Merge branch 'develop'

identio · Nov 21, 2017 · 69dce02 · 69dce02
2 parents 4e8d0c2 + 84eeec1
commit 69dce02
Show file tree

Hide file tree

Showing 262 changed files with 16,721 additions and 7,564 deletions.
diff --git a/.codacy.yml b/.codacy.yml
@@ -0,0 +1,3 @@
+---
+exclude_paths:
+  - 'src/test/**'
diff --git a/.gitignore b/.gitignore
@@ -2,6 +2,7 @@
 /build/
 /.gradle/
 /.settings/
+/.idea/
 /.project
 /.classpath
 .DS_Store

diff --git a/.travis.yml b/.travis.yml
@@ -1,17 +1,23 @@
 language: java
 jdk:
 - oraclejdk8
+- oraclejdk9
+- openjdk8
+before_install:
+  - chmod +x scripts/ci/*.sh
 script:
-- ./gradlew releaseZip
+- ./gradlew release
 after_success:
-- bash <(curl -s https://codecov.io/bash)
+- scripts/ci/upload_test_coverage.sh
 deploy:
   provider: releases
   api_key:
-    secure: ybw1Ycp9bk92wPXunEjp2LEexG1BXK6E52UP/7ka3BMQZT1hgb1E14YUaXO04QywmJSNfTfe31T8JvFFzIChpLNDowjfW6t8C1pxkiul1ewj3/ZsWW4e1yi2JVswkz6IFwO8/9txKkrqF6EFjW3rfQguqgA/utOHz3nuHZBRSEmff/V+rBOEz4m2/AbvfIY2/lZpZjNcUFmWV/E1DsreWptmjYUJ40a55UajtasjoB1o4gjSKI5QpI6lucrUQlLScl8py7s87RRTUDzpigplmGlsGoqsOYI8x1pdZBofUx60wWgb6rk3SbbP9+22nxkQfMp2TA6f/2SLLscaMuR694zra4tdWwOlPtFpRQGIr2nrU1VbI/6lUmK5MslVk83++w7ghsYHkRZDDf3Bcmg2iG+pjVlnOUN+t0I8p8QMkPVPdlhXGOVF/X4owCygqpESfXMiXnS0b7xvqiIwtK8NwsL9monP1KYdpfFvmjiGsq4gHc7iJgwmfVYvHbZCISYm6C1UXhRL9bgInYZa5LeTf27HmT/NerQGtGP9RkfhDRFOCsERQlzQ57PE3joZQ+UYjcaJQ6H2NTVjefzBBk0SpwjNwnql95eYDVz+FFdlmupzYwM6XzesvOw0LPgRLF2hwX7/VE6oqg4EFkCkam5rMaMaQihzPH2aHrJbWucGuLk=
-  file: 
+    secure: "MS6n8kIWSOsjdp8QGwuMe/XfVPaKICrqA2Y5Z3Cd6HWPLpg519mKY3GkiQCVvUgPOF3E3m6uGKKFVMX3DDMFefUqb3XxMICqGjE3rYCJY5f5rWOL0rBmboimjWcJjNUOSJGkIimeah3RMHq/0gCuhYTTTQLuP3lp7/4QNvWmSz4TcMrXDWNGyB+S7qZw1ltsK0avCU4/7SMe2Kbzo5u1ZJ7Vj3coyt1FGIzVtq3clF/gHi6RblbsUBWZAw7YePlb1d5fKJwlV9weK38GOk1DG3eOXmR5IN8yktwQcI+5K945olGyMUAvR0ojrDY3mL0cUUlPGmxiswRkgW8SrK7aS33Pj21KAy3/YGP9cgJ3kuPOwZIczkO/faDAWb2NLUqmSv3OVPFxmI+4F0GxryMVfru2qz+oD6nS6IJQ0ImJnzX1/hgOVH3u4xtc/xdGqOuW1Ah1ctItfoq0Vqd/lF4Vo2Ek/BUqVMzboBZJh6c9SH4P2mfSMu9jwGj0LC5gRtdSu6QUR642a6aebJjiB8UD/GIW17pgppNBc+4DYbSLj6XoF3Ok8fY8KPvgZJqJz3/lfmqPME6p1/X/sgpDDWaTuqrYZ6zmQK4up2/y8xrvrUBDL1buZaNz3DwXZo0doavkGQmOCGEnD/qnp327gN46WXATnHiCp6nPjDAcOo9Mkz0="
+  skip_cleanup: true
+  file:
   - build/distributions/identio-server.tar.gz
   - build/distributions/identio-server.zip  
   on:
-    repo: identio/identio-server
+    tags: true
+    jdk: oraclejdk9
 
diff --git a/Dockerfile b/Dockerfile
@@ -1,24 +1,23 @@
-FROM ubuntu:16.04
+FROM azul/zulu-openjdk-alpine:8
 
