Commit fa1a6472 authored by Gradl, Tobias's avatar Gradl, Tobias
Browse files

v2.0 will be a complete rewrite of the library and sample app

parent 896280e4
Pipeline #17379 failed with stage
in 7 seconds
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
# dariahsp
This library contains a wrapper for Spring Security SAML, along with extensions useful particularly for the context of DARIAH-DE. Fundamentally, this library distinguishes two authentication methods: the *local* method is intended primarily for developer and test setups, the *saml* method is targeted towards production environments.
Both methods can easily be tested with the dariahsp-sample web application. By setting the *saml* environment variable to true (`-Dsaml=true`), the SAML service provider configuration is activated. Without the parameter, local logins (default user: *admin/password*) are supported.
## Prerequisites
### Java Keystore
Even with the *local* authentication method, the dariahsp-sample application requires the configuration of a Java keystore (jks). This is mainly due to the SAML metadata generation functionality, which is available when local logins are used in order to help with installations of SAML service providers: starting the sample application in local authentication mode, the home screen of the application shows two links *SAML metadata...*, which support SAML metadata management (see SAML section below).
Based on a X.509 keypair and certificate chains, a keystore can easily be consolidated with `openssl` and the `keytool` (comes with Java installation). The followings steps show the commands for the example of the keystore for minfba.de.dariah.eu and the appropriate input. Please modify accordingly:
#### 1. Convert pem/pem keypair to p12 for easier input
For the -name argument make sure to chose as *name* the later alias of the keypair in the keystore.
```
$ openssl pkcs12 -export -name minfba.de.dariah.eu -in minfba-de-dariah-eu.crt -inkey minfba-de-dariah-eu.key > minfba-de-dariah-eu.p12
```
#### 2. Import p12 keypair and create Java keystore
Specified in the following step with the -alias argument note the reuse of the same key name as above. Basically this step imports an existing PKCS based "keystore" into a newly created jks.
```
$ keytool -importkeystore -alias minfba.de.dariah.eu -srckeystore minfba-de-dariah-eu.p12 -destkeystore minfba-de-dariah-eu.jks -srcstoretype pkcs12
```
#### 3. Import required trusted ca certificates
In the particular DARIAH-DE case this means 1) the chain of our keypair and 2) the trusted SAML metadata provider keychains of the [DFN AAI](https://www.aai.dfn.de/teilnahme/metadaten/).
```
$ keytool -import -trustcacerts -alias gwdg_certificate_chain_g2 -file gwdg_certificate_chain_g2.pem -keystore minfba-de-dariah-eu.jks
$ keytool -import -trustcacerts -alias dfn-aai -file dfn-aai.pem -keystore minfba-de-dariah-eu.jks
$ keytool -import -trustcacerts -alias dfn-aai-g2 -file dfn-aai.g2.pem -keystore minfba-de-dariah-eu.jks
```
#### GUI Support for Java Keystores
A convenient GUI-based option to view and edit Java keystore can be found in the [KeyStore Explorer](http://keystore-explorer.org/)
### Local user accounts
Local user accounts are configured in the central configuration file of the sample application. Passwords are encoded as Bcrypt hashes. In order to create your own hashes a convenience method has been implemented within the dariahsp-core library. As there are some required dependencies, you can download the latest [dariahsp-core-*-jar-with-dependencies.jar](https://minfba.de.dariah.eu/artifactory/list/dariah-minfba-snapshots/eu/dariah/de/dariahsp-core/).
To then create bcrypt passwords from a shell:
```
$ java -cp dariahsp-core-0.0.4-SNAPSHOT-jar-with-dependencies.jar eu.dariah.de.dariahsp.local.BCryptPasswordCreator
```
## Implementing security
Spring security related configuration is packed in three context files:
* *security-context-common.xml* contains all security related beans that are relevant for both local and SAML based authentication methods. The common context is included in the -local and -saml context files.
