Example 1 with EntityDeletedEvent
use of org.cloudfoundry.identity.uaa.audit.event.EntityDeletedEvent in project uaa by cloudfoundry.
the class ClientAdminBootstrap method onApplicationEvent.
@Override
public void onApplicationEvent(ContextRefreshedEvent ignored) {
Authentication auth = SystemAuthentication.SYSTEM_AUTHENTICATION;
for (String clientId : clientsToDelete) {
try {
ClientDetails client = clientRegistrationService.loadClientByClientId(clientId, IdentityZone.getUaaZoneId());
logger.debug("Deleting client from manifest:" + clientId);
EntityDeletedEvent<ClientDetails> delete = new EntityDeletedEvent<>(client, auth, IdentityZoneHolder.getCurrentZoneId());
publish(delete);
} catch (NoSuchClientException e) {
logger.debug("Ignoring delete for non existent client:" + clientId);
}
}
}
Also used :
BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails)
ClientDetails(org.springframework.security.oauth2.provider.ClientDetails)
Authentication(org.springframework.security.core.Authentication)
SystemAuthentication(org.cloudfoundry.identity.uaa.authentication.SystemAuthentication)
EntityDeletedEvent(org.cloudfoundry.identity.uaa.audit.event.EntityDeletedEvent)
NoSuchClientException(org.springframework.security.oauth2.provider.NoSuchClientException)
Example 2 with EntityDeletedEvent
use of org.cloudfoundry.identity.uaa.audit.event.EntityDeletedEvent in project uaa by cloudfoundry.
the class MfaProviderEndpointsTest method testDeleteMFaProvider.
@Test
public void testDeleteMFaProvider() {
ApplicationEventPublisher publisher = mock(ApplicationEventPublisher.class);
endpoint.setApplicationEventPublisher(publisher);
MfaProvider<GoogleMfaProviderConfig> providerToDelete = constructGoogleProvider();
String id = new RandomValueStringGenerator(5).generate();
when(provisioning.retrieve(eq(id), anyString())).thenReturn(providerToDelete);
ResponseEntity<MfaProvider> mfaDeleteResponse = endpoint.deleteMfaProviderById(id);
assertEquals(providerToDelete, mfaDeleteResponse.getBody());
ArgumentCaptor<EntityDeletedEvent> entityDeletedCaptor = ArgumentCaptor.forClass(EntityDeletedEvent.class);
verify(provisioning, times(1)).retrieve(id, IdentityZoneHolder.get().getId());
verify(publisher, times(1)).publishEvent(entityDeletedCaptor.capture());
assertEquals(providerToDelete.getId(), ((MfaProvider) (entityDeletedCaptor.getAllValues().get(0)).getDeleted()).getId());
}
Also used :
ApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
RandomValueStringGenerator(org.springframework.security.oauth2.common.util.RandomValueStringGenerator)
EntityDeletedEvent(org.cloudfoundry.identity.uaa.audit.event.EntityDeletedEvent)
Test(org.junit.Test)
Example 3 with EntityDeletedEvent
use of org.cloudfoundry.identity.uaa.audit.event.EntityDeletedEvent in project uaa by cloudfoundry.
the class JdbcRevocableTokenProvisioningTest method onApplicationEventCallsInternalDeleteMethod.
@ParameterizedTest
@ArgumentsSource(IdentityZoneArgumentsProvider.class)
void onApplicationEventCallsInternalDeleteMethod(IdentityZone zone) {
BaseClientDetails clientDetails = new BaseClientDetails("id", "", "", "", "", "");
IdentityZoneHolder.set(zone);
reset(jdbcRevocableTokenProvisioning);
jdbcRevocableTokenProvisioning.onApplicationEvent(new EntityDeletedEvent<>(clientDetails, mock(UaaAuthentication.class), IdentityZoneHolder.getCurrentZoneId()));
jdbcRevocableTokenProvisioning.onApplicationEvent((AbstractUaaEvent) new EntityDeletedEvent<>(clientDetails, mock(UaaAuthentication.class), IdentityZoneHolder.getCurrentZoneId()));
verify(jdbcRevocableTokenProvisioning, times(2)).deleteByClient(eq("id"), eq(zone.getId()));
}
Also used :
BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails)
UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication)
EntityDeletedEvent(org.cloudfoundry.identity.uaa.audit.event.EntityDeletedEvent)
ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)
ArgumentsSource(org.junit.jupiter.params.provider.ArgumentsSource)
Example 4 with EntityDeletedEvent
use of org.cloudfoundry.identity.uaa.audit.event.EntityDeletedEvent in project uaa by cloudfoundry.
the class IdentityProviderBootstrapTest method providersDeletedAndNotCreated.
