From 5786d354fecf7238d60ede8d4b4a236d057adb7c Mon Sep 17 00:00:00 2001 From: Ivan Fernandez Calvo Date: Sat, 8 Aug 2020 15:22:50 +0200 Subject: [PATCH 01/15] [JENKINS-63350] update pac4j to 3.8 --- pom.xml | 57 ++++++++++--------- .../plugins/saml/OpenSAMLWrapper.java | 14 +++-- .../saml/SAML2ClientConfigurationCustom.java | 21 ------- .../plugins/saml/SamlFileResource.java | 53 ++++++++++++++++- .../saml/SamlRedirectActionWrapper.java | 2 +- .../plugins/saml/SamlSPMetadataWrapper.java | 10 +++- .../plugins/saml/SamlSecurityRealm.java | 4 +- 7 files changed, 104 insertions(+), 57 deletions(-) delete mode 100644 src/main/java/org/jenkinsci/plugins/saml/SAML2ClientConfigurationCustom.java diff --git a/pom.xml b/pom.xml index e07fded0..b9acde3c 100644 --- a/pom.xml +++ b/pom.xml @@ -7,9 +7,7 @@ Jenkins CI licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - http://www.apache.org/licenses/LICENSE-2.0 - Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -25,7 +23,7 @@ under the License. org.jenkins-ci.plugins plugin - 3.55 + 4.3 saml @@ -44,7 +42,7 @@ under the License. 1.1.7 -SNAPSHOT - 2.176.1 + 2.251 8 1.35 @@ -78,6 +76,16 @@ under the License. repo.jenkins-ci.org https://repo.jenkins-ci.org/public/ + + shib-release + https://build.shibboleth.net/nexus/content/groups/public + + false + + + true + + @@ -90,7 +98,7 @@ under the License. org.pac4j pac4j-saml - 1.9.9 + 3.8.3 org.springframework @@ -116,6 +124,11 @@ under the License. org.apache.httpcomponents httpclient + + org.opensaml + opensaml-storage-impl + + @@ -129,21 +142,6 @@ under the License. bouncycastle-api 2.18 - - net.shibboleth.utilities - java-support - 7.2.0 - - - commons-codec - commons-codec - - - org.slf4j - slf4j-api - - - org.mockito mockito-core @@ -171,11 +169,18 @@ under the License. - - org.cryptacular - cryptacular - 1.2.4 - + + org.cryptacular + cryptacular + 1.2.4 + + + io.jenkins.tools.bom + bom-2.235.x + 11 + pom + import + @@ -188,4 +193,4 @@ under the License. - + \ No newline at end of file diff --git a/src/main/java/org/jenkinsci/plugins/saml/OpenSAMLWrapper.java b/src/main/java/org/jenkinsci/plugins/saml/OpenSAMLWrapper.java index 06daceb2..f65fd679 100644 --- a/src/main/java/org/jenkinsci/plugins/saml/OpenSAMLWrapper.java +++ b/src/main/java/org/jenkinsci/plugins/saml/OpenSAMLWrapper.java @@ -25,7 +25,9 @@ import org.pac4j.core.context.J2EContext; import org.pac4j.core.context.WebContext; import org.pac4j.saml.client.SAML2Client; +import org.pac4j.saml.config.SAML2Configuration; +import java.io.IOException; import java.util.logging.Logger; import static java.util.logging.Level.*; @@ -91,9 +93,9 @@ protected WebContext createWebContext() { * @return a SAML2Client object to interact with the IdP service. */ protected SAML2Client createSAML2Client() { - final SAML2ClientConfigurationCustom config = new SAML2ClientConfigurationCustom(); + final SAML2Configuration config = new SAML2Configuration(); config.setIdentityProviderMetadataResource(new SamlFileResource(SamlSecurityRealm.getIDPMetadataFilePath())); - config.setDestinationBindingType(samlPluginConfig.getBinding()); + config.setAuthnRequestBindingType(samlPluginConfig.getBinding()); config.setWantsAssertionsSigned(true); SamlEncryptionData encryptionData = samlPluginConfig.getEncryptionData(); @@ -150,10 +152,14 @@ protected SAML2Client createSAML2Client() { config.setServiceProviderMetadataResource(new SamlFileResource(SamlSecurityRealm.getSPMetadataFilePath())); final SAML2Client saml2Client = new SAML2Client(config); saml2Client.setCallbackUrl(samlPluginConfig.getConsumerServiceUrl()); - saml2Client.init(createWebContext()); + saml2Client.init(); if (LOG.isLoggable(FINE)) { - LOG.fine(saml2Client.getServiceProviderMetadataResolver().getMetadata()); + try { + LOG.fine(saml2Client.getServiceProviderMetadataResolver().getMetadata()); + } catch (IOException e) { + LOG.fine("Is not possible to show the metadata : " + e.getMessage()); + } } return saml2Client; } diff --git a/src/main/java/org/jenkinsci/plugins/saml/SAML2ClientConfigurationCustom.java b/src/main/java/org/jenkinsci/plugins/saml/SAML2ClientConfigurationCustom.java deleted file mode 100644 index 771c16d6..00000000 --- a/src/main/java/org/jenkinsci/plugins/saml/SAML2ClientConfigurationCustom.java +++ /dev/null @@ -1,21 +0,0 @@ -package org.jenkinsci.plugins.saml; - -import org.pac4j.saml.client.SAML2ClientConfiguration; - -public class SAML2ClientConfigurationCustom extends SAML2ClientConfiguration { - - private boolean authnRequestSigned = true; - - public SAML2ClientConfigurationCustom() { - } - - @Override - public boolean isAuthnRequestSigned() { - return authnRequestSigned; - } - - public void setAuthnRequestSigned(boolean authnRequestSigned) { - this.authnRequestSigned = authnRequestSigned; - setForceSignRedirectBindingAuthnRequest(authnRequestSigned); - } - } \ No newline at end of file diff --git a/src/main/java/org/jenkinsci/plugins/saml/SamlFileResource.java b/src/main/java/org/jenkinsci/plugins/saml/SamlFileResource.java index c53f9612..b68f8e1e 100644 --- a/src/main/java/org/jenkinsci/plugins/saml/SamlFileResource.java +++ b/src/main/java/org/jenkinsci/plugins/saml/SamlFileResource.java @@ -18,8 +18,10 @@ package org.jenkinsci.plugins.saml; import org.apache.commons.io.FileUtils; +import org.apache.commons.lang.NotImplementedException; import org.pac4j.core.exception.TechnicalException; -import