diff --git a/changelog.txt b/changelog.txt
index 0f301f5bb38064901d7159eace5f028949d402db..54fff73846f5f840cd96e5ff22f3c997d35fe376 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -1,3 +1,9 @@
+eDelivery SMP 5.0
+- added new properties:
+ smp.truststore.type: Truststore type as JKS/PKCS12
+ smp.keystore.type: Keystore type as JKS/PKCS12
+
+
eDelivery SMP 4.2
- added new properties:
smp.passwordPolicy.validationRegex: Regular expression do define password minimum complexity rules!
@@ -12,7 +18,7 @@ eDelivery SMP 4.2
smp.ui.session.idle_timeout.admin: Specifies the time, in seconds, between client requests before the SMP will invalidate session for ADMIN users (System)!
smp.ui.session.idle_timeout.user: Specifies the time, in seconds, between client requests before the SMP will invalidate session for users (Service group, SMP Admin)
smp.sso.cas.ui.label: The SSO service provider label.
- smp.sso.cas.url: The SSO CAS URL enpoint
+ smp.sso.cas.url: The SSO CAS URL endpoint
smp.sso.cas.urlpath.login: The CAS URL path for login. Complete URL is composed from parameters: ${smp.sso.cas.url}/${smp.sso.cas.urlpath.login}.
smp.sso.cas.callback.url: The URL is the callback URL belonging to the local SMP Security System. If using RP make sure it target SMP path '/ui/rest/security/cas'
smp.sso.cas.token.validation.urlpath: The CAS URL path for login. Complete URL is composed from parameters: ${smp.sso.cas.url}/${smp.sso.cas.urlpath.token.validation}.
diff --git a/pom.xml b/pom.xml
index ba9ab083d368337ec395aa964b992db8f6e4bd45..620436914f2b65df4e38fea74d6a8eef0a3486d3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -18,7 +18,7 @@
<artifactId>smp-modules</artifactId>
<packaging>pom</packaging>
<name>SMP</name>
- <version>4.2-RC2-SNAPSHOT</version>
+ <version>5.0-SNAPSHOT</version>
<modules>
<module>smp-angular</module>
@@ -646,34 +646,6 @@
</dependencies>
</plugin>
-
- <!-- integration tests, failsafe plugin -->
- <!-- plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-failsafe-plugin</artifactId>
- <version>2.19.1</version>
- <configuration>
- <reportsDirectory>${basedir}/target/code-coverage/failsafe-reports</reportsDirectory>
- </configuration>
- <executions>
- <execution>
- <id>integration-tests</id>
- <phase>integration-test</phase>
- <goals>
- <goal>integration-test</goal>
- <goal>verify</goal>
- </goals>
- </execution>
- </executions>
- <dependencies>
- <dependency>
- <groupId>org.apache.maven.surefire</groupId>
- <artifactId>surefire-junit47</artifactId>
- <version>2.19.1</version>
- </dependency>
- </dependencies>
- </plugin -->
-
<!-- jacoco start -->
<plugin>
<groupId>org.jacoco</groupId>
diff --git a/smp-angular/pom.xml b/smp-angular/pom.xml
index 99717433a75db708ca4646d96887b89376223aa9..2728eae2a4e3ac2e6776e89c8853c6c5a3bf3040 100644
--- a/smp-angular/pom.xml
+++ b/smp-angular/pom.xml
@@ -6,7 +6,7 @@
<parent>
<groupId>eu.europa.ec.edelivery</groupId>
<artifactId>smp-modules</artifactId>
- <version>4.2-RC2-SNAPSHOT</version>
+ <version>5.0-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<artifactId>smp-angular</artifactId>
diff --git a/smp-angular/src/app/app.component.html b/smp-angular/src/app/app.component.html
index 6430c83989f01e0b148da751f896f65b9576e652..9f937de93ed4e52931c3c95f55ca742582d2a293 100644
--- a/smp-angular/src/app/app.component.html
+++ b/smp-angular/src/app/app.component.html
@@ -95,12 +95,13 @@
<button *ngIf="isUserAuthPasswdEnabled" mat-menu-item id="changePassword_id" (click)="changeCurrentUserPassword()">
<span>Change password</span>
</button>
+ <button *ngIf="isUserAuthSSOEnabled" mat-menu-item id="showSSODetails_id" (click)="openCurrentCasUserData()">
+ <span>Open CAS user data</span>
+ </button>
<button *ngIf="isWebServiceUserTokenAuthPasswdEnabled" mat-menu-item id="getAccessToken_id" (click)="regenerateCurrentUserAccessToken()">
<span>Generated access token</span>
</button>
-
<hr/>
-
<button mat-menu-item (click)="logout($event)" id="logout_id">
<mat-icon>power_settings_new</mat-icon>
<span>Logout</span>
diff --git a/smp-angular/src/app/app.component.ts b/smp-angular/src/app/app.component.ts
index f212b3e8e3cd970669b22a00cc9f73e07cca4692..da611b1b9ab485416a413a7dc2a858944cb420af 100644
--- a/smp-angular/src/app/app.component.ts
+++ b/smp-angular/src/app/app.component.ts
@@ -34,6 +34,10 @@ export class AppComponent {
this.userController = new UserController(this.http, this.lookups, this.dialog);
}
+ openCurrentCasUserData() {
+ window.open(this.securityService.getCurrentUser().casUserDataUrl, "_blank");
+ }
+
get isWebServiceUserTokenAuthPasswdEnabled(): boolean {
return this.lookups.cachedApplicationConfig?.webServiceAuthTypes?.includes('TOKEN');
}
@@ -42,6 +46,10 @@ export class AppComponent {
return this.lookups.cachedApplicationInfo?.authTypes.includes('PASSWORD');
}
+ get isUserAuthSSOEnabled(): boolean {
+ return this.lookups.cachedApplicationInfo?.authTypes?.includes('SSO');
+ }
+
isCurrentUserSystemAdmin(): boolean {
return this.securityService.isCurrentUserInRole([Authority.SYSTEM_ADMIN]);
}
diff --git a/smp-angular/src/app/common/dialogs/expired-password-dialog/expired-password-dialog.component.html b/smp-angular/src/app/common/dialogs/expired-password-dialog/expired-password-dialog.component.html
index 1aeead3a4fda3fd7d6ec7258d3d48a1530f9b50e..252d8bb9ac8cd32ac7d95acb8d4042dfff5bc50d 100644
--- a/smp-angular/src/app/common/dialogs/expired-password-dialog/expired-password-dialog.component.html
+++ b/smp-angular/src/app/common/dialogs/expired-password-dialog/expired-password-dialog.component.html
@@ -1,5 +1,5 @@
<smp-dialog style="width: 400px"
- [title]="'Password about to expire!'"
+ [title]="'Password about to expire'"
[text]="'Your password is more than three months old. Please change it as soon as possible!'"
[type]="'information'"
[dialogRef]="dialogRef">
diff --git a/smp-angular/src/app/common/search-table/search-table.component.ts b/smp-angular/src/app/common/search-table/search-table.component.ts
index 17e356bdd0d451d46a48ef5f749a1854369947e7..61ddcf04a2af138e40a6dbe0d6a1018355832f76 100644
--- a/smp-angular/src/app/common/search-table/search-table.component.ts
+++ b/smp-angular/src/app/common/search-table/search-table.component.ts
@@ -170,7 +170,7 @@ export class SearchTableComponent implements OnInit {
this.dialog.open(ConfirmationDialogComponent, {
data: {
- title: "Not persisted data!",
+ title: "Not persisted data",
description: "Action will refresh all data and not saved data will be lost. Do you wish to continue?"
}
}).afterClosed().subscribe(result => {
diff --git a/smp-angular/src/app/domain/domain-details-dialog/domain-details-dialog.component.html b/smp-angular/src/app/domain/domain-details-dialog/domain-details-dialog.component.html
index 1b0b309238ba0c2f4b93c3e56113938f3f60e1c6..b9eb68da9310fa5eca6d181eb183a4fa57b5a5bf 100644
--- a/smp-angular/src/app/domain/domain-details-dialog/domain-details-dialog.component.html
+++ b/smp-angular/src/app/domain/domain-details-dialog/domain-details-dialog.component.html
@@ -7,8 +7,9 @@
<fieldset style="border: none;">
<mat-form-field style="width:100%">
<input matInput placeholder="Domain Code" name="domainCode"
- id="domainCode_id"
+ id="domainCode_id" #domainCode
matTooltip="The SMP's domain code. The code is used in HTTP header 'Domain' when adding service group using the webservice API"
+ (keypress)="onFieldKeyPressed(domainCode.value, 'domainCodeTimeout')"
[formControl]="domainForm.controls['domainCode']" maxlength="63" required>
<mat-hint align="end">For WS API integration: the Domain property</mat-hint>
<div
@@ -16,6 +17,11 @@
style="color:red; font-size: 70%">
Domain code must contain only chars and numbers and must be less than 63 chars long.
</div>
+ <div
+ *ngIf="!!fieldWarningTimeoutMap.domainCodeTimeout"
+ style="color:darkorange; font-size: 70%">
+ Domain code must contain only chars and numbers and must be less than 63 chars long.
+ </div>
<div
*ngIf="(!editMode && domainForm.controls['domainCode'].touched || editMode) && domainForm.controls['domainCode'].hasError('notInList')"
style="color:red; font-size: 70%">
@@ -25,7 +31,9 @@
<mat-form-field style="width:100%">
<input matInput placeholder="SML domain"
matTooltip="The domain-specific part of the SML DNS zone (e.g., ‘mydomain’ for mydomain.sml.dns.zone or leave empty for sml.dns.zone). Note: has informative value only, SML DNS zone used for publishing is based on SML configuration."
- name="smlSubdomain" id="smldomain_id"
+ name="smlSubdomain"
+ id="smldomain_id" #smldomain
+ (keypress)="onFieldKeyPressed(smldomain.value, 'smlDomainCodeTimeout')"
[formControl]="domainForm.controls['smlSubdomain']" maxlength="63">
<mat-hint align="end">The domain-specific part of the SML DNS zone (e.g., ‘mydomain’ for
mydomain.sml.dns.zone).
@@ -37,6 +45,12 @@
SML domain should be up to 63 characters long, should only contain alphanumeric and hyphen characters,
should not start with a digit nor a hyphen and should not end with a hyphen.
</div>
+ <div
+ *ngIf="!!fieldWarningTimeoutMap.smlDomainCodeTimeout"
+ style="color:darkorange; font-size: 70%">
+ SML domain should be up to 63 characters long, should only contain alphanumeric and hyphen characters,
+ should not start with a digit nor a hyphen and should not end with a hyphen.
+ </div>
<div
*ngIf="(!editMode && domainForm.controls['smlSubdomain'].touched || editMode) && domainForm.controls['smlSubdomain'].hasError('notInList')"
style="color:red; font-size: 70%">
@@ -70,7 +84,8 @@
<fieldset style="border: none;">
<mat-form-field style="width:100%">
<input matInput placeholder="SML SMP identifier" name="smlSmpId"
- id="smlSMPId_id"
+ id="smlSMPId_id" #smlSMPId
+ (keypress)="onFieldKeyPressed(smlSMPId.value, 'smlsmpid')"
[formControl]="domainForm.controls['smlSmpId']" maxlength="63">
<mat-hint align="end">SMP ID used for SML</mat-hint>
<div
@@ -79,6 +94,12 @@
SML SMP ID should be up to 63 characters long, should only contain alphanumeric and hyphen characters,
should not start with a digit nor a hyphen and should not end with a hyphen.
</div>
+ <div
+ *ngIf="!!fieldWarningTimeoutMap.smlsmpid"
+ style="color:darkorange; font-size: 70%">
+ SML SMP ID should be up to 63 characters long, should only contain alphanumeric and hyphen characters,
+ should not start with a digit nor a hyphen and should not end with a hyphen.
+ </div>
<div
*ngIf="(!editMode && domainForm.controls['smlSmpId'].touched || editMode) && domainForm.controls['smlSmpId'].hasError('notInList')"
style="color:red; font-size: 70%">
diff --git a/smp-angular/src/app/domain/domain-details-dialog/domain-details-dialog.component.ts b/smp-angular/src/app/domain/domain-details-dialog/domain-details-dialog.component.ts
index e83361472923bd8e511d6d78a6fd59b074afc311..bcd44f3d58b9ed423329d3445310f541da83d46e 100644
--- a/smp-angular/src/app/domain/domain-details-dialog/domain-details-dialog.component.ts
+++ b/smp-angular/src/app/domain/domain-details-dialog/domain-details-dialog.component.ts
@@ -6,9 +6,7 @@ import {AlertMessageService} from "../../common/alert-message/alert-message.serv
import {SearchTableEntityStatus} from "../../common/search-table/search-table-entity-status.model";
import {GlobalLookups} from "../../common/global-lookups";
import {CertificateRo} from "../../user/certificate-ro.model";
-import {KeystoreEditDialogComponent} from "../keystore-edit-dialog/keystore-edit-dialog.component";
-import {ServiceGroupDomainEditRo} from "../../service-group-edit/service-group-domain-edit-ro.model";
-import {BreakpointObserver, Breakpoints} from "@angular/cdk/layout";
+import {BreakpointObserver} from "@angular/cdk/layout";
@Component({
selector: 'domain-details-dialog',
@@ -18,17 +16,26 @@ export class DomainDetailsDialogComponent {
static readonly NEW_MODE = 'New Domain';
static readonly EDIT_MODE = 'Domain Edit';
- readonly subDomainPattern = '^(?![0-9]+$)(?!.*-$)(?!-)[a-zA-Z0-9-]{1,63}$';
- readonly smpIdDomainPattern = '^(?![0-9]+$)(?!.*-$)(?!-)[a-zA-Z0-9-]{0,63}$';
+ // Request from test team can not automate test if this is less than 10 seconds :(. Initialy it was 2s
+ readonly warningTimeout : number = 10000;
+ readonly dnsDomainPattern = '^([a-zA-Z]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?){0,63}$';
+ readonly subDomainPattern = this.dnsDomainPattern;
+ readonly smpIdDomainPattern = this.dnsDomainPattern;
// is part of domain
readonly domainCodePattern = '^[a-zA-Z0-9]{1,63}$';
+ fieldWarningTimeoutMap = {
+ domainCodeTimeout: null,
+ smlDomainCodeTimeout: null,
+ smlsmpid: null,
+ };
+
editMode: boolean;
formTitle: string;
current: DomainRo & { confirmation?: string };
domainForm: FormGroup;
domain;
- selectedSMLCert: CertificateRo =null;
+ selectedSMLCert: CertificateRo = null;
notInList(list: string[], exception: string) {
@@ -96,31 +103,35 @@ export class DomainDetailsDialogComponent {
if (this.current.smlClientKeyAlias) {
this.selectedSMLCert = this.lookups.cachedCertificateList.find(crt => crt.alias === this.current.smlClientKeyAlias);
- this.domainForm.controls['smlClientKeyCertificate'].setValue(this.selectedSMLCert );
+ this.domainForm.controls['smlClientKeyCertificate'].setValue(this.selectedSMLCert);
}
+ }
- this.responsive.observe(Breakpoints.Small)
- .subscribe(result => {
-
- if (result.matches) {
- console.log("screens matches HandsetLandscape");
- }
- });
+ /**
+ * Show warning if domain code exceed the maxlength.
