Commit 06e763b3 authored by cdanger's avatar cdanger
Browse files

- Fixes #61 and #62

- Upgraded authzforce-ce-parent: 8.0.0
- Upgraded dependency authzforce-ce-rest-api-model: 6.0.0; authzforce-ce-jaxrs-utils: 2.0.1; jettison: 1.4.1; authzforce-ce-core-pdp-*: 17.1.0; authzforce-ce-core-pap-api: 11.0.0, authzforce-ce-pap-dao-flat-file: 13.0.0
- Added support for validation of XACML/JSON requests with custom JSON schema stored in config directory
- Upgraded to Java 11
- updated license headers for 2021
- Fixed issues spotted by Intellij
- Added new JNDI env variable for configuring the webapp: 'org.ow2.authzforce.domains.xacmlJsonSchemaRelativePath' (relative path to JSON schema, relative to configDir property)
parent a7ca06bc
......@@ -4,3 +4,5 @@
/.README.md.html
/.CHANGELOG.md.html
/.pmd
/.idea
*.iml
......@@ -67,6 +67,7 @@ applications, AuthzForce also provides a PDP engine as a Java library in
validation;
- DoS mitigation: JSON parser variant checking max JSON string size,
max number of JSON keys/array items and max JSON object depth.
- [GeoXACML 1.0.1](http://portal.opengeospatial.org/files/?artifact_id=42734). Supported as third-party extension from [Secure Dimensions](https://github.com/securedimensions/authzforce-geoxacml-basic)
- Experimental support for:
- [XACML Data Loss Prevention / Network Access Control (DLP/NAC) Profile Version 1.0](http://docs.oasis-open.org/xacml/xacml-3.0-dlp-nac/v1.0/xacml-3.0-dlp-nac-v1.0.html):
only `dnsName-value` datatype and `dnsName-value-equal` function are
......
......@@ -18,9 +18,9 @@ any time.
## Short term
The following list of features are planned to be addressed in the short term,
and incorporated in the next release of the product planned for **2020**:
and incorporated in the next release of the product planned for **2021**:
- #50 .
*N/A*
## Medium term
......@@ -28,7 +28,7 @@ The following list of features are planned to be addressed in the medium term,
typically within the subsequent release(s) generated in the next **9 months**
after next planned release:
- GeoXACML support
- #50 .
## Long term
......
......@@ -3,7 +3,7 @@ Version: [[version]]
Section: web
Priority: optional
Architecture: all
Depends: debconf (>= 0.2.26), openjdk-8-jre | oracle-java8-installer, tomcat9
Depends: debconf (>= 0.2.26), openjdk-11-jre | oracle-java11-installer, tomcat9
Maintainer: [[productMaintainer]]
Description: AuthzForce CE Server.
Reference Implementation of FIWARE Authorization PDP Generic Enabler
......
......@@ -17,7 +17,7 @@ systemctl daemon-reload
db_get [[productId]]/restartTomcat
if [ "$RET" = true ]; then
export JAVA_OPTS='"-Djava.awt.headless=true -Djavax.xml.accessExternalSchema=all -Xms1024m -Xmx1024m -XX:+UseConcMarkSweepGC -server"'
export JAVA_OPTS='"-Djava.awt.headless=true -Djavax.xml.accessExternalSchema=all -Xms1024m -Xmx1024m -server"'
sed -i 's|^\(JAVA_OPTS\s*=\s*\).*$|\1'"$JAVA_OPTS"'|' /etc/default/tomcat9
systemctl stop tomcat9
rm -rf /var/log/tomcat9/*
......@@ -25,7 +25,7 @@ if [ "$RET" = true ]; then
fi
echo "If you answered 'No' to the second question, you need to set the JAVA_OPTS in '/etc/default/tomcat9' by yourself before restarting Tomcat:"
echo " JAVA_OPTS=\"-Djava.awt.headless=true -Djavax.xml.accessExternalSchema=all -Xms1024m -Xmx1024m -XX:+UseConcMarkSweepGC -server\""
echo " JAVA_OPTS=\"-Djava.awt.headless=true -Djavax.xml.accessExternalSchema=all -Xms1024m -Xmx1024m -server\""
echo
echo "If Tomcat fails to restart, check for any Tomcat high-level error in Tomcat log directory: /var/log/tomcat9"
echo "Then fix it, in particular check the settings in Tomcat init script /etc/default/tomcat9 and restart Tomcat as follows:"
......
