diff --git a/smp-angular/src/app/app-info/smp-info.model.ts b/smp-angular/src/app/app-info/smp-info.model.ts
index ec155f98a10a9e3d9a799ae84ff440713d260067..f6818319c8bd32ee64abf6cb79a2be5c93d113b9 100644
--- a/smp-angular/src/app/app-info/smp-info.model.ts
+++ b/smp-angular/src/app/app-info/smp-info.model.ts
@@ -3,4 +3,5 @@ export interface SmpInfo {
contextPath?: string;
authTypes?: string[];
ssoAuthenticationLabel?: string;
+ ssoAuthenticationURI?: string;
}
diff --git a/smp-angular/src/app/common/global-lookups.ts b/smp-angular/src/app/common/global-lookups.ts
index faf29e10365a038bca9f8614befac33563503803..f76bd2865652be6cfa77264b5f5592862832e56d 100644
--- a/smp-angular/src/app/common/global-lookups.ts
+++ b/smp-angular/src/app/common/global-lookups.ts
@@ -28,7 +28,7 @@ export class GlobalLookups implements OnInit {
cachedCertificateList: Array<any> = [];
cachedCertificateAliasList: Array<String> = [];
cachedApplicationInfo: SmpInfo;
- cachedApplicationConfig: SmpConfig;
+ cachedApplicationConfig?: SmpConfig;
cachedTrustedCertificateList: Array<any> = [];
loginSubscription: Subscription;
@@ -40,22 +40,47 @@ export class GlobalLookups implements OnInit {
protected http: HttpClient,
private securityEventService: SecurityEventService) {
securityService.refreshLoggedUserFromServer();
- this.refreshDomainLookup();
+ this.refreshApplicationInfo();
+ this.refreshDomainLookupFromPublic();
+
+ securityEventService.onLoginSuccessEvent().subscribe(value => {
+ this.refreshLookupsOnLogin();
+ }
+ );
+
+ securityEventService.onLogoutSuccessEvent().subscribe(value => {
+ this.clearCachedLookups();
+ }
+ );
+ }
+
+ ngOnInit() {
+
+ }
+
+ public refreshLookupsOnLogin() {
+ this.refreshDomainLookupForLoggedUser();
this.refreshCertificateLookup();
this.refreshApplicationInfo();
this.refreshApplicationConfiguration();
this.refreshTrustedCertificateLookup();
}
- ngOnInit() {
+ public refreshDomainLookupFromPublic(){
+ let domainUrl = SmpConstants.REST_PUBLIC_DOMAIN_SEARCH;
+ this.refreshDomainLookup(domainUrl);
}
- public refreshDomainLookup() {
+ public refreshDomainLookupForLoggedUser() {
let domainUrl = SmpConstants.REST_PUBLIC_DOMAIN_SEARCH;
// for authenticated admin use internal url which returns more data!
