More test fixes

iam-login-service/pom.xml

@@ -222,12 +222,6 @@
       <artifactId>h2</artifactId>
     </dependency>
 
-    <dependency>
-      <groupId>org.flywaydb.flyway-test-extensions</groupId>
-      <artifactId>flyway-spring-test</artifactId>
-      <scope>test</scope>
-    </dependency>
-
     <dependency>
       <groupId>mysql</groupId>
       <artifactId>mysql-connector-java</artifactId>

iam-login-service/src/main/java/it/infn/mw/iam/api/scim/model/ScimConstants.java

@@ -17,7 +17,7 @@
 
 public interface ScimConstants {
 
-  final String SCIM_CONTENT_TYPE = "application/scim+json";
+  final String SCIM_CONTENT_TYPE = "application/scim+json;charset=UTF-8";
   final String INDIGO_USER_SCHEMA = "urn:indigo-dc:scim:schemas:IndigoUser";
   final String INDIGO_GROUP_SCHEMA = "urn:indigo-dc:scim:schemas:IndigoGroup";
 

iam-login-service/src/main/java/it/infn/mw/iam/config/MitreServicesConfig.java

@@ -62,7 +62,6 @@
 import org.mitre.openid.connect.token.TofuUserApprovalHandler;
 import org.mitre.openid.connect.web.AuthenticationTimeStamper;
 import org.mitre.openid.connect.web.ServerConfigInterceptor;
-import org.mitre.openid.connect.web.UserInfoInterceptor;
 import org.mitre.uma.service.ResourceSetService;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.beans.factory.annotation.Value;
@@ -91,6 +90,7 @@
 import it.infn.mw.iam.core.oauth.scope.matchers.ScopeMatcherRegistry;
 import it.infn.mw.iam.core.oauth.scope.pdp.IamScopeFilter;
 import it.infn.mw.iam.core.oidc.IamClientValidationService;
+import it.infn.mw.iam.core.userinfo.IamUserInfoInterceptor;
 
 @Configuration
 public class MitreServicesConfig {
@@ -189,9 +189,9 @@ OAuth2TokenEntityService tokenServices() {
 
 
   @Bean(name = "mitreUserInfoInterceptor")
-  public AsyncHandlerInterceptor userInfoInterceptor() {
+  public AsyncHandlerInterceptor userInfoInterceptor(UserInfoService service) {
 
-    return new UserInfoInterceptor();
+    return new IamUserInfoInterceptor(service);
   }
 
   @Bean(name = "mitreServerConfigInterceptor")

iam-login-service/src/main/java/it/infn/mw/iam/config/saml/IamSamlJITAccountProvisioningProperties.java

@@ -25,11 +25,13 @@
 import javax.validation.constraints.Min;
 
 import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.validation.annotation.Validated;
 
 import com.google.common.base.Splitter;
 import com.google.common.collect.Lists;
 import com.google.common.collect.Sets;
 
+@Validated
 @ConfigurationProperties(prefix = "saml.jit-account-provisioning")
 public class IamSamlJITAccountProvisioningProperties {
 

iam-login-service/src/main/java/it/infn/mw/iam/config/saml/IamSamlProperties.java

@@ -24,6 +24,7 @@
 import org.opensaml.saml2.core.NameIDType;
 import org.opensaml.xml.signature.SignatureConstants;
 import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.validation.annotation.Validated;
 
 import com.google.common.collect.Lists;
 
@@ -33,8 +34,10 @@
 import it.infn.mw.iam.config.saml.IamSamlJITAccountProvisioningProperties.AttributeMappingProperties;
 
 @ConfigurationProperties(prefix = "saml")
+@Validated
 public class IamSamlProperties {
 
+  @Validated
   public static class IssuerValidationProperties {
 
     @NotBlank

iam-login-service/src/main/java/it/infn/mw/iam/core/userinfo/IamUserInfoInterceptor.java

