From aabb96887b93437d2c286aaa097f8ebea03576f2 Mon Sep 17 00:00:00 2001 From: Riliane Date: Fri, 26 Aug 2022 17:22:40 +0200 Subject: [PATCH 1/7] Update pac4j to 5.2.0 --- pom.xml | 9 ++++++-- .../plugins/saml/OpenSAMLWrapper.java | 11 +++++----- .../plugins/saml/SamlProfileWrapper.java | 7 ++++--- .../saml/SamlRedirectActionWrapper.java | 11 +++++----- .../plugins/saml/SamlSPMetadataWrapper.java | 5 ++--- .../plugins/saml/SamlSecurityRealm.java | 21 ++++++++++--------- 6 files changed, 36 insertions(+), 28 deletions(-) diff --git a/pom.xml b/pom.xml index b59026da..3a691aac 100644 --- a/pom.xml +++ b/pom.xml @@ -98,8 +98,7 @@ under the License. org.pac4j pac4j-saml - - 3.9.0 + 5.2.0 false @@ -196,6 +195,12 @@ under the License. + + org.pac4j + pac4j-jee + 5.2.0 + false + org.jenkins-ci.plugins mailer diff --git a/src/main/java/org/jenkinsci/plugins/saml/OpenSAMLWrapper.java b/src/main/java/org/jenkinsci/plugins/saml/OpenSAMLWrapper.java index ec09ff01..f56ee373 100644 --- a/src/main/java/org/jenkinsci/plugins/saml/OpenSAMLWrapper.java +++ b/src/main/java/org/jenkinsci/plugins/saml/OpenSAMLWrapper.java @@ -22,13 +22,14 @@ import org.kohsuke.stapler.StaplerResponse; import org.opensaml.core.config.InitializationException; import org.opensaml.core.config.InitializationService; -import org.pac4j.core.context.J2EContext; +import org.pac4j.core.context.JEEContext; import org.pac4j.core.context.WebContext; +import org.pac4j.core.exception.TechnicalException; import org.pac4j.core.http.callback.NoParameterCallbackUrlResolver; import org.pac4j.saml.client.SAML2Client; import org.pac4j.saml.config.SAML2Configuration; -import java.io.IOException; +import java.util.Arrays; import java.util.logging.Logger; import static java.util.logging.Level.*; @@ -87,7 +88,7 @@ public T get() { * @return J2E Context from the current HTTP request and response. */ protected WebContext createWebContext() { - return new J2EContext(request, response); + return new JEEContext(request, response); } /** @@ -141,7 +142,7 @@ protected SAML2Client createSAML2Client() { // reference) is set, include it in the request to the IdP, and request // that the IdP uses exact matching for authentication types if (samlPluginConfig.getAuthnContextClassRef() != null) { - config.setAuthnContextClassRef(samlPluginConfig.getAuthnContextClassRef()); + config.setAuthnContextClassRefs(Arrays.asList(samlPluginConfig.getAuthnContextClassRef())); config.setComparisonType("exact"); } @@ -160,7 +161,7 @@ protected SAML2Client createSAML2Client() { if (LOG.isLoggable(FINE)) { try { LOG.fine(saml2Client.getServiceProviderMetadataResolver().getMetadata()); - } catch (IOException e) { + } catch (TechnicalException e) { LOG.fine("Is not possible to show the metadata : " + e.getMessage()); } } diff --git a/src/main/java/org/jenkinsci/plugins/saml/SamlProfileWrapper.java b/src/main/java/org/jenkinsci/plugins/saml/SamlProfileWrapper.java index bc11baf1..e5fc28ea 100644 --- a/src/main/java/org/jenkinsci/plugins/saml/SamlProfileWrapper.java +++ b/src/main/java/org/jenkinsci/plugins/saml/SamlProfileWrapper.java @@ -21,7 +21,8 @@ import org.kohsuke.stapler.StaplerRequest; import org.kohsuke.stapler.StaplerResponse; import org.pac4j.core.context.WebContext; -import org.pac4j.core.exception.HttpAction; +import org.pac4j.core.context.session.JEESessionStore; +import org.pac4j.core.exception.http.HttpAction; import