if (this.securityService.isCurrentUserSMPAdmin() || this.securityService.isCurrentUserSystemAdmin()) {
domainUrl = SmpConstants.REST_INTERNAL_DOMAIN_MANAGE;
}
+ this.refreshDomainLookup(domainUrl);
+ }
+
+ public refreshDomainLookup(domainUrl: string) {
let params: HttpParams = new HttpParams()
.set('page', '-1')
.set('pageSize', '-1');
@@ -71,6 +96,7 @@ export class GlobalLookups implements OnInit {
});
}
+
public refreshApplicationInfo() {
this.http.get<SmpInfo>(SmpConstants.REST_PUBLIC_APPLICATION_INFO)
@@ -127,7 +153,15 @@ export class GlobalLookups implements OnInit {
console.log("Error occurred while loading user owners lookup [" + error + "]");
});
}
+ }
+ public clearCachedLookups() {
+ this.cachedCertificateList = [];
+ this.cachedTrustedCertificateList = [];
+ this.cachedServiceGroupOwnerList = [];
+ this.cachedApplicationConfig = null;
+ this.cachedDomainList = [];
+ this.refreshDomainLookupFromPublic();
}
public refreshCertificateLookup() {
diff --git a/smp-angular/src/app/domain/domain-controller.ts b/smp-angular/src/app/domain/domain-controller.ts
index 57298d0d2fe16e6bbef84da06ce10052d7608ede..aa87bf865a973b3b5004d7ba184cba861aca03f9 100644
--- a/smp-angular/src/app/domain/domain-controller.ts
+++ b/smp-angular/src/app/domain/domain-controller.ts
@@ -49,7 +49,7 @@ export class DomainController implements SearchTableController {
}
}
public dataSaved() {
- this.lookups.refreshDomainLookup();
+ this.lookups.refreshDomainLookupForLoggedUser();
}
validateDeleteOperation(rows: Array<SearchTableEntity>){
diff --git a/smp-angular/src/app/domain/domain.component.ts b/smp-angular/src/app/domain/domain.component.ts
index 380e27e9403c6b5aca4f592cf79f0a5d8e1aaef4..cf834ada45cb1af202991a127bee665e7562cc8f 100644
--- a/smp-angular/src/app/domain/domain.component.ts
+++ b/smp-angular/src/app/domain/domain.component.ts
@@ -258,7 +258,7 @@ export class DomainComponent implements AfterViewInit {
if (res) {
if (res.success) {
this.alertService.success("Domain " + domain.domainCode + " registered to sml!");
- this.lookups.refreshDomainLookup();
+ this.lookups.refreshDomainLookupForLoggedUser();
domain.smlRegistered = true;
} else {
this.alertService.exception('Error occurred while registering domain:' + domain.domainCode, res.errorMessage);
@@ -281,7 +281,7 @@ export class DomainComponent implements AfterViewInit {
if (res) {
if (res.success) {
this.alertService.success("Domain " + domain.domainCode + " unregistered from sml!");
- this.lookups.refreshDomainLookup();
+ this.lookups.refreshDomainLookupForLoggedUser();
domain.smlRegistered = false;
} else {
this.alertService.exception('Error occurred while unregistering domain:' + domain.domainCode, res.errorMessage);
diff --git a/smp-angular/src/app/login/login.component.html b/smp-angular/src/app/login/login.component.html
index ea31d2bda56502f75ddd718468c66f06490c35f8..338b1044e52444f57e121c21936badcfbcf5e40d 100644
--- a/smp-angular/src/app/login/login.component.html
+++ b/smp-angular/src/app/login/login.component.html
@@ -3,7 +3,7 @@
<mat-card *ngIf="isUserAuthSSOEnabled() == true" fxFlex="400px" [style]="'width:400px;height:300px;margin:10px'">
<mat-card-title>SSO Login: {{lookups.cachedApplicationInfo.ssoAuthenticationLabel}}</mat-card-title>
<mat-card-content style="align-items: center;justify-content: center;display: flex;height: 200px;">
- <a mat-raised-button color="primary" href="/smp/ui/rest/security/cas" [style]="'width=150px'">
+ <a mat-raised-button color="primary" href="{{lookups.cachedApplicationInfo.ssoAuthenticationURI}}" [style]="'width=150px'">
<mat-icon>input</mat-icon>
<span> SSO Login</span>
</a>
diff --git a/smp-angular/src/app/login/login.component.ts b/smp-angular/src/app/login/login.component.ts