@@ -0,0 +1,97 @@
+/**
+ * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2016-2019
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package it.infn.mw.iam.core.userinfo;
+
+import java.lang.reflect.Type;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.mitre.openid.connect.model.UserInfo;
+import org.mitre.openid.connect.service.UserInfoService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.AuthenticationTrustResolver;
+import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import com.google.gson.JsonElement;
+import com.google.gson.JsonPrimitive;
+import com.google.gson.JsonSerializationContext;
+import com.google.gson.JsonSerializer;
+
+public class IamUserInfoInterceptor extends HandlerInterceptorAdapter {
+
+  public static final String USERINFO_ATTR_NAME = "userInfo";
+  public static final String USERINFO_JSON_ATTR_NAME = "userInfoJson";
+
+  private final Gson gsonBuilder;
+  private final UserInfoService userInfoService;
+  private final AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
+
+  @Autowired
+  public IamUserInfoInterceptor(UserInfoService userInfoService) {
+    this.userInfoService = userInfoService;
+    gsonBuilder = new GsonBuilder()
+      .registerTypeHierarchyAdapter(GrantedAuthority.class, new JsonSerializer<GrantedAuthority>() {
+        @Override
+        public JsonElement serialize(GrantedAuthority src, Type typeOfSrc,
+            JsonSerializationContext context) {
+          return new JsonPrimitive(src.getAuthority());
+        }
+      })
+      .create();
+  }
+
+  private void resolveUserInfo(Authentication auth, HttpServletRequest request) {
+    UserInfo user = userInfoService.getByUsername(auth.getName());
+
+    if (user != null) {
+      request.setAttribute(USERINFO_ATTR_NAME, user);
+      request.setAttribute(USERINFO_JSON_ATTR_NAME, user.toJson());
+    }
+  }
+
+  @Override
+  public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
+      throws Exception {
+
+    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+
+    if (auth instanceof Authentication) {
+      request.setAttribute("userAuthorities", gsonBuilder.toJson(auth.getAuthorities()));
+    }
+
+    if (!trustResolver.isAnonymous(auth)) {
+      if (auth instanceof OAuth2Authentication) {
+
+        OAuth2Authentication oauth = (OAuth2Authentication) auth;
+        if (oauth.getUserAuthentication() != null) {
+          resolveUserInfo(oauth.getUserAuthentication(), request);
+        }
+      } else if (auth != null && auth.getName() != null) {
+
+        resolveUserInfo(auth, request);
+      }
+    }
+    return true;
+  }
+}

iam-login-service/src/main/java/it/infn/mw/iam/notification/NotificationProperties.java

@@ -23,8 +23,10 @@
 import org.hibernate.validator.constraints.NotBlank;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.stereotype.Component;
+import org.springframework.validation.annotation.Validated;
 
 @Component
+@Validated
 @ConfigurationProperties(prefix = "notification")
 public class NotificationProperties {
 

iam-login-service/src/main/resources/application-h2-test.yml

@@ -15,29 +15,42 @@
 #
 
 spring:
+
   profiles:
     include: saml,registration
+
   mail:
     port: ${IAM_MAIL_PORT:8125}
+
   datasource:
+
+    type: org.apache.tomcat.jdbc.pool.DataSource
     driverClassName: org.h2.Driver
     url: jdbc:h2:mem:iam;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
     username: sa
     password:
-    test-while-idle: true
-    test-on-borrow: true
-    validation-query: SELECT 1
-    time-between-eviction-runs-millis: 5000
-    min-evictable-idle-time-millis: 10000
+
+    tomcat:
+      initial-size: 2
+      max-active: 5 
+      min-idle: 1
+      max-idle: 1
+      max-wait: 2000
+      test-while-idle: true
+      test-on-borrow: true
+      validation-query: SELECT 1
+
+
 
 notification:
   disable: ${IAM_NOTIFICATION_DISABLE:true}
 
+
 flyway:
   locations:
     - classpath:db/migration/h2
     - classpath:db/migration/test
 
 iam:
   versioned-static-resources:
-    enable-versioning: false 
+    enable-versioning: false

