Fix multi test annotations, realm direct permissions

Author: adrienlauer

CHANGELOG.md

@@ -1,6 +1,10 @@
 # Version 3.11.0 (2020-08-06)
 
 * [brk] Config functions that find available ports now take a port name as argument so they can return the same port for each evaluation (example: `$availableTcpPort()` becomes `$availableTcpPort('web')`).
+* [new] Support for configuration of Undertow handlers using `undertow-handlers.conf` file (at the root of the classpath by default).
+* [new] Security realms can now return direct user permissions, not attached to any role.
+* [chg] Enable a detailed user message by default for internal and security exceptions during REST requests. 
+* [fix] Fixed test annotations that were not fully detected when repeated: `@ConfigurationProperty`, `@KernelParameter` and `@SystemProperty`.   
 
 # Version 3.10.0 (2020-08-06)
 

rest/core/src/main/java/org/seedstack/seed/rest/internal/exceptionmapper/AuthenticationExceptionMapper.java

@@ -7,23 +7,41 @@
  */
 package org.seedstack.seed.rest.internal.exceptionmapper;
 
-import javax.ws.rs.core.Response;
-import javax.ws.rs.ext.ExceptionMapper;
-import javax.ws.rs.ext.Provider;
+import org.seedstack.seed.Application;
+import org.seedstack.seed.rest.RestConfig;
 import org.seedstack.seed.security.AuthenticationException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.inject.Inject;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.ext.ExceptionMapper;
+import javax.ws.rs.ext.Provider;
+
 /**
  * Default {@link AuthenticationException} exception mapper which returns an HTTP status 401 (unauthorized).
  */
 @Provider
 public class AuthenticationExceptionMapper implements ExceptionMapper<AuthenticationException> {
     private static final Logger LOGGER = LoggerFactory.getLogger(AuthenticationExceptionMapper.class);
+    private final RestConfig.ExceptionMappingConfig exceptionMappingConfig;
+
+    @Inject
+    public AuthenticationExceptionMapper(Application application) {
+        this.exceptionMappingConfig = application.getConfiguration().get(RestConfig.ExceptionMappingConfig.class);
+    }
 
     @Override
     public Response toResponse(AuthenticationException exception) {
-        LOGGER.debug(exception.toString(), exception);
-        return Response.status(Response.Status.UNAUTHORIZED).entity("Unauthorized").build();
+        if (exceptionMappingConfig.isDetailedLog()) {
+            LOGGER.debug(exception.toString());
+        } else {
+            LOGGER.debug(exception.getMessage());
+        }
+        String message = "Unauthorized";
+        if (exceptionMappingConfig.isDetailedUserMessage()) {
+            message += ": " + exception.getMessage();
+        }
+        return Response.status(Response.Status.UNAUTHORIZED).entity(message).build();
     }
 }

rest/core/src/main/java/org/seedstack/seed/rest/internal/exceptionmapper/AuthorizationExceptionMapper.java

@@ -7,23 +7,41 @@
  */
 package org.seedstack.seed.rest.internal.exceptionmapper;
 
-import javax.ws.rs.core.Response;
-import javax.ws.rs.ext.ExceptionMapper;
-import javax.ws.rs.ext.Provider;
+import org.seedstack.seed.Application;
+import org.seedstack.seed.rest.RestConfig;
 import org.seedstack.seed.security.AuthorizationException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.inject.Inject;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.ext.ExceptionMapper;
+import javax.ws.rs.ext.Provider;
+
 /**
  * Default {@link AuthorizationException} exception mapper which returns an HTTP status 403 (forbidden).
  */
 @Provider
 public class AuthorizationExceptionMapper implements ExceptionMapper<AuthorizationException> {
     private static final Logger LOGGER = LoggerFactory.getLogger(AuthorizationExceptionMapper.class);
+    private final RestConfig.ExceptionMappingConfig exceptionMappingConfig;
+
+    @Inject
+    public AuthorizationExceptionMapper(Application application) {
+        this.exceptionMappingConfig = application.getConfiguration().get(RestConfig.ExceptionMappingConfig.class);
+    }
 