index 82d77a78fc36677e8c596c5ea4af76e7ee564423..2c81104382c7a9f552c6023ddfdcf358c54aa661 100644
--- a/smp-angular/src/app/login/login.component.ts
+++ b/smp-angular/src/app/login/login.component.ts
@@ -56,7 +56,6 @@ export class LoginComponent implements OnInit, OnDestroy {
} else {
this.router.navigate([this.returnUrl]);
}
- this.lookups.refreshApplicationConfiguration();
});
this.securityEventService.onLoginErrorEvent().subscribe(
diff --git a/smp-angular/src/app/security/security.service.ts b/smp-angular/src/app/security/security.service.ts
index 43692c30fa27ab790d4d379dcf0e6420a1ec66ea..02210b828f37b12a9501550c6ceb23a9a0335431 100644
--- a/smp-angular/src/app/security/security.service.ts
+++ b/smp-angular/src/app/security/security.service.ts
@@ -6,6 +6,7 @@ import {HttpClient, HttpHeaders} from '@angular/common/http';
import {SmpConstants} from "../smp.constants";
import {Authority} from "./authority.model";
import {AlertMessageService} from "../common/alert-message/alert-message.service";
+import {GlobalLookups} from "../common/global-lookups";
@Injectable()
export class SecurityService {
@@ -16,6 +17,7 @@ export class SecurityService {
private http: HttpClient,
private alertService: AlertMessageService,
private securityEventService: SecurityEventService,
+ private lookups: GlobalLookups
) {
this.securityEventService.onLogoutSuccessEvent().subscribe(() => window.location.reload());
this.securityEventService.onLogoutErrorEvent().subscribe((error) => this.alertService.error(error));
diff --git a/smp-docker/compose/tomcat-mysql-smp-sml/docker-compose.yml b/smp-docker/compose/tomcat-mysql-smp-sml/docker-compose.yml
index e91550851b59c804b0c79b455c0da3c1bf9c8777..63bc8ddd7e465b34fdf4fddad9b74ad5b7ee579e 100644
--- a/smp-docker/compose/tomcat-mysql-smp-sml/docker-compose.yml
+++ b/smp-docker/compose/tomcat-mysql-smp-sml/docker-compose.yml
@@ -3,12 +3,32 @@ services:
tomcat-mysql-sml:
image: smp-sml-tomcat-mysql:${SMP_VERSION}
container_name: smp-sml-tomcat-mysql
+ hostname: eulogin.protected.smp.local
environment:
- - SMP_INIT_PROPERTIES=smp.passwordPolicy.expired.forceChange=false||smp.cluster.enabled=false
+ - SMP_INIT_PROPERTIES=smp.passwordPolicy.expired.forceChange=false
+ ||smp.cluster.enabled=false
+ ||smp.ui.authentication.types=PASSWORD|SSO
+ ||smp.sso.cas.url=https://eulogin-mock-server:7102/cas
+ ||smp.sso.cas.urlpath.login=login
+ ||smp.sso.cas.token.validation.urlpath=laxValidate
+ ||smp.sso.cas.callback.url=http://eulogin.protected.smp.local:8982/smp/ui/public/rest/security/cas
+
volumes:
- - ./properties/db-scripts:/tmp/custom-data/ # init script.
+ - ./properties/db-scripts:/tmp/custom-data/
+ - ./properties/keystores:/tmp/keystores/
ports:
- "3908:3306"
- "8982:8080"
- "6902:6901"
- "8953:53"
+
+ eulogin-mock-server:
+ image: edelivery-docker.devops.tech.ec.europa.eu/eulogin/mockserver:6.2.7
+ container_name: eulogin
+ hostname: eulogin-mock-server
+ volumes:
+ - ./eulogin/init-data:/resources/ecas-mock-server
+ # Map this folder to host to be able to change runtime data for manual testing!
+ # - ./eulogin/ecas-mock-server:/data/ecas-mock-server
+ ports:
+ - "7102:7102"
\ No newline at end of file
diff --git a/smp-docker/compose/tomcat-mysql-smp-sml/eulogin/ecas-mock-server/.disable_default_excludes b/smp-docker/compose/tomcat-mysql-smp-sml/eulogin/ecas-mock-server/.disable_default_excludes
new file mode 100644
index 0000000000000000000000000000000000000000..e5d41c1eff637329155b8c79af85d53dd0205b60
--- /dev/null
+++ b/smp-docker/compose/tomcat-mysql-smp-sml/eulogin/ecas-mock-server/.disable_default_excludes
@@ -0,0 +1,4 @@
+.gitignore is excluded when sharing artifacts on bamboo
+http://ant.apache.org/manual/dirtasks.html
+
+And we want this folder to be shared in order to keep the project structure.