org.pac4j.saml.client.SAML2Client; import org.pac4j.saml.credentials.SAML2Credentials; import org.pac4j.saml.exceptions.SAMLException; @@ -52,8 +53,8 @@ protected SAML2Profile process() { try { SAML2Client client = createSAML2Client(); WebContext context = createWebContext(); - credentials = client.getCredentials(context); - saml2Profile = client.getUserProfile(credentials, context); + credentials = (SAML2Credentials) client.getCredentials(context, JEESessionStore.INSTANCE).orElse(null); + saml2Profile = (SAML2Profile) client.getUserProfile(credentials, context, JEESessionStore.INSTANCE).orElse(null); client.destroy(); } catch (HttpAction|SAMLException e) { //if the SAMLResponse is not valid we send the user again to the IdP diff --git a/src/main/java/org/jenkinsci/plugins/saml/SamlRedirectActionWrapper.java b/src/main/java/org/jenkinsci/plugins/saml/SamlRedirectActionWrapper.java index 6fc287bf..e55c3fdc 100644 --- a/src/main/java/org/jenkinsci/plugins/saml/SamlRedirectActionWrapper.java +++ b/src/main/java/org/jenkinsci/plugins/saml/SamlRedirectActionWrapper.java @@ -19,15 +19,16 @@ import org.kohsuke.stapler.StaplerRequest; import org.kohsuke.stapler.StaplerResponse; -import org.pac4j.core.redirect.RedirectAction; +import org.pac4j.core.context.session.JEESessionStore; +import org.pac4j.core.exception.http.HttpAction; +import org.pac4j.core.exception.http.RedirectionAction; import org.pac4j.core.context.WebContext; -import org.pac4j.core.exception.HttpAction; import org.pac4j.saml.client.SAML2Client; /** * Process the current configuration and request to prepare a Redirection to the IdP. */ -public class SamlRedirectActionWrapper extends OpenSAMLWrapper { +public class SamlRedirectActionWrapper extends OpenSAMLWrapper { public SamlRedirectActionWrapper(SamlPluginConfig samlPluginConfig, StaplerRequest request, StaplerResponse response) { this.request = request; @@ -40,11 +41,11 @@ public SamlRedirectActionWrapper(SamlPluginConfig samlPluginConfig, StaplerReque * @throws IllegalStateException if something goes wrong. */ @Override - protected RedirectAction process() throws IllegalStateException { + protected RedirectionAction process() throws IllegalStateException { try { SAML2Client client = createSAML2Client(); WebContext context = createWebContext(); - RedirectAction redirection = client.getRedirectAction(context); + RedirectionAction redirection = client.getRedirectionAction(context, JEESessionStore.INSTANCE).orElse(null); client.destroy(); return redirection; } catch (HttpAction e) { diff --git a/src/main/java/org/jenkinsci/plugins/saml/SamlSPMetadataWrapper.java b/src/main/java/org/jenkinsci/plugins/saml/SamlSPMetadataWrapper.java index acfd6a2b..540039ed 100644 --- a/src/main/java/org/jenkinsci/plugins/saml/SamlSPMetadataWrapper.java +++ b/src/main/java/org/jenkinsci/plugins/saml/SamlSPMetadataWrapper.java @@ -21,10 +21,9 @@ import org.kohsuke.stapler.HttpResponses; import org.kohsuke.stapler.StaplerRequest; import org.kohsuke.stapler.StaplerResponse; +import org.pac4j.core.exception.TechnicalException; import org.pac4j.saml.client.SAML2Client; -import java.io.IOException; - /** * build the Service Provider(SP) metadata from the configuration. */ @@ -47,7 +46,7 @@ protected HttpResponse process() throws IllegalStateException { try { metadata = client.getServiceProviderMetadataResolver().getMetadata(); client.destroy(); - } catch (IOException e) { + } catch (TechnicalException e) { throw new IllegalStateException(e); } return HttpResponses.text(metadata); diff --git a/src/main/java/org/jenkinsci/plugins/saml/SamlSecurityRealm.java b/src/main/java/org/jenkinsci/plugins/saml/SamlSecurityRealm.java index 0a692425..4e862102 100644 --- a/src/main/java/org/jenkinsci/plugins/saml/SamlSecurityRealm.java +++ b/src/main/java/org/jenkinsci/plugins/saml/SamlSecurityRealm.java @@ -41,8 +41,9 @@ import org.kohsuke.accmod.restrictions.NoExternalUse; import org.kohsuke.stapler.*; import org.kohsuke.stapler.interceptor.RequirePOST; -import org.pac4j.core.redirect.RedirectAction; -import org.pac4j.core.redirect.RedirectAction.RedirectType; +import org.pac4j.core.exception.http.OkAction; +import org.pac4j.core.exception.http.RedirectionAction; +import org.pac4j.core.exception.http.SeeOtherAction; import org.springframework.dao.DataAccessException; import org.pac4j.saml.profile.SAML2Profile; @@ -258,15 +259,15 @@ public HttpResponse doCommenceLogin(final StaplerRequest request, final StaplerR String redirectOnFinish = calculateSafeRedirect(from, referer); request.getSession().setAttribute(REFERER_ATTRIBUTE, redirectOnFinish); - RedirectAction action = new SamlRedirectActionWrapper(getSamlPluginConfig(), request, response).get(); - if (action.getType() == RedirectType.REDIRECT) { - LOG.fine("REDIRECT : " + action.getLocation()); - return HttpResponses.redirectTo(action.getLocation()); - } else if (action.getType() == RedirectType.SUCCESS) { - LOG.fine("SUCCESS : " + action.getContent()); - return HttpResponses.html(action.getContent()); + RedirectionAction action = new SamlRedirectActionWrapper(getSamlPluginConfig(), request, response).get(); + if (action instanceof SeeOtherAction) { + LOG.fine("REDIRECT : " + ((SeeOtherAction)action).getLocation()); + return HttpResponses.redirectTo(((SeeOtherAction)action).getLocation()); + } else if (action instanceof OkAction) { + LOG.fine("SUCCESS : " + ((OkAction) action).getContent()); + return HttpResponses.html(((OkAction) action).getContent()); } else { - throw new IllegalStateException("Received unexpected response type " + action.getType()); + throw new IllegalStateException("Received unexpected response type " + action.getCode()); } } From 616c0a00370b722f63a5512b810c178d7ad510c4 Mon Sep 17 00:00:00 2001 From: Riliane Date: Mon, 29 Aug 2022 10:17:26 +0200 Subject: [PATCH 2/7] spacing Co-authored-by: Ivan Fernandez Calvo --- pom.xml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pom.xml b/pom.xml index 3a691aac..cd11c8cd 100644 --- a/pom.xml +++ b/pom.xml @@ -196,10 +196,10 @@ under the License. - org.pac4j - pac4j-jee - 5.2.0 - false + org.pac4j + pac4j-jee + 5.2.0 + false org.jenkins-ci.plugins From c8780924c8ceca2b623ddd5a7206b24d9e8b9d73 Mon Sep 17 00:00:00 2001 From: Ivan Fernandez Calvo Date: Mon, 29 Aug 2022 14:14:38 +0200 Subject: [PATCH 3/7] chore: bump the major version to 4 this is a major change so we have to update the major version to the next --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index c6e03d30..a97042cc 100644 --- a/pom.xml +++ b/pom.xml @@ -42,7 +42,7 @@ under the License. - 3 + 4 999999-SNAPSHOT 2.361 jenkinsci/${project.artifactId}-plugin From cc70634e59079c5a9a859b7d0447f92881c7036c Mon Sep 17 00:00:00 2001 From: Riliane Date: Wed, 31 Aug 2022 13:43:55 +0200 Subject: [PATCH 4/7] pac4j-jee