aliasEntity = aliasEntityOpt.get(); - aliasEntity.setAliasId(null); - aliasEntity.setAliasZid(null); - - try { - updateEntity(aliasEntity, aliasEntity.getZoneId()); - } catch (final DataAccessException e) { - throw new EntityAliasFailedException( - String.format( - "Could not break reference to alias in entity %s.", - existingEntity.getAliasDescription() - ), HttpStatus.UNPROCESSABLE_ENTITY.value(), e - ); - } - - // no change required in the original entity since its aliasId and aliasZid were already set to null - return originalEntity; + if (entityHadAlias && !aliasEntitiesEnabled) { + // this should already be caught in the validation method + throw new IllegalStateException("Performing update on entity with alias while alias feature is disabled."); } if (!hasText(originalEntity.getAliasZid())) { @@ -168,6 +131,11 @@ public final T ensureConsistencyOfAliasEntity( return originalEntity; } + if (!aliasEntitiesEnabled) { + // this should already be caught in the validation method + throw new IllegalStateException("Trying to create a new alias while alias feature is disabled."); + } + final T aliasEntity = buildAliasEntity(originalEntity); // get the existing alias entity, if present From 183d054b23812547dc0ed7f92c6491e5e9b4f3df Mon Sep 17 00:00:00 2001 From: Adrian Hoelzl Date: Thu, 28 Mar 2024 15:16:27 +0100 Subject: [PATCH 11/26] Adjust unit tests for ensureConsistency method --- ...iderAliasHandlerEnsureConsistencyTest.java | 66 ++----------------- 1 file changed, 6 insertions(+), 60 deletions(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderAliasHandlerEnsureConsistencyTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderAliasHandlerEnsureConsistencyTest.java index 9792e9f2657..53409737ab3 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderAliasHandlerEnsureConsistencyTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderAliasHandlerEnsureConsistencyTest.java @@ -2,6 +2,7 @@ import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThatExceptionOfType; +import static org.assertj.core.api.Assertions.assertThatIllegalStateException; import static org.cloudfoundry.identity.uaa.constants.OriginKeys.OIDC10; import static org.cloudfoundry.identity.uaa.constants.OriginKeys.UAA; import static org.mockito.ArgumentMatchers.any; @@ -24,7 +25,6 @@ import org.mockito.ArgumentMatcher; import org.mockito.Mock; import org.mockito.junit.jupiter.MockitoExtension; -import org.springframework.dao.EmptyResultDataAccessException; import org.springframework.test.util.ReflectionTestUtils; @ExtendWith(MockitoExtension.class) @@ -202,50 +202,7 @@ void setUp() { } @Test - void shouldIgnoreDanglingReferenceInExistingEntity_AliasIdEmpty() { - final IdentityProvider existingIdp = new IdentityProvider<>(); - existingIdp.setType(OIDC10); - existingIdp.setId(UUID.randomUUID().toString()); - existingIdp.setIdentityZoneId(UAA); - existingIdp.setAliasId(null); // dangling reference: aliasId empty - existingIdp.setAliasZid(customZoneId); - - final IdentityProvider originalIdp = shallowCloneIdp(existingIdp); - originalIdp.setAliasId(null); - originalIdp.setAliasZid(null); - - // should ignore dangling reference - assertThat(idpAliasHandler.ensureConsistencyOfAliasEntity(existingIdp, existingIdp)) - .isEqualTo(existingIdp); - } - - @Test - void shouldIgnoreDanglingReference_AliasNotFound() { - final String idpId = UUID.randomUUID().toString(); - final String aliasIdpId = UUID.randomUUID().toString(); - - final IdentityProvider existingIdp = new IdentityProvider<>(); - existingIdp.setType(OIDC10); - existingIdp.setId(idpId); - existingIdp.setIdentityZoneId(UAA); - existingIdp.setAliasId(aliasIdpId); - existingIdp.setAliasZid(customZoneId); - - final IdentityProvider originalIdp = shallowCloneIdp(existingIdp); - originalIdp.setAliasId(null); - originalIdp.setAliasZid(null); - - // dangling reference: alias IdP does not exist - when(identityProviderProvisioning.retrieve(aliasIdpId, customZoneId)) - .thenThrow(new EmptyResultDataAccessException(1)); - - // should ignore dangling reference - assertThat(idpAliasHandler.ensureConsistencyOfAliasEntity(existingIdp, existingIdp)) - .isEqualTo(existingIdp); - } - - @Test - void shouldBreakReferenceInAliasIdp() { + void shouldThrow_IfExistingEntityHasAlias() { final String idpId = UUID.randomUUID().toString(); final String aliasIdpId = UUID.randomUUID().toString(); @@ -259,22 +216,11 @@ void shouldBreakReferenceInAliasIdp() { final IdentityProvider originalIdp = shallowCloneIdp(existingIdp); originalIdp.setAliasId(null); originalIdp.setAliasZid(null); + originalIdp.setName("some-new-name"); - final IdentityProvider aliasIdp = shallowCloneIdp(existingIdp); - aliasIdp.setAliasId(idpId); - aliasIdp.setAliasZid(UAA); - aliasIdp.setIdentityZoneId(customZoneId); - aliasIdp.setId(aliasIdpId); - when(identityProviderProvisioning.retrieve(aliasIdpId, customZoneId)).thenReturn(aliasIdp); - - idpAliasHandler.ensureConsistencyOfAliasEntity(originalIdp, existingIdp); - - final IdentityProvider aliasIdpWithEmptyAliasProps = shallowCloneIdp(aliasIdp); - aliasIdpWithEmptyAliasProps.setAliasZid(null); - aliasIdpWithEmptyAliasProps.setAliasId(null); - - // should break reference in alias IdP - verify(identityProviderProvisioning).update(aliasIdpWithEmptyAliasProps, customZoneId); + assertThatIllegalStateException().isThrownBy(() -> + idpAliasHandler.ensureConsistencyOfAliasEntity(originalIdp, existingIdp) + ).withMessage("Performing update on entity with alias while alias feature is disabled."); } } } From cfb506de0ea31a178730bc95a3842650dfc54200 Mon Sep 17 00:00:00 2001 From: Adrian Hoelzl Date: Thu, 28 Mar 2024 16:02:01 +0100 Subject: [PATCH 12/26] Change response status code of IdP delete to 422 if alias feature enabled and IdP has alias --- .../identity/uaa/provider/IdentityProviderEndpoints.java | 2 +- .../providers/IdentityProviderEndpointsAliasMockMvcTests.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpoints.java b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpoints.java index 4eed2f59592..9504e190c4a 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpoints.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpoints.java @@ -188,7 +188,7 @@ public ResponseEntity deleteIdentityProvider(@PathVariable Str // reject deletion if the IdP has an alias, but alias feature is disabled final boolean idpHasAlias = hasText(existing.getAliasZid()) || hasText(existing.getAliasId()); if (idpHasAlias && !aliasEntitiesEnabled) { - return new ResponseEntity<>(BAD_REQUEST); + return new ResponseEntity<>(UNPROCESSABLE_ENTITY); } // delete the IdP diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java index 594833b770f..31477a1077c 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsAliasMockMvcTests.java @@ -1179,7 +1179,7 @@ private void shouldRejectDeletion_WhenAliasIdpExists( // delete IdP in zone 1 -> should be rejected since alias feature is disabled final MvcResult deleteResult = deleteIdpAndReturnResult(zone1, id); - assertThat(deleteResult.getResponse().getStatus()).isEqualTo(HttpStatus.BAD_REQUEST.value()); + assertThat(deleteResult.getResponse().getStatus()).isEqualTo(HttpStatus.UNPROCESSABLE_ENTITY.value()); } } From ce599b82e39103317fb3f0d6f3bebe70594b5ccc Mon Sep 17 00:00:00 2001 From: Adrian Hoelzl Date: Thu, 28 Mar 2024 16:02:25 +0100 Subject: [PATCH 13/26] Update endpoint docs --- .../source/index.html.md.erb | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/uaa/slateCustomizations/source/index.html.md.erb b/uaa/slateCustomizations/source/index.html.md.erb index 00c624b9bc1..56f2ba83e03 100644 --- a/uaa/slateCustomizations/source/index.html.md.erb +++ b/uaa/slateCustomizations/source/index.html.md.erb @@ -1173,10 +1173,11 @@ _Request and Response Fields_ _Error Codes_ -| Error Code | Description | -|------------|-----------------------------------------------------------------------| -| 403 | Forbidden - Insufficient scope | -| 422 | Unprocessable Entity - Invalid config | +| Error Code | Description | +|------------|--------------------------------------------------------------------------------------| +| 403 | Forbidden - Insufficient scope | +| 422 | Unprocessable Entity - Invalid config | +| 422 | Unprocessable Entity - updating IdP with alias while `aliasEntitiesEnabled` is false | ## Delete @@ -1202,10 +1203,11 @@ _Response Fields_ _Error Codes_ -| Error Code | Description | -|------------|-----------------------------------------------------------------------| -| 403 | Forbidden - Insufficient scope | -| 422 | Unprocessable Entity | +| Error Code | Description | +|------------|--------------------------------------------------------------------------------------| +| 403 | Forbidden - Insufficient scope | +| 422 | Unprocessable Entity | +| 422 | Unprocessable Entity - deleting IdP with alias while `aliasEntitiesEnabled` is false | ## Force password change for Users <%= render('IdentityProviderEndpointDocs/patchIdentityProviderStatus/curl-request.md') %> From 9b1ee68a98a9baf70d34f15314c72c5414bce1d2 Mon Sep 17 00:00:00 2001 From: Adrian Hoelzl Date: Wed, 3 Apr 2024 16:59:54 +0200 Subject: [PATCH 14/26] Fix unit test --- .../identity/uaa/provider/IdentityProviderEndpointsTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpointsTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpointsTest.java index 7bf03cad3e4..776067616e7 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpointsTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpointsTest.java @@ -685,7 +685,7 @@ void testDeleteIdpWithAlias_AliasFeatureDisabled() { ); // deletion should be rejected - assertThat(response.getStatusCode()).isEqualTo(HttpStatus.BAD_REQUEST); + assertThat(response.getStatusCode()).isEqualTo(HttpStatus.UNPROCESSABLE_ENTITY); } private Pair, IdentityProvider> arrangeIdpWithAliasExists(final String zone1Id, final String zone2Id) { From e73ac2ce934a31470aafa7dcf41d156c261092e5 Mon Sep 17 00:00:00 2001 From: Adrian Hoelzl Date: Wed, 3 Apr 2024 17:01:03 +0200 Subject: [PATCH 15/26] Use only aliasZid field to check if an alias is present in IdP deletion endpoint --- .../identity/uaa/provider/IdentityProviderEndpoints.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpoints.java b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpoints.java index 9504e190c4a..77d42fb8ab0 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpoints.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpoints.java @@ -186,7 +186,7 @@ public ResponseEntity deleteIdentityProvider(@PathVariable Str } // reject deletion if the IdP has an alias, but alias feature is disabled - final boolean idpHasAlias = hasText(existing.getAliasZid()) || hasText(existing.getAliasId()); + final boolean idpHasAlias = hasText(existing.getAliasZid()); if (idpHasAlias && !aliasEntitiesEnabled) { return new ResponseEntity<>(UNPROCESSABLE_ENTITY); } From ead4176d695317dcf0fc804d89aa4ec29a83ca8f Mon Sep 17 00:00:00 2001 From: Adrian Hoelzl Date: Fri, 5 Apr 2024 10:19:29 +0200 Subject: [PATCH 16/26] Add javadoc sections about IllegalStateExceptions being thrown in EntityAliasHandler.ensureConsistencyOfAliasEntity --- .../cloudfoundry/identity/uaa/alias/EntityAliasHandler.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/alias/EntityAliasHandler.java b/server/src/main/java/org/cloudfoundry/identity/uaa/alias/EntityAliasHandler.java index 6aef8b3884b..f1ab92ff0f0 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/alias/EntityAliasHandler.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/alias/EntityAliasHandler.java @@ -115,6 +115,10 @@ public final boolean aliasPropertiesAreValid( * 'aliasZid' does not exist * @throws EntityAliasFailedException if 'aliasId' and 'aliasZid' are set in the original entity, but the * referenced alias entity could not be found + * @throws IllegalStateException if {@code existingEntity} has an alias and 'aliasEntitiesEnabled' is set to + * {@code false} + * @throws IllegalStateException if a new alias is about to be created, i.e., {@code originalEntity} has a + * non-empty 'aliasZid', and 'aliasEntitiesEnabled' is set to {@code false} */ public final T ensureConsistencyOfAliasEntity( @NonNull final T originalEntity, From eca31fd06adad8fc8ccb55b5e37ca6a6cb9622de Mon Sep 17 00:00:00 2001 From: Adrian Hoelzl Date: Fri, 5 Apr 2024 10:23:41 +0200 Subject: [PATCH 17/26] Merge documentation for 422 error codes of IdP endpoints --- .../source/index.html.md.erb | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/uaa/slateCustomizations/source/index.html.md.erb b/uaa/slateCustomizations/source/index.html.md.erb index 56f2ba83e03..490ae2f633f 100644 --- a/uaa/slateCustomizations/source/index.html.md.erb +++ b/uaa/slateCustomizations/source/index.html.md.erb @@ -1173,11 +1173,10 @@ _Request and Response Fields_ _Error Codes_ -| Error Code | Description | -|------------|--------------------------------------------------------------------------------------| -| 403 | Forbidden - Insufficient scope | -| 422 | Unprocessable Entity - Invalid config | -| 422 | Unprocessable Entity - updating IdP with alias while `aliasEntitiesEnabled` is false | +| Error Code | Description | +|------------|--------------------------------------------------------------------------------------------------------| +| 403 | Forbidden - Insufficient scope | +| 422 | Unprocessable Entity - Invalid config or updating IdP with alias while `aliasEntitiesEnabled` is false | ## Delete @@ -1203,11 +1202,10 @@ _Response Fields_ _Error Codes_ -| Error Code | Description | -|------------|--------------------------------------------------------------------------------------| -| 403 | Forbidden - Insufficient scope | -| 422 | Unprocessable Entity | -| 422 | Unprocessable Entity - deleting IdP with alias while `aliasEntitiesEnabled` is false | +| Error Code | Description | +|------------|--------------------------------------------------------------------------------------------| +| 403 | Forbidden - Insufficient scope | +| 422 | Unprocessable Entity (e.g., deleting IdP with alias while `aliasEntitiesEnabled` is false) | ## Force password change for Users <%= render('IdentityProviderEndpointDocs/patchIdentityProviderStatus/curl-request.md') %> From 34fc7a3d17177d168cb3183b2c391adb73570f59 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 9 Apr 2024 14:27:09 +0200 Subject: [PATCH 18/26] build(deps): bump commons-io:commons-io from 2.16.0 to 2.16.1 (#2819) Bumps commons-io:commons-io from 2.16.0 to 2.16.1. --- updated-dependencies: - dependency-name: commons-io:commons-io dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- dependencies.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependencies.gradle b/dependencies.gradle index c9d1599fae3..30ab832f33e 100644 --- a/dependencies.gradle +++ b/dependencies.gradle @@ -48,7 +48,7 @@ libraries.bouncyCastlePkix = "org.bouncycastle:bcpkix-fips:1.0.7" libraries.bouncyCastleProv = "org.bouncycastle:bc-fips:${versions.bouncyCastleVersion}" libraries.braveInstrumentationSpringWebmvc = "io.zipkin.brave:brave-instrumentation-spring-webmvc:${versions.braveVersion}" libraries.braveContextSlf4j = "io.zipkin.brave:brave-context-slf4j:${versions.braveVersion}" -libraries.commonsIo = "commons-io:commons-io:2.16.0" +libraries.commonsIo = "commons-io:commons-io:2.16.1" libraries.dumbster = "dumbster:dumbster:1.6" libraries.eclipseJgit = "org.eclipse.jgit:org.eclipse.jgit:6.9.0.202403050737-r" libraries.flywayCore = "org.flywaydb:flyway-core" From a295d297162f0e3b77b594caa316b144e2d73422 Mon Sep 17 00:00:00 2001 From: Markus Strehle <11627201+strehle@users.noreply.github.com> Date: Thu, 11 Apr 2024 06:56:23 +0200 Subject: [PATCH 19/26] Sonar fix (#2816) Found with https://github.com/cloudfoundry/uaa/pull/2813 Prefix it --- .../uaa/oauth/TokenRevocationEndpoint.java | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/TokenRevocationEndpoint.java b/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/TokenRevocationEndpoint.java index 5501691c7cd..36e01beef45 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/TokenRevocationEndpoint.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/TokenRevocationEndpoint.java @@ -2,6 +2,7 @@ import org.cloudfoundry.identity.uaa.audit.event.SystemDeletable; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; +import org.cloudfoundry.identity.uaa.logging.SanitizedLogFactory; import org.cloudfoundry.identity.uaa.oauth.client.ClientConstants; import org.cloudfoundry.identity.uaa.oauth.event.TokenRevocationEvent; import org.cloudfoundry.identity.uaa.oauth.token.RevocableToken; @@ -11,8 +12,6 @@ import org.cloudfoundry.identity.uaa.scim.exception.ScimResourceNotFoundException; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.cloudfoundry.identity.uaa.zone.MultitenantJdbcClientDetailsService; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.context.ApplicationEventPublisher; import org.springframework.context.ApplicationEventPublisherAware; @@ -29,26 +28,26 @@ import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator; import org.springframework.security.oauth2.provider.expression.OAuth2ExpressionUtils; import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.ExceptionHandler; +import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestMapping; import java.util.List; import static org.springframework.http.HttpStatus.OK; -import static org.springframework.web.bind.annotation.RequestMethod.DELETE; -import static org.springframework.web.bind.annotation.RequestMethod.GET; @Controller public class TokenRevocationEndpoint implements ApplicationEventPublisherAware { - protected final Logger logger = LoggerFactory.getLogger(getClass()); + protected final SanitizedLogFactory.SanitizedLog logger = SanitizedLogFactory.getLog(getClass()); private final MultitenantJdbcClientDetailsService clientDetailsService; private final ScimUserProvisioning userProvisioning; private final RevocableTokenProvisioning tokenProvisioning; - private final WebResponseExceptionTranslator exceptionTranslator; + private final WebResponseExceptionTranslator exceptionTranslator; private final RandomValueStringGenerator generator; private ApplicationEventPublisher eventPublisher; @@ -103,7 +102,7 @@ public ResponseEntity revokeTokensForClient(@PathVariable String clientId) return new ResponseEntity<>(OK); } - @RequestMapping(value = "/oauth/token/revoke/{tokenId}", method = DELETE) + @DeleteMapping(value = "/oauth/token/revoke/{tokenId}") public ResponseEntity revokeTokenById(@PathVariable String tokenId) { logger.debug("Revoking token with ID:" + tokenId); String zoneId = IdentityZoneHolder.get().getId(); @@ -113,7 +112,7 @@ public ResponseEntity revokeTokenById(@PathVariable String tokenId) { return new ResponseEntity<>(OK); } - @RequestMapping(value = "/oauth/token/list", method = GET) + @GetMapping(value = "/oauth/token/list") public ResponseEntity> listUserTokens(OAuth2Authentication authentication) { UaaPrincipal principal = (UaaPrincipal) authentication.getUserAuthentication().getPrincipal(); String userId = principal.getId(); @@ -128,7 +127,7 @@ protected void removeTokenValues(List result) { result.forEach(t -> t.setValue(null)); } - @RequestMapping(value = "/oauth/token/list/user/{userId}", method = GET) + @GetMapping(value = "/oauth/token/list/user/{userId}") public ResponseEntity> listUserTokens(@PathVariable String userId, OAuth2Authentication authentication) { if (OAuth2ExpressionUtils.hasAnyScope(authentication, new String[]{"tokens.list", "uaa.admin"})) { logger.debug("Listing revocable tokens for user:" + userId); @@ -140,7 +139,7 @@ public ResponseEntity> listUserTokens(@PathVariable String } } - @RequestMapping(value = "/oauth/token/list/client/{clientId}", method = GET) + @GetMapping(value = "/oauth/token/list/client/{clientId}") public ResponseEntity> listClientTokens(@PathVariable String clientId, OAuth2Authentication authentication) { if (OAuth2ExpressionUtils.hasAnyScope(authentication, new String[]{"tokens.list", "uaa.admin"})) { logger.debug("Listing revocable tokens for client:" + clientId); From fc3f63c3599b8f8585f0d073b4d934fc68622b75 Mon Sep 17 00:00:00 2001 From: Markus Strehle <11627201+strehle@users.noreply.github.com> Date: Thu, 11 Apr 2024 15:36:05 +0200 Subject: [PATCH 20/26] Move OAuth2 classes BaseClientDetails to UaaClientDetails (#2806) * Move to UaaBaseClientDetails * Cleanup * Cleanup * Test cleanup flaky because of parallel tests * Use string compare instead of regex * Rename main class * Cleanup * Tests moved into model * Tests added, not used methods removed * Tests fix * Test coverage equals * Sonar smells * Sonar smells * Sonar smells * Sonar smells * Added documentation about move of classes --- model/build.gradle | 5 + .../client/InMemoryClientDetailsService.java | 46 +++ .../Jackson2ArrayOrStringDeserializer.java | 47 +++ .../identity/uaa/client/UaaClientDetails.java | 376 ++++++++++++++++++ .../oauth/client/ClientDetailsCreation.java | 4 +- .../client/ClientDetailsModification.java | 8 +- .../ClientAlreadyExistsException.java | 9 + .../provider/ClientRegistrationException.java | 9 + .../uaa/provider/NoSuchClientException.java | 9 + .../identity/uaa/ProxyingBeanInfoMatcher.java | 99 +++++ .../InMemoryClientDetailsServiceTest.java | 58 +++ .../uaa/client/UaaClientDetailsMatcher.java | 19 + .../uaa/client/UaaClientDetailsTest.java | 336 ++++++++++++++++ .../account/EmailAccountCreationService.java | 2 +- .../uaa/account/EmailChangeEmailService.java | 2 +- .../uaa/account/ProfileController.java | 2 +- .../uaa/account/UaaResetPasswordService.java | 2 +- .../uaa/approval/ApprovalService.java | 4 +- .../uaa/approval/ApprovalsAdminEndpoints.java | 6 +- .../WhitelistLogoutHandler.java | 2 +- .../AutologinAuthenticationManager.java | 2 +- .../uaa/client/ClientAdminBootstrap.java | 11 +- .../uaa/client/ClientAdminEndpoints.java | 37 +- .../client/ClientAdminEndpointsValidator.java | 9 +- .../uaa/client/ClientInfoEndpoint.java | 3 +- .../JdbcClientMetadataProvisioning.java | 3 +- .../JdbcQueryableClientDetailsService.java | 3 +- .../identity/uaa/client/UaaClientDetails.java | 74 ---- .../UaaClientDetailsUserDetailsService.java | 2 +- .../event/AbstractClientAdminEvent.java | 4 +- .../invitations/EmailInvitationsService.java | 2 +- .../identity/uaa/login/LoginInfoEndpoint.java | 2 +- .../identity/uaa/oauth/AccessController.java | 6 +- .../uaa/oauth/RemoteTokenServices.java | 4 +- .../uaa/oauth/TokenRevocationEndpoint.java | 6 +- .../uaa/oauth/UaaAuthorizationEndpoint.java | 4 +- .../oauth/UaaAuthorizationRequestManager.java | 6 +- .../identity/uaa/oauth/UaaTokenServices.java | 10 +- .../UserManagedAuthzApprovalHandler.java | 4 +- .../uaa/oauth/openid/IdTokenGranter.java | 4 +- .../uaa/user/UaaUserApprovalHandler.java | 4 +- .../uaa/util/JwtTokenSignedByThisUAA.java | 2 +- .../uaa/zone/IdentityZoneEndpoints.java | 10 +- .../uaa/zone/MultitenantClientServices.java | 7 +- .../MultitenantJdbcClientDetailsService.java | 12 +- .../ZoneEndpointsClientDetailsValidator.java | 4 +- .../account/EmailChangeEmailServiceTest.java | 6 +- .../audit/event/EntityDeletedEventTest.java | 10 +- .../uaa/audit/event/SystemDeletableTest.java | 4 +- .../UaaClientAuthenticationProviderTest.java | 12 +- .../WhitelistLogoutHandlerTest.java | 8 +- .../ZoneAwareWhitelistLogoutHandlerTests.java | 6 +- ...ientAdminBootstrapMultipleSecretsTest.java | 12 +- .../uaa/client/ClientAdminBootstrapTests.java | 17 +- .../uaa/client/ClientAdminEndpointsTests.java | 70 ++-- .../ClientAdminEndpointsValidatorTests.java | 9 +- .../uaa/client/UaaClientDetailsTest.java | 112 ------ .../EmailInvitationsServiceTests.java | 12 +- .../AutologinAuthenticationManagerTest.java | 4 +- .../EmailAccountCreationServiceTests.java | 2 +- .../uaa/login/LoginInfoEndpointTests.java | 87 ++-- .../login/ProfileControllerMockMvcTests.java | 8 +- .../login/UaaResetPasswordServiceTests.java | 10 +- .../uaa/oauth/AccessControllerTests.java | 6 +- .../uaa/oauth/ApprovalServiceTest.java | 6 +- .../uaa/oauth/CheckTokenEndpointTests.java | 22 +- .../uaa/oauth/ClientInfoEndpointTests.java | 4 +- .../DeprecatedUaaTokenServicesTests.java | 24 +- .../uaa/oauth/RefreshRotationTest.java | 12 +- .../RestrictUaaScopesClientValidatorTest.java | 6 +- .../oauth/TokenRevocationEndpointTests.java | 6 +- .../identity/uaa/oauth/TokenTestSupport.java | 16 +- .../uaa/oauth/TokenValidationServiceTest.java | 6 +- ...uthorizationEndpointParamaterizedTest.java | 19 +- .../UaaAuthorizationRequestManagerTests.java | 14 +- .../uaa/oauth/UaaTokenStoreTests.java | 4 +- .../oauth/UaaUserApprovalHandlerTests.java | 6 +- .../UserManagedAuthzApprovalHandlerTests.java | 24 +- ...eEndpointsClientDetailsValidatorTests.java | 16 +- .../ApprovalsAdminEndpointsTests.java | 6 +- .../beans/LegacyRedirectResolverTest.java | 6 +- .../uaa/oauth/beans/RedirectResolverTest.java | 4 +- .../event/ClientAdminEventPublisherTests.java | 23 +- .../uaa/oauth/expression/IsSelfCheckTest.java | 6 +- .../uaa/oauth/openid/IdTokenCreatorTest.java | 6 +- .../uaa/oauth/openid/IdTokenGranterTest.java | 16 +- .../JdbcRevocableTokenProvisioningTest.java | 7 +- .../uaa/oauth/token/JwtTokenGranterTests.java | 4 +- ...ncedAuthorizationCodeTokenGranterTest.java | 13 +- .../oauth/token/Saml2TokenGranterTest.java | 16 +- .../uaa/oauth/token/UserTokenGranterTest.java | 10 +- .../ChangeEmailEndpointsMockMvcTest.java | 4 +- .../DefaultSecurityContextAccessorTests.java | 6 +- .../identity/uaa/test/TestAccountSetup.java | 8 +- .../identity/uaa/test/UaaTestAccounts.java | 6 +- .../identity/uaa/test/ZoneSeeder.java | 8 +- .../identity/uaa/util/DomainFilterTest.java | 6 +- .../uaa/util/JwtTokenSignedByThisUAATest.java | 10 +- .../InMemoryMultitenantClientServices.java | 22 +- ...titenantJdbcClientDetailsServiceTests.java | 93 +++-- .../ClientMetadataAdminEndpointDocs.java | 9 +- ...ientMetadataAdminEndpointsMockMvcTest.java | 15 +- .../ClientAdminEndpointsIntegrationTests.java | 136 +++---- ...IdentityZoneEndpointsIntegrationTests.java | 4 +- .../IntrospectEndpointIntegrationTests.java | 4 +- .../uaa/integration/LdapIntegrationTests.java | 4 +- .../PasswordGrantIntegrationTests.java | 10 +- .../ScimGroupEndpointsIntegrationTests.java | 5 +- .../integration/feature/InvitationsIT.java | 6 +- .../uaa/integration/feature/OIDCLoginIT.java | 10 +- .../integration/feature/ResetPasswordIT.java | 4 +- .../uaa/integration/feature/SamlLoginIT.java | 28 +- .../uaa/integration/feature/TestClient.java | 4 +- .../util/IntegrationTestUtils.java | 35 +- .../InvitationsEndpointMockMvcTests.java | 8 +- .../login/AccountsControllerMockMvcTests.java | 18 +- .../login/InvitationsServiceMockMvcTests.java | 4 +- .../identity/uaa/login/LoginMockMvcTests.java | 38 +- .../identity/uaa/login/TokenEndpointDocs.java | 22 +- .../mock/audit/AuditCheckMockMvcTests.java | 9 +- .../uaa/mock/clients/AdminClientCreator.java | 5 +- .../mock/clients/ClientAdminEndpointDocs.java | 26 +- .../ClientAdminEndpointsMockMvcTests.java | 114 +++--- .../mock/ldap/AbstractLdapMockMvcTest.java | 5 +- .../limited/LimitedModeTokenMockMvcTests.java | 4 +- ...ationPromptNoneEntryPointMockMvcTests.java | 6 +- .../PasswordChangeEndpointMockMvcTests.java | 4 +- .../IdentityProviderEndpointDocs.java | 5 +- ...IdentityProviderEndpointsMockMvcTests.java | 20 +- .../saml/SamlAuthenticationMockMvcTests.java | 6 +- .../saml/SamlKeyRotationMockMvcTests.java | 4 +- .../mock/token/AbstractTokenMockMvcTests.java | 20 +- .../token/JwtBearerGrantMockMvcTests.java | 14 +- .../mock/token/RefreshTokenMockMvcTests.java | 4 +- .../token/TokenKeyEndpointMockMvcTests.java | 12 +- .../uaa/mock/token/TokenMvcMockTests.java | 27 +- .../TokenRevocationEndpointMockMvcTest.java | 34 +- .../uaa/mock/token/UserTokenMockMvcTests.java | 16 +- .../identity/uaa/mock/util/MockMvcUtils.java | 45 +-- .../IdentityZoneEndpointsMockMvcTests.java | 27 +- ...dentityZoneSwitchingFilterMockMvcTest.java | 6 +- .../zones/ZonesWriteScopeMockMvcTest.java | 6 +- .../uaa/oauth/UaaTokenServicesTests.java | 6 +- .../LoginPagePerformanceMockMvcTest.java | 4 +- .../ScimGroupEndpointsMockMvcTests.java | 8 +- .../ScimUserEndpointsMockMvcTests.java | 4 +- 146 files changed, 1871 insertions(+), 1074 deletions(-) create mode 100644 model/src/main/java/org/cloudfoundry/identity/uaa/client/InMemoryClientDetailsService.java create mode 100644 model/src/main/java/org/cloudfoundry/identity/uaa/client/Jackson2ArrayOrStringDeserializer.java create mode 100644 model/src/main/java/org/cloudfoundry/identity/uaa/client/UaaClientDetails.java create mode 100644 model/src/main/java/org/cloudfoundry/identity/uaa/provider/ClientAlreadyExistsException.java create mode 100644 model/src/main/java/org/cloudfoundry/identity/uaa/provider/ClientRegistrationException.java create mode 100644 model/src/main/java/org/cloudfoundry/identity/uaa/provider/NoSuchClientException.java create mode 100644 model/src/test/java/org/cloudfoundry/identity/uaa/ProxyingBeanInfoMatcher.java create mode 100644 model/src/test/java/org/cloudfoundry/identity/uaa/client/InMemoryClientDetailsServiceTest.java create mode 100644 model/src/test/java/org/cloudfoundry/identity/uaa/client/UaaClientDetailsMatcher.java create mode 100644 model/src/test/java/org/cloudfoundry/identity/uaa/client/UaaClientDetailsTest.java delete mode 100644 server/src/main/java/org/cloudfoundry/identity/uaa/client/UaaClientDetails.java delete mode 100644 server/src/test/java/org/cloudfoundry/identity/uaa/client/UaaClientDetailsTest.java diff --git a/model/build.gradle b/model/build.gradle index 8575b79eb39..ad12e892f90 100644 --- a/model/build.gradle +++ b/model/build.gradle @@ -22,6 +22,11 @@ dependencies { implementation(libraries.slf4jApi) + testImplementation(libraries.springBootStarterTest) + testImplementation(libraries.hamcrest) + testImplementation(libraries.junit5JupiterApi) + testImplementation(libraries.junit5JupiterParams) + testImplementation(libraries.junit) testImplementation(libraries.jsonAssert) diff --git a/model/src/main/java/org/cloudfoundry/identity/uaa/client/InMemoryClientDetailsService.java b/model/src/main/java/org/cloudfoundry/identity/uaa/client/InMemoryClientDetailsService.java new file mode 100644 index 00000000000..ee7e39b09e2 --- /dev/null +++ b/model/src/main/java/org/cloudfoundry/identity/uaa/client/InMemoryClientDetailsService.java @@ -0,0 +1,46 @@ +package org.cloudfoundry.identity.uaa.client; + +import org.cloudfoundry.identity.uaa.provider.ClientAlreadyExistsException; +import org.cloudfoundry.identity.uaa.provider.ClientRegistrationException; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; +import org.springframework.security.oauth2.provider.ClientDetails; +import org.springframework.security.oauth2.provider.ClientDetailsService; + +import java.util.HashMap; +import java.util.Map; +import java.util.Optional; + +/** + * Moved class InMemoryClientDetailsService implementation of from spring-security-oauth2 into UAA + * + * The class was taken over from the legacy project with minor refactorings + * based on sonar. + * + * Serves mainly for tests + */ +public class InMemoryClientDetailsService implements ClientDetailsService { + + private Map clientDetailsStore = new HashMap<>(); + + public UaaClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException { + UaaClientDetails details = clientDetailsStore.get(clientId); + if (details == null) { + throw new NoSuchClientException("No client with requested id"); + } + return details; + } + + protected void addClientDetails(ClientDetails clientDetails) throws ClientAlreadyExistsException { + String clientId = Optional.ofNullable(clientDetails).orElseThrow(() -> new ClientRegistrationException("No details")).getClientId(); + UaaClientDetails details = clientDetailsStore.get(clientId); + if (details != null) { + throw new ClientAlreadyExistsException("Client with this id exists aleady"); + } + clientDetailsStore.put(clientId, new UaaClientDetails(clientDetails)); + } + + public void setClientDetailsStore(Map clientDetailsStore) { + this.clientDetailsStore = new HashMap<>(clientDetailsStore); + } + +} \ No newline at end of file diff --git a/model/src/main/java/org/cloudfoundry/identity/uaa/client/Jackson2ArrayOrStringDeserializer.java b/model/src/main/java/org/cloudfoundry/identity/uaa/client/Jackson2ArrayOrStringDeserializer.java new file mode 100644 index 00000000000..fae7792045c --- /dev/null +++ b/model/src/main/java/org/cloudfoundry/identity/uaa/client/Jackson2ArrayOrStringDeserializer.java @@ -0,0 +1,47 @@ +package org.cloudfoundry.identity.uaa.client; + +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.core.JsonToken; +import com.fasterxml.jackson.core.type.TypeReference; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JavaType; +import com.fasterxml.jackson.databind.deser.std.StdDeserializer; +import com.fasterxml.jackson.databind.type.SimpleType; +import org.springframework.util.StringUtils; + +import java.io.IOException; +import java.util.Arrays; +import java.util.LinkedHashSet; +import java.util.Set; + +/** + * Moved class Jackson2ArrayOrStringDeserializer implementation of from spring-security-oauth2 into UAA + * + * The class was taken over from the legacy project with minor refactorings + * based on sonar. + * + */ +@SuppressWarnings("serial") +public class Jackson2ArrayOrStringDeserializer extends StdDeserializer> { + + public Jackson2ArrayOrStringDeserializer() { + super(Set.class); + } + + @Override + public JavaType getValueType() { + return SimpleType.construct(String.class); + } + + @Override + public Set deserialize(JsonParser jp, DeserializationContext ctxt) throws IOException { + JsonToken token = jp.getCurrentToken(); + if (token.isScalarValue()) { + String list = jp.getText(); + list = list.replaceAll("\\s+", ","); + return new LinkedHashSet<>(Arrays.asList(StringUtils.commaDelimitedListToStringArray(list))); + } + return jp.readValueAs(new TypeReference>() { + }); + } +} \ No newline at end of file diff --git a/model/src/main/java/org/cloudfoundry/identity/uaa/client/UaaClientDetails.java b/model/src/main/java/org/cloudfoundry/identity/uaa/client/UaaClientDetails.java new file mode 100644 index 00000000000..dd5737c38e6 --- /dev/null +++ b/model/src/main/java/org/cloudfoundry/identity/uaa/client/UaaClientDetails.java @@ -0,0 +1,376 @@ +package org.cloudfoundry.identity.uaa.client; + +import com.fasterxml.jackson.annotation.JsonAnyGetter; +import com.fasterxml.jackson.annotation.JsonAnySetter; +import com.fasterxml.jackson.annotation.JsonIgnore; +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.SpringSecurityCoreVersion; +import org.springframework.security.core.authority.AuthorityUtils; +import org.springframework.security.oauth2.provider.ClientDetails; +import org.springframework.util.StringUtils; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.HashSet; +import java.util.LinkedHashMap; +import java.util.LinkedHashSet; +import java.util.List; +import java.util.Map; +import java.util.Objects; +import java.util.Set; +import java.util.stream.Collectors; + +/** + * Moved class BaseClient implementation of from spring-security-oauth2 into UAA + * + * {@link org.springframework.security.oauth2.provider.client.BaseClientDetails}. + * + * The class was taken over from the legacy project with minor refactorings + * based on sonar. + * + * Extended this class with fields + * - client_jwt_config (supporting private_key_jwt) + */ +@JsonInclude(JsonInclude.Include.NON_DEFAULT) +@JsonIgnoreProperties(ignoreUnknown = true) +public class UaaClientDetails implements ClientDetails { + + private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID; + + @JsonProperty("client_id") + private String clientId; + + @JsonProperty("client_secret") + private String clientSecret; + + @JsonDeserialize(using = Jackson2ArrayOrStringDeserializer.class) + private Set scope = Collections.emptySet(); + + @JsonProperty("resource_ids") + @JsonDeserialize(using = Jackson2ArrayOrStringDeserializer.class) + private Set resourceIds = Collections.emptySet(); + + @JsonProperty("authorized_grant_types") + @JsonDeserialize(using = Jackson2ArrayOrStringDeserializer.class) + private Set authorizedGrantTypes = Collections.emptySet(); + + @JsonProperty("redirect_uri") + @JsonDeserialize(using = Jackson2ArrayOrStringDeserializer.class) + private Set registeredRedirectUris; + + @JsonProperty("autoapprove") + @JsonDeserialize(using = Jackson2ArrayOrStringDeserializer.class) + private Set autoApproveScopes; + + private List authorities = Collections.emptyList(); + + @JsonProperty("access_token_validity") + private Integer accessTokenValiditySeconds; + + @JsonProperty("refresh_token_validity") + private Integer refreshTokenValiditySeconds; + + @com.fasterxml.jackson.annotation.JsonIgnore + private transient Map additionalInformation = new LinkedHashMap<>(); + + @JsonProperty("client_jwt_config") + private String clientJwtConfig; + + public UaaClientDetails() { + } + + public UaaClientDetails(ClientDetails prototype) { + this(); + this.setAccessTokenValiditySeconds(prototype.getAccessTokenValiditySeconds()); + this.setRefreshTokenValiditySeconds(prototype.getRefreshTokenValiditySeconds()); + this.setAuthorities(prototype.getAuthorities()); + this.setAuthorizedGrantTypes(prototype.getAuthorizedGrantTypes()); + this.setClientId(prototype.getClientId()); + this.setClientSecret(prototype.getClientSecret()); + this.setRegisteredRedirectUri(prototype.getRegisteredRedirectUri()); + this.setScope(prototype.getScope()); + this.setResourceIds(prototype.getResourceIds()); + this.setAdditionalInformation(prototype.getAdditionalInformation()); + } + + public UaaClientDetails(String clientId, String resourceIds, + String scopes, String grantTypes, String authorities, String redirectUris) { + this.clientId = clientId; + + if (StringUtils.hasText(resourceIds)) { + Set resources = StringUtils + .commaDelimitedListToSet(resourceIds); + if (!resources.isEmpty()) { + this.resourceIds = resources; + } + } + + if (StringUtils.hasText(scopes)) { + Set scopeList = StringUtils.commaDelimitedListToSet(scopes); + if (!scopeList.isEmpty()) { + this.scope = scopeList; + } + } + + if (StringUtils.hasText(grantTypes)) { + this.authorizedGrantTypes = StringUtils + .commaDelimitedListToSet(grantTypes); + } else { + this.authorizedGrantTypes = new HashSet<>(Arrays.asList( + "authorization_code", "refresh_token")); + } + + if (StringUtils.hasText(authorities)) { + this.authorities = AuthorityUtils + .commaSeparatedStringToAuthorityList(authorities); + } + + if (StringUtils.hasText(redirectUris)) { + this.registeredRedirectUris = StringUtils + .commaDelimitedListToSet(redirectUris); + } + } + + public UaaClientDetails(String clientId, String resourceIds, + String scopes, String grantTypes, String authorities) { + this(clientId, resourceIds, scopes, grantTypes, authorities, null); + } + + @JsonIgnore + public String getClientId() { + return clientId; + } + + public void setClientId(String clientId) { + this.clientId = clientId; + } + + public void setAutoApproveScopes(Collection autoApproveScopes) { + this.autoApproveScopes = new HashSet<>(autoApproveScopes); + } + + @Override + public boolean isAutoApprove(String scope) { + if (autoApproveScopes == null) { + return false; + } + for (String auto : autoApproveScopes) { + if (auto.equals("true") || auto.equals(scope)) { + return true; + } + } + return false; + } + + @JsonIgnore + public Set getAutoApproveScopes() { + return autoApproveScopes; + } + + @JsonIgnore + public boolean isSecretRequired() { + return this.clientSecret != null; + } + + @JsonIgnore + public String getClientSecret() { + return clientSecret; + } + + public void setClientSecret(String clientSecret) { + this.clientSecret = clientSecret; + } + + @JsonIgnore + public boolean isScoped() { + return this.scope != null && !this.scope.isEmpty(); + } + + public Set getScope() { + return scope; + } + + public void setScope(Collection scope) { + this.scope = scope == null ? Collections.emptySet() : scope.stream() + .flatMap(s -> Arrays.stream(s.split(","))) + .collect(Collectors.toSet()); + } + + @JsonIgnore + public Set getResourceIds() { + return resourceIds; + } + + public void setResourceIds(Collection resourceIds) { + this.resourceIds = resourceIds == null ? Collections.emptySet() : new LinkedHashSet<>(resourceIds); + } + + @JsonIgnore + public Set getAuthorizedGrantTypes() { + return authorizedGrantTypes; + } + + public void setAuthorizedGrantTypes(Collection authorizedGrantTypes) { + this.authorizedGrantTypes = new LinkedHashSet<>(authorizedGrantTypes); + } + + @JsonIgnore + public Set getRegisteredRedirectUri() { + return registeredRedirectUris; + } + + public void setRegisteredRedirectUri(Set registeredRedirectUris) { + this.registeredRedirectUris = registeredRedirectUris == null ? null + : new LinkedHashSet<>(registeredRedirectUris); + } + + @JsonProperty("authorities") + private List getAuthoritiesAsStrings() { + return new ArrayList<>(AuthorityUtils.authorityListToSet(authorities)); + } + + @JsonProperty("authorities") + @JsonDeserialize(using = Jackson2ArrayOrStringDeserializer.class) + private void setAuthoritiesAsStrings(Set values) { + setAuthorities(AuthorityUtils.createAuthorityList(values + .toArray(new String[values.size()]))); + } + + @JsonIgnore + public Collection getAuthorities() { + return authorities; + } + + @JsonIgnore + public void setAuthorities( + Collection authorities) { + this.authorities = new ArrayList<>(authorities); + } + + @JsonIgnore + public Integer getAccessTokenValiditySeconds() { + return accessTokenValiditySeconds; + } + + public void setAccessTokenValiditySeconds(Integer accessTokenValiditySeconds) { + this.accessTokenValiditySeconds = accessTokenValiditySeconds; + } + + @JsonIgnore + public Integer getRefreshTokenValiditySeconds() { + return refreshTokenValiditySeconds; + } + + public void setRefreshTokenValiditySeconds( + Integer refreshTokenValiditySeconds) { + this.refreshTokenValiditySeconds = refreshTokenValiditySeconds; + } + + public void setAdditionalInformation(Map additionalInformation) { + this.additionalInformation = new LinkedHashMap<>( + additionalInformation); + } + + @JsonAnyGetter + public Map getAdditionalInformation() { + return Collections.unmodifiableMap(this.additionalInformation); + } + + @JsonAnySetter + public void addAdditionalInformation(String key, Object value) { + this.additionalInformation.put(key, value); + } + + public String getClientJwtConfig() { + return clientJwtConfig; + } + + public void setClientJwtConfig(String clientJwtConfig) { + this.clientJwtConfig = clientJwtConfig; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) { + return true; + } + if (obj == null) { + return false; + } + if (getClass() != obj.getClass()) { + return false; + } + UaaClientDetails other = (UaaClientDetails) obj; + if (!Objects.equals(accessTokenValiditySeconds, other.accessTokenValiditySeconds)) { + return false; + } + if (!Objects.equals(refreshTokenValiditySeconds, other.refreshTokenValiditySeconds)) { + return false; + } + if (!Objects.equals(authorities, other.authorities)) { + return false; + } + if (!Objects.equals(authorizedGrantTypes, other.authorizedGrantTypes)) { + return false; + } + if (!Objects.equals(clientId, other.clientId)) { + return false; + } + if (!Objects.equals(clientSecret, other.clientSecret)) { + return false; + } + if (!Objects.equals(registeredRedirectUris, other.registeredRedirectUris)) { + return false; + } + if (!Objects.equals(resourceIds, other.resourceIds)) { + return false; + } + if (!Objects.equals(scope, other.scope)) { + return false; + } + if (!Objects.equals(additionalInformation, other.additionalInformation)) { + return false; + } + return Objects.equals(clientJwtConfig, other.clientJwtConfig); + } + + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime + * result + + ((accessTokenValiditySeconds == null) ? 0 + : accessTokenValiditySeconds); + result = prime + * result + + ((refreshTokenValiditySeconds == null) ? 0 + : refreshTokenValiditySeconds); + result = prime * result + + ((authorities == null) ? 0 : authorities.hashCode()); + result = prime + * result + + ((authorizedGrantTypes == null) ? 0 : authorizedGrantTypes + .hashCode()); + result = prime * result + + ((clientId == null) ? 0 : clientId.hashCode()); + result = prime * result + + ((clientSecret == null) ? 0 : clientSecret.hashCode()); + result = prime + * result + + ((registeredRedirectUris == null) ? 0 + : registeredRedirectUris.hashCode()); + result = prime * result + + ((resourceIds == null) ? 0 : resourceIds.hashCode()); + result = prime * result + ((scope == null) ? 0 : scope.hashCode()); + result = prime * result + ((additionalInformation == null) ? 0 : additionalInformation.hashCode()); + result = prime * result + (clientJwtConfig == null ? 0 : clientJwtConfig.hashCode()); + return result; + } +} diff --git a/model/src/main/java/org/cloudfoundry/identity/uaa/oauth/client/ClientDetailsCreation.java b/model/src/main/java/org/cloudfoundry/identity/uaa/oauth/client/ClientDetailsCreation.java index b8f213744f1..6c46f30dba7 100644 --- a/model/src/main/java/org/cloudfoundry/identity/uaa/oauth/client/ClientDetailsCreation.java +++ b/model/src/main/java/org/cloudfoundry/identity/uaa/oauth/client/ClientDetailsCreation.java @@ -4,11 +4,11 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonProperty; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; @JsonInclude(JsonInclude.Include.NON_NULL) @JsonIgnoreProperties(ignoreUnknown = true) -public class ClientDetailsCreation extends BaseClientDetails { +public class ClientDetailsCreation extends UaaClientDetails { @JsonProperty("secondary_client_secret") private String secondaryClientSecret; diff --git a/model/src/main/java/org/cloudfoundry/identity/uaa/oauth/client/ClientDetailsModification.java b/model/src/main/java/org/cloudfoundry/identity/uaa/oauth/client/ClientDetailsModification.java index 8e3e5dcb95d..e49bf022854 100644 --- a/model/src/main/java/org/cloudfoundry/identity/uaa/oauth/client/ClientDetailsModification.java +++ b/model/src/main/java/org/cloudfoundry/identity/uaa/oauth/client/ClientDetailsModification.java @@ -5,12 +5,12 @@ import com.fasterxml.jackson.annotation.JsonIgnoreProperties; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.annotation.JsonSetter; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; @JsonInclude(JsonInclude.Include.NON_NULL) @JsonIgnoreProperties(ignoreUnknown = true) -public class ClientDetailsModification extends BaseClientDetails { +public class ClientDetailsModification extends UaaClientDetails { public static final String ADD = "add"; public static final String UPDATE = "update"; @@ -27,8 +27,8 @@ public ClientDetailsModification() { public ClientDetailsModification(ClientDetails prototype) { super(prototype); - if (prototype instanceof BaseClientDetails) { - BaseClientDetails baseClientDetails = (BaseClientDetails)prototype; + if (prototype instanceof UaaClientDetails) { + UaaClientDetails baseClientDetails = (UaaClientDetails)prototype; this.setAdditionalInformation(baseClientDetails.getAdditionalInformation()); if (baseClientDetails.getAutoApproveScopes()!=null) { this.setAutoApproveScopes(baseClientDetails.getAutoApproveScopes()); diff --git a/model/src/main/java/org/cloudfoundry/identity/uaa/provider/ClientAlreadyExistsException.java b/model/src/main/java/org/cloudfoundry/identity/uaa/provider/ClientAlreadyExistsException.java new file mode 100644 index 00000000000..02330fe99c8 --- /dev/null +++ b/model/src/main/java/org/cloudfoundry/identity/uaa/provider/ClientAlreadyExistsException.java @@ -0,0 +1,9 @@ +package org.cloudfoundry.identity.uaa.provider; + +public class ClientAlreadyExistsException extends ClientRegistrationException { + + public ClientAlreadyExistsException(String msg) { + super(msg); + } + +} diff --git a/model/src/main/java/org/cloudfoundry/identity/uaa/provider/ClientRegistrationException.java b/model/src/main/java/org/cloudfoundry/identity/uaa/provider/ClientRegistrationException.java new file mode 100644 index 00000000000..cf3200e9865 --- /dev/null +++ b/model/src/main/java/org/cloudfoundry/identity/uaa/provider/ClientRegistrationException.java @@ -0,0 +1,9 @@ +package org.cloudfoundry.identity.uaa.provider; + +public class ClientRegistrationException extends RuntimeException { + + public ClientRegistrationException(String msg) { + super(msg); + } + +} diff --git a/model/src/main/java/org/cloudfoundry/identity/uaa/provider/NoSuchClientException.java b/model/src/main/java/org/cloudfoundry/identity/uaa/provider/NoSuchClientException.java new file mode 100644 index 00000000000..632c643d97f --- /dev/null +++ b/model/src/main/java/org/cloudfoundry/identity/uaa/provider/NoSuchClientException.java @@ -0,0 +1,9 @@ +package org.cloudfoundry.identity.uaa.provider; + +public class NoSuchClientException extends ClientRegistrationException { + + public NoSuchClientException(String msg) { + super(msg); + } + +} diff --git a/model/src/test/java/org/cloudfoundry/identity/uaa/ProxyingBeanInfoMatcher.java b/model/src/test/java/org/cloudfoundry/identity/uaa/ProxyingBeanInfoMatcher.java new file mode 100644 index 00000000000..7b2b819a679 --- /dev/null +++ b/model/src/test/java/org/cloudfoundry/identity/uaa/ProxyingBeanInfoMatcher.java @@ -0,0 +1,99 @@ +package org.cloudfoundry.identity.uaa; + +import org.hamcrest.Description; +import org.hamcrest.Matcher; +import org.hamcrest.Matchers; +import org.hamcrest.TypeSafeDiagnosingMatcher; + +import java.beans.BeanInfo; +import java.beans.Introspector; +import java.beans.PropertyDescriptor; +import java.lang.reflect.InvocationHandler; +import java.lang.reflect.Method; +import java.lang.reflect.Proxy; +import java.util.HashMap; +import java.util.Map; +import java.util.stream.Collectors; +import java.util.stream.Stream; + +public class ProxyingBeanInfoMatcher + extends TypeSafeDiagnosingMatcher + implements InvocationHandler +{ + @SuppressWarnings("unchecked") + public static > T proxying(Class proxyClass) { + return (T) Proxy.newProxyInstance( + proxyClass.getClassLoader(), + new Class[] { proxyClass }, + new ProxyingBeanInfoMatcher<>()); + } + + private final Map> propertyMatchers = new HashMap<>(); + + @Override + public Object invoke(Object proxy, Method method, Object[] args) throws Throwable { + if (method.getDeclaringClass().isAssignableFrom(this.getClass())) { + return method.invoke(this, args); + } + + propertyMatchers.put(getPropertyName(method.getName()), getMatcher(args[0])); + return proxy; + } + + @Override + protected boolean matchesSafely(S item, Description description) { + BeanInfo info = unchecked(() -> Introspector.getBeanInfo(item.getClass())); + Map propertyMap = Stream.of(info.getPropertyDescriptors()).collect(Collectors.toMap(PropertyDescriptor::getName, PropertyDescriptor::getReadMethod)); + + boolean matched = true; + for (Map.Entry> propertyMatcher : propertyMatchers.entrySet()) { + Method getter = propertyMap.get(propertyMatcher.getKey()); + if (getter == null) { + matched = false; + description.appendText("\n").appendText(propertyMatcher.getKey()).appendText(": not found in ").appendValue(item.getClass()); + continue; + } + + Object propertyValue = unchecked(() -> getter.invoke(item)); + if (!propertyMatcher.getValue().matches(propertyValue)) { + matched = false; + propertyMatcher.getValue().describeMismatch( + propertyValue, + description.appendText("\n").appendText(propertyMatcher.getKey()).appendText(": ")); + } + } + + return matched; + } + + @Override + public void describeTo(Description description) { + propertyMatchers.forEach((key, value) -> description.appendText("\n").appendText(key).appendText(": ").appendDescriptionOf(value)); + } + + private String getPropertyName(String methodName) { + return methodName.substring(4, 5).toLowerCase() + methodName.substring(5); + } + + private Matcher getMatcher(Object arg) { + if (arg instanceof Matcher) { + return (Matcher) arg; + } + + return Matchers.equalTo(arg); + } + + private static T unchecked(UncheckedSupplier f) throws RuntimeException { + try { + return f.get(); + } catch (Throwable e) { + throw new RuntimeException(e); + } + } + + @FunctionalInterface + private interface UncheckedSupplier + { + T get() throws Throwable; + } +} diff --git a/model/src/test/java/org/cloudfoundry/identity/uaa/client/InMemoryClientDetailsServiceTest.java b/model/src/test/java/org/cloudfoundry/identity/uaa/client/InMemoryClientDetailsServiceTest.java new file mode 100644 index 00000000000..3f1f643e4a0 --- /dev/null +++ b/model/src/test/java/org/cloudfoundry/identity/uaa/client/InMemoryClientDetailsServiceTest.java @@ -0,0 +1,58 @@ +package org.cloudfoundry.identity.uaa.client; + +import org.cloudfoundry.identity.uaa.provider.ClientAlreadyExistsException; +import org.cloudfoundry.identity.uaa.provider.ClientRegistrationException; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; + +import java.util.Map; + +import static org.junit.jupiter.api.Assertions.*; + +/** + * Test for InMemoryClientDetailsService + */ +class InMemoryClientDetailsServiceTest { + + private final InMemoryClientDetailsService inMemoryClientDetailsService = new InMemoryClientDetailsService(); + @BeforeEach + void setUp() { + UaaClientDetails uaaClientDetails = new UaaClientDetails("admin", "uaa", "uaa.none", + "client_credentials", "none", "http://localhost:8080/uaa"); + inMemoryClientDetailsService.setClientDetailsStore(Map.of("admin", uaaClientDetails)); + } + + @Test + void loadClientByClientId() { + UaaClientDetails uaaClientDetails = inMemoryClientDetailsService.loadClientByClientId("admin"); + assertEquals("admin", uaaClientDetails.getClientId()); + assertEquals("uaa", uaaClientDetails.getResourceIds().iterator().next()); + assertEquals("client_credentials", uaaClientDetails.getAuthorizedGrantTypes().iterator().next()); + assertEquals("none", uaaClientDetails.getAuthorities().iterator().next().getAuthority()); + assertEquals("http://localhost:8080/uaa", uaaClientDetails.getRegisteredRedirectUri().iterator().next()); + assertEquals("uaa.none", uaaClientDetails.getScope().iterator().next()); + } + + @Test + void addClientDetails() { + inMemoryClientDetailsService.addClientDetails(new UaaClientDetails("user", null, null, null, null)); + UaaClientDetails uaaClientDetails = inMemoryClientDetailsService.loadClientByClientId("user"); + assertEquals("user", uaaClientDetails.getClientId()); + } + + @Test + void addClientDetailsNull() { + assertThrows(ClientRegistrationException.class, () -> inMemoryClientDetailsService.addClientDetails(null)); + } + + @Test + void addClientDetailsButExistsAlready() { + assertThrows(ClientAlreadyExistsException.class, () -> inMemoryClientDetailsService.addClientDetails(new UaaClientDetails("admin", null, null, null, null))); + } + + @Test + void addClientDetailsButDoesNotExist() { + assertThrows(NoSuchClientException.class, () -> inMemoryClientDetailsService.loadClientByClientId(("user"))); + } +} \ No newline at end of file diff --git a/model/src/test/java/org/cloudfoundry/identity/uaa/client/UaaClientDetailsMatcher.java b/model/src/test/java/org/cloudfoundry/identity/uaa/client/UaaClientDetailsMatcher.java new file mode 100644 index 00000000000..54a6b6c4e1b --- /dev/null +++ b/model/src/test/java/org/cloudfoundry/identity/uaa/client/UaaClientDetailsMatcher.java @@ -0,0 +1,19 @@ +package org.cloudfoundry.identity.uaa.client; + +import org.cloudfoundry.identity.uaa.ProxyingBeanInfoMatcher; +import org.hamcrest.Matcher; + +/** + * Matcher for UaaClientDetails, Test framework + */ +public interface UaaClientDetailsMatcher extends Matcher { + static UaaClientDetailsMatcher aUaaClientDetails() { + return ProxyingBeanInfoMatcher.proxying(UaaClientDetailsMatcher.class); + } + + UaaClientDetailsMatcher withClientId(String expected); + UaaClientDetailsMatcher withClientSecret(String expected); + UaaClientDetailsMatcher withScope(Matcher> expected); + UaaClientDetailsMatcher withResourceIds(Matcher> expected); + UaaClientDetailsMatcher withAdditionalInformation(Matcher expected); +} \ No newline at end of file diff --git a/model/src/test/java/org/cloudfoundry/identity/uaa/client/UaaClientDetailsTest.java b/model/src/test/java/org/cloudfoundry/identity/uaa/client/UaaClientDetailsTest.java new file mode 100644 index 00000000000..2732d98aa5b --- /dev/null +++ b/model/src/test/java/org/cloudfoundry/identity/uaa/client/UaaClientDetailsTest.java @@ -0,0 +1,336 @@ +package org.cloudfoundry.identity.uaa.client; + +import com.fasterxml.jackson.databind.ObjectMapper; +import org.hamcrest.CoreMatchers; +import org.hamcrest.MatcherAssert; +import org.hamcrest.Matchers; +import org.hamcrest.collection.IsIterableContainingInOrder; +import org.hamcrest.collection.IsMapContaining; +import org.hamcrest.collection.IsMapWithSize; +import org.junit.Assert; +import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Nested; +import org.junit.jupiter.api.Test; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.AuthorityUtils; +import org.springframework.util.StringUtils; + +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.TreeSet; +import java.util.stream.Collectors; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.junit.jupiter.api.Assertions.assertNotEquals; + +class UaaClientDetailsTest { + + @Nested + class Creation { + private UaaClientDetails testClient; + + @BeforeEach + void setUp() { + testClient = new UaaClientDetails( + "test", + "", + "test.none", + "", + "test.admin" + ); + } + + @Test + void copiesUaaBaseClientDetails() { + testClient.setClientSecret("secret"); + UaaClientDetails copy = new UaaClientDetails(testClient); + MatcherAssert.assertThat(copy, CoreMatchers.is( + UaaClientDetailsMatcher.aUaaClientDetails() + .withClientId("test") + .withClientSecret("secret") + .withScope(IsIterableContainingInOrder.contains("test.none")) + .withResourceIds(Matchers.emptyIterable()) + )); + + List authorities = copy.getAuthorities().stream() + .map(GrantedAuthority::getAuthority) + .collect(Collectors.toList()); + MatcherAssert.assertThat(authorities, IsIterableContainingInOrder.contains("test.admin")); + } + + @Test + void copiesAdditionalInformation() { + testClient.setAdditionalInformation(Collections.singletonMap("key", "value")); + UaaClientDetails copy = new UaaClientDetails(testClient); + MatcherAssert.assertThat(copy, CoreMatchers.is( + UaaClientDetailsMatcher.aUaaClientDetails() + .withAdditionalInformation(Matchers.allOf(IsMapWithSize.aMapWithSize(1), IsMapContaining.hasEntry("key", "value"))) + )); + } + + @Test + void testClientJwtConfig() { + UaaClientDetails copy = new UaaClientDetails(testClient); + copy.setClientJwtConfig("test"); + Assertions.assertEquals("test", copy.getClientJwtConfig()); + } + + @Test + void testEquals() { + UaaClientDetails copy = new UaaClientDetails(testClient); + UaaClientDetails copy2 = new UaaClientDetails(testClient); + copy.setClientJwtConfig("test"); + assertNotEquals(copy, copy2); + assertNotEquals(copy, new UaaClientDetails()); + copy.setClientJwtConfig(null); + Assertions.assertEquals(copy, copy2); + Assertions.assertEquals(copy, copy); + assertNotEquals(copy, new UaaClientDetails()); + } + + @Test + void testHashCode() { + UaaClientDetails copy = new UaaClientDetails(testClient); + UaaClientDetails copy2 = new UaaClientDetails(testClient.getClientId(), "", + "test.none", "", "test.admin", null); + Assertions.assertEquals(copy.hashCode(), copy2.hashCode()); + copy.setClientJwtConfig("test"); + assertNotEquals(copy.hashCode(), copy2.hashCode()); + } + } + + @Nested + class WhenSettingScope { + @Test + void splitsScopesWhichIncludeAComma() { + UaaClientDetails client = new UaaClientDetails(new UaaClientDetails()); + client.setScope(Collections.singleton("foo,bar")); + MatcherAssert.assertThat(client, CoreMatchers.is( + UaaClientDetailsMatcher.aUaaClientDetails().withScope(Matchers.containsInAnyOrder("foo", "bar")) + )); + } + } + + @Nested + class BaseClientDetails { + @Test + void testBaseClientDetailsDefaultConstructor() { + UaaClientDetails details = new UaaClientDetails(); + Assert.assertEquals("[]", details.getResourceIds().toString()); + Assert.assertEquals("[]", details.getScope().toString()); + Assert.assertEquals("[]", details.getAuthorizedGrantTypes().toString()); + Assert.assertEquals("[]", details.getAuthorities().toString()); + } + + @Test + void testBaseClientDetailsConvenienceConstructor() { + UaaClientDetails details = new UaaClientDetails("foo", "", "foo,bar", "authorization_code", "ROLE_USER"); + Assert.assertEquals("[]", details.getResourceIds().toString()); + Assert.assertEquals("[bar, foo]", new TreeSet(details.getScope()).toString()); + Assert.assertEquals("[authorization_code]", details.getAuthorizedGrantTypes().toString()); + Assert.assertEquals("[ROLE_USER]", details.getAuthorities().toString()); + } + + @Test + void testBaseClientDetailsAutoApprove() { + UaaClientDetails details = new UaaClientDetails("foo", "", "foo,bar", "authorization_code", "ROLE_USER"); + details.setAutoApproveScopes(StringUtils.commaDelimitedListToSet("read,write")); + assertTrue(details.isAutoApprove("read")); + } + + @Test + void testBaseClientDetailsImplicitAutoApprove() { + UaaClientDetails details = new UaaClientDetails("foo", "", "foo,bar", "authorization_code", "ROLE_USER"); + details.setAutoApproveScopes(StringUtils.commaDelimitedListToSet("true")); + assertTrue(details.isAutoApprove("read")); + } + + @Test + void testBaseClientDetailsNoAutoApprove() { + UaaClientDetails details = new UaaClientDetails("foo", "", "foo,bar", "authorization_code", "ROLE_USER"); + details.setAutoApproveScopes(StringUtils.commaDelimitedListToSet("none")); + assertFalse(details.isAutoApprove("read")); + } + + @Test + void testBaseClientDetailsNullAutoApprove() { + UaaClientDetails details = new UaaClientDetails("foo", "", "foo,bar", "authorization_code", "ROLE_USER"); + assertFalse(details.isAutoApprove("read")); + } + + @Test + void testJsonSerialize() throws Exception { + UaaClientDetails details = new UaaClientDetails("foo", "", "foo,bar", "authorization_code", "ROLE_USER"); + details.setClientId("foo"); + details.setClientSecret("bar"); + String value = new ObjectMapper().writeValueAsString(details); + assertTrue(value.contains("client_id")); + assertTrue(value.contains("client_secret")); + assertTrue(value.contains("authorized_grant_types")); + assertTrue(value.contains("[\"ROLE_USER\"]")); + } + + @Test + void testJsonSerializeAdditionalInformation() throws Exception { + UaaClientDetails details = new UaaClientDetails("foo", "", "foo,bar", "authorization_code", "ROLE_USER"); + details.setClientId("foo"); + details.setAdditionalInformation(Collections.singletonMap("foo", "bar")); + String value = new ObjectMapper().writeValueAsString(details); + assertTrue(value.contains("\"foo\":\"bar\"")); + } + + @Test + void testJsonDeserialize() throws Exception { + String value = "{\"foo\":\"bar\",\"client_id\":\"foo\",\"scope\":[\"bar\",\"foo\"],\"authorized_grant_types\":[\"authorization_code\"],\"authorities\":[\"ROLE_USER\"]}"; + UaaClientDetails details = new ObjectMapper().readValue(value, UaaClientDetails.class); + UaaClientDetails expected = new UaaClientDetails("foo", "", "foo,bar", "authorization_code", "ROLE_USER"); + expected.setAdditionalInformation(Collections.singletonMap("foo", (Object)"bar")); + Assert.assertEquals(expected, details); + } + + @Test + void testJsonDeserializeWithArraysAsStrings() throws Exception { + // Collection values can be deserialized from space or comma-separated lists + String value = "{\"foo\":\"bar\",\"client_id\":\"foo\",\"scope\":\"bar foo\",\"authorized_grant_types\":\"authorization_code\",\"authorities\":\"ROLE_USER,ROLE_ADMIN\"}"; + UaaClientDetails details = new ObjectMapper().readValue(value, UaaClientDetails.class); + UaaClientDetails expected = new UaaClientDetails("foo", "", "foo,bar", "authorization_code", "ROLE_USER,ROLE_ADMIN"); + expected.setAdditionalInformation(Collections.singletonMap("foo", (Object)"bar")); + Assert.assertEquals(expected, details); + } + + @Test + void testEqualityOfValidity() { + UaaClientDetails details = new UaaClientDetails(); + details.setAccessTokenValiditySeconds(100); + UaaClientDetails other = new UaaClientDetails(); + other.setAccessTokenValiditySeconds(100); + Assert.assertEquals(details, other); + } + + @Test + void testIsScoped() { + UaaClientDetails details = new UaaClientDetails(); + assertFalse(details.isScoped()); + } + + @Test + void testIsSecretRequired() { + UaaClientDetails details = new UaaClientDetails(); + assertFalse(details.isSecretRequired()); + } + + @Test + void testAutoApprove() { + UaaClientDetails details = new UaaClientDetails(); + assertNull(details.getAutoApproveScopes()); + } + + @Test + void testHashCode() { + UaaClientDetails uaaClientDetails = new UaaClientDetails("admin", "uaa", "uaa.none", + "client_credentials", "none", null); + uaaClientDetails.setRegisteredRedirectUri(Set.of("http://localhost:8080/uaa")); + uaaClientDetails.setRefreshTokenValiditySeconds(1); + uaaClientDetails.setAccessTokenValiditySeconds(1); + assertTrue(uaaClientDetails.hashCode() > 0); + } + } + + @Nested + class Equals { + private UaaClientDetails testClient; + private UaaClientDetails testClientCompare; + + @BeforeEach + void setUp() { + testClient = new UaaClientDetails("test", null, null, null, null); + testClientCompare = new UaaClientDetails(testClient); + } + + @Test + void testEquals() { + UaaClientDetails uaaClientDetails = new UaaClientDetails("admin", null, null, + null, null, null); + UaaClientDetails uaaClientDetails1 = new UaaClientDetails(uaaClientDetails); + assertEquals(uaaClientDetails, uaaClientDetails1); + assertNotEquals(uaaClientDetails, new Object()); + assertNotEquals(null, uaaClientDetails); + } + @Test + void testEqualScope() { + assertEquals(testClient, testClientCompare); + testClientCompare.setScope(Set.of("new")); + assertNotEquals(testClient, testClientCompare); + } + + @Test + void testEqualAdditionalInformation() { + assertEquals(testClient, testClientCompare); + testClientCompare.setAdditionalInformation(Map.of("n", "v")); + assertNotEquals(testClient, testClientCompare); + } + + @Test + void testEqualResourceIds() { + assertEquals(testClient, testClientCompare); + testClientCompare.setResourceIds(Set.of("resource")); + assertNotEquals(testClient, testClientCompare); + } + + @Test + void testEqualRegisteredRedirectUris() { + assertEquals(testClient, testClientCompare); + testClientCompare.setRegisteredRedirectUri(Set.of("http://localhost:8080/uaa")); + assertNotEquals(testClient, testClientCompare); + } + + @Test + void testEqualSecret() { + assertEquals(testClient, testClientCompare); + testClientCompare.setClientSecret("secret"); + assertNotEquals(testClient, testClientCompare); + } + + @Test + void testEqualClientId() { + assertEquals(testClient, testClientCompare); + testClientCompare.setClientId("user"); + assertNotEquals(testClient, testClientCompare); + } + + @Test + void testEqualAuthorizedGrantTypes() { + assertEquals(testClient, testClientCompare); + testClientCompare.setAuthorizedGrantTypes(Set.of("client_credentials")); + assertNotEquals(testClient, testClientCompare); + } + + @Test + void testEqualAuthorities() { + assertEquals(testClient, testClientCompare); + testClientCompare.setAuthorities(AuthorityUtils.createAuthorityList("none")); + assertNotEquals(testClient, testClientCompare); + } + + @Test + void testEqualRefreshTokenValiditySeconds() { + assertEquals(testClient, testClientCompare); + testClientCompare.setRefreshTokenValiditySeconds(1); + assertNotEquals(testClient, testClientCompare); + } + + @Test + void testEqualAccessTokenValiditySeconds() { + assertEquals(testClient, testClientCompare); + testClientCompare.setAccessTokenValiditySeconds(1); + assertNotEquals(testClient, testClientCompare); + } + + } +} \ No newline at end of file diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/account/EmailAccountCreationService.java b/server/src/main/java/org/cloudfoundry/identity/uaa/account/EmailAccountCreationService.java index e6705e8a50c..63864f17039 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/account/EmailAccountCreationService.