\ No newline at end of file
diff --git a/smp-docker/compose/tomcat-mysql-smp-sml/eulogin/ecas-mock-server/.gitignore b/smp-docker/compose/tomcat-mysql-smp-sml/eulogin/ecas-mock-server/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..dd5392ff3e5b8f6fc530d32fe415332db0053194
--- /dev/null
+++ b/smp-docker/compose/tomcat-mysql-smp-sml/eulogin/ecas-mock-server/.gitignore
@@ -0,0 +1,5 @@
+# Ignore everything in this directory
+.gitignore
+# Except the following
+!.gitignore
+!.disable_default_excludes
\ No newline at end of file
diff --git a/smp-docker/compose/tomcat-mysql-smp-sml/eulogin/init-data/ecas-config-smp.properties b/smp-docker/compose/tomcat-mysql-smp-sml/eulogin/init-data/ecas-config-smp.properties
new file mode 100644
index 0000000000000000000000000000000000000000..a35c1ddfea79891a89f1698f875b76941c986d99
--- /dev/null
+++ b/smp-docker/compose/tomcat-mysql-smp-sml/eulogin/init-data/ecas-config-smp.properties
@@ -0,0 +1,484 @@
+###########################################################################
+# ECAS Client configuration properties #
+###########################################################################
+#### Note: System property to use an alternative name: eu.cec.digit.ecas.client.configFile
+#### E.g. -Deu.cec.digit.ecas.client.configFile=XXX.properties
+####
+#### Since version 1.9, conventional configuration file names can be used
+#### instead of the "configFile" property.
+####
+#### Conventional name = "ecas-config-" + escaped(context-path) + (".xml"||".properties")
+####
+#### where escaped() means replacing all '/' by '.'
+#### and context-path is the context path of your web application WITHOUT the starting slash '/'
+####
+#### e.g. "/dg-agri/ecas-demo" becomes "dg-agri.ecas-demo"
+#### thus, the conventional file name would be: "ecas-config-dg-agri.ecas-demo.properties"
+####
+#### The file using the conventional name prevails over the default file name ("ecas-config.properties")
+#### if both are available.
+###########################################################################
+## configFile:
+### Unique name of the external configuration file that contains
+### the actual ECAS Client configuration, if any.
+### [Optional]
+### [DefaultValue=none]
+#eu.cec.digit.ecas.client.configFile=ecas-config-myAppId.properties
+###########################################################################
+## configurationId:
+### Unique id for this ECAS Client configuration.
+### Can be used as key to retrieve this configuration in non-Web part of your application.
+### [Optional] [Deprecated]
+### [DefaultValue=null]
+#eu.cec.digit.ecas.client.filter.configurationId=eu.cec.myDG.myApp.myConfig
+###########################################################################
+## serverName:
+### Name of your host running the ECAS Client-protected application.
+### If you don't specify either 'serverName' or 'serviceUrl' or a custom 'serviceResolver',
+### the value is retrieved from the local server.
+### [Optional]
+### [DefaultValue=null]
+edu.yale.its.tp.cas.client.filter.serverName=eulogin.protected.smp.local
+###########################################################################
+## serviceUrl:
+### URL of your application.
+### Either 'serviceUrl' or 'serverName' is required.
+### Use this only if you have only one URL.