......@@ -10,7 +10,7 @@ Type: boolean
Default: true
Description: Do you want to apply recommended Tomcat settings for AuthzForce (and restart Tomcat to apply changes)?
We recommend the following Tomcat settings for AuthzForce:
JAVA_OPTS='"-Djava.awt.headless=true -Djavax.xml.accessExternalSchema=all -Xms1024m -Xmx1024m -XX:+UseConcMarkSweepGC -server"'
JAVA_OPTS='"-Djava.awt.headless=true -Djavax.xml.accessExternalSchema=all -Xms1024m -Xmx1024m -server"'
Do you agree to apply these settings to Tomcat init script (/etc/default/tomcat9) now?
If you answer No, you can always apply these manually and restart Tomcat later with this command:
$ systemctl restart tomcat9
......@@ -2,7 +2,7 @@ Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: authzforce-ce-server-dist
Files: *
Copyright: Copyright (C) 2012-2020 Thales. All rights reserved.
Copyright: Copyright (C) 2012-2021 Thales. All rights reserved.
Licence: GPL-3.0
The full text of the GNU General Public
License version 3 can be found in the file
......
# Copyright (C) 2012-2020 Thales.
# Copyright (C) 2012-2021 Thales.
#
# This file is part of AuthzForce CE.
#
......@@ -23,7 +23,7 @@
# The alternative is to use FROM ubuntu:* then install tomcat ubuntu package and use upstart/sysctl init script but this is not the way to go:
# https://github.com/docker/docker/issues/6800
FROM tomcat:9-jre8
FROM tomcat:9-jre11-slim
MAINTAINER AuthzForce Team
ENV DEBIAN_FRONTEND noninteractive
......@@ -37,7 +37,7 @@ ENV DEBIAN_FRONTEND noninteractive
#ENV HTTP_PROXY 'http://user:password@proxy-host:proxy-port'
#ENV HTTPS_PROXY 'http://user:password@proxy-host:proxy-port'
ENV JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom -Djava.awt.headless=true -Djavax.xml.accessExternalSchema=all -Xms1024m -Xmx1024m -XX:+UseConcMarkSweepGC -server"
ENV JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom -Djava.awt.headless=true -Djavax.xml.accessExternalSchema=all -Xms1024m -Xmx1024m -server"
ENV AUTHZFORCE_SERVER_VERSION="${project.version}"
ENV AUTHZFORCE_SERVER_DOWNLOAD_URL="https://repo1.maven.org/maven2/org/ow2/authzforce/authzforce-ce-server-dist/$AUTHZFORCE_SERVER_VERSION/authzforce-ce-server-dist-$AUTHZFORCE_SERVER_VERSION.deb"
......
......@@ -30,7 +30,10 @@
<Environment name="org.ow2.authzforce.domains.enableXacmlJsonProfile" value="true" type="java.lang.Boolean" override="false"
description="Enable support for JSON Profile of XACML 3.0 on domains' PDP endpoints iff true" />
<!-- <Environment name="org.ow2.authzforce.webapp.publishedEndpointUrl" value="http://localhost:8080" type="java.lang.Boolean" override="false" description="Base address specified in the auto-generated
<Environment name="org.ow2.authzforce.domains.xacmlJsonSchemaRelativePath" value="" type="java.lang.String" override="false"
description="Path to JSON schema file for XACML JSON Profile's Request validation, relative to ${org.ow2.authzforce.config.dir} (if undefined/empty value, the Request.schema.json file from authzforce-ce-xacml-json-model project is used by default)" />
<!-- <Environment name="org.ow2.authzforce.webapp.publishedEndpointUrl" value="http://localhost:8080" type="java.lang.String" override="false" description="Base address specified in the auto-generated
WADL. This parameter allows setting the public URL that may not be the same as the URL the service is deployed on. (For example, the service is behind a proxy of some sort)." /> -->
<!-- <Environment name="org.ow2.authzforce.webapp.jsonKeysWithArrays" type="java.lang.String" override="false" description="Comma-separated list of JSON keys with values to be always serialized to JSON
......