+ * @param value
+ */
+ onFieldKeyPressed(value: string, showTheWarningReference:string) {
+ if (!!value && value.length >= 63 && !this.fieldWarningTimeoutMap[showTheWarningReference]) {
+ this.fieldWarningTimeoutMap[showTheWarningReference] = setTimeout(() => {
+ this.fieldWarningTimeoutMap[showTheWarningReference] = null;
+ }, this.warningTimeout);
+ }
}
submitForm() {
this.checkValidity(this.domainForm)
// check if empty domain already exists
- if(this.current.status === SearchTableEntityStatus.NEW
- && !this.domainForm.value['smlSubdomain'] ){
+ if (this.current.status === SearchTableEntityStatus.NEW
+ && !this.domainForm.value['smlSubdomain']) {
- var domainWithNullSML = this.lookups.cachedDomainList.filter(function(dmn) {
+ var domainWithNullSML = this.lookups.cachedDomainList.filter(function (dmn) {
return !dmn.smlSubdomain;
})[0];
- if(!domainWithNullSML) {
+ if (!domainWithNullSML) {
this.dialogRef.close(true);
} else {
this.domainForm.controls['smlSubdomain'].setErrors({'blankDomainError': true});
diff --git a/smp-angular/src/app/service-group-edit/service-metadata-wizard-dialog/service-metadata-wizard-dialog.component.html b/smp-angular/src/app/service-group-edit/service-metadata-wizard-dialog/service-metadata-wizard-dialog.component.html
index 527f9f3ab4cf4db0b35f219dfb30872713cf2b16..4e5e778c3b1ed4951190cbc577e8b4f1066129ec 100644
--- a/smp-angular/src/app/service-group-edit/service-metadata-wizard-dialog/service-metadata-wizard-dialog.component.html
+++ b/smp-angular/src/app/service-group-edit/service-metadata-wizard-dialog/service-metadata-wizard-dialog.component.html
@@ -74,6 +74,12 @@
<button mat-flat-button color="primary"
(click)="fileInput.click()" >Upload certificate</button>
</label>
+ <div *ngIf="certificateValidationMessage"
+ [ngClass]="{ 'alert-message': certificateValidationMessage, 'alert-message-success': !certificateValidationMessage, 'alert-message-error':!!certificateValidationMessage }"
+ id="alertmessage_id">
+ <span class="alert-message-close-button" (click)="clearAlert()">×</span>
+ {{certificateValidationMessage}}
+ </div>
<textarea matInput style="width:100%;border: #03A9F4 1px solid" cols="2" rows="10"
resizeable="false"
id="metadatacertificate_id"
diff --git a/smp-angular/src/app/service-group-edit/service-metadata-wizard-dialog/service-metadata-wizard-dialog.component.ts b/smp-angular/src/app/service-group-edit/service-metadata-wizard-dialog/service-metadata-wizard-dialog.component.ts
index bd1448a586485b480b7abd5108da6dc470144f22..dd4a09f75d361107ca3b3a894a465dfbc49fa92f 100644
--- a/smp-angular/src/app/service-group-edit/service-metadata-wizard-dialog/service-metadata-wizard-dialog.component.ts
+++ b/smp-angular/src/app/service-group-edit/service-metadata-wizard-dialog/service-metadata-wizard-dialog.component.ts
@@ -76,6 +76,7 @@ export class ServiceMetadataWizardDialogComponent {
uploadCertificate(event) {
const file = event.target.files[0];
+ this.certificateValidationMessage = null;
this.certificateService.validateCertificate(file).subscribe((res: CertificateRo) => {
if (res && res.certificateId) {
@@ -83,15 +84,19 @@ export class ServiceMetadataWizardDialogComponent {
'endpointCertificate': res.encodedValue
});
} else {
- this.alertService.exception("Error occurred while reading certificate.", "Check if uploaded file has valid certificate type.", false);
+ this.certificateValidationMessage = 'Error occurred while reading certificate. Check if uploaded file has valid certificate type';
}
},
err => {
- this.alertService.exception('Error uploading certificate file ' +file.name, err.error?.errorDescription);
+ this.certificateValidationMessage = 'Error uploading certificate file [' + file.name + '] ' + err.error?.errorDescription;
}
);
}
+ clearAlert() {
+ this.certificateValidationMessage = null;
+ }
+
onFileChanged(event) {
this.selectedFile = event.target.files[0]
@@ -125,24 +130,25 @@ export class ServiceMetadataWizardDialogComponent {
getParticipantElementXML(): string {
let schema = this.dialogForm.controls['participantScheme'].value;
- let value= this.dialogForm.controls['participantIdentifier'].value;
+ let value = this.dialogForm.controls['participantIdentifier'].value;
if (!!schema && this.lookups.cachedApplicationConfig.concatEBCorePartyId &&
- schema.startsWith(ServiceMetadataWizardDialogComponent.EBCORE_IDENTIFIER_PREFIX) ) {
- value = schema + ":" + value;
- schema =null;
+ schema.startsWith(ServiceMetadataWizardDialogComponent.EBCORE_IDENTIFIER_PREFIX)) {
+ value = schema + ":" + value;
+ schema = null;
}
- return '<ParticipantIdentifier ' +
- (!schema?'': 'scheme="' + this.xmlSpecialChars(schema) + '"')+ '>'
- + this.xmlSpecialChars(value)+ '</ParticipantIdentifier>';
+ return '<ParticipantIdentifier ' +
+ (!schema ? '' : 'scheme="' + this.xmlSpecialChars(schema) + '"') + '>'
+ + this.xmlSpecialChars(value) + '</ParticipantIdentifier>';
}
getDocumentElementXML(): string {
- return ' <DocumentIdentifier ' +
- (!this.dialogForm.controls['documentIdentifierScheme'].value?'': 'scheme="'
+ return ' <DocumentIdentifier ' +
+ (!this.dialogForm.controls['documentIdentifierScheme'].value ? '' : 'scheme="'
+ this.xmlSpecialChars(this.dialogForm.controls['documentIdentifierScheme'].value) + '"') +
'>' + this.xmlSpecialChars(this.dialogForm.controls['documentIdentifier'].value) + '</DocumentIdentifier>';
}
+
getServiceMetadataXML() {
let exampleXML = '<ServiceMetadata xmlns="http://docs.oasis-open.org/bdxr/ns/SMP/2016/05">' +
@@ -152,14 +158,14 @@ export class ServiceMetadataWizardDialogComponent {
'\n <ProcessList>' +
'\n <Process>' +
'\n <ProcessIdentifier ' +
- (!this.dialogForm.controls['processScheme'].value?'': 'scheme="' + this.xmlSpecialChars(this.dialogForm.controls['processScheme'].value) + '"')+
- '>'+this.xmlSpecialChars(this.dialogForm.controls['processIdentifier'].value)+'</ProcessIdentifier>' +
+ (!this.dialogForm.controls['processScheme'].value ? '' : 'scheme="' + this.xmlSpecialChars(this.dialogForm.controls['processScheme'].value) + '"') +
+ '>' + this.xmlSpecialChars(this.dialogForm.controls['processIdentifier'].value) + '</ProcessIdentifier>' +
'\n <ServiceEndpointList>' +
- '\n <Endpoint transportProfile="'+this.xmlSpecialChars(this.dialogForm.controls['transportProfile'].value)+'">' +
- '\n <EndpointURI>'+this.xmlSpecialChars(this.dialogForm.controls['endpointUrl'].value)+'</EndpointURI>' +
- '\n <Certificate>'+this.xmlSpecialChars(this.dialogForm.controls['endpointCertificate'].value)+'</Certificate>' +
- '\n <ServiceDescription>'+this.xmlSpecialChars(this.dialogForm.controls['serviceDescription'].value)+'</ServiceDescription>' +
- '\n <TechnicalContactUrl>'+this.xmlSpecialChars(this.dialogForm.controls['technicalContactUrl'].value)+'</TechnicalContactUrl>' +
+ '\n <Endpoint transportProfile="' + this.xmlSpecialChars(this.dialogForm.controls['transportProfile'].value) + '">' +
+ '\n <EndpointURI>' + this.xmlSpecialChars(this.dialogForm.controls['endpointUrl'].value) + '</EndpointURI>' +
+ '\n <Certificate>' + this.xmlSpecialChars(this.dialogForm.controls['endpointCertificate'].value) + '</Certificate>' +
+ '\n <ServiceDescription>' + this.xmlSpecialChars(this.dialogForm.controls['serviceDescription'].value) + '</ServiceDescription>' +
+ '\n <TechnicalContactUrl>' + this.xmlSpecialChars(this.dialogForm.controls['technicalContactUrl'].value) + '</TechnicalContactUrl>' +
'\n </Endpoint>' +
'\n </ServiceEndpointList>' +
'\n </Process>' +
diff --git a/smp-api/pom.xml b/smp-api/pom.xml
index cc564ad77520493ac34b45873f967f92222a3ed9..cd69fc7973c4d5f97b26c699753faf3378ff74cd 100644
--- a/smp-api/pom.xml
+++ b/smp-api/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>eu.europa.ec.edelivery</groupId>
<artifactId>smp-modules</artifactId>
- <version>4.2-RC2-SNAPSHOT</version>
+ <version>5.0-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@@ -46,6 +46,7 @@
<dependency>
<groupId>pl.pragmatists</groupId>
<artifactId>JUnitParams</artifactId>
+ <scope>test</scope>
</dependency>
<dependency>
<groupId>commons-io</groupId>
diff --git a/smp-docker/compose/tomcat-mysql-smp-sml/README.md b/smp-docker/compose/tomcat-mysql-smp-sml/README.md
index 4fd5846afc95ceccff6f53396dfbe74f5e124c47..f1dbe604a816cac0ae90b13f97860e822aab0861 100755
--- a/smp-docker/compose/tomcat-mysql-smp-sml/README.md
+++ b/smp-docker/compose/tomcat-mysql-smp-sml/README.md
@@ -1,5 +1,5 @@
-# Experiamental SMP docker image
-Purpose of compose plan is to startup fully functinal SMP environment for demo and testing. The plan contains
+# Experimental SMP docker image
+Purpose of compose plan is to startup fully functional SMP environment for demo and testing. The plan contains.
- MySql database
- SML services
- CAS instance (EULOGIN)
@@ -44,7 +44,6 @@ Users:
To use eulogin add the following hostname mappings (Linux: /etc/hosts, windows: C:\Windows\System32\drivers\etc\hosts
- and add the lines )
- 127.0.0.1 eulogin-mock-server
- 127.0.0.1 eulogin.protected.smp.local
diff --git a/smp-docker/compose/tomcat-mysql-smp-sml/runCompose.sh b/smp-docker/compose/tomcat-mysql-smp-sml/runCompose.sh
index d307d88e5f9987134ae23d391fbec46b31f43378..580e77db3030daebb3c335318c5d8f49a266b05a 100755
--- a/smp-docker/compose/tomcat-mysql-smp-sml/runCompose.sh
+++ b/smp-docker/compose/tomcat-mysql-smp-sml/runCompose.sh
@@ -8,10 +8,8 @@ SML_INIT_DATABASE_DATA="../../../smp-soapui-tests/groovy/mysql-4.1_integration_t
PREFIX="smp-sml-tomcat-mysql"
SMP_VERSION=
-# clear volume and containers - to run restart from strach
-
-# READ argumnets
+# READ arguments
while getopts i:v: option
do
case "${option}"
diff --git a/smp-docker/images/build-docker-images.sh b/smp-docker/images/build-docker-images.sh
index 9bf47f9a950a300f69046778d917891f10689fd1..9be88be6a2c2a9e89c0f048bc9485f86f73bb22e 100755
--- a/smp-docker/images/build-docker-images.sh
+++ b/smp-docker/images/build-docker-images.sh
@@ -36,7 +36,7 @@ SMP_ARTEFACTS="../../smp-webapp/target/"
SMP_ARTEFACTS_CLEAR="false"
SMP_IMAGE_PUBLISH="false"
-DOCKER_USER=$bamboo_DOCKER_USER
+DOCKER_USER=${bamboo_DOCKER_USER:-edeliverytest}$
DOCKER_PASSWORD=$bamboo_DOCKER_PASSWORD
DOCKER_REGISTRY_HOST=${bamboo_DOCKER_REGISTRY_HOST}
DOCKER_FOLDER=${bamboo_DOCKER_FOLDER:-${bamboo_DOCKER_USER}}
diff --git a/smp-docker/images/oracle/README.md b/smp-docker/images/oracle/README.md
index b73cbdce2826610be04b499b1f6fe9687382d3cc..9d5577a8fc5d70efa79360af02af89f96b8384bd 100644
--- a/smp-docker/images/oracle/README.md
+++ b/smp-docker/images/oracle/README.md
@@ -4,6 +4,6 @@ Folder contains oracle images needed to build database and weblogic from
In order to build those images following files must be downloaded from Oracle page
- OracleDB 11xe: oracle-xe-11.2.0-1.0.x86_64.rpm.zip or - OracleDB 19c: LINUX.X64_193000_db_home.zip
- Server JDK 1.8: server-jre-8u211-linux-x64.tar.gz (https://github.com/oracle/docker-images/tree/master/OracleJava)
- - weblogic 12.2.1.3: fmw_12.2.1.3.0_wls_quick_Disk1_1of1.zip
+ - weblogic 12.2.1.4: fmw_12.2.1.4.0_wls_quick_Disk1_1of1.zip
For building docer images check readme files on [Oracle docker git](https://github.com/oracle/docker-images/).
diff --git a/smp-docker/images/tomcat-mysql-smp-sml/Dockerfile b/smp-docker/images/tomcat-mysql-smp-sml/Dockerfile
index be14243e407d8087d2b8b055e08cdc5891ff84ce..2937ad03582b7da9381d0b3332633ed431988c79 100755
--- a/smp-docker/images/tomcat-mysql-smp-sml/Dockerfile
+++ b/smp-docker/images/tomcat-mysql-smp-sml/Dockerfile
@@ -20,10 +20,10 @@ ENV SMP_HOME=/opt/smp \
SMP_DB_USER_PASSWORD=smp \
MYSQL_ROOT_PASSWORD=root \
# sml environment variables
- SML_VERSION=4.0.1 \
+ SML_VERSION=4.2.RC1 \
SML_DISTRIBUTION_URL=https://ec.europa.eu/digital-building-blocks/artifact/repository/public/eu/europa/ec/bdmsl/bdmsl-webapp/ \
- SML_SHA512=b40d6ff717216635839e420f467b9dbf5cab87582babc103dea3ed7cbb0fd264f0755fc95607bb3d5ddbcd976a13f0d2170cbf824b3dfebb2ca046579a5d5278 \
- SML_SETUP_SHA512=dee04b6c60696c052f4807cc24df72a09dd7443e1c87df82967b08a02381c3042af338f726bc60f40e9428de301af8c317839d286ac58e37b5c7c6ae36c42468 \
+ SML_SHA512=2330e6caf557fd6a6e8725eb339c26cb2d06f0ca768fd1766989f5dec7557e41375ef61b65cad5d87fa478f3c468272880ebe8521bb66e8e7dee9bb16d0a3d51 \
+ SML_SETUP_SHA512=f9b7a9607f34f2d547acac13e7044df04fdf616b163f4cae8788f7b1eccd837c3db947458b4f55273d263f6af2e794c18d5216484cc8132e3cfd2dc176d9e1bf \
SML_DB_SCHEMA=sml \
SML_DB_USER=sml \
SML_DB_USER_PASSWORD=sml \
@@ -131,7 +131,7 @@ RUN unzip /tmp/artefacts/smp-setup.zip -d /tmp/ \
&& unzip /tmp/sml-setup.zip -d /tmp/ \
&& mv /tmp/bdmsl-webapp-$SML_VERSION /tmp/sml-setup \
&& cp /tmp/sml-setup/encriptionPrivateKey.private /opt/smlconf/encriptionPrivateKey.private \
- && cp /tmp/sml-setup/keystore.jks /opt/smlconf/keystore.jk \
+ && cp /tmp/sml-setup/keystore.jks /opt/smlconf/keystore.jks \
&& mkdir $SMP_HOME/apache-tomcat-$TOMCAT_VERSION/smp-libs \
&& chmod u+x /sbin/entrypoint.sh
diff --git a/smp-docker/images/weblogic-12.2-smp/container-scripts/init-scripts/deploySMPToDomain.sh b/smp-docker/images/weblogic-12.2-smp/container-scripts/init-scripts/deploySMPToDomain.sh
index e3112a4ee3008b19b0dab462a4f9e6f4081ca6fc..6fbaee5f78fda52d718cdd79391f29469d537cad 100755
--- a/smp-docker/images/weblogic-12.2-smp/container-scripts/init-scripts/deploySMPToDomain.sh
+++ b/smp-docker/images/weblogic-12.2-smp/container-scripts/init-scripts/deploySMPToDomain.sh
@@ -33,4 +33,4 @@ cp /u01/oracle/init/smp.war "${WL_DOMAIN_HOME}/"
ls -ltr "${WL_DOMAIN_HOME}/"
# Deploy Application
-wlst.sh -skipWLSModuleScanning /u01/oracle/smp-app-deploy.py
+wlst.sh -skipWLSModuleScanning "${ORACLE_HOME}"/smp-app-deploy.py
diff --git a/smp-examples/pom.xml b/smp-examples/pom.xml
index a85e2311c0855aaa72e912ff9edf24e069324ac0..79e3dc2c89503d24f70a299fb067c9a320fb52c8 100644
--- a/smp-examples/pom.xml
+++ b/smp-examples/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>eu.europa.ec.edelivery</groupId>
<artifactId>smp-modules</artifactId>
- <version>4.2-RC2-SNAPSHOT</version>
+ <version>5.0-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<artifactId>smp-examples</artifactId>
diff --git a/smp-examples/smp-spi-example/pom.xml b/smp-examples/smp-spi-example/pom.xml
index 91eea6e7d2c8755def075b1c0a5b6d2c5ea2d701..e079f8748e97d140f5e2434333c17a1960f9f001 100644
--- a/smp-examples/smp-spi-example/pom.xml
+++ b/smp-examples/smp-spi-example/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>eu.europa.ec.edelivery</groupId>
<artifactId>smp-modules</artifactId>
- <version>4.2-RC2-SNAPSHOT</version>
+ <version>5.0-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<properties>
diff --git a/smp-server-library/pom.xml b/smp-server-library/pom.xml
index 0dfd685d3bb854b3b64d85aafd4708d0c3a00ac8..aee87e12213a4ee2bda19689f8009a164ab5755c 100644
--- a/smp-server-library/pom.xml
+++ b/smp-server-library/pom.xml
@@ -16,7 +16,7 @@
<parent>
<groupId>eu.europa.ec.edelivery</groupId>
<artifactId>smp-modules</artifactId>
- <version>4.2-RC2-SNAPSHOT</version>
+ <version>5.0-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<artifactId>smp-server-library</artifactId>
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/ServiceGroupConverter.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/ServiceGroupConverter.java
index bbce5f4f957c5d074bace39e690d3af07095c014..b4b8dde29a5513a4e38116f12783f954335c1821 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/ServiceGroupConverter.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/ServiceGroupConverter.java
@@ -18,7 +18,6 @@ import eu.europa.ec.edelivery.smp.exceptions.ErrorCode;
import eu.europa.ec.edelivery.smp.exceptions.SMPRuntimeException;
import eu.europa.ec.edelivery.smp.logging.SMPLogger;
import eu.europa.ec.edelivery.smp.logging.SMPLoggerFactory;
-import eu.europa.ec.smp.api.Identifiers;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.oasis_open.docs.bdxr.ns.smp._2016._05.ExtensionType;
@@ -53,22 +52,22 @@ public class ServiceGroupConverter {
/**
* Class has only static members.
*/
- private ServiceGroupConverter() {
+ private ServiceGroupConverter() {
}
private static final String PARSER_DISALLOW_DTD_PARSING_FEATURE = "http://apache.org/xml/features/disallow-doctype-decl";
private static final SMPLogger LOG = SMPLoggerFactory.getLogger(ServiceGroupConverter.class);
- private static final ThreadLocal<Unmarshaller> jaxbUnmarshaller = ThreadLocal.withInitial( () -> {
+ private static final ThreadLocal<Unmarshaller> jaxbUnmarshaller = ThreadLocal.withInitial(() -> {
try {
JAXBContext jaxbContext = JAXBContext.newInstance(ServiceGroup.class);
return jaxbContext.createUnmarshaller();
- }catch(JAXBException ex) {
+ } catch (JAXBException ex) {
LOG.error("Error occurred while initializing JAXBContext for ServiceMetadata. Cause message:", ex);
}
return null;
- } );
+ });
private static Unmarshaller getUnmarshaller() {
@@ -77,6 +76,7 @@ public class ServiceGroupConverter {
/**
* Method umarshal ServiceGroup from xml string
+ *
* @param serviceGroupXml
* @return
*/
@@ -85,12 +85,13 @@ public class ServiceGroupConverter {
Document serviceGroupDoc = parse(serviceGroupXml);
return getUnmarshaller().unmarshal(serviceGroupDoc, ServiceGroup.class).getValue();
} catch (ParserConfigurationException | IOException | SAXException | JAXBException ex) {
- throw new SMPRuntimeException(ErrorCode.XML_PARSE_EXCEPTION,ex,ServiceGroup.class.getName(), ExceptionUtils.getRootCauseMessage(ex));
+ throw new SMPRuntimeException(ErrorCode.XML_PARSE_EXCEPTION, ex, ServiceGroup.class.getName(), ExceptionUtils.getRootCauseMessage(ex));
}
}
/**
* Method umarshal ServiceGroup from xml bytearraz
+ *
* @param serviceGroupXml
* @return
*/
@@ -99,7 +100,7 @@ public class ServiceGroupConverter {
try {
System.out.println("UNMARSHAL SERVICE GROUP " + new String(serviceGroupXml));
Document serviceGroupDoc = parse(serviceGroupXml);
- ServiceGroup serviceGroup = getUnmarshaller().unmarshal(serviceGroupDoc, ServiceGroup.class).getValue();
+ ServiceGroup serviceGroup = getUnmarshaller().unmarshal(serviceGroupDoc, ServiceGroup.class).getValue();
/*
if (serviceGroup!=null && serviceGroup.getParticipantIdentifier()!=null
&& StringUtils.isBlank(serviceGroup.getParticipantIdentifier().getScheme())
@@ -113,7 +114,7 @@ public class ServiceGroupConverter {
}*/
return serviceGroup;
} catch (ParserConfigurationException | IOException | SAXException | JAXBException ex) {
- throw new SMPRuntimeException(ErrorCode.XML_PARSE_EXCEPTION,ex,ServiceGroup.class.getName(), ExceptionUtils.getRootCauseMessage(ex));
+ throw new SMPRuntimeException(ErrorCode.XML_PARSE_EXCEPTION, ex, ServiceGroup.class.getName(), ExceptionUtils.getRootCauseMessage(ex));
}
}
@@ -125,28 +126,28 @@ public class ServiceGroupConverter {
* @param dsg - database service group entity
* @return Oasis ServiceGroup entity or null if parameter is null
*/
- public static ServiceGroup toServiceGroup(DBServiceGroup dsg, boolean concatenateEBCoreID){
+ public static ServiceGroup toServiceGroup(DBServiceGroup dsg, boolean concatenateEBCoreID) {
- if (dsg==null){
+ if (dsg == null) {
return null;
}
ServiceGroup serviceGroup = new ServiceGroup();
- String schema = dsg.getParticipantScheme();
- String value = dsg.getParticipantIdentifier();
- if (concatenateEBCoreID && StringUtils.startsWithIgnoreCase(schema, EBCORE_IDENTIFIER_PREFIX) ){
+ String schema = dsg.getParticipantScheme();
+ String value = dsg.getParticipantIdentifier();
+ if (concatenateEBCoreID && StringUtils.startsWithIgnoreCase(schema, EBCORE_IDENTIFIER_PREFIX)) {
value = schema + ":" + value;
schema = null;
}
ParticipantIdentifierType identifier = new ParticipantIdentifierType(value, schema);
serviceGroup.setParticipantIdentifier(identifier);
- if (dsg.getExtension()!=null){
+ if (dsg.getExtension() != null) {
try {
List<ExtensionType> extensions = ExtensionConverter.unmarshalExtensions(dsg.getExtension());
serviceGroup.getExtensions().addAll(extensions);
} catch (JAXBException e) {
- throw new SMPRuntimeException(INVALID_EXTENSION_FOR_SG, e, dsg.getParticipantIdentifier(),
- dsg.getParticipantScheme(),ExceptionUtils.getRootCauseMessage(e));
+ throw new SMPRuntimeException(INVALID_EXTENSION_FOR_SG, e, dsg.getParticipantIdentifier(),
+ dsg.getParticipantScheme(), ExceptionUtils.getRootCauseMessage(e));
}
}
serviceGroup.setServiceMetadataReferenceCollection(new ServiceMetadataReferenceCollectionType(new ArrayList()));
@@ -163,6 +164,7 @@ public class ServiceGroupConverter {
InputStream inputStream = new ByteArrayInputStream(serviceGroupXml);
return getDocumentBuilder().parse(inputStream);
}
+
private static DocumentBuilder getDocumentBuilder() throws ParserConfigurationException {
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
documentBuilderFactory.setNamespaceAware(true);
@@ -173,7 +175,7 @@ public class ServiceGroupConverter {
public static byte[] extractExtensionsPayload(ServiceGroup sg) {
try {
return ExtensionConverter.marshalExtensions(sg.getExtensions());
- } catch (JAXBException | XMLStreamException | IOException e) {
+ } catch (JAXBException | XMLStreamException | IOException e) {
throw new SMPRuntimeException(INVALID_EXTENSION_FOR_SG, e,
sg.getParticipantIdentifier().getValue(), sg.getParticipantIdentifier().getScheme(),
ExceptionUtils.getRootCauseMessage(e));
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDao.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDao.java
index 19b20bd99e97b9c3976ef8c4f21029e4d5fdf27e..e8762846bcc3118631684be271c10a988682e38f 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDao.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDao.java
@@ -89,7 +89,7 @@ public class ConfigurationDao extends BaseDao<DBConfiguration> {
@Transactional
public DBConfiguration setPropertyToDatabase(SMPPropertyEnum key, String value, String description) {
- File rootFolder = (File)getCachedPropertyValue(CONFIGURATION_DIR);
+ File rootFolder = getCachedPropertyValue(CONFIGURATION_DIR);
if (!PropertyUtils.isValidProperty(key, value, rootFolder)) {
throw new SMPRuntimeException(ErrorCode.CONFIGURATION_ERROR, key.getPropertyType().getErrorMessage(key.getProperty()));
}
@@ -155,12 +155,12 @@ public class ConfigurationDao extends BaseDao<DBConfiguration> {
return cachedProperties.getProperty(property, defValue);
}
- public Object getCachedPropertyValue(SMPPropertyEnum key) {
+ public <T extends Object> T getCachedPropertyValue(SMPPropertyEnum key) {
if (lastUpdate == null) {
// init properties
refreshProperties();
}
- return cachedPropertyValues.get(key.getProperty());
+ return (T) cachedPropertyValues.get(key.getProperty());
}
@Transactional
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/EntityROStatus.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/EntityROStatus.java
index cb3542bce51feaa26906fba132f51e3b9fd7f358..ca06c8a30cca07f3f9ad12a52025d4b92d725773 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/EntityROStatus.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/EntityROStatus.java
@@ -2,7 +2,7 @@ package eu.europa.ec.edelivery.smp.data.ui.enums;
/**
- * Enumeraton of Resourceobject statuse .