 # Add the sources to the application
 ADD . /tmp/identio-server-build
 
-# Prepare system and install Java
-RUN groupadd -r identio && useradd -r -g identio identio \
-	&& apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C2518248EEA14886 \
-	&& echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu xenial main" >> /etc/apt/sources.list \
-	&& apt-get update \
-	&& echo oracle-java8-installer shared/accepted-oracle-license-v1-1 select true | /usr/bin/debconf-set-selections \
-	&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends oracle-java8-installer \
-	&& DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends bzip2 git \	
-	&& cd /tmp/identio-server-build \
+# Prepare system
+RUN apk update \
+    && apk upgrade \
+    && apk add bash libstdc++ git \
+    && addgroup -S identio \
+    && adduser -S -g identio identio \
+    && mkdir /opt
+
+# Install Identio
+RUN cd /tmp/identio-server-build \
 	&& ./gradlew releaseTarGz \
 	&& cd /opt \
 	&& tar -xzvf /tmp/identio-server-build/build/distributions/identio-server.tar.gz \
 	&& cp /tmp/identio-server-build/docker/entrypoint.sh / \
 	&& rm -rf /tmp/identio-server-build \
-	&& apt-get remove -y --auto-remove bzip2 git \
-	&& rm -rf /var/lib/apt/lists/* \
 	&& chown -R identio:identio /opt/identio-server/config/work
 
 USER identio

diff --git a/build.gradle b/build.gradle
@@ -2,7 +2,7 @@
 
 buildscript {
     ext {
-        springBootVersion = '1.4.0.RELEASE'
+        springBootVersion = '1.5.8.RELEASE'
     }
     repositories {
         mavenCentral()
@@ -11,21 +11,25 @@ buildscript {
     }
     dependencies {
         classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}")
+        classpath 'org.owasp:dependency-check-gradle:3.0.1'
+        classpath "io.spring.gradle:dependency-management-plugin:0.5.2.RELEASE"
     }
 }
 
 plugins {
-  id 'com.moowork.node' version '0.13'
-  id 'com.moowork.grunt' version '0.13'    
-  id 'com.github.ben-manes.versions' version '0.13.0'
+    id 'com.moowork.node' version '0.13'
+    id 'com.moowork.grunt' version '0.13'
+    id 'com.github.ben-manes.versions' version '0.15.0'
+    id 'org.springframework.boot' version '1.5.4.RELEASE'
+    id 'org.owasp.dependencycheck' version '3.0.1'
+    id 'io.spring.dependency-management' version '0.5.2.RELEASE'
 }
 
 apply plugin: 'java'
 apply plugin: 'eclipse-wtp'
 apply plugin: 'idea'
-apply plugin: 'spring-boot' 
-apply plugin: 'war'
 apply plugin: 'application'
+apply plugin: 'jacoco'
 
 sourceCompatibility = 1.8
 targetCompatibility = 1.8
@@ -41,64 +45,79 @@ configurations {
     providedRuntime
 }
 
