org.forgerock / org.forgerock.openig

28 Nov, 2014

4 commits

c41f480e OPENIG-386 (CR-5503) Introduce per-tag monitoring endpoint ... Browse Code »

This audit framework application maintains hit counters on a per-tag basis.

Here is an output sample:
```
  {
      "resources": {
          "completed": 1,
          "failed": 0,
          "flowing": 0
      },
      "main": {
          "completed": 12,
          "failed": 0,
          "flowing": 1
      },
      "monitor": {
          "completed": 11,
          "failed": 0,
          "flowing": 1
      }
  }
```
`resources`, `main` and `monitor` being "non-standard" (or user-provided) tags.

git-svn-id: https://svn.forgerock.org/openig/trunk@760 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-28 10:13:43 +0000

7d2f07a4 Provide an Enum containing OpenIG's 'standard'/'managed' tag names ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@759 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
guillaume.sauthier
2014-11-28 10:12:47 +0000
3450fa14 Fix wrong time unit for AuditEvent.timestamp (must be ms) ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@758 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
guillaume.sauthier
2014-11-28 10:12:19 +0000

d2c5efab Fix regression introduced by r756 ... Browse Code »

The `307` status code is a temporary redirect and is processed by the UA as
a complete request replay (including method, form params, ...).

`302`, on the other hand simply expects the UA to `GET` the provided `Location` Uri value.

git-svn-id: https://svn.forgerock.org/openig/trunk@757 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-28 10:11:51 +0000

27 Nov, 2014

3 commits

b82d500c OPENIG-384 Use OpenIG session, request and response instead of servlet's objects ... Browse Code »

Reserve real usage of HttpServletRequest and HttpServletResponse objects for
Fedlet classes only.

Session attributes' variables `subjectMapping`, `sessionIndexMapping`,
`authnContext` and all of the `attributeMapping` values are now stored in
the OpenIG Session object (instead of the `HttpSession`). That makes it possible
to use theses values inside OpenIG configuration files (through `Expression`).

git-svn-id: https://svn.forgerock.org/openig/trunk@756 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-27 14:31:12 +0000

ab2d3099 OPENIG-384 Merge FederationServlet into SamlFederationHandler (no other changes) ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@755 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
guillaume.sauthier
2014-11-27 14:31:05 +0000

8bbd0851 CR-5463 OPENIG-325 Cannot use exchange.request.uri as lvalue-expression ... Browse Code »

The issue was due to the BeanELResolver involded by the use of Expression
which was unable to get the right setter to set the URI.
Solution was to create a RequestResolver, to guide it through the setters to get
the right one and to finally be able to write the uri as expected.

- added RequestResolver.class
- added unit tests for the new RequestResolver class.
- added unit tests for the AssignmentFilter about URI change.

Thanks to Guillaume for his help.

git-svn-id: https://svn.forgerock.org/openig/trunk@754 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-27 10:54:32 +0000

26 Nov, 2014

1 commit

072f2833 OPENIG-403 Doc use of unique session field names for SAML SPs ... Browse Code »

Additional fix suggested and reviewed by Guillaume over IM

git-svn-id: https://svn.forgerock.org/openig/trunk@752 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-26 09:14:44 +0000

25 Nov, 2014

5 commits

79b6c965 CR-5446 OPENIG-390 Move DumpExchange.groovy out of docs ... Browse Code »

Now that we have a CaptureDecorator to capture the exchange,
we do not need to document a script for doing the same thing.

In working on this issue, it also became apparent
that these examples did not call for dumping the exchange anyway.


git-svn-id: https://svn.forgerock.org/openig/trunk@751 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-25 16:56:06 +0000

77dd58c6 CR-5444 OPENIG-403 Doc use of unique session field names for SAML SPs ... Browse Code »

A SamlFederationHandler maps data from the assertion
into the exchange.session object.

With multiple SP configurations, it is important to use unique field names
for mapped data to avoid one handler from overwriting another's session data.

