726: Finalize v1.0 for release with Schema Registry

Task-Url: https://minfba.de.dariah.eu/mantisbt/view.php?id=726

dariahsp-core/src/main/java/eu/dariah/de/dariahsp/saml/web/controller/MetadataController.java

@@ -203,6 +203,7 @@ public class MetadataController {
         extendedMetadata.setRequireLogoutRequestSigned(metadata.isRequireLogoutRequestSigned());
         extendedMetadata.setRequireLogoutResponseSigned(metadata.isRequireLogoutResponseSigned());
         extendedMetadata.setRequireArtifactResolveSigned(metadata.isRequireArtifactResolveSigned());
+        extendedMetadata.setRequireAttributeQuerySigned(metadata.isRequireAttributeQuerySigned());
         extendedMetadata.setSslHostnameVerification(metadata.getSslHostnameVerification());
 
         // Metadata signing

dariahsp-core/src/main/java/eu/dariah/de/dariahsp/web/CheckUserFilter.java

@@ -50,7 +50,7 @@ public class CheckUserFilter extends GenericFilterBean implements InitializingBe
 	
 	@Override
 	public void afterPropertiesSet() throws ServletException {
-		if (attributeAggregation && incompleteAttributesRedirect==null || hostedEntityId==null) {
+		if (attributeAggregation && (incompleteAttributesRedirect==null || hostedEntityId==null)) {
 			throw new ServletException("Invalid CheckUserFilter set up; redirect and entityId must be set if attribute aggregation is enabled");
 		}
 		super.afterPropertiesSet();

dariahsp-sample/src/main/java/eu/dariah/de/dariahsp/sample/controller/HomeController.java

@@ -22,7 +22,7 @@ public class HomeController  {
 	@Autowired private ServletContext servletContext;	
 	@Autowired private AuthInfoHelper authInfoHelper;
 		
-	@Value("#{environment.saml?environment.saml:false}")
+	@Value("#{environment.saml!=null?environment.saml:false}")
 	private boolean saml;
 	
 	@RequestMapping(value = {"", "/", "/protected/home", "/overprotected/home"}, method = RequestMethod.GET)

dariahsp-sample/src/main/resources/dariahsp_local_sample.yml

+auth:
+  local: 
+    users:  
+      - username: 'admin'
+        passhash: '$2a$10$nbXRnAx5wKurTrbaUkT/MOLXKAJgpT8R71/jujzPwgXXrG.OqlBKW'
+        roles: ["ROLE_ADMINISTRATOR"]
+      - username: 'tgradl'
+        passhash: '$2a$10$EeajSQQUepa7H7.g4xQCaeO.hjUwh0yzYCMrfOkWCZGe1IiWaexa6'
+        roles: ["ROLE_CONTRIBUTOR"]
+  saml:
+    keystore:
+      path: /data/_srv/minfba/minfba-de-dariah-eu.jks
+      # Comment if keystore is not protected by password
+      pass: 'hairad'
+      alias: minfba.de.dariah.eu
+      aliaspass: 'hairad'
\ No newline at end of file

dariahsp-sample/src/main/resources/spring/config-context.xml

@@ -8,7 +8,7 @@
 	<context:annotation-config/>
 	
 	<bean id="configLocation" class="java.lang.String">
-		<constructor-arg value="classpath:dariahsp.yml" />
+		<constructor-arg value="classpath:dariahsp_local_sample.yml" />
 	</bean>
 	<bean id="properties" class="org.springframework.beans.factory.config.YamlPropertiesFactoryBean">
 	    <property name="resources" ref="configLocation"/>

dariahsp-sample/src/main/resources/spring/security/security-context-common.xml

@@ -55,6 +55,12 @@
     	<property name="requestCache" ref="requestCache" />	
     </bean>   
     