-dependencies {
-    compile("org.springframework.boot:spring-boot-starter-web:${springBootVersion}") {
-    	exclude group: 'org.hibernate', module: 'hibernate-validator'
+dependencyManagement {
+    imports {
+        mavenBom 'org.springframework.cloud:spring-cloud-vault-dependencies:1.0.2.RELEASE'
     }
-    compile("org.springframework.boot:spring-boot-devtools:${springBootVersion}")
+}
+
+dependencies {
+    compile("org.springframework.boot:spring-boot-starter-web:${springBootVersion}")
+    compile("com.zaxxer:HikariCP:2.7.1")
+    compile("org.liquibase:liquibase-core")
     compile("org.springframework.security:spring-security-web:4.1.2.RELEASE")
+    compile("org.springframework.cloud:spring-cloud-config-server:1.3.3.RELEASE")
+    compile("org.springframework.cloud:spring-cloud-starter-vault-config")
     compile('org.apache.commons:commons-pool2:2.4.2')
-	compile('com.github.identio:identio-saml:1.0.2')
-	compile('com.google.guava:guava:19.0')
-    compile('com.github.detiber:jradius-client:-SNAPSHOT')
-	providedRuntime("org.springframework.boot:spring-boot-starter-tomcat:${springBootVersion}")
-	providedRuntime('ch.qos.logback:logback-core:1.1.7')
-	providedRuntime('ch.qos.logback:logback-classic:1.1.7')
-    testCompile("org.springframework.boot:spring-boot-starter-test:${springBootVersion}") 
+    compile('com.github.identio:identio-saml:1.0.3')
+    compile('com.google.guava:guava:23.0')
+    compile('com.github.identio:jradius-client:-SNAPSHOT')
+    compile('com.auth0:java-jwt:3.2.0')
+    compile('ch.qos.logback:logback-core:1.2.3')
+    compile('ch.qos.logback:logback-classic:1.2.3')
+    testCompile("org.springframework.boot:spring-boot-starter-test:${springBootVersion}")
+    testCompile("org.apache.httpcomponents:httpclient:4.5.3")
+    testRuntime("com.h2database:h2:1.4.196")
 }
 
 eclipse {
     wtp {
-      facet {
+        facet {
             facet name: 'java', version: '1.8'
             facet name: 'jst.web', version: '3.1'
-      }
+        }
     }
     project
-    {
-   		 natures "org.springsource.ide.eclipse.gradle.core.nature"
-    }
+            {
+                natures "org.springsource.ide.eclipse.gradle.core.nature"
+            }
 }
 
 springBoot {
-  mainClass = "net.identio.server.boot.IdentioServerApplication"
+    mainClass = "net.identio.server.boot.IdentioServerApplication"
 }
 
 bootRun {
-    systemProperties = ['logging.config':'file:./config/logback.xml']
+    systemProperties = ['logging.config': 'file:./config/logback.xml']
+}
+
+jacocoTestReport {
+    reports {
+        xml.enabled = true
+    }
 }
 
 /// *** UI *** ///
 
 node {
-  // Version of node to use.
-  version = '5.1.0'
+    // Version of node to use.
+    version = '6.11.3'
 
-  // Version of npm to use.
-  npmVersion = '3.9.6'
+    // Version of npm to use.
+    npmVersion = '5.4.2'
 
-  // Base URL for fetching node distributions (change if you have a mirror).
-  distBaseUrl = 'https://nodejs.org/dist'
+    // Base URL for fetching node distributions (change if you have a mirror).
+    distBaseUrl = 'https://nodejs.org/dist'
 
-  // If true, it will download node using above parameters.
-  // If false, it will try to use globally installed node.
-  download = true
+    // If true, it will download node using above parameters.
+    // If false, it will try to use globally installed node.
+    download = true
 
-  // Set the work directory for unpacking node
-  workDir = file("${project.buildDir}/ui")
+    // Set the work directory for unpacking node
+    workDir = file("${project.buildDir}/ui")
 
-  // Set the work directory where node_modules should be located
-  nodeModulesDir = file("${project.projectDir}/ui")
+    // Set the work directory where node_modules should be located
+    nodeModulesDir = file("${project.projectDir}/ui")
 }
 
 grunt {
@@ -113,37 +132,37 @@ grunt {
 }
 
 task bowerInstall(type: NodeTask) {
-  script = file('ui/node_modules/bower/lib/bin/bower.js')
-  args = ['install', '--allow-root']
-  execOverrides {
-    it.ignoreExitValue = true
-    it.workingDir = file("${project.projectDir}/ui")
-  }
+    script = file('ui/node_modules/bower/lib/bin/bower.js')
+    args = ['install', '--allow-root']
+    execOverrides {
+        it.ignoreExitValue = true
+        it.workingDir = file("${project.projectDir}/ui")
+    }
 }
 