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/account/EmailAccountCreationService.java @@ -15,13 +15,13 @@ import org.cloudfoundry.identity.uaa.scim.util.ScimUtils; import org.cloudfoundry.identity.uaa.scim.validate.PasswordValidator; import org.cloudfoundry.identity.uaa.util.JsonUtils; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import org.cloudfoundry.identity.uaa.zone.MultitenantClientServices; import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.cloudfoundry.identity.uaa.zone.MergedZoneBrandingInformation; import org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager; import org.springframework.http.HttpStatus; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.NoSuchClientException; import org.springframework.util.StringUtils; import org.springframework.web.client.HttpClientErrorException; import org.thymeleaf.context.Context; diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/account/EmailChangeEmailService.java b/server/src/main/java/org/cloudfoundry/identity/uaa/account/EmailChangeEmailService.java index be6946d6343..a8f94896dc1 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/account/EmailChangeEmailService.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/account/EmailChangeEmailService.java @@ -11,11 +11,11 @@ import org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning; import org.cloudfoundry.identity.uaa.util.JsonUtils; import org.cloudfoundry.identity.uaa.util.UaaUrlUtils; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import org.cloudfoundry.identity.uaa.zone.MergedZoneBrandingInformation; import org.cloudfoundry.identity.uaa.zone.MultitenantClientServices; import org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.NoSuchClientException; import org.springframework.util.StringUtils; import org.thymeleaf.TemplateEngine; import org.thymeleaf.context.Context; diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/account/ProfileController.java b/server/src/main/java/org/cloudfoundry/identity/uaa/account/ProfileController.java index e52af59af94..d5e3c35d310 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/account/ProfileController.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/account/ProfileController.java @@ -6,6 +6,7 @@ import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.oauth.client.ClientConstants; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import org.cloudfoundry.identity.uaa.security.beans.SecurityContextAccessor; import org.cloudfoundry.identity.uaa.zone.MultitenantClientServices; import org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager; @@ -14,7 +15,6 @@ import org.springframework.security.access.AccessDeniedException; import org.springframework.security.core.Authentication; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.NoSuchClientException; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.web.bind.annotation.ExceptionHandler; diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/account/UaaResetPasswordService.java b/server/src/main/java/org/cloudfoundry/identity/uaa/account/UaaResetPasswordService.java index cb1a1a86d3e..61d12256464 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/account/UaaResetPasswordService.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/account/UaaResetPasswordService.java @@ -10,6 +10,7 @@ import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.error.UaaException; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import org.cloudfoundry.identity.uaa.scim.ScimUser; import org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning; import org.cloudfoundry.identity.uaa.scim.endpoints.PasswordChange; @@ -27,7 +28,6 @@ import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.NoSuchClientException; import java.sql.Timestamp; import java.util.Collections; diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/approval/ApprovalService.java b/server/src/main/java/org/cloudfoundry/identity/uaa/approval/ApprovalService.java index b7715117f51..663989bf5f0 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/approval/ApprovalService.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/approval/ApprovalService.java @@ -1,12 +1,12 @@ package org.cloudfoundry.identity.uaa.approval; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.cloudfoundry.identity.uaa.util.TimeService; import org.cloudfoundry.identity.uaa.util.UaaTokenUtils; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import java.util.Collection; import java.util.HashSet; @@ -28,7 +28,7 @@ public ApprovalService(TimeService timeService, ApprovalStore approvalStore) { public void ensureRequiredApprovals(String userId, Collection requestedScopes, String grantType, - BaseClientDetails clientDetails) { + UaaClientDetails clientDetails) { Set autoApprovedScopes = getAutoApprovedScopes(grantType, requestedScopes, clientDetails.getAutoApproveScopes()); if(autoApprovedScopes.containsAll(requestedScopes)) { return; } Set approvedScopes = new HashSet<>(autoApprovedScopes); diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/approval/ApprovalsAdminEndpoints.java b/server/src/main/java/org/cloudfoundry/identity/uaa/approval/ApprovalsAdminEndpoints.java index 306e052e754..d46efad965e 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/approval/ApprovalsAdminEndpoints.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/approval/ApprovalsAdminEndpoints.java @@ -1,11 +1,13 @@ package org.cloudfoundry.identity.uaa.approval; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.error.UaaException; import org.cloudfoundry.identity.uaa.resources.ActionResult; import org.cloudfoundry.identity.uaa.security.beans.SecurityContextAccessor; import org.cloudfoundry.identity.uaa.user.UaaUserDatabase; import org.cloudfoundry.identity.uaa.util.UaaPagingUtils; import org.cloudfoundry.identity.uaa.util.UaaStringUtils; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import org.cloudfoundry.identity.uaa.web.ConvertingExceptionView; import org.cloudfoundry.identity.uaa.web.ExceptionReport; import org.cloudfoundry.identity.uaa.web.ExceptionReportHttpMessageConverter; @@ -22,8 +24,6 @@ import org.springframework.jdbc.BadSqlGrammarException; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.core.userdetails.UsernameNotFoundException; -import org.springframework.security.oauth2.provider.NoSuchClientException; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.stereotype.Controller; import org.springframework.util.Assert; import org.springframework.util.StringUtils; @@ -90,7 +90,7 @@ public List getApprovals(@RequestParam(required = false, defaultValue // Find the auto approved scopes for these clients Map> clientAutoApprovedScopes = new HashMap>(); for (String clientId : clientIds) { - BaseClientDetails client = (BaseClientDetails) clientDetailsService.loadClientByClientId(clientId, IdentityZoneHolder.get().getId()); + UaaClientDetails client = (UaaClientDetails) clientDetailsService.loadClientByClientId(clientId, IdentityZoneHolder.get().getId()); Set autoApproved = client.getAutoApproveScopes(); Set autoApprovedScopes = new HashSet(); diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/authentication/WhitelistLogoutHandler.java b/server/src/main/java/org/cloudfoundry/identity/uaa/authentication/WhitelistLogoutHandler.java index 820e6d17f74..28ce51ecafd 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/authentication/WhitelistLogoutHandler.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/authentication/WhitelistLogoutHandler.java @@ -5,6 +5,7 @@ import org.cloudfoundry.identity.uaa.oauth.jwt.ChainedSignatureVerifier; import org.cloudfoundry.identity.uaa.oauth.jwt.SignatureVerifier; import org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import org.cloudfoundry.identity.uaa.util.JwtTokenSignedByThisUAA; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -12,7 +13,6 @@ import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.NoSuchClientException; import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler; import org.springframework.util.StringUtils; diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/authentication/manager/AutologinAuthenticationManager.java b/server/src/main/java/org/cloudfoundry/identity/uaa/authentication/manager/AutologinAuthenticationManager.java index b63a67bdd45..b7b07876142 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/authentication/manager/AutologinAuthenticationManager.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/authentication/manager/AutologinAuthenticationManager.java @@ -24,6 +24,7 @@ import org.cloudfoundry.identity.uaa.codestore.ExpiringCode; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeType; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import org.cloudfoundry.identity.uaa.user.UaaAuthority; import org.cloudfoundry.identity.uaa.user.UaaUser; import org.cloudfoundry.identity.uaa.user.UaaUserDatabase; @@ -36,7 +37,6 @@ import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.oauth2.common.util.OAuth2Utils; -import org.springframework.security.oauth2.provider.NoSuchClientException; import java.util.Map; diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/client/ClientAdminBootstrap.java b/server/src/main/java/org/cloudfoundry/identity/uaa/client/ClientAdminBootstrap.java index 00011e5c7ce..f438874f1d0 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/client/ClientAdminBootstrap.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/client/ClientAdminBootstrap.java @@ -20,6 +20,8 @@ import org.cloudfoundry.identity.uaa.audit.event.EntityDeletedEvent; import org.cloudfoundry.identity.uaa.authentication.SystemAuthentication; import org.cloudfoundry.identity.uaa.oauth.client.ClientConstants; +import org.cloudfoundry.identity.uaa.provider.ClientAlreadyExistsException; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import org.cloudfoundry.identity.uaa.user.UaaAuthority; import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; @@ -36,10 +38,7 @@ import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.security.core.Authentication; import org.springframework.security.crypto.password.PasswordEncoder; -import org.springframework.security.oauth2.provider.ClientAlreadyExistsException; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.NoSuchClientException; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.util.StringUtils; public class ClientAdminBootstrap implements @@ -112,7 +111,7 @@ private void updateAutoApproveClients() { autoApproveClients.removeAll(clientsToDelete); for (String clientId : autoApproveClients) { try { - BaseClientDetails base = (BaseClientDetails) clientRegistrationService.loadClientByClientId(clientId, IdentityZone.getUaaZoneId()); + UaaClientDetails base = (UaaClientDetails) clientRegistrationService.loadClientByClientId(clientId, IdentityZone.getUaaZoneId()); base.addAdditionalInformation(ClientConstants.AUTO_APPROVE, true); logger.debug("Adding autoapprove flag to client: " + clientId); clientRegistrationService.updateClientDetails(base, IdentityZone.getUaaZoneId()); @@ -126,7 +125,7 @@ private void updateAllowedPublicClients() { allowPublicClients.removeAll(clientsToDelete); for (String clientId : allowPublicClients) { try { - BaseClientDetails base = (BaseClientDetails) clientRegistrationService.loadClientByClientId(clientId, IdentityZone.getUaaZoneId()); + UaaClientDetails base = (UaaClientDetails) clientRegistrationService.loadClientByClientId(clientId, IdentityZone.getUaaZoneId()); base.addAdditionalInformation(ClientConstants.ALLOW_PUBLIC, true); logger.debug("Adding allowpublic flag to client: {}", clientId); clientRegistrationService.updateClientDetails(base, IdentityZone.getUaaZoneId()); @@ -252,7 +251,7 @@ private void addNewClients() { } } - private boolean isMissingRedirectUris(BaseClientDetails client) { + private boolean isMissingRedirectUris(UaaClientDetails client) { return client.getRegisteredRedirectUri() == null || client.getRegisteredRedirectUri().isEmpty(); } diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/client/ClientAdminEndpoints.java b/server/src/main/java/org/cloudfoundry/identity/uaa/client/ClientAdminEndpoints.java index 84cf4aa7d29..5d680f36880 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/client/ClientAdminEndpoints.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/client/ClientAdminEndpoints.java @@ -22,6 +22,8 @@ import org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification; import org.cloudfoundry.identity.uaa.oauth.client.ClientJwtChangeRequest; import org.cloudfoundry.identity.uaa.oauth.client.SecretChangeRequest; +import org.cloudfoundry.identity.uaa.provider.ClientAlreadyExistsException; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import org.cloudfoundry.identity.uaa.resources.ActionResult; import org.cloudfoundry.identity.uaa.resources.AttributeNameMapper; import org.cloudfoundry.identity.uaa.resources.QueryableResourceManager; @@ -56,10 +58,7 @@ import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.oauth2.common.exceptions.BadClientCredentialsException; import org.springframework.security.oauth2.common.exceptions.InvalidClientException; -import org.springframework.security.oauth2.provider.ClientAlreadyExistsException; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.NoSuchClientException; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.stereotype.Controller; import org.springframework.transaction.annotation.Transactional; import org.springframework.util.Assert; @@ -218,7 +217,7 @@ public ClientDetails createClientDetails(@RequestBody ClientDetailsCreation clie return createdClientDetails; } - private ClientDetails createClientDetailsInternal(BaseClientDetails client) { + private ClientDetails createClientDetailsInternal(UaaClientDetails client) { ClientDetails details = clientDetailsValidator.validate(client, Mode.CREATE); return removeSecret(clientDetailsService.create(details, IdentityZoneHolder.get().getId())); @@ -235,7 +234,7 @@ public List getRestrictedClientScopes() { @RequestMapping(value = "/oauth/clients/restricted", method = RequestMethod.POST) @ResponseStatus(HttpStatus.CREATED) @ResponseBody - public ClientDetails createRestrictedClientDetails(@RequestBody BaseClientDetails client) { + public ClientDetails createRestrictedClientDetails(@RequestBody UaaClientDetails client) { restrictedScopesValidator.validate(client, Mode.CREATE); return createClientDetailsInternal(client); } @@ -244,7 +243,7 @@ public ClientDetails createRestrictedClientDetails(@RequestBody BaseClientDetail @ResponseStatus(HttpStatus.CREATED) @ResponseBody @Transactional - public ClientDetails[] createClientDetailsTx(@RequestBody BaseClientDetails[] clients) { + public ClientDetails[] createClientDetailsTx(@RequestBody UaaClientDetails[] clients) { if (clients==null || clients.length==0) { throw new NoSuchClientException("Message body does not contain any clients."); } @@ -267,7 +266,7 @@ protected ClientDetails[] doInsertClientDetails(ClientDetails[] details) { @ResponseStatus(HttpStatus.OK) @Transactional @ResponseBody - public ClientDetails[] updateClientDetailsTx(@RequestBody BaseClientDetails[] clients) { + public ClientDetails[] updateClientDetailsTx(@RequestBody UaaClientDetails[] clients) { if (clients==null || clients.length==0) { throw new InvalidClientDetailsException("No clients specified for update."); } @@ -299,7 +298,7 @@ protected ClientDetails[] doProcessUpdates(ClientDetails[] details) { @RequestMapping(value = "/oauth/clients/restricted/{client}", method = RequestMethod.PUT) @ResponseStatus(HttpStatus.OK) @ResponseBody - public ClientDetails updateRestrictedClientDetails(@RequestBody BaseClientDetails client, + public ClientDetails updateRestrictedClientDetails(@RequestBody UaaClientDetails client, @PathVariable("client") String clientId) throws Exception { restrictedScopesValidator.validate(client, Mode.MODIFY); return updateClientDetails(client, clientId); @@ -308,7 +307,7 @@ public ClientDetails updateRestrictedClientDetails(@RequestBody BaseClientDetail @RequestMapping(value = "/oauth/clients/{client}", method = RequestMethod.PUT) @ResponseStatus(HttpStatus.OK) @ResponseBody - public ClientDetails updateClientDetails(@RequestBody BaseClientDetails client, + public ClientDetails updateClientDetails(@RequestBody UaaClientDetails client, @PathVariable("client") String clientId) { Assert.state(clientId.equals(client.getClientId()), format("The client id (%s) does not match the URL (%s)", client.getClientId(), clientId)); @@ -342,7 +341,7 @@ public ClientDetails removeClientDetails(@PathVariable String client) { @ResponseStatus(HttpStatus.OK) @Transactional @ResponseBody - public ClientDetails[] removeClientDetailsTx(@RequestBody BaseClientDetails[] details) { + public ClientDetails[] removeClientDetailsTx(@RequestBody UaaClientDetails[] details) { ClientDetails[] result = new ClientDetails[details.length]; for (int i=0; i()); - if (existing instanceof BaseClientDetails) { - BaseClientDetails existingDetails = (BaseClientDetails)existing; + if (existing instanceof UaaClientDetails) { + UaaClientDetails existingDetails = (UaaClientDetails)existing; if (existingDetails.getAutoApproveScopes()!=null) { for (String scope : existingDetails.getAutoApproveScopes()) { details.getAutoApproveScopes().add(scope); diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/client/ClientAdminEndpointsValidator.java b/server/src/main/java/org/cloudfoundry/identity/uaa/client/ClientAdminEndpointsValidator.java index ea956febfea..00eeb914310 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/client/ClientAdminEndpointsValidator.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/client/ClientAdminEndpointsValidator.java @@ -24,7 +24,6 @@ import org.springframework.beans.factory.InitializingBean; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.util.Assert; import org.springframework.util.StringUtils; @@ -104,11 +103,11 @@ public ClientDetails validate(ClientDetails prototype, Mode mode) { public ClientDetails validate(ClientDetails prototype, boolean create, boolean checkAdmin) throws InvalidClientDetailsException { - BaseClientDetails client = new UaaClientDetails(prototype); - if (prototype instanceof BaseClientDetails) { - Set scopes = ((BaseClientDetails)prototype).getAutoApproveScopes(); + UaaClientDetails client = new UaaClientDetails(prototype); + if (prototype instanceof UaaClientDetails) { + Set scopes = ((UaaClientDetails)prototype).getAutoApproveScopes(); if (scopes!=null) { - client.setAutoApproveScopes(((BaseClientDetails) prototype).getAutoApproveScopes()); + client.setAutoApproveScopes(((UaaClientDetails) prototype).getAutoApproveScopes()); } } diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/client/ClientInfoEndpoint.java b/server/src/main/java/org/cloudfoundry/identity/uaa/client/ClientInfoEndpoint.java index d28ed0e0a28..b82fc08080b 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/client/ClientInfoEndpoint.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/client/ClientInfoEndpoint.java @@ -16,7 +16,6 @@ import org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.ResponseBody; @@ -46,7 +45,7 @@ public ClientInfoEndpoint( @ResponseBody public ClientDetails clientinfo(Principal principal) { String clientId = principal.getName(); - BaseClientDetails client = new BaseClientDetails(clientDetailsService.loadClientByClientId(clientId, identityZoneManager.getCurrentIdentityZoneId())); + UaaClientDetails client = new UaaClientDetails(clientDetailsService.loadClientByClientId(clientId, identityZoneManager.getCurrentIdentityZoneId())); client.setClientSecret(null); client.setAdditionalInformation(Collections. emptyMap()); return client; diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/client/JdbcClientMetadataProvisioning.java b/server/src/main/java/org/cloudfoundry/identity/uaa/client/JdbcClientMetadataProvisioning.java index 4aeab98e1f8..93721698b9b 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/client/JdbcClientMetadataProvisioning.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/client/JdbcClientMetadataProvisioning.java @@ -10,7 +10,6 @@ import org.springframework.dao.IncorrectResultSizeDataAccessException; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.jdbc.core.RowMapper; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.stereotype.Component; import org.springframework.util.Assert; import org.springframework.util.Base64Utils; @@ -95,7 +94,7 @@ public ClientMetadata update(ClientMetadata resource, String zoneId) { protected void updateClientNameIfNotEmpty(ClientMetadata resource, String zoneId) { //we don't remove it, only set values if (hasText(resource.getClientName())) { - BaseClientDetails client = (BaseClientDetails) clientDetailsService.loadClientByClientId(resource.getClientId(), zoneId); + UaaClientDetails client = (UaaClientDetails) clientDetailsService.loadClientByClientId(resource.getClientId(), zoneId); client.addAdditionalInformation(CLIENT_NAME, resource.getClientName()); clientDetailsService.updateClientDetails(client, zoneId); } diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/client/JdbcQueryableClientDetailsService.java b/server/src/main/java/org/cloudfoundry/identity/uaa/client/JdbcQueryableClientDetailsService.java index 9c97049db99..d624aaf5689 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/client/JdbcQueryableClientDetailsService.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/client/JdbcQueryableClientDetailsService.java @@ -14,7 +14,6 @@ import org.springframework.jdbc.core.RowMapper; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.stereotype.Component; import org.springframework.util.StringUtils; @@ -96,7 +95,7 @@ private static class ClientDetailsRowMapper implements RowMapper @Override public ClientDetails mapRow(ResultSet rs, int rowNum) throws SQLException { - BaseClientDetails details = new BaseClientDetails(rs.getString(1), rs.getString(3), rs.getString(4), + UaaClientDetails details = new UaaClientDetails(rs.getString(1), rs.getString(3), rs.getString(4), rs.getString(5), rs.getString(7), rs.getString(6)); details.setClientSecret(rs.getString(2)); if (rs.getObject(8) != null) { diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/client/UaaClientDetails.java b/server/src/main/java/org/cloudfoundry/identity/uaa/client/UaaClientDetails.java deleted file mode 100644 index 0803b2b7f8d..00000000000 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/client/UaaClientDetails.java +++ /dev/null @@ -1,74 +0,0 @@ -package org.cloudfoundry.identity.uaa.client; - -import com.fasterxml.jackson.annotation.JsonIgnoreProperties; -import com.fasterxml.jackson.annotation.JsonInclude; -import com.fasterxml.jackson.annotation.JsonProperty; -import org.springframework.security.core.SpringSecurityCoreVersion; -import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; - -import java.util.Arrays; -import java.util.Collection; -import java.util.Objects; -import java.util.Set; -import java.util.stream.Collectors; - -@JsonInclude(JsonInclude.Include.NON_DEFAULT) -@JsonIgnoreProperties(ignoreUnknown = true) -public class UaaClientDetails extends BaseClientDetails { - - private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID; - - @JsonProperty("client_jwt_config") - private String clientJwtConfig; - - public UaaClientDetails() { - } - - UaaClientDetails(ClientDetails prototype) { - super(prototype); - this.setAdditionalInformation(prototype.getAdditionalInformation()); - } - - public UaaClientDetails(String clientId, String resourceIds, - String scopes, String grantTypes, String authorities, String redirectUris) { - super(clientId, resourceIds, scopes, grantTypes, authorities, redirectUris); - } - - @Override - public void setScope(Collection scope) { - Set sanitized = scope.stream() - .flatMap(s -> Arrays.stream(s.split(","))) - .collect(Collectors.toSet()); - super.setScope(sanitized); - } - - public String getClientJwtConfig() { - return clientJwtConfig; - } - - public void setClientJwtConfig(String clientJwtConfig) { - this.clientJwtConfig = clientJwtConfig; - } - - @Override - public boolean equals(Object o) { - if (this == o) { - return true; - } - if (o == null || getClass() != o.getClass() || !super.equals(o)) { - return false; - } - - UaaClientDetails uaaClientDetails = (UaaClientDetails) o; - return Objects.equals(clientJwtConfig, uaaClientDetails.clientJwtConfig); - } - - @Override - public int hashCode() { - int result = super.hashCode(); - - result = 31 * result + (clientJwtConfig != null ? clientJwtConfig.hashCode() : 0); - return result; - } -} diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/client/UaaClientDetailsUserDetailsService.java b/server/src/main/java/org/cloudfoundry/identity/uaa/client/UaaClientDetailsUserDetailsService.java index 77c9dc3e0e8..00359308e78 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/client/UaaClientDetailsUserDetailsService.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/client/UaaClientDetailsUserDetailsService.java @@ -1,10 +1,10 @@ package org.cloudfoundry.identity.uaa.client; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.oauth2.provider.ClientDetailsService; -import org.springframework.security.oauth2.provider.NoSuchClientException; public class UaaClientDetailsUserDetailsService implements UserDetailsService { diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/client/event/AbstractClientAdminEvent.java b/server/src/main/java/org/cloudfoundry/identity/uaa/client/event/AbstractClientAdminEvent.java index 5d5098c8fb9..c17aaeba0f4 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/client/event/AbstractClientAdminEvent.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/client/event/AbstractClientAdminEvent.java @@ -15,11 +15,11 @@ import org.cloudfoundry.identity.uaa.audit.AuditEvent; import org.cloudfoundry.identity.uaa.audit.AuditEventType; import org.cloudfoundry.identity.uaa.audit.event.AbstractUaaEvent; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.util.JsonUtils; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import java.security.Principal; import java.util.HashMap; @@ -30,7 +30,7 @@ public abstract class AbstractClientAdminEvent extends AbstractUaaEvent { - private BaseClientDetails nonExistent = new BaseClientDetails("non-existent","","","",""); + private ClientDetails nonExistent = new UaaClientDetails("non-existent","","","",""); private ClientDetails client; diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/invitations/EmailInvitationsService.java b/server/src/main/java/org/cloudfoundry/identity/uaa/invitations/EmailInvitationsService.java index 7738e36e438..c4c601de7b2 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/invitations/EmailInvitationsService.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/invitations/EmailInvitationsService.java @@ -4,6 +4,7 @@ import org.cloudfoundry.identity.uaa.account.PasswordChangeRequest; import org.cloudfoundry.identity.uaa.codestore.ExpiringCode; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import org.cloudfoundry.identity.uaa.scim.ScimUser; import org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning; import org.cloudfoundry.identity.uaa.util.JsonUtils; @@ -14,7 +15,6 @@ import org.slf4j.LoggerFactory; import org.springframework.http.HttpStatus; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.NoSuchClientException; import org.springframework.stereotype.Service; import org.springframework.util.StringUtils; import org.springframework.web.client.HttpClientErrorException; diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpoint.java b/server/src/main/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpoint.java index 1d4625a884b..856539b5ac4 100755 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpoint.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpoint.java @@ -26,6 +26,7 @@ import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Value; import org.springframework.core.io.support.PropertiesLoaderUtils; @@ -37,7 +38,6 @@ import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.core.Authentication; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.NoSuchClientException; import org.springframework.security.web.savedrequest.SavedRequest; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/AccessController.java b/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/AccessController.java index 97b5ace4337..30885d01704 100755 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/AccessController.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/AccessController.java @@ -17,7 +17,7 @@ import org.springframework.security.oauth2.common.util.OAuth2Utils; import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.springframework.stereotype.Controller; import org.springframework.util.StringUtils; import org.springframework.web.bind.annotation.RequestMapping; @@ -87,8 +87,8 @@ public String confirm(Map model, final HttpServletRequest reques "No authorization request is present, so we cannot confirm access (we don't know what you are asking for)."); } else { String clientId = clientAuthRequest.getClientId(); - BaseClientDetails client = (BaseClientDetails) clientDetailsService.loadClientByClientId(clientId, IdentityZoneHolder.get().getId()); - BaseClientDetails modifiableClient = new BaseClientDetails(client); + UaaClientDetails client = (UaaClientDetails) clientDetailsService.loadClientByClientId(clientId, IdentityZoneHolder.get().getId()); + UaaClientDetails modifiableClient = new UaaClientDetails(client); modifiableClient.setClientSecret(null); model.put("auth_request", clientAuthRequest); model.put("redirect_uri", getRedirectUri(modifiableClient, clientAuthRequest)); diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/RemoteTokenServices.java b/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/RemoteTokenServices.java index 0f8798b7a80..18d0f491ea1 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/RemoteTokenServices.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/RemoteTokenServices.java @@ -39,7 +39,7 @@ import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; import org.springframework.security.oauth2.provider.AuthorizationRequest; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices; import org.springframework.util.Assert; @@ -153,7 +153,7 @@ public OAuth2Authentication loadAuthentication(String accessToken) throws Authen Collection values = (Collection) map.get("client_authorities"); clientAuthorities.addAll(getAuthorities(values)); } - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId(remoteClientId); clientDetails.setResourceIds(resourceIds); clientDetails.setAuthorities(clientAuthorities); diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/TokenRevocationEndpoint.java b/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/TokenRevocationEndpoint.java index 36e01beef45..0b8cc1d48b5 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/TokenRevocationEndpoint.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/TokenRevocationEndpoint.java @@ -3,10 +3,12 @@ import org.cloudfoundry.identity.uaa.audit.event.SystemDeletable; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; import org.cloudfoundry.identity.uaa.logging.SanitizedLogFactory; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.oauth.client.ClientConstants; import org.cloudfoundry.identity.uaa.oauth.event.TokenRevocationEvent; import org.cloudfoundry.identity.uaa.oauth.token.RevocableToken; import org.cloudfoundry.identity.uaa.oauth.token.RevocableTokenProvisioning; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import org.cloudfoundry.identity.uaa.scim.ScimUser; import org.cloudfoundry.identity.uaa.scim.ScimUserProvisioning; import org.cloudfoundry.identity.uaa.scim.exception.ScimResourceNotFoundException; @@ -21,9 +23,7 @@ import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.oauth2.provider.NoSuchClientException; import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.security.oauth2.provider.error.DefaultWebResponseExceptionTranslator; import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator; import org.springframework.security.oauth2.provider.expression.OAuth2ExpressionUtils; @@ -93,7 +93,7 @@ public ResponseEntity revokeTokensForUserAndClient(@PathVariable String us public ResponseEntity revokeTokensForClient(@PathVariable String clientId) { logger.debug("Revoking tokens for client: " + clientId); String zoneId = IdentityZoneHolder.get().getId(); - BaseClientDetails client = (BaseClientDetails) clientDetailsService.loadClientByClientId(clientId, zoneId); + UaaClientDetails client = (UaaClientDetails) clientDetailsService.loadClientByClientId(clientId, zoneId); client.addAdditionalInformation(ClientConstants.TOKEN_SALT, generator.generate()); clientDetailsService.updateClientDetails(client, zoneId); eventPublisher.publishEvent(new TokenRevocationEvent(null, clientId, zoneId, SecurityContextHolder.getContext().getAuthentication())); diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthorizationEndpoint.java b/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthorizationEndpoint.java index fa1d1494653..c7619b6b41d 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthorizationEndpoint.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthorizationEndpoint.java @@ -3,6 +3,8 @@ import org.apache.http.HttpHost; import org.apache.http.client.utils.URIUtils; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; +import org.cloudfoundry.identity.uaa.provider.ClientRegistrationException; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import org.cloudfoundry.identity.uaa.oauth.client.ClientConstants; import org.cloudfoundry.identity.uaa.oauth.pkce.PkceValidationService; import org.cloudfoundry.identity.uaa.oauth.token.CompositeToken; @@ -32,8 +34,6 @@ import org.springframework.security.oauth2.common.util.OAuth2Utils; import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.ClientRegistrationException; -import org.springframework.security.oauth2.provider.NoSuchClientException; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.OAuth2Request; import org.springframework.security.oauth2.provider.OAuth2RequestFactory; diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthorizationRequestManager.java b/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthorizationRequestManager.java index 10e761dc95f..487e99639d4 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthorizationRequestManager.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthorizationRequestManager.java @@ -12,6 +12,7 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.oauth; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.oauth.client.ClientConstants; import org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants; import org.cloudfoundry.identity.uaa.oauth.token.TokenConstants; @@ -40,7 +41,6 @@ import org.springframework.security.oauth2.provider.OAuth2Request; import org.springframework.security.oauth2.provider.OAuth2RequestFactory; import org.springframework.security.oauth2.provider.TokenRequest; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory; import java.util.Collection; @@ -145,7 +145,7 @@ public void setScopeSeparator(String scopeSeparator) { public AuthorizationRequest createAuthorizationRequest(Map authorizationParameters) { String clientId = authorizationParameters.get("client_id"); - BaseClientDetails clientDetails = (BaseClientDetails)clientDetailsService.loadClientByClientId(clientId, IdentityZoneHolder.get().getId()); + UaaClientDetails clientDetails = (UaaClientDetails)clientDetailsService.loadClientByClientId(clientId, IdentityZoneHolder.get().getId()); validateParameters(authorizationParameters, clientDetails); Set scopes = OAuth2Utils.parseParameterList(authorizationParameters.get(OAuth2Utils.SCOPE)); Set responseTypes = OAuth2Utils.parseParameterList(authorizationParameters.get(OAuth2Utils.RESPONSE_TYPE)); @@ -212,7 +212,7 @@ public void validateParameters(Map parameters, ClientDetails cli } } - protected void checkClientIdpAuthorization(BaseClientDetails client, UaaUser user) { + protected void checkClientIdpAuthorization(UaaClientDetails client, UaaUser user) { List allowedProviders = (List)client.getAdditionalInformation().get(ClientConstants.ALLOWED_PROVIDERS); diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServices.java b/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServices.java index 3ef9e5b7b00..78d17bf0166 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServices.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServices.java @@ -19,6 +19,7 @@ import org.cloudfoundry.identity.uaa.authentication.Origin; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.oauth.jwt.JwtHelper; import org.cloudfoundry.identity.uaa.oauth.openid.IdToken; import org.cloudfoundry.identity.uaa.oauth.openid.IdTokenCreationException; @@ -68,7 +69,6 @@ import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.OAuth2Request; import org.springframework.security.oauth2.provider.TokenRequest; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices; import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices; import org.springframework.util.LinkedMultiValueMap; @@ -246,7 +246,7 @@ public OAuth2AccessToken refreshAccessToken(String refreshTokenValue, TokenReque boolean isRevocable = isRevocable(claims, isOpaque); UaaUser user = new UaaUser(userDatabase.retrieveUserPrototypeById(claims.getUserId())); - BaseClientDetails client = (BaseClientDetails) clientDetailsService.loadClientByClientId(claims.getCid()); + UaaClientDetails client = (UaaClientDetails) clientDetailsService.loadClientByClientId(claims.getCid()); long refreshTokenExpireMillis = claims.getExp().longValue() * MILLIS_PER_SECOND; if (new Date(refreshTokenExpireMillis).before(timeService.getCurrentDate())) { @@ -466,7 +466,7 @@ private CompositeToken createCompositeToken(String tokenId, additionalRootClaims); String token = JwtHelper.encode(jwtAccessToken, getActiveKeyInfo()).getEncoded(); compositeToken.setValue(token); - BaseClientDetails clientDetails = (BaseClientDetails) clientDetailsService.loadClientByClientId(clientId); + UaaClientDetails clientDetails = (UaaClientDetails) clientDetailsService.loadClientByClientId(clientId); if (idTokenGranter.shouldSendIdToken(user, clientDetails, requestedScopes, grantType)) { IdToken idTokenContent; @@ -590,7 +590,7 @@ public OAuth2AccessToken createAccessToken(OAuth2Authentication authentication) Set authNContextClassRef = null; OAuth2Request oAuth2Request = authentication.getOAuth2Request(); - BaseClientDetails client = (BaseClientDetails) clientDetailsService.loadClientByClientId(oAuth2Request.getClientId(), IdentityZoneHolder.get().getId()); + UaaClientDetails client = (UaaClientDetails) clientDetailsService.loadClientByClientId(oAuth2Request.getClientId(), IdentityZoneHolder.get().getId()); Collection clientScopes = null; // Clients should really by different kinds of users @@ -902,7 +902,7 @@ public OAuth2AccessToken readAccessToken(String accessToken) { } String clientId = (String)claims.get(CID); String userId = (String)claims.get(USER_ID); - BaseClientDetails client = (BaseClientDetails) clientDetailsService.loadClientByClientId(clientId, IdentityZoneHolder.get().getId()); + UaaClientDetails client = (UaaClientDetails) clientDetailsService.loadClientByClientId(clientId, IdentityZoneHolder.get().getId()); // Only check user access tokens if (null != userId) { ArrayList tokenScopes = (ArrayList) claims.get(SCOPE); diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/UserManagedAuthzApprovalHandler.java b/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/UserManagedAuthzApprovalHandler.java index da98beae65c..1a7eb6b6b80 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/UserManagedAuthzApprovalHandler.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/UserManagedAuthzApprovalHandler.java @@ -3,6 +3,7 @@ import org.cloudfoundry.identity.uaa.approval.Approval; import org.cloudfoundry.identity.uaa.approval.ApprovalStore; import org.cloudfoundry.identity.uaa.authentication.Origin; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.resources.QueryableResourceManager; import org.cloudfoundry.identity.uaa.util.UaaTokenUtils; import org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager; @@ -13,7 +14,6 @@ import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.ClientDetails; import org.springframework.security.oauth2.provider.approval.UserApprovalHandler; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import java.util.*; @@ -59,7 +59,7 @@ public boolean isApproved(AuthorizationRequest authorizationRequest, Authenticat // Factor in auto approved scopes Set autoApprovedScopes = new HashSet<>(); - BaseClientDetails client = (BaseClientDetails) clientDetailsService.retrieve(authorizationRequest.getClientId(), identityZoneManager.getCurrentIdentityZoneId()); + UaaClientDetails client = (UaaClientDetails) clientDetailsService.retrieve(authorizationRequest.getClientId(), identityZoneManager.getCurrentIdentityZoneId()); if (client != null && requestedScopes != null) { autoApprovedScopes.addAll(client.getAutoApproveScopes()); autoApprovedScopes = UaaTokenUtils.retainAutoApprovedScopes(requestedScopes, autoApprovedScopes); diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/openid/IdTokenGranter.java b/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/openid/IdTokenGranter.java index 20ee4c18746..8e6af5d9f32 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/openid/IdTokenGranter.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/oauth/openid/IdTokenGranter.java @@ -3,11 +3,11 @@ import com.google.common.collect.Lists; import com.google.common.collect.Sets; import org.cloudfoundry.identity.uaa.approval.ApprovalService; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.user.UaaUser; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import java.util.List; import java.util.Objects; @@ -36,7 +36,7 @@ public IdTokenGranter(ApprovalService approvalService) { } public boolean shouldSendIdToken(UaaUser user, - BaseClientDetails clientDetails, + UaaClientDetails clientDetails, Set requestedScopes, String requestedGrantType ) { diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/user/UaaUserApprovalHandler.java b/server/src/main/java/org/cloudfoundry/identity/uaa/user/UaaUserApprovalHandler.java index e6fc9376d3d..022c7e49a9a 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/user/UaaUserApprovalHandler.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/user/UaaUserApprovalHandler.java @@ -1,5 +1,6 @@ package org.cloudfoundry.identity.uaa.user; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.zone.MultitenantClientServices; import org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager; import org.slf4j.Logger; @@ -9,7 +10,6 @@ import org.springframework.security.oauth2.common.util.OAuth2Utils; import org.springframework.security.oauth2.provider.*; import org.springframework.security.oauth2.provider.approval.UserApprovalHandler; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices; import java.util.Collection; @@ -62,7 +62,7 @@ public boolean isApproved(AuthorizationRequest authorizationRequest, Authenticat } private boolean isAutoApprove(ClientDetails client, Collection scopes) { - BaseClientDetails baseClient = (BaseClientDetails) client; + UaaClientDetails baseClient = (UaaClientDetails) client; if (baseClient.getAutoApproveScopes() == null) { return false; diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/util/JwtTokenSignedByThisUAA.java b/server/src/main/java/org/cloudfoundry/identity/uaa/util/JwtTokenSignedByThisUAA.java index 3696e3567e1..e02ae9703e9 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/util/JwtTokenSignedByThisUAA.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/util/JwtTokenSignedByThisUAA.java @@ -26,6 +26,7 @@ import javax.validation.constraints.NotNull; import com.nimbusds.jwt.JWTClaimsSet; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import org.cloudfoundry.identity.uaa.oauth.jwt.ChainedSignatureVerifier; import org.cloudfoundry.identity.uaa.oauth.jwt.SignatureVerifier; import org.cloudfoundry.identity.uaa.oauth.jwt.Verifier; @@ -36,7 +37,6 @@ import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; import org.springframework.security.oauth2.common.exceptions.UnauthorizedClientException; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.NoSuchClientException; import com.google.common.collect.Lists; import org.cloudfoundry.identity.uaa.oauth.KeyInfo; diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneEndpoints.java b/server/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneEndpoints.java index af9e081e0d7..2bdee34005c 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneEndpoints.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneEndpoints.java @@ -2,10 +2,13 @@ import org.cloudfoundry.identity.uaa.audit.event.EntityDeletedEvent; import org.cloudfoundry.identity.uaa.client.InvalidClientDetailsException; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.error.UaaException; +import org.cloudfoundry.identity.uaa.provider.ClientAlreadyExistsException; import org.cloudfoundry.identity.uaa.provider.IdentityProvider; import org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import org.cloudfoundry.identity.uaa.provider.UaaIdentityProviderDefinition; import org.cloudfoundry.identity.uaa.saml.SamlKey; import org.cloudfoundry.identity.uaa.scim.ScimGroup; @@ -23,10 +26,7 @@ import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.oauth2.provider.ClientAlreadyExistsException; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.NoSuchClientException; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.transaction.annotation.Transactional; import org.springframework.util.StringUtils; import org.springframework.validation.BindingResult; @@ -350,7 +350,7 @@ public ResponseEntity deleteIdentityZone(@PathVariable String id) @RequestMapping(method = POST, value = "{identityZoneId}/clients") public ResponseEntity createClient( - @PathVariable String identityZoneId, @RequestBody BaseClientDetails clientDetails) { + @PathVariable String identityZoneId, @RequestBody UaaClientDetails clientDetails) { if (identityZoneId == null) { throw new ZoneDoesNotExistsException(identityZoneId); } @@ -371,7 +371,7 @@ public ResponseEntity createClient( } private ClientDetails removeSecret(ClientDetails createdClient) { - BaseClientDetails response = (BaseClientDetails) createdClient; + UaaClientDetails response = (UaaClientDetails) createdClient; response.setClientSecret(null); return response; } diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/zone/MultitenantClientServices.java b/server/src/main/java/org/cloudfoundry/identity/uaa/zone/MultitenantClientServices.java index b1dd9a13dff..ede861ebe1b 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/zone/MultitenantClientServices.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/zone/MultitenantClientServices.java @@ -1,7 +1,12 @@ package org.cloudfoundry.identity.uaa.zone; +import org.cloudfoundry.identity.uaa.provider.ClientAlreadyExistsException; +import org.cloudfoundry.identity.uaa.provider.ClientRegistrationException; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager; -import org.springframework.security.oauth2.provider.*; +import org.springframework.security.oauth2.provider.ClientDetails; +import org.springframework.security.oauth2.provider.ClientDetailsService; +import org.springframework.security.oauth2.provider.ClientRegistrationService; import java.util.List; diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/zone/MultitenantJdbcClientDetailsService.java b/server/src/main/java/org/cloudfoundry/identity/uaa/zone/MultitenantJdbcClientDetailsService.java index 52f5b1e1248..e8d2646ca56 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/zone/MultitenantJdbcClientDetailsService.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/zone/MultitenantJdbcClientDetailsService.java @@ -6,6 +6,8 @@ import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.client.ClientJwtConfiguration; import org.cloudfoundry.identity.uaa.oauth.client.ClientConstants; +import org.cloudfoundry.identity.uaa.provider.ClientAlreadyExistsException; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import org.cloudfoundry.identity.uaa.resources.ResourceMonitor; import org.cloudfoundry.identity.uaa.security.ContextSensitiveOAuth2SecurityExpressionMethods; import org.cloudfoundry.identity.uaa.util.JsonUtils; @@ -26,9 +28,7 @@ import org.springframework.security.oauth2.common.exceptions.InvalidClientException; import org.springframework.security.oauth2.common.util.DefaultJdbcListFactory; import org.springframework.security.oauth2.common.util.JdbcListFactory; -import org.springframework.security.oauth2.provider.ClientAlreadyExistsException; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.NoSuchClientException; import org.springframework.stereotype.Component; import org.springframework.util.Assert; import org.springframework.util.StringUtils; @@ -295,8 +295,8 @@ public void deleteClientSecret(String clientId, String zoneId) throws NoSuchClie public void addClientJwtConfig(String clientId, String keyConfig, String zoneId, boolean overwrite) throws NoSuchClientException { ClientJwtConfiguration clientJwtConfiguration = ClientJwtConfiguration.parse(keyConfig); if (clientJwtConfiguration != null) { - UaaClientDetails uaaClientDetails = (UaaClientDetails) loadClientByClientId(clientId, zoneId); - ClientJwtConfiguration existingConfig = ClientJwtConfiguration.readValue(uaaClientDetails); + UaaClientDetails uaaUaaClientDetails = (UaaClientDetails) loadClientByClientId(clientId, zoneId); + ClientJwtConfiguration existingConfig = ClientJwtConfiguration.readValue(uaaUaaClientDetails); ClientJwtConfiguration result = ClientJwtConfiguration.merge(existingConfig, clientJwtConfiguration, overwrite); if (result != null) { updateClientJwtConfig(clientId, JsonUtils.writeValueAsString(result), zoneId); @@ -315,8 +315,8 @@ public void deleteClientJwtConfig(String clientId, String keyConfig, String zone clientJwtConfiguration = new ClientJwtConfiguration(keyConfig, null); } if (clientJwtConfiguration != null) { - UaaClientDetails uaaClientDetails = (UaaClientDetails) loadClientByClientId(clientId, zoneId); - ClientJwtConfiguration result = ClientJwtConfiguration.delete(ClientJwtConfiguration.readValue(uaaClientDetails), clientJwtConfiguration); + UaaClientDetails uaaUaaClientDetails = (UaaClientDetails) loadClientByClientId(clientId, zoneId); + ClientJwtConfiguration result = ClientJwtConfiguration.delete(ClientJwtConfiguration.readValue(uaaUaaClientDetails), clientJwtConfiguration); updateClientJwtConfig(clientId, result != null ? JsonUtils.writeValueAsString(result) : null, zoneId); } else { throw new InvalidClientDetailsException("Invalid jwt configuration configuration"); diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/zone/ZoneEndpointsClientDetailsValidator.java b/server/src/main/java/org/cloudfoundry/identity/uaa/zone/ZoneEndpointsClientDetailsValidator.java index ef241b575b4..c2b41b76bda 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/zone/ZoneEndpointsClientDetailsValidator.