     @Override
     public Response toResponse(AuthorizationException exception) {
-        LOGGER.debug(exception.toString(), exception);
-        return Response.status(Response.Status.FORBIDDEN).entity("Forbidden").build();
+        if (exceptionMappingConfig.isDetailedLog()) {
+            LOGGER.debug(exception.toString());
+        } else {
+            LOGGER.debug(exception.getMessage());
+        }
+        String message = "Forbidden";
+        if (exceptionMappingConfig.isDetailedUserMessage()) {
+            message += ": " + exception.getMessage();
+        }
+        return Response.status(Response.Status.FORBIDDEN).entity(message).build();
     }
 }

rest/core/src/main/java/org/seedstack/seed/rest/internal/exceptionmapper/InternalErrorExceptionMapper.java

@@ -7,20 +7,21 @@
  */
 package org.seedstack.seed.rest.internal.exceptionmapper;
 
-import java.util.UUID;
-import javax.inject.Inject;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.ext.ExceptionMapper;
-import javax.ws.rs.ext.Provider;
 import org.seedstack.seed.Application;
 import org.seedstack.seed.core.Seed;
 import org.seedstack.seed.rest.RestConfig;
 import org.seedstack.shed.exception.BaseException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.inject.Inject;
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.ext.ExceptionMapper;
+import javax.ws.rs.ext.Provider;
+import java.util.UUID;
+
 /**
  * Default exception mapper for an caught exception with no exception mapper associated.
  * It returns an HTTP status 500 (internal server error).

rest/specs/src/main/java/org/seedstack/seed/rest/RestConfig.java

@@ -7,13 +7,14 @@
  */
 package org.seedstack.seed.rest;
 
+import org.seedstack.coffig.Config;
+import org.seedstack.coffig.SingleValue;
+
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
-import org.seedstack.coffig.Config;
-import org.seedstack.coffig.SingleValue;
 
 @Config("rest")
 public class RestConfig {
@@ -117,7 +118,7 @@ public static class ExceptionMappingConfig {
         private boolean all = true;
         private boolean validation = true;
         private boolean detailedLog = true;
-        private boolean detailedUserMessage = false;
+        private boolean detailedUserMessage = true;
 
         public boolean isSecurity() {
             return security;

security/core/src/main/java/org/seedstack/seed/security/internal/RealmConfiguration.java

@@ -12,13 +12,9 @@
 import org.seedstack.seed.security.RolePermissionResolver;
 
 class RealmConfiguration {
-
     private final String name;
-
     private final Class<? extends Realm> realmClass;
-
     private Class<? extends RoleMapping> roleMappingClass;
-
     private Class<? extends RolePermissionResolver> rolePermissionResolverClass;
 
     RealmConfiguration(String name, Class<? extends Realm> realmClass) {
@@ -50,4 +46,8 @@ Class<? extends Realm> getRealmClass() {
         return realmClass;
     }
 
+    @Override
+    public String toString() {
+        return name;
+    }
 }

security/core/src/main/java/org/seedstack/seed/security/internal/ShiroRealmAdapter.java

@@ -8,11 +8,6 @@
 
 package org.seedstack.seed.security.internal;
 
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-import java.util.Set;
-import javax.inject.Inject;
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.AuthenticationInfo;
 import org.apache.shiro.authc.AuthenticationToken;
@@ -32,6 +27,12 @@
 import org.seedstack.seed.security.internal.realms.AuthenticationTokenWrapper;
 import org.seedstack.seed.security.principals.PrincipalProvider;
 
+import javax.inject.Inject;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+import java.util.Set;
+
 class ShiroRealmAdapter extends AuthorizingRealm {
     private Realm realm;
     @Inject
@@ -54,12 +55,21 @@ protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principal
                 principalProviders.add((PrincipalProvider<?>) principal);
             }
         }
-        List<PrincipalProvider<?>> asList = principals.asList();
-        for (Role role : realm.getRoleMapping().resolveRoles(realm.getRealmRoles(idPrincipal, asList),
+
+        List<PrincipalProvider<?>> principalList = principals.asList();
+
+        // Retrieve user roles through
+        for (Role role : realm.getRoleMapping().resolveRoles(realm.getRealmRoles(idPrincipal, principalList),
                 principalProviders)) {
             role.getPermissions().addAll(realm.getRolePermissionResolver().resolvePermissionsInRole(role));
             authzInfo.addRole(role);
         }
+
+        // Retrieve direct user permissions
+        for (String permission : realm.getRealmPermissions(idPrincipal, principalList)) {
+            authzInfo.addPermission(permission);
+        }
+
         return authzInfo;
     }
 

security/core/src/main/java/org/seedstack/seed/security/internal/authorization/SeedAuthorizationInfo.java

@@ -7,15 +7,16 @@
  */
 package org.seedstack.seed.security.internal.authorization;
 
