From d67cb07ac0e05a1df05016d2f19bc7aed6cfe39b Mon Sep 17 00:00:00 2001 From: James Daugherty Date: Sun, 14 Jan 2024 09:08:01 -0500 Subject: [PATCH 01/24] Issue #437 - Expanded API for store token --- .../rest/RestOauthService.groovy | 2 +- .../rest/RestAuthenticationFilter.groovy | 2 +- .../rest/RestLogoutFilter.groovy | 4 ++-- .../token/storage/TokenStorageService.groovy | 19 +++++++++++++------ 4 files changed, 17 insertions(+), 10 deletions(-) diff --git a/spring-security-rest/grails-app/services/grails/plugin/springsecurity/rest/RestOauthService.groovy b/spring-security-rest/grails-app/services/grails/plugin/springsecurity/rest/RestOauthService.groovy index 96e8a419d..ae508f437 100644 --- a/spring-security-rest/grails-app/services/grails/plugin/springsecurity/rest/RestOauthService.groovy +++ b/spring-security-rest/grails-app/services/grails/plugin/springsecurity/rest/RestOauthService.groovy @@ -98,7 +98,7 @@ class RestOauthService { log.debug "Generated REST authentication token: ${accessToken}" log.debug "Storing token on the token storage" - tokenStorageService.storeToken(accessToken.accessToken, userDetails) + tokenStorageService.storeToken(accessToken) authenticationEventPublisher.publishTokenCreation(accessToken) diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestAuthenticationFilter.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestAuthenticationFilter.groovy index 1b4e5036f..bb1e95440 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestAuthenticationFilter.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestAuthenticationFilter.groovy @@ -108,7 +108,7 @@ class RestAuthenticationFilter extends GenericFilterBean { AccessToken accessToken = tokenGenerator.generateAccessToken(authenticationResult.principal as UserDetails) log.debug "Generated token: ${accessToken}" - tokenStorageService.storeToken(accessToken.accessToken, authenticationResult.principal as UserDetails) + tokenStorageService.storeToken(accessToken) authenticationEventPublisher.publishTokenCreation(accessToken) authenticationSuccessHandler.onAuthenticationSuccess(httpServletRequest, httpServletResponse, accessToken) SecurityContextHolder.context.setAuthentication(accessToken) diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestLogoutFilter.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestLogoutFilter.groovy index 24d218228..45bd99168 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestLogoutFilter.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestLogoutFilter.groovy @@ -71,11 +71,11 @@ class RestLogoutFilter extends GenericFilterBean { log.debug "Trying to remove the token" tokenStorageService.removeToken accessToken.accessToken } catch (TokenNotFoundException ignored) { - servletResponse.setStatus HttpServletResponse.SC_NOT_FOUND, "Token not found" + servletResponse.sendError HttpServletResponse.SC_NOT_FOUND, "Token not found" } } else { log.debug "Token is missing. Sending a ${HttpServletResponse.SC_BAD_REQUEST} Bad Request response" - servletResponse.setStatus HttpServletResponse.SC_BAD_REQUEST, "Token header is missing" + servletResponse.sendError HttpServletResponse.SC_BAD_REQUEST, "Token header is missing" } } else { diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/TokenStorageService.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/TokenStorageService.groovy index 722c3c4ff..5daf5c190 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/TokenStorageService.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/TokenStorageService.groovy @@ -16,20 +16,20 @@ */ package grails.plugin.springsecurity.rest.token.storage +import grails.plugin.springsecurity.rest.token.AccessToken import org.springframework.security.core.userdetails.UserDetails import org.springframework.security.core.Authentication /** - * Implementations of this interface are responsible to load user information from a token storage system, and to store + * Implementations of this trait are responsible to load user information from a token storage system, and to store * token information into it. */ -interface TokenStorageService { - +trait TokenStorageService { /** * Returns a principal object given the passed token value * @throws TokenNotFoundException if no token is found in the storage */ - UserDetails loadUserByToken(String tokenValue) throws TokenNotFoundException + abstract UserDetails loadUserByToken(String tokenValue) throws TokenNotFoundException /** * Stores a token. It receives the principal to store any additional information together with the token, @@ -37,11 +37,18 @@ interface TokenStorageService { * * @see Authentication#getPrincipal() */ - void storeToken(String tokenValue, UserDetails principal) + void storeToken(String tokenValue, UserDetails principal) {} + + /** + * Stores the access token. Allows for handling of refresh token and other JWT claims as needed. + */ + void storeToken(AccessToken accessToken) { + storeToken(accessToken.accessToken, accessToken.principal) + } /** * Removes a token from the storage. * @throws TokenNotFoundException if the given token is not found in the storage */ - void removeToken(String tokenValue) throws TokenNotFoundException + abstract void removeToken(String tokenValue) throws TokenNotFoundException } From 47ded85a925f82fa51a0fe814681a2cb47775734 Mon Sep 17 00:00:00 2001 From: James Daugherty Date: Sun, 14 Jan 2024 09:08:33 -0500 Subject: [PATCH 02/24] Issue #437 - Call storeToken for new access token on refresh --- .../grails/plugin/springsecurity/rest/RestOauthController.groovy | 1 + 1 file changed, 1 insertion(+) diff --git a/spring-security-rest/grails-app/controllers/grails/plugin/springsecurity/rest/RestOauthController.groovy b/spring-security-rest/grails-app/controllers/grails/plugin/springsecurity/rest/RestOauthController.groovy index 78e2f36c4..a4d477727 100644 --- a/spring-security-rest/grails-app/controllers/grails/plugin/springsecurity/rest/RestOauthController.groovy +++ b/spring-security-rest/grails-app/controllers/grails/plugin/springsecurity/rest/RestOauthController.groovy @@ -136,6 +136,7 @@ class RestOauthController { AccessToken accessToken = tokenGenerator.generateAccessToken(principal, false) accessToken.refreshToken = refreshToken + tokenStorageService.storeToken(accessToken) authenticationEventPublisher.publishTokenCreation(accessToken) response.addHeader 'Cache-Control', 'no-store' From 20e3e673a1d99580536a49afa3431c52f857d073 Mon Sep 17 00:00:00 2001 From: James Daugherty Date: Sun, 14 Jan 2024 09:11:54 -0500 Subject: [PATCH 03/24] Upgrade to Grails 6.6.1 --- .github/workflows/gradle.yml | 2 +- .sdkmanrc | 6 +++++ build.gradle | 22 +++++++++++------- gradle.properties | 17 +++++++++++--- spring-security-rest/build.gradle | 23 ++++++++----------- .../rest/RestOauthController.groovy | 5 ++-- 6 files changed, 47 insertions(+), 28 deletions(-) create mode 100644 .sdkmanrc diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 31b245b69..696a97f49 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -19,7 +19,7 @@ jobs: uses: actions/setup-java@v3 with: distribution: 'adopt' - java-version: 8 + java-version: 11 - name: Run Tests if: github.event_name == 'pull_request' id: tests diff --git a/.sdkmanrc b/.sdkmanrc new file mode 100644 index 000000000..3b09d550b --- /dev/null +++ b/.sdkmanrc @@ -0,0 +1,6 @@ +# Enable auto-env through the sdkman_auto_env config - https://sdkman.io/usage#env +java=11.0.21-librca +grails=6.1.1 +gradle=7.6.3 +groovy=3.0.15 + diff --git a/build.gradle b/build.gradle index 43e23d197..1168d9a4c 100644 --- a/build.gradle +++ b/build.gradle @@ -11,7 +11,8 @@ buildscript { plugins { id 'idea' - id 'io.github.gradle-nexus.publish-plugin' version '1.3.0' + id 'io.github.gradle-nexus.publish-plugin' version "$gradlePublishPlugin" + id "com.github.ben-manes.versions" version "0.39.0" } allprojects { @@ -23,8 +24,8 @@ def profileProjects = ['spring-security-rest-testapp-profile'] def publishedProjects = pluginProjects + profileProjects subprojects { Project project -> - group "org.grails.plugins" - version "3.0.1" + group projectGroup + version projectVersion ext { grailsVersion = project.grailsVersion @@ -47,7 +48,7 @@ subprojects { Project project -> if (project.name in pluginProjects) { - sourceCompatibility = targetCompatibility = 1.8 + sourceCompatibility = targetCompatibility = JavaVersion.toVersion("11") apply plugin: "java-library" @@ -104,7 +105,7 @@ subprojects { Project project -> pom { name = 'Spring Security REST plugin' description = 'Grails plugin to implement token-based, RESTful authentication using Spring Security' - url = 'https://github.com/grails/grails-spring-security-rest' + url = projectUrl licenses { license { name = 'The Apache License, Version 2.0' @@ -122,11 +123,16 @@ subprojects { Project project -> name = 'James Kleeh' email = '' } + developer { + id = 'jdaugherty' + name = "James Daugherty" + email = '' + } } scm { - connection = 'scm:git:https://github.com/grails/grails-spring-security-rest.git' - developerConnection = 'scm:git:https://github.com/grails/grails-spring-security-rest.git' - url = 'https://github.com/grails/grails-spring-security-rest/tree/3.0.x' + connection = scmConnection + developerConnection = scmDeveloperConnection + url = scmUrl } } } diff --git a/gradle.properties b/gradle.properties index 50e96bd79..d43333ec6 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,3 +1,14 @@ -grailsVersion=5.3.2 -grailsGradlePluginVersion=5.3.0 -springSecurityCoreVersion=5.3.0 +projectGroup=org.grails.plugins +projectVersion=5.0.0-SNAPSHOT +grailsVersion=6.1.1 +grailsGradlePluginVersion=6.1.1 +gradlePublishPlugin=1.3.0 +springSecurityCoreVersion=6.1.1 +pac4jVersion=5.7.2 +jackson.version=2.15.0 + +# Publish Information +projectUrl=https://github.com/jdaugherty/grails-spring-security-rest +scmConnection=scm:git:https://github.com/jdaugherty/grails-spring-security-rest.git +scmDeveloperConnection=scm:git:https://github.com/jdaugherty/grails-spring-security-rest.git +scmUrl=https://github.com/jdaugherty/grails-spring-security-rest/tree/5.0.x \ No newline at end of file diff --git a/spring-security-rest/build.gradle b/spring-security-rest/build.gradle index 5822becfd..f80c1b183 100644 --- a/spring-security-rest/build.gradle +++ b/spring-security-rest/build.gradle @@ -1,35 +1,30 @@ -ext { - pac4jVersion = '4.5.7' -} - dependencies { api "org.springframework.boot:spring-boot-starter-actuator" api "org.springframework.boot:spring-boot-starter-tomcat" api "org.grails:grails-dependencies" api "org.grails:grails-web-boot" - api "com.google.guava:guava:23.0" + api "com.google.guava:guava:33.0.0-jre" api "org.pac4j:pac4j-core:${pac4jVersion}" + api "org.pac4j:pac4j-javaee:${pac4jVersion}" api "org.pac4j:pac4j-oauth:${pac4jVersion}" api "org.pac4j:pac4j-cas:${pac4jVersion}" - api 'org.jasig.cas.client:cas-client-core:3.6.1' + api 'org.jasig.cas.client:cas-client-core:3.6.4' - //https://snyk.io/vuln/SNYK-JAVA-ORGBOUNCYCASTLE-472372 - api 'org.bouncycastle:bcprov-jdk15on:1.65' + api 'org.bouncycastle:bcprov-jdk18on:1.77' - api "com.nimbusds:nimbus-jose-jwt:8.17" - api 'commons-codec:commons-codec:1.15' + api "com.nimbusds:nimbus-jose-jwt:9.37.3" + api 'commons-codec:commons-codec:1.16.0' api "org.grails.plugins:spring-security-core:${springSecurityCoreVersion}" - api "commons-fileupload:commons-fileupload:1.4" + api "commons-fileupload:commons-fileupload:1.5" - //https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7489 - api "com.fasterxml.jackson.core:jackson-databind:2.11.0" + api "com.fasterxml.jackson.core:jackson-databind:${project.property('jackson.version')}" testImplementation "org.gperfutils:gbench:0.4.3-groovy-2.4" - testImplementation 'net.bytebuddy:byte-buddy:1.10.10' + testImplementation 'net.bytebuddy:byte-buddy:1.14.11' profile "org.grails.profiles:web-plugin:${grailsVersion}" } diff --git a/spring-security-rest/grails-app/controllers/grails/plugin/springsecurity/rest/RestOauthController.groovy b/spring-security-rest/grails-app/controllers/grails/plugin/springsecurity/rest/RestOauthController.groovy index a4d477727..d490e86d1 100644 --- a/spring-security-rest/grails-app/controllers/grails/plugin/springsecurity/rest/RestOauthController.groovy +++ b/spring-security-rest/grails-app/controllers/grails/plugin/springsecurity/rest/RestOauthController.groovy @@ -26,9 +26,10 @@ import groovy.util.logging.Slf4j import org.apache.commons.codec.binary.Base64 import grails.core.GrailsApplication import org.pac4j.core.client.IndirectClient -import org.pac4j.core.context.JEEContext +import org.pac4j.jee.context.JEEContext import org.pac4j.core.context.WebContext import org.pac4j.core.exception.http.RedirectionAction +import org.pac4j.jee.context.session.JEESessionStore import org.springframework.http.HttpStatus import org.springframework.security.core.userdetails.User @@ -70,7 +71,7 @@ class RestOauthController { } } - RedirectionAction redirectAction = client.getRedirectionAction(context).get() + RedirectionAction redirectAction = client.getRedirectionAction(context, JEESessionStore.INSTANCE).get() log.debug "Redirecting to ${redirectAction.location}" redirect url: redirectAction.location } From a5f330bdff3e2f2c358922d2e7578a6a39bf0d27 Mon Sep 17 00:00:00 2001 From: James Daugherty Date: Sun, 14 Jan 2024 09:41:11 -0500 Subject: [PATCH 04/24] Run gradle check on all eligible branches --- .github/workflows/gradle-check.yml | 27 ++++++++++++++++++++++++ .github/workflows/gradle.yml | 33 ------------------------------ 2 files changed, 27 insertions(+), 33 deletions(-) create mode 100644 .github/workflows/gradle-check.yml delete mode 100644 .github/workflows/gradle.yml diff --git a/.github/workflows/gradle-check.yml b/.github/workflows/gradle-check.yml new file mode 100644 index 000000000..d3e9ba97b --- /dev/null +++ b/.github/workflows/gradle-check.yml @@ -0,0 +1,27 @@ +name: Run tests in project + +on: + push: + branches: + - '[3-9].[0-9].x' + pull_request: + branches: + - '[3-9].[0-9].x' +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Set up JDK + uses: actions/setup-java@v4 + with: + java-version: '11' + distribution: 'liberica' + - name: Setup Gradle + uses: gradle/gradle-build-action@v2 + - name: Run Tests + id: tests + uses: gradle/gradle-build-action@v2 + with: + arguments: | + check \ No newline at end of file diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml deleted file mode 100644 index 696a97f49..000000000 --- a/.github/workflows/gradle.yml +++ /dev/null @@ -1,33 +0,0 @@ -name: Java CI -on: - push: - branches: - - '[3-9].[0-9].x' - pull_request: - branches: - - '[3-9].[0-9].x' - workflow_dispatch: -jobs: - test: - if: github.event_name == 'pull_request' - runs-on: ubuntu-latest - env: - WORKSPACE: ${{ github.workspace }} - steps: - - uses: actions/checkout@v3 - - name: Set up JDK - uses: actions/setup-java@v3 - with: - distribution: 'adopt' - java-version: 11 - - name: Run Tests - if: github.event_name == 'pull_request' - id: tests - uses: gradle/gradle-build-action@v2 - with: - arguments: | - :spring-security-rest:check - env: - GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} - GRADLE_ENTERPRISE_BUILD_CACHE_NODE_USER: ${{ secrets.GRADLE_ENTERPRISE_BUILD_CACHE_NODE_USER }} - GRADLE_ENTERPRISE_BUILD_CACHE_NODE_KEY: ${{ secrets.GRADLE_ENTERPRISE_BUILD_CACHE_NODE_KEY }} \ No newline at end of file From 7540e31423b82db0ba56e0dad7905b1fa03bddda Mon Sep 17 00:00:00 2001 From: James Daugherty Date: Sun, 14 Jan 2024 10:21:01 -0500 Subject: [PATCH 05/24] Do not require the project to be built to detect subprojects --- settings.gradle | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/settings.gradle b/settings.gradle index 2798be5ca..efe33be17 100644 --- a/settings.gradle +++ b/settings.gradle @@ -1,10 +1,10 @@ -include 'spring-security-rest', 'spring-security-rest-memcached', 'spring-security-rest-redis', 'spring-security-rest-grailscache', 'spring-security-rest-gorm', 'spring-security-rest-testapp-profile', 'spring-security-rest-docs' +rootProject.name = 'grails-spring-security-rest' -File build = new File('build') -if (build.exists()) { - build.eachDir { - include it.name - project(":${it.name}").projectDir = it - } -} +include 'spring-security-rest' +include 'spring-security-rest-memcached' +include 'spring-security-rest-redis' +include 'spring-security-rest-grailscache' +include 'spring-security-rest-gorm' +include 'spring-security-rest-testapp-profile' +include 'spring-security-rest-docs' From 2caf405fef08918eff3e8f86c97041adef2baa9f Mon Sep 17 00:00:00 2001 From: James Daugherty Date: Sun, 14 Jan 2024 10:21:10 -0500 Subject: [PATCH 06/24] Support publishing to maven central --- build.gradle | 82 +++++++------------ gradle.properties | 2 +- gradle/publishing.gradle | 72 ++++++++++++++++ .../build.gradle | 51 +----------- 4 files changed, 102 insertions(+), 105 deletions(-) create mode 100644 gradle/publishing.gradle diff --git a/build.gradle b/build.gradle index 1168d9a4c..23eaba947 100644 --- a/build.gradle +++ b/build.gradle @@ -5,6 +5,7 @@ buildscript { } dependencies { classpath "org.grails:grails-gradle-plugin:$grailsGradlePluginVersion" + classpath "io.github.gradle-nexus:publish-plugin:$gradlePublishPlugin" classpath 'com.adarshr:gradle-test-logger-plugin:4.0.0' } } @@ -21,7 +22,9 @@ allprojects { def pluginProjects = ['spring-security-rest', 'spring-security-rest-memcached', 'spring-security-rest-redis', 'spring-security-rest-grailscache', 'spring-security-rest-gorm'] def profileProjects = ['spring-security-rest-testapp-profile'] -def publishedProjects = pluginProjects + profileProjects +def publishedProjects = pluginProjects + +version project.projectVersion subprojects { Project project -> group projectGroup @@ -85,59 +88,8 @@ subprojects { Project project -> apply plugin: "org.grails.grails-profile" } - if (project.name in publishedProjects && project.name != "spring-security-rest-docs" && - project.name != "spring-security-rest-testapp-profile") { - apply plugin: 'maven-publish' - apply plugin: 'signing' - publishing { - publications { - mavenRelease(MavenPublication) { - - groupId = project.group - artifactId = 'spring-security-rest' - version = project.version - - from components.java - - artifact sourcesJar - artifact javadocJar - - pom { - name = 'Spring Security REST plugin' - description = 'Grails plugin to implement token-based, RESTful authentication using Spring Security' - url = projectUrl - licenses { - license { - name = 'The Apache License, Version 2.0' - url = 'https://www.apache.org/licenses/LICENSE-2.0.txt' - } - } - developers { - developer { - id = 'alvarosanchez' - name = 'Alvaro Sanchez-Mariscal' - email = '' - } - developer { - id = 'jameskleeh' - name = 'James Kleeh' - email = '' - } - developer { - id = 'jdaugherty' - name = "James Daugherty" - email = '' - } - } - scm { - connection = scmConnection - developerConnection = scmDeveloperConnection - url = scmUrl - } - } - } - } - } + if (project.name in publishedProjects) { + apply from: rootProject.file("gradle/publishing.gradle") } } @@ -150,4 +102,26 @@ task aggregateGroovyDoc(type: Groovydoc) { destinationDir file("${buildDir}/docs/groovydoc") classpath = files(groovyDocProjects.groovydoc.classpath) groovyClasspath = files(groovyDocProjects.groovydoc.groovyClasspath) +} + +if (project.hasProperty('release')) { + nexusPublishing { + repositories { + sonatype { + def ossUser = System.getenv("SONATYPE_USERNAME") ?: project.hasProperty("sonatypeOssUsername") ? project.sonatypeOssUsername : '' + def ossPass = System.getenv("SONATYPE_PASSWORD") ?: project.hasProperty("sonatypeOssPassword") ? project.sonatypeOssPassword : '' + def ossStagingProfileId = System.getenv("SONATYPE_STAGING_PROFILE_ID") ?: project.hasProperty("sonatypeOssStagingProfileId") ? project.sonatypeOssStagingProfileId : '' + nexusUrl = uri("https://s01.oss.sonatype.org/service/local/") + snapshotRepositoryUrl = uri("https://s01.oss.sonatype.org/content/repositories/snapshots/") + username = ossUser + password = ossPass + stagingProfileId = ossStagingProfileId + } + } + } +} + +//do not generate extra load on Nexus with new staging repository if signing fails +tasks.withType(io.github.gradlenexus.publishplugin.InitializeNexusStagingRepository).configureEach { + shouldRunAfter(tasks.withType(Sign)) } \ No newline at end of file diff --git a/gradle.properties b/gradle.properties index d43333ec6..fa29b8783 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,4 +1,4 @@ -projectGroup=org.grails.plugins +projectGroup=io.github.jdaugherty projectVersion=5.0.0-SNAPSHOT grailsVersion=6.1.1 grailsGradlePluginVersion=6.1.1 diff --git a/gradle/publishing.gradle b/gradle/publishing.gradle new file mode 100644 index 000000000..47db21109 --- /dev/null +++ b/gradle/publishing.gradle @@ -0,0 +1,72 @@ +apply plugin: 'maven-publish' +apply plugin: 'signing' + +ext { + isReleaseVersion = !version.toString().endsWith("SNAPSHOT") +} + +publishing { + publications { + maven(MavenPublication) { + artifactId = project.name + groupId = project.group + version = project.version + + from components.java + + artifact sourcesJar + artifact javadocJar + + pom { + name = 'Spring Security REST plugin' + description = 'Grails plugin to implement token-based, RESTful authentication using Spring Security' + url = project.projectUrl + licenses { + license { + name = 'The Apache License, Version 2.0' + url = 'https://www.apache.org/licenses/LICENSE-2.0.txt' + } + } + developers { + developer { + id = 'alvarosanchez' + name = 'Alvaro Sanchez-Mariscal' + email = '' + } + developer { + id = 'jameskleeh' + name = 'James Kleeh' + email = '' + } + developer { + id = 'jdaugherty' + name = "James Daugherty" + email = '' + } + } + scm { + connection = project.scmConnection + developerConnection = project.scmDeveloperConnection + url = project.scmUrl + } + } + } + } +} + +afterEvaluate { + signing { + ext["signing.keyId"] = System.getenv('SIGNING_KEY_ID') + ext["signing.password"] = System.getenv('SIGNING_PASSPHRASE') + ext["signing.secretKeyRingFile"] = System.getenv('SECRING_FILE') + + required { + isReleaseVersion && gradle.taskGraph.hasTask("publish") + } + sign publishing.publications.maven + } +} + +tasks.withType(Sign) { + onlyIf { isReleaseVersion } +} diff --git a/spring-security-rest-testapp-profile/build.gradle b/spring-security-rest-testapp-profile/build.gradle index 152f52ada..67786c91c 100644 --- a/spring-security-rest-testapp-profile/build.gradle +++ b/spring-security-rest-testapp-profile/build.gradle @@ -1,8 +1,3 @@ -plugins { - id 'maven-publish' - id 'signing' -} - task generateProfileConfig () { copy { from 'profile.yml.tmpl' @@ -21,48 +16,4 @@ task generateProfileConfig () { } } -compileProfile.dependsOn generateProfileConfig - -publishing { - publications { - mavenRelease(MavenPublication) { - - groupId = project.group - artifactId = 'spring-security-rest' - version = project.version - - pom { - name = 'Spring Security REST plugin' - description = 'Grails plugin to implement token-based, RESTful authentication using Spring Security' - url = 'https://github.com/grails/grails-spring-security-rest' - licenses { - license { - name = 'The Apache License, Version 2.0' - url = 'https://www.apache.org/licenses/LICENSE-2.0.txt' - } - } - developers { - developer { - id = 'alvarosanchez' - name = 'Alvaro Sanchez-Mariscal' - email = '' - } - developer { - id = 'jameskleeh' - name = 'James Kleeh' - email = '' - } - } - scm { - connection = 'scm:git:https://github.com/grails/grails-spring-security-rest.git' - developerConnection = 'scm:git:https://github.com/grails/grails-spring-security-rest.git' - url = 'https://github.com/grails/grails-spring-security-rest/tree/3.0.x' - } - } - } - } -} - -signing { - sign publishing.publications.mavenRelease -} +compileProfile.dependsOn generateProfileConfig \ No newline at end of file From fd7740827260dd2f9a852da8d6ab77dfcc2c6771 Mon Sep 17 00:00:00 2001 From: James Daugherty Date: Fri, 27 Sep 2024 06:56:43 -0400 Subject: [PATCH 07/24] Switch back to grails namespace --- gradle.properties | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/gradle.properties b/gradle.properties index fa29b8783..85e813ed0 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,4 +1,4 @@ -projectGroup=io.github.jdaugherty +projectGroup=org.grails.plugins projectVersion=5.0.0-SNAPSHOT grailsVersion=6.1.1 grailsGradlePluginVersion=6.1.1 @@ -8,7 +8,7 @@ pac4jVersion=5.7.2 jackson.version=2.15.0 # Publish Information -projectUrl=https://github.com/jdaugherty/grails-spring-security-rest -scmConnection=scm:git:https://github.com/jdaugherty/grails-spring-security-rest.git -scmDeveloperConnection=scm:git:https://github.com/jdaugherty/grails-spring-security-rest.git -scmUrl=https://github.com/jdaugherty/grails-spring-security-rest/tree/5.0.x \ No newline at end of file +projectUrl=https://github.com/grails/grails-spring-security-rest +scmConnection=scm:git:https://github.com/grails/grails-spring-security-rest.git +scmDeveloperConnection=scm:git:https://github.com/grails/grails-spring-security-rest.git +scmUrl=https://github.com/grails/grails-spring-security-rest/tree/5.0.x \ No newline at end of file From 1e86795e780eea5c15048d8e066cd10640f2e4cd Mon Sep 17 00:00:00 2001 From: James Daugherty Date: Fri, 27 Sep 2024 08:16:44 -0400 Subject: [PATCH 08/24] Switch to JVM that matches other grails plugins --- .sdkmanrc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.sdkmanrc b/.sdkmanrc index 3b09d550b..59bd568a9 100644 --- a/.sdkmanrc +++ b/.sdkmanrc @@ -1,5 +1,5 @@ # Enable auto-env through the sdkman_auto_env config - https://sdkman.io/usage#env -java=11.0.21-librca +java=11.0.24-tem grails=6.1.1 gradle=7.6.3 groovy=3.0.15 From 4afb875ab656a1e3407cad0ecf9221a11c4db5b8 Mon Sep 17 00:00:00 2001 From: James Daugherty Date: Fri, 27 Sep 2024 08:25:02 -0400 Subject: [PATCH 09/24] Update documentation for 5.0.0 release. --- README.md | 78 ++----------------- build.gradle | 7 +- doc.sh | 6 +- spring-security-rest-docs/build.gradle | 25 ++++-- .../docs/{asciidoc => }/authentication.adoc | 0 .../docs/{asciidoc => }/configuration.adoc | 0 .../src/docs/{asciidoc => }/cors.adoc | 0 .../src/docs/{asciidoc => }/debugging.adoc | 0 .../src/docs/{asciidoc => }/events.adoc | 0 .../src/docs/{asciidoc => }/faq.adoc | 8 +- .../src/docs/{asciidoc => }/index.adoc | 36 +++++---- .../src/docs/{asciidoc => }/introduction.adoc | 0 .../src/docs/{asciidoc => }/oauth.adoc | 2 +- .../docs/{asciidoc => }/tokenGeneration.adoc | 0 .../docs/{asciidoc => }/tokenRendering.adoc | 0 .../src/docs/{asciidoc => }/tokenStorage.adoc | 0 .../docs/{asciidoc => }/tokenValidation.adoc | 0 .../src/docs/{asciidoc => }/whatsNew14.adoc | 0 .../src/docs/{asciidoc => }/whatsNew15.adoc | 0 .../src/docs/{asciidoc => }/whatsNew20.adoc | 0 .../src/docs/whatsNew50.adoc | 25 ++++++ 21 files changed, 83 insertions(+), 104 deletions(-) rename spring-security-rest-docs/src/docs/{asciidoc => }/authentication.adoc (100%) rename spring-security-rest-docs/src/docs/{asciidoc => }/configuration.adoc (100%) rename spring-security-rest-docs/src/docs/{asciidoc => }/cors.adoc (100%) rename spring-security-rest-docs/src/docs/{asciidoc => }/debugging.adoc (100%) rename spring-security-rest-docs/src/docs/{asciidoc => }/events.adoc (100%) rename spring-security-rest-docs/src/docs/{asciidoc => }/faq.adoc (92%) rename spring-security-rest-docs/src/docs/{asciidoc => }/index.adoc (77%) rename spring-security-rest-docs/src/docs/{asciidoc => }/introduction.adoc (100%) rename spring-security-rest-docs/src/docs/{asciidoc => }/oauth.adoc (99%) rename spring-security-rest-docs/src/docs/{asciidoc => }/tokenGeneration.adoc (100%) rename spring-security-rest-docs/src/docs/{asciidoc => }/tokenRendering.adoc (100%) rename spring-security-rest-docs/src/docs/{asciidoc => }/tokenStorage.adoc (100%) rename spring-security-rest-docs/src/docs/{asciidoc => }/tokenValidation.adoc (100%) rename spring-security-rest-docs/src/docs/{asciidoc => }/whatsNew14.adoc (100%) rename spring-security-rest-docs/src/docs/{asciidoc => }/whatsNew15.adoc (100%) rename spring-security-rest-docs/src/docs/{asciidoc => }/whatsNew20.adoc (100%) create mode 100644 spring-security-rest-docs/src/docs/whatsNew50.adoc diff --git a/README.md b/README.md index 2c075f1dc..b818ffed5 100644 --- a/README.md +++ b/README.md @@ -1,84 +1,20 @@ Spring Security REST for Grails =========================== -[![Build Status](https://travis-ci.org/grails-plugins/grails-spring-security-rest.svg?branch=develop)](https://travis-ci.org/github/grails-plugins/grails-spring-security-rest) -[![Latest version](https://api.bintray.com/packages/grails/plugins/spring-security-rest/images/download.svg) ](https://bintray.com/grails/plugins/spring-security-rest/_latestVersion) -[![Known Vulnerabilities](https://snyk.io/test/github/alvarosanchez/grails-spring-security-rest/develop/badge.svg)](https://snyk.io/test/github/alvarosanchez/grails-spring-security-rest) +[![Java CI](https://github.com/grails/grails-spring-security-rest/actions/workflows/gradle.yml/badge.svg)](https://github.com/grails/grails-spring-security-rest/actions/workflows/gradle.yml) Grails plugin to implement a stateless, token-based, RESTful authentication -using Spring Security. Sponsored and supported by [Object Computing Inc.](http://www.ociweb.com) +using Spring Security. Documentation: * [User guide](https://grails-plugins.github.io/grails-spring-security-rest/latest/docs/). * [Javadoc](https://grails-plugins.github.io/grails-spring-security-rest/latest/docs/gapi/). -Companies using this plugin ---------------------------- - -* [CloudCard Online Photo Submission](http://www.onlinephotosubmission.com) -* [HealthReveal](http://www.healthreveal.com) -* [Murallo](http://murallo.com) -* [Odobo](http://www.odobo.com) -* [Sharptop Software](http://www.sharptop.io) -* [Zaccak Solutions](http://www.zaccak.com) -* [Lyshnia Limited](https://lyshnia.com) -* [Wiz Panda](https://www.wizpanda.com) -* [Zana Technologies GmbH](https://zana.com) - -_Are you using this plugin and want to be listed here? [Include your company yourself](https://github.com/alvarosanchez/grails-spring-security-rest/edit/develop/README.md)_. - -Support +Branch Structure ------- -* General questions should go to the [`#spring-security-rest` channel in Slack](https://grails.slack.com/messages/spring-security-rest). -* You can also find answers at [StackOverflow](http://stackoverflow.com/questions/tagged/grails+spring-security-rest). Label your questions with both the `grails` and `spring-security-rest` tags. -* If you've got issues, report them [here in GitHub](https://grails-plugins.github.io/grails-spring-security-rest/issues). -* If you need commercial support, you can ask [OCI](http://www.ociweb.com) at [info AT ociweb DOT com](mailto:infoATociwebDOTcom). - -**NOTE**: if you have questions or issues, [enable debug logging](https://grails-plugins.github.io/grails-spring-security-rest/latest/docs/index.html#_debugging), -and include the output in your request. - - -Contributors ------------- - -* [Aaron Eischeid](https://github.com/aeischeid). -* [A.J. Brown](https://github.com/ajbrown). -* [Andrew Wharton](https://github.com/andrew-wharton). -* [André Schmid](https://github.com/andrehschmid). -* [Alonso Torres](https://github.com/Alotor). -* [Bartek Gawel](https://github.com/bgawel). -* [Bob Finch](https://github.com/rbfinch). -* [Bobby Warner](https://github.com/bobbywarner). -* [Burt Beckwith](https://github.com/burtbeckwith). -* [Conall Laverty](https://github.com/conalllaverty). -* [Dennie de Lange](https://github.com/tkvw). -* [Dhiraj Mahapatro](https://github.com/dmahapatro). -* [Donal Murtagh](https://github.com/domurtag). -* [Greg Pagendam-Turner](https://github.com/liftyourgame). -* [James Kleeh](https://github.com/Schlogen). -* [Jonas Ladenfors](https://github.com/jladenfors). -* [Jorge Aguilera](https://github.com/jagedn). -* [Ludovic Ronsin](https://github.com/zeludo). -* [Lukasz Wozniak](https://github.com/stlhrt). -* [Marcos Carceles](https://github.com/marcos-carceles). -* [Michał Lula](https://github.com/michallula). -* [Michal Szulc](https://github.com/majkelo). -* [Nick Larson](https://github.com/nllarson). -* [Philipp Eschenbach](https://github.com/peh). -* [Philippe Gibert](https://github.com/giboow). -* [Polawat Phetra](https://github.com/pphetra). -* [Rafael Vargas](https://github.com/rvargas). -* [Sean Brady](https://github.com/sbrady). -* [Sergey Shatunov](https://github.com/Prototik). -* [Sergio del Amo](https://github.com/sdelamo). -* [Shashank Agrawal](https://github.com/sagrawal31). -* [Svante Rohlin](https://github.com/srohlin). -* [Tomás Crespo](https://github.com/tcrespog). -* [Tony Erskine](https://github.com/tonyerskine). -* [Victor Saar](https://github.com/vsaar). - -License -------- +- `6.0.x` compatible with Grails 7 +- `5.0.x` compatible with Grails 6 +- `3.0.x` compatible with Grails 4 & 5 +- `2.0.x` compatible with Grails 3 -This software is licensed under the terms of the [Apache License, Version 2.0](http://www.apache.org/licenses/LICENSE-2.0.html) diff --git a/build.gradle b/build.gradle index dc9a6fa45..62315a667 100644 --- a/build.gradle +++ b/build.gradle @@ -93,10 +93,13 @@ subprojects { Project project -> } } -task aggregateGroovyDoc(type: Groovydoc) { +tasks.register('aggregateGroovyDoc', org.gradle.api.tasks.javadoc.Groovydoc) { def groovyDocProjects = subprojects.findAll { it.name in pluginProjects } group = JavaBasePlugin.DOCUMENTATION_GROUP - + access = GroovydocAccess.PROTECTED + includeAuthor = false + includeMainForScripts = true + processScripts = true dependsOn groovyDocProjects.groovydoc source groovyDocProjects.groovydoc.source destinationDir file("${buildDir}/docs/groovydoc") diff --git a/doc.sh b/doc.sh index a3f875d03..c23770787 100755 --- a/doc.sh +++ b/doc.sh @@ -25,13 +25,13 @@ if [[ $TRAVIS_PULL_REQUEST == 'false' ]]; then if [[ -n $TRAVIS_TAG ]]; then rm -rf latest/ mkdir -p latest/docs/gapi - cp -r ../spring-security-rest-docs/build/asciidoc/html5/. ./latest/docs + cp -r ../spring-security-rest-docs/build/docs/. ./latest/docs cp -r ../build/docs/groovydoc/. latest/docs/gapi git add latest/* rm -rf "$version" mkdir -p "$version/docs/gapi" - cp -r ../spring-security-rest-docs/build/asciidoc/html5/. "$version/docs" + cp -r ../spring-security-rest-docs/build/docs/. "$version/docs" cp -r ../build/docs/groovydoc/. "$version/docs/gapi" git add "$version/*" fi @@ -39,7 +39,7 @@ if [[ $TRAVIS_PULL_REQUEST == 'false' ]]; then if [[ $TRAVIS_BRANCH == 'develop' && $TRAVIS_REPO_SLUG == 'alvarosanchez/grails-spring-security-rest' ]]; then rm -rf next/ mkdir -p next/docs/gapi - cp -r ../spring-security-rest-docs/build/asciidoc/html5/. ./next/docs + cp -r ../spring-security-rest-docs/build/docs/. ./next/docs cp -r ../build/docs/groovydoc/. next/docs/gapi git add next/* fi diff --git a/spring-security-rest-docs/build.gradle b/spring-security-rest-docs/build.gradle index 6fc0f431c..f7090e88e 100644 --- a/spring-security-rest-docs/build.gradle +++ b/spring-security-rest-docs/build.gradle @@ -1,17 +1,26 @@ +import org.asciidoctor.gradle.jvm.AsciidoctorTask + plugins { - id 'org.asciidoctor.convert' version '2.4.0' + id 'org.asciidoctor.jvm.convert' version "4.0.3" } -asciidoctor { +def asciidoctorAttributes = [ + 'experimental' : 'true', + 'compat-mode' : 'true', + 'toc' : 'left', + 'icons' : 'font', + 'version' : project.version, + 'sourcedir' : "${rootProject.allprojects.find { it.name == 'spring-security-rest'}.projectDir}/src/main/groovy" +] + +tasks.named('asciidoctor', AsciidoctorTask) { resources { from('src/docs/images') into "./images" } - attributes 'experimental' : 'true', - 'compat-mode' : 'true', - 'toc' : 'left', - 'icons' : 'font', - 'version' : project.version, - 'sourcedir' : "${rootProject.allprojects.find { it.name == 'spring-security-rest'}.projectDir}/src/main/groovy" + sourceDir layout.projectDirectory.file('src/docs') + sources { include 'index.adoc' } + outputDir = layout.buildDirectory.file('docs') + attributes asciidoctorAttributes } \ No newline at end of file diff --git a/spring-security-rest-docs/src/docs/asciidoc/authentication.adoc b/spring-security-rest-docs/src/docs/authentication.adoc similarity index 100% rename from spring-security-rest-docs/src/docs/asciidoc/authentication.adoc rename to spring-security-rest-docs/src/docs/authentication.adoc diff --git a/spring-security-rest-docs/src/docs/asciidoc/configuration.adoc b/spring-security-rest-docs/src/docs/configuration.adoc similarity index 100% rename from spring-security-rest-docs/src/docs/asciidoc/configuration.adoc rename to spring-security-rest-docs/src/docs/configuration.adoc diff --git a/spring-security-rest-docs/src/docs/asciidoc/cors.adoc b/spring-security-rest-docs/src/docs/cors.adoc similarity index 100% rename from spring-security-rest-docs/src/docs/asciidoc/cors.adoc rename to spring-security-rest-docs/src/docs/cors.adoc diff --git a/spring-security-rest-docs/src/docs/asciidoc/debugging.adoc b/spring-security-rest-docs/src/docs/debugging.adoc similarity index 100% rename from spring-security-rest-docs/src/docs/asciidoc/debugging.adoc rename to spring-security-rest-docs/src/docs/debugging.adoc diff --git a/spring-security-rest-docs/src/docs/asciidoc/events.adoc b/spring-security-rest-docs/src/docs/events.adoc similarity index 100% rename from spring-security-rest-docs/src/docs/asciidoc/events.adoc rename to spring-security-rest-docs/src/docs/events.adoc diff --git a/spring-security-rest-docs/src/docs/asciidoc/faq.adoc b/spring-security-rest-docs/src/docs/faq.adoc similarity index 92% rename from spring-security-rest-docs/src/docs/asciidoc/faq.adoc rename to spring-security-rest-docs/src/docs/faq.adoc index 66cd21051..a0656c818 100644 --- a/spring-security-rest-docs/src/docs/asciidoc/faq.adoc +++ b/spring-security-rest-docs/src/docs/faq.adoc @@ -1,4 +1,4 @@ -===== Why this token-based implementation? Can't I use HTTP basic authentication? +=== Why this token-based implementation? Can't I use HTTP basic authentication? In theory you can. The only restriction to be truly stateless is to not use HTTP sessions at all. So if you go with basic authentication, you need to transfer the credentials back and forth every time. @@ -26,7 +26,7 @@ A couple of link with further explanations on the token-based flow: * http://www.jamesward.com/2013/05/13/securing-single-page-apps-and-rest-services[] * http://blog.brunoscopelliti.com/authentication-to-a-restful-web-service-in-an-angularjs-web-app[] -===== Why can't the API be secured with OAuth? +=== Why can't the API be secured with OAuth? http://tools.ietf.org/html/rfc6749[RFC 6749 - OAuth 2.0] specification does cover this scenario in what they call "public clients": @@ -42,7 +42,7 @@ The OAuth 2.0 specification supports public clients with the implicit grant. Thi you delegate the authentication to another OAuth provider. If it's you who are authenticating the users (via DB, LDAP, etc), the token-based flow of this plugin is _OAuth-ish_. -===== Why you didn't use any of the existing OAuth plugins? Why pac4j? +=== Why you didn't use any of the existing OAuth plugins? Why pac4j? I'm aware of plugins like http://grails.org/plugin/oauth[OAuth] and http://grails.org/plugin/spring-security-oauth[Spring Security OAuth], but all of them rely on Spring Security Core's @@ -55,7 +55,7 @@ I chose pac4j because: I'm also aware of a pac4j-spring-security module. See my previous response on HTTP sessions. -===== Dude, this is awesome. How can I compensate you? +=== Dude, this is awesome. How can I compensate you? I doubt you can :). You may try giving me free beers the next time you see me in a conference. Or you can just express your gratitude via https://twitter.com/alvaro_sanchez[Twitter]. \ No newline at end of file diff --git a/spring-security-rest-docs/src/docs/asciidoc/index.adoc b/spring-security-rest-docs/src/docs/index.adoc similarity index 77% rename from spring-security-rest-docs/src/docs/asciidoc/index.adoc rename to spring-security-rest-docs/src/docs/index.adoc index 860f2c951..067afc6f0 100644 --- a/spring-security-rest-docs/src/docs/asciidoc/index.adoc +++ b/spring-security-rest-docs/src/docs/index.adoc @@ -1,3 +1,5 @@ +:includedir: src/docs/ + = Spring Security REST for Grails :author: Álvaro Sánchez-Mariscal Arnaiz :email: alvaro.sanchezmariscal@gmail.com @@ -8,19 +10,23 @@ Version: {version} == Introduction to the Spring Security REST plugin -include::introduction.adoc[] +include::{includedir}introduction.adoc[] + +== What's new in 5.0? + +include::{includedir}whatsNew50.adoc[] == What's new in 2.0? -include::whatsNew20.adoc[] +include::{includedir}whatsNew20.adoc[] == What's new in 1.5? -include::whatsNew15.adoc[] +include::{includedir}whatsNew15.adoc[] == What's new in 1.4? -include::whatsNew14.adoc[] +include::{includedir}whatsNew14.adoc[] == Articles and sample projects @@ -43,54 +49,54 @@ include::whatsNew14.adoc[] [[configuration]] == Configuration -include::configuration.adoc[] +include::{includedir}configuration.adoc[] [[events]] == Events -include::events.adoc[] +include::{includedir}events.adoc[] [[authentication]] == Authentication Endpoint -include::authentication.adoc[] +include::{includedir}authentication.adoc[] [[tokenGeneration]] == Token Generation -include::tokenGeneration.adoc[] +include::{includedir}tokenGeneration.adoc[] [[tokenStorage]] == Token Storage -include::tokenStorage.adoc[] +include::{includedir}tokenStorage.adoc[] [[tokenRendering]] == Token Rendering -include::tokenRendering.adoc[] +include::{includedir}tokenRendering.adoc[] [[tokenValidation]] == Token Validation Filter -include::tokenValidation.adoc[] +include::{includedir}tokenValidation.adoc[] [[cors]] == CORS support -include::cors.adoc[] +include::{includedir}cors.adoc[] [[oauth]] == Delegating authentication to OAuth providers -include::oauth.adoc[] +include::{includedir}oauth.adoc[] [[debugging]] == Debugging -include::debugging.adoc[] +include::{includedir}debugging.adoc[] [[faq]] == Frequently Asked Questions -include::faq.adoc[] \ No newline at end of file +include::{includedir}faq.adoc[] \ No newline at end of file diff --git a/spring-security-rest-docs/src/docs/asciidoc/introduction.adoc b/spring-security-rest-docs/src/docs/introduction.adoc similarity index 100% rename from spring-security-rest-docs/src/docs/asciidoc/introduction.adoc rename to spring-security-rest-docs/src/docs/introduction.adoc diff --git a/spring-security-rest-docs/src/docs/asciidoc/oauth.adoc b/spring-security-rest-docs/src/docs/oauth.adoc similarity index 99% rename from spring-security-rest-docs/src/docs/asciidoc/oauth.adoc rename to spring-security-rest-docs/src/docs/oauth.adoc index 96b23c7e3..66d39de69 100644 --- a/spring-security-rest-docs/src/docs/asciidoc/oauth.adoc +++ b/spring-security-rest-docs/src/docs/oauth.adoc @@ -115,7 +115,7 @@ parameter will be empty, and both `error` and `message` params will be appended: Below are some examples on how to configure it for Google, Facebook and Twitter. -==== Google +=== Google Define the following block in your `application.groovy`: diff --git a/spring-security-rest-docs/src/docs/asciidoc/tokenGeneration.adoc b/spring-security-rest-docs/src/docs/tokenGeneration.adoc similarity index 100% rename from spring-security-rest-docs/src/docs/asciidoc/tokenGeneration.adoc rename to spring-security-rest-docs/src/docs/tokenGeneration.adoc diff --git a/spring-security-rest-docs/src/docs/asciidoc/tokenRendering.adoc b/spring-security-rest-docs/src/docs/tokenRendering.adoc similarity index 100% rename from spring-security-rest-docs/src/docs/asciidoc/tokenRendering.adoc rename to spring-security-rest-docs/src/docs/tokenRendering.adoc diff --git a/spring-security-rest-docs/src/docs/asciidoc/tokenStorage.adoc b/spring-security-rest-docs/src/docs/tokenStorage.adoc similarity index 100% rename from spring-security-rest-docs/src/docs/asciidoc/tokenStorage.adoc rename to spring-security-rest-docs/src/docs/tokenStorage.adoc diff --git a/spring-security-rest-docs/src/docs/asciidoc/tokenValidation.adoc b/spring-security-rest-docs/src/docs/tokenValidation.adoc similarity index 100% rename from spring-security-rest-docs/src/docs/asciidoc/tokenValidation.adoc rename to spring-security-rest-docs/src/docs/tokenValidation.adoc diff --git a/spring-security-rest-docs/src/docs/asciidoc/whatsNew14.adoc b/spring-security-rest-docs/src/docs/whatsNew14.adoc similarity index 100% rename from spring-security-rest-docs/src/docs/asciidoc/whatsNew14.adoc rename to spring-security-rest-docs/src/docs/whatsNew14.adoc diff --git a/spring-security-rest-docs/src/docs/asciidoc/whatsNew15.adoc b/spring-security-rest-docs/src/docs/whatsNew15.adoc similarity index 100% rename from spring-security-rest-docs/src/docs/asciidoc/whatsNew15.adoc rename to spring-security-rest-docs/src/docs/whatsNew15.adoc diff --git a/spring-security-rest-docs/src/docs/asciidoc/whatsNew20.adoc b/spring-security-rest-docs/src/docs/whatsNew20.adoc similarity index 100% rename from spring-security-rest-docs/src/docs/asciidoc/whatsNew20.adoc rename to spring-security-rest-docs/src/docs/whatsNew20.adoc diff --git a/spring-security-rest-docs/src/docs/whatsNew50.adoc b/spring-security-rest-docs/src/docs/whatsNew50.adoc new file mode 100644 index 000000000..f3a4355ad --- /dev/null +++ b/spring-security-rest-docs/src/docs/whatsNew50.adoc @@ -0,0 +1,25 @@ +=== Grails 6 support + +This major release is working with Grails 6. It's based on the newer versions of Spring Security Core plugin, +which in turn uses newer Spring Security versions, so make sure you read carefully what the new versions have changed: + +|=== +| Grails Version | `spring-security-rest` version | Spring Security Core docs + +| 6.x +| `6.0.0.RC1` +| https://grails-plugins.github.io/grails-spring-security-core/6.0.x/index.html#whatsNew[] + +|=== + +=== Provide AccessToken object to storeToken and removeToken Methods + +See issue https://github.com/grails/grails-spring-security-rest/issues/437[#437] + +=== Minimum Java Version + +The minimum java version is now 11. + +=== Dependency updates + +Dependencies are updated as of Grails 6.1.1 release date. From 80ec07bef0aaca523fcb27195d10be4055c76276 Mon Sep 17 00:00:00 2001 From: James Daugherty Date: Fri, 27 Sep 2024 08:26:03 -0400 Subject: [PATCH 10/24] Copy issue templates from spring-security-core plugin --- .github/ISSUE_TEMPLATE/bug_report.yaml | 61 +++++++++++++++++++++++++ .github/ISSUE_TEMPLATE/config.yml | 7 +++ .github/ISSUE_TEMPLATE/new_feature.yaml | 13 ++++++ .github/ISSUE_TEMPLATE/other.yaml | 8 ++++ 4 files changed, 89 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/bug_report.yaml create mode 100644 .github/ISSUE_TEMPLATE/config.yml create mode 100644 .github/ISSUE_TEMPLATE/new_feature.yaml create mode 100644 .github/ISSUE_TEMPLATE/other.yaml diff --git a/.github/ISSUE_TEMPLATE/bug_report.yaml b/.github/ISSUE_TEMPLATE/bug_report.yaml new file mode 100644 index 000000000..275d6a373 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.yaml @@ -0,0 +1,61 @@ +name: Bug Report +description: File a bug report +body: + - type: markdown + attributes: + value: | + Thanks for reporting an issue for Grails framework, please review the task list below before submitting the issue. Your issue report will be closed if the issue is incomplete and the below tasks not completed. + + NOTE: If you are unsure about something and the issue is more of a question a better place to ask questions is on Stack Overflow (https://stackoverflow.com/tags/grails) or Slack (https://slack-signup.grails.org). DO NOT use the issue tracker to ask questions. + + NOTE: if you have questions or issues, [enable debug logging](https://grails-plugins.github.io/grails-spring-security-rest/latest/docs/index.html#_debugging), and include the output in your request. + - type: textarea + attributes: + label: Expected Behavior + description: A concise description of what you expected to happen. + placeholder: Tell us what should happen + validations: + required: false + - type: textarea + attributes: + label: Actual Behaviour + description: A concise description of what you're experiencing. + placeholder: Tell us what happens instead + validations: + required: false + - type: textarea + attributes: + label: Steps To Reproduce + description: Steps to reproduce the behavior. + placeholder: | + 1. In this environment... + 2. With this config... + 3. Run '...' + 4. See error... + validations: + required: false + - type: textarea + attributes: + label: Environment Information + description: Environment information where the problem occurs. + placeholder: | + - Operating System: + - JDK Version: + validations: + required: false + - type: input + id: example + attributes: + label: Example Application + description: Example application link. + placeholder: | + Link to GitHub repository with an example that reproduces the issue + validations: + required: false + - type: input + id: version + attributes: + label: Version + description: Grails version + validations: + required: true \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 000000000..1a40780f3 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,7 @@ +contact_links: + - name: Stack Overflow + url: https://stackoverflow.com/tags/grails + about: Ask questions on Stack Overflow + - name: Grails Slack + url: https://grails.slack.com/ + about: Chat with us on Grails Community Slack. \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/new_feature.yaml b/.github/ISSUE_TEMPLATE/new_feature.yaml new file mode 100644 index 000000000..6d0aa2617 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/new_feature.yaml @@ -0,0 +1,13 @@ +name: Feature request +description: Create a new feature request +body: + - type: markdown + attributes: + value: | + Please describe the feature you want for Grails® framework to implement, before that check if there is already an existing issue to add it. + - type: textarea + attributes: + label: Feature description + placeholder: Tell us more about the feature you would like for Grails® framework to have and what problem is it going to solve + validations: + required: true \ No newline at end of file diff --git a/.github/ISSUE_TEMPLATE/other.yaml b/.github/ISSUE_TEMPLATE/other.yaml new file mode 100644 index 000000000..a593ab901 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/other.yaml @@ -0,0 +1,8 @@ +name: Other +description: Something different +body: + - type: textarea + attributes: + label: Issue description + validations: + required: true \ No newline at end of file From d79552798a0b634338ccbef1e4aa7eb1dfe45aab Mon Sep 17 00:00:00 2001 From: James Daugherty Date: Fri, 27 Sep 2024 08:26:43 -0400 Subject: [PATCH 11/24] Copy renovate & dependabot configuration from spring-security-core --- .github/dependabot.yml | 24 +++++++++++++++ .github/renovate.json | 69 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 93 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/renovate.json diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..858cb2cca --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,24 @@ +version: 2 +updates: + - package-ecosystem: gradle + directory: "/" + schedule: + interval: daily + open-pull-requests-limit: 10 + target-branch: 4.0.x + labels: + - "type: dependency upgrade" + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-major", "version-update:semver-minor"] + - package-ecosystem: gradle + directory: "/" + schedule: + interval: daily + open-pull-requests-limit: 10 + target-branch: 3.3.x + labels: + - "type: dependency upgrade" + ignore: + - dependency-name: "*" + update-types: ["version-update:semver-major", "version-update:semver-minor"] \ No newline at end of file diff --git a/.github/renovate.json b/.github/renovate.json new file mode 100644 index 000000000..8d829c091 --- /dev/null +++ b/.github/renovate.json @@ -0,0 +1,69 @@ +{ + "extends": [ + "config:base" + ], + "labels": ["type: dependency upgrade"], + "packageRules": [ + { + "matchPackagePatterns": ["*"], + "allowedVersions": "!/SNAPSHOT$/" + }, + { + "matchPackagePatterns": [ + "^org\\.codehaus\\.groovy" + ], + "groupName": "groovy monorepo" + }, + { + "matchPackagePatterns": [ + "^org\\.seleniumhq" + ], + "groupName": "selenium monorepo" + }, + { + "matchPackagePatterns": [ + "^org\\.spockframework" + ], + "groupName": "spock framework monorepo" + }, + { + "matchPackageNames": [ + "org.grails:grails-bom", + "org.grails:grails-bootstrap", + "org.grails:grails-codecs", + "org.grails:grails-console", + "org.grails:grails-core", + "org.grails:grails-databinding", + "org.grails:grails-dependencies", + "org.grails:grails-docs", + "org.grails:grails-encoder", + "org.grails:grails-gradle-model", + "org.grails:grails-logging", + "org.grails:grails-plugin-codecs", + "org.grails:grails-plugin-controllers", + "org.grails:grails-plugin-databinding", + "org.grails:grails-plugin-datasource", + "org.grails:grails-plugin-domain-class", + "org.grails:grails-plugin-i18n", + "org.grails:grails-plugin-interceptors", + "org.grails:grails-plugin-mimetypes", + "org.grails:grails-plugin-rest", + "org.grails:grails-plugin-services", + "org.grails:grails-plugin-url-mappings", + "org.grails:grails-plugin-url-validation", + "org.grails:grails-shell", + "org.grails:grails-spring", + "org.grails:grails-test", + "org.grails:grails-validation", + "org.grails:grails-web", + "org.grails:grails-web-boot", + "org.grails:grails-web-common", + "org.grails:grails-web-databinding", + "org.grails:grails-web-fileupload", + "org.grails:grails-web-mvc", + "org.grails:grails-web-url-mappings" + ], + "groupName": "grails monorepo" + } + ] +} \ No newline at end of file From 856fb653ebbaad60b89b14577d909225381dd738 Mon Sep 17 00:00:00 2001 From: James Daugherty Date: Fri, 27 Sep 2024 08:36:04 -0400 Subject: [PATCH 12/24] Update redis to latest version to support grails 6 --- spring-security-rest-redis/build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spring-security-rest-redis/build.gradle b/spring-security-rest-redis/build.gradle index 3bfc4e681..da771add9 100644 --- a/spring-security-rest-redis/build.gradle +++ b/spring-security-rest-redis/build.gradle @@ -1,6 +1,6 @@ dependencies { api project(":spring-security-rest") - api "org.grails.plugins:redis:2.0.5" + api "org.grails.plugins:grails-redis:4.0.1" api "redis.clients:jedis" profile "org.grails.profiles:plugin:${grailsVersion}" From cd9427315b36710e7e0b130acbd5e47267628561 Mon Sep 17 00:00:00 2001 From: James Daugherty Date: Fri, 27 Sep 2024 10:19:40 -0400 Subject: [PATCH 13/24] Update license to the same value as spring security core since it's the same license --- LICENSE | 209 +++++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 198 insertions(+), 11 deletions(-) diff --git a/LICENSE b/LICENSE index c5e4c8d0f..261eeb9e9 100644 --- a/LICENSE +++ b/LICENSE @@ -1,14 +1,201 @@ -Copyright 2013-${year} ${name} <${email}> + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - http://www.apache.org/licenses/LICENSE-2.0 + 1. Definitions. -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - \ No newline at end of file + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. From 491be6966385466391f66538c425520ae8bd1ea2 Mon Sep 17 00:00:00 2001 From: James Daugherty Date: Fri, 27 Sep 2024 10:35:59 -0400 Subject: [PATCH 14/24] Setup gradle enterprise similar to spring security core --- settings.gradle | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/settings.gradle b/settings.gradle index efe33be17..2776fb041 100644 --- a/settings.gradle +++ b/settings.gradle @@ -1,3 +1,41 @@ +plugins { + id 'com.gradle.enterprise' version '3.16.2' + id 'com.gradle.common-custom-user-data-gradle-plugin' version '1.13' +} + +gradleEnterprise { + server = 'https://ge.grails.org' + buildScan { + publishAlwaysIf(System.getenv('CI') == 'true') + publishIfAuthenticated() + uploadInBackground = System.getenv('CI') == null + capture { + taskInputFiles = true + } + } +} + +buildCache { + local { enabled = System.getenv('CI') != 'true' } + remote(gradleEnterprise.buildCache) { + def isAuthenticated = System.getenv('GRADLE_ENTERPRISE_ACCESS_KEY') + push = System.getenv('CI') == 'true' && isAuthenticated + enabled = true + } +} + +dependencyResolutionManagement { + versionCatalogs { + libs { + def groovyVersion = System.getenv('GROOVY_VERSION') + if (groovyVersion) { + logger.warn "Using custom version $groovyVersion of Groovy due to GROOVY_VERSION being set." + version('groovy', groovyVersion) + } + } + } +} + rootProject.name = 'grails-spring-security-rest' include 'spring-security-rest' From ea4d599dc7a034ee015dd8eb0501dd6bd6b3f2bc Mon Sep 17 00:00:00 2001 From: James Daugherty Date: Fri, 27 Sep 2024 10:43:58 -0400 Subject: [PATCH 15/24] Updating documentation to have the correct API urls & general cleanup --- build.gradle | 14 +- doc.sh | 52 ------- gradle/docs.gradle | 43 ++++++ spring-security-rest-docs/build.gradle | 17 +-- .../src/docs/authentication.adoc | 8 +- .../src/docs/configuration.adoc | 2 +- spring-security-rest-docs/src/docs/faq.adoc | 5 +- spring-security-rest-docs/src/docs/index.tmpl | 127 ++++++++++++++++++ .../src/docs/introduction.adoc | 2 +- spring-security-rest-docs/src/docs/oauth.adoc | 4 +- .../src/docs/tokenGeneration.adoc | 10 +- .../src/docs/tokenRendering.adoc | 2 +- .../src/docs/tokenStorage.adoc | 4 +- .../src/docs/tokenValidation.adoc | 2 +- .../SpringSecurityRestGormGrailsPlugin.groovy | 11 +- ...SecurityRestGrailsCacheGrailsPlugin.groovy | 11 +- ...ngSecurityRestMemcachedGrailsPlugin.groovy | 11 +- ...SpringSecurityRestRedisGrailsPlugin.groovy | 11 +- .../groovy/memcached/MemcachedSpec.groovy | 4 +- .../groovy/memcached/MemcachedSpec.groovy | 4 +- .../groovy/rest/BearerTokenSpec.groovy | 6 +- .../groovy/rest/CorsSpec.groovy | 2 +- .../groovy/rest/JwtSpec.groovy | 4 +- .../rest/RestAuthenticationFilterSpec.groovy | 2 +- .../rest/RestTokenValidationFilterSpec.groovy | 6 +- .../SpringSecurityRestGrailsPlugin.groovy | 11 +- .../RestAuthenticationProviderSpec.groovy | 4 +- .../rest/RestOauthControllerSpec.groovy | 2 +- .../rest/rfc6750/BearerTokenReaderSpec.groovy | 2 +- .../generation/JwtTokenGeneratorSpec.groovy | 2 +- ...AuthenticationTokenJsonRendererSpec.groovy | 2 +- .../jwt/JwtTokenStorageServiceSpec.groovy | 4 +- 32 files changed, 246 insertions(+), 145 deletions(-) delete mode 100755 doc.sh create mode 100644 gradle/docs.gradle create mode 100644 spring-security-rest-docs/src/docs/index.tmpl diff --git a/build.gradle b/build.gradle index 62315a667..490ab0e11 100644 --- a/build.gradle +++ b/build.gradle @@ -93,19 +93,7 @@ subprojects { Project project -> } } -tasks.register('aggregateGroovyDoc', org.gradle.api.tasks.javadoc.Groovydoc) { - def groovyDocProjects = subprojects.findAll { it.name in pluginProjects } - group = JavaBasePlugin.DOCUMENTATION_GROUP - access = GroovydocAccess.PROTECTED - includeAuthor = false - includeMainForScripts = true - processScripts = true - dependsOn groovyDocProjects.groovydoc - source groovyDocProjects.groovydoc.source - destinationDir file("${buildDir}/docs/groovydoc") - classpath = files(groovyDocProjects.groovydoc.classpath) - groovyClasspath = files(groovyDocProjects.groovydoc.groovyClasspath) -} +apply from: rootProject.file("gradle/docs.gradle") if (project.hasProperty('release')) { nexusPublishing { diff --git a/doc.sh b/doc.sh deleted file mode 100755 index c23770787..000000000 --- a/doc.sh +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash -set -e -set -x - -if [[ $TRAVIS_PULL_REQUEST == 'false' ]]; then - - ./gradlew asciidoctor aggregateGroovyDoc - - version=`cat build.gradle | grep "version \"" | sed -n 's/^[ \t]*version\ "//pg' | sed -n 's/"//pg'` - echo "Preparing release of version $version" - - echo "Configuring git with name ${GIT_NAME} and email ${GIT_EMAIL}" - git config --global user.name "$GIT_NAME" - git config --global user.email "$GIT_EMAIL" - git config --global credential.helper "store --file=~/.git-credentials" - echo "https://$GH_TOKEN:@github.com" > ~/.git-credentials - - git clone --quiet --branch=gh-pages https://${GH_TOKEN}@github.com/${TRAVIS_REPO_SLUG}.git gh-pages > /dev/null - - cd gh-pages - - ./gradlew generateIndex - - # If there is a tag present then this becomes the latest - if [[ -n $TRAVIS_TAG ]]; then - rm -rf latest/ - mkdir -p latest/docs/gapi - cp -r ../spring-security-rest-docs/build/docs/. ./latest/docs - cp -r ../build/docs/groovydoc/. latest/docs/gapi - git add latest/* - - rm -rf "$version" - mkdir -p "$version/docs/gapi" - cp -r ../spring-security-rest-docs/build/docs/. "$version/docs" - cp -r ../build/docs/groovydoc/. "$version/docs/gapi" - git add "$version/*" - fi - - if [[ $TRAVIS_BRANCH == 'develop' && $TRAVIS_REPO_SLUG == 'alvarosanchez/grails-spring-security-rest' ]]; then - rm -rf next/ - mkdir -p next/docs/gapi - cp -r ../spring-security-rest-docs/build/docs/. ./next/docs - cp -r ../build/docs/groovydoc/. next/docs/gapi - git add next/* - fi - - git commit -a -m "Updating docs for Travis build: https://travis-ci.org/$TRAVIS_REPO_SLUG/builds/$TRAVIS_BUILD_ID" - git push origin HEAD - cd .. - rm -rf gh-pages - -fi diff --git a/gradle/docs.gradle b/gradle/docs.gradle new file mode 100644 index 000000000..55979f14f --- /dev/null +++ b/gradle/docs.gradle @@ -0,0 +1,43 @@ +tasks.register('cleanDocs', Delete) { + delete file("${rootProject.buildDir}/docs") +} + +tasks.register('aggregateGroovyApiDoc', Groovydoc) { + def groovyDocProjects = subprojects.findAll { it.name in ['spring-security-rest', 'spring-security-rest-memcached', 'spring-security-rest-redis', 'spring-security-rest-grailscache', 'spring-security-rest-gorm'] } + dependsOn = [tasks.named('cleanDocs')] + groovyDocProjects.collect { it.tasks.named('groovydoc') } + + description = 'Generates Groovy API Documentation for all plugin projects under rootDir/gapi' + + group = JavaBasePlugin.DOCUMENTATION_GROUP + access = GroovydocAccess.PROTECTED + includeAuthor = false + includeMainForScripts = true + processScripts = true + source = groovyDocProjects.groovydoc.source + destinationDir = file("${rootProject.buildDir}/docs/gapi") + classpath = files(groovyDocProjects.groovydoc.classpath) + groovyClasspath = files(groovyDocProjects.groovydoc.groovyClasspath) +} + +tasks.register('docs') { + group = JavaBasePlugin.DOCUMENTATION_GROUP + dependsOn = ['aggregateGroovyApiDoc', 'spring-security-rest-docs:asciidoctor'] + finalizedBy 'copyAsciiDoctorDocs', 'ghPagesRootIndexPage' +} + +tasks.register('copyAsciiDoctorDocs', Copy) { + group = JavaBasePlugin.DOCUMENTATION_GROUP + dependsOn = ['docs'] + from "${rootProject.allprojects.find { it.name == 'spring-security-rest-docs'}.projectDir}/build" + includes = ['docs/**'] + into rootProject.buildDir + includeEmptyDirs = false +} + +tasks.register('ghPagesRootIndexPage', Copy) { + group = 'documentation' + dependsOn = ['docs'] + from file("${rootProject.allprojects.find { it.name == 'spring-security-rest-docs'}.projectDir}/src/docs/index.tmpl") + into layout.buildDirectory + rename 'index.tmpl', 'index.html' +} \ No newline at end of file diff --git a/spring-security-rest-docs/build.gradle b/spring-security-rest-docs/build.gradle index f7090e88e..cfdd611be 100644 --- a/spring-security-rest-docs/build.gradle +++ b/spring-security-rest-docs/build.gradle @@ -5,12 +5,13 @@ plugins { } def asciidoctorAttributes = [ - 'experimental' : 'true', - 'compat-mode' : 'true', - 'toc' : 'left', - 'icons' : 'font', - 'version' : project.version, - 'sourcedir' : "${rootProject.allprojects.find { it.name == 'spring-security-rest'}.projectDir}/src/main/groovy" + 'experimental' : 'true', + 'compat-mode' : 'true', + 'toc' : 'left', + 'icons' : 'font', + 'version' : project.version, + 'sourcedir' : "${rootProject.allprojects.find { it.name == 'spring-security-rest' }.projectDir}/src/main/groovy", + 'baseGroovyApiUrl': "https://grails-plugins.github.io/grails-spring-security-rest/${project.version}/docs/gapi/" ] tasks.named('asciidoctor', AsciidoctorTask) { @@ -19,8 +20,8 @@ tasks.named('asciidoctor', AsciidoctorTask) { into "./images" } - sourceDir layout.projectDirectory.file('src/docs') + sourceDir project.file('src/docs') sources { include 'index.adoc' } - outputDir = layout.buildDirectory.file('docs') + outputDir = project.buildDir.toPath().resolve('docs').toFile() attributes asciidoctorAttributes } \ No newline at end of file diff --git a/spring-security-rest-docs/src/docs/authentication.adoc b/spring-security-rest-docs/src/docs/authentication.adoc index 0ff43f442..d31d98679 100644 --- a/spring-security-rest-docs/src/docs/authentication.adoc +++ b/spring-security-rest-docs/src/docs/authentication.adoc @@ -1,4 +1,4 @@ -The http://alvarosanchez.github.io/grails-spring-security-rest/latest/docs/gapi/grails/plugin/springsecurity/rest/RestAuthenticationFilter.html[authentication filter] +The include::{baseGroovyApiUrl}grails/plugin/springsecurity/rest/RestAuthenticationFilter.html[authentication filter] uses the default `authenticationManager` bean, which in turn uses all the registered authentication providers. See the https://grails-plugins.github.io/grails-spring-security-core/v3/index.html#authenticationProviders[Spring Security Core guide] for more information about how to define your own providers. Note that you can easily plug any Spring Security sub-plugin @@ -90,7 +90,7 @@ grails.plugin.springsecurity.rest.login.passwordPropertyName = 'pwd' ---- If your JSON request format is different, you can plug your own implementation by defining a class which extends -`http://alvarosanchez.github.io/grails-spring-security-rest/latest/docs/gapi/grails/plugin/springsecurity/rest/credentials/AbstractJsonPayloadCredentialsExtractor.html[AbstractJsonPayloadCredentialsExtractor]`. +`include::{baseGroovyApiUrl}grails/plugin/springsecurity/rest/credentials/AbstractJsonPayloadCredentialsExtractor.html[AbstractJsonPayloadCredentialsExtractor]`. The default implementation looks like this: [source,groovy] @@ -126,7 +126,7 @@ Note that the name of the parameters can also be customised: ==== Logout is not possible when using JWT tokens (the default strategy), as no state is kept in the server. If you still want to have logout, you can provide your own implementation by creating a subclass of -http://alvarosanchez.github.io/grails-spring-security-rest/latest/docs/gapi/grails/plugin/springsecurity/rest/token/storage/jwt/JwtTokenStorageService.html[JwtTokenStorageService] +include::{baseGroovyApiUrl}grails/plugin/springsecurity/rest/token/storage/jwt/JwtTokenStorageService.html[JwtTokenStorageService] and overriding the methods `storeToken` and `removeToken`. Then, register your implementation in `resources.groovy` as `tokenStorageService`. @@ -136,7 +136,7 @@ let the tokens expire (they will expire anyway, unlike with other storages like on every access). ==== -The http://alvarosanchez.github.io/grails-spring-security-rest/latest/docs/gapi/grails/plugin/springsecurity/rest/RestLogoutFilter.html[logout filter] +The include::{baseGroovyApiUrl}grails/plugin/springsecurity/rest/RestLogoutFilter.html[logout filter] exposes an endpoint for deleting tokens. It will read the token from an HTTP header. If found, will delete it from the storage, sending a 200 response. Otherwise, it will send a 404 response. diff --git a/spring-security-rest-docs/src/docs/configuration.adoc b/spring-security-rest-docs/src/docs/configuration.adoc index 2932f5a01..68018c2c9 100644 --- a/spring-security-rest-docs/src/docs/configuration.adoc +++ b/spring-security-rest-docs/src/docs/configuration.adoc @@ -44,7 +44,7 @@ Note that configuration properties such as `grails.plugin.springsecurity.rest.to used. Every submodule of the above list will automatically configure the token store appropriately If you want your own token storage system, you need to implement -http://alvarosanchez.github.io/grails-spring-security-rest/latest/docs/gapi/grails/plugin/springsecurity/rest/token/storage/TokenStorageService.html[TokenStorageService] +include::{baseGroovyApiUrl}grails/plugin/springsecurity/rest/token/storage/TokenStorageService.html[TokenStorageService] and register it in `resources.groovy` as `tokenStorageService`. === Plugin configuration diff --git a/spring-security-rest-docs/src/docs/faq.adoc b/spring-security-rest-docs/src/docs/faq.adoc index a0656c818..3e6e50cb0 100644 --- a/spring-security-rest-docs/src/docs/faq.adoc +++ b/spring-security-rest-docs/src/docs/faq.adoc @@ -55,7 +55,6 @@ I chose pac4j because: I'm also aware of a pac4j-spring-security module. See my previous response on HTTP sessions. -=== Dude, this is awesome. How can I compensate you? +=== Project History -I doubt you can :). You may try giving me free beers the next time you see me in a conference. Or you can just express -your gratitude via https://twitter.com/alvaro_sanchez[Twitter]. \ No newline at end of file +Originally this plugin was written by Alvaro Sanchez-Mariscal (https://twitter.com/alvaro_sanchez[Twitter]). It is currently maintained by the Grails Stewards. diff --git a/spring-security-rest-docs/src/docs/index.tmpl b/spring-security-rest-docs/src/docs/index.tmpl new file mode 100644 index 000000000..d07041533 --- /dev/null +++ b/spring-security-rest-docs/src/docs/index.tmpl @@ -0,0 +1,127 @@ + + + + + + +Grails Spring Security Rest Plugin + + + + + + + + Fork me on GitHub + + +
+