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/zone/ZoneEndpointsClientDetailsValidator.java @@ -3,11 +3,11 @@ import org.apache.commons.lang3.StringUtils; import org.cloudfoundry.identity.uaa.client.ClientDetailsValidator; import org.cloudfoundry.identity.uaa.client.InvalidClientDetailsException; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.oauth.client.ClientConstants; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.stereotype.Component; import java.util.Collections; @@ -62,7 +62,7 @@ public ClientDetails validate(ClientDetails clientDetails, Mode mode) throws Inv throw new InvalidClientDetailsException("only the internal IdP ('uaa') is allowed"); } - BaseClientDetails validatedClientDetails = new BaseClientDetails(clientDetails); + UaaClientDetails validatedClientDetails = new UaaClientDetails(clientDetails); validatedClientDetails.setAdditionalInformation(clientDetails.getAdditionalInformation()); validatedClientDetails.setResourceIds(Collections.singleton("none")); validatedClientDetails.addAdditionalInformation(ClientConstants.CREATED_WITH, REQUIRED_SCOPE); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/account/EmailChangeEmailServiceTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/account/EmailChangeEmailServiceTest.java index a92e86a9c17..d7c791a2f0b 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/account/EmailChangeEmailServiceTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/account/EmailChangeEmailServiceTest.java @@ -1,6 +1,7 @@ package org.cloudfoundry.identity.uaa.account; import org.apache.commons.lang3.RandomStringUtils; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.codestore.ExpiringCode; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; import org.cloudfoundry.identity.uaa.error.UaaException; @@ -25,8 +26,7 @@ import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.oauth2.provider.NoSuchClientException; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.web.context.request.RequestContextHolder; @@ -304,7 +304,7 @@ private Map setUpCompleteActivation(String username, String clie codeData.put("client_id", clientId); codeData.put("redirect_uri", redirectUri); codeData.put("email", "new@example.com"); - BaseClientDetails clientDetails = new BaseClientDetails("client-id", null, null, "authorization_grant", null, "http://app.com/*"); + UaaClientDetails clientDetails = new UaaClientDetails("client-id", null, null, "authorization_grant", null, "http://app.com/*"); clientDetails.addAdditionalInformation(CHANGE_EMAIL_REDIRECT_URL, "http://fallback.url/redirect"); when(mockExpiringCodeStore.retrieveCode("the_secret_code", zoneId)).thenReturn(new ExpiringCode("the_secret_code", new Timestamp(System.currentTimeMillis()), JsonUtils.writeValueAsString(codeData), null)); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/audit/event/EntityDeletedEventTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/audit/event/EntityDeletedEventTest.java index 055083c58a5..eec7f57cb4e 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/audit/event/EntityDeletedEventTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/audit/event/EntityDeletedEventTest.java @@ -23,7 +23,7 @@ import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.springframework.security.core.Authentication; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.mockito.Mockito.mock; @@ -55,11 +55,11 @@ void getAuditEvent_IdentityZone() { } @Test - void getAuditEvent_BaseClientDetails() { - BaseClientDetails mockBaseClientDetails = mock(BaseClientDetails.class); - when(mockBaseClientDetails.getClientId()).thenReturn(randomId); + void getAuditEvent_UaaBaseClientDetails() { + UaaClientDetails mockUaaClientDetails = mock(UaaClientDetails.class); + when(mockUaaClientDetails.getClientId()).thenReturn(randomId); - checkAuditEventData(mockBaseClientDetails, BaseClientDetails.class, randomId); + checkAuditEventData(mockUaaClientDetails, UaaClientDetails.class, randomId); } @Test diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/audit/event/SystemDeletableTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/audit/event/SystemDeletableTest.java index 2208120f383..466f5f48d98 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/audit/event/SystemDeletableTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/audit/event/SystemDeletableTest.java @@ -13,7 +13,7 @@ import org.slf4j.Logger; import org.springframework.security.core.Authentication; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import java.util.Arrays; @@ -81,7 +81,7 @@ void identityProviderEventReceived() { @Test void clientDetailsEventReceived() { - BaseClientDetails client = new BaseClientDetails("clientId", "", "", "client_credentials", "uaa.none"); + UaaClientDetails client = new UaaClientDetails("clientId", "", "", "client_credentials", "uaa.none"); for (String zoneId : Arrays.asList("uaa", "zone1", "other-zone")) { EntityDeletedEvent event = new EntityDeletedEvent<>(client, authentication, zoneId); deletable.onApplicationEvent(event); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/UaaClientAuthenticationProviderTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/UaaClientAuthenticationProviderTest.java index 40a74cb4e4b..e23fc43a124 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/UaaClientAuthenticationProviderTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/UaaClientAuthenticationProviderTest.java @@ -2,6 +2,7 @@ import org.cloudfoundry.identity.uaa.account.UaaUserDetails; import org.cloudfoundry.identity.uaa.annotations.WithDatabaseContext; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.client.UaaClient; import org.cloudfoundry.identity.uaa.client.UaaClientDetailsUserDetailsService; import org.cloudfoundry.identity.uaa.login.util.RandomValueStringGenerator; @@ -24,7 +25,6 @@ import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import javax.servlet.http.HttpServletRequest; import java.util.Collections; @@ -67,12 +67,12 @@ void setUpForClientTests() { authenticationProvider = new ClientDetailsAuthenticationProvider(clientDetailsService, passwordEncoder, jwtClientAuthentication); } - public BaseClientDetails createClient() { + public UaaClientDetails createClient() { return createClient(null, null); } - public BaseClientDetails createClient(String addtionalKey, Object value) { - BaseClientDetails details = new BaseClientDetails(generator.generate(), "", "", "client_credentials", "uaa.resource"); + public UaaClientDetails createClient(String addtionalKey, Object value) { + UaaClientDetails details = new UaaClientDetails(generator.generate(), "", "", "client_credentials", "uaa.resource"); details.setClientSecret(SECRET); if (addtionalKey != null) { details.addAdditionalInformation(addtionalKey, value); @@ -136,7 +136,7 @@ void provider_authenticate_client_without_password_public_string() { @Test void provider_authenticate_client_with_empty_password_public_string() { IdentityZoneHolder.get().getConfig().getTokenPolicy().setRefreshTokenRotate(true); - BaseClientDetails clientDetails = new BaseClientDetails(generator.generate(), "", "", "password", "uaa.resource"); + UaaClientDetails clientDetails = new UaaClientDetails(generator.generate(), "", "", "password", "uaa.resource"); clientDetails.setClientSecret(""); jdbcClientDetailsService.addClientDetails(clientDetails); client = clientDetails; @@ -225,7 +225,7 @@ void provider_authenticate_client_without_password_public_missing_code() { @Test void provider_authenticate_client_without_secret_user_without_secret() { - client = new BaseClientDetails(generator.generate(), "", "", "client_credentials", "uaa.resource"); + client = new UaaClientDetails(generator.generate(), "", "", "client_credentials", "uaa.resource"); jdbcClientDetailsService.addClientDetails(client); UsernamePasswordAuthenticationToken a = mock(UsernamePasswordAuthenticationToken.class); UaaAuthenticationDetails uaaAuthenticationDetails = mock(UaaAuthenticationDetails.class); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/WhitelistLogoutHandlerTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/WhitelistLogoutHandlerTest.java index a1f63358394..7a44fe1fb51 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/WhitelistLogoutHandlerTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/WhitelistLogoutHandlerTest.java @@ -14,6 +14,7 @@ package org.cloudfoundry.identity.uaa.authentication; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.zone.MultitenantClientServices; import org.junit.jupiter.api.BeforeEach; @@ -21,8 +22,7 @@ import org.junit.jupiter.api.extension.ExtendWith; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.security.oauth2.provider.NoSuchClientException; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import java.util.Collections; @@ -41,14 +41,14 @@ class WhitelistLogoutHandlerTest { private WhitelistLogoutHandler handler; private MockHttpServletRequest request; private MockHttpServletResponse response; - private BaseClientDetails client; + private UaaClientDetails client; private MultitenantClientServices clientDetailsService; @BeforeEach void setUp() { request = new MockHttpServletRequest(); response = new MockHttpServletResponse(); - client = new BaseClientDetails(CLIENT_ID,"","","","","http://*.testing.com,http://testing.com"); + client = new UaaClientDetails(CLIENT_ID,"","","","","http://*.testing.com,http://testing.com"); clientDetailsService = mock(MultitenantClientServices.class); handler = new WhitelistLogoutHandler(EMPTY_LIST); handler.setDefaultTargetUrl("/login"); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/ZoneAwareWhitelistLogoutHandlerTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/ZoneAwareWhitelistLogoutHandlerTests.java index 0817f932cea..127b31c9e89 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/ZoneAwareWhitelistLogoutHandlerTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/authentication/ZoneAwareWhitelistLogoutHandlerTests.java @@ -14,6 +14,7 @@ package org.cloudfoundry.identity.uaa.authentication; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.oauth.KeyInfoService; import org.cloudfoundry.identity.uaa.provider.oauth.ExternalOAuthLogoutHandler; import org.cloudfoundry.identity.uaa.zone.MultitenantClientServices; @@ -25,8 +26,7 @@ import org.junit.Test; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.security.oauth2.provider.NoSuchClientException; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import javax.servlet.ServletException; import java.io.IOException; @@ -44,7 +44,7 @@ public class ZoneAwareWhitelistLogoutHandlerTests { private MockHttpServletRequest request = new MockHttpServletRequest(); private MockHttpServletResponse response = new MockHttpServletResponse(); - private BaseClientDetails client = new BaseClientDetails(CLIENT_ID, "", "", "", "", "http://*.testing.com,http://testing.com"); + private UaaClientDetails client = new UaaClientDetails(CLIENT_ID, "", "", "", "", "http://*.testing.com,http://testing.com"); private MultitenantClientServices clientDetailsService = mock(MultitenantClientServices.class); private ExternalOAuthLogoutHandler oAuthLogoutHandler = mock(ExternalOAuthLogoutHandler.class); private KeyInfoService keyInfoService = mock(KeyInfoService.class); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/client/ClientAdminBootstrapMultipleSecretsTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/client/ClientAdminBootstrapMultipleSecretsTest.java index 380a2af46fc..6c5af4140c5 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/client/ClientAdminBootstrapMultipleSecretsTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/client/ClientAdminBootstrapMultipleSecretsTest.java @@ -19,21 +19,21 @@ import org.junit.Test; import org.mockito.stubbing.Answer; import org.springframework.security.crypto.password.PasswordEncoder; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; + public class ClientAdminBootstrapMultipleSecretsTest { private ClientAdminBootstrap clientAdminBootstrap; private Map> clients; - private BaseClientDetails verifyClient; + private UaaClientDetails verifyClient; private String clientId = "client1"; private String password1; private String password2; private String oldOneSecret = "oldOneSecret"; private String oldTwoSecret = "oldTwoSecret"; private MultitenantClientServices clientRegistrationService; - private BaseClientDetails oneSecretClient; - private BaseClientDetails twoSecretClient; + private UaaClientDetails oneSecretClient; + private UaaClientDetails twoSecretClient; @Before public void setUp() { @@ -73,11 +73,11 @@ public void setUp() { clientAdminBootstrap = new ClientAdminBootstrap(passwordEncoder, clientRegistrationService, clientMetadataProvisioning, defaultOverride, clients, autoApproveClients, clientsToDelete, null, allowPublicClients); - oneSecretClient = new BaseClientDetails(); + oneSecretClient = new UaaClientDetails(); oneSecretClient.setClientId(clientId); oneSecretClient.setClientSecret("oldOneSecret"); - twoSecretClient = new BaseClientDetails(); + twoSecretClient = new UaaClientDetails(); twoSecretClient.setClientId(clientId); twoSecretClient.setClientSecret(oldOneSecret + " " + oldTwoSecret); } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/client/ClientAdminBootstrapTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/client/ClientAdminBootstrapTests.java index 6357357bda8..ab8da2e5de3 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/client/ClientAdminBootstrapTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/client/ClientAdminBootstrapTests.java @@ -4,6 +4,7 @@ import org.cloudfoundry.identity.uaa.audit.event.EntityDeletedEvent; import org.cloudfoundry.identity.uaa.authentication.SystemAuthentication; import org.cloudfoundry.identity.uaa.oauth.client.ClientConstants; +import org.cloudfoundry.identity.uaa.provider.ClientAlreadyExistsException; import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.cloudfoundry.identity.uaa.zone.MultitenantJdbcClientDetailsService; import org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager; @@ -20,10 +21,8 @@ import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.oauth2.provider.ClientAlreadyExistsException; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.NoSuchClientException; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import org.springframework.util.StringUtils; import org.yaml.snakeyaml.Yaml; @@ -416,7 +415,7 @@ void simpleAddClientWithAllowPublicNoClient() { @Test void overrideClient() { String clientId = randomValueStringGenerator.generate(); - BaseClientDetails foo = new BaseClientDetails(clientId, "", "openid", "client_credentials,password", "uaa.none"); + UaaClientDetails foo = new UaaClientDetails(clientId, "", "openid", "client_credentials,password", "uaa.none"); foo.setClientSecret("secret"); multitenantJdbcClientDetailsService.addClientDetails(foo); reset(multitenantJdbcClientDetailsService); @@ -456,7 +455,7 @@ void setUp() { @Test void overrideClient_usingDefaultOverride() { String clientId = randomValueStringGenerator.generate(); - BaseClientDetails foo = new BaseClientDetails(clientId, "", "openid", "client_credentials,password", "uaa.none"); + UaaClientDetails foo = new UaaClientDetails(clientId, "", "openid", "client_credentials,password", "uaa.none"); foo.setClientSecret("secret"); multitenantJdbcClientDetailsService.addClientDetails(foo); reset(multitenantJdbcClientDetailsService); @@ -478,7 +477,7 @@ void overrideClient_usingDefaultOverride() { @Test void overrideClientWithEmptySecret() { String clientId = randomValueStringGenerator.generate(); - BaseClientDetails foo = new BaseClientDetails(clientId, "", "openid", "client_credentials,password", "uaa.none"); + UaaClientDetails foo = new UaaClientDetails(clientId, "", "openid", "client_credentials,password", "uaa.none"); foo.setClientSecret("secret"); multitenantJdbcClientDetailsService.addClientDetails(foo); @@ -503,7 +502,7 @@ void overrideClientWithEmptySecret() { @Test void doNotOverrideClientWithNullSecret() { String clientId = randomValueStringGenerator.generate(); - BaseClientDetails foo = new BaseClientDetails(clientId, "", "openid", "client_credentials,password", "uaa.none"); + UaaClientDetails foo = new UaaClientDetails(clientId, "", "openid", "client_credentials,password", "uaa.none"); foo.setClientSecret("secret"); multitenantJdbcClientDetailsService.addClientDetails(foo); @@ -528,7 +527,7 @@ void doNotOverrideClientWithNullSecret() { @Test void overrideClientByDefault() { String clientId = randomValueStringGenerator.generate(); - BaseClientDetails foo = new BaseClientDetails(clientId, "", "openid", "client_credentials,password", "uaa.none"); + UaaClientDetails foo = new UaaClientDetails(clientId, "", "openid", "client_credentials,password", "uaa.none"); foo.setClientSecret("secret"); multitenantJdbcClientDetailsService.addClientDetails(foo); reset(multitenantJdbcClientDetailsService); @@ -711,7 +710,7 @@ static Map createClientMap(final String clientId) { private static void createClientInDb( final String clientId, final MultitenantJdbcClientDetailsService multitenantJdbcClientDetailsService) { - BaseClientDetails foo = new BaseClientDetails(clientId, "none", "openid", "authorization_code,refresh_token", "uaa.none"); + UaaClientDetails foo = new UaaClientDetails(clientId, "none", "openid", "authorization_code,refresh_token", "uaa.none"); foo.setClientSecret("secret"); foo.setRegisteredRedirectUri(Collections.singleton("http://localhost/callback")); multitenantJdbcClientDetailsService.addClientDetails(foo); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/client/ClientAdminEndpointsTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/client/ClientAdminEndpointsTests.java index 7b19e65f799..bf95a1e7606 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/client/ClientAdminEndpointsTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/client/ClientAdminEndpointsTests.java @@ -11,6 +11,8 @@ import org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification; import org.cloudfoundry.identity.uaa.oauth.client.ClientJwtChangeRequest; import org.cloudfoundry.identity.uaa.oauth.client.SecretChangeRequest; +import org.cloudfoundry.identity.uaa.provider.ClientAlreadyExistsException; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import org.cloudfoundry.identity.uaa.resources.ActionResult; import org.cloudfoundry.identity.uaa.resources.QueryableResourceManager; import org.cloudfoundry.identity.uaa.resources.ResourceMonitor; @@ -38,10 +40,7 @@ import org.springframework.security.core.Authentication; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.oauth2.common.exceptions.BadClientCredentialsException; -import org.springframework.security.oauth2.provider.ClientAlreadyExistsException; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.NoSuchClientException; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import java.util.ArrayList; import java.util.Arrays; @@ -87,13 +86,13 @@ class ClientAdminEndpointsTests { private ClientAdminEndpoints endpoints = null; - private BaseClientDetails input = null; + private UaaClientDetails input = null; private ClientDetailsModification[] inputs = new ClientDetailsModification[5]; - private BaseClientDetails detail = null; + private UaaClientDetails detail = null; - private BaseClientDetails[] details = new BaseClientDetails[inputs.length]; + private UaaClientDetails[] details = new UaaClientDetails[inputs.length]; private QueryableResourceManager clientDetailsService = null; @@ -115,7 +114,7 @@ public ClientDetails create(ClientDetails resource, String zoneId) { Map additionalInformation = new HashMap<>(resource.getAdditionalInformation()); additionalInformation.put("lastModified", 1463510591); - BaseClientDetails altered = new BaseClientDetails(resource); + UaaClientDetails altered = new UaaClientDetails(resource); altered.setAdditionalInformation(additionalInformation); return altered; @@ -150,7 +149,7 @@ void setUp() { clientDetailsService, 5)); - input = new BaseClientDetails(); + input = new UaaClientDetails(); input.setClientId("foo"); input.setClientSecret("secret"); input.setAuthorizedGrantTypes(Collections.singletonList(GRANT_TYPE_AUTHORIZATION_CODE)); @@ -173,7 +172,7 @@ void setUp() { detail.setAuthorities(AuthorityUtils.commaSeparatedStringToAuthorityList("uaa.none")); for (int i = 0; i < details.length; i++) { - details[i] = new BaseClientDetails(inputs[i]); + details[i] = new UaaClientDetails(inputs[i]); details[i].setResourceIds(Collections.singletonList("none")); // refresh token is added automatically by endpoint validation details[i].setAuthorizedGrantTypes(Arrays.asList(GRANT_TYPE_AUTHORIZATION_CODE, "refresh_token")); @@ -552,7 +551,7 @@ private void validateAttributeResults(SearchResults> result, @Test void testUpdateClientDetailsWithNullCallerAndInvalidScope() { Mockito.when(clientDetailsService.retrieve(input.getClientId(), IdentityZoneHolder.get().getId())).thenReturn( - new BaseClientDetails(input)); + new UaaClientDetails(input)); input.setScope(Collections.singletonList("read")); assertThrows(InvalidClientDetailsException.class, () -> endpoints.updateClientDetails(input, input.getClientId())); verify(clientRegistrationService, never()).updateClientDetails(any()); @@ -583,7 +582,7 @@ void testGetClientDetails() { @Test void testUpdateClientDetails() throws Exception { Mockito.when(clientDetailsService.retrieve(input.getClientId(), IdentityZoneHolder.get().getId())).thenReturn( - new BaseClientDetails(input)); + new UaaClientDetails(input)); when(mockSecurityContextAccessor.getClientId()).thenReturn(detail.getClientId()); when(mockSecurityContextAccessor.isClient()).thenReturn(true); @@ -597,7 +596,7 @@ void testUpdateClientDetails() throws Exception { @Test void testUpdateClientDetailsWithAdditionalInformation() throws Exception { Mockito.when(clientDetailsService.retrieve(input.getClientId(), IdentityZoneHolder.get().getId())).thenReturn( - new BaseClientDetails(input)); + new UaaClientDetails(input)); when(mockSecurityContextAccessor.getClientId()).thenReturn(detail.getClientId()); when(mockSecurityContextAccessor.isClient()).thenReturn(true); @@ -610,25 +609,14 @@ void testUpdateClientDetailsWithAdditionalInformation() throws Exception { verify(clientRegistrationService).updateClientDetails(detail, "testzone"); } - @Test - void testUpdateClientDetailsRemoveAdditionalInformation() throws Exception { - input.setAdditionalInformation(Collections.singletonMap("foo", "bar")); - Mockito.when(clientDetailsService.retrieve(input.getClientId(), IdentityZoneHolder.get().getId())).thenReturn( - new BaseClientDetails(input)); - input.setAdditionalInformation(Collections.emptyMap()); - ClientDetails result = endpoints.updateClientDetails(input, input.getClientId()); - assertNull(result.getClientSecret()); - verify(clientRegistrationService).updateClientDetails(detail, "testzone"); - } - @Test void testPartialUpdateClientDetails() throws Exception { Mockito.when(clientDetailsService.retrieve(input.getClientId(), IdentityZoneHolder.get().getId())).thenReturn(detail); when(mockSecurityContextAccessor.getClientId()).thenReturn(detail.getClientId()); when(mockSecurityContextAccessor.isClient()).thenReturn(true); - BaseClientDetails updated = new UaaClientDetails(detail); - input = new BaseClientDetails(); + UaaClientDetails updated = new UaaClientDetails(detail); + input = new UaaClientDetails(); input.setClientId("foo"); input.setScope(Collections.singletonList("foo.write")); updated.setScope(input.getScope()); @@ -820,7 +808,7 @@ void testRemoveClientDetailsAdminCaller() throws Exception { @Test void testScopeIsRestrictedByCaller() { - BaseClientDetails caller = new BaseClientDetails("caller", null, "none", "client_credentials,implicit", + UaaClientDetails caller = new UaaClientDetails("caller", null, "none", "client_credentials,implicit", "uaa.none"); when(clientDetailsService.retrieve("caller", IdentityZoneHolder.get().getId())).thenReturn(caller); when(mockSecurityContextAccessor.getClientId()).thenReturn("caller"); @@ -831,7 +819,7 @@ void testScopeIsRestrictedByCaller() { @Test void testValidScopeIsNotRestrictedByCaller() { - BaseClientDetails caller = new BaseClientDetails("caller", null, "none", "client_credentials,implicit", + UaaClientDetails caller = new UaaClientDetails("caller", null, "none", "client_credentials,implicit", "uaa.none"); when(clientDetailsService.retrieve("caller", IdentityZoneHolder.get().getId())).thenReturn(caller); when(mockSecurityContextAccessor.getClientId()).thenReturn("caller"); @@ -849,7 +837,7 @@ void testClientEndpointCannotBeConfiguredWithAnInvalidMaxCount() { @Test void testAuthorityIsRestrictedByCaller() { - BaseClientDetails caller = new BaseClientDetails("caller", null, "none", "client_credentials,implicit", + UaaClientDetails caller = new UaaClientDetails("caller", null, "none", "client_credentials,implicit", "uaa.none"); when(clientDetailsService.retrieve("caller", IdentityZoneHolder.get().getId())).thenReturn(caller); when(mockSecurityContextAccessor.getClientId()).thenReturn("caller"); @@ -860,7 +848,7 @@ void testAuthorityIsRestrictedByCaller() { @Test void testAuthorityAllowedByCaller() { - BaseClientDetails caller = new BaseClientDetails("caller", null, "uaa.none", "client_credentials,implicit", + UaaClientDetails caller = new UaaClientDetails("caller", null, "uaa.none", "client_credentials,implicit", "uaa.none"); when(clientDetailsService.retrieve("caller", IdentityZoneHolder.get().getId())).thenReturn(caller); when(mockSecurityContextAccessor.getClientId()).thenReturn("caller"); @@ -870,7 +858,7 @@ void testAuthorityAllowedByCaller() { @Test void cannotExpandScope() { - BaseClientDetails caller = new BaseClientDetails(); + UaaClientDetails caller = new UaaClientDetails(); caller.setScope(Collections.singletonList("none")); when(clientDetailsService.retrieve("caller", IdentityZoneHolder.get().getId())).thenReturn(caller); detail.setAuthorizedGrantTypes(Collections.singletonList("implicit")); @@ -979,9 +967,9 @@ void testCreateClientWithAutoapproveScopesList() { detail.setAuthorizedGrantTypes(input.getAuthorizedGrantTypes()); ClientDetails result = endpoints.createClientDetails(createClientDetailsCreation(input)); assertNull(result.getClientSecret()); - ArgumentCaptor clientCaptor = ArgumentCaptor.forClass(BaseClientDetails.class); + ArgumentCaptor clientCaptor = ArgumentCaptor.forClass(UaaClientDetails.class); verify(clientDetailsService).create(clientCaptor.capture(), anyString()); - BaseClientDetails created = clientCaptor.getValue(); + UaaClientDetails created = clientCaptor.getValue(); assertSetEquals(autoApproveScopes, created.getAutoApproveScopes()); assertTrue(created.isAutoApprove("foo.read")); assertFalse(created.isAutoApprove("foo.write")); @@ -1006,9 +994,9 @@ void testCreateClientWithAutoapproveScopesTrue() { detail.setAuthorizedGrantTypes(input.getAuthorizedGrantTypes()); ClientDetails result = endpoints.createClientDetails(createClientDetailsCreation(input)); assertNull(result.getClientSecret()); - ArgumentCaptor clientCaptor = ArgumentCaptor.forClass(BaseClientDetails.class); + ArgumentCaptor clientCaptor = ArgumentCaptor.forClass(UaaClientDetails.class); verify(clientDetailsService).create(clientCaptor.capture(), anyString()); - BaseClientDetails created = clientCaptor.getValue(); + UaaClientDetails created = clientCaptor.getValue(); assertSetEquals(autoApproveScopes, created.getAutoApproveScopes()); assertTrue(created.isAutoApprove("foo.read")); assertTrue(created.isAutoApprove("foo.write")); @@ -1017,7 +1005,7 @@ void testCreateClientWithAutoapproveScopesTrue() { @Test void testUpdateClientWithAutoapproveScopesList() throws Exception { Mockito.when(clientDetailsService.retrieve(input.getClientId(), IdentityZoneHolder.get().getId())).thenReturn( - new BaseClientDetails(input)); + new UaaClientDetails(input)); when(mockSecurityContextAccessor.getClientId()).thenReturn(detail.getClientId()); when(mockSecurityContextAccessor.isClient()).thenReturn(true); @@ -1030,9 +1018,9 @@ void testUpdateClientWithAutoapproveScopesList() throws Exception { ClientDetails result = endpoints.updateClientDetails(detail, input.getClientId()); assertNull(result.getClientSecret()); - ArgumentCaptor clientCaptor = ArgumentCaptor.forClass(BaseClientDetails.class); + ArgumentCaptor clientCaptor = ArgumentCaptor.forClass(UaaClientDetails.class); verify(clientRegistrationService).updateClientDetails(clientCaptor.capture(), anyString()); - BaseClientDetails updated = clientCaptor.getValue(); + UaaClientDetails updated = clientCaptor.getValue(); assertSetEquals(autoApproveScopes, updated.getAutoApproveScopes()); assertTrue(updated.isAutoApprove("foo.read")); assertFalse(updated.isAutoApprove("foo.write")); @@ -1041,7 +1029,7 @@ void testUpdateClientWithAutoapproveScopesList() throws Exception { @Test void testUpdateClientWithAutoapproveScopesTrue() throws Exception { Mockito.when(clientDetailsService.retrieve(input.getClientId(), IdentityZoneHolder.get().getId())).thenReturn( - new BaseClientDetails(input)); + new UaaClientDetails(input)); when(mockSecurityContextAccessor.getClientId()).thenReturn(detail.getClientId()); when(mockSecurityContextAccessor.isClient()).thenReturn(true); @@ -1052,11 +1040,11 @@ void testUpdateClientWithAutoapproveScopesTrue() throws Exception { detail.setScope(scopes); detail.setAutoApproveScopes(autoApproveScopes); - ArgumentCaptor clientCaptor = ArgumentCaptor.forClass(BaseClientDetails.class); + ArgumentCaptor clientCaptor = ArgumentCaptor.forClass(UaaClientDetails.class); ClientDetails result = endpoints.updateClientDetails(detail, input.getClientId()); assertNull(result.getClientSecret()); verify(clientRegistrationService).updateClientDetails(clientCaptor.capture(), anyString()); - BaseClientDetails updated = clientCaptor.getValue(); + UaaClientDetails updated = clientCaptor.getValue(); assertSetEquals(autoApproveScopes, updated.getAutoApproveScopes()); assertTrue(updated.isAutoApprove("foo.read")); assertTrue(updated.isAutoApprove("foo.write")); @@ -1188,7 +1176,7 @@ void testCreateClientWithJsonKeyWebSet() { assertNotEquals(ClientJwtConfiguration.readValue(created), ClientJwtConfiguration.parse(jsonJwk3)); } - private ClientDetailsCreation createClientDetailsCreation(BaseClientDetails baseClientDetails) { + private ClientDetailsCreation createClientDetailsCreation(UaaClientDetails baseClientDetails) { final var clientDetails = new ClientDetailsCreation(); clientDetails.setClientId(baseClientDetails.getClientId()); clientDetails.setClientSecret(baseClientDetails.getClientSecret()); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/client/ClientAdminEndpointsValidatorTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/client/ClientAdminEndpointsValidatorTests.java index 2731c3e27d3..38d08d05df2 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/client/ClientAdminEndpointsValidatorTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/client/ClientAdminEndpointsValidatorTests.java @@ -27,7 +27,6 @@ import org.junit.rules.ExpectedException; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import java.util.ArrayList; import java.util.Arrays; @@ -50,8 +49,8 @@ public class ClientAdminEndpointsValidatorTests { - BaseClientDetails client; - BaseClientDetails caller; + UaaClientDetails client; + UaaClientDetails caller; ClientAdminEndpointsValidator validator; ClientSecretValidator secretValidator; @@ -73,9 +72,9 @@ public class ClientAdminEndpointsValidatorTests { @Before public void createClient() { - client = new BaseClientDetails("newclient","","","client_credentials",""); + client = new UaaClientDetails("newclient","","","client_credentials",""); client.setClientSecret("secret"); - caller = new BaseClientDetails("caller","","","client_credentials","clients.write"); + caller = new UaaClientDetails("caller","","","client_credentials","clients.write"); SecurityContextAccessor mockSecurityContextAccessor = mock(SecurityContextAccessor.class); validator = new ClientAdminEndpointsValidator(mockSecurityContextAccessor); secretValidator = new ZoneAwareClientSecretPolicyValidator(new ClientSecretPolicy(0,255,0,0,0,0,6)); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/client/UaaClientDetailsTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/client/UaaClientDetailsTest.java deleted file mode 100644 index 53aa8104d35..00000000000 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/client/UaaClientDetailsTest.java +++ /dev/null @@ -1,112 +0,0 @@ -package org.cloudfoundry.identity.uaa.client; - -import org.junit.jupiter.api.BeforeEach; -import org.junit.jupiter.api.Nested; -import org.junit.jupiter.api.Test; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; - -import java.util.Collections; -import java.util.List; -import java.util.stream.Collectors; - -import static org.cloudfoundry.identity.uaa.client.UaaClientDetailsMatcher.aUaaClientDetails; -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.MatcherAssert.assertThat; -import static org.hamcrest.Matchers.allOf; -import static org.hamcrest.Matchers.containsInAnyOrder; -import static org.hamcrest.Matchers.emptyIterable; -import static org.hamcrest.collection.IsIterableContainingInOrder.contains; -import static org.hamcrest.collection.IsMapContaining.hasEntry; -import static org.hamcrest.collection.IsMapWithSize.aMapWithSize; -import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertNotEquals; - -class UaaClientDetailsTest { - - @Nested - class Creation { - private BaseClientDetails testClient; - - @BeforeEach - void setUp() { - testClient = new BaseClientDetails( - "test", - "", - "test.none", - "", - "test.admin" - ); - } - - @Test - void copiesBaseClientDetails() { - testClient.setClientSecret("secret"); - UaaClientDetails copy = new UaaClientDetails(testClient); - assertThat(copy, is( - aUaaClientDetails() - .withClientId("test") - .withClientSecret("secret") - .withScope(contains("test.none")) - .withResourceIds(emptyIterable()) - )); - - List authorities = copy.getAuthorities().stream() - .map(GrantedAuthority::getAuthority) - .collect(Collectors.toList()); - assertThat(authorities, contains("test.admin")); - } - - @Test - void copiesAdditionalInformation() { - testClient.setAdditionalInformation(Collections.singletonMap("key", "value")); - UaaClientDetails copy = new UaaClientDetails(testClient); - assertThat(copy, is( - aUaaClientDetails() - .withAdditionalInformation(allOf(aMapWithSize(1), hasEntry("key", "value"))) - )); - } - - @Test - void testClientJwtConfig() { - UaaClientDetails copy = new UaaClientDetails(testClient); - copy.setClientJwtConfig("test"); - assertEquals("test", copy.getClientJwtConfig()); - } - - @Test - void testEquals() { - UaaClientDetails copy = new UaaClientDetails(testClient); - UaaClientDetails copy2 = new UaaClientDetails(testClient); - copy.setClientJwtConfig("test"); - assertNotEquals(copy, copy2); - assertNotEquals(copy, new UaaClientDetails()); - copy.setClientJwtConfig(null); - assertEquals(copy, copy2); - assertEquals(copy, copy); - assertNotEquals(copy, new BaseClientDetails()); - } - - @Test - void testHashCode() { - UaaClientDetails copy = new UaaClientDetails(testClient); - UaaClientDetails copy2 = new UaaClientDetails(testClient.getClientId(), "", - "test.none", "", "test.admin", null); - assertEquals(copy.hashCode(), copy2.hashCode()); - copy.setClientJwtConfig("test"); - assertNotEquals(copy.hashCode(), copy2.hashCode()); - } - } - - @Nested - class WhenSettingScope { - @Test - void splitsScopesWhichIncludeAComma() { - UaaClientDetails client = new UaaClientDetails(new BaseClientDetails()); - client.setScope(Collections.singleton("foo,bar")); - assertThat(client, is( - aUaaClientDetails().withScope(containsInAnyOrder("foo", "bar")) - )); - } - } -} \ No newline at end of file diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/invitations/EmailInvitationsServiceTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/invitations/EmailInvitationsServiceTests.java index 096e1f578d3..7d8be551140 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/invitations/EmailInvitationsServiceTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/invitations/EmailInvitationsServiceTests.java @@ -1,5 +1,6 @@ package org.cloudfoundry.identity.uaa.invitations; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.codestore.ExpiringCode; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; import org.cloudfoundry.identity.uaa.constants.OriginKeys; @@ -19,8 +20,7 @@ import org.mockito.Mock; import org.mockito.junit.jupiter.MockitoExtension; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.oauth2.provider.NoSuchClientException; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import org.springframework.web.client.HttpClientErrorException; import java.sql.Timestamp; @@ -107,7 +107,7 @@ void acceptInvitation_withoutPasswordUpdate() { ScimUser user = new ScimUser("user-id-001", "user@example.com", "first", "last"); user.setOrigin(UAA); - BaseClientDetails clientDetails = new BaseClientDetails("client-id", null, null, null, null, "http://example.com/*/"); + UaaClientDetails clientDetails = new UaaClientDetails("client-id", null, null, null, null, "http://example.com/*/"); when(mockClientDetailsService.loadClientByClientId("acmeClientId", zoneId)).thenReturn(clientDetails); when(mockScimUserProvisioning.retrieve(eq("user-id-001"), eq(zoneId))).thenReturn(user); when(mockScimUserProvisioning.verifyUser(anyString(), anyInt(), eq(zoneId))).thenReturn(user); @@ -129,7 +129,7 @@ void acceptInvitation_onlyMarksInternalUsersAsVerified() { ScimUser user = new ScimUser("ldap-user-id", "ldapuser", "Charlie", "Brown"); user.setOrigin(LDAP); - BaseClientDetails clientDetails = new BaseClientDetails("client-id", null, null, null, null, "http://example.com/*/"); + UaaClientDetails clientDetails = new UaaClientDetails("client-id", null, null, null, null, "http://example.com/*/"); when(mockScimUserProvisioning.retrieve(eq("ldap-user-id"), eq(zoneId))).thenReturn(user); when(mockClientDetailsService.loadClientByClientId("acmeClientId", zoneId)).thenReturn(clientDetails); @@ -170,7 +170,7 @@ void acceptInvitationWithClientNotFound() { void acceptInvitationWithValidRedirectUri() { ScimUser user = new ScimUser("user-id-001", "user@example.com", "first", "last"); user.setOrigin(UAA); - BaseClientDetails clientDetails = new BaseClientDetails("client-id", null, null, null, null, "http://example.com/*/"); + UaaClientDetails clientDetails = new UaaClientDetails("client-id", null, null, null, null, "http://example.com/*/"); when(mockScimUserProvisioning.retrieve(eq("user-id-001"), eq(zoneId))).thenReturn(user); when(mockScimUserProvisioning.verifyUser(anyString(), anyInt(), eq(zoneId))).thenReturn(user); when(mockClientDetailsService.loadClientByClientId("acmeClientId", zoneId)).thenReturn(clientDetails); @@ -193,7 +193,7 @@ void acceptInvitationWithValidRedirectUri() { void acceptInvitationWithInvalidRedirectUri() { ScimUser user = new ScimUser("user-id-001", "user@example.com", "first", "last"); user.setOrigin(UAA); - BaseClientDetails clientDetails = new BaseClientDetails("client-id", null, null, null, null, "http://example.com/redirect"); + UaaClientDetails clientDetails = new UaaClientDetails("client-id", null, null, null, null, "http://example.com/redirect"); when(mockScimUserProvisioning.verifyUser(anyString(), anyInt(), eq(zoneId))).thenReturn(user); when(mockScimUserProvisioning.retrieve(eq("user-id-001"), eq(zoneId))).thenReturn(user); when(mockClientDetailsService.loadClientByClientId("acmeClientId", zoneId)).thenReturn(clientDetails); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/AutologinAuthenticationManagerTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/AutologinAuthenticationManagerTest.java index 7a73c5ded12..32de9694186 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/login/AutologinAuthenticationManagerTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/login/AutologinAuthenticationManagerTest.java @@ -5,6 +5,7 @@ import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails; import org.cloudfoundry.identity.uaa.authentication.manager.AutologinAuthenticationManager; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.login.util.RandomValueStringGenerator; import org.cloudfoundry.identity.uaa.codestore.ExpiringCode; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; @@ -22,7 +23,6 @@ import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.core.Authentication; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import java.sql.Timestamp; import java.util.Collections; @@ -76,7 +76,7 @@ void authentication_successful() { codeData.put(OriginKeys.ORIGIN, OriginKeys.UAA); when(codeStore.retrieveCode("the_secret_code", IdentityZoneHolder.get().getId())).thenReturn(new ExpiringCode("the_secret_code", new Timestamp(123), JsonUtils.writeValueAsString(codeData), ExpiringCodeType.AUTOLOGIN.name())); - when(clientDetailsService.loadClientByClientId(eq(clientId), anyString())).thenReturn(new BaseClientDetails("test-client-details","","","","")); + when(clientDetailsService.loadClientByClientId(eq(clientId), anyString())).thenReturn(new UaaClientDetails("test-client-details","","","","")); String zoneId = IdentityZoneHolder.get().getId(); when(userDatabase.retrieveUserById(eq("test-user-id"))) .thenReturn( diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/EmailAccountCreationServiceTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/EmailAccountCreationServiceTests.java index 893cdf20cee..82e7a7df3d6 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/login/EmailAccountCreationServiceTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/login/EmailAccountCreationServiceTests.java @@ -28,7 +28,7 @@ import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.NoSuchClientException; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.web.client.HttpClientErrorException; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpointTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpointTests.java index 14c8887d9ee..f6fca6c0c53 100755 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpointTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/login/LoginInfoEndpointTests.java @@ -1,37 +1,8 @@ package org.cloudfoundry.identity.uaa.login; -import java.lang.reflect.Modifier; -import java.net.MalformedURLException; -import java.net.URL; -import java.net.URLEncoder; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; -import java.util.Iterator; -import java.util.LinkedList; -import java.util.List; -import java.util.Map; -import java.util.function.Function; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpSession; - -import org.springframework.dao.DataAccessException; -import org.springframework.dao.EmptyResultDataAccessException; -import org.springframework.http.MediaType; -import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.mock.web.MockHttpSession; -import org.springframework.security.authentication.BadCredentialsException; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; -import org.springframework.security.web.savedrequest.DefaultSavedRequest; -import org.springframework.security.web.savedrequest.SavedRequest; -import org.springframework.ui.ExtendedModelMap; -import org.springframework.ui.Model; -import org.springframework.web.HttpMediaTypeNotAcceptableException; - import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.codestore.InMemoryExpiringCodeStore; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; @@ -54,7 +25,6 @@ import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; -import org.cloudfoundry.identity.uaa.zone.IdentityZoneProvisioning; import org.cloudfoundry.identity.uaa.zone.Links; import org.cloudfoundry.identity.uaa.zone.MultitenancyFixture; import org.cloudfoundry.identity.uaa.zone.MultitenantClientServices; @@ -62,18 +32,43 @@ import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; +import org.springframework.dao.DataAccessException; +import org.springframework.dao.EmptyResultDataAccessException; +import org.springframework.http.MediaType; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.mock.web.MockHttpSession; +import org.springframework.security.web.savedrequest.DefaultSavedRequest; +import org.springframework.security.web.savedrequest.SavedRequest; +import org.springframework.ui.ExtendedModelMap; +import org.springframework.ui.Model; +import org.springframework.web.HttpMediaTypeNotAcceptableException; + +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpSession; +import java.lang.reflect.Modifier; +import java.net.MalformedURLException; +import java.net.URL; +import java.net.URLEncoder; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.Iterator; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; +import java.util.function.Function; import static java.nio.charset.StandardCharsets.UTF_8; import static java.util.Collections.emptyList; import static java.util.Collections.singletonList; -import static org.cloudfoundry.identity.uaa.util.AssertThrowsWithMessage.assertThrowsWithMessageThat; import static org.cloudfoundry.identity.uaa.util.UaaUrlUtils.addSubdomainToUrl; import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.hasKey; import static org.hamcrest.Matchers.hasSize; import static org.hamcrest.Matchers.instanceOf; -import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.not; import static org.hamcrest.Matchers.notNullValue; import static org.hamcrest.Matchers.startsWith; @@ -91,9 +86,7 @@ import static org.mockito.ArgumentMatchers.anyString; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.ArgumentMatchers.isNull; -import static org.mockito.Mockito.doReturn; import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.spy; import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; @@ -708,7 +701,7 @@ void filterIDPsForAuthcodeClientInDefaultZone() throws Exception { List allowedProviders = Arrays.asList("my-client-awesome-idp1", "my-client-awesome-idp2", OriginKeys.LDAP); // mock Client service - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId("client-id"); clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, new LinkedList<>(allowedProviders)); MultitenantClientServices clientDetailsService = mock(MultitenantClientServices.class); @@ -743,7 +736,7 @@ void filterIDPsForAuthcodeClientInOtherZone() throws Exception { List allowedProviders = Arrays.asList("my-client-awesome-idp1", "my-client-awesome-idp2"); // mock Client service - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId("client-id"); clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, new LinkedList<>(allowedProviders)); MultitenantClientServices clientDetailsService = mock(MultitenantClientServices.class); @@ -781,7 +774,7 @@ void authcodeWithAllowedProviderStillUsesAccountChooser() throws Exception { List allowedProviders = Arrays.asList("uaa", "my-client-awesome-idp1"); // mock Client service - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId("client-id"); clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, new LinkedList<>(allowedProviders)); MultitenantClientServices clientDetailsService = mock(MultitenantClientServices.class); @@ -799,7 +792,7 @@ void filterIDPsForAuthcodeClientWithNoAllowedIDPsInOtherZone() throws Exception MockHttpServletRequest request = getMockHttpServletRequest(); // mock Client service - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); MultitenantClientServices clientDetailsService = mock(MultitenantClientServices.class); when(clientDetailsService.loadClientByClientId(eq("client-id"), anyString())).thenReturn(clientDetails); @@ -820,7 +813,7 @@ void allowedIdpsforClientOIDCProvider() throws Exception { List allowedProviders = Arrays.asList("my-OIDC-idp1", "my-OIDC-idp2", OriginKeys.LDAP); // mock Client service - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId("client-id"); clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, new LinkedList<>(allowedProviders)); MultitenantClientServices clientDetailsService = mock(MultitenantClientServices.class); @@ -1068,7 +1061,7 @@ void loginHintOriginUaaAllowedProvidersNull() throws Exception { MockHttpServletRequest mockHttpServletRequest = getMockHttpServletRequest(); // mock Client service - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId("client-id"); clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, null); MultitenantClientServices clientDetailsService = mock(MultitenantClientServices.class); @@ -1091,7 +1084,7 @@ void loginHintUaaNotAllowedLoginPageNotEmpty() throws Exception { List allowedProviders = Arrays.asList("my-OIDC-idp1", "my-OIDC-idp2"); // mock Client service - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId("client-id"); clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, new LinkedList<>(allowedProviders)); MultitenantClientServices clientDetailsService = mock(MultitenantClientServices.class); @@ -1226,7 +1219,7 @@ void invalidLoginHintErrorOnAccountChooserPage() throws Exception { public void testInvalidLoginHintLoginPageReturnsList() throws Exception { MockHttpServletRequest mockHttpServletRequest = getMockHttpServletRequest(); - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId("client-id"); MultitenantClientServices clientDetailsService = mock(MultitenantClientServices.class); when(clientDetailsService.loadClientByClientId("client-id", "uaa")).thenReturn(clientDetails); @@ -1641,7 +1634,7 @@ void defaultProviderLdapWithAllowedOnlyOIDC() throws Exception { List allowedProviders = singletonList("my-OIDC-idp1"); // mock Client service - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId("client-id"); clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, new LinkedList<>(allowedProviders)); MultitenantClientServices clientDetailsService = mock(MultitenantClientServices.class); @@ -1666,7 +1659,7 @@ void allowedProvidersOnlyLDAPDoesNotUseInternalUsers() throws Exception { List allowedProviders = singletonList("ldap"); // mock Client service - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId("client-id"); clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, new LinkedList<>(allowedProviders)); MultitenantClientServices clientDetailsService = mock(MultitenantClientServices.class); @@ -1686,7 +1679,7 @@ void allowedProvidersLoginHintDoesKeepExternalProviders() throws Exception { List allowedProviders = Arrays.asList("my-OIDC-idp1", "uaa"); // mock Client service - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId("client-id"); clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, new LinkedList<>(allowedProviders)); MultitenantClientServices clientDetailsService = mock(MultitenantClientServices.class); @@ -1824,7 +1817,7 @@ private static MultitenantClientServices mockClientService() { private static MultitenantClientServices mockClientService(List allowedProviders) { // mock Client service - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId("client-id"); if (allowedProviders != null) { clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, new LinkedList<>(allowedProviders)); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/ProfileControllerMockMvcTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/ProfileControllerMockMvcTests.java index c215721af13..b948a06cbd6 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/login/ProfileControllerMockMvcTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/login/ProfileControllerMockMvcTests.java @@ -5,6 +5,7 @@ import org.cloudfoundry.identity.uaa.approval.ApprovalStore; import org.cloudfoundry.identity.uaa.approval.DescribedApproval; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.home.BuildInfo; import org.cloudfoundry.identity.uaa.oauth.client.ClientConstants; @@ -23,7 +24,6 @@ import org.springframework.context.annotation.Import; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit.jupiter.SpringExtension; import org.springframework.test.context.web.WebAppConfiguration; @@ -158,11 +158,11 @@ void setUp() { when(approvalStore.getApprovalsForUser(anyString(), eq(currentIdentityZoneId))).thenReturn(allApprovals); - BaseClientDetails appClient = new BaseClientDetails("app", "thing", "thing.read,thing.write", GRANT_TYPE_AUTHORIZATION_CODE, ""); + UaaClientDetails appClient = new UaaClientDetails("app", "thing", "thing.read,thing.write", GRANT_TYPE_AUTHORIZATION_CODE, ""); appClient.addAdditionalInformation(ClientConstants.CLIENT_NAME, THE_ULTIMATE_APP); when(clientDetailsService.loadClientByClientId("app", currentIdentityZoneId)).thenReturn(appClient); - BaseClientDetails otherClient = new BaseClientDetails("other-client", "thing", "thing.read,thing.write", GRANT_TYPE_AUTHORIZATION_CODE, ""); + UaaClientDetails otherClient = new UaaClientDetails("other-client", "thing", "thing.read,thing.write", GRANT_TYPE_AUTHORIZATION_CODE, ""); otherClient.addAdditionalInformation(ClientConstants.CLIENT_NAME, THE_ULTIMATE_APP); when(clientDetailsService.loadClientByClientId("other-client", currentIdentityZoneId)).thenReturn(otherClient); } @@ -179,7 +179,7 @@ void getProfile() throws Exception { @Test void getProfileNoAppName() throws Exception { - BaseClientDetails appClient = new BaseClientDetails("app", "thing", "thing.read,thing.write", GRANT_TYPE_AUTHORIZATION_CODE, ""); + UaaClientDetails appClient = new UaaClientDetails("app", "thing", "thing.read,thing.write", GRANT_TYPE_AUTHORIZATION_CODE, ""); when(clientDetailsService.loadClientByClientId("app", currentIdentityZoneId)).thenReturn(appClient); getProfile(mockMvc, "app", currentIdentityZoneId); } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/login/UaaResetPasswordServiceTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/login/UaaResetPasswordServiceTests.java index 3ad91cad068..1ea11d0b3d6 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/login/UaaResetPasswordServiceTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/login/UaaResetPasswordServiceTests.java @@ -7,6 +7,7 @@ import org.cloudfoundry.identity.uaa.account.UaaResetPasswordService; import org.cloudfoundry.identity.uaa.account.event.ResetPasswordRequestEvent; import org.cloudfoundry.identity.uaa.authentication.InvalidCodeException; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.codestore.ExpiringCode; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; import org.cloudfoundry.identity.uaa.scim.ScimMeta; @@ -28,8 +29,7 @@ import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.oauth2.provider.NoSuchClientException; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import java.sql.Timestamp; import java.util.Collections; @@ -185,7 +185,7 @@ void forgotPassword_ThrowsNotFoundException_ScimUserNotFoundInUaa() { void testResetPassword() { ExpiringCode code = setupResetPassword("example", "redirect.example.com/login"); - BaseClientDetails client = new BaseClientDetails(); + UaaClientDetails client = new UaaClientDetails(); client.setRegisteredRedirectUri(Collections.singleton("redirect.example.com/*")); when(clientDetailsService.loadClientByClientId("example", currentZoneId)).thenReturn(client); @@ -261,7 +261,7 @@ void resetPassword_WithNoClientId() { @Test void resetPassword_WhereWildcardsDoNotMatch() { ExpiringCode code = setupResetPassword("example", "redirect.example.com"); - BaseClientDetails client = new BaseClientDetails(); + UaaClientDetails client = new UaaClientDetails(); client.setRegisteredRedirectUri(Collections.singleton("doesnotmatch.example.com/*")); when(clientDetailsService.loadClientByClientId("example", currentZoneId)).thenReturn(client); @@ -272,7 +272,7 @@ void resetPassword_WhereWildcardsDoNotMatch() { @Test void resetPassword_WithNoRedirectUri() { ExpiringCode code = setupResetPassword("example", ""); - BaseClientDetails client = new BaseClientDetails(); + UaaClientDetails client = new UaaClientDetails(); client.setRegisteredRedirectUri(Collections.singleton("redirect.example.com/*")); when(clientDetailsService.loadClientByClientId("example")).thenReturn(client); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/AccessControllerTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/AccessControllerTests.java index e22ce841dec..3ce4327dea3 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/AccessControllerTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/AccessControllerTests.java @@ -2,6 +2,7 @@ import org.cloudfoundry.identity.uaa.approval.ApprovalStore; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationTestFactory; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.oauth.client.ClientConstants; import org.cloudfoundry.identity.uaa.scim.ScimGroup; import org.cloudfoundry.identity.uaa.scim.ScimGroupProvisioning; @@ -13,7 +14,6 @@ import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.security.core.Authentication; import org.springframework.security.oauth2.provider.AuthorizationRequest; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.ui.ModelMap; import org.springframework.web.bind.support.SimpleSessionStatus; @@ -34,12 +34,12 @@ class AccessControllerTests { private AccessController controller; - private BaseClientDetails client; + private UaaClientDetails client; private ScimGroupProvisioning mockScimGroupProvisioning; @BeforeEach void setUp() { - client = new BaseClientDetails(); + client = new UaaClientDetails(); InMemoryMultitenantClientServices clientDetailsService = new InMemoryMultitenantClientServices(null); clientDetailsService.setClientDetailsStore(IdentityZoneHolder.get().getId(), Collections.singletonMap("client-id", client)); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ApprovalServiceTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ApprovalServiceTest.java index d21fa408ee1..34235367aba 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ApprovalServiceTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ApprovalServiceTest.java @@ -4,13 +4,13 @@ import org.cloudfoundry.identity.uaa.approval.Approval; import org.cloudfoundry.identity.uaa.approval.ApprovalService; import org.cloudfoundry.identity.uaa.approval.ApprovalStore; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.util.TimeService; import org.junit.Before; import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import java.util.Date; import java.util.List; @@ -29,7 +29,7 @@ public class ApprovalServiceTest { private ApprovalService approvalService; private TimeService timeService; private ApprovalStore approvalStore; - private BaseClientDetails clientDetails; + private UaaClientDetails clientDetails; @Rule public ExpectedException expectedException = ExpectedException.none(); @@ -38,7 +38,7 @@ public class ApprovalServiceTest { public void setup() { timeService = mock(TimeService.class); approvalStore = mock(ApprovalStore.class); - clientDetails = new BaseClientDetails(CLIENT_ID, null, "foo.read,bar.write", null, null); + clientDetails = new UaaClientDetails(CLIENT_ID, null, "foo.read,bar.write", null, null); approvalService = new ApprovalService(timeService, approvalStore); } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/CheckTokenEndpointTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/CheckTokenEndpointTests.java index aa3570230b1..1c746c72ad2 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/CheckTokenEndpointTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/CheckTokenEndpointTests.java @@ -19,6 +19,7 @@ import org.cloudfoundry.identity.uaa.approval.ApprovalService; import org.cloudfoundry.identity.uaa.approval.ApprovalStore; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationTestFactory; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.oauth.approval.InMemoryApprovalStore; import org.cloudfoundry.identity.uaa.oauth.client.ClientConstants; @@ -61,7 +62,6 @@ import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.test.util.ReflectionTestUtils; import org.springframework.web.HttpRequestMethodNotSupportedException; @@ -110,8 +110,8 @@ public class CheckTokenEndpointTests { private AuthorizationRequest authorizationRequest = null; private UaaUserPrototype uaaUserPrototype; private UaaUser user; - private BaseClientDetails defaultClient; - private Map clientDetailsStore; + private UaaClientDetails defaultClient; + private Map clientDetailsStore; private List userAuthorities; private IdentityZoneProvisioning zoneProvisioning = mock(IdentityZoneProvisioning.class); private RevocableTokenProvisioning tokenProvisioning; @@ -302,7 +302,7 @@ public void setUp(boolean opaque) throws Exception { .setStatus(ApprovalStatus.APPROVED) .setLastUpdatedAt(oneSecondAgo), IdentityZoneHolder.get().getId()); - defaultClient = new BaseClientDetails("client", "scim, cc", "read, write", "authorization_code, password", "scim.read, scim.write, cat.pet", "http://localhost:8080/uaa"); + defaultClient = new UaaClientDetails("client", "scim, cc", "read, write", "authorization_code, password", "scim.read, scim.write, cat.pet", "http://localhost:8080/uaa"); clientDetailsStore = Collections.singletonMap( "client", @@ -358,11 +358,11 @@ private void resetAndMockUserDatabase(String userId, UaaUser user) { @Test public void testClientWildcard() throws Exception { - BaseClientDetails client = - new BaseClientDetails("client", "zones", "zones.*.admin", "authorization_code, password", + UaaClientDetails client = + new UaaClientDetails("client", "zones", "zones.*.admin", "authorization_code, password", "scim.read, scim.write", "http://localhost:8080/uaa"); client.setAutoApproveScopes(Collections.singletonList("zones.