@Test
void providersDeletedAndNotCreated() throws Exception {
configureSamlProviders(true, samlIdentityProviderDefinition, samlIdentityProviderDefinition1);
List<String> originsToDelete = Arrays.asList(samlIdentityProviderDefinition.getIdpEntityAlias(), OIDC10);
bootstrap.setSamlProviders(configurator);
setOauthIDPWrappers();
bootstrap.afterPropertiesSet();
ContextRefreshedEvent event = new ContextRefreshedEvent(mock(ApplicationContext.class));
bootstrap.onApplicationEvent(event);
bootstrap.setOriginsToDelete(originsToDelete);
bootstrap.afterPropertiesSet();
bootstrap.onApplicationEvent(event);
ArgumentCaptor<EntityDeletedEvent<IdentityProvider>> captor = ArgumentCaptor.forClass(EntityDeletedEvent.class);
verify(publisher, times(2)).publishEvent(captor.capture());
assertThat(captor.getAllValues().stream().map(p -> p.getDeleted().getOriginKey()).collect(toList()), containsInAnyOrder(originsToDelete.toArray()));
}
Also used :
ApplicationContext(org.springframework.context.ApplicationContext)
EntityDeletedEvent(org.cloudfoundry.identity.uaa.audit.event.EntityDeletedEvent)
ContextRefreshedEvent(org.springframework.context.event.ContextRefreshedEvent)
Test(org.junit.jupiter.api.Test)
Example 5 with EntityDeletedEvent
use of org.cloudfoundry.identity.uaa.audit.event.EntityDeletedEvent in project uaa by cloudfoundry.
the class ClientAdminEndpointsTests method setUp.
@BeforeEach
void setUp() {
testZone.setId("testzone");
mockSecurityContextAccessor = Mockito.mock(SecurityContextAccessor.class);
clientDetailsService = Mockito.mock(NoOpClientDetailsResourceManager.class);
when(clientDetailsService.create(any(ClientDetails.class), anyString())).thenCallRealMethod();
clientRegistrationService = Mockito.mock(MultitenantClientServices.class, withSettings().extraInterfaces(SystemDeletable.class));
mockAuthenticationManager = Mockito.mock(AuthenticationManager.class);
ApprovalStore approvalStore = mock(ApprovalStore.class);
clientDetailsValidator = new ClientAdminEndpointsValidator(mockSecurityContextAccessor);
clientDetailsValidator.setClientDetailsService(clientDetailsService);
clientDetailsValidator.setClientSecretValidator(new ZoneAwareClientSecretPolicyValidator(new ClientSecretPolicy(0, 255, 0, 0, 0, 0, 6)));
testZone.getConfig().setClientSecretPolicy(new ClientSecretPolicy(0, 255, 0, 0, 0, 0, 6));
IdentityZoneHolder.set(testZone);
endpoints = spy(new ClientAdminEndpoints(mockSecurityContextAccessor, clientDetailsValidator, mockAuthenticationManager, mock(ResourceMonitor.class), approvalStore, clientRegistrationService, clientDetailsService, 5));
input = new BaseClientDetails();
input.setClientId("foo");
input.setClientSecret("secret");
input.setAuthorizedGrantTypes(Collections.singletonList(GRANT_TYPE_AUTHORIZATION_CODE));
input.setRegisteredRedirectUri(SINGLE_REDIRECT_URL);
for (int i = 0; i < inputs.length; i++) {
inputs[i] = new ClientDetailsModification();
inputs[i].setClientId("foo-" + i);
inputs[i].setClientSecret("secret-" + i);
inputs[i].setAuthorizedGrantTypes(Collections.singletonList(GRANT_TYPE_AUTHORIZATION_CODE));
inputs[i].setRegisteredRedirectUri(new HashSet(Collections.singletonList("https://foo-" + i)));
inputs[i].setAccessTokenValiditySeconds(300);
}
detail = new UaaClientDetails(input);
detail.setResourceIds(Collections.singletonList("none"));
// refresh token is added automatically by endpoint validation
detail.setAuthorizedGrantTypes(Arrays.asList(GRANT_TYPE_AUTHORIZATION_CODE, "refresh_token"));
detail.setScope(Collections.singletonList("uaa.none"));