* *security-context-local.xml* defines beans only necessary in local authentication enviroments.
* *security-context-saml.xml* respectively only includes beans that are required for SAML processing.
With the environment flag `-Dsaml=true` the local context is no longer loaded and the saml context comes into play. When set to false or missing, the local context is loaded.
### 1. Local authentication
Without specifying the saml environment parameter, the sample application starts in local authentication mode.
A sample **dariahsp.yml** (`src/main/resources`) configuration
```yaml
auth:
local:
users:
- username: 'admin'
#this hash represents the BCrypt encoded 'password'
passhash: '$2a$10$nbXRnAx5wKurTrbaUkT/MOLXKAJgpT8R71/jujzPwgXXrG.OqlBKW'
roles: ["ROLE_ADMINISTRATOR"]
saml:
keystore:
path: /path/to/keystore.jks
#Uncomment if keystore is not protected by password
#pass: 'somepass'
alias: minfba.de.dariah.eu
#leave aliaspass empty if no password has been set
aliaspass: 'aliaspass'
```
### 2. SAML SP metadata
Once the application is set up two SAML metadata related links are shown on the homepage:
* *SAML metadata link* (`/saml/metadata`) allows you to download the current SAML metadata. Please note: if you have not configured any SAML related configuration parameters, a (probably too) simple metadata set is generated automatically.
* *SAML metadata management* (`/saml/web/metadata`) leads you to SAML metadata management functionalities that allows the configuration of SAML related options
#### Important for attribute queries
In DARIAH-DE SAML attribute queries are utilized to aggregate account information for non-DARIAH users. If a user e.g. authenticates with his home-university account, he needs to accept the DARIAH-DE Terms of Use in order to operate DARIAH-DE services. The attribute indicating whether or not the TOU have been accepted are stored centrally within the DARIAH-DE infrastructure - not with the home-account of the user. For this reason - after initially logging in - an attribute query to the central DARIAH-DE IdP is necessary.
Required attributes currently need to be preconfigured before creating the SAML SP metadata in the next step. The following configuration shows you the parameters currently applied for DARIAH-DE services. Please note that this configuration still relies on local authentication and merely defines the reqired attributes for metadata generation:
```yaml
auth:
local:
users:
- username: 'admin'
#this hash represents the BCrypt encoded 'password'
passhash: '$2a$10$nbXRnAx5wKurTrbaUkT/MOLXKAJgpT8R71/jujzPwgXXrG.OqlBKW'
roles: ["ROLE_ADMINISTRATOR"]
saml:
keystore:
path: /path/to/keystore.jks
#Uncomment if keystore is not protected by password
#pass: 'somepass'
alias: minfba.de.dariah.eu
#leave aliaspass empty if no password has been set
aliaspass: 'aliaspass'
sp:
requiredAttributes:
- stage: ATTRIBUTES
required: true
attributeGroup:
- check: AND
attributes:
- friendlyName: mail
name: urn:oid:0.9.2342.19200300.100.1.3
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
- stage: ATTRIBUTES
required: true
attributeGroup:
- check: OR
attributes:
- friendlyName: dariahTermsOfUse
name: urn:oid:1.3.6.1.4.1.10126.1.52.4.15
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
value: Terms_of_Use_v5.pdf
- friendlyName: dariahTermsOfUse
name: urn:oid:1.3.6.1.4.1.10126.1.52.4.15
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
value: foobar-service-agreement_version1.pdf
- stage: AUTHENTICATION
required: true
attributeGroup:
- check: AND
attributes:
- friendlyName: eduPersonPrincipalName
name: urn:oid:1.3.6.1.4.1.5923.1.1.1.6
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
- stage: AUTHENTICATION
required: false
attributeGroup:
- check: OPTIONAL
attributes:
- friendlyName: mail
name: urn:oid:0.9.2342.19200300.100.1.3
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
- friendlyName: displayName
name: urn:oid:2.16.840.1.113730.3.1.241
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
```
#### Metadata generation
After successfully restarting the application with the required attributes (if there are any), follow the link to *SAML metadata management* and confirm the *Generate metadata* button.