*.admin")); - Map clientDetailsStore = Collections.singletonMap("client", client); + Map clientDetailsStore = Collections.singletonMap("client", client); clientDetailsService.setClientDetailsStore(IdentityZoneHolder.get().getId(), clientDetailsStore); tokenServices.setClientDetailsService(clientDetailsService); @@ -571,7 +571,7 @@ public void revokingScopesFromUser_invalidatesToken() throws Exception { @Test(expected = InvalidTokenException.class) public void revokingScopesFromClient_invalidatesToken() throws Exception { OAuth2AccessToken accessToken = tokenServices.createAccessToken(authentication); - defaultClient = new BaseClientDetails("client", "scim, cc", "write", "authorization_code, password", "scim.read, scim.write", "http://localhost:8080/uaa"); + defaultClient = new UaaClientDetails("client", "scim, cc", "write", "authorization_code, password", "scim.read, scim.write", "http://localhost:8080/uaa"); clientDetailsStore = Collections.singletonMap("client", defaultClient); clientDetailsService.setClientDetailsStore(IdentityZoneHolder.get().getId(), clientDetailsStore); @@ -580,7 +580,7 @@ public void revokingScopesFromClient_invalidatesToken() throws Exception { @Test(expected = InvalidTokenException.class) public void revokingAuthoritiesFromClients_invalidatesToken() throws Exception { - defaultClient = new BaseClientDetails("client", "scim, cc", "write,read", "authorization_code, password", "scim.write", "http://localhost:8080/uaa"); + defaultClient = new UaaClientDetails("client", "scim, cc", "write,read", "authorization_code, password", "scim.write", "http://localhost:8080/uaa"); clientDetailsStore = Collections.singletonMap( "client", defaultClient @@ -938,11 +938,11 @@ public void testClientAuthoritiesNotInResult() throws Exception { @Test(expected = InvalidTokenException.class) public void testExpiredToken() throws Exception { - BaseClientDetails clientDetails = new BaseClientDetails("client", "scim, cc", "read, write", + UaaClientDetails clientDetails = new UaaClientDetails("client", "scim, cc", "read, write", "authorization_code, password", "scim.read, scim.write", "http://localhost:8080/uaa"); Integer validitySeconds = 1; clientDetails.setAccessTokenValiditySeconds(validitySeconds); - Map clientDetailsStore = Collections.singletonMap("client", clientDetails); + Map clientDetailsStore = Collections.singletonMap("client", clientDetails); clientDetailsService.setClientDetailsStore(IdentityZoneHolder.get().getId(), clientDetailsStore); tokenServices.setClientDetailsService(clientDetailsService); when(timeService.getCurrentTimeMillis()).thenReturn(1000L); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ClientInfoEndpointTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ClientInfoEndpointTests.java index 7ada9747f30..0a890fd2908 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ClientInfoEndpointTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ClientInfoEndpointTests.java @@ -1,6 +1,7 @@ package org.cloudfoundry.identity.uaa.oauth; import org.cloudfoundry.identity.uaa.client.ClientInfoEndpoint; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.zone.MultitenantClientServices; import org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager; import org.junit.jupiter.api.BeforeEach; @@ -11,7 +12,6 @@ import org.mockito.junit.jupiter.MockitoExtension; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import java.util.Collections; import java.util.UUID; @@ -39,7 +39,7 @@ class ClientInfoEndpointTests { @BeforeEach void setUp() { clientId = "clientId-" + UUID.randomUUID().toString(); - BaseClientDetails baseClientDetails = new BaseClientDetails(clientId, "none", "read,write", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.none"); + UaaClientDetails baseClientDetails = new UaaClientDetails(clientId, "none", "read,write", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.none"); baseClientDetails.setClientSecret("bar"); baseClientDetails.setAdditionalInformation(Collections.singletonMap("key", "value")); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/DeprecatedUaaTokenServicesTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/DeprecatedUaaTokenServicesTests.java index 8f45267b2e7..5b871cf260c 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/DeprecatedUaaTokenServicesTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/DeprecatedUaaTokenServicesTests.java @@ -11,6 +11,7 @@ import org.cloudfoundry.identity.uaa.audit.AuditEventType; import org.cloudfoundry.identity.uaa.audit.event.TokenIssuedEvent; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.oauth.jwt.Jwt; import org.cloudfoundry.identity.uaa.oauth.jwt.JwtHelper; @@ -51,7 +52,6 @@ import org.springframework.security.oauth2.provider.ClientDetails; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.TokenRequest; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.test.util.ReflectionTestUtils; import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; @@ -206,7 +206,7 @@ public void refreshAccessToken_buildsIdToken_withRolesAndAttributesAndACR() thro IdTokenCreator idTokenCreator = mock(IdTokenCreator.class); when(idTokenCreator.create(any(), any(), any())).thenReturn(mock(IdToken.class)); - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setScope(Sets.newHashSet("openid")); MultitenantClientServices mockMultitenantClientServices = mock(MultitenantClientServices.class); @@ -771,7 +771,7 @@ public void createAccessToken_usingRefreshGrant_inOtherZone() { @Test public void testCreateAccessTokenRefreshGrantAllScopesAutoApproved() { - BaseClientDetails clientDetails = cloneClient(tokenSupport.defaultClient); + UaaClientDetails clientDetails = cloneClient(tokenSupport.defaultClient); clientDetails.setAutoApproveScopes(singleton("true")); tokenSupport.clientDetailsService.setClientDetailsStore( IdentityZoneHolder.get().getId(), @@ -822,7 +822,7 @@ public void testCreateAccessTokenRefreshGrantAllScopesAutoApproved() { @Test public void testCreateAccessTokenRefreshGrantSomeScopesAutoApprovedDowngradedRequest() { - BaseClientDetails clientDetails = cloneClient(tokenSupport.defaultClient); + UaaClientDetails clientDetails = cloneClient(tokenSupport.defaultClient); clientDetails.setAutoApproveScopes(singleton("true")); tokenSupport.clientDetailsService.setClientDetailsStore( IdentityZoneHolder.get().getId(), @@ -872,7 +872,7 @@ public void testCreateAccessTokenRefreshGrantSomeScopesAutoApprovedDowngradedReq @Test public void testCreateAccessTokenRefreshGrantSomeScopesAutoApproved() { - BaseClientDetails clientDetails = cloneClient(tokenSupport.defaultClient); + UaaClientDetails clientDetails = cloneClient(tokenSupport.defaultClient); clientDetails.setAutoApproveScopes(tokenSupport.readScope); tokenSupport.clientDetailsService.setClientDetailsStore( IdentityZoneHolder.get().getId(), @@ -942,7 +942,7 @@ public void testCreateAccessTokenRefreshGrantSomeScopesAutoApproved() { @Test(expected = InvalidTokenException.class) public void testCreateAccessTokenRefreshGrantNoScopesAutoApprovedIncompleteApprovals() { - BaseClientDetails clientDetails = cloneClient(tokenSupport.defaultClient); + UaaClientDetails clientDetails = cloneClient(tokenSupport.defaultClient); clientDetails.setAutoApproveScopes(emptyList()); tokenSupport.clientDetailsService.setClientDetailsStore( IdentityZoneHolder.get().getId(), @@ -997,7 +997,7 @@ public void testCreateAccessTokenRefreshGrantNoScopesAutoApprovedIncompleteAppro @Test public void testCreateAccessTokenRefreshGrantAllScopesAutoApprovedButApprovalDenied() { - BaseClientDetails clientDetails = cloneClient(tokenSupport.defaultClient); + UaaClientDetails clientDetails = cloneClient(tokenSupport.defaultClient); clientDetails.setAutoApproveScopes(tokenSupport.requestedAuthScopes); tokenSupport.clientDetailsService.setClientDetailsStore( IdentityZoneHolder.get().getId(), @@ -1293,7 +1293,7 @@ public void testCreateAccessTokenAuthcodeGrantExpandedScopes() { @Test public void testChangedExpiryForTokens() { - BaseClientDetails clientDetails = cloneClient(tokenSupport.defaultClient); + UaaClientDetails clientDetails = cloneClient(tokenSupport.defaultClient); clientDetails.setAccessTokenValiditySeconds(3600); clientDetails.setRefreshTokenValiditySeconds(36000); tokenSupport.clientDetailsService.setClientDetailsStore( @@ -1381,7 +1381,7 @@ public void testRefreshTokenExpiry() { .setExpiresAt(expiresAt.getTime()) .setStatus(ApprovalStatus.APPROVED), IdentityZoneHolder.get().getId()); - BaseClientDetails clientDetails = cloneClient(tokenSupport.defaultClient); + UaaClientDetails clientDetails = cloneClient(tokenSupport.defaultClient); // Back date the refresh token. Crude way to do this but i'm not sure of // another clientDetails.setRefreshTokenValiditySeconds(-36000); @@ -1821,7 +1821,7 @@ public void testLoadAuthenticationForAClient() { @Test public void testLoadAuthenticationWithAnExpiredToken() { - BaseClientDetails shortExpiryClient = tokenSupport.defaultClient; + UaaClientDetails shortExpiryClient = tokenSupport.defaultClient; shortExpiryClient.setAccessTokenValiditySeconds(1); tokenSupport.clientDetailsService.setClientDetailsStore( IdentityZoneHolder.get().getId(), @@ -2147,8 +2147,8 @@ private OAuth2AccessToken getOAuth2AccessToken() { return tokenServices.createAccessToken(authentication); } - private BaseClientDetails cloneClient(ClientDetails client) { - return new BaseClientDetails(client); + private UaaClientDetails cloneClient(ClientDetails client) { + return new UaaClientDetails(client); } @SuppressWarnings("unchecked") diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/RefreshRotationTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/RefreshRotationTest.java index 3b8c63512c8..b7bafba6009 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/RefreshRotationTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/RefreshRotationTest.java @@ -1,6 +1,7 @@ package org.cloudfoundry.identity.uaa.oauth; import com.google.common.collect.Lists; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.oauth.token.CompositeToken; import org.cloudfoundry.identity.uaa.oauth.token.RevocableToken; import org.cloudfoundry.identity.uaa.oauth.token.TokenConstants; @@ -19,7 +20,6 @@ import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.OAuth2Request; import org.springframework.security.oauth2.provider.TokenRequest; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import java.util.Collections; import java.util.Date; @@ -83,7 +83,7 @@ void teardown() { @Test @DisplayName("Refresh Token with rotation") void testRefreshRotation() { - BaseClientDetails clientDetails = new BaseClientDetails(tokenSupport.defaultClient); + UaaClientDetails clientDetails = new UaaClientDetails(tokenSupport.defaultClient); clientDetails.setAutoApproveScopes(singleton("true")); tokenSupport.clientDetailsService.setClientDetailsStore(IdentityZoneHolder.get().getId(), Collections.singletonMap(CLIENT_ID, clientDetails)); AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes); @@ -113,7 +113,7 @@ void testRefreshRotation() { @Test @DisplayName("Refresh Token with allowpublic and rotation") void testRefreshPublicClientWithRotation() { - BaseClientDetails clientDetails = new BaseClientDetails(tokenSupport.defaultClient); + UaaClientDetails clientDetails = new UaaClientDetails(tokenSupport.defaultClient); clientDetails.setAutoApproveScopes(singleton("true")); tokenSupport.clientDetailsService.setClientDetailsStore(IdentityZoneHolder.get().getId(), Collections.singletonMap(CLIENT_ID, clientDetails)); AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes); @@ -145,7 +145,7 @@ void testRefreshPublicClientWithRotation() { @Test @DisplayName("Refresh Token from public to empty authentication") void testRefreshPublicClientWithRotationAndEmpyAuthentication() { - BaseClientDetails clientDetails = new BaseClientDetails(tokenSupport.defaultClient); + UaaClientDetails clientDetails = new UaaClientDetails(tokenSupport.defaultClient); clientDetails.setAutoApproveScopes(singleton("true")); tokenSupport.clientDetailsService.setClientDetailsStore(IdentityZoneHolder.get().getId(), Collections.singletonMap(CLIENT_ID, clientDetails)); AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes); @@ -178,7 +178,7 @@ void testRefreshPublicClientWithRotationAndEmpyAuthentication() { @Test @DisplayName("Refresh Token with allowpublic but without rotation") void testRefreshPublicClientWithoutRotation() { - BaseClientDetails clientDetails = new BaseClientDetails(tokenSupport.defaultClient); + UaaClientDetails clientDetails = new UaaClientDetails(tokenSupport.defaultClient); clientDetails.setAutoApproveScopes(singleton("true")); tokenSupport.clientDetailsService.setClientDetailsStore(IdentityZoneHolder.get().getId(), Collections.singletonMap(CLIENT_ID, clientDetails)); AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes); @@ -204,7 +204,7 @@ void testRefreshPublicClientWithoutRotation() { @Test @DisplayName("Refresh with allowpublic and rotation but existing token was not public") void testRefreshPublicClientButExistingTokenWasEmptyAuthentication() { - BaseClientDetails clientDetails = new BaseClientDetails(tokenSupport.defaultClient); + UaaClientDetails clientDetails = new UaaClientDetails(tokenSupport.defaultClient); clientDetails.setAutoApproveScopes(singleton("true")); tokenSupport.clientDetailsService.setClientDetailsStore(IdentityZoneHolder.get().getId(), Collections.singletonMap(CLIENT_ID, clientDetails)); AuthorizationRequest authorizationRequest = new AuthorizationRequest(CLIENT_ID, tokenSupport.requestedAuthScopes); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/RestrictUaaScopesClientValidatorTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/RestrictUaaScopesClientValidatorTest.java index 101d29872d7..75c9565902e 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/RestrictUaaScopesClientValidatorTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/RestrictUaaScopesClientValidatorTest.java @@ -17,10 +17,10 @@ import org.cloudfoundry.identity.uaa.client.ClientDetailsValidator; import org.cloudfoundry.identity.uaa.client.InvalidClientDetailsException; import org.cloudfoundry.identity.uaa.client.RestrictUaaScopesClientValidator; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.client.UaaScopes; import org.junit.Test; import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import java.util.Arrays; import java.util.Collections; @@ -43,7 +43,7 @@ public class RestrictUaaScopesClientValidatorTest { public void testValidate() { List restrictModes = Arrays.asList(CREATE, MODIFY); List nonRestrictModes = Collections.singletonList(DELETE); - BaseClientDetails client = new BaseClientDetails("clientId","","","client_credentials,password",""); + UaaClientDetails client = new UaaClientDetails("clientId","","","client_credentials,password",""); for (String s : badScopes) { client.setScope(Collections.singletonList(s)); @@ -67,7 +67,7 @@ public void testValidate() { } - protected void validateClient(List restrictModes, List nonRestrictModes, BaseClientDetails client, String s) { + protected void validateClient(List restrictModes, List nonRestrictModes, UaaClientDetails client, String s) { for (ClientDetailsValidator.Mode m : restrictModes) { try { validator.validate(client, m); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenRevocationEndpointTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenRevocationEndpointTests.java index 758eff0a7b8..bc98157683e 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenRevocationEndpointTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenRevocationEndpointTests.java @@ -4,6 +4,7 @@ import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.login.util.RandomValueStringGenerator; import org.cloudfoundry.identity.uaa.oauth.token.JdbcRevocableTokenProvisioning; @@ -29,7 +30,6 @@ import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.oauth2.provider.ClientDetails; import org.springframework.security.oauth2.provider.OAuth2Request; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import java.util.Collections; @@ -44,7 +44,7 @@ public class TokenRevocationEndpointTests { private TokenRevocationEndpoint endpoint; - private BaseClientDetails client; + private UaaClientDetails client; private MultitenantJdbcClientDetailsService clientService; @Autowired @@ -61,7 +61,7 @@ void setupForTokenRevocation() { String zoneId = IdentityZoneHolder.get().getId(); RandomValueStringGenerator generator = new RandomValueStringGenerator(); String clientId = generator.generate().toLowerCase(); - client = new BaseClientDetails(clientId, "", "some.scopes", "client_credentials", "authorities"); + client = new UaaClientDetails(clientId, "", "some.scopes", "client_credentials", "authorities"); client.addAdditionalInformation(TOKEN_SALT, "pre-salt"); IdentityZoneManager mockIdentityZoneManager = mock(IdentityZoneManager.class); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenTestSupport.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenTestSupport.java index 103da10555f..9292ea66111 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenTestSupport.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenTestSupport.java @@ -22,6 +22,7 @@ import org.cloudfoundry.identity.uaa.audit.event.TokenIssuedEvent; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.oauth.approval.InMemoryApprovalStore; import org.cloudfoundry.identity.uaa.oauth.jwt.Jwt; @@ -49,7 +50,6 @@ import org.cloudfoundry.identity.uaa.zone.TokenPolicy; import org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager; import org.mockito.stubbing.Answer; -import org.opensaml.saml2.core.AuthnContext; import org.springframework.dao.EmptyResultDataAccessException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; @@ -57,9 +57,9 @@ import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.oauth2.common.OAuth2AccessToken; +import org.springframework.security.oauth2.provider.ClientDetailsService; import org.springframework.security.oauth2.provider.OAuth2Request; import org.springframework.security.oauth2.provider.OAuth2RequestFactory; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory; import java.util.Arrays; @@ -165,8 +165,8 @@ public class TokenTestSupport { List expandedScopes; List resourceIds; String expectedJson; - BaseClientDetails defaultClient; - BaseClientDetails clientWithoutRefreshToken; + UaaClientDetails defaultClient; + UaaClientDetails clientWithoutRefreshToken; OAuth2RequestFactory requestFactory; TokenPolicy tokenPolicy; RevocableTokenProvisioning tokenProvisioning; @@ -213,21 +213,21 @@ public TokenTestSupport(UaaTokenEnhancer tokenEnhancer, KeyInfoService keyInfo) expectedJson = "[\""+READ+"\",\""+WRITE+"\",\""+OPENID+"\"]"; - defaultClient = new BaseClientDetails( + defaultClient = new UaaClientDetails( CLIENT_ID, SCIM+","+CLIENTS, READ+","+WRITE+","+OPENID+",uaa.offline_token", ALL_GRANTS_CSV, CLIENT_AUTHORITIES); - clientWithoutRefreshToken = new BaseClientDetails( + clientWithoutRefreshToken = new UaaClientDetails( CLIENT_ID_NO_REFRESH_TOKEN_GRANT, SCIM+","+CLIENTS, READ+","+WRITE+","+OPENID+",uaa.offline_token", GRANT_TYPE_AUTHORIZATION_CODE, CLIENT_AUTHORITIES); - Map clientDetailsMap = new HashMap<>(); + Map clientDetailsMap = new HashMap<>(); clientDetailsMap.put(CLIENT_ID, defaultClient); clientDetailsMap.put(CLIENT_ID_NO_REFRESH_TOKEN_GRANT, clientWithoutRefreshToken); @@ -273,7 +273,7 @@ public TokenTestSupport(UaaTokenEnhancer tokenEnhancer, KeyInfoService keyInfo) AbstractOAuth2AccessTokenMatchers.revocableTokens.set(tokens); - requestFactory = new DefaultOAuth2RequestFactory(clientDetailsService); + requestFactory = new DefaultOAuth2RequestFactory((ClientDetailsService) clientDetailsService); timeService = mock(TimeService.class); approvalService = new ApprovalService(timeService, approvalStore); when(timeService.getCurrentDate()).thenCallRealMethod(); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenValidationServiceTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenValidationServiceTest.java index f6bdc8fc923..60c94bacae6 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenValidationServiceTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/TokenValidationServiceTest.java @@ -3,6 +3,7 @@ import com.google.common.collect.Lists; import com.nimbusds.jose.JOSEException; import com.nimbusds.jose.JWSSigner; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.oauth.token.RevocableTokenProvisioning; import org.cloudfoundry.identity.uaa.user.UaaAuthority; import org.cloudfoundry.identity.uaa.user.UaaUser; @@ -18,8 +19,7 @@ import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; -import org.springframework.security.oauth2.provider.NoSuchClientException; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import java.text.ParseException; import java.util.*; @@ -68,7 +68,7 @@ public void setup() throws ParseException, JOSEException { mockMultitenantClientServices = mock(MultitenantClientServices.class); revocableTokenProvisioning = mock(RevocableTokenProvisioning.class); - when(mockMultitenantClientServices.loadClientByClientId(clientId, IdentityZoneHolder.get().getId())).thenReturn(new BaseClientDetails(clientId, null, "foo.bar", null, null)); + when(mockMultitenantClientServices.loadClientByClientId(clientId, IdentityZoneHolder.get().getId())).thenReturn(new UaaClientDetails(clientId, null, "foo.bar", null, null)); UaaUser user = new UaaUser(userId, "marrisa", "koala", "marissa@gmail.com", buildGrantedAuthorities("foo.bar"), "Marissa", "Bloggs", null, null, null, null, true, null, null, null); when(userDatabase.retrieveUserById(userId)).thenReturn(user); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthorizationEndpointParamaterizedTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthorizationEndpointParamaterizedTest.java index eb364eceab2..d7b8379437d 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthorizationEndpointParamaterizedTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthorizationEndpointParamaterizedTest.java @@ -1,6 +1,8 @@ package org.cloudfoundry.identity.uaa.oauth; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import org.cloudfoundry.identity.uaa.zone.MultitenantClientServices; import org.junit.Before; import org.junit.Test; @@ -11,8 +13,7 @@ import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.security.oauth2.common.exceptions.RedirectMismatchException; import org.springframework.security.oauth2.common.util.OAuth2Utils; -import org.springframework.security.oauth2.provider.NoSuchClientException; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.springframework.security.oauth2.provider.ClientDetails; import org.springframework.security.oauth2.provider.endpoint.RedirectResolver; import org.springframework.security.web.authentication.session.SessionAuthenticationException; import org.springframework.web.context.request.ServletWebRequest; @@ -41,7 +42,7 @@ public class UaaAuthorizationEndpointParamaterizedTest { private static final String HTTP_SOME_OTHER_SITE_CALLBACK = "http://some.other.site/callback"; private final SessionAuthenticationException authException = new SessionAuthenticationException(""); private UaaAuthorizationEndpoint uaaAuthorizationEndpoint; - private BaseClientDetails client; + private UaaClientDetails client; private MockHttpServletRequest request; private MockHttpServletResponse response; private MultitenantClientServices clientDetailsService; @@ -68,15 +69,15 @@ public static Collection parameters() { @Before public void setup() { - client = new BaseClientDetails("id", "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", redirectUrl); + client = new UaaClientDetails("id", "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", redirectUrl); clientDetailsService = mock(MultitenantClientServices.class); redirectResolver = mock(RedirectResolver.class); calculator = mock(OpenIdSessionStateCalculator.class); String zoneID = IdentityZoneHolder.get().getId(); when(clientDetailsService.loadClientByClientId(eq(client.getClientId()), eq(zoneID))).thenReturn(client); - when(redirectResolver.resolveRedirect(eq(redirectUrl), same(client))).thenReturn(redirectUrl); - when(redirectResolver.resolveRedirect(eq(HTTP_SOME_OTHER_SITE_CALLBACK), same(client))).thenThrow(new RedirectMismatchException(null)); + when(redirectResolver.resolveRedirect(eq(redirectUrl), (ClientDetails) same(client))).thenReturn(redirectUrl); + when(redirectResolver.resolveRedirect(eq(HTTP_SOME_OTHER_SITE_CALLBACK), (ClientDetails) same(client))).thenThrow(new RedirectMismatchException(null)); when(calculator.calculate(anyString(), anyString(), anyString())).thenReturn("sessionstate.salt"); uaaAuthorizationEndpoint = new UaaAuthorizationEndpoint( @@ -129,14 +130,14 @@ public void test_redirect_contains_error() throws Exception { @Test public void test_redirect_honors_ant_matcher() throws Exception { - BaseClientDetails client = new BaseClientDetails("ant", "", "openid", "implicit", "", "http://example.com/**"); + UaaClientDetails client = new UaaClientDetails("ant", "", "openid", "implicit", "", "http://example.com/**"); request.setParameter(OAuth2Utils.REDIRECT_URI, "http://example.com/some/path"); request.setParameter(OAuth2Utils.CLIENT_ID, client.getClientId()); String zoneID = IdentityZoneHolder.get().getId(); when(clientDetailsService.loadClientByClientId(eq(client.getClientId()), eq(zoneID))).thenReturn(client); - when(redirectResolver.resolveRedirect(eq(redirectUrl), same(client))).thenReturn(redirectUrl); + when(redirectResolver.resolveRedirect(eq(redirectUrl), (ClientDetails) same(client))).thenReturn(redirectUrl); - when(redirectResolver.resolveRedirect(eq("http://example.com/some/path"), same(client))).thenReturn("http://example.com/some/path"); + when(redirectResolver.resolveRedirect(eq("http://example.com/some/path"), (ClientDetails) same(client))).thenReturn("http://example.com/some/path"); uaaAuthorizationEndpoint.commence(request, response, authException); } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthorizationRequestManagerTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthorizationRequestManagerTests.java index b663fb7aa51..bdef8dffcca 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthorizationRequestManagerTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaAuthorizationRequestManagerTests.java @@ -1,5 +1,6 @@ package org.cloudfoundry.identity.uaa.oauth; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.oauth.client.ClientConstants; import org.cloudfoundry.identity.uaa.oauth.token.TokenConstants; @@ -26,7 +27,6 @@ import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.OAuth2Request; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.test.util.ReflectionTestUtils; import org.springframework.util.StringUtils; @@ -56,7 +56,7 @@ class UaaAuthorizationRequestManagerTests { private Map parameters = new HashMap(); - private BaseClientDetails client = new BaseClientDetails(); + private UaaClientDetails client = new UaaClientDetails(); private UaaUser user = null; @@ -142,7 +142,7 @@ void test_user_token_request() { when(oAuth2Authentication.getOAuth2Request()).thenReturn(oAuth2Request); when(oAuth2Request.getExtensions()).thenReturn(Map.of("client_auth_method", "none")); SecurityContextHolder.getContext().setAuthentication(oAuth2Authentication); - BaseClientDetails recipient = new BaseClientDetails("recipient", "requested", "requested.scope", "password", ""); + UaaClientDetails recipient = new UaaClientDetails("recipient", "requested", "requested.scope", "password", ""); parameters.put("scope", "requested.scope"); parameters.put("client_id", recipient.getClientId()); parameters.put("expires_in", "44000"); @@ -235,13 +235,13 @@ void testEmptyScopeFailsClientWithScopes() { @Test void testScopesValid() { parameters.put("scope","read"); - factory.validateParameters(parameters, new BaseClientDetails("foo", null, "read,write", "implicit", null)); + factory.validateParameters(parameters, new UaaClientDetails("foo", null, "read,write", "implicit", null)); } @Test void testScopesValidWithWildcard() { parameters.put("scope","read write space.1.developer space.2.developer"); - factory.validateParameters(parameters, new BaseClientDetails("foo", null, "read,write,space.*.developer", "implicit", null)); + factory.validateParameters(parameters, new UaaClientDetails("foo", null, "read,write,space.*.developer", "implicit", null)); } @Test @@ -249,7 +249,7 @@ void testScopesInvValidWithWildcard() { parameters.put("scope","read write space.1.developer space.2.developer space.1.admin"); assertThrowsWithMessageThat(InvalidScopeException.class, () -> factory.validateParameters(parameters, - new BaseClientDetails("foo", null, "read,write,space.*.developer", "implicit", null)), + new UaaClientDetails("foo", null, "read,write,space.*.developer", "implicit", null)), Matchers.containsString("space.1.admin is invalid. Please use a valid scope name in the request")); } @@ -258,7 +258,7 @@ void testScopesInvalid() { parameters.put("scope", "admin"); assertThrowsWithMessageThat(InvalidScopeException.class, () -> factory.validateParameters(parameters, - new BaseClientDetails("foo", null, "read,write", "implicit", null)), + new UaaClientDetails("foo", null, "read,write", "implicit", null)), Matchers.containsString("admin is invalid. Please use a valid scope name in the request")); } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenStoreTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenStoreTests.java index 2127e5a1554..608f9c14746 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenStoreTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenStoreTests.java @@ -23,7 +23,7 @@ import org.springframework.security.oauth2.common.util.OAuth2Utils; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.TokenRequest; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeServices; import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; @@ -89,7 +89,7 @@ void setUp() { timeService = givenMockedTime(); store = new UaaTokenStore(dataSource, timeService); legacyCodeServices = new JdbcAuthorizationCodeServices(dataSource); - BaseClientDetails client = new BaseClientDetails("clientid", null, "openid", "client_credentials,password", "oauth.login", null); + UaaClientDetails client = new UaaClientDetails("clientid", null, "openid", "client_credentials,password", "oauth.login", null); Map parameters = new HashMap<>(); parameters.put(OAuth2Utils.CLIENT_ID, client.getClientId()); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaUserApprovalHandlerTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaUserApprovalHandlerTests.java index 0ba61a550c3..38186450d5c 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaUserApprovalHandlerTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaUserApprovalHandlerTests.java @@ -1,5 +1,6 @@ package org.cloudfoundry.identity.uaa.oauth; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.user.UaaUserApprovalHandler; import org.cloudfoundry.identity.uaa.zone.MultitenantClientServices; import org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager; @@ -10,7 +11,6 @@ import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; import org.springframework.security.oauth2.provider.AuthorizationRequest; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices; import java.util.Collections; @@ -27,7 +27,7 @@ class UaaUserApprovalHandlerTests { private UaaUserApprovalHandler handler; private AuthorizationRequest authorizationRequest; private Authentication userAuthentication; - private BaseClientDetails client; + private UaaClientDetails client; @BeforeEach void setUp() { @@ -47,7 +47,7 @@ void setUp() { userAuthentication = new UsernamePasswordAuthenticationToken("joe", "", AuthorityUtils.commaSeparatedStringToAuthorityList("USER")); - client = new BaseClientDetails("client", "none", "read,write", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.none"); + client = new UaaClientDetails("client", "none", "read,write", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.none"); when(mockMultitenantClientServices.loadClientByClientId("client", currentIdentityZoneId)).thenReturn(client); } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UserManagedAuthzApprovalHandlerTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UserManagedAuthzApprovalHandlerTests.java index 5f926804dbb..ba10cbfc705 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UserManagedAuthzApprovalHandlerTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/UserManagedAuthzApprovalHandlerTests.java @@ -4,6 +4,7 @@ import org.cloudfoundry.identity.uaa.approval.Approval; import org.cloudfoundry.identity.uaa.approval.ApprovalStore; import org.cloudfoundry.identity.uaa.approval.JdbcApprovalStore; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.resources.QueryableResourceManager; import org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager; import org.hamcrest.Matchers; @@ -16,7 +17,6 @@ import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import java.time.Duration; import java.time.LocalDateTime; @@ -37,7 +37,7 @@ class UserManagedAuthzApprovalHandlerTests { private UserManagedAuthzApprovalHandler handler; private ApprovalStore approvalStore; - private BaseClientDetails mockBaseClientDetails; + private UaaClientDetails mockUaaClientDetails; private String userId; @@ -56,15 +56,15 @@ void setUp(@Autowired JdbcTemplate jdbcTemplate) { approvalStore = new JdbcApprovalStore(jdbcTemplate); QueryableResourceManager mockClientDetailsService = mock(QueryableResourceManager.class); - mockBaseClientDetails = mock(BaseClientDetails.class); + mockUaaClientDetails = mock(UaaClientDetails.class); when(mockClientDetailsService.retrieve("foo", - currentIdentityZoneId)).thenReturn(mockBaseClientDetails); - when(mockBaseClientDetails.getScope()).thenReturn(new HashSet<>(Arrays.asList( + currentIdentityZoneId)).thenReturn(mockUaaClientDetails); + when(mockUaaClientDetails.getScope()).thenReturn(new HashSet<>(Arrays.asList( "cloud_controller.read", "cloud_controller.write", "openid", "space.*.developer"))); - when(mockBaseClientDetails.getAutoApproveScopes()).thenReturn(Collections.emptySet()); + when(mockUaaClientDetails.getAutoApproveScopes()).thenReturn(Collections.emptySet()); IdentityZoneManager mockIdentityZoneManager = mock(IdentityZoneManager.class); when(mockIdentityZoneManager.getCurrentIdentityZoneId()).thenReturn(currentIdentityZoneId); @@ -221,11 +221,11 @@ void onlySomeRequestedScopeMatchesDeniedApprovalButScopeAutoApproved() { ); request.setApproved(false); - when(mockBaseClientDetails.getScope()).thenReturn(new HashSet<>(Arrays.asList( + when(mockUaaClientDetails.getScope()).thenReturn(new HashSet<>(Arrays.asList( "cloud_controller.read", "cloud_controller.write", "openid"))); - when(mockBaseClientDetails.getAutoApproveScopes()).thenReturn(singleton("true")); + when(mockUaaClientDetails.getAutoApproveScopes()).thenReturn(singleton("true")); approvalStore.addApproval(new Approval() .setUserId(userId) @@ -378,11 +378,11 @@ void requestedScopesMatchApprovalSomeDeniedButDeniedScopesAutoApproved() { ); request.setApproved(false); - when(mockBaseClientDetails.getScope()).thenReturn(new HashSet<>(Arrays.asList( + when(mockUaaClientDetails.getScope()).thenReturn(new HashSet<>(Arrays.asList( "cloud_controller.read", "cloud_controller.write", "openid"))); - when(mockBaseClientDetails.getAutoApproveScopes()).thenReturn(singleton("cloud_controller.write")); + when(mockUaaClientDetails.getAutoApproveScopes()).thenReturn(singleton("cloud_controller.write")); approvalStore.addApproval(new Approval() .setUserId(userId) @@ -434,7 +434,7 @@ void requestedScopesMatchApprovalSomeDeniedButDeniedScopesAutoApprovedByWildcard autoApprovedScopes.add("space.*.developer"); autoApprovedScopes.add("cloud_controller.write"); - when(mockBaseClientDetails.getAutoApproveScopes()).thenReturn(autoApprovedScopes); + when(mockUaaClientDetails.getAutoApproveScopes()).thenReturn(autoApprovedScopes); approvalStore.addApproval(new Approval() .setUserId(userId) @@ -489,7 +489,7 @@ void requestedScopesMatchByWildcard() { ); request.setApproved(false); - when(mockBaseClientDetails.getAutoApproveScopes()).thenReturn(singleton("true")); + when(mockUaaClientDetails.getAutoApproveScopes()).thenReturn(singleton("true")); approvalStore.addApproval(new Approval() .setUserId(userId) diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ZoneEndpointsClientDetailsValidatorTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ZoneEndpointsClientDetailsValidatorTests.java index 2ec9e6fea7a..d7b61302bef 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ZoneEndpointsClientDetailsValidatorTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/ZoneEndpointsClientDetailsValidatorTests.java @@ -2,6 +2,7 @@ import org.cloudfoundry.identity.uaa.client.ClientDetailsValidator.Mode; import org.cloudfoundry.identity.uaa.client.InvalidClientDetailsException; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension; import org.cloudfoundry.identity.uaa.zone.ClientSecretValidator; @@ -14,7 +15,6 @@ import org.mockito.Mock; import org.mockito.junit.jupiter.MockitoExtension; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import java.util.Collections; @@ -41,7 +41,7 @@ class ZoneEndpointsClientDetailsValidatorTests { @Test void testCreateLimitedClient() { - BaseClientDetails clientDetails = new BaseClientDetails("valid-client", null, "openid", "authorization_code,password", "uaa.resource"); + UaaClientDetails clientDetails = new UaaClientDetails("valid-client", null, "openid", "authorization_code,password", "uaa.resource"); clientDetails.setClientSecret("secret"); clientDetails.addAdditionalInformation(ALLOWED_PROVIDERS, Collections.singletonList(OriginKeys.UAA)); ClientDetails validatedClientDetails = zoneEndpointsClientDetailsValidator.validate(clientDetails, Mode.CREATE); @@ -55,7 +55,7 @@ void testCreateLimitedClient() { @Test void testCreateClientNoNameIsInvalid() { - BaseClientDetails clientDetails = new BaseClientDetails("", null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.resource"); + UaaClientDetails clientDetails = new UaaClientDetails("", null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.resource"); clientDetails.setClientSecret("secret"); assertThrows(InvalidClientDetailsException.class, () -> zoneEndpointsClientDetailsValidator.validate(clientDetails, Mode.CREATE)); @@ -72,7 +72,7 @@ void testCreateClientNoNameIsInvalid() { GRANT_TYPE_JWT_BEARER, }) void testCreateClientNoSecretIsInvalid(final String grantType) { - BaseClientDetails clientDetails = new BaseClientDetails("client", null, "openid", grantType, "uaa.resource"); + UaaClientDetails clientDetails = new UaaClientDetails("client", null, "openid", grantType, "uaa.resource"); clientDetails.addAdditionalInformation(ALLOWED_PROVIDERS, Collections.singletonList(OriginKeys.UAA)); assertThrowsWithMessageThat( @@ -84,7 +84,7 @@ void testCreateClientNoSecretIsInvalid(final String grantType) { @Test void testCreateClientNoSecretForImplicitIsValid() { - BaseClientDetails clientDetails = new BaseClientDetails("client", null, "openid", "implicit", "uaa.resource"); + UaaClientDetails clientDetails = new UaaClientDetails("client", null, "openid", "implicit", "uaa.resource"); clientDetails.addAdditionalInformation(ALLOWED_PROVIDERS, Collections.singletonList(OriginKeys.UAA)); ClientDetails validatedClientDetails = zoneEndpointsClientDetailsValidator.validate(clientDetails, Mode.CREATE); assertEquals(clientDetails.getAuthorizedGrantTypes(), validatedClientDetails.getAuthorizedGrantTypes()); @@ -92,7 +92,7 @@ void testCreateClientNoSecretForImplicitIsValid() { @Test void reject_invalid_grant_type() { - BaseClientDetails clientDetails = new BaseClientDetails("client", null, "openid", "invalid_grant_type", "uaa.resource"); + UaaClientDetails clientDetails = new UaaClientDetails("client", null, "openid", "invalid_grant_type", "uaa.resource"); clientDetails.addAdditionalInformation(ALLOWED_PROVIDERS, Collections.singletonList(OriginKeys.UAA)); assertThrows(InvalidClientDetailsException.class, () -> zoneEndpointsClientDetailsValidator.validate(clientDetails, Mode.CREATE)); @@ -100,14 +100,14 @@ void reject_invalid_grant_type() { @Test void testCreateAdminScopeClientIsInvalid() { - ClientDetails clientDetails = new BaseClientDetails("admin-client", null, "uaa.admin", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.resource"); + ClientDetails clientDetails = new UaaClientDetails("admin-client", null, "uaa.admin", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.resource"); assertThrows(InvalidClientDetailsException.class, () -> zoneEndpointsClientDetailsValidator.validate(clientDetails, Mode.CREATE)); } @Test void testCreateAdminAuthorityClientIsInvalid() { - ClientDetails clientDetails = new BaseClientDetails("admin-client", null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.admin"); + ClientDetails clientDetails = new UaaClientDetails("admin-client", null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.admin"); assertThrows(InvalidClientDetailsException.class, () -> zoneEndpointsClientDetailsValidator.validate(clientDetails, Mode.CREATE)); } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/approval/ApprovalsAdminEndpointsTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/approval/ApprovalsAdminEndpointsTests.java index a4399e9195b..387e027737c 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/approval/ApprovalsAdminEndpointsTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/approval/ApprovalsAdminEndpointsTests.java @@ -8,6 +8,7 @@ import org.cloudfoundry.identity.uaa.approval.Approval.ApprovalStatus; import org.cloudfoundry.identity.uaa.approval.ApprovalsAdminEndpoints; import org.cloudfoundry.identity.uaa.approval.JdbcApprovalStore; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.db.DatabaseUrlModifier; import org.cloudfoundry.identity.uaa.db.Vendor; import org.cloudfoundry.identity.uaa.error.UaaException; @@ -29,8 +30,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.security.crypto.password.PasswordEncoder; -import org.springframework.security.oauth2.provider.NoSuchClientException; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import java.sql.SQLException; import java.util.*; @@ -86,7 +86,7 @@ void initApprovalsAdminEndpointsTests() throws SQLException { when(mockSecurityContextAccessor.isUser()).thenReturn(true); MultitenantJdbcClientDetailsService clientDetailsService = new MultitenantJdbcClientDetailsService(jdbcTemplate, mockIdentityZoneManager, passwordEncoder); - BaseClientDetails details = new BaseClientDetails("c1", "scim,clients", "read,write", + UaaClientDetails details = new UaaClientDetails("c1", "scim,clients", "read,write", "authorization_code, password, implicit, client_credentials", "update"); details.setAutoApproveScopes(Collections.singletonList("true")); clientDetailsService.addClientDetails(details); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/beans/LegacyRedirectResolverTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/beans/LegacyRedirectResolverTest.java index 3e894fe0033..af448754120 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/beans/LegacyRedirectResolverTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/beans/LegacyRedirectResolverTest.java @@ -5,6 +5,7 @@ import org.apache.logging.log4j.core.LogEvent; import org.apache.logging.log4j.core.LoggerContext; import org.apache.logging.log4j.core.appender.AbstractAppender; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.hamcrest.Description; import org.hamcrest.Matcher; import org.hamcrest.TypeSafeMatcher; @@ -17,7 +18,6 @@ import org.junit.jupiter.params.provider.ValueSource; import org.springframework.security.oauth2.common.exceptions.RedirectMismatchException; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import java.util.ArrayList; import java.util.Arrays; @@ -49,7 +49,7 @@ class LegacyRedirectResolverTest { private final LegacyRedirectResolver resolver = new LegacyRedirectResolver(); private static ClientDetails createClient(String id, String... redirectUris) { - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId(id); clientDetails.setAuthorizedGrantTypes(Collections.singleton(GRANT_TYPE_AUTHORIZATION_CODE)); clientDetails.setRegisteredRedirectUri(new HashSet<>(Arrays.asList(redirectUris))); @@ -714,7 +714,7 @@ class ResolveRedirect { @BeforeEach void setUp() { - mockClientDetails = mock(BaseClientDetails.class); + mockClientDetails = mock(UaaClientDetails.class); when(mockClientDetails.getAuthorizedGrantTypes()).thenReturn(Collections.singleton(GRANT_TYPE_AUTHORIZATION_CODE)); } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/beans/RedirectResolverTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/beans/RedirectResolverTest.java index 581a9b7b45d..7c3beccbbd3 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/beans/RedirectResolverTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/beans/RedirectResolverTest.java @@ -7,7 +7,7 @@ import org.junit.jupiter.params.provider.ValueSource; import org.springframework.security.oauth2.common.exceptions.RedirectMismatchException; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.springframework.security.oauth2.provider.endpoint.RedirectResolver; import java.util.Collections; @@ -36,7 +36,7 @@ class RedirectResolverTest { void setUp() { legacyResolver = new RedirectResolverFactoryBean(true).getObject(); springResolver = new RedirectResolverFactoryBean(false).getObject(); - mockClientDetails = mock(BaseClientDetails.class); + mockClientDetails = mock(UaaClientDetails.class); when(mockClientDetails.getAuthorizedGrantTypes()).thenReturn(Collections.singleton(GRANT_TYPE_AUTHORIZATION_CODE)); } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/event/ClientAdminEventPublisherTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/event/ClientAdminEventPublisherTests.java index 2a3ee4d4b13..f0b5f531b86 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/event/ClientAdminEventPublisherTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/event/ClientAdminEventPublisherTests.java @@ -17,7 +17,6 @@ import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.OAuth2Request; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import java.util.Collections; @@ -50,21 +49,21 @@ void tearDown() { @Test void create() { - BaseClientDetails client = new BaseClientDetails("foo", null, null, "client_credentials", "none"); + UaaClientDetails client = new UaaClientDetails("foo", null, null, "client_credentials", "none"); subject.create(client); verify(mockApplicationEventPublisher).publishEvent(isA(ClientCreateEvent.class)); } @Test void update() { - BaseClientDetails client = new BaseClientDetails("foo", null, null, "client_credentials", "none"); + UaaClientDetails client = new UaaClientDetails("foo", null, null, "client_credentials", "none"); subject.update(client); verify(mockApplicationEventPublisher).publishEvent(isA(ClientUpdateEvent.class)); } @Test void delete() throws Throwable { - BaseClientDetails client = new BaseClientDetails("foo", null, null, "client_credentials", "none"); + UaaClientDetails client = new UaaClientDetails("foo", null, null, "client_credentials", "none"); ProceedingJoinPoint jp = mock(ProceedingJoinPoint.class); when(jp.proceed()).thenReturn(client); subject.delete(jp, "foo"); @@ -74,7 +73,7 @@ void delete() throws Throwable { @Test void secretChange() { when(mockMultitenantClientServices.loadClientByClientId("foo")).thenReturn( - new BaseClientDetails("foo", null, null, "client_credentials", "none")); + new UaaClientDetails("foo", null, null, "client_credentials", "none")); subject.secretChange("foo"); verify(mockApplicationEventPublisher).publishEvent(isA(SecretChangeEvent.class)); } @@ -82,7 +81,7 @@ void secretChange() { @Test void secretFailure() { when(mockMultitenantClientServices.loadClientByClientId("foo")).thenReturn( - new BaseClientDetails("foo", null, null, "client_credentials", "none")); + new UaaClientDetails("foo", null, null, "client_credentials", "none")); subject.secretFailure("foo", new RuntimeException("planned")); verify(mockApplicationEventPublisher).publishEvent(isA(SecretFailureEvent.class)); } @@ -97,19 +96,19 @@ void secretFailureMissingClient() { @Test void clientJwtChange() { - UaaClientDetails uaaClientDetails = new UaaClientDetails("foo", null, null, "client_credentials", "none", null); - when(mockMultitenantClientServices.loadClientByClientId("foo")).thenReturn(uaaClientDetails); + UaaClientDetails uaaUaaClientDetails = new UaaClientDetails("foo", null, null, "client_credentials", "none", null); + when(mockMultitenantClientServices.loadClientByClientId("foo")).thenReturn(uaaUaaClientDetails); subject.clientJwtChange("foo"); verify(mockApplicationEventPublisher).publishEvent(isA(ClientJwtChangeEvent.class)); - assertEquals(AuditEventType.ClientJwtChangeSuccess, new ClientJwtChangeEvent(uaaClientDetails, SecurityContextHolder.getContext().getAuthentication(), "uaa").getAuditEvent().getType()); + assertEquals(AuditEventType.ClientJwtChangeSuccess, new ClientJwtChangeEvent(uaaUaaClientDetails, SecurityContextHolder.getContext().getAuthentication(), "uaa").getAuditEvent().getType()); } @Test void clientJwtFailure() { - UaaClientDetails uaaClientDetails = new UaaClientDetails("foo", null, null, "client_credentials", "none", null); - when(mockMultitenantClientServices.loadClientByClientId("foo")).thenReturn(uaaClientDetails); + UaaClientDetails uaaUaaClientDetails = new UaaClientDetails("foo", null, null, "client_credentials", "none", null); + when(mockMultitenantClientServices.loadClientByClientId("foo")).thenReturn(uaaUaaClientDetails); subject.clientJwtFailure("foo", new RuntimeException("planned")); verify(mockApplicationEventPublisher).publishEvent(isA(ClientJwtFailureEvent.class)); - assertEquals(AuditEventType.ClientJwtChangeFailure, new ClientJwtFailureEvent("", uaaClientDetails, SecurityContextHolder.getContext().getAuthentication(), "uaa").getAuditEvent().getType()); + assertEquals(AuditEventType.ClientJwtChangeFailure, new ClientJwtFailureEvent("", uaaUaaClientDetails, SecurityContextHolder.getContext().getAuthentication(), "uaa").getAuditEvent().getType()); } } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/expression/IsSelfCheckTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/expression/IsSelfCheckTest.java index 007afd5bafa..7c06770a8fe 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/expression/IsSelfCheckTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/expression/IsSelfCheckTest.java @@ -17,6 +17,7 @@ import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.login.util.RandomValueStringGenerator; import org.cloudfoundry.identity.uaa.oauth.token.RevocableToken; @@ -35,7 +36,6 @@ import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.OAuth2Request; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import java.util.Collections; import java.util.LinkedList; @@ -99,7 +99,7 @@ public void testSelfCheckSecondUaaAuth() { @Test public void testSelfCheck_TokenAuth() { - BaseClientDetails client = new BaseClientDetails(); + UaaClientDetails client = new UaaClientDetails(); List authorities = new LinkedList<>(); authorities.add(new SimpleGrantedAuthority("zones." + IdentityZoneHolder.get().getId() + ".admin")); client.setAuthorities(authorities); @@ -117,7 +117,7 @@ public void testSelfCheck_TokenAuth() { @Test public void testSelfCheck_Token_ClientAuth_Fails() { - BaseClientDetails client = new BaseClientDetails(); + UaaClientDetails client = new UaaClientDetails(); List authorities = new LinkedList<>(); authorities.add(new SimpleGrantedAuthority("zones." + IdentityZoneHolder.get().getId() + ".admin")); client.setAuthorities(authorities); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/openid/IdTokenCreatorTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/openid/IdTokenCreatorTest.java index 7a2e1ec2cbc..bbd2d0d2b46 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/openid/IdTokenCreatorTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/openid/IdTokenCreatorTest.java @@ -1,5 +1,6 @@ package org.cloudfoundry.identity.uaa.oauth.openid; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.oauth.TokenEndpointBuilder; import org.cloudfoundry.identity.uaa.oauth.TokenValidityResolver; import org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants; @@ -16,7 +17,6 @@ import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; @@ -50,7 +50,7 @@ class IdTokenCreatorTest { private String familyName; private String email; private UaaUser user; - private BaseClientDetails clientDetails; + private UaaClientDetails clientDetails; private long previousLogonTime; private String phoneNumber; private Set roles; @@ -153,7 +153,7 @@ void setup() throws Exception { excludedClaims = new HashSet<>(); MultitenantClientServices mockMultitenantClientServices = mock(MultitenantClientServices.class); - clientDetails = new BaseClientDetails(); + clientDetails = new UaaClientDetails(); clientDetails.setClientId(clientId); clientDetails.setClientSecret(clientsecret); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/openid/IdTokenGranterTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/openid/IdTokenGranterTest.java index bd2ee9c6c3e..aeb4cd51620 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/openid/IdTokenGranterTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/openid/IdTokenGranterTest.java @@ -2,12 +2,12 @@ import com.google.common.collect.Sets; import org.cloudfoundry.identity.uaa.approval.ApprovalService; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.user.UaaUser; import org.cloudfoundry.identity.uaa.user.UaaUserPrototype; import org.junit.Before; import org.junit.Test; import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import java.util.HashSet; @@ -30,20 +30,20 @@ public class IdTokenGranterTest { private String validGrantTypeForIdToken; - private BaseClientDetails clientWithoutOpenid; - private BaseClientDetails clientWithOpenId; + private UaaClientDetails clientWithoutOpenid; + private UaaClientDetails clientWithOpenId; private IdTokenGranter idTokenGranter; private ApprovalService approvalService; private UaaUser user; - private BaseClientDetails clientDetails; + private UaaClientDetails clientDetails; @Before public void setup() { user = new UaaUser(new UaaUserPrototype().withId("user").withUsername("user").withEmail("user@example.com")); - clientDetails = new BaseClientDetails(); + clientDetails = new UaaClientDetails(); - clientWithoutOpenid = new BaseClientDetails("clientId", null, "foo.read", null, null); - clientWithOpenId = new BaseClientDetails("clientId", null, "foo.read,openid", null, null); + clientWithoutOpenid = new UaaClientDetails("clientId", null, "foo.read", null, null); + clientWithOpenId = new UaaClientDetails("clientId", null, "foo.read,openid", null, null); requestedScopesWithoutOpenId = Sets.newHashSet("foo.read"); requestedScopesWithOpenId = Sets.newHashSet("foo.read", "openid"); @@ -64,7 +64,7 @@ public void shouldSend_isFalse_whenClientDoesNotHaveOpenIdScope() { assertFalse(idTokenGranter.shouldSendIdToken(user, clientWithoutOpenid, requestedScopesWithOpenId, validGrantTypeForIdToken)); assertFalse(idTokenGranter.shouldSendIdToken(user, clientDetails, requestedScopesWithOpenId, validGrantTypeForIdToken)); - BaseClientDetails clientWithoutOpenidAndWithNullScope = new BaseClientDetails(clientWithoutOpenid); + UaaClientDetails clientWithoutOpenidAndWithNullScope = new UaaClientDetails(clientWithoutOpenid); assertFalse(idTokenGranter.shouldSendIdToken(user, clientWithoutOpenidAndWithNullScope, requestedScopesWithOpenId, validGrantTypeForIdToken)); } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/JdbcRevocableTokenProvisioningTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/JdbcRevocableTokenProvisioningTest.java index 7181873d927..80d6baa71b0 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/JdbcRevocableTokenProvisioningTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/JdbcRevocableTokenProvisioningTest.java @@ -12,7 +12,6 @@ import org.cloudfoundry.identity.uaa.zone.IdentityZone; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.cloudfoundry.identity.uaa.zone.MultitenancyFixture; -import org.junit.Assert; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.BeforeEach; @@ -26,7 +25,7 @@ import org.springframework.dao.DuplicateKeyException; import org.springframework.dao.EmptyResultDataAccessException; import org.springframework.jdbc.core.JdbcTemplate; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import java.util.ArrayList; import java.util.Arrays; @@ -88,7 +87,7 @@ public Stream provideArguments(ExtensionContext context) { @ParameterizedTest @ArgumentsSource(IdentityZoneArgumentsProvider.class) void onApplicationEventCallsInternalDeleteMethod(IdentityZone zone) { - BaseClientDetails clientDetails = new BaseClientDetails("id", "", "", "", "", ""); + UaaClientDetails clientDetails = new UaaClientDetails("id", "", "", "", "", ""); IdentityZoneHolder.set(zone); reset(jdbcRevocableTokenProvisioning); jdbcRevocableTokenProvisioning.onApplicationEvent(new EntityDeletedEvent<>(clientDetails, mock(UaaAuthentication.class), IdentityZoneHolder.getCurrentZoneId())); @@ -99,7 +98,7 @@ void onApplicationEventCallsInternalDeleteMethod(IdentityZone zone) { @ParameterizedTest @ArgumentsSource(IdentityZoneArgumentsProvider.class) void revocableTokensDeletedWhenClientIs(IdentityZone zone) { - BaseClientDetails clientDetails = new BaseClientDetails(TEST_CLIENT_ID, "", "", "", "", ""); + UaaClientDetails clientDetails = new UaaClientDetails(TEST_CLIENT_ID, "", "", "", "", ""); IdentityZoneHolder.set(zone); jdbcRevocableTokenProvisioning.create(revocableToken, IdentityZoneHolder.get().getId()); assertEquals(1, getCountOfTokens(jdbcTemplate)); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/JwtTokenGranterTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/JwtTokenGranterTests.java index a1d8b6c4f86..d30e62113fc 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/JwtTokenGranterTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/JwtTokenGranterTests.java @@ -17,6 +17,7 @@ import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.oauth.UaaOauth2Authentication; import org.cloudfoundry.identity.uaa.user.UaaUser; @@ -35,7 +36,6 @@ import org.springframework.security.oauth2.provider.OAuth2Request; import org.springframework.security.oauth2.provider.OAuth2RequestFactory; import org.springframework.security.oauth2.provider.TokenRequest; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices; import java.util.Collections; @@ -100,7 +100,7 @@ public void setUp() { ); SecurityContextHolder.getContext().setAuthentication(authentication); - client = new BaseClientDetails("clientID",null,"uaa.user",GRANT_TYPE_JWT_BEARER, null); + client = new UaaClientDetails("clientID",null,"uaa.user",GRANT_TYPE_JWT_BEARER, null); when(clientDetailsService.loadClientByClientId(eq(client.getClientId()), anyString())).thenReturn(client); requestParameters = new HashMap<>(); requestParameters.put(OAuth2Utils.CLIENT_ID, client.getClientId()); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/PkceEnhancedAuthorizationCodeTokenGranterTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/PkceEnhancedAuthorizationCodeTokenGranterTest.java index 400c0077724..f540723e95a 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/PkceEnhancedAuthorizationCodeTokenGranterTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/PkceEnhancedAuthorizationCodeTokenGranterTest.java @@ -1,5 +1,6 @@ package org.cloudfoundry.identity.uaa.oauth.token; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.oauth.pkce.PkceValidationException; import org.cloudfoundry.identity.uaa.oauth.pkce.PkceValidationService; import org.cloudfoundry.identity.uaa.zone.MultitenantClientServices; @@ -7,11 +8,11 @@ import org.junit.jupiter.api.Test; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.oauth2.common.exceptions.InvalidGrantException; +import org.springframework.security.oauth2.provider.ClientDetails; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.OAuth2Request; import org.springframework.security.oauth2.provider.OAuth2RequestFactory; import org.springframework.security.oauth2.provider.TokenRequest; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices; import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices; @@ -41,7 +42,7 @@ class PkceEnhancedAuthorizationCodeTokenGranterTest { private MultitenantClientServices clientDetailsService; private OAuth2RequestFactory requestFactory; private OAuth2Request oAuth2Request; - private BaseClientDetails requestingClient; + private UaaClientDetails requestingClient; private Map requestParameters; private OAuth2Authentication authentication; private TokenRequest tokenRequest; @@ -68,7 +69,7 @@ public void setup() { SecurityContextHolder.getContext().setAuthentication(authentication); - requestingClient = new BaseClientDetails("requestingId",null,"uaa.user",GRANT_TYPE_AUTHORIZATION_CODE, null); + requestingClient = new UaaClientDetails("requestingId",null,"uaa.user",GRANT_TYPE_AUTHORIZATION_CODE, null); when(clientDetailsService.loadClientByClientId(eq(requestingClient.getClientId()), anyString())).thenReturn(requestingClient); when(authorizationCodeServices.consumeAuthorizationCode("1234")).thenReturn(authentication); when(authentication.getOAuth2Request()).thenReturn(oAuth2Request); @@ -87,7 +88,7 @@ public void setup() { @Test void getOAuth2Authentication() throws PkceValidationException { when(pkceValidationService.checkAndValidate(any(), any(), any())).thenReturn(false); - assertThrows(InvalidGrantException.class, () -> granter.getOAuth2Authentication(requestingClient, tokenRequest)); + assertThrows(InvalidGrantException.class, () -> granter.getOAuth2Authentication((ClientDetails) requestingClient, tokenRequest)); } @Test @@ -97,7 +98,7 @@ void getOAuth2AuthenticationMethod() throws PkceValidationException { when(pkceValidationService.checkAndValidate(any(), any(), any())).thenReturn(true); when(oAuth2Request.getExtensions()).thenReturn(authMap); when(oAuth2Request.createOAuth2Request(any())).thenReturn(oAuth2Request); - assertNotNull(granter.getOAuth2Authentication(requestingClient, tokenRequest)); + assertNotNull(granter.getOAuth2Authentication((ClientDetails) requestingClient, tokenRequest)); verify(oAuth2Request, times(2)).getExtensions(); } @@ -108,7 +109,7 @@ void getOAuth2AuthenticationNoMethod() throws PkceValidationException { when(pkceValidationService.checkAndValidate(any(), any(), any())).thenReturn(true); when(oAuth2Request.getExtensions()).thenReturn(authMap); when(oAuth2Request.createOAuth2Request(any())).thenReturn(oAuth2Request); - assertNotNull(granter.getOAuth2Authentication(requestingClient, tokenRequest)); + assertNotNull(granter.getOAuth2Authentication((ClientDetails) requestingClient, tokenRequest)); verify(oAuth2Request, atMost(1)).getExtensions(); } } \ No newline at end of file diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/Saml2TokenGranterTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/Saml2TokenGranterTest.java index 87225d39b82..c875cf19db3 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/Saml2TokenGranterTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/Saml2TokenGranterTest.java @@ -15,6 +15,7 @@ package org.cloudfoundry.identity.uaa.oauth.token; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.oauth.UaaOauth2Authentication; import org.cloudfoundry.identity.uaa.oauth.client.ClientConstants; import org.cloudfoundry.identity.uaa.security.beans.DefaultSecurityContextAccessor; @@ -48,7 +49,6 @@ import org.springframework.security.oauth2.provider.OAuth2Request; import org.springframework.security.oauth2.provider.OAuth2RequestFactory; import org.springframework.security.oauth2.provider.TokenRequest; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices; import org.springframework.security.saml.SAMLAuthenticationToken; import org.springframework.security.saml.context.SAMLMessageContext; @@ -96,9 +96,9 @@ public class Saml2TokenGranterTest { private TokenRequest tokenRequest; private UaaAuthentication userAuthentication; private Map requestParameters; - private BaseClientDetails requestingClient; - private BaseClientDetails receivingClient; - private BaseClientDetails passwordClient; + private UaaClientDetails requestingClient; + private UaaClientDetails receivingClient; + private UaaClientDetails passwordClient; private SAMLAuthenticationToken samltoken; private SAMLMessageContext samlcontext; private UaaUserDatabase uaaUserDatabase = mock(UaaUserDatabase.class); @@ -127,9 +127,9 @@ public void setup() { samltoken = new SAMLAuthenticationToken(samlcontext); SecurityContextHolder.getContext().setAuthentication(authentication); - requestingClient = new BaseClientDetails("requestingId",null,"uaa.user",GRANT_TYPE_SAML2_BEARER, null); - receivingClient = new BaseClientDetails("receivingId",null,"test.scope",GRANT_TYPE_SAML2_BEARER, null); - passwordClient = new BaseClientDetails("pwdId",null,"test.scope","password", null); + requestingClient = new UaaClientDetails("requestingId",null,"uaa.user",GRANT_TYPE_SAML2_BEARER, null); + receivingClient = new UaaClientDetails("receivingId",null,"test.scope",GRANT_TYPE_SAML2_BEARER, null); + passwordClient = new UaaClientDetails("pwdId",null,"test.scope","password", null); when(clientDetailsService.loadClientByClientId(eq(requestingClient.getClientId()), anyString())).thenReturn(requestingClient); when(clientDetailsService.loadClientByClientId(eq(receivingClient.getClientId()), anyString())).thenReturn(receivingClient); when(mockSecurityAccessor.isUser()).thenReturn(true); @@ -204,7 +204,7 @@ public void test_grant() { @Test public void test_oauth2_authentication_with_empty_allowed() { OAuth2Request myReq = new OAuth2Request(requestParameters, receivingClient.getClientId(), receivingClient.getAuthorities(), true, receivingClient.getScope(), receivingClient.getResourceIds(), null, null, null); - BaseClientDetails myClient = new BaseClientDetails(requestingClient); + UaaClientDetails myClient = new UaaClientDetails(requestingClient); List allowedProviders = new LinkedList(); Map additionalInformation = new LinkedHashMap<>(); Collection me = AuthorityUtils.commaSeparatedStringToAuthorityList("openid,foo.bar,uaa.user,one.read"); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/UserTokenGranterTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/UserTokenGranterTest.java index d93a63a2e1f..a25c82bf409 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/UserTokenGranterTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/oauth/token/UserTokenGranterTest.java @@ -15,6 +15,7 @@ package org.cloudfoundry.identity.uaa.oauth.token; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.oauth.UaaOauth2Authentication; import org.cloudfoundry.identity.uaa.zone.MultitenantClientServices; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; @@ -30,7 +31,6 @@ import org.springframework.security.oauth2.common.exceptions.InvalidGrantException; import org.springframework.security.oauth2.provider.OAuth2RequestFactory; import org.springframework.security.oauth2.provider.TokenRequest; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices; import java.util.*; @@ -63,8 +63,8 @@ public class UserTokenGranterTest { private TokenRequest tokenRequest; private UaaAuthentication userAuthentication; private Map requestParameters; - private BaseClientDetails requestingClient; - private BaseClientDetails receivingClient; + private UaaClientDetails requestingClient; + private UaaClientDetails receivingClient; private RevocableTokenProvisioning tokenStore; @Before @@ -84,8 +84,8 @@ public void setup() { ); SecurityContextHolder.getContext().setAuthentication(authentication); - requestingClient = new BaseClientDetails("requestingId",null,"uaa.user",GRANT_TYPE_USER_TOKEN, null); - receivingClient = new BaseClientDetails("receivingId",null,"test.scope",GRANT_TYPE_REFRESH_TOKEN, null); + requestingClient = new UaaClientDetails("requestingId",null,"uaa.user",GRANT_TYPE_USER_TOKEN, null); + receivingClient = new UaaClientDetails("receivingId",null,"test.scope",GRANT_TYPE_REFRESH_TOKEN, null); when(clientDetailsService.loadClientByClientId(eq(requestingClient.getClientId()), anyString())).thenReturn(requestingClient); when(clientDetailsService.loadClientByClientId(eq(receivingClient.getClientId()), anyString())).thenReturn(receivingClient); requestParameters = new HashMap<>(); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ChangeEmailEndpointsMockMvcTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ChangeEmailEndpointsMockMvcTest.java index 62d66e4a91b..1ecb8daf676 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ChangeEmailEndpointsMockMvcTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ChangeEmailEndpointsMockMvcTest.java @@ -19,7 +19,7 @@ import org.mockito.junit.jupiter.MockitoExtension; import org.springframework.context.ApplicationEventPublisher; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder; import org.springframework.test.web.servlet.result.MockMvcResultMatchers; @@ -121,7 +121,7 @@ void changeEmail() throws Exception { when(mockExpiringCodeStore.retrieveCode("the_secret_code", currentIdentityZoneId)) .thenReturn(new ExpiringCode("the_secret_code", new Timestamp(System.currentTimeMillis()), "{\"userId\":\"user-id-001\",\"email\":\"new@example.com\", \"client_id\":\"app\"}", EMAIL.name())); - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); Map additionalInformation = new HashMap<>(); additionalInformation.put("change_email_redirect_url", "app_callback_url"); clientDetails.setAdditionalInformation(additionalInformation); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/security/beans/DefaultSecurityContextAccessorTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/security/beans/DefaultSecurityContextAccessorTests.java index 89d8de9d1a4..bf8a2eb37aa 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/security/beans/DefaultSecurityContextAccessorTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/security/beans/DefaultSecurityContextAccessorTests.java @@ -4,6 +4,7 @@ import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationTestFactory; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.user.UaaAuthority; import org.cloudfoundry.identity.uaa.util.UaaStringUtils; @@ -21,7 +22,6 @@ import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import java.util.Collections; import java.util.LinkedList; @@ -81,7 +81,7 @@ void adminClientIsAdmin() { @Test void zoneAdminUserIsAdmin() { - BaseClientDetails client = new BaseClientDetails(); + UaaClientDetails client = new UaaClientDetails(); List authorities = new LinkedList<>(); authorities.add(new SimpleGrantedAuthority("zones." + IdentityZoneHolder.get().getId() + ".admin")); client.setAuthorities(authorities); @@ -98,7 +98,7 @@ void zoneAdminUserIsAdmin() { @Test void zoneAdminUserIsNotAdmin_BecauseOriginIsNotUaa() { - BaseClientDetails client = new BaseClientDetails(); + UaaClientDetails client = new UaaClientDetails(); List authorities = new LinkedList<>(); authorities.add(new SimpleGrantedAuthority("zones." + IdentityZoneHolder.get().getId() + ".admin")); client.setAuthorities(authorities); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/test/TestAccountSetup.java b/server/src/test/java/org/cloudfoundry/identity/uaa/test/TestAccountSetup.java index 472192ea1ba..75bf6472484 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/test/TestAccountSetup.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/test/TestAccountSetup.java @@ -12,6 +12,7 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.test; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.cloudfoundry.identity.uaa.constants.OriginKeys; @@ -37,7 +38,6 @@ import org.springframework.security.oauth2.client.token.AccessTokenRequest; import org.springframework.security.oauth2.client.token.DefaultAccessTokenRequest; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.util.Assert; import org.springframework.web.client.RestOperations; @@ -114,21 +114,21 @@ private void initializeIfNecessary(FrameworkMethod method, Object target) { } private void createCfClient(RestOperations client) { - BaseClientDetails clientDetails = new BaseClientDetails("cf", "cloud_controller,openid,password", + UaaClientDetails clientDetails = new UaaClientDetails("cf", "cloud_controller,openid,password", "openid,cloud_controller.read,cloud_controller_service_permissions.read,password.write,scim.userids", "implicit", "uaa.none", "https://uaa.cloudfoundry.com/redirect/cf"); createClient(client, testAccounts.getClientDetails("oauth.clients.cf", clientDetails)); } private void createScimClient(RestOperations client) { - BaseClientDetails clientDetails = new BaseClientDetails("scim", "oauth", "uaa.none", "client_credentials", + UaaClientDetails clientDetails = new UaaClientDetails("scim", "oauth", "uaa.none", "client_credentials", "scim.read,scim.write,password.write,oauth.approvals","http://some.redirect.url.com"); clientDetails.setClientSecret("scimsecret"); createClient(client, testAccounts.getClientDetails("oauth.clients.scim", clientDetails)); } private void createAppClient(RestOperations client) { - BaseClientDetails clientDetails = new BaseClientDetails("app", "none", + UaaClientDetails clientDetails = new UaaClientDetails("app", "none", "cloud_controller.read,cloud_controller_service_permissions.read,openid,password.write", "password,authorization_code,refresh_token", "uaa.resource"); clientDetails.setClientSecret("appclientsecret"); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/test/UaaTestAccounts.java b/server/src/test/java/org/cloudfoundry/identity/uaa/test/UaaTestAccounts.java index bcbd787d601..e53a57117d0 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/test/UaaTestAccounts.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/test/UaaTestAccounts.java @@ -12,6 +12,7 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.test; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.cloudfoundry.identity.uaa.constants.OriginKeys; @@ -29,7 +30,6 @@ import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordResourceDetails; import org.springframework.security.oauth2.common.AuthenticationScheme; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.util.StringUtils; import java.net.URLEncoder; @@ -236,7 +236,7 @@ public ResourceOwnerPasswordResourceDetails getResourceOwnerPasswordResource(Str return resource; } - public ClientDetails getClientDetails(String prefix, BaseClientDetails defaults) { + public ClientDetails getClientDetails(String prefix, UaaClientDetails defaults) { String clientId = environment.getProperty(prefix + ".id", defaults.getClientId()); String clientSecret = environment.getProperty(prefix + ".secret", defaults.getClientSecret()); String resourceIds = environment.getProperty(prefix + ".resource-ids", @@ -249,7 +249,7 @@ public ClientDetails getClientDetails(String prefix, BaseClientDetails defaults) StringUtils.collectionToCommaDelimitedString(defaults.getAuthorities())); String redirectUris = environment.getProperty(prefix + ".redirect-uri", StringUtils.collectionToCommaDelimitedString(defaults.getRegisteredRedirectUri())); - BaseClientDetails result = new BaseClientDetails(clientId, resourceIds, scopes, grantTypes, authorities, + UaaClientDetails result = new UaaClientDetails(clientId, resourceIds, scopes, grantTypes, authorities, redirectUris); result.setClientSecret(clientSecret); return result; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/test/ZoneSeeder.java b/server/src/test/java/org/cloudfoundry/identity/uaa/test/ZoneSeeder.java index 65ea10ed293..4713b57042b 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/test/ZoneSeeder.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/test/ZoneSeeder.java @@ -5,6 +5,7 @@ import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; import org.cloudfoundry.identity.uaa.client.JdbcQueryableClientDetailsService; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.oauth.client.ClientConstants; import org.cloudfoundry.identity.uaa.provider.IdentityProvider; @@ -25,7 +26,6 @@ import org.springframework.http.HttpHeaders; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import java.util.ArrayList; import java.util.HashMap; @@ -128,7 +128,7 @@ public ZoneSeeder withClientWithImplicitPasswordRefreshTokenGrants() { } public ZoneSeeder withClientWithImplicitPasswordRefreshTokenGrants(String clientId, String commaSeparatedScopeNames) { - BaseClientDetails newClient = new BaseClientDetails(clientId, + UaaClientDetails newClient = new UaaClientDetails(clientId, "none", commaSeparatedScopeNames, "implicit,password,refresh_token", @@ -143,7 +143,7 @@ public ZoneSeeder withClientWithImplicitPasswordRefreshTokenGrants(String client public ZoneSeeder withClientWithImplicitAndAuthorizationCodeGrants( String clientId, String commaSeparatedRedirectUris) { - BaseClientDetails newClient = new BaseClientDetails( + UaaClientDetails newClient = new UaaClientDetails( clientId, "none", "openid", @@ -158,7 +158,7 @@ public ZoneSeeder withClientWithImplicitAndAuthorizationCodeGrants( } public ZoneSeeder withAdminClientWithClientCredentialsGrant() { - BaseClientDetails newClient = new BaseClientDetails(ADMIN_CLIENT_CREDENTIALS_CLIENT_ID, + UaaClientDetails newClient = new UaaClientDetails(ADMIN_CLIENT_CREDENTIALS_CLIENT_ID, "none", "uaa.none", "client_credentials", diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/util/DomainFilterTest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/util/DomainFilterTest.java index b7ad14dac29..0199bff360d 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/util/DomainFilterTest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/util/DomainFilterTest.java @@ -14,6 +14,7 @@ package org.cloudfoundry.identity.uaa.util; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.provider.IdentityProvider; import org.cloudfoundry.identity.uaa.provider.LdapIdentityProviderDefinition; @@ -23,7 +24,6 @@ import org.hamcrest.Matchers; import org.junit.Before; import org.junit.Test; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import java.util.Arrays; import java.util.Collections; @@ -73,7 +73,7 @@ public class DomainFilterTest { " \n" + ""; - BaseClientDetails client; + UaaClientDetails client; List activeProviders = EMPTY_LIST; IdentityProvider uaaProvider; IdentityProvider ldapProvider; @@ -91,7 +91,7 @@ public class DomainFilterTest { @Before public void setUp() { - client = new BaseClientDetails("clientid","", "", "","",""); + client = new UaaClientDetails("clientid","", "", "","",""); uaaDef = new UaaIdentityProviderDefinition(null, null); ldapDef = new LdapIdentityProviderDefinition(); samlDef1 = new SamlIdentityProviderDefinition() diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/util/JwtTokenSignedByThisUAATest.java b/server/src/test/java/org/cloudfoundry/identity/uaa/util/JwtTokenSignedByThisUAATest.java index 82c35c5c80a..30cbe4c95cc 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/util/JwtTokenSignedByThisUAATest.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/util/JwtTokenSignedByThisUAATest.java @@ -20,6 +20,8 @@ import org.apache.logging.log4j.core.LogEvent; import org.apache.logging.log4j.core.LoggerContext; import org.apache.logging.log4j.core.appender.AbstractAppender; +import org.cloudfoundry.identity.uaa.client.InMemoryClientDetailsService; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.oauth.KeyInfo; import org.cloudfoundry.identity.uaa.oauth.KeyInfoService; import org.cloudfoundry.identity.uaa.oauth.jwt.ChainedSignatureVerifier; @@ -52,8 +54,6 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; -import org.springframework.security.oauth2.provider.client.InMemoryClientDetailsService; import javax.crypto.spec.SecretKeySpec; import java.nio.charset.StandardCharsets; @@ -114,7 +114,7 @@ public class JwtTokenSignedByThisUAATest { private InMemoryMultitenantClientServices inMemoryMultitenantClientServices; private UaaUserDatabase userDb; private UaaUser uaaUser; - private BaseClientDetails uaaClient; + private UaaClientDetails uaaClient; private Collection uaaUserGroups; private List logEvents; @@ -206,7 +206,7 @@ public void setup() throws KeyLengthException { when(mockIdentityZoneManager.getCurrentIdentityZoneId()).thenReturn(IdentityZone.getUaaZoneId()); inMemoryMultitenantClientServices = new InMemoryMultitenantClientServices(mockIdentityZoneManager); - uaaClient = new BaseClientDetails("app", "acme", "acme.dev", GRANT_TYPE_AUTHORIZATION_CODE, ""); + uaaClient = new UaaClientDetails("app", "acme", "acme.dev", GRANT_TYPE_AUTHORIZATION_CODE, ""); uaaClient.addAdditionalInformation(REQUIRED_USER_GROUPS, Collections.emptyList()); inMemoryMultitenantClientServices.setClientDetailsStore(IdentityZone.getUaaZoneId(), Collections.singletonMap(CLIENT_ID, uaaClient)); @@ -635,7 +635,7 @@ public void clientHasScopeRevoked() { clientDetailsService.setClientDetailsStore( Collections.singletonMap( "app", - new BaseClientDetails("app", "acme", "a.different.scope", GRANT_TYPE_AUTHORIZATION_CODE, "") + new UaaClientDetails("app", "acme", "a.different.scope", GRANT_TYPE_AUTHORIZATION_CODE, "") ) ); diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/zone/InMemoryMultitenantClientServices.java b/server/src/test/java/org/cloudfoundry/identity/uaa/zone/InMemoryMultitenantClientServices.java index 7e5aee70d2b..060115fed23 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/zone/InMemoryMultitenantClientServices.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/zone/InMemoryMultitenantClientServices.java @@ -1,11 +1,11 @@ package org.cloudfoundry.identity.uaa.zone; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; +import org.cloudfoundry.identity.uaa.provider.ClientAlreadyExistsException; +import org.cloudfoundry.identity.uaa.provider.ClientRegistrationException; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager; -import org.springframework.security.oauth2.provider.ClientAlreadyExistsException; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.ClientRegistrationException; -import org.springframework.security.oauth2.provider.NoSuchClientException; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import java.util.ArrayList; import java.util.HashMap; @@ -18,18 +18,18 @@ public class InMemoryMultitenantClientServices extends MultitenantClientServices { - private ConcurrentMap> services = new ConcurrentHashMap<>(); + private ConcurrentMap> services = new ConcurrentHashMap<>(); public InMemoryMultitenantClientServices(IdentityZoneManager identityZoneManager) { super(identityZoneManager); } - public void setClientDetailsStore(String zoneId, Map store) { + public void setClientDetailsStore(String zoneId, Map store) { services.put(zoneId, store); } - public Map getInMemoryService(String zoneId) { - Map clientDetailsStore = new HashMap<>(); + public Map getInMemoryService(String zoneId) { + Map clientDetailsStore = new HashMap<>(); services.putIfAbsent(zoneId, clientDetailsStore); return services.get(zoneId); } @@ -60,7 +60,7 @@ public void deleteClientJwtConfig(String clientId, String keyConfig, String zone @Override public void addClientDetails(ClientDetails clientDetails, String zoneId) throws ClientAlreadyExistsException { - getInMemoryService(zoneId).put(clientDetails.getClientId(), (BaseClientDetails) clientDetails); + getInMemoryService(zoneId).put(clientDetails.getClientId(), (UaaClientDetails) clientDetails); } @Override @@ -70,7 +70,7 @@ public void updateClientDetails(ClientDetails clientDetails, String zoneId) thro @Override public void updateClientSecret(String clientId, String secret, String zoneId) throws NoSuchClientException { - ofNullable((BaseClientDetails) loadClientByClientId(clientId, zoneId)).ifPresent(client -> + ofNullable((UaaClientDetails) loadClientByClientId(clientId, zoneId)).ifPresent(client -> client.setClientSecret(secret) ); } @@ -92,7 +92,7 @@ public List listClientDetails(String zoneId) { @Override public ClientDetails loadClientByClientId(String clientId, String zoneId) throws ClientRegistrationException { - BaseClientDetails result = getInMemoryService(zoneId).get(clientId); + UaaClientDetails result = getInMemoryService(zoneId).get(clientId); if (result == null) { throw new NoSuchClientException("No client with requested id: " + clientId); } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/zone/MultitenantJdbcClientDetailsServiceTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/zone/MultitenantJdbcClientDetailsServiceTests.java index ecf45d04d14..cc4bcff5295 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/zone/MultitenantJdbcClientDetailsServiceTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/zone/MultitenantJdbcClientDetailsServiceTests.java @@ -9,6 +9,7 @@ import org.cloudfoundry.identity.uaa.login.util.RandomValueStringGenerator; import org.cloudfoundry.identity.uaa.oauth.UaaOauth2Authentication; import org.cloudfoundry.identity.uaa.oauth.client.ClientConstants; +import org.cloudfoundry.identity.uaa.provider.ClientAlreadyExistsException; import org.cloudfoundry.identity.uaa.util.JsonUtils; import org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager; import org.hamcrest.Matchers; @@ -21,11 +22,9 @@ import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.oauth2.provider.AuthorizationRequest; -import org.springframework.security.oauth2.provider.ClientAlreadyExistsException; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.NoSuchClientException; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.util.StringUtils; import java.sql.Timestamp; @@ -75,7 +74,7 @@ class MultitenantJdbcClientDetailsServiceTests { private RandomValueStringGenerator randomValueStringGenerator; private String dbRequestedUserGroups = "uaa.user,uaa.something"; - private BaseClientDetails baseClientDetails; + private UaaClientDetails baseClientDetails; private JdbcTemplate spyJdbcTemplate; private IdentityZoneManager mockIdentityZoneManager; private String currentZoneId; @@ -97,7 +96,7 @@ void setup() { when(mockIdentityZoneManager.getCurrentIdentityZoneId()).thenReturn(currentZoneId); service = spy(new MultitenantJdbcClientDetailsService(spyJdbcTemplate, mockIdentityZoneManager, passwordEncoder)); - baseClientDetails = new BaseClientDetails(); + baseClientDetails = new UaaClientDetails(); String clientId = "client-with-id-" + new RandomValueStringGenerator(36).generate(); baseClientDetails.setClientId(clientId); } @@ -274,7 +273,7 @@ void autoApproveOnlyReturnedInField_andNotInAdditionalInfo() { jdbcTemplate .update("update oauth_client_details set additional_information=? where client_id=?", "{\"autoapprove\":[\"bar.read\"]}", clientId); - BaseClientDetails clientDetails = (BaseClientDetails) service + UaaClientDetails clientDetails = (UaaClientDetails) service .loadClientByClientId(clientId); assertEquals(clientId, clientDetails.getClientId()); @@ -284,7 +283,7 @@ void autoApproveOnlyReturnedInField_andNotInAdditionalInfo() { jdbcTemplate .update("update oauth_client_details set additional_information=? where client_id=?", "{\"autoapprove\":true}", clientId); - clientDetails = (BaseClientDetails) service + clientDetails = (UaaClientDetails) service .loadClientByClientId(clientId); assertNull(clientDetails.getAdditionalInformation().get(ClientConstants.AUTO_APPROVE)); assertThat(clientDetails.getAutoApproveScopes(), Matchers.hasItems("true")); @@ -311,22 +310,22 @@ void loadingClientIdWithSingleDetails() { assertNotNull(clientDetails); assertTrue(clientDetails instanceof UaaClientDetails); - UaaClientDetails uaaClientDetails = (UaaClientDetails) clientDetails; - assertEquals("clientIdWithSingleDetails", uaaClientDetails.getClientId()); - assertTrue(uaaClientDetails.isSecretRequired()); - assertEquals("mySecret", uaaClientDetails.getClientSecret()); - assertTrue(uaaClientDetails.isScoped()); - assertEquals(1, uaaClientDetails.getScope().size()); - assertEquals("myScope", uaaClientDetails.getScope().iterator().next()); - assertEquals(1, uaaClientDetails.getResourceIds().size()); - assertEquals("myResource", uaaClientDetails.getResourceIds().iterator().next()); - assertEquals(1, uaaClientDetails.getAuthorizedGrantTypes().size()); - assertEquals("myAuthorizedGrantType", uaaClientDetails .getAuthorizedGrantTypes().iterator().next()); - assertEquals("myRedirectUri", uaaClientDetails.getRegisteredRedirectUri() .iterator().next()); - assertEquals(1, uaaClientDetails.getAuthorities().size()); - assertEquals("myAuthority", uaaClientDetails.getAuthorities().iterator() .next().getAuthority()); - assertEquals(new Integer(100), uaaClientDetails.getAccessTokenValiditySeconds()); - assertEquals(new Integer(200), uaaClientDetails.getRefreshTokenValiditySeconds()); + UaaClientDetails uaaUaaClientDetails = (UaaClientDetails) clientDetails; + assertEquals("clientIdWithSingleDetails", uaaUaaClientDetails.getClientId()); + assertTrue(uaaUaaClientDetails.isSecretRequired()); + assertEquals("mySecret", uaaUaaClientDetails.getClientSecret()); + assertTrue(uaaUaaClientDetails.isScoped()); + assertEquals(1, uaaUaaClientDetails.getScope().size()); + assertEquals("myScope", uaaUaaClientDetails.getScope().iterator().next()); + assertEquals(1, uaaUaaClientDetails.getResourceIds().size()); + assertEquals("myResource", uaaUaaClientDetails.getResourceIds().iterator().next()); + assertEquals(1, uaaUaaClientDetails.getAuthorizedGrantTypes().size()); + assertEquals("myAuthorizedGrantType", uaaUaaClientDetails.getAuthorizedGrantTypes().iterator().next()); + assertEquals("myRedirectUri", uaaUaaClientDetails.getRegisteredRedirectUri() .iterator().next()); + assertEquals(1, uaaUaaClientDetails.getAuthorities().size()); + assertEquals("myAuthority", uaaUaaClientDetails.getAuthorities().iterator() .next().getAuthority()); + assertEquals(new Integer(100), uaaUaaClientDetails.getAccessTokenValiditySeconds()); + assertEquals(new Integer(200), uaaUaaClientDetails.getRefreshTokenValiditySeconds()); } @Test @@ -448,7 +447,7 @@ void loadingClientIdWithMultipleDetails() { @Test void addClientWithNoDetails() { - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId("addedClientIdWithNoDetails"); service.addClientDetails(clientDetails); @@ -464,18 +463,18 @@ void addClientWithNoDetails() { @Test void addClientWithSalt() { String id = "addedClientIdWithSalt"; - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId(id); clientDetails.setClientSecret("secret"); clientDetails.addAdditionalInformation(ClientConstants.TOKEN_SALT, "salt"); service.addClientDetails(clientDetails); - clientDetails = (BaseClientDetails) service.loadClientByClientId(id); + clientDetails = (UaaClientDetails) service.loadClientByClientId(id); assertNotNull(clientDetails); assertEquals("salt", clientDetails.getAdditionalInformation().get(ClientConstants.TOKEN_SALT)); clientDetails.addAdditionalInformation(ClientConstants.TOKEN_SALT, "newsalt"); service.updateClientDetails(clientDetails); - clientDetails = (BaseClientDetails) service.loadClientByClientId(id); + clientDetails = (UaaClientDetails) service.loadClientByClientId(id); assertNotNull(clientDetails); assertEquals("newsalt", clientDetails.getAdditionalInformation().get(ClientConstants.TOKEN_SALT)); } @@ -483,7 +482,7 @@ void addClientWithSalt() { @Test void insertDuplicateClient() { - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId("duplicateClientIdWithNoDetails"); service.addClientDetails(clientDetails); @@ -494,7 +493,7 @@ void insertDuplicateClient() { @Test void updateClientSecret() { final String newClientSecret = "newClientSecret-" + randomValueStringGenerator.generate(); - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId("newClientIdWithNoDetails"); service.addClientDetails(clientDetails); service.updateClientSecret(clientDetails.getClientId(), newClientSecret); @@ -510,7 +509,7 @@ void updateClientSecret() { @Test void deleteClientSecret() { String clientId = "client_id_test_delete"; - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId(clientId); clientDetails.setClientSecret(SECRET); service.addClientDetails(clientDetails); @@ -531,7 +530,7 @@ void deleteClientSecret() { @Test void updateClientJwt() { - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId("newClientIdWithNoDetails"); service.addClientDetails(clientDetails); service.addClientJwtConfig(clientDetails.getClientId(), "http://localhost:8080/uaa/token_keys", currentZoneId, true); @@ -547,7 +546,7 @@ void updateClientJwt() { @Test void deleteClientJwt() { String clientId = "client_id_test_delete"; - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId(clientId); service.addClientDetails(clientDetails); service.addClientJwtConfig(clientDetails.getClientId(), "http://localhost:8080/uaa/token_keys", currentZoneId, true); @@ -593,7 +592,7 @@ void updateClientJwtConfig() { @Test void updateClientRedirectURI() { - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId("newClientIdWithNoDetails"); service.addClientDetails(clientDetails); @@ -617,7 +616,7 @@ void updateClientRedirectURI() { @Test void updateNonExistentClient() { - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId("nosuchClientIdWithNoDetails"); assertThrows(NoSuchClientException.class, @@ -627,7 +626,7 @@ void updateNonExistentClient() { @Test void removeClient() { - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId("deletedClientIdWithNoDetails"); service.addClientDetails(clientDetails); @@ -643,7 +642,7 @@ void removeClient() { @Test void removeNonExistentClient() { - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId("nosuchClientIdWithNoDetails"); assertThrows(NoSuchClientException.class, @@ -653,7 +652,7 @@ void removeNonExistentClient() { @Test void findClients() { - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId("aclient"); service.addClientDetails(clientDetails); @@ -666,7 +665,7 @@ void findClients() { void loadingClientInOtherZoneFromOtherZone() { when(mockIdentityZoneManager.getCurrentIdentityZoneId()).thenReturn("other-zone"); - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId("clientInOtherZone"); service.addClientDetails(clientDetails); assertNotNull(service.loadClientByClientId("clientInOtherZone")); @@ -675,7 +674,7 @@ void loadingClientInOtherZoneFromOtherZone() { @Test void loadingClientInOtherZoneFromDefaultZoneFails() { when(mockIdentityZoneManager.getCurrentIdentityZoneId()).thenReturn("other-zone"); - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId("clientInOtherZone"); service.addClientDetails(clientDetails); when(mockIdentityZoneManager.getCurrentIdentityZoneId()).thenReturn(IdentityZone.getUaaZoneId()); @@ -686,7 +685,7 @@ void loadingClientInOtherZoneFromDefaultZoneFails() { @Test void addingClientToOtherIdentityZoneShouldHaveOtherIdentityZoneId() { when(mockIdentityZoneManager.getCurrentIdentityZoneId()).thenReturn("other-zone"); - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); String clientId = "clientInOtherZone"; clientDetails.setClientId(clientId); service.addClientDetails(clientDetails); @@ -697,7 +696,7 @@ void addingClientToOtherIdentityZoneShouldHaveOtherIdentityZoneId() { @Test void addingClientToDefaultZoneShouldHaveDefaultZoneId() { when(mockIdentityZoneManager.getCurrentIdentityZoneId()).thenReturn(IdentityZone.getUaaZoneId()); - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); String clientId = "clientInDefaultZone"; clientDetails.setClientId(clientId); service.addClientDetails(clientDetails); @@ -710,7 +709,7 @@ void createdByIdInCaseOfUser() { String userId = "4097895b-ebc1-4732-b6e5-2c33dd2c7cd1"; Authentication oldAuth = authenticateAsUserAndReturnOldAuth(userId); - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); String clientId = "clientInDefaultZone"; clientDetails.setClientId(clientId); service.addClientDetails(clientDetails); @@ -726,13 +725,13 @@ void createdByIdInCaseOfClient() { String userId = "4097895b-ebc1-4732-b6e5-2c33dd2c7cd1"; Authentication oldAuth = authenticateAsUserAndReturnOldAuth(userId); - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId("client1"); service.addClientDetails(clientDetails); authenticateAsClient(currentZoneId); - clientDetails = new BaseClientDetails(); + clientDetails = new UaaClientDetails(); String clientId = "client2"; clientDetails.setClientId(clientId); service.addClientDetails(clientDetails); @@ -748,14 +747,14 @@ void nullCreatedById() { String client1 = "client1"; String client2 = "client2"; - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId(client1); service.addClientDetails(clientDetails); assertNull(service.getCreatedByForClientAndZone(client1, currentZoneId)); authenticateAsClient(currentZoneId); - clientDetails = new BaseClientDetails(); + clientDetails = new UaaClientDetails(); clientDetails.setClientId(client2); service.addClientDetails(clientDetails); @@ -782,7 +781,7 @@ private static boolean clientExists(String clientId, String zoneId, JdbcTemplate } private static ClientDetails addClientToDb(String clientId, MultitenantJdbcClientDetailsService service) { - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId(clientId); clientDetails.setClientSecret("secret"); service.addClientDetails(clientDetails); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/client/ClientMetadataAdminEndpointDocs.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/client/ClientMetadataAdminEndpointDocs.java index 3fc3d13235f..ca624cc713b 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/client/ClientMetadataAdminEndpointDocs.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/client/ClientMetadataAdminEndpointDocs.java @@ -15,7 +15,6 @@ import org.springframework.restdocs.payload.JsonFieldType; import org.springframework.restdocs.snippet.Snippet; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.test.web.servlet.ResultActions; import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder; @@ -129,10 +128,10 @@ void getAllClientMetadata() throws Exception { String marissaToken = getUserAccessToken(clientId1); String clientId2 = generator.generate(); - clients.addClientDetails(new BaseClientDetails(clientId2, null, null, null, null)); + clients.addClientDetails(new UaaClientDetails(clientId2, null, null, null, null)); String clientId3 = generator.generate(); - clients.addClientDetails(new BaseClientDetails(clientId3, null, null, null, null)); + clients.addClientDetails(new UaaClientDetails(clientId3, null, null, null, null)); ClientMetadata client3Metadata = new ClientMetadata(); client3Metadata.setClientId(clientId3); client3Metadata.setIdentityZoneId("uaa"); @@ -142,7 +141,7 @@ void getAllClientMetadata() throws Exception { performUpdate(client3Metadata); String clientId4 = generator.generate(); - clients.addClientDetails(new BaseClientDetails(clientId4, null, null, null, null)); + clients.addClientDetails(new UaaClientDetails(clientId4, null, null, null, null)); ClientMetadata client4Metadata = new ClientMetadata(); client4Metadata.setClientId(clientId4); client4Metadata.setIdentityZoneId("uaa"); @@ -213,7 +212,7 @@ private void updateClientMetadata(String clientId) throws Exception { } private void createClient(String clientId) throws Exception { - BaseClientDetails newClient = new BaseClientDetails(clientId, "oauth", "oauth.approvals", "password", "oauth.login","http://redirect.url"); + UaaClientDetails newClient = new UaaClientDetails(clientId, "oauth", "oauth.approvals", "password", "oauth.login","http://redirect.url"); newClient.setClientSecret("secret"); MockHttpServletRequestBuilder createClient = post("/oauth/clients") .header("Authorization", "Bearer " + adminUserToken) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/client/ClientMetadataAdminEndpointsMockMvcTest.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/client/ClientMetadataAdminEndpointsMockMvcTest.java index f76decde55d..fa3c1cdaf31 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/client/ClientMetadataAdminEndpointsMockMvcTest.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/client/ClientMetadataAdminEndpointsMockMvcTest.java @@ -13,7 +13,6 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.ResultActions; import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder; @@ -75,7 +74,7 @@ void getClientMetadata() throws Exception { } private String getUserAccessToken(String clientId) throws Exception { - BaseClientDetails newClient = new BaseClientDetails(clientId, + UaaClientDetails newClient = new UaaClientDetails(clientId, "oauth", "oauth.approvals", "password", @@ -100,10 +99,10 @@ void getAllClientMetadata() throws Exception { String marissaToken = getUserAccessToken(clientId1); String clientId2 = generator.generate(); - clients.addClientDetails(new BaseClientDetails(clientId2, null, null, null, null)); + clients.addClientDetails(new UaaClientDetails(clientId2, null, null, null, null)); String clientId3 = generator.generate(); - clients.addClientDetails(new BaseClientDetails(clientId3, null, null, null, null)); + clients.addClientDetails(new UaaClientDetails(clientId3, null, null, null, null)); ClientMetadata client3Metadata = new ClientMetadata(); client3Metadata.setClientId(clientId3); client3Metadata.setIdentityZoneId("uaa"); @@ -113,7 +112,7 @@ void getAllClientMetadata() throws Exception { performUpdate(client3Metadata); String clientId4 = generator.generate(); - clients.addClientDetails(new BaseClientDetails(clientId4, null, null, null, null)); + clients.addClientDetails(new UaaClientDetails(clientId4, null, null, null, null)); ClientMetadata client4Metadata = new ClientMetadata(); client4Metadata.setClientId(clientId4); client4Metadata.setIdentityZoneId("uaa"); @@ -156,7 +155,7 @@ void wrongAcceptHeader_isNotAcceptable() throws Exception { @Test void updateClientMetadata() throws Exception { String clientId = generator.generate(); - clients.addClientDetails(new BaseClientDetails(clientId, null, null, null, null)); + clients.addClientDetails(new UaaClientDetails(clientId, null, null, null, null)); ClientMetadata updatedClientMetadata = new ClientMetadata(); updatedClientMetadata.setClientId(clientId); @@ -204,7 +203,7 @@ void updateClientMetadata_InsufficientScope() throws Exception { @Test void updateClientMetadata_WithNoClientIdInBody() throws Exception { String clientId = generator.generate(); - clients.addClientDetails(new BaseClientDetails(clientId, null, null, null, null)); + clients.addClientDetails(new UaaClientDetails(clientId, null, null, null, null)); ClientMetadata updatedClientMetadata = new ClientMetadata(); updatedClientMetadata.setClientId(null); @@ -247,7 +246,7 @@ void updateClientMetadata_ForNonExistentClient() throws Exception { @Test void updateClientMetadata_ClientIdMismatch() throws Exception { String clientId = generator.generate(); - clients.addClientDetails(new BaseClientDetails(clientId, null, null, null, null)); + clients.addClientDetails(new UaaClientDetails(clientId, null, null, null, null)); ClientMetadata clientMetadata = new ClientMetadata(); clientMetadata.setClientId("other-client-id"); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ClientAdminEndpointsIntegrationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ClientAdminEndpointsIntegrationTests.java index 795bc02290d..90d82c8bdc1 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ClientAdminEndpointsIntegrationTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ClientAdminEndpointsIntegrationTests.java @@ -16,6 +16,7 @@ import org.cloudfoundry.identity.uaa.ServerRunning; import org.cloudfoundry.identity.uaa.approval.Approval; import org.cloudfoundry.identity.uaa.client.InvalidClientDetailsException; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.error.UaaException; import org.cloudfoundry.identity.uaa.integration.util.IntegrationTestUtils; import org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsCreation; @@ -47,7 +48,6 @@ import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; import org.springframework.web.client.RestTemplate; @@ -129,7 +129,7 @@ public void teardownClients() { for (ClientDetailsModification clientDetailsModification : clientDetailsModifications) { serverRunning.getRestTemplate() .exchange(serverRunning.getUrl("/oauth/clients/{client}"), HttpMethod.DELETE, - new HttpEntity(clientDetailsModification, headers), Void.class, + new HttpEntity(clientDetailsModification, headers), Void.class, clientDetailsModification.getClientId()); } } @@ -199,9 +199,9 @@ public void testCreateClientWithValidLongRedirectUris() { uris.add("http://example.com/myuri/foo/bar/abcdefg/abcdefg" + i); } - BaseClientDetails client = createClientWithSecretAndRedirectUri("secret", uris, "client_credentials"); + UaaClientDetails client = createClientWithSecretAndRedirectUri("secret", uris, "client_credentials"); ResponseEntity result = serverRunning.getRestTemplate().exchange(serverRunning.getUrl("/oauth/clients"), - HttpMethod.POST, new HttpEntity(client, headers), Void.class); + HttpMethod.POST, new HttpEntity(client, headers), Void.class); assertEquals(HttpStatus.CREATED, result.getStatusCode()); } @@ -247,7 +247,7 @@ public void createClientWithCommaDelimitedScopesValidatesAllTheScopes() throws E // make client that can create other clients String newClientId = new RandomValueStringGenerator().generate(); - BaseClientDetails clientCreator = new BaseClientDetails( + UaaClientDetails clientCreator = new UaaClientDetails( newClientId, "", "clients.write,uaa.user", @@ -267,7 +267,7 @@ public void createClientWithCommaDelimitedScopesValidatesAllTheScopes() throws E HttpHeaders headers = getAuthenticatedHeaders(token); // make client with restricted scopes - BaseClientDetails invalidClient = new BaseClientDetails( + UaaClientDetails invalidClient = new UaaClientDetails( new RandomValueStringGenerator().generate(), "", newClientId + ".admin,uaa.admin", @@ -289,12 +289,12 @@ public void createClientWithCommaDelimitedScopesValidatesAllTheScopes() throws E public void createClientWithoutSecretIsRejected() throws Exception { OAuth2AccessToken token = getClientCredentialsAccessToken("clients.read,clients.write"); HttpHeaders headers = getAuthenticatedHeaders(token); - BaseClientDetails invalidSecretClient = new BaseClientDetails(new RandomValueStringGenerator().generate(), "", "foo,bar", + UaaClientDetails invalidSecretClient = new UaaClientDetails(new RandomValueStringGenerator().generate(), "", "foo,bar", "client_credentials", "uaa.none"); invalidSecretClient.setClientSecret("tooLongSecret"); ResponseEntity result = serverRunning.getRestTemplate().exchange( serverRunning.getUrl("/oauth/clients"), HttpMethod.POST, - new HttpEntity(invalidSecretClient, headers), UaaException.class); + new HttpEntity(invalidSecretClient, headers), UaaException.class); assertEquals(HttpStatus.BAD_REQUEST, result.getStatusCode()); assertEquals("invalid_client", result.getBody().getErrorCode()); } @@ -304,12 +304,12 @@ public void createClientWithoutSecretIsRejected() throws Exception { public void createClientWithTooLongSecretIsRejected() throws Exception { OAuth2AccessToken token = getClientCredentialsAccessToken("clients.read,clients.write"); HttpHeaders headers = getAuthenticatedHeaders(token); - BaseClientDetails client = new BaseClientDetails(new RandomValueStringGenerator().generate(), "", "foo,bar", + UaaClientDetails client = new UaaClientDetails(new RandomValueStringGenerator().generate(), "", "foo,bar", "client_credentials", "uaa.none"); client.setClientSecret(SECRET_TOO_LONG); ResponseEntity result = serverRunning.getRestTemplate().exchange( serverRunning.getUrl("/oauth/clients"), HttpMethod.POST, - new HttpEntity(client, headers), UaaException.class); + new HttpEntity(client, headers), UaaException.class); assertEquals(HttpStatus.BAD_REQUEST, result.getStatusCode()); assertEquals("invalid_client", result.getBody().getErrorCode()); } @@ -349,7 +349,7 @@ public void createClientWithStrictSecretPolicyTest() throws Exception { IntegrationTestUtils.createZoneOrUpdateSubdomain(identityClient, serverRunning.getBaseUrl(), testZoneId, testZoneId, config); - BaseClientDetails client = new BaseClientDetails(new RandomValueStringGenerator().generate(), "", "foo,bar", + UaaClientDetails client = new UaaClientDetails(new RandomValueStringGenerator().generate(), "", "foo,bar", "client_credentials", "uaa.none"); client.setClientSecret("Secret1@"); @@ -358,17 +358,17 @@ public void createClientWithStrictSecretPolicyTest() throws Exception { xZoneHeaders.add(IdentityZoneSwitchingFilter.HEADER, testZoneId); ResponseEntity result = serverRunning.getRestTemplate().exchange( serverRunning.getBaseUrl() + "/oauth/clients", HttpMethod.POST, - new HttpEntity(client, xZoneHeaders), UaaException.class); + new HttpEntity(client, xZoneHeaders), UaaException.class); Assert.assertEquals(HttpStatus.CREATED, result.getStatusCode()); //Negative Test - BaseClientDetails failClient = new BaseClientDetails(new RandomValueStringGenerator().generate(), "", "foo,bar", + UaaClientDetails failClient = new UaaClientDetails(new RandomValueStringGenerator().generate(), "", "foo,bar", "client_credentials", "uaa.none"); failClient.setClientSecret("badsecret"); result = serverRunning.getRestTemplate().exchange( serverRunning.getBaseUrl() + "/oauth/clients", HttpMethod.POST, - new HttpEntity(failClient, xZoneHeaders), UaaException.class); + new HttpEntity(failClient, xZoneHeaders), UaaException.class); assertEquals(HttpStatus.BAD_REQUEST, result.getStatusCode()); @@ -404,10 +404,10 @@ public void nonImplicitGrantClientWithoutSecretIsRejectedTxFails() throws Except String grantTypes = "client_credentials"; RandomValueStringGenerator gen = new RandomValueStringGenerator(); String[] ids = new String[5]; - BaseClientDetails[] clients = new BaseClientDetails[ids.length]; + UaaClientDetails[] clients = new UaaClientDetails[ids.length]; for (int i = 0; i < ids.length; i++) { ids[i] = gen.generate(); - clients[i] = new BaseClientDetails(ids[i], "", "foo,bar", grantTypes, "uaa.none"); + clients[i] = new UaaClientDetails(ids[i], "", "foo,bar", grantTypes, "uaa.none"); clients[i].setClientSecret("secret"); clients[i].setAdditionalInformation(Collections.singletonMap("foo", Collections.singletonList("bar"))); @@ -417,7 +417,7 @@ public void nonImplicitGrantClientWithoutSecretIsRejectedTxFails() throws Except serverRunning.getRestTemplate().exchange( serverRunning.getUrl("/oauth/clients/tx"), HttpMethod.POST, - new HttpEntity(clients, headers), + new HttpEntity(clients, headers), UaaException.class); assertEquals(HttpStatus.BAD_REQUEST, result.getStatusCode()); for (String id : ids) { @@ -433,10 +433,10 @@ public void duplicateIdsIsRejectedTxFails() throws Exception { String grantTypes = "client_credentials"; RandomValueStringGenerator gen = new RandomValueStringGenerator(); String[] ids = new String[5]; - BaseClientDetails[] clients = new BaseClientDetails[ids.length]; + UaaClientDetails[] clients = new UaaClientDetails[ids.length]; for (int i = 0; i < ids.length; i++) { ids[i] = gen.generate(); - clients[i] = new BaseClientDetails(ids[i], "", "foo,bar", grantTypes, "uaa.none"); + clients[i] = new UaaClientDetails(ids[i], "", "foo,bar", grantTypes, "uaa.none"); clients[i].setClientSecret("secret"); clients[i].setAdditionalInformation(Collections.singletonMap("foo", Collections.singletonList("bar"))); @@ -447,7 +447,7 @@ public void duplicateIdsIsRejectedTxFails() throws Exception { serverRunning.getRestTemplate().exchange( serverRunning.getUrl("/oauth/clients/tx"), HttpMethod.POST, - new HttpEntity(clients, headers), + new HttpEntity(clients, headers), UaaException.class); assertEquals(HttpStatus.CONFLICT, result.getStatusCode()); for (String id : ids) { @@ -458,38 +458,38 @@ public void duplicateIdsIsRejectedTxFails() throws Exception { @Test public void implicitAndAuthCodeGrantClient() { - BaseClientDetails client = new BaseClientDetails(new RandomValueStringGenerator().generate(), "", "foo,bar", + UaaClientDetails client = new UaaClientDetails(new RandomValueStringGenerator().generate(), "", "foo,bar", "implicit,authorization_code", "uaa.none"); ResponseEntity result = serverRunning.getRestTemplate().exchange( serverRunning.getUrl("/oauth/clients"), HttpMethod.POST, - new HttpEntity(client, headers), UaaException.class); + new HttpEntity(client, headers), UaaException.class); assertEquals(HttpStatus.BAD_REQUEST, result.getStatusCode()); assertEquals("invalid_client", result.getBody().getErrorCode()); } @Test public void implicitGrantClientWithoutSecretIsOk() { - BaseClientDetails client = new BaseClientDetails(new RandomValueStringGenerator().generate(), "", "foo,bar", + UaaClientDetails client = new UaaClientDetails(new RandomValueStringGenerator().generate(), "", "foo,bar", "implicit", "uaa.none", "http://redirect.url"); ResponseEntity result = serverRunning.getRestTemplate().exchange(serverRunning.getUrl("/oauth/clients"), - HttpMethod.POST, new HttpEntity(client, headers), Void.class); + HttpMethod.POST, new HttpEntity(client, headers), Void.class); assertEquals(HttpStatus.CREATED, result.getStatusCode()); } @Test public void passwordGrantClientWithoutSecretIsOk() { - BaseClientDetails client = new BaseClientDetails(new RandomValueStringGenerator().generate(), "", "foo,bar", + UaaClientDetails client = new UaaClientDetails(new RandomValueStringGenerator().generate(), "", "foo,bar", "password", "uaa.none", "http://redirect.url"); ResponseEntity result = serverRunning.getRestTemplate().exchange(serverRunning.getUrl("/oauth/clients"), - HttpMethod.POST, new HttpEntity(client, headers), Void.class); + HttpMethod.POST, new HttpEntity(client, headers), Void.class); assertEquals(HttpStatus.CREATED, result.getStatusCode()); } @Test public void authzCodeGrantAutomaticallyAddsRefreshToken() throws Exception { - BaseClientDetails client = createClient(GRANT_TYPE_AUTHORIZATION_CODE); + UaaClientDetails client = createClient(GRANT_TYPE_AUTHORIZATION_CODE); ResponseEntity result = serverRunning.getForString("/oauth/clients/" + client.getClientId(), headers); assertEquals(HttpStatus.OK, result.getStatusCode()); @@ -498,7 +498,7 @@ public void authzCodeGrantAutomaticallyAddsRefreshToken() throws Exception { @Test public void passwordGrantAutomaticallyAddsRefreshToken() throws Exception { - BaseClientDetails client = createClient("password"); + UaaClientDetails client = createClient("password"); ResponseEntity result = serverRunning.getForString("/oauth/clients/" + client.getClientId(), headers); assertEquals(HttpStatus.OK, result.getStatusCode()); @@ -507,7 +507,7 @@ public void passwordGrantAutomaticallyAddsRefreshToken() throws Exception { @Test public void testUpdateClient() throws Exception { - BaseClientDetails client = createClient("client_credentials"); + UaaClientDetails client = createClient("client_credentials"); client.setResourceIds(Collections.singleton("foo")); client.setClientSecret(null); @@ -519,7 +519,7 @@ public void testUpdateClient() throws Exception { ResponseEntity result = serverRunning.getRestTemplate().exchange( serverRunning.getUrl("/oauth/clients/{client}"), - HttpMethod.PUT, new HttpEntity(client, headers), Void.class, + HttpMethod.PUT, new HttpEntity(client, headers), Void.class, client.getClientId()); assertEquals(HttpStatus.OK, result.getStatusCode()); @@ -536,23 +536,23 @@ public void testUpdateClient() throws Exception { @Test public void testUpdateClients() throws Exception { - BaseClientDetails[] clients = doCreateClients(); + UaaClientDetails[] clients = doCreateClients(); headers = getAuthenticatedHeaders(getClientCredentialsAccessToken("clients.admin,clients.read,clients.write,clients.secret")); headers.add("Accept", "application/json"); - for (BaseClientDetails c : clients) { + for (UaaClientDetails c : clients) { c.setAuthorities(AuthorityUtils.commaSeparatedStringToAuthorityList("some.crap")); c.setAccessTokenValiditySeconds(60); c.setRefreshTokenValiditySeconds(120); } - ResponseEntity result = + ResponseEntity result = serverRunning.getRestTemplate().exchange( serverRunning.getUrl("/oauth/clients/tx"), HttpMethod.PUT, - new HttpEntity(clients, headers), - BaseClientDetails[].class); + new HttpEntity(clients, headers), + UaaClientDetails[].class); assertEquals(HttpStatus.OK, result.getStatusCode()); validateClients(clients, result.getBody()); - for (BaseClientDetails c : clients) { + for (UaaClientDetails c : clients) { ClientDetails client = getClient(c.getClientId()); assertNotNull(client); assertEquals((Integer) 120, client.getRefreshTokenValiditySeconds()); @@ -562,18 +562,18 @@ public void testUpdateClients() throws Exception { @Test public void testDeleteClients() throws Exception { - BaseClientDetails[] clients = doCreateClients(); + UaaClientDetails[] clients = doCreateClients(); headers = getAuthenticatedHeaders(getClientCredentialsAccessToken("clients.admin,clients.read,clients.write,clients.secret,clients.admin")); headers.add("Accept", "application/json"); - ResponseEntity result = + ResponseEntity result = serverRunning.getRestTemplate().exchange( serverRunning.getUrl("/oauth/clients/tx/delete"), HttpMethod.POST, new HttpEntity<>(clients, headers), - BaseClientDetails[].class); + UaaClientDetails[].class); assertEquals(HttpStatus.OK, result.getStatusCode()); validateClients(clients, result.getBody()); - for (BaseClientDetails c : clients) { + for (UaaClientDetails c : clients) { ClientDetails client = getClient(c.getClientId()); assertNull(client); } @@ -581,20 +581,20 @@ public void testDeleteClients() throws Exception { @Test public void testDeleteClientsMissingId() throws Exception { - BaseClientDetails[] clients = doCreateClients(); + UaaClientDetails[] clients = doCreateClients(); headers = getAuthenticatedHeaders(getClientCredentialsAccessToken("clients.admin,clients.read,clients.write,clients.secret,clients.admin")); headers.add("Accept", "application/json"); String oldId = clients[clients.length - 1].getClientId(); clients[clients.length - 1].setClientId("unknown.id"); - ResponseEntity result = + ResponseEntity result = serverRunning.getRestTemplate().exchange( serverRunning.getUrl("/oauth/clients/tx/delete"), HttpMethod.POST, - new HttpEntity(clients, headers), - BaseClientDetails[].class); + new HttpEntity(clients, headers), + UaaClientDetails[].class); assertEquals(HttpStatus.NOT_FOUND, result.getStatusCode()); clients[clients.length - 1].setClientId(oldId); - for (BaseClientDetails c : clients) { + for (UaaClientDetails c : clients) { ClientDetails client = getClient(c.getClientId()); assertNotNull(client); } @@ -603,7 +603,7 @@ public void testDeleteClientsMissingId() throws Exception { @Test public void testChangeSecret() throws Exception { headers = getAuthenticatedHeaders(getClientCredentialsAccessToken("clients.read,clients.write,clients.secret,uaa.admin")); - BaseClientDetails client = createClient("client_credentials"); + UaaClientDetails client = createClient("client_credentials"); client.setResourceIds(Collections.singleton("foo")); @@ -620,7 +620,7 @@ public void testChangeSecret() throws Exception { @Test public void testChangeJwtConfig() throws Exception { headers = getAuthenticatedHeaders(getClientCredentialsAccessToken("clients.read,clients.write,clients.trust,uaa.admin")); - BaseClientDetails client = createClient("client_credentials"); + UaaClientDetails client = createClient("client_credentials"); client.setResourceIds(Collections.singleton("foo")); @@ -638,7 +638,7 @@ public void testChangeJwtConfig() throws Exception { @Test public void testChangeJwtConfigNoAuthorization() throws Exception { headers = getAuthenticatedHeaders(getClientCredentialsAccessToken("clients.read,clients.write,clients.trust,uaa.admin")); - BaseClientDetails client = createClient("client_credentials"); + UaaClientDetails client = createClient("client_credentials"); headers = getAuthenticatedHeaders(getClientCredentialsAccessToken("clients.read,clients.write")); client.setResourceIds(Collections.singleton("foo")); @@ -657,7 +657,7 @@ public void testChangeJwtConfigNoAuthorization() throws Exception { @Test public void testChangeJwtConfigInvalidTokenKey() throws Exception { headers = getAuthenticatedHeaders(getClientCredentialsAccessToken("clients.read,clients.write,clients.secret,uaa.admin")); - BaseClientDetails client = createClient("client_credentials"); + UaaClientDetails client = createClient("client_credentials"); client.setResourceIds(Collections.singleton("foo")); @@ -675,7 +675,7 @@ public void testChangeJwtConfigInvalidTokenKey() throws Exception { @Test public void testCreateClientsWithStrictSecretPolicy() throws Exception { headers = getAuthenticatedHeaders(getClientCredentialsAccessToken("clients.read,clients.write,clients.secret,uaa.admin")); - BaseClientDetails client = createClient("client_credentials"); + UaaClientDetails client = createClient("client_credentials"); client.setResourceIds(Collections.singleton("foo")); @@ -691,13 +691,13 @@ public void testCreateClientsWithStrictSecretPolicy() throws Exception { @Test public void testDeleteClient() throws Exception { - BaseClientDetails client = createClient("client_credentials"); + UaaClientDetails client = createClient("client_credentials"); client.setResourceIds(Collections.singleton("foo")); ResponseEntity result = serverRunning.getRestTemplate() .exchange(serverRunning.getUrl("/oauth/clients/{client}"), HttpMethod.DELETE, - new HttpEntity(client, headers), Void.class, + new HttpEntity(client, headers), Void.class, client.getClientId()); assertEquals(HttpStatus.OK, result.getStatusCode()); } @@ -723,12 +723,12 @@ public void testAddUpdateAndDeleteTx() throws Exception { headers = getAuthenticatedHeaders(getClientCredentialsAccessToken("clients.admin")); headers.add("Accept", "application/json"); String oldId = clients[clients.length - 1].getClientId(); - ResponseEntity result = + ResponseEntity result = serverRunning.getRestTemplate().exchange( serverRunning.getUrl("/oauth/clients/tx/modify"), HttpMethod.POST, new HttpEntity(clients, headers), - BaseClientDetails[].class); + UaaClientDetails[].class); assertEquals(HttpStatus.OK, result.getStatusCode()); //set the deleted client ID so we can verify it is gone. clients[clients.length - 1].setClientId(oldId); @@ -745,11 +745,11 @@ public void testAddUpdateAndDeleteTx() throws Exception { @Test // CFID-372 public void testCreateExistingClientFails() throws Exception { - BaseClientDetails client = createClient("client_credentials"); + UaaClientDetails client = createClient("client_credentials"); @SuppressWarnings("rawtypes") ResponseEntity attempt = serverRunning.getRestTemplate().exchange(serverRunning.getUrl("/oauth/clients"), - HttpMethod.POST, new HttpEntity(client, headers), Map.class); + HttpMethod.POST, new HttpEntity(client, headers), Map.class); assertEquals(HttpStatus.CONFLICT, attempt.getStatusCode()); @SuppressWarnings("unchecked") Map map = attempt.getBody(); @@ -759,7 +759,7 @@ public void testCreateExistingClientFails() throws Exception { @Test public void testClientApprovalsDeleted() throws Exception { //create client - BaseClientDetails client = createClient("client_credentials", "password"); + UaaClientDetails client = createClient("client_credentials", "password"); assertNotNull(getClient(client.getClientId())); //issue a user token for this client OAuth2AccessToken userToken = getUserAccessToken(client.getClientId(), "secret", testAccounts.getUserName(), testAccounts.getPassword(), "oauth.approvals"); @@ -772,7 +772,7 @@ public void testClientApprovalsDeleted() throws Exception { Assert.assertEquals(3, approvals.length); //delete the client ResponseEntity result = serverRunning.getRestTemplate().exchange(serverRunning.getUrl("/oauth/clients/{client}"), HttpMethod.DELETE, - new HttpEntity(client, getAuthenticatedHeaders(token)), Void.class, client.getClientId()); + new HttpEntity(client, getAuthenticatedHeaders(token)), Void.class, client.getClientId()); assertEquals(HttpStatus.OK, result.getStatusCode()); //create a client that can read another clients approvals @@ -788,7 +788,7 @@ public void testClientApprovalsDeleted() throws Exception { @Test public void testClientTxApprovalsDeleted() throws Exception { //create client - BaseClientDetails client = createClient("client_credentials", "password"); + UaaClientDetails client = createClient("client_credentials", "password"); assertNotNull(getClient(client.getClientId())); //issue a user token for this client OAuth2AccessToken userToken = getUserAccessToken(client.getClientId(), "secret", testAccounts.getUserName(), testAccounts.getPassword(), "oauth.approvals"); @@ -801,7 +801,7 @@ public void testClientTxApprovalsDeleted() throws Exception { Assert.assertEquals(3, approvals.length); //delete the client ResponseEntity result = serverRunning.getRestTemplate().exchange(serverRunning.getUrl("/oauth/clients/tx/delete"), HttpMethod.POST, - new HttpEntity(new BaseClientDetails[]{client}, getAuthenticatedHeaders(getClientCredentialsAccessToken("clients.admin"))), Void.class); + new HttpEntity(new UaaClientDetails[]{client}, getAuthenticatedHeaders(getClientCredentialsAccessToken("clients.admin"))), Void.class); assertEquals(HttpStatus.OK, result.getStatusCode()); //create a client that can read another clients approvals String deletedClientId = client.getClientId(); @@ -830,7 +830,7 @@ public void testClientTxModifyApprovalsDeleted() throws Exception { //delete the client client.setAction(ClientDetailsModification.DELETE); ResponseEntity result = serverRunning.getRestTemplate().exchange(serverRunning.getUrl("/oauth/clients/tx/modify"), HttpMethod.POST, - new HttpEntity(new BaseClientDetails[]{client}, getAuthenticatedHeaders(getClientCredentialsAccessToken("clients.admin"))), Void.class); + new HttpEntity(new UaaClientDetails[]{client}, getAuthenticatedHeaders(getClientCredentialsAccessToken("clients.admin"))), Void.class); assertEquals(HttpStatus.OK, result.getStatusCode()); //create a client that can read another clients approvals String deletedClientId = client.getClientId(); @@ -920,7 +920,7 @@ private ClientDetailsModification createClientWithSecret(String secret, String.. createClientWithSecretAndRedirectUri(secret, Collections.singleton("http://redirect.url"), grantTypes); ResponseEntity result = serverRunning.getRestTemplate().exchange(serverRunning.getUrl("/oauth/clients"), - HttpMethod.POST, new HttpEntity(client, headers), Void.class); + HttpMethod.POST, new HttpEntity(client, headers), Void.class); assertEquals(HttpStatus.CREATED, result.getStatusCode()); return client; } @@ -929,7 +929,7 @@ private ClientDetailsModification createApprovalsClient(String... grantTypes) { ClientDetailsModification client =createClientWithSecretAndRedirectUri("secret", Collections.singleton("http://redirect.url"), grantTypes); ResponseEntity result = serverRunning.getRestTemplate().exchange(serverRunning.getUrl("/oauth/clients"), - HttpMethod.POST, new HttpEntity(client, headers), Void.class); + HttpMethod.POST, new HttpEntity(client, headers), Void.class); assertEquals(HttpStatus.CREATED, result.getStatusCode()); return client; } @@ -996,12 +996,12 @@ private OAuth2AccessToken getUserAccessToken(String clientId, String clientSecre public ClientDetails getClient(String id) throws Exception { HttpHeaders headers = getAuthenticatedHeaders(getClientCredentialsAccessToken("clients.read")); - ResponseEntity result = + ResponseEntity result = serverRunning.getRestTemplate().exchange( serverRunning.getUrl("/oauth/clients/" + id), HttpMethod.GET, new HttpEntity(null, headers), - BaseClientDetails.class); + UaaClientDetails.class); if (result.getStatusCode() == HttpStatus.NOT_FOUND) { @@ -1014,7 +1014,7 @@ public ClientDetails getClient(String id) throws Exception { } - public boolean validateClients(BaseClientDetails[] expected, BaseClientDetails[] actual) { + public boolean validateClients(UaaClientDetails[] expected, UaaClientDetails[] actual) { assertNotNull(expected); assertNotNull(actual); assertEquals(expected.length, actual.length); @@ -1026,9 +1026,9 @@ public boolean validateClients(BaseClientDetails[] expected, BaseClientDetails[] return true; } - private static class ClientIdComparator implements Comparator { + private static class ClientIdComparator implements Comparator { @Override - public int compare(BaseClientDetails o1, BaseClientDetails o2) { + public int compare(UaaClientDetails o1, UaaClientDetails o2) { return (o1.getClientId().compareTo(o2.getClientId())); } diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/IdentityZoneEndpointsIntegrationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/IdentityZoneEndpointsIntegrationTests.java index 4cc3a45c8c8..6e67346e30c 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/IdentityZoneEndpointsIntegrationTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/IdentityZoneEndpointsIntegrationTests.java @@ -32,7 +32,7 @@ import org.springframework.security.oauth2.client.test.OAuth2ContextSetup; import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.springframework.web.client.RestTemplate; import java.util.Collections; @@ -196,7 +196,7 @@ public void testCreateZoneWithClient() { id); assertEquals(HttpStatus.CREATED, response.getStatusCode()); - BaseClientDetails clientDetails = new BaseClientDetails("test123", null,"openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.resource"); + UaaClientDetails clientDetails = new UaaClientDetails("test123", null,"openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.resource"); clientDetails.setClientSecret("testSecret"); clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, Collections.singleton(OriginKeys.UAA)); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/IntrospectEndpointIntegrationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/IntrospectEndpointIntegrationTests.java index 55698c9510e..7a19648c434 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/IntrospectEndpointIntegrationTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/IntrospectEndpointIntegrationTests.java @@ -3,6 +3,7 @@ import org.apache.http.impl.client.BasicCookieStore; import org.apache.http.impl.cookie.BasicClientCookie; import org.cloudfoundry.identity.uaa.ServerRunning; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.integration.feature.DefaultIntegrationTestConfig; import org.cloudfoundry.identity.uaa.integration.util.IntegrationTestUtils; import org.cloudfoundry.identity.uaa.scim.ScimGroup; @@ -23,7 +24,6 @@ import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails; import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken; import org.springframework.security.oauth2.common.OAuth2AccessToken; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.security.oauth2.provider.token.DefaultUserAuthenticationConverter; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; @@ -370,7 +370,7 @@ public void testValidPasswordGrant_ValidClientTokenWithoutAppResourceAndValidBas public void testValidPasswordGrant_RequiresClientCredentialsToken() { final String adminClientCredentialsToken = IntegrationTestUtils.getClientCredentialsToken(serverRunning, "admin", "adminsecret"); - BaseClientDetails clientDetails = new BaseClientDetails(); + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId("clientIdWithUaaResourceScope"); clientDetails.setClientSecret("secret"); clientDetails.setAuthorities(AuthorityUtils.commaSeparatedStringToAuthorityList("uaa.none")); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/LdapIntegrationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/LdapIntegrationTests.java index 97435bc4fc1..ad95a176cb3 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/LdapIntegrationTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/LdapIntegrationTests.java @@ -15,6 +15,7 @@ import com.fasterxml.jackson.core.type.TypeReference; import org.cloudfoundry.identity.uaa.ServerRunning; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.oauth.client.ClientConstants; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.integration.util.IntegrationTestUtils; @@ -32,7 +33,6 @@ import org.junit.Test; import org.cloudfoundry.identity.uaa.oauth.jwt.JwtHelper; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.web.client.RestTemplate; import java.util.Collections; @@ -150,7 +150,7 @@ public void test_LDAP_Custom_User_Attributes_In_ID_Token() { List idps = Collections.singletonList(provider.getOriginKey()); String adminClientInZone = new RandomValueStringGenerator().generate(); - BaseClientDetails clientDetails = new BaseClientDetails(adminClientInZone, null, "openid,user_attributes,roles", "password,authorization_code,client_credentials", "uaa.admin,scim.read,scim.write,uaa.resource", zoneUrl); + UaaClientDetails clientDetails = new UaaClientDetails(adminClientInZone, null, "openid,user_attributes,roles", "password,authorization_code,client_credentials", "uaa.admin,scim.read,scim.write,uaa.resource", zoneUrl); clientDetails.setClientSecret("secret"); clientDetails.setAutoApproveScopes(Collections.singleton("true")); clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, idps); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/PasswordGrantIntegrationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/PasswordGrantIntegrationTests.java index 62e31257093..dd249797dcd 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/PasswordGrantIntegrationTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/PasswordGrantIntegrationTests.java @@ -2,6 +2,7 @@ import com.fasterxml.jackson.core.type.TypeReference; import org.cloudfoundry.identity.uaa.ServerRunning; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.integration.util.IntegrationTestUtils; import org.cloudfoundry.identity.uaa.oauth.client.ClientConstants; import org.cloudfoundry.identity.uaa.oauth.token.ClaimConstants; @@ -16,7 +17,6 @@ import org.springframework.http.ResponseEntity; import org.springframework.http.client.ClientHttpResponse; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; import org.springframework.web.client.ResponseErrorHandler; @@ -63,7 +63,7 @@ public void testUserLoginViaPasswordGrant_usingConfidentialClient() { @Test public void password_grant_returns_correct_error() throws Exception { - BaseClientDetails client = addUserGroupsRequiredClient(); + UaaClientDetails client = addUserGroupsRequiredClient(); ResponseEntity responseEntity = makePasswordGrantRequest(testAccounts.getUserName(), testAccounts.getPassword(), client.getClientId(), "secret", serverRunning.getAccessTokenUri()); assertEquals(HttpStatus.BAD_REQUEST, responseEntity.getStatusCode()); assertEquals(APPLICATION_JSON_VALUE, responseEntity.getHeaders().get("Content-Type").get(0)); @@ -90,13 +90,13 @@ public void passwordGrantNonExistingZone() { assertEquals(HttpStatus.NOT_FOUND, response.getStatusCode()); } - protected BaseClientDetails addUserGroupsRequiredClient() { + protected UaaClientDetails addUserGroupsRequiredClient() { String adminToken = IntegrationTestUtils.getClientCredentialsToken( serverRunning.getBaseUrl(), "admin", "adminsecret" ); - BaseClientDetails client = new BaseClientDetails( + UaaClientDetails client = new UaaClientDetails( generator.generate(), null, "openid", @@ -118,7 +118,7 @@ protected BaseClientDetails addUserGroupsRequiredClient() { ResponseEntity response = new RestTemplate().postForEntity(serverRunning.getUrl("/oauth/clients"), request, String.class); assertEquals(201, response.getStatusCodeValue()); - return JsonUtils.readValue(response.getBody(), BaseClientDetails.class); + return JsonUtils.readValue(response.getBody(), UaaClientDetails.class); } protected static ResponseEntity makePasswordGrantRequest(String userName, String password, String clientId, String clientSecret, String url) { diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ScimGroupEndpointsIntegrationTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ScimGroupEndpointsIntegrationTests.java index 12b8170d24d..40e8f1834db 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ScimGroupEndpointsIntegrationTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/ScimGroupEndpointsIntegrationTests.java @@ -38,7 +38,7 @@ import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken; import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; import org.springframework.web.client.HttpClientErrorException; @@ -47,7 +47,6 @@ import java.net.URI; import java.net.URISyntaxException; import java.util.