Skip to content
Snippets Groups Projects
  1. Jul 07, 2016
  2. Jun 28, 2016
  3. Jun 24, 2016
  4. Jun 08, 2016
  5. Jun 07, 2016
    • Nicholas Blair's avatar
      fix: correct configuration to activate federation attributemapper · a9df5cd1
      Nicholas Blair authored
      We can't just decorate with @Component, because the package edu.wisc.uwss.preauth isn't @ComponentScan'ned (edu.wisc.uwss.configuration.preauth is).
      
      Corrected the logger for the Federated attributesmapper, it was incorrectly using the Default implementation (so you couldn't tell which class was lgogging).
      
      Added a Maven profile to help test: combined-simulate-federation.
      a9df5cd1
  6. Jun 06, 2016
  7. May 24, 2016
  8. May 23, 2016
  9. May 19, 2016
  10. May 18, 2016
    • Nicholas Blair's avatar
    • Nicholas Blair's avatar
    • Nicholas Blair's avatar
      Merge branch 'simulate-shib' into 'master' · b853d28f
      Nicholas Blair authored
      feat: Add optional REST Controller to simulate Shibboleth's session handler
      
      This pull requests adds an optional REST Controller to simulate a response that matches the exact JSON format of Shibboleth's session handler.
      
      Example: log in to https://test.my.wisc.edu. After completing login, visit https://test.my.wisc.edu/Shibboleth.sso/Session.json.
      
      This controller is not active by default; in order to add it, activate the Spring Profile named `edu.wisc.uwss.simulated-shibboleth`.
      
      Sample response for Amy Administrator:
      
      ```
      {
        expiration: 480,
        client_address: "0:0:0:0:0:0:0:1",
        protocol: "urn:oasis:names:tc:SAML:2.0:protocol",
        identity_provider: "https://logintest.wisc.edu/idp/shibboleth",
        authn_instant: "2016-05-16T17:40:37.762",
        authncontext_class: "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport",
        attributes: [
          {
            name: "persistent-id",
            values: [ "https://logintest.wisc.edu/idp/shibboleth!https://fake.wisc.edu/shibboleth!thisis/fake/PE="
      ]
          },
          {
            name: "uid",
            values: [ "admin" ]
          },
          {
            name: "pubcookie-user",
            values: [ "admin" ]
          },
          {
          name: "wiscEduPVI",
          values: [ "UW000A000" ]
          }
        ]
      }
      ```
      
      The idea for this came from a discussion with @levett.
      Also notify @timothy-vertein @andrew-petro 
      
      See merge request !11
      b853d28f
    • Nicholas Blair's avatar
      Merge branch 'userdetailsservice-callback' into 'master' · 54b95e3c
      Nicholas Blair authored
      feature: a callback interface allowing customization of UserDetailsService#loadUserByUsername
      
      This pull request adds a callback interface that allows downstream projects to participate in one of the core Spring Security components of the `local-users` profile: the UserDetailsService.
      
      During an authentication attempt, `UserDetailsService#loadUserByUsername` is used by Spring Security to first check if a User object exists for the username in the credentials. If no User object is found, no further credential check takes place; if a User object is found, other Spring Security components go about comparing the provided credentials in the authentication attempt to that object.
      
      We have a use case in DoIT Number that is driving the need for this. DoIT Number has a custom `UWUserDetails` class that has some additional fields stored behind a DAO. If we didn't have this customization, DoIT Number would need to sub-class `LocalUserDetailsManagerImpl`, then somehow exclude that bean from the UWSpringSecurityConfiguration - not trivially possible.
      
      The existing `LocalUserDetailsAttributesMapper` interface has a lifecycle that's not conducive to this type of request. Implementations of that interface are executed during application startup - and it is possible that the DAO may not be fully constructed at the time it's queried. We need a callback that fires at time of authentication attempt - not startup.
       
      With this pull request, DoIT Number will simply have to register a Spring Bean as follows to query that DAO and attach the necessary data to their custom `UWUserDetails` class as part of `UserDetailsService#loadUserByUsername`:
      
      ```
      @Component
      class DNumberLocalUWUserDetailsCallback implements LocalUWUserDetailsCallback<DNumberUserDetailsImpl> {
      
        @Autowired
        private ControlDao controlDao;
      
        public void success(DNumberUserDetailsImpl userDetails) {
          userDetails.setControls(controlDao.getControls(userDetails.getUsername()));
        }
      }
      ```
      
      This type of feature is only needed for `local-users` and not for `preauth`. The `PreauthenticatedUserDetailsAttributeMapper` interface has a lifecycle already similar to LocalUWUserDetailsCallback (firing on authentication attempt, not startup). 
      
      Notify @alundholm 
      
      See merge request !12
      54b95e3c
    • Nicholas Blair's avatar
      fix: remove test cruft · 1e9fbbdd
      Nicholas Blair authored
      1e9fbbdd
    • Nicholas Blair's avatar
  11. May 17, 2016
  12. May 16, 2016
Loading