org.forgerock / org.forgerock.openig

28 Nov, 2014

3 commits

27 Nov, 2014

1 commit

  • 8bbd0851   CR-5463 OPENIG-325 Cannot use exchange.request.uri as lvalue-expression ... Browse Dir » 
    The issue was due to the BeanELResolver involded by the use of Expression
which was unable to get the right setter to set the URI.
Solution was to create a RequestResolver, to guide it through the setters to get
the right one and to finally be able to write the uri as expected.

- added RequestResolver.class
- added unit tests for the new RequestResolver class.
- added unit tests for the AssignmentFilter about URI change.

Thanks to Guillaume for his help.

git-svn-id: https://svn.forgerock.org/openig/trunk@754 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    violette
     

20 Nov, 2014

3 commits

  • f011fcf7   OPENIG-379 CR-5353 Improve logging when JWT sessions are using random keys and e… ... Browse Dir » 
    …nsure that invalid JWT sessions are expired


git-svn-id: https://svn.forgerock.org/openig/trunk@740 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    matthew
     
  • 6e866493   OPENIG-359 (CR-5294) Introduce Audit Framework ... Browse Dir » 
    The audit framework is a new OpenIG API that gives to users a deeper view (and probably
a better understanding) of what's going on in the observed OpenIG system.

This is an initial version of the audit framework that only supports `Exchange` flow
observation: Filters and Handlers will send `AuditEvent` notifications both when an
Exchange enters or exists.

An `AuditEvent` is a notification that includes meta-information about the observed
component emitter of the notification (its `Name` in particular), a timestamp, the
exchange being captured and a set of tags that helps to qualify the event.

Four tags are supported out-of-the-box: `request`, `response`, `completed` and `exception`.
The user can add as many tags as wanted as part of the decoration configuration:

    "audit": "route-#1"  // add a single tag to the decorated component
    "audit": [ "super-tag", "route-#2" ] // add all of theses tags
    "audit": boolean, object, ... // any other format will be ignored

OpenIG provides a single `audit` decorator by default.

Consumers of AuditEvent are `AuditEventListener`, they have to provide their own Heaplet
implementation that extends `ConditionalListenerHeaplet`. They'll be automatically notified
of emitted AuditEvents and can (optionally) filter the received event using the `condition`
configuration attribute (condition is expressed as an `Expression` that needs to evaluate
to a boolean).

Examples of such event-filtering conditions:

    ${true}
    ${contains(tags, 'tag#1')}
    ${source.name.leaf == 'source'}

git-svn-id: https://svn.forgerock.org/openig/trunk@736 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • 95f1d731   OPENIG-368 (CR-5326) Use exchange.originalUri in OAuth2ClientFilter ... Browse Dir » 
    The Client filter heavily use the `exchange.request.uri` property to compute URIs.

That was causing issues because, in the set of upstream filters/handlers, someone
could have rebased the request URI (usually to globally 'redirect' the message
to the protected application). That was causing wrong URI computations (like an
OAuth2 `redirect_uri` with the hostname of the protected application, instead of
the user-facing one of OpenIG).

This changes fix this behaviour with the introduction of an immutable
`exchange.originalUri` property that is the original request URI, as received by the
web container.

The Client filter is now using this instead of the mutable one (`exchange.request.uri`).

Updated the Nascar page sample of the documentation to limit copy/paste errors.

git-svn-id: https://svn.forgerock.org/openig/trunk@735 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     

19 Nov, 2014

1 commit

18 Nov, 2014

1 commit

17 Nov, 2014

2 commits

14 Nov, 2014

1 commit

13 Nov, 2014

2 commits

12 Nov, 2014

1 commit

  • 38836d05   OPENIG-361 Provides tools for decorators to avoid StackOverFlowErrors at creation time ... Browse Dir » 
    A `StackOverFlowError` can be thrown during the Heap init when the configuration file declare
global decorators that have a heap object dependency.

When the globally enabled decorator is first created, it tries to resolve a dependency
from the heap, the heap then tries to decorate that instance, looking for the globally
declared decorator, that is not yet available since it has not finished its initialization,
so the heap think the decorator instance was not created yet and triggers another
decorator instance creation, that will itself try to resolve the dependency, looping
again and again ad nauseam.

The framework cannot provide any guards against that problem right now, the decorators
implementers have to care of this on their own and carefully craft their decorators
to avoid that problem.

The framework can only provide some limited level of support to help developers not
hitting that issue.

Introduced a new `DecoratorHeaplet` abstract class that does not resolve automatically heap
objects at creation time (no `LogSink` and `TemporaryStorage` resolution, as opposed to
`GenericHeaplet` behaviour).