......@@ -4,7 +4,7 @@
<parent>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-parent</artifactId>
<version>7.6.1</version>
<version>8.0.0</version>
</parent>
<artifactId>authzforce-ce-server</artifactId>
<!-- FIWARE Versioning + Version must be equal or higher than 'authzforce-ce-rest-api-model' dependency in 'rest-service' module -->
......@@ -15,10 +15,10 @@
<url>${project.url}</url>
<properties>
<git.url.base>https://github.com/authzforce/server</git.url.base>
<authzforce-ce-core.version>16.0.0</authzforce-ce-core.version>
<authzforce-ce-core-pap-api.version>10.1.0</authzforce-ce-core-pap-api.version>
<authzforce-ce-core.version>17.1.0</authzforce-ce-core.version>
<authzforce-ce-core-pap-api.version>11.0.0</authzforce-ce-core-pap-api.version>
<!-- Version must be compatible with authzforce-ce-core and authzforce-ce-core-pap-api versions above. -->
<authzforce-ce-pap-dao-flat-file.version>12.0.0</authzforce-ce-pap-dao-flat-file.version>
<authzforce-ce-pap-dao-flat-file.version>13.0.0</authzforce-ce-pap-dao-flat-file.version>
<productId>authzforce-ce-server</productId>
<productName>AuthzForce CE Server</productName>
<productMaintainer>THALES</productMaintainer>
......
<?xml version="1.0" encoding="ISO-8859-1"?>
<additionalHeaders>
<javadoc_style>
<firstLine>/*</firstLine>
<beforeEachLine> * </beforeEachLine>
<endLine> */</endLine>
<!--<afterEachLine></afterEachLine>-->
<!--skipLine></skipLine-->
<firstLineDetectionPattern>(\s|\t)*/\*.*$</firstLineDetectionPattern>
<lastLineDetectionPattern>.*\*/(\s|\t)*$</lastLineDetectionPattern>
<allowBlankLines>false</allowBlankLines>
<isMultiline>true</isMultiline>
<padLines>false</padLines>
</javadoc_style>
</additionalHeaders>
......@@ -30,7 +30,7 @@
<dependency>
<groupId>${project.groupId}</groupId>
<artifactId>${artifactId.prefix}-rest-api-model</artifactId>
<version>5.7.0</version>
<version>6.0.0</version>
</dependency>
<dependency>
<groupId>${project.groupId}</groupId>
......@@ -39,7 +39,7 @@
<dependency>
<groupId>org.ow2.authzforce</groupId>
<artifactId>authzforce-ce-jaxrs-utils</artifactId>
<version>1.6.0</version>
<version>2.0.1</version>
</dependency>
</dependencies>
<build>
......@@ -83,7 +83,7 @@
<resources>
<!-- Replace variable 'productName', 'project.version', 'build.date' in some source files. The result goes to ${project.build.directory}. -->
<resource>
<directory>src</directory>
<directory>src/main/resources</directory>
<filtering>true</filtering>
<includes>
<include>org.ow2.authzforce.server.product.properties</include>
......@@ -112,8 +112,8 @@
</executions>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>findbugs-maven-plugin</artifactId>
<groupId>com.github.spotbugs</groupId>
<artifactId>spotbugs-maven-plugin</artifactId>
<executions>
<execution>
<phase>verify</phase>
......@@ -144,8 +144,11 @@
<artifactId>license-maven-plugin</artifactId>
<configuration>
<header>license/thales-gpl.header.txt</header>
<headerDefinitions>
<headerDefinition>license/header-defs.xml</headerDefinition>
</headerDefinitions>
<includes>
<include>src/**</include>
<include>src/main/java/**</include>
</includes>
<excludes>
<exclude>src/test/resources/**</exclude>
......