remove optional Co-authored-by: Vincent Latombe --- pom.xml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/pom.xml b/pom.xml index a97042cc..8a447273 100644 --- a/pom.xml +++ b/pom.xml @@ -196,10 +196,9 @@ under the License. - org.pac4j - pac4j-jee - 5.2.0 - false + org.pac4j + pac4j-jee + 5.2.0 org.jenkins-ci.plugins From 2807c35f4c1a2c123643e2eca514e1f065b5a3bc Mon Sep 17 00:00:00 2001 From: Riliane Date: Thu, 1 Sep 2022 10:37:57 +0200 Subject: [PATCH 5/7] Process FoundAction Co-authored-by: Ivan Fernandez Calvo --- .../org/jenkinsci/plugins/saml/SamlSecurityRealm.java | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/jenkinsci/plugins/saml/SamlSecurityRealm.java b/src/main/java/org/jenkinsci/plugins/saml/SamlSecurityRealm.java index 8133333d..c26b91ed 100644 --- a/src/main/java/org/jenkinsci/plugins/saml/SamlSecurityRealm.java +++ b/src/main/java/org/jenkinsci/plugins/saml/SamlSecurityRealm.java @@ -45,6 +45,8 @@ import org.kohsuke.stapler.StaplerRequest; import org.kohsuke.stapler.StaplerResponse; import org.kohsuke.stapler.interceptor.RequirePOST; +import org.pac4j.core.exception.http.FoundAction; +import org.pac4j.core.exception.http.WithLocationAction; import org.pac4j.core.exception.http.OkAction; import org.pac4j.core.exception.http.RedirectionAction; import org.pac4j.core.exception.http.SeeOtherAction; @@ -258,9 +260,9 @@ public HttpResponse doCommenceLogin(final StaplerRequest request, final StaplerR request.getSession().setAttribute(REFERER_ATTRIBUTE, redirectOnFinish); RedirectionAction action = new SamlRedirectActionWrapper(getSamlPluginConfig(), request, response).get(); - if (action instanceof SeeOtherAction) { - LOG.fine("REDIRECT : " + ((SeeOtherAction)action).getLocation()); - return HttpResponses.redirectTo(((SeeOtherAction)action).getLocation()); + if (action instanceof SeeOtherAction || action instanceof FoundAction) { + LOG.fine("REDIRECT : " + ((WithLocationAction)action).getLocation()); + return HttpResponses.redirectTo(((WithLocationAction)action).getLocation()); } else if (action instanceof OkAction) { LOG.fine("SUCCESS : " + ((OkAction) action).getContent()); return HttpResponses.literalHtml(((OkAction) action).getContent()); From b53be70471de8d7b7432c2b7eb53db87e82a096b Mon Sep 17 00:00:00 2001 From: Riliane Date: Thu, 1 Sep 2022 10:41:04 +0200 Subject: [PATCH 6/7] 5.4.6 update Co-authored-by: Ivan Fernandez Calvo --- pom.xml | 6 +++--- .../java/org/jenkinsci/plugins/saml/OpenSAMLWrapper.java | 2 +- .../java/org/jenkinsci/plugins/saml/SamlProfileWrapper.java | 2 +- .../jenkinsci/plugins/saml/SamlRedirectActionWrapper.java | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/pom.xml b/pom.xml index 8a447273..4f1b93cb 100644 --- a/pom.xml +++ b/pom.xml @@ -98,7 +98,7 @@ under the License. org.pac4j pac4j-saml - 5.2.0 + 5.4.6 false @@ -197,8 +197,8 @@ under the License. org.pac4j - pac4j-jee - 5.2.0 + pac4j-javaee + 5.4.6 org.jenkins-ci.plugins diff --git a/src/main/java/org/jenkinsci/plugins/saml/OpenSAMLWrapper.java b/src/main/java/org/jenkinsci/plugins/saml/OpenSAMLWrapper.java index 4b50a4b9..8570e237 100644 --- a/src/main/java/org/jenkinsci/plugins/saml/OpenSAMLWrapper.java +++ b/src/main/java/org/jenkinsci/plugins/saml/OpenSAMLWrapper.java @@ -25,7 +25,7 @@ import org.kohsuke.stapler.StaplerResponse; import org.opensaml.core.config.InitializationException; import