JanssenProject · yuriyz · Jul 25, 2022 · Jul 25, 2022 · Jul 25, 2022 · Jul 25, 2022
diff --git a/docs/admin/scim.md b/docs/admin/scim.md
@@ -13,3 +13,4 @@
 ## OAuth Protection
 
 ## Security Considerations
+
@@ -10,6 +10,8 @@
     "umaIssuer":"https://%(hostname)s",
 
     "maxCount": 200,
+    "bulkMaxOperations": 30,
+    "bulkMaxPayloadSize": 3072000,
     "userExtensionSchemaURI": "urn:ietf:params:scim:schemas:extension:gluu:2.0:User",
 
     "useLocalCache":true,

@@ -27,7 +27,7 @@ public class BulkConfig {
             isRequired = true,
             mutability = AttributeDefinition.Mutability.READ_ONLY,
             type = AttributeDefinition.Type.INTEGER)
-	private long maxOperations;
+	private int maxOperations;
 
     @Attribute(description = " An integer value specifying the maximum payload size in bytes",
             isRequired = true,
@@ -46,7 +46,7 @@ public BulkConfig(){ }
 	 * @param maxOperations Specifies the maximum number of operations supported per bulk.
 	 * @param maxPayloadSize Specifies the maximum payload size in bytes supported per bulk.
 	 */
-	public BulkConfig(boolean supported, long maxOperations, long maxPayloadSize) {
+	public BulkConfig(boolean supported, int maxOperations, long maxPayloadSize) {
 		this.supported = supported;
 		this.maxOperations = maxOperations;
 		this.maxPayloadSize = maxPayloadSize;
@@ -64,7 +64,7 @@ public boolean isSupported() {
 	 * Retrieves the maximum number of operations supported in a bulk.
 	 * @return The maximum number of operations.
 	 */
-	public long getMaxOperations() {
+	public int getMaxOperations() {
 		return maxOperations;
 	}
 
@@ -80,7 +80,7 @@ public void setSupported(boolean supported) {
         this.supported = supported;
     }
 
-    public void setMaxOperations(long maxOperations) {
+    public void setMaxOperations(int maxOperations) {
         this.maxOperations = maxOperations;
     }
 

@@ -1,7 +1,5 @@
 package io.jans.scim.ws.rs.scim2;
 
-import static io.jans.scim.model.scim2.Constants.MAX_BULK_OPERATIONS;
-import static io.jans.scim.model.scim2.Constants.MAX_BULK_PAYLOAD_SIZE;
 import static io.jans.scim.model.scim2.Constants.MEDIA_TYPE_SCIM_JSON;
 import static io.jans.scim.model.scim2.Constants.UTF8_CHARSET_FRAGMENT;
 import static io.jans.scim.ws.rs.scim2.BulkWebService.Verb.DELETE;
@@ -178,33 +176,33 @@ private Response prepareRequest(BulkRequest request, String contentLength) {
         Response response=null;
 
         if (request.getFailOnErrors()==null)
-            request.setFailOnErrors(MAX_BULK_OPERATIONS);
+            request.setFailOnErrors(appConfiguration.getBulkMaxOperations());
 
         List<BulkOperation> operations=request.getOperations();
 
         if (operations==null || operations.isEmpty())
             response=getErrorResponse(BAD_REQUEST, ErrorScimType.INVALID_VALUE, "No operations supplied");
         else {
 
-            int contentLen;
+            long contentLen;
             try{
 //log.debug("CONT LEN {}", contentLength);
-                contentLen=Integer.valueOf(contentLength);
+                contentLen=Long.valueOf(contentLength);
             }
             catch (Exception e){
-                contentLen=MAX_BULK_PAYLOAD_SIZE;
+                contentLen=appConfiguration.getBulkMaxPayloadSize();
             }
 
-            boolean payloadExceeded=contentLen > MAX_BULK_PAYLOAD_SIZE;
-            boolean operationsExceeded=operations.size() > MAX_BULK_OPERATIONS;
+            boolean payloadExceeded=contentLen > appConfiguration.getBulkMaxPayloadSize();
+            boolean operationsExceeded=operations.size() > appConfiguration.getBulkMaxOperations();
             StringBuilder sb=new StringBuilder();
 
             if (payloadExceeded)
                 sb.append("The size of the bulk operation exceeds the maxPayloadSize (").
-                        append(MAX_BULK_PAYLOAD_SIZE).append(" bytes). ");
+                        append(appConfiguration.getBulkMaxPayloadSize()).append(" bytes). ");
             if (operationsExceeded)
                 sb.append("The number of operations exceed the maxOperations value (").
-                        append(MAX_BULK_OPERATIONS).append("). ");
+                        append(appConfiguration.getBulkMaxOperations()).append("). ");
 
             if (sb.length()>0)
                 response=getErrorResponse(REQUEST_ENTITY_TOO_LARGE, sb.toString());

@@ -39,6 +39,8 @@ public Response serve(){
         try {
             ServiceProviderConfig serviceProviderConfig = new ServiceProviderConfig();
             serviceProviderConfig.getFilter().setMaxResults(appConfiguration.getMaxCount());
+            serviceProviderConfig.getBulk().setMaxOperations(appConfiguration.getBulkMaxOperations());
+            serviceProviderConfig.getBulk().setMaxPayloadSize(appConfiguration.getBulkMaxPayloadSize());
 
             Meta meta = new Meta();
             meta.setLocation(endpointUrl);

@@ -34,6 +34,8 @@ public class AppConfiguration implements Configuration, Serializable {
 
     private ScimMode protectionMode;
     private int maxCount;
+    private int bulkMaxOperations;
+    private long bulkMaxPayloadSize;
     private String userExtensionSchemaURI;
 
     private String loggingLevel;
@@ -102,6 +104,22 @@ public int getMaxCount() {
     public void setMaxCount(int maxCount) {
         this.maxCount = maxCount;
     }
+
+    public int getBulkMaxOperations() {
+        return bulkMaxOperations;
+    }
+
+    public void setBulkMaxOperations(int bulkMaxOperations) {
+        this.bulkMaxOperations = bulkMaxOperations;
+    }
+
+    public long getBulkMaxPayloadSize() {
+        return bulkMaxPayloadSize;
+    }
+
+    public void setBulkMaxPayloadSize(long bulkMaxPayloadSize) {
+        this.bulkMaxPayloadSize = bulkMaxPayloadSize;
+    }
 
     public String getUserExtensionSchemaURI() {
         return userExtensionSchemaURI;