This patch fixes the doc to account for that requirement.

git-svn-id: https://svn.forgerock.org/openig/trunk@750 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-25 15:41:01 +0000

6ea2e38d CR-5426 OPENIG-402 Update DESKEY gen steps for OpenAM 12 ... Browse Code »

This patch anticipates the release of OpenAM 12.
I'm hoping that
http://sources.forgerock.org/browse/openam/trunk/openam/pom.xml?hb=true#to123
does not change before release. 


git-svn-id: https://svn.forgerock.org/openig/trunk@749 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-25 11:23:15 +0000

e0cab7fd CR-5424 OPENIG-396 Correct doc for logSink used by a TimerDecorator ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@748 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-25 11:20:42 +0000
4c9435d5 CR-5423 OPENIG-392 Document exchange.originalUri ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@747 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-25 11:18:30 +0000

24 Nov, 2014

1 commit

2c656823 Reformat XML without material changes to content ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@746 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-24 16:48:53 +0000

22 Nov, 2014

1 commit

e9c0ea30 CR-5398 OPENIG-388 Document that empty heap is optional ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@745 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-22 05:11:47 +0000

21 Nov, 2014

3 commits

55fd7118 Code simplification ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@744 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
guillaume.sauthier
2014-11-21 21:17:26 +0000

28c72a3c OPENIG-269 (CR-5396) Fix erroneous OAuth 2.0 error codes ... Browse Code »

Issues an `invalid_request` when there are multiple `Authorization` headers.
Issues an `invalid_token` when there is no bearer token and when the token
can't be resolved (for any reason: expiration, revocation, plain wrong token, ...)

git-svn-id: https://svn.forgerock.org/openig/trunk@743 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-21 21:17:04 +0000

845e23c0 CR-5379 OPENIG-387 Document removal of "objects" layer from heap ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@742 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-21 09:14:36 +0000