Grails Spring Security Rest Plugin

+ +
+ +

Spring Security Rest Plugin - Documentation

+ + +

Grails 6.1.1

+ + +

Grails 4.x.x and 5.x.x

+ + +

Grails 3.x.x

+ + +
+ +
+ + + + + + +
+ +

Download Source

+

+ You can download this project in either + zip or + tar formats. +

+

You can also clone the project with Git by running: + 

$ git clone git://github.com/grails/grails-spring-security-rest
+

+ +
+ + + + diff --git a/spring-security-rest-docs/src/docs/introduction.adoc b/spring-security-rest-docs/src/docs/introduction.adoc index a1b32497f..a8441febc 100644 --- a/spring-security-rest-docs/src/docs/introduction.adoc +++ b/spring-security-rest-docs/src/docs/introduction.adoc @@ -28,7 +28,7 @@ and Grails Cache support for token storage. === Release History -You can view all releases at https://github.com/alvarosanchez/grails-spring-security-rest/releases[]. +You can view all releases at https://github.com/grails/grails-spring-security-rest/releases[]. * 29 August 2016 ** 1.5.4 diff --git a/spring-security-rest-docs/src/docs/oauth.adoc b/spring-security-rest-docs/src/docs/oauth.adoc index 66d39de69..80e34f215 100644 --- a/spring-security-rest-docs/src/docs/oauth.adoc +++ b/spring-security-rest-docs/src/docs/oauth.adoc @@ -77,9 +77,9 @@ You can also define the URL as a `callback` parameter in the original link, eg: In this case, the token will be *concatenated* to the end of the URL. Upon successful OAuth authorisation (after step 6.1 in the above diagram), an -http://alvarosanchez.github.io/grails-spring-security-rest/latest/docs/gapi/grails/plugin/springsecurity/rest/oauth/OauthUser.html[OauthUser] +include::{baseGroovyApiUrl}grails/plugin/springsecurity/rest/oauth/OauthUser.html[OauthUser] will be stored in the security context. This is done by a bean named `oauthUserDetailsService`. The -http://alvarosanchez.github.io/grails-spring-security-rest/latest/docs/gapi/grails/plugin/springsecurity/rest/oauth/DefaultOauthUserDetailsService.html[default implementation] +include::{baseGroovyApiUrl}grails/plugin/springsecurity/rest/oauth/DefaultOauthUserDetailsService.html[default implementation] delegates to the configured `userDetailsService` bean, passing the profile ID as the username: [source,groovy] diff --git a/spring-security-rest-docs/src/docs/tokenGeneration.adoc b/spring-security-rest-docs/src/docs/tokenGeneration.adoc index 7fdcf7438..34bd1dc33 100644 --- a/spring-security-rest-docs/src/docs/tokenGeneration.adoc +++ b/spring-security-rest-docs/src/docs/tokenGeneration.adoc @@ -6,11 +6,11 @@ more information about how this plugin uses JWT's, check the <> se ==== Claims It is possible, to include additional claims in the JWT generated. To do so, you can plug one or more implementations of the interface -http://alvarosanchez.github.io/grails-spring-security-rest/latest/docs/gapi/grails/plugin/springsecurity/rest/token/generation/jwt/CustomClaimProvider.html[`CustomClaimProvider`], +include::{baseGroovyApiUrl}grails/plugin/springsecurity/rest/token/generation/jwt/CustomClaimProvider.html[`CustomClaimProvider`], and register them in Spring. The plugin comes prepackaged with a -http://alvarosanchez.github.io/grails-spring-security-rest/latest/docs/gapi/grails/plugin/springsecurity/rest/token/generation/jwt/IssuerClaimProvider.html[`IssuerClaimProvider`], +include::{baseGroovyApiUrl}grails/plugin/springsecurity/rest/token/generation/jwt/IssuerClaimProvider.html[`IssuerClaimProvider`], that sets the `iss` field of the JWT claim set, and which value is configurable using the following configuration property: `grails.plugin.springsecurity.rest.token.generation.jwt.issuer`. @@ -80,8 +80,8 @@ When using encrypted JWT's, those are the possible configuration options: If you are not using JWT, but any stateful strategy like Memcached or GORM, the following strategies are available: -* http://alvarosanchez.github.io/grails-spring-security-rest/latest/docs/gapi/grails/plugin/springsecurity/rest/token/generation/SecureRandomTokenGenerator.html[Using java.security.SecureRandom]. -* http://alvarosanchez.github.io/grails-spring-security-rest/latest/docs/gapi/grails/plugin/springsecurity/rest/token/generation/UUIDTokenGenerator.html[Using java.util.UUID]. +* include::{baseGroovyApiUrl}grails/plugin/springsecurity/rest/token/generation/SecureRandomTokenGenerator.html[Using java.security.SecureRandom]. +* include::{baseGroovyApiUrl}grails/plugin/springsecurity/rest/token/generation/UUIDTokenGenerator.html[Using java.util.UUID]. The strategy used is configurable: @@ -101,5 +101,5 @@ Both of them generate tokens of 32 alphanumeric characters. That should be enough for most of the human beings. But if you still want to provide your own implementation, simply write a class implementing -http://alvarosanchez.github.io/grails-spring-security-rest/latest/docs/gapi/grails/plugin/springsecurity/rest/token/generation/TokenGenerator.html[TokenGenerator] +include::{baseGroovyApiUrl}grails/plugin/springsecurity/rest/token/generation/TokenGenerator.html[TokenGenerator] and wire it up in `resources.groovy` as `tokenGenerator`. diff --git a/spring-security-rest-docs/src/docs/tokenRendering.adoc b/spring-security-rest-docs/src/docs/tokenRendering.adoc index 1848ece76..39e61ecc5 100644 --- a/spring-security-rest-docs/src/docs/tokenRendering.adoc +++ b/spring-security-rest-docs/src/docs/tokenRendering.adoc @@ -83,7 +83,7 @@ the chapter about token validation first. ==== If you want your own implementation, simply create a class implementing -http://alvarosanchez.github.io/grails-spring-security-rest/docs/gapi/grails/plugin/springsecurity/rest/token/rendering/AccessTokenJsonRenderer.html[AccessTokenJsonRenderer] +include::{baseGroovyApiUrl}grails/plugin/springsecurity/rest/token/rendering/AccessTokenJsonRenderer.html[AccessTokenJsonRenderer] and wire it up in `resources.groovy` with name `accessTokenJsonRenderer`. [NOTE] diff --git a/spring-security-rest-docs/src/docs/tokenStorage.adoc b/spring-security-rest-docs/src/docs/tokenStorage.adoc index a4a57d211..0fe7da30f 100644 --- a/spring-security-rest-docs/src/docs/tokenStorage.adoc +++ b/spring-security-rest-docs/src/docs/tokenStorage.adoc @@ -1,6 +1,6 @@ The tokens are stored on the server using a `tokenStorageService` bean. The plugin comes with out-of-the-box support for JWT, Memcached, GORM and http://grails.org/plugin/cache[Grails Cache], but you can use your own strategy implementing the -http://alvarosanchez.github.io/grails-spring-security-rest/latest/docs/gapi/grails/plugin/springsecurity/rest/token/storage/TokenStorageService.html[TokenStorageService] +include::{baseGroovyApiUrl}grails/plugin/springsecurity/rest/token/storage/TokenStorageService.html[TokenStorageService] interface. [NOTE] @@ -399,5 +399,5 @@ It depends on the specific support of the actual providers. Grails has several p [WARNING] ==== There is a bug in `:cache-ehcache:1.0.0` plugin that will cause issues. It's recommended that you use the latest version. -See https://github.com/alvarosanchez/grails-spring-security-rest/issues/89[#89] for more information. +See https://github.com/grails/grails-spring-security-rest/issues/89[#89] for more information. ==== diff --git a/spring-security-rest-docs/src/docs/tokenValidation.adoc b/spring-security-rest-docs/src/docs/tokenValidation.adoc index e8a12cdd5..fc2a09117 100644 --- a/spring-security-rest-docs/src/docs/tokenValidation.adoc +++ b/spring-security-rest-docs/src/docs/tokenValidation.adoc @@ -49,7 +49,7 @@ grails.plugin.springsecurity.rest.token.validation.headerName = 'X-Auth-Token' ---- If you still want to have full access and read the token from a different part of the request, you can implement a -http://alvarosanchez.github.io/grails-spring-security-rest/latest/docs/gapi/grails/plugin/springsecurity/rest/token/reader/TokenReader.html[TokenReader] +include::{baseGroovyApiUrl}grails/plugin/springsecurity/rest/token/reader/TokenReader.html[TokenReader] and register it in your `resources.groovy` as `tokenReader`. [NOTE] diff --git a/spring-security-rest-gorm/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestGormGrailsPlugin.groovy b/spring-security-rest-gorm/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestGormGrailsPlugin.groovy index e6d2b7ce9..cd5497659 100644 --- a/spring-security-rest-gorm/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestGormGrailsPlugin.groovy +++ b/spring-security-rest-gorm/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestGormGrailsPlugin.groovy @@ -9,7 +9,7 @@ import grails.plugins.Plugin class SpringSecurityRestGormGrailsPlugin extends Plugin { // the version or versions of Grails the plugin is designed for - String grailsVersion = "3.1.0 > *" + String grailsVersion = "6.1.1 > *" List loadAfter = ['springSecurityRest'] List pluginExcludes = [ "grails-app/views/**" @@ -17,20 +17,19 @@ class SpringSecurityRestGormGrailsPlugin extends Plugin { String title = "Spring Security REST Plugin - GORM support" String author = "Alvaro Sanchez-Mariscal" - String authorEmail = "alvaro.sanchezmariscal@gmail.com" String description = 'Implements authentication for REST APIs based on Spring Security. It uses a token-based workflow' def profiles = ['web'] // URL to the plugin's documentation - String documentation = "http://alvarosanchez.github.io/grails-spring-security-rest/" + String documentation = "https://grails-plugins.github.io/grails-spring-security-rest/" // Extra (optional) plugin metadata String license = "APACHE" - def organization = [ name: "Object Computing, Inc.", url: "http://www.ociweb.com" ] + def organization = [name: 'Grails', url: 'https://www.grails.org/'] - def issueManagement = [ system: "GitHub", url: "https://github.com/alvarosanchez/grails-spring-security-rest/issues" ] - def scm = [ url: "https://github.com/alvarosanchez/grails-spring-security-rest" ] + def issueManagement = [ system: "GitHub", url: "https://github.com/grails/grails-spring-security-rest/issues" ] + def scm = [ url: "https://github.com/grails/grails-spring-security-rest" ] Closure doWithSpring() { {-> def conf = SpringSecurityUtils.securityConfig diff --git a/spring-security-rest-grailscache/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestGrailsCacheGrailsPlugin.groovy b/spring-security-rest-grailscache/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestGrailsCacheGrailsPlugin.groovy index 0214b767f..685ffb8ea 100644 --- a/spring-security-rest-grailscache/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestGrailsCacheGrailsPlugin.groovy +++ b/spring-security-rest-grailscache/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestGrailsCacheGrailsPlugin.groovy @@ -9,7 +9,7 @@ import grails.plugins.Plugin class SpringSecurityRestGrailsCacheGrailsPlugin extends Plugin { // the version or versions of Grails the plugin is designed for - String grailsVersion = "3.1.0 > *" + String grailsVersion = "6.1.1 > *" List loadAfter = ['springSecurityRest'] List pluginExcludes = [ "grails-app/views/**" @@ -17,20 +17,19 @@ class SpringSecurityRestGrailsCacheGrailsPlugin extends Plugin { String title = "Spring Security REST Plugin - Grails cache support" String author = "Alvaro Sanchez-Mariscal" - String authorEmail = "alvaro.sanchezmariscal@gmail.com" String description = 'Implements authentication for REST APIs based on Spring Security. It uses a token-based workflow' def profiles = ['web'] // URL to the plugin's documentation - String documentation = "http://alvarosanchez.github.io/grails-spring-security-rest/" + String documentation = "https://grails-plugins.github.io/grails-spring-security-rest/" // Extra (optional) plugin metadata String license = "APACHE" - def organization = [ name: "Object Computing, Inc.", url: "http://www.ociweb.com" ] + def organization = [name: 'Grails', url: 'https://www.grails.org/'] - def issueManagement = [ system: "GitHub", url: "https://github.com/alvarosanchez/grails-spring-security-rest/issues" ] - def scm = [ url: "https://github.com/alvarosanchez/grails-spring-security-rest" ] + def issueManagement = [ system: "GitHub", url: "https://github.com/grails/grails-spring-security-rest/issues" ] + def scm = [ url: "https://github.com/grails/grails-spring-security-rest" ] Closure doWithSpring() { {-> def conf = SpringSecurityUtils.securityConfig diff --git a/spring-security-rest-memcached/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestMemcachedGrailsPlugin.groovy b/spring-security-rest-memcached/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestMemcachedGrailsPlugin.groovy index 19856a648..bfa0fcef4 100644 --- a/spring-security-rest-memcached/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestMemcachedGrailsPlugin.groovy +++ b/spring-security-rest-memcached/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestMemcachedGrailsPlugin.groovy @@ -12,7 +12,7 @@ import net.spy.memcached.spring.MemcachedClientFactoryBean class SpringSecurityRestMemcachedGrailsPlugin extends Plugin { // the version or versions of Grails the plugin is designed for - String grailsVersion = "3.1.0 > *" + String grailsVersion = "6.1.1 > *" List loadAfter = ['springSecurityRest'] List pluginExcludes = [ "grails-app/views/**" @@ -20,20 +20,19 @@ class SpringSecurityRestMemcachedGrailsPlugin extends Plugin { String title = "Spring Security REST Plugin - Memcached support" String author = "Alvaro Sanchez-Mariscal" - String authorEmail = "alvaro.sanchezmariscal@gmail.com" String description = 'Implements authentication for REST APIs based on Spring Security. It uses a token-based workflow' def profiles = ['web'] // URL to the plugin's documentation - String documentation = "http://alvarosanchez.github.io/grails-spring-security-rest/" + String documentation = "https://grails-plugins.github.io/grails-spring-security-rest/" // Extra (optional) plugin metadata String license = "APACHE" - def organization = [ name: "Object Computing, Inc.", url: "http://www.ociweb.com" ] + def organization = [name: 'Grails', url: 'https://www.grails.org/'] - def issueManagement = [ system: "GitHub", url: "https://github.com/alvarosanchez/grails-spring-security-rest/issues" ] - def scm = [ url: "https://github.com/alvarosanchez/grails-spring-security-rest" ] + def issueManagement = [ system: "GitHub", url: "https://github.com/grails/grails-spring-security-rest/issues" ] + def scm = [ url: "https://github.com/grails/grails-spring-security-rest" ] Closure doWithSpring() { {-> def conf = SpringSecurityUtils.securityConfig diff --git a/spring-security-rest-redis/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestRedisGrailsPlugin.groovy b/spring-security-rest-redis/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestRedisGrailsPlugin.groovy index 613280bff..b925430c9 100644 --- a/spring-security-rest-redis/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestRedisGrailsPlugin.groovy +++ b/spring-security-rest-redis/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestRedisGrailsPlugin.groovy @@ -9,7 +9,7 @@ import grails.plugins.* class SpringSecurityRestRedisGrailsPlugin extends Plugin { // the version or versions of Grails the plugin is designed for - String grailsVersion = "3.1.0 > *" + String grailsVersion = "6.1.1 > *" List loadAfter = ['springSecurityRest'] List pluginExcludes = [ "grails-app/views/**" @@ -17,20 +17,19 @@ class SpringSecurityRestRedisGrailsPlugin extends Plugin { String title = "Spring Security REST Plugin - Redis support" String author = "Alvaro Sanchez-Mariscal" - String authorEmail = "alvaro.sanchezmariscal@gmail.com" String description = 'Implements authentication for REST APIs based on Spring Security. It uses a token-based workflow' def profiles = ['web'] // URL to the plugin's documentation - String documentation = "http://alvarosanchez.github.io/grails-spring-security-rest/" + String documentation = "https://grails-plugins.github.io/grails-spring-security-rest/" // Extra (optional) plugin metadata String license = "APACHE" - def organization = [ name: "Object Computing, Inc.", url: "http://www.ociweb.com" ] + def organization = [name: 'Grails', url: 'https://www.grails.org/'] - def issueManagement = [ system: "GitHub", url: "https://github.com/alvarosanchez/grails-spring-security-rest/issues" ] - def scm = [ url: "https://github.com/alvarosanchez/grails-spring-security-rest" ] + def issueManagement = [ system: "GitHub", url: "https://github.com/grails/grails-spring-security-rest/issues" ] + def scm = [ url: "https://github.com/grails/grails-spring-security-rest" ] Closure doWithSpring() { {-> diff --git a/spring-security-rest-testapp-profile/features/memcached1/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy b/spring-security-rest-testapp-profile/features/memcached1/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy index 2aa7f2d90..2f1b28188 100644 --- a/spring-security-rest-testapp-profile/features/memcached1/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy +++ b/spring-security-rest-testapp-profile/features/memcached1/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy @@ -59,7 +59,7 @@ class MemcachedSpec extends AbstractRestSpec { 'Date' | new Date() } - @Issue("https://github.com/alvarosanchez/grails-spring-security-rest/issues/86") + @Issue("https://github.com/grails/grails-spring-security-rest/issues/86") void "Objects stored expire after the expiration time"() { given: memcachedTokenStorageService.expiration = 1 @@ -75,7 +75,7 @@ class MemcachedSpec extends AbstractRestSpec { thrown(TokenNotFoundException) } - @Issue("https://github.com/alvarosanchez/grails-spring-security-rest/issues/86") + @Issue("https://github.com/grails/grails-spring-security-rest/issues/86") void "Objects are refreshed when accessed"() { given: memcachedTokenStorageService.expiration = 2 diff --git a/spring-security-rest-testapp-profile/features/memcached2/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy b/spring-security-rest-testapp-profile/features/memcached2/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy index 2aa7f2d90..2f1b28188 100644 --- a/spring-security-rest-testapp-profile/features/memcached2/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy +++ b/spring-security-rest-testapp-profile/features/memcached2/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy @@ -59,7 +59,7 @@ class MemcachedSpec extends AbstractRestSpec { 'Date' | new Date() } - @Issue("https://github.com/alvarosanchez/grails-spring-security-rest/issues/86") + @Issue("https://github.com/grails/grails-spring-security-rest/issues/86") void "Objects stored expire after the expiration time"() { given: memcachedTokenStorageService.expiration = 1 @@ -75,7 +75,7 @@ class MemcachedSpec extends AbstractRestSpec { thrown(TokenNotFoundException) } - @Issue("https://github.com/alvarosanchez/grails-spring-security-rest/issues/86") + @Issue("https://github.com/grails/grails-spring-security-rest/issues/86") void "Objects are refreshed when accessed"() { given: memcachedTokenStorageService.expiration = 2 diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/BearerTokenSpec.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/BearerTokenSpec.groovy index 9420f32d7..e96c4c0c7 100644 --- a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/BearerTokenSpec.groovy +++ b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/BearerTokenSpec.groovy @@ -22,7 +22,7 @@ import spock.lang.IgnoreIf import spock.lang.Issue @IgnoreIf({ !System.getProperty('useBearerToken', 'false').toBoolean() }) -@Issue("https://github.com/alvarosanchez/grails-spring-security-rest/issues/73") +@Issue("https://github.com/grails/grails-spring-security-rest/issues/73") class BearerTokenSpec extends AbstractRestSpec { void "access token response is compliant with the specification"() { @@ -115,7 +115,7 @@ class BearerTokenSpec extends AbstractRestSpec { response.headers.getFirst('WWW-Authenticate') == 'Bearer' } - @Issue("https://github.com/alvarosanchez/grails-spring-security-rest/issues/98") + @Issue("https://github.com/grails/grails-spring-security-rest/issues/98") void "accessing Anonymous without a token, responds ok"() { when: def response = restBuilder.get("${baseUrl}/anonymous") { @@ -126,7 +126,7 @@ class BearerTokenSpec extends AbstractRestSpec { response.status == 200 } - @Issue("https://github.com/alvarosanchez/grails-spring-security-rest/issues/98") + @Issue("https://github.com/grails/grails-spring-security-rest/issues/98") void "accessing Secured without a token, responds Unauthorized"() { when: RestResponse response = restBuilder.post("${baseUrl}/secured") { diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/CorsSpec.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/CorsSpec.groovy index f1c6235bc..14ba2b56a 100644 --- a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/CorsSpec.groovy +++ b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/CorsSpec.groovy @@ -25,7 +25,7 @@ import spock.lang.Ignore /** * Specification to test CORS support * - * @see https://github.com/alvarosanchez/grails-spring-security-rest/issues/4 + * @see https://github.com/grails/grails-spring-security-rest/issues/4 */ //FIXME @Ignore diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/JwtSpec.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/JwtSpec.groovy index 5261e1d84..29aa3a175 100644 --- a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/JwtSpec.groovy +++ b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/JwtSpec.groovy @@ -173,7 +173,7 @@ class JwtSpec extends AbstractRestSpec { jwt.JWTClaimsSet.issuer == 'Spring Security REST Grails Plugin' } - @Issue("https://github.com/alvarosanchez/grails-spring-security-rest/pull/344") + @Issue("https://github.com/grails/grails-spring-security-rest/pull/344") void "if the user no longer exists, token can't be refreshed"() { given: userDetailsManager.createUser(new User('foo', '{noop}password', [])) @@ -194,7 +194,7 @@ class JwtSpec extends AbstractRestSpec { userDetailsManager.deleteUser('foo') } - @Issue("https://github.com/alvarosanchez/grails-spring-security-rest/pull/344") + @Issue("https://github.com/grails/grails-spring-security-rest/pull/344") @Unroll void "if the user is #status, token can't be refreshed"(User updatedUser, String status) { given: diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestAuthenticationFilterSpec.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestAuthenticationFilterSpec.groovy index 53b65d84b..67c9c13fc 100644 --- a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestAuthenticationFilterSpec.groovy +++ b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestAuthenticationFilterSpec.groovy @@ -86,7 +86,7 @@ class RestAuthenticationFilterSpec extends AbstractRestSpec { response.headers.get('Content-Type')?.first() == 'application/json;charset=UTF-8' } - @Issue("https://github.com/alvarosanchez/grails-spring-security-rest/issues/275") + @Issue("https://github.com/grails/grails-spring-security-rest/issues/275") void "WWW-Authenticate response header is sent on failed logins"() { when: def response = sendWrongCredentials() diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestTokenValidationFilterSpec.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestTokenValidationFilterSpec.groovy index 72e563483..e7647f8f0 100644 --- a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestTokenValidationFilterSpec.groovy +++ b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestTokenValidationFilterSpec.groovy @@ -94,7 +94,7 @@ class RestTokenValidationFilterSpec extends AbstractRestSpec { response.status == 403 } - @Issue("https://github.com/alvarosanchez/grails-spring-security-rest/issues/67") + @Issue("https://github.com/grails/grails-spring-security-rest/issues/67") void "JSESSIONID cookie is not created when using the stateless chain"() { when: RestResponse authResponse = sendCorrectCredentials() as RestResponse @@ -113,7 +113,7 @@ class RestTokenValidationFilterSpec extends AbstractRestSpec { } - @Issue("https://github.com/alvarosanchez/grails-spring-security-rest/issues/74") + @Issue("https://github.com/grails/grails-spring-security-rest/issues/74") void "anonymous access works when enabled"() { when: def response = restBuilder.get("${baseUrl}/anonymous") @@ -124,7 +124,7 @@ class RestTokenValidationFilterSpec extends AbstractRestSpec { } - @Issue("https://github.com/alvarosanchez/grails-spring-security-rest/issues/74") + @Issue("https://github.com/grails/grails-spring-security-rest/issues/74") void "in an anonymous chain, if a token is sent, is validated"() { when: def response = restBuilder.post("${baseUrl}/anonymous") { diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestGrailsPlugin.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestGrailsPlugin.groovy index 92be3832c..baf80b923 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestGrailsPlugin.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestGrailsPlugin.groovy @@ -66,7 +66,7 @@ import org.springframework.security.web.savedrequest.NullRequestCache class SpringSecurityRestGrailsPlugin extends Plugin { // the version or versions of Grails the plugin is designed for - String grailsVersion = "4.0.0 > *" + String grailsVersion = "6.1.1 > *" List loadAfter = ['springSecurityCore'] List pluginExcludes = [ "grails-app/views/**" @@ -74,20 +74,19 @@ class SpringSecurityRestGrailsPlugin extends Plugin { String title = "Spring Security REST Plugin" String author = "Alvaro Sanchez-Mariscal" - String authorEmail = "alvaro.sanchezmariscal@gmail.com" String description = 'Implements authentication for REST APIs based on Spring Security. It uses a token-based workflow' def profiles = ['web'] // URL to the plugin's documentation - String documentation = "http://alvarosanchez.github.io/grails-spring-security-rest/" + String documentation = "https://grails-plugins.github.io/grails-spring-security-rest/" // Extra (optional) plugin metadata String license = "APACHE" - def organization = [ name: "Object Computing, Inc.", url: "http://www.ociweb.com" ] + def organization = [name: 'Grails', url: 'https://www.grails.org/'] - def issueManagement = [ system: "GitHub", url: "https://github.com/alvarosanchez/grails-spring-security-rest/issues" ] - def scm = [ url: "https://github.com/alvarosanchez/grails-spring-security-rest" ] + def issueManagement = [ system: "GitHub", url: "https://github.com/grails/grails-spring-security-rest/issues" ] + def scm = [ url: "https://github.com/grails/grails-spring-security-rest" ] GrailsApplication grailsApplication Closure doWithSpring() { {-> diff --git a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestAuthenticationProviderSpec.groovy b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestAuthenticationProviderSpec.groovy index 05defc434..e1ef59d12 100644 --- a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestAuthenticationProviderSpec.groovy +++ b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestAuthenticationProviderSpec.groovy @@ -30,7 +30,7 @@ class RestAuthenticationProviderSpec extends Specification implements TokenGener this.restAuthenticationProvider.tokenStorageService = new JwtTokenStorageService(jwtService: jwtService, userDetailsService: userDetailsService) } - @Issue("https://github.com/alvarosanchez/grails-spring-security-rest/issues/276") + @Issue("https://github.com/grails/grails-spring-security-rest/issues/276") void "if the JWT's expiration time is null, it's validated successfully"() { given: AccessToken accessToken = tokenGenerator.generateAccessToken(new User('testUser', 'testPassword', []), 0) @@ -42,7 +42,7 @@ class RestAuthenticationProviderSpec extends Specification implements TokenGener result.authenticated } - @Issue("https://github.com/alvarosanchez/grails-spring-security-rest/issues/391") + @Issue("https://github.com/grails/grails-spring-security-rest/issues/391") void "refresh tokens should not be usable for authentication"() { given: AccessToken accessToken = tokenGenerator.generateAccessToken(new User('testUser', 'testPassword', []), 0) diff --git a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestOauthControllerSpec.groovy b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestOauthControllerSpec.groovy index f04bfcee6..2db7bc1fd 100644 --- a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestOauthControllerSpec.groovy +++ b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestOauthControllerSpec.groovy @@ -32,7 +32,7 @@ import spock.lang.Specification import static org.springframework.http.HttpStatus.FORBIDDEN import static org.springframework.http.HttpStatus.INTERNAL_SERVER_ERROR -@Issue("https://github.com/alvarosanchez/grails-spring-security-rest/issues/237") +@Issue("https://github.com/grails/grails-spring-security-rest/issues/237") class RestOauthControllerSpec extends Specification implements ControllerUnitTest { /** diff --git a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/rfc6750/BearerTokenReaderSpec.groovy b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/rfc6750/BearerTokenReaderSpec.groovy index 76c679042..c1b8315c1 100644 --- a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/rfc6750/BearerTokenReaderSpec.groovy +++ b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/rfc6750/BearerTokenReaderSpec.groovy @@ -139,7 +139,7 @@ class BearerTokenReaderSpec extends Specification { !tokenReader.findToken(request) } - @Issue("https://github.com/alvarosanchez/grails-spring-security-rest/issues/235") + @Issue("https://github.com/grails/grails-spring-security-rest/issues/235") def "it doesn't crash if token is missing"() { given: request.addHeader('Authorization', 'Bearer') diff --git a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/generation/JwtTokenGeneratorSpec.groovy b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/generation/JwtTokenGeneratorSpec.groovy index e0ac4372d..69ea3e673 100644 --- a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/generation/JwtTokenGeneratorSpec.groovy +++ b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/generation/JwtTokenGeneratorSpec.groovy @@ -145,7 +145,7 @@ class JwtTokenGeneratorSpec extends Specification implements TokenGeneratorSuppo jwtTokenGenerator << [setupSignedJwtTokenGenerator(), setupEncryptedJwtTokenGenerator()] } - @Issue("https://github.com/alvarosanchez/grails-spring-security-rest/issues/295") + @Issue("https://github.com/grails/grails-spring-security-rest/issues/295") void "custom claims can be added"() { given: SignedJwtTokenGenerator tokenGenerator = setupSignedJwtTokenGenerator() diff --git a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/rendering/DefaultRestAuthenticationTokenJsonRendererSpec.groovy b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/rendering/DefaultRestAuthenticationTokenJsonRendererSpec.groovy index 69d3b1458..dcdb4dec6 100644 --- a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/rendering/DefaultRestAuthenticationTokenJsonRendererSpec.groovy +++ b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/rendering/DefaultRestAuthenticationTokenJsonRendererSpec.groovy @@ -102,7 +102,7 @@ class DefaultRestAuthenticationTokenJsonRendererSpec extends Specification imple } - @Issue('https://github.com/alvarosanchez/grails-spring-security-rest/issues/33') + @Issue('https://github.com/grails/grails-spring-security-rest/issues/33') void "it renders OAuth information if the principal is an OAuthUser"() { given: def username = 'john.doe' diff --git a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/storage/jwt/JwtTokenStorageServiceSpec.groovy b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/storage/jwt/JwtTokenStorageServiceSpec.groovy index d80f6a1d2..ca91eb7ff 100644 --- a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/storage/jwt/JwtTokenStorageServiceSpec.groovy +++ b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/storage/jwt/JwtTokenStorageServiceSpec.groovy @@ -59,7 +59,7 @@ class JwtTokenStorageServiceSpec extends Specification implements ServiceUnitTes thrown(TokenNotFoundException) } - @Issue("https://github.com/alvarosanchez/grails-spring-security-rest/issues/391") + @Issue("https://github.com/grails/grails-spring-security-rest/issues/391") def "refresh token with optional expiration can be successfully loaded"() { given: "an access token that expires" AccessToken accessToken = tokenGenerator.generateAccessToken(new User('testUser', 'testPassword', []), true, 3600, 3600) @@ -75,7 +75,7 @@ class JwtTokenStorageServiceSpec extends Specification implements ServiceUnitTes 1 * service.userDetailsService.loadUserByUsername('testUser') >> { new User('testUser', 'testPassword', []) } } - @Issue("https://github.com/alvarosanchez/grails-spring-security-rest/issues/391") + @Issue("https://github.com/grails/grails-spring-security-rest/issues/391") def "refresh token with optional expiration fails when expired"() { given: AccessToken accessToken = tokenGenerator.generateAccessToken(new User('testUser', 'testPassword', []), true, 3600, 1) From b57ae0c4da979e3353fb3c855585ef176034ff93 Mon Sep 17 00:00:00 2001 From: James Daugherty Date: Fri, 27 Sep 2024 10:45:28 -0400 Subject: [PATCH 16/24] Initial workflow updates based on the spring security core plugin --- .github/release-drafter.yml | 126 ++++++++++++++++++++++++++++ .github/workflows/gradle-check.yml | 27 ------ .github/workflows/gradle.yml | 51 +++++++++++ .github/workflows/release-notes.yml | 51 +++++++++++ .github/workflows/release.yml | 65 ++++++++++---- apply-gitflow.sh | 10 --- 6 files changed, 277 insertions(+), 53 deletions(-) create mode 100644 .github/release-drafter.yml delete mode 100644 .github/workflows/gradle-check.yml create mode 100644 .github/workflows/gradle.yml create mode 100644 .github/workflows/release-notes.yml delete mode 100755 apply-gitflow.sh diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml new file mode 100644 index 000000000..76d53db50 --- /dev/null +++ b/.github/release-drafter.yml @@ -0,0 +1,126 @@ +name-template: $RESOLVED_VERSION +tag-template: v$RESOLVED_VERSION +pull-request: + title-templates: + fix: '🐛 $TITLE (#$NUMBER)' + feat: '🚀 $TITLE (#$NUMBER)' + default: '$TITLE (#$NUMBER)' +autolabeler: + - label: 'bug' + branch: + - '/fix\/.+/' + title: + - '/fix/i' + - label: 'feature' + branch: + - '/feature\/.+/' + title: + - '/feat/i' + - label: 'documentation' + branch: + - '/docs\/.+/' + title: + - '/docs/i' + - label: 'maintenance' + branch: + - '/(chore|refactor|style|test|ci|perf|build|deps)\/.+/' + title: + - '/(chore|refactor|style|test|ci|perf|build|deps)/i' + - label: 'chore' + branch: + - '/chore\/.+/' + title: + - '/chore/i' + - label: 'refactor' + branch: + - '/refactor\/.+/' + title: + - '/refactor/i' + - label: 'style' + branch: + - '/style\/.+/' + title: + - '/style/i' + - label: 'test' + branch: + - '/test\/.+/' + title: + - '/test/i' + - label: 'ci' + branch: + - '/ci\/.+/' + title: + - '/ci/i' + - label: 'perf' + branch: + - '/perf\/.+/' + title: + - '/perf/i' + - label: 'build' + branch: + - '/build\/.+/' + title: + - '/build/i' + - label: 'deps' + branch: + - '/deps\/.+/' + title: + - '/deps/i' + - label: 'revert' + branch: + - '/revert\/.+/' + title: + - '/revert/i' +categories: + - title: '🚀 Features' + labels: + - 'feat' + - "type: enhancement" + - "type: new feature" + - "type: major" + - title: '🐛 Bug Fixes' + labels: + - 'fix' + - "type: improvement" + - "type: bug" + - "type: minor" + - title: '📚 Documentation' + labels: + - 'docs' + - title: '🔧 Maintenance' + labels: + - 'chore' + - 'refactor' + - 'style' + - 'test' + - 'ci' + - 'perf' + - 'build' + - 'deps' + - "type: dependency upgrade" + - "dependencies" + - "type: ci" + - "type: build" + - title: '⏪ Reverts' + labels: + - 'revert' +change-template: '- $TITLE @$AUTHOR (#$NUMBER)' +version-resolver: + major: + labels: + - 'type: major' + minor: + labels: + - 'type: minor' + patch: + labels: + - 'type: patch' + default: patch +template: | + ## What's Changed + + $CHANGES + + ## Contributors + + $CONTRIBUTORS \ No newline at end of file diff --git a/.github/workflows/gradle-check.yml b/.github/workflows/gradle-check.yml deleted file mode 100644 index d3e9ba97b..000000000 --- a/.github/workflows/gradle-check.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: Run tests in project - -on: - push: - branches: - - '[3-9].[0-9].x' - pull_request: - branches: - - '[3-9].[0-9].x' -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Set up JDK - uses: actions/setup-java@v4 - with: - java-version: '11' - distribution: 'liberica' - - name: Setup Gradle - uses: gradle/gradle-build-action@v2 - - name: Run Tests - id: tests - uses: gradle/gradle-build-action@v2 - with: - arguments: | - check \ No newline at end of file diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml new file mode 100644 index 000000000..3ca8e7f91 --- /dev/null +++ b/.github/workflows/gradle.yml @@ -0,0 +1,51 @@ +name: Java CI +on: + push: + branches: + - '[5-9].[0-9].x' + pull_request: + branches: + - '[5-9].[0-9].x' + workflow_dispatch: +jobs: + core-tests: + if: github.event_name == 'pull_request' + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Wrapper Integrity + uses: gradle/actions/wrapper-validation@v3 + - name: Setup Java + uses: actions/setup-java@v4 + with: { java-version: 11, distribution: temurin } + - name: Run Tests + uses: gradle/actions/setup-gradle@v3 + env: + GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} + with: + arguments: | + check + --refresh-dependencies + -Dgeb.env=chromeHeadless + build: + if: github.event_name == 'push' + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + - name: Wrapper Integrity + uses: gradle/wrapper-validation-action@v2 + - name: Setup Java + uses: actions/setup-java@v4 + with: { java-version: 11, distribution: temurin } + - name: Run Build + id: build + uses: gradle/actions/setup-gradle@v3 + env: + GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} + with: + arguments: | + check + --refresh-dependencies + -Dgeb.env=chromeHeadless \ No newline at end of file diff --git a/.github/workflows/release-notes.yml b/.github/workflows/release-notes.yml new file mode 100644 index 000000000..b95fe2a8d --- /dev/null +++ b/.github/workflows/release-notes.yml @@ -0,0 +1,51 @@ +name: Changelog +on: + issues: + types: [closed,reopened] + push: + branches: + - '[5-9].[0-9].x' + pull_request: + types: [opened, reopened, synchronize] + pull_request_target: + types: [opened, reopened, synchronize] + workflow_dispatch: +jobs: + release_notes: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Check if it has release drafter config file + id: check_release_drafter + run: | + has_release_drafter=$([ -f .github/release-drafter.yml ] && echo "true" || echo "false") + echo "has_release_drafter=${has_release_drafter}" >> $GITHUB_OUTPUT + - name: Extract branch name + id: extract_branch + run: echo "value=${GITHUB_REF:11}" >> $GITHUB_OUTPUT + # If it has release drafter: + - uses: release-drafter/release-drafter@v6 + if: steps.check_release_drafter.outputs.has_release_drafter == 'true' + env: + GITHUB_TOKEN: ${{ secrets.GH_TOKEN }} + with: + commitish: ${{ steps.extract_branch.outputs.value }} + # Otherwise: + - name: Export Gradle Properties + if: steps.check_release_drafter.outputs.has_release_drafter == 'false' + uses: micronaut-projects/github-actions/export-gradle-properties@master + - uses: micronaut-projects/github-actions/release-notes@master + if: steps.check_release_drafter.outputs.has_release_drafter == 'false' + id: release_notes + with: + token: ${{ secrets.GH_TOKEN }} + - uses: ncipollo/release-action@v1 + if: steps.check_release_drafter.outputs.has_release_drafter == 'false' && steps.release_notes.outputs.generated_changelog == 'true' + with: + allowUpdates: true + commit: ${{ steps.release_notes.outputs.current_branch }} + draft: true + name: ${{ env.title }} ${{ steps.release_notes.outputs.next_version }} + tag: v${{ steps.release_notes.outputs.next_version }} + bodyFile: CHANGELOG.md + token: ${{ secrets.GH_TOKEN }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 04cb4e52b..fb86fbbc7 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -2,33 +2,66 @@ name: Release on: release: types: [published] - workflow_dispatch: +env: + GIT_USER_NAME: 'grails-build' + GIT_USER_EMAIL: 'grails-build@users.noreply.github.com' jobs: release: runs-on: ubuntu-latest - env: - WORKSPACE: ${{ github.workspace }} steps: - - uses: actions/checkout@v3 - - name: Set up JDK - uses: actions/setup-java@v3 - with: - distribution: 'adopt' - java-version: 8 - - name: Publish + - name: Checkout + uses: actions/checkout@v4 + - name: Wrapper Integrity + uses: gradle/actions/wrapper-validation@v3 + - name: Setup Java + uses: actions/setup-java@v4 + with: { java-version: 11, distribution: temurin } + - name: Get the current release version + id: release_version + run: echo "release_version=${GITHUB_REF:11}" >> $GITHUB_OUTPUT + - name: Tag the release version + uses: micronaut-projects/github-actions/pre-release@master + - name: Generate secring file + env: + SECRING_FILE: ${{ secrets.SECRING_FILE }} + run: echo $SECRING_FILE | base64 -d > ${{ github.workspace }}/secring.gpg + - name: Publish to Sonatype + id: publish_to_sonatype + uses: gradle/actions/setup-gradle@v3 env: GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} GRADLE_ENTERPRISE_BUILD_CACHE_NODE_USER: ${{ secrets.GRADLE_ENTERPRISE_BUILD_CACHE_NODE_USER }} GRADLE_ENTERPRISE_BUILD_CACHE_NODE_KEY: ${{ secrets.GRADLE_ENTERPRISE_BUILD_CACHE_NODE_KEY }} - ARTIFACTORY_USERNAME: ${{ secrets.ARTIFACTORY_USERNAME }} - ARTIFACTORY_PASSWORD: ${{ secrets.ARTIFACTORY_PASSWORD }} SONATYPE_USERNAME: ${{ secrets.SONATYPE_USERNAME }} SONATYPE_PASSWORD: ${{ secrets.SONATYPE_PASSWORD }} SONATYPE_STAGING_PROFILE_ID: ${{ secrets.SONATYPE_STAGING_PROFILE_ID }} + SONATYPE_NEXUS_URL: ${{ secrets.SONATYPE_NEXUS_URL }} SIGNING_KEY: ${{ secrets.SIGNING_KEY }} SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }} SECRING_FILE: ${{ secrets.SECRING_FILE }} - run: | - echo $SECRING_FILE | base64 -d > secring.gpg - echo "Publishing Artifacts" - (set -x; ./gradlew -Psigning.secretKeyRingFile="${WORKSPACE}/secring.gpg" publish publishToSonatype closeAndReleaseSonatypeStagingRepository --no-daemon) + with: + arguments: | + -Psigning.secretKeyRingFile=${{ github.workspace }}/secring.gpg + publishToSonatype + closeAndReleaseSonatypeStagingRepository + - name: Generate Documentation + if: success() + uses: gradle/actions/setup-gradle@v3 + env: + GRADLE_ENTERPRISE_ACCESS_KEY: ${{ secrets.GRADLE_ENTERPRISE_ACCESS_KEY }} + with: + arguments: docs + - name: Publish Documentation to Github Pages + if: success() + uses: micronaut-projects/github-pages-deploy-action@grails + env: + BRANCH: gh-pages + COMMIT_EMAIL: ${{ env.GIT_USER_EMAIL }} + COMMIT_NAME: ${{ env.GIT_USER_NAME }} + FOLDER: build/docs + GH_TOKEN: ${{ secrets.GH_TOKEN }} + SKIP_SNAPSHOT: ${{ contains(steps.release_version.outputs.release_version, 'M') }} + VERSION: ${{ steps.release_version.outputs.release_version }} + - name: Run post-release + if: steps.publish_to_sonatype.outcome == 'success' + uses: micronaut-projects/github-actions/post-release@master \ No newline at end of file diff --git a/apply-gitflow.sh b/apply-gitflow.sh deleted file mode 100755 index 314fcffc1..000000000 --- a/apply-gitflow.