+ * Enumeration of Resource Object status.
* @author Joze Rihtarsic
* @since 4.1
*/
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPEnumConstants.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPEnumConstants.java
new file mode 100644
index 0000000000000000000000000000000000000000..430c4e4f18be8cc0a5654cf3589aba4a53defdf8
--- /dev/null
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPEnumConstants.java
@@ -0,0 +1,25 @@
+package eu.europa.ec.edelivery.smp.data.ui.enums;
+
+
+/**
+ * Enumeration constants. The purpose of the constants is to make enumeration configurations more transparent/readable
+ * ex:
+ * This is (see the boolean values)
+ * OUTPUT_CONTEXT_PATH("contextPath.output", "true", "This property controls pattern of URLs produced by SMP in GET ServiceGroup responses.",
+ * true, false, true, BOOLEAN),
+ * changed to:
+ * OUTPUT_CONTEXT_PATH("contextPath.output", "true", "This property controls pattern of URLs produced by SMP in GET ServiceGroup responses.",
+ * MANDATORY, NOT_ENCRYPTED, RESTART_NEEDED, BOOLEAN),
+ *
+ * @author Joze Rihtarsic
+ * @since 4.2
+ */
+public class SMPEnumConstants {
+
+ public static final boolean MANDATORY = true;
+ public static final boolean OPTIONAL = !MANDATORY;
+ public static final boolean ENCRYPTED = true;
+ public static final boolean NOT_ENCRYPTED = !ENCRYPTED;
+ public static final boolean RESTART_NEEDED = true;
+ public static final boolean NO_RESTART_NEEDED = !RESTART_NEEDED;
+}
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java
index 3f87455cd5a0552716ac63018482af3110302f83..8c85a419047b83296bb26b7d9da54a6c4765f057 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java
@@ -8,234 +8,355 @@ import java.util.Optional;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
+import static eu.europa.ec.edelivery.smp.data.ui.enums.SMPEnumConstants.*;
import static eu.europa.ec.edelivery.smp.data.ui.enums.SMPPropertyTypeEnum.*;
+
public enum SMPPropertyEnum {
- OUTPUT_CONTEXT_PATH("contextPath.output", "true", "This property controls pattern of URLs produced by SMP in GET ServiceGroup responses.", true, false, true, BOOLEAN),
- ENCODED_SLASHES_ALLOWED_IN_URL("encodedSlashesAllowedInUrl", "true", "Allow encoded slashes in context path. Set to true if slashes are are part of identifiers.", false, false, true, BOOLEAN),
- HTTP_FORWARDED_HEADERS_ENABLED("smp.http.forwarded.headers.enabled", "false", "Use (value true) or remove (value false) forwarded headers! There are security considerations for forwarded headers since an application cannot know if the headers were added by a proxy, as intended, or by a malicious client.", false, false, false, BOOLEAN),
- HTTP_HSTS_MAX_AGE("smp.http.httpStrictTransportSecurity.maxAge", "31536000", "How long(in seconds) HSTS should last in the browser's cache(default one year)", false, false, true, INTEGER),
- HTTP_HEADER_SEC_POLICY("smp.http.header.security.policy", "", "Content Security Policy (CSP) default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; form-action 'self';", false, false, true, STRING),
+ OUTPUT_CONTEXT_PATH("contextPath.output", "true", "This property controls pattern of URLs produced by SMP in GET ServiceGroup responses.",
+ MANDATORY, NOT_ENCRYPTED, RESTART_NEEDED, BOOLEAN),
+ ENCODED_SLASHES_ALLOWED_IN_URL("encodedSlashesAllowedInUrl", "true", "Allow encoded slashes in context path. Set to true if slashes are are part of identifiers.",
+ OPTIONAL, NOT_ENCRYPTED, RESTART_NEEDED, BOOLEAN),
+ HTTP_FORWARDED_HEADERS_ENABLED("smp.http.forwarded.headers.enabled", "false", "Use (value true) or remove (value false) forwarded headers! There are security considerations for forwarded headers since an application cannot know if the headers were added by a proxy, as intended, or by a malicious client.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
+ HTTP_HSTS_MAX_AGE("smp.http.httpStrictTransportSecurity.maxAge", "31536000", "How long(in seconds) HSTS should last in the browser's cache(default one year)",
+ OPTIONAL, NOT_ENCRYPTED, RESTART_NEEDED, INTEGER),
+ HTTP_HEADER_SEC_POLICY("smp.http.header.security.policy", "", "Content Security Policy (CSP) default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; form-action 'self';",
+ OPTIONAL, NOT_ENCRYPTED, RESTART_NEEDED, STRING),
// http proxy configuration
- HTTP_PROXY_HOST("smp.proxy.host", "", "The http proxy host", false, false, false, STRING),
- HTTP_NO_PROXY_HOSTS("smp.noproxy.hosts", "localhost|127.0.0.1", "list of nor proxy hosts. Ex.: localhost|127.0.0.1", false, false, false, STRING),
- HTTP_PROXY_PASSWORD("smp.proxy.password", "", "Base64 encrypted password for Proxy.", false, true, false, STRING),
- HTTP_PROXY_PORT("smp.proxy.port", "80", "The http proxy port", false, false, false, INTEGER),
- HTTP_PROXY_USER("smp.proxy.user", "", "The proxy user", false, false, false, STRING),
-
- PARTC_SCH_REGEXP("identifiersBehaviour.ParticipantIdentifierScheme.validationRegex", "^$|^(?!^.{26})([a-z0-9]+-[a-z0-9]+-[a-z0-9]+)$|^urn:oasis:names:tc:ebcore:partyid-type:(iso6523|unregistered)(:.+)?$", "Participant Identifier Schema of each PUT ServiceGroup request is validated against this schema.", false, false, false, REGEXP),
+ HTTP_PROXY_HOST("smp.proxy.host", "", "The http proxy host",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ HTTP_NO_PROXY_HOSTS("smp.noproxy.hosts", "localhost|127.0.0.1", "list of nor proxy hosts. Ex.: localhost|127.0.0.1",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ HTTP_PROXY_PASSWORD("smp.proxy.password", "", "Base64 encrypted password for Proxy.",
+ OPTIONAL, ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ HTTP_PROXY_PORT("smp.proxy.port", "80", "The http proxy port",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
+ HTTP_PROXY_USER("smp.proxy.user", "", "The proxy user",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+
+ PARTC_SCH_REGEXP("identifiersBehaviour.ParticipantIdentifierScheme.validationRegex", "^$|^(?!^.{26})([a-z0-9]+-[a-z0-9]+-[a-z0-9]+)$|^urn:oasis:names:tc:ebcore:partyid-type:(iso6523|unregistered)(:.+)?$", "Participant Identifier Schema of each PUT ServiceGroup request is validated against this schema.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, REGEXP),
PARTC_SCH_REGEXP_MSG("identifiersBehaviour.ParticipantIdentifierScheme.validationRegexMessage",
- "Participant scheme must start with:urn:oasis:names:tc:ebcore:partyid-type:(iso6523:|unregistered:) OR must be up to 25 characters long with form [domain]-[identifierArea]-[identifierType] (ex.: 'busdox-actorid-upis') and may only contain the following characters: [a-z0-9].", "Error message for UI", false, false, false, STRING),
- PARTC_SCH_MANDATORY("identifiersBehaviour.scheme.mandatory", "true", "Scheme for participant identifier is mandatory", false, false, false, BOOLEAN),
+ "Participant scheme must start with:urn:oasis:names:tc:ebcore:partyid-type:(iso6523:|unregistered:) OR must be up to 25 characters long with form [domain]-[identifierArea]-[identifierType] (ex.: 'busdox-actorid-upis') and may only contain the following characters: [a-z0-9].", "Error message for UI",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ PARTC_SCH_MANDATORY("identifiersBehaviour.scheme.mandatory", "true", "Scheme for participant identifier is mandatory",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
- PARTC_EBCOREPARTYID_CONCATENATE("identifiersBehaviour.ParticipantIdentifierScheme.ebCoreId.concatenate",
- "false", "Concatenate ebCore party id in XML responses <ParticipantIdentifier>urn:oasis:names:tc:ebcore:partyid-type:unregistered:test-ebcore-id</ParticipantIdentifier>", false, false, false, BOOLEAN),
+ PARTC_EBCOREPARTYID_CONCATENATE("identifiersBehaviour.ParticipantIdentifierScheme.ebCoreId.concatenate", "false",
+ "Concatenate ebCore party id in XML responses <ParticipantIdentifier>urn:oasis:names:tc:ebcore:partyid-type:unregistered:test-ebcore-id</ParticipantIdentifier>",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
- CS_PARTICIPANTS("identifiersBehaviour.caseSensitive.ParticipantIdentifierSchemes", "sensitive-participant-sc1|sensitive-participant-sc2", "Specifies schemes of participant identifiers that must be considered CASE-SENSITIVE.", false, false, false, LIST_STRING),
- CS_DOCUMENTS("identifiersBehaviour.caseSensitive.DocumentIdentifierSchemes", "casesensitive-doc-scheme1|casesensitive-doc-scheme2", "Specifies schemes of document identifiers that must be considered CASE-SENSITIVE.", false, false, false, LIST_STRING),
+ CS_PARTICIPANTS("identifiersBehaviour.caseSensitive.ParticipantIdentifierSchemes", "sensitive-participant-sc1|sensitive-participant-sc2", "Specifies schemes of participant identifiers that must be considered CASE-SENSITIVE.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, LIST_STRING),
+ CS_DOCUMENTS("identifiersBehaviour.caseSensitive.DocumentIdentifierSchemes", "casesensitive-doc-scheme1|casesensitive-doc-scheme2", "Specifies schemes of document identifiers that must be considered CASE-SENSITIVE.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, LIST_STRING),
// SML integration!
- SML_ENABLED("bdmsl.integration.enabled", "false", "BDMSL (SML) integration ON/OFF switch", false, false, false, BOOLEAN),
- SML_PARTICIPANT_MULTIDOMAIN("bdmsl.participant.multidomain.enabled", "false", "Set to true if SML support participant on multidomain", false, false, true, BOOLEAN),
- SML_URL("bdmsl.integration.url", "http://localhost:8080/edelivery-sml", "BDMSL (SML) endpoint", false, false, false, URL),
- SML_TLS_DISABLE_CN_CHECK("bdmsl.integration.tls.disableCNCheck", "false", "If SML Url is HTTPs - Disable CN check if needed.", false, false, false, BOOLEAN),
- SML_TLS_SERVER_CERT_SUBJECT_REGEXP("bdmsl.integration.tls.serverSubjectRegex", ".*", "Regular expression for server TLS certificate subject verification CertEx. .*CN=acc.edelivery.tech.ec.europa.eu.*.", false, false, false, REGEXP),
- SML_TLS_TRUSTSTORE_USE_SYSTEM_DEFAULT("bdmsl.integration.tls.useSystemDefaultTruststore", "false", "If true use system default truststore for trusting TLS server certificate (Legacy behaviour to SMP 4.1 version), else use SMP truststore", false, false, false, BOOLEAN),
- SML_LOGICAL_ADDRESS("bdmsl.integration.logical.address", "http://localhost:8080/smp/", "Logical SMP endpoint which will be registered on SML when registering new domain", false, false, false, URL),
- SML_PHYSICAL_ADDRESS("bdmsl.integration.physical.address", "0.0.0.0", "Physical SMP endpoint which will be registered on SML when registering new domain.", false, false, false, STRING),
+ SML_ENABLED("bdmsl.integration.enabled", "false", "BDMSL (SML) integration ON/OFF switch",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
+ SML_PARTICIPANT_MULTIDOMAIN("bdmsl.participant.multidomain.enabled", "false", "Set to true if SML support participant on multidomain",
+ OPTIONAL, NOT_ENCRYPTED, RESTART_NEEDED, BOOLEAN),
+ SML_URL("bdmsl.integration.url", "http://localhost:8080/edelivery-sml", "BDMSL (SML) endpoint",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, URL),
+ SML_TLS_DISABLE_CN_CHECK("bdmsl.integration.tls.disableCNCheck", "false", "If SML Url is HTTPs - Disable CN check if needed.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
+ SML_TLS_SERVER_CERT_SUBJECT_REGEXP("bdmsl.integration.tls.serverSubjectRegex", ".*", "Regular expression for server TLS certificate subject verification CertEx. .*CN=acc.edelivery.tech.ec.europa.eu.*.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, REGEXP),
+ SML_TLS_TRUSTSTORE_USE_SYSTEM_DEFAULT("bdmsl.integration.tls.useSystemDefaultTruststore", "false", "If true use system default truststore for trusting TLS server certificate (Legacy behaviour to SMP 4.1 version), else use SMP truststore",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
+ SML_LOGICAL_ADDRESS("bdmsl.integration.logical.address", "http://localhost:8080/smp/", "Logical SMP endpoint which will be registered on SML when registering new domain",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, URL),
+ SML_PHYSICAL_ADDRESS("bdmsl.integration.physical.address", "0.0.0.0", "Physical SMP endpoint which will be registered on SML when registering new domain.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
// keystore truststore
- KEYSTORE_PASSWORD("smp.keystore.password", "", "Encrypted keystore (and keys) password ", false, true, false, STRING),
- KEYSTORE_FILENAME("smp.keystore.filename", "smp-keystore.jks", "Keystore filename ", true, false, false, FILENAME),
- TRUSTSTORE_PASSWORD("smp.truststore.password", "", "Encrypted truststore password ", false, true, false, STRING),
- TRUSTSTORE_FILENAME("smp.truststore.filename", "", "Truststore filename ", false, false, false, FILENAME),
+ KEYSTORE_PASSWORD("smp.keystore.password", "", "Encrypted keystore (and keys) password ",
+ OPTIONAL, ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ KEYSTORE_TYPE("smp.keystore.type", "JKS", "Keystore type as JKS/PKCS12",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ KEYSTORE_FILENAME("smp.keystore.filename", "smp-keystore.jks", "Keystore filename ",
+ MANDATORY, NOT_ENCRYPTED, NO_RESTART_NEEDED, FILENAME),
+ TRUSTSTORE_TYPE("smp.truststore.type", "JKS", "Truststore type as JKS/PKCS12",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ TRUSTSTORE_PASSWORD("smp.truststore.password", "", "Encrypted truststore password ",
+ OPTIONAL, ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ TRUSTSTORE_FILENAME("smp.truststore.filename", "", "Truststore filename ",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, FILENAME),
TRUSTSTORE_ADD_CERT_ON_USER_UPDATE("smp.truststore.add.cert.onUserRegistration",
- "false", "Automatically add certificate to truststore when assigned to user.", false, false, false, BOOLEAN),
- CERTIFICATE_CRL_FORCE("smp.certificate.crl.force", "false", "If false then if CRL is not reachable ignore CRL validation", false, false, false, BOOLEAN),
- CONFIGURATION_DIR("configuration.dir", "smp", "Path to the folder containing all the configuration files (keystore and encryption key)", true, false, true, PATH),
- ENCRYPTION_FILENAME("encryption.key.filename", "encryptionPrivateKey.private", "Key filename to encrypt passwords", false, false, true, FILENAME),
- KEYSTORE_PASSWORD_DECRYPTED("smp.keystore.password.decrypted", "", "Only for backup purposes when password is automatically created. Store password somewhere save and delete this entry!", false, false, false, STRING),
- TRUSTSTORE_PASSWORD_DECRYPTED("smp.truststore.password.decrypted", "", "Only for backup purposes when password is automatically created. Store password somewhere save and delete this entry!", false, false, false, STRING),
- CERTIFICATE_ALLOWED_CERTIFICATEPOLICY_OIDS("smp.certificate.validation.allowedCertificatePolicyOIDs","","List of certificate policy OIDs separated by | where at least one must be in the CertifictePolicy extension", false, false,false, LIST_STRING),
- CERTIFICATE_SUBJECT_REGULAR_EXPRESSION("smp.certificate.validation.subjectRegex",".*","Regular expression to validate subject of the certificate", false, false,false, REGEXP),
-
- SMP_PROPERTY_REFRESH_CRON("smp.property.refresh.cronJobExpression", "0 48 */1 * * *", "Property refresh cron expression (def 12 minutes to each hour). Property change is refreshed at restart!", false, false, false, CRON_EXPRESSION),
+ "false", "Automatically add certificate to truststore when assigned to user.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
+ CERTIFICATE_CRL_FORCE("smp.certificate.crl.force", "false", "If false then if CRL is not reachable ignore CRL validation",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
+ CONFIGURATION_DIR("configuration.dir", "smp", "Path to the folder containing all the configuration files (keystore and encryption key)",
+ MANDATORY, NOT_ENCRYPTED, RESTART_NEEDED, PATH),
+ ENCRYPTION_FILENAME("encryption.key.filename", "encryptionPrivateKey.private", "Key filename to encrypt passwords",
+ OPTIONAL, NOT_ENCRYPTED, RESTART_NEEDED, FILENAME),
+ KEYSTORE_PASSWORD_DECRYPTED("smp.keystore.password.decrypted", "", "Only for backup purposes when password is automatically created. Store password somewhere save and delete this entry!",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ TRUSTSTORE_PASSWORD_DECRYPTED("smp.truststore.password.decrypted", "", "Only for backup purposes when password is automatically created. Store password somewhere save and delete this entry!",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ CERTIFICATE_ALLOWED_CERTIFICATEPOLICY_OIDS("smp.certificate.validation.allowedCertificatePolicyOIDs", "", "List of certificate policy OIDs separated by | where at least one must be in the CertifictePolicy extension",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, LIST_STRING),
+ CERTIFICATE_SUBJECT_REGULAR_EXPRESSION("smp.certificate.validation.subjectRegex", ".*", "Regular expression to validate subject of the certificate",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, REGEXP),
+
+ SMP_PROPERTY_REFRESH_CRON("smp.property.refresh.cronJobExpression", "0 48 */1 * * *", "Property refresh cron expression (def 12 minutes to each hour). Property change is refreshed at restart!",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, CRON_EXPRESSION),
// UI COOKIE configuration
- UI_COOKIE_SESSION_SECURE("smp.ui.session.secure", "false", "Cookie is only sent to the server when a request is made with the https: scheme (except on localhost), and therefore is more resistant to man-in-the-middle attacks.", false, false, false, BOOLEAN),
- UI_COOKIE_SESSION_MAX_AGE("smp.ui.session.max-age", "", "Number of seconds until the cookie expires. A zero or negative number will expire the cookie immediately. Empty value will not set parameter", false, false, false, INTEGER),
- UI_COOKIE_SESSION_SITE("smp.ui.session.strict", "Lax", "Controls whether a cookie is sent with cross-origin requests, providing some protection against cross-site request forgery attacks. Possible values are: Strict, None, Lax. (Cookies with SameSite=None require a secure context/HTTPS)!!)", false, false, false, STRING),
