From dd50285947ad4f3546dda9554db023c343afa51a Mon Sep 17 00:00:00 2001 From: Markus Strehle <11627201+strehle@users.noreply.github.com> Date: Thu, 11 Jul 2024 10:01:00 +0200 Subject: [PATCH] Refactor: Load UserConfig as bean (#2934) Goal: identityZoneConfigurationBootstrap should not get to many attributes, but load the user config itself and allow there to have extra options Example: login.checkOriginEnabled is not yet possible to set in CF global because it is / was hidden in the identityZoneConfigurationBootstrap bean. With UserConfig bean allow all options to be configured. Open: uaa-release should be adopted as well --- .../config/IdentityProviderBootstrap.java | 1 - .../IdentityZoneConfigurationBootstrap.java | 28 +++++-------------- ...entityZoneConfigurationBootstrapTests.java | 11 ++++++-- .../main/webapp/WEB-INF/spring-servlet.xml | 9 +++++- 4 files changed, 23 insertions(+), 26 deletions(-) diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/IdentityProviderBootstrap.java b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/IdentityProviderBootstrap.java index 8d00dc21484..88fb8907566 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/IdentityProviderBootstrap.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/IdentityProviderBootstrap.java @@ -13,7 +13,6 @@ package org.cloudfoundry.identity.uaa.impl.config; -import org.cloudfoundry.identity.uaa.provider.JdbcIdentityProviderProvisioning; import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder; import org.slf4j.Logger; import org.slf4j.LoggerFactory; diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/IdentityZoneConfigurationBootstrap.java b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/IdentityZoneConfigurationBootstrap.java index b084344967b..d2bf182cb29 100644 --- a/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/IdentityZoneConfigurationBootstrap.java +++ b/server/src/main/java/org/cloudfoundry/identity/uaa/impl/config/IdentityZoneConfigurationBootstrap.java @@ -23,10 +23,9 @@ import org.cloudfoundry.identity.uaa.zone.IdentityZoneValidator; import org.cloudfoundry.identity.uaa.zone.InvalidIdentityZoneDetailsException; import org.cloudfoundry.identity.uaa.zone.TokenPolicy; +import org.cloudfoundry.identity.uaa.zone.UserConfig; import org.springframework.beans.factory.InitializingBean; -import java.util.Collection; -import java.util.LinkedList; import java.util.List; import java.util.Locale; import java.util.Map; @@ -63,9 +62,7 @@ public class IdentityZoneConfigurationBootstrap implements InitializingBean { private boolean accountChooserEnabled; - private Collection defaultUserGroups; - - private Collection allowedUserGroups; + private UserConfig defaultUserConfig; private IdentityZoneValidator validator = (config, mode) -> config; private Map branding; @@ -92,6 +89,7 @@ public void afterPropertiesSet() throws InvalidIdentityZoneDetailsException { definition.setIdpDiscoveryEnabled(idpDiscoveryEnabled); definition.setAccountChooserEnabled(accountChooserEnabled); definition.setDefaultIdentityProvider(defaultIdentityProvider); + definition.setUserConfig(defaultUserConfig); samlKeys = ofNullable(samlKeys).orElse(EMPTY_MAP); for (Map.Entry> entry : samlKeys.entrySet()) { @@ -127,14 +125,6 @@ public void afterPropertiesSet() throws InvalidIdentityZoneDetailsException { BrandingInformation brandingInfo = JsonUtils.convertValue(branding, BrandingInformation.class); definition.setBranding(brandingInfo); - if (defaultUserGroups!=null) { - definition.getUserConfig().setDefaultGroups(new LinkedList<>(defaultUserGroups)); - } - - if (allowedUserGroups!=null) { - definition.getUserConfig().setAllowedGroups(new LinkedList<>(allowedUserGroups)); - } - identityZone.setConfig(definition); identityZone = validator.validate(identityZone, IdentityZoneValidator.Mode.MODIFY); @@ -235,14 +225,6 @@ public Map getBranding() { return branding; } - public void setDefaultUserGroups(Collection defaultUserGroups) { - this.defaultUserGroups = defaultUserGroups; - } - - public void setAllowedUserGroups(Collection allowedUserGroups) { - this.allowedUserGroups = allowedUserGroups; - } - public boolean isDisableSamlInResponseToCheck() { return disableSamlInResponseToCheck; } @@ -250,4 +232,8 @@ public boolean isDisableSamlInResponseToCheck() { public void setDisableSamlInResponseToCheck(boolean disableSamlInResponseToCheck) { this.disableSamlInResponseToCheck = disableSamlInResponseToCheck; } + + public void setDefaultUserConfig(final UserConfig defaultUserConfig) { + this.defaultUserConfig = defaultUserConfig; + } } diff --git a/server/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityZoneConfigurationBootstrapTests.java b/server/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityZoneConfigurationBootstrapTests.java index be259b6b3f2..faf0506a61d 100644 --- a/server/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityZoneConfigurationBootstrapTests.java +++ b/server/src/test/java/org/cloudfoundry/identity/uaa/config/IdentityZoneConfigurationBootstrapTests.java @@ -16,6 +16,7 @@ import org.cloudfoundry.identity.uaa.zone.JdbcIdentityZoneProvisioning; import org.cloudfoundry.identity.uaa.zone.SamlConfig; import org.cloudfoundry.identity.uaa.zone.TokenPolicy; +import org.cloudfoundry.identity.uaa.zone.UserConfig; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; @@ -167,8 +168,10 @@ void saml_disable_in_response_to() throws Exception { @Test void testDefaultGroups() throws Exception { + UserConfig defaultUserConfig = new UserConfig(); String[] groups = {"group1", "group2", "group3"}; - bootstrap.setDefaultUserGroups(Arrays.asList(groups)); + defaultUserConfig.setDefaultGroups(Arrays.asList(groups)); + bootstrap.setDefaultUserConfig(defaultUserConfig); bootstrap.afterPropertiesSet(); IdentityZone uaa = provisioning.retrieve(IdentityZone.getUaaZoneId()); assertThat(uaa.getConfig().getUserConfig().getDefaultGroups(), containsInAnyOrder(groups)); @@ -176,9 +179,11 @@ void testDefaultGroups() throws Exception { @Test void testAllowedGroups() throws Exception { + UserConfig defaultUserConfig = new UserConfig(); String[] groups = {"group1", "group2", "group3"}; - bootstrap.setDefaultUserGroups(Arrays.asList(groups)); - bootstrap.setAllowedUserGroups(Arrays.asList(groups)); + defaultUserConfig.setDefaultGroups(Arrays.asList(groups)); + defaultUserConfig.setAllowedGroups(Arrays.asList(groups)); + bootstrap.setDefaultUserConfig(defaultUserConfig); bootstrap.afterPropertiesSet(); IdentityZone uaa = provisioning.retrieve(IdentityZone.getUaaZoneId()); assertThat(uaa.getConfig().getUserConfig().resultingAllowedGroups(), containsInAnyOrder(groups)); diff --git a/uaa/src/main/webapp/WEB-INF/spring-servlet.xml b/uaa/src/main/webapp/WEB-INF/spring-servlet.xml index ab79c695a96..60fa3c3d283 100755 --- a/uaa/src/main/webapp/WEB-INF/spring-servlet.xml +++ b/uaa/src/main/webapp/WEB-INF/spring-servlet.xml @@ -453,6 +453,13 @@ + + + + + + + @@ -482,7 +489,7 @@ @config['login']['saml']==null ? null : @config['login']['saml']['keys']}"/> - +