*; -import java.util.stream.Collectors; import static org.cloudfoundry.identity.uaa.integration.util.IntegrationTestUtils.doesSupportZoneDNS; import static org.cloudfoundry.identity.uaa.integration.util.IntegrationTestUtils.getHeaders; @@ -512,7 +511,7 @@ public void testExtremeGroupPagination() { private void createTestClient(String name, String secret, String scope) { OAuth2AccessToken token = getClientCredentialsAccessToken("clients.read,clients.write,clients.admin"); HttpHeaders headers = getAuthenticatedHeaders(token); - BaseClientDetails client = new BaseClientDetails(name, "", scope, "authorization_code,password", + UaaClientDetails client = new UaaClientDetails(name, "", scope, "authorization_code,password", "scim.read,scim.write", "http://redirect.uri"); client.setClientSecret(secret); ResponseEntity result = serverRunning.getRestTemplate().exchange(serverRunning.getUrl("/oauth/clients"), diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/InvitationsIT.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/InvitationsIT.java index 1d48652ea9e..52572c5418c 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/InvitationsIT.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/InvitationsIT.java @@ -43,7 +43,7 @@ import org.springframework.http.ResponseEntity; import org.springframework.security.oauth2.client.test.TestAccounts; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.web.client.DefaultResponseErrorHandler; @@ -221,7 +221,7 @@ public void performInviteUser(String email, boolean isVerified) { public void acceptInvitation_for_samlUser() throws Exception { webDriver.get(baseUrl + "/logout.do"); - BaseClientDetails appClient = IntegrationTestUtils.getClient(scimToken, baseUrl, "app"); + UaaClientDetails appClient = IntegrationTestUtils.getClient(scimToken, baseUrl, "app"); appClient.setScope(Lists.newArrayList("cloud_controller.read", "password.write", "scim.userids", "cloud_controller.write", "openid", "organizations.acme")); appClient.setAutoApproveScopes(Lists.newArrayList("openid")); IntegrationTestUtils.updateClient(baseUrl, scimToken, appClient); @@ -268,7 +268,7 @@ public void testInsecurePasswordDisplaysErrorMessage() { @Test public void invitedOIDCUserVerified() throws Exception { String clientId = "invite-client" + new RandomValueStringGenerator().generate(); - BaseClientDetails clientDetails = new BaseClientDetails(clientId, null, null, "client_credentials", "scim.invite"); + UaaClientDetails clientDetails = new UaaClientDetails(clientId, null, null, "client_credentials", "scim.invite"); clientDetails.setClientSecret("invite-client-secret"); testClient.createClient(scimToken, clientDetails); String inviteToken = testClient.getOAuthAccessToken(clientId, "invite-client-secret", "client_credentials", "scim.invite"); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/OIDCLoginIT.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/OIDCLoginIT.java index 149c5345072..4b87034cb0e 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/OIDCLoginIT.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/OIDCLoginIT.java @@ -55,7 +55,7 @@ import org.springframework.security.oauth2.client.test.TestAccounts; import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.util.LinkedMultiValueMap; @@ -136,7 +136,7 @@ public class OIDCLoginIT { private String zoneUrl; private IdentityProvider identityProvider; private String clientCredentialsToken; - private BaseClientDetails zoneClient; + private UaaClientDetails zoneClient; private ScimGroup createdGroup; private RestTemplate identityClient; @@ -207,7 +207,7 @@ public void setUp() throws Exception { IntegrationTestUtils.mapExternalGroup(adminToken, subdomain, baseUrl, createdGroupExternalMapping); - zoneClient = new BaseClientDetails(new RandomValueStringGenerator().generate(), null, "openid,user_attributes", "authorization_code,client_credentials", "uaa.admin,scim.read,scim.write,uaa.resource", zoneUrl); + zoneClient = new UaaClientDetails(new RandomValueStringGenerator().generate(), null, "openid,user_attributes", "authorization_code,client_credentials", "uaa.admin,scim.read,scim.write,uaa.resource", zoneUrl); zoneClient.setClientSecret("secret"); zoneClient.setAutoApproveScopes(Collections.singleton("true")); zoneClient = IntegrationTestUtils.createClientAsZoneAdmin(clientCredentialsToken, baseUrl, zone.getId(), zoneClient); @@ -424,7 +424,7 @@ public void testShadowUserNameDefaultsToOIDCSubjectClaim() { serverRunning.setHostName("localhost"); String clientId = "client" + new RandomValueStringGenerator(5).generate(); - BaseClientDetails client = new BaseClientDetails(clientId, null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "openid", baseUrl); + UaaClientDetails client = new UaaClientDetails(clientId, null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "openid", baseUrl); client.setClientSecret("clientsecret"); client.setAutoApproveScopes(Collections.singletonList("true")); IntegrationTestUtils.createClient(adminToken, baseUrl, client); @@ -544,7 +544,7 @@ public void successfulLoginWithOIDC_and_SAML_Provider_PlusRefreshRotation() thro @Test public void testResponseTypeRequired() { - BaseClientDetails uaaClient = new BaseClientDetails(new RandomValueStringGenerator().generate(), null, "openid,user_attributes", "authorization_code,client_credentials", "uaa.admin,scim.read,scim.write,uaa.resource", baseUrl); + UaaClientDetails uaaClient = new UaaClientDetails(new RandomValueStringGenerator().generate(), null, "openid,user_attributes", "authorization_code,client_credentials", "uaa.admin,scim.read,scim.write,uaa.resource", baseUrl); uaaClient.setClientSecret("secret"); uaaClient.setAutoApproveScopes(Collections.singleton("true")); uaaClient = IntegrationTestUtils.createClient(clientCredentialsToken, baseUrl, uaaClient); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/ResetPasswordIT.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/ResetPasswordIT.java index 4226386ae48..78806f3b539 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/ResetPasswordIT.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/ResetPasswordIT.java @@ -14,6 +14,7 @@ import com.dumbster.smtp.SimpleSmtpServer; import com.dumbster.smtp.SmtpMessage; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.integration.util.IntegrationTestUtils; import org.cloudfoundry.identity.uaa.login.test.UnlessProfileActive; import org.junit.After; @@ -27,7 +28,6 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.web.client.RestTemplate; @@ -96,7 +96,7 @@ public void setUp() { String adminAccessToken = testClient.getOAuthAccessToken("admin", "adminsecret", "client_credentials", "clients.read clients.write clients.secret clients.admin"); testClient.createScimClient(adminAccessToken, scimClientId); - BaseClientDetails authCodeClient = new BaseClientDetails(authCodeClientId, "oauth", "uaa.user", "authorization_code,refresh_token", null, "http://example.redirect.com"); + UaaClientDetails authCodeClient = new UaaClientDetails(authCodeClientId, "oauth", "uaa.user", "authorization_code,refresh_token", null, "http://example.redirect.com"); authCodeClient.setClientSecret("scimsecret"); authCodeClient.setAutoApproveScopes(Collections.singletonList("uaa.user")); IntegrationTestUtils.createClient(adminAccessToken, baseUrl, authCodeClient); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginIT.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginIT.java index 6c81b75e0a0..f770cf0b668 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginIT.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/SamlLoginIT.java @@ -22,6 +22,7 @@ import java.util.Map; import java.util.UUID; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.http.HttpEntity; @@ -31,7 +32,6 @@ import org.springframework.http.ResponseEntity; import org.springframework.security.oauth2.client.test.TestAccounts; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.web.client.RestOperations; @@ -430,7 +430,7 @@ public void testSingleLogoutWithNoLogoutUrlOnIDP_withLogoutRedirect() { .login_goesToHomePage(testAccounts.getUserName(), testAccounts.getPassword()); String redirectUrl = zoneUrl + "/login?test=test"; - BaseClientDetails clientDetails = new BaseClientDetails("test-logout-redirect", null, null, GRANT_TYPE_AUTHORIZATION_CODE, null); + UaaClientDetails clientDetails = new UaaClientDetails("test-logout-redirect", null, null, GRANT_TYPE_AUTHORIZATION_CODE, null); clientDetails.setRegisteredRedirectUri(Collections.singleton(redirectUrl)); clientDetails.setClientSecret("secret"); IntegrationTestUtils.createOrUpdateClient(zoneAdminToken, baseUrl, zoneId, clientDetails); @@ -498,7 +498,7 @@ protected IdentityProvider createIdentityProvide return IntegrationTestUtils.createIdentityProvider(originKey, true, baseUrl, serverRunning); } - protected BaseClientDetails createClientAndSpecifyProvider(String clientId, IdentityProvider provider, + protected UaaClientDetails createClientAndSpecifyProvider(String clientId, IdentityProvider provider, String redirectUri) { RestTemplate identityClient = IntegrationTestUtils.getClientCredentialsTemplate( @@ -520,8 +520,8 @@ protected BaseClientDetails createClientAndSpecifyProvider(String clientId, Iden email, "secr3T"); - BaseClientDetails clientDetails = - new BaseClientDetails(clientId, null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.resource", redirectUri); + UaaClientDetails clientDetails = + new UaaClientDetails(clientId, null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.resource", redirectUri); clientDetails.setClientSecret("secret"); List idps = Collections.singletonList(provider.getOriginKey()); clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, idps); @@ -609,7 +609,7 @@ public void perform_SamlInvitation_Automatic_Redirect_In_Zone2(String username, uaaProvider.setConfig(uaaDefinition); uaaProvider = IntegrationTestUtils.createOrUpdateProvider(zoneAdminToken,baseUrl,uaaProvider); - BaseClientDetails uaaAdmin = new BaseClientDetails("admin","","", "client_credentials","uaa.admin,scim.read,scim.write"); + UaaClientDetails uaaAdmin = new UaaClientDetails("admin","","", "client_credentials","uaa.admin,scim.read,scim.write"); uaaAdmin.setClientSecret("adminsecret"); IntegrationTestUtils.createOrUpdateClient(zoneAdminToken, baseUrl, zoneId, uaaAdmin); @@ -754,7 +754,7 @@ public void testSamlLoginClientIDPAuthorizationAutomaticRedirectInZone1() { List idps = Collections.singletonList(provider.getOriginKey()); String clientId = UUID.randomUUID().toString(); String zoneUrl = baseUrl.replace("localhost", "testzone1.localhost"); - BaseClientDetails clientDetails = new BaseClientDetails(clientId, null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.none", zoneUrl); + UaaClientDetails clientDetails = new UaaClientDetails(clientId, null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.none", zoneUrl); clientDetails.setClientSecret("secret"); clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, idps); clientDetails.setAutoApproveScopes(Collections.singleton("true")); @@ -827,7 +827,7 @@ public void testSamlLogin_Map_Groups_In_Zone1() { List idps = Collections.singletonList(provider.getOriginKey()); String adminClientInZone = new RandomValueStringGenerator().generate(); - BaseClientDetails clientDetails = new BaseClientDetails(adminClientInZone, null, "openid", "authorization_code,client_credentials", "uaa.admin,scim.read,scim.write", zoneUrl); + UaaClientDetails clientDetails = new UaaClientDetails(adminClientInZone, null, "openid", "authorization_code,client_credentials", "uaa.admin,scim.read,scim.write", zoneUrl); clientDetails.setClientSecret("secret"); clientDetails.setAutoApproveScopes(Collections.singleton("true")); clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, idps); @@ -939,7 +939,7 @@ public void testSamlLogin_Custom_User_Attributes_And_Roles_In_ID_Token() throws // set up a test client String adminClientInZone = new RandomValueStringGenerator().generate(); - BaseClientDetails clientDetails = new BaseClientDetails(adminClientInZone, null, "openid,user_attributes,roles", "authorization_code,client_credentials", "uaa.admin,scim.read,scim.write,uaa.resource", zoneUrl); + UaaClientDetails clientDetails = new UaaClientDetails(adminClientInZone, null, "openid,user_attributes,roles", "authorization_code,client_credentials", "uaa.admin,scim.read,scim.write,uaa.resource", zoneUrl); clientDetails.setClientSecret("secret"); clientDetails.setAutoApproveScopes(Collections.singleton("true")); clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, idps); @@ -1074,7 +1074,7 @@ public void testSamlLogin_Email_In_ID_Token_When_UserID_IsNotEmail() { List idps = Collections.singletonList(provider.getOriginKey()); String adminClientInZone = new RandomValueStringGenerator().generate(); - BaseClientDetails clientDetails = new BaseClientDetails(adminClientInZone, null, "openid,user_attributes", "authorization_code,client_credentials", "uaa.admin,scim.read,scim.write,uaa.resource", zoneUrl); + UaaClientDetails clientDetails = new UaaClientDetails(adminClientInZone, null, "openid,user_attributes", "authorization_code,client_credentials", "uaa.admin,scim.read,scim.write,uaa.resource", zoneUrl); clientDetails.setClientSecret("secret"); clientDetails.setAutoApproveScopes(Collections.singleton("true")); clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, idps); @@ -1241,7 +1241,7 @@ public void testLoginPageShowsIDPsForAuthcodeClient() throws Exception { String adminAccessToken = testClient.getOAuthAccessToken("admin", "adminsecret", "client_credentials", "clients.read clients.write clients.secret clients.admin"); String clientId = UUID.randomUUID().toString(); - BaseClientDetails clientDetails = new BaseClientDetails(clientId, null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.none", "http://localhost:8080/login"); + UaaClientDetails clientDetails = new UaaClientDetails(clientId, null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.none", "http://localhost:8080/login"); clientDetails.setClientSecret("secret"); clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, idps); @@ -1261,7 +1261,7 @@ public void testLoginSamlOnlyProviderNoUsernamePassword() throws Exception { String adminAccessToken = testClient.getOAuthAccessToken("admin", "adminsecret", "client_credentials", "clients.read clients.write clients.secret clients.admin"); String clientId = UUID.randomUUID().toString(); - BaseClientDetails clientDetails = new BaseClientDetails(clientId, null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.none", "http://localhost:8080/uaa/login"); + UaaClientDetails clientDetails = new UaaClientDetails(clientId, null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.none", "http://localhost:8080/uaa/login"); clientDetails.setClientSecret("secret"); clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, idps); testClient.createClient(adminAccessToken, clientDetails); @@ -1288,7 +1288,7 @@ public void testSamlLoginClientIDPAuthorizationAutomaticRedirect() throws Except String adminAccessToken = testClient.getOAuthAccessToken("admin", "adminsecret", "client_credentials", "clients.read clients.write clients.secret clients.admin"); String clientId = UUID.randomUUID().toString(); - BaseClientDetails clientDetails = new BaseClientDetails(clientId, null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.none", baseUrl); + UaaClientDetails clientDetails = new UaaClientDetails(clientId, null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.none", baseUrl); clientDetails.setClientSecret("secret"); clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, idps); clientDetails.setAutoApproveScopes(Collections.singleton("true")); @@ -1310,7 +1310,7 @@ public void testLoginClientIDPAuthorizationAlreadyLoggedIn() { String adminAccessToken = testClient.getOAuthAccessToken("admin", "adminsecret", "client_credentials", "clients.read clients.write clients.secret clients.admin"); String clientId = UUID.randomUUID().toString(); - BaseClientDetails clientDetails = new BaseClientDetails(clientId, null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.none", "http://localhost:8080/login"); + UaaClientDetails clientDetails = new UaaClientDetails(clientId, null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.none", "http://localhost:8080/login"); clientDetails.setClientSecret("secret"); List idps = Collections.singletonList("okta-local"); //not authorized for the current IDP clientDetails.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, idps); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/TestClient.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/TestClient.java index f559bdad509..6d306a6e45c 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/TestClient.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/feature/TestClient.java @@ -13,6 +13,7 @@ package org.cloudfoundry.identity.uaa.integration.feature; import org.apache.commons.codec.binary.Base64; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.impl.config.LegacyTokenKey; import org.cloudfoundry.identity.uaa.oauth.KeyInfoService; import org.cloudfoundry.identity.uaa.oauth.jwt.JwtClientAuthentication; @@ -24,7 +25,6 @@ import org.springframework.http.HttpMethod; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; import org.springframework.web.client.RestTemplate; @@ -70,7 +70,7 @@ public String getOAuthAccessToken(String baseUrl, String username, String passwo return exchange.getBody().get("access_token").toString(); } - public void createClient(String adminAccessToken, BaseClientDetails clientDetails) { + public void createClient(String adminAccessToken, UaaClientDetails clientDetails) { restfulCreate( adminAccessToken, JsonUtils.writeValueAsString(clientDetails), diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/util/IntegrationTestUtils.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/util/IntegrationTestUtils.java index 86194d764db..396bc88ef3b 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/util/IntegrationTestUtils.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/integration/util/IntegrationTestUtils.java @@ -12,6 +12,7 @@ import org.cloudfoundry.identity.uaa.ServerRunning; import org.cloudfoundry.identity.uaa.account.UserAccountStatus; import org.cloudfoundry.identity.uaa.account.UserInfoResponse; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.integration.feature.TestClient; import org.cloudfoundry.identity.uaa.oauth.jwt.JwtClientAuthentication; @@ -51,7 +52,7 @@ import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken; import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; import org.springframework.util.StringUtils; @@ -661,7 +662,7 @@ public static void addMemberToGroup(RestTemplate client, assertEquals(HttpStatus.CREATED, response.getStatusCode()); } - public static BaseClientDetails getClient(String token, + public static UaaClientDetails getClient(String token, String url, String clientId) { RestTemplate template = new RestTemplate(); @@ -672,20 +673,20 @@ public static BaseClientDetails getClient(String token, HttpEntity getHeaders = new HttpEntity<>(null, headers); - ResponseEntity response = template.exchange( + ResponseEntity response = template.exchange( url + "/oauth/clients/" + clientId, HttpMethod.GET, getHeaders, - BaseClientDetails.class + UaaClientDetails.class ); return response.getBody(); } - public static BaseClientDetails createClientAsZoneAdmin(String zoneAdminToken, + public static UaaClientDetails createClientAsZoneAdmin(String zoneAdminToken, String url, String zoneId, - BaseClientDetails client) { + UaaClientDetails client) { RestTemplate template = new RestTemplate(); MultiValueMap headers = new LinkedMultiValueMap<>(); @@ -701,21 +702,21 @@ public static BaseClientDetails createClientAsZoneAdmin(String zoneAdminToken, String.class ); if (clientCreate.getStatusCode() == HttpStatus.CREATED) { - return JsonUtils.readValue(clientCreate.getBody(), BaseClientDetails.class); + return JsonUtils.readValue(clientCreate.getBody(), UaaClientDetails.class); } throw new RuntimeException("Invalid return code:" + clientCreate.getStatusCode()); } - public static BaseClientDetails createClient(String adminToken, + public static UaaClientDetails createClient(String adminToken, String url, - BaseClientDetails client) { + UaaClientDetails client) { return createOrUpdateClient(adminToken, url, null, client); } - public static BaseClientDetails createOrUpdateClient(String adminToken, + public static UaaClientDetails createOrUpdateClient(String adminToken, String url, String switchToZoneId, - BaseClientDetails client) { + UaaClientDetails client) { RestTemplate template = new RestTemplate(); template.setErrorHandler(new DefaultResponseErrorHandler() { @@ -739,7 +740,7 @@ protected boolean hasError(HttpStatus statusCode) { String.class ); if (clientCreate.getStatusCode() == HttpStatus.CREATED) { - return JsonUtils.readValue(clientCreate.getBody(), BaseClientDetails.class); + return JsonUtils.readValue(clientCreate.getBody(), UaaClientDetails.class); } else if (clientCreate.getStatusCode() == HttpStatus.CONFLICT) { HttpEntity putHeaders = new HttpEntity<>(JsonUtils.writeValueAsBytes(client), headers); ResponseEntity clientUpdate = template.exchange( @@ -749,7 +750,7 @@ protected boolean hasError(HttpStatus statusCode) { String.class ); if (clientUpdate.getStatusCode() == HttpStatus.OK) { - return JsonUtils.readValue(clientCreate.getBody(), BaseClientDetails.class); + return JsonUtils.readValue(clientCreate.getBody(), UaaClientDetails.class); } else { throw new RuntimeException("Invalid update return code:" + clientUpdate.getStatusCode()); } @@ -759,7 +760,7 @@ protected boolean hasError(HttpStatus statusCode) { public static void updateClient(String url, String token, - BaseClientDetails client) { + UaaClientDetails client) { RestTemplate template = new RestTemplate(); MultiValueMap headers = new LinkedMultiValueMap<>(); @@ -769,11 +770,11 @@ public static void updateClient(String url, HttpEntity getHeaders = new HttpEntity<>(client, headers); - ResponseEntity response = template.exchange( + ResponseEntity response = template.exchange( url + "/oauth/clients/" + client.getClientId(), HttpMethod.PUT, getHeaders, - BaseClientDetails.class + UaaClientDetails.class ); response.getBody(); @@ -1557,7 +1558,7 @@ public static String createClientAdminTokenInZone(String baseUrl, String uaaAdmi new String[] { "zones.write", "zones.read", "scim.zones" }, "identity", "identitysecret")); createZoneOrUpdateSubdomain(identityClient, baseUrl, zoneId, zoneId, config); String zoneUrl = baseUrl.replace("localhost", zoneId + ".localhost"); - BaseClientDetails zoneClient = new BaseClientDetails("admin-client-in-zone", null, "openid", + UaaClientDetails zoneClient = new UaaClientDetails("admin-client-in-zone", null, "openid", "authorization_code,client_credentials", "uaa.admin,scim.read,scim.write,zones.testzone1.admin ", zoneUrl); zoneClient.setClientSecret("admin-secret-in-zone"); createOrUpdateClient(uaaAdminToken, baseUrl, zoneId, zoneClient); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/invitations/InvitationsEndpointMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/invitations/InvitationsEndpointMockMvcTests.java index 65655bb338b..5657408451c 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/invitations/InvitationsEndpointMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/invitations/InvitationsEndpointMockMvcTests.java @@ -2,6 +2,7 @@ import com.fasterxml.jackson.core.type.TypeReference; import org.cloudfoundry.identity.uaa.DefaultTestContext; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.codestore.ExpiringCode; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeType; @@ -25,7 +26,6 @@ import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.security.oauth2.common.util.OAuth2Utils; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MvcResult; import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder; @@ -256,7 +256,7 @@ void inviteUserInZoneWithDefaultZoneUaaAdmin() throws Exception { .andReturn(); InvitationsResponse invitationsResponse = readValue(mvcResult.getResponse().getContentAsString(), InvitationsResponse.class); - BaseClientDetails defaultClientDetails = new BaseClientDetails(); + UaaClientDetails defaultClientDetails = new UaaClientDetails(); defaultClientDetails.setClientId("admin"); assertResponseAndCodeCorrect(expiringCodeStore, new String[]{email}, redirectUrl, zoneSeeder.getIdentityZone(), invitationsResponse, defaultClientDetails); @@ -267,7 +267,7 @@ void inviteUserWithinZone() throws Exception { String zonedClientId = "zonedClientId"; String zonedClientSecret = "zonedClientSecret"; - BaseClientDetails zonedClientDetails = (BaseClientDetails) MockMvcUtils.createClient( + UaaClientDetails zonedClientDetails = (UaaClientDetails) MockMvcUtils.createClient( mockMvc, MockMvcUtils.getZoneAdminToken( mockMvc, @@ -313,7 +313,7 @@ void acceptInvitationEmailWithinZone(@Autowired MultitenantJdbcClientDetailsServ String scimInviteClientId = generator.generate(); String scimInviteClientSecret = generator.generate(); - BaseClientDetails client = MockMvcUtils.getClientDetailsModification( + UaaClientDetails client = MockMvcUtils.getClientDetailsModification( scimInviteClientId, scimInviteClientSecret, Collections.singleton("oauth"), diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerMockMvcTests.java index b6ea039d8ea..c491498e3a4 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/AccountsControllerMockMvcTests.java @@ -2,6 +2,7 @@ import org.apache.commons.lang3.RandomStringUtils; import org.cloudfoundry.identity.uaa.DefaultTestContext; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.login.util.RandomValueStringGenerator; import org.cloudfoundry.identity.uaa.account.EmailAccountCreationService; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; @@ -34,7 +35,6 @@ import org.springframework.mock.web.MockHttpSession; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContext; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.security.web.context.HttpSessionSecurityContextRepository; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MvcResult; @@ -175,7 +175,7 @@ void testCreateAccountWithDisableSelfService() throws Exception { IdentityZone zone = MultitenancyFixture.identityZone(subdomain, subdomain); zone.getConfig().getLinks().getSelfService().setSelfServiceLinksEnabled(false); - MockMvcUtils.createOtherIdentityZoneAndReturnResult(mockMvc, webApplicationContext, getBaseClientDetails(), zone, IdentityZoneHolder.getCurrentZoneId()); + MockMvcUtils.createOtherIdentityZoneAndReturnResult(mockMvc, webApplicationContext, getUaaBaseClientDetails(), zone, IdentityZoneHolder.getCurrentZoneId()); mockMvc.perform(get("/create_account") .with(new SetServerNameRequestPostProcessor(subdomain + ".localhost"))) @@ -190,7 +190,7 @@ void testDisableSelfServiceCreateAccountPost() throws Exception { IdentityZone zone = MultitenancyFixture.identityZone(subdomain, subdomain); zone.getConfig().getLinks().getSelfService().setSelfServiceLinksEnabled(false); - MockMvcUtils.createOtherIdentityZoneAndReturnResult(mockMvc, webApplicationContext, getBaseClientDetails(), zone, IdentityZoneHolder.getCurrentZoneId()); + MockMvcUtils.createOtherIdentityZoneAndReturnResult(mockMvc, webApplicationContext, getUaaBaseClientDetails(), zone, IdentityZoneHolder.getCurrentZoneId()); mockMvc.perform(post("/create_account.do") .with(cookieCsrf()) @@ -403,7 +403,7 @@ void testCreatingAnAccountInAnotherZoneWithClientRedirect() throws Exception { identityZone.setName(subdomain); identityZone.setId(new RandomValueStringGenerator().generate()); - MockMvcUtils.createOtherIdentityZone(subdomain, mockMvc, webApplicationContext, getBaseClientDetails(), IdentityZoneHolder.getCurrentZoneId()); + MockMvcUtils.createOtherIdentityZone(subdomain, mockMvc, webApplicationContext, getUaaBaseClientDetails(), IdentityZoneHolder.getCurrentZoneId()); mockMvc.perform(post("/create_account.do") .with(new SetServerNameRequestPostProcessor(subdomain + ".localhost")) @@ -439,8 +439,8 @@ void testCreatingAnAccountInAnotherZoneWithClientRedirect() throws Exception { assertThat(principal.getOrigin(), equalTo(OriginKeys.UAA)); } - private BaseClientDetails getBaseClientDetails() { - BaseClientDetails clientDetails = new BaseClientDetails(); + private UaaClientDetails getUaaBaseClientDetails() { + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId("myzoneclient"); clientDetails.setClientSecret("myzoneclientsecret"); clientDetails.setAuthorizedGrantTypes(Collections.singletonList("client_credentials")); @@ -557,8 +557,8 @@ void testConsentIfConfigured_displaysMeaningfulErrorWhenConsentNotProvided() thr .andExpect(content().string(containsString("Please agree before continuing."))); } - private BaseClientDetails createTestClient() throws Exception { - BaseClientDetails clientDetails = new BaseClientDetails(); + private UaaClientDetails createTestClient() throws Exception { + UaaClientDetails clientDetails = new UaaClientDetails(); clientDetails.setClientId("test-client-" + RandomStringUtils.randomAlphanumeric(200)); clientDetails.setClientSecret("test-client-secret"); clientDetails.setAuthorizedGrantTypes(Collections.singletonList("client_credentials")); @@ -576,7 +576,7 @@ private void createAccount(String expectedRedirectUri, String redirectUri) throw JdbcExpiringCodeStore store = webApplicationContext.getBean(JdbcExpiringCodeStore.class); store.setGenerator(generator); - BaseClientDetails clientDetails = createTestClient(); + UaaClientDetails clientDetails = createTestClient(); mockMvc.perform(post("/create_account.do") diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/InvitationsServiceMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/InvitationsServiceMockMvcTests.java index 69cd9118b4b..fa8ad6760ea 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/InvitationsServiceMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/InvitationsServiceMockMvcTests.java @@ -15,6 +15,7 @@ package org.cloudfoundry.identity.uaa.login; import org.cloudfoundry.identity.uaa.DefaultTestContext; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.login.util.RandomValueStringGenerator; import org.cloudfoundry.identity.uaa.message.EmailService; @@ -38,7 +39,6 @@ import org.springframework.mail.javamail.JavaMailSender; import org.springframework.mock.web.MockHttpSession; import org.springframework.security.oauth2.common.util.OAuth2Utils; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.security.web.context.HttpSessionSecurityContextRepository; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MvcResult; @@ -138,7 +138,7 @@ void testAuthorizeWithInvitationLogin() throws Exception { assertNotNull(inviteSession.getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY)); String redirectUri = "https://example.com/dashboard/?appGuid=app-guid"; String clientId = "authclient-" + new RandomValueStringGenerator().generate(); - BaseClientDetails client = new BaseClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", redirectUri); + UaaClientDetails client = new UaaClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", redirectUri); client.setClientSecret("secret"); String adminToken = MockMvcUtils.getClientCredentialsOAuthAccessToken(mockMvc, "admin", "adminsecret", "", null); MockMvcUtils.createClient(mockMvc, adminToken, client); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/LoginMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/LoginMockMvcTests.java index d739ed89315..a0b0fb0c048 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/LoginMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/LoginMockMvcTests.java @@ -3,6 +3,7 @@ import org.cloudfoundry.identity.uaa.DefaultTestContext; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.codestore.ExpiringCode; import org.cloudfoundry.identity.uaa.codestore.ExpiringCodeStore; import org.cloudfoundry.identity.uaa.codestore.JdbcExpiringCodeStore; @@ -57,7 +58,6 @@ import org.springframework.security.core.context.SecurityContextImpl; import org.springframework.security.crypto.codec.Base64; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.security.web.PortResolverImpl; import org.springframework.security.web.context.HttpSessionSecurityContextRepository; import org.springframework.security.web.savedrequest.DefaultSavedRequest; @@ -243,7 +243,7 @@ private static MockHttpSession configure_UAA_for_idp_discovery( createIdentityProvider(jdbcIdentityProviderProvisioning, zone, identityProvider); String clientId = generator.generate(); - BaseClientDetails client = new BaseClientDetails(clientId, "", "", "client_credentials", "uaa.none", "http://*.wildcard.testing,http://testing.com"); + UaaClientDetails client = new UaaClientDetails(clientId, "", "", "client_credentials", "uaa.none", "http://*.wildcard.testing,http://testing.com"); client.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, allowedProviders); MockMvcUtils.createClient(webApplicationContext, client, zone); @@ -958,7 +958,7 @@ void testLogOutWithClientRedirect() throws Exception { MockMvcUtils.setLogout(webApplicationContext, IdentityZone.getUaaZoneId(), logout); try { String clientId = generator.generate(); - BaseClientDetails client = new BaseClientDetails(clientId, "", "", "client_credentials", "uaa.none", "http://*.wildcard.testing,http://testing.com"); + UaaClientDetails client = new UaaClientDetails(clientId, "", "", "client_credentials", "uaa.none", "http://*.wildcard.testing,http://testing.com"); client.setClientSecret(clientId); MockMvcUtils.createClient(webApplicationContext, client, getUaa()); mockMvc.perform( @@ -1270,7 +1270,7 @@ void testSamlLoginLinksShowActiveProviders( String activeAlias = "login-saml-" + generator.generate(); String inactiveAlias = "login-saml-" + generator.generate(); - BaseClientDetails zoneAdminClient = new BaseClientDetails("admin", null, null, "client_credentials", "clients.admin,scim.read,scim.write"); + UaaClientDetails zoneAdminClient = new UaaClientDetails("admin", null, null, "client_credentials", "clients.admin,scim.read,scim.write"); zoneAdminClient.setClientSecret("admin-secret"); IdentityZoneCreationResult identityZoneCreationResult = MockMvcUtils.createOtherIdentityZoneAndReturnResult("puppy-" + new RandomValueStringGenerator().generate(), mockMvc, webApplicationContext, zoneAdminClient, false, IdentityZoneHolder.getCurrentZoneId()); @@ -1317,7 +1317,7 @@ void testSamlRedirectWhenTheOnlyProvider( ) throws Exception { String alias = "login-saml-" + generator.generate(); final String zoneAdminClientId = "admin"; - BaseClientDetails zoneAdminClient = new BaseClientDetails(zoneAdminClientId, null, "openid", "client_credentials,authorization_code", "clients.admin,scim.read,scim.write", "http://test.redirect.com"); + UaaClientDetails zoneAdminClient = new UaaClientDetails(zoneAdminClientId, null, "openid", "client_credentials,authorization_code", "clients.admin,scim.read,scim.write", "http://test.redirect.com"); zoneAdminClient.setClientSecret("admin-secret"); IdentityZoneCreationResult identityZoneCreationResult = MockMvcUtils.createOtherIdentityZoneAndReturnResult("puppy-" + new AlphanumericRandomValueStringGenerator().generate(), mockMvc, webApplicationContext, zoneAdminClient, false, IdentityZoneHolder.getCurrentZoneId()); @@ -1381,7 +1381,7 @@ void samlRedirect_onlyOneProvider_noClientContext( ) throws Exception { String alias = "login-saml-" + generator.generate(); final String zoneAdminClientId = "admin"; - BaseClientDetails zoneAdminClient = new BaseClientDetails(zoneAdminClientId, null, "openid", "client_credentials,authorization_code", "clients.admin,scim.read,scim.write", "http://test.redirect.com"); + UaaClientDetails zoneAdminClient = new UaaClientDetails(zoneAdminClientId, null, "openid", "client_credentials,authorization_code", "clients.admin,scim.read,scim.write", "http://test.redirect.com"); zoneAdminClient.setClientSecret("admin-secret"); IdentityZoneCreationResult identityZoneCreationResult = MockMvcUtils.createOtherIdentityZoneAndReturnResult("puppy-" + new RandomValueStringGenerator().generate(), mockMvc, webApplicationContext, zoneAdminClient, false, IdentityZoneHolder.getCurrentZoneId()); @@ -1418,7 +1418,7 @@ void externalOauthRedirect_onlyOneProvider_noClientContext_and_ResponseType_Set( @Autowired JdbcIdentityProviderProvisioning jdbcIdentityProviderProvisioning ) throws Exception { final String zoneAdminClientId = "admin"; - BaseClientDetails zoneAdminClient = new BaseClientDetails(zoneAdminClientId, null, "openid", "client_credentials,authorization_code", "clients.admin,scim.read,scim.write", "http://test.redirect.com"); + UaaClientDetails zoneAdminClient = new UaaClientDetails(zoneAdminClientId, null, "openid", "client_credentials,authorization_code", "clients.admin,scim.read,scim.write", "http://test.redirect.com"); zoneAdminClient.setClientSecret("admin-secret"); IdentityZoneCreationResult identityZoneCreationResult = MockMvcUtils.createOtherIdentityZoneAndReturnResult("puppy-" + new RandomValueStringGenerator().generate(), mockMvc, webApplicationContext, zoneAdminClient, false, IdentityZoneHolder.getCurrentZoneId()); @@ -1458,7 +1458,7 @@ void ExternalOAuthRedirectOnlyOneProviderWithDiscoveryUrl( final String zoneAdminClientId = "admin"; final String oidcMetaEndpoint = "http://mocked/.well-known/openid-configuration"; final String oidcAuthUrl = "http://againmocked/oauth/auth"; - BaseClientDetails zoneAdminClient = new BaseClientDetails(zoneAdminClientId, null, "openid", "client_credentials,authorization_code", "clients.admin,scim.read,scim.write", "http://test.redirect.com"); + UaaClientDetails zoneAdminClient = new UaaClientDetails(zoneAdminClientId, null, "openid", "client_credentials,authorization_code", "clients.admin,scim.read,scim.write", "http://test.redirect.com"); zoneAdminClient.setClientSecret("admin-secret"); IdentityZoneCreationResult identityZoneCreationResult = MockMvcUtils.createOtherIdentityZoneAndReturnResult("puppy-" + new RandomValueStringGenerator().generate(), mockMvc, webApplicationContext, zoneAdminClient, false, IdentityZoneHolder.getCurrentZoneId()); @@ -1501,7 +1501,7 @@ void oauthRedirect_stateParameterPassedGetsReturned( @Autowired JdbcIdentityProviderProvisioning jdbcIdentityProviderProvisioning ) throws Exception { final String zoneAdminClientId = "admin"; - BaseClientDetails zoneAdminClient = new BaseClientDetails(zoneAdminClientId, null, "openid", "client_credentials,authorization_code", "clients.admin,scim.read,scim.write", "http://test.redirect.com"); + UaaClientDetails zoneAdminClient = new UaaClientDetails(zoneAdminClientId, null, "openid", "client_credentials,authorization_code", "clients.admin,scim.read,scim.write", "http://test.redirect.com"); zoneAdminClient.setClientSecret("admin-secret"); IdentityZoneCreationResult identityZoneCreationResult = MockMvcUtils.createOtherIdentityZoneAndReturnResult("puppy-" + new RandomValueStringGenerator().generate(), mockMvc, webApplicationContext, zoneAdminClient, false, IdentityZoneHolder.getCurrentZoneId()); @@ -1540,7 +1540,7 @@ void testLoginHintRedirect( @Autowired JdbcIdentityProviderProvisioning jdbcIdentityProviderProvisioning ) throws Exception { final String zoneAdminClientId = "admin"; - BaseClientDetails zoneAdminClient = new BaseClientDetails(zoneAdminClientId, null, "openid", "client_credentials,authorization_code", "clients.admin,scim.read,scim.write", "http://test.redirect.com"); + UaaClientDetails zoneAdminClient = new UaaClientDetails(zoneAdminClientId, null, "openid", "client_credentials,authorization_code", "clients.admin,scim.read,scim.write", "http://test.redirect.com"); zoneAdminClient.setClientSecret("admin-secret"); MockMvcUtils.IdentityZoneCreationResult identityZoneCreationResult = MockMvcUtils.createOtherIdentityZoneAndReturnResult("puppy-" + new RandomValueStringGenerator().generate(), mockMvc, webApplicationContext, zoneAdminClient, false, IdentityZoneHolder.getCurrentZoneId()); @@ -1600,7 +1600,7 @@ void noRedirect_ifProvidersOfDifferentTypesPresent( ) throws Exception { String alias = "login-saml-" + generator.generate(); final String zoneAdminClientId = "admin"; - BaseClientDetails zoneAdminClient = new BaseClientDetails(zoneAdminClientId, null, "openid", "client_credentials,authorization_code", "clients.admin,scim.read,scim.write", "http://test.redirect.com"); + UaaClientDetails zoneAdminClient = new UaaClientDetails(zoneAdminClientId, null, "openid", "client_credentials,authorization_code", "clients.admin,scim.read,scim.write", "http://test.redirect.com"); zoneAdminClient.setClientSecret("admin-secret"); IdentityZoneCreationResult identityZoneCreationResult = MockMvcUtils.createOtherIdentityZoneAndReturnResult("puppy-" + new AlphanumericRandomValueStringGenerator().generate(), mockMvc, webApplicationContext, zoneAdminClient, false, IdentityZoneHolder.getCurrentZoneId()); @@ -1655,7 +1655,7 @@ void testNoCreateAccountLinksWhenUAAisNotAllowedProvider( String alias2 = "login-saml-" + generator.generate(); String alias3 = "login-saml-" + generator.generate(); final String zoneAdminClientId = "admin"; - BaseClientDetails zoneAdminClient = new BaseClientDetails(zoneAdminClientId, null, "openid", "client_credentials,authorization_code", "clients.admin,scim.read,scim.write", "http://test.redirect.com"); + UaaClientDetails zoneAdminClient = new UaaClientDetails(zoneAdminClientId, null, "openid", "client_credentials,authorization_code", "clients.admin,scim.read,scim.write", "http://test.redirect.com"); zoneAdminClient.setClientSecret("admin-secret"); IdentityZoneCreationResult identityZoneCreationResult = MockMvcUtils.createOtherIdentityZoneAndReturnResult("puppy-" + new AlphanumericRandomValueStringGenerator().generate(), mockMvc, webApplicationContext, zoneAdminClient, false, IdentityZoneHolder.getCurrentZoneId()); @@ -1751,7 +1751,7 @@ void testDeactivatedProviderIsRemovedFromSamlLoginLinks( ) throws Exception { assumeFalse(isLimitedMode(limitedModeUaaFilter), "Test only runs in non limited mode."); String alias = "login-saml-" + generator.generate(); - BaseClientDetails zoneAdminClient = new BaseClientDetails("admin", null, null, "client_credentials", "clients.admin,scim.read,scim.write"); + UaaClientDetails zoneAdminClient = new UaaClientDetails("admin", null, null, "client_credentials", "clients.admin,scim.read,scim.write"); zoneAdminClient.setClientSecret("admin-secret"); IdentityZoneCreationResult identityZoneCreationResult = MockMvcUtils.createOtherIdentityZoneAndReturnResult("puppy-" + new AlphanumericRandomValueStringGenerator().generate(), mockMvc, webApplicationContext, zoneAdminClient, IdentityZoneHolder.getCurrentZoneId()); @@ -2318,7 +2318,7 @@ void idpDiscoveryClientNameDisplayed_WithUTF8Characters( IdentityZone zone = setupZone(webApplicationContext, mockMvc, identityZoneProvisioning, generator, config); MockHttpSession session = new MockHttpSession(); String clientId = generator.generate(); - BaseClientDetails client = new BaseClientDetails(clientId, "", "", "client_credentials", "uaa.none", "http://*.wildcard.testing,http://testing.com"); + UaaClientDetails client = new UaaClientDetails(clientId, "", "", "client_credentials", "uaa.none", "http://*.wildcard.testing,http://testing.com"); client.setClientSecret("secret"); client.addAdditionalInformation(ClientConstants.CLIENT_NAME, clientName); MockMvcUtils.createClient(webApplicationContext, client, zone); @@ -2349,7 +2349,7 @@ void accountChooserEnabled_NoSaveAccounts( IdentityZone zone = setupZone(webApplicationContext, mockMvc, identityZoneProvisioning, generator, config); MockHttpSession session = new MockHttpSession(); String clientId = generator.generate(); - BaseClientDetails client = new BaseClientDetails(clientId, "", "", "client_credentials", "uaa.none", "http://*.wildcard.testing,http://testing.com"); + UaaClientDetails client = new UaaClientDetails(clientId, "", "", "client_credentials", "uaa.none", "http://*.wildcard.testing,http://testing.com"); client.setClientSecret("secret"); client.addAdditionalInformation(ClientConstants.CLIENT_NAME, clientName); MockMvcUtils.createClient(webApplicationContext, client, zone); @@ -2379,7 +2379,7 @@ void accountChooserEnabled( MockHttpSession session = new MockHttpSession(); String clientId = generator.generate(); - BaseClientDetails client = new BaseClientDetails(clientId, "", "", "client_credentials", "uaa.none", "http://*.wildcard.testing,http://testing.com"); + UaaClientDetails client = new UaaClientDetails(clientId, "", "", "client_credentials", "uaa.none", "http://*.wildcard.testing,http://testing.com"); client.setClientSecret("secret"); client.addAdditionalInformation(ClientConstants.CLIENT_NAME, clientName); MockMvcUtils.createClient(webApplicationContext, client, zone); @@ -2768,7 +2768,7 @@ void authorizeForClientWithIdpNotAllowed( // authorize for client that does not allow that idp String clientId = "different-provider-client"; - BaseClientDetails client = new BaseClientDetails(clientId, "", "", "client_credentials", "uaa.none", "http://*.wildcard.testing,http://testing.com"); + UaaClientDetails client = new UaaClientDetails(clientId, "", "", "client_credentials", "uaa.none", "http://*.wildcard.testing,http://testing.com"); client.setClientSecret("secret"); client.setScope(singleton("uaa.user")); client.addAdditionalInformation(ClientConstants.CLIENT_NAME, "THE APPLICATION"); @@ -2819,7 +2819,7 @@ private static MockHttpSession setUpClientAndProviderForIdpDiscovery( createIdentityProvider(jdbcIdentityProviderProvisioning, zone, identityProvider); String clientId = generator.generate(); - BaseClientDetails client = new BaseClientDetails(clientId, "", "", "client_credentials", "uaa.none", "http://*.wildcard.testing,http://testing.com"); + UaaClientDetails client = new UaaClientDetails(clientId, "", "", "client_credentials", "uaa.none", "http://*.wildcard.testing,http://testing.com"); client.setClientSecret("secret"); client.addAdditionalInformation(ClientConstants.CLIENT_NAME, "woohoo"); client.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, asList(originKey, "other-provider", UAA, LDAP)); @@ -2916,7 +2916,7 @@ private static IdentityZone setupZone( return zone; } - private static SavedRequest getSavedRequest(BaseClientDetails client) { + private static SavedRequest getSavedRequest(UaaClientDetails client) { return new DefaultSavedRequest(new MockHttpServletRequest(), new PortResolverImpl()) { @Override public String getRedirectUrl() { diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/TokenEndpointDocs.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/TokenEndpointDocs.java index 8880b985511..40974560950 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/TokenEndpointDocs.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/login/TokenEndpointDocs.java @@ -3,6 +3,7 @@ import java.net.URI; import java.util.Collections; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpHeaders; import org.springframework.http.MediaType; @@ -15,7 +16,6 @@ import org.springframework.restdocs.request.ParameterDescriptor; import org.springframework.restdocs.snippet.Snippet; import org.springframework.security.oauth2.common.OAuth2RefreshToken; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.security.web.FilterChainProxy; import org.springframework.security.web.context.HttpSessionSecurityContextRepository; import org.springframework.test.web.servlet.MvcResult; @@ -806,7 +806,7 @@ void revokeAllTokens_forAUser() throws Exception { "", null ); - BaseClientDetails client = createClient(adminToken, "openid", "client_credentials,password", "clients.read"); + UaaClientDetails client = createClient(adminToken, "openid", "client_credentials,password", "clients.read"); String userInfoToken = getUserOAuthAccessToken( @@ -852,8 +852,8 @@ void revokeAllTokens_forAUserClientCombination() throws Exception { "", null ); - BaseClientDetails client = createClient(adminToken, "openid", "password", ""); - BaseClientDetails client2 = createClient(adminToken, "openid", "password", ""); + UaaClientDetails client = createClient(adminToken, "openid", "password", ""); + UaaClientDetails client2 = createClient(adminToken, "openid", "password", ""); String userInfoTokenToRevoke = getUserOAuthAccessToken( @@ -922,7 +922,7 @@ void revokeAllTokens_forAClient() throws Exception { null, true ); - BaseClientDetails client = createClient(adminToken, "openid", "client_credentials,password", "clients.read"); + UaaClientDetails client = createClient(adminToken, "openid", "client_credentials,password", "clients.read"); String readClientsToken = getClientCredentialsOAuthAccessToken( mockMvc, @@ -962,7 +962,7 @@ void revokeSingleToken() throws Exception { true ); - BaseClientDetails client = createClient(adminToken, "openid", "client_credentials,password", "clients.read"); + UaaClientDetails client = createClient(adminToken, "openid", "client_credentials,password", "clients.read"); String userInfoToken = getUserOAuthAccessToken( mockMvc, @@ -1010,7 +1010,7 @@ void listTokens_client() throws Exception { true ); - BaseClientDetails client = createClient(adminToken, "openid", "client_credentials,password", "tokens.list"); + UaaClientDetails client = createClient(adminToken, "openid", "client_credentials,password", "tokens.list"); String clientToken = getClientCredentialsOAuthAccessToken( mockMvc, client.getClientId(), @@ -1050,7 +1050,7 @@ void listTokens_user() throws Exception { true ); - BaseClientDetails client = createClient(adminToken, "openid", "client_credentials,password", "tokens.list"); + UaaClientDetails client = createClient(adminToken, "openid", "client_credentials,password", "tokens.list"); String clientToken = getClientCredentialsOAuthAccessToken( mockMvc, client.getClientId(), @@ -1090,15 +1090,15 @@ void listTokens_user() throws Exception { .andDo(document("{ClassName}/{methodName}", preprocessResponse(prettyPrint()), requestHeaders, pathParameters, listTokenResponseFields)); } - private BaseClientDetails createClient(String token, String scopes, String grantTypes, String authorities) throws Exception { - BaseClientDetails client = new BaseClientDetails( + private UaaClientDetails createClient(String token, String scopes, String grantTypes, String authorities) throws Exception { + UaaClientDetails client = new UaaClientDetails( new RandomValueStringGenerator().generate(), "", scopes, grantTypes, authorities, "http://redirect.url"); client.setClientSecret(SECRET); - BaseClientDetails clientDetails = MockMvcUtils.createClient(mockMvc, token, client); + UaaClientDetails clientDetails = MockMvcUtils.createClient(mockMvc, token, client); clientDetails.setClientSecret(SECRET); return clientDetails; } diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/audit/AuditCheckMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/audit/AuditCheckMockMvcTests.java index 9165ff4dc6b..6f122c36f45 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/audit/AuditCheckMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/audit/AuditCheckMockMvcTests.java @@ -18,6 +18,7 @@ import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails; import org.cloudfoundry.identity.uaa.authentication.event.*; import org.cloudfoundry.identity.uaa.authentication.manager.AuthzAuthenticationManager; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.client.event.AbstractClientAdminEvent; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.mock.util.InterceptingLogger; @@ -52,7 +53,7 @@ import org.springframework.security.crypto.codec.Utf8; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.springframework.security.web.FilterChainProxy; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MvcResult; @@ -182,7 +183,7 @@ void client_modification_logs_authorities_and_scopes() throws Exception { String scopes = "scope1,scope2,scope3"; String grantTypes = "client_credentials,password"; String authorities = "uaa.resource,uaa.admin"; - BaseClientDetails client = new BaseClientDetails(clientId, resource, scopes, grantTypes, authorities); + UaaClientDetails client = new UaaClientDetails(clientId, resource, scopes, grantTypes, authorities); client.setClientSecret(clientSecret); mockMvc.perform( @@ -726,7 +727,7 @@ void clientAuthenticationFailureClientNotFound() throws Exception { @Test void testUserApprovalAdded() throws Exception { - clientRegistrationService.updateClientDetails(new BaseClientDetails("login", "oauth", "oauth.approvals", "password", "oauth.login")); + clientRegistrationService.updateClientDetails(new UaaClientDetails("login", "oauth", "oauth.approvals", "password", "oauth.login")); String marissaToken = testClient.getUserOAuthAccessToken("login", "loginsecret", testUser.getUserName(), testPassword, "oauth.approvals"); Approval[] approvals = {new Approval() @@ -909,7 +910,7 @@ void generateUserDeletedEvent_whenDeletingUser( @Test void generateUserCreatedEvent_DuringLoginServerAuthorize() throws Exception { - clientRegistrationService.updateClientDetails(new BaseClientDetails("login", "oauth", "oauth.approvals", "authorization_code,password,client_credentials", "oauth.login", "http://localhost:8080/uaa")); + clientRegistrationService.updateClientDetails(new UaaClientDetails("login", "oauth", "oauth.approvals", "authorization_code,password,client_credentials", "oauth.login", "http://localhost:8080/uaa")); String username = "jacob" + new RandomValueStringGenerator().generate(); String loginToken = testClient.getClientCredentialsOAuthAccessToken( "login", diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/clients/AdminClientCreator.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/clients/AdminClientCreator.java index c3c09dfdbab..8297dd8cc2d 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/clients/AdminClientCreator.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/clients/AdminClientCreator.java @@ -11,7 +11,6 @@ import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.test.web.servlet.ResultActions; import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder; @@ -67,7 +66,7 @@ ClientDetailsModification createBaseClient(String id, String clientSecret, Colle } protected ClientDetails createClient(String token, String id, String clientSecret, Collection grantTypes) throws Exception { - BaseClientDetails client = createBaseClient(id, clientSecret, grantTypes); + ClientDetails client = createBaseClient(id, clientSecret, grantTypes); MockHttpServletRequestBuilder createClientPost = post("/oauth/clients") .header("Authorization", "Bearer " + token) .accept(APPLICATION_JSON) @@ -79,7 +78,7 @@ protected ClientDetails createClient(String token, String id, String clientSecre protected ClientDetails createAdminClient(String token) throws Exception { List scopes = Arrays.asList("uaa.admin", "oauth.approvals", "clients.read", "clients.write"); - BaseClientDetails client = createBaseClient(null, SECRET, Arrays.asList("password", "client_credentials"), scopes, scopes); + ClientDetails client = createBaseClient(null, SECRET, Arrays.asList("password", "client_credentials"), scopes, scopes); MockHttpServletRequestBuilder createClientPost = post("/oauth/clients") .header("Authorization", "Bearer " + token) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/clients/ClientAdminEndpointDocs.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/clients/ClientAdminEndpointDocs.java index 6c4dc7a8af6..c2cb6a105ec 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/clients/ClientAdminEndpointDocs.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/clients/ClientAdminEndpointDocs.java @@ -1,6 +1,7 @@ package org.cloudfoundry.identity.uaa.mock.clients; import org.apache.commons.lang3.ArrayUtils; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.login.util.RandomValueStringGenerator; import org.cloudfoundry.identity.uaa.oauth.client.ClientConstants; @@ -14,7 +15,6 @@ import org.springframework.restdocs.snippet.Snippet; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.test.web.servlet.ResultActions; import java.util.