- UI_COOKIE_SESSION_PATH("smp.ui.session.path", "", "A path that must exist in the requested URL, or the browser won't send the Cookie header. Null/Empty value sets the authentication requests context by default. The forward slash (/) character is interpreted as a directory separator, and subdirectories will be matched as well: for Path=/docs, /docs, /docs/Web/, and /docs/Web/HTTP will all match", false, false, false, STRING),
- UI_COOKIE_SESSION_IDLE_TIMEOUT_ADMIN("smp.ui.session.idle_timeout.admin", "300", "Specifies the time, in seconds, between client requests before the SMP will invalidate session for ADMIN users (System)!", false, false, false, INTEGER),
- UI_COOKIE_SESSION_IDLE_TIMEOUT_USER("smp.ui.session.idle_timeout.user", "1800", "Specifies the time, in seconds, between client requests before the SMP will invalidate session for users (Service group, SMP Admin)", false, false, false, INTEGER),
- SMP_CLUSTER_ENABLED("smp.cluster.enabled", "false", "Define if application is set in cluster. In not cluster environment, properties are updated on setProperty.", false, false,false, BOOLEAN),
-
- PASSWORD_POLICY_REGULAR_EXPRESSION("smp.passwordPolicy.validationRegex","^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[~`!@#$%^&+=\\-_<>.,?:;*/()|\\[\\]{}'\"\\\\]).{16,32}$",
- "Password minimum complexity rules!", false, false,false, REGEXP),
-
- PASSWORD_POLICY_MESSAGE("smp.passwordPolicy.validationMessage","Minimum length: 16 characters;Maximum length: 32 characters;At least one letter in lowercase;At least one letter in uppercase;At least one digit;At least one special character",
- "The error message shown to the user in case the password does not follow the regex put in the domibus.passwordPolicy.pattern property", false, false,false, STRING),
- PASSWORD_POLICY_VALID_DAYS("smp.passwordPolicy.validDays","90",
- "Number of days password is valid", false, false,false, INTEGER),
- PASSWORD_POLICY_WARNING_DAYS_BEFORE_EXPIRE("smp.passwordPolicy.warning.beforeExpiration","15",
- "How many days before expiration should the UI warn users at login", false, false,false, INTEGER),
-
- PASSWORD_POLICY_FORCE_CHANGE_EXPIRED("smp.passwordPolicy.expired.forceChange","true",
- "Force change password at UI login if expired", false, false,false, BOOLEAN),
-
- USER_LOGIN_FAIL_DELAY("smp.user.login.fail.delay","1000",
- "Delay response in ms on invalid username or password", false, false,false, INTEGER),
-
- USER_MAX_FAILED_ATTEMPTS("smp.user.login.maximum.attempt","5",
+ UI_COOKIE_SESSION_SECURE("smp.ui.session.secure", "false", "Cookie is only sent to the server when a request is made with the https: scheme (except on localhost), and therefore is more resistant to man-in-the-middle attacks.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
+ UI_COOKIE_SESSION_MAX_AGE("smp.ui.session.max-age", "", "Number of seconds until the cookie expires. A zero or negative number will expire the cookie immediately. Empty value will not set parameter",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
+ UI_COOKIE_SESSION_SITE("smp.ui.session.strict", "Lax", "Controls whether a cookie is sent with cross-origin requests, providing some protection against cross-site request forgery attacks. Possible values are: Strict, None, Lax. (Cookies with SameSite=None require a secure context/HTTPS)!!)",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ UI_COOKIE_SESSION_PATH("smp.ui.session.path", "", "A path that must exist in the requested URL, or the browser won't send the Cookie header. Null/Empty value sets the authentication requests context by default. The forward slash (/) character is interpreted as a directory separator, and subdirectories will be matched as well: for Path=/docs, /docs, /docs/Web/, and /docs/Web/HTTP will all match",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ UI_COOKIE_SESSION_IDLE_TIMEOUT_ADMIN("smp.ui.session.idle_timeout.admin", "300", "Specifies the time, in seconds, between client requests before the SMP will invalidate session for ADMIN users (System)!",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
+ UI_COOKIE_SESSION_IDLE_TIMEOUT_USER("smp.ui.session.idle_timeout.user", "1800", "Specifies the time, in seconds, between client requests before the SMP will invalidate session for users (Service group, SMP Admin)",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
+ SMP_CLUSTER_ENABLED("smp.cluster.enabled", "false", "Define if application is set in cluster. In not cluster environment, properties are updated on setProperty.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
+
+ PASSWORD_POLICY_REGULAR_EXPRESSION("smp.passwordPolicy.validationRegex", "^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[~`!@#$%^&+=\\-_<>.,?:;*/()|\\[\\]{}'\"\\\\]).{16,32}$",
+ "Password minimum complexity rules!",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, REGEXP),
+
+ PASSWORD_POLICY_MESSAGE("smp.passwordPolicy.validationMessage", "Minimum length: 16 characters;Maximum length: 32 characters;At least one letter in lowercase;At least one letter in uppercase;At least one digit;At least one special character",
+ "The error message shown to the user in case the password does not follow the regex put in the domibus.passwordPolicy.pattern property",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ PASSWORD_POLICY_VALID_DAYS("smp.passwordPolicy.validDays", "90", "Number of days password is valid",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
+ PASSWORD_POLICY_WARNING_DAYS_BEFORE_EXPIRE("smp.passwordPolicy.warning.beforeExpiration", "15",
+ "How many days before expiration should the UI warn users at login",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
+
+ PASSWORD_POLICY_FORCE_CHANGE_EXPIRED("smp.passwordPolicy.expired.forceChange", "true",
+ "Force change password at UI login if expired",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
+
+ USER_LOGIN_FAIL_DELAY("smp.user.login.fail.delay", "1000",
+ "Delay response in ms on invalid username or password",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
+
+ USER_MAX_FAILED_ATTEMPTS("smp.user.login.maximum.attempt", "5",
"The number of sequence login attempts when the user credentials get suspended. The login attempt count as a sequence login" +
- " if there is less time between login attempts than defined in property: smp.user.login.suspension.time!", false, false,false, INTEGER),
- USER_SUSPENSION_TIME("smp.user.login.suspension.time","3600",
- "Time in seconds for a suspended user to be reactivated. (if 0 the user will not be reactivated)", false, false,false, INTEGER),
-
- ACCESS_TOKEN_POLICY_VALID_DAYS("smp.accessToken.validDays","60",
- "Number of days access token is valid is valid", false, false,false, INTEGER),
- ACCESS_TOKEN_MAX_FAILED_ATTEMPTS("smp.accessToken.login.maximum.attempt","10",
- "Number of accessToken login attempt before the accessToken is deactivated", false, false,false, INTEGER),
- ACCESS_TOKEN_SUSPENSION_TIME("smp.accessToken.login.suspension.time","3600",
- "Time in seconds for a suspended accessToken to be reactivated. (if 0 the user will not be reactivated)", false, false,false, INTEGER),
- ACCESS_TOKEN_FAIL_DELAY("smp.accessToken.login.fail.delay","1000",
- "Delay in ms on invalid token id or token", false, false,false, INTEGER),
+ " if there is less time between login attempts than defined in property: smp.user.login.suspension.time!",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
+ USER_SUSPENSION_TIME("smp.user.login.suspension.time", "3600",
+ "Time in seconds for a suspended user to be reactivated. (if 0 the user will not be reactivated)",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
+
+ ACCESS_TOKEN_POLICY_VALID_DAYS("smp.accessToken.validDays", "60",
+ "Number of days access token is valid is valid",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
+ ACCESS_TOKEN_MAX_FAILED_ATTEMPTS("smp.accessToken.login.maximum.attempt", "10",
+ "Number of accessToken login attempt before the accessToken is deactivated",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
+ ACCESS_TOKEN_SUSPENSION_TIME("smp.accessToken.login.suspension.time", "3600",
+ "Time in seconds for a suspended accessToken to be reactivated. (if 0 the user will not be reactivated)",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
+ ACCESS_TOKEN_FAIL_DELAY("smp.accessToken.login.fail.delay", "1000",
+ "Delay in ms on invalid token id or token",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
// authentication
- UI_AUTHENTICATION_TYPES("smp.ui.authentication.types", "PASSWORD", "Set list of '|' separated authentication types: PASSWORD|SSO.", false, false, false, LIST_STRING),
+ UI_AUTHENTICATION_TYPES("smp.ui.authentication.types", "PASSWORD", "Set list of '|' separated authentication types: PASSWORD|SSO.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, LIST_STRING),
AUTOMATION_AUTHENTICATION_TYPES("smp.automation.authentication.types", "TOKEN|CERTIFICATE",
- "Set list of '|' separated application-automation authentication types (Web-Service integration). Currently supported TOKEN, CERTIFICATE: ex. TOKEN|CERTIFICATE", false, false, false, LIST_STRING
- ),
+ "Set list of '|' separated application-automation authentication types (Web-Service integration). Currently supported TOKEN, CERTIFICATE: ex. TOKEN|CERTIFICATE",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, LIST_STRING
+ ),
EXTERNAL_TLS_AUTHENTICATION_CLIENT_CERT_HEADER_ENABLED("smp.automation.authentication.external.tls.clientCert.enabled", "false",
"Authentication with external module as: reverse proxy. Authenticated data are send send to application using 'Client-Cert' HTTP header. Do not enable this feature " +
- "without properly configured reverse-proxy!", false, false, false, BOOLEAN),
+ "without properly configured reverse-proxy!",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
EXTERNAL_TLS_AUTHENTICATION_CERTIFICATE_HEADER_ENABLED("smp.automation.authentication.external.tls.SSLClientCert.enabled", "false",
"Authentication with external module as: reverse proxy. Authenticated certificate is send to application using 'SSLClientCert' HTTP header. Do not enable this feature " +
- "without properly configured reverse-proxy!", false, false, false, BOOLEAN),
+ "without properly configured reverse-proxy!",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
// SSO configuration
- SSO_CAS_UI_LABEL("smp.sso.cas.ui.label", "EU Login", "The SSO service provider label.", false, false, true, STRING),
- SSO_CAS_URL("smp.sso.cas.url", "http://localhost:8080/cas/", "The SSO CAS URL endpoint", false, false, true, URL),
- SSO_CAS_URL_PATH_LOGIN("smp.sso.cas.urlPath.login", "login", "The CAS URL path for login. Complete URL is composed from parameters: ${smp.sso.cas.url}/${smp.sso.cas.urlpath.login}.", false, false, true, STRING),
- SSO_CAS_CALLBACK_URL("smp.sso.cas.callback.url", "http://localhost:8080/smp/ui/public/rest/security/cas", "The URL is the callback URL belonging to the local SMP Security System. If using RP make sure it target SMP path '/ui/public/rest/security/cas'", false, false, true, URL),
- SSO_CAS_SMP_LOGIN_URI("smp.sso.cas.smp.urlPath", "/smp/ui/public/rest/security/cas", "SMP relative path which triggers CAS authentication", false, false, true, STRING),
- SSO_CAS_SMP_USER_DATA_URL_PATH("smp.sso.cas.smp.user.data.urlPath", "userdata/myAccount.cgi", "Relative path for CAS user data. Complete URL is composed from parameters: ${smp.sso.cas.url}/${smp.sso.cas.smp.user.data.urlpath}.", false, false, true, STRING),
- SSO_CAS_TOKEN_VALIDATION_URL_PATH("smp.sso.cas.token.validation.urlPath", "laxValidate", "The CAS URL path for login. Complete URL is composed from parameters: ${smp.sso.cas.url}/${smp.sso.cas.token.validation.urlpath}.", false, false, true, STRING),
- SSO_CAS_TOKEN_VALIDATION_PARAMS("smp.sso.cas.token.validation.params", "acceptStrengths:BASIC,CLIENT_CERT|assuranceLevel:TOP", "The CAS token validation key:value properties separated with '|'.Ex: 'acceptStrengths:BASIC,CLIENT_CERT|assuranceLevel:TOP'", false, false, true, MAP_STRING),
- SSO_CAS_TOKEN_VALIDATION_GROUPS("smp.sso.cas.token.validation.groups", "DIGIT_SMP|DIGIT_ADMIN", "'|' separated CAS groups user must belong to.", false, false, true, LIST_STRING),
-
- MAIL_SERVER_HOST("mail.smtp.host", "", "Email server - configuration for submitting the emails.", false,false, false, STRING),
- MAIL_SERVER_PORT("mail.smtp.port", "25", "Smtp mail port - configuration for submitting the emails.", false,false, false,INTEGER),
- MAIL_SERVER_PROTOCOL("mail.smtp.protocol", "smtp", "smtp mail protocol- configuration for submitting the emails.", false,false,false, STRING),
- MAIL_SERVER_USERNAME("mail.smtp.username", "", "smtp mail protocol- username for submitting the emails.", false,false,false, STRING),
- MAIL_SERVER_PASSWORD("mail.smtp.password", "", "smtp mail protocol - encrypted password for submitting the emails.", false,true,false, STRING),
- MAIL_SERVER_PROPERTIES("mail.smtp.properties", "", " key:value properties separated with '|'.Ex: mail.smtp.auth:true|mail.smtp.starttls.enable:true|mail.smtp.quitwait:false.", false, false,false, MAP_STRING),
+ SSO_CAS_UI_LABEL("smp.sso.cas.ui.label", "EU Login", "The SSO service provider label.",
+ OPTIONAL, NOT_ENCRYPTED, RESTART_NEEDED, STRING),
+ SSO_CAS_URL("smp.sso.cas.url", "http://localhost:8080/cas/", "The SSO CAS URL endpoint",
+ OPTIONAL, NOT_ENCRYPTED, RESTART_NEEDED, URL),
+ SSO_CAS_URL_PATH_LOGIN("smp.sso.cas.urlPath.login", "login", "The CAS URL path for login. Complete URL is composed from parameters: ${smp.sso.cas.url}/${smp.sso.cas.urlpath.login}.",
+ OPTIONAL, NOT_ENCRYPTED, RESTART_NEEDED, STRING),
+ SSO_CAS_CALLBACK_URL("smp.sso.cas.callback.url", "http://localhost:8080/smp/ui/public/rest/security/cas", "The URL is the callback URL belonging to the local SMP Security System. If using RP make sure it target SMP path '/ui/public/rest/security/cas'",
+ OPTIONAL, NOT_ENCRYPTED, RESTART_NEEDED, URL),
+ SSO_CAS_SMP_LOGIN_URI("smp.sso.cas.smp.urlPath", "/smp/ui/public/rest/security/cas", "SMP relative path which triggers CAS authentication",
+ OPTIONAL, NOT_ENCRYPTED, RESTART_NEEDED, STRING),
+ SSO_CAS_SMP_USER_DATA_URL_PATH("smp.sso.cas.smp.user.data.urlPath", "userdata/myAccount.cgi", "Relative path for CAS user data. Complete URL is composed from parameters: ${smp.sso.cas.url}/${smp.sso.cas.smp.user.data.urlpath}.",
+ OPTIONAL, NOT_ENCRYPTED, RESTART_NEEDED, STRING),
+ SSO_CAS_TOKEN_VALIDATION_URL_PATH("smp.sso.cas.token.validation.urlPath", "laxValidate", "The CAS URL path for login. Complete URL is composed from parameters: ${smp.sso.cas.url}/${smp.sso.cas.token.validation.urlpath}.",
+ OPTIONAL, NOT_ENCRYPTED, RESTART_NEEDED, STRING),
+ SSO_CAS_TOKEN_VALIDATION_PARAMS("smp.sso.cas.token.validation.params", "acceptStrengths:BASIC,CLIENT_CERT|assuranceLevel:TOP", "The CAS token validation key:value properties separated with '|'.Ex: 'acceptStrengths:BASIC,CLIENT_CERT|assuranceLevel:TOP'",
+ OPTIONAL, NOT_ENCRYPTED, RESTART_NEEDED, MAP_STRING),
+ SSO_CAS_TOKEN_VALIDATION_GROUPS("smp.sso.cas.token.validation.groups", "DIGIT_SMP|DIGIT_ADMIN", "'|' separated CAS groups user must belong to.",
+ OPTIONAL, NOT_ENCRYPTED, RESTART_NEEDED, LIST_STRING),
+
+ MAIL_SERVER_HOST("mail.smtp.host", "", "Email server - configuration for submitting the emails.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ MAIL_SERVER_PORT("mail.smtp.port", "25", "Smtp mail port - configuration for submitting the emails.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
+ MAIL_SERVER_PROTOCOL("mail.smtp.protocol", "smtp", "smtp mail protocol- configuration for submitting the emails.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ MAIL_SERVER_USERNAME("mail.smtp.username", "", "smtp mail protocol- username for submitting the emails.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ MAIL_SERVER_PASSWORD("mail.smtp.password", "", "smtp mail protocol - encrypted password for submitting the emails.",
+ OPTIONAL, ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ MAIL_SERVER_PROPERTIES("mail.smtp.properties", "", " key:value properties separated with '|'.Ex: mail.smtp.auth:true|mail.smtp.starttls.enable:true|mail.smtp.quitwait:false.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, MAP_STRING),
ALERT_USER_LOGIN_FAILURE_ENABLED("smp.alert.user.login_failure.enabled",
- "false", "Enable/disable the login failure alert of the authentication module.", false, false,false, BOOLEAN),
+ "false", "Enable/disable the login failure alert of the authentication module.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
ALERT_USER_LOGIN_FAILURE_LEVEL("smp.alert.user.login_failure.level",
- "LOW", "Alert level for login failure. Values: {LOW, MEDIUM, HIGH}", false, false,false, STRING,
+ "LOW", "Alert level for login failure. Values: {LOW, MEDIUM, HIGH}",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
"^(LOW|MEDIUM|HIGH)$", "Allowed values are: LOW, MEDIUM, HIGH"),
ALERT_USER_LOGIN_FAILURE_MAIL_SUBJECT("smp.alert.user.login_failure.mail.subject",
- "Login failure", "Login failure mail subject.", false, false,false, STRING,
- "^(.{0,255})$", "Subject must have less than 256 character" ),
+ "Login failure", "Login failure mail subject.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
+ "^(.{0,255})$", "Subject must have less than 256 character"),
ALERT_USER_SUSPENDED_ENABLED("smp.alert.user.suspended.enabled",
- "true", "Enable/disable the login suspended alert of the authentication module.", false, false,false, BOOLEAN),
+ "true", "Enable/disable the login suspended alert of the authentication module.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
ALERT_USER_SUSPENDED_LEVEL("smp.alert.user.suspended.level",
- "HIGH", "Alert level for login suspended. Values: {LOW, MEDIUM, HIGH}", false, false,false, STRING,
+ "HIGH", "Alert level for login suspended. Values: {LOW, MEDIUM, HIGH}",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
"^(LOW|MEDIUM|HIGH)$", "Allowed values are: LOW, MEDIUM, HIGH"),
ALERT_USER_SUSPENDED_MAIL_SUBJECT("smp.alert.user.suspended.mail.subject",
- "Login credentials suspended", "Login suspended mail subject.", false, false,false, STRING,
+ "Login credentials suspended", "Login suspended mail subject.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
"^(.{0,255})$", "Subject must have less than 256 character"),
ALERT_USER_SUSPENDED_MOMENT("smp.alert.user.suspended.mail.moment",
"WHEN_BLOCKED", "When should the account disabled alert be triggered. Values: AT_LOGON: An alert will submit mail for all logon attempts to suspended account, WHEN_BLOCKED: An alert will be triggered only the first time when the account got suspended.",
- false, false,false, STRING, "^(AT_LOGON|WHEN_BLOCKED)$", "Allowed values are: AT_LOGON,WHEN_BLOCKED" ),
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING, "^(AT_LOGON|WHEN_BLOCKED)$", "Allowed values are: AT_LOGON,WHEN_BLOCKED"),
ALERT_PASSWORD_BEFORE_EXPIRATION_ENABLED("smp.alert.password.imminent_expiration.enabled",
- "true", "Enable/disable the imminent password expiration alert", false, false,false, BOOLEAN),
+ "true", "Enable/disable the imminent password expiration alert",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
ALERT_PASSWORD_BEFORE_EXPIRATION_PERIOD("smp.alert.password.imminent_expiration.delay_days",
- "15", "Number of days before expiration as for how long before expiration the system should send alerts.", false, false,false, INTEGER),
+ "15", "Number of days before expiration as for how long before expiration the system should send alerts.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
ALERT_PASSWORD_BEFORE_EXPIRATION_INTERVAL("smp.alert.password.imminent_expiration.frequency_days",
- "5", "Interval between alerts.", false, false,false, INTEGER),
+ "5", "Interval between alerts.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
ALERT_PASSWORD_BEFORE_EXPIRATION_LEVEL("smp.alert.password.imminent_expiration.level",
- "LOW", "Password imminent expiration alert level. Values: {LOW, MEDIUM, HIGH}", false, false,false, STRING,
+ "LOW", "Password imminent expiration alert level. Values: {LOW, MEDIUM, HIGH}",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
"^(LOW|MEDIUM|HIGH)$", "Allowed values are: LOW, MEDIUM, HIGH"),
ALERT_PASSWORD_BEFORE_EXPIRATION_MAIL_SUBJECT("smp.alert.password.imminent_expiration.mail.subject",
- "Password imminent expiration", "Password imminent expiration mail subject.", false, false,false, STRING,
- "^(.{0,255})$", "Subject must have less than 256 character" ),
+ "Password imminent expiration", "Password imminent expiration mail subject.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
+ "^(.{0,255})$", "Subject must have less than 256 character"),
ALERT_PASSWORD_EXPIRED_ENABLED("smp.alert.password.expired.enabled",
- "true", "Enable/disable the password expiration alert", false, false,false, BOOLEAN),
+ "true", "Enable/disable the password expiration alert",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
ALERT_PASSWORD_EXPIRED_PERIOD("smp.alert.password.expired.delay_days",
- "30", "Number of days after expiration as for how long the system should send alerts.", false, false,false, INTEGER),
+ "30", "Number of days after expiration as for how long the system should send alerts.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
ALERT_PASSWORD_EXPIRED_INTERVAL("smp.alert.password.expired.frequency_days",
- "5", "Frequency in days between alerts.", false, false,false, INTEGER),
+ "5", "Frequency in days between alerts.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
ALERT_PASSWORD_EXPIRED_LEVEL("smp.alert.password.expired.level",
- "LOW", "Password expiration alert level. Values: {LOW, MEDIUM, HIGH}", false, false,false, STRING,
+ "LOW", "Password expiration alert level. Values: {LOW, MEDIUM, HIGH}",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
"^(LOW|MEDIUM|HIGH)$", "Allowed values are: LOW, MEDIUM, HIGH"),
ALERT_PASSWORD_EXPIRED_MAIL_SUBJECT("smp.alert.password.expired.mail.subject",
- "Password expired", "Password expiration mail subject.", false, false,false, STRING,
- "^(.{0,255})$", "Subject must have less than 256 character" ),
+ "Password expired", "Password expiration mail subject.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
+ "^(.{0,255})$", "Subject must have less than 256 character"),
ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_ENABLED("smp.alert.accessToken.imminent_expiration.enabled",
- "true", "Enable/disable the imminent accessToken expiration alert", false, false,false, BOOLEAN),
+ "true", "Enable/disable the imminent accessToken expiration alert",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_PERIOD("smp.alert.accessToken.imminent_expiration.delay_days",
- "15", "Number of days before expiration as for how long before expiration the system should send alerts.", false, false,false, INTEGER),
+ "15", "Number of days before expiration as for how long before expiration the system should send alerts.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_INTERVAL("smp.alert.accessToken.imminent_expiration.frequency_days",
- "5", "Frequency in days between alerts.", false, false,false, INTEGER),
+ "5", "Frequency in days between alerts.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_LEVEL("smp.alert.accessToken.imminent_expiration.level",
- "LOW", "AccessToken imminent expiration alert level. Values: {LOW, MEDIUM, HIGH}", false, false,false, STRING,
+ "LOW", "AccessToken imminent expiration alert level. Values: {LOW, MEDIUM, HIGH}",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
"^(LOW|MEDIUM|HIGH)$", "Allowed values are: LOW, MEDIUM, HIGH"),
ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_MAIL_SUBJECT("smp.alert.accessToken.imminent_expiration.mail.subject",
- "Access token imminent expiration", "accessToken imminent expiration mail subject.", false, false,false, STRING,
- "^(.{0,255})$", "Subject must have less than 256 character" ),
+ "Access token imminent expiration", "accessToken imminent expiration mail subject.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
+ "^(.{0,255})$", "Subject must have less than 256 character"),
ALERT_ACCESS_TOKEN_EXPIRED_ENABLED("smp.alert.accessToken.expired.enabled",
- "true", "Enable/disable the accessToken expiration alert", false, false,false, BOOLEAN),
+ "true", "Enable/disable the accessToken expiration alert",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
ALERT_ACCESS_TOKEN_EXPIRED_PERIOD("smp.alert.accessToken.expired.delay_days",
- "30", "Number of days after expiration as for how long the system should send alerts.", false, false,false, INTEGER),
+ "30", "Number of days after expiration as for how long the system should send alerts.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
ALERT_ACCESS_TOKEN_EXPIRED_INTERVAL("smp.alert.accessToken.expired.frequency_days",
- "5", "Frequency in days between alerts.", false, false,false, INTEGER),
+ "5", "Frequency in days between alerts.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
ALERT_ACCESS_TOKEN_EXPIRED_LEVEL("smp.alert.accessToken.expired.level",
- "LOW", "Access Token expiration alert level. Values: {LOW, MEDIUM, HIGH}", false, false,false, STRING,
+ "LOW", "Access Token expiration alert level. Values: {LOW, MEDIUM, HIGH}",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
"^(LOW|MEDIUM|HIGH)$", "Allowed values are: LOW, MEDIUM, HIGH"),
ALERT_ACCESS_TOKEN_EXPIRED_MAIL_SUBJECT("smp.alert.accessToken.expired.mail.subject",
- "Access token expired", "Password expiration mail subject.", false, false,false, STRING,
- "^(.{0,255})$", "Subject must have less than 256 character" ),
+ "Access token expired", "Password expiration mail subject.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
+ "^(.{0,255})$", "Subject must have less than 256 character"),
ALERT_CERTIFICATE_BEFORE_EXPIRATION_ENABLED("smp.alert.certificate.imminent_expiration.enabled",
- "true", "Enable/disable the imminent certificate expiration alert", false, false,false, BOOLEAN),
+ "true", "Enable/disable the imminent certificate expiration alert",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
ALERT_CERTIFICATE_BEFORE_EXPIRATION_PERIOD("smp.alert.certificate.imminent_expiration.delay_days",
- "15", "Number of days before expiration as for how long before expiration the system should send alerts.", false, false,false, INTEGER),
+ "15", "Number of days before expiration as for how long before expiration the system should send alerts.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
ALERT_CERTIFICATE_BEFORE_EXPIRATION_INTERVAL("smp.alert.certificate.imminent_expiration.frequency_days",
- "5", "Frequency in days between alerts.", false, false,false, INTEGER),
+ "5", "Frequency in days between alerts.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
ALERT_CERTIFICATE_BEFORE_EXPIRATION_LEVEL("smp.alert.certificate.imminent_expiration.level",
- "LOW", "certificate imminent expiration alert level. Values: {LOW, MEDIUM, HIGH}", false, false,false, STRING,
+ "LOW", "certificate imminent expiration alert level. Values: {LOW, MEDIUM, HIGH}",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
"^(LOW|MEDIUM|HIGH)$", "Allowed values are: LOW, MEDIUM, HIGH"),
ALERT_CERTIFICATE_BEFORE_EXPIRATION_MAIL_SUBJECT("smp.alert.certificate.imminent_expiration.mail.subject",
- "Certificate imminent expiration", "Certificate imminent expiration mail subject.", false, false,false, STRING,
- "^(.{0,255})$", "Subject must have less than 256 character" ),
+ "Certificate imminent expiration", "Certificate imminent expiration mail subject.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
+ "^(.{0,255})$", "Subject must have less than 256 character"),
ALERT_CERTIFICATE_EXPIRED_ENABLED("smp.alert.certificate.expired.enabled",
- "true", "Enable/disable the certificate expiration alert", false, false,false, BOOLEAN),
+ "true", "Enable/disable the certificate expiration alert",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
ALERT_CERTIFICATE_EXPIRED_PERIOD("smp.alert.certificate.expired.delay_days",
- "30", "Number of days after expiration as for how long the system should send alerts.", false, false,false, INTEGER),
+ "30", "Number of days after expiration as for how long the system should send alerts.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
ALERT_CERTIFICATE_EXPIRED_INTERVAL("smp.alert.certificate.expired.frequency_days",
- "5", "Frequency in days between alerts.", false, false,false, INTEGER),
+ "5", "Frequency in days between alerts.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
ALERT_CERTIFICATE_EXPIRED_LEVEL("smp.alert.certificate.expired.level",
- "LOW", "Certificate expiration alert level. Values: {LOW, MEDIUM, HIGH}", false, false,false, STRING,
+ "LOW", "Certificate expiration alert level. Values: {LOW, MEDIUM, HIGH}",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
"^(LOW|MEDIUM|HIGH)$", "Allowed values are: LOW, MEDIUM, HIGH"),
ALERT_CERTIFICATE_EXPIRED_MAIL_SUBJECT("smp.alert.certificate.expired.mail.subject",
- "Certificate expired", "Certificate expiration mail subject.", false, false,false, STRING,
- "^(.{0,255})$", "Subject must have less than 256 character" ),
-
- SMP_ALERT_CREDENTIALS_CRON("smp.alert.credentials.cronJobExpression", "0 52 4 */1 * *", "Property cron expression for triggering alert messages !", false, false, false, CRON_EXPRESSION),
- SMP_ALERT_CREDENTIALS_SERVER("smp.alert.credentials.serverInstance", "localhost", "If smp.cluster.enabled is set to true then then instance (hostname) to generate report.", false, false, false, STRING),
- SMP_ALERT_BATCH_SIZE("smp.alert.credentials.batch.size", "200", "Max alertes generated in a batch for the type", false, false, false, INTEGER),
- SMP_ALERT_MAIL_FROM("smp.alert.mail.from", "test@alert-send-mail.eu", "Alert send mail", false, false, false, EMAIL),
+ "Certificate expired", "Certificate expiration mail subject.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
+ "^(.{0,255})$", "Subject must have less than 256 character"),
- CLIENT_CERT_HEADER_ENABLED_DEPRECATED("authentication.blueCoat.enabled", "false", "Property was replaced by property: smp.automation.authentication.external.tls.clientCert.enabled", false, false, false, BOOLEAN),
+ SMP_ALERT_CREDENTIALS_CRON("smp.alert.credentials.cronJobExpression", "0 52 4 */1 * *", "Property cron expression for triggering alert messages !",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, CRON_EXPRESSION),
+ SMP_ALERT_CREDENTIALS_SERVER("smp.alert.credentials.serverInstance", "localhost", "If smp.cluster.enabled is set to true then then instance (hostname) to generate report.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ SMP_ALERT_BATCH_SIZE("smp.alert.credentials.batch.size", "200", "Max alertes generated in a batch for the type",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
+ SMP_ALERT_MAIL_FROM("smp.alert.mail.from", "test@alert-send-mail.eu", "Alert send mail",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, EMAIL),
+
+ CLIENT_CERT_HEADER_ENABLED_DEPRECATED("authentication.blueCoat.enabled", "false", "Property was replaced by property: smp.automation.authentication.external.tls.clientCert.enabled",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
;
String property;
@@ -250,7 +371,7 @@ public enum SMPPropertyEnum {
SMPPropertyTypeEnum propertyType;
SMPPropertyEnum(String property, String defValue, String desc, boolean isMandatory, boolean isEncrypted, boolean restartNeeded,
- SMPPropertyTypeEnum propertyType,String valuePattern,String errorValueMessage ) {
+ SMPPropertyTypeEnum propertyType, String valuePattern, String errorValueMessage) {
this.property = property;
this.defValue = defValue;
this.desc = desc;
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/exceptions/ErrorCode.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/exceptions/ErrorCode.java
index f95794a63590e1840958d8b71a9bd28741b95277..e24054ded4221ad1968aa10feebeefeae73268fe 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/exceptions/ErrorCode.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/exceptions/ErrorCode.java
@@ -28,7 +28,7 @@ public enum ErrorCode {
USER_IS_NOT_OWNER(400,"SMP:124",ErrorBusinessCode.UNAUTHORIZED,"User %s is not owner of service group (part. id: %s, part. sch.: '%s')!"), // OWASP recommendation
INVALID_CERTIFICATE_MESSAGE_DIGEST(500, "SMP:125", ErrorBusinessCode.TECHNICAL, "Could not initialize MessageDigest"),
INVALID_CERTIFICATE_ENCODING(500, "SMP:126", ErrorBusinessCode.TECHNICAL, "Could not encode certificate"),
- INVALID_OWNER(500, "SMP:127", ErrorBusinessCode.TECHNICAL, "Invalid owner id: %s"),
+ INVALID_OWNER(400, "SMP:127", ErrorBusinessCode.NOT_FOUND, "Invalid owner id: %s"),
// service group error
ILLEGAL_STATE_SG_MULTIPLE_ENTRY (500,"SMP:130",ErrorBusinessCode.TECHNICAL,"More than one service group ( part. id: %s, part. sch.: '%s') is defined in database!"),
@@ -52,11 +52,8 @@ public enum ErrorCode {
// SML integration
SML_INTEGRATION_EXCEPTION (500,"SMP:150",ErrorBusinessCode.TECHNICAL,"Could not create new DNS entry through SML! Error: %s "),
-
-
//
XML_SIGNING_EXCEPTION (500,"SMP:500",ErrorBusinessCode.TECHNICAL,"Error occurred while signing response!"),
-
JAXB_INITIALIZATION (500,"SMP:511",ErrorBusinessCode.TECHNICAL, "Could not create Unmarshaller for class [%s]!"),
XML_PARSE_EXCEPTION (500,"SMP:512",ErrorBusinessCode.TECHNICAL, "Error occurred while parsing input stream for [%s]. Error: %s!"),
INVALID_REQUEST(400,"SMP:513",ErrorBusinessCode.TECHNICAL, "Invalid request [%s]. Error: %s!"),
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
index 834d0f61982cd4875275669c36eb915327925156..093c462a36c48fc46250d9ed80c3ddd35f4e2ff2 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
@@ -36,7 +36,7 @@ public class ConfigurationService {
public Pattern getParticipantIdentifierSchemeRexExp() {
- return (Pattern) configurationDAO.getCachedPropertyValue(PARTC_SCH_REGEXP);
+ return configurationDAO.getCachedPropertyValue(PARTC_SCH_REGEXP);
}
public String getParticipantIdentifierSchemeRexExpPattern() {
@@ -44,17 +44,17 @@ public class ConfigurationService {
}
public String getParticipantIdentifierSchemeRexExpMessage() {
- return (String) configurationDAO.getCachedPropertyValue(PARTC_SCH_REGEXP_MSG);
+ return configurationDAO.getCachedPropertyValue(PARTC_SCH_REGEXP_MSG);
}
public Boolean getForceConcatenateEBCorePartyId() {
- Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(PARTC_EBCOREPARTYID_CONCATENATE);
+ Boolean value = configurationDAO.getCachedPropertyValue(PARTC_EBCOREPARTYID_CONCATENATE);
// true by default
return value == null || value;
}
public Pattern getPasswordPolicyRexExp() {
- return (Pattern) configurationDAO.getCachedPropertyValue(PASSWORD_POLICY_REGULAR_EXPRESSION);
+ return configurationDAO.getCachedPropertyValue(PASSWORD_POLICY_REGULAR_EXPRESSION);
}
public String getPasswordPolicyRexExpPattern() {
@@ -66,53 +66,53 @@ public class ConfigurationService {
}
public Integer getPasswordPolicyValidDays() {
- return (Integer) configurationDAO.getCachedPropertyValue(PASSWORD_POLICY_VALID_DAYS);
+ return configurationDAO.getCachedPropertyValue(PASSWORD_POLICY_VALID_DAYS);
}
public Integer getPasswordPolicyUIWarningDaysBeforeExpire() {
- return (Integer) configurationDAO.getCachedPropertyValue(PASSWORD_POLICY_WARNING_DAYS_BEFORE_EXPIRE);
+ return configurationDAO.getCachedPropertyValue(PASSWORD_POLICY_WARNING_DAYS_BEFORE_EXPIRE);
}
public Boolean getPasswordPolicyForceChangeIfExpired() {
- return (Boolean) configurationDAO.getCachedPropertyValue(PASSWORD_POLICY_FORCE_CHANGE_EXPIRED);
+ return configurationDAO.getCachedPropertyValue(PASSWORD_POLICY_FORCE_CHANGE_EXPIRED);
}
public Integer getAccessTokenPolicyValidDays() {
- return (Integer) configurationDAO.getCachedPropertyValue(ACCESS_TOKEN_POLICY_VALID_DAYS);
+ return configurationDAO.getCachedPropertyValue(ACCESS_TOKEN_POLICY_VALID_DAYS);
}
public Integer getLoginMaxAttempts() {
- return (Integer) configurationDAO.getCachedPropertyValue(USER_MAX_FAILED_ATTEMPTS);
+ return configurationDAO.getCachedPropertyValue(USER_MAX_FAILED_ATTEMPTS);
}
public Integer getLoginSuspensionTimeInSeconds() {