 /// *** Packaging *** ///
 
 def distributionsCopySpec = copySpec {
     into("identio-server") {
-    
-    	from 'README.md'
+
+        from 'README.md'
         from 'LICENSE'
-        
+
         into('bin') {
-           	from 'scripts/password-generator'
-           	from 'scripts/start'
-           	fileMode 0755
+            from 'scripts/password-generator'
+            from 'scripts/start'
+            fileMode 0755
         }
         into('lib') {
-           	from(jar)
-       		from(project.configurations.runtime)
-       		exclude 'spring-boot-devtools-*'
+            from(jar)
+            from(project.configurations.runtime)
+            exclude 'spring-boot-devtools-*'
         }
         into('config') {
-        	from 'sample-config'
+            from 'config'
         }
         into('ui') {
-        	from 'ui/dist'
+            from 'ui/dist'
         }
     }
 }
@@ -153,19 +172,23 @@ bowerInstall.mustRunAfter npmInstall
 npmInstall.mustRunAfter clean
 jar.mustRunAfter clean
 
-task releaseZip(type: Zip, dependsOn: ['clean', 'jar', 'bowerInstall', 'npmInstall', 'grunt_build']) {
-   description 'Build a release in zip format'
-   with distributionsCopySpec
-   archiveName = "identio-server.zip"
+task releaseZip(type: Zip, dependsOn: ['clean', 'test', 'jar', 'bowerInstall', 'npmInstall', 'grunt_build']) {
+    description 'Build a release in zip format'
+    with distributionsCopySpec
+    archiveName = "identio-server.zip"
+}
+
+task releaseTarGz(type: Tar, dependsOn: ['clean', 'test', 'jar', 'bowerInstall', 'npmInstall', 'grunt_build']) {
+    description 'Build a release in tar.gz format'
+    compression = Compression.GZIP
+    with distributionsCopySpec
+    archiveName = "identio-server.tar.gz"
 }
 
-task releaseTarGz(type: Tar, dependsOn: ['clean', 'jar', 'bowerInstall', 'npmInstall', 'grunt_build']) { 
-   description 'Build a release in tar.gz format'
-   compression = Compression.GZIP
-   with distributionsCopySpec
-   archiveName = "identio-server.tar.gz"
+task release(dependsOn: ['releaseTarGz', 'releaseZip']) {
+    description 'Build release in zip and tar.gz format'
 }
 
 task wrapper(type: Wrapper) {
-    gradleVersion = '2.14'
+    gradleVersion = '4.2'
 }
diff --git a/...e-config/idp-default-sign-certificate.p12 → config/default-sign-certificate.p12 b/...e-config/idp-default-sign-certificate.p12 → config/default-sign-certificate.p12
diff --git a/sample-config/identio-config.yml → config/identio.yml b/sample-config/identio-config.yml → config/identio.yml
@@ -1,22 +1,19 @@
-globalConfiguration:
-  publicFqdn: http://idp.identio.net:10080
+global:
+  basePublicUrl: http://<your_hostname>:10080
 
-authPolicyConfiguration:
+authPolicy:
   authLevels:
-    - &low
-      name: low
+    - name: low
       urn: urn:identio:auth-level:low
-    - &medium
-      name: medium
+    - name: medium
       urn: urn:identio:auth-level:medium
-    - &strong
-      name: strong
+    - name: strong
       urn: urn:identio:auth-level:strong
   defaultAuthLevel:
-    authLevel: *medium
+    authLevel: medium
     comparison: minimum
 
-samlIdpConfiguration:
+samlIdp:
   allowUnsecureRequests: true
   allowedTimeOffset: 1
   certificateCheckEnabled: true
@@ -27,12 +24,10 @@ samlIdpConfiguration:
   organizationUrl: http://identio.net
   tokenValidityLength: 3
 
-sessionConfiguration:
+session:
   duration: 120
 
-authMethodConfiguration:
-
-  localAuthMethods:
-  - &local
-      name: Local
-      authLevel: *medium
+authMethods:
+  local:
+  - name: Local
+    authLevel: medium
diff --git a/config/logback.xml b/config/logback.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<configuration>
+
+    <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
+        <!-- encoders are assigned the type ch.qos.logback.classic.encoder.PatternLayoutEncoder
+            by default -->
+        <encoder>
+            <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{5} - %msg%n
+            </pattern>
+        </encoder>
+    </appender>
+
+    <logger name="org.springframework" level="INFO"/>
+    <logger name="net.identio.saml" level="INFO"/>
+
+    <!-- Strictly speaking, the level attribute is not necessary since -->
+    <!-- the level of the root level is set to DEBUG by default. -->
+    <root level="INFO">
+        <appender-ref ref="STDOUT"/>
+    </root>
+
+</configuration>