In the following list, appropriate options for DARIAH-DE SPs are indicated. For other use-cases please change the selections accordingly:
* *Store for current session*: Yes (allows you to later download the metadata file)
* *Entity ID*: Identifier for the service provider (e.g. 'https://minfba.de.dariah.eu'; note: must be a URL for registration with DFN AAI)
* *Entity base URL*: Hosted URL of the SP (e.g. 'https://minfba.de.dariah.eu:443/dariahsp')
* *Entity alias*: alias of the SP (e.g. 'dariahsp')
* *Signing key*, *Encryption key*, *SSL/TLS client authentication*: select available key in configured keystore
* *Signature security profile*: leave default
* *SSL/TLS security profile*: leave default
* *SSL/TLS hostname verification*: leave default
* *Sign metadata*: Yes
* *Sign metadata*: 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
* *Sign sent AuthNRequests: Yes
* *Require signed authentication Assertion*: Yes
* *Require signed attribute Assertion*: Yes
* *Require signed LogoutRequest*: Yes
* *Require signed LogoutResponse*: No
* *Require signed ArtifactResolve*: Yes
* *Single sign-on bindings*: leave defaults
* *Supported NameIDs*: leave defaults
* *Enable IDP discovery profile*: Yes
* *Custom URL for IDP discovery*: **leave empty** (in this case custom **local** URL, not WAYF)
* *Include IDP discovery extension in metadata*: Yes
After selecting *Generate metadata* both the required metadata and configuration parameters are created. Click on *Download entity metadata* and store the file persistently in your server's file system.
### 3. Switch to SAML Authentication
With the generated metadata and configuration options, the application has complete information to switch to the SAML authentication method.
#### Register metadata
In addition to setting up your SP, relevant SAML identity providers need to know your metadata in order to provide remote authentication. In the case of DARIAH-DE and the DFN-AAI, metadata can be registered and managed on the pages of the [DFN](https://www.aai.dfn.de/verwaltung/). Seek assistance of the SAML/Shibboleth expert within your organization, project or at the hotline of the DFN.
#### Complete your configuration
Putting it all together, a sample configuration file is presented in the following. As always, modify accordingly.
```yaml
auth:
# Local options are not respected when SAML is activated.
# Options can stay configured, however, in order to simplify method switching in case of problems
local:
users:
- username: 'admin'
passhash: '$2a$10$nbXRnAx5wKurTrbaUkT/MOLXKAJgpT8R71/jujzPwgXXrG.OqlBKW'
roles: ["ROLE_ADMINISTRATOR"]
saml:
keystore:
path: /path/to/keystore.jks
#Uncomment if keystore is not protected by password
#pass: 'somepass'
alias: minfba.de.dariah.eu
#leave aliaspass empty if no password has been set
aliaspass: 'aliaspass'
metadata:
url: https://www.aai.dfn.de/fileadmin/metadata/dfn-aai-test-metadata.xml
#url: https://www.aai.dfn.de/fileadmin/metadata/dfn-aai-basic-metadata.xml
sp:
externalMetadata: /path/to/metadata/in/filesystem/spring_saml_metadata.xml
alias: dariahsp
baseUrr: https://minfba.de.dariah.eu/dariahsp
entityId: minfba.de.dariah.eu_dariahsp
securityProfile: metaiop
sslSecurityProfile: pkix
sslHostnameVerification: default
signMetadata: true
signingAlgorithm: "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