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/sh - -git config gitflow.branch.master 'master' -git config gitflow.branch.develop 'develop' -git config gitflow.prefix.feature 'feature/' -git config gitflow.prefix.release 'release/' -git config gitflow.prefix.hotfix 'hotfix/' -git config gitflow.prefix.support 'support/' -git config gitflow.prefix.versiontag '' -git config gitflow.feature.finish.rebase true \ No newline at end of file From ca3a98713ab1b4ca629624447b728f9630ef5c2c Mon Sep 17 00:00:00 2001 From: James Daugherty Date: Fri, 27 Sep 2024 18:37:39 -0400 Subject: [PATCH 17/24] Remove old testapp-profile project since it's no longer used --- build.gradle | 9 +- generate-test-apps.sh | 19 -- settings.gradle | 1 - .../.gitignore | 2 - .../build.gradle | 19 -- .../features/gorm1/feature.yml.tmpl | 13 - .../features/gorm1/skeleton/build.gradle | 6 - .../grails-app/conf/application.groovy | 66 ----- .../skeleton/grails-app/conf/application.yml | 43 ---- .../grails-app/domain/gorm/AccessToken.groovy | 12 - .../groovy/rest/RestLogoutFilterSpec.groovy | 89 ------- .../features/gorm2/feature.yml.tmpl | 13 - .../features/gorm2/skeleton/build.gradle | 6 - .../grails-app/conf/application.groovy | 29 --- .../skeleton/grails-app/conf/application.yml | 43 ---- .../grails-app/domain/gorm/AccessToken.groovy | 12 - .../groovy/rest/RestLogoutFilterSpec.groovy | 89 ------- .../features/grailscache1/feature.yml.tmpl | 4 - .../grailscache1/skeleton/build.gradle | 6 - .../grails-app/conf/application.groovy | 60 ----- .../features/grailscache2/feature.yml.tmpl | 4 - .../grailscache2/skeleton/build.gradle | 6 - .../grails-app/conf/application.groovy | 24 -- .../features/jwt1/feature.yml.tmpl | 1 - .../features/jwt1/skeleton/build.gradle | 6 - .../grails-app/conf/application.groovy | 66 ----- .../controllers/rest/JwtController.groovy | 17 -- .../JwtRestTokenValidationFilterSpec.groovy | 48 ---- .../features/jwt2/feature.yml.tmpl | 1 - .../features/jwt2/skeleton/build.gradle | 19 -- .../grails-app/conf/application.groovy | 36 --- .../features/memcached1/feature.yml.tmpl | 4 - .../features/memcached1/skeleton/build.gradle | 6 - .../grails-app/conf/application.groovy | 60 ----- .../groovy/memcached/MemcachedSpec.groovy | 100 -------- .../features/memcached2/feature.yml.tmpl | 4 - .../features/memcached2/skeleton/build.gradle | 6 - .../grails-app/conf/application.groovy | 25 -- .../groovy/memcached/MemcachedSpec.groovy | 100 -------- .../features/redis1/feature.yml.tmpl | 5 - .../features/redis1/skeleton/build.gradle | 6 - .../grails-app/conf/application.groovy | 60 ----- .../groovy/redis/RedisSpec.groovy | 82 ------- .../features/redis2/feature.yml.tmpl | 5 - .../features/redis2/skeleton/build.gradle | 6 - .../grails-app/conf/application.groovy | 24 -- .../groovy/redis/RedisSpec.groovy | 82 ------- .../gradle.properties | 1 - .../keys/private_key.der | Bin 1217 -> 0 bytes .../keys/public_key.der | Bin 294 -> 0 bytes .../profile.yml.tmpl | 22 -- .../skeleton/build.gradle | 14 -- .../skeleton/grails-app/conf/application.yml | 2 - .../skeleton/grails-app/conf/logback.groovy | 29 --- .../grails-app/conf/spring/resources.groovy | 11 - .../grails-app/controllers/UrlMappings.groovy | 14 -- .../rest/AnonymousController.groovy | 11 - .../controllers/rest/PublicController.groovy | 8 - .../controllers/rest/SecuredController.groovy | 18 -- .../skeleton/grails-app/init/BootStrap.groovy | 20 -- .../integration-test/groovy/GebConfig.groovy | 57 ----- .../selenium/browserlaunchers/Proxies.groovy | 9 - .../groovy/rest/AbstractRestSpec.groovy | 67 ------ .../groovy/rest/BearerTokenSpec.groovy | 157 ------------ .../groovy/rest/CorsSpec.groovy | 50 ---- .../groovy/rest/FrontendCallbackPage.groovy | 30 --- .../groovy/rest/JwtSpec.groovy | 226 ------------------ .../rest/RestAuthenticationFilterSpec.groovy | 108 --------- .../rest/RestTokenValidationFilterSpec.groovy | 139 ----------- .../groovy/rest/ValidateEndpointSpec.groovy | 62 ----- 70 files changed, 1 insertion(+), 2398 deletions(-) delete mode 100755 generate-test-apps.sh delete mode 100644 spring-security-rest-testapp-profile/.gitignore delete mode 100644 spring-security-rest-testapp-profile/build.gradle delete mode 100644 spring-security-rest-testapp-profile/features/gorm1/feature.yml.tmpl delete mode 100644 spring-security-rest-testapp-profile/features/gorm1/skeleton/build.gradle delete mode 100644 spring-security-rest-testapp-profile/features/gorm1/skeleton/grails-app/conf/application.groovy delete mode 100644 spring-security-rest-testapp-profile/features/gorm1/skeleton/grails-app/conf/application.yml delete mode 100644 spring-security-rest-testapp-profile/features/gorm1/skeleton/grails-app/domain/gorm/AccessToken.groovy delete mode 100644 spring-security-rest-testapp-profile/features/gorm1/skeleton/src/integration-test/groovy/rest/RestLogoutFilterSpec.groovy delete mode 100644 spring-security-rest-testapp-profile/features/gorm2/feature.yml.tmpl delete mode 100644 spring-security-rest-testapp-profile/features/gorm2/skeleton/build.gradle delete mode 100644 spring-security-rest-testapp-profile/features/gorm2/skeleton/grails-app/conf/application.groovy delete mode 100644 spring-security-rest-testapp-profile/features/gorm2/skeleton/grails-app/conf/application.yml delete mode 100644 spring-security-rest-testapp-profile/features/gorm2/skeleton/grails-app/domain/gorm/AccessToken.groovy delete mode 100644 spring-security-rest-testapp-profile/features/gorm2/skeleton/src/integration-test/groovy/rest/RestLogoutFilterSpec.groovy delete mode 100644 spring-security-rest-testapp-profile/features/grailscache1/feature.yml.tmpl delete mode 100644 spring-security-rest-testapp-profile/features/grailscache1/skeleton/build.gradle delete mode 100644 spring-security-rest-testapp-profile/features/grailscache1/skeleton/grails-app/conf/application.groovy delete mode 100644 spring-security-rest-testapp-profile/features/grailscache2/feature.yml.tmpl delete mode 100644 spring-security-rest-testapp-profile/features/grailscache2/skeleton/build.gradle delete mode 100644 spring-security-rest-testapp-profile/features/grailscache2/skeleton/grails-app/conf/application.groovy delete mode 100644 spring-security-rest-testapp-profile/features/jwt1/feature.yml.tmpl delete mode 100644 spring-security-rest-testapp-profile/features/jwt1/skeleton/build.gradle delete mode 100644 spring-security-rest-testapp-profile/features/jwt1/skeleton/grails-app/conf/application.groovy delete mode 100644 spring-security-rest-testapp-profile/features/jwt1/skeleton/grails-app/controllers/rest/JwtController.groovy delete mode 100644 spring-security-rest-testapp-profile/features/jwt1/skeleton/src/integration-test/groovy/rest/JwtRestTokenValidationFilterSpec.groovy delete mode 100644 spring-security-rest-testapp-profile/features/jwt2/feature.yml.tmpl delete mode 100644 spring-security-rest-testapp-profile/features/jwt2/skeleton/build.gradle delete mode 100644 spring-security-rest-testapp-profile/features/jwt2/skeleton/grails-app/conf/application.groovy delete mode 100644 spring-security-rest-testapp-profile/features/memcached1/feature.yml.tmpl delete mode 100644 spring-security-rest-testapp-profile/features/memcached1/skeleton/build.gradle delete mode 100644 spring-security-rest-testapp-profile/features/memcached1/skeleton/grails-app/conf/application.groovy delete mode 100644 spring-security-rest-testapp-profile/features/memcached1/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy delete mode 100644 spring-security-rest-testapp-profile/features/memcached2/feature.yml.tmpl delete mode 100644 spring-security-rest-testapp-profile/features/memcached2/skeleton/build.gradle delete mode 100644 spring-security-rest-testapp-profile/features/memcached2/skeleton/grails-app/conf/application.groovy delete mode 100644 spring-security-rest-testapp-profile/features/memcached2/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy delete mode 100644 spring-security-rest-testapp-profile/features/redis1/feature.yml.tmpl delete mode 100644 spring-security-rest-testapp-profile/features/redis1/skeleton/build.gradle delete mode 100644 spring-security-rest-testapp-profile/features/redis1/skeleton/grails-app/conf/application.groovy delete mode 100644 spring-security-rest-testapp-profile/features/redis1/skeleton/src/integration-test/groovy/redis/RedisSpec.groovy delete mode 100644 spring-security-rest-testapp-profile/features/redis2/feature.yml.tmpl delete mode 100644 spring-security-rest-testapp-profile/features/redis2/skeleton/build.gradle delete mode 100644 spring-security-rest-testapp-profile/features/redis2/skeleton/grails-app/conf/application.groovy delete mode 100644 spring-security-rest-testapp-profile/features/redis2/skeleton/src/integration-test/groovy/redis/RedisSpec.groovy delete mode 100644 spring-security-rest-testapp-profile/gradle.properties delete mode 100644 spring-security-rest-testapp-profile/keys/private_key.der delete mode 100644 spring-security-rest-testapp-profile/keys/public_key.der delete mode 100644 spring-security-rest-testapp-profile/profile.yml.tmpl delete mode 100644 spring-security-rest-testapp-profile/skeleton/build.gradle delete mode 100644 spring-security-rest-testapp-profile/skeleton/grails-app/conf/application.yml delete mode 100644 spring-security-rest-testapp-profile/skeleton/grails-app/conf/logback.groovy delete mode 100644 spring-security-rest-testapp-profile/skeleton/grails-app/conf/spring/resources.groovy delete mode 100644 spring-security-rest-testapp-profile/skeleton/grails-app/controllers/UrlMappings.groovy delete mode 100644 spring-security-rest-testapp-profile/skeleton/grails-app/controllers/rest/AnonymousController.groovy delete mode 100644 spring-security-rest-testapp-profile/skeleton/grails-app/controllers/rest/PublicController.groovy delete mode 100644 spring-security-rest-testapp-profile/skeleton/grails-app/controllers/rest/SecuredController.groovy delete mode 100644 spring-security-rest-testapp-profile/skeleton/grails-app/init/BootStrap.groovy delete mode 100644 spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/GebConfig.groovy delete mode 100644 spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/org/openqa/selenium/browserlaunchers/Proxies.groovy delete mode 100644 spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/AbstractRestSpec.groovy delete mode 100644 spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/BearerTokenSpec.groovy delete mode 100644 spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/CorsSpec.groovy delete mode 100644 spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/FrontendCallbackPage.groovy delete mode 100644 spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/JwtSpec.groovy delete mode 100644 spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestAuthenticationFilterSpec.groovy delete mode 100644 spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestTokenValidationFilterSpec.groovy delete mode 100644 spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/ValidateEndpointSpec.groovy diff --git a/build.gradle b/build.gradle index 490ab0e11..5d5905001 100644 --- a/build.gradle +++ b/build.gradle @@ -21,7 +21,6 @@ allprojects { } def pluginProjects = ['spring-security-rest', 'spring-security-rest-memcached', 'spring-security-rest-redis', 'spring-security-rest-grailscache', 'spring-security-rest-gorm'] -def profileProjects = ['spring-security-rest-testapp-profile'] def publishedProjects = pluginProjects version project.projectVersion @@ -39,9 +38,7 @@ subprojects { Project project -> mavenCentral() maven { url "https://repo.grails.org/grails/core" } } - if (project.name != "spring-security-rest-docs" && - project.name != "spring-security-rest-testapp-profile" && - !project.name.startsWith("build") ) { + if (project.name != "spring-security-rest-docs" && !project.name.startsWith("build") ) { apply plugin: "org.grails.grails-plugin" } @@ -84,10 +81,6 @@ subprojects { Project project -> } } - if (project.name in profileProjects) { - apply plugin: "org.grails.grails-profile" - } - if (project.name in publishedProjects) { apply from: rootProject.file("gradle/publishing.gradle") } diff --git a/generate-test-apps.sh b/generate-test-apps.sh deleted file mode 100755 index d2b11a395..000000000 --- a/generate-test-apps.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/env bash -set -e - -rm -rf build/ -mkdir build -export pluginVersion=`cat build.gradle | grep "version \"" | sed -n 's/^[ \t]*version\ "//pg' | sed -n 's/"//pg'` -export grailsVersion=`cat spring-security-rest-testapp-profile/gradle.properties | grep grailsVersion | sed -n 's/^grailsVersion=//p'` -./gradlew clean install - -echo "Plugin version: $pluginVersion. Grails version for test apps: $grailsVersion" -source "$HOME/.sdkman/bin/sdkman-init.sh" - -[[ -d ~/.sdkman/candidates/grails/$grailsVersion ]] || sdk install grails $grailsVersion -sdk use grails $grailsVersion -cd build - -for feature in `ls ../spring-security-rest-testapp-profile/features/`; do - grails create-app -profile org.grails.plugins:spring-security-rest-testapp-profile:$pluginVersion -features $feature $feature -done \ No newline at end of file diff --git a/settings.gradle b/settings.gradle index 2776fb041..a9b2fe48b 100644 --- a/settings.gradle +++ b/settings.gradle @@ -43,6 +43,5 @@ include 'spring-security-rest-memcached' include 'spring-security-rest-redis' include 'spring-security-rest-grailscache' include 'spring-security-rest-gorm' -include 'spring-security-rest-testapp-profile' include 'spring-security-rest-docs' diff --git a/spring-security-rest-testapp-profile/.gitignore b/spring-security-rest-testapp-profile/.gitignore deleted file mode 100644 index 153da0c6e..000000000 --- a/spring-security-rest-testapp-profile/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -profile.yml -feature.yml \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/build.gradle b/spring-security-rest-testapp-profile/build.gradle deleted file mode 100644 index 67786c91c..000000000 --- a/spring-security-rest-testapp-profile/build.gradle +++ /dev/null @@ -1,19 +0,0 @@ -task generateProfileConfig () { - copy { - from 'profile.yml.tmpl' - into '.' - rename { String fileName -> fileName.replaceAll '\\.tmpl', '' } - expand pluginVersion: project.version - } - - file('features').eachDir { feature -> - copy { - from "features/${feature.name}/feature.yml.tmpl" - into "features/${feature.name}/" - rename { String fileName -> fileName.replaceAll '\\.tmpl', '' } - expand pluginVersion: project.version - } - } -} - -compileProfile.dependsOn generateProfileConfig \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/gorm1/feature.yml.tmpl b/spring-security-rest-testapp-profile/features/gorm1/feature.yml.tmpl deleted file mode 100644 index 77f06bffe..000000000 --- a/spring-security-rest-testapp-profile/features/gorm1/feature.yml.tmpl +++ /dev/null @@ -1,13 +0,0 @@ -description: First configuration of GORM -dependencies: - build: - - "org.grails.plugins:hibernate5:7.0.0" - compile: - - "org.grails.plugins:hibernate5" - - "org.hibernate:hibernate-core:5.4.0.Final" - - "org.hibernate:hibernate-ehcache:5.4.0.Final" - - "org.grails.plugins:spring-security-rest-gorm:${pluginVersion}" - runtime: - - "com.h2database:h2" - - "org.apache.tomcat:tomcat-jdbc" - - "org.glassfish.web:el-impl:2.1.2-b03" \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/gorm1/skeleton/build.gradle b/spring-security-rest-testapp-profile/features/gorm1/skeleton/build.gradle deleted file mode 100644 index 5b05dccb2..000000000 --- a/spring-security-rest-testapp-profile/features/gorm1/skeleton/build.gradle +++ /dev/null @@ -1,6 +0,0 @@ - -integrationTest { - systemProperty 'useBearerToken', 'false' - systemProperty 'useFacebook', 'true' - systemProperty 'geb.env', System.getProperty('geb.env', 'phantomJs') -} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/gorm1/skeleton/grails-app/conf/application.groovy b/spring-security-rest-testapp-profile/features/gorm1/skeleton/grails-app/conf/application.groovy deleted file mode 100644 index 081bee40f..000000000 --- a/spring-security-rest-testapp-profile/features/gorm1/skeleton/grails-app/conf/application.groovy +++ /dev/null @@ -1,66 +0,0 @@ -import org.pac4j.oauth.client.FacebookClient -import org.pac4j.oauth.client.Google2Client -import org.pac4j.oauth.client.TwitterClient - -grails { - plugin { - springsecurity { - - useSecurityEventListener = true - - filterChain { - chainMap = [ - [pattern: '/api/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'], - [pattern: '/secured/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'], - [pattern: '/anonymous/**', filters: 'anonymousAuthenticationFilter,restTokenValidationFilter,restExceptionTranslationFilter,filterInvocationInterceptor'], - [pattern: '/**', filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'] - ] - } - rest { - token { - validation { - enableAnonymousAccess = true - useBearerToken = false - } - - storage { - gorm { - tokenDomainClassName = 'gorm.AccessToken' - } - } - } - - oauth { - frontendCallbackUrl = {String tokenValue -> "http://example.org#token=${tokenValue}" } - - google { - client = Google2Client - key = '1093785205845-hl3jv0rd8jfohkn55jchgmnpvdpsnal4.apps.googleusercontent.com' - secret = 'sWXY3VMm4wKAGoRZg8r3ftZc' - scope = Google2Client.Google2Scope.EMAIL_AND_PROFILE - defaultRoles = ['ROLE_USER', 'ROLE_GOOGLE'] - } - - facebook { - client = FacebookClient - key = '585495051532332' - secret = 'f6bfaff8c66a3fd7b1e9ec4c986fda8b' - - //https://developers.facebook.com/docs/reference/login/ - scope = 'public_profile,email' - fields = 'id,name,first_name,middle_name,last_name,link,gender,email,birthday' - defaultRoles = ['ROLE_USER', 'ROLE_FACEBOOK'] - } - - twitter { - client = TwitterClient - key = 'A2hwgEMfNIp7OF2f05Gqw' - secret = 'BUpumhJGeNskn53Ssr3QQuesKg8lOIEWaLO4pCdgeTw' - defaultRoles = ['ROLE_USER', 'ROLE_TWITTER'] - } - } - } - } - } -} - diff --git a/spring-security-rest-testapp-profile/features/gorm1/skeleton/grails-app/conf/application.yml b/spring-security-rest-testapp-profile/features/gorm1/skeleton/grails-app/conf/application.yml deleted file mode 100644 index c17bb0e4a..000000000 --- a/spring-security-rest-testapp-profile/features/gorm1/skeleton/grails-app/conf/application.yml +++ /dev/null @@ -1,43 +0,0 @@ -hibernate: - cache: - queries: false - use_second_level_cache: false - use_query_cache: false -dataSource: - pooled: true - jmxExport: true - driverClassName: org.h2.Driver - username: sa - password: '' - -environments: - development: - dataSource: - dbCreate: create-drop - url: jdbc:h2:mem:devDb;MVCC=TRUE;LOCK_TIMEOUT=10000;DB_CLOSE_ON_EXIT=FALSE - test: - dataSource: - dbCreate: update - url: jdbc:h2:mem:testDb;MVCC=TRUE;LOCK_TIMEOUT=10000;DB_CLOSE_ON_EXIT=FALSE - production: - dataSource: - dbCreate: none - url: jdbc:h2:./prodDb;MVCC=TRUE;LOCK_TIMEOUT=10000;DB_CLOSE_ON_EXIT=FALSE - properties: - jmxEnabled: true - initialSize: 5 - maxActive: 50 - minIdle: 5 - maxIdle: 25 - maxWait: 10000 - maxAge: 600000 - timeBetweenEvictionRunsMillis: 5000 - minEvictableIdleTimeMillis: 60000 - validationQuery: SELECT 1 - validationQueryTimeout: 3 - validationInterval: 15000 - testOnBorrow: true - testWhileIdle: true - testOnReturn: false - jdbcInterceptors: ConnectionState - defaultTransactionIsolation: 2 # TRANSACTION_READ_COMMITTED \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/gorm1/skeleton/grails-app/domain/gorm/AccessToken.groovy b/spring-security-rest-testapp-profile/features/gorm1/skeleton/grails-app/domain/gorm/AccessToken.groovy deleted file mode 100644 index 018bb4e02..000000000 --- a/spring-security-rest-testapp-profile/features/gorm1/skeleton/grails-app/domain/gorm/AccessToken.groovy +++ /dev/null @@ -1,12 +0,0 @@ -package gorm - -class AccessToken { - - String tokenValue - String username - - static mapping = { - version false - } - -} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/gorm1/skeleton/src/integration-test/groovy/rest/RestLogoutFilterSpec.groovy b/spring-security-rest-testapp-profile/features/gorm1/skeleton/src/integration-test/groovy/rest/RestLogoutFilterSpec.groovy deleted file mode 100644 index 3bcfdb5ec..000000000 --- a/spring-security-rest-testapp-profile/features/gorm1/skeleton/src/integration-test/groovy/rest/RestLogoutFilterSpec.groovy +++ /dev/null @@ -1,89 +0,0 @@ -/* - * Copyright 2013-2015 Alvaro Sanchez-Mariscal - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -package rest - -import grails.plugins.rest.client.RestResponse -import spock.lang.Unroll - -class RestLogoutFilterSpec extends AbstractRestSpec { - - void "logout filter can remove a token"() { - given: - RestResponse authResponse = sendCorrectCredentials() - String token = authResponse.json.access_token - - when: - def response = restBuilder.post("${baseUrl}/api/logout") { - header 'X-Auth-Token', token - } - - then: - response.status == 200 - - when: - response = restBuilder.get("${baseUrl}/api/validate") { - header 'X-Auth-Token', token - } - - then: - response.status == 401 - } - - void "logout filter returns 404 if token is not found"() { - when: - def response = restBuilder.post("${baseUrl}/api/logout") { - header 'X-Auth-Token', 'whatever' - } - - then: - response.status == 404 - - } - - void "calling /api/logout without token returns 400"() { - when: - def response = restBuilder.post("${baseUrl}/api/logout") - - then: - response.status == 400 - } - - @Unroll - void "#httpMethod requests generate #statusCode responses"() { - - given: - RestResponse authResponse = sendCorrectCredentials() - String token = authResponse.json.access_token - - when: - def response = restBuilder."${httpMethod}"("${baseUrl}/api/logout") { - header 'X-Auth-Token', token - } - - then: - response.status == statusCode - - where: - httpMethod | statusCode - 'get' | 405 - 'post' | 200 - 'put' | 405 - 'delete' | 405 - } - - -} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/gorm2/feature.yml.tmpl b/spring-security-rest-testapp-profile/features/gorm2/feature.yml.tmpl deleted file mode 100644 index 7b31afa21..000000000 --- a/spring-security-rest-testapp-profile/features/gorm2/feature.yml.tmpl +++ /dev/null @@ -1,13 +0,0 @@ -description: Second configuration of GORM -dependencies: - build: - - "org.grails.plugins:hibernate5:7.0.0" - compile: - - "org.grails.plugins:hibernate5" - - "org.hibernate:hibernate-core:5.4.0.Final" - - "org.hibernate:hibernate-ehcache:5.4.0.Final" - - "org.grails.plugins:spring-security-rest-gorm:${pluginVersion}" - runtime: - - "com.h2database:h2" - - "org.apache.tomcat:tomcat-jdbc" - - "org.glassfish.web:el-impl:2.1.2-b03" \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/gorm2/skeleton/build.gradle b/spring-security-rest-testapp-profile/features/gorm2/skeleton/build.gradle deleted file mode 100644 index b97a67d78..000000000 --- a/spring-security-rest-testapp-profile/features/gorm2/skeleton/build.gradle +++ /dev/null @@ -1,6 +0,0 @@ - -integrationTest { - systemProperty 'useBearerToken', 'false' - systemProperty 'useFacebook', 'false' - systemProperty 'geb.env', System.getProperty('geb.env', 'phantomJs') -} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/gorm2/skeleton/grails-app/conf/application.groovy b/spring-security-rest-testapp-profile/features/gorm2/skeleton/grails-app/conf/application.groovy deleted file mode 100644 index 31b26fbf2..000000000 --- a/spring-security-rest-testapp-profile/features/gorm2/skeleton/grails-app/conf/application.groovy +++ /dev/null @@ -1,29 +0,0 @@ -grails { - plugin { - springsecurity { - - filterChain { - chainMap = [ - [pattern: '/api/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter'], - [pattern: '/secured/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter'], - [pattern: '/anonymous/**', filters: 'anonymousAuthenticationFilter,restTokenValidationFilter,restExceptionTranslationFilter,filterInvocationInterceptor'], - [pattern: '/**', filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'] - ] - } - - rest { - token { - validation { - enableAnonymousAccess = true - useBearerToken = false - } - storage { - gorm { - tokenDomainClassName = 'gorm.AccessToken' - } - } - } - } - } - } -} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/gorm2/skeleton/grails-app/conf/application.yml b/spring-security-rest-testapp-profile/features/gorm2/skeleton/grails-app/conf/application.yml deleted file mode 100644 index c17bb0e4a..000000000 --- a/spring-security-rest-testapp-profile/features/gorm2/skeleton/grails-app/conf/application.yml +++ /dev/null @@ -1,43 +0,0 @@ -hibernate: - cache: - queries: false - use_second_level_cache: false - use_query_cache: false -dataSource: - pooled: true - jmxExport: true - driverClassName: org.h2.Driver - username: sa - password: '' - -environments: - development: - dataSource: - dbCreate: create-drop - url: jdbc:h2:mem:devDb;MVCC=TRUE;LOCK_TIMEOUT=10000;DB_CLOSE_ON_EXIT=FALSE - test: - dataSource: - dbCreate: update - url: jdbc:h2:mem:testDb;MVCC=TRUE;LOCK_TIMEOUT=10000;DB_CLOSE_ON_EXIT=FALSE - production: - dataSource: - dbCreate: none - url: jdbc:h2:./prodDb;MVCC=TRUE;LOCK_TIMEOUT=10000;DB_CLOSE_ON_EXIT=FALSE - properties: - jmxEnabled: true - initialSize: 5 - maxActive: 50 - minIdle: 5 - maxIdle: 25 - maxWait: 10000 - maxAge: 600000 - timeBetweenEvictionRunsMillis: 5000 - minEvictableIdleTimeMillis: 60000 - validationQuery: SELECT 1 - validationQueryTimeout: 3 - validationInterval: 15000 - testOnBorrow: true - testWhileIdle: true - testOnReturn: false - jdbcInterceptors: ConnectionState - defaultTransactionIsolation: 2 # TRANSACTION_READ_COMMITTED \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/gorm2/skeleton/grails-app/domain/gorm/AccessToken.groovy b/spring-security-rest-testapp-profile/features/gorm2/skeleton/grails-app/domain/gorm/AccessToken.groovy deleted file mode 100644 index 018bb4e02..000000000 --- a/spring-security-rest-testapp-profile/features/gorm2/skeleton/grails-app/domain/gorm/AccessToken.groovy +++ /dev/null @@ -1,12 +0,0 @@ -package gorm - -class AccessToken { - - String tokenValue - String username - - static mapping = { - version false - } - -} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/gorm2/skeleton/src/integration-test/groovy/rest/RestLogoutFilterSpec.groovy b/spring-security-rest-testapp-profile/features/gorm2/skeleton/src/integration-test/groovy/rest/RestLogoutFilterSpec.groovy deleted file mode 100644 index 3bcfdb5ec..000000000 --- a/spring-security-rest-testapp-profile/features/gorm2/skeleton/src/integration-test/groovy/rest/RestLogoutFilterSpec.groovy +++ /dev/null @@ -1,89 +0,0 @@ -/* - * Copyright 2013-2015 Alvaro Sanchez-Mariscal - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -package rest - -import grails.plugins.rest.client.RestResponse -import spock.lang.Unroll - -class RestLogoutFilterSpec extends AbstractRestSpec { - - void "logout filter can remove a token"() { - given: - RestResponse authResponse = sendCorrectCredentials() - String token = authResponse.json.access_token - - when: - def response = restBuilder.post("${baseUrl}/api/logout") { - header 'X-Auth-Token', token - } - - then: - response.status == 200 - - when: - response = restBuilder.get("${baseUrl}/api/validate") { - header 'X-Auth-Token', token - } - - then: - response.status == 401 - } - - void "logout filter returns 404 if token is not found"() { - when: - def response = restBuilder.post("${baseUrl}/api/logout") { - header 'X-Auth-Token', 'whatever' - } - - then: - response.status == 404 - - } - - void "calling /api/logout without token returns 400"() { - when: - def response = restBuilder.post("${baseUrl}/api/logout") - - then: - response.status == 400 - } - - @Unroll - void "#httpMethod requests generate #statusCode responses"() { - - given: - RestResponse authResponse = sendCorrectCredentials() - String token = authResponse.json.access_token - - when: - def response = restBuilder."${httpMethod}"("${baseUrl}/api/logout") { - header 'X-Auth-Token', token - } - - then: - response.status == statusCode - - where: - httpMethod | statusCode - 'get' | 405 - 'post' | 200 - 'put' | 405 - 'delete' | 405 - } - - -} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/grailscache1/feature.yml.tmpl b/spring-security-rest-testapp-profile/features/grailscache1/feature.yml.tmpl deleted file mode 100644 index 1cba7ee36..000000000 --- a/spring-security-rest-testapp-profile/features/grailscache1/feature.yml.tmpl +++ /dev/null @@ -1,4 +0,0 @@ -description: First configuration of Grails cache -dependencies: - compile: - - "org.grails.plugins:spring-security-rest-grailscache:${pluginVersion}" \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/grailscache1/skeleton/build.gradle b/spring-security-rest-testapp-profile/features/grailscache1/skeleton/build.gradle deleted file mode 100644 index 5b05dccb2..000000000 --- a/spring-security-rest-testapp-profile/features/grailscache1/skeleton/build.gradle +++ /dev/null @@ -1,6 +0,0 @@ - -integrationTest { - systemProperty 'useBearerToken', 'false' - systemProperty 'useFacebook', 'true' - systemProperty 'geb.env', System.getProperty('geb.env', 'phantomJs') -} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/grailscache1/skeleton/grails-app/conf/application.groovy b/spring-security-rest-testapp-profile/features/grailscache1/skeleton/grails-app/conf/application.groovy deleted file mode 100644 index 1a6f0ffde..000000000 --- a/spring-security-rest-testapp-profile/features/grailscache1/skeleton/grails-app/conf/application.groovy +++ /dev/null @@ -1,60 +0,0 @@ -import org.pac4j.oauth.client.FacebookClient -import org.pac4j.oauth.client.Google2Client -import org.pac4j.oauth.client.TwitterClient - -grails { - plugin { - springsecurity { - - useSecurityEventListener = true - - filterChain { - chainMap = [ - [pattern: '/api/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'], - [pattern: '/secured/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'], - [pattern: '/anonymous/**', filters: 'anonymousAuthenticationFilter,restTokenValidationFilter,restExceptionTranslationFilter,filterInvocationInterceptor'], - [pattern: '/**', filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'] - ] - } - rest { - token { - validation { - enableAnonymousAccess = true - useBearerToken = false - } - } - - oauth { - frontendCallbackUrl = {String tokenValue -> "http://example.org#token=${tokenValue}" } - - google { - client = Google2Client - key = '1093785205845-hl3jv0rd8jfohkn55jchgmnpvdpsnal4.apps.googleusercontent.com' - secret = 'sWXY3VMm4wKAGoRZg8r3ftZc' - scope = Google2Client.Google2Scope.EMAIL_AND_PROFILE - defaultRoles = ['ROLE_USER', 'ROLE_GOOGLE'] - } - - facebook { - client = FacebookClient - key = '585495051532332' - secret = 'f6bfaff8c66a3fd7b1e9ec4c986fda8b' - - //https://developers.facebook.com/docs/reference/login/ - scope = 'public_profile,email' - fields = 'id,name,first_name,middle_name,last_name,link,gender,email,birthday' - defaultRoles = ['ROLE_USER', 'ROLE_FACEBOOK'] - } - - twitter { - client = TwitterClient - key = 'A2hwgEMfNIp7OF2f05Gqw' - secret = 'BUpumhJGeNskn53Ssr3QQuesKg8lOIEWaLO4pCdgeTw' - defaultRoles = ['ROLE_USER', 'ROLE_TWITTER'] - } - } - } - } - } -} - diff --git a/spring-security-rest-testapp-profile/features/grailscache2/feature.yml.tmpl b/spring-security-rest-testapp-profile/features/grailscache2/feature.yml.tmpl deleted file mode 100644 index 158061418..000000000 --- a/spring-security-rest-testapp-profile/features/grailscache2/feature.yml.tmpl +++ /dev/null @@ -1,4 +0,0 @@ -description: Second configuration of Grails cache -dependencies: - compile: - - "org.grails.plugins:spring-security-rest-grailscache:${pluginVersion}" \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/grailscache2/skeleton/build.gradle b/spring-security-rest-testapp-profile/features/grailscache2/skeleton/build.gradle deleted file mode 100644 index b97a67d78..000000000 --- a/spring-security-rest-testapp-profile/features/grailscache2/skeleton/build.gradle +++ /dev/null @@ -1,6 +0,0 @@ - -integrationTest { - systemProperty 'useBearerToken', 'false' - systemProperty 'useFacebook', 'false' - systemProperty 'geb.env', System.getProperty('geb.env', 'phantomJs') -} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/grailscache2/skeleton/grails-app/conf/application.groovy b/spring-security-rest-testapp-profile/features/grailscache2/skeleton/grails-app/conf/application.groovy deleted file mode 100644 index c1d1e77d8..000000000 --- a/spring-security-rest-testapp-profile/features/grailscache2/skeleton/grails-app/conf/application.groovy +++ /dev/null @@ -1,24 +0,0 @@ -grails { - plugin { - springsecurity { - - filterChain { - chainMap = [ - [pattern: '/api/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter'], - [pattern: '/secured/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter'], - [pattern: '/anonymous/**', filters: 'anonymousAuthenticationFilter,restTokenValidationFilter,restExceptionTranslationFilter,filterInvocationInterceptor'], - [pattern: '/**', filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'] - ] - } - - rest { - token { - validation { - enableAnonymousAccess = true - useBearerToken = false - } - } - } - } - } -} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/jwt1/feature.yml.tmpl b/spring-security-rest-testapp-profile/features/jwt1/feature.yml.tmpl deleted file mode 100644 index a6ec362f3..000000000 --- a/spring-security-rest-testapp-profile/features/jwt1/feature.yml.tmpl +++ /dev/null @@ -1 +0,0 @@ -description: First configuration of JWT \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/jwt1/skeleton/build.gradle b/spring-security-rest-testapp-profile/features/jwt1/skeleton/build.gradle deleted file mode 100644 index 5b05dccb2..000000000 --- a/spring-security-rest-testapp-profile/features/jwt1/skeleton/build.gradle +++ /dev/null @@ -1,6 +0,0 @@ - -integrationTest { - systemProperty 'useBearerToken', 'false' - systemProperty 'useFacebook', 'true' - systemProperty 'geb.env', System.getProperty('geb.env', 'phantomJs') -} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/jwt1/skeleton/grails-app/conf/application.groovy b/spring-security-rest-testapp-profile/features/jwt1/skeleton/grails-app/conf/application.groovy deleted file mode 100644 index b74a1e76d..000000000 --- a/spring-security-rest-testapp-profile/features/jwt1/skeleton/grails-app/conf/application.groovy +++ /dev/null @@ -1,66 +0,0 @@ -import org.pac4j.oauth.client.FacebookClient -import org.pac4j.oauth.client.Google2Client -import org.pac4j.oauth.client.TwitterClient - -grails { - plugin { - springsecurity { - - useSecurityEventListener = true - - filterChain { - chainMap = [ - [pattern: '/api/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'], - [pattern: '/secured/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'], - [pattern: '/jwt/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'], - [pattern: '/anonymous/**', filters: 'anonymousAuthenticationFilter,restTokenValidationFilter,restExceptionTranslationFilter,filterInvocationInterceptor'], - [pattern: '/**', filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'] - ] - } - rest { - token { - validation { - enableAnonymousAccess = true - useBearerToken = false - } - storage { - jwt { - secret = 'foobar123'*4 - } - } - } - - oauth { - frontendCallbackUrl = {String tokenValue -> "http://example.org#token=${tokenValue}" } - - google { - client = Google2Client - key = '1093785205845-hl3jv0rd8jfohkn55jchgmnpvdpsnal4.apps.googleusercontent.com' - secret = 'sWXY3VMm4wKAGoRZg8r3ftZc' - scope = Google2Client.Google2Scope.EMAIL_AND_PROFILE - defaultRoles = ['ROLE_USER', 'ROLE_GOOGLE'] - } - - facebook { - client = FacebookClient - key = '585495051532332' - secret = 'f6bfaff8c66a3fd7b1e9ec4c986fda8b' - - //https://developers.facebook.com/docs/reference/login/ - scope = 'public_profile,email' - fields = 'id,name,first_name,middle_name,last_name,link,gender,email,birthday' - defaultRoles = ['ROLE_USER', 'ROLE_FACEBOOK'] - } - - twitter { - client = TwitterClient - key = 'A2hwgEMfNIp7OF2f05Gqw' - secret = 'BUpumhJGeNskn53Ssr3QQuesKg8lOIEWaLO4pCdgeTw' - defaultRoles = ['ROLE_USER', 'ROLE_TWITTER'] - } - } - } - } - } -} - diff --git a/spring-security-rest-testapp-profile/features/jwt1/skeleton/grails-app/controllers/rest/JwtController.groovy b/spring-security-rest-testapp-profile/features/jwt1/skeleton/grails-app/controllers/rest/JwtController.groovy deleted file mode 100644 index 2c55474be..000000000 --- a/spring-security-rest-testapp-profile/features/jwt1/skeleton/grails-app/controllers/rest/JwtController.groovy +++ /dev/null @@ -1,17 +0,0 @@ -package rest - -import grails.converters.JSON -import grails.plugin.springsecurity.annotation.Secured -import grails.plugin.springsecurity.rest.token.AccessToken - -class JwtController { - - def springSecurityService - - @Secured(['ROLE_USER']) - def claims() { - AccessToken accessToken = springSecurityService.authentication as AccessToken - render accessToken.accessTokenJwt.JWTClaimsSet.claims as JSON - } - -} diff --git a/spring-security-rest-testapp-profile/features/jwt1/skeleton/src/integration-test/groovy/rest/JwtRestTokenValidationFilterSpec.groovy b/spring-security-rest-testapp-profile/features/jwt1/skeleton/src/integration-test/groovy/rest/JwtRestTokenValidationFilterSpec.groovy deleted file mode 100644 index 847e2730a..000000000 --- a/spring-security-rest-testapp-profile/features/jwt1/skeleton/src/integration-test/groovy/rest/JwtRestTokenValidationFilterSpec.groovy +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -package rest - -import grails.plugin.springsecurity.rest.RestTokenValidationFilter -import grails.plugins.rest.client.RestResponse -import grails.util.Holders -import spock.lang.IgnoreIf -import spock.lang.Issue -import spock.lang.Subject - -@IgnoreIf({ System.getProperty('useBearerToken', 'false').toBoolean() }) -@Subject(RestTokenValidationFilter) -class JwtRestTokenValidationFilterSpec extends AbstractRestSpec { - - void "the claims are available to the controller"() { - given: - RestResponse authResponse = sendCorrectCredentials() as RestResponse - String token = authResponse.json.access_token - - when: - def response = restBuilder.get("${baseUrl}/jwt/claims") { - header 'X-Auth-Token', token - } - - then: - response.status == 200 - response.json.sub == 'jimi' - response.json.exp - response.json.iat - response.json.roles.size() == 2 - } - -} diff --git a/spring-security-rest-testapp-profile/features/jwt2/feature.yml.tmpl b/spring-security-rest-testapp-profile/features/jwt2/feature.yml.tmpl deleted file mode 100644 index c5f06b4bf..000000000 --- a/spring-security-rest-testapp-profile/features/jwt2/feature.yml.tmpl +++ /dev/null @@ -1 +0,0 @@ -description: Second configuration of JWT \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/jwt2/skeleton/build.gradle b/spring-security-rest-testapp-profile/features/jwt2/skeleton/build.gradle deleted file mode 100644 index d98bbbe12..000000000 --- a/spring-security-rest-testapp-profile/features/jwt2/skeleton/build.gradle +++ /dev/null @@ -1,19 +0,0 @@ - -task restoreKeys() { - def dir = file("${System.getProperty("user.home")}/.grails/spring-security-rest") - - copy { - from dir - include "*.der" - - into "grails-app/conf/" - } -} - -integrationTest { - systemProperty 'useBearerToken', 'true' - systemProperty 'useFacebook', 'false' - systemProperty 'geb.env', System.getProperty('geb.env', 'phantomJs') -} - -test.dependsOn restoreKeys \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/jwt2/skeleton/grails-app/conf/application.groovy b/spring-security-rest-testapp-profile/features/jwt2/skeleton/grails-app/conf/application.groovy deleted file mode 100644 index 49819cafb..000000000 --- a/spring-security-rest-testapp-profile/features/jwt2/skeleton/grails-app/conf/application.groovy +++ /dev/null @@ -1,36 +0,0 @@ -grails { - plugin { - springsecurity { - - filterChain { - chainMap = [ - [pattern: '/api/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter'], - [pattern: '/secured/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter'], - [pattern: '/anonymous/**', filters: 'anonymousAuthenticationFilter,restTokenValidationFilter,restExceptionTranslationFilter,filterInvocationInterceptor'], - [pattern: '/**', filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'] - ] - } - - rest { - token { - validation { - enableAnonymousAccess = true - useBearerToken = true - } - - storage { - jwt { - useEncryptedJwt = true - - privateKeyPath = "grails-app/conf/private_key.der" - publicKeyPath = "grails-app/conf/public_key.der" - - expiration = 5 - } - } - } - } - } - } -} - diff --git a/spring-security-rest-testapp-profile/features/memcached1/feature.yml.tmpl b/spring-security-rest-testapp-profile/features/memcached1/feature.yml.tmpl deleted file mode 100644 index 8a9db115d..000000000 --- a/spring-security-rest-testapp-profile/features/memcached1/feature.yml.tmpl +++ /dev/null @@ -1,4 +0,0 @@ -description: First configuration of Memcached -dependencies: - compile: - - "org.grails.plugins:spring-security-rest-memcached:${pluginVersion}" \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/memcached1/skeleton/build.gradle b/spring-security-rest-testapp-profile/features/memcached1/skeleton/build.gradle deleted file mode 100644 index 5b05dccb2..000000000 --- a/spring-security-rest-testapp-profile/features/memcached1/skeleton/build.gradle +++ /dev/null @@ -1,6 +0,0 @@ - -integrationTest { - systemProperty 'useBearerToken', 'false' - systemProperty 'useFacebook', 'true' - systemProperty 'geb.env', System.getProperty('geb.env', 'phantomJs') -} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/memcached1/skeleton/grails-app/conf/application.groovy b/spring-security-rest-testapp-profile/features/memcached1/skeleton/grails-app/conf/application.groovy deleted file mode 100644 index 1a6f0ffde..000000000 --- a/spring-security-rest-testapp-profile/features/memcached1/skeleton/grails-app/conf/application.groovy +++ /dev/null @@ -1,60 +0,0 @@ -import org.pac4j.oauth.client.FacebookClient -import org.pac4j.oauth.client.Google2Client -import org.pac4j.oauth.client.TwitterClient - -grails { - plugin { - springsecurity { - - useSecurityEventListener = true - - filterChain { - chainMap = [ - [pattern: '/api/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'], - [pattern: '/secured/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'], - [pattern: '/anonymous/**', filters: 'anonymousAuthenticationFilter,restTokenValidationFilter,restExceptionTranslationFilter,filterInvocationInterceptor'], - [pattern: '/**', filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'] - ] - } - rest { - token { - validation { - enableAnonymousAccess = true - useBearerToken = false - } - } - - oauth { - frontendCallbackUrl = {String tokenValue -> "http://example.org#token=${tokenValue}" } - - google { - client = Google2Client - key = '1093785205845-hl3jv0rd8jfohkn55jchgmnpvdpsnal4.apps.googleusercontent.com' - secret = 'sWXY3VMm4wKAGoRZg8r3ftZc' - scope = Google2Client.Google2Scope.EMAIL_AND_PROFILE - defaultRoles = ['ROLE_USER', 'ROLE_GOOGLE'] - } - - facebook { - client = FacebookClient - key = '585495051532332' - secret = 'f6bfaff8c66a3fd7b1e9ec4c986fda8b' - - //https://developers.facebook.com/docs/reference/login/ - scope = 'public_profile,email' - fields = 'id,name,first_name,middle_name,last_name,link,gender,email,birthday' - defaultRoles = ['ROLE_USER', 'ROLE_FACEBOOK'] - } - - twitter { - client = TwitterClient - key = 'A2hwgEMfNIp7OF2f05Gqw' - secret = 'BUpumhJGeNskn53Ssr3QQuesKg8lOIEWaLO4pCdgeTw' - defaultRoles = ['ROLE_USER', 'ROLE_TWITTER'] - } - } - } - } - } -} - diff --git a/spring-security-rest-testapp-profile/features/memcached1/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy b/spring-security-rest-testapp-profile/features/memcached1/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy deleted file mode 100644 index 2f1b28188..000000000 --- a/spring-security-rest-testapp-profile/features/memcached1/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy +++ /dev/null @@ -1,100 +0,0 @@ -/* - * Copyright 2013-2015 Alvaro Sanchez-Mariscal - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -package memcached - -import grails.plugin.springsecurity.rest.token.storage.TokenNotFoundException -import grails.plugin.springsecurity.rest.token.storage.memcached.MemcachedTokenStorageService -import net.spy.memcached.MemcachedClient -import org.springframework.beans.factory.annotation.Autowired -import org.springframework.security.core.userdetails.User -import org.springframework.security.core.userdetails.UserDetails -import rest.AbstractRestSpec -import spock.lang.Issue -import spock.lang.Shared -import spock.lang.Unroll - -class MemcachedSpec extends AbstractRestSpec { - - @Autowired - MemcachedClient memcachedClient - - @Shared - MemcachedTokenStorageService memcachedTokenStorageService - - @Autowired - void setTokenStorageService(MemcachedTokenStorageService tokenStorageService) { - this.memcachedTokenStorageService = tokenStorageService - } - - void cleanupSpec() { - memcachedTokenStorageService.expiration = 3600 - } - - @Unroll - void "Memcached connection works for storing #key's"() { - - when: - memcachedClient.set(key, 3600, object) - - then: - memcachedClient.get(key) == object - - where: - key | object - 'String' | 'My cool string value' - 'Date' | new Date() - } - - @Issue("https://github.com/grails/grails-spring-security-rest/issues/86") - void "Objects stored expire after the expiration time"() { - given: - memcachedTokenStorageService.expiration = 1 - UserDetails principal = new User('username', 'password', []) - String token = 'abcd' + System.currentTimeMillis() - memcachedTokenStorageService.storeToken(token, principal) - Thread.sleep(1500) - - when: - memcachedTokenStorageService.loadUserByToken(token) - - then: - thrown(TokenNotFoundException) - } - - @Issue("https://github.com/grails/grails-spring-security-rest/issues/86") - void "Objects are refreshed when accessed"() { - given: - memcachedTokenStorageService.expiration = 2 - UserDetails principal = new User('username', 'password', []) - String token = 'abcd' + System.currentTimeMillis() - memcachedTokenStorageService.storeToken(token, principal) - Thread.sleep(1000) - - when: "it is accessed within the expiration time" - Object details = memcachedTokenStorageService.loadUserByToken(token) - - then: "it is found, and expiration time reset to 2 sencods" - details - - when: "it is accessed after one second" - Thread.sleep(1000) - memcachedTokenStorageService.loadUserByToken(token) - - then: "is still found" - notThrown(TokenNotFoundException) - } -} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/memcached2/feature.yml.tmpl b/spring-security-rest-testapp-profile/features/memcached2/feature.yml.tmpl deleted file mode 100644 index 76b518c9c..000000000 --- a/spring-security-rest-testapp-profile/features/memcached2/feature.yml.tmpl +++ /dev/null @@ -1,4 +0,0 @@ -description: Second configuration of Memcached -dependencies: - compile: - - "org.grails.plugins:spring-security-rest-memcached:${pluginVersion}" \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/memcached2/skeleton/build.gradle b/spring-security-rest-testapp-profile/features/memcached2/skeleton/build.gradle deleted file mode 100644 index b97a67d78..000000000 --- a/spring-security-rest-testapp-profile/features/memcached2/skeleton/build.gradle +++ /dev/null @@ -1,6 +0,0 @@ - -integrationTest { - systemProperty 'useBearerToken', 'false' - systemProperty 'useFacebook', 'false' - systemProperty 'geb.env', System.getProperty('geb.env', 'phantomJs') -} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/memcached2/skeleton/grails-app/conf/application.groovy b/spring-security-rest-testapp-profile/features/memcached2/skeleton/grails-app/conf/application.groovy deleted file mode 100644 index 6adc6a241..000000000 --- a/spring-security-rest-testapp-profile/features/memcached2/skeleton/grails-app/conf/application.groovy +++ /dev/null @@ -1,25 +0,0 @@ -grails { - plugin { - springsecurity { - - filterChain { - chainMap = [ - [pattern: '/api/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter'], - [pattern: '/secured/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter'], - [pattern: '/anonymous/**', filters: 'anonymousAuthenticationFilter,restTokenValidationFilter,restExceptionTranslationFilter,filterInvocationInterceptor'], - [pattern: '/**', filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'] - ] - } - - rest { - token { - validation { - enableAnonymousAccess = true - useBearerToken = false - } - } - } - } - } -} - diff --git a/spring-security-rest-testapp-profile/features/memcached2/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy b/spring-security-rest-testapp-profile/features/memcached2/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy deleted file mode 100644 index 2f1b28188..000000000 --- a/spring-security-rest-testapp-profile/features/memcached2/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy +++ /dev/null @@ -1,100 +0,0 @@ -/* - * Copyright 2013-2015 Alvaro Sanchez-Mariscal - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -package memcached - -import grails.plugin.springsecurity.rest.token.storage.TokenNotFoundException -import grails.plugin.springsecurity.rest.token.storage.memcached.MemcachedTokenStorageService -import net.spy.memcached.MemcachedClient -import org.springframework.beans.factory.annotation.Autowired -import org.springframework.security.core.userdetails.User -import org.springframework.security.core.userdetails.UserDetails -import rest.AbstractRestSpec -import spock.lang.Issue -import spock.lang.Shared -import spock.lang.Unroll - -class MemcachedSpec extends AbstractRestSpec { - - @Autowired - MemcachedClient memcachedClient - - @Shared - MemcachedTokenStorageService memcachedTokenStorageService - - @Autowired - void setTokenStorageService(MemcachedTokenStorageService tokenStorageService) { - this.memcachedTokenStorageService = tokenStorageService - } - - void cleanupSpec() { - memcachedTokenStorageService.expiration = 3600 - } - - @Unroll - void "Memcached connection works for storing #key's"() { - - when: - memcachedClient.set(key, 3600, object) - - then: - memcachedClient.get(key) == object - - where: - key | object - 'String' | 'My cool string value' - 'Date' | new Date() - } - - @Issue("https://github.com/grails/grails-spring-security-rest/issues/86") - void "Objects stored expire after the expiration time"() { - given: - memcachedTokenStorageService.expiration = 1 - UserDetails principal = new User('username', 'password', []) - String token = 'abcd' + System.currentTimeMillis() - memcachedTokenStorageService.storeToken(token, principal) - Thread.sleep(1500) - - when: - memcachedTokenStorageService.loadUserByToken(token) - - then: - thrown(TokenNotFoundException) - } - - @Issue("https://github.com/grails/grails-spring-security-rest/issues/86") - void "Objects are refreshed when accessed"() { - given: - memcachedTokenStorageService.expiration = 2 - UserDetails principal = new User('username', 'password', []) - String token = 'abcd' + System.currentTimeMillis() - memcachedTokenStorageService.storeToken(token, principal) - Thread.sleep(1000) - - when: "it is accessed within the expiration time" - Object details = memcachedTokenStorageService.loadUserByToken(token) - - then: "it is found, and expiration time reset to 2 sencods" - details - - when: "it is accessed after one second" - Thread.sleep(1000) - memcachedTokenStorageService.loadUserByToken(token) - - then: "is still found" - notThrown(TokenNotFoundException) - } -} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/redis1/feature.yml.tmpl b/spring-security-rest-testapp-profile/features/redis1/feature.yml.tmpl deleted file mode 100644 index 54ff89eb7..000000000 --- a/spring-security-rest-testapp-profile/features/redis1/feature.yml.tmpl +++ /dev/null @@ -1,5 +0,0 @@ -description: First configuration of Redis -dependencies: - compile: - - "org.grails.plugins:spring-security-rest-redis:${pluginVersion}" - - "org.grails.plugins:redis:2.0.5" \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/redis1/skeleton/build.gradle b/spring-security-rest-testapp-profile/features/redis1/skeleton/build.gradle deleted file mode 100644 index 5b05dccb2..000000000 --- a/spring-security-rest-testapp-profile/features/redis1/skeleton/build.gradle +++ /dev/null @@ -1,6 +0,0 @@ - -integrationTest { - systemProperty 'useBearerToken', 'false' - systemProperty 'useFacebook', 'true' - systemProperty 'geb.env', System.getProperty('geb.env', 'phantomJs') -} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/redis1/skeleton/grails-app/conf/application.groovy b/spring-security-rest-testapp-profile/features/redis1/skeleton/grails-app/conf/application.groovy deleted file mode 100644 index 1a6f0ffde..000000000 --- a/spring-security-rest-testapp-profile/features/redis1/skeleton/grails-app/conf/application.groovy +++ /dev/null @@ -1,60 +0,0 @@ -import org.pac4j.oauth.client.FacebookClient -import org.pac4j.oauth.client.Google2Client -import org.pac4j.oauth.client.TwitterClient - -grails { - plugin { - springsecurity { - - useSecurityEventListener = true - - filterChain { - chainMap = [ - [pattern: '/api/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'], - [pattern: '/secured/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'], - [pattern: '/anonymous/**', filters: 'anonymousAuthenticationFilter,restTokenValidationFilter,restExceptionTranslationFilter,filterInvocationInterceptor'], - [pattern: '/**', filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'] - ] - } - rest { - token { - validation { - enableAnonymousAccess = true - useBearerToken = false - } - } - - oauth { - frontendCallbackUrl = {String tokenValue -> "http://example.org#token=${tokenValue}" } - - google { - client = Google2Client - key = '1093785205845-hl3jv0rd8jfohkn55jchgmnpvdpsnal4.apps.googleusercontent.com' - secret = 'sWXY3VMm4wKAGoRZg8r3ftZc' - scope = Google2Client.Google2Scope.EMAIL_AND_PROFILE - defaultRoles = ['ROLE_USER', 'ROLE_GOOGLE'] - } - - facebook { - client = FacebookClient - key = '585495051532332' - secret = 'f6bfaff8c66a3fd7b1e9ec4c986fda8b' - - //https://developers.facebook.com/docs/reference/login/ - scope = 'public_profile,email' - fields = 'id,name,first_name,middle_name,last_name,link,gender,email,birthday' - defaultRoles = ['ROLE_USER', 'ROLE_FACEBOOK'] - } - - twitter { - client = TwitterClient - key = 'A2hwgEMfNIp7OF2f05Gqw' - secret = 'BUpumhJGeNskn53Ssr3QQuesKg8lOIEWaLO4pCdgeTw' - defaultRoles = ['ROLE_USER', 'ROLE_TWITTER'] - } - } - } - } - } -} - diff --git a/spring-security-rest-testapp-profile/features/redis1/skeleton/src/integration-test/groovy/redis/RedisSpec.groovy b/spring-security-rest-testapp-profile/features/redis1/skeleton/src/integration-test/groovy/redis/RedisSpec.groovy deleted file mode 100644 index 251d95727..000000000 --- a/spring-security-rest-testapp-profile/features/redis1/skeleton/src/integration-test/groovy/redis/RedisSpec.groovy +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright 2013-2015 Alvaro Sanchez-Mariscal - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -package redis - -import grails.plugin.springsecurity.rest.token.storage.RedisTokenStorageService -import grails.plugin.springsecurity.rest.token.storage.TokenNotFoundException -import grails.plugins.redis.RedisService -import grails.testing.mixin.integration.Integration -import org.springframework.beans.factory.annotation.Autowired -import org.springframework.boot.test.context.SpringBootTest -import org.springframework.security.core.userdetails.User -import org.springframework.security.core.userdetails.UserDetails -import spock.lang.Specification - -import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.DEFINED_PORT - -@Integration -@SpringBootTest(webEnvironment = DEFINED_PORT) -class RedisSpec extends Specification { - - @Autowired - RedisTokenStorageService tokenStorageService - - @Autowired - RedisService redisService - - def cleanup() { - redisService.flushDB() - } - - void "Objects stored expire after the expiration time"() { - given: - tokenStorageService.expiration = 1 - UserDetails principal = new User('username', 'password', []) - String token = 'abcd' - tokenStorageService.storeToken(token, principal) - Thread.sleep(1000) - - when: - tokenStorageService.loadUserByToken(token) - - then: - thrown(TokenNotFoundException) - } - - void "Objects are refreshed when accessed"() { - given: - tokenStorageService.expiration = 2 - UserDetails principal = new User('username', 'password', []) - String token = 'abcd' + System.currentTimeMillis() - tokenStorageService.storeToken(token, principal) - Thread.sleep(1000) - - when: "it is accessed within the expiration time" - Object details = tokenStorageService.loadUserByToken(token) - - then: "it is found, and expiration time reset to 2 sencods" - details - - when: "it is accessed after one second" - Thread.sleep(1000) - tokenStorageService.loadUserByToken(token) - - then: "is still found" - notThrown(TokenNotFoundException) - } - -} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/redis2/feature.yml.tmpl b/spring-security-rest-testapp-profile/features/redis2/feature.yml.tmpl deleted file mode 100644 index fccf2438e..000000000 --- a/spring-security-rest-testapp-profile/features/redis2/feature.yml.tmpl +++ /dev/null @@ -1,5 +0,0 @@ -description: Second configuration of Redis -dependencies: - compile: - - "org.grails.plugins:spring-security-rest-redis:${pluginVersion}" - - "org.grails.plugins:redis:2.0.5" \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/redis2/skeleton/build.gradle b/spring-security-rest-testapp-profile/features/redis2/skeleton/build.gradle deleted file mode 100644 index b97a67d78..000000000 --- a/spring-security-rest-testapp-profile/features/redis2/skeleton/build.gradle +++ /dev/null @@ -1,6 +0,0 @@ - -integrationTest { - systemProperty 'useBearerToken', 'false' - systemProperty 'useFacebook', 'false' - systemProperty 'geb.env', System.getProperty('geb.env', 'phantomJs') -} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/redis2/skeleton/grails-app/conf/application.groovy b/spring-security-rest-testapp-profile/features/redis2/skeleton/grails-app/conf/application.groovy deleted file mode 100644 index c1d1e77d8..000000000 --- a/spring-security-rest-testapp-profile/features/redis2/skeleton/grails-app/conf/application.groovy +++ /dev/null @@ -1,24 +0,0 @@ -grails { - plugin { - springsecurity { - - filterChain { - chainMap = [ - [pattern: '/api/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter'], - [pattern: '/secured/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter'], - [pattern: '/anonymous/**', filters: 'anonymousAuthenticationFilter,restTokenValidationFilter,restExceptionTranslationFilter,filterInvocationInterceptor'], - [pattern: '/**', filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'] - ] - } - - rest { - token { - validation { - enableAnonymousAccess = true - useBearerToken = false - } - } - } - } - } -} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/redis2/skeleton/src/integration-test/groovy/redis/RedisSpec.groovy b/spring-security-rest-testapp-profile/features/redis2/skeleton/src/integration-test/groovy/redis/RedisSpec.groovy deleted file mode 100644 index 251d95727..000000000 --- a/spring-security-rest-testapp-profile/features/redis2/skeleton/src/integration-test/groovy/redis/RedisSpec.groovy +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright 2013-2015 Alvaro Sanchez-Mariscal - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -package redis - -import grails.plugin.springsecurity.rest.token.storage.RedisTokenStorageService -import grails.plugin.springsecurity.rest.token.storage.TokenNotFoundException -import grails.plugins.redis.RedisService -import grails.testing.mixin.integration.Integration -import org.springframework.beans.factory.annotation.Autowired -import org.springframework.boot.test.context.SpringBootTest -import org.springframework.security.core.userdetails.User -import org.springframework.security.core.userdetails.UserDetails -import spock.lang.Specification - -import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.DEFINED_PORT - -@Integration -@SpringBootTest(webEnvironment = DEFINED_PORT) -class RedisSpec extends Specification { - - @Autowired - RedisTokenStorageService tokenStorageService - - @Autowired - RedisService redisService - - def cleanup() { - redisService.flushDB() - } - - void "Objects stored expire after the expiration time"() { - given: - tokenStorageService.expiration = 1 - UserDetails principal = new User('username', 'password', []) - String token = 'abcd' - tokenStorageService.storeToken(token, principal) - Thread.sleep(1000) - - when: - tokenStorageService.loadUserByToken(token) - - then: - thrown(TokenNotFoundException) - } - - void "Objects are refreshed when accessed"() { - given: - tokenStorageService.expiration = 2 - UserDetails principal = new User('username', 'password', []) - String token = 'abcd' + System.currentTimeMillis() - tokenStorageService.storeToken(token, principal) - Thread.sleep(1000) - - when: "it is accessed within the expiration time" - Object details = tokenStorageService.loadUserByToken(token) - - then: "it is found, and expiration time reset to 2 sencods" - details - - when: "it is accessed after one second" - Thread.sleep(1000) - tokenStorageService.loadUserByToken(token) - - then: "is still found" - notThrown(TokenNotFoundException) - } - -} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/gradle.properties b/spring-security-rest-testapp-profile/gradle.properties deleted file mode 100644 index c67abb988..000000000 --- a/spring-security-rest-testapp-profile/gradle.properties +++ /dev/null @@ -1 +0,0 @@ -grailsVersion=4.0.0 diff --git a/spring-security-rest-testapp-profile/keys/private_key.der b/spring-security-rest-testapp-profile/keys/private_key.der deleted file mode 100644 index 9f8a507473d3d00cb8dfca0e67a7fd15924b8fd3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1217 zcmV;y1U~yPf&{$+0RS)!1_>&LNQUrr!ay9qXGc{0)hbn0I-lpj(9V~ zvkUNMbQ3Qi2U!HSdS@OGkW6llmsTr2jg8q)$7f#0x$|7eyqP&u(E<1TH!cTKVqzjI zmXsnAyAeD#&9e_EWvhtH>O#_OEE^Fj5p63&Auul7`IwANBL|51{lrBdsjTL(Nnu!% zc~>-L4I|qQ3~Wh9lAvU- zQ}8G#pyP1lT6$(;Jf0T7VmZfNmWEk$@-buuA4|9yh{3~BCeD0l74PYDG+=;mr2scs zGYAwx+dA6<{Yun|1&Q1o{#7nH2QHWG)D0`>T$7=IuI@4*+{l4kVFCjI009Dm0RT~o zFd?yxX4kPf(stynEW>y1-?bf%8ssSm9li2Hf?eqrWb2pbgQ0S)bl>!QFC--%n^E{> z)jTdq&5L^3$$+lX`V>JAO#ZhUG*>f-?sg&p=|!gh1;2ay2!0e_Cir-8UtI#3QK%4m zaSBp&kCvBx&0pF`_nyS9Re%FTJp3b+YG+4@<>Pc_5( zuNiNk@>L)<=305mr`ncqFCF(Zh^)EU`UHYL^akAqnc_z;(++4ut5(87s>vj<$GozOZ0SiNV$Mqyb>l|)L*JgqC|Pc$4!K^!c&K~ zU_L1;k9NuyQ6w3`uc@Sz=(2t!tLFlNfdI)Xo%e-j2i?otN#hoPo3=kZoF_=MkUXf?G0@sXnBU@Cr<#?UsTn4)3K1*$3Dz>Veh6un^08SQAXy7U`hC=v zeB)ZsjpnAc9Msa*c>Vf^qK*K))ta%1Ka&Tq8VNZC4a5*^LSagUJURTp3H;5FYN@mNikl!?*H7Be)g zY6}>P|9)V0LaOom$7QRy|8R5SK#`XL(E@>hVt4)@on_oS-M=0Hkq|7W-F7~GAP8P= zs9>~UUc563-TouA{d2PTrw%g0OWRLF;LL=(w!9Necy-W(Qd z0)c@5qJOsFaM7iHukB_F@dW!w8aSu|8htnl;;nM!0D}!XesJln-Z@AqQC(*g*ez4A zjy7PTP%CoJt&k4O-{#iCDe!WTELXx;GP2jtBP1{#%@9#cn<%XjM8xY*ZUZp fItU@@K-oTThl$m-Q1jswq%i}}Z^&KK1040ondAf&n5h4F(A+hDe6@4FLfG1potr0S^E$f&mHwf&l>lu#iWNcr(Pa3-D%i z6E7eKSp>IwXC4rcOm2>sRx3V@joDAfXI{s-^IXWhnK@I@0r&hjE(cO#Vj?S+lp+$l z5j-}{vkxd`tBB0%Legz48xblIZ7V||FfQErn2b#$2Z;Fn#6=&etmd#uVOW!R?equ3 z2Z-!A;8}{CJ_ys6{tKp#Cl{L@g0#Nz$NIBa+ZCwnc47JrBijxPY)MCwpk%L8@F*yt z<8b6!dS+rgo)*AjImcd>hFNs-F=PcFOSl<`!NXD}&U|PU@9A?iV1RI?05@4P2oyov sI@<#MO4N!4iQF9iRW3OPE|=}p4J+telc9jF?lK_U$bnp80s{d60X!OdyZ`_I diff --git a/spring-security-rest-testapp-profile/profile.yml.tmpl b/spring-security-rest-testapp-profile/profile.yml.tmpl deleted file mode 100644 index 99fa4cbf4..000000000 --- a/spring-security-rest-testapp-profile/profile.yml.tmpl +++ /dev/null @@ -1,22 +0,0 @@ -description: Creates a test app for Spring Security REST plugin -build: - plugins: - - org.gradle.test-retry - - com.adarshr.test-logger - excludes: - - org.grails.grails-core - - org.grails.grails-web -dependencies: - build: - - "org.gradle:test-retry-gradle-plugin:1.1.1" - compile: - - "org.grails.plugins:spring-security-rest:${pluginVersion}" - - "org.springframework.security:spring-security-core:5.1.2.RELEASE" - - testCompile: - - "org.grails:grails-datastore-rest-client:6.1.12.RELEASE" - - "org.grails.plugins:geb" - - "com.codeborne:phantomjsdriver:1.2.1" - - "org.seleniumhq.selenium:selenium-api:2.47.1" - - "org.seleniumhq.selenium:selenium-remote-driver:2.47.1" - - "org.seleniumhq.selenium:selenium-firefox-driver:2.47.1" \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/skeleton/build.gradle b/spring-security-rest-testapp-profile/skeleton/build.gradle deleted file mode 100644 index 173b31bd4..000000000 --- a/spring-security-rest-testapp-profile/skeleton/build.gradle +++ /dev/null @@ -1,14 +0,0 @@ -testlogger { - showFullStackTraces true - showStandardStreams true - showPassedStandardStreams false - showSkippedStandardStreams false - showFailedStandardStreams true -} - -tasks.withType(Test) { - retry { - maxRetries = 3 - maxFailures = 20 - } -} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/skeleton/grails-app/conf/application.yml b/spring-security-rest-testapp-profile/skeleton/grails-app/conf/application.yml deleted file mode 100644 index 47fbb02d1..000000000 --- a/spring-security-rest-testapp-profile/skeleton/grails-app/conf/application.yml +++ /dev/null @@ -1,2 +0,0 @@ -server: - port: 8080 \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/skeleton/grails-app/conf/logback.groovy b/spring-security-rest-testapp-profile/skeleton/grails-app/conf/logback.groovy deleted file mode 100644 index 85644631d..000000000 --- a/spring-security-rest-testapp-profile/skeleton/grails-app/conf/logback.groovy +++ /dev/null @@ -1,29 +0,0 @@ -import grails.util.BuildSettings -import grails.util.Environment - -// See http://logback.qos.ch/manual/groovy.html for details on configuration -appender('STDOUT', ConsoleAppender) { - encoder(PatternLayoutEncoder) { - pattern = "%level %logger - %msg%n" - } -} - -root(ERROR, ['STDOUT']) - -def targetDir = BuildSettings.TARGET_DIR -if (Environment.isDevelopmentMode() && targetDir) { - appender("FULL_STACKTRACE", FileAppender) { - file = "${targetDir}/stacktrace.log" - append = true - encoder(PatternLayoutEncoder) { - pattern = "%level %logger - %msg%n" - } - } - logger("StackTrace", ERROR, ['FULL_STACKTRACE'], false) -} - -logger("org.openqa", OFF, ['STDOUT']) -logger("grails.plugin.springsecurity", DEBUG, ['STDOUT'], false) -logger("org.pac4j", DEBUG, ['STDOUT'], false) -logger("grails.app", DEBUG, ['STDOUT'], false) -logger("org.springframework.security", INFO, ['STDOUT'], false) \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/skeleton/grails-app/conf/spring/resources.groovy b/spring-security-rest-testapp-profile/skeleton/grails-app/conf/spring/resources.groovy deleted file mode 100644 index a345f553f..000000000 --- a/spring-security-rest-testapp-profile/skeleton/grails-app/conf/spring/resources.groovy +++ /dev/null @@ -1,11 +0,0 @@ -import org.springframework.security.provisioning.InMemoryUserDetailsManager - -// Place your Spring DSL code here -beans = { - - userDetailsService(InMemoryUserDetailsManager, []) - - //passwordEncoder(PlaintextPasswordEncoder) - - -} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/skeleton/grails-app/controllers/UrlMappings.groovy b/spring-security-rest-testapp-profile/skeleton/grails-app/controllers/UrlMappings.groovy deleted file mode 100644 index 01d7bc911..000000000 --- a/spring-security-rest-testapp-profile/skeleton/grails-app/controllers/UrlMappings.groovy +++ /dev/null @@ -1,14 +0,0 @@ -class UrlMappings { - - static mappings = { - "/$controller/$action?/$id?(.$format)?"{ - constraints { - // apply constraints here - } - } - - "/"(view:"/index") - "500"(view:'/error') - "404"(view:'/notFound') - } -} diff --git a/spring-security-rest-testapp-profile/skeleton/grails-app/controllers/rest/AnonymousController.groovy b/spring-security-rest-testapp-profile/skeleton/grails-app/controllers/rest/AnonymousController.groovy deleted file mode 100644 index b557c57a5..000000000 --- a/spring-security-rest-testapp-profile/skeleton/grails-app/controllers/rest/AnonymousController.groovy +++ /dev/null @@ -1,11 +0,0 @@ -package rest - -import grails.plugin.springsecurity.annotation.Secured - -@Secured(['permitAll']) -class AnonymousController { - - def index() { - render "Hi" - } -} diff --git a/spring-security-rest-testapp-profile/skeleton/grails-app/controllers/rest/PublicController.groovy b/spring-security-rest-testapp-profile/skeleton/grails-app/controllers/rest/PublicController.groovy deleted file mode 100644 index c1abd6ca0..000000000 --- a/spring-security-rest-testapp-profile/skeleton/grails-app/controllers/rest/PublicController.groovy +++ /dev/null @@ -1,8 +0,0 @@ -package rest - -class PublicController { - - def index() { - render "Hi!" - } -} diff --git a/spring-security-rest-testapp-profile/skeleton/grails-app/controllers/rest/SecuredController.groovy b/spring-security-rest-testapp-profile/skeleton/grails-app/controllers/rest/SecuredController.groovy deleted file mode 100644 index eef42678f..000000000 --- a/spring-security-rest-testapp-profile/skeleton/grails-app/controllers/rest/SecuredController.groovy +++ /dev/null @@ -1,18 +0,0 @@ -package rest - -import grails.plugin.springsecurity.annotation.Secured - -class SecuredController { - - def springSecurityService - - @Secured(['ROLE_USER']) - def index() { - render springSecurityService.principal.username - } - - @Secured(['ROLE_SUPER_ADMIN']) - def superAdmin() { - render springSecurityService.principal.username - } -} diff --git a/spring-security-rest-testapp-profile/skeleton/grails-app/init/BootStrap.groovy b/spring-security-rest-testapp-profile/skeleton/grails-app/init/BootStrap.groovy deleted file mode 100644 index 203d1a497..000000000 --- a/spring-security-rest-testapp-profile/skeleton/grails-app/init/BootStrap.groovy +++ /dev/null @@ -1,20 +0,0 @@ -import org.springframework.security.core.authority.SimpleGrantedAuthority -import org.springframework.security.core.userdetails.User -import org.springframework.security.core.userdetails.UserDetails -import org.springframework.security.provisioning.InMemoryUserDetailsManager - -class BootStrap { - - InMemoryUserDetailsManager userDetailsService - - def init = { servletContext -> - UserDetails jimi = new User('jimi', '{noop}jimispassword', [new SimpleGrantedAuthority('ROLE_USER'), new SimpleGrantedAuthority('ROLE_ADMIN')]) - userDetailsService.createUser(jimi) - - UserDetails alvaro = new User('115537660854424164575', '{noop}N/A', [new SimpleGrantedAuthority('ROLE_USER'), new SimpleGrantedAuthority('ROLE_ADMIN')]) - userDetailsService.createUser(alvaro) - } - - def destroy = { - } -} diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/GebConfig.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/GebConfig.groovy deleted file mode 100644 index da9a861b2..000000000 --- a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/GebConfig.groovy +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -import org.openqa.selenium.Dimension -import org.openqa.selenium.phantomjs.PhantomJSDriver -import org.openqa.selenium.remote.DesiredCapabilities -import org.openqa.selenium.firefox.FirefoxDriver -import org.openqa.selenium.firefox.FirefoxProfile - -environments { - phantomJs { - - } - - firefox { - driver = { - //set the firefox locale to 'en-us' since the tests expect english - //see http://stackoverflow.com/questions/9822717 for more details - FirefoxProfile profile = new FirefoxProfile() - profile.setPreference("intl.accept_languages", "en-uk") - def driverInstance = new FirefoxDriver(profile) - driverInstance.manage().window().maximize() - driverInstance - } - - baseNavigatorWaiting = true - atCheckWaiting = true - } -} - -driver = { - def capabilities = new DesiredCapabilities() - capabilities.setCapability("phantomjs.page.customHeaders.Accept-Language", "en-UK") - def d = new PhantomJSDriver(capabilities) - d.manage().window().setSize(new Dimension(1028, 768)) - return d -} - -atCheckWaiting = true -baseNavigatorWaiting = true -waiting { - timeout = 10 - retryInterval = 0.5 -} diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/org/openqa/selenium/browserlaunchers/Proxies.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/org/openqa/selenium/browserlaunchers/Proxies.groovy deleted file mode 100644 index 876914878..000000000 --- a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/org/openqa/selenium/browserlaunchers/Proxies.groovy +++ /dev/null @@ -1,9 +0,0 @@ -package org.openqa.selenium.browserlaunchers - -import org.openqa.selenium.Capabilities - -class Proxies { - static Proxy extractProxy(Capabilities capabilities) { - return Proxy.extractFrom(capabilities) - } -} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/AbstractRestSpec.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/AbstractRestSpec.groovy deleted file mode 100644 index 2305d57c6..000000000 --- a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/AbstractRestSpec.groovy +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -package rest - -import grails.plugins.rest.client.RestBuilder -import grails.testing.mixin.integration.Integration -import org.springframework.boot.test.context.SpringBootTest -import spock.lang.Shared -import spock.lang.Specification - -import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.DEFINED_PORT - -@Integration -@SpringBootTest(webEnvironment = DEFINED_PORT) -abstract class AbstractRestSpec extends Specification { - - @Shared - ConfigObject config = new ConfigSlurper().parse(new File('grails-app/conf/application.groovy').toURL()) - - @Shared - RestBuilder restBuilder = new RestBuilder() - - String getBaseUrl() { - "http://localhost:8080" - } - - def sendWrongCredentials() { - if (config.grails.plugin.springsecurity.rest.login.useRequestParamsCredentials == true) { - restBuilder.post("${baseUrl}/api/login?username=foo&password=bar") - } else { - restBuilder.post("${baseUrl}/api/login") { - json { - username = 'foo' - password = 'bar' - } - } - } - } - - def sendCorrectCredentials(String u = 'jimi', String p = 'jimispassword') { - if (config.grails.plugin.springsecurity.rest.login.useRequestParamsCredentials == true) { - restBuilder.post("${baseUrl}/api/login?username=${u}&password=${p}") - } else { - restBuilder.post("${baseUrl}/api/login") { - json { - username = u - password = p - } - } - } - } - -} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/BearerTokenSpec.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/BearerTokenSpec.groovy deleted file mode 100644 index e96c4c0c7..000000000 --- a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/BearerTokenSpec.groovy +++ /dev/null @@ -1,157 +0,0 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -package rest - -import grails.plugins.rest.client.RestResponse -import grails.util.Holders -import spock.lang.IgnoreIf -import spock.lang.Issue - -@IgnoreIf({ !System.getProperty('useBearerToken', 'false').toBoolean() }) -@Issue("https://github.com/grails/grails-spring-security-rest/issues/73") -class BearerTokenSpec extends AbstractRestSpec { - - void "access token response is compliant with the specification"() { - when: - RestResponse response = sendCorrectCredentials() - - then: - response.status == 200 - response.headers.getFirst('Content-Type') == 'application/json;charset=UTF-8' - response.headers.getFirst('Cache-Control') == 'no-store' - response.headers.getFirst('Pragma') == 'no-cache' - response.json.access_token - response.json.token_type == 'Bearer' - - } - - void "authorisation header is checked to read token value"() { - given: - RestResponse authResponse = sendCorrectCredentials() - String token = authResponse.json.access_token - - when: - def response = restBuilder.get("${baseUrl}/secured") { - header 'Authorization', "Bearer ${token}" - } - - then: - response.status == 200 - } - - void "Form-Encoded body parameter can be used"() { - given: - RestResponse authResponse = sendCorrectCredentials() - String token = authResponse.json.access_token - - when: - def response = restBuilder.post("${baseUrl}/secured") { - contentType 'application/x-www-form-urlencoded' - body "access_token=${token}".toString() - } - - then: - response.status == 200 - } - - void "query string can be used"() { - given: - RestResponse authResponse = sendCorrectCredentials() - String token = authResponse.json.access_token - - when: - def response = restBuilder.get("${baseUrl}/secured?access_token=${token}") - - then: - response.status == 200 - - } - - void "if credentials are required but missing, the response contains WWW-Authenticate header"() { - when: - RestResponse response = restBuilder.post("${baseUrl}/secured") { - contentType 'application/x-www-form-urlencoded' - } - - then: - response.status == 401 - response.headers.getFirst('WWW-Authenticate') == 'Bearer' - } - - void "if the token is invalid, it is indicated in the header"() { - when: - RestResponse response = restBuilder.get("${baseUrl}/secured") { - header 'Authorization', "Bearer wrongTokenValue" - } - - then: - response.status == 401 - response.headers.getFirst('WWW-Authenticate') == 'Bearer error="invalid_token"' - } - - void "when accessing a secured object with a non-bearer request, it's considered a unauthorized request"() { - when: - RestResponse response = restBuilder.post("${baseUrl}/secured") { - contentType 'text/plain' - body "{hi:777}" - } - - then: - response.status == 401 - response.headers.getFirst('WWW-Authenticate') == 'Bearer' - } - - @Issue("https://github.com/grails/grails-spring-security-rest/issues/98") - void "accessing Anonymous without a token, responds ok"() { - when: - def response = restBuilder.get("${baseUrl}/anonymous") { - contentType 'application/json;charset=UTF-8' - } - - then: - response.status == 200 - } - - @Issue("https://github.com/grails/grails-spring-security-rest/issues/98") - void "accessing Secured without a token, responds Unauthorized"() { - when: - RestResponse response = restBuilder.post("${baseUrl}/secured") { - contentType 'application/json;charset=UTF-8' - body "{hi:777}" - } - - then: - response.status == 401 - response.headers.getFirst('WWW-Authenticate') == 'Bearer' - } - - void "accessing Secured with valid token, but not authorized responds forbidden"() { - given: - RestResponse authResponse = sendCorrectCredentials() - String token = authResponse.json.access_token - - when: - def response = restBuilder.get("${baseUrl}/secured/superAdmin") { - header 'Authorization', "Bearer ${token}" - } - - then: - response.status == 403 - response.headers.getFirst('WWW-Authenticate') == 'Bearer error="insufficient_scope"' - } - -} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/CorsSpec.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/CorsSpec.groovy deleted file mode 100644 index 14ba2b56a..000000000 --- a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/CorsSpec.groovy +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -package rest - -import org.apache.http.HttpResponse -import org.apache.http.client.HttpClient -import org.apache.http.client.methods.HttpOptions -import org.apache.http.impl.client.DefaultHttpClient -import spock.lang.Ignore - -/** - * Specification to test CORS support - * - * @see https://github.com/grails/grails-spring-security-rest/issues/4 - */ -//FIXME -@Ignore -class CorsSpec extends AbstractRestSpec { - - void "OPTIONS requests are allowed"() { - - given: - HttpClient client = new DefaultHttpClient() - HttpOptions options = new HttpOptions("${baseUrl}/api/login") - options.addHeader 'Origin', 'http://www.example.com' - options.addHeader 'Access-Control-Request-Method', 'POST' - - when: - HttpResponse response = client.execute(options) - - then: - response.getHeaders('Access-Control-Allow-Origin').first().value == 'http://www.example.com' - - } - -} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/FrontendCallbackPage.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/FrontendCallbackPage.groovy deleted file mode 100644 index 004a0fac8..000000000 --- a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/FrontendCallbackPage.groovy +++ /dev/null @@ -1,30 +0,0 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -package rest - -import geb.Page - -class FrontendCallbackPage extends Page { - - static at = { - jsUrl.startsWith "http://example.org/" - } - - static content = { - jsUrl { js."window.document.location.toString()" } - } -} diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/JwtSpec.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/JwtSpec.groovy deleted file mode 100644 index 29aa3a175..000000000 --- a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/JwtSpec.groovy +++ /dev/null @@ -1,226 +0,0 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -package rest - -import com.nimbusds.jwt.JWT -import grails.plugin.springsecurity.rest.JwtService -import grails.plugins.rest.client.RestResponse -import org.springframework.beans.factory.annotation.Autowired -import org.springframework.security.core.userdetails.User -import org.springframework.security.provisioning.InMemoryUserDetailsManager -import spock.lang.IgnoreIf -import spock.lang.Issue -import spock.lang.Unroll - -@IgnoreIf({ !System.getProperty('useBearerToken', 'false').toBoolean() }) -class JwtSpec extends AbstractRestSpec { - - @Autowired - JwtService jwtService - - @Autowired - InMemoryUserDetailsManager userDetailsManager - - void "token expiration applies"() { - given: - RestResponse authResponse = sendCorrectCredentials() as RestResponse - String accessToken = authResponse.json.access_token - - when: - def response = restBuilder.post("${baseUrl}/api/validate") { - header 'Authorization', "Bearer ${accessToken}" - } - - then: - response.status == 200 - response.json.username == 'jimi' - response.json.access_token - response.json.roles.size() == 2 - - when: - Thread.sleep 5000 - response = restBuilder.post("${baseUrl}/api/validate") { - header 'Authorization', "Bearer ${accessToken}" - } - - then: - response.status == 401 - } - - void "remaining time to expiration is reflected when validating a token"() { - given: - RestResponse authResponse = sendCorrectCredentials() as RestResponse - String accessToken = authResponse.json.access_token - - when: - Thread.sleep 1000 - def response = restBuilder.post("${baseUrl}/api/validate") { - header 'Authorization', "Bearer ${accessToken}" - } - - then: - response.status == 200 - response.json.expires_in - response.json.expires_in < 5 - } - - void "refresh tokens are generated"() { - when: - RestResponse authResponse = sendCorrectCredentials() as RestResponse - - then: - authResponse.json.access_token - authResponse.json.refresh_token - } - - void "refresh tokens can be used to obtain access tokens"() { - given: - RestResponse authResponse = sendCorrectCredentials() as RestResponse - String refreshToken = authResponse.json.refresh_token - - when: - def response = restBuilder.post("${baseUrl}/oauth/access_token") { - contentType "application/x-www-form-urlencoded" - body "grant_type=refresh_token&refresh_token=${refreshToken}".toString() - } - - then: - response.json.access_token - - and: - response.json.refresh_token == refreshToken - } - - void "refresh token is required to send the refresh token"() { - when: - def response = restBuilder.post("${baseUrl}/oauth/access_token") { - contentType "application/x-www-form-urlencoded" - body "grant_type=refresh_token".toString() - } - - then: - response.status == 400 - } - - void "grant_type is required to send the refresh token"() { - when: - def response = restBuilder.post("${baseUrl}/oauth/access_token") { - contentType "application/x-www-form-urlencoded" - body "refresh_token=whatever".toString() - } - - then: - response.status == 400 - } - - @Unroll - void "#method.toUpperCase() HTTP method produces a #status response code when requesting the refresh token endpoint"() { - given: - RestResponse authResponse = sendCorrectCredentials() as RestResponse - String refreshToken = authResponse.json.refresh_token - - when: - def response = restBuilder."${method}"("${baseUrl}/oauth/access_token") { - contentType "application/x-www-form-urlencoded" - body "grant_type=refresh_token&refresh_token=${refreshToken}".toString() - } - - then: - response.status == status - - where: - method | status - 'get' | 405 - 'post' | 200 - 'put' | 405 - 'delete' | 405 - } - - void "an invalid refresh token is rejected as forbidden"() { - when: - def response = restBuilder.post("${baseUrl}/oauth/access_token") { - contentType "application/x-www-form-urlencoded" - body "grant_type=refresh_token&refresh_token=thisIsNotAJWT".toString() - } - - then: - response.status == 403 - } - - void "issuer is set via a custom claim provider"() { - given: - RestResponse authResponse = sendCorrectCredentials() as RestResponse - String accessToken = authResponse.json.access_token - - when: - JWT jwt = jwtService.parse(accessToken) - - then: - jwt.JWTClaimsSet.issuer == 'Spring Security REST Grails Plugin' - } - - @Issue("https://github.com/grails/grails-spring-security-rest/pull/344") - void "if the user no longer exists, token can't be refreshed"() { - given: - userDetailsManager.createUser(new User('foo', '{noop}password', [])) - RestResponse authResponse = sendCorrectCredentials('foo', 'password') as RestResponse - String refreshToken = authResponse.json.refresh_token - userDetailsManager.deleteUser('foo') - - when: - def response = restBuilder.post("${baseUrl}/oauth/access_token") { - contentType "application/x-www-form-urlencoded" - body "grant_type=refresh_token&refresh_token=${refreshToken}".toString() - } - - then: - response.status == 403 - - cleanup: - userDetailsManager.deleteUser('foo') - } - - @Issue("https://github.com/grails/grails-spring-security-rest/pull/344") - @Unroll - void "if the user is #status, token can't be refreshed"(User updatedUser, String status) { - given: - userDetailsManager.createUser(new User('foo', '{noop}password', [])) - RestResponse authResponse = sendCorrectCredentials('foo', 'password') as RestResponse - String refreshToken = authResponse.json.refresh_token - userDetailsManager.updateUser(updatedUser) - - when: - def response = restBuilder.post("${baseUrl}/oauth/access_token") { - contentType "application/x-www-form-urlencoded" - body "grant_type=refresh_token&refresh_token=${refreshToken}".toString() - } - - then: - response.status == 403 - - cleanup: - userDetailsManager.deleteUser('foo') - - where: - updatedUser | status - new User('foo', '{noop}password', false, true, true, true, []) | "disabled" - new User('foo', '{noop}password', true, false, true, true, []) | "expired" - new User('foo', '{noop}password', true, true, false, true, []) | "credentials expired" - new User('foo', '{noop}password', true, true, true, false, []) | "locked" - } - -} diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestAuthenticationFilterSpec.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestAuthenticationFilterSpec.groovy deleted file mode 100644 index 67c9c13fc..000000000 --- a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestAuthenticationFilterSpec.groovy +++ /dev/null @@ -1,108 +0,0 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -package rest - -import grails.plugins.rest.client.RestResponse -import spock.lang.IgnoreIf -import spock.lang.Issue -import spock.lang.Unroll - -@IgnoreIf({ System.getProperty('useBearerToken', 'false').toBoolean() }) -class RestAuthenticationFilterSpec extends AbstractRestSpec { - - @Unroll - void "#httpMethod requests without parameters/JSON generate #statusCode responses"() { - - when: - def response = sendEmptyRequest(httpMethod) - - then: - response.status == statusCode - - where: - httpMethod | statusCode - 'get' | 405 - 'post' | 400 - 'put' | 405 - 'delete' | 405 - } - - - @Unroll - void "the filter is only applied to the configured URL when a #httpMethod request is sent"() { - when: - def response = restBuilder."${httpMethod}"("${baseUrl}/nothingHere") - - then: - response.status == status - - where: - httpMethod | status - 'get' | 200 //The client follows redirects in GET requests. In this case, to /login/auth - 'post' | 302 //In the rest of the cases, 302 to /login/auth - 'put' | 302 - 'delete' | 302 - - } - - void "authentication attempt with wrong credentials returns a failure status code"() { - when: - def response = sendWrongCredentials() - - then: - response.status == 401 - } - - void "authentication attempt with correct credentials returns a valid status code"() { - when: - RestResponse response = sendCorrectCredentials() as RestResponse - - then: - response.status == 200 - response.json.username == 'jimi' - response.json.access_token - response.json.roles.size() == 2 - } - - void "the content type header is properly set"() { - when: - RestResponse response = sendCorrectCredentials() as RestResponse - - then: - response.headers.get('Content-Type')?.first() == 'application/json;charset=UTF-8' - } - - @Issue("https://github.com/grails/grails-spring-security-rest/issues/275") - void "WWW-Authenticate response header is sent on failed logins"() { - when: - def response = sendWrongCredentials() - - then: - response.headers.getFirst('WWW-Authenticate') == 'Bearer' - } - - - private sendEmptyRequest(httpMethod) { - if (config.grails.plugin.springsecurity.rest.login.useRequestParamsCredentials == true) { - restBuilder."${httpMethod}"("${baseUrl}/api/login") - } else { - restBuilder."${httpMethod}"("${baseUrl}/api/login") { - json { } - } - } - } -} diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestTokenValidationFilterSpec.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestTokenValidationFilterSpec.groovy deleted file mode 100644 index e7647f8f0..000000000 --- a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestTokenValidationFilterSpec.groovy +++ /dev/null @@ -1,139 +0,0 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -package rest - -import grails.plugin.springsecurity.rest.RestTokenValidationFilter -import grails.plugins.rest.client.RestResponse -import grails.util.Holders -import spock.lang.IgnoreIf -import spock.lang.Issue -import spock.lang.Subject - -@IgnoreIf({ System.getProperty('useBearerToken', 'false').toBoolean() }) -@Subject(RestTokenValidationFilter) -class RestTokenValidationFilterSpec extends AbstractRestSpec { - - void "accessing a secured controller without token returns 403 (anonymous not authorized)"() { - when: - def response = restBuilder.get("${baseUrl}/secured") - - then: - response.status == 403 - } - - void "accessing a secured controller with wrong token, returns 401"() { - when: - def response = restBuilder.get("${baseUrl}/secured") { - header 'X-Auth-Token', 'whatever' - } - - then: - response.status == 401 - - } - - void "accessing a public controller without token returns 302"() { - when: - def response = restBuilder.post("${baseUrl}/public") - - then: - response.status == 302 - } - - void "accessing a public controller with wrong token, returns 302"() { - when: - def response = restBuilder.post("${baseUrl}/public") { - header 'X-Auth-Token', 'whatever' - } - - then: - response.status == 302 - - } - - void "a valid user can access the secured controller"() { - given: - RestResponse authResponse = sendCorrectCredentials() as RestResponse - String token = authResponse.json.access_token - - when: - def response = restBuilder.get("${baseUrl}/secured") { - header 'X-Auth-Token', token - } - - then: - response.status == 200 - response.text == 'jimi' - } - - void "role restrictions are applied when user does not have enough credentials"() { - given: - RestResponse authResponse = sendCorrectCredentials() as RestResponse - String token = authResponse.json.access_token - - when: - def response = restBuilder.get("${baseUrl}/secured/superAdmin") { - header 'X-Auth-Token', token - } - - then: - response.status == 403 - } - - @Issue("https://github.com/grails/grails-spring-security-rest/issues/67") - void "JSESSIONID cookie is not created when using the stateless chain"() { - when: - RestResponse authResponse = sendCorrectCredentials() as RestResponse - String token = authResponse.json.access_token - - then: - !authResponse.headers.getFirst('Set-Cookie') - - when: - def response = restBuilder.get("${baseUrl}/secured") { - header 'X-Auth-Token', token - } - - then: - !response.headers.getFirst('Set-Cookie') - - } - - @Issue("https://github.com/grails/grails-spring-security-rest/issues/74") - void "anonymous access works when enabled"() { - when: - def response = restBuilder.get("${baseUrl}/anonymous") - - then: - response.text == 'Hi' - response.status == 200 - - } - - @Issue("https://github.com/grails/grails-spring-security-rest/issues/74") - void "in an anonymous chain, if a token is sent, is validated"() { - when: - def response = restBuilder.post("${baseUrl}/anonymous") { - header 'X-Auth-Token', 'whatever' - } - - then: - response.status == 401 - - } - -} diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/ValidateEndpointSpec.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/ValidateEndpointSpec.groovy deleted file mode 100644 index f8f89c782..000000000 --- a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/ValidateEndpointSpec.groovy +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ -package rest - -import grails.plugins.rest.client.RestResponse -import grails.util.Holders -import spock.lang.IgnoreIf - -@IgnoreIf({ System.getProperty('useBearerToken', 'false').toBoolean() }) -class ValidateEndpointSpec extends AbstractRestSpec { - - void "calling /api/validate with a valid token returns a JSON representation"() { - given: - RestResponse authResponse = sendCorrectCredentials() - String token = authResponse.json.access_token - - when: - def response = restBuilder.get("${baseUrl}/api/validate") { - header 'X-Auth-Token', token - } - - then: - response.status == 200 - response.json.username == 'jimi' - response.json.access_token - response.json.roles.size() == 2 - } - - void "calling /api/validate with an invalid token returns 401"() { - when: - def response = restBuilder.get("${baseUrl}/api/validate") { - header 'X-Auth-Token', 'something-else' - } - - then: - response.status == 401 - } - - void "calling /api/validate without token returns 403 (anonymous unauthorized)"() { - when: - def response = restBuilder.get("${baseUrl}/api/validate") - - then: - response.status == 403 - } - - -} \ No newline at end of file From eb0f78d497ea4bc5c7784ce9f31e6ca7c8fe99b0 Mon Sep 17 00:00:00 2001 From: James Daugherty Date: Fri, 27 Sep 2024 18:39:07 -0400 Subject: [PATCH 18/24] Set authorEmail to empty --- .../rest/SpringSecurityRestGormGrailsPlugin.groovy | 1 + .../rest/SpringSecurityRestGrailsCacheGrailsPlugin.groovy | 1 + .../rest/SpringSecurityRestMemcachedGrailsPlugin.groovy | 1 + .../rest/SpringSecurityRestRedisGrailsPlugin.groovy | 1 + .../springsecurity/rest/SpringSecurityRestGrailsPlugin.groovy | 1 + 5 files changed, 5 insertions(+) diff --git a/spring-security-rest-gorm/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestGormGrailsPlugin.groovy b/spring-security-rest-gorm/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestGormGrailsPlugin.groovy index cd5497659..221737602 100644 --- a/spring-security-rest-gorm/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestGormGrailsPlugin.groovy +++ b/spring-security-rest-gorm/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestGormGrailsPlugin.groovy @@ -17,6 +17,7 @@ class SpringSecurityRestGormGrailsPlugin extends Plugin { String title = "Spring Security REST Plugin - GORM support" String author = "Alvaro Sanchez-Mariscal" + String authorEmail = "" String description = 'Implements authentication for REST APIs based on Spring Security. It uses a token-based workflow' def profiles = ['web'] diff --git a/spring-security-rest-grailscache/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestGrailsCacheGrailsPlugin.groovy b/spring-security-rest-grailscache/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestGrailsCacheGrailsPlugin.groovy index 685ffb8ea..a258fd9d1 100644 --- a/spring-security-rest-grailscache/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestGrailsCacheGrailsPlugin.groovy +++ b/spring-security-rest-grailscache/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestGrailsCacheGrailsPlugin.groovy @@ -17,6 +17,7 @@ class SpringSecurityRestGrailsCacheGrailsPlugin extends Plugin { String title = "Spring Security REST Plugin - Grails cache support" String author = "Alvaro Sanchez-Mariscal" + String authorEmail = "" String description = 'Implements authentication for REST APIs based on Spring Security. It uses a token-based workflow' def profiles = ['web'] diff --git a/spring-security-rest-memcached/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestMemcachedGrailsPlugin.groovy b/spring-security-rest-memcached/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestMemcachedGrailsPlugin.groovy index bfa0fcef4..630cc7857 100644 --- a/spring-security-rest-memcached/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestMemcachedGrailsPlugin.groovy +++ b/spring-security-rest-memcached/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestMemcachedGrailsPlugin.groovy @@ -20,6 +20,7 @@ class SpringSecurityRestMemcachedGrailsPlugin extends Plugin { String title = "Spring Security REST Plugin - Memcached support" String author = "Alvaro Sanchez-Mariscal" + String authorEmail = "" String description = 'Implements authentication for REST APIs based on Spring Security. It uses a token-based workflow' def profiles = ['web'] diff --git a/spring-security-rest-redis/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestRedisGrailsPlugin.groovy b/spring-security-rest-redis/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestRedisGrailsPlugin.groovy index b925430c9..ddee15a19 100644 --- a/spring-security-rest-redis/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestRedisGrailsPlugin.groovy +++ b/spring-security-rest-redis/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestRedisGrailsPlugin.groovy @@ -17,6 +17,7 @@ class SpringSecurityRestRedisGrailsPlugin extends Plugin { String title = "Spring Security REST Plugin - Redis support" String author = "Alvaro Sanchez-Mariscal" + String authorEmail = "" String description = 'Implements authentication for REST APIs based on Spring Security. It uses a token-based workflow' def profiles = ['web'] diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestGrailsPlugin.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestGrailsPlugin.groovy index baf80b923..d60cb2c14 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestGrailsPlugin.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestGrailsPlugin.groovy @@ -74,6 +74,7 @@ class SpringSecurityRestGrailsPlugin extends Plugin { String title = "Spring Security REST Plugin" String author = "Alvaro Sanchez-Mariscal" + String authorEmail = "" String description = 'Implements authentication for REST APIs based on Spring Security. It uses a token-based workflow' def profiles = ['web'] From 6b8665d821c9aabec69a598c130c1fdb692f3d30 Mon Sep 17 00:00:00 2001 From: James Daugherty Date: Mon, 30 Sep 2024 11:17:20 -0400 Subject: [PATCH 19/24] Revert "Remove old testapp-profile project since it's no longer used" This reverts commit ca3a98713ab1b4ca629624447b728f9630ef5c2c. --- build.gradle | 9 +- generate-test-apps.sh | 19 ++ settings.gradle | 1 + .../.gitignore | 2 + .../build.gradle | 19 ++ .../features/gorm1/feature.yml.tmpl | 13 + .../features/gorm1/skeleton/build.gradle | 6 + .../grails-app/conf/application.groovy | 66 +++++ .../skeleton/grails-app/conf/application.yml | 43 ++++ .../grails-app/domain/gorm/AccessToken.groovy | 12 + .../groovy/rest/RestLogoutFilterSpec.groovy | 89 +++++++ .../features/gorm2/feature.yml.tmpl | 13 + .../features/gorm2/skeleton/build.gradle | 6 + .../grails-app/conf/application.groovy | 29 +++ .../skeleton/grails-app/conf/application.yml | 43 ++++ .../grails-app/domain/gorm/AccessToken.groovy | 12 + .../groovy/rest/RestLogoutFilterSpec.groovy | 89 +++++++ .../features/grailscache1/feature.yml.tmpl | 4 + .../grailscache1/skeleton/build.gradle | 6 + .../grails-app/conf/application.groovy | 60 +++++ .../features/grailscache2/feature.yml.tmpl | 4 + .../grailscache2/skeleton/build.gradle | 6 + .../grails-app/conf/application.groovy | 24 ++ .../features/jwt1/feature.yml.tmpl | 1 + .../features/jwt1/skeleton/build.gradle | 6 + .../grails-app/conf/application.groovy | 66 +++++ .../controllers/rest/JwtController.groovy | 17 ++ .../JwtRestTokenValidationFilterSpec.groovy | 48 ++++ .../features/jwt2/feature.yml.tmpl | 1 + .../features/jwt2/skeleton/build.gradle | 19 ++ .../grails-app/conf/application.groovy | 36 +++ .../features/memcached1/feature.yml.tmpl | 4 + .../features/memcached1/skeleton/build.gradle | 6 + .../grails-app/conf/application.groovy | 60 +++++ .../groovy/memcached/MemcachedSpec.groovy | 100 ++++++++ .../features/memcached2/feature.yml.tmpl | 4 + .../features/memcached2/skeleton/build.gradle | 6 + .../grails-app/conf/application.groovy | 25 ++ .../groovy/memcached/MemcachedSpec.groovy | 100 ++++++++ .../features/redis1/feature.yml.tmpl | 5 + .../features/redis1/skeleton/build.gradle | 6 + .../grails-app/conf/application.groovy | 60 +++++ .../groovy/redis/RedisSpec.groovy | 82 +++++++ .../features/redis2/feature.yml.tmpl | 5 + .../features/redis2/skeleton/build.gradle | 6 + .../grails-app/conf/application.groovy | 24 ++ .../groovy/redis/RedisSpec.groovy | 82 +++++++ .../gradle.properties | 1 + .../keys/private_key.der | Bin 0 -> 1217 bytes .../keys/public_key.der | Bin 0 -> 294 bytes .../profile.yml.tmpl | 22 ++ .../skeleton/build.gradle | 14 ++ .../skeleton/grails-app/conf/application.yml | 2 + .../skeleton/grails-app/conf/logback.groovy | 29 +++ .../grails-app/conf/spring/resources.groovy | 11 + .../grails-app/controllers/UrlMappings.groovy | 14 ++ .../rest/AnonymousController.groovy | 11 + .../controllers/rest/PublicController.groovy | 8 + .../controllers/rest/SecuredController.groovy | 18 ++ .../skeleton/grails-app/init/BootStrap.groovy | 20 ++ .../integration-test/groovy/GebConfig.groovy | 57 +++++ .../selenium/browserlaunchers/Proxies.groovy | 9 + .../groovy/rest/AbstractRestSpec.groovy | 67 ++++++ .../groovy/rest/BearerTokenSpec.groovy | 157 ++++++++++++ .../groovy/rest/CorsSpec.groovy | 50 ++++ .../groovy/rest/FrontendCallbackPage.groovy | 30 +++ .../groovy/rest/JwtSpec.groovy | 226 ++++++++++++++++++ .../rest/RestAuthenticationFilterSpec.groovy | 108 +++++++++ .../rest/RestTokenValidationFilterSpec.groovy | 139 +++++++++++ .../groovy/rest/ValidateEndpointSpec.groovy | 62 +++++ 70 files changed, 2398 insertions(+), 1 deletion(-) create mode 100755 generate-test-apps.sh create mode 100644 spring-security-rest-testapp-profile/.gitignore create mode 100644 spring-security-rest-testapp-profile/build.gradle create mode 100644 spring-security-rest-testapp-profile/features/gorm1/feature.yml.tmpl create mode 100644 spring-security-rest-testapp-profile/features/gorm1/skeleton/build.gradle create mode 100644 spring-security-rest-testapp-profile/features/gorm1/skeleton/grails-app/conf/application.groovy create mode 100644 spring-security-rest-testapp-profile/features/gorm1/skeleton/grails-app/conf/application.yml create mode 100644 spring-security-rest-testapp-profile/features/gorm1/skeleton/grails-app/domain/gorm/AccessToken.groovy create mode 100644 spring-security-rest-testapp-profile/features/gorm1/skeleton/src/integration-test/groovy/rest/RestLogoutFilterSpec.groovy create mode 100644 spring-security-rest-testapp-profile/features/gorm2/feature.yml.tmpl create mode 100644 spring-security-rest-testapp-profile/features/gorm2/skeleton/build.gradle create mode 100644 spring-security-rest-testapp-profile/features/gorm2/skeleton/grails-app/conf/application.groovy create mode 100644 spring-security-rest-testapp-profile/features/gorm2/skeleton/grails-app/conf/application.yml create mode 100644 spring-security-rest-testapp-profile/features/gorm2/skeleton/grails-app/domain/gorm/AccessToken.groovy create mode 100644 spring-security-rest-testapp-profile/features/gorm2/skeleton/src/integration-test/groovy/rest/RestLogoutFilterSpec.groovy create mode 100644 spring-security-rest-testapp-profile/features/grailscache1/feature.yml.tmpl create mode 100644 spring-security-rest-testapp-profile/features/grailscache1/skeleton/build.gradle create mode 100644 spring-security-rest-testapp-profile/features/grailscache1/skeleton/grails-app/conf/application.groovy create mode 100644 spring-security-rest-testapp-profile/features/grailscache2/feature.yml.tmpl create mode 100644 spring-security-rest-testapp-profile/features/grailscache2/skeleton/build.gradle create mode 100644 spring-security-rest-testapp-profile/features/grailscache2/skeleton/grails-app/conf/application.groovy create mode 100644 spring-security-rest-testapp-profile/features/jwt1/feature.yml.tmpl create mode 100644 spring-security-rest-testapp-profile/features/jwt1/skeleton/build.gradle create mode 100644 spring-security-rest-testapp-profile/features/jwt1/skeleton/grails-app/conf/application.groovy create mode 100644 spring-security-rest-testapp-profile/features/jwt1/skeleton/grails-app/controllers/rest/JwtController.groovy create mode 100644 spring-security-rest-testapp-profile/features/jwt1/skeleton/src/integration-test/groovy/rest/JwtRestTokenValidationFilterSpec.groovy create mode 100644 spring-security-rest-testapp-profile/features/jwt2/feature.yml.tmpl create mode 100644 spring-security-rest-testapp-profile/features/jwt2/skeleton/build.gradle create mode 100644 spring-security-rest-testapp-profile/features/jwt2/skeleton/grails-app/conf/application.groovy create mode 100644 spring-security-rest-testapp-profile/features/memcached1/feature.yml.tmpl create mode 100644 spring-security-rest-testapp-profile/features/memcached1/skeleton/build.gradle create mode 100644 spring-security-rest-testapp-profile/features/memcached1/skeleton/grails-app/conf/application.groovy create mode 100644 spring-security-rest-testapp-profile/features/memcached1/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy create mode 100644 spring-security-rest-testapp-profile/features/memcached2/feature.yml.tmpl create mode 100644 spring-security-rest-testapp-profile/features/memcached2/skeleton/build.gradle create mode 100644 spring-security-rest-testapp-profile/features/memcached2/skeleton/grails-app/conf/application.groovy create mode 100644 spring-security-rest-testapp-profile/features/memcached2/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy create mode 100644 spring-security-rest-testapp-profile/features/redis1/feature.yml.tmpl create mode 100644 spring-security-rest-testapp-profile/features/redis1/skeleton/build.gradle create mode 100644 spring-security-rest-testapp-profile/features/redis1/skeleton/grails-app/conf/application.groovy create mode 100644 spring-security-rest-testapp-profile/features/redis1/skeleton/src/integration-test/groovy/redis/RedisSpec.groovy create mode 100644 spring-security-rest-testapp-profile/features/redis2/feature.yml.tmpl create mode 100644 spring-security-rest-testapp-profile/features/redis2/skeleton/build.gradle create mode 100644 spring-security-rest-testapp-profile/features/redis2/skeleton/grails-app/conf/application.groovy create mode 100644 spring-security-rest-testapp-profile/features/redis2/skeleton/src/integration-test/groovy/redis/RedisSpec.groovy create mode 100644 spring-security-rest-testapp-profile/gradle.properties create mode 100644 spring-security-rest-testapp-profile/keys/private_key.der create mode 100644 spring-security-rest-testapp-profile/keys/public_key.der create mode 100644 spring-security-rest-testapp-profile/profile.yml.tmpl create mode 100644 spring-security-rest-testapp-profile/skeleton/build.gradle create mode 100644 spring-security-rest-testapp-profile/skeleton/grails-app/conf/application.yml create mode 100644 spring-security-rest-testapp-profile/skeleton/grails-app/conf/logback.groovy create mode 100644 spring-security-rest-testapp-profile/skeleton/grails-app/conf/spring/resources.groovy create mode 100644 spring-security-rest-testapp-profile/skeleton/grails-app/controllers/UrlMappings.groovy create mode 100644 spring-security-rest-testapp-profile/skeleton/grails-app/controllers/rest/AnonymousController.groovy create mode 100644 spring-security-rest-testapp-profile/skeleton/grails-app/controllers/rest/PublicController.groovy create mode 100644 spring-security-rest-testapp-profile/skeleton/grails-app/controllers/rest/SecuredController.groovy create mode 100644 spring-security-rest-testapp-profile/skeleton/grails-app/init/BootStrap.groovy create mode 100644 spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/GebConfig.groovy create mode 100644 spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/org/openqa/selenium/browserlaunchers/Proxies.groovy create mode 100644 spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/AbstractRestSpec.groovy create mode 100644 spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/BearerTokenSpec.groovy create mode 100644 spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/CorsSpec.groovy create mode 100644 spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/FrontendCallbackPage.groovy create mode 100644 spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/JwtSpec.groovy create mode 100644 spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestAuthenticationFilterSpec.groovy create mode 100644 spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestTokenValidationFilterSpec.groovy create mode 100644 spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/ValidateEndpointSpec.groovy diff --git a/build.gradle b/build.gradle index 5d5905001..490ab0e11 100644 --- a/build.gradle +++ b/build.gradle @@ -21,6 +21,7 @@ allprojects { } def pluginProjects = ['spring-security-rest', 'spring-security-rest-memcached', 'spring-security-rest-redis', 'spring-security-rest-grailscache', 'spring-security-rest-gorm'] +def profileProjects = ['spring-security-rest-testapp-profile'] def publishedProjects = pluginProjects version project.projectVersion @@ -38,7 +39,9 @@ subprojects { Project project -> mavenCentral() maven { url "https://repo.grails.org/grails/core" } } - if (project.name != "spring-security-rest-docs" && !project.name.startsWith("build") ) { + if (project.name != "spring-security-rest-docs" && + project.name != "spring-security-rest-testapp-profile" && + !project.name.startsWith("build") ) { apply plugin: "org.grails.grails-plugin" } @@ -81,6 +84,10 @@ subprojects { Project project -> } } + if (project.name in profileProjects) { + apply plugin: "org.grails.grails-profile" + } + if (project.name in publishedProjects) { apply from: rootProject.file("gradle/publishing.gradle") } diff --git a/generate-test-apps.sh b/generate-test-apps.sh new file mode 100755 index 000000000..d2b11a395 --- /dev/null +++ b/generate-test-apps.sh @@ -0,0 +1,19 @@ +#!/usr/bin/env bash +set -e + +rm -rf build/ +mkdir build +export pluginVersion=`cat build.gradle | grep "version \"" | sed -n 's/^[ \t]*version\ "//pg' | sed -n 's/"//pg'` +export grailsVersion=`cat spring-security-rest-testapp-profile/gradle.properties | grep grailsVersion | sed -n 's/^grailsVersion=//p'` +./gradlew clean install + +echo "Plugin version: $pluginVersion. Grails version for test apps: $grailsVersion" +source "$HOME/.sdkman/bin/sdkman-init.sh" + +[[ -d ~/.sdkman/candidates/grails/$grailsVersion ]] || sdk install grails $grailsVersion +sdk use grails $grailsVersion +cd build + +for feature in `ls ../spring-security-rest-testapp-profile/features/`; do + grails create-app -profile org.grails.plugins:spring-security-rest-testapp-profile:$pluginVersion -features $feature $feature +done \ No newline at end of file diff --git a/settings.gradle b/settings.gradle index a9b2fe48b..2776fb041 100644 --- a/settings.gradle +++ b/settings.gradle @@ -43,5 +43,6 @@ include 'spring-security-rest-memcached' include 'spring-security-rest-redis' include 'spring-security-rest-grailscache' include 'spring-security-rest-gorm' +include 'spring-security-rest-testapp-profile' include 'spring-security-rest-docs' diff --git a/spring-security-rest-testapp-profile/.gitignore b/spring-security-rest-testapp-profile/.gitignore new file mode 100644 index 000000000..153da0c6e --- /dev/null +++ b/spring-security-rest-testapp-profile/.gitignore @@ -0,0 +1,2 @@ +profile.yml +feature.yml \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/build.gradle b/spring-security-rest-testapp-profile/build.gradle new file mode 100644 index 000000000..67786c91c --- /dev/null +++ b/spring-security-rest-testapp-profile/build.gradle @@ -0,0 +1,19 @@ +task generateProfileConfig () { + copy { + from 'profile.yml.tmpl' + into '.' + rename { String fileName -> fileName.replaceAll '\\.tmpl', '' } + expand pluginVersion: project.version + } + + file('features').eachDir { feature -> + copy { + from "features/${feature.name}/feature.yml.tmpl" + into "features/${feature.name}/" + rename { String fileName -> fileName.replaceAll '\\.tmpl', '' } + expand pluginVersion: project.version + } + } +} + +compileProfile.dependsOn generateProfileConfig \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/gorm1/feature.yml.tmpl b/spring-security-rest-testapp-profile/features/gorm1/feature.yml.tmpl new file mode 100644 index 000000000..77f06bffe --- /dev/null +++ b/spring-security-rest-testapp-profile/features/gorm1/feature.yml.tmpl @@ -0,0 +1,13 @@ +description: First configuration of GORM +dependencies: + build: + - "org.grails.plugins:hibernate5:7.0.0" + compile: + - "org.grails.plugins:hibernate5" + - "org.hibernate:hibernate-core:5.4.0.Final" + - "org.hibernate:hibernate-ehcache:5.4.0.Final" + - "org.grails.plugins:spring-security-rest-gorm:${pluginVersion}" + runtime: + - "com.h2database:h2" + - "org.apache.tomcat:tomcat-jdbc" + - "org.glassfish.web:el-impl:2.1.2-b03" \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/gorm1/skeleton/build.gradle b/spring-security-rest-testapp-profile/features/gorm1/skeleton/build.gradle new file mode 100644 index 000000000..5b05dccb2 --- /dev/null +++ b/spring-security-rest-testapp-profile/features/gorm1/skeleton/build.gradle @@ -0,0 +1,6 @@ + +integrationTest { + systemProperty 'useBearerToken', 'false' + systemProperty 'useFacebook', 'true' + systemProperty 'geb.env', System.getProperty('geb.env', 'phantomJs') +} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/gorm1/skeleton/grails-app/conf/application.groovy b/spring-security-rest-testapp-profile/features/gorm1/skeleton/grails-app/conf/application.groovy new file mode 100644 index 000000000..081bee40f --- /dev/null +++ b/spring-security-rest-testapp-profile/features/gorm1/skeleton/grails-app/conf/application.groovy @@ -0,0 +1,66 @@ +import org.pac4j.oauth.client.FacebookClient +import org.pac4j.oauth.client.Google2Client +import org.pac4j.oauth.client.TwitterClient + +grails { + plugin { + springsecurity { + + useSecurityEventListener = true + + filterChain { + chainMap = [ + [pattern: '/api/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'], + [pattern: '/secured/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'], + [pattern: '/anonymous/**', filters: 'anonymousAuthenticationFilter,restTokenValidationFilter,restExceptionTranslationFilter,filterInvocationInterceptor'], + [pattern: '/**', filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'] + ] + } + rest { + token { + validation { + enableAnonymousAccess = true + useBearerToken = false + } + + storage { + gorm { + tokenDomainClassName = 'gorm.AccessToken' + } + } + } + + oauth { + frontendCallbackUrl = {String tokenValue -> "http://example.org#token=${tokenValue}" } + + google { + client = Google2Client + key = '1093785205845-hl3jv0rd8jfohkn55jchgmnpvdpsnal4.apps.googleusercontent.com' + secret = 'sWXY3VMm4wKAGoRZg8r3ftZc' + scope = Google2Client.Google2Scope.EMAIL_AND_PROFILE + defaultRoles = ['ROLE_USER', 'ROLE_GOOGLE'] + } + + facebook { + client = FacebookClient + key = '585495051532332' + secret = 'f6bfaff8c66a3fd7b1e9ec4c986fda8b' + + //https://developers.facebook.com/docs/reference/login/ + scope = 'public_profile,email' + fields = 'id,name,first_name,middle_name,last_name,link,gender,email,birthday' + defaultRoles = ['ROLE_USER', 'ROLE_FACEBOOK'] + } + + twitter { + client = TwitterClient + key = 'A2hwgEMfNIp7OF2f05Gqw' + secret = 'BUpumhJGeNskn53Ssr3QQuesKg8lOIEWaLO4pCdgeTw' + defaultRoles = ['ROLE_USER', 'ROLE_TWITTER'] + } + } + } + } + } +} + diff --git a/spring-security-rest-testapp-profile/features/gorm1/skeleton/grails-app/conf/application.yml b/spring-security-rest-testapp-profile/features/gorm1/skeleton/grails-app/conf/application.yml new file mode 100644 index 000000000..c17bb0e4a --- /dev/null +++ b/spring-security-rest-testapp-profile/features/gorm1/skeleton/grails-app/conf/application.yml @@ -0,0 +1,43 @@ +hibernate: + cache: + queries: false + use_second_level_cache: false + use_query_cache: false +dataSource: + pooled: true + jmxExport: true + driverClassName: org.h2.Driver + username: sa + password: '' + +environments: + development: + dataSource: + dbCreate: create-drop + url: jdbc:h2:mem:devDb;MVCC=TRUE;LOCK_TIMEOUT=10000;DB_CLOSE_ON_EXIT=FALSE + test: + dataSource: + dbCreate: update + url: jdbc:h2:mem:testDb;MVCC=TRUE;LOCK_TIMEOUT=10000;DB_CLOSE_ON_EXIT=FALSE + production: + dataSource: + dbCreate: none + url: jdbc:h2:./prodDb;MVCC=TRUE;LOCK_TIMEOUT=10000;DB_CLOSE_ON_EXIT=FALSE + properties: + jmxEnabled: true + initialSize: 5 + maxActive: 50 + minIdle: 5 + maxIdle: 25 + maxWait: 10000 + maxAge: 600000 + timeBetweenEvictionRunsMillis: 5000 + minEvictableIdleTimeMillis: 60000 + validationQuery: SELECT 1 + validationQueryTimeout: 3 + validationInterval: 15000 + testOnBorrow: true + testWhileIdle: true + testOnReturn: false + jdbcInterceptors: ConnectionState + defaultTransactionIsolation: 2 # TRANSACTION_READ_COMMITTED \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/gorm1/skeleton/grails-app/domain/gorm/AccessToken.groovy b/spring-security-rest-testapp-profile/features/gorm1/skeleton/grails-app/domain/gorm/AccessToken.groovy new file mode 100644 index 000000000..018bb4e02 --- /dev/null +++ b/spring-security-rest-testapp-profile/features/gorm1/skeleton/grails-app/domain/gorm/AccessToken.groovy @@ -0,0 +1,12 @@ +package gorm + +class AccessToken { + + String tokenValue + String username + + static mapping = { + version false + } + +} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/gorm1/skeleton/src/integration-test/groovy/rest/RestLogoutFilterSpec.groovy b/spring-security-rest-testapp-profile/features/gorm1/skeleton/src/integration-test/groovy/rest/RestLogoutFilterSpec.groovy new file mode 100644 index 000000000..3bcfdb5ec --- /dev/null +++ b/spring-security-rest-testapp-profile/features/gorm1/skeleton/src/integration-test/groovy/rest/RestLogoutFilterSpec.groovy @@ -0,0 +1,89 @@ +/* + * Copyright 2013-2015 Alvaro Sanchez-Mariscal + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package rest + +import grails.plugins.rest.client.RestResponse +import spock.lang.Unroll + +class RestLogoutFilterSpec extends AbstractRestSpec { + + void "logout filter can remove a token"() { + given: + RestResponse authResponse = sendCorrectCredentials() + String token = authResponse.json.access_token + + when: + def response = restBuilder.post("${baseUrl}/api/logout") { + header 'X-Auth-Token', token + } + + then: + response.status == 200 + + when: + response = restBuilder.get("${baseUrl}/api/validate") { + header 'X-Auth-Token', token + } + + then: + response.status == 401 + } + + void "logout filter returns 404 if token is not found"() { + when: + def response = restBuilder.post("${baseUrl}/api/logout") { + header 'X-Auth-Token', 'whatever' + } + + then: + response.status == 404 + + } + + void "calling /api/logout without token returns 400"() { + when: + def response = restBuilder.post("${baseUrl}/api/logout") + + then: + response.status == 400 + } + + @Unroll + void "#httpMethod requests generate #statusCode responses"() { + + given: + RestResponse authResponse = sendCorrectCredentials() + String token = authResponse.json.access_token + + when: + def response = restBuilder."${httpMethod}"("${baseUrl}/api/logout") { + header 'X-Auth-Token', token + } + + then: + response.status == statusCode + + where: + httpMethod | statusCode + 'get' | 405 + 'post' | 200 + 'put' | 405 + 'delete' | 405 + } + + +} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/gorm2/feature.yml.tmpl b/spring-security-rest-testapp-profile/features/gorm2/feature.yml.tmpl new file mode 100644 index 000000000..7b31afa21 --- /dev/null +++ b/spring-security-rest-testapp-profile/features/gorm2/feature.yml.tmpl @@ -0,0 +1,13 @@ +description: Second configuration of GORM +dependencies: + build: + - "org.grails.plugins:hibernate5:7.0.0" + compile: + - "org.grails.plugins:hibernate5" + - "org.hibernate:hibernate-core:5.4.0.Final" + - "org.hibernate:hibernate-ehcache:5.4.0.Final" + - "org.grails.plugins:spring-security-rest-gorm:${pluginVersion}" + runtime: + - "com.h2database:h2" + - "org.apache.tomcat:tomcat-jdbc" + - "org.glassfish.web:el-impl:2.1.2-b03" \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/gorm2/skeleton/build.gradle b/spring-security-rest-testapp-profile/features/gorm2/skeleton/build.gradle new file mode 100644 index 000000000..b97a67d78 --- /dev/null +++ b/spring-security-rest-testapp-profile/features/gorm2/skeleton/build.gradle @@ -0,0 +1,6 @@ + +integrationTest { + systemProperty 'useBearerToken', 'false' + systemProperty 'useFacebook', 'false' + systemProperty 'geb.env', System.getProperty('geb.env', 'phantomJs') +} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/gorm2/skeleton/grails-app/conf/application.groovy b/spring-security-rest-testapp-profile/features/gorm2/skeleton/grails-app/conf/application.groovy new file mode 100644 index 000000000..31b26fbf2 --- /dev/null +++ b/spring-security-rest-testapp-profile/features/gorm2/skeleton/grails-app/conf/application.groovy @@ -0,0 +1,29 @@ +grails { + plugin { + springsecurity { + + filterChain { + chainMap = [ + [pattern: '/api/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter'], + [pattern: '/secured/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter'], + [pattern: '/anonymous/**', filters: 'anonymousAuthenticationFilter,restTokenValidationFilter,restExceptionTranslationFilter,filterInvocationInterceptor'], + [pattern: '/**', filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'] + ] + } + + rest { + token { + validation { + enableAnonymousAccess = true + useBearerToken = false + } + storage { + gorm { + tokenDomainClassName = 'gorm.AccessToken' + } + } + } + } + } + } +} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/gorm2/skeleton/grails-app/conf/application.yml b/spring-security-rest-testapp-profile/features/gorm2/skeleton/grails-app/conf/application.yml new file mode 100644 index 000000000..c17bb0e4a --- /dev/null +++ b/spring-security-rest-testapp-profile/features/gorm2/skeleton/grails-app/conf/application.yml @@ -0,0 +1,43 @@ +hibernate: + cache: + queries: false + use_second_level_cache: false + use_query_cache: false +dataSource: + pooled: true + jmxExport: true + driverClassName: org.h2.Driver + username: sa + password: '' + +environments: + development: + dataSource: + dbCreate: create-drop + url: jdbc:h2:mem:devDb;MVCC=TRUE;LOCK_TIMEOUT=10000;DB_CLOSE_ON_EXIT=FALSE + test: + dataSource: + dbCreate: update + url: jdbc:h2:mem:testDb;MVCC=TRUE;LOCK_TIMEOUT=10000;DB_CLOSE_ON_EXIT=FALSE + production: + dataSource: + dbCreate: none + url: jdbc:h2:./prodDb;MVCC=TRUE;LOCK_TIMEOUT=10000;DB_CLOSE_ON_EXIT=FALSE + properties: + jmxEnabled: true + initialSize: 5 + maxActive: 50 + minIdle: 5 + maxIdle: 25 + maxWait: 10000 + maxAge: 600000 + timeBetweenEvictionRunsMillis: 5000 + minEvictableIdleTimeMillis: 60000 + validationQuery: SELECT 1 + validationQueryTimeout: 3 + validationInterval: 15000 + testOnBorrow: true + testWhileIdle: true + testOnReturn: false + jdbcInterceptors: ConnectionState + defaultTransactionIsolation: 2 # TRANSACTION_READ_COMMITTED \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/gorm2/skeleton/grails-app/domain/gorm/AccessToken.groovy b/spring-security-rest-testapp-profile/features/gorm2/skeleton/grails-app/domain/gorm/AccessToken.groovy new file mode 100644 index 000000000..018bb4e02 --- /dev/null +++ b/spring-security-rest-testapp-profile/features/gorm2/skeleton/grails-app/domain/gorm/AccessToken.groovy @@ -0,0 +1,12 @@ +package gorm + +class AccessToken { + + String tokenValue + String username + + static mapping = { + version false + } + +} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/gorm2/skeleton/src/integration-test/groovy/rest/RestLogoutFilterSpec.groovy b/spring-security-rest-testapp-profile/features/gorm2/skeleton/src/integration-test/groovy/rest/RestLogoutFilterSpec.groovy new file mode 100644 index 000000000..3bcfdb5ec --- /dev/null +++ b/spring-security-rest-testapp-profile/features/gorm2/skeleton/src/integration-test/groovy/rest/RestLogoutFilterSpec.groovy @@ -0,0 +1,89 @@ +/* + * Copyright 2013-2015 Alvaro Sanchez-Mariscal + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package rest + +import grails.plugins.rest.client.RestResponse +import spock.lang.Unroll + +class RestLogoutFilterSpec extends AbstractRestSpec { + + void "logout filter can remove a token"() { + given: + RestResponse authResponse = sendCorrectCredentials() + String token = authResponse.json.access_token + + when: + def response = restBuilder.post("${baseUrl}/api/logout") { + header 'X-Auth-Token', token + } + + then: + response.status == 200 + + when: + response = restBuilder.get("${baseUrl}/api/validate") { + header 'X-Auth-Token', token + } + + then: + response.status == 401 + } + + void "logout filter returns 404 if token is not found"() { + when: + def response = restBuilder.post("${baseUrl}/api/logout") { + header 'X-Auth-Token', 'whatever' + } + + then: + response.status == 404 + + } + + void "calling /api/logout without token returns 400"() { + when: + def response = restBuilder.post("${baseUrl}/api/logout") + + then: + response.status == 400 + } + + @Unroll + void "#httpMethod requests generate #statusCode responses"() { + + given: + RestResponse authResponse = sendCorrectCredentials() + String token = authResponse.json.access_token + + when: + def response = restBuilder."${httpMethod}"("${baseUrl}/api/logout") { + header 'X-Auth-Token', token + } + + then: + response.status == statusCode + + where: + httpMethod | statusCode + 'get' | 405 + 'post' | 200 + 'put' | 405 + 'delete' | 405 + } + + +} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/grailscache1/feature.yml.tmpl b/spring-security-rest-testapp-profile/features/grailscache1/feature.yml.tmpl new file mode 100644 index 000000000..1cba7ee36 --- /dev/null +++ b/spring-security-rest-testapp-profile/features/grailscache1/feature.yml.tmpl @@ -0,0 +1,4 @@ +description: First configuration of Grails cache +dependencies: + compile: + - "org.grails.plugins:spring-security-rest-grailscache:${pluginVersion}" \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/grailscache1/skeleton/build.gradle b/spring-security-rest-testapp-profile/features/grailscache1/skeleton/build.gradle new file mode 100644 index 000000000..5b05dccb2 --- /dev/null +++ b/spring-security-rest-testapp-profile/features/grailscache1/skeleton/build.gradle @@ -0,0 +1,6 @@ + +integrationTest { + systemProperty 'useBearerToken', 'false' + systemProperty 'useFacebook', 'true' + systemProperty 'geb.env', System.getProperty('geb.env', 'phantomJs') +} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/grailscache1/skeleton/grails-app/conf/application.groovy b/spring-security-rest-testapp-profile/features/grailscache1/skeleton/grails-app/conf/application.groovy new file mode 100644 index 000000000..1a6f0ffde --- /dev/null +++ b/spring-security-rest-testapp-profile/features/grailscache1/skeleton/grails-app/conf/application.groovy @@ -0,0 +1,60 @@ +import org.pac4j.oauth.client.FacebookClient +import org.pac4j.oauth.client.Google2Client +import org.pac4j.oauth.client.TwitterClient + +grails { + plugin { + springsecurity { + + useSecurityEventListener = true + + filterChain { + chainMap = [ + [pattern: '/api/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'], + [pattern: '/secured/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'], + [pattern: '/anonymous/**', filters: 'anonymousAuthenticationFilter,restTokenValidationFilter,restExceptionTranslationFilter,filterInvocationInterceptor'], + [pattern: '/**', filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'] + ] + } + rest { + token { + validation { + enableAnonymousAccess = true + useBearerToken = false + } + } + + oauth { + frontendCallbackUrl = {String tokenValue -> "http://example.org#token=${tokenValue}" } + + google { + client = Google2Client + key = '1093785205845-hl3jv0rd8jfohkn55jchgmnpvdpsnal4.apps.googleusercontent.com' + secret = 'sWXY3VMm4wKAGoRZg8r3ftZc' + scope = Google2Client.Google2Scope.EMAIL_AND_PROFILE + defaultRoles = ['ROLE_USER', 'ROLE_GOOGLE'] + } + + facebook { + client = FacebookClient + key = '585495051532332' + secret = 'f6bfaff8c66a3fd7b1e9ec4c986fda8b' + + //https://developers.facebook.com/docs/reference/login/ + scope = 'public_profile,email' + fields = 'id,name,first_name,middle_name,last_name,link,gender,email,birthday' + defaultRoles = ['ROLE_USER', 'ROLE_FACEBOOK'] + } + + twitter { + client = TwitterClient + key = 'A2hwgEMfNIp7OF2f05Gqw' + secret = 'BUpumhJGeNskn53Ssr3QQuesKg8lOIEWaLO4pCdgeTw' + defaultRoles = ['ROLE_USER', 'ROLE_TWITTER'] + } + } + } + } + } +} + diff --git a/spring-security-rest-testapp-profile/features/grailscache2/feature.yml.tmpl b/spring-security-rest-testapp-profile/features/grailscache2/feature.yml.tmpl new file mode 100644 index 000000000..158061418 --- /dev/null +++ b/spring-security-rest-testapp-profile/features/grailscache2/feature.yml.tmpl @@ -0,0 +1,4 @@ +description: Second configuration of Grails cache +dependencies: + compile: + - "org.grails.plugins:spring-security-rest-grailscache:${pluginVersion}" \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/grailscache2/skeleton/build.gradle b/spring-security-rest-testapp-profile/features/grailscache2/skeleton/build.gradle new file mode 100644 index 000000000..b97a67d78 --- /dev/null +++ b/spring-security-rest-testapp-profile/features/grailscache2/skeleton/build.gradle @@ -0,0 +1,6 @@ + +integrationTest { + systemProperty 'useBearerToken', 'false' + systemProperty 'useFacebook', 'false' + systemProperty 'geb.env', System.getProperty('geb.env', 'phantomJs') +} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/grailscache2/skeleton/grails-app/conf/application.groovy b/spring-security-rest-testapp-profile/features/grailscache2/skeleton/grails-app/conf/application.groovy new file mode 100644 index 000000000..c1d1e77d8 --- /dev/null +++ b/spring-security-rest-testapp-profile/features/grailscache2/skeleton/grails-app/conf/application.groovy @@ -0,0 +1,24 @@ +grails { + plugin { + springsecurity { + + filterChain { + chainMap = [ + [pattern: '/api/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter'], + [pattern: '/secured/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter'], + [pattern: '/anonymous/**', filters: 'anonymousAuthenticationFilter,restTokenValidationFilter,restExceptionTranslationFilter,filterInvocationInterceptor'], + [pattern: '/**', filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'] + ] + } + + rest { + token { + validation { + enableAnonymousAccess = true + useBearerToken = false + } + } + } + } + } +} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/jwt1/feature.yml.tmpl b/spring-security-rest-testapp-profile/features/jwt1/feature.yml.tmpl new file mode 100644 index 000000000..a6ec362f3 --- /dev/null +++ b/spring-security-rest-testapp-profile/features/jwt1/feature.yml.tmpl @@ -0,0 +1 @@ +description: First configuration of JWT \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/jwt1/skeleton/build.gradle b/spring-security-rest-testapp-profile/features/jwt1/skeleton/build.gradle new file mode 100644 index 000000000..5b05dccb2 --- /dev/null +++ b/spring-security-rest-testapp-profile/features/jwt1/skeleton/build.gradle @@ -0,0 +1,6 @@ + +integrationTest { + systemProperty 'useBearerToken', 'false' + systemProperty 'useFacebook', 'true' + systemProperty 'geb.env', System.getProperty('geb.env', 'phantomJs') +} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/jwt1/skeleton/grails-app/conf/application.groovy b/spring-security-rest-testapp-profile/features/jwt1/skeleton/grails-app/conf/application.groovy new file mode 100644 index 000000000..b74a1e76d --- /dev/null +++ b/spring-security-rest-testapp-profile/features/jwt1/skeleton/grails-app/conf/application.groovy @@ -0,0 +1,66 @@ +import org.pac4j.oauth.client.FacebookClient +import org.pac4j.oauth.client.Google2Client +import org.pac4j.oauth.client.TwitterClient + +grails { + plugin { + springsecurity { + + useSecurityEventListener = true + + filterChain { + chainMap = [ + [pattern: '/api/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'], + [pattern: '/secured/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'], + [pattern: '/jwt/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'], + [pattern: '/anonymous/**', filters: 'anonymousAuthenticationFilter,restTokenValidationFilter,restExceptionTranslationFilter,filterInvocationInterceptor'], + [pattern: '/**', filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'] + ] + } + rest { + token { + validation { + enableAnonymousAccess = true + useBearerToken = false + } + storage { + jwt { + secret = 'foobar123'*4 + } + } + } + + oauth { + frontendCallbackUrl = {String tokenValue -> "http://example.org#token=${tokenValue}" } + + google { + client = Google2Client + key = '1093785205845-hl3jv0rd8jfohkn55jchgmnpvdpsnal4.apps.googleusercontent.com' + secret = 'sWXY3VMm4wKAGoRZg8r3ftZc' + scope = Google2Client.Google2Scope.EMAIL_AND_PROFILE + defaultRoles = ['ROLE_USER', 'ROLE_GOOGLE'] + } + + facebook { + client = FacebookClient + key = '585495051532332' + secret = 'f6bfaff8c66a3fd7b1e9ec4c986fda8b' + + //https://developers.facebook.com/docs/reference/login/ + scope = 'public_profile,email' + fields = 'id,name,first_name,middle_name,last_name,link,gender,email,birthday' + defaultRoles = ['ROLE_USER', 'ROLE_FACEBOOK'] + } + + twitter { + client = TwitterClient + key = 'A2hwgEMfNIp7OF2f05Gqw' + secret = 'BUpumhJGeNskn53Ssr3QQuesKg8lOIEWaLO4pCdgeTw' + defaultRoles = ['ROLE_USER', 'ROLE_TWITTER'] + } + } + } + } + } +} + diff --git a/spring-security-rest-testapp-profile/features/jwt1/skeleton/grails-app/controllers/rest/JwtController.groovy b/spring-security-rest-testapp-profile/features/jwt1/skeleton/grails-app/controllers/rest/JwtController.groovy new file mode 100644 index 000000000..2c55474be --- /dev/null +++ b/spring-security-rest-testapp-profile/features/jwt1/skeleton/grails-app/controllers/rest/JwtController.groovy @@ -0,0 +1,17 @@ +package rest + +import grails.converters.JSON +import grails.plugin.springsecurity.annotation.Secured +import grails.plugin.springsecurity.rest.token.AccessToken + +class JwtController { + + def springSecurityService + + @Secured(['ROLE_USER']) + def claims() { + AccessToken accessToken = springSecurityService.authentication as AccessToken + render accessToken.accessTokenJwt.JWTClaimsSet.claims as JSON + } + +} diff --git a/spring-security-rest-testapp-profile/features/jwt1/skeleton/src/integration-test/groovy/rest/JwtRestTokenValidationFilterSpec.groovy b/spring-security-rest-testapp-profile/features/jwt1/skeleton/src/integration-test/groovy/rest/JwtRestTokenValidationFilterSpec.groovy new file mode 100644 index 000000000..847e2730a --- /dev/null +++ b/spring-security-rest-testapp-profile/features/jwt1/skeleton/src/integration-test/groovy/rest/JwtRestTokenValidationFilterSpec.groovy @@ -0,0 +1,48 @@ +/* + * Copyright 2013-2016 Alvaro Sanchez-Mariscal + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package rest + +import grails.plugin.springsecurity.rest.RestTokenValidationFilter +import grails.plugins.rest.client.RestResponse +import grails.util.Holders +import spock.lang.IgnoreIf +import spock.lang.Issue +import spock.lang.Subject + +@IgnoreIf({ System.getProperty('useBearerToken', 'false').toBoolean() }) +@Subject(RestTokenValidationFilter) +class JwtRestTokenValidationFilterSpec extends AbstractRestSpec { + + void "the claims are available to the controller"() { + given: + RestResponse authResponse = sendCorrectCredentials() as RestResponse + String token = authResponse.json.access_token + + when: + def response = restBuilder.get("${baseUrl}/jwt/claims") { + header 'X-Auth-Token', token + } + + then: + response.status == 200 + response.json.sub == 'jimi' + response.json.exp + response.json.iat + response.json.roles.size() == 2 + } + +} diff --git a/spring-security-rest-testapp-profile/features/jwt2/feature.yml.tmpl b/spring-security-rest-testapp-profile/features/jwt2/feature.yml.tmpl new file mode 100644 index 000000000..c5f06b4bf --- /dev/null +++ b/spring-security-rest-testapp-profile/features/jwt2/feature.yml.tmpl @@ -0,0 +1 @@ +description: Second configuration of JWT \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/jwt2/skeleton/build.gradle b/spring-security-rest-testapp-profile/features/jwt2/skeleton/build.gradle new file mode 100644 index 000000000..d98bbbe12 --- /dev/null +++ b/spring-security-rest-testapp-profile/features/jwt2/skeleton/build.gradle @@ -0,0 +1,19 @@ + +task restoreKeys() { + def dir = file("${System.getProperty("user.home")}/.grails/spring-security-rest") + + copy { + from dir + include "*.der" + + into "grails-app/conf/" + } +} + +integrationTest { + systemProperty 'useBearerToken', 'true' + systemProperty 'useFacebook', 'false' + systemProperty 'geb.env', System.getProperty('geb.env', 'phantomJs') +} + +test.dependsOn restoreKeys \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/jwt2/skeleton/grails-app/conf/application.groovy b/spring-security-rest-testapp-profile/features/jwt2/skeleton/grails-app/conf/application.groovy new file mode 100644 index 000000000..49819cafb --- /dev/null +++ b/spring-security-rest-testapp-profile/features/jwt2/skeleton/grails-app/conf/application.groovy @@ -0,0 +1,36 @@ +grails { + plugin { + springsecurity { + + filterChain { + chainMap = [ + [pattern: '/api/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter'], + [pattern: '/secured/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter'], + [pattern: '/anonymous/**', filters: 'anonymousAuthenticationFilter,restTokenValidationFilter,restExceptionTranslationFilter,filterInvocationInterceptor'], + [pattern: '/**', filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'] + ] + } + + rest { + token { + validation { + enableAnonymousAccess = true + useBearerToken = true + } + + storage { + jwt { + useEncryptedJwt = true + + privateKeyPath = "grails-app/conf/private_key.der" + publicKeyPath = "grails-app/conf/public_key.der" + + expiration = 5 + } + } + } + } + } + } +} + diff --git a/spring-security-rest-testapp-profile/features/memcached1/feature.yml.tmpl b/spring-security-rest-testapp-profile/features/memcached1/feature.yml.tmpl new file mode 100644 index 000000000..8a9db115d --- /dev/null +++ b/spring-security-rest-testapp-profile/features/memcached1/feature.yml.tmpl @@ -0,0 +1,4 @@ +description: First configuration of Memcached +dependencies: + compile: + - "org.grails.plugins:spring-security-rest-memcached:${pluginVersion}" \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/memcached1/skeleton/build.gradle b/spring-security-rest-testapp-profile/features/memcached1/skeleton/build.gradle new file mode 100644 index 000000000..5b05dccb2 --- /dev/null +++ b/spring-security-rest-testapp-profile/features/memcached1/skeleton/build.gradle @@ -0,0 +1,6 @@ + +integrationTest { + systemProperty 'useBearerToken', 'false' + systemProperty 'useFacebook', 'true' + systemProperty 'geb.env', System.getProperty('geb.env', 'phantomJs') +} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/memcached1/skeleton/grails-app/conf/application.groovy b/spring-security-rest-testapp-profile/features/memcached1/skeleton/grails-app/conf/application.groovy new file mode 100644 index 000000000..1a6f0ffde --- /dev/null +++ b/spring-security-rest-testapp-profile/features/memcached1/skeleton/grails-app/conf/application.groovy @@ -0,0 +1,60 @@ +import org.pac4j.oauth.client.FacebookClient +import org.pac4j.oauth.client.Google2Client +import org.pac4j.oauth.client.TwitterClient + +grails { + plugin { + springsecurity { + + useSecurityEventListener = true + + filterChain { + chainMap = [ + [pattern: '/api/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'], + [pattern: '/secured/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'], + [pattern: '/anonymous/**', filters: 'anonymousAuthenticationFilter,restTokenValidationFilter,restExceptionTranslationFilter,filterInvocationInterceptor'], + [pattern: '/**', filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'] + ] + } + rest { + token { + validation { + enableAnonymousAccess = true + useBearerToken = false + } + } + + oauth { + frontendCallbackUrl = {String tokenValue -> "http://example.org#token=${tokenValue}" } + + google { + client = Google2Client + key = '1093785205845-hl3jv0rd8jfohkn55jchgmnpvdpsnal4.apps.googleusercontent.com' + secret = 'sWXY3VMm4wKAGoRZg8r3ftZc' + scope = Google2Client.Google2Scope.EMAIL_AND_PROFILE + defaultRoles = ['ROLE_USER', 'ROLE_GOOGLE'] + } + + facebook { + client = FacebookClient + key = '585495051532332' + secret = 'f6bfaff8c66a3fd7b1e9ec4c986fda8b' + + //https://developers.facebook.com/docs/reference/login/ + scope = 'public_profile,email' + fields = 'id,name,first_name,middle_name,last_name,link,gender,email,birthday' + defaultRoles = ['ROLE_USER', 'ROLE_FACEBOOK'] + } + + twitter { + client = TwitterClient + key = 'A2hwgEMfNIp7OF2f05Gqw' + secret = 'BUpumhJGeNskn53Ssr3QQuesKg8lOIEWaLO4pCdgeTw' + defaultRoles = ['ROLE_USER', 'ROLE_TWITTER'] + } + } + } + } + } +} + diff --git a/spring-security-rest-testapp-profile/features/memcached1/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy b/spring-security-rest-testapp-profile/features/memcached1/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy new file mode 100644 index 000000000..2f1b28188 --- /dev/null +++ b/spring-security-rest-testapp-profile/features/memcached1/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy @@ -0,0 +1,100 @@ +/* + * Copyright 2013-2015 Alvaro Sanchez-Mariscal + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package memcached + +import grails.plugin.springsecurity.rest.token.storage.TokenNotFoundException +import grails.plugin.springsecurity.rest.token.storage.memcached.MemcachedTokenStorageService +import net.spy.memcached.MemcachedClient +import org.springframework.beans.factory.annotation.Autowired +import org.springframework.security.core.userdetails.User +import org.springframework.security.core.userdetails.UserDetails +import rest.AbstractRestSpec +import spock.lang.Issue +import spock.lang.Shared +import spock.lang.Unroll + +class MemcachedSpec extends AbstractRestSpec { + + @Autowired + MemcachedClient memcachedClient + + @Shared + MemcachedTokenStorageService memcachedTokenStorageService + + @Autowired + void setTokenStorageService(MemcachedTokenStorageService tokenStorageService) { + this.memcachedTokenStorageService = tokenStorageService + } + + void cleanupSpec() { + memcachedTokenStorageService.expiration = 3600 + } + + @Unroll + void "Memcached connection works for storing #key's"() { + + when: + memcachedClient.set(key, 3600, object) + + then: + memcachedClient.get(key) == object + + where: + key | object + 'String' | 'My cool string value' + 'Date' | new Date() + } + + @Issue("https://github.com/grails/grails-spring-security-rest/issues/86") + void "Objects stored expire after the expiration time"() { + given: + memcachedTokenStorageService.expiration = 1 + UserDetails principal = new User('username', 'password', []) + String token = 'abcd' + System.currentTimeMillis() + memcachedTokenStorageService.storeToken(token, principal) + Thread.sleep(1500) + + when: + memcachedTokenStorageService.loadUserByToken(token) + + then: + thrown(TokenNotFoundException) + } + + @Issue("https://github.com/grails/grails-spring-security-rest/issues/86") + void "Objects are refreshed when accessed"() { + given: + memcachedTokenStorageService.expiration = 2 + UserDetails principal = new User('username', 'password', []) + String token = 'abcd' + System.currentTimeMillis() + memcachedTokenStorageService.storeToken(token, principal) + Thread.sleep(1000) + + when: "it is accessed within the expiration time" + Object details = memcachedTokenStorageService.loadUserByToken(token) + + then: "it is found, and expiration time reset to 2 sencods" + details + + when: "it is accessed after one second" + Thread.sleep(1000) + memcachedTokenStorageService.loadUserByToken(token) + + then: "is still found" + notThrown(TokenNotFoundException) + } +} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/memcached2/feature.yml.tmpl b/spring-security-rest-testapp-profile/features/memcached2/feature.yml.tmpl new file mode 100644 index 000000000..76b518c9c --- /dev/null +++ b/spring-security-rest-testapp-profile/features/memcached2/feature.yml.tmpl @@ -0,0 +1,4 @@ +description: Second configuration of Memcached +dependencies: + compile: + - "org.grails.plugins:spring-security-rest-memcached:${pluginVersion}" \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/memcached2/skeleton/build.gradle b/spring-security-rest-testapp-profile/features/memcached2/skeleton/build.gradle new file mode 100644 index 000000000..b97a67d78 --- /dev/null +++ b/spring-security-rest-testapp-profile/features/memcached2/skeleton/build.gradle @@ -0,0 +1,6 @@ + +integrationTest { + systemProperty 'useBearerToken', 'false' + systemProperty 'useFacebook', 'false' + systemProperty 'geb.env', System.getProperty('geb.env', 'phantomJs') +} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/memcached2/skeleton/grails-app/conf/application.groovy b/spring-security-rest-testapp-profile/features/memcached2/skeleton/grails-app/conf/application.groovy new file mode 100644 index 000000000..6adc6a241 --- /dev/null +++ b/spring-security-rest-testapp-profile/features/memcached2/skeleton/grails-app/conf/application.groovy @@ -0,0 +1,25 @@ +grails { + plugin { + springsecurity { + + filterChain { + chainMap = [ + [pattern: '/api/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter'], + [pattern: '/secured/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter'], + [pattern: '/anonymous/**', filters: 'anonymousAuthenticationFilter,restTokenValidationFilter,restExceptionTranslationFilter,filterInvocationInterceptor'], + [pattern: '/**', filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'] + ] + } + + rest { + token { + validation { + enableAnonymousAccess = true + useBearerToken = false + } + } + } + } + } +} + diff --git a/spring-security-rest-testapp-profile/features/memcached2/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy b/spring-security-rest-testapp-profile/features/memcached2/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy new file mode 100644 index 000000000..2f1b28188 --- /dev/null +++ b/spring-security-rest-testapp-profile/features/memcached2/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy @@ -0,0 +1,100 @@ +/* + * Copyright 2013-2015 Alvaro Sanchez-Mariscal + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package memcached + +import grails.plugin.springsecurity.rest.token.storage.TokenNotFoundException +import grails.plugin.springsecurity.rest.token.storage.memcached.MemcachedTokenStorageService +import net.spy.memcached.MemcachedClient +import org.springframework.beans.factory.annotation.Autowired +import org.springframework.security.core.userdetails.User +import org.springframework.security.core.userdetails.UserDetails +import rest.AbstractRestSpec +import spock.lang.Issue +import spock.lang.Shared +import spock.lang.Unroll + +class MemcachedSpec extends AbstractRestSpec { + + @Autowired + MemcachedClient memcachedClient + + @Shared + MemcachedTokenStorageService memcachedTokenStorageService + + @Autowired + void setTokenStorageService(MemcachedTokenStorageService tokenStorageService) { + this.memcachedTokenStorageService = tokenStorageService + } + + void cleanupSpec() { + memcachedTokenStorageService.expiration = 3600 + } + + @Unroll + void "Memcached connection works for storing #key's"() { + + when: + memcachedClient.set(key, 3600, object) + + then: + memcachedClient.get(key) == object + + where: + key | object + 'String' | 'My cool string value' + 'Date' | new Date() + } + + @Issue("https://github.com/grails/grails-spring-security-rest/issues/86") + void "Objects stored expire after the expiration time"() { + given: + memcachedTokenStorageService.expiration = 1 + UserDetails principal = new User('username', 'password', []) + String token = 'abcd' + System.currentTimeMillis() + memcachedTokenStorageService.storeToken(token, principal) + Thread.sleep(1500) + + when: + memcachedTokenStorageService.loadUserByToken(token) + + then: + thrown(TokenNotFoundException) + } + + @Issue("https://github.com/grails/grails-spring-security-rest/issues/86") + void "Objects are refreshed when accessed"() { + given: + memcachedTokenStorageService.expiration = 2 + UserDetails principal = new User('username', 'password', []) + String token = 'abcd' + System.currentTimeMillis() + memcachedTokenStorageService.storeToken(token, principal) + Thread.sleep(1000) + + when: "it is accessed within the expiration time" + Object details = memcachedTokenStorageService.loadUserByToken(token) + + then: "it is found, and expiration time reset to 2 sencods" + details + + when: "it is accessed after one second" + Thread.sleep(1000) + memcachedTokenStorageService.loadUserByToken(token) + + then: "is still found" + notThrown(TokenNotFoundException) + } +} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/redis1/feature.yml.tmpl b/spring-security-rest-testapp-profile/features/redis1/feature.yml.tmpl new file mode 100644 index 000000000..54ff89eb7 --- /dev/null +++ b/spring-security-rest-testapp-profile/features/redis1/feature.yml.tmpl @@ -0,0 +1,5 @@ +description: First configuration of Redis +dependencies: + compile: + - "org.grails.plugins:spring-security-rest-redis:${pluginVersion}" + - "org.grails.plugins:redis:2.0.5" \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/redis1/skeleton/build.gradle b/spring-security-rest-testapp-profile/features/redis1/skeleton/build.gradle new file mode 100644 index 000000000..5b05dccb2 --- /dev/null +++ b/spring-security-rest-testapp-profile/features/redis1/skeleton/build.gradle @@ -0,0 +1,6 @@ + +integrationTest { + systemProperty 'useBearerToken', 'false' + systemProperty 'useFacebook', 'true' + systemProperty 'geb.env', System.getProperty('geb.env', 'phantomJs') +} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/redis1/skeleton/grails-app/conf/application.groovy b/spring-security-rest-testapp-profile/features/redis1/skeleton/grails-app/conf/application.groovy new file mode 100644 index 000000000..1a6f0ffde --- /dev/null +++ b/spring-security-rest-testapp-profile/features/redis1/skeleton/grails-app/conf/application.groovy @@ -0,0 +1,60 @@ +import org.pac4j.oauth.client.FacebookClient +import org.pac4j.oauth.client.Google2Client +import org.pac4j.oauth.client.TwitterClient + +grails { + plugin { + springsecurity { + + useSecurityEventListener = true + + filterChain { + chainMap = [ + [pattern: '/api/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'], + [pattern: '/secured/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter,-rememberMeAuthenticationFilter'], + [pattern: '/anonymous/**', filters: 'anonymousAuthenticationFilter,restTokenValidationFilter,restExceptionTranslationFilter,filterInvocationInterceptor'], + [pattern: '/**', filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'] + ] + } + rest { + token { + validation { + enableAnonymousAccess = true + useBearerToken = false + } + } + + oauth { + frontendCallbackUrl = {String tokenValue -> "http://example.org#token=${tokenValue}" } + + google { + client = Google2Client + key = '1093785205845-hl3jv0rd8jfohkn55jchgmnpvdpsnal4.apps.googleusercontent.com' + secret = 'sWXY3VMm4wKAGoRZg8r3ftZc' + scope = Google2Client.Google2Scope.EMAIL_AND_PROFILE + defaultRoles = ['ROLE_USER', 'ROLE_GOOGLE'] + } + + facebook { + client = FacebookClient + key = '585495051532332' + secret = 'f6bfaff8c66a3fd7b1e9ec4c986fda8b' + + //https://developers.facebook.com/docs/reference/login/ + scope = 'public_profile,email' + fields = 'id,name,first_name,middle_name,last_name,link,gender,email,birthday' + defaultRoles = ['ROLE_USER', 'ROLE_FACEBOOK'] + } + + twitter { + client = TwitterClient + key = 'A2hwgEMfNIp7OF2f05Gqw' + secret = 'BUpumhJGeNskn53Ssr3QQuesKg8lOIEWaLO4pCdgeTw' + defaultRoles = ['ROLE_USER', 'ROLE_TWITTER'] + } + } + } + } + } +} + diff --git a/spring-security-rest-testapp-profile/features/redis1/skeleton/src/integration-test/groovy/redis/RedisSpec.groovy b/spring-security-rest-testapp-profile/features/redis1/skeleton/src/integration-test/groovy/redis/RedisSpec.groovy new file mode 100644 index 000000000..251d95727 --- /dev/null +++ b/spring-security-rest-testapp-profile/features/redis1/skeleton/src/integration-test/groovy/redis/RedisSpec.groovy @@ -0,0 +1,82 @@ +/* + * Copyright 2013-2015 Alvaro Sanchez-Mariscal + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package redis + +import grails.plugin.springsecurity.rest.token.storage.RedisTokenStorageService +import grails.plugin.springsecurity.rest.token.storage.TokenNotFoundException +import grails.plugins.redis.RedisService +import grails.testing.mixin.integration.Integration +import org.springframework.beans.factory.annotation.Autowired +import org.springframework.boot.test.context.SpringBootTest +import org.springframework.security.core.userdetails.User +import org.springframework.security.core.userdetails.UserDetails +import spock.lang.Specification + +import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.DEFINED_PORT + +@Integration +@SpringBootTest(webEnvironment = DEFINED_PORT) +class RedisSpec extends Specification { + + @Autowired + RedisTokenStorageService tokenStorageService + + @Autowired + RedisService redisService + + def cleanup() { + redisService.flushDB() + } + + void "Objects stored expire after the expiration time"() { + given: + tokenStorageService.expiration = 1 + UserDetails principal = new User('username', 'password', []) + String token = 'abcd' + tokenStorageService.storeToken(token, principal) + Thread.sleep(1000) + + when: + tokenStorageService.loadUserByToken(token) + + then: + thrown(TokenNotFoundException) + } + + void "Objects are refreshed when accessed"() { + given: + tokenStorageService.expiration = 2 + UserDetails principal = new User('username', 'password', []) + String token = 'abcd' + System.currentTimeMillis() + tokenStorageService.storeToken(token, principal) + Thread.sleep(1000) + + when: "it is accessed within the expiration time" + Object details = tokenStorageService.loadUserByToken(token) + + then: "it is found, and expiration time reset to 2 sencods" + details + + when: "it is accessed after one second" + Thread.sleep(1000) + tokenStorageService.loadUserByToken(token) + + then: "is still found" + notThrown(TokenNotFoundException) + } + +} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/redis2/feature.yml.tmpl b/spring-security-rest-testapp-profile/features/redis2/feature.yml.tmpl new file mode 100644 index 000000000..fccf2438e --- /dev/null +++ b/spring-security-rest-testapp-profile/features/redis2/feature.yml.tmpl @@ -0,0 +1,5 @@ +description: Second configuration of Redis +dependencies: + compile: + - "org.grails.plugins:spring-security-rest-redis:${pluginVersion}" + - "org.grails.plugins:redis:2.0.5" \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/redis2/skeleton/build.gradle b/spring-security-rest-testapp-profile/features/redis2/skeleton/build.gradle new file mode 100644 index 000000000..b97a67d78 --- /dev/null +++ b/spring-security-rest-testapp-profile/features/redis2/skeleton/build.gradle @@ -0,0 +1,6 @@ + +integrationTest { + systemProperty 'useBearerToken', 'false' + systemProperty 'useFacebook', 'false' + systemProperty 'geb.env', System.getProperty('geb.env', 'phantomJs') +} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/redis2/skeleton/grails-app/conf/application.groovy b/spring-security-rest-testapp-profile/features/redis2/skeleton/grails-app/conf/application.groovy new file mode 100644 index 000000000..c1d1e77d8 --- /dev/null +++ b/spring-security-rest-testapp-profile/features/redis2/skeleton/grails-app/conf/application.groovy @@ -0,0 +1,24 @@ +grails { + plugin { + springsecurity { + + filterChain { + chainMap = [ + [pattern: '/api/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter'], + [pattern: '/secured/**', filters: 'JOINED_FILTERS,-anonymousAuthenticationFilter,-exceptionTranslationFilter,-authenticationProcessingFilter,-securityContextPersistenceFilter'], + [pattern: '/anonymous/**', filters: 'anonymousAuthenticationFilter,restTokenValidationFilter,restExceptionTranslationFilter,filterInvocationInterceptor'], + [pattern: '/**', filters: 'JOINED_FILTERS,-restTokenValidationFilter,-restExceptionTranslationFilter'] + ] + } + + rest { + token { + validation { + enableAnonymousAccess = true + useBearerToken = false + } + } + } + } + } +} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/features/redis2/skeleton/src/integration-test/groovy/redis/RedisSpec.groovy b/spring-security-rest-testapp-profile/features/redis2/skeleton/src/integration-test/groovy/redis/RedisSpec.groovy new file mode 100644 index 000000000..251d95727 --- /dev/null +++ b/spring-security-rest-testapp-profile/features/redis2/skeleton/src/integration-test/groovy/redis/RedisSpec.groovy @@ -0,0 +1,82 @@ +/* + * Copyright 2013-2015 Alvaro Sanchez-Mariscal + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package redis + +import grails.plugin.springsecurity.rest.token.storage.RedisTokenStorageService +import grails.plugin.springsecurity.rest.token.storage.TokenNotFoundException +import grails.plugins.redis.RedisService +import grails.testing.mixin.integration.Integration +import org.springframework.beans.factory.annotation.Autowired +import org.springframework.boot.test.context.SpringBootTest +import org.springframework.security.core.userdetails.User +import org.springframework.security.core.userdetails.UserDetails +import spock.lang.Specification + +import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.DEFINED_PORT + +@Integration +@SpringBootTest(webEnvironment = DEFINED_PORT) +class RedisSpec extends Specification { + + @Autowired + RedisTokenStorageService tokenStorageService + + @Autowired + RedisService redisService + + def cleanup() { + redisService.flushDB() + } + + void "Objects stored expire after the expiration time"() { + given: + tokenStorageService.expiration = 1 + UserDetails principal = new User('username', 'password', []) + String token = 'abcd' + tokenStorageService.storeToken(token, principal) + Thread.sleep(1000) + + when: + tokenStorageService.loadUserByToken(token) + + then: + thrown(TokenNotFoundException) + } + + void "Objects are refreshed when accessed"() { + given: + tokenStorageService.expiration = 2 + UserDetails principal = new User('username', 'password', []) + String token = 'abcd' + System.currentTimeMillis() + tokenStorageService.storeToken(token, principal) + Thread.sleep(1000) + + when: "it is accessed within the expiration time" + Object details = tokenStorageService.loadUserByToken(token) + + then: "it is found, and expiration time reset to 2 sencods" + details + + when: "it is accessed after one second" + Thread.sleep(1000) + tokenStorageService.loadUserByToken(token) + + then: "is still found" + notThrown(TokenNotFoundException) + } + +} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/gradle.properties b/spring-security-rest-testapp-profile/gradle.properties new file mode 100644 index 000000000..c67abb988 --- /dev/null +++ b/spring-security-rest-testapp-profile/gradle.properties @@ -0,0 +1 @@ +grailsVersion=4.0.0 diff --git a/spring-security-rest-testapp-profile/keys/private_key.der b/spring-security-rest-testapp-profile/keys/private_key.der new file mode 100644 index 0000000000000000000000000000000000000000..9f8a507473d3d00cb8dfca0e67a7fd15924b8fd3 GIT binary patch literal 1217 zcmV;y1U~yPf&{$+0RS)!1_>&LNQUrr!ay9qXGc{0)hbn0I-lpj(9V~ zvkUNMbQ3Qi2U!HSdS@OGkW6llmsTr2jg8q)$7f#0x$|7eyqP&u(E<1TH!cTKVqzjI zmXsnAyAeD#&9e_EWvhtH>O#_OEE^Fj5p63&Auul7`IwANBL|51{lrBdsjTL(Nnu!% zc~>-L4I|qQ3~Wh9lAvU- zQ}8G#pyP1lT6$(;Jf0T7VmZfNmWEk$@-buuA4|9yh{3~BCeD0l74PYDG+=;mr2scs zGYAwx+dA6<{Yun|1&Q1o{#7nH2QHWG)D0`>T$7=IuI@4*+{l4kVFCjI009Dm0RT~o zFd?yxX4kPf(stynEW>y1-?bf%8ssSm9li2Hf?eqrWb2pbgQ0S)bl>!QFC--%n^E{> z)jTdq&5L^3$$+lX`V>JAO#ZhUG*>f-?sg&p=|!gh1;2ay2!0e_Cir-8UtI#3QK%4m zaSBp&kCvBx&0pF`_nyS9Re%FTJp3b+YG+4@<>Pc_5( zuNiNk@>L)<=305mr`ncqFCF(Zh^)EU`UHYL^akAqnc_z;(++4ut5(87s>vj<$GozOZ0SiNV$Mqyb>l|)L*JgqC|Pc$4!K^!c&K~ zU_L1;k9NuyQ6w3`uc@Sz=(2t!tLFlNfdI)Xo%e-j2i?otN#hoPo3=kZoF_=MkUXf?G0@sXnBU@Cr<#?UsTn4)3K1*$3Dz>Veh6un^08SQAXy7U`hC=v zeB)ZsjpnAc9Msa*c>Vf^qK*K))ta%1Ka&Tq8VNZC4a5*^LSagUJURTp3H;5FYN@mNikl!?*H7Be)g zY6}>P|9)V0LaOom$7QRy|8R5SK#`XL(E@>hVt4)@on_oS-M=0Hkq|7W-F7~GAP8P= zs9>~UUc563-TouA{d2PTrw%g0OWRLF;LL=(w!9Necy-W(Qd z0)c@5qJOsFaM7iHukB_F@dW!w8aSu|8htnl;;nM!0D}!XesJln-Z@AqQC(*g*ez4A zjy7PTP%CoJt&k4O-{#iCDe!WTELXx;GP2jtBP1{#%@9#cn<%XjM8xY*ZUZp fItU@@K-oTThl$m-Q1jswq%i}}Z^&KK1040ondAf&n5h4F(A+hDe6@4FLfG1potr0S^E$f&mHwf&l>lu#iWNcr(Pa3-D%i z6E7eKSp>IwXC4rcOm2>sRx3V@joDAfXI{s-^IXWhnK@I@0r&hjE(cO#Vj?S+lp+$l z5j-}{vkxd`tBB0%Legz48xblIZ7V||FfQErn2b#$2Z;Fn#6=&etmd#uVOW!R?equ3 z2Z-!A;8}{CJ_ys6{tKp#Cl{L@g0#Nz$NIBa+ZCwnc47JrBijxPY)MCwpk%L8@F*yt z<8b6!dS+rgo)*AjImcd>hFNs-F=PcFOSl<`!NXD}&U|PU@9A?iV1RI?05@4P2oyov sI@<#MO4N!4iQF9iRW3OPE|=}p4J+telc9jF?lK_U$bnp80s{d60X!OdyZ`_I literal 0 HcmV?d00001 diff --git a/spring-security-rest-testapp-profile/profile.yml.tmpl b/spring-security-rest-testapp-profile/profile.yml.tmpl new file mode 100644 index 000000000..99fa4cbf4 --- /dev/null +++ b/spring-security-rest-testapp-profile/profile.yml.tmpl @@ -0,0 +1,22 @@ +description: Creates a test app for Spring Security REST plugin +build: + plugins: + - org.gradle.test-retry + - com.adarshr.test-logger + excludes: + - org.grails.grails-core + - org.grails.grails-web +dependencies: + build: + - "org.gradle:test-retry-gradle-plugin:1.1.1" + compile: + - "org.grails.plugins:spring-security-rest:${pluginVersion}" + - "org.springframework.security:spring-security-core:5.1.2.RELEASE" + + testCompile: + - "org.grails:grails-datastore-rest-client:6.1.12.RELEASE" + - "org.grails.plugins:geb" + - "com.codeborne:phantomjsdriver:1.2.1" + - "org.seleniumhq.selenium:selenium-api:2.47.1" + - "org.seleniumhq.selenium:selenium-remote-driver:2.47.1" + - "org.seleniumhq.selenium:selenium-firefox-driver:2.47.1" \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/skeleton/build.gradle b/spring-security-rest-testapp-profile/skeleton/build.gradle new file mode 100644 index 000000000..173b31bd4 --- /dev/null +++ b/spring-security-rest-testapp-profile/skeleton/build.gradle @@ -0,0 +1,14 @@ +testlogger { + showFullStackTraces true + showStandardStreams true + showPassedStandardStreams false + showSkippedStandardStreams false + showFailedStandardStreams true +} + +tasks.withType(Test) { + retry { + maxRetries = 3 + maxFailures = 20 + } +} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/skeleton/grails-app/conf/application.yml b/spring-security-rest-testapp-profile/skeleton/grails-app/conf/application.yml new file mode 100644 index 000000000..47fbb02d1 --- /dev/null +++ b/spring-security-rest-testapp-profile/skeleton/grails-app/conf/application.yml @@ -0,0 +1,2 @@ +server: + port: 8080 \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/skeleton/grails-app/conf/logback.groovy b/spring-security-rest-testapp-profile/skeleton/grails-app/conf/logback.groovy new file mode 100644 index 000000000..85644631d --- /dev/null +++ b/spring-security-rest-testapp-profile/skeleton/grails-app/conf/logback.groovy @@ -0,0 +1,29 @@ +import grails.util.BuildSettings +import grails.util.Environment + +// See http://logback.qos.ch/manual/groovy.html for details on configuration +appender('STDOUT', ConsoleAppender) { + encoder(PatternLayoutEncoder) { + pattern = "%level %logger - %msg%n" + } +} + +root(ERROR, ['STDOUT']) + +def targetDir = BuildSettings.TARGET_DIR +if (Environment.isDevelopmentMode() && targetDir) { + appender("FULL_STACKTRACE", FileAppender) { + file = "${targetDir}/stacktrace.log" + append = true + encoder(PatternLayoutEncoder) { + pattern = "%level %logger - %msg%n" + } + } + logger("StackTrace", ERROR, ['FULL_STACKTRACE'], false) +} + +logger("org.openqa", OFF, ['STDOUT']) +logger("grails.plugin.springsecurity", DEBUG, ['STDOUT'], false) +logger("org.pac4j", DEBUG, ['STDOUT'], false) +logger("grails.app", DEBUG, ['STDOUT'], false) +logger("org.springframework.security", INFO, ['STDOUT'], false) \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/skeleton/grails-app/conf/spring/resources.groovy b/spring-security-rest-testapp-profile/skeleton/grails-app/conf/spring/resources.groovy new file mode 100644 index 000000000..a345f553f --- /dev/null +++ b/spring-security-rest-testapp-profile/skeleton/grails-app/conf/spring/resources.groovy @@ -0,0 +1,11 @@ +import org.springframework.security.provisioning.InMemoryUserDetailsManager + +// Place your Spring DSL code here +beans = { + + userDetailsService(InMemoryUserDetailsManager, []) + + //passwordEncoder(PlaintextPasswordEncoder) + + +} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/skeleton/grails-app/controllers/UrlMappings.groovy b/spring-security-rest-testapp-profile/skeleton/grails-app/controllers/UrlMappings.groovy new file mode 100644 index 000000000..01d7bc911 --- /dev/null +++ b/spring-security-rest-testapp-profile/skeleton/grails-app/controllers/UrlMappings.groovy @@ -0,0 +1,14 @@ +class UrlMappings { + + static mappings = { + "/$controller/$action?/$id?(.$format)?"{ + constraints { + // apply constraints here + } + } + + "/"(view:"/index") + "500"(view:'/error') + "404"(view:'/notFound') + } +} diff --git a/spring-security-rest-testapp-profile/skeleton/grails-app/controllers/rest/AnonymousController.groovy b/spring-security-rest-testapp-profile/skeleton/grails-app/controllers/rest/AnonymousController.groovy new file mode 100644 index 000000000..b557c57a5 --- /dev/null +++ b/spring-security-rest-testapp-profile/skeleton/grails-app/controllers/rest/AnonymousController.groovy @@ -0,0 +1,11 @@ +package rest + +import grails.plugin.springsecurity.annotation.Secured + +@Secured(['permitAll']) +class AnonymousController { + + def index() { + render "Hi" + } +} diff --git a/spring-security-rest-testapp-profile/skeleton/grails-app/controllers/rest/PublicController.groovy b/spring-security-rest-testapp-profile/skeleton/grails-app/controllers/rest/PublicController.groovy new file mode 100644 index 000000000..c1abd6ca0 --- /dev/null +++ b/spring-security-rest-testapp-profile/skeleton/grails-app/controllers/rest/PublicController.groovy @@ -0,0 +1,8 @@ +package rest + +class PublicController { + + def index() { + render "Hi!" + } +} diff --git a/spring-security-rest-testapp-profile/skeleton/grails-app/controllers/rest/SecuredController.groovy b/spring-security-rest-testapp-profile/skeleton/grails-app/controllers/rest/SecuredController.groovy new file mode 100644 index 000000000..eef42678f --- /dev/null +++ b/spring-security-rest-testapp-profile/skeleton/grails-app/controllers/rest/SecuredController.groovy @@ -0,0 +1,18 @@ +package rest + +import grails.plugin.springsecurity.annotation.Secured + +class SecuredController { + + def springSecurityService + + @Secured(['ROLE_USER']) + def index() { + render springSecurityService.principal.username + } + + @Secured(['ROLE_SUPER_ADMIN']) + def superAdmin() { + render springSecurityService.principal.username + } +} diff --git a/spring-security-rest-testapp-profile/skeleton/grails-app/init/BootStrap.groovy b/spring-security-rest-testapp-profile/skeleton/grails-app/init/BootStrap.groovy new file mode 100644 index 000000000..203d1a497 --- /dev/null +++ b/spring-security-rest-testapp-profile/skeleton/grails-app/init/BootStrap.groovy @@ -0,0 +1,20 @@ +import org.springframework.security.core.authority.SimpleGrantedAuthority +import org.springframework.security.core.userdetails.User +import org.springframework.security.core.userdetails.UserDetails +import org.springframework.security.provisioning.InMemoryUserDetailsManager + +class BootStrap { + + InMemoryUserDetailsManager userDetailsService + + def init = { servletContext -> + UserDetails jimi = new User('jimi', '{noop}jimispassword', [new SimpleGrantedAuthority('ROLE_USER'), new SimpleGrantedAuthority('ROLE_ADMIN')]) + userDetailsService.createUser(jimi) + + UserDetails alvaro = new User('115537660854424164575', '{noop}N/A', [new SimpleGrantedAuthority('ROLE_USER'), new SimpleGrantedAuthority('ROLE_ADMIN')]) + userDetailsService.createUser(alvaro) + } + + def destroy = { + } +} diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/GebConfig.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/GebConfig.groovy new file mode 100644 index 000000000..da9a861b2 --- /dev/null +++ b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/GebConfig.groovy @@ -0,0 +1,57 @@ +/* + * Copyright 2013-2016 Alvaro Sanchez-Mariscal + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +import org.openqa.selenium.Dimension +import org.openqa.selenium.phantomjs.PhantomJSDriver +import org.openqa.selenium.remote.DesiredCapabilities +import org.openqa.selenium.firefox.FirefoxDriver +import org.openqa.selenium.firefox.FirefoxProfile + +environments { + phantomJs { + + } + + firefox { + driver = { + //set the firefox locale to 'en-us' since the tests expect english + //see http://stackoverflow.com/questions/9822717 for more details + FirefoxProfile profile = new FirefoxProfile() + profile.setPreference("intl.accept_languages", "en-uk") + def driverInstance = new FirefoxDriver(profile) + driverInstance.manage().window().maximize() + driverInstance + } + + baseNavigatorWaiting = true + atCheckWaiting = true + } +} + +driver = { + def capabilities = new DesiredCapabilities() + capabilities.setCapability("phantomjs.page.customHeaders.Accept-Language", "en-UK") + def d = new PhantomJSDriver(capabilities) + d.manage().window().setSize(new Dimension(1028, 768)) + return d +} + +atCheckWaiting = true +baseNavigatorWaiting = true +waiting { + timeout = 10 + retryInterval = 0.5 +} diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/org/openqa/selenium/browserlaunchers/Proxies.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/org/openqa/selenium/browserlaunchers/Proxies.groovy new file mode 100644 index 000000000..876914878 --- /dev/null +++ b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/org/openqa/selenium/browserlaunchers/Proxies.groovy @@ -0,0 +1,9 @@ +package org.openqa.selenium.browserlaunchers + +import org.openqa.selenium.Capabilities + +class Proxies { + static Proxy extractProxy(Capabilities capabilities) { + return Proxy.extractFrom(capabilities) + } +} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/AbstractRestSpec.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/AbstractRestSpec.groovy new file mode 100644 index 000000000..2305d57c6 --- /dev/null +++ b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/AbstractRestSpec.groovy @@ -0,0 +1,67 @@ +/* + * Copyright 2013-2016 Alvaro Sanchez-Mariscal + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package rest + +import grails.plugins.rest.client.RestBuilder +import grails.testing.mixin.integration.Integration +import org.springframework.boot.test.context.SpringBootTest +import spock.lang.Shared +import spock.lang.Specification + +import static org.springframework.boot.test.context.SpringBootTest.WebEnvironment.DEFINED_PORT + +@Integration +@SpringBootTest(webEnvironment = DEFINED_PORT) +abstract class AbstractRestSpec extends Specification { + + @Shared + ConfigObject config = new ConfigSlurper().parse(new File('grails-app/conf/application.groovy').toURL()) + + @Shared + RestBuilder restBuilder = new RestBuilder() + + String getBaseUrl() { + "http://localhost:8080" + } + + def sendWrongCredentials() { + if (config.grails.plugin.springsecurity.rest.login.useRequestParamsCredentials == true) { + restBuilder.post("${baseUrl}/api/login?username=foo&password=bar") + } else { + restBuilder.post("${baseUrl}/api/login") { + json { + username = 'foo' + password = 'bar' + } + } + } + } + + def sendCorrectCredentials(String u = 'jimi', String p = 'jimispassword') { + if (config.grails.plugin.springsecurity.rest.login.useRequestParamsCredentials == true) { + restBuilder.post("${baseUrl}/api/login?username=${u}&password=${p}") + } else { + restBuilder.post("${baseUrl}/api/login") { + json { + username = u + password = p + } + } + } + } + +} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/BearerTokenSpec.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/BearerTokenSpec.groovy new file mode 100644 index 000000000..e96c4c0c7 --- /dev/null +++ b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/BearerTokenSpec.groovy @@ -0,0 +1,157 @@ +/* + * Copyright 2013-2016 Alvaro Sanchez-Mariscal + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package rest + +import grails.plugins.rest.client.RestResponse +import grails.util.Holders +import spock.lang.IgnoreIf +import spock.lang.Issue + +@IgnoreIf({ !System.getProperty('useBearerToken', 'false').toBoolean() }) +@Issue("https://github.com/grails/grails-spring-security-rest/issues/73") +class BearerTokenSpec extends AbstractRestSpec { + + void "access token response is compliant with the specification"() { + when: + RestResponse response = sendCorrectCredentials() + + then: + response.status == 200 + response.headers.getFirst('Content-Type') == 'application/json;charset=UTF-8' + response.headers.getFirst('Cache-Control') == 'no-store' + response.headers.getFirst('Pragma') == 'no-cache' + response.json.access_token + response.json.token_type == 'Bearer' + + } + + void "authorisation header is checked to read token value"() { + given: + RestResponse authResponse = sendCorrectCredentials() + String token = authResponse.json.access_token + + when: + def response = restBuilder.get("${baseUrl}/secured") { + header 'Authorization', "Bearer ${token}" + } + + then: + response.status == 200 + } + + void "Form-Encoded body parameter can be used"() { + given: + RestResponse authResponse = sendCorrectCredentials() + String token = authResponse.json.access_token + + when: + def response = restBuilder.post("${baseUrl}/secured") { + contentType 'application/x-www-form-urlencoded' + body "access_token=${token}".toString() + } + + then: + response.status == 200 + } + + void "query string can be used"() { + given: + RestResponse authResponse = sendCorrectCredentials() + String token = authResponse.json.access_token + + when: + def response = restBuilder.get("${baseUrl}/secured?access_token=${token}") + + then: + response.status == 200 + + } + + void "if credentials are required but missing, the response contains WWW-Authenticate header"() { + when: + RestResponse response = restBuilder.post("${baseUrl}/secured") { + contentType 'application/x-www-form-urlencoded' + } + + then: + response.status == 401 + response.headers.getFirst('WWW-Authenticate') == 'Bearer' + } + + void "if the token is invalid, it is indicated in the header"() { + when: + RestResponse response = restBuilder.get("${baseUrl}/secured") { + header 'Authorization', "Bearer wrongTokenValue" + } + + then: + response.status == 401 + response.headers.getFirst('WWW-Authenticate') == 'Bearer error="invalid_token"' + } + + void "when accessing a secured object with a non-bearer request, it's considered a unauthorized request"() { + when: + RestResponse response = restBuilder.post("${baseUrl}/secured") { + contentType 'text/plain' + body "{hi:777}" + } + + then: + response.status == 401 + response.headers.getFirst('WWW-Authenticate') == 'Bearer' + } + + @Issue("https://github.com/grails/grails-spring-security-rest/issues/98") + void "accessing Anonymous without a token, responds ok"() { + when: + def response = restBuilder.get("${baseUrl}/anonymous") { + contentType 'application/json;charset=UTF-8' + } + + then: + response.status == 200 + } + + @Issue("https://github.com/grails/grails-spring-security-rest/issues/98") + void "accessing Secured without a token, responds Unauthorized"() { + when: + RestResponse response = restBuilder.post("${baseUrl}/secured") { + contentType 'application/json;charset=UTF-8' + body "{hi:777}" + } + + then: + response.status == 401 + response.headers.getFirst('WWW-Authenticate') == 'Bearer' + } + + void "accessing Secured with valid token, but not authorized responds forbidden"() { + given: + RestResponse authResponse = sendCorrectCredentials() + String token = authResponse.json.access_token + + when: + def response = restBuilder.get("${baseUrl}/secured/superAdmin") { + header 'Authorization', "Bearer ${token}" + } + + then: + response.status == 403 + response.headers.getFirst('WWW-Authenticate') == 'Bearer error="insufficient_scope"' + } + +} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/CorsSpec.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/CorsSpec.groovy new file mode 100644 index 000000000..14ba2b56a --- /dev/null +++ b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/CorsSpec.groovy @@ -0,0 +1,50 @@ +/* + * Copyright 2013-2016 Alvaro Sanchez-Mariscal + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package rest + +import org.apache.http.HttpResponse +import org.apache.http.client.HttpClient +import org.apache.http.client.methods.HttpOptions +import org.apache.http.impl.client.DefaultHttpClient +import spock.lang.Ignore + +/** + * Specification to test CORS support + * + * @see https://github.com/grails/grails-spring-security-rest/issues/4 + */ +//FIXME +@Ignore +class CorsSpec extends AbstractRestSpec { + + void "OPTIONS requests are allowed"() { + + given: + HttpClient client = new DefaultHttpClient() + HttpOptions options = new HttpOptions("${baseUrl}/api/login") + options.addHeader 'Origin', 'http://www.example.com' + options.addHeader 'Access-Control-Request-Method', 'POST' + + when: + HttpResponse response = client.execute(options) + + then: + response.getHeaders('Access-Control-Allow-Origin').first().value == 'http://www.example.com' + + } + +} \ No newline at end of file diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/FrontendCallbackPage.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/FrontendCallbackPage.groovy new file mode 100644 index 000000000..004a0fac8 --- /dev/null +++ b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/FrontendCallbackPage.groovy @@ -0,0 +1,30 @@ +/* + * Copyright 2013-2016 Alvaro Sanchez-Mariscal + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package rest + +import geb.Page + +class FrontendCallbackPage extends Page { + + static at = { + jsUrl.startsWith "http://example.org/" + } + + static content = { + jsUrl { js."window.document.location.toString()" } + } +} diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/JwtSpec.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/JwtSpec.groovy new file mode 100644 index 000000000..29aa3a175 --- /dev/null +++ b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/JwtSpec.groovy @@ -0,0 +1,226 @@ +/* + * Copyright 2013-2016 Alvaro Sanchez-Mariscal + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package rest + +import com.nimbusds.jwt.JWT +import grails.plugin.springsecurity.rest.JwtService +import grails.plugins.rest.client.RestResponse +import org.springframework.beans.factory.annotation.Autowired +import org.springframework.security.core.userdetails.User +import org.springframework.security.provisioning.InMemoryUserDetailsManager +import spock.lang.IgnoreIf +import spock.lang.Issue +import spock.lang.Unroll + +@IgnoreIf({ !System.getProperty('useBearerToken', 'false').toBoolean() }) +class JwtSpec extends AbstractRestSpec { + + @Autowired + JwtService jwtService + + @Autowired + InMemoryUserDetailsManager userDetailsManager + + void "token expiration applies"() { + given: + RestResponse authResponse = sendCorrectCredentials() as RestResponse + String accessToken = authResponse.json.access_token + + when: + def response = restBuilder.post("${baseUrl}/api/validate") { + header 'Authorization', "Bearer ${accessToken}" + } + + then: + response.status == 200 + response.json.username == 'jimi' + response.json.access_token + response.json.roles.size() == 2 + + when: + Thread.sleep 5000 + response = restBuilder.post("${baseUrl}/api/validate") { + header 'Authorization', "Bearer ${accessToken}" + } + + then: + response.status == 401 + } + + void "remaining time to expiration is reflected when validating a token"() { + given: + RestResponse authResponse = sendCorrectCredentials() as RestResponse + String accessToken = authResponse.json.access_token + + when: + Thread.sleep 1000 + def response = restBuilder.post("${baseUrl}/api/validate") { + header 'Authorization', "Bearer ${accessToken}" + } + + then: + response.status == 200 + response.json.expires_in + response.json.expires_in < 5 + } + + void "refresh tokens are generated"() { + when: + RestResponse authResponse = sendCorrectCredentials() as RestResponse + + then: + authResponse.json.access_token + authResponse.json.refresh_token + } + + void "refresh tokens can be used to obtain access tokens"() { + given: + RestResponse authResponse = sendCorrectCredentials() as RestResponse + String refreshToken = authResponse.json.refresh_token + + when: + def response = restBuilder.post("${baseUrl}/oauth/access_token") { + contentType "application/x-www-form-urlencoded" + body "grant_type=refresh_token&refresh_token=${refreshToken}".toString() + } + + then: + response.json.access_token + + and: + response.json.refresh_token == refreshToken + } + + void "refresh token is required to send the refresh token"() { + when: + def response = restBuilder.post("${baseUrl}/oauth/access_token") { + contentType "application/x-www-form-urlencoded" + body "grant_type=refresh_token".toString() + } + + then: + response.status == 400 + } + + void "grant_type is required to send the refresh token"() { + when: + def response = restBuilder.post("${baseUrl}/oauth/access_token") { + contentType "application/x-www-form-urlencoded" + body "refresh_token=whatever".toString() + } + + then: + response.status == 400 + } + + @Unroll + void "#method.toUpperCase() HTTP method produces a #status response code when requesting the refresh token endpoint"() { + given: + RestResponse authResponse = sendCorrectCredentials() as RestResponse + String refreshToken = authResponse.json.refresh_token + + when: + def response = restBuilder."${method}"("${baseUrl}/oauth/access_token") { + contentType "application/x-www-form-urlencoded" + body "grant_type=refresh_token&refresh_token=${refreshToken}".toString() + } + + then: + response.status == status + + where: + method | status + 'get' | 405 + 'post' | 200 + 'put' | 405 + 'delete' | 405 + } + + void "an invalid refresh token is rejected as forbidden"() { + when: + def response = restBuilder.post("${baseUrl}/oauth/access_token") { + contentType "application/x-www-form-urlencoded" + body "grant_type=refresh_token&refresh_token=thisIsNotAJWT".toString() + } + + then: + response.status == 403 + } + + void "issuer is set via a custom claim provider"() { + given: + RestResponse authResponse = sendCorrectCredentials() as RestResponse + String accessToken = authResponse.json.access_token + + when: + JWT jwt = jwtService.parse(accessToken) + + then: + jwt.JWTClaimsSet.issuer == 'Spring Security REST Grails Plugin' + } + + @Issue("https://github.com/grails/grails-spring-security-rest/pull/344") + void "if the user no longer exists, token can't be refreshed"() { + given: + userDetailsManager.createUser(new User('foo', '{noop}password', [])) + RestResponse authResponse = sendCorrectCredentials('foo', 'password') as RestResponse + String refreshToken = authResponse.json.refresh_token + userDetailsManager.deleteUser('foo') + + when: + def response = restBuilder.post("${baseUrl}/oauth/access_token") { + contentType "application/x-www-form-urlencoded" + body "grant_type=refresh_token&refresh_token=${refreshToken}".toString() + } + + then: + response.status == 403 + + cleanup: + userDetailsManager.deleteUser('foo') + } + + @Issue("https://github.com/grails/grails-spring-security-rest/pull/344") + @Unroll + void "if the user is #status, token can't be refreshed"(User updatedUser, String status) { + given: + userDetailsManager.createUser(new User('foo', '{noop}password', [])) + RestResponse authResponse = sendCorrectCredentials('foo', 'password') as RestResponse + String refreshToken = authResponse.json.refresh_token + userDetailsManager.updateUser(updatedUser) + + when: + def response = restBuilder.post("${baseUrl}/oauth/access_token") { + contentType "application/x-www-form-urlencoded" + body "grant_type=refresh_token&refresh_token=${refreshToken}".toString() + } + + then: + response.status == 403 + + cleanup: + userDetailsManager.deleteUser('foo') + + where: + updatedUser | status + new User('foo', '{noop}password', false, true, true, true, []) | "disabled" + new User('foo', '{noop}password', true, false, true, true, []) | "expired" + new User('foo', '{noop}password', true, true, false, true, []) | "credentials expired" + new User('foo', '{noop}password', true, true, true, false, []) | "locked" + } + +} diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestAuthenticationFilterSpec.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestAuthenticationFilterSpec.groovy new file mode 100644 index 000000000..67c9c13fc --- /dev/null +++ b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestAuthenticationFilterSpec.groovy @@ -0,0 +1,108 @@ +/* + * Copyright 2013-2016 Alvaro Sanchez-Mariscal + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package rest + +import grails.plugins.rest.client.RestResponse +import spock.lang.IgnoreIf +import spock.lang.Issue +import spock.lang.Unroll + +@IgnoreIf({ System.getProperty('useBearerToken', 'false').toBoolean() }) +class RestAuthenticationFilterSpec extends AbstractRestSpec { + + @Unroll + void "#httpMethod requests without parameters/JSON generate #statusCode responses"() { + + when: + def response = sendEmptyRequest(httpMethod) + + then: + response.status == statusCode + + where: + httpMethod | statusCode + 'get' | 405 + 'post' | 400 + 'put' | 405 + 'delete' | 405 + } + + + @Unroll + void "the filter is only applied to the configured URL when a #httpMethod request is sent"() { + when: + def response = restBuilder."${httpMethod}"("${baseUrl}/nothingHere") + + then: + response.status == status + + where: + httpMethod | status + 'get' | 200 //The client follows redirects in GET requests. In this case, to /login/auth + 'post' | 302 //In the rest of the cases, 302 to /login/auth + 'put' | 302 + 'delete' | 302 + + } + + void "authentication attempt with wrong credentials returns a failure status code"() { + when: + def response = sendWrongCredentials() + + then: + response.status == 401 + } + + void "authentication attempt with correct credentials returns a valid status code"() { + when: + RestResponse response = sendCorrectCredentials() as RestResponse + + then: + response.status == 200 + response.json.username == 'jimi' + response.json.access_token + response.json.roles.size() == 2 + } + + void "the content type header is properly set"() { + when: + RestResponse response = sendCorrectCredentials() as RestResponse + + then: + response.headers.get('Content-Type')?.first() == 'application/json;charset=UTF-8' + } + + @Issue("https://github.com/grails/grails-spring-security-rest/issues/275") + void "WWW-Authenticate response header is sent on failed logins"() { + when: + def response = sendWrongCredentials() + + then: + response.headers.getFirst('WWW-Authenticate') == 'Bearer' + } + + + private sendEmptyRequest(httpMethod) { + if (config.grails.plugin.springsecurity.rest.login.useRequestParamsCredentials == true) { + restBuilder."${httpMethod}"("${baseUrl}/api/login") + } else { + restBuilder."${httpMethod}"("${baseUrl}/api/login") { + json { } + } + } + } +} diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestTokenValidationFilterSpec.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestTokenValidationFilterSpec.groovy new file mode 100644 index 000000000..e7647f8f0 --- /dev/null +++ b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestTokenValidationFilterSpec.groovy @@ -0,0 +1,139 @@ +/* + * Copyright 2013-2016 Alvaro Sanchez-Mariscal + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package rest + +import grails.plugin.springsecurity.rest.RestTokenValidationFilter +import grails.plugins.rest.client.RestResponse +import grails.util.Holders +import spock.lang.IgnoreIf +import spock.lang.Issue +import spock.lang.Subject + +@IgnoreIf({ System.getProperty('useBearerToken', 'false').toBoolean() }) +@Subject(RestTokenValidationFilter) +class RestTokenValidationFilterSpec extends AbstractRestSpec { + + void "accessing a secured controller without token returns 403 (anonymous not authorized)"() { + when: + def response = restBuilder.get("${baseUrl}/secured") + + then: + response.status == 403 + } + + void "accessing a secured controller with wrong token, returns 401"() { + when: + def response = restBuilder.get("${baseUrl}/secured") { + header 'X-Auth-Token', 'whatever' + } + + then: + response.status == 401 + + } + + void "accessing a public controller without token returns 302"() { + when: + def response = restBuilder.post("${baseUrl}/public") + + then: + response.status == 302 + } + + void "accessing a public controller with wrong token, returns 302"() { + when: + def response = restBuilder.post("${baseUrl}/public") { + header 'X-Auth-Token', 'whatever' + } + + then: + response.status == 302 + + } + + void "a valid user can access the secured controller"() { + given: + RestResponse authResponse = sendCorrectCredentials() as RestResponse + String token = authResponse.json.access_token + + when: + def response = restBuilder.get("${baseUrl}/secured") { + header 'X-Auth-Token', token + } + + then: + response.status == 200 + response.text == 'jimi' + } + + void "role restrictions are applied when user does not have enough credentials"() { + given: + RestResponse authResponse = sendCorrectCredentials() as RestResponse + String token = authResponse.json.access_token + + when: + def response = restBuilder.get("${baseUrl}/secured/superAdmin") { + header 'X-Auth-Token', token + } + + then: + response.status == 403 + } + + @Issue("https://github.com/grails/grails-spring-security-rest/issues/67") + void "JSESSIONID cookie is not created when using the stateless chain"() { + when: + RestResponse authResponse = sendCorrectCredentials() as RestResponse + String token = authResponse.json.access_token + + then: + !authResponse.headers.getFirst('Set-Cookie') + + when: + def response = restBuilder.get("${baseUrl}/secured") { + header 'X-Auth-Token', token + } + + then: + !response.headers.getFirst('Set-Cookie') + + } + + @Issue("https://github.com/grails/grails-spring-security-rest/issues/74") + void "anonymous access works when enabled"() { + when: + def response = restBuilder.get("${baseUrl}/anonymous") + + then: + response.text == 'Hi' + response.status == 200 + + } + + @Issue("https://github.com/grails/grails-spring-security-rest/issues/74") + void "in an anonymous chain, if a token is sent, is validated"() { + when: + def response = restBuilder.post("${baseUrl}/anonymous") { + header 'X-Auth-Token', 'whatever' + } + + then: + response.status == 401 + + } + +} diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/ValidateEndpointSpec.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/ValidateEndpointSpec.groovy new file mode 100644 index 000000000..f8f89c782 --- /dev/null +++ b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/ValidateEndpointSpec.groovy @@ -0,0 +1,62 @@ +/* + * Copyright 2013-2016 Alvaro Sanchez-Mariscal + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package rest + +import grails.plugins.rest.client.RestResponse +import grails.util.Holders +import spock.lang.IgnoreIf + +@IgnoreIf({ System.getProperty('useBearerToken', 'false').toBoolean() }) +class ValidateEndpointSpec extends AbstractRestSpec { + + void "calling /api/validate with a valid token returns a JSON representation"() { + given: + RestResponse authResponse = sendCorrectCredentials() + String token = authResponse.json.access_token + + when: + def response = restBuilder.get("${baseUrl}/api/validate") { + header 'X-Auth-Token', token + } + + then: + response.status == 200 + response.json.username == 'jimi' + response.json.access_token + response.json.roles.size() == 2 + } + + void "calling /api/validate with an invalid token returns 401"() { + when: + def response = restBuilder.get("${baseUrl}/api/validate") { + header 'X-Auth-Token', 'something-else' + } + + then: + response.status == 401 + } + + void "calling /api/validate without token returns 403 (anonymous unauthorized)"() { + when: + def response = restBuilder.get("${baseUrl}/api/validate") + + then: + response.status == 403 + } + + +} \ No newline at end of file From cb1cbfa591e5e681420de434289e875d3d1d09eb Mon Sep 17 00:00:00 2001 From: James Daugherty Date: Mon, 30 Sep 2024 11:22:38 -0400 Subject: [PATCH 20/24] Leave test-app commented out with reference to PR. --- build.gradle | 9 +-------- settings.gradle | 2 +- 2 files changed, 2 insertions(+), 9 deletions(-) diff --git a/build.gradle b/build.gradle index 490ab0e11..5d5905001 100644 --- a/build.gradle +++ b/build.gradle @@ -21,7 +21,6 @@ allprojects { } def pluginProjects = ['spring-security-rest', 'spring-security-rest-memcached', 'spring-security-rest-redis', 'spring-security-rest-grailscache', 'spring-security-rest-gorm'] -def profileProjects = ['spring-security-rest-testapp-profile'] def publishedProjects = pluginProjects version project.projectVersion @@ -39,9 +38,7 @@ subprojects { Project project -> mavenCentral() maven { url "https://repo.grails.org/grails/core" } } - if (project.name != "spring-security-rest-docs" && - project.name != "spring-security-rest-testapp-profile" && - !project.name.startsWith("build") ) { + if (project.name != "spring-security-rest-docs" && !project.name.startsWith("build") ) { apply plugin: "org.grails.grails-plugin" } @@ -84,10 +81,6 @@ subprojects { Project project -> } } - if (project.name in profileProjects) { - apply plugin: "org.grails.grails-profile" - } - if (project.name in publishedProjects) { apply from: rootProject.file("gradle/publishing.gradle") } diff --git a/settings.gradle b/settings.gradle index 2776fb041..5596bb09e 100644 --- a/settings.gradle +++ b/settings.gradle @@ -43,6 +43,6 @@ include 'spring-security-rest-memcached' include 'spring-security-rest-redis' include 'spring-security-rest-grailscache' include 'spring-security-rest-gorm' -include 'spring-security-rest-testapp-profile' +// include 'spring-security-rest-testapp-profile' // See https://github.com/grails/grails-spring-security-rest/pull/521#issuecomment-2380242985 for why this is commented out include 'spring-security-rest-docs' From 9eb588d8766aebc3a36e68d1077837734768174d Mon Sep 17 00:00:00 2001 From: James Daugherty Date: Mon, 30 Sep 2024 11:22:49 -0400 Subject: [PATCH 21/24] Exclude PR's from build status --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index b818ffed5..18697c947 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ Spring Security REST for Grails =========================== -[![Java CI](https://github.com/grails/grails-spring-security-rest/actions/workflows/gradle.yml/badge.svg)](https://github.com/grails/grails-spring-security-rest/actions/workflows/gradle.yml) +[![Java CI](https://github.com/grails/grails-spring-security-rest/actions/workflows/gradle.yml/badge.svg?event=push)](https://github.com/grails/grails-spring-security-rest/actions/workflows/gradle.yml) Grails plugin to implement a stateless, token-based, RESTful authentication using Spring Security. From a102a6f64712ccb2e83468fd3ce25b561e883a03 Mon Sep 17 00:00:00 2001 From: James Daugherty Date: Mon, 30 Sep 2024 11:22:57 -0400 Subject: [PATCH 22/24] Remove --refresh-dependencies --- .github/workflows/gradle.