+### [Optional] [NOT recommended]
+#edu.yale.its.tp.cas.client.filter.serviceUrl=https://myHost:7002/myService
+###########################################################################
+## ecasServerDirectHostName:
+### Name of the host of the ECAS server for direct connections (without reverse proxy)
+### [Optional]
+### [DefaultValue=ecas.cc.cec.eu.int]
+#eu.cec.digit.ecas.client.filter.ecasServerDirectHostName=ecas.cc.cec.eu.int
+###########################################################################
+## ecasServerDirectOneWaySslPort:
+### One-Way SSL port of the ECAS server for direct connections (without reverse proxy)
+### [Optional]
+### [DefaultValue=7002]
+#eu.cec.digit.ecas.client.filter.ecasServerDirectOneWaySslPort=7002
+###########################################################################
+## ecasServerDirectTwoWaySslPort:
+### Two-Way SSL port of the ECAS server for direct connections (without reverse proxy)
+### [Optional]
+### [DefaultValue=7003]
+#eu.cec.digit.ecas.client.filter.ecasServerDirectTwoWaySslPort=7003
+###########################################################################
+## ecasServerReverseProxyHostName:
+### Name of the reverse proxy host in front of the ECAS server for proxied connections
+### [Optional]
+### [DefaultValue=null]
+#eu.cec.digit.ecas.client.filter.ecasServerReverseProxyHostName=webgate.ec.europa.eu
+###########################################################################
+## ecasServerReverseProxyPort:
+### Port of the reverse proxy in front of the ECAS server for proxied connections
+### [Optional]
+### [DefaultValue=none]
+#eu.cec.digit.ecas.client.filter.ecasServerReverseProxyPort=443
+###########################################################################
+## ecasBaseUrl:
+### Base URL for all ECAS URLs when they are specified as relative URLs.
+### If defined, prevails over the ECAS server URL properties named 'ecasServerDirect...' and 'ecasServerReverseProxy...'
+### [Optional]
+### [DefaultValue=https://ecas.cc.cec.eu.int:7002]
+eu.cec.digit.ecas.client.filter.ecasBaseUrl=https://eulogin-mock-server:7102
+###########################################################################
+## initLoginUrl:
+### ECAS Server init login URL.
+### [Optional]
+### [DefaultValue=/cas/login/init]
+#eu.cec.digit.ecas.client.filter.initLoginUrl=/cas/login/init
+###########################################################################
+## loginUrl:
+### ECAS Server login URL.
+### [Optional]
+### [DefaultValue=/cas/login]
+#edu.yale.its.tp.cas.client.filter.loginUrl=/cas/login
+###########################################################################
+## validateUrl:
+### ECAS Server Validation URL.
+### [Optional]
+### [DefaultValue=/cas/TicketValidationService]
+### LegalValue:
+#edu.yale.its.tp.cas.client.filter.validateUrl=/cas/TicketValidationService
+###########################################################################
+## proxyUrl:
+### ECAS Server Proxy URL.
+### [Optional] [For ECASProxies]
+### [DefaultValue=/cas/proxy]
+#edu.yale.its.tp.cas.client.filter.proxyUrl=/cas/proxy
+###########################################################################
+## renew:
+### Use 'renew' to always force renew (i.e. force to re-authenticate
+### by re-entering login and password).
+### [Optional] [NOT recommended]
+### [DefaultValue=false]
+#edu.yale.its.tp.cas.client.filter.renew=false
+###########################################################################
+## authorizedProxy:
+### The one and only one ECAS proxy authorized to access your application using
+### proxy tickets.
+### [Optional] [Deprecated]
+### [NOT recommended] [For applications used by ECAS Proxy clients]
+### [DefaultValue=none]
+#edu.yale.its.tp.cas.client.filter.authorizedProxy=https://host.cec.eu.int/someService
+###########################################################################
+## serverProtocol:
+### Protocol can be either http or https.
+### This is only needed for applications behind a reverse proxy that want
+### to overwrite the protocol of the local server (i.e. when the
+### application is not accessible internally and when the reverse proxy
+### protocol is different from the local server's protocol)
+### [Optional]
+### [DefaultValue=none]
+### LegalValues:
+#eu.cec.digit.ecas.client.filter.serverProtocol=http
+#eu.cec.digit.ecas.client.filter.serverProtocol=https
+#eu.cec.digit.ecas.client.filter.serverProtocol=dynamic
+###########################################################################
+## serverPort:
+### HTTP port of your host.
+### [Optional]
+### [DefaultValue=none]
+#eu.cec.digit.ecas.client.filter.serverPort=7001
+###########################################################################
+## serverSSLPort:
+### HTTPS port of your host.
