Merge branch 'release/4.1.0'

build.gradle

@@ -10,7 +10,7 @@ buildscript {
     }
 }
 
-version "4.0.0"
+version "4.1.0"
 group "org.grails.plugins"
 
 apply plugin:"eclipse"
@@ -74,11 +74,11 @@ dependencies {
     annotationProcessor "org.springframework.boot:spring-boot-configuration-processor"
     compileOnly "org.springframework.boot:spring-boot-configuration-processor"
 
-    compile 'org.pac4j:pac4j-jwt:5.3.1'
-    compile 'org.pac4j:pac4j-oidc:5.3.1'
-    compile 'org.pac4j:pac4j-http:5.3.1'
-    compile 'org.pac4j:pac4j-jee:5.3.1'
-    compile 'org.pac4j:jee-pac4j:6.1.0'
+    compile 'org.pac4j:pac4j-oidc:5.4.3'
+    compile 'org.pac4j:pac4j-jwt:5.4.3'
+    compile 'org.pac4j:pac4j-http:5.4.3'
+    compile 'org.pac4j:pac4j-javaee:5.4.3'
+    compile 'org.pac4j:javaee-pac4j:7.0.0'
 }
 
 compileGroovy {

grails-app/controllers/au/org/ala/ws/security/ApiKeyInterceptor.groovy

@@ -7,17 +7,12 @@ import au.org.ala.ws.security.service.ApiKeyService
 import grails.core.GrailsApplication
 import groovy.transform.CompileStatic
 import groovy.util.logging.Slf4j
-import org.grails.web.util.WebUtils
 import org.pac4j.core.config.Config
-import org.pac4j.core.context.JEEContextFactory
 import org.pac4j.core.context.WebContext
-import org.pac4j.core.context.session.SessionStore
-import org.pac4j.core.credentials.Credentials
-import org.pac4j.core.credentials.extractor.BearerAuthExtractor
 import org.pac4j.core.profile.ProfileManager
-import org.pac4j.core.profile.UserProfile
 import org.pac4j.core.util.FindBest
 import org.pac4j.http.client.direct.DirectBearerAuthClient
+import org.pac4j.jee.context.JEEContextFactory
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.context.properties.EnableConfigurationProperties
 import org.springframework.http.HttpStatus
@@ -159,7 +154,7 @@ class ApiKeyInterceptor {
         boolean ipOk = checkClientIp(clientIp, whiteList)
         def result = true
         if (!ipOk) {
-            String headerName = grailsApplication.config.navigate('security', 'apikey', 'header', 'override') ?: API_KEY_HEADER_NAME
+            String headerName = grailsApplication.config.getProperty('security.apikey.header.override') ?: API_KEY_HEADER_NAME
             boolean keyOk = apiKeyService.checkApiKey(request.getHeader(headerName)).valid
             log.debug "IP ${clientIp} ${ipOk ? 'is' : 'is not'} ok. Key ${keyOk ? 'is' : 'is not'} ok."
 
@@ -188,7 +183,7 @@ class ApiKeyInterceptor {
     List<String> buildWhiteList() {
         List<String> whiteList = []
         whiteList.addAll(LOOPBACK_ADDRESSES) // allow calls from localhost to make testing easier
-        String config = grailsApplication.config.navigate('security', 'apikey', 'ip', 'whitelist')
+        String config = grailsApplication.config.getProperty('security.apikey.ip.whitelist')
         if (config) {
             whiteList.addAll(config.split(',').collect({ String s -> s.trim() }))
         }

grails-app/services/au/org/ala/ws/security/service/ApiKeyService.groovy

@@ -12,7 +12,7 @@ class ApiKeyService {
         Map response
 
         try {
-            def conn = wsService.get("${grailsApplication.config.security.apikey.check.serviceUrl}${key}")
+            def conn = wsService.get("${grailsApplication.config.getProperty('security.apikey.check.serviceUrl')}${key}")
 
             if (conn.responseCode == STATUS_OK) {
                 response = JSON.parse(conn.content.text as String)

src/main/groovy/au/ala/org/ws/security/AlaWsSecurityGrailsPluginConfiguration.groovy

@@ -13,12 +13,12 @@ import grails.util.Metadata
 import org.pac4j.core.authorization.generator.FromAttributesAuthorizationGenerator
 import org.pac4j.core.client.Client
 import org.pac4j.core.config.Config
-import org.pac4j.core.context.JEEContextFactory
 import org.pac4j.core.context.WebContextFactory
-import org.pac4j.core.context.session.JEESessionStore
 import org.pac4j.core.context.session.SessionStore
 import org.pac4j.core.engine.DefaultSecurityLogic
 import org.pac4j.http.client.direct.DirectBearerAuthClient
+import org.pac4j.jee.context.JEEContextFactory
+import org.pac4j.jee.context.session.JEESessionStore
 import org.pac4j.jee.filter.SecurityFilter
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean

src/main/java/au/org/ala/ws/security/JwtAuthenticator.java

@@ -4,11 +4,8 @@
 import com.nimbusds.jose.JOSEObjectType;
 import com.nimbusds.jose.JWSAlgorithm;
 import com.nimbusds.jose.jwk.source.JWKSource;
-import com.nimbusds.jose.jwk.source.RemoteJWKSet;
 import com.nimbusds.jose.proc.BadJOSEException;
 import com.nimbusds.jose.proc.DefaultJOSEObjectTypeVerifier;
-import com.nimbusds.jose.proc.JWEDecryptionKeySelector;
-import com.nimbusds.jose.proc.JWEKeySelector;
 import com.nimbusds.jose.proc.JWSKeySelector;
 import com.nimbusds.jose.proc.JWSVerificationKeySelector;
 import com.nimbusds.jose.proc.SecurityContext;
@@ -39,9 +36,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import java.net.URL;
 import java.text.ParseException;
-import java.util.Arrays;
 import java.util.Collection;
 import java.util.Date;
 import java.util.HashMap;

src/main/java/au/org/ala/ws/security/Pac4jProfileManagerHttpRequestWrapperFilter.java

@@ -1,11 +1,11 @@
 package au.org.ala.ws.security;
 
 import org.pac4j.core.config.Config;
-import org.pac4j.core.context.JEEContextFactory;
-import org.pac4j.core.context.session.JEESessionStore;
 import org.pac4j.core.profile.ProfileManager;
 import org.pac4j.core.profile.factory.ProfileManagerFactory;
 import org.pac4j.core.util.FindBest;
+import org.pac4j.jee.context.JEEContextFactory;
+import org.pac4j.jee.context.session.JEESessionStore;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 

src/test/groovy/au/org/ala/ws/security/ApiKeyInterceptorSpec.groovy

@@ -13,8 +13,8 @@ import org.grails.spring.beans.factory.InstanceFactoryBean
 import org.grails.web.util.GrailsApplicationAttributes
 import org.pac4j.core.authorization.generator.FromAttributesAuthorizationGenerator
 import org.pac4j.core.config.Config
-import org.pac4j.core.context.session.JEESessionStore
 import org.pac4j.http.client.direct.DirectBearerAuthClient
+import org.pac4j.jee.context.session.JEESessionStore
 import spock.lang.Specification
 import spock.lang.Unroll
 

src/test/groovy/au/org/ala/ws/security/ApiKeyServiceSpec.groovy

@@ -20,9 +20,7 @@ class ApiKeyServiceSpec extends Specification implements ServiceUnitTest<ApiKeyS
 
     void "Should return valid = false when the API Key service returns a HTTP code other than 200"() {
         setup:
-        ApiKeyService service = new ApiKeyService()
-
-        service.grailsApplication = [config: [security: [apikey: [check: [serviceUrl: "bla"]]]]]
+        service.grailsApplication.config.put('security.apikey.check.serviceUrl', 'bla')
 
         when:
         service.wsService = new MockWebService(status)
@@ -41,9 +39,7 @@ class ApiKeyServiceSpec extends Specification implements ServiceUnitTest<ApiKeyS
 
     void "Should return valid = true if the API Key service returns a HTTP 200 and a response JSON of '{valid: true}'"() {
         setup:
-        ApiKeyService service = new ApiKeyService()
-
-        service.grailsApplication = [config: [security: [apikey: [check: [serviceUrl: "bla"]]]]]
+        service.grailsApplication.config.put('security.apikey.check.serviceUrl', 'bla')
 
         when:
         service.wsService = new MockWebService(HttpStatus.OK.value(), "{valid: true}")
@@ -55,9 +51,7 @@ class ApiKeyServiceSpec extends Specification implements ServiceUnitTest<ApiKeyS
 
     void "Should return valid = false if the API Key service returns a HTTP 200 and a response JSON of '{valid: false}'"() {
         setup:
-        ApiKeyService service = new ApiKeyService()
-
-        service.grailsApplication = [config: [security: [apikey: [check: [serviceUrl: "bla"]]]]]
+        service.grailsApplication.config.put('security.apikey.check.serviceUrl', 'bla')
 
         when:
         service.wsService = new MockWebService(HttpStatus.OK.value(), "{valid: false}")