<?xml version="1.0"?>
<!--
This file contains some false positive bugs detected by Findbugs. Their
false positive nature has been analyzed individually and they have been
put here to instruct Findbugs to ignore them.
-->
<FindBugsFilter>
</FindBugsFilter>
\ No newline at end of file
/**
* Copyright (C) 2012-2020 THALES.
/*
* Copyright (C) 2012-2021 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright (C) 2012-2020 THALES.
/*
* Copyright (C) 2012-2021 THALES.
*
* This file is part of AuthzForce CE.
*
......@@ -16,9 +16,6 @@
* You should have received a copy of the GNU General Public License
* along with AuthzForce CE. If not, see <http://www.gnu.org/licenses/>.
*/
/**
*
*/
package org.ow2.authzforce.rest.service.jaxrs;
import java.beans.ConstructorProperties;
......
/**
* Copyright (C) 2012-2020 THALES.
/*
* Copyright (C) 2012-2021 THALES.
*
* This file is part of AuthzForce CE.
*
......@@ -54,7 +54,7 @@ public class PolicyResourceImpl implements PolicyDaoClient, PolicyResource
* Policy Resource Factory
*
*/
public static final PolicyDaoClient.Factory<PolicyVersionResourceImpl, PolicyResourceImpl> FACTORY = new PolicyDaoClient.Factory<PolicyVersionResourceImpl, PolicyResourceImpl>()
public static final PolicyDaoClient.Factory<PolicyVersionResourceImpl, PolicyResourceImpl> FACTORY = new PolicyDaoClient.Factory<>()
{
@Override
......
/**
* Copyright (C) 2012-2020 THALES.
/*
* Copyright (C) 2012-2021 THALES.
*
* This file is part of AuthzForce CE.
*
......@@ -46,25 +46,19 @@ public class PolicyVersionResourceImpl implements PolicyVersionDaoClient, Policy
* Policy version resource Factory
*
*/
public static final PolicyVersionDaoClient.Factory<PolicyVersionResourceImpl> FACTORY = new PolicyVersionDaoClient.Factory<PolicyVersionResourceImpl>()
public static final PolicyVersionDaoClient.Factory<PolicyVersionResourceImpl> FACTORY = (policyId, versionId, domainDAO) ->
{
@Override
public PolicyVersionResourceImpl getInstance(final String policyId, final PolicyVersion versionId, final DomainDao<?, ?> domainDAO)
if (versionId == null)
{
if (versionId == null)
{
throw ILLEGAL_VERSION_ARGUMENT_EXCEPTION;
}
if (domainDAO == null)
{
throw ILLEGAL_VERSION_DAO_ARGUMENT_EXCEPTION;
}
throw ILLEGAL_VERSION_ARGUMENT_EXCEPTION;
}
return new PolicyVersionResourceImpl(policyId, versionId, domainDAO);
if (domainDAO == null)
{
throw ILLEGAL_VERSION_DAO_ARGUMENT_EXCEPTION;
}
return new PolicyVersionResourceImpl(policyId, versionId, domainDAO);
};
private final PolicyVersion versionId;
......
/**
* Copyright (C) 2012-2020 THALES.
/*
* Copyright (C) 2012-2021 THALES.
*
* This file is part of AuthzForce CE.
*
......@@ -60,10 +60,6 @@ public final class ProductMetadataResourceImpl implements ProductMetadataResourc
final Properties prodProps = new Properties();
try (final InputStream propFileIn = ProductMetadataResourceImpl.class.getResourceAsStream(PRODUCT_PROPERTIES_CLASSPATH_URL))
{
if (propFileIn == null)
{
throw new RuntimeException("Missing product properties resource on the classpath: " + PRODUCT_PROPERTIES_CLASSPATH_URL);
}
prodProps.load(propFileIn);
}
catch (final IOException e)
......
/**
* Copyright (C) 2012-2020 THALES.
/*
* Copyright (C) 2012-2021 THALES.
*
* This file is part of AuthzForce CE.
*
......
/**
* Copyright (C) 2012-2020 THALES.
/*
* Copyright (C) 2012-2021 THALES.
*
* This file is part of AuthzForce CE.
*
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment