Merge branch 'release/1.0.1'

.travis.yml

@@ -1,7 +1,17 @@
 language: java
-
 jdk:
-  - oraclejdk8
-
+- oraclejdk8
+script:
+- ./gradlew releaseZip
 after_success:
-  - bash <(curl -s https://codecov.io/bash)
+- bash <(curl -s https://codecov.io/bash)
+deploy:
+  provider: releases
+  api_key:
+    secure: ybw1Ycp9bk92wPXunEjp2LEexG1BXK6E52UP/7ka3BMQZT1hgb1E14YUaXO04QywmJSNfTfe31T8JvFFzIChpLNDowjfW6t8C1pxkiul1ewj3/ZsWW4e1yi2JVswkz6IFwO8/9txKkrqF6EFjW3rfQguqgA/utOHz3nuHZBRSEmff/V+rBOEz4m2/AbvfIY2/lZpZjNcUFmWV/E1DsreWptmjYUJ40a55UajtasjoB1o4gjSKI5QpI6lucrUQlLScl8py7s87RRTUDzpigplmGlsGoqsOYI8x1pdZBofUx60wWgb6rk3SbbP9+22nxkQfMp2TA6f/2SLLscaMuR694zra4tdWwOlPtFpRQGIr2nrU1VbI/6lUmK5MslVk83++w7ghsYHkRZDDf3Bcmg2iG+pjVlnOUN+t0I8p8QMkPVPdlhXGOVF/X4owCygqpESfXMiXnS0b7xvqiIwtK8NwsL9monP1KYdpfFvmjiGsq4gHc7iJgwmfVYvHbZCISYm6C1UXhRL9bgInYZa5LeTf27HmT/NerQGtGP9RkfhDRFOCsERQlzQ57PE3joZQ+UYjcaJQ6H2NTVjefzBBk0SpwjNwnql95eYDVz+FFdlmupzYwM6XzesvOw0LPgRLF2hwX7/VE6oqg4EFkCkam5rMaMaQihzPH2aHrJbWucGuLk=
+  file: 
+  - build/distributions/identio-server.tar.gz
+  - build/distributions/identio-server.zip  
+  on:
+    repo: identio/identio-server
+

Dockerfile

@@ -0,0 +1,28 @@
+FROM ubuntu:16.04
+
+# Add the sources to the application
+ADD . /tmp/identio-server-build
+
+# Prepare system and install Java
+RUN groupadd -r identio && useradd -r -g identio identio \
+	&& apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C2518248EEA14886 \
+	&& echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu xenial main" >> /etc/apt/sources.list \
+	&& apt-get update \
+	&& echo oracle-java8-installer shared/accepted-oracle-license-v1-1 select true | /usr/bin/debconf-set-selections \
+	&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends oracle-java8-installer \
+	&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends bzip2 git \	
+	&& cd /tmp/identio-server-build \
+	&& ./gradlew releaseTarGz \
+	&& cd /opt \
+	&& tar -xzvf /tmp/identio-server-build/build/distributions/identio-server.tar.gz \
+	&& cp /tmp/identio-server-build/docker/entrypoint.sh / \
+	&& rm -rf /tmp/identio-server-build \
+	&& apt-get remove -y --auto-remove bzip2 git \
+	&& rm -rf /var/lib/apt/lists/* \
+	&& chown -R identio:identio /opt/identio-server/config/work
+
+USER identio
+
+WORKDIR /opt/identio-server
+
+ENTRYPOINT ["/entrypoint.sh"]

README.md

@@ -1,6 +1,22 @@
 # identio-server
 
 [![Build Status](https://travis-ci.org/identio/identio-server.svg?branch=master)](https://travis-ci.org/identio/identio-server)
+[![Codacy Badge](https://api.codacy.com/project/badge/Grade/6492f8836753496c8084f3974dc7c3a2)](https://www.codacy.com/app/identio/identio-server)
 
 A modern and flexible authentication server.
 
+## Quick setup
+
+Get a working authentication server on your workstation in less than 5 minutes. Also, special care has been taken to make configuration the most straightforward possible.
+
+[Get Started >>](https://identio.github.io/docs/identio-server/getting-started/)
+
+## Flexible
+
+Ident.io supports out-of-the-box many different authentication providers and let you fine-tune how your users authenticate through a flexible authentication policy based on authentication levels.
+
+[Read the documentation >>](https://identio.github.io/docs/identio-server/reference/)
+
+## Small footprint
+
+Ident.io has a minimal footprint, yet a single instance is able to handle hundreds of authentications per second. Ident.io can easily be deployed as a stand-alone application or in a Docker container.

build.gradle

@@ -15,8 +15,9 @@ buildscript {
 }
 
 plugins {
-  id "com.moowork.node" version "0.12"
-  id "com.moowork.grunt" version "0.12"
+  id 'com.moowork.node' version '0.13'
+  id 'com.moowork.grunt' version '0.13'    
+  id 'com.github.ben-manes.versions' version '0.13.0'
 }
 
 apply plugin: 'java'
@@ -29,20 +30,6 @@ apply plugin: 'application'
 sourceCompatibility = 1.8
 targetCompatibility = 1.8
 
-/*
- * Gets the version name from the latest Git tag
- */
-def getVersionName = { ->
-    def stdout = new ByteArrayOutputStream()
-    exec {
-        commandLine 'git', 'describe', '--tags'
-        standardOutput = stdout
-    }
-    return 'v' + stdout.toString().trim()
-}
-
-version = getVersionName()
-
 repositories {
     mavenCentral()
     maven { url "http://repo.spring.io/snapshot" }
@@ -59,7 +46,7 @@ dependencies {
     	exclude group: 'org.hibernate', module: 'hibernate-validator'
     }
     compile("org.springframework.boot:spring-boot-devtools:${springBootVersion}")
-    compile("org.springframework.security:spring-security-web:4.1.1.RELEASE")
+    compile("org.springframework.security:spring-security-web:4.1.2.RELEASE")
     compile('org.apache.commons:commons-pool2:2.4.2')
 	compile('com.github.identio:identio-saml:1.0.2')
 	compile('com.google.guava:guava:19.0')
@@ -127,7 +114,7 @@ grunt {
 
 task bowerInstall(type: NodeTask) {
   script = file('ui/node_modules/bower/lib/bin/bower.js')
-  args = ['install']
+  args = ['install', '--allow-root']
   execOverrides {
     it.ignoreExitValue = true
     it.workingDir = file("${project.projectDir}/ui")
@@ -137,18 +124,20 @@ task bowerInstall(type: NodeTask) {
 /// *** Packaging *** ///
 
 def distributionsCopySpec = copySpec {
-    into("identio-server-$version") {
+    into("identio-server") {
 
     	from 'README.md'
         from 'LICENSE'
 
         into('bin') {
            	from 'scripts/password-generator'
            	from 'scripts/start'
+           	fileMode 0755
         }
         into('lib') {
            	from(jar)
        		from(project.configurations.runtime)
+       		exclude 'spring-boot-devtools-*'
         }
         into('config') {
         	from 'sample-config'
@@ -159,33 +148,22 @@ def distributionsCopySpec = copySpec {
     }
 }
 
-distributions {
-    main {
-        contents {
-    		from 'README.md'
-        	from 'LICENSE'
-
-
-        	into('config') {
-        		from 'sample-config'
-        	}
-        	into('ui') {
-        		from 'ui/dist'
-        	}
-        }
-    }
-}
+grunt_build.mustRunAfter bowerInstall
+bowerInstall.mustRunAfter npmInstall
+npmInstall.mustRunAfter clean
+jar.mustRunAfter clean
 
-task releaseZip(type: Zip, dependsOn: ['jar', 'grunt_build']) {
+task releaseZip(type: Zip, dependsOn: ['clean', 'jar', 'bowerInstall', 'npmInstall', 'grunt_build']) {
    description 'Build a release in zip format'
-   with distributionsCopySpec 
+   with distributionsCopySpec
+   archiveName = "identio-server.zip"
 }
 
-task releaseTarGz(type: Tar, dependsOn: ['jar', 'grunt_build']) { 
+task releaseTarGz(type: Tar, dependsOn: ['clean', 'jar', 'bowerInstall', 'npmInstall', 'grunt_build']) { 
    description 'Build a release in tar.gz format'
    compression = Compression.GZIP
-   extension = "tar.gz"
-   with distributionsCopySpec 
+   with distributionsCopySpec
+   archiveName = "identio-server.tar.gz"
 }
 
 task wrapper(type: Wrapper) {

docker/entrypoint.sh

@@ -0,0 +1,4 @@
+#!/bin/bash
+./bin/identio-server --identio.config=config/identio-config.yml
+
+

src/main/java/net/identio/server/boot/StaticResourceConfiguration.java

@@ -44,7 +44,7 @@ public void addResourceHandlers(ResourceHandlerRegistry registry) {
 		// Spring resource mapping is picky about the format of the path we
 		// provide it.. The trailing file separator IS important...
 		if (!resourceLocation.endsWith(File.separator)) {
-			resourceLocation += File.separator;
+			resourceLocation = new StringBuilder(resourceLocation).append(File.separator).toString();
 		}
 
 		registry.addResourceHandler("/**").addResourceLocations(resourceLocation);

src/main/java/net/identio/server/model/AuthLevel.java

@@ -23,7 +23,7 @@ public class AuthLevel {
 
 	private String name;
 	private String urn;
-	private int strength = 0;
+	private int strength;
 
 	public String getName() {
 		return name;

src/main/java/net/identio/server/model/LdapPoolConfig.java

@@ -23,8 +23,8 @@ public class LdapPoolConfig {
 
 	private int minIdleConnections = 4;
 	private int maxIdleConnections = 8;
-	private boolean testWhileIdle = false;
-	private boolean testOnBorrow = false;
+	private boolean testWhileIdle;
+	private boolean testOnBorrow;
 	private String testRequestFilter = "(objectclass=*)";
 	private int timeBetweenEvictionRuns = 30;
 	private int numTestsPerEvictionRun = 4;

src/main/java/net/identio/server/model/SamlAuthMethod.java

@@ -22,7 +22,7 @@ License, or (at your option) any later version.
 public class SamlAuthMethod extends AuthMethod {
 
 	private String metadata;
-	private boolean certificateCheckEnabled = false;
+	private boolean certificateCheckEnabled;
 	private SamlAuthMap samlAuthMap;
 
 	public SamlAuthMethod() {

src/main/java/net/identio/server/model/SamlIdpConfiguration.java

@@ -28,7 +28,7 @@ public class SamlIdpConfiguration {
 	private String contactPersonEmail;
 	private String keystore;
 	private String keystorePassword;
-	private boolean allowUnsecureRequests = false;
+	private boolean allowUnsecureRequests;
 	private boolean certificateCheckEnabled;
 	private int tokenValidityLength;
 	private int allowedTimeOffset;

src/main/java/net/identio/server/mvc/common/AuthentController.java

@@ -28,19 +28,26 @@ License, or (at your option) any later version.
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.ServletRequestBindingException;
 import org.springframework.web.bind.annotation.CookieValue;
+import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.ResponseStatus;
 import org.springframework.web.bind.annotation.RestController;
 
+import net.identio.server.exceptions.SamlException;
+import net.identio.server.exceptions.ServerException;
 import net.identio.server.exceptions.ValidationException;
 import net.identio.server.model.AuthMethod;
 import net.identio.server.model.SamlAuthRequestGenerationResult;
 import net.identio.server.model.State;
 import net.identio.server.model.UserPasswordAuthentication;
 import net.identio.server.model.ValidationResult;
+import net.identio.server.model.api.ApiErrorResponse;
 import net.identio.server.model.api.AuthMethodResponse;
 import net.identio.server.model.api.AuthSubmitRequest;
 import net.identio.server.model.api.AuthSubmitResponse;
@@ -119,4 +126,22 @@ public List<AuthMethodResponse> getAuthMethods(@RequestHeader(value = "X-Transac
 		return list;
 	}
 
+	@ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR)
+	@ExceptionHandler(ServerException.class)
+	public ApiErrorResponse handleServerException(SamlException e) {
+		return new ApiErrorResponse("error.server", e.getMessage());
+	}
+
+	@ResponseStatus(HttpStatus.BAD_REQUEST)
+	@ExceptionHandler(ValidationException.class)
+	public ApiErrorResponse handleValidationException(ValidationException e) {
+		return new ApiErrorResponse("error.validation", e.getMessage());
+	}
+
+	@ResponseStatus(HttpStatus.BAD_REQUEST)
+	@ExceptionHandler(ServletRequestBindingException.class)
+	public ApiErrorResponse handleServletRequestBindingException(ServletRequestBindingException e) {
+		return new ApiErrorResponse("error.mssing.parameter", e.getMessage());
+	}
+
 }

src/main/java/net/identio/server/mvc/common/GlobalControllerExceptionHandler.java

@@ -21,6 +21,7 @@ License, or (at your option) any later version.
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.ServletRequestBindingException;
 import org.springframework.web.bind.annotation.ControllerAdvice;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.ResponseStatus;
@@ -36,13 +37,19 @@ public class GlobalControllerExceptionHandler {
 
 	@ResponseStatus(HttpStatus.INTERNAL_SERVER_ERROR)
 	@ExceptionHandler(ServerException.class)
-	private String handleServerException() {
+	public String handleServerException() {
 		return errorController.displayErrorPage("error.server");
 	}
 
 	@ResponseStatus(HttpStatus.BAD_REQUEST)
 	@ExceptionHandler(ValidationException.class)
-	private String handleValidationException() {
+	public String handleValidationException() {
 		return errorController.displayErrorPage("error.validation");
 	}
+
+	@ResponseStatus(HttpStatus.BAD_REQUEST)
+	@ExceptionHandler(ServletRequestBindingException.class)
+	public String handleServletRequestBindingException() {
+		return errorController.displayErrorPage("error.missing.parameter");
+	}
 }

src/main/java/net/identio/server/mvc/common/LogoController.java

@@ -76,7 +76,7 @@ public void getLogo(@PathVariable("authMethodName") String authMethodName, HttpS
 			byte[] buf = new byte[2048];
 			ServletOutputStream os = response.getOutputStream();
 
-			while ((is.read(buf)) != -1) {
+			while (is.read(buf) != -1) {
 				os.write(buf);
 			}
 

src/main/java/net/identio/server/mvc/common/PreAuthController.java

@@ -62,7 +62,7 @@ public String checkTransparentAuthentication(HttpServletRequest httpRequest, Htt
 
 		X509Authentication authentication = null;
 
-		if (clientAuthCerts != null || (userCert != null && sharedSecret != null)) {
+		if (clientAuthCerts != null || userCert != null && sharedSecret != null) {
 			authentication = new X509Authentication((X509Certificate[]) clientAuthCerts, userCert, sharedSecret);
 		}