- return (Integer) configurationDAO.getCachedPropertyValue(USER_SUSPENSION_TIME);
+ return configurationDAO.getCachedPropertyValue(USER_SUSPENSION_TIME);
}
public Integer getLoginFailDelayInMilliSeconds() {
- Integer delay = (Integer) configurationDAO.getCachedPropertyValue(USER_LOGIN_FAIL_DELAY);
+ Integer delay = configurationDAO.getCachedPropertyValue(USER_LOGIN_FAIL_DELAY);
return delay == null ? 1000 : delay;
}
public Integer getAccessTokenLoginMaxAttempts() {
- return (Integer) configurationDAO.getCachedPropertyValue(ACCESS_TOKEN_MAX_FAILED_ATTEMPTS);
+ return configurationDAO.getCachedPropertyValue(ACCESS_TOKEN_MAX_FAILED_ATTEMPTS);
}
public Integer getAccessTokenLoginSuspensionTimeInSeconds() {
- return (Integer) configurationDAO.getCachedPropertyValue(ACCESS_TOKEN_SUSPENSION_TIME);
+ return configurationDAO.getCachedPropertyValue(ACCESS_TOKEN_SUSPENSION_TIME);
}
public Integer getAccessTokenLoginFailDelayInMilliSeconds() {
- Integer delay = (Integer) configurationDAO.getCachedPropertyValue(ACCESS_TOKEN_FAIL_DELAY);
+ Integer delay = configurationDAO.getCachedPropertyValue(ACCESS_TOKEN_FAIL_DELAY);
return delay == null ? 1000 : delay;
}
public Integer getHttpHeaderHstsMaxAge() {
- return (Integer) configurationDAO.getCachedPropertyValue(HTTP_HSTS_MAX_AGE);
+ return configurationDAO.getCachedPropertyValue(HTTP_HSTS_MAX_AGE);
}
public String getHttpHeaderContentSecurityPolicy() {
- return (String) configurationDAO.getCachedPropertyValue(HTTP_HEADER_SEC_POLICY);
+ return configurationDAO.getCachedPropertyValue(HTTP_HEADER_SEC_POLICY);
}
public String getHttpProxyHost() {
@@ -124,33 +124,33 @@ public class ConfigurationService {
}
public Optional<Integer> getHttpProxyPort() {
- Integer intVal = (Integer) configurationDAO.getCachedPropertyValue(HTTP_PROXY_PORT);
+ Integer intVal = configurationDAO.getCachedPropertyValue(HTTP_PROXY_PORT);
return Optional.ofNullable(intVal);
}
public java.net.URL getSMLIntegrationUrl() {
- return (java.net.URL) configurationDAO.getCachedPropertyValue(SML_URL);
+ return configurationDAO.getCachedPropertyValue(SML_URL);
}
public String getProxyUsername() {
- return (String) configurationDAO.getCachedPropertyValue(HTTP_PROXY_USER);
+ return configurationDAO.getCachedPropertyValue(HTTP_PROXY_USER);
}
public String getProxyCredentialToken() {
- return (String) configurationDAO.getCachedPropertyValue(HTTP_PROXY_PASSWORD);
+ return configurationDAO.getCachedPropertyValue(HTTP_PROXY_PASSWORD);
}
public List<String> getCaseSensitiveDocumentScheme() {
- return (List<String>) configurationDAO.getCachedPropertyValue(CS_DOCUMENTS);
+ return configurationDAO.getCachedPropertyValue(CS_DOCUMENTS);
}
public List<String> getCaseSensitiveParticipantScheme() {
- return (List<String>) configurationDAO.getCachedPropertyValue(CS_PARTICIPANTS);
+ return configurationDAO.getCachedPropertyValue(CS_PARTICIPANTS);
}
public boolean getParticipantSchemeMandatory() {
// not mandatory by default
- Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(PARTC_SCH_MANDATORY);
+ Boolean value = configurationDAO.getCachedPropertyValue(PARTC_SCH_MANDATORY);
return value != null && value;
}
@@ -160,34 +160,34 @@ public class ConfigurationService {
}
public boolean isSMLIntegrationEnabled() {
- Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(SML_ENABLED);
+ Boolean value = configurationDAO.getCachedPropertyValue(SML_ENABLED);
return value != null && value;
}
public boolean isSMLMultiDomainEnabled() {
- Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(SML_PARTICIPANT_MULTIDOMAIN);
+ Boolean value = configurationDAO.getCachedPropertyValue(SML_PARTICIPANT_MULTIDOMAIN);
return value != null && value;
}
public boolean isUrlContextEnabled() {
- Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(OUTPUT_CONTEXT_PATH);
+ Boolean value = configurationDAO.getCachedPropertyValue(OUTPUT_CONTEXT_PATH);
// by default is true - return false only in case is declared in configuration
return value == null || value;
}
public boolean isClusterEnabled() {
- Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(SMP_CLUSTER_ENABLED);
+ Boolean value = configurationDAO.getCachedPropertyValue(SMP_CLUSTER_ENABLED);
return value != null && value;
}
public boolean encodedSlashesAllowedInUrl() {
- Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(ENCODED_SLASHES_ALLOWED_IN_URL);
+ Boolean value = configurationDAO.getCachedPropertyValue(ENCODED_SLASHES_ALLOWED_IN_URL);
// by default is true - return false only in case is declared in configuration
return value == null || value;
}
public String getTargetServerForCredentialValidation() {
- return (String) configurationDAO.getCachedPropertyValue(SMP_ALERT_CREDENTIALS_SERVER);
+ return configurationDAO.getCachedPropertyValue(SMP_ALERT_CREDENTIALS_SERVER);
}
public String getSMLIntegrationSMPLogicalAddress() {
@@ -199,30 +199,30 @@ public class ConfigurationService {
}
public boolean forceCRLValidation() {
- Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(CERTIFICATE_CRL_FORCE);
+ Boolean value = configurationDAO.getCachedPropertyValue(CERTIFICATE_CRL_FORCE);
// by default is not forced -> if missing is false!
return value != null && value;
}
public boolean isExternalTLSAuthenticationWithClientCertHeaderEnabled() {
- Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(SMPPropertyEnum.EXTERNAL_TLS_AUTHENTICATION_CLIENT_CERT_HEADER_ENABLED);
+ Boolean value = configurationDAO.getCachedPropertyValue(SMPPropertyEnum.EXTERNAL_TLS_AUTHENTICATION_CLIENT_CERT_HEADER_ENABLED);
// by default is not forced -> if missing is false!
return value != null && value;
}
public boolean isExternalTLSAuthenticationWithSSLClientCertHeaderEnabled() {
- Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(SMPPropertyEnum.EXTERNAL_TLS_AUTHENTICATION_CERTIFICATE_HEADER_ENABLED);
+ Boolean value = configurationDAO.getCachedPropertyValue(SMPPropertyEnum.EXTERNAL_TLS_AUTHENTICATION_CERTIFICATE_HEADER_ENABLED);
// by default is not forced -> if missing is false!
return value != null && value;
}
public Pattern getCertificateSubjectRegularExpression() {
- return (Pattern) configurationDAO.getCachedPropertyValue(CERTIFICATE_SUBJECT_REGULAR_EXPRESSION);
+ return configurationDAO.getCachedPropertyValue(CERTIFICATE_SUBJECT_REGULAR_EXPRESSION);
}
public List<String> getAllowedCertificatePolicies() {
- return (List<String>) configurationDAO.getCachedPropertyValue(CERTIFICATE_ALLOWED_CERTIFICATEPOLICY_OIDS);
+ return configurationDAO.getCachedPropertyValue(CERTIFICATE_ALLOWED_CERTIFICATEPOLICY_OIDS);
}
public String getSMLIntegrationServerCertSubjectRegExpPattern() {
@@ -230,70 +230,78 @@ public class ConfigurationService {
}
public Pattern getSMLIntegrationServerCertSubjectRegExp() {
- return (Pattern) configurationDAO.getCachedPropertyValue(SML_TLS_SERVER_CERT_SUBJECT_REGEXP);
+ return configurationDAO.getCachedPropertyValue(SML_TLS_SERVER_CERT_SUBJECT_REGEXP);
}
public boolean useSystemTruststoreForTLS() {
- Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(SML_TLS_TRUSTSTORE_USE_SYSTEM_DEFAULT);
+ Boolean value = configurationDAO.getCachedPropertyValue(SML_TLS_TRUSTSTORE_USE_SYSTEM_DEFAULT);
// by default is not forced
return value != null && value;
}
public boolean smlDisableCNCheck() {
- Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(SML_TLS_DISABLE_CN_CHECK);
+ Boolean value = configurationDAO.getCachedPropertyValue(SML_TLS_DISABLE_CN_CHECK);
// by default is not forced
return value != null && value;
}
public boolean trustCertificateOnUserRegistration() {
- Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(TRUSTSTORE_ADD_CERT_ON_USER_UPDATE);
+ Boolean value = configurationDAO.getCachedPropertyValue(TRUSTSTORE_ADD_CERT_ON_USER_UPDATE);
// by default is not forced
return value != null && value;
}
public File getConfigurationFolder() {
- return (File) configurationDAO.getCachedPropertyValue(CONFIGURATION_DIR);
+ return configurationDAO.getCachedPropertyValue(CONFIGURATION_DIR);
}
public File getTruststoreFile() {
- return (File) configurationDAO.getCachedPropertyValue(TRUSTSTORE_FILENAME);
+ return configurationDAO.getCachedPropertyValue(TRUSTSTORE_FILENAME);
+ }
+
+ public String getTruststoreType() {
+ return configurationDAO.getCachedPropertyValue(TRUSTSTORE_TYPE);
}
public File getKeystoreFile() {
- return (File) configurationDAO.getCachedPropertyValue(KEYSTORE_FILENAME);
+ return configurationDAO.getCachedPropertyValue(KEYSTORE_FILENAME);
+ }
+
+ public String getKeystoreType() {
+ return configurationDAO.getCachedPropertyValue(KEYSTORE_TYPE);
}
public String getTruststoreCredentialToken() {
- return (String) configurationDAO.getCachedPropertyValue(TRUSTSTORE_PASSWORD);
+ return configurationDAO.getCachedPropertyValue(TRUSTSTORE_PASSWORD);
}
public String getKeystoreCredentialToken() {
- return (String) configurationDAO.getCachedPropertyValue(KEYSTORE_PASSWORD);
+ return configurationDAO.getCachedPropertyValue(KEYSTORE_PASSWORD);
}
public boolean getSessionCookieSecure() {
- Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_SECURE);
+ Boolean value = configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_SECURE);
return value != null && value;
}
public Integer getSessionCookieMaxAge() {
- return (Integer) configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_MAX_AGE);
+ return configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_MAX_AGE);
}
public String getSessionCookieSameSite() {
- return (String) configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_SITE);
+ return configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_SITE);
}
public String getSessionCookiePath() {
- return (String) configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_PATH);
+ return configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_PATH);
}
public Integer getSessionIdleTimeoutForAdmin() {
- return (Integer) configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_IDLE_TIMEOUT_ADMIN);
+ return configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_IDLE_TIMEOUT_ADMIN);
}
public Integer getSessionIdleTimeoutForUser() {
- return (Integer) configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_IDLE_TIMEOUT_USER);
+ return configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_IDLE_TIMEOUT_USER);
}
public boolean isSSOEnabledForUserAuthentication() {
@@ -302,27 +310,27 @@ public class ConfigurationService {
}
public String getCasUILabel() {
- return (String) configurationDAO.getCachedPropertyValue(SSO_CAS_UI_LABEL);
+ return configurationDAO.getCachedPropertyValue(SSO_CAS_UI_LABEL);
}
public java.net.URL getCasURL() {
- return (java.net.URL) configurationDAO.getCachedPropertyValue(SSO_CAS_URL);
+ return configurationDAO.getCachedPropertyValue(SSO_CAS_URL);
}
public java.net.URL getCasCallbackUrl() {
- return (java.net.URL) configurationDAO.getCachedPropertyValue(SSO_CAS_CALLBACK_URL);
+ return configurationDAO.getCachedPropertyValue(SSO_CAS_CALLBACK_URL);
}
public String getCasSMPLoginRelativePath() {
- return (String) configurationDAO.getCachedPropertyValue(SSO_CAS_SMP_LOGIN_URI);
+ return configurationDAO.getCachedPropertyValue(SSO_CAS_SMP_LOGIN_URI);
}
public String getCasURLPathLogin() {
- return (String) configurationDAO.getCachedPropertyValue(SSO_CAS_URL_PATH_LOGIN);
+ return configurationDAO.getCachedPropertyValue(SSO_CAS_URL_PATH_LOGIN);
}
public String getCasURLTokenValidation() {
- return (String) configurationDAO.getCachedPropertyValue(SSO_CAS_TOKEN_VALIDATION_URL_PATH);
+ return configurationDAO.getCachedPropertyValue(SSO_CAS_TOKEN_VALIDATION_URL_PATH);
}
public URL getCasUserDataURL() {
URL casUrl = getCasURL();
@@ -330,7 +338,7 @@ public class ConfigurationService {
LOG.warn("Invalid CAS configuration [{}]. Can not resolve user data URL!", SSO_CAS_URL.getProperty());
return null;
}
- String path = (String) configurationDAO.getCachedPropertyValue(SSO_CAS_SMP_USER_DATA_URL_PATH);
+ String path = configurationDAO.getCachedPropertyValue(SSO_CAS_SMP_USER_DATA_URL_PATH);
if (StringUtils.isBlank(path)) {
LOG.warn("Invalid CAS configuration [{}]. Can not resolve user data URL!", SSO_CAS_SMP_USER_DATA_URL_PATH.getProperty());
return null;
@@ -347,198 +355,198 @@ public class ConfigurationService {
public Map<String, String> getCasTokenValidationParams() {
- return (Map<String, String>) configurationDAO.getCachedPropertyValue(SSO_CAS_TOKEN_VALIDATION_PARAMS);
+ return configurationDAO.getCachedPropertyValue(SSO_CAS_TOKEN_VALIDATION_PARAMS);
}
public List<String> getCasURLTokenValidationGroups() {
- return (List<String>) configurationDAO.getCachedPropertyValue(SSO_CAS_TOKEN_VALIDATION_GROUPS);
+ return configurationDAO.getCachedPropertyValue(SSO_CAS_TOKEN_VALIDATION_GROUPS);
}
public List<String> getUIAuthenticationTypes() {
- return (List<String>) configurationDAO.getCachedPropertyValue(UI_AUTHENTICATION_TYPES);
+ return configurationDAO.getCachedPropertyValue(UI_AUTHENTICATION_TYPES);
}
public List<String> getAutomationAuthenticationTypes() {
- return (List<String>) configurationDAO.getCachedPropertyValue(AUTOMATION_AUTHENTICATION_TYPES);
+ return configurationDAO.getCachedPropertyValue(AUTOMATION_AUTHENTICATION_TYPES);
}
//-----------------------
// before user suspended
public Boolean getAlertUserLoginFailureEnabled() {
- return (Boolean) configurationDAO.getCachedPropertyValue(ALERT_USER_LOGIN_FAILURE_ENABLED);
+ return configurationDAO.getCachedPropertyValue(ALERT_USER_LOGIN_FAILURE_ENABLED);
}
public AlertLevelEnum getAlertUserLoginFailureLevel() {
- String level = (String) configurationDAO.getCachedPropertyValue(ALERT_USER_LOGIN_FAILURE_LEVEL);
+ String level = configurationDAO.getCachedPropertyValue(ALERT_USER_LOGIN_FAILURE_LEVEL);
return AlertLevelEnum.valueOf(level);
}
public String getAlertUserLoginFailureSubject() {
- return (String) configurationDAO.getCachedPropertyValue(ALERT_USER_LOGIN_FAILURE_MAIL_SUBJECT);
+ return configurationDAO.getCachedPropertyValue(ALERT_USER_LOGIN_FAILURE_MAIL_SUBJECT);
}
//-----------------------
// user suspended
public Boolean getAlertUserSuspendedEnabled() {
- return (Boolean) configurationDAO.getCachedPropertyValue(ALERT_USER_SUSPENDED_ENABLED);
+ return configurationDAO.getCachedPropertyValue(ALERT_USER_SUSPENDED_ENABLED);
}
public AlertLevelEnum getAlertUserSuspendedLevel() {
- String level = (String) configurationDAO.getCachedPropertyValue(ALERT_USER_SUSPENDED_LEVEL);
+ String level = configurationDAO.getCachedPropertyValue(ALERT_USER_SUSPENDED_LEVEL);
return AlertLevelEnum.valueOf(level);
}
public String getAlertUserSuspendedSubject() {
- return (String) configurationDAO.getCachedPropertyValue(ALERT_USER_SUSPENDED_MAIL_SUBJECT);
+ return configurationDAO.getCachedPropertyValue(ALERT_USER_SUSPENDED_MAIL_SUBJECT);
}
public AlertSuspensionMomentEnum getAlertBeforeUserSuspendedAlertMoment() {
- String moment = (String) configurationDAO.getCachedPropertyValue(ALERT_USER_SUSPENDED_MOMENT);
+ String moment = configurationDAO.getCachedPropertyValue(ALERT_USER_SUSPENDED_MOMENT);
return AlertSuspensionMomentEnum.valueOf(moment);
}
//-----------------------
// before password expire
public Boolean getAlertBeforeExpirePasswordEnabled() {
- return (Boolean) configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_BEFORE_EXPIRATION_ENABLED);
+ return configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_BEFORE_EXPIRATION_ENABLED);
}
public Integer getAlertBeforeExpirePasswordPeriod() {
- return (Integer) configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_BEFORE_EXPIRATION_PERIOD);
+ return configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_BEFORE_EXPIRATION_PERIOD);
}
public Integer getAlertBeforeExpirePasswordInterval() {
- return (Integer) configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_BEFORE_EXPIRATION_INTERVAL);
+ return configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_BEFORE_EXPIRATION_INTERVAL);
}
public AlertLevelEnum getAlertBeforeExpirePasswordLevel() {
- String level = (String) configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_BEFORE_EXPIRATION_LEVEL);
+ String level = configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_BEFORE_EXPIRATION_LEVEL);
return AlertLevelEnum.valueOf(level);
}
public String getAlertBeforeExpirePasswordMailSubject() {
- return (String) configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_BEFORE_EXPIRATION_MAIL_SUBJECT);
+ return configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_BEFORE_EXPIRATION_MAIL_SUBJECT);
}
// expired passwords
public Boolean getAlertExpiredPasswordEnabled() {
- return (Boolean) configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_EXPIRED_ENABLED);
+ return configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_EXPIRED_ENABLED);
}
public Integer getAlertExpiredPasswordPeriod() {
- return (Integer) configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_EXPIRED_PERIOD);
+ return configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_EXPIRED_PERIOD);
}
public Integer getAlertExpiredPasswordInterval() {
- return (Integer) configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_EXPIRED_INTERVAL);
+ return configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_EXPIRED_INTERVAL);
}
public AlertLevelEnum getAlertExpiredPasswordLevel() {
- String level = (String) configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_EXPIRED_LEVEL);
+ String level = configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_EXPIRED_LEVEL);
return AlertLevelEnum.valueOf(level);
}
public String getAlertExpiredPasswordMailSubject() {
- return (String) configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_EXPIRED_MAIL_SUBJECT);
+ return configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_EXPIRED_MAIL_SUBJECT);
}
//-----------------------
// before access token expire
public Boolean getAlertBeforeExpireAccessTokenEnabled() {
- return (Boolean) configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_ENABLED);
+ return configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_ENABLED);
}
public Integer getAlertBeforeExpireAccessTokenPeriod() {
- return (Integer) configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_PERIOD);