20 Nov, 2014

10 commits

98574eb1 Placate checkstyle ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@741 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-20 16:49:21 +0000
f011fcf7 OPENIG-379 CR-5353 Improve logging when JWT sessions are using random keys and e… ... Browse Code »
```
…nsure that invalid JWT sessions are expired


git-svn-id: https://svn.forgerock.org/openig/trunk@740 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
matthew
2014-11-20 16:05:07 +0000

e323e6df Remove LogTimer on the GatewayServlet ... Browse Code »

Timer values should always be obtained through `timer` decorations.

git-svn-id: https://svn.forgerock.org/openig/trunk@739 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-20 15:44:50 +0000

0503020c CR-5343 OPENIG-381 Update doc for change to global decorator config ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@738 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-20 15:42:38 +0000

13b2d660 CR-5327 OPENIG-365 Doc how to configure multiple SAML SPs ... Browse Code »

This patch adds an appendix
that briefly describes and demonstrates
how OpenIG as a SAML 2.0 SP can support more than one application.

For future consideration I have also opened some issues
that might make this easier:
OPENIG-397, but also OPENIG-399, OPENIG-400.

git-svn-id: https://svn.forgerock.org/openig/trunk@737 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-20 15:34:20 +0000

6e866493 OPENIG-359 (CR-5294) Introduce Audit Framework ... Browse Code »

The audit framework is a new OpenIG API that gives to users a deeper view (and probably
a better understanding) of what's going on in the observed OpenIG system.

This is an initial version of the audit framework that only supports `Exchange` flow
observation: Filters and Handlers will send `AuditEvent` notifications both when an
Exchange enters or exists.

An `AuditEvent` is a notification that includes meta-information about the observed
component emitter of the notification (its `Name` in particular), a timestamp, the
exchange being captured and a set of tags that helps to qualify the event.

Four tags are supported out-of-the-box: `request`, `response`, `completed` and `exception`.
The user can add as many tags as wanted as part of the decoration configuration:

    "audit": "route-#1"  // add a single tag to the decorated component
    "audit": [ "super-tag", "route-#2" ] // add all of theses tags
    "audit": boolean, object, ... // any other format will be ignored

OpenIG provides a single `audit` decorator by default.

Consumers of AuditEvent are `AuditEventListener`, they have to provide their own Heaplet
implementation that extends `ConditionalListenerHeaplet`. They'll be automatically notified
of emitted AuditEvents and can (optionally) filter the received event using the `condition`
configuration attribute (condition is expressed as an `Expression` that needs to evaluate
to a boolean).

Examples of such event-filtering conditions:

    ${true}
    ${contains(tags, 'tag#1')}
    ${source.name.leaf == 'source'}

git-svn-id: https://svn.forgerock.org/openig/trunk@736 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-20 15:25:21 +0000

95f1d731 OPENIG-368 (CR-5326) Use exchange.originalUri in OAuth2ClientFilter ... Browse Code »

The Client filter heavily use the `exchange.request.uri` property to compute URIs.

That was causing issues because, in the set of upstream filters/handlers, someone
could have rebased the request URI (usually to globally 'redirect' the message
to the protected application). That was causing wrong URI computations (like an
OAuth2 `redirect_uri` with the hostname of the protected application, instead of
the user-facing one of OpenIG).

This changes fix this behaviour with the introduction of an immutable
`exchange.originalUri` property that is the original request URI, as received by the
web container.

The Client filter is now using this instead of the mutable one (`exchange.request.uri`).

Updated the Nascar page sample of the documentation to limit copy/paste errors.

git-svn-id: https://svn.forgerock.org/openig/trunk@735 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-20 13:57:53 +0000

19e1869d OPENIG-326 - Revert previously introduced List as Set (no duplicate elements) ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@734 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
violette
2014-11-20 13:45:51 +0000

82d70698 Modified error message from the OAuth2Utils#getScopes function as it is ... Browse Code »

only used by the Client Server and to uniformize the message with the
OAuth2ResourceFilter.

git-svn-id: https://svn.forgerock.org/openig/trunk@733 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-20 13:30:48 +0000

cef1488f CR-5340 OPENIG-326 The OAuth2 ResourceServer scopes is now a list of ... Browse Code »

expressions.

OAuth2ResourceServerFilter.java
- Replaced 'Set<String> scopes' to 'List<Expression> scopes'.
- As the AccessToken defines scopes as Set<String>,
 added a new method to getScopes from List<Expression> to Set<String>.
- InsufficientScopeChallengeHandler is no longer a field of the
OAuth2ResourceServerFilter.
- Added realm attribute to the OAuth2ResourceServerFilter.

OAuth2ResourceServerFilterTest.java
- Fixed tests according to the above modifications.
- Added unit tests with expression evaluations.

man-OAuth2ResourceServerFilter.xml
- Modified doc according to Mark's patch.

git-svn-id: https://svn.forgerock.org/openig/trunk@732 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-20 13:12:42 +0000

19 Nov, 2014

3 commits

213ddd32 OPENIG-329 CR-5335 Make it possible to omit an empty heap from a route ... Browse Code »

* also added test to ensure that it is possible to inline a route's handler and avoid the need for a heap.


git-svn-id: https://svn.forgerock.org/openig/trunk@730 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-19 12:59:34 +0000

dcf61335 Typos ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@725 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-19 08:08:29 +0000
2b97cd45 Adjust wording in release notes chapter on compatibility ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@724 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-19 07:33:30 +0000

18 Nov, 2014

3 commits

fe434b82 Fix broken link found by docbook-linktester ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@723 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-18 15:56:48 +0000

fc1ec139 OPENIG-356 OPENIG-357 Updated json-fluent && json-web-token to 2.4.1 ... Browse Code »

Updated version of json-fluent and json-web-token from 2.3.2 to 2.4.1
new release. Thanks to Bruno! \o/

git-svn-id: https://svn.forgerock.org/openig/trunk@722 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-18 15:12:55 +0000

6175b7f4 OpenIG-119 RedirectFilter renamed to LocationHeaderFilter ... Browse Code »

- Renamed files
- Fixed javadoc.
- Fixed doc.
- Thanks to Mark for his patch on chap-compatibility.

git-svn-id: https://svn.forgerock.org/openig/trunk@719 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-18 09:03:17 +0000

17 Nov, 2014

2 commits

4773691f OPENIG-380 CR-5307 Simplify heap configuration: remove object element ... Browse Code »

* updated all tests and default config
* issue deprecation warning if heap/objects field is still used.


git-svn-id: https://svn.forgerock.org/openig/trunk@718 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-17 14:33:24 +0000

c5068fe5 OPENIG-369 CR-5302 Inline global decorations with top-level config/route config parameters ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@717 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
matthew
2014-11-17 10:26:36 +0000

15 Nov, 2014

1 commit

329a7116 Remove empty source folder. ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@716 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
matthew
2014-11-15 21:32:23 +0000

14 Nov, 2014

3 commits

01853d36 Fixed javadoc typo. ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@705 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
violette
2014-11-14 14:54:27 +0000
b12eb778 CR-5282 OPENIG-375: Doc change to default algorithm for CryptoHeaderFilter ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@704 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-14 09:09:19 +0000
5b459eca Reformatted source without material changes to content ... Browse Code »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@703 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-14 08:18:48 +0000