signingKey: minfba.de.dariah.eu
encryptionKey: minfba.de.dariah.eu
tlsKey: minfba.de.dariah.eu
requireArtifactResolveSigned: true
requireAttributeQuerySigned: false
requireLogoutRequestSigned: true
requireLogoutResponseSigned: false
discovery:
enabled: true
url: https://minfba.de.dariah.eu/dariahsp/saml/login/alias/dariahsp?disco:true
return: https://minfba.de.dariah.eu/dariahsp/saml/discovery/alias/dariahsp
allowedNameIds : EMAIL, TRANSIENT, PERSISTENT, UNSPECIFIED, X509_SUBJECT
# Attribute querying (if required)
attributeQuery:
enabled: true
excludedEndpoints:
urls: ["https://ldap-dariah-clone.esc.rzg.mpg.de/idp/shibboleth", "https://idp.de.dariah.eu/idp/shibboleth"]
assumeAttributesComplete: true
queryIdp: https://ldap-dariah-clone.esc.rzg.mpg.de/idp/shibboleth
#queryIdp: https://idp.de.dariah.eu/idp/shibboleth
queryByNameID: false
queryAttribute:
friendlyName: eduPersonPrincipalName
name: urn:oid:1.3.6.1.4.1.5923.1.1.1.6
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
# For now without parameters bc DARIAH Self Service is broken
incompleteAttributesRedirect: "https://dariah.daasi.de/Shibboleth.sso/Login?target=/cgi-bin/selfservice/ldapportal.pl"
#incompleteAttributesRedirect: "https://dariah.daasi.de/Shibboleth.sso/Login?target=/cgi-bin/selfservice/ldapportal.pl%3Fmode%3Dauthenticate%3Bshibboleth%3D1%3Bnextpage%3Dregistration%3Breturnurl%3D{returnUrl}&entityID={entityId}"
#incompleteAttributesRedirect: "https://auth.dariah.eu/Shibboleth.sso/Login?target=/cgi-bin/selfservice/ldapportal.pl%3Fmode%3Dauthenticate%3Bshibboleth%3D1%3Bnextpage%3Dregistration%3Breturnurl%3D{returnUrl}&entityID={entityId}"
requiredAttributes:
- stage: ATTRIBUTES
required: true
attributeGroup:
- check: AND
attributes:
- friendlyName: mail
name: urn:oid:0.9.2342.19200300.100.1.3
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
- stage: ATTRIBUTES
required: true
attributeGroup:
- check: OR
attributes:
- friendlyName: dariahTermsOfUse
name: urn:oid:1.3.6.1.4.1.10126.1.52.4.15
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
value: Terms_of_Use_v5.pdf
- friendlyName: dariahTermsOfUse
name: urn:oid:1.3.6.1.4.1.10126.1.52.4.15
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
value: foobar-service-agreement_version1.pdf
- stage: AUTHENTICATION
required: true
attributeGroup:
- check: AND
attributes:
- friendlyName: eduPersonPrincipalName
name: urn:oid:1.3.6.1.4.1.5923.1.1.1.6
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
- stage: AUTHENTICATION
required: false
attributeGroup:
- check: OPTIONAL
attributes:
- friendlyName: mail
name: urn:oid:0.9.2342.19200300.100.1.3
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
- friendlyName: displayName
name: urn:oid:2.16.840.1.113730.3.1.241
nameFormat: urn:oasis:names:tc:SAML:2.0:attrname-format:uri
```
## Further information
* The library and sample are based on the [Spring Security SAML Extension](http://projects.spring.io/spring-security-saml/) where you can find more information on some of the configuration parameters and options
* Information on attribute querying and the AAI in DARIAH-DE can be found in the [DARIAH-DE Wiki](https://wiki.de.dariah.eu/display/publicde/DARIAH+AAI+Documentation)
## Dependencies
The library and sample application are currently deployed to a Maven repository:
```xml
<repository>