iam-login-service/src/main/resources/application-mysql-test.yml

@@ -18,19 +18,22 @@ spring:
   profiles:
     include: mysql,registration,saml
   datasource:
-    dataSourceClassName: com.mysql.jdbc.jdbc2.optional.MysqlDataSource
+
     url: jdbc:mysql://${IAM_DB_HOST:dev.local.io}:${IAM_DB_PORT:3306}/${IAM_DB_NAME:iam}?useSSL=${IAM_DB_USE_SSL:false}
     username: ${IAM_DB_USERNAME:iam}
     password: ${IAM_DB_PASSWORD:pwd}
-    max-active: 5
-    min-idle: 1
-    max-idle:  1
-    initial-size: 2
-    test-while-idle: true
-    test-on-borrow: true
-    validation-query: SELECT 1
-    time-between-eviction-runs-millis: 5000
-    min-evictable-idle-time-millis: 5000
+
+    tomcat:
+      initial-size: 2
+      max-active: 5 
+      min-idle: 1
+      max-idle: 1
+      max-wait: 20000
+      test-while-idle: true
+      test-on-borrow: true
+      validation-query: SELECT 1
+      time-between-eviction-runs-millis: 5000
+      min-evictable-idle-time-millis: 5000
 
 notification:
   disable: true

iam-login-service/src/main/resources/application-prod.yml

@@ -19,19 +19,22 @@ spring:
     include: mysql,flyway-repair
 
   datasource:
-    dataSourceClassName: com.mysql.jdbc.jdbc2.optional.MysqlDataSource
+    type: org.apache.tomcat.jdbc.pool.DataSource
     url: jdbc:mysql://${IAM_DB_HOST:dev.local.io}:${IAM_DB_PORT:3306}/${IAM_DB_NAME:iam}?useSSL=${IAM_DB_USE_SSL:false}
     username: ${IAM_DB_USERNAME:iam}
     password: ${IAM_DB_PASSWORD:pwd}
-    max-active: ${IAM_DB_MAX_ACTIVE:10}
-    min-idle: ${IAM_DB_MIN_IDLE:5}
-    max-idle:  ${IAM_DB_MAX_IDLE:5}
-    initial-size: ${IAM_DB_INITIAL_SIZE:2}
-    test-while-idle: ${IAM_DB_TEST_WHILE_IDLE:true}
-    test-on-borrow: ${IAM_DB_TEST_ON_BORROW:true}
-    validation-query: ${IAM_DB_VALIDATION_QUERY:SELECT 1}
-    time-between-eviction-runs-millis: ${IAM_DB_TIME_BETWEEN_EVICTION_RUNS_MILLIS:5000}
-    min-evictable-idle-time-millis: ${IAM_DB_MIN_EVICTABLE_IDLE_TIME_MILLIS:60000}
+
+    tomcat:
+      initial-size: ${IAM_DB_INITIAL_SIZE:15}
+      max-active: ${IAM_DB_MAX_ACTIVE:50} 
+      min-idle: ${IAM_DB_MIN_IDLE:8}
+      max-idle: ${IAM_DB_MAX_IDLE:15}
+      max-wait: ${IAM_DB_MAX_WAIT:20000}
+      test-while-idle: ${IAM_DB_TEST_WHILE_IDLE:true}
+      test-on-borrow: ${IAM_DB_TEST_ON_BORROW:true}
+      validation-query: ${IAM_DB_VALIDATION_QUERY:SELECT 1}
+      time-between-eviction-runs-millis: ${IAM_DB_TIME_BETWEEN_EVICTION_RUNS_MILLIS:5000}
+      min-evictable-idle-time-millis: ${IAM_DB_MIN_EVICTABLE_IDLE_TIME_MILLIS:60000}
 
 flyway:
   locations:

iam-login-service/src/test/java/it/infn/mw/iam/test/X509Utils.java

@@ -25,7 +25,7 @@ public class X509Utils {
   static {
 
     X509Cert x509Cert = new X509Cert();
-    x509Cert.display = "Personal Certificate";
+    x509Cert.display = "Personal Certificate (Test 0)";
     x509Cert.certificate = new StringBuilder("-----BEGIN CERTIFICATE-----\n")
       .append("MIIEWDCCA0CgAwIBAgIDAII4MA0GCSqGSIb3DQEBCwUAMC4xCzAJBgNVBAYTAklU\n")
       .append("MQ0wCwYDVQQKEwRJTkZOMRAwDgYDVQQDEwdJTkZOIENBMB4XDTE1MDUxODEzNTQx\n")
@@ -56,7 +56,7 @@ public class X509Utils {
     x509Certs.add(x509Cert);
 
     x509Cert = new X509Cert();
-    x509Cert.display = "Personal Certificate";
+    x509Cert.display = "Personal Certificate (Test 1)";
     x509Cert.certificate = new StringBuilder("-----BEGIN CERTIFICATE-----\n")
       .append("MIIDnjCCAoagAwIBAgIBCTANBgkqhkiG9w0BAQUFADAtMQswCQYDVQQGEwJJVDE\n")
       .append("MMAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTEyMDkyNjE1MzkzNF\n")

iam-login-service/src/test/java/it/infn/mw/iam/test/api/account/password/PasswordUpdateTests.java