+    <!-- Provider of default SAML Context -->
+    <bean id="contextProvider" class="eu.dariah.de.dariahsp.saml.AttributeContextProvider"/>
+    
+    <!-- The filter is waiting for connections on URL suffixed with filterSuffix and presents SP metadata there -->
+    <bean id="metadataDisplayFilter" class="org.springframework.security.saml.metadata.MetadataDisplayFilter"/>
+    
     <!-- This probably needs to be changed to a persisting extension of BaseUserService -->
     <bean id="userDetailsService" class="eu.dariah.de.dariahsp.sample.service.CachingUserServiceImpl">
     	<property name="defaultAuthority" value="Authenticated User" />

dariahsp-sample/src/main/resources/spring/security/security-context-local.xml

@@ -38,6 +38,7 @@
     <!-- Filters for processing of local authentication -->
     <bean id="authFilter" class="org.springframework.security.web.FilterChainProxy">
     	<security:filter-chain-map request-matcher="ant">
+    		<security:filter-chain pattern="/saml/metadata/**" filters="metadataDisplayFilter"/>
         	<security:filter-chain pattern="/localsec/login/**" filters="loginFilter"/>
         	<security:filter-chain pattern="/localsec/logout/**" filters="logoutFilter"/>
         </security:filter-chain-map>

dariahsp-sample/src/main/resources/spring/security/security-context-saml.xml

@@ -124,9 +124,6 @@
         <property name="idpDiscoveryResponseURL" value="${auth.saml.sp.discovery.return}" />
     </bean>
  
-    <!-- The filter is waiting for connections on URL suffixed with filterSuffix and presents SP metadata there -->
-    <bean id="metadataDisplayFilter" class="org.springframework.security.saml.metadata.MetadataDisplayFilter"/>
-
     <!-- Configure HTTP Client to accept certificates from the keystore for HTTPS verification -->
     <!--
     <bean class="org.springframework.security.saml.trust.httpclient.TLSProtocolConfigurer">
@@ -236,10 +233,6 @@
 	</bean>
     
 
-
-    <!-- Provider of default SAML Context -->
-    <bean id="contextProvider" class="eu.dariah.de.dariahsp.saml.AttributeContextProvider"/>
-
     <!-- Processing filter for WebSSO profile messages -->
     <bean id="samlWebSSOProcessingFilter" class="org.springframework.security.saml.SAMLProcessingFilter">
         <property name="authenticationManager" ref="authenticationManager"/>

dariahsp-sample/src/main/webapp/WEB-INF/view/jsp/saml/metadataGenerator.jsp

@@ -251,6 +251,19 @@
 							</div>
   						</div>
   					
+						<div class="form-group">
+  							<label for="requireAttributeQuerySigned" class="col-sm-3 control-label">Require signed attribute Assertion:</label>
+							<div class="col-sm-3">
+                                <sf:select cssClass="form-control" path="requireAttributeQuerySigned" id="requireAttributeQuerySigned" multiple="false">
+                                    <sf:option value="true">Yes</sf:option>
+                                    <sf:option value="false">No</sf:option>
+                                </sf:select>
+							</div>
+							<div class="col-sm-9 col-sm-offset-3">
+								<sf:errors cssClass="error" element="div" path="requireAttributeQuerySigned" />
+							</div>
+  						</div>
+
   						<div class="form-group">
   							<label for="requireLogoutRequestSigned" class="col-sm-3 control-label">Require signed LogoutRequest:</label>
 							<div class="col-sm-3">

dariahsp-sample/src/main/webapp/WEB-INF/view/jsp/saml/providerView.jsp

@@ -16,6 +16,9 @@
 						<a class="btn btn-link btn-sm" href="<s:url value="/saml/web/metadata" />">
 							<span class="glyphicon glyphicon-arrow-left"></span> back to list
 						</a>
+						<a class="btn btn-default btn-sm" href="<s:url value="/saml/web/metadata/removeProvider?providerIndex=${providerIndex}" />">
+							<span class="glyphicon glyphicon-trash"></span> remove provider
+						</a>
 					</div>
 				</div>
 				<div>