org.pac4j.core.io.WritableResource; +import org.springframework.core.io.Resource; +import org.springframework.core.io.WritableResource; import javax.annotation.Nonnull; import java.io.File; @@ -27,6 +29,8 @@ import java.io.InputStream; import java.io.OutputStream; import java.io.UnsupportedEncodingException; +import java.net.URI; +import java.net.URL; import java.util.logging.Logger; /** @@ -61,11 +65,36 @@ public boolean exists() { return getFile().exists(); } + @Override + public boolean isReadable() { + return getFile().canRead(); + } + + @Override + public boolean isOpen() { + return false; + } + + @Override + public URL getURL() { + throw new NotImplementedException(); + } + + @Override + public URI getURI() { + throw new NotImplementedException(); + } + @Override public String getFilename() { return fileName; } + @Override + public String getDescription() { + return fileName; + } + @Override public InputStream getInputStream() throws IOException { return FileUtils.openInputStream(getFile()); @@ -76,8 +105,28 @@ public File getFile() { return new File(fileName); } + @Override + public long contentLength() { + return getFile().length(); + } + + @Override + public long lastModified() { + return getFile().lastModified(); + } + + @Override + public Resource createRelative(String s) { + throw new NotImplementedException(); + } + + @Override + public boolean isWritable() { + return getFile().canWrite(); + } + @Override public OutputStream getOutputStream() throws IOException { return FileUtils.openOutputStream(getFile()); } -} +} \ No newline at end of file diff --git a/src/main/java/org/jenkinsci/plugins/saml/SamlRedirectActionWrapper.java b/src/main/java/org/jenkinsci/plugins/saml/SamlRedirectActionWrapper.java index 4eea98ff..84a286e8 100644 --- a/src/main/java/org/jenkinsci/plugins/saml/SamlRedirectActionWrapper.java +++ b/src/main/java/org/jenkinsci/plugins/saml/SamlRedirectActionWrapper.java @@ -19,7 +19,7 @@ import org.kohsuke.stapler.StaplerRequest; import org.kohsuke.stapler.StaplerResponse; -import org.pac4j.core.client.RedirectAction; +import org.pac4j.core.redirect.RedirectAction; import org.pac4j.core.context.WebContext; import org.pac4j.core.exception.HttpAction; import org.pac4j.saml.client.SAML2Client; diff --git a/src/main/java/org/jenkinsci/plugins/saml/SamlSPMetadataWrapper.java b/src/main/java/org/jenkinsci/plugins/saml/SamlSPMetadataWrapper.java index 07962275..f292bf8d 100644 --- a/src/main/java/org/jenkinsci/plugins/saml/SamlSPMetadataWrapper.java +++ b/src/main/java/org/jenkinsci/plugins/saml/SamlSPMetadataWrapper.java @@ -23,6 +23,8 @@ import org.kohsuke.stapler.StaplerResponse; import org.pac4j.saml.client.SAML2Client; +import java.io.IOException; + /** * build the Service Provider(SP) metadata from the configuration. */ @@ -41,6 +43,12 @@ public SamlSPMetadataWrapper(SamlPluginConfig samlPluginConfig, StaplerRequest r @Override protected HttpResponse process() throws IllegalStateException { final SAML2Client client = createSAML2Client(); - return HttpResponses.plainText(client.getServiceProviderMetadataResolver().getMetadata()); + String metadata = ""; + try { + metadata = client.getServiceProviderMetadataResolver().getMetadata(); + } catch (IOException e) { + new IllegalStateException(e); + } + return HttpResponses.text(metadata); } } diff --git a/src/main/java/org/jenkinsci/plugins/saml/SamlSecurityRealm.java b/src/main/java/org/jenkinsci/plugins/saml/SamlSecurityRealm.java index 3e670252..c42f53f1 100644 --- a/src/main/java/org/jenkinsci/plugins/saml/SamlSecurityRealm.java +++ b/src/main/java/org/jenkinsci/plugins/saml/SamlSecurityRealm.java @@ -39,8 +39,8 @@ import org.jenkinsci.plugins.saml.user.SamlCustomProperty; import org.kohsuke.stapler.*; import org.kohsuke.stapler.interceptor.RequirePOST; -import org.pac4j.core.client.RedirectAction; -import org.pac4j.core.client.RedirectAction.RedirectType; +import org.pac4j.core.redirect.RedirectAction; +import org.pac4j.core.redirect.RedirectAction.RedirectType; import org.springframework.dao.DataAccessException; import org.pac4j.saml.profile.SAML2Profile; From 68aaa1094152f712482be5ab08b3fd69a28678a5 Mon Sep 17 00:00:00 2001 From: Ivan Fernandez Calvo Date: Sat, 8 Aug 2020 15:28:20 +0200 Subject: [PATCH 02/15] add placeholders to compile --- .../org/springframework/core/io/Resource.java | 181 ++++++++++++++++++ .../core/io/WritableResource.java | 77 ++++++++ 2 files changed, 258 insertions(+) create mode 100644 src/main/java/org/springframework/core/io/Resource.java create mode 100644 src/main/java/org/springframework/core/io/WritableResource.java diff --git a/src/main/java/org/springframework/core/io/Resource.java b/src/main/java/org/springframework/core/io/Resource.java new file mode 100644 index 00000000..928870b1 --- /dev/null +++ b/src/main/java/org/springframework/core/io/Resource.java @@ -0,0 +1,181 @@ +/* + * Copyright 2002-2018 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * NOTE this is a placeholder to compile + */ + + + +package org.springframework.core.io; + +import java.io.File; +import java.io.IOException; +import java.io.InputStream; +import java.net.URI; +import java.net.URL; +import java.nio.channels.Channels; +import java.nio.channels.ReadableByteChannel; + +/** + * Interface for a resource descriptor that abstracts from the actual + * type of underlying resource, such as a file or class path resource. + * + *

An InputStream can be opened for every resource if it exists in + * physical form, but a URL or File handle can just be returned for + * certain resources. The actual behavior is implementation-specific. + * + * @author Juergen Hoeller + * @since 28.12.2003 + * @see #getInputStream() + * @see #getURL() + * @see #getURI() + * @see #getFile() + * @see WritableResource + * @see ContextResource + * @see UrlResource + * @see FileUrlResource + * @see FileSystemResource + * @see ClassPathResource + * @see ByteArrayResource + * @see InputStreamResource + */ +public interface Resource extends InputStreamSource { + + /** + * Determine whether this resource actually exists in physical form. + *

This method performs a definitive existence check, whereas the + * existence of a {@code Resource} handle only guarantees a valid + * descriptor handle. + */ + boolean exists(); + + /** + * Indicate whether non-empty contents of this resource can be read via + * {@link #getInputStream()}. + *

Will be {@code true} for typical resource descriptors that exist + * since it strictly implies {@link #exists()} semantics as of 5.1. + * Note that actual content reading may still fail when attempted. + * However, a value of {@code false} is a definitive indication + * that the resource content cannot be read. + * @see #getInputStream() + * @see #exists() + */ + default boolean isReadable() { + return exists(); + } + + /** + * Indicate whether this resource represents a handle with an open stream. + * If {@code true}, the InputStream cannot be read multiple times, + * and must be read and closed to avoid resource leaks. + *

Will be {@code false} for typical resource descriptors. + */ + default boolean isOpen() { + return false; + } + + /** + * Determine whether this resource represents a file in a file system. + * A value of {@code true} strongly suggests (but does not guarantee) + * that a {@link #getFile()} call will succeed. + *

This is conservatively {@code false} by default. + * @since 5.0 + * @see #getFile() + */ + default boolean isFile() { + return false; + } + + /** + * Return a URL handle for this resource. + * @throws IOException if the resource cannot be resolved as URL, + * i.e. if the resource is not available as descriptor + */ + URL getURL() throws IOException; + + /** + * Return a URI handle for this resource. + * @throws IOException if the resource cannot be resolved as URI, + * i.e. if the resource is not available as descriptor + * @since 2.5 + */ + URI getURI() throws IOException; + + /** + * Return a File handle for this resource. + * @throws java.io.FileNotFoundException if the resource cannot be resolved as + * absolute file path, i.e. if the resource is not available in a file system + * @throws IOException in case of general resolution/reading failures + * @see #getInputStream() + */ + File getFile() throws IOException; + + /** + * Return a {@link ReadableByteChannel}. + *

It is expected that each call creates a fresh channel. + *

The default implementation returns {@link Channels#newChannel(InputStream)} + * with the result of {@link #getInputStream()}. + * @return the byte channel for the underlying resource (must not be {@code null}) + * @throws java.io.FileNotFoundException if the underlying resource doesn't exist + * @throws IOException if the content channel could not be opened + * @since 5.0 + * @see #getInputStream() + */ + default ReadableByteChannel readableChannel() throws IOException { + return Channels.newChannel(getInputStream()); + } + + /** + * Determine the content length for this resource. + * @throws IOException if the resource cannot be resolved + * (in the file system or as some other known physical resource type) + */ + long contentLength() throws IOException; + + /** + * Determine the last-modified timestamp for this resource. + * @throws IOException if the resource cannot be resolved + * (in the file system or as some other known physical resource type) + */ + long lastModified() throws IOException; + + /** + * Create a resource relative to this resource. + * @param relativePath the relative path (relative to this resource) + * @return the resource handle for the relative resource + * @throws IOException if the relative resource cannot be determined + */ + Resource createRelative(String relativePath) throws IOException; + + /** + * Determine a filename for this resource, i.e. typically the last + * part of the path: for example, "myfile.txt". + *

Returns {@code null} if this type of resource does not + * have a filename. + */ + String getFilename(); + + /** + * Return a description for this resource, + * to be used for error output when working with the resource. + *

Implementations are also encouraged to return this value + * from their {@code toString} method. + * @see Object#toString() + */ + String getDescription(); + +} \ No newline at end of file diff --git a/src/main/java/org/springframework/core/io/WritableResource.java b/src/main/java/org/springframework/core/io/WritableResource.java new file mode 100644 index 00000000..5b902fc7 --- /dev/null +++ b/src/main/java/org/springframework/core/io/WritableResource.java @@ -0,0 +1,77 @@ +/* + * Copyright 2002-2017 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.core.io; + +import java.io.IOException; +import java.io.OutputStream; +import java.nio.channels.Channels; +import java.nio.channels.WritableByteChannel; + + +/** + * NOTE this is a placeholder to compile + */ + + +/** + * Extended interface for a resource that supports writing to it. + * Provides an {@link #getOutputStream() OutputStream accessor}. + * + * @author Juergen Hoeller + * @since 3.1 + * @see java.io.OutputStream + */ +public interface WritableResource extends Resource { + + /** + * Indicate whether the contents of this resource can be written + * via {@link #getOutputStream()}. + *

Will be {@code true} for typical resource descriptors; + * note that actual content writing may still fail when attempted. + * However, a value of {@code false} is a definitive indication + * that the resource content cannot be modified. + * @see #getOutputStream() + * @see #isReadable() + */ + default boolean isWritable() { + return true; + } + + /** + * Return an {@link OutputStream} for the underlying resource, + * allowing to (over-)write its content. + * @throws IOException if the stream could not be opened + * @see #getInputStream() + */ + OutputStream getOutputStream() throws IOException; + + /** + * Return a {@link WritableByteChannel}. + *

It is expected that each call creates a fresh channel. + *

The default implementation returns {@link Channels#newChannel(OutputStream)} + * with the result of {@link #getOutputStream()}. + * @return the byte channel for the underlying resource (must not be {@code null}) + * @throws java.io.FileNotFoundException if the underlying resource doesn't exist + * @throws IOException if the content channel could not be opened + * @since 5.0 + * @see #getOutputStream() + */ + default WritableByteChannel writableChannel() throws IOException { + return Channels.newChannel(getOutputStream()); + } + +} \ No newline at end of file From 76b6c1adffc838e7fda99b0c6890d8700090a321 Mon Sep 17 00:00:00 2001 From: Ivan Fernandez Calvo Date: Fri, 13 Nov 2020 12:09:07 +0100 Subject: [PATCH 03/15] chore: remove dummy classes --- .../org/springframework/core/io/Resource.java | 181 ------------------ .../core/io/WritableResource.java | 77 -------- 2 files changed, 258 deletions(-) delete mode 100644 src/main/java/org/springframework/core/io/Resource.java delete mode 100644 src/main/java/org/springframework/core/io/WritableResource.java diff --git a/src/main/java/org/springframework/core/io/Resource.java b/src/main/java/org/springframework/core/io/Resource.java deleted file mode 100644 index 928870b1..00000000 --- a/src/main/java/org/springframework/core/io/Resource.java +++ /dev/null @@ -1,181 +0,0 @@ -/* - * Copyright 2002-2018 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/** - * NOTE this is a placeholder to compile - */ - - - -package org.springframework.core.io; - -import java.io.File; -import java.io.IOException; -import java.io.InputStream; -import java.net.URI; -import java.net.URL; -import java.nio.channels.Channels; -import java.nio.channels.ReadableByteChannel; - -/** - * Interface for a resource descriptor that abstracts from the actual - * type of underlying resource, such as a file or class path resource. - * - *

An InputStream can be opened for every resource if it exists in - * physical form, but a URL or File handle can just be returned for - * certain resources. The actual behavior is implementation-specific. - * - * @author Juergen Hoeller - * @since 28.12.2003 - * @see #getInputStream() - * @see #getURL() - * @see #getURI() - * @see #getFile() - * @see WritableResource - * @see ContextResource - * @see UrlResource - * @see FileUrlResource - * @see FileSystemResource - * @see ClassPathResource - * @see ByteArrayResource - * @see InputStreamResource - */ -public interface Resource extends InputStreamSource { - - /** - * Determine whether this resource actually exists in physical form. - *

This method performs a definitive existence check, whereas the - * existence of a {@code Resource} handle only guarantees a valid - * descriptor handle. - */ - boolean exists(); - - /** - * Indicate whether non-empty contents of this resource can be read via - * {@link #getInputStream()}. - *

Will be {@code true} for typical resource descriptors that exist - * since it strictly implies {@link #exists()} semantics as of 5.1. - * Note that actual content reading may still fail when attempted. - * However, a value of {@code false} is a definitive indication - * that the resource content cannot be read. - * @see #getInputStream() - * @see #exists() - */ - default boolean isReadable() { - return exists(); - } - - /** - * Indicate whether this resource represents a handle with an open stream. - * If {@code true}, the InputStream cannot be read multiple times, - * and must be read and closed to avoid resource leaks. - *

Will be {@code false} for typical resource descriptors. - */ - default boolean isOpen() { - return false; - } - - /** - * Determine whether this resource represents a file in a file system. - * A value of {@code true} strongly suggests (but does not guarantee) - * that a {@link #getFile()} call will succeed. - *

This is conservatively {@code false} by default. - * @since 5.0 - * @see #getFile() - */ - default boolean isFile() { - return false; - } - - /** - * Return a URL handle for this resource. - * @throws IOException if the resource cannot be resolved as URL, - * i.e. if the resource is not available as descriptor - */ - URL getURL() throws IOException; - - /** - * Return a URI handle for this resource. - * @throws IOException if the resource cannot be resolved as URI, - * i.e. if the resource is not available as descriptor - * @since 2.5 - */ - URI getURI() throws IOException; - - /** - * Return a File handle for this resource. - * @throws java.io.FileNotFoundException if the resource cannot be resolved as - * absolute file path, i.e. if the resource is not available in a file system - * @throws IOException in case of general resolution/reading failures - * @see #getInputStream() - */ - File getFile() throws IOException; - - /** - * Return a {@link ReadableByteChannel}. - *

It is expected that each call creates a fresh channel. - *

The default implementation returns {@link Channels#newChannel(InputStream)} - * with the result of {@link #getInputStream()}. - * @return the byte channel for the underlying resource (must not be {@code null}) - * @throws java.io.FileNotFoundException if the underlying resource doesn't exist - * @throws IOException if the content channel could not be opened - * @since 5.0 - * @see #getInputStream() - */ - default ReadableByteChannel readableChannel() throws IOException { - return Channels.newChannel(getInputStream()); - } - - /** - * Determine the content length for this resource. - * @throws IOException if the resource cannot be resolved - * (in the file system or as some other known physical resource type) - */ - long contentLength() throws IOException; - - /** - * Determine the last-modified timestamp for this resource. - * @throws IOException if the resource cannot be resolved - * (in the file system or as some other known physical resource type) - */ - long lastModified() throws IOException; - - /** - * Create a resource relative to this resource. - * @param relativePath the relative path (relative to this resource) - * @return the resource handle for the relative resource - * @throws IOException if the relative resource cannot be determined - */ - Resource createRelative(String relativePath) throws IOException; - - /** - * Determine a filename for this resource, i.e. typically the last - * part of the path: for example, "myfile.txt". - *

Returns {@code null} if this type of resource does not - * have a filename. - */ - String getFilename(); - - /** - * Return a description for this resource, - * to be used for error output when working with the resource. - *

Implementations are also encouraged to return this value - * from their {@code toString} method. - * @see Object#toString() - */ - String getDescription(); - -} \ No newline at end of file diff --git a/src/main/java/org/springframework/core/io/WritableResource.java b/src/main/java/org/springframework/core/io/WritableResource.java deleted file mode 100644 index 5b902fc7..00000000 --- a/src/main/java/org/springframework/core/io/WritableResource.java +++ /dev/null @@ -1,77 +0,0 @@ -/* - * Copyright 2002-2017 the original author or authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * https://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.core.io; - -import java.io.IOException; -import java.io.OutputStream; -import java.nio.channels.Channels; -import java.nio.channels.WritableByteChannel; - - -/** - * NOTE this is a placeholder to compile - */ - - -/** - * Extended interface for a resource that supports writing to it. - * Provides an {@link #getOutputStream() OutputStream accessor}. - * - * @author Juergen Hoeller - * @since 3.1 - * @see java.io.OutputStream - */ -public interface WritableResource extends Resource { - - /** - * Indicate whether the contents of this resource can be written - * via {@link #getOutputStream()}. - *

Will be {@code true} for typical resource descriptors; - * note that actual content writing may still fail when attempted. - * However, a value of {@code false} is a definitive indication - * that the resource content cannot be modified. - * @see #getOutputStream() - * @see #isReadable() - */ - default boolean isWritable() { - return true; - } - - /** - * Return an {@link OutputStream} for the underlying resource, - * allowing to (over-)write its content. - * @throws IOException if the stream could not be opened - * @see #getInputStream() - */ - OutputStream getOutputStream() throws IOException; - - /** - * Return a {@link WritableByteChannel}. - *

It is expected that each call creates a fresh channel. - *

The default implementation returns {@link Channels#newChannel(OutputStream)} - * with the result of {@link #getOutputStream()}. - * @return the byte channel for the underlying resource (must not be {@code null}) - * @throws java.io.FileNotFoundException if the underlying resource doesn't exist - * @throws IOException if the content channel could not be opened - * @since 5.0 - * @see #getOutputStream() - */ - default WritableByteChannel writableChannel() throws IOException { - return Channels.newChannel(getOutputStream()); - } - -} \ No newline at end of file From ffadcb1ed8ac1680e127e51d317ec5c11c70700b Mon Sep 17 00:00:00 2001 From: Ivan Fernandez Calvo Date: Fri, 13 Nov 2020 12:09:58 +0100 Subject: [PATCH 04/15] feat: update pac4j to 3.9.0 and Jenkins Core to 2.266 --- pom.xml | 42 ++++++++++++++++++++++++------------------ 1 file changed, 24 insertions(+), 18 deletions(-) diff --git a/pom.xml b/pom.xml index b9acde3c..7789a326 100644 --- a/pom.xml +++ b/pom.xml @@ -7,7 +7,9 @@ Jenkins CI licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -42,7 +44,7 @@ under the License. 1.1.7 -SNAPSHOT - 2.251 + 2.266 8 1.35 @@ -76,6 +78,7 @@ under the License. repo.jenkins-ci.org https://repo.jenkins-ci.org/public/ + shib-release https://build.shibboleth.net/nexus/content/groups/public @@ -98,8 +101,13 @@ under the License. org.pac4j pac4j-saml - 3.8.3 + + 3.9.0 + + org.springframework + spring-beans + org.springframework spring-core @@ -112,23 +120,14 @@ under the License. org.slf4j jcl-over-slf4j - - commons-codec - commons-codec - org.bouncycastle bcprov-jdk15on - org.apache.httpcomponents - httpclient - - - org.opensaml - opensaml-storage-impl + org.dom4j + dom4j - @@ -170,17 +169,24 @@ under the License. - org.cryptacular - cryptacular - 1.2.4 + antlr + antlr io.jenkins.tools.bom - bom-2.235.x - 11 + bom-2.249.x + 17 pom import + + commons-codec + commons-codec + + + org.cryptacular + cryptacular + From 579a46ca1d0b4a8a296c8f9b093bd3936afc36fe Mon Sep 17 00:00:00 2001 From: Ivan Fernandez Calvo Date: Fri, 13 Nov 2020 12:35:15 +0100 Subject: [PATCH 05/15] chore: grooming --- pom.xml | 2 +- .../plugins/saml/OpenSamlWrapperTest.java | 46 ++++--------------- .../saml/SamlJCasCCompatibilityTest.java | 7 ++- .../plugins/saml/SamlSecurityRealmTest.java | 12 +---- 4 files changed, 16 insertions(+), 51 deletions(-) diff --git a/pom.xml b/pom.xml index 7789a326..ed1cd065 100644 --- a/pom.xml +++ b/pom.xml @@ -199,4 +199,4 @@ under the License. - \ No newline at end of file + diff --git a/src/test/java/org/jenkinsci/plugins/saml/OpenSamlWrapperTest.java b/src/test/java/org/jenkinsci/plugins/saml/OpenSamlWrapperTest.java index 5035a101..937c332d 100644 --- a/src/test/java/org/jenkinsci/plugins/saml/OpenSamlWrapperTest.java +++ b/src/test/java/org/jenkinsci/plugins/saml/OpenSamlWrapperTest.java @@ -23,21 +23,17 @@ import org.junit.Test; import org.jvnet.hudson.test.JenkinsRule; import org.kohsuke.stapler.HttpResponse; -import org.kohsuke.stapler.StaplerRequest; import org.kohsuke.stapler.StaplerResponse; import org.mockito.Mockito; -import org.pac4j.saml.profile.SAML2Profile; import javax.servlet.ServletException; import java.io.IOException; import java.io.PrintWriter; import java.io.StringWriter; -import java.text.DateFormat; -import java.text.SimpleDateFormat; -import java.util.Date; +import java.nio.charset.StandardCharsets; import static org.hamcrest.core.StringContains.containsString; -import static org.junit.Assert.assertThat; +import static org.hamcrest.MatcherAssert.assertThat; import static org.mockito.Mockito.when; import static org.opensaml.saml.common.xml.SAMLConstants.SAML2_REDIRECT_BINDING_URI; @@ -51,7 +47,10 @@ public class OpenSamlWrapperTest { @Test public void metadataWrapper() throws IOException, ServletException { - String metadata = IOUtils.toString(this.getClass().getClassLoader().getResourceAsStream("org/jenkinsci/plugins/saml/OpenSamlWrapperTest/metadataWrapper/metadata.xml")); + String metadata = IOUtils.toString(this.getClass().getClassLoader().getResourceAsStream("org/jenkinsci" + + "/plugins/saml" + + "/OpenSamlWrapperTest/metadataWrapper/metadata.xml"), + StandardCharsets.UTF_8); SamlSecurityRealm samlSecurity = new SamlSecurityRealm(new IdpMetadataConfiguration(metadata), "displayName", "groups", 10000, "uid", "email", "/logout", null, @@ -73,7 +72,10 @@ public void metadataWrapper() throws IOException, ServletException { @Test public void metadataWrapperWitEncrytionConfigured() throws IOException, ServletException { - String metadata = IOUtils.toString(this.getClass().getClassLoader().getResourceAsStream("org/jenkinsci/plugins/saml/OpenSamlWrapperTest/metadataWrapper/metadata.xml")); + String metadata = IOUtils.toString(this.getClass().getClassLoader().getResourceAsStream("org/jenkinsci" + + "/plugins/saml/" + + "OpenSamlWrapperTest/metadataWrapper/metadata.xml"), + StandardCharsets.UTF_8); BundleKeyStore ks = new BundleKeyStore(); SamlEncryptionData encryptionData = new SamlEncryptionData(ks.getKeystorePath(), Secret.fromString(ks.getKsPassword()), Secret.fromString(ks.getKsPkPassword()), ks.getKsPkAlias(), true); @@ -96,32 +98,4 @@ public void metadataWrapperWitEncrytionConfigured() throws IOException, ServletE assertThat(result, containsString("")); } - - //TODO [kuisathaverat] incomplete - public void profileWrapper() throws Exception { - String metadata = IOUtils.toString(this.getClass().getClassLoader().getResourceAsStream("org/jenkinsci/plugins/saml/OpenSamlWrapperTest/metadataWrapper/metadata.xml")); - String samlResponse = IOUtils.toString(this.getClass().getClassLoader().getResourceAsStream("org/jenkinsci/plugins/saml/OpenSamlWrapperTest/profileWrapper/samlresponse.xml")); - - SamlSecurityRealm samlSecurity = new SamlSecurityRealm(new IdpMetadataConfiguration(metadata), - "displayName", "groups", 10000, - "uid", "email", "/logout", null, - null, "none", SAML2_REDIRECT_BINDING_URI, - java.util.Collections.emptyList()); - jenkinsRule.jenkins.setSecurityRealm(samlSecurity); - - DateFormat df = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ"); - samlResponse = samlResponse.replace("DATE_NOW",df.format(new Date())); - samlResponse = samlResponse.replace("DATE_AFTER",df.format(new Date(System.currentTimeMillis() + 1000000))); - samlResponse = samlResponse.replace("CONSUMER_SERVICE",samlSecurity.getSamlPluginConfig().getConsumerServiceUrl()); - samlResponse = samlResponse.replace("ENTITY_ID","http://192.168.99.100:8080/simplesaml/saml2/idp/metadata.php"); - - StaplerResponse mockResponse = Mockito.mock(StaplerResponse.class); - StaplerRequest mockRequest = Mockito.mock(StaplerRequest.class); - when(mockRequest.getMethod()).thenReturn("POST"); - when(mockRequest.getParameter("SAMLResponse")).thenReturn(java.util.Base64.getEncoder().encodeToString(samlResponse.getBytes("UTF-8"))); - - SamlProfileWrapper samlProfileWrapper = new SamlProfileWrapper(samlSecurity.getSamlPluginConfig(), mockRequest, mockResponse); - SAML2Profile process = samlProfileWrapper.get(); - - } } diff --git a/src/test/java/org/jenkinsci/plugins/saml/SamlJCasCCompatibilityTest.java b/src/test/java/org/jenkinsci/plugins/saml/SamlJCasCCompatibilityTest.java index acb0e2d8..19c26e73 100644 --- a/src/test/java/org/jenkinsci/plugins/saml/SamlJCasCCompatibilityTest.java +++ b/src/test/java/org/jenkinsci/plugins/saml/SamlJCasCCompatibilityTest.java @@ -1,18 +1,17 @@ package org.jenkinsci.plugins.saml; +import java.util.List; import hudson.security.SecurityRealm; import io.jenkins.plugins.casc.misc.RoundTripAbstractTest; import org.jenkinsci.plugins.saml.conf.Attribute; import org.jenkinsci.plugins.saml.conf.AttributeEntry; import org.jvnet.hudson.test.RestartableJenkinsRule; -import java.util.List; - import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertThat; -import static org.junit.Assert.assertTrue; +import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.CoreMatchers.containsString; +import static org.junit.Assert.assertTrue; public class SamlJCasCCompatibilityTest extends RoundTripAbstractTest { @Override diff --git a/src/test/java/org/jenkinsci/plugins/saml/SamlSecurityRealmTest.java b/src/test/java/org/jenkinsci/plugins/saml/SamlSecurityRealmTest.java index 538d167a..7bb59d7a 100644 --- a/src/test/java/org/jenkinsci/plugins/saml/SamlSecurityRealmTest.java +++ b/src/test/java/org/jenkinsci/plugins/saml/SamlSecurityRealmTest.java @@ -30,23 +30,18 @@ import org.jvnet.hudson.test.JenkinsRule; import org.jvnet.hudson.test.recipes.LocalData; import org.jvnet.hudson.test.recipes.WithTimeout; -import org.mockito.Mockito; - -import javax.servlet.http.HttpSession; import java.io.IOException; import java.util.logging.Level; import java.util.logging.LogManager; import java.util.logging.Logger; -import static org.hamcrest.CoreMatchers.is; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.not; import static org.hamcrest.core.StringContains.containsString; import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertThat; +import static org.hamcrest.MatcherAssert.assertThat; import org.jvnet.hudson.test.Issue; -import static org.mockito.Mockito.when; import static org.opensaml.saml.common.xml.SAMLConstants.SAML2_POST_BINDING_URI; import static org.opensaml.saml.common.xml.SAMLConstants.SAML2_REDIRECT_BINDING_URI; @@ -179,7 +174,7 @@ public void testLoadGroupByGroupname() { @WithTimeout(240) @Test public void testLoadUserByUsername() { - assertEquals(samlSecurityRealm.loadUserByUsername("tesla").getUsername(), "tesla"); + assertEquals(samlSecurityRealm.loadUserByUsername2("tesla").getUsername(), "tesla"); } @LocalData("testReadSimpleConfiguration") @@ -235,7 +230,4 @@ public void upgradeIDPMetadataFileTest() throws IOException { configuredMetadata = configuredMetadata.replace("\\n", ""); // remove new lines assertThat(idpMetadata, equalTo(configuredMetadata)); } - - - } From 51882581d6ca128d18fe02430dbc1722d4e7cdaa Mon Sep 17 00:00:00 2001 From: Ivan Fernandez Calvo Date: Fri, 13 Nov 2020 12:44:25 +0100 Subject: [PATCH 06/15] fix: maven complain in windows --- pom.xml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pom.xml b/pom.xml index 5a5148c5..b72797fe 100644 --- a/pom.xml +++ b/pom.xml @@ -128,6 +128,10 @@ under the License. org.dom4j dom4j + + commons-codec + commons-codec + @@ -179,10 +183,6 @@ under the License. pom import - - commons-codec - commons-codec - org.cryptacular cryptacular From 1beb7e3b7a95ae80673625d5ad5af16d032c08dc Mon Sep 17 00:00:00 2001 From: Ivan Fernandez Calvo Date: Fri, 13 Nov 2020 13:30:30 +0100 Subject: [PATCH 07/15] fix: compile for the correct version --- Jenkinsfile | 10 ++++++---- pom.xml | 2 +- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index a601785c..ca7519bf 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,15 +1,17 @@ //def buildConfiguration = buildPlugin.recommendedConfigurations() -def lts = "2.176.1" -def weekly = "2.199" +def lts = "2.249.3" +def weekly = "2.266" def buildConfiguration = [ +/* [ platform: "linux", jdk: "8", jenkins: lts, javaLevel: "8" ], [ platform: "windows", jdk: "8", jenkins: lts, javaLevel: "8" ], [ platform: "linux", jdk: "11", jenkins: lts, javaLevel: "8" ], [ platform: "windows", jdk: "11", jenkins: lts, javaLevel: "8" ], +*/ // Also build on recent weekly -// [ platform: "linux", jdk: "11", jenkins: weekly, javaLevel: "8" ], -// [ platform: "windows", jdk: "11", jenkins: weekly, javaLevel: "8" ] + [ platform: "linux", jdk: "11", jenkins: weekly, javaLevel: "8" ], + [ platform: "windows", jdk: "11", jenkins: weekly, javaLevel: "8" ] ] buildPlugin(configurations: buildConfiguration) diff --git a/pom.xml b/pom.xml index b72797fe..3935b827 100644 --- a/pom.xml +++ b/pom.xml @@ -42,7 +42,7 @@ under the License. - 1.1.8 + 2.0.0 -SNAPSHOT 2.266 8 From 81b5bb783372c5181254a8495d5b7c3a3e6ba580 Mon Sep 17 00:00:00 2001 From: Ivan Fernandez Calvo Date: Fri, 13 Nov 2020 16:12:25 +0100 Subject: [PATCH 08/15] chore: update incremental maven plugin --- .mvn/extensions.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.mvn/extensions.xml b/.mvn/extensions.xml index 94863e60..43d62816 100644 --- a/.mvn/extensions.xml +++ b/.mvn/extensions.xml @@ -2,6 +2,6 @@ io.jenkins.tools.incrementals git-changelist-maven-extension - 1.0-beta-7 + 1.2 From 867faa09f7e97467a08be3a4d7c051a880eecef8 Mon Sep 17 00:00:00 2001 From: Ivan Fernandez Calvo Date: Fri, 13 Nov 2020 16:12:51 +0100 Subject: [PATCH 09/15] chore: suggested changes on the Jenkinsfile --- Jenkinsfile | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index ca7519bf..0ac52062 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -4,14 +4,14 @@ def lts = "2.249.3" def weekly = "2.266" def buildConfiguration = [ /* - [ platform: "linux", jdk: "8", jenkins: lts, javaLevel: "8" ], - [ platform: "windows", jdk: "8", jenkins: lts, javaLevel: "8" ], - [ platform: "linux", jdk: "11", jenkins: lts, javaLevel: "8" ], - [ platform: "windows", jdk: "11", jenkins: lts, javaLevel: "8" ], + [ platform: "linux", jdk: "8", jenkins: lts ], + [ platform: "windows", jdk: "8", jenkins: lts ], + [ platform: "linux", jdk: "11", jenkins: lts ], + [ platform: "windows", jdk: "11", jenkins: lts ], */ // Also build on recent weekly - [ platform: "linux", jdk: "11", jenkins: weekly, javaLevel: "8" ], - [ platform: "windows", jdk: "11", jenkins: weekly, javaLevel: "8" ] + [ platform: "linux", jdk: "11", jenkins: weekly ], + [ platform: "windows", jdk: "11", jenkins: weekly ] ] buildPlugin(configurations: buildConfiguration) From e15c310ef600ff8ca2079a03d6886ebd2efd682a Mon Sep 17 00:00:00 2001 From: Ivan Fernandez Calvo Date: Fri, 13 Nov 2020 16:13:19 +0100 Subject: [PATCH 10/15] fix: exclude transitive dependencies --- pom.xml | 71 +++++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 67 insertions(+), 4 deletions(-) diff --git a/pom.xml b/pom.xml index 3935b827..b439d642 100644 --- a/pom.xml +++ b/pom.xml @@ -103,11 +103,24 @@ under the License. pac4j-saml 3.9.0 + false org.springframework spring-beans + + org.springframework + spring-jdbc + + + org.springframework + spring-orm + + + org.springframework + spring-tx + org.springframework spring-core @@ -132,6 +145,54 @@ under the License. commons-codec commons-codec + + antlr + antlr + + + org.hibernate + hibernate-core + + + org.hibernate.javax.persistence + hibernate-jpa-2.1-api + + + org.hibernate + hibernate-entitymanager + + + org.hibernate + hibernate-commons-annotations + + + commons-collections + commons-collections + + + commons-io + commons-io + + + commons-codec + commons-codec + + + com.google.guava + guava + + + xalan + xalan + + + jakarta.activation + jakarta.activation-api + + + javax.annotation + javax.annotation-api + @@ -172,10 +233,6 @@ under the License. - - antlr - antlr - io.jenkins.tools.bom bom-2.249.x @@ -193,6 +250,12 @@ under the License. xmlsec 2.1.4 + + org.pac4j + pac4j-saml + + 3.9.0 + From 867464dce2fe3fdd5293c8bade526cbeee185713 Mon Sep 17 00:00:00 2001 From: Ivan Fernandez Calvo Date: Fri, 13 Nov 2020 17:12:08 +0100 Subject: [PATCH 11/15] docs: fix javadoc warning --- src/main/java/org/jenkinsci/plugins/saml/SamlSecurityRealm.java | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/java/org/jenkinsci/plugins/saml/SamlSecurityRealm.java b/src/main/java/org/jenkinsci/plugins/saml/SamlSecurityRealm.java index c42f53f1..056584aa 100644 --- a/src/main/java/org/jenkinsci/plugins/saml/SamlSecurityRealm.java +++ b/src/main/java/org/jenkinsci/plugins/saml/SamlSecurityRealm.java @@ -245,6 +245,7 @@ public String getLoginUrl() { * @param request http request. * @param response http response. * @param referer referer. + * @param from http request "from" parameter. * @return the http response. */ public HttpResponse doCommenceLogin(final StaplerRequest request, final StaplerResponse response, @QueryParameter From 9810e6eb92c2b2ecc7c3cb5c4e93056929c3ac4c Mon Sep 17 00:00:00 2001 From: Ivan Fernandez Calvo Date: Fri, 13 Nov 2020 17:12:45 +0100 Subject: [PATCH 12/15] fix: throw exception --- .../java/org/jenkinsci/plugins/saml/SamlSPMetadataWrapper.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/org/jenkinsci/plugins/saml/SamlSPMetadataWrapper.java b/src/main/java/org/jenkinsci/plugins/saml/SamlSPMetadataWrapper.java index f292bf8d..c4283aae 100644 --- a/src/main/java/org/jenkinsci/plugins/saml/SamlSPMetadataWrapper.java +++ b/src/main/java/org/jenkinsci/plugins/saml/SamlSPMetadataWrapper.java @@ -47,7 +47,7 @@ protected HttpResponse process() throws IllegalStateException { try { metadata = client.getServiceProviderMetadataResolver().getMetadata(); } catch (IOException e) { - new IllegalStateException(e); + throw new IllegalStateException(e); } return HttpResponses.text(metadata); } From aa2a2f164c66fb91a1e9090fca63ace2a3ef3b2b Mon Sep 17 00:00:00 2001 From: Ivan Fernandez Calvo Date: Fri, 13 Nov 2020 17:23:45 +0100 Subject: [PATCH 13/15] Apply suggestions from code review Co-authored-by: Jesse Glick --- Jenkinsfile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 0ac52062..dbea8b33 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,7 +1,6 @@ //def buildConfiguration = buildPlugin.recommendedConfigurations() def lts = "2.249.3" -def weekly = "2.266" def buildConfiguration = [ /* [ platform: "linux", jdk: "8", jenkins: lts ], @@ -10,8 +9,8 @@ def buildConfiguration = [ [ platform: "windows", jdk: "11", jenkins: lts ], */ // Also build on recent weekly - [ platform: "linux", jdk: "11", jenkins: weekly ], - [ platform: "windows", jdk: "11", jenkins: weekly ] + [ platform: "linux", jdk: "11" ], + [ platform: "windows", jdk: "11" ] ] buildPlugin(configurations: buildConfiguration) From cb0a8f692b87fc8330e4c5b75555f8837c60cddb Mon Sep 17 00:00:00 2001 From: Ivan Fernandez Calvo Date: Sun, 15 Nov 2020 20:08:47 +0100 Subject: [PATCH 14/15] fix: ignore parameters in the URL for validation --- src/main/java/org/jenkinsci/plugins/saml/OpenSAMLWrapper.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/main/java/org/jenkinsci/plugins/saml/OpenSAMLWrapper.java b/src/main/java/org/jenkinsci/plugins/saml/OpenSAMLWrapper.java index f65fd679..22c1fdb4 100644 --- a/src/main/java/org/jenkinsci/plugins/saml/OpenSAMLWrapper.java +++ b/src/main/java/org/jenkinsci/plugins/saml/OpenSAMLWrapper.java @@ -24,6 +24,8 @@ import org.opensaml.core.config.InitializationService; import org.pac4j.core.context.J2EContext; import org.pac4j.core.context.WebContext; +import org.pac4j.core.http.callback.NoParameterCallbackUrlResolver; +import org.pac4j.core.http.url.DefaultUrlResolver; import org.pac4j.saml.client.SAML2Client; import org.pac4j.saml.config.SAML2Configuration; @@ -152,6 +154,7 @@ protected SAML2Client createSAML2Client() { config.setServiceProviderMetadataResource(new SamlFileResource(SamlSecurityRealm.getSPMetadataFilePath())); final SAML2Client saml2Client = new SAML2Client(config); saml2Client.setCallbackUrl(samlPluginConfig.getConsumerServiceUrl()); + saml2Client.setCallbackUrlResolver(new NoParameterCallbackUrlResolver()); saml2Client.init(); if (LOG.isLoggable(FINE)) { From 7c7a310c75cf56773763cef7cbb8e2a1fb378edc Mon Sep 17 00:00:00 2001 From: Ivan Fernandez Calvo Date: Thu, 25 Feb 2021 13:25:17 +0100 Subject: [PATCH 15/15] Update pom.xml --- pom.xml | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/pom.xml b/pom.xml index b439d642..417b665a 100644 --- a/pom.xml +++ b/pom.xml @@ -78,17 +78,6 @@ under the License. repo.jenkins-ci.org https://repo.jenkins-ci.org/public/ - - - shib-release - https://build.shibboleth.net/nexus/content/groups/public - - false - - - true - -