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Set;
 import org.apache.shiro.authz.AuthorizationInfo;
 import org.apache.shiro.authz.Permission;
 import org.seedstack.seed.security.Role;
 import org.seedstack.seed.security.Scope;
 
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
 /**
  * AuthorizationInfo that keeps the Roles and Permissions for SeedStack API.
  */
@@ -67,4 +68,13 @@ public void addRole(Role role) {
             }
         }
     }
+
+    /**
+     * Adds a direct permission to the authorization info.
+     *
+     * @param permission the permission to add.
+     */
+    public void addPermission(String permission) {
+        stringPermissions.add(permission);
+    }
 }

security/specs/src/main/java/org/seedstack/seed/security/Realm.java

@@ -8,9 +8,11 @@
 
 package org.seedstack.seed.security;
 
+import org.seedstack.seed.security.principals.PrincipalProvider;
+
 import java.util.Collection;
+import java.util.HashSet;
 import java.util.Set;
-import org.seedstack.seed.security.principals.PrincipalProvider;
 
 /**
  * A realm is used to authenticate and retrieve authorization for a user.
@@ -23,6 +25,18 @@ default String name() {
         return getClass().getSimpleName();
     }
 
+    /**
+     * Get the permissions
+     *
+     * @param identityPrincipal principal representing the identity of the user
+     * @param otherPrincipals   other principals
+     * @return the permissions of the user. Should not return null but empty
+     * collection.
+     */
+    default Set<String> getRealmPermissions(PrincipalProvider<?> identityPrincipal, Collection<PrincipalProvider<?>> otherPrincipals) {
+        return new HashSet<>();
+    }
+
     /**
      * Get the roles
      *
@@ -31,7 +45,9 @@ default String name() {
      * @return the roles of the user. Should not return null but empty
      * collection.
      */
-    Set<String> getRealmRoles(PrincipalProvider<?> identityPrincipal, Collection<PrincipalProvider<?>> otherPrincipals);
+    default Set<String> getRealmRoles(PrincipalProvider<?> identityPrincipal, Collection<PrincipalProvider<?>> otherPrincipals) {
+        return new HashSet<>();
+    }
 
     /**
      * Authenticates the user and retrieves its properties in an

testing/core/src/main/java/org/seedstack/seed/testing/internal/ConfigurationPropertiesTestPlugin.java

@@ -7,13 +7,15 @@
  */
 package org.seedstack.seed.testing.internal;
 
-import java.util.HashMap;
-import java.util.Map;
+import org.seedstack.seed.testing.ConfigurationProperties;
 import org.seedstack.seed.testing.ConfigurationProperty;
 import org.seedstack.seed.testing.spi.TestContext;
 import org.seedstack.seed.testing.spi.TestPlugin;
 import org.seedstack.shed.reflect.Annotations;
 
+import java.util.HashMap;
+import java.util.Map;
+
 public class ConfigurationPropertiesTestPlugin implements TestPlugin {
     @Override
     public boolean enabled(TestContext testContext) {
@@ -25,13 +27,29 @@ public Map<String, String> configurationProperties(TestContext testContext) {
         Map<String, String> configuration = new HashMap<>();
 
         // Configuration properties on the class
+        Annotations.on(testContext.testClass())
+                .includingMetaAnnotations()
+                .findAll(ConfigurationProperties.class)
+                .forEach(configProperties -> {
+                    for (ConfigurationProperty configProperty : configProperties.value()) {
+                        configuration.put(buildPropertyName(configProperty), configProperty.value());
+                    }
+                });
         Annotations.on(testContext.testClass())
                 .includingMetaAnnotations()
                 .findAll(ConfigurationProperty.class)
                 .forEach(configProperty -> configuration.put(buildPropertyName(configProperty),
                         configProperty.value()));
 
         // Configuration properties on the method (completing/overriding class configuration properties)
+        testContext.testMethod().ifPresent(testMethod -> Annotations.on(testMethod)
+                .includingMetaAnnotations()
+                .findAll(ConfigurationProperties.class)
+                .forEach(configProperties -> {
+                    for (ConfigurationProperty configProperty : configProperties.value()) {
+                        configuration.put(buildPropertyName(configProperty), configProperty.value());
+                    }
+                }));
         testContext.testMethod().ifPresent(testMethod -> Annotations.on(testMethod)
                 .includingMetaAnnotations()
                 .findAll(ConfigurationProperty.class)