detail.setAuthorities(AuthorityUtils.commaSeparatedStringToAuthorityList("uaa.none"));
for (int i = 0; i < details.length; i++) {
details[i] = new BaseClientDetails(inputs[i]);
details[i].setResourceIds(Collections.singletonList("none"));
// refresh token is added automatically by endpoint validation
details[i].setAuthorizedGrantTypes(Arrays.asList(GRANT_TYPE_AUTHORIZATION_CODE, "refresh_token"));
details[i].setScope(Collections.singletonList("uaa.none"));
details[i].setAuthorities(AuthorityUtils.commaSeparatedStringToAuthorityList("uaa.none"));
}
endpoints.setApplicationEventPublisher(new ApplicationEventPublisher() {
@Override
public void publishEvent(ApplicationEvent event) {
if (event instanceof EntityDeletedEvent) {
ClientDetails client = (ClientDetails) ((EntityDeletedEvent) event).getDeleted();
clientRegistrationService.removeClientDetails(client.getClientId());
}
}
@Override
public void publishEvent(Object event) {
}
});
}
Also used :
BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails)
ApplicationEvent(org.springframework.context.ApplicationEvent)
ZoneAwareClientSecretPolicyValidator(org.cloudfoundry.identity.uaa.zone.ZoneAwareClientSecretPolicyValidator)
AuthenticationManager(org.springframework.security.authentication.AuthenticationManager)
ResourceMonitor(org.cloudfoundry.identity.uaa.resources.ResourceMonitor)
MultitenantClientServices(org.cloudfoundry.identity.uaa.zone.MultitenantClientServices)
BaseClientDetails(org.springframework.security.oauth2.provider.client.BaseClientDetails)
ClientDetails(org.springframework.security.oauth2.provider.ClientDetails)
ApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher)
ApprovalStore(org.cloudfoundry.identity.uaa.approval.ApprovalStore)
SecurityContextAccessor(org.cloudfoundry.identity.uaa.security.beans.SecurityContextAccessor)
ClientSecretPolicy(org.cloudfoundry.identity.uaa.zone.ClientSecretPolicy)
EntityDeletedEvent(org.cloudfoundry.identity.uaa.audit.event.EntityDeletedEvent)
ClientDetailsModification(org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification)
HashSet(java.util.HashSet)
BeforeEach(org.junit.jupiter.api.BeforeEach)
Aggregations
EntityDeletedEvent (org.cloudfoundry.identity.uaa.audit.event.EntityDeletedEvent)12
Test (org.junit.jupiter.api.Test)5
ParameterizedTest (org.junit.jupiter.params.ParameterizedTest)5
BaseClientDetails (org.springframework.security.oauth2.provider.client.BaseClientDetails)5
UaaAuthentication (org.cloudfoundry.identity.uaa.authentication.UaaAuthentication)3
ArgumentsSource (org.junit.jupiter.params.provider.ArgumentsSource)3
ApplicationEventPublisher (org.springframework.context.ApplicationEventPublisher)3
ClientDetails (org.springframework.security.oauth2.provider.ClientDetails)3
ApplicationEvent (org.springframework.context.ApplicationEvent)2
ContextRefreshedEvent (org.springframework.context.event.ContextRefreshedEvent)2
RandomValueStringGenerator (org.springframework.security.oauth2.common.util.RandomValueStringGenerator)2
HashSet (java.util.HashSet)1
LinkedList (java.util.LinkedList)1
ApprovalStore (org.cloudfoundry.identity.uaa.approval.ApprovalStore)1
AbstractUaaEvent (org.cloudfoundry.identity.uaa.audit.event.AbstractUaaEvent)1
SystemAuthentication (org.cloudfoundry.identity.uaa.authentication.SystemAuthentication)1
ClientDetailsModification (org.cloudfoundry.identity.uaa.oauth.client.ClientDetailsModification)1
IdentityProvider (org.cloudfoundry.identity.uaa.provider.IdentityProvider)1
ResourceMonitor (org.cloudfoundry.identity.uaa.resources.ResourceMonitor)1
ScimUser (org.cloudfoundry.identity.uaa.scim.ScimUser)1
