aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--server/sonar-server/src/main/java/org/sonar/server/authentication/SsoAuthenticator.java39
-rw-r--r--server/sonar-server/src/test/java/org/sonar/server/authentication/SsoAuthenticatorTest.java46
2 files changed, 55 insertions, 30 deletions
diff --git a/server/sonar-server/src/main/java/org/sonar/server/authentication/SsoAuthenticator.java b/server/sonar-server/src/main/java/org/sonar/server/authentication/SsoAuthenticator.java
index 17aba9a45b4..3eafed1f6da 100644
--- a/server/sonar-server/src/main/java/org/sonar/server/authentication/SsoAuthenticator.java
+++ b/server/sonar-server/src/main/java/org/sonar/server/authentication/SsoAuthenticator.java
@@ -32,12 +32,15 @@ import java.util.Optional;
import javax.annotation.CheckForNull;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.sonar.api.Startable;
import org.sonar.api.config.Settings;
import org.sonar.api.server.authentication.Display;
import org.sonar.api.server.authentication.IdentityProvider;
import org.sonar.api.server.authentication.UnauthorizedException;
import org.sonar.api.server.authentication.UserIdentity;
import org.sonar.api.utils.System2;
+import org.sonar.api.utils.log.Logger;
+import org.sonar.api.utils.log.Loggers;
import org.sonar.db.user.UserDto;
import org.sonar.server.exceptions.BadRequestException;
@@ -45,7 +48,9 @@ import static org.apache.commons.lang.StringUtils.defaultIfBlank;
import static org.apache.commons.lang.time.DateUtils.addMinutes;
import static org.sonar.server.user.UserUpdater.SQ_AUTHORITY;
-public class SsoAuthenticator {
+public class SsoAuthenticator implements Startable {
+
+ private static final Logger LOG = Loggers.get(SsoAuthenticator.class);
private static final Splitter COMA_SPLITTER = Splitter.on(",").trimResults().omitEmptyStrings();
@@ -68,7 +73,7 @@ public class SsoAuthenticator {
private static final String LAST_REFRESH_TIME_TOKEN_PARAM = "ssoLastRefreshTime";
- private static final Map<String, String> DEFAULT_VALUES_BY_PARAMETERS = ImmutableMap.of(
+ private static final Map<String, String> DEFAULT_VALUES_BY_SETTING_KEYS = ImmutableMap.of(
LOGIN_HEADER_PARAM, LOGIN_HEADER_DEFAULT_VALUE,
NAME_HEADER_PARAM, NAME_HEADER_DEFAULT_VALUE,
EMAIL_HEADER_PARAM, EMAIL_HEADER_DEFAULT_VALUE,
@@ -80,6 +85,9 @@ public class SsoAuthenticator {
private final UserIdentityAuthenticator userIdentityAuthenticator;
private final JwtHttpHandler jwtHttpHandler;
+ private boolean enabled = false;
+ private Map<String, String> settingsByKey = new HashMap<>();
+
public SsoAuthenticator(System2 system2, Settings settings, UserIdentityAuthenticator userIdentityAuthenticator, JwtHttpHandler jwtHttpHandler) {
this.system2 = system2;
this.settings = settings;
@@ -87,6 +95,21 @@ public class SsoAuthenticator {
this.jwtHttpHandler = jwtHttpHandler;
}
+ @Override
+ public void start() {
+ if (settings.getBoolean(ENABLE_PARAM)) {
+ LOG.info("SSO Authentication enabled");
+ enabled = true;
+ DEFAULT_VALUES_BY_SETTING_KEYS.entrySet()
+ .forEach(entry -> settingsByKey.put(entry.getKey(), defaultIfBlank(settings.getString(entry.getKey()), DEFAULT_VALUES_BY_SETTING_KEYS.get(entry.getKey()))));
+ }
+ }
+
+ @Override
+ public void stop() {
+ // Nothing to do
+ }
+
public Optional<UserDto> authenticate(HttpServletRequest request, HttpServletResponse response) {
try {
return doAuthenticate(request, response);
@@ -96,7 +119,7 @@ public class SsoAuthenticator {
}
private Optional<UserDto> doAuthenticate(HttpServletRequest request, HttpServletResponse response) {
- if (!settings.getBoolean(ENABLE_PARAM)) {
+ if (!enabled) {
return Optional.empty();
}
Map<String, String> headerValuesByNames = getHeaders(request);
@@ -120,7 +143,7 @@ public class SsoAuthenticator {
return Optional.empty();
}
Date now = new Date(system2.now());
- int refreshIntervalInMinutes = Integer.parseInt(getSettingValue(REFRESH_INTERVAL_PARAM));
+ int refreshIntervalInMinutes = Integer.parseInt(settingsByKey.get(REFRESH_INTERVAL_PARAM));