*; @@ -123,7 +123,7 @@ void createClient() throws Exception { @Test void listClients() throws Exception { - ClientDetails createdClientDetails = JsonUtils.readValue(createClientHelper().andReturn().getResponse().getContentAsString(), BaseClientDetails.class); + ClientDetails createdClientDetails = JsonUtils.readValue(createClientHelper().andReturn().getResponse().getContentAsString(), UaaClientDetails.class); ResultActions resultActions = mockMvc.perform(get("/oauth/clients") .header("Authorization", "Bearer " + clientAdminToken) @@ -168,7 +168,7 @@ void listClients() throws Exception { @Test void retrieveClient() throws Exception { - ClientDetails createdClientDetails = JsonUtils.readValue(createClientHelper().andReturn().getResponse().getContentAsString(), BaseClientDetails.class); + ClientDetails createdClientDetails = JsonUtils.readValue(createClientHelper().andReturn().getResponse().getContentAsString(), UaaClientDetails.class); ResultActions resultActions = mockMvc.perform(get("/oauth/clients/{client_id}", createdClientDetails.getClientId()) .header("Authorization", "Bearer " + clientAdminToken) @@ -196,8 +196,8 @@ void retrieveClient() throws Exception { @Test void updateClient() throws Exception { - ClientDetails createdClientDetails = JsonUtils.readValue(createClientHelper().andReturn().getResponse().getContentAsString(), BaseClientDetails.class); - BaseClientDetails updatedClientDetails = new BaseClientDetails(); + ClientDetails createdClientDetails = JsonUtils.readValue(createClientHelper().andReturn().getResponse().getContentAsString(), UaaClientDetails.class); + UaaClientDetails updatedClientDetails = new UaaClientDetails(); updatedClientDetails.setClientId(createdClientDetails.getClientId()); updatedClientDetails.setScope(Arrays.asList("clients.new", "clients.autoapprove")); updatedClientDetails.setAutoApproveScopes(Collections.singletonList("clients.autoapprove")); @@ -236,7 +236,7 @@ void updateClient() throws Exception { @Test void changeClientSecret() throws Exception { - ClientDetails createdClientDetails = JsonUtils.readValue(createClientHelper().andReturn().getResponse().getContentAsString(), BaseClientDetails.class); + ClientDetails createdClientDetails = JsonUtils.readValue(createClientHelper().andReturn().getResponse().getContentAsString(), UaaClientDetails.class); ResultActions resultActions = mockMvc.perform(put("/oauth/clients/{client_id}/secret", createdClientDetails.getClientId()) .header("Authorization", "Bearer " + clientAdminToken) @@ -264,7 +264,7 @@ void changeClientSecret() throws Exception { @Test void changeClientJwt() throws Exception { - ClientDetails createdClientDetails = JsonUtils.readValue(createClientHelper().andReturn().getResponse().getContentAsString(), BaseClientDetails.class); + ClientDetails createdClientDetails = JsonUtils.readValue(createClientHelper().andReturn().getResponse().getContentAsString(), UaaClientDetails.class); ResultActions resultActions = mockMvc.perform(put("/oauth/clients/{client_id}/clientjwt", createdClientDetails.getClientId()) .header("Authorization", "Bearer " + clientAdminToken) @@ -292,7 +292,7 @@ void changeClientJwt() throws Exception { @Test void deleteClient() throws Exception { - ClientDetails createdClientDetails = JsonUtils.readValue(createClientHelper().andReturn().getResponse().getContentAsString(), BaseClientDetails.class); + ClientDetails createdClientDetails = JsonUtils.readValue(createClientHelper().andReturn().getResponse().getContentAsString(), UaaClientDetails.class); ResultActions resultActions = mockMvc.perform(delete("/oauth/clients/{client_id}", createdClientDetails.getClientId()) .header("Authorization", "Bearer " + clientAdminToken) @@ -320,8 +320,8 @@ void clientTx() throws Exception { // CREATE List scopes = Arrays.asList("clients.read", "clients.write"); - BaseClientDetails createdClientDetails1 = createBasicClientWithAdditionalInformation(scopes); - BaseClientDetails createdClientDetails2 = createBasicClientWithAdditionalInformation(scopes); + UaaClientDetails createdClientDetails1 = createBasicClientWithAdditionalInformation(scopes); + UaaClientDetails createdClientDetails2 = createBasicClientWithAdditionalInformation(scopes); ResultActions createResultActions = mockMvc.perform(post("/oauth/clients/tx") .contentType(APPLICATION_JSON) @@ -435,7 +435,7 @@ void clientTx() throws Exception { entry("client_id", createdClientDetails2.getClientId()) ); - BaseClientDetails createdClientDetails3 = createBasicClientWithAdditionalInformation(scopes); + UaaClientDetails createdClientDetails3 = createBasicClientWithAdditionalInformation(scopes); ClientDetailsModification modify3 = new ClientDetailsModification(createdClientDetails3); modify3.setAction(ClientDetailsModification.ADD); @@ -480,8 +480,8 @@ void clientTx() throws Exception { ); } - private BaseClientDetails createBasicClientWithAdditionalInformation(List scopes) { - BaseClientDetails clientDetails = createBaseClient(null, SECRET, null, scopes, scopes); + private UaaClientDetails createBasicClientWithAdditionalInformation(List scopes) { + UaaClientDetails clientDetails = createBaseClient(null, SECRET, null, scopes, scopes); clientDetails.setAdditionalInformation(additionalInfo()); return clientDetails; } diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/clients/ClientAdminEndpointsMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/clients/ClientAdminEndpointsMockMvcTests.java index 3f265263763..26440854e76 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/clients/ClientAdminEndpointsMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/clients/ClientAdminEndpointsMockMvcTests.java @@ -11,6 +11,7 @@ import org.cloudfoundry.identity.uaa.audit.event.AbstractUaaEvent; import org.cloudfoundry.identity.uaa.client.ClientMetadata; import org.cloudfoundry.identity.uaa.client.InvalidClientDetailsException; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.client.UaaScopes; import org.cloudfoundry.identity.uaa.client.event.ClientAdminEventPublisher; import org.cloudfoundry.identity.uaa.client.event.ClientApprovalsDeletedEvent; @@ -58,7 +59,6 @@ import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MvcResult; import org.springframework.test.web.servlet.ResultActions; @@ -229,7 +229,7 @@ void testCreateClientWithJwtBearerGrantInvalid() throws Exception { @Test void testCreateClientWithInvalidRedirectUrl() throws Exception { - BaseClientDetails client = createBaseClient(new RandomValueStringGenerator().generate(), SECRET, Collections.singleton("implicit")); + UaaClientDetails client = createBaseClient(new RandomValueStringGenerator().generate(), SECRET, Collections.singleton("implicit")); client.setRegisteredRedirectUri(Collections.singleton("*/**")); MockHttpServletRequestBuilder createClientPost = post("/oauth/clients") .header("Authorization", "Bearer " + adminToken) @@ -243,7 +243,7 @@ void testCreateClientWithInvalidRedirectUrl() throws Exception { @Test void testCreateClientWithValidLongRedirectUri() throws Exception { String id = new RandomValueStringGenerator().generate(); - BaseClientDetails client = createBaseClient(id, SECRET, Collections.singletonList(GRANT_TYPE_JWT_BEARER), null, Collections.singletonList(id + ".read")); + UaaClientDetails client = createBaseClient(id, SECRET, Collections.singletonList(GRANT_TYPE_JWT_BEARER), null, Collections.singletonList(id + ".read")); // redirectUri shorter than the database column size HashSet uris = new HashSet<>(); @@ -282,7 +282,7 @@ void createClient_withClientAdminToken_withAuthoritiesExcluded( .contentType(APPLICATION_JSON) .content(JsonUtils.writeValueAsString(client)); ResultActions createResult = mockMvc.perform(createClientPost).andExpect(status().isCreated()); - BaseClientDetails clientDetails = JsonUtils.readValue(createResult.andReturn().getResponse().getContentAsString(), BaseClientDetails.class); + UaaClientDetails clientDetails = JsonUtils.readValue(createResult.andReturn().getResponse().getContentAsString(), UaaClientDetails.class); MockHttpServletRequestBuilder getClientMetadata = get("/oauth/clients/" + clientDetails.getClientId() + "/meta") .header("Authorization", "Bearer " + clientAdminToken) .accept(APPLICATION_JSON) @@ -296,7 +296,7 @@ void createClient_withClientAdminToken_withAuthoritiesExcluded( @Test void testCreateClient_With_Long_Secret() throws Exception { - BaseClientDetails client = createBaseClient(new RandomValueStringGenerator().generate(), SECRET_TOO_LONG, Collections.singleton("client_credentials")); + UaaClientDetails client = createBaseClient(new RandomValueStringGenerator().generate(), SECRET_TOO_LONG, Collections.singleton("client_credentials")); MockHttpServletRequestBuilder createClientPost = post("/oauth/clients") .header("Authorization", "Bearer " + adminToken) .accept(APPLICATION_JSON) @@ -345,7 +345,7 @@ void testClientCRUDAsAdminUser() throws Exception { MvcResult mvcResult = mockMvc.perform(getClient) .andExpect(status().isOk()) .andReturn(); - BaseClientDetails clientDetails = JsonUtils.readValue(mvcResult.getResponse().getContentAsString(), BaseClientDetails.class); + UaaClientDetails clientDetails = JsonUtils.readValue(mvcResult.getResponse().getContentAsString(), UaaClientDetails.class); assertEquals(client.getClientId(), clientDetails.getClientId()); clientDetails.setAuthorizedGrantTypes(Collections.singleton(GRANT_TYPE_AUTHORIZATION_CODE)); @@ -355,7 +355,7 @@ void testClientCRUDAsAdminUser() throws Exception { .contentType(APPLICATION_JSON) .content(JsonUtils.writeValueAsString(clientDetails)); MvcResult result = mockMvc.perform(updateClient).andExpect(status().isOk()).andReturn(); - BaseClientDetails updatedClientDetails = JsonUtils.readValue(result.getResponse().getContentAsString(), BaseClientDetails.class); + UaaClientDetails updatedClientDetails = JsonUtils.readValue(result.getResponse().getContentAsString(), UaaClientDetails.class); assertEquals(client.getClientId(), updatedClientDetails.getClientId()); assertThat(updatedClientDetails.getAuthorizedGrantTypes(), PredicateMatcher.has(m -> m.equals(GRANT_TYPE_AUTHORIZATION_CODE))); @@ -363,7 +363,7 @@ void testClientCRUDAsAdminUser() throws Exception { .header("Authorization", "Bearer" + adminUserToken) .accept(APPLICATION_JSON); MvcResult deleteResult = mockMvc.perform(deleteClient).andExpect(status().isOk()).andReturn(); - BaseClientDetails deletedClientDetails = JsonUtils.readValue(deleteResult.getResponse().getContentAsString(), BaseClientDetails.class); + UaaClientDetails deletedClientDetails = JsonUtils.readValue(deleteResult.getResponse().getContentAsString(), UaaClientDetails.class); assertEquals(client.getClientId(), deletedClientDetails.getClientId()); } @@ -371,7 +371,7 @@ void testClientCRUDAsAdminUser() throws Exception { void create_client_and_check_created_by() throws Exception { setupAdminUserToken(); - BaseClientDetails clientDetails = createClient(Arrays.asList("password.write", "scim.write", "scim.read", "clients.write")); + UaaClientDetails clientDetails = createClient(Arrays.asList("password.write", "scim.write", "scim.read", "clients.write")); ClientMetadata clientMetadata = obtainClientMetadata(clientDetails.getClientId()); SearchResults> marissa = (SearchResults>) scimUserEndpoints.findUsers("id,userName", "userName eq \"" + testUser.getUserName() + "\"", "userName", "asc", 0, 1); @@ -400,8 +400,8 @@ void test_Read_Restricted_Scopes() throws Exception { void testCreate_RestrictedClient_Fails() throws Exception { String id = new RandomValueStringGenerator().generate(); List grantTypes = Arrays.asList("client_credentials", "password"); - BaseClientDetails clientWithAuthorities = createBaseClient(id, SECRET, grantTypes, new UaaScopes().getUaaScopes(), null); - BaseClientDetails clientWithScopes = createBaseClient(id, SECRET, grantTypes, null, new UaaScopes().getUaaScopes()); + UaaClientDetails clientWithAuthorities = createBaseClient(id, SECRET, grantTypes, new UaaScopes().getUaaScopes(), null); + UaaClientDetails clientWithScopes = createBaseClient(id, SECRET, grantTypes, null, new UaaScopes().getUaaScopes()); MockHttpServletRequestBuilder createClientPost = post("/oauth/clients/restricted") .header("Authorization", "Bearer " + adminToken) @@ -422,7 +422,7 @@ void testCreate_RestrictedClient_Fails() throws Exception { void testCreate_RestrictedClient_Succeeds() throws Exception { String id = new RandomValueStringGenerator().generate(); List scopes = Collections.singletonList("openid"); - BaseClientDetails client = createBaseClient(id, SECRET, Arrays.asList("client_credentials", "password"), scopes, scopes); + UaaClientDetails client = createBaseClient(id, SECRET, Arrays.asList("client_credentials", "password"), scopes, scopes); MockHttpServletRequestBuilder createClientPost = post("/oauth/clients/restricted") .header("Authorization", "Bearer " + adminToken) @@ -450,7 +450,7 @@ void testCreate_RestrictedClient_Succeeds() throws Exception { @Test void testCreateClientsTxFailure_Secret_Too_Long() throws Exception { int count = 5; - BaseClientDetails[] details = createBaseClients(count, SECRET_TOO_LONG, null); + UaaClientDetails[] details = createBaseClients(count, SECRET_TOO_LONG, null); MockHttpServletRequestBuilder createClientPost = post("/oauth/clients/tx") .header("Authorization", "Bearer " + adminToken) .accept(APPLICATION_JSON) @@ -464,7 +464,7 @@ void testCreateClientsTxFailure_Secret_Too_Long() throws Exception { @Test void testCreateClientsTxSuccess() throws Exception { int count = 5; - BaseClientDetails[] details = createBaseClients(count, SECRET, null); + UaaClientDetails[] details = createBaseClients(count, SECRET, null); MockHttpServletRequestBuilder createClientPost = post("/oauth/clients/tx") .header("Authorization", "Bearer " + adminToken) .accept(APPLICATION_JSON) @@ -486,7 +486,7 @@ void testCreateClientsTxSuccess() throws Exception { @Test void testCreateClientsTxDuplicateId() throws Exception { - BaseClientDetails[] details = createBaseClients(5, SECRET, null); + UaaClientDetails[] details = createBaseClients(5, SECRET, null); details[details.length - 1] = details[0]; MockHttpServletRequestBuilder createClientPost = post("/oauth/clients/tx") .header("Authorization", "Bearer " + adminToken) @@ -508,7 +508,7 @@ void test_InZone_ClientWrite_Failure_with_Min_Length_Secret() throws Exception { MockMvcUtils.setZoneConfiguration(webApplicationContext, result.getIdentityZone().getId(), result.getIdentityZone().getConfig()); String clientId = generator.generate(); - BaseClientDetails client = new BaseClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", "http://sample.redirect"); + UaaClientDetails client = new UaaClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", "http://sample.redirect"); client.setClientSecret("secret"); MockMvcUtils.createClient(mockMvc, result.getZoneAdminToken(), client, result.getIdentityZone(), status().isBadRequest()); @@ -522,7 +522,7 @@ void test_InZone_ClientWrite_Failure_with_Secret_Too_Long() throws Exception { MockMvcUtils.setZoneConfiguration(webApplicationContext, result.getIdentityZone().getId(), result.getIdentityZone().getConfig()); String clientId = generator.generate(); - BaseClientDetails client = new BaseClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", "http://sample.redirect"); + UaaClientDetails client = new UaaClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", "http://sample.redirect"); client.setClientSecret("secret"); MockMvcUtils.createClient(mockMvc, result.getZoneAdminToken(), client, result.getIdentityZone(), status().isBadRequest()); @@ -536,7 +536,7 @@ void test_InZone_ClientWrite_Failure_with_Secret_Requires_Uppercase_Character() MockMvcUtils.setZoneConfiguration(webApplicationContext, result.getIdentityZone().getId(), result.getIdentityZone().getConfig()); String clientId = generator.generate(); - BaseClientDetails client = new BaseClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", "http://sample.redirect"); + UaaClientDetails client = new UaaClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", "http://sample.redirect"); client.setClientSecret("secret"); MockMvcUtils.createClient(mockMvc, result.getZoneAdminToken(), client, result.getIdentityZone(), status().isBadRequest()); @@ -550,7 +550,7 @@ void test_InZone_ClientWrite_Failure_with_Secret_Requires_Lowercase_Character() MockMvcUtils.setZoneConfiguration(webApplicationContext, result.getIdentityZone().getId(), result.getIdentityZone().getConfig()); String clientId = generator.generate(); - BaseClientDetails client = new BaseClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", "http://sample.redirect"); + UaaClientDetails client = new UaaClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", "http://sample.redirect"); client.setClientSecret("SECRET"); MockMvcUtils.createClient(mockMvc, result.getZoneAdminToken(), client, result.getIdentityZone(), status().isBadRequest()); @@ -564,7 +564,7 @@ void test_InZone_ClientWrite_Success_with_Complex_Secret_Policy() throws Excepti MockMvcUtils.setZoneConfiguration(webApplicationContext, result.getIdentityZone().getId(), result.getIdentityZone().getConfig()); String clientId = generator.generate(); - BaseClientDetails client = new BaseClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", "http://sample.redirect"); + UaaClientDetails client = new UaaClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", "http://sample.redirect"); client.setClientSecret("Secret1@"); MockMvcUtils.createClient(mockMvc, result.getZoneAdminToken(), client, result.getIdentityZone(), status().isCreated()); @@ -578,7 +578,7 @@ void test_InZone_ClientWrite_Failure_with_Secret_Requires_Special_Character() th MockMvcUtils.setZoneConfiguration(webApplicationContext, result.getIdentityZone().getId(), result.getIdentityZone().getConfig()); String clientId = generator.generate(); - BaseClientDetails client = new BaseClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", "http://sample.redirect"); + UaaClientDetails client = new UaaClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", "http://sample.redirect"); client.setClientSecret("secret"); MockMvcUtils.createClient(mockMvc, result.getZoneAdminToken(), client, result.getIdentityZone(), status().isBadRequest()); @@ -592,7 +592,7 @@ void test_InZone_ClientWrite_Failure_with_Secret_Requires_Digit() throws Excepti MockMvcUtils.setZoneConfiguration(webApplicationContext, result.getIdentityZone().getId(), result.getIdentityZone().getConfig()); String clientId = generator.generate(); - BaseClientDetails client = new BaseClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", "http://sample.redirect"); + UaaClientDetails client = new UaaClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", "http://sample.redirect"); client.setClientSecret("secret"); MockMvcUtils.createClient(mockMvc, result.getZoneAdminToken(), client, result.getIdentityZone(), status().isBadRequest()); @@ -603,7 +603,7 @@ void test_InZone_ClientWrite_Using_ZonesDotAdmin() throws Exception { String subdomain = generator.generate(); MockMvcUtils.IdentityZoneCreationResult result = MockMvcUtils.createOtherIdentityZoneAndReturnResult(subdomain, mockMvc, webApplicationContext, null, IdentityZoneHolder.getCurrentZoneId()); String clientId = generator.generate(); - BaseClientDetails client = new BaseClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", "http://some.redirect.url.com"); + UaaClientDetails client = new UaaClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", "http://some.redirect.url.com"); client.setClientSecret("secret"); MockMvcUtils.createClient(mockMvc, result.getZoneAdminToken(), client, result.getIdentityZone(), status().isCreated()); @@ -615,14 +615,14 @@ void test_InZone_ClientWrite_Using_ZonesDotClientsDotAdmin() throws Exception { MockMvcUtils.IdentityZoneCreationResult result = MockMvcUtils.createOtherIdentityZoneAndReturnResult(subdomain, mockMvc, webApplicationContext, null, IdentityZoneHolder.getCurrentZoneId()); String id = result.getIdentityZone().getId(); String clientId = generator.generate(); - BaseClientDetails client = new BaseClientDetails(clientId, "", "", "client_credentials", "zones." + id + ".clients.admin", "http://some.redirect.url.com"); + UaaClientDetails client = new UaaClientDetails(clientId, "", "", "client_credentials", "zones." + id + ".clients.admin", "http://some.redirect.url.com"); client.setClientSecret("secret"); client = MockMvcUtils.createClient(mockMvc, adminToken, client); client.setClientSecret("secret"); String zonesClientsAdminToken = MockMvcUtils.getClientOAuthAccessToken(mockMvc, client.getClientId(), client.getClientSecret(), "zones." + id + ".clients.admin"); - BaseClientDetails newclient = new BaseClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", "http://some.redirect.url.com"); + UaaClientDetails newclient = new UaaClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", "http://some.redirect.url.com"); newclient.setClientSecret("secret"); newclient = MockMvcUtils.createClient(mockMvc, zonesClientsAdminToken, newclient, result.getIdentityZone(), status().isCreated()); @@ -639,9 +639,9 @@ void manageClientInOtherZone_Using_AdminUserTokenFromDefaultZone() throws Except setupAdminUserToken(); - BaseClientDetails client = new BaseClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", "http://some.redirect.url.com"); + UaaClientDetails client = new UaaClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", "http://some.redirect.url.com"); client.setClientSecret("secret"); - BaseClientDetails createdClient = MockMvcUtils.createClient(mockMvc, adminUserToken, client, + UaaClientDetails createdClient = MockMvcUtils.createClient(mockMvc, adminUserToken, client, result.getIdentityZone(), status().isCreated()); assertEquals(client.getClientId(), createdClient.getClientId()); @@ -653,7 +653,7 @@ void manageClientInOtherZone_Using_AdminUserTokenFromDefaultZone() throws Except MvcResult mvcResult = mockMvc.perform(getClient) .andExpect(status().isOk()) .andReturn(); - BaseClientDetails clientDetails = JsonUtils.readValue(mvcResult.getResponse().getContentAsString(), BaseClientDetails.class); + UaaClientDetails clientDetails = JsonUtils.readValue(mvcResult.getResponse().getContentAsString(), UaaClientDetails.class); assertEquals(client.getClientId(), clientDetails.getClientId()); clientDetails.setAuthorizedGrantTypes(Collections.singleton(GRANT_TYPE_AUTHORIZATION_CODE)); @@ -664,7 +664,7 @@ void manageClientInOtherZone_Using_AdminUserTokenFromDefaultZone() throws Except .contentType(APPLICATION_JSON) .content(JsonUtils.writeValueAsString(clientDetails)); mvcResult = mockMvc.perform(updateClient).andExpect(status().isOk()).andReturn(); - BaseClientDetails updatedClientDetails = JsonUtils.readValue(mvcResult.getResponse().getContentAsString(), BaseClientDetails.class); + UaaClientDetails updatedClientDetails = JsonUtils.readValue(mvcResult.getResponse().getContentAsString(), UaaClientDetails.class); assertEquals(client.getClientId(), updatedClientDetails.getClientId()); assertThat(updatedClientDetails.getAuthorizedGrantTypes(), PredicateMatcher.has(m -> m.equals(GRANT_TYPE_AUTHORIZATION_CODE))); @@ -673,7 +673,7 @@ void manageClientInOtherZone_Using_AdminUserTokenFromDefaultZone() throws Except .header("X-Identity-Zone-Id", zoneId) .accept(APPLICATION_JSON); MvcResult deleteResult = mockMvc.perform(deleteClient).andExpect(status().isOk()).andReturn(); - BaseClientDetails deletedClientDetails = JsonUtils.readValue(deleteResult.getResponse().getContentAsString(), BaseClientDetails.class); + UaaClientDetails deletedClientDetails = JsonUtils.readValue(deleteResult.getResponse().getContentAsString(), UaaClientDetails.class); assertEquals(client.getClientId(), deletedClientDetails.getClientId()); } @@ -683,14 +683,14 @@ void test_InZone_ClientRead_Using_ZonesDotClientsDotAdmin() throws Exception { MockMvcUtils.IdentityZoneCreationResult result = MockMvcUtils.createOtherIdentityZoneAndReturnResult(subdomain, mockMvc, webApplicationContext, null, IdentityZoneHolder.getCurrentZoneId()); String id = result.getIdentityZone().getId(); String clientId = generator.generate(); - BaseClientDetails client = new BaseClientDetails(clientId, "", "", "client_credentials", "zones." + id + ".clients.admin", "http://some.redirect.url.com"); + UaaClientDetails client = new UaaClientDetails(clientId, "", "", "client_credentials", "zones." + id + ".clients.admin", "http://some.redirect.url.com"); client.setClientSecret("secret"); client = MockMvcUtils.createClient(mockMvc, adminToken, client); client.setClientSecret("secret"); String zonesClientsAdminToken = MockMvcUtils.getClientOAuthAccessToken(mockMvc, client.getClientId(), client.getClientSecret(), "zones." + id + ".clients.admin"); - BaseClientDetails newclient = new BaseClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", "http://some.redirect.url.com"); + UaaClientDetails newclient = new UaaClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", "http://some.redirect.url.com"); newclient.setClientSecret("secret"); MockMvcUtils.createClient(mockMvc, zonesClientsAdminToken, newclient, result.getIdentityZone(), status().isCreated()); @@ -702,14 +702,14 @@ void test_InZone_ClientRead_Using_ZonesDotClientsDotRead() throws Exception { MockMvcUtils.IdentityZoneCreationResult result = MockMvcUtils.createOtherIdentityZoneAndReturnResult(subdomain, mockMvc, webApplicationContext, null, IdentityZoneHolder.getCurrentZoneId()); String id = result.getIdentityZone().getId(); String clientId = generator.generate(); - BaseClientDetails client = new BaseClientDetails(clientId, "", "", "client_credentials", "zones." + id + ".clients.read", "http://some.redirect.url.com"); + UaaClientDetails client = new UaaClientDetails(clientId, "", "", "client_credentials", "zones." + id + ".clients.read", "http://some.redirect.url.com"); client.setClientSecret("secret"); client = MockMvcUtils.createClient(mockMvc, adminToken, client); client.setClientSecret("secret"); String zonesClientsReadToken = MockMvcUtils.getClientOAuthAccessToken(mockMvc, client.getClientId(), client.getClientSecret(), "zones." + id + ".clients.read"); - BaseClientDetails newclient = new BaseClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", "http://some.redirect.url.com"); + UaaClientDetails newclient = new UaaClientDetails(clientId, "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, "", "http://some.redirect.url.com"); newclient.setClientSecret("secret"); MockMvcUtils.createClient(mockMvc, result.getZoneAdminToken(), newclient, result.getIdentityZone(), status().isCreated()); @@ -719,7 +719,7 @@ void test_InZone_ClientRead_Using_ZonesDotClientsDotRead() throws Exception { @Test void testCreateClientsTxClientCredentialsWithoutSecret() throws Exception { - BaseClientDetails[] details = createBaseClients(5, null, null); + UaaClientDetails[] details = createBaseClients(5, null, null); details[details.length - 1].setAuthorizedGrantTypes(StringUtils.commaDelimitedListToSet("client_credentials")); details[details.length - 1].setClientSecret(null); MockHttpServletRequestBuilder createClientPost = post("/oauth/clients/tx") @@ -737,9 +737,9 @@ void testCreateClientsTxClientCredentialsWithoutSecret() throws Exception { @Test void testUpdateClientsTxSuccess() throws Exception { int count = 5; - BaseClientDetails[] details = new BaseClientDetails[count]; + UaaClientDetails[] details = new UaaClientDetails[count]; for (int i = 0; i < details.length; i++) { - details[i] = (BaseClientDetails) createClient(adminToken, null, SECRET, null); + details[i] = (UaaClientDetails) createClient(adminToken, null, SECRET, null); details[i].setRefreshTokenValiditySeconds(120); } MockHttpServletRequestBuilder updateClientPut = put("/oauth/clients/tx") @@ -770,9 +770,9 @@ void testUpdateClientsTxSuccess() throws Exception { @Test void testUpdateClientsTxInvalidId() throws Exception { int count = 5; - BaseClientDetails[] details = new BaseClientDetails[count]; + UaaClientDetails[] details = new UaaClientDetails[count]; for (int i = 0; i < details.length; i++) { - details[i] = (BaseClientDetails) createClient(adminToken, null, SECRET, null); + details[i] = (UaaClientDetails) createClient(adminToken, null, SECRET, null); details[i].setRefreshTokenValiditySeconds(120); } String firstId = details[0].getClientId(); @@ -799,9 +799,9 @@ void testUpdateClientsTxInvalidId() throws Exception { @Test void testDeleteClientsTxSuccess() throws Exception { int count = 5; - BaseClientDetails[] details = new BaseClientDetails[count]; + UaaClientDetails[] details = new UaaClientDetails[count]; for (int i = 0; i < details.length; i++) { - details[i] = (BaseClientDetails) createClient(adminToken, null, SECRET, null); + details[i] = (UaaClientDetails) createClient(adminToken, null, SECRET, null); } MockHttpServletRequestBuilder deleteClientsPost = post("/oauth/clients/tx/delete") .header("Authorization", "Bearer " + adminToken) @@ -829,9 +829,9 @@ void testDeleteClientsTxSuccess() throws Exception { @Test void testDeleteClientsTxRollbackInvalidId() throws Exception { int count = 5; - BaseClientDetails[] details = new BaseClientDetails[count]; + UaaClientDetails[] details = new UaaClientDetails[count]; for (int i = 0; i < details.length; i++) { - details[i] = (BaseClientDetails) createClient(adminToken, null, SECRET, null); + details[i] = (UaaClientDetails) createClient(adminToken, null, SECRET, null); } String firstId = details[0].getClientId(); details[0].setClientId("unknown.client.id"); @@ -1438,7 +1438,7 @@ void testSecretChange_UsingClientAdminToken() throws Exception { void testUnsuccessfulSecretChangeEvent() throws Exception { List scopes = Arrays.asList("oauth.approvals", "clients.secret"); - BaseClientDetails client = createBaseClient(null, SECRET, Arrays.asList("password", "client_credentials"), scopes, scopes); + UaaClientDetails client = createBaseClient(null, SECRET, Arrays.asList("password", "client_credentials"), scopes, scopes); MockHttpServletRequestBuilder createClientPost = post("/oauth/clients") .header("Authorization", "Bearer " + adminToken) .accept(APPLICATION_JSON) @@ -1762,7 +1762,7 @@ void testGetClientDetailsSortedByLastModified() throws Exception { MvcResult result = mockMvc.perform(get).andExpect(status().isOk()).andReturn(); String body = result.getResponse().getContentAsString(); - Collection clientDetails = JsonUtils.readValue(body, new TypeReference>() { + Collection clientDetails = JsonUtils.readValue(body, new TypeReference>() { }).getResources(); assertNotNull(clientDetails); @@ -1811,7 +1811,7 @@ void testGetClientsLargerThanMax_whenCountParamIsProvided() throws Exception { String body = result.getResponse().getContentAsString(); - SearchResults clientDetailsSearchResults = JsonUtils.readValue(body, new TypeReference>() { + SearchResults clientDetailsSearchResults = JsonUtils.readValue(body, new TypeReference>() { }); assertThat(clientDetailsSearchResults.getItemsPerPage(), is(clientMaxCount)); @@ -1849,7 +1849,7 @@ void testGetClientsLargerThanMax_whenNoCountParamIsProvided() throws Exception { String body = result.getResponse().getContentAsString(); - SearchResults clientDetailsSearchResults = JsonUtils.readValue(body, new TypeReference>() { + SearchResults clientDetailsSearchResults = JsonUtils.readValue(body, new TypeReference>() { }); assertThat(clientDetailsSearchResults.getItemsPerPage(), is(clientMaxCount)); @@ -1871,7 +1871,7 @@ void testPutClientModifyAuthorities() throws Exception { ClientDetails client = createClient(adminToken, "testClientForModifyAuthorities", SECRET, Collections.singleton("client_credentials")); - BaseClientDetails modified = new BaseClientDetails(client); + UaaClientDetails modified = new UaaClientDetails(client); modified.setAuthorities(Collections.singleton((GrantedAuthority) () -> "newAuthority")); MockHttpServletRequestBuilder put = put("/oauth/clients/" + client.getClientId()) @@ -1892,7 +1892,7 @@ void testPutClientModifyAccessTokenValidity() throws Exception { ClientDetails client = createClient(adminToken, "testClientForModifyAccessTokenValidity", SECRET, Collections.singleton("client_credentials")); - BaseClientDetails modified = new BaseClientDetails(client); + UaaClientDetails modified = new UaaClientDetails(client); modified.setAccessTokenValiditySeconds(73); MockHttpServletRequestBuilder put = put("/oauth/clients/" + client.getClientId()) @@ -1911,7 +1911,7 @@ void testPutClientModifyName() throws Exception { ClientDetails client = createClient(adminToken, "testClientForModifyName", SECRET, Collections.singleton("client_credentials")); - Map requestBody = JsonUtils.readValue(JsonUtils.writeValueAsString(new BaseClientDetails(client)), new TypeReference>() { + Map requestBody = JsonUtils.readValue(JsonUtils.writeValueAsString(new UaaClientDetails(client)), new TypeReference>() { }); requestBody.put("name", "New Client Name"); @@ -2047,7 +2047,7 @@ void testInvalidClientJwtKeyUri() throws Exception { assertEquals(client.getClientId(), event.getAuditEvent().getPrincipalId()); } - private BaseClientDetails createClient(List authorities) throws Exception { + private UaaClientDetails createClient(List authorities) throws Exception { String clientId = generator.generate().toLowerCase(); List scopes = Arrays.asList("foo", "bar", "oauth.approvals"); ClientDetailsModification client = createBaseClient(clientId, SECRET, Collections.singleton("client_credentials"), authorities, scopes); @@ -2057,7 +2057,7 @@ private BaseClientDetails createClient(List authorities) throws Exceptio .contentType(APPLICATION_JSON) .content(JsonUtils.writeValueAsString(client)); ResultActions createResult = mockMvc.perform(createClientPost).andExpect(status().isCreated()); - return JsonUtils.readValue(createResult.andReturn().getResponse().getContentAsString(), BaseClientDetails.class); + return JsonUtils.readValue(createResult.andReturn().getResponse().getContentAsString(), UaaClientDetails.class); } private ClientMetadata obtainClientMetadata(String clientId) throws Exception { @@ -2171,7 +2171,7 @@ private ClientDetailsModification createBaseClient(String id, String clientSecre } protected ClientDetails createClient(String token, String id, String clientSecret, Collection grantTypes) throws Exception { - BaseClientDetails client = createBaseClient(id, clientSecret, grantTypes); + UaaClientDetails client = createBaseClient(id, clientSecret, grantTypes); MockHttpServletRequestBuilder createClientPost = post("/oauth/clients") .header("Authorization", "Bearer " + token) .accept(APPLICATION_JSON) @@ -2183,7 +2183,7 @@ protected ClientDetails createClient(String token, String id, String clientSecre private ClientDetails createClientAdminsClient(String token) throws Exception { List scopes = Arrays.asList("oauth.approvals", "clients.admin"); - BaseClientDetails client = createBaseClient(null, SECRET, Arrays.asList("password", "client_credentials"), scopes, scopes); + UaaClientDetails client = createBaseClient(null, SECRET, Arrays.asList("password", "client_credentials"), scopes, scopes); MockHttpServletRequestBuilder createClientPost = post("/oauth/clients") .header("Authorization", "Bearer " + token) .accept(APPLICATION_JSON) @@ -2195,7 +2195,7 @@ private ClientDetails createClientAdminsClient(String token) throws Exception { private ClientDetails createReadWriteClient(String token) throws Exception { List scopes = Arrays.asList("oauth.approvals", "clients.read", "clients.write"); - BaseClientDetails client = createBaseClient(null, SECRET, Arrays.asList("password", "client_credentials"), scopes, scopes); + UaaClientDetails client = createBaseClient(null, SECRET, Arrays.asList("password", "client_credentials"), scopes, scopes); MockHttpServletRequestBuilder createClientPost = post("/oauth/clients") .header("Authorization", "Bearer " + token) .accept(APPLICATION_JSON) @@ -2207,7 +2207,7 @@ private ClientDetails createReadWriteClient(String token) throws Exception { private ClientDetails createAdminClient(String token) throws Exception { List scopes = Arrays.asList("uaa.admin", "oauth.approvals", "clients.read", "clients.write"); - BaseClientDetails client = createBaseClient(null, SECRET, Arrays.asList("password", "client_credentials"), scopes, scopes); + UaaClientDetails client = createBaseClient(null, SECRET, Arrays.asList("password", "client_credentials"), scopes, scopes); MockHttpServletRequestBuilder createClientPost = post("/oauth/clients") .header("Authorization", "Bearer " + token) @@ -2250,7 +2250,7 @@ private ClientDetails getClient(String id) throws Exception { private ClientDetails createApprovalsLoginClient(String token) throws Exception { List scopes = Arrays.asList("uaa.admin", "oauth.approvals", "oauth.login"); - BaseClientDetails client = createBaseClient(null, SECRET, Arrays.asList("password", "client_credentials"), scopes, scopes); + UaaClientDetails client = createBaseClient(null, SECRET, Arrays.asList("password", "client_credentials"), scopes, scopes); MockHttpServletRequestBuilder createClientPost = post("/oauth/clients") .header("Authorization", "Bearer " + token) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/ldap/AbstractLdapMockMvcTest.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/ldap/AbstractLdapMockMvcTest.java index 72b248cfe23..f2c23c642c3 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/ldap/AbstractLdapMockMvcTest.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/ldap/AbstractLdapMockMvcTest.java @@ -23,7 +23,6 @@ import org.cloudfoundry.identity.uaa.scim.exception.ScimResourceAlreadyExistsException; import org.cloudfoundry.identity.uaa.scim.jdbc.JdbcScimGroupExternalMembershipManager; import org.cloudfoundry.identity.uaa.scim.jdbc.JdbcScimUserProvisioning; -import org.cloudfoundry.identity.uaa.util.AlphanumericRandomValueStringGenerator; import org.cloudfoundry.identity.uaa.test.InMemoryLdapServer; import org.cloudfoundry.identity.uaa.user.UaaUser; import org.cloudfoundry.identity.uaa.user.UaaUserDatabase; @@ -52,7 +51,7 @@ import org.springframework.security.core.context.SecurityContext; import org.springframework.security.oauth2.common.util.OAuth2Utils; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.springframework.security.web.context.HttpSessionSecurityContextRepository; import org.springframework.test.annotation.DirtiesContext; import org.springframework.test.web.servlet.MockMvc; @@ -667,7 +666,7 @@ void passcodeGrantIdTokenContainsExternalGroupsAsRolesClaim() throws Exception { // so we put both of these scopes on the client. String clientId = "roles_test_client"; createClient(getWebApplicationContext(), - new BaseClientDetails(clientId, null, "roles,openid", "password,refresh_token", null), + new UaaClientDetails(clientId, null, "roles,openid", "password,refresh_token", null), zone.getZone().getIdentityZone() ); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/limited/LimitedModeTokenMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/limited/LimitedModeTokenMockMvcTests.java index 6a656c4cf0b..61a05dde8be 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/limited/LimitedModeTokenMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/limited/LimitedModeTokenMockMvcTests.java @@ -15,6 +15,7 @@ package org.cloudfoundry.identity.uaa.mock.limited; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.mock.token.TokenMvcMockTests; import org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils; import org.cloudfoundry.identity.uaa.web.LimitedModeUaaFilter; @@ -24,7 +25,6 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.security.crypto.codec.Base64; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import java.io.File; @@ -60,7 +60,7 @@ void tearDown() { @Test void check_token_while_limited() throws Exception { - BaseClientDetails client = setUpClients(generator.generate().toLowerCase(), + UaaClientDetails client = setUpClients(generator.generate().toLowerCase(), "uaa.resource,clients.read", "", "client_credentials", diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/oauth/AuthorizationPromptNoneEntryPointMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/oauth/AuthorizationPromptNoneEntryPointMockMvcTests.java index 01a43f9f62c..0b64feae6aa 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/oauth/AuthorizationPromptNoneEntryPointMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/oauth/AuthorizationPromptNoneEntryPointMockMvcTests.java @@ -1,6 +1,7 @@ package org.cloudfoundry.identity.uaa.mock.oauth; import org.cloudfoundry.identity.uaa.DefaultTestContext; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils; import org.cloudfoundry.identity.uaa.oauth.OpenIdSessionStateCalculator; import org.cloudfoundry.identity.uaa.oauth.UaaAuthorizationEndpoint; @@ -11,7 +12,6 @@ import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.mock.web.MockHttpSession; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.test.util.ReflectionTestUtils; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MvcResult; @@ -50,7 +50,7 @@ class AuthorizationPromptNoneEntryPointMockMvcTests { void setup() throws Exception { TestClient testClient = new TestClient(mockMvc); - BaseClientDetails client = new BaseClientDetails("ant", "", "openid", "implicit", "", "http://example.com/**"); + UaaClientDetails client = new UaaClientDetails("ant", "", "openid", "implicit", "", "http://example.com/**"); client.setAutoApproveScopes(Collections.singletonList("openid")); adminToken = testClient.getClientCredentialsOAuthAccessToken("admin", "adminsecret", "clients.write uaa.admin"); MockMvcUtils.createClient(mockMvc, adminToken, client); @@ -97,7 +97,7 @@ void testSilentAuthHonorsAntRedirect_whenSessionHasBeenInvalidated() throws Exce @Test void testSilentAuthentication_whenScopesNotAutoApproved() throws Exception { MockMvcUtils.deleteClient(mockMvc, adminToken, "ant", ""); - BaseClientDetails client = new BaseClientDetails("ant", "", "openid", "implicit", "", "http://example.com/**"); + UaaClientDetails client = new UaaClientDetails("ant", "", "openid", "implicit", "", "http://example.com/**"); MockMvcUtils.createClient(mockMvc, adminToken, client); MockHttpSession session = new MockHttpSession(); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/password/PasswordChangeEndpointMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/password/PasswordChangeEndpointMockMvcTests.java index 48824f8a7e6..4fc375b7f3c 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/password/PasswordChangeEndpointMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/password/PasswordChangeEndpointMockMvcTests.java @@ -2,6 +2,7 @@ import org.cloudfoundry.identity.uaa.DefaultTestContext; import org.cloudfoundry.identity.uaa.account.PasswordChangeRequest; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils; import org.cloudfoundry.identity.uaa.scim.ScimUser; import org.cloudfoundry.identity.uaa.test.TestClient; @@ -11,7 +12,6 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.mock.web.MockHttpSession; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.security.web.context.HttpSessionSecurityContextRepository; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder; @@ -52,7 +52,7 @@ void setUp(@Autowired TestClient testClient, @Autowired MockMvc mockMvc) throws String clientId = generator.generate().toLowerCase(); String clientSecret = generator.generate().toLowerCase(); - BaseClientDetails clientDetails = new BaseClientDetails(clientId, null, null, "client_credentials", "password.write"); + UaaClientDetails clientDetails = new UaaClientDetails(clientId, null, null, "client_credentials", "password.write"); clientDetails.setClientSecret(clientSecret); MockMvcUtils.createClient(mockMvc, adminToken, clientDetails); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointDocs.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointDocs.java index 050f6b48788..cfcb290c7eb 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointDocs.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointDocs.java @@ -67,6 +67,7 @@ import org.apache.commons.collections4.map.HashedMap; import org.apache.commons.lang3.ArrayUtils; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.integration.util.IntegrationTestUtils; import org.cloudfoundry.identity.uaa.login.Prompt; @@ -105,7 +106,7 @@ import org.springframework.restdocs.payload.FieldDescriptor; import org.springframework.restdocs.snippet.Attributes; import org.springframework.restdocs.snippet.Snippet; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.springframework.test.web.servlet.ResultActions; class IdentityProviderEndpointDocs extends EndpointDocs { @@ -855,7 +856,7 @@ void createLDAPProvider(IdentityProvider identit Map attributeMappings = new HashedMap(identityProvider.getConfig().getAttributeMappings()); attributeMappings.put(EMAIL_VERIFIED_ATTRIBUTE_NAME, "emailVerified"); identityProvider.getConfig().setAttributeMappings(attributeMappings); - BaseClientDetails admin = new BaseClientDetails( + UaaClientDetails admin = new UaaClientDetails( "admin", null, "", diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsMockMvcTests.java index aa805f00d4c..c9712ffd6d0 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/providers/IdentityProviderEndpointsMockMvcTests.java @@ -16,6 +16,7 @@ import org.apache.commons.lang3.RandomStringUtils; import org.cloudfoundry.identity.uaa.DefaultTestContext; import org.cloudfoundry.identity.uaa.audit.AuditEventType; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.impl.config.IdentityProviderBootstrap; import org.cloudfoundry.identity.uaa.login.Prompt; @@ -42,7 +43,6 @@ import org.springframework.dao.EmptyResultDataAccessException; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MvcResult; import org.springframework.test.web.servlet.ResultMatcher; @@ -222,7 +222,7 @@ void test_delete_with_invalid_id_returns_404() throws Exception { @Test void test_delete_response_not_containing_relying_party_secret() throws Exception { - BaseClientDetails client = getBaseClientDetails(); + UaaClientDetails client = getUaaBaseClientDetails(); ScimUser user = MockMvcUtils.createAdminForZone(mockMvc, adminToken, "idps.read,idps.write", IdentityZone.getUaaZoneId()); String accessToken = MockMvcUtils.getUserOAuthAccessToken(mockMvc, client.getClientId(), client.getClientSecret(), user.getUserName(), "secr3T", "idps.read,idps.write"); @@ -257,7 +257,7 @@ void test_delete_response_not_containing_relying_party_secret() throws Exception @Test void test_delete_response_not_containing_bind_password() throws Exception { - BaseClientDetails client = getBaseClientDetails(); + UaaClientDetails client = getUaaBaseClientDetails(); MockMvcUtils.IdentityZoneCreationResult zone = MockMvcUtils.createOtherIdentityZoneAndReturnResult( "my-sub-domain", mockMvc, webApplicationContext, @@ -522,7 +522,7 @@ void testReadIdentityProviderInOtherZone_Using_Zones_Token() throws Exception { @Test void testListIdpsInZone() throws Exception { - BaseClientDetails client = getBaseClientDetails(); + UaaClientDetails client = getUaaBaseClientDetails(); ScimUser user = MockMvcUtils.createAdminForZone(mockMvc, adminToken, "idps.read,idps.write", IdentityZone.getUaaZoneId()); String accessToken = MockMvcUtils.getUserOAuthAccessToken(mockMvc, client.getClientId(), client.getClientSecret(), user.getUserName(), "secr3T", "idps.read,idps.write"); @@ -566,7 +566,7 @@ void testListIdpsInOtherZoneFromDefaultZone() throws Exception { @Test void testRetrieveIdpInZone() throws Exception { - BaseClientDetails client = getBaseClientDetails(); + UaaClientDetails client = getUaaBaseClientDetails(); ScimUser user = MockMvcUtils.createAdminForZone(mockMvc, adminToken, "idps.read,idps.write", IdentityZone.getUaaZoneId()); String accessToken = MockMvcUtils.getUserOAuthAccessToken(mockMvc, client.getClientId(), client.getClientSecret(), user.getUserName(), "secr3T", "idps.read,idps.write"); @@ -586,7 +586,7 @@ void testRetrieveIdpInZone() throws Exception { @Test void testRetrieveIdpInZoneWithInsufficientScopes() throws Exception { - BaseClientDetails client = getBaseClientDetails(); + UaaClientDetails client = getUaaBaseClientDetails(); ScimUser user = MockMvcUtils.createAdminForZone(mockMvc, adminToken, "idps.write", IdentityZone.getUaaZoneId()); String accessToken = MockMvcUtils.getUserOAuthAccessToken(mockMvc, client.getClientId(), client.getClientSecret(), user.getUserName(), "secr3T", "idps.write"); @@ -708,9 +708,9 @@ private IdentityProvider getOAu return identityProvider; } - private BaseClientDetails getBaseClientDetails() throws Exception { + private UaaClientDetails getUaaBaseClientDetails() throws Exception { String clientId = RandomStringUtils.randomAlphabetic(6); - BaseClientDetails client = new BaseClientDetails(clientId, null, "idps.read,idps.write", "password", null); + UaaClientDetails client = new UaaClientDetails(clientId, null, "idps.read,idps.write", "password", null); client.setClientSecret("test-client-secret"); MockMvcUtils.createClient(mockMvc, adminToken, client); return client; @@ -736,7 +736,7 @@ private MvcResult updateIdentityProvider(String zoneId, IdentityProvider identit private void testRetrieveIdps(boolean retrieveActive) throws Exception { String clientId = RandomStringUtils.randomAlphabetic(6); - BaseClientDetails client = new BaseClientDetails(clientId, null, "idps.write,idps.read", "password", null); + UaaClientDetails client = new UaaClientDetails(clientId, null, "idps.write,idps.read", "password", null); client.setClientSecret("test-client-secret"); MockMvcUtils.createClient(mockMvc, adminToken, client); @@ -832,7 +832,7 @@ private void addScopeToIdentityClient(String scope) { private String setUpAccessToken() throws Exception { String clientId = RandomStringUtils.randomAlphabetic(6); - BaseClientDetails client = new BaseClientDetails(clientId, null, "idps.read,idps.write", "password", null); + UaaClientDetails client = new UaaClientDetails(clientId, null, "idps.read,idps.write", "password", null); client.setClientSecret("test-client-secret"); MockMvcUtils.createClient(mockMvc, adminToken, client); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/saml/SamlAuthenticationMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/saml/SamlAuthenticationMockMvcTests.java index ee2ba4f1668..42cf15fb981 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/saml/SamlAuthenticationMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/saml/SamlAuthenticationMockMvcTests.java @@ -9,6 +9,7 @@ import org.cloudfoundry.identity.uaa.DefaultTestContext; import org.cloudfoundry.identity.uaa.audit.LoggingAuditService; import org.cloudfoundry.identity.uaa.authentication.SamlResponseLoggerBinding; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.mock.util.InterceptingLogger; import org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils; @@ -28,7 +29,6 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.ResultActions; import org.springframework.web.context.WebApplicationContext; @@ -77,7 +77,7 @@ void createSamlRelationship( ) throws Exception { this.jdbcIdentityProviderProvisioning = jdbcIdentityProviderProvisioning; generator = new RandomValueStringGenerator(); - BaseClientDetails adminClient = new BaseClientDetails("admin", "", "", "client_credentials", "uaa.admin"); + UaaClientDetails adminClient = new UaaClientDetails("admin", "", "", "client_credentials", "uaa.admin"); adminClient.setClientSecret("adminsecret"); spZone = createZone("uaa-acting-as-saml-proxy-zone-", adminClient); idpZone = createZone("uaa-acting-as-saml-idp-zone-", adminClient); @@ -264,7 +264,7 @@ private void createIdp(Consumer additionalConfig idp = jdbcIdentityProviderProvisioning.create(idp, spZone.getId()); } - private IdentityZone createZone(String zoneIdPrefix, BaseClientDetails adminClient) throws Exception { + private IdentityZone createZone(String zoneIdPrefix, UaaClientDetails adminClient) throws Exception { return MockMvcUtils.createOtherIdentityZoneAndReturnResult( zoneIdPrefix + generator.generate(), mockMvc, diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/saml/SamlKeyRotationMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/saml/SamlKeyRotationMockMvcTests.java index b7d1b1c54f7..b3af51c35f8 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/saml/SamlKeyRotationMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/saml/SamlKeyRotationMockMvcTests.java @@ -24,7 +24,7 @@ import org.junit.jupiter.params.provider.ValueSource; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.springframework.test.web.servlet.MockMvc; import org.springframework.web.context.WebApplicationContext; import org.w3c.dom.NodeList; @@ -75,7 +75,7 @@ void createZone( samlConfig.addKey("key2", samlKey2); identityZone.getConfig().setSamlConfig(samlConfig); - BaseClientDetails zoneAdminClient = new BaseClientDetails("admin", null, + UaaClientDetails zoneAdminClient = new UaaClientDetails("admin", null, "openid", "client_credentials,authorization_code", "clients.admin,scim.read,scim.write", diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/AbstractTokenMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/AbstractTokenMockMvcTests.java index d8b42027cb9..602eecf0337 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/AbstractTokenMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/AbstractTokenMockMvcTests.java @@ -1,6 +1,7 @@ package org.cloudfoundry.identity.uaa.mock.token; import org.cloudfoundry.identity.uaa.DefaultTestContext; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.login.util.RandomValueStringGenerator; import org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils; @@ -9,6 +10,7 @@ import org.cloudfoundry.identity.uaa.oauth.token.JdbcRevocableTokenProvisioning; import org.cloudfoundry.identity.uaa.provider.IdentityProvider; import org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import org.cloudfoundry.identity.uaa.scim.ScimGroup; import org.cloudfoundry.identity.uaa.scim.ScimGroupMember; import org.cloudfoundry.identity.uaa.scim.ScimUser; @@ -24,8 +26,6 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.jdbc.core.JdbcTemplate; -import org.springframework.security.oauth2.provider.NoSuchClientException; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.test.web.servlet.MockMvc; import org.springframework.util.StringUtils; import org.springframework.web.context.WebApplicationContext; @@ -158,32 +158,32 @@ IdentityProvider setupIdentityProvider(String origin) { return identityProviderProvisioning.create(defaultIdp, defaultIdp.getIdentityZoneId()); } - protected BaseClientDetails setUpClients(String id, String authorities, String scopes, String grantTypes, Boolean autoapprove) { + protected UaaClientDetails setUpClients(String id, String authorities, String scopes, String grantTypes, Boolean autoapprove) { return setUpClients(id, authorities, scopes, grantTypes, autoapprove, null); } - protected BaseClientDetails setUpClients(String id, String authorities, String scopes, String grantTypes, Boolean autoapprove, String redirectUri) { + protected UaaClientDetails setUpClients(String id, String authorities, String scopes, String grantTypes, Boolean autoapprove, String redirectUri) { return setUpClients(id, authorities, scopes, grantTypes, autoapprove, redirectUri, null); } - protected BaseClientDetails setUpClients(String id, String authorities, String scopes, String grantTypes, Boolean autoapprove, String redirectUri, List allowedIdps) { + protected UaaClientDetails setUpClients(String id, String authorities, String scopes, String grantTypes, Boolean autoapprove, String redirectUri, List allowedIdps) { return setUpClients(id, authorities, scopes, grantTypes, autoapprove, redirectUri, allowedIdps, -1); } - protected BaseClientDetails setUpClients(String id, String authorities, String scopes, String grantTypes, Boolean autoapprove, String redirectUri, List allowedIdps, int accessTokenValidity) { + protected UaaClientDetails setUpClients(String id, String authorities, String scopes, String grantTypes, Boolean autoapprove, String redirectUri, List allowedIdps, int accessTokenValidity) { return setUpClients(id, authorities, scopes, grantTypes, autoapprove, redirectUri, allowedIdps, accessTokenValidity, null); } - protected BaseClientDetails setUpClients(String id, String authorities, String scopes, String grantTypes, Boolean autoapprove, String redirectUri, List allowedIdps, int accessTokenValidity, IdentityZone zone) { + protected UaaClientDetails setUpClients(String id, String authorities, String scopes, String grantTypes, Boolean autoapprove, String redirectUri, List allowedIdps, int accessTokenValidity, IdentityZone zone) { return setUpClients(id, authorities, scopes, grantTypes, autoapprove, redirectUri, allowedIdps, accessTokenValidity, zone, Collections.emptyMap()); } - protected BaseClientDetails setUpClients(String id, String authorities, String scopes, String grantTypes, Boolean autoapprove, String redirectUri, List allowedIdps, int accessTokenValidity, IdentityZone zone, Map additionalInfo) { + protected UaaClientDetails setUpClients(String id, String authorities, String scopes, String grantTypes, Boolean autoapprove, String redirectUri, List allowedIdps, int accessTokenValidity, IdentityZone zone, Map additionalInfo) { IdentityZone original = IdentityZoneHolder.get(); if (zone != null) { IdentityZoneHolder.set(zone); } - BaseClientDetails c = new BaseClientDetails(id, "", scopes, grantTypes, authorities); + UaaClientDetails c = new UaaClientDetails(id, "", scopes, grantTypes, authorities); if (!GRANT_TYPE_IMPLICIT.equals(grantTypes)) { c.setClientSecret(SECRET); } @@ -203,7 +203,7 @@ protected BaseClientDetails setUpClients(String id, String authorities, String s } try { clientDetailsService.addClientDetails(c); - return (BaseClientDetails) clientDetailsService.loadClientByClientId(c.getClientId()); + return (UaaClientDetails) clientDetailsService.loadClientByClientId(c.getClientId()); } finally { IdentityZoneHolder.set(original); } diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/JwtBearerGrantMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/JwtBearerGrantMockMvcTests.java index 36f534d8aaa..9942159edda 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/JwtBearerGrantMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/JwtBearerGrantMockMvcTests.java @@ -16,6 +16,7 @@ package org.cloudfoundry.identity.uaa.mock.token; import com.fasterxml.jackson.core.type.TypeReference; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.mock.util.JwtTokenUtils; import org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils; @@ -38,7 +39,6 @@ import org.springframework.http.MediaType; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.test.web.servlet.ResultActions; import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder; @@ -61,12 +61,12 @@ public class JwtBearerGrantMockMvcTests extends AbstractTokenMockMvcTests { private static RandomValueStringGenerator generator = new RandomValueStringGenerator(12); MockMvcUtils.IdentityZoneCreationResult originZone; - BaseClientDetails originClient; + UaaClientDetails originClient; ScimUser originUser; @BeforeEach public void setupJwtBearerTests() throws Exception { - originClient = new BaseClientDetails(generator.generate(), "", "openid", "password", null); + originClient = new UaaClientDetails(generator.generate(), "", "openid", "password", null); originClient.setClientSecret(SECRET); String subdomain = generator.generate().toLowerCase(); originZone = MockMvcUtils.createOtherIdentityZoneAndReturnResult(subdomain, mockMvc, webApplicationContext, originClient, IdentityZoneHolder.getCurrentZoneId()); @@ -91,7 +91,7 @@ void default_zone_jwt_grant() throws Exception { @Test void non_default_zone_jwt_grant_user_update() throws Exception { - BaseClientDetails targetZoneClient = new BaseClientDetails(generator.generate(), "", "openid", "password", null); + UaaClientDetails targetZoneClient = new UaaClientDetails(generator.generate(), "", "openid", "password", null); targetZoneClient.setClientSecret(SECRET); String subdomain = generator.generate().toLowerCase(); IdentityZone targetZone = MockMvcUtils.createOtherIdentityZoneAndReturnResult(subdomain, @@ -133,7 +133,7 @@ void non_default_zone_jwt_grant_user_update() throws Exception { @Test void non_default_zone_jwt_grant_user_update_same_zone_with_registration() throws Exception { - BaseClientDetails targetZoneClient = new BaseClientDetails(generator.generate(), "", "openid", "password", + UaaClientDetails targetZoneClient = new UaaClientDetails(generator.generate(), "", "openid", "password", null); targetZoneClient.setClientSecret(SECRET); String subdomain = generator.generate().toLowerCase(); @@ -185,7 +185,7 @@ void non_default_zone_jwt_grant() throws Exception { @Test void defaultZoneJwtGrantWithInternalIdp() throws Exception { - BaseClientDetails defaultZoneClient = setUpClients(generator.generate(), "", "openid", "password", true); + UaaClientDetails defaultZoneClient = setUpClients(generator.generate(), "", "openid", "password", true); defaultZoneClient.setClientSecret(SECRET); IdentityZone defaultZone = IdentityZone.getUaa(); @@ -334,7 +334,7 @@ private ScimUser getScimUser(String username, String origin, String zoneId) { } ClientDetails createJwtBearerClient(IdentityZone zone) { - BaseClientDetails details = new BaseClientDetails( + UaaClientDetails details = new UaaClientDetails( generator.generate().toLowerCase(), "", "openid", diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/RefreshTokenMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/RefreshTokenMockMvcTests.java index f4f6f7aa6c6..9c60fb251d7 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/RefreshTokenMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/RefreshTokenMockMvcTests.java @@ -41,7 +41,7 @@ import org.springframework.security.oauth2.common.util.OAuth2Utils; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import java.time.Instant; import java.util.Collections; @@ -103,7 +103,7 @@ class RefreshTokenMockMvcTests extends AbstractTokenMockMvcTests { IdentityZone zone; ScimUser user; - BaseClientDetails client; + UaaClientDetails client; private String refreshToken; private Map keys; diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenKeyEndpointMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenKeyEndpointMockMvcTests.java index c9f614258dc..40d88d5af44 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenKeyEndpointMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenKeyEndpointMockMvcTests.java @@ -2,6 +2,7 @@ import org.apache.commons.codec.binary.Base64; import org.cloudfoundry.identity.uaa.DefaultTestContext; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.oauth.token.VerificationKeyResponse; import org.cloudfoundry.identity.uaa.util.JsonUtils; import org.cloudfoundry.identity.uaa.util.MapCollector; @@ -17,7 +18,6 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MvcResult; import org.springframework.web.context.WebApplicationContext; @@ -78,7 +78,7 @@ class TokenKeyEndpointMockMvcTests { "FYEQjpphGyQmtsqsOndL9zBvfQCp5oT4hukBc3yIR6GVXDi0UURVjKtlYMMD4O+f\n" + "qwIDAQAB\n" + "-----END PUBLIC KEY-----"; - private BaseClientDetails defaultClient; + private UaaClientDetails defaultClient; private IdentityZone testZone; @Autowired private MockMvc mockMvc; @@ -158,7 +158,7 @@ void checkTokenKey_IsNotFromDefaultZone() throws Exception { @Test void checkTokenKey_WhenKeysAreAsymmetric_asAuthenticatedUser() throws Exception { - BaseClientDetails client = new BaseClientDetails(new RandomValueStringGenerator().generate(), + UaaClientDetails client = new UaaClientDetails(new RandomValueStringGenerator().generate(), "", "foo,bar", "client_credentials,password", @@ -181,7 +181,7 @@ void checkTokenKey_WhenKeysAreAsymmetric_asAuthenticatedUser() throws Exception @Test void checkTokenKey_WhenKeysAreAsymmetric_asAuthenticatedUser_withoutCorrectScope() throws Exception { setSigningKeyAndDefaultClient("key"); - BaseClientDetails client = new BaseClientDetails(new RandomValueStringGenerator().generate(), + UaaClientDetails client = new UaaClientDetails(new RandomValueStringGenerator().generate(), "", "foo,bar", "client_credentials,password", @@ -280,12 +280,12 @@ private void setSigningKeyAndDefaultClient(String signKey) { testZone.getConfig().setTokenPolicy(tokenPolicy); testZone = provisioning.create(testZone); - defaultClient = new BaseClientDetails("app", "", "", "password", "uaa.resource"); + defaultClient = new UaaClientDetails("app", "", "", "password", "uaa.resource"); defaultClient.setClientSecret("appclientsecret"); webApplicationContext.getBean(MultitenantJdbcClientDetailsService.class).addClientDetails(defaultClient, subdomain); } - private String getBasicAuth(BaseClientDetails client) { + private String getBasicAuth(UaaClientDetails client) { return "Basic " + new String(Base64.encodeBase64((client.getClientId() + ":" + client.getClientSecret()).getBytes())); } diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenMvcMockTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenMvcMockTests.java index a808b739db2..1bf76359cc7 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenMvcMockTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenMvcMockTests.java @@ -22,6 +22,7 @@ import java.util.TreeSet; import javax.servlet.http.HttpSession; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; import org.springframework.jdbc.core.JdbcTemplate; @@ -37,7 +38,7 @@ import org.springframework.security.oauth2.common.util.OAuth2Utils; import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.springframework.security.web.context.HttpSessionSecurityContextRepository; import org.springframework.security.web.savedrequest.SavedRequest; import org.springframework.test.context.TestPropertySource; @@ -285,7 +286,7 @@ void refresh_grant_fails_because_missing_required_groups() throws Exception { setUpUser(jdbcScimUserProvisioning, jdbcScimGroupMembershipManager, jdbcScimGroupProvisioning, username, userScopes, OriginKeys.UAA, IdentityZone.getUaaZoneId()); String clientId = "testclient" + generator.generate(); - BaseClientDetails clientDetails = new BaseClientDetails(clientId, null, "uaa.user,other.scope", "password,refresh_token", "uaa.resource", null); + UaaClientDetails clientDetails = new UaaClientDetails(clientId, null, "uaa.user,other.scope", "password,refresh_token", "uaa.resource", null); clientDetails.setClientSecret(SECRET); clientDetailsService.addClientDetails(clientDetails); MvcResult result = doPasswordGrant(username, SECRET, clientId, SECRET, status().isOk()); @@ -313,7 +314,7 @@ void authorization_code_missing_required_scopes() throws Exception { ScimUser user = setUpUser(jdbcScimUserProvisioning, jdbcScimGroupMembershipManager, jdbcScimGroupProvisioning, username, userScopes, OriginKeys.UAA, IdentityZone.getUaaZoneId()); String clientId = "testclient" + generator.generate(); - BaseClientDetails clientDetails = new BaseClientDetails(clientId, null, "uaa.user,other.scope", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.resource", "http://localhost"); + UaaClientDetails clientDetails = new UaaClientDetails(clientId, null, "uaa.user,other.scope", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.resource", "http://localhost"); clientDetails.setClientSecret(SECRET); clientDetails.addAdditionalInformation(REQUIRED_USER_GROUPS, Collections.singletonList("uaa.admin")); clientDetailsService.addClientDetails(clientDetails); @@ -344,7 +345,7 @@ void authorization_code_missing_required_scopes_during_token_fetch() throws Exce ScimUser user = setUpUser(jdbcScimUserProvisioning, jdbcScimGroupMembershipManager, jdbcScimGroupProvisioning, username, userScopes, OriginKeys.UAA, IdentityZone.getUaaZoneId()); String clientId = "testclient" + generator.generate(); - BaseClientDetails clientDetails = new BaseClientDetails(clientId, null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.resource", "http://localhost"); + UaaClientDetails clientDetails = new UaaClientDetails(clientId, null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.resource", "http://localhost"); clientDetails.setAutoApproveScopes(Collections.singletonList("true")); clientDetails.setClientSecret(SECRET); clientDetailsService.addClientDetails(clientDetails); @@ -395,7 +396,7 @@ void token_grant_missing_required_groups() throws Exception { setUpUser(jdbcScimUserProvisioning, jdbcScimGroupMembershipManager, jdbcScimGroupProvisioning, username, userScopes, OriginKeys.UAA, IdentityZone.getUaaZoneId()); String clientId = "testclient" + generator.generate(); - BaseClientDetails clientDetails = new BaseClientDetails(clientId, null, "uaa.user,other.scope", "password", "uaa.resource", null); + UaaClientDetails clientDetails = new UaaClientDetails(clientId, null, "uaa.user,other.scope", "password", "uaa.resource", null); clientDetails.setClientSecret(SECRET); clientDetails.addAdditionalInformation(REQUIRED_USER_GROUPS, Collections.singletonList("uaa.admin")); clientDetailsService.addClientDetails(clientDetails); @@ -416,7 +417,7 @@ void token_grant_required_groups_are_present() throws Exception { setUpUser(jdbcScimUserProvisioning, jdbcScimGroupMembershipManager, jdbcScimGroupProvisioning, username, userScopes, OriginKeys.UAA, IdentityZone.getUaaZoneId()); String clientId = "testclient" + generator.generate(); - BaseClientDetails clientDetails = new BaseClientDetails(clientId, null, "uaa.user,other.scope,required.scope.1,required.scope.2", "password", "uaa.resource", null); + UaaClientDetails clientDetails = new UaaClientDetails(clientId, null, "uaa.user,other.scope,required.scope.1,required.scope.2", "password", "uaa.resource", null); clientDetails.setClientSecret(SECRET); clientDetails.addAdditionalInformation(REQUIRED_USER_GROUPS, Arrays.asList("required.scope.1", "required.scope.2")); clientDetailsService.addClientDetails(clientDetails); @@ -746,7 +747,7 @@ void getOauthToken_usingAuthCode_withClientIdAndSecretInRequestBody_shouldBeOk() @Test void testRefreshTokenNotPresentWhenClientDoesNotHaveGrantType() throws Exception { - BaseClientDetails clientWithoutRefreshTokenGrant = setUpClients("testclient" + generator.generate(), "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, true); + UaaClientDetails clientWithoutRefreshTokenGrant = setUpClients("testclient" + generator.generate(), "", "openid", GRANT_TYPE_AUTHORIZATION_CODE, true); String username = "testuser" + generator.generate(); String userScopes = "uaa.user,other.scope,openid"; ScimUser developer = setUpUser(jdbcScimUserProvisioning, jdbcScimGroupMembershipManager, jdbcScimGroupProvisioning, username, userScopes, OriginKeys.UAA, IdentityZone.getUaaZoneId()); @@ -779,7 +780,7 @@ void testRefreshTokenNotPresentWhenClientDoesNotHaveGrantType() throws Exception @Test void refreshAccessToken_withClient_withAutoApproveField() throws Exception { String clientId = "testclient" + generator.generate(); - BaseClientDetails clientDetails = new BaseClientDetails(clientId, null, "uaa.user,other.scope", "authorization_code,refresh_token", "uaa.resource", TEST_REDIRECT_URI); + UaaClientDetails clientDetails = new UaaClientDetails(clientId, null, "uaa.user,other.scope", "authorization_code,refresh_token", "uaa.resource", TEST_REDIRECT_URI); clientDetails.setAutoApproveScopes(Collections.singletonList("uaa.user")); clientDetails.setClientSecret("secret"); clientDetails.addAdditionalInformation(ClientConstants.AUTO_APPROVE, Collections.singletonList("other.scope")); @@ -829,7 +830,7 @@ void refreshAccessToken_withClient_withAutoApproveField() throws Exception { @Test void authorizeEndpointWithPromptNone_WhenNotAuthenticated() throws Exception { String clientId = "testclient" + generator.generate(); - BaseClientDetails clientDetails = new BaseClientDetails(clientId, null, "uaa.user,other.scope", "authorization_code,refresh_token", "uaa.resource", TEST_REDIRECT_URI); + UaaClientDetails clientDetails = new UaaClientDetails(clientId, null, "uaa.user,other.scope", "authorization_code,refresh_token", "uaa.resource", TEST_REDIRECT_URI); clientDetails.setAutoApproveScopes(Collections.singletonList("uaa.user")); clientDetails.setClientSecret("secret"); clientDetails.addAdditionalInformation(ClientConstants.AUTO_APPROVE, Collections.singletonList("other.scope")); @@ -858,7 +859,7 @@ void authorizeEndpointWithPromptNone_WhenNotAuthenticated() throws Exception { @Test void testAuthorizeEndpointWithPromptNone_ForcePasswordChangeRequired() throws Exception { String clientId = "testclient" + generator.generate(); - BaseClientDetails clientDetails = new BaseClientDetails(clientId, null, "uaa.user,other.scope", "authorization_code,refresh_token", "uaa.resource", TEST_REDIRECT_URI); + UaaClientDetails clientDetails = new UaaClientDetails(clientId, null, "uaa.user,other.scope", "authorization_code,refresh_token", "uaa.resource", TEST_REDIRECT_URI); clientDetails.setAutoApproveScopes(Collections.singletonList("uaa.user")); clientDetails.setClientSecret("secret"); clientDetails.addAdditionalInformation(ClientConstants.AUTO_APPROVE, Collections.singletonList("other.scope")); @@ -908,7 +909,7 @@ void testAuthorizeEndpointWithPromptNone_ForcePasswordChangeRequired() throws Ex @Test void testAuthorizeEndpointWithPromptNone_Authenticated() throws Exception { String clientId = "testclient" + generator.generate(); - BaseClientDetails clientDetails = new BaseClientDetails(clientId, null, "uaa.user,other.scope", "authorization_code,refresh_token", "uaa.resource", TEST_REDIRECT_URI); + UaaClientDetails clientDetails = new UaaClientDetails(clientId, null, "uaa.user,other.scope", "authorization_code,refresh_token", "uaa.resource", TEST_REDIRECT_URI); clientDetails.setAutoApproveScopes(Collections.singletonList("uaa.user")); clientDetails.setClientSecret("secret"); clientDetails.addAdditionalInformation(ClientConstants.AUTO_APPROVE, Collections.singletonList("other.scope")); @@ -3844,7 +3845,7 @@ void testJkuHeaderIsSet_andNonRfcHeadersNotSet_forIdToken() throws Exception { @Test void authorizationCanRedirectToSubpathOfConfiguredRedirect() throws Exception { String clientId = "testclient" + generator.generate(); - BaseClientDetails clientDetails = new BaseClientDetails(clientId, null, "uaa.user,other.scope", "authorization_code,refresh_token", "uaa.resource", TEST_REDIRECT_URI); + UaaClientDetails clientDetails = new UaaClientDetails(clientId, null, "uaa.user,other.scope", "authorization_code,refresh_token", "uaa.resource", TEST_REDIRECT_URI); clientDetails.setAutoApproveScopes(Collections.singletonList("uaa.user")); clientDetails.setClientSecret("secret"); clientDetails.addAdditionalInformation(ClientConstants.AUTO_APPROVE, Collections.singletonList("other.scope")); @@ -3905,7 +3906,7 @@ private void test_invalid_registered_redirect_uris(Set redirectUris, Res String redirectUri = "https://example.com/dashboard/?appGuid=app-guid&ace_config=test"; String clientId = "authclient-" + generator.generate(); String scopes = "openid"; - BaseClientDetails client = setUpClients(clientId, scopes, scopes, GRANT_TYPES, true, redirectUri); + UaaClientDetails client = setUpClients(clientId, scopes, scopes, GRANT_TYPES, true, redirectUri); client.setRegisteredRedirectUri(redirectUris); webApplicationContext.getBean(MultitenantClientServices.class).updateClientDetails(client); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenRevocationEndpointMockMvcTest.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenRevocationEndpointMockMvcTest.java index 4209bdfd9da..aa1c86353aa 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenRevocationEndpointMockMvcTest.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenRevocationEndpointMockMvcTest.java @@ -1,6 +1,7 @@ package org.cloudfoundry.identity.uaa.mock.token; import com.fasterxml.jackson.core.type.TypeReference; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.login.util.RandomValueStringGenerator; import org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils; @@ -15,7 +16,6 @@ import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.springframework.dao.EmptyResultDataAccessException; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.web.context.support.GenericWebApplicationContext; import java.util.Collections; @@ -51,7 +51,7 @@ void revokeOwnJWToken() throws Exception { identityZoneProvisioning.update(defaultZone); try { - BaseClientDetails client = setUpClients( + UaaClientDetails client = setUpClients( generator.generate(), "clients.write", "openid", @@ -101,7 +101,7 @@ void revokeOtherClientTokenByJti() throws Exception { String revokerClientId = generator.generate(); String resourceClientId = generator.generate(); - BaseClientDetails revokerClient = + UaaClientDetails revokerClient = setUpClients(revokerClientId, "tokens.revoke", "openid", @@ -110,7 +110,7 @@ void revokeOtherClientTokenByJti() throws Exception { ); - BaseClientDetails targetClient = + UaaClientDetails targetClient = setUpClients(resourceClientId, "uaa.none", "openid", @@ -167,7 +167,7 @@ void revokeOtherClientTokenByClientId(String scope) throws Exception { String revokerClientId = generator.generate(); String resourceClientId = generator.generate(); - BaseClientDetails revokerClient = + UaaClientDetails revokerClient = setUpClients(revokerClientId, scope, "openid", @@ -176,7 +176,7 @@ void revokeOtherClientTokenByClientId(String scope) throws Exception { ); - BaseClientDetails targetClient = + UaaClientDetails targetClient = setUpClients(resourceClientId, "uaa.none", "openid", @@ -222,7 +222,7 @@ void revokeOtherClientTokenByClientId(String scope) throws Exception { @Test void revokeOtherClientTokenForbidden() throws Exception { String resourceClientId = generator.generate(); - BaseClientDetails resourceClient = setUpClients( + UaaClientDetails resourceClient = setUpClients( resourceClientId, "uaa.resource", "uaa.resource", @@ -230,7 +230,7 @@ void revokeOtherClientTokenForbidden() throws Exception { true ); - BaseClientDetails client = setUpClients( + UaaClientDetails client = setUpClients( generator.generate(), "clients.write", "openid", @@ -283,8 +283,8 @@ void revokeOpaqueTokenWithOpaqueToken() throws Exception { @Test void test_Revoke_All_Client_Tokens() throws Exception { - BaseClientDetails client = getAClientWithClientsRead(); - BaseClientDetails otherClient = getAClientWithClientsRead(); + UaaClientDetails client = getAClientWithClientsRead(); + UaaClientDetails otherClient = getAClientWithClientsRead(); //this is the token we will revoke String readClientsToken = @@ -355,7 +355,7 @@ void test_Revoke_All_Client_Tokens() throws Exception { @Test void test_Revoke_All_Tokens_For_User() throws Exception { - BaseClientDetails client = getAClientWithClientsRead(); + UaaClientDetails client = getAClientWithClientsRead(); ScimUser user = setUpUser(generator.generate().toLowerCase() + "@test.org"); user.setPassword("secret"); @@ -406,7 +406,7 @@ void test_Revoke_All_Tokens_For_User() throws Exception { @Test void aUserCanRevokeTheirOwnToken() throws Exception { - BaseClientDetails client = getAClientWithClientsRead(); + UaaClientDetails client = getAClientWithClientsRead(); ScimUser user = setUpUser(generator.generate().toLowerCase() + "@test.org"); user.setPassword("secret"); @@ -445,8 +445,8 @@ void aUserCanRevokeTheirOwnToken() throws Exception { } private void revokeUserClientCombinationTokenWithAuth() throws Exception { - BaseClientDetails client = getAClientWithClientsRead(); - BaseClientDetails otherClient = getAClientWithClientsRead(); + UaaClientDetails client = getAClientWithClientsRead(); + UaaClientDetails otherClient = getAClientWithClientsRead(); IdentityZone zone = IdentityZoneHolder.get(); ScimUser user1 = setUpUser(generator.generate().toLowerCase() + "@test.org"); @@ -549,7 +549,7 @@ void test_Revoke_Client_User_Combination_Token() throws Exception { @Test void test_Revoke_Client_User_Combination_Token_With_Revoke_Scope() throws Exception { String revokerClientId = generator.generate(); - BaseClientDetails revokerClient = + UaaClientDetails revokerClient = setUpClients(revokerClientId, "tokens.revoke", "openid", @@ -570,8 +570,8 @@ void test_Revoke_Client_User_Combination_Token_With_Revoke_Scope() throws Except revokeUserClientCombinationTokenWithAuth(); } - private BaseClientDetails getAClientWithClientsRead() { - BaseClientDetails client = setUpClients( + private UaaClientDetails getAClientWithClientsRead() { + UaaClientDetails client = setUpClients( generator.generate(), "clients.read", "openid", diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/UserTokenMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/UserTokenMockMvcTests.java index b277904e7c6..751932f27dc 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/UserTokenMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/UserTokenMockMvcTests.java @@ -16,6 +16,7 @@ import com.fasterxml.jackson.core.type.TypeReference; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils; import org.cloudfoundry.identity.uaa.oauth.token.RevocableToken; @@ -29,7 +30,6 @@ import org.springframework.http.MediaType; import org.springframework.security.oauth2.common.util.OAuth2Utils; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import java.util.Collections; import java.util.Map; @@ -56,11 +56,11 @@ class UserTokenMockMvcTests extends AbstractTokenMockMvcTests { @Test void test_user_managed_token() throws Exception { String recipientId = "recipientClient"+new RandomValueStringGenerator().generate(); - BaseClientDetails recipient = setUpClients(recipientId, "uaa.user", "uaa.user,test.scope", "password,"+GRANT_TYPE_REFRESH_TOKEN, true, TEST_REDIRECT_URI, + UaaClientDetails recipient = setUpClients(recipientId, "uaa.user", "uaa.user,test.scope", "password,"+GRANT_TYPE_REFRESH_TOKEN, true, TEST_REDIRECT_URI, Collections.singletonList("uaa"), 50000); String requestorId = "requestingClient"+new RandomValueStringGenerator().generate(); - BaseClientDetails requestor = setUpClients(requestorId, "uaa.user", "uaa.user", "password,"+GRANT_TYPE_USER_TOKEN, true, TEST_REDIRECT_URI, + UaaClientDetails requestor = setUpClients(requestorId, "uaa.user", "uaa.user", "password,"+GRANT_TYPE_USER_TOKEN, true, TEST_REDIRECT_URI, Collections.singletonList("uaa")); String username = "testuser"+new RandomValueStringGenerator().generate(); @@ -116,11 +116,11 @@ void test_user_managed_token() throws Exception { @Test void test_client_credentials_token() throws Exception { String recipientId = "recipientClient"+new RandomValueStringGenerator().generate(); - BaseClientDetails recipient = setUpClients(recipientId, "uaa.user", "uaa.user,test.scope", "password,"+GRANT_TYPE_REFRESH_TOKEN, true, TEST_REDIRECT_URI, + UaaClientDetails recipient = setUpClients(recipientId, "uaa.user", "uaa.user,test.scope", "password,"+GRANT_TYPE_REFRESH_TOKEN, true, TEST_REDIRECT_URI, Collections.singletonList("uaa"), 50000); String requestorId = "requestingClient"+new RandomValueStringGenerator().generate(); - BaseClientDetails requestor = setUpClients(requestorId, "uaa.user", "uaa.user", "client_credentials,"+GRANT_TYPE_USER_TOKEN, true, TEST_REDIRECT_URI, + UaaClientDetails requestor = setUpClients(requestorId, "uaa.user", "uaa.user", "client_credentials,"+GRANT_TYPE_USER_TOKEN, true, TEST_REDIRECT_URI, Collections.singletonList("uaa")); String username = "testuser"+new RandomValueStringGenerator().generate(); @@ -152,11 +152,11 @@ void test_client_credentials_token() throws Exception { @Test void test_invalid_grant_type() throws Exception { String recipientId = "recipientClient"+new RandomValueStringGenerator().generate(); - BaseClientDetails recipient = setUpClients(recipientId, "uaa.user", "uaa.user,test.scope", "password,"+GRANT_TYPE_REFRESH_TOKEN, true, TEST_REDIRECT_URI, + UaaClientDetails recipient = setUpClients(recipientId, "uaa.user", "uaa.user,test.scope", "password,"+GRANT_TYPE_REFRESH_TOKEN, true, TEST_REDIRECT_URI, Collections.singletonList("uaa"), 50000); String requestorId = "requestingClient"+new RandomValueStringGenerator().generate(); - BaseClientDetails requestor = setUpClients(requestorId, "uaa.user", "uaa.user", "password", true, TEST_REDIRECT_URI, + UaaClientDetails requestor = setUpClients(requestorId, "uaa.user", "uaa.user", "password", true, TEST_REDIRECT_URI, Collections.singletonList("uaa")); String username = "testuser"+new RandomValueStringGenerator().generate(); @@ -195,7 +195,7 @@ void test_create_client_with_user_token_grant() throws Exception { true ); - BaseClientDetails client = new BaseClientDetails( + UaaClientDetails client = new UaaClientDetails( generator.generate(), null, "openid,uaa.user,tokens.", diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/util/MockMvcUtils.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/util/MockMvcUtils.java index f9bbac3d55d..c92a85d80fc 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/util/MockMvcUtils.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/util/MockMvcUtils.java @@ -21,6 +21,7 @@ import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.integration.util.IntegrationTestUtils; import org.cloudfoundry.identity.uaa.invitations.InvitationsRequest; @@ -44,10 +45,10 @@ import org.cloudfoundry.identity.uaa.scim.endpoints.ScimGroupEndpoints; import org.cloudfoundry.identity.uaa.scim.jdbc.JdbcScimUserProvisioning; import org.cloudfoundry.identity.uaa.security.web.CookieBasedCsrfTokenRepository; -import org.cloudfoundry.identity.uaa.util.AlphanumericRandomValueStringGenerator; import org.cloudfoundry.identity.uaa.test.TestApplicationEventListener; import org.cloudfoundry.identity.uaa.user.UaaAuthority; import org.cloudfoundry.identity.uaa.user.UaaUserDatabase; +import org.cloudfoundry.identity.uaa.util.AlphanumericRandomValueStringGenerator; import org.cloudfoundry.identity.uaa.util.JsonUtils; import org.cloudfoundry.identity.uaa.util.SessionUtils; import org.cloudfoundry.identity.uaa.util.SetServerNameRequestPostProcessor; @@ -82,7 +83,6 @@ import org.springframework.security.oauth2.common.util.OAuth2Utils; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.security.web.PortResolverImpl; import org.springframework.security.web.context.HttpSessionSecurityContextRepository; import org.springframework.security.web.csrf.CsrfToken; @@ -91,7 +91,6 @@ import org.springframework.security.web.savedrequest.SavedRequest; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MvcResult; -import org.springframework.test.web.servlet.ResultActions; import org.springframework.test.web.servlet.ResultMatcher; import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder; import org.springframework.test.web.servlet.request.RequestPostProcessor; @@ -116,15 +115,11 @@ import java.util.regex.Matcher; import java.util.regex.Pattern; -import static org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils.CookieCsrfPostProcessor.cookieCsrf; import static org.cloudfoundry.identity.uaa.oauth.token.TokenConstants.GRANT_TYPE_AUTHORIZATION_CODE; import static org.cloudfoundry.identity.uaa.oauth.token.TokenConstants.TokenFormat.OPAQUE; import static org.cloudfoundry.identity.uaa.scim.ScimGroupMember.Type.USER; -import static org.hamcrest.Matchers.containsInAnyOrder; import static org.hamcrest.Matchers.not; import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertThat; -import static org.junit.Assert.assertTrue; import static org.springframework.http.HttpHeaders.HOST; import static org.springframework.http.MediaType.APPLICATION_JSON; import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic; @@ -133,9 +128,7 @@ import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put; import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.print; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.redirectedUrl; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.view; import static org.springframework.util.StringUtils.hasText; import static org.springframework.util.StringUtils.isEmpty; @@ -451,7 +444,7 @@ public static ZoneScimInviteData createZoneForInvites(MockMvc mockMvc, Applicati IdentityZoneCreationResult zone = MockMvcUtils.createOtherIdentityZoneAndReturnResult(generator.generate().toLowerCase(), mockMvc, context, null, zoneId); List redirectUris = Arrays.asList(redirectUri, "http://" + zone.getIdentityZone().getSubdomain() + ".localhost"); - BaseClientDetails appClient = new BaseClientDetails("app", "", "scim.invite", "client_credentials,password,authorization_code", "uaa.admin,clients.admin,scim.write,scim.read,scim.invite", String.join(",", redirectUris)); + UaaClientDetails appClient = new UaaClientDetails("app", "", "scim.invite", "client_credentials,password,authorization_code", "uaa.admin,clients.admin,scim.write,scim.read,scim.invite", String.join(",", redirectUris)); appClient.setClientSecret("secret"); appClient = MockMvcUtils.createClient(mockMvc, zone.getZoneAdminToken(), appClient, zone.getIdentityZone(), @@ -630,7 +623,7 @@ public static IdentityZoneCreationResult createOtherIdentityZoneAndReturnResult( public static IdentityZoneCreationResult createOtherIdentityZoneAndReturnResult(String subdomain, MockMvc mockMvc, ApplicationContext webApplicationContext, - ClientDetails bootstrapClient, + ClientDetails bootstrapClient, String zoneId) throws Exception { return createOtherIdentityZoneAndReturnResult(subdomain, mockMvc, webApplicationContext, bootstrapClient, true, zoneId); @@ -639,14 +632,14 @@ public static IdentityZoneCreationResult createOtherIdentityZoneAndReturnResult( public static IdentityZone createOtherIdentityZone(String subdomain, MockMvc mockMvc, ApplicationContext webApplicationContext, - ClientDetails bootstrapClient, String zoneId) throws Exception { + ClientDetails bootstrapClient, String zoneId) throws Exception { return createOtherIdentityZone(subdomain, mockMvc, webApplicationContext, bootstrapClient, true, zoneId); } public static IdentityZone createOtherIdentityZone(String subdomain, MockMvc mockMvc, ApplicationContext webApplicationContext, - ClientDetails bootstrapClient, + ClientDetails bootstrapClient, boolean useWebRequests, String zoneId) throws Exception { return createOtherIdentityZoneAndReturnResult(subdomain, mockMvc, webApplicationContext, bootstrapClient, useWebRequests, zoneId).getIdentityZone(); @@ -664,7 +657,7 @@ public static IdentityZone createOtherIdentityZone(String subdomain, boolean useWebRequests, String zoneId) throws Exception { - BaseClientDetails client = new BaseClientDetails("admin", null, null, "client_credentials", + UaaClientDetails client = new UaaClientDetails("admin", null, null, "client_credentials", "clients.admin,scim.read,scim.write,idps.write,uaa.admin", "http://redirect.url"); client.setClientSecret("admin-secret"); @@ -865,11 +858,11 @@ public static ScimGroup updateGroup(MockMvc mockMvc, String accessToken, ScimGro ScimGroup.class); } - public static BaseClientDetails createClient(MockMvc mockMvc, String accessToken, BaseClientDetails clientDetails) throws Exception { + public static UaaClientDetails createClient(MockMvc mockMvc, String accessToken, UaaClientDetails clientDetails) throws Exception { return createClient(mockMvc, accessToken, clientDetails, IdentityZone.getUaa(), status().isCreated()); } - public static BaseClientDetails createClient(MockMvc mockMvc, IdentityZone identityZone, String accessToken, BaseClientDetails clientDetails) throws Exception { + public static UaaClientDetails createClient(MockMvc mockMvc, IdentityZone identityZone, String accessToken, UaaClientDetails clientDetails) throws Exception { return createClient(mockMvc, accessToken, clientDetails, identityZone, status().isCreated()); } @@ -884,7 +877,7 @@ public static void deleteClient(MockMvc mockMvc, String accessToken, String clie .andExpect(status().is(not(500))); } - public static BaseClientDetails createClient(MockMvc mockMvc, String accessToken, BaseClientDetails clientDetails, + public static UaaClientDetails createClient(MockMvc mockMvc, String accessToken, UaaClientDetails clientDetails, IdentityZone zone, ResultMatcher status) throws Exception { MockHttpServletRequestBuilder createClientPost = post("/oauth/clients") @@ -898,10 +891,10 @@ public static BaseClientDetails createClient(MockMvc mockMvc, String accessToken return JsonUtils.readValue( mockMvc.perform(createClientPost) .andExpect(status) - .andReturn().getResponse().getContentAsString(), BaseClientDetails.class); + .andReturn().getResponse().getContentAsString(), UaaClientDetails.class); } - public static BaseClientDetails createClient(ApplicationContext context, BaseClientDetails clientDetails, IdentityZone zone) { + public static UaaClientDetails createClient(ApplicationContext context, UaaClientDetails clientDetails, IdentityZone zone) { MultitenantJdbcClientDetailsService service = context.getBean(MultitenantJdbcClientDetailsService.class); if (clientDetails.getClientSecret() == null) { @@ -909,7 +902,7 @@ public static BaseClientDetails createClient(ApplicationContext context, BaseCli clientDetails.setClientSecret(""); } service.addClientDetails(clientDetails, zone.getId()); - return (BaseClientDetails) service.loadClientByClientId(clientDetails.getClientId(), zone.getId()); + return (UaaClientDetails) service.loadClientByClientId(clientDetails.getClientId(), zone.getId()); } public static ClientDetails createClient(MockMvc mockMvc, String adminAccessToken, String id, String secret, Collection resourceIds, List scopes, List grantTypes, String authorities) throws Exception { @@ -941,13 +934,13 @@ public static ClientDetailsModification getClientDetailsModification(String id, return detailsModification; } - public static BaseClientDetails updateClient(ApplicationContext context, BaseClientDetails clientDetails, IdentityZone zone) { + public static UaaClientDetails updateClient(ApplicationContext context, UaaClientDetails clientDetails, IdentityZone zone) { MultitenantJdbcClientDetailsService service = context.getBean(MultitenantJdbcClientDetailsService.class); service.updateClientDetails(clientDetails, zone.getId()); - return (BaseClientDetails) service.loadClientByClientId(clientDetails.getClientId(), zone.getId()); + return (UaaClientDetails) service.loadClientByClientId(clientDetails.getClientId(), zone.getId()); } - public static BaseClientDetails updateClient(MockMvc mockMvc, String accessToken, BaseClientDetails clientDetails, IdentityZone zone) + public static UaaClientDetails updateClient(MockMvc mockMvc, String accessToken, UaaClientDetails clientDetails, IdentityZone zone) throws Exception { MockHttpServletRequestBuilder updateClientPut = put("/oauth/clients/" + clientDetails.getClientId()) @@ -962,10 +955,10 @@ public static BaseClientDetails updateClient(MockMvc mockMvc, String accessToken return JsonUtils.readValue( mockMvc.perform(updateClientPut) .andExpect(status().isOk()) - .andReturn().getResponse().getContentAsString(), BaseClientDetails.class); + .andReturn().getResponse().getContentAsString(), UaaClientDetails.class); } - public static BaseClientDetails getClient(MockMvc mockMvc, String accessToken, String clientId, IdentityZone zone) + public static UaaClientDetails getClient(MockMvc mockMvc, String accessToken, String clientId, IdentityZone zone) throws Exception { MockHttpServletRequestBuilder readClientGet = get("/oauth/clients/" + clientId) @@ -979,7 +972,7 @@ public static BaseClientDetails getClient(MockMvc mockMvc, String accessToken, S return JsonUtils.readValue( mockMvc.perform(readClientGet) .andExpect(status().isOk()) - .andReturn().getResponse().getContentAsString(), BaseClientDetails.class); + .andReturn().getResponse().getContentAsString(), UaaClientDetails.class); } public static String getZoneAdminToken(MockMvc mockMvc, String adminToken, String zoneId) throws Exception { diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java index a349fec8528..031b2173a0f 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java @@ -2,13 +2,13 @@ import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.JsonNode; -import com.google.common.collect.Lists; import org.cloudfoundry.identity.uaa.DefaultTestContext; import org.cloudfoundry.identity.uaa.approval.Approval; import org.cloudfoundry.identity.uaa.approval.ApprovalStore; import org.cloudfoundry.identity.uaa.audit.AuditEventType; import org.cloudfoundry.identity.uaa.audit.event.AbstractUaaEvent; import org.cloudfoundry.identity.uaa.audit.event.EntityDeletedEvent; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.client.event.ClientCreateEvent; import org.cloudfoundry.identity.uaa.client.event.ClientDeleteEvent; import org.cloudfoundry.identity.uaa.login.util.RandomValueStringGenerator; @@ -46,7 +46,6 @@ import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.security.oauth2.provider.ClientRegistrationService; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MvcResult; import org.springframework.test.web.servlet.ResultActions; @@ -153,7 +152,7 @@ void setUp( this.mockMvc = mockMvc; this.testClient = testClient; - BaseClientDetails uaaAdminClient = new BaseClientDetails("uaa-admin-" + generator.generate().toLowerCase(), + UaaClientDetails uaaAdminClient = new UaaClientDetails("uaa-admin-" + generator.generate().toLowerCase(), null, "uaa.admin", "password,client_credentials", @@ -1536,8 +1535,8 @@ void test_delete_zone_cleans_db() throws Exception { IdentityZone zone = createZone(id, HttpStatus.CREATED, identityClientToken, new IdentityZoneConfiguration()); //create zone and clients - BaseClientDetails client = - new BaseClientDetails("limited-client", null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.resource"); + UaaClientDetails client = + new UaaClientDetails("limited-client", null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.resource"); client.setClientSecret("secret"); client.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, Collections.singletonList(UAA)); client.addAdditionalInformation("foo", "bar"); @@ -1565,7 +1564,7 @@ void test_delete_zone_cleans_db() throws Exception { .accept(APPLICATION_JSON) .content(JsonUtils.writeValueAsString(client))) .andExpect(status().isCreated()).andReturn(); - BaseClientDetails created = JsonUtils.readValue(result.getResponse().getContentAsString(), BaseClientDetails.class); + UaaClientDetails created = JsonUtils.readValue(result.getResponse().getContentAsString(), UaaClientDetails.class); assertNull(created.getClientSecret()); assertEquals("zones.write", created.getAdditionalInformation().get(ClientConstants.CREATED_WITH)); assertEquals(Collections.singletonList(UAA), created.getAdditionalInformation().get(ClientConstants.ALLOWED_PROVIDERS)); @@ -1703,8 +1702,8 @@ void testDeleteZonePublishesEvent() throws Exception { void testCreateAndDeleteLimitedClientInNewZoneUsingZoneEndpoint() throws Exception { String id = generator.generate(); IdentityZone zone = createZone(id, HttpStatus.CREATED, identityClientToken, new IdentityZoneConfiguration()); - BaseClientDetails client = - new BaseClientDetails("limited-client", null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.resource"); + UaaClientDetails client = + new UaaClientDetails("limited-client", null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.resource"); client.setClientSecret("secret"); client.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, Collections.singletonList(UAA)); client.addAdditionalInformation("foo", "bar"); @@ -1725,7 +1724,7 @@ void testCreateAndDeleteLimitedClientInNewZoneUsingZoneEndpoint() throws Excepti .accept(APPLICATION_JSON) .content(JsonUtils.writeValueAsString(client))) .andExpect(status().isCreated()).andReturn(); - BaseClientDetails created = JsonUtils.readValue(result.getResponse().getContentAsString(), BaseClientDetails.class); + UaaClientDetails created = JsonUtils.readValue(result.getResponse().getContentAsString(), UaaClientDetails.class); assertNull(created.getClientSecret()); assertEquals("zones.write", created.getAdditionalInformation().get(ClientConstants.CREATED_WITH)); assertEquals(Collections.singletonList(UAA), created.getAdditionalInformation().get(ClientConstants.ALLOWED_PROVIDERS)); @@ -1750,8 +1749,8 @@ void testCreateAndDeleteLimitedClientInNewZoneUsingZoneEndpoint() throws Excepti @Test void testCreateAndDeleteLimitedClientInUAAZoneReturns403() throws Exception { - BaseClientDetails client = - new BaseClientDetails("limited-client", null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.resource"); + UaaClientDetails client = + new UaaClientDetails("limited-client", null, "openid", GRANT_TYPE_AUTHORIZATION_CODE, "uaa.resource"); client.setClientSecret("secret"); client.addAdditionalInformation(ClientConstants.ALLOWED_PROVIDERS, Collections.singletonList(UAA)); mockMvc.perform( @@ -1776,8 +1775,8 @@ void testCreateAndDeleteLimitedClientInUAAZoneReturns403() throws Exception { void testCreateAdminClientInNewZoneUsingZoneEndpointReturns400() throws Exception { String id = generator.generate(); IdentityZone zone = createZone(id, HttpStatus.CREATED, identityClientToken, new IdentityZoneConfiguration()); - BaseClientDetails client = - new BaseClientDetails("admin-client", null, null, "client_credentials", "clients.write"); + UaaClientDetails client = + new UaaClientDetails("admin-client", null, null, "client_credentials", "clients.write"); client.setClientSecret("secret"); mockMvc.perform( post("/identity-zones/" + zone.getId() + "/clients") @@ -1873,7 +1872,7 @@ void testZoneAdminTokenAgainstZoneEndpoints() throws Exception { @Test void testSuccessfulUserManagementInZoneUsingAdminClient() throws Exception { String subdomain = generator.generate().toLowerCase(); - BaseClientDetails adminClient = new BaseClientDetails("admin", null, null, "client_credentials", "scim.read,scim.write"); + UaaClientDetails adminClient = new UaaClientDetails("admin", null, null, "client_credentials", "scim.read,scim.write"); adminClient.setClientSecret("admin-secret"); IdentityZoneCreationResult creationResult = MockMvcUtils.createOtherIdentityZoneAndReturnResult(subdomain, mockMvc, webApplicationContext, adminClient, IdentityZoneHolder.getCurrentZoneId()); IdentityZone identityZone = creationResult.getIdentityZone(); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneSwitchingFilterMockMvcTest.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneSwitchingFilterMockMvcTest.java index 1f1982e4bf6..9ef98ffe583 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneSwitchingFilterMockMvcTest.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneSwitchingFilterMockMvcTest.java @@ -1,6 +1,7 @@ package org.cloudfoundry.identity.uaa.mock.zones; import org.cloudfoundry.identity.uaa.DefaultTestContext; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.login.util.RandomValueStringGenerator; import org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils; import org.cloudfoundry.identity.uaa.scim.ScimGroup; @@ -15,7 +16,6 @@ import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.ResultMatcher; @@ -93,7 +93,7 @@ void switchingZoneWithSubdomain() throws Exception { @Test void noSwitching() throws Exception { final String clientId = UUID.randomUUID().toString(); - BaseClientDetails client = new BaseClientDetails(clientId, null, null, "client_credentials", null); + UaaClientDetails client = new UaaClientDetails(clientId, null, null, "client_credentials", null); client.setClientSecret("secret"); mockMvc.perform(post("/oauth/clients") @@ -200,7 +200,7 @@ private static ScimUser createUserInAnotherZone(MockMvc mockMvc, RandomValueStri private static ClientDetails createClientInOtherZone(MockMvc mockMvc, RandomValueStringGenerator generator, String accessToken, ResultMatcher statusMatcher, String headerKey, String headerValue) throws Exception { String clientId = generator.generate(); - BaseClientDetails client = new BaseClientDetails(clientId, null, null, "client_credentials", null); + UaaClientDetails client = new UaaClientDetails(clientId, null, null, "client_credentials", null); client.setClientSecret("secret"); mockMvc.perform(post("/oauth/clients") .header(headerKey, headerValue) diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/ZonesWriteScopeMockMvcTest.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/ZonesWriteScopeMockMvcTest.java index 140a6f2f741..07c3afcc068 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/ZonesWriteScopeMockMvcTest.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/ZonesWriteScopeMockMvcTest.java @@ -2,6 +2,7 @@ import com.fasterxml.jackson.databind.JsonNode; import org.cloudfoundry.identity.uaa.DefaultTestContext; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.login.util.RandomValueStringGenerator; import org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils; import org.cloudfoundry.identity.uaa.scim.ScimGroup; @@ -15,7 +16,6 @@ import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MvcResult; import org.springframework.web.context.WebApplicationContext; @@ -35,7 +35,7 @@ class ZonesWriteScopeMockMvcTest { private RandomValueStringGenerator generator = new RandomValueStringGenerator(); private String subdomain; - private BaseClientDetails adminClient; + private UaaClientDetails adminClient; private String zoneAdminToken; private IdentityZone zone; @@ -54,7 +54,7 @@ void setUp( subdomain = generator.generate().toLowerCase(); - adminClient = new BaseClientDetails("admin", null, "uaa.admin,scim.write,zones.write", "client_credentials,password", "uaa.admin,scim.write,zones.write"); + adminClient = new UaaClientDetails("admin", null, "uaa.admin,scim.write,zones.write", "client_credentials,password", "uaa.admin,scim.write,zones.write"); adminClient.setClientSecret("admin-secret"); zone = createZoneWithClient(subdomain); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServicesTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServicesTests.java index 09a43f1ad0a..cc8c58ae1a9 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServicesTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/oauth/UaaTokenServicesTests.java @@ -23,6 +23,7 @@ import org.cloudfoundry.identity.uaa.user.UaaUser; import org.cloudfoundry.identity.uaa.util.TimeService; import org.cloudfoundry.identity.uaa.util.UaaTokenUtils; +import org.cloudfoundry.identity.uaa.provider.NoSuchClientException; import org.cloudfoundry.identity.uaa.zone.MultitenantClientServices; import org.joda.time.DateTime; import org.junit.jupiter.api.*; @@ -35,7 +36,6 @@ import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.provider.AuthorizationRequest; -import org.springframework.security.oauth2.provider.NoSuchClientException; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.OAuth2Request; import org.springframework.security.oauth2.provider.TokenRequest; @@ -156,7 +156,9 @@ public void append(LogEvent event) { @AfterEach void removeAppender() { LoggerContext context = (LoggerContext) LogManager.getContext(false); - context.getRootLogger().removeAppender(appender); + if (appender != null) { + context.getRootLogger().removeAppender(appender); + } } @BeforeEach diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/performance/LoginPagePerformanceMockMvcTest.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/performance/LoginPagePerformanceMockMvcTest.java index d1a6e54318a..3e5cb1ea096 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/performance/LoginPagePerformanceMockMvcTest.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/performance/LoginPagePerformanceMockMvcTest.java @@ -12,6 +12,7 @@ import java.util.Collections; import org.cloudfoundry.identity.uaa.DefaultTestContext; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.codestore.JdbcExpiringCodeStore; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.impl.config.IdentityZoneConfigurationBootstrap; @@ -35,7 +36,6 @@ import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.test.annotation.DirtiesContext; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MvcResult; @@ -99,7 +99,7 @@ void idpDiscoveryRedirectsToOIDCProvider( String subdomain = "oidc-discovery-" + generator.generate().toLowerCase(); IdentityZone zone = MultitenancyFixture.identityZone(subdomain, subdomain); zone.getConfig().setIdpDiscoveryEnabled(true); - BaseClientDetails client = new BaseClientDetails("admin", null, null, "client_credentials", + UaaClientDetails client = new UaaClientDetails("admin", null, null, "client_credentials", "clients.admin,scim.read,scim.write,idps.write,uaa.admin", "http://redirect.url"); client.setClientSecret("admin-secret"); createOtherIdentityZoneAndReturnResult(mockMvc, webApplicationContext, client, zone, false, IdentityZoneHolder.getCurrentZoneId()); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimGroupEndpointsMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimGroupEndpointsMockMvcTests.java index 0b05c187ada..719f143fd0a 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimGroupEndpointsMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimGroupEndpointsMockMvcTests.java @@ -6,6 +6,7 @@ import com.google.common.collect.Sets; import org.apache.commons.codec.binary.Base64; import org.cloudfoundry.identity.uaa.DefaultTestContext; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.mock.util.MockMvcUtils; import org.cloudfoundry.identity.uaa.mock.util.OAuthToken; @@ -39,7 +40,6 @@ import org.springframework.http.MediaType; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; import org.springframework.test.context.TestPropertySource; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MvcResult; @@ -411,7 +411,7 @@ class WithGroupMaxCount50 { @Test void getGroupsInOtherZone_withZoneAdminToken_returnsOkWithResults() throws Exception { String subdomain = new RandomValueStringGenerator(8).generate(); - BaseClientDetails bootstrapClient = null; + UaaClientDetails bootstrapClient = null; MockMvcUtils.IdentityZoneCreationResult result = MockMvcUtils.createOtherIdentityZoneAndReturnResult( subdomain, mockMvc, webApplicationContext, bootstrapClient, IdentityZoneHolder.getCurrentZoneId() ); @@ -468,14 +468,14 @@ void getGroupsInOtherZone_withZoneAdminToken_returnsOkWithResults() throws Excep @Test void getGroupsInOtherZone_withZoneUserToken_returnsOkWithResults() throws Exception { String subdomain = new RandomValueStringGenerator(8).generate(); - BaseClientDetails bootstrapClient = null; + UaaClientDetails bootstrapClient = null; MockMvcUtils.IdentityZoneCreationResult result = MockMvcUtils.createOtherIdentityZoneAndReturnResult( subdomain, mockMvc, webApplicationContext, bootstrapClient, IdentityZoneHolder.getCurrentZoneId() ); String zonedClientId = "zonedClientId"; String zonedClientSecret = "zonedClientSecret"; - BaseClientDetails zonedClientDetails = (BaseClientDetails) MockMvcUtils.createClient(mockMvc, result.getZoneAdminToken(), zonedClientId, zonedClientSecret, Collections.singleton("oauth"), + UaaClientDetails zonedClientDetails = (UaaClientDetails) MockMvcUtils.createClient(mockMvc, result.getZoneAdminToken(), zonedClientId, zonedClientSecret, Collections.singleton("oauth"), Collections.singletonList("scim.read"), Arrays.asList("client_credentials", "password"), "scim.read", null, result.getIdentityZone()); zonedClientDetails.setClientSecret(zonedClientSecret); diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpointsMockMvcTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpointsMockMvcTests.java index c03c55cb31a..f79a2d428e4 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpointsMockMvcTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/scim/endpoints/ScimUserEndpointsMockMvcTests.java @@ -85,7 +85,7 @@ import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.security.oauth2.common.util.RandomValueStringGenerator; import org.springframework.security.oauth2.provider.ClientDetails; -import org.springframework.security.oauth2.provider.client.BaseClientDetails; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.springframework.test.web.servlet.MockMvc; import org.springframework.test.web.servlet.MvcResult; import org.springframework.test.web.servlet.ResultActions; @@ -277,7 +277,7 @@ void verification_link_in_non_default_zone() throws Exception { MockMvcUtils.IdentityZoneCreationResult zoneResult = MockMvcUtils.createOtherIdentityZoneAndReturnResult(subdomain, mockMvc, webApplicationContext, null, IdentityZoneHolder.getCurrentZoneId()); String zonedClientId = "zonedClientId"; String zonedClientSecret = "zonedClientSecret"; - BaseClientDetails zonedClientDetails = (BaseClientDetails) MockMvcUtils.createClient(mockMvc, + UaaClientDetails zonedClientDetails = (UaaClientDetails) MockMvcUtils.createClient(mockMvc, zoneResult.getZoneAdminToken(), zonedClientId, zonedClientSecret, From 543338a186c1d051f29f2d931d594c5edbf8e780 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 11 Apr 2024 16:58:00 +0200 Subject: [PATCH 21/26] build(deps): bump versions.springFrameworkVersion from 5.3.33 to 5.3.34 (#2822) Bumps `versions.springFrameworkVersion` from 5.3.33 to 5.3.34. Updates `org.springframework:spring-beans` from 5.3.33 to 5.3.34 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.33...v5.3.34) Updates `org.springframework:spring-context` from 5.3.33 to 5.3.34 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.33...v5.3.34) Updates `org.springframework:spring-context-support` from 5.3.33 to 5.3.34 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.33...v5.3.34) Updates `org.springframework:spring-jdbc` from 5.3.33 to 5.3.34 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.33...v5.3.34) Updates `org.springframework:spring-test` from 5.3.33 to 5.3.34 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.33...v5.3.34) Updates `org.springframework:spring-tx` from 5.3.33 to 5.3.34 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.33...v5.3.34) Updates `org.springframework:spring-web` from 5.3.33 to 5.3.34 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.33...v5.3.34) Updates `org.springframework:spring-webmvc` from 5.3.33 to 5.3.34 - [Release notes](https://github.com/spring-projects/spring-framework/releases) - [Commits](https://github.com/spring-projects/spring-framework/compare/v5.3.33...v5.3.34) --- updated-dependencies: - dependency-name: org.springframework:spring-beans dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework:spring-context dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework:spring-context-support dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework:spring-jdbc dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework:spring-test dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework:spring-tx dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework:spring-web dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework:spring-webmvc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- dependencies.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependencies.gradle b/dependencies.gradle index 30ab832f33e..54d533960cf 100644 --- a/dependencies.gradle +++ b/dependencies.gradle @@ -9,7 +9,7 @@ versions.apacheDsVersion = "2.0.0.AM27" versions.bouncyCastleVersion = "1.0.2.4" versions.hamcrestVersion = "2.2" versions.springBootVersion = "2.7.18" -versions.springFrameworkVersion = "5.3.33" +versions.springFrameworkVersion = "5.3.34" versions.springSecurityVersion = "5.8.11" versions.springSecurityOAuthVersion = "2.5.2.RELEASE" versions.springSecuritySamlVersion = "1.0.10.RELEASE" From e5e54013f97ad6c33be6e7f8d39e13eeefa77eb4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 11 Apr 2024 17:45:20 +0200 Subject: [PATCH 22/26] build(deps): bump versions.braveVersion from 6.0.2 to 6.0.3 (#2823) Bumps `versions.braveVersion` from 6.0.2 to 6.0.3. Updates `io.zipkin.brave:brave-instrumentation-spring-webmvc` from 6.0.2 to 6.0.3 Updates `io.zipkin.brave:brave-context-slf4j` from 6.0.2 to 6.0.3 --- updated-dependencies: - dependency-name: io.zipkin.brave:brave-instrumentation-spring-webmvc dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: io.zipkin.brave:brave-context-slf4j dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- dependencies.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependencies.gradle b/dependencies.gradle index 54d533960cf..260a84c7e51 100644 --- a/dependencies.gradle +++ b/dependencies.gradle @@ -16,7 +16,7 @@ versions.springSecuritySamlVersion = "1.0.10.RELEASE" versions.tomcatCargoVersion = "9.0.87" versions.guavaVersion = "33.1.0-jre" versions.seleniumVersion = "4.18.1" -versions.braveVersion = "6.0.2" +versions.braveVersion = "6.0.3" versions.jacksonVersion = "2.17.0" versions.jsonPathVersion = "2.9.0" From 4c5ed23d10410a106810db1ce2b05c831d511363 Mon Sep 17 00:00:00 2001 From: Markus Strehle <11627201+strehle@users.noreply.github.com> Date: Fri, 12 Apr 2024 08:01:33 +0200 Subject: [PATCH 23/26] update dependency nokogiri to v1.16.4 (#2827) --- uaa/slate/Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/uaa/slate/Gemfile.lock b/uaa/slate/Gemfile.lock index fd497c878e6..42013c778eb 100644 --- a/uaa/slate/Gemfile.lock +++ b/uaa/slate/Gemfile.lock @@ -85,7 +85,7 @@ GEM mini_racer (0.4.0) libv8-node (~> 15.14.0.0) minitest (5.21.2) - nokogiri (1.16.3) + nokogiri (1.16.4) mini_portile2 (~> 2.8.2) racc (~> 1.4) padrino-helpers (0.15.3) From 5c4fba0b6ca850e64a8dfaecfb0238b7f19d3edb Mon Sep 17 00:00:00 2001 From: d036670 Date: Thu, 11 Apr 2024 20:57:26 +0200 Subject: [PATCH 24/26] Remove direct usage of commons-httpclient 3.1 opensaml and spring-security-saml2 still use it --- dependencies.gradle | 1 - server/build.gradle | 1 - .../oauth/ExternalOAuthAuthenticationFilter.java | 4 ++-- uaa/build.gradle | 5 +++-- .../identity/uaa/mock/token/TokenMvcMockTests.java | 9 ++++----- 5 files changed, 9 insertions(+), 11 deletions(-) diff --git a/dependencies.gradle b/dependencies.gradle index 260a84c7e51..4fe529c3e8e 100644 --- a/dependencies.gradle +++ b/dependencies.gradle @@ -131,7 +131,6 @@ libraries.xmlSecurity = "org.apache.santuario:xmlsec:4.0.2" libraries.orgJson = "org.json:json:20240303" libraries.owaspEsapi = "org.owasp.esapi:esapi:2.5.3.1" libraries.jodaTime = "joda-time:joda-time:2.12.7" -libraries.commonsHttpClient = "commons-httpclient:commons-httpclient:3.1" libraries.apacheHttpClient = "org.apache.httpcomponents:httpclient:4.5.14" // gradle plugins diff --git a/server/build.gradle b/server/build.gradle index 0b9629f083a..e41c19bd503 100644 --- a/server/build.gradle +++ b/server/build.gradle @@ -30,7 +30,6 @@ dependencies { exclude(module: "xalan") } implementation(libraries.jodaTime) - implementation(libraries.commonsHttpClient) implementation(libraries.xmlSecurity) implementation(libraries.springSessionJdbc) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/ExternalOAuthAuthenticationFilter.java b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/ExternalOAuthAuthenticationFilter.java index 7f53f46c7a6..80af3dca9a9 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/ExternalOAuthAuthenticationFilter.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/ExternalOAuthAuthenticationFilter.java @@ -1,6 +1,6 @@ package org.cloudfoundry.identity.uaa.provider.oauth; -import org.apache.commons.httpclient.util.URIUtil; +import org.apache.commons.io.FilenameUtils; import org.apache.commons.lang3.StringUtils; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails; import org.cloudfoundry.identity.uaa.login.AccountSavingAuthenticationSuccessHandler; @@ -92,7 +92,7 @@ private boolean containsCredentials(final HttpServletRequest request) { private boolean authenticationWasSuccessful( final HttpServletRequest request, final HttpServletResponse response) throws IOException { - final String origin = URIUtil.getName(String.valueOf(request.getRequestURL())); + final String origin = FilenameUtils.getName(request.getRequestURI()); final String code = request.getParameter("code"); final String idToken = request.getParameter("id_token"); final String accessToken = request.getParameter("access_token"); diff --git a/uaa/build.gradle b/uaa/build.gradle index 7c6616f4e32..84c4f17dd8e 100644 --- a/uaa/build.gradle +++ b/uaa/build.gradle @@ -86,7 +86,9 @@ dependencies { testImplementation(libraries.springSessionJdbc) testImplementation(libraries.springTest) testImplementation(libraries.springSecurityLdap) - testImplementation(libraries.springSecuritySaml) + testImplementation(libraries.springSecuritySaml) { + exclude(module: "commons-httpclient") + } testImplementation(libraries.springSecurityTest) testImplementation(libraries.springBootStarterMail) testImplementation(libraries.mockito) @@ -95,7 +97,6 @@ dependencies { testImplementation(libraries.greenmail) testImplementation(libraries.jodaTime) testImplementation(libraries.commonsIo) - testImplementation(libraries.commonsHttpClient) testImplementation(libraries.owaspEsapi) testImplementation(libraries.apacheHttpClient) } diff --git a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenMvcMockTests.java b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenMvcMockTests.java index 1bf76359cc7..07d666e559a 100644 --- a/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenMvcMockTests.java +++ b/uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/token/TokenMvcMockTests.java @@ -3,6 +3,7 @@ import java.net.URI; import java.net.URL; import java.net.URLDecoder; +import java.nio.charset.Charset; import java.nio.charset.StandardCharsets; import java.sql.Timestamp; import java.util.ArrayList; @@ -22,7 +23,6 @@ import java.util.TreeSet; import javax.servlet.http.HttpSession; -import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; import org.springframework.jdbc.core.JdbcTemplate; @@ -38,7 +38,6 @@ import org.springframework.security.oauth2.common.util.OAuth2Utils; import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.springframework.security.web.context.HttpSessionSecurityContextRepository; import org.springframework.security.web.savedrequest.SavedRequest; import org.springframework.test.context.TestPropertySource; @@ -55,12 +54,12 @@ import com.fasterxml.jackson.core.type.TypeReference; import org.apache.commons.collections4.map.HashedMap; -import org.apache.commons.httpclient.util.URIUtil; import org.cloudfoundry.identity.uaa.DefaultTestContext; import org.cloudfoundry.identity.uaa.account.UserInfoResponse; import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication; import org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails; import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal; +import org.cloudfoundry.identity.uaa.client.UaaClientDetails; import org.cloudfoundry.identity.uaa.constants.OriginKeys; import org.cloudfoundry.identity.uaa.login.util.RandomValueStringGenerator; import org.cloudfoundry.identity.uaa.mock.util.OAuthToken; @@ -1542,7 +1541,7 @@ void invalidScopeErrorMessageIsNotShowingAllClientScopes() throws Exception { UriComponents locationComponents = UriComponentsBuilder.fromUri(URI.create(mvcResult.getResponse().getHeader("Location"))).build(); MultiValueMap queryParams = locationComponents.getQueryParams(); - String errorMessage = URIUtil.encodeQuery("scim.write is invalid. Please use a valid scope name in the request"); + String errorMessage = UriUtils.encodeQuery("scim.write is invalid. Please use a valid scope name in the request", Charset.defaultCharset()); assertFalse(queryParams.containsKey("scope")); assertEquals(errorMessage, queryParams.getFirst("error_description")); } @@ -1571,7 +1570,7 @@ void invalidScopeErrorMessageIsNotShowingAllUserScopes() throws Exception { UriComponents locationComponents = UriComponentsBuilder.fromUri(URI.create(mvcResult.getResponse().getHeader("Location"))).build(); MultiValueMap queryParams = locationComponents.getQueryParams(); - String errorMessage = URIUtil.encodeQuery("[something.else] is invalid. This user is not allowed any of the requested scopes"); + String errorMessage = UriUtils.encodeQuery("[something.else] is invalid. This user is not allowed any of the requested scopes", Charset.defaultCharset()); assertFalse(queryParams.containsKey("scope")); assertEquals(errorMessage, queryParams.getFirst("error_description")); } From b491dd6f2cb70b970565493ea68181f33e88d376 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Apr 2024 20:51:34 +0200 Subject: [PATCH 25/26] build(deps): bump versions.springSecurityVersion from 5.8.11 to 5.8.12 (#2829) Bumps `versions.springSecurityVersion` from 5.8.11 to 5.8.12. Updates `org.springframework.security:spring-security-config` from 5.8.11 to 5.8.12 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](https://github.com/spring-projects/spring-security/compare/5.8.11...5.8.12) Updates `org.springframework.security:spring-security-core` from 5.8.11 to 5.8.12 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](https://github.com/spring-projects/spring-security/compare/5.8.11...5.8.12) Updates `org.springframework.security:spring-security-ldap` from 5.8.11 to 5.8.12 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](https://github.com/spring-projects/spring-security/compare/5.8.11...5.8.12) Updates `org.springframework.security:spring-security-taglibs` from 5.8.11 to 5.8.12 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](https://github.com/spring-projects/spring-security/compare/5.8.11...5.8.12) Updates `org.springframework.security:spring-security-test` from 5.8.11 to 5.8.12 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](https://github.com/spring-projects/spring-security/compare/5.8.11...5.8.12) Updates `org.springframework.security:spring-security-web` from 5.8.11 to 5.8.12 - [Release notes](https://github.com/spring-projects/spring-security/releases) - [Changelog](https://github.com/spring-projects/spring-security/blob/main/RELEASE.adoc) - [Commits](https://github.com/spring-projects/spring-security/compare/5.8.11...5.8.12) --- updated-dependencies: - dependency-name: org.springframework.security:spring-security-config dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework.security:spring-security-core dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework.security:spring-security-ldap dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework.security:spring-security-taglibs dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework.security:spring-security-test dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework.security:spring-security-web dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- dependencies.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dependencies.gradle b/dependencies.gradle index 4fe529c3e8e..f347e839eb9 100644 --- a/dependencies.gradle +++ b/dependencies.gradle @@ -10,7 +10,7 @@ versions.bouncyCastleVersion = "1.0.2.4" versions.hamcrestVersion = "2.2" versions.springBootVersion = "2.7.18" versions.springFrameworkVersion = "5.3.34" -versions.springSecurityVersion = "5.8.11" +versions.springSecurityVersion = "5.8.12" versions.springSecurityOAuthVersion = "2.5.2.RELEASE" versions.springSecuritySamlVersion = "1.0.10.RELEASE" versions.tomcatCargoVersion = "9.0.87" From 78e2a474aef1586ecd2f3ed4ed604a985dbd9ae2 Mon Sep 17 00:00:00 2001 From: Florian Tack Date: Tue, 16 Apr 2024 18:02:43 +0200 Subject: [PATCH 26/26] fix: load static resources from default zone if zone not found (#2828) * fix: load static resources from default zone if zone not found This was already addressed with #979, but the fix there only works for a local setup. In a typical productive deployment, the path is not starting with /uaa/, so the check need to be adopted to work in both local environment and a deployment. * All vendor font * sonar smell --------- Co-authored-by: d036670 --- .../uaa/zone/IdentityZoneResolvingFilter.java | 4 +++- .../zone/IdentityZoneResolvingFilterTests.java | 17 +++++++++++++++-- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneResolvingFilter.java b/server/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneResolvingFilter.java index 91795a45e17..69e2302ed0e 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneResolvingFilter.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneResolvingFilter.java @@ -12,6 +12,7 @@ *******************************************************************************/ package org.cloudfoundry.identity.uaa.zone; +import org.cloudfoundry.identity.uaa.util.UaaUrlUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.InitializingBean; @@ -36,6 +37,7 @@ public class IdentityZoneResolvingFilter extends OncePerRequestFilter implements InitializingBean { private final IdentityZoneProvisioning dao; + private final Set staticResources = Set.of("/resources/", "/vendor/font-awesome/"); private Set defaultZoneHostnames = new HashSet<>(); private Logger logger = LoggerFactory.getLogger(getClass()); @@ -63,7 +65,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse } if (identityZone == null) { // skip filter to static resources in order to serve images and css in case of invalid zones - boolean isStaticResource = request.getRequestURI().startsWith("/uaa/resources/"); + boolean isStaticResource = staticResources.stream().anyMatch(UaaUrlUtils.getRequestPath(request)::startsWith); if(isStaticResource) { filterChain.doFilter(request, response); return; diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneResolvingFilterTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneResolvingFilterTests.java index d0759b6c5e8..79cc0240062 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneResolvingFilterTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneResolvingFilterTests.java @@ -89,13 +89,26 @@ void doNotThrowException_InCase_RetrievingZoneFails() throws Exception { } @Test - public void serveStaticContent_InCase_RetrievingZoneFails() throws Exception { + void serveStaticContent_InCase_RetrievingZoneFails_local() throws Exception { + checkStaticContent("/uaa", "/resources/css/application.css"); + checkStaticContent("/uaa", "/vendor/font-awesome/css/font-awesome.min.css"); + } + + @Test + void serveStaticContent_InCase_RetrievingZoneFails() throws Exception { + checkStaticContent(null, "/resources/css/application.css"); + checkStaticContent(null, "/vendor/font-awesome/css/font-awesome.min.css"); + } + + private void checkStaticContent(String context, String path) throws Exception { MockHttpServletRequest request = new MockHttpServletRequest(); String incomingSubdomain = "not_a_zone"; String uaaHostname = "uaa.mycf.com"; String incomingHostname = incomingSubdomain+"."+uaaHostname; request.setServerName(incomingHostname); - request.setRequestURI("/uaa/resources/css/application.css"); + request.setRequestURI(context + path); + request.setContextPath(context); + request.setServletPath(path); MockHttpServletResponse response = new MockHttpServletResponse(); MockFilterChain filterChain = new MockFilterChain() {