@@ -26,15 +26,12 @@
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
 import org.springframework.http.HttpStatus;
 import org.springframework.test.context.junit4.SpringRunner;
 
 import com.jayway.restassured.RestAssured;
 import com.jayway.restassured.response.ValidatableResponse;
 
-import it.infn.mw.iam.IamLoginService;
 import it.infn.mw.iam.api.account.password_reset.PasswordUpdateController;
 import it.infn.mw.iam.api.scim.model.ScimEmail;
 import it.infn.mw.iam.api.scim.model.ScimName;
@@ -43,13 +40,10 @@
 import it.infn.mw.iam.persistence.model.IamAccount;
 import it.infn.mw.iam.persistence.repository.IamAccountRepository;
 import it.infn.mw.iam.test.TestUtils;
-import it.infn.mw.iam.test.util.WithAnonymousUser;
-import it.infn.mw.iam.test.util.annotation.IamMockMvcIntegrationTest;
+import it.infn.mw.iam.test.util.annotation.IamRandomPortIntegrationTest;
 
 @RunWith(SpringRunner.class)
-@IamMockMvcIntegrationTest
-@SpringBootTest(classes = {IamLoginService.class}, webEnvironment = WebEnvironment.RANDOM_PORT)
-@WithAnonymousUser
+@IamRandomPortIntegrationTest
 public class PasswordUpdateTests {
 
   @Value("${local.server.port}")

iam-login-service/src/test/java/it/infn/mw/iam/test/ext_authn/oidc/OidcExternalAuthenticationTests.java

@@ -45,12 +45,12 @@
 import it.infn.mw.iam.IamLoginService;
 import it.infn.mw.iam.authn.ExternalAuthenticationRegistrationInfo;
 import it.infn.mw.iam.authn.ExternalAuthenticationRegistrationInfo.ExternalAuthenticationType;
-import it.infn.mw.iam.test.util.annotation.IamMockMvcIntegrationTest;
+import it.infn.mw.iam.test.util.annotation.IamRandomPortIntegrationTest;
 import it.infn.mw.iam.test.util.oidc.CodeRequestHolder;
 import it.infn.mw.iam.test.util.oidc.MockRestTemplateFactory;
 
 @RunWith(SpringRunner.class)
-@IamMockMvcIntegrationTest
+@IamRandomPortIntegrationTest
 @SpringBootTest(classes = {IamLoginService.class, OidcTestConfig.class},
     webEnvironment = WebEnvironment.RANDOM_PORT)
 public class OidcExternalAuthenticationTests extends OidcExternalAuthenticationTestsSupport {

iam-login-service/src/test/java/it/infn/mw/iam/test/ext_authn/oidc/validator/OidcValidatorIntegrationTests.java

@@ -50,12 +50,12 @@
 import it.infn.mw.iam.authn.common.ValidatorResolver;
 import it.infn.mw.iam.test.ext_authn.oidc.OidcExternalAuthenticationTestsSupport;
 import it.infn.mw.iam.test.ext_authn.oidc.OidcTestConfig;
-import it.infn.mw.iam.test.util.annotation.IamMockMvcIntegrationTest;
+import it.infn.mw.iam.test.util.annotation.IamRandomPortIntegrationTest;
 import it.infn.mw.iam.test.util.oidc.CodeRequestHolder;
 import it.infn.mw.iam.test.util.oidc.MockRestTemplateFactory;
 
 @RunWith(SpringRunner.class)
-@IamMockMvcIntegrationTest
+@IamRandomPortIntegrationTest
 @SpringBootTest(classes = {IamLoginService.class, OidcTestConfig.class,
     OidcValidatorIntegrationTests.Config.class}, webEnvironment = WebEnvironment.RANDOM_PORT)
 public class OidcValidatorIntegrationTests extends OidcExternalAuthenticationTestsSupport {