<id>minfba-releases</id>
<name>minfba-releases</name>
<url>https://minfba.de.dariah.eu/artifactory/dariah-minfba-releases</url>
</repository>
<snapshotRepository>
<id>minfba-snapshots</id>
<name>minfba-snapshots</name>
<url>https://minfba.de.dariah.eu/artifactory/dariah-minfba-snapshots</url>
</snapshotRepository>
```
The [current release version](https://minfba.de.dariah.eu/artifactory/webapp/#/artifacts/browse/tree/General/dariah-minfba-releases/eu/dariah/de/dariahsp-core/1.0.0/dariahsp-core-1.0.0.jar) of the library:
```xml
<dependency>
<groupId>eu.dariah.de</groupId>
<artifactId>dariahsp-core</artifactId>
<version>1.0.0</version>
</dependency>
```
\ No newline at end of file
/*buildscript {
repositories {
maven { url 'https://repo.spring.io/plugins-snapshot' }
}
dependencies {
classpath 'io.spring.gradle:dependency-management-plugin:1.0.8.RELEASE'
}
}*/
allprojects {
//apply plugin: "io.spring.dependency-management"
apply plugin: "maven-publish"
group = 'eu.dariah.de'
version = '1.4.0-SNAPSHOT'
repositories {
mavenLocal()
maven {
url = 'https://minfba.de.dariah.eu/nexus/repository/minfba-central/'
}
}
publishing {
publications {
maven(MavenPublication) {
pom {
name = 'DARIAHSP'
url = 'https://gitlab.rz.uni-bamberg.de/dariah/dariahsp'
licenses {
license {
name = 'The Apache License, Version 2.0'
url = 'http://www.apache.org/licenses/LICENSE-2.0.txt'
}
}
developers {
developer {
id = 'tgradl'
name = 'Tobias Gradl'
email = 'tobias.gradl@uni-bamberg.de'
}
}
scm {
connection = 'scm:git:git://gitlab.rz.uni-bamberg.de/dariah/dariahsp.git'
developerConnection = 'scm:git:ssh://gitlab.rz.uni-bamberg.de/dariah/dariahsp.git'
url = 'https://gitlab.rz.uni-bamberg.de/dariah/dariahsp/'
}
issueManagement {
system = 'GitLab'
url = 'https://gitlab.rz.uni-bamberg.de/dariah/dariahsp/issues'
}
}
}
}
repositories {
maven {
def releasesRepoUrl = "https://minfba.de.dariah.eu/nexus/repository/minfba-releases/"
def snapshotsRepoUrl = "https://minfba.de.dariah.eu/nexus/repository/minfba-snapshots/"
if (version.endsWith('SNAPSHOT') || version.endsWith('RELEASE')) {
credentials {
username project.hasProperty('nexususer') ? project.getProperty('nexususer') : ''
password project.hasProperty('nexuspass') ? project.getProperty('nexuspass') : ''
}
url = version.endsWith('SNAPSHOT') ? snapshotsRepoUrl : releasesRepoUrl
} else {
// Have a local test repo under buildDir to be able to test publish but only actually do publish when the version ending matches
url = "$buildDir/repo/"
}
}
}
}
}
subprojects {
apply plugin: "java"
java {
sourceCompatibility = JavaVersion.VERSION_1_8
}
tasks.withType(JavaCompile) {
options.encoding = 'UTF-8'
}
task sourcesJar(type: Jar, dependsOn: classes) {
classifier = 'sources'
from sourceSets.main.allSource
}
task javadocJar(type: Jar, dependsOn: javadoc) {
classifier = 'javadoc'
from javadoc.destinationDir
}
artifacts {
archives sourcesJar
archives javadocJar
}
publishing {
publications {
maven(MavenPublication) {
from(components.java)
artifact(sourcesJar) {}
artifact(javadocJar) {}
}
}
}
}
\ No newline at end of file
dependencies {
compile 'org.springframework.security:spring-security-core:4.2.1.RELEASE'
compile 'de.unibamberg.minf.core:core-metamodel:5.1.2-RELEASE'
compile 'de.unibamberg.minf.core:core-util:5.1.2-RELEASE'
compile 'eu.dariah.eu:spring-security-saml2-core:1.0.3-SNAPSHOT'