+ return configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_PERIOD);
}
public Integer getAlertBeforeExpireAccessTokenInterval() {
- return (Integer) configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_INTERVAL);
+ return configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_INTERVAL);
}
public AlertLevelEnum getAlertBeforeExpireAccessTokenLevel() {
- String level = (String) configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_LEVEL);
+ String level = configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_LEVEL);
return AlertLevelEnum.valueOf(level);
}
public String getAlertBeforeExpireAccessTokenMailSubject() {
- return (String) configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_MAIL_SUBJECT);
+ return configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_MAIL_SUBJECT);
}
// expired access token alerts
public Boolean getAlertExpiredAccessTokenEnabled() {
- return (Boolean) configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_EXPIRED_ENABLED);
+ return configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_EXPIRED_ENABLED);
}
public Integer getAlertExpiredAccessTokenPeriod() {
- return (Integer) configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_EXPIRED_PERIOD);
+ return configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_EXPIRED_PERIOD);
}
public Integer getAlertExpiredAccessTokenInterval() {
- return (Integer) configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_EXPIRED_INTERVAL);
+ return configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_EXPIRED_INTERVAL);
}
public AlertLevelEnum getAlertExpiredAccessTokenLevel() {
- String level = (String) configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_EXPIRED_LEVEL);
+ String level = configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_EXPIRED_LEVEL);
return AlertLevelEnum.valueOf(level);
}
public String getAlertExpiredAccessTokenMailSubject() {
- return (String) configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_EXPIRED_MAIL_SUBJECT);
+ return configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_EXPIRED_MAIL_SUBJECT);
}
//-----------------------
// before certificate expire
public Boolean getAlertBeforeExpireCertificateEnabled() {
- return (Boolean) configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_BEFORE_EXPIRATION_ENABLED);
+ return configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_BEFORE_EXPIRATION_ENABLED);
}
public Integer getAlertBeforeExpireCertificatePeriod() {
- return (Integer) configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_BEFORE_EXPIRATION_PERIOD);
+ return configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_BEFORE_EXPIRATION_PERIOD);
}
public Integer getAlertBeforeExpireCertificateInterval() {
- return (Integer) configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_BEFORE_EXPIRATION_INTERVAL);
+ return configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_BEFORE_EXPIRATION_INTERVAL);
}
public AlertLevelEnum getAlertBeforeExpireCertificateLevel() {
- String level = (String) configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_BEFORE_EXPIRATION_LEVEL);
+ String level = configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_BEFORE_EXPIRATION_LEVEL);
return AlertLevelEnum.valueOf(level);
}
public String getAlertBeforeExpireCertificateMailSubject() {
- return (String) configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_BEFORE_EXPIRATION_MAIL_SUBJECT);
+ return configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_BEFORE_EXPIRATION_MAIL_SUBJECT);
}
// expired access token alerts
public Boolean getAlertExpiredCertificateEnabled() {
- return (Boolean) configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_EXPIRED_ENABLED);
+ return configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_EXPIRED_ENABLED);
}
public Integer getAlertExpiredCertificatePeriod() {
- return (Integer) configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_EXPIRED_PERIOD);
+ return configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_EXPIRED_PERIOD);
}
public Integer getAlertExpiredCertificateInterval() {
- return (Integer) configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_EXPIRED_INTERVAL);
+ return configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_EXPIRED_INTERVAL);
}
public AlertLevelEnum getAlertExpiredCertificateLevel() {
- String level = (String) configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_EXPIRED_LEVEL);
+ String level = configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_EXPIRED_LEVEL);
return AlertLevelEnum.valueOf(level);
}
public String getAlertExpiredCertificateMailSubject() {
- return (String) configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_EXPIRED_MAIL_SUBJECT);
+ return configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_EXPIRED_MAIL_SUBJECT);
}
public Integer getAlertCredentialsBatchSize() {
- return (Integer) configurationDAO.getCachedPropertyValue(SMP_ALERT_BATCH_SIZE);
+ return configurationDAO.getCachedPropertyValue(SMP_ALERT_BATCH_SIZE);
}
public String getAlertEmailFrom() {
- return (String) configurationDAO.getCachedPropertyValue(SMP_ALERT_MAIL_FROM);
+ return configurationDAO.getCachedPropertyValue(SMP_ALERT_MAIL_FROM);
}
/**
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ServiceGroupService.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ServiceGroupService.java
index 8edf31b252e93ad8776a0798d0432c7baff5d65a..8a8bfe61d39581417f54e39553e4a5f296ddb89b 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ServiceGroupService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ServiceGroupService.java
@@ -123,7 +123,7 @@ public class ServiceGroupService {
if (!newOwner.isPresent()) {
LOG.error("The owner [{}] does not exist! Save service group is rejected!", ownerName);
- SMPRuntimeException ex = new SMPRuntimeException(USER_NOT_EXISTS);
+ SMPRuntimeException ex = new SMPRuntimeException(INVALID_OWNER, ownerName);
LOG.businessError(SMPMessageCode.BUS_SAVE_SERVICE_GROUP_FAILED, domain, normalizedParticipantId.getValue(), normalizedParticipantId.getScheme(), ex.getMessage());
throw ex;
}
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIKeystoreService.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIKeystoreService.java
index 74d16470f844ab6427cfc7e7e860dc0d9facd6a2..1f0dbe14463995d663a79e87749e6af426fd484a 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIKeystoreService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIKeystoreService.java
@@ -7,6 +7,7 @@ import eu.europa.ec.edelivery.smp.logging.SMPLogger;
import eu.europa.ec.edelivery.smp.logging.SMPLoggerFactory;
import eu.europa.ec.edelivery.smp.services.ConfigurationService;
import eu.europa.ec.edelivery.smp.utils.SecurityUtils;
+import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.convert.ConversionService;
@@ -140,13 +141,16 @@ public class UIKeystoreService {
}
- KeyStore keyStore = null;
+ KeyStore keyStore;
try (InputStream keystoreInputStream = new FileInputStream(keyStoreFile)) {
- keyStore = KeyStore.getInstance("JKS");
+ String type = StringUtils.defaultIfEmpty(configurationService.getKeystoreType(), "JKS");
+ LOG.info("Load keystore [{}] with type [{}].", keyStoreFile, type);
+ keyStore = KeyStore.getInstance(type);
keyStore.load(keystoreInputStream, keystoreSecToken.toCharArray());
} catch (Exception exception) {
LOG.error("Could not load signing certificate with private key from keystore file:"
+ keyStoreFile + " Error: " + ExceptionUtils.getRootCauseMessage(exception), exception);
+ keyStore = null;
}
return keyStore;
}
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIPropertyService.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIPropertyService.java
index f7f22d8a777e5020f2193827d01ad44e0ef49787..0a5ce8e8aadd7632148c315f92b9dd4d84e404db 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIPropertyService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIPropertyService.java
@@ -116,7 +116,7 @@ public class UIPropertyService {
for (PropertyRO property : properties) {
configurationDao.setPropertyToDatabase(property.getProperty(), property.getValue());
}
- Boolean isClusterEnabled = (Boolean) configurationDao.getCachedPropertyValue(SMP_CLUSTER_ENABLED);
+ Boolean isClusterEnabled = configurationDao.getCachedPropertyValue(SMP_CLUSTER_ENABLED);
if (isClusterEnabled) {
LOG.info("Properties were updated in database. Changed properties will be activated to all cluster nodes at: [{}]!",
ISO_8601_EXTENDED_DATETIME_FORMAT.format(refreshPropertiesTrigger.getNextExecutionDate()));
@@ -147,7 +147,7 @@ public class UIPropertyService {
// try to parse value
try {
- File confDir = (File) configurationDao.getCachedPropertyValue(CONFIGURATION_DIR);
+ File confDir = configurationDao.getCachedPropertyValue(CONFIGURATION_DIR);
PropertyUtils.parseProperty(propertyEnum, propertyRO.getValue(), confDir);
} catch (SMPRuntimeException ex) {
propertyValidationRO.setErrorMessage(ex.getMessage());
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIServiceGroupService.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIServiceGroupService.java
index ec52ce985f945a51386b6398ab11127a05b41b42..8956298b164bacea5980700974fc2b7c30026def 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIServiceGroupService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIServiceGroupService.java
@@ -29,10 +29,7 @@ import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.io.UnsupportedEncodingException;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Objects;
-import java.util.Optional;
+import java.util.*;
import static eu.europa.ec.edelivery.smp.data.ui.ServiceGroupValidationRO.*;
import static eu.europa.ec.edelivery.smp.exceptions.ErrorCode.*;
@@ -115,6 +112,26 @@ public class UIServiceGroupService extends UIServiceBase<DBServiceGroup, Service
return convertToRo(dbServiceGroup);
}
+ @Transactional
+ public ServiceGroupRO getOwnedServiceGroupById(Long userId, Long serviceGroupId) {
+ DBServiceGroup dbServiceGroup = getDatabaseDao().find(serviceGroupId);
+ if (isServiceGroupOwner(userId,dbServiceGroup )){
+ convertToRo(dbServiceGroup);
+ }
+ return null;
+ }
+
+ /**
+ * Method validates if any of the service group users contains userID
+ * @param userId
+ * @param dbServiceGroup
+ * @return
+ */
+ protected boolean isServiceGroupOwner(Long userId, DBServiceGroup dbServiceGroup){
+ return dbServiceGroup!=null &&
+ dbServiceGroup.getUsers().stream().filter(user ->user.getId().equals(userId)).findAny().isPresent();
+ }
+
@Transactional
public ServiceGroupValidationRO getServiceGroupExtensionById(Long serviceGroupId) {
ServiceGroupValidationRO ex = new ServiceGroupValidationRO();
@@ -140,16 +157,20 @@ public class UIServiceGroupService extends UIServiceBase<DBServiceGroup, Service
}
@Transactional
- public List<ParticipantSMLRecord> updateServiceGroupList(List<ServiceGroupRO> lst) {
+ public List<ParticipantSMLRecord> updateServiceGroupList(List<ServiceGroupRO> lst, boolean serviceGroupAdmin) {
boolean suc = false;
List<ParticipantSMLRecord> lstRecords = new ArrayList<>();
for (ServiceGroupRO dRo : lst) {
if (dRo.getStatus() == EntityROStatus.NEW.getStatusNumber()) {
- lstRecords.addAll(addNewServiceGroup(dRo));
+ if (serviceGroupAdmin) {
+ lstRecords.addAll(addNewServiceGroup(dRo));
+ }
} else if (dRo.getStatus() == EntityROStatus.UPDATED.getStatusNumber()) {
- lstRecords.addAll(updateServiceGroup(dRo));
+ lstRecords.addAll(updateServiceGroup(dRo, serviceGroupAdmin));
} else if (dRo.getStatus() == EntityROStatus.REMOVE.getStatusNumber()) {
- lstRecords.addAll(removeServiceGroup(dRo));
+ if (serviceGroupAdmin) {
+ lstRecords.addAll(removeServiceGroup(dRo));
+ }
}
}
// register/unregister participants from domain
@@ -308,18 +329,20 @@ public class UIServiceGroupService extends UIServiceBase<DBServiceGroup, Service
*
* @param serviceGroupRO
*/
- protected List<ParticipantSMLRecord> updateServiceGroup(ServiceGroupRO serviceGroupRO) {
+ protected List<ParticipantSMLRecord> updateServiceGroup(ServiceGroupRO serviceGroupRO, boolean serviceGroupAdmin) {
// normalize identifiers
normalizeIdentifiers(serviceGroupRO);
// find and validate service group
DBServiceGroup dbServiceGroup = findAndValidateServiceGroup(serviceGroupRO);
+ List<ParticipantSMLRecord> participantSMLRecordList = Collections.emptyList();
+ if (serviceGroupAdmin) {
+ // update users
+ updateUsersOnServiceGroup(serviceGroupRO, dbServiceGroup);
- // update users
- updateUsersOnServiceGroup(serviceGroupRO, dbServiceGroup);
-
- // update domain
- List<ParticipantSMLRecord> participantSMLRecordList = updateDomainsForServiceGroup(serviceGroupRO, dbServiceGroup);
+ // update domain
+ participantSMLRecordList = updateDomainsForServiceGroup(serviceGroupRO, dbServiceGroup);
+ }
//update service metadata
List<ServiceMetadataRO> serviceMetadataROList = serviceGroupRO.getServiceMetadata();
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UITruststoreService.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UITruststoreService.java
index 6a8ef292ba784600060c1e3433c0213bc85632e5..11d51b349379fabd5003d54d32aaf54c38f6ee8b 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UITruststoreService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UITruststoreService.java
@@ -377,15 +377,16 @@ public class UITruststoreService {
return null;
}
- KeyStore truststore = null;
try (InputStream truststoreInputStream = new FileInputStream(truststoreFile)) {
- truststore = KeyStore.getInstance("JKS");
- truststore.load(truststoreInputStream, token.toCharArray());
+ String type = StringUtils.defaultIfEmpty(configurationService.getTruststoreType(),"JKS");
+ LOG.info("Load truststore [{}] with type [{}].", truststoreFile, type);
+ KeyStore loadedTrustStore = KeyStore.getInstance(type);
+ loadedTrustStore.load(truststoreInputStream, token.toCharArray());
+ return loadedTrustStore;
} catch (Exception exception) {
- LOG.error("Could not load truststore:"
- + truststoreFile + " Error: " + ExceptionUtils.getRootCauseMessage(exception), exception);
+ LOG.error("Could not load truststore:" + truststoreFile + " Error: " + ExceptionUtils.getRootCauseMessage(exception), exception);
}
- return truststore;
+ return null;
}
diff --git a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDAOImplTest.java b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDAOImplTest.java
index 5ed577a1c4940c4c805a4bd0fecd65adbef2eee7..800f0ea21b572bec60d1390fbf46c32397748743 100644
--- a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDAOImplTest.java
+++ b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDAOImplTest.java
@@ -284,7 +284,7 @@ public class ConfigurationDAOImplTest extends AbstractBaseDao {
assertEquals(newTestPassword, configurationDao.getCachedPropertyValue(SMPPropertyEnum.HTTP_PROXY_PASSWORD));
// test decrypt
- File encryptionKey = (File) configurationDao.getCachedPropertyValue(SMPPropertyEnum.ENCRYPTION_FILENAME);
+ File encryptionKey = configurationDao.getCachedPropertyValue(SMPPropertyEnum.ENCRYPTION_FILENAME);
assertEquals(newTestPassword, configurationDao.decryptString(SMPPropertyEnum.KEYSTORE_PASSWORD, dbKeystorePassword, encryptionKey));
assertEquals(newTestPassword, configurationDao.decryptString(SMPPropertyEnum.TRUSTSTORE_PASSWORD, dbTruststorePassword, encryptionKey));
assertEquals(newTestPassword, configurationDao.decryptString(SMPPropertyEnum.HTTP_PROXY_PASSWORD, dbProxyPassword, encryptionKey));
diff --git a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/services/ServiceGroupServiceSingleDomainIntegrationTest.java b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/services/ServiceGroupServiceSingleDomainIntegrationTest.java
index 5c61019cf9c16f74d489bac760e41026618520fd..77a6810679d18fdbb8cc122f9f29c7345a71a345 100644
--- a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/services/ServiceGroupServiceSingleDomainIntegrationTest.java
+++ b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/services/ServiceGroupServiceSingleDomainIntegrationTest.java
@@ -248,7 +248,7 @@ public class ServiceGroupServiceSingleDomainIntegrationTest extends AbstractServ
//then
expectedExeption.expect(SMPRuntimeException.class);
// get by null domain so: (all registered domains)
- expectedExeption.expectMessage(USER_NOT_EXISTS.getMessage());
+ expectedExeption.expectMessage(INVALID_OWNER.getMessage(TestConstants.USER_CERT_3));
// when
testInstance.saveServiceGroup(inServiceGroup, null,
diff --git a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/services/ui/UIServiceGroupServiceIntegrationTest.java b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/services/ui/UIServiceGroupServiceIntegrationTest.java
index 0ee530d0f41ada025dc62c4235b33ce17f2edd40..c73107d0a15f5c1c224994ac63249ae0e22b6699 100644
--- a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/services/ui/UIServiceGroupServiceIntegrationTest.java
+++ b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/services/ui/UIServiceGroupServiceIntegrationTest.java
@@ -117,7 +117,7 @@ public class UIServiceGroupServiceIntegrationTest extends AbstractServiceIntegra
sgnew.getServiceMetadata().add(mtro);
//when
- testInstance.updateServiceGroupList(Collections.singletonList(sgnew));
+ testInstance.updateServiceGroupList(Collections.singletonList(sgnew), true);
// then
ServiceResult<ServiceGroupRO> res = testInstance.getTableList(-1, -1, null, null, null);
@@ -171,7 +171,7 @@ public class UIServiceGroupServiceIntegrationTest extends AbstractServiceIntegra
sgChange.getServiceMetadata().get(0).setXmlContent(newMetadataXML);
//when
- testInstance.updateServiceGroupList(Collections.singletonList(sgChange));
+ testInstance.updateServiceGroupList(Collections.singletonList(sgChange), true);
// then
res = testInstance.getTableList(-1, -1, null, null, null);
@@ -227,7 +227,7 @@ public class UIServiceGroupServiceIntegrationTest extends AbstractServiceIntegra
smdToChange.setStatus(EntityROStatus.UPDATED.getStatusNumber());
smdToChange.setDomainCode(testDomain02.getDomainCode());
smdToChange.setSmlSubdomain(testDomain02.getSmlSubdomain());
- testInstance.updateServiceGroupList(Collections.singletonList(sgChanged));
