feature: Add uw-frame compatible REST API for /profile

This pull request adds a REST resource under /profile that transforms the current UWUserDetails into a format matching uw-frame's session.json feed.

With this feature in place, uw-frame apps will be able to have the user attributes from the UW Spring Security principal display in the frame header.

Here's the familiar Amy Administrator, as output from GET /profile/uw-frame:

{
  username: "admin",
  displayName: "Amy Administrator",
  firstName: "Amy",
  lastName: "Administrator",
  serverName: "",
  version: "",
  sessionKey: ""
}

To configure this feature in a uw-frame app, one needs to create a file named src/main/webapp/js/override.js (if not already present) with the following contents:

define(['angular'], function(angular) {
    var config = angular.module('override', []);
    config
        .constant('OVERRIDE', {
            'SERVICE_LOC': {
                'sessionInfo' : 'profile/uw-frame',
            }
        })
    ;
    return config;
});

Notify @andrew-petro @levett @ahoffmann @paul.erickson @bjsousa @andrew-summers @alundholm

To assignee @dwitter2 - the plan is to use this for capital-equipment and iaa-diagnostic-tool, among others, then we no longer have the mismatch in our demos (with frame defaulting to showing one logged in as 'Bucky').

Build Started: https://ia-builds.doit.wisc.edu:8443/job/uw-spring-security-master-pull-requests/62/

Build triggered.

Build finished. Tests PASSED. Build results available at: https://ia-builds.doit.wisc.edu:8443/job/uw-spring-security-master-pull-requests/62/

I'm actually having a little trouble integrating these changes into another uw-frame project (iaa-diagnostic-tool).

A GET /profile/uw-frame is returning a 404, even though:

11:11:25.830 [main] INFO  o.s.w.s.m.m.a.RequestMappingHandlerMapping - Mapped "{[/profile/uw-frame],methods=[GET],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public java.lang.Object edu.wisc.uwss.web.ProfileController.uwFrameCompatibleProfile(java.lang.Object)

Added 1 commit:

• c6eb2c05 - fix: correctly nest UwframeSession as "person"

Build triggered.

Build Started: https://ia-builds.doit.wisc.edu:8443/job/uw-spring-security-master-pull-requests/63/

Build finished. Tests PASSED. Build results available at: https://ia-builds.doit.wisc.edu:8443/job/uw-spring-security-master-pull-requests/63/

I've got it figured out now - the 404 for that URL in the downstream project was due to web.xml not including the path.

c6eb2c05 tweaks the response to match the nesting in uw-frame exactly:

{
  person: {
    username: "admin",
    displayName: "Amy Administrator",
    firstName: "Amy",
    lastName: "Administrator",
    sessionKey: "",
    version: "Revision e897421 (Version 0.0.2-SNAPSHOT from frame-session branch)",
    serverName: ""
  }
}

Status changed to merged

mentioned in commit 9e7621ab

Oofdah, this is quite a breaking change. Is there any way we can warn existing consumers of this class that this happened? An exception if it finds fewer than 6 values?

Can I submit a JIRA somewhere to suggest switching to YAML or JSON format for local users instead of clunky properties files?

Yep, that's why this PR includes a version bump. If you aren't overriding the default LocalUserDetailsAttributesMapper, you'll need to do nothing. If you are already overriding the default LocalUserDetailsAttributesMapper, this change won't affect you, because you are already overriding it :).

on the feature suggestion; we don't have a JIRA, and they've disabled issues in gitlab for some reason.

https://git.doit.wisc.edu/adi-ia/uw-spring-security/issues FTW!

Breaking change! I just verified that this breaks the build in STAR, so it should be a major version bump to 2.0.0 (minor version indicates that 1.x consumers can safely upgrade without changes).

@paul.erickson can you open an issue? I just took a gander in star, and it looks like you may be right - star-app has a copy of demo-users.properties, missing the firstName and lastName.

We could issue a patch fix to 1.2 that provides backwards compatibility for values.length == 4 || values.length == 5, along with a LOG.warn.

Good thinking, I just created #1 (closed)

How is build information related to the new session REST endpoint? Did this sneak into this PR?

It's technically part of uw-frame's data model for a "session". Here's an example (go to https://my.wisc.edu/portal/web/session.json):

{
  person: {
    lastName: "Blair",
    userName: "npblair",
    sessionKey: "something",
    serverName: "something",
    firstName: "Nicholas",
    displayName: "Nicholas Blair",
    version: "4.2.1.4"
  }
}

Since uw-frame depends on uw-spring-security and not the other way around, wouldn't it be more appropriate to say that "uw-frame consumes the class UwSpringSecurityBuild (or just 'Build', e.g.)" than "uw-spring-security implements "UwframeBuild"?

I missed that, thanks!

There is no dependency relationship between the 2 projects; uw-frame doesn't depend on this, nor does this depend on uw-frame.

This bean is merely a local representation of a JSON API presented by MUM's /portal (which is actually uPortal).

This is great! UW Spring Security is coming along very nicely.