Long lastFreshTime = (Long) token.get().getProperties().get(LAST_REFRESH_TIME_TOKEN_PARAM);
if (lastFreshTime == null || now.after(addMinutes(new Date(lastFreshTime), refreshIntervalInMinutes))) {
return Optional.empty();
@@ -145,7 +168,7 @@ public class SsoAuthenticator {
@CheckForNull
private String getHeaderValue(Map<String, String> headerValuesByNames, String settingKey) {
- return headerValuesByNames.get(getSettingValue(settingKey).toLowerCase(Locale.ENGLISH));
+ return headerValuesByNames.get(settingsByKey.get(settingKey).toLowerCase(Locale.ENGLISH));
}
private static Map<String, String> getHeaders(HttpServletRequest request) {
@@ -155,11 +178,7 @@ public class SsoAuthenticator {
}
private boolean hasHeader(Map<String, String> headerValuesByNames, String settingKey) {
- return headerValuesByNames.keySet().contains(getSettingValue(settingKey).toLowerCase(Locale.ENGLISH));
- }
-
- private String getSettingValue(String settingKey) {
- return defaultIfBlank(settings.getString(settingKey), DEFAULT_VALUES_BY_PARAMETERS.get(settingKey));
+ return headerValuesByNames.keySet().contains(settingsByKey.get(settingKey).toLowerCase(Locale.ENGLISH));
}
private static class SsoIdentityProvider implements IdentityProvider {
diff --git a/server/sonar-server/src/test/java/org/sonar/server/authentication/SsoAuthenticatorTest.java b/server/sonar-server/src/test/java/org/sonar/server/authentication/SsoAuthenticatorTest.java
index 310f9385d11..7e7ae6ec728 100644
--- a/server/sonar-server/src/test/java/org/sonar/server/authentication/SsoAuthenticatorTest.java
+++ b/server/sonar-server/src/test/java/org/sonar/server/authentication/SsoAuthenticatorTest.java
@@ -112,7 +112,7 @@ public class SsoAuthenticatorTest {
@Test
public void create_user_when_authenticating_new_user() throws Exception {
- enableSso();
+ startWithSso();
setNotUserInToken();
HttpServletRequest request = createRequest(DEFAULT_LOGIN, DEFAULT_NAME, DEFAULT_EMAIL, GROUPS);
@@ -124,7 +124,7 @@ public class SsoAuthenticatorTest {
@Test
public void use_login_when_name_is_not_provided() throws Exception {
- enableSso();
+ startWithSso();
setNotUserInToken();
underTest.authenticate(createRequest(DEFAULT_LOGIN, null, null, null), response);
@@ -134,7 +134,7 @@ public class SsoAuthenticatorTest {
@Test
public void update_user_when_authenticating_exiting_user() throws Exception {
- enableSso();
+ startWithSso();
setNotUserInToken();
insertUser(newUserDto().setLogin(DEFAULT_LOGIN).setName("old name").setEmail("old email"), group1);
// Name, email and groups are different
@@ -148,7 +148,7 @@ public class SsoAuthenticatorTest {
@Test
public void remove_groups_when_group_headers_is_empty() throws Exception {
- enableSso();
+ startWithSso();
setNotUserInToken();
insertUser(DEFAULT_USER, group1);
@@ -159,7 +159,7 @@ public class SsoAuthenticatorTest {
@Test
public void remove_groups_when_group_headers_is_null() throws Exception {
- enableSso();
+ startWithSso();
setNotUserInToken();
insertUser(DEFAULT_USER, group1);
Map<String, String> headerValuesByName = new HashMap<>();
@@ -173,7 +173,7 @@ public class SsoAuthenticatorTest {
@Test
public void does_not_update_groups_when_no_group_headers() throws Exception {
- enableSso();
+ startWithSso();
setNotUserInToken();
insertUser(DEFAULT_USER, group1);
@@ -184,7 +184,7 @@ public class SsoAuthenticatorTest {
@Test
public void does_not_update_user_when_user_is_in_token_and_refresh_time_is_close() throws Exception {
- enableSso();
+ startWithSso();
UserDto user = insertUser(DEFAULT_USER, group1);
setUserInToken(user, CLOSE_REFRESH_TIME);
HttpServletRequest request = createRequest(DEFAULT_LOGIN, "new name", "new email", GROUP2);
@@ -198,7 +198,7 @@ public class SsoAuthenticatorTest {
@Test
public void update_user_when_user_in_token_but_refresh_time_is_old() throws Exception {
- enableSso();
+ startWithSso();
UserDto user = insertUser(DEFAULT_USER, group1);
// Refresh time was updated 6 minutes ago => more than 5 minutes
setUserInToken(user, NOW - 6 * 60 * 1000L);