+ testInstance.updateServiceGroupList(Collections.singletonList(sgChanged), true);
res = testInstance.getTableList(-1, -1, null, null, null);
ServiceGroupRO sgUpdated = res.getServiceEntities().get(0);
@@ -270,7 +270,7 @@ public class UIServiceGroupServiceIntegrationTest extends AbstractServiceIntegra
smdToChange.setStatus(EntityROStatus.UPDATED.getStatusNumber());
smdToChange.setDomainCode(testDomain02.getDomainCode());
smdToChange.setSmlSubdomain(testDomain02.getSmlSubdomain());
- testInstance.updateServiceGroupList(Collections.singletonList(sgChanged));
+ testInstance.updateServiceGroupList(Collections.singletonList(sgChanged), true);
res = testInstance.getTableList(-1, -1, null, null, null);
ServiceGroupRO sgUpdated = res.getServiceEntities().get(0);
diff --git a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/services/ui/UIServiceGroupServiceUpdateListIntegrationTest.java b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/services/ui/UIServiceGroupServiceUpdateListIntegrationTest.java
index 7405afc4bd91e410debbeb63249e4f1cb027bbfd..61a8c583adf45e8393aba9aab04ae4944f9ba49f 100644
--- a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/services/ui/UIServiceGroupServiceUpdateListIntegrationTest.java
+++ b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/services/ui/UIServiceGroupServiceUpdateListIntegrationTest.java
@@ -139,7 +139,7 @@ public class UIServiceGroupServiceUpdateListIntegrationTest extends AbstractServ
ServiceGroupRO roToUpdate = testInstance.getServiceGroupById(dbServiceGroup.getId());
// when
ServiceGroupDomainRO dro = roToUpdate.getServiceGroupDomains().remove(0);
- List<ParticipantSMLRecord> lst = testInstance.updateServiceGroup(roToUpdate);
+ List<ParticipantSMLRecord> lst = testInstance.updateServiceGroup(roToUpdate, true);
// then
assertEquals(1, lst.size());
assertEquals(SMLStatusEnum.UNREGISTER, lst.get(0).getStatus());
@@ -165,7 +165,7 @@ public class UIServiceGroupServiceUpdateListIntegrationTest extends AbstractServ
sgr.setSmlSubdomain(dbDomain2.getSmlSubdomain());
sgr.setDomainId(dbDomain2.getId());
roToUpdate.getServiceGroupDomains().add(sgr);
- List<ParticipantSMLRecord> lst = testInstance.updateServiceGroup(roToUpdate);
+ List<ParticipantSMLRecord> lst = testInstance.updateServiceGroup(roToUpdate, true);
// then
assertEquals(1, lst.size());
assertEquals(SMLStatusEnum.REGISTER, lst.get(0).getStatus());
diff --git a/smp-soapui-tests/pom.xml b/smp-soapui-tests/pom.xml
index dbe99490dfefb24f827f5b380efaf14d016c395e..5e250d12b2d2c7c6670fd0d5c7eb502d2a8798e6 100644
--- a/smp-soapui-tests/pom.xml
+++ b/smp-soapui-tests/pom.xml
@@ -3,7 +3,7 @@
<parent>
<groupId>eu.europa.ec.edelivery</groupId>
<artifactId>smp-modules</artifactId>
- <version>4.2-RC2-SNAPSHOT</version>
+ <version>5.0-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<artifactId>smp-soapui-tests</artifactId>
diff --git a/smp-soapui-tests/soapui/SMP4.0-Generic-soapui-project.xml b/smp-soapui-tests/soapui/SMP4.0-Generic-soapui-project.xml
index 2e92befd3711ba0768e459579c185dbb3ca82d69..72aebe5b269dd6794c0cf6dc6345f7d8042aacd4 100644
--- a/smp-soapui-tests/soapui/SMP4.0-Generic-soapui-project.xml
+++ b/smp-soapui-tests/soapui/SMP4.0-Generic-soapui-project.xml
@@ -1124,7 +1124,7 @@ testRunner.testCase.testSteps['Delete ServiceGroup'].run(testRunner, context);
<Extension>
<ex:Test xmlns:ex="http://test.eu">Test</ex:Test>
</Extension>
-</ServiceGroup>]]></con:request><con:originalUri>http://wltdgt02.cc.cec.eu.int/cipa-smp-full-webapp//ehealth-actorid-qns::0088:7770010100777</con:originalUri><con:assertion type="Valid HTTP Status Codes" id="2c5c11d9-018c-4b57-854c-8ae30dab1088" name="Valid HTTP Status Codes"><con:configuration><codes>400</codes></con:configuration></con:assertion><con:assertion type="Simple Contains" id="1400d2b4-b616-4b45-b911-ad114cdf36a8" name="Contains"><con:configuration><token>USER_NOT_FOUND</token><ignoreCase>false</ignoreCase><useRegEx>false</useRegEx></con:configuration></con:assertion><con:credentials><con:username>${#Project#adminSmp1Test}</con:username><con:password>${#Project#adminSmp1TestPassword}</con:password><con:selectedAuthProfile>Basic</con:selectedAuthProfile><con:addedBasicAuthenticationTypes>Basic</con:addedBasicAuthenticationTypes><con:preemptive>true</con:preemptive><con:authType>Preemptive</con:authType></con:credentials><con:jmsConfig JMSDeliveryMode="PERSISTENT"/><con:jmsPropertyConfig/><con:parameters/></con:restRequest></con:config></con:testStep><con:testStep type="restrequest" name="Get ServiceGroup USER_NOT_FOUND" id="374422d1-dc4f-4dba-a27d-bc110c13cc7a"><con:settings/><con:config service="SMP" resourcePath="/{ParticipantIdentifierScheme}::{ParticipantIdentifier}" methodName="GET ServiceGroup" xsi:type="con:RestRequestStep" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><con:restRequest name="Get ServiceGroup USER_NOT_FOUND" mediaType="application/xml" id="a9f15369-89e3-4e53-a448-a9881605a8b0"><con:settings><con:setting id="com.eviware.soapui.impl.wsdl.WsdlRequest@request-headers"><xml-fragment/></con:setting></con:settings><con:endpoint>${#Project#url}</con:endpoint><con:request/><con:originalUri>http://130.206.118.4/cipa-smp-full-webapp/iso6523-actorid-upis::0088:5798000000003</con:originalUri><con:assertion type="Valid HTTP Status Codes" id="bb579212-262c-4380-82df-c81be864bf71" name="Valid HTTP Status Codes"><con:configuration><codes>404</codes></con:configuration></con:assertion><con:credentials><con:selectedAuthProfile>Basic</con:selectedAuthProfile><con:addedBasicAuthenticationTypes>Basic</con:addedBasicAuthenticationTypes><con:preemptive>true</con:preemptive><con:authType>Preemptive</con:authType></con:credentials><con:jmsConfig JMSDeliveryMode="PERSISTENT"/><con:jmsPropertyConfig/><con:parameters/></con:restRequest></con:config></con:testStep><con:testStep type="restrequest" name="TEST Put ServiceGroup XSD_INVALID ParticipantID Occurence 0" id="65f5a5e8-7a1d-4b33-a0dd-0c6ea06b922b"><con:settings/><con:config service="SMP" resourcePath="/{ParticipantIdentifierScheme}::{ParticipantIdentifier}" methodName="PUT ServiceGroup" xsi:type="con:RestRequestStep" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><con:restRequest name="TEST Put ServiceGroup XSD_INVALID ParticipantID Occurence 0" mediaType="text/xml" postQueryString="false" id="e50d78e0-763f-4bfd-aa1c-f4dcc7595a2a"><con:settings><con:setting id="com.eviware.soapui.impl.wsdl.WsdlRequest@request-headers"><entry key="domain" value="${#Project#defaultDomainName}" xmlns="http://eviware.com/soapui/config"/></con:setting></con:settings><con:endpoint>${#Project#url}</con:endpoint><con:request><![CDATA[<ServiceGroup xmlns="http://docs.oasis-open.org/bdxr/ns/SMP/2016/05">
+</ServiceGroup>]]></con:request><con:originalUri>http://wltdgt02.cc.cec.eu.int/cipa-smp-full-webapp//ehealth-actorid-qns::0088:7770010100777</con:originalUri><con:assertion type="Valid HTTP Status Codes" id="2c5c11d9-018c-4b57-854c-8ae30dab1088" name="Valid HTTP Status Codes"><con:configuration><codes>400</codes></con:configuration></con:assertion><con:assertion type="Simple Contains" id="1400d2b4-b616-4b45-b911-ad114cdf36a8" name="Contains"><con:configuration><token>NOT_FOUND</token><ignoreCase>false</ignoreCase><useRegEx>false</useRegEx></con:configuration></con:assertion><con:credentials><con:username>${#Project#adminSmp1Test}</con:username><con:password>${#Project#adminSmp1TestPassword}</con:password><con:selectedAuthProfile>Basic</con:selectedAuthProfile><con:addedBasicAuthenticationTypes>Basic</con:addedBasicAuthenticationTypes><con:preemptive>true</con:preemptive><con:authType>Preemptive</con:authType></con:credentials><con:jmsConfig JMSDeliveryMode="PERSISTENT"/><con:jmsPropertyConfig/><con:parameters/></con:restRequest></con:config></con:testStep><con:testStep type="restrequest" name="Get ServiceGroup USER_NOT_FOUND" id="374422d1-dc4f-4dba-a27d-bc110c13cc7a"><con:settings/><con:config service="SMP" resourcePath="/{ParticipantIdentifierScheme}::{ParticipantIdentifier}" methodName="GET ServiceGroup" xsi:type="con:RestRequestStep" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><con:restRequest name="Get ServiceGroup USER_NOT_FOUND" mediaType="application/xml" id="a9f15369-89e3-4e53-a448-a9881605a8b0"><con:settings><con:setting id="com.eviware.soapui.impl.wsdl.WsdlRequest@request-headers"><xml-fragment/></con:setting></con:settings><con:endpoint>${#Project#url}</con:endpoint><con:request/><con:originalUri>http://130.206.118.4/cipa-smp-full-webapp/iso6523-actorid-upis::0088:5798000000003</con:originalUri><con:assertion type="Valid HTTP Status Codes" id="bb579212-262c-4380-82df-c81be864bf71" name="Valid HTTP Status Codes"><con:configuration><codes>404</codes></con:configuration></con:assertion><con:credentials><con:selectedAuthProfile>Basic</con:selectedAuthProfile><con:addedBasicAuthenticationTypes>Basic</con:addedBasicAuthenticationTypes><con:preemptive>true</con:preemptive><con:authType>Preemptive</con:authType></con:credentials><con:jmsConfig JMSDeliveryMode="PERSISTENT"/><con:jmsPropertyConfig/><con:parameters/></con:restRequest></con:config></con:testStep><con:testStep type="restrequest" name="TEST Put ServiceGroup XSD_INVALID ParticipantID Occurence 0" id="65f5a5e8-7a1d-4b33-a0dd-0c6ea06b922b"><con:settings/><con:config service="SMP" resourcePath="/{ParticipantIdentifierScheme}::{ParticipantIdentifier}" methodName="PUT ServiceGroup" xsi:type="con:RestRequestStep" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><con:restRequest name="TEST Put ServiceGroup XSD_INVALID ParticipantID Occurence 0" mediaType="text/xml" postQueryString="false" id="e50d78e0-763f-4bfd-aa1c-f4dcc7595a2a"><con:settings><con:setting id="com.eviware.soapui.impl.wsdl.WsdlRequest@request-headers"><entry key="domain" value="${#Project#defaultDomainName}" xmlns="http://eviware.com/soapui/config"/></con:setting></con:settings><con:endpoint>${#Project#url}</con:endpoint><con:request><![CDATA[<ServiceGroup xmlns="http://docs.oasis-open.org/bdxr/ns/SMP/2016/05">
<ServiceMetadataReferenceCollection/>
<Extension>
<ex:Test xmlns:ex="http://test.eu">Test</ex:Test>
diff --git a/smp-spi/pom.xml b/smp-spi/pom.xml
index c284cccdf7ae4dac3ab81e6fbffc97652300d844..af00c6cf42fb744a0f817c39091940eeb8815746 100644
--- a/smp-spi/pom.xml
+++ b/smp-spi/pom.xml
@@ -17,7 +17,7 @@
<parent>
<groupId>eu.europa.ec.edelivery</groupId>
<artifactId>smp-modules</artifactId>
- <version>4.2-RC2-SNAPSHOT</version>
+ <version>5.0-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<artifactId>smp-spi</artifactId>
diff --git a/smp-webapp/pom.xml b/smp-webapp/pom.xml
index 0efbf01fea50314bdb2006b9d77e5d32496b04bb..bdb775609bbc63a628e4179dcca112b4825ebdd4 100644
--- a/smp-webapp/pom.xml
+++ b/smp-webapp/pom.xml
@@ -3,7 +3,7 @@
<parent>
<groupId>eu.europa.ec.edelivery</groupId>
<artifactId>smp-modules</artifactId>
- <version>4.2-RC2-SNAPSHOT</version>
+ <version>5.0-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<artifactId>smp</artifactId>
diff --git a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/external/ServiceGroupResource.java b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/external/ServiceGroupResource.java
index f0b73d770a1eac1dfafccc2f9adeb68cf0634fd9..0c4b9a354c4972d47b3366ef2c6f94bbd36a46e6 100644
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/external/ServiceGroupResource.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/external/ServiceGroupResource.java
@@ -87,7 +87,15 @@ public class ServiceGroupResource {
@Secured({SMPAuthority.S_AUTHORITY_TOKEN_SMP_ADMIN, SMPAuthority.S_AUTHORITY_TOKEN_SERVICE_GROUP_ADMIN})
public ServiceGroupRO getServiceGroupById(@PathVariable Long serviceGroupId) {
LOG.info("Get service group [{}]", serviceGroupId);
- return uiServiceGroupService.getServiceGroupById(serviceGroupId);
+ // SMP administrators are authorized by default
+ if (authorizationService.isSMPAdministrator()){
+ return uiServiceGroupService.getServiceGroupById(serviceGroupId);
+ } else {
+ // if not authorized by default check if is it an owner
+ authorizationService.getAndValidateUserDetails();
+ SMPUserDetails user = SessionSecurityUtils.getSessionUserDetails();
+ return uiServiceGroupService.getOwnedServiceGroupById(user.getUser().getId(), serviceGroupId);
+ }
}
@GetMapping(path = "{service-group-id}/extension", produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
@@ -109,7 +117,7 @@ public class ServiceGroupResource {
@Secured({SMPAuthority.S_AUTHORITY_TOKEN_SMP_ADMIN, SMPAuthority.S_AUTHORITY_TOKEN_SERVICE_GROUP_ADMIN})
public void updateServiceGroupList(@RequestBody ServiceGroupRO[] updateEntities) {
LOG.info("Update ServiceGroupRO count: " + updateEntities.length);
- uiServiceGroupService.updateServiceGroupList(Arrays.asList(updateEntities));
+ uiServiceGroupService.updateServiceGroupList(Arrays.asList(updateEntities), authorizationService.isSMPAdministrator());
}
private String decodeUrlToUTF8(String value) {
diff --git a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/internal/KeystoreResource.java b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/internal/KeystoreResource.java
index 7d8bb0ac8d7e7ecd8cabf75d2f34bc06a005c67f..7ac2a39ef6022a1a1f163de17cbd4312ea2be80d 100644
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/internal/KeystoreResource.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/internal/KeystoreResource.java
@@ -70,9 +70,8 @@ public class KeystoreResource {
payloadValidatorService.validateUploadedContent(new ByteArrayInputStream(fileBytes), MimeTypeUtils.APPLICATION_OCTET_STREAM_VALUE);
// try to open keystore
KeystoreImportResult keystoreImportResult = new KeystoreImportResult();
- KeyStore keyStore = null;
try {
- keyStore = KeyStore.getInstance(keystoreType);
+ KeyStore keyStore = KeyStore.getInstance(keystoreType);
keyStore.load(new ByteArrayInputStream(fileBytes), password.toCharArray());
LOG.debug(keyStore.aliases().nextElement());
uiKeystoreService.importKeys(keyStore, password);
@@ -81,7 +80,6 @@ public class KeystoreResource {
LOG.error(msg, e);
keystoreImportResult.setErrorMessage(msg);
}
-
return keystoreImportResult;
}
diff --git a/smp-webapp/src/main/smp-setup/database-scripts/migration from 4 .1.1 to 4.2/oracle10g-4.1.1_to_4.2.sql b/smp-webapp/src/main/smp-setup/database-scripts/migration from 4 .1.1 to 4.2/oracle10g-4.1.1_to_4.2.sql
index f56515042250fd5d6976318569fa4de71f7d5e17..f235473574b8f846e1521327d476a43142186636 100644
--- a/smp-webapp/src/main/smp-setup/database-scripts/migration from 4 .1.1 to 4.2/oracle10g-4.1.1_to_4.2.sql
+++ b/smp-webapp/src/main/smp-setup/database-scripts/migration from 4 .1.1 to 4.2/oracle10g-4.1.1_to_4.2.sql
@@ -1,13 +1,12 @@
-CREATE SEQUENCE smp_alert_prop_seq START WITH 1 INCREMENT BY 1;
+-- CREATE SEQUENCE smp_alert_prop_seq START WITH 1 INCREMENT BY 1;
-CREATE SEQUENCE smp_alert_seq START WITH 1 INCREMENT BY 1;
+-- CREATE SEQUENCE smp_alert_seq START WITH 1 INCREMENT BY 1;
-- set usernames for empty "users"
UPDATE smp_user
SET
- username = 'USERNAME_'
- || lpad(smp_user.id,3,'0')
+ username = 'USERNAME_' || smp_user.id
WHERE
username IS NULL;
@@ -214,4 +213,4 @@ SET
access_token_id = smp_user.username,
access_token = smp_user.password;
-COMMIT;
\ No newline at end of file
+COMMIT;
diff --git a/smp-webapp/src/main/smp-setup/database-scripts/mysql5innodb-drop.ddl b/smp-webapp/src/main/smp-setup/database-scripts/mysql5innodb-drop.ddl
index 506236cb393949f81649646b41f4af20a0413f7d..fa190b58be008507abe4092d3b5873552bc63e7b 100644
--- a/smp-webapp/src/main/smp-setup/database-scripts/mysql5innodb-drop.ddl
+++ b/smp-webapp/src/main/smp-setup/database-scripts/mysql5innodb-drop.ddl
@@ -1,5 +1,5 @@
-- ------------------------------------------------------------------------
--- This file was generated by hibernate for SMP version 4.2-RC2-SNAPSHOT.
+-- This file was generated by hibernate for SMP version 5.0-SNAPSHOT.
-- ------------------------------------------------------------------------
diff --git a/smp-webapp/src/main/smp-setup/database-scripts/mysql5innodb.ddl b/smp-webapp/src/main/smp-setup/database-scripts/mysql5innodb.ddl
index ceba8f2fef596b0ef41e89aedc4bad9ee8a5b01b..4ef6624f6504c2e945a9a964e26e8b350717398a 100644
--- a/smp-webapp/src/main/smp-setup/database-scripts/mysql5innodb.ddl
+++ b/smp-webapp/src/main/smp-setup/database-scripts/mysql5innodb.ddl
@@ -1,5 +1,5 @@
-- ------------------------------------------------------------------------
--- This file was generated by hibernate for SMP version 4.2-RC2-SNAPSHOT.
+-- This file was generated by hibernate for SMP version 5.0-SNAPSHOT.
-- ------------------------------------------------------------------------
diff --git a/smp-webapp/src/main/smp-setup/database-scripts/oracle10g-drop.ddl b/smp-webapp/src/main/smp-setup/database-scripts/oracle10g-drop.ddl
index 62558376a3cf541bf5ecf151faf5a20872faa197..6619045cd7626defa09c65135e57a2417da8f7bf 100644
--- a/smp-webapp/src/main/smp-setup/database-scripts/oracle10g-drop.ddl
+++ b/smp-webapp/src/main/smp-setup/database-scripts/oracle10g-drop.ddl
@@ -1,5 +1,5 @@
-- ------------------------------------------------------------------------
--- This file was generated by hibernate for SMP version 4.2-RC2-SNAPSHOT.
+-- This file was generated by hibernate for SMP version 5.0-SNAPSHOT.
-- ------------------------------------------------------------------------
diff --git a/smp-webapp/src/main/smp-setup/database-scripts/oracle10g.ddl b/smp-webapp/src/main/smp-setup/database-scripts/oracle10g.ddl
index 7e52f574397fd7a1d465eb63a529adb305fc48aa..c87600879d218d6f87009ef2c55203d047e55e27 100644
--- a/smp-webapp/src/main/smp-setup/database-scripts/oracle10g.ddl
+++ b/smp-webapp/src/main/smp-setup/database-scripts/oracle10g.ddl
@@ -1,5 +1,5 @@
-- ------------------------------------------------------------------------
--- This file was generated by hibernate for SMP version 4.2-RC2-SNAPSHOT.
+-- This file was generated by hibernate for SMP version 5.0-SNAPSHOT.
-- ------------------------------------------------------------------------
create sequence SMP_ALERT_PROP_SEQ start with 1 increment by 1;