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 3ca8e7f91..7bfabc72d 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -26,7 +26,6 @@ jobs: with: arguments: | check - --refresh-dependencies -Dgeb.env=chromeHeadless build: if: github.event_name == 'push' @@ -47,5 +46,4 @@ jobs: with: arguments: | check - --refresh-dependencies -Dgeb.env=chromeHeadless \ No newline at end of file From 10e3be370517a9bc80d4cb38217b0876809bd836 Mon Sep 17 00:00:00 2001 From: James Daugherty Date: Mon, 30 Sep 2024 11:23:32 -0400 Subject: [PATCH 23/24] Remove version catalogs --- settings.gradle | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/settings.gradle b/settings.gradle index 5596bb09e..aa3dda25e 100644 --- a/settings.gradle +++ b/settings.gradle @@ -24,18 +24,6 @@ buildCache { } } -dependencyResolutionManagement { - versionCatalogs { - libs { - def groovyVersion = System.getenv('GROOVY_VERSION') - if (groovyVersion) { - logger.warn "Using custom version $groovyVersion of Groovy due to GROOVY_VERSION being set." - version('groovy', groovyVersion) - } - } - } -} - rootProject.name = 'grails-spring-security-rest' include 'spring-security-rest' From 990f6df50f2dea8e2c167694989ffc6c702c4a2b Mon Sep 17 00:00:00 2001 From: James Daugherty Date: Mon, 30 Sep 2024 11:31:05 -0400 Subject: [PATCH 24/24] Update license --- .../token/storage/GormTokenStorageService.groovy | 6 ++---- .../resources/DefaultRestGormSecurityConfig.groovy | 6 ++---- .../storage/GrailsCacheTokenStorageService.groovy | 6 ++---- .../DefaultRestGrailsCacheSecurityConfig.groovy | 6 ++---- .../GrailsCacheTokenStorageServiceSpec.groovy | 6 ++---- .../memcached/CustomSerializingTranscoder.groovy | 6 ++---- .../memcached/MemcachedTokenStorageService.groovy | 6 ++---- .../DefaultRestMemcachedSecurityConfig.groovy | 6 ++---- .../token/storage/RedisTokenStorageService.groovy | 6 ++---- .../DefaultRestRedisSecurityConfig.groovy | 6 ++---- .../groovy/rest/RestLogoutFilterSpec.groovy | 6 ++---- .../groovy/rest/RestLogoutFilterSpec.groovy | 6 ++---- .../rest/JwtRestTokenValidationFilterSpec.groovy | 6 ++---- .../groovy/memcached/MemcachedSpec.groovy | 6 ++---- .../groovy/memcached/MemcachedSpec.groovy | 6 ++---- .../integration-test/groovy/redis/RedisSpec.groovy | 6 ++---- .../integration-test/groovy/redis/RedisSpec.groovy | 6 ++---- .../src/integration-test/groovy/GebConfig.groovy | 6 ++---- .../groovy/rest/AbstractRestSpec.groovy | 6 ++---- .../groovy/rest/BearerTokenSpec.groovy | 6 ++---- .../integration-test/groovy/rest/CorsSpec.groovy | 6 ++---- .../groovy/rest/FrontendCallbackPage.groovy | 6 ++---- .../integration-test/groovy/rest/JwtSpec.groovy | 6 ++---- .../rest/RestAuthenticationFilterSpec.groovy | 6 ++---- .../rest/RestTokenValidationFilterSpec.groovy | 6 ++---- .../groovy/rest/ValidateEndpointSpec.groovy | 6 ++---- .../grails-app/conf/logback.groovy | 6 ++---- .../springsecurity/rest/RestOauthController.groovy | 6 ++---- .../rest/RestOauthUrlMappings.groovy | 6 ++---- .../plugin/springsecurity/rest/JwtService.groovy | 6 ++---- .../springsecurity/rest/RestOauthService.groovy | 6 ++---- .../rest/RestAuthenticationFailureHandler.groovy | 6 ++---- .../rest/RestAuthenticationFilter.groovy | 6 ++---- .../rest/RestAuthenticationProvider.groovy | 6 ++---- .../rest/RestAuthenticationSuccessHandler.groovy | 6 ++---- .../springsecurity/rest/RestLogoutFilter.groovy | 6 ++---- .../rest/RestSecurityEventListener.groovy | 6 ++---- .../rest/RestTokenCreationEvent.groovy | 6 ++---- .../rest/RestTokenValidationFilter.groovy | 6 ++---- .../SpringSecurityRestFilterRequestMatcher.groovy | 14 ++++++++++++++ .../rest/SpringSecurityRestGrailsPlugin.groovy | 6 ++---- .../DefaultRestAuthenticationEventPublisher.groovy | 6 ++---- .../NullRestAuthenticationEventPublisher.groovy | 6 ++---- .../RestAuthenticationEventPublisher.groovy | 6 ++---- .../AbstractJsonPayloadCredentialsExtractor.groovy | 6 ++---- .../rest/credentials/CredentialsExtractor.groovy | 6 ++---- .../DefaultJsonPayloadCredentialsExtractor.groovy | 6 ++---- .../RequestParamsCredentialsExtractor.groovy | 6 ++---- .../rest/error/CallbackErrorHandler.groovy | 6 ++---- .../rest/error/DefaultCallbackErrorHandler.groovy | 6 ++---- .../oauth/DefaultOauthUserDetailsService.groovy | 6 ++---- .../springsecurity/rest/oauth/OauthUser.groovy | 6 ++---- .../rest/oauth/OauthUserDetailsService.groovy | 6 ++---- .../springsecurity/rest/token/AccessToken.groovy | 6 ++---- .../bearer/BearerTokenAccessDeniedHandler.groovy | 6 ++---- .../BearerTokenAuthenticationEntryPoint.groovy | 6 ++---- .../BearerTokenAuthenticationFailureHandler.groovy | 6 ++---- .../rest/token/bearer/BearerTokenReader.groovy | 6 ++---- .../generation/SecureRandomTokenGenerator.groovy | 6 ++---- .../rest/token/generation/TokenGenerator.groovy | 6 ++---- .../token/generation/UUIDTokenGenerator.groovy | 6 ++---- .../jwt/AbstractJwtTokenGenerator.groovy | 6 ++---- .../generation/jwt/CustomClaimProvider.groovy | 14 ++++++++++++++ .../generation/jwt/DefaultRSAKeyProvider.groovy | 6 ++---- .../jwt/EncryptedJwtTokenGenerator.groovy | 6 ++---- .../token/generation/jwt/FileRSAKeyProvider.groovy | 6 ++---- .../generation/jwt/IssuerClaimProvider.groovy | 14 ++++++++++++++ .../token/generation/jwt/RSAKeyProvider.groovy | 6 ++---- .../generation/jwt/SignedJwtTokenGenerator.groovy | 6 ++---- .../rest/token/reader/HttpHeaderTokenReader.groovy | 6 ++---- .../rest/token/reader/TokenReader.groovy | 6 ++---- .../token/rendering/AccessTokenJsonRenderer.groovy | 6 ++---- .../DefaultAccessTokenJsonRenderer.groovy | 6 ++---- .../token/storage/TokenNotFoundException.groovy | 6 ++---- .../rest/token/storage/TokenStorageService.groovy | 6 ++---- .../storage/jwt/JwtTokenStorageService.groovy | 6 ++---- .../resources/DefaultRestSecurityConfig.groovy | 6 ++---- ...rerTokenAuthenticationFailureHandlerSpec.groovy | 6 ++---- .../springsecurity/rest/JwtServiceSpec.groovy | 6 ++---- .../RestAuthenticationFailureHandlerSpec.groovy | 6 ++---- .../rest/RestOauthControllerSpec.groovy | 6 ++---- .../rest/RestOauthServiceSpec.groovy | 6 ++---- .../rest/RestSecurityEventListenerSpec.groovy | 6 ++---- .../springsecurity/rest/RestTokenReaderSpec.groovy | 6 ++---- .../rest/RestTokenValidationFilterUnitSpec.groovy | 6 ++---- ...aultRestAuthenticationEventPublisherSpec.groovy | 6 ++---- .../CredentialsExtractorTestSpec.groovy | 6 ++---- .../DefaultOauthUserDetailsServiceSpec.groovy | 6 ++---- .../rest/rfc6750/BearerTokenReaderSpec.groovy | 6 ++---- .../rest/token/TokenGeneratorSpec.groovy | 6 ++---- .../BearerTokenAccessDeniedHandlerSpec.groovy | 6 ++---- .../token/generation/JwtTokenGeneratorSpec.groovy | 6 ++---- ...tRestAuthenticationTokenJsonRendererSpec.groovy | 6 ++---- .../storage/jwt/JwtTokenStorageServiceSpec.groovy | 6 ++---- 94 files changed, 224 insertions(+), 364 deletions(-) diff --git a/spring-security-rest-gorm/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/GormTokenStorageService.groovy b/spring-security-rest-gorm/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/GormTokenStorageService.groovy index 0f60798d7..ac75fc51c 100644 --- a/spring-security-rest-gorm/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/GormTokenStorageService.groovy +++ b/spring-security-rest-gorm/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/GormTokenStorageService.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.storage diff --git a/spring-security-rest-gorm/src/main/resources/DefaultRestGormSecurityConfig.groovy b/spring-security-rest-gorm/src/main/resources/DefaultRestGormSecurityConfig.groovy index c555ebbd3..978194980 100644 --- a/spring-security-rest-gorm/src/main/resources/DefaultRestGormSecurityConfig.groovy +++ b/spring-security-rest-gorm/src/main/resources/DefaultRestGormSecurityConfig.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2015 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ import javax.servlet.http.HttpServletResponse diff --git a/spring-security-rest-grailscache/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/GrailsCacheTokenStorageService.groovy b/spring-security-rest-grailscache/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/GrailsCacheTokenStorageService.groovy index 688ae21cd..2047f87fc 100644 --- a/spring-security-rest-grailscache/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/GrailsCacheTokenStorageService.groovy +++ b/spring-security-rest-grailscache/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/GrailsCacheTokenStorageService.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.storage diff --git a/spring-security-rest-grailscache/src/main/resources/DefaultRestGrailsCacheSecurityConfig.groovy b/spring-security-rest-grailscache/src/main/resources/DefaultRestGrailsCacheSecurityConfig.groovy index b52ba0876..39a8f6b01 100644 --- a/spring-security-rest-grailscache/src/main/resources/DefaultRestGrailsCacheSecurityConfig.groovy +++ b/spring-security-rest-grailscache/src/main/resources/DefaultRestGrailsCacheSecurityConfig.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2015 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ import javax.servlet.http.HttpServletResponse diff --git a/spring-security-rest-grailscache/src/test/groovy/grails/plugin/springsecurity/rest/token/storage/GrailsCacheTokenStorageServiceSpec.groovy b/spring-security-rest-grailscache/src/test/groovy/grails/plugin/springsecurity/rest/token/storage/GrailsCacheTokenStorageServiceSpec.groovy index 8462ec3f9..7beb52069 100644 --- a/spring-security-rest-grailscache/src/test/groovy/grails/plugin/springsecurity/rest/token/storage/GrailsCacheTokenStorageServiceSpec.groovy +++ b/spring-security-rest-grailscache/src/test/groovy/grails/plugin/springsecurity/rest/token/storage/GrailsCacheTokenStorageServiceSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.storage diff --git a/spring-security-rest-memcached/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/memcached/CustomSerializingTranscoder.groovy b/spring-security-rest-memcached/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/memcached/CustomSerializingTranscoder.groovy index 64793207d..f452d5c17 100644 --- a/spring-security-rest-memcached/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/memcached/CustomSerializingTranscoder.groovy +++ b/spring-security-rest-memcached/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/memcached/CustomSerializingTranscoder.groovy @@ -1,18 +1,16 @@ -/** - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.storage.memcached diff --git a/spring-security-rest-memcached/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/memcached/MemcachedTokenStorageService.groovy b/spring-security-rest-memcached/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/memcached/MemcachedTokenStorageService.groovy index 9c609672f..927887a21 100644 --- a/spring-security-rest-memcached/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/memcached/MemcachedTokenStorageService.groovy +++ b/spring-security-rest-memcached/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/memcached/MemcachedTokenStorageService.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.storage.memcached diff --git a/spring-security-rest-memcached/src/main/resources/DefaultRestMemcachedSecurityConfig.groovy b/spring-security-rest-memcached/src/main/resources/DefaultRestMemcachedSecurityConfig.groovy index ace006d7c..39fa3c090 100644 --- a/spring-security-rest-memcached/src/main/resources/DefaultRestMemcachedSecurityConfig.groovy +++ b/spring-security-rest-memcached/src/main/resources/DefaultRestMemcachedSecurityConfig.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2015 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ import javax.servlet.http.HttpServletResponse diff --git a/spring-security-rest-redis/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/RedisTokenStorageService.groovy b/spring-security-rest-redis/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/RedisTokenStorageService.groovy index 19b02bac4..4dda28cf8 100644 --- a/spring-security-rest-redis/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/RedisTokenStorageService.groovy +++ b/spring-security-rest-redis/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/RedisTokenStorageService.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.storage diff --git a/spring-security-rest-redis/src/main/resources/DefaultRestRedisSecurityConfig.groovy b/spring-security-rest-redis/src/main/resources/DefaultRestRedisSecurityConfig.groovy index 5036d666f..7f3203a29 100644 --- a/spring-security-rest-redis/src/main/resources/DefaultRestRedisSecurityConfig.groovy +++ b/spring-security-rest-redis/src/main/resources/DefaultRestRedisSecurityConfig.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2015 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ import javax.servlet.http.HttpServletResponse diff --git a/spring-security-rest-testapp-profile/features/gorm1/skeleton/src/integration-test/groovy/rest/RestLogoutFilterSpec.groovy b/spring-security-rest-testapp-profile/features/gorm1/skeleton/src/integration-test/groovy/rest/RestLogoutFilterSpec.groovy index 3bcfdb5ec..92f1f9735 100644 --- a/spring-security-rest-testapp-profile/features/gorm1/skeleton/src/integration-test/groovy/rest/RestLogoutFilterSpec.groovy +++ b/spring-security-rest-testapp-profile/features/gorm1/skeleton/src/integration-test/groovy/rest/RestLogoutFilterSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2015 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package rest diff --git a/spring-security-rest-testapp-profile/features/gorm2/skeleton/src/integration-test/groovy/rest/RestLogoutFilterSpec.groovy b/spring-security-rest-testapp-profile/features/gorm2/skeleton/src/integration-test/groovy/rest/RestLogoutFilterSpec.groovy index 3bcfdb5ec..92f1f9735 100644 --- a/spring-security-rest-testapp-profile/features/gorm2/skeleton/src/integration-test/groovy/rest/RestLogoutFilterSpec.groovy +++ b/spring-security-rest-testapp-profile/features/gorm2/skeleton/src/integration-test/groovy/rest/RestLogoutFilterSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2015 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package rest diff --git a/spring-security-rest-testapp-profile/features/jwt1/skeleton/src/integration-test/groovy/rest/JwtRestTokenValidationFilterSpec.groovy b/spring-security-rest-testapp-profile/features/jwt1/skeleton/src/integration-test/groovy/rest/JwtRestTokenValidationFilterSpec.groovy index 847e2730a..0d1ec20a3 100644 --- a/spring-security-rest-testapp-profile/features/jwt1/skeleton/src/integration-test/groovy/rest/JwtRestTokenValidationFilterSpec.groovy +++ b/spring-security-rest-testapp-profile/features/jwt1/skeleton/src/integration-test/groovy/rest/JwtRestTokenValidationFilterSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package rest diff --git a/spring-security-rest-testapp-profile/features/memcached1/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy b/spring-security-rest-testapp-profile/features/memcached1/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy index 2f1b28188..a1077dc2f 100644 --- a/spring-security-rest-testapp-profile/features/memcached1/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy +++ b/spring-security-rest-testapp-profile/features/memcached1/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2015 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package memcached diff --git a/spring-security-rest-testapp-profile/features/memcached2/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy b/spring-security-rest-testapp-profile/features/memcached2/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy index 2f1b28188..a1077dc2f 100644 --- a/spring-security-rest-testapp-profile/features/memcached2/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy +++ b/spring-security-rest-testapp-profile/features/memcached2/skeleton/src/integration-test/groovy/memcached/MemcachedSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2015 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package memcached diff --git a/spring-security-rest-testapp-profile/features/redis1/skeleton/src/integration-test/groovy/redis/RedisSpec.groovy b/spring-security-rest-testapp-profile/features/redis1/skeleton/src/integration-test/groovy/redis/RedisSpec.groovy index 251d95727..e37f5ce47 100644 --- a/spring-security-rest-testapp-profile/features/redis1/skeleton/src/integration-test/groovy/redis/RedisSpec.groovy +++ b/spring-security-rest-testapp-profile/features/redis1/skeleton/src/integration-test/groovy/redis/RedisSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2015 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package redis diff --git a/spring-security-rest-testapp-profile/features/redis2/skeleton/src/integration-test/groovy/redis/RedisSpec.groovy b/spring-security-rest-testapp-profile/features/redis2/skeleton/src/integration-test/groovy/redis/RedisSpec.groovy index 251d95727..e37f5ce47 100644 --- a/spring-security-rest-testapp-profile/features/redis2/skeleton/src/integration-test/groovy/redis/RedisSpec.groovy +++ b/spring-security-rest-testapp-profile/features/redis2/skeleton/src/integration-test/groovy/redis/RedisSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2015 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package redis diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/GebConfig.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/GebConfig.groovy index da9a861b2..9b6ab865b 100644 --- a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/GebConfig.groovy +++ b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/GebConfig.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ import org.openqa.selenium.Dimension import org.openqa.selenium.phantomjs.PhantomJSDriver diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/AbstractRestSpec.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/AbstractRestSpec.groovy index 2305d57c6..4457ec4f8 100644 --- a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/AbstractRestSpec.groovy +++ b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/AbstractRestSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package rest diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/BearerTokenSpec.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/BearerTokenSpec.groovy index e96c4c0c7..1112c1087 100644 --- a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/BearerTokenSpec.groovy +++ b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/BearerTokenSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package rest diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/CorsSpec.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/CorsSpec.groovy index 14ba2b56a..67d514fb8 100644 --- a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/CorsSpec.groovy +++ b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/CorsSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package rest diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/FrontendCallbackPage.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/FrontendCallbackPage.groovy index 004a0fac8..2275d9107 100644 --- a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/FrontendCallbackPage.groovy +++ b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/FrontendCallbackPage.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package rest diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/JwtSpec.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/JwtSpec.groovy index 29aa3a175..8cec2defc 100644 --- a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/JwtSpec.groovy +++ b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/JwtSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package rest diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestAuthenticationFilterSpec.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestAuthenticationFilterSpec.groovy index 67c9c13fc..fe1ea5ea9 100644 --- a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestAuthenticationFilterSpec.groovy +++ b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestAuthenticationFilterSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package rest diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestTokenValidationFilterSpec.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestTokenValidationFilterSpec.groovy index e7647f8f0..cdc77518a 100644 --- a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestTokenValidationFilterSpec.groovy +++ b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/RestTokenValidationFilterSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package rest diff --git a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/ValidateEndpointSpec.groovy b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/ValidateEndpointSpec.groovy index f8f89c782..c65f61313 100644 --- a/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/ValidateEndpointSpec.groovy +++ b/spring-security-rest-testapp-profile/skeleton/src/integration-test/groovy/rest/ValidateEndpointSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package rest diff --git a/spring-security-rest/grails-app/conf/logback.groovy b/spring-security-rest/grails-app/conf/logback.groovy index 9be38509a..e3dea70e8 100644 --- a/spring-security-rest/grails-app/conf/logback.groovy +++ b/spring-security-rest/grails-app/conf/logback.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2015 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ import grails.util.BuildSettings import grails.util.Environment diff --git a/spring-security-rest/grails-app/controllers/grails/plugin/springsecurity/rest/RestOauthController.groovy b/spring-security-rest/grails-app/controllers/grails/plugin/springsecurity/rest/RestOauthController.groovy index d490e86d1..efd9a45eb 100644 --- a/spring-security-rest/grails-app/controllers/grails/plugin/springsecurity/rest/RestOauthController.groovy +++ b/spring-security-rest/grails-app/controllers/grails/plugin/springsecurity/rest/RestOauthController.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest diff --git a/spring-security-rest/grails-app/controllers/grails/plugin/springsecurity/rest/RestOauthUrlMappings.groovy b/spring-security-rest/grails-app/controllers/grails/plugin/springsecurity/rest/RestOauthUrlMappings.groovy index 988c1ab06..e21fb6825 100644 --- a/spring-security-rest/grails-app/controllers/grails/plugin/springsecurity/rest/RestOauthUrlMappings.groovy +++ b/spring-security-rest/grails-app/controllers/grails/plugin/springsecurity/rest/RestOauthUrlMappings.groovy @@ -1,19 +1,17 @@ package grails.plugin.springsecurity.rest -/* - * Copyright 2013-2015 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ class RestOauthUrlMappings { diff --git a/spring-security-rest/grails-app/services/grails/plugin/springsecurity/rest/JwtService.groovy b/spring-security-rest/grails-app/services/grails/plugin/springsecurity/rest/JwtService.groovy index 56cf16ecf..2a21d14ba 100644 --- a/spring-security-rest/grails-app/services/grails/plugin/springsecurity/rest/JwtService.groovy +++ b/spring-security-rest/grails-app/services/grails/plugin/springsecurity/rest/JwtService.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest diff --git a/spring-security-rest/grails-app/services/grails/plugin/springsecurity/rest/RestOauthService.groovy b/spring-security-rest/grails-app/services/grails/plugin/springsecurity/rest/RestOauthService.groovy index ae508f437..ad46adb2c 100644 --- a/spring-security-rest/grails-app/services/grails/plugin/springsecurity/rest/RestOauthService.groovy +++ b/spring-security-rest/grails-app/services/grails/plugin/springsecurity/rest/RestOauthService.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestAuthenticationFailureHandler.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestAuthenticationFailureHandler.groovy index cf8616e08..9dfc03940 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestAuthenticationFailureHandler.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestAuthenticationFailureHandler.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestAuthenticationFilter.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestAuthenticationFilter.groovy index bb1e95440..8fc619984 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestAuthenticationFilter.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestAuthenticationFilter.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestAuthenticationProvider.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestAuthenticationProvider.groovy index 3b7798ef7..c06c8d8a2 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestAuthenticationProvider.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestAuthenticationProvider.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestAuthenticationSuccessHandler.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestAuthenticationSuccessHandler.groovy index 579d23545..bb8336b22 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestAuthenticationSuccessHandler.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestAuthenticationSuccessHandler.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestLogoutFilter.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestLogoutFilter.groovy index 45bd99168..f2bf3b39f 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestLogoutFilter.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestLogoutFilter.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestSecurityEventListener.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestSecurityEventListener.groovy index b2b4b215e..6198374c6 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestSecurityEventListener.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestSecurityEventListener.groovy @@ -1,18 +1,16 @@ -/** - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestTokenCreationEvent.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestTokenCreationEvent.groovy index be8e67ba7..a3b21e5ee 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestTokenCreationEvent.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestTokenCreationEvent.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestTokenValidationFilter.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestTokenValidationFilter.groovy index 93e62e9d3..4cab4ea37 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestTokenValidationFilter.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/RestTokenValidationFilter.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestFilterRequestMatcher.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestFilterRequestMatcher.groovy index 2ab705960..a1648d972 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestFilterRequestMatcher.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestFilterRequestMatcher.groovy @@ -1,3 +1,17 @@ +/* Copyright 2024 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package grails.plugin.springsecurity.rest import groovy.transform.CompileStatic diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestGrailsPlugin.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestGrailsPlugin.groovy index d60cb2c14..2ff968835 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestGrailsPlugin.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/SpringSecurityRestGrailsPlugin.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2015 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/authentication/DefaultRestAuthenticationEventPublisher.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/authentication/DefaultRestAuthenticationEventPublisher.groovy index f7c017bec..3d0f18b91 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/authentication/DefaultRestAuthenticationEventPublisher.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/authentication/DefaultRestAuthenticationEventPublisher.groovy @@ -1,18 +1,16 @@ -/** - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.authentication diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/authentication/NullRestAuthenticationEventPublisher.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/authentication/NullRestAuthenticationEventPublisher.groovy index 43312adc6..05f6605a4 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/authentication/NullRestAuthenticationEventPublisher.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/authentication/NullRestAuthenticationEventPublisher.groovy @@ -1,18 +1,16 @@ -/** - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.authentication diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/authentication/RestAuthenticationEventPublisher.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/authentication/RestAuthenticationEventPublisher.groovy index 410eeab6e..2d85275b5 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/authentication/RestAuthenticationEventPublisher.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/authentication/RestAuthenticationEventPublisher.groovy @@ -1,18 +1,16 @@ -/** - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.authentication diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/credentials/AbstractJsonPayloadCredentialsExtractor.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/credentials/AbstractJsonPayloadCredentialsExtractor.groovy index 8ead0c21c..5b42aed5b 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/credentials/AbstractJsonPayloadCredentialsExtractor.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/credentials/AbstractJsonPayloadCredentialsExtractor.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.credentials diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/credentials/CredentialsExtractor.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/credentials/CredentialsExtractor.groovy index 217051a9e..a8c106b3c 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/credentials/CredentialsExtractor.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/credentials/CredentialsExtractor.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.credentials diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/credentials/DefaultJsonPayloadCredentialsExtractor.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/credentials/DefaultJsonPayloadCredentialsExtractor.groovy index 0db8b6881..cd3a4a030 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/credentials/DefaultJsonPayloadCredentialsExtractor.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/credentials/DefaultJsonPayloadCredentialsExtractor.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.credentials diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/credentials/RequestParamsCredentialsExtractor.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/credentials/RequestParamsCredentialsExtractor.groovy index 47c311986..8ce74dfb1 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/credentials/RequestParamsCredentialsExtractor.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/credentials/RequestParamsCredentialsExtractor.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.credentials diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/error/CallbackErrorHandler.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/error/CallbackErrorHandler.groovy index 2d92fd932..485acdecf 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/error/CallbackErrorHandler.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/error/CallbackErrorHandler.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.error diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/error/DefaultCallbackErrorHandler.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/error/DefaultCallbackErrorHandler.groovy index 9445a63e5..54f7de175 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/error/DefaultCallbackErrorHandler.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/error/DefaultCallbackErrorHandler.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.error diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/oauth/DefaultOauthUserDetailsService.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/oauth/DefaultOauthUserDetailsService.groovy index a2f0de0f8..4238fc473 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/oauth/DefaultOauthUserDetailsService.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/oauth/DefaultOauthUserDetailsService.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.oauth diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/oauth/OauthUser.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/oauth/OauthUser.groovy index a5238776e..ec5d54384 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/oauth/OauthUser.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/oauth/OauthUser.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.oauth diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/oauth/OauthUserDetailsService.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/oauth/OauthUserDetailsService.groovy index 0ba87409c..eff1e89c8 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/oauth/OauthUserDetailsService.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/oauth/OauthUserDetailsService.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.oauth diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/AccessToken.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/AccessToken.groovy index 2e2d1e5ae..705614fbf 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/AccessToken.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/AccessToken.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/bearer/BearerTokenAccessDeniedHandler.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/bearer/BearerTokenAccessDeniedHandler.groovy index f5e1950b8..cd0d11604 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/bearer/BearerTokenAccessDeniedHandler.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/bearer/BearerTokenAccessDeniedHandler.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.bearer diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/bearer/BearerTokenAuthenticationEntryPoint.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/bearer/BearerTokenAuthenticationEntryPoint.groovy index 7393f6d80..4f393f386 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/bearer/BearerTokenAuthenticationEntryPoint.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/bearer/BearerTokenAuthenticationEntryPoint.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.bearer diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/bearer/BearerTokenAuthenticationFailureHandler.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/bearer/BearerTokenAuthenticationFailureHandler.groovy index 9f44160e2..050de63fb 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/bearer/BearerTokenAuthenticationFailureHandler.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/bearer/BearerTokenAuthenticationFailureHandler.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.bearer diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/bearer/BearerTokenReader.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/bearer/BearerTokenReader.groovy index 8c8867e86..8206fe375 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/bearer/BearerTokenReader.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/bearer/BearerTokenReader.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.bearer diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/SecureRandomTokenGenerator.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/SecureRandomTokenGenerator.groovy index 82636752a..e37cf7e8e 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/SecureRandomTokenGenerator.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/SecureRandomTokenGenerator.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.generation diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/TokenGenerator.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/TokenGenerator.groovy index 86aadcd18..8cd5444ae 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/TokenGenerator.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/TokenGenerator.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.generation diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/UUIDTokenGenerator.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/UUIDTokenGenerator.groovy index 7d720b2d1..76c460e21 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/UUIDTokenGenerator.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/UUIDTokenGenerator.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.generation diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/AbstractJwtTokenGenerator.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/AbstractJwtTokenGenerator.groovy index 606051f6b..e952bd19e 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/AbstractJwtTokenGenerator.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/AbstractJwtTokenGenerator.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.generation.jwt diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/CustomClaimProvider.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/CustomClaimProvider.groovy index c01c23a54..8e98be60d 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/CustomClaimProvider.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/CustomClaimProvider.groovy @@ -1,3 +1,17 @@ +/* Copyright 2024 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package grails.plugin.springsecurity.rest.token.generation.jwt import com.nimbusds.jwt.JWTClaimsSet diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/DefaultRSAKeyProvider.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/DefaultRSAKeyProvider.groovy index 93d6e6f30..e087e0470 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/DefaultRSAKeyProvider.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/DefaultRSAKeyProvider.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.generation.jwt diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/EncryptedJwtTokenGenerator.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/EncryptedJwtTokenGenerator.groovy index a58953ffb..71c01edb4 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/EncryptedJwtTokenGenerator.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/EncryptedJwtTokenGenerator.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.generation.jwt diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/FileRSAKeyProvider.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/FileRSAKeyProvider.groovy index d7f2bb863..1c787dd89 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/FileRSAKeyProvider.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/FileRSAKeyProvider.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.generation.jwt diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/IssuerClaimProvider.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/IssuerClaimProvider.groovy index 62688388f..772dc4b1c 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/IssuerClaimProvider.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/IssuerClaimProvider.groovy @@ -1,3 +1,17 @@ +/* Copyright 2024 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package grails.plugin.springsecurity.rest.token.generation.jwt import com.nimbusds.jwt.JWTClaimsSet diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/RSAKeyProvider.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/RSAKeyProvider.groovy index b60966cfa..3b12334f1 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/RSAKeyProvider.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/RSAKeyProvider.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.generation.jwt diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/SignedJwtTokenGenerator.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/SignedJwtTokenGenerator.groovy index 5c8abc9d7..5cdd23962 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/SignedJwtTokenGenerator.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/generation/jwt/SignedJwtTokenGenerator.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.generation.jwt diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/reader/HttpHeaderTokenReader.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/reader/HttpHeaderTokenReader.groovy index 4313210b3..3b5cc0fd2 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/reader/HttpHeaderTokenReader.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/reader/HttpHeaderTokenReader.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.reader diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/reader/TokenReader.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/reader/TokenReader.groovy index 5110565fa..565ee37ea 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/reader/TokenReader.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/reader/TokenReader.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.reader diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/rendering/AccessTokenJsonRenderer.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/rendering/AccessTokenJsonRenderer.groovy index 0585340dc..5994a2793 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/rendering/AccessTokenJsonRenderer.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/rendering/AccessTokenJsonRenderer.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.rendering diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/rendering/DefaultAccessTokenJsonRenderer.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/rendering/DefaultAccessTokenJsonRenderer.groovy index 768096a75..13c107352 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/rendering/DefaultAccessTokenJsonRenderer.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/rendering/DefaultAccessTokenJsonRenderer.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.rendering diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/TokenNotFoundException.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/TokenNotFoundException.groovy index 668317284..6e5f420db 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/TokenNotFoundException.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/TokenNotFoundException.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.storage diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/TokenStorageService.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/TokenStorageService.groovy index 5daf5c190..f63cc6202 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/TokenStorageService.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/TokenStorageService.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.storage diff --git a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/jwt/JwtTokenStorageService.groovy b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/jwt/JwtTokenStorageService.groovy index 710332599..8079633ca 100644 --- a/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/jwt/JwtTokenStorageService.groovy +++ b/spring-security-rest/src/main/groovy/grails/plugin/springsecurity/rest/token/storage/jwt/JwtTokenStorageService.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.storage.jwt diff --git a/spring-security-rest/src/main/resources/DefaultRestSecurityConfig.groovy b/spring-security-rest/src/main/resources/DefaultRestSecurityConfig.groovy index 690f976ae..5b2a760bf 100644 --- a/spring-security-rest/src/main/resources/DefaultRestSecurityConfig.groovy +++ b/spring-security-rest/src/main/resources/DefaultRestSecurityConfig.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2015 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ import javax.servlet.http.HttpServletResponse diff --git a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/BearerTokenAuthenticationFailureHandlerSpec.groovy b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/BearerTokenAuthenticationFailureHandlerSpec.groovy index 627f98caf..f96b473ce 100644 --- a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/BearerTokenAuthenticationFailureHandlerSpec.groovy +++ b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/BearerTokenAuthenticationFailureHandlerSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest diff --git a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/JwtServiceSpec.groovy b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/JwtServiceSpec.groovy index 828cc9a0e..d69633234 100644 --- a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/JwtServiceSpec.groovy +++ b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/JwtServiceSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest diff --git a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestAuthenticationFailureHandlerSpec.groovy b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestAuthenticationFailureHandlerSpec.groovy index bc2c54af3..245cc36a3 100644 --- a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestAuthenticationFailureHandlerSpec.groovy +++ b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestAuthenticationFailureHandlerSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest diff --git a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestOauthControllerSpec.groovy b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestOauthControllerSpec.groovy index 2db7bc1fd..c901516b5 100644 --- a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestOauthControllerSpec.groovy +++ b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestOauthControllerSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest diff --git a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestOauthServiceSpec.groovy b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestOauthServiceSpec.groovy index 9758380ac..1b4fb38e6 100644 --- a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestOauthServiceSpec.groovy +++ b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestOauthServiceSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest diff --git a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestSecurityEventListenerSpec.groovy b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestSecurityEventListenerSpec.groovy index c39b30671..2b159fe28 100644 --- a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestSecurityEventListenerSpec.groovy +++ b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestSecurityEventListenerSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest diff --git a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestTokenReaderSpec.groovy b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestTokenReaderSpec.groovy index b29c0cd51..143e95fdd 100644 --- a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestTokenReaderSpec.groovy +++ b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestTokenReaderSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest diff --git a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestTokenValidationFilterUnitSpec.groovy b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestTokenValidationFilterUnitSpec.groovy index bc3078671..e10d320a6 100644 --- a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestTokenValidationFilterUnitSpec.groovy +++ b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/RestTokenValidationFilterUnitSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest diff --git a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/authentication/DefaultRestAuthenticationEventPublisherSpec.groovy b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/authentication/DefaultRestAuthenticationEventPublisherSpec.groovy index 04ec35c5c..9eff1c967 100644 --- a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/authentication/DefaultRestAuthenticationEventPublisherSpec.groovy +++ b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/authentication/DefaultRestAuthenticationEventPublisherSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.authentication diff --git a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/credentials/CredentialsExtractorTestSpec.groovy b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/credentials/CredentialsExtractorTestSpec.groovy index 86c080e27..29d6b835b 100644 --- a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/credentials/CredentialsExtractorTestSpec.groovy +++ b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/credentials/CredentialsExtractorTestSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.credentials diff --git a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/oauth/DefaultOauthUserDetailsServiceSpec.groovy b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/oauth/DefaultOauthUserDetailsServiceSpec.groovy index a29b18b6a..0f8af218d 100644 --- a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/oauth/DefaultOauthUserDetailsServiceSpec.groovy +++ b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/oauth/DefaultOauthUserDetailsServiceSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.oauth diff --git a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/rfc6750/BearerTokenReaderSpec.groovy b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/rfc6750/BearerTokenReaderSpec.groovy index c1b8315c1..46610630a 100644 --- a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/rfc6750/BearerTokenReaderSpec.groovy +++ b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/rfc6750/BearerTokenReaderSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.rfc6750 diff --git a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/TokenGeneratorSpec.groovy b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/TokenGeneratorSpec.groovy index c501d7b26..452dea2b6 100644 --- a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/TokenGeneratorSpec.groovy +++ b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/TokenGeneratorSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token diff --git a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/bearer/BearerTokenAccessDeniedHandlerSpec.groovy b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/bearer/BearerTokenAccessDeniedHandlerSpec.groovy index 3f68d186f..6e9c7ffe6 100644 --- a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/bearer/BearerTokenAccessDeniedHandlerSpec.groovy +++ b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/bearer/BearerTokenAccessDeniedHandlerSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.bearer diff --git a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/generation/JwtTokenGeneratorSpec.groovy b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/generation/JwtTokenGeneratorSpec.groovy index 69ea3e673..91577838b 100644 --- a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/generation/JwtTokenGeneratorSpec.groovy +++ b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/generation/JwtTokenGeneratorSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.generation diff --git a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/rendering/DefaultRestAuthenticationTokenJsonRendererSpec.groovy b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/rendering/DefaultRestAuthenticationTokenJsonRendererSpec.groovy index dcdb4dec6..dd1022079 100644 --- a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/rendering/DefaultRestAuthenticationTokenJsonRendererSpec.groovy +++ b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/rendering/DefaultRestAuthenticationTokenJsonRendererSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.rendering diff --git a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/storage/jwt/JwtTokenStorageServiceSpec.groovy b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/storage/jwt/JwtTokenStorageServiceSpec.groovy index ca91eb7ff..866c65423 100644 --- a/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/storage/jwt/JwtTokenStorageServiceSpec.groovy +++ b/spring-security-rest/src/test/groovy/grails/plugin/springsecurity/rest/token/storage/jwt/JwtTokenStorageServiceSpec.groovy @@ -1,18 +1,16 @@ -/* - * Copyright 2013-2016 Alvaro Sanchez-Mariscal +/* Copyright 2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - * */ package grails.plugin.springsecurity.rest.token.storage.jwt