org.opensaml.core.config.InitializationService; -import org.pac4j.core.context.JEEContext; +import org.pac4j.jee.context.JEEContext; import org.pac4j.core.context.WebContext; import org.pac4j.core.exception.TechnicalException; import org.pac4j.core.http.callback.NoParameterCallbackUrlResolver; diff --git a/src/main/java/org/jenkinsci/plugins/saml/SamlProfileWrapper.java b/src/main/java/org/jenkinsci/plugins/saml/SamlProfileWrapper.java index d83f6f07..f9adfdbe 100644 --- a/src/main/java/org/jenkinsci/plugins/saml/SamlProfileWrapper.java +++ b/src/main/java/org/jenkinsci/plugins/saml/SamlProfileWrapper.java @@ -21,7 +21,7 @@ import org.kohsuke.stapler.StaplerRequest; import org.kohsuke.stapler.StaplerResponse; import org.pac4j.core.context.WebContext; -import org.pac4j.core.context.session.JEESessionStore; +import org.pac4j.jee.context.JEEContext;; import org.pac4j.core.exception.http.HttpAction; import org.pac4j.saml.client.SAML2Client; import org.pac4j.saml.credentials.SAML2Credentials; diff --git a/src/main/java/org/jenkinsci/plugins/saml/SamlRedirectActionWrapper.java b/src/main/java/org/jenkinsci/plugins/saml/SamlRedirectActionWrapper.java index dc34c466..05c8096c 100644 --- a/src/main/java/org/jenkinsci/plugins/saml/SamlRedirectActionWrapper.java +++ b/src/main/java/org/jenkinsci/plugins/saml/SamlRedirectActionWrapper.java @@ -19,7 +19,7 @@ import org.kohsuke.stapler.StaplerRequest; import org.kohsuke.stapler.StaplerResponse; -import org.pac4j.core.context.session.JEESessionStore; +import org.pac4j.jee.context.JEEContext; import org.pac4j.core.exception.http.HttpAction; import org.pac4j.core.exception.http.RedirectionAction; import org.pac4j.core.context.WebContext; From f36dc90827f54ca9bd489582e1dd45220d0d36ad Mon Sep 17 00:00:00 2001 From: Riliane Date: Thu, 1 Sep 2022 10:45:40 +0200 Subject: [PATCH 7/7] fix JEESessionStore --- .../java/org/jenkinsci/plugins/saml/SamlProfileWrapper.java | 2 +- .../org/jenkinsci/plugins/saml/SamlRedirectActionWrapper.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/jenkinsci/plugins/saml/SamlProfileWrapper.java b/src/main/java/org/jenkinsci/plugins/saml/SamlProfileWrapper.java index f9adfdbe..8de96825 100644 --- a/src/main/java/org/jenkinsci/plugins/saml/SamlProfileWrapper.java +++ b/src/main/java/org/jenkinsci/plugins/saml/SamlProfileWrapper.java @@ -21,7 +21,7 @@ import org.kohsuke.stapler.StaplerRequest; import org.kohsuke.stapler.StaplerResponse; import org.pac4j.core.context.WebContext; -import org.pac4j.jee.context.JEEContext;; +import org.pac4j.jee.context.session.JEESessionStore; import org.pac4j.core.exception.http.HttpAction; import org.pac4j.saml.client.SAML2Client; import org.pac4j.saml.credentials.SAML2Credentials; diff --git a/src/main/java/org/jenkinsci/plugins/saml/SamlRedirectActionWrapper.java b/src/main/java/org/jenkinsci/plugins/saml/SamlRedirectActionWrapper.java index 05c8096c..a4c0f61a 100644 --- a/src/main/java/org/jenkinsci/plugins/saml/SamlRedirectActionWrapper.java +++ b/src/main/java/org/jenkinsci/plugins/saml/SamlRedirectActionWrapper.java @@ -19,7 +19,7 @@ import org.kohsuke.stapler.StaplerRequest; import org.kohsuke.stapler.StaplerResponse; -import org.pac4j.jee.context.JEEContext; +import org.pac4j.jee.context.session.JEESessionStore; import org.pac4j.core.exception.http.HttpAction; import org.pac4j.core.exception.http.RedirectionAction; import org.pac4j.core.context.WebContext;