Introduced a `LazyReference<T>` that encapsulate the resolution logic to allow easy
heap object resolution delaying.

Decorator implementation are encouraged to use theses 2 classes (having their `Heaplet`
extending `DecoratorHeaplet` instead of `GenericHeaplet`) and using `LazyReference` when a
heap object dependency is un-avoidable.

Moved `CaptureDecorator` to use the `LazyReference` and updated existing decorator's
heaplet to extend `DecoratorHeaplet`.

Updated javadoc to make that clear for Decorator implementers.

git-svn-id: https://svn.forgerock.org/openig/trunk@699 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     

07 Nov, 2014

5 commits

  • 70a47970   OPENIG-338 ... Browse Dir » 
    Wrong charset used in Entity class
- Added static UTF_8 Charset.
- Replaced newDecodedContentReader(null)
by newDecodedContentReader(UTF_8) in entity#getJson.

git-svn-id: https://svn.forgerock.org/openig/trunk@695 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    violette
     
  • 61cbf492   OPENIG-264 Supports zero-length Durations ... Browse Dir » 
    That will be useful to support deactivation marker values when configuring cache timeouts.

This fix support both `zero` and `disabled` as zero-length Duration markers.
When the parsed String value also represents a zero-length duration (like `0 days and 0 ms`),
the special ZERO marker duration is returned.

Updated documentation as well.

git-svn-id: https://svn.forgerock.org/openig/trunk@692 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • 2fd96997   OPENIG-371 (CR-5157) Expose the source Name to the Logger API ... Browse Dir » 
    In order to facilitate OPENIG-370 (log simplification), we now expose the Name
of the log source to the Logger. This has a number of implications:
 * `LogEntry.source` has been splited into the `source` and `type` attributes.
source being the original Name and type being the type of the entry (like
`log`, `started`, `elapsed`, ...). Log messages have the `log` type and
exception's messages have the `throwable` type.
 * Logger is no more a LogSink implementation
 * LogEntry has been adapted to directly use Logger instead of LogSink (this way
it can benefit of the Logger.source attribute's value automatically)
 * Logger do not "rebase" the source name anymore: can't do that since source
is not a String anymore.
 * That solves the source duplication issue of OPENIG-370

LogSink interface has been adapted to have a source Name instead of a source
String when trying to determine if something is legible.

LogSink implementations (ConsoleLogSink and FileLogSink) have been changed to
keep an output as close as possible as what we have previously (don't want to
work on OPEN-370 yet).

git-svn-id: https://svn.forgerock.org/openig/trunk@689 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • 46839327   OPENIG-371 (CR-5157) Support hierarchical names to uniquely identify heap objects ... Browse Dir » 
    A Name is a recursive object based on a leaf name and a parent Name.

Each Heap as a unique Name used to scope names of the managed heap objects.
Each heap object has a unique Name whose parent is the container Heap.

The Heaplet interface has been updated to give the Name instead of just a String.

The name of each created heap is based on the resource name.

git-svn-id: https://svn.forgerock.org/openig/trunk@688 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     
  • 397990d0   OPENIG-320 CR-5181 Rename KeyStore 'file' option to 'url' ... Browse Dir » 
    git-svn-id: https://svn.forgerock.org/openig/trunk@687 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    matthew
     

06 Nov, 2014

1 commit

05 Nov, 2014

2 commits

04 Nov, 2014

1 commit

03 Nov, 2014

2 commits

31 Oct, 2014

2 commits

30 Oct, 2014

4 commits

29 Oct, 2014

1 commit

  • 6f011d88   OPENIG-358 (CR-5060) Improve generated names for inline object declarations ... Browse Dir » 
    Although the JSON pointer is sufficient to guarantee unicity of a name
within the scope of a heap, it makes it hard for reader to link that name
to the configuration object they provided.

This patch supports both improvements:
* if a `name` attribute is provided in the declaration, use it as-is
* if not, prepend the `type` attribute value to the pointer String to help identification

This patch also updates the logs samples provided in the documentation.

git-svn-id: https://svn.forgerock.org/openig/trunk@666 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier
     

24 Oct, 2014

6 commits

23 Oct, 2014

1 commit

  • b0eba0dc   OPENIG-339 (CR-4964) Provide more log information when route building fails ... Browse Dir » 
    Exception's messages does not have to include the message of their parent anymore.
When a route failed to load for any reason, all the chained exception's
messages are logged as errors up to the root cause, and the full stack
trace is logged at the DEBUG level.

Notice that the LogSink you have to configure is the one of the Router itself (in
the JSON configuration where the Router handler is declared), configuring the LogSing
of the failed route configuration will not help.

git-svn-id: https://svn.forgerock.org/openig/trunk@657 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
    guillaume.sauthier