@@ -213,7 +213,7 @@ public class SsoAuthenticatorTest {
@Test
public void update_user_when_user_in_token_but_no_refresh_time() throws Exception {
- enableSso();
+ startWithSso();
UserDto user = insertUser(DEFAULT_USER, group1);
setUserInToken(user, null);
HttpServletRequest request = createRequest(DEFAULT_LOGIN, "new name", "new email", GROUP2);
@@ -227,8 +227,8 @@ public class SsoAuthenticatorTest {
@Test
public void use_refresh_time_from_settings() throws Exception {
- enableSso();
settings.setProperty("sonar.sso.refreshIntervalInMinutes", "10");
+ startWithSso();
UserDto user = insertUser(DEFAULT_USER, group1);
// Refresh time was updated 6 minutes ago => less than 10 minutes ago so not updated
setUserInToken(user, NOW - 6 * 60 * 1000L);
@@ -243,7 +243,7 @@ public class SsoAuthenticatorTest {
@Test
public void update_user_when_login_from_token_is_different_than_login_from_request() throws Exception {
- enableSso();
+ startWithSso();
insertUser(DEFAULT_USER, group1);
setUserInToken(DEFAULT_USER, CLOSE_REFRESH_TIME);
HttpServletRequest request = createRequest("AnotherLogin", "Another name", "Another email", GROUP2);
@@ -256,12 +256,12 @@ public class SsoAuthenticatorTest {
@Test
public void use_headers_from_settings() throws Exception {
- enableSso();
- setNotUserInToken();
settings.setProperty("sonar.sso.loginHeader", "head-login");
settings.setProperty("sonar.sso.nameHeader", "head-name");
settings.setProperty("sonar.sso.emailHeader", "head-email");
settings.setProperty("sonar.sso.groupsHeader", "head-groups");
+ startWithSso();
+ setNotUserInToken();
HttpServletRequest request = createRequest(ImmutableMap.of("head-login", DEFAULT_LOGIN, "head-name", DEFAULT_NAME, "head-email", DEFAULT_EMAIL, "head-groups", GROUPS));
underTest.authenticate(request, response);
@@ -271,12 +271,12 @@ public class SsoAuthenticatorTest {
@Test
public void detect_group_header_even_with_wrong_case() throws Exception {
- enableSso();
- setNotUserInToken();
settings.setProperty("sonar.sso.loginHeader", "login");
settings.setProperty("sonar.sso.nameHeader", "name");
settings.setProperty("sonar.sso.emailHeader", "email");
settings.setProperty("sonar.sso.groupsHeader", "Groups");
+ startWithSso();
+ setNotUserInToken();
HttpServletRequest request = createRequest(ImmutableMap.of("login", DEFAULT_LOGIN, "name", DEFAULT_NAME, "email", DEFAULT_EMAIL, "groups", GROUPS));
underTest.authenticate(request, response);
@@ -286,7 +286,7 @@ public class SsoAuthenticatorTest {
@Test
public void trim_groups() throws Exception {
- enableSso();
+ startWithSso();
setNotUserInToken();
HttpServletRequest request = createRequest(DEFAULT_LOGIN, null, null, " dev , admin ");
@@ -297,7 +297,7 @@ public class SsoAuthenticatorTest {
@Test
public void does_not_authenticate_when_no_header() throws Exception {
- enableSso();
+ startWithSso();
setNotUserInToken();
underTest.authenticate(createRequest(Collections.emptyMap()), response);
@@ -308,7 +308,7 @@ public class SsoAuthenticatorTest {
@Test
public void does_not_authenticate_when_not_enabled() throws Exception {
- settings.setProperty("sonar.sso.enable", false);
+ startWithoutSso();
underTest.authenticate(createRequest(DEFAULT_LOGIN, DEFAULT_NAME, DEFAULT_EMAIL, GROUPS), response);
@@ -318,7 +318,7 @@ public class SsoAuthenticatorTest {
@Test
public void throw_UnauthorizedException_when_BadRequestException_is_generated() throws Exception {
- enableSso();
+ startWithSso();
setNotUserInToken();
expectedException.expect(UnauthorizedException.class);
@@ -326,8 +326,14 @@ public class SsoAuthenticatorTest {
underTest.authenticate(createRequest("invalid login", DEFAULT_NAME, DEFAULT_EMAIL, GROUPS), response);
}
- private void enableSso() {
+ private void startWithSso() {
settings.setProperty("sonar.sso.enable", true);
+ underTest.start();
+ }
+
+ private void startWithoutSso() {
+ settings.setProperty("sonar.sso.enable", false);
+ underTest.start();
}
private void setUserInToken(UserDto user, @Nullable Long lastRefreshTime) {