+### [Optional]
+### [DefaultValue=none]
+#eu.cec.digit.ecas.client.filter.serverSSLPort=7002
+###########################################################################
+## serverContextPath:
+### Context root of the application.
+### Must begin with a slash '/'.
+### This is only needed for applications behind a reverse proxy that modifies
+### the local application's context root and when the application is only
+### accessible through that reverse proxy.
+### [Optional]
+### [DefaultValue=none]
+#eu.cec.digit.ecas.client.filter.serverContextPath=/myProxiedApplicationContextPath
+###########################################################################
+## authorizedProxies:
+### The comma-separated list of ECAS proxies authorized to access your application
+### using proxy tickets.
+### [Optional] [For applications used by ECAS Proxy clients]
+### [DefaultValue=none]
+#eu.cec.digit.ecas.client.filter.authorizedProxies=https://host1.cec.eu.int/service1,\
+#https://host2.cec.eu.int/service2,https://host3.cec.eu.int/service3,\
+#https://host4.cec.eu.int/service4
+###########################################################################
+## proxyChainTrustHandler:
+### Class implementating proxyChainTrustHandlerIntf to be used.
+### [Optional] [For applications used by ECAS Proxy clients]
+### [DefaultValue=eu.cec.digit.ecas.client.validation.ProxyChainTrustHandler]
+### ProvidedImplementations:
+#eu.cec.digit.ecas.client.filter.proxyChainTrustHandler=eu.cec.digit.ecas.client.validation.ProxyChainTrustHandler
+#eu.cec.digit.ecas.client.filter.proxyChainTrustHandler=eu.cec.digit.ecas.client.validation.FirstParentProxyChainTrustHandler
+###########################################################################
+## proxyCallbackUrl:
+### URL of your application used to receive ProxyTickets from the ECAS Server.
+### [Optional] [For ECASProxies]
+### [DefaultValue=none]
+#eu.cec.digit.ecas.client.filter.proxyCallbackUrl=https://myHost:7002/myService/proxy
+###########################################################################
+## applicationServer:
+### Type of application server.
+### [Optional] [Deprecated]
+### [DefaultValue=weblogic]
+#eu.cec.digit.ecas.client.filter.applicationServer=weblogic
+###########################################################################
+## groups:
+### Comma-separated list of groups to ask ECAS.
+### [Optional]
+### [DefaultValue=none]
+eu.cec.digit.ecas.client.filter.groups=*
+###########################################################################
+## acceptStrengths:
+### [Optional]
+### [DefaultValue=PASSWORD,PASSWORD_SMS,PASSWORD_TOKEN,CLIENT_CERT]
+### For the mock-up server, use BASIC strength.
+### LegalValues:
+#eu.cec.digit.ecas.client.filter.acceptStrengths=BASIC
+#eu.cec.digit.ecas.client.filter.acceptStrengths=PASSWORD,PASSWORD_SMS,PASSWORD_TOKEN,CLIENT_CERT
+eu.cec.digit.ecas.client.filter.acceptStrengths=BASIC,MOBILE_APP,PASSWORD_MOBILE_APP,PASSWORD_SOFTWARE_TOKEN,PASSWORD_SMS,PASSWORD_TOKEN,PASSWORD_TOKEN_CRAM,STORK,SOCIAL_NETWORKS,CLIENT_CERT
+###########################################################################
+## maxConnections:
+### [Optional]
+### [DefaultValue=2]
+eu.cec.digit.ecas.client.filter.maxConnections=5
+###########################################################################
+## connectionTimeout:
+### [Optional]
+### [DefaultValue=180000] [unit=milliseconds]
+eu.cec.digit.ecas.client.filter.connectionTimeout=60000
+###########################################################################
+## strictSSLHostnameVerification:
+### [Optional]
+### [DefaultValue=true]
+eu.cec.digit.ecas.client.filter.strictSSLHostnameVerification=true
+###########################################################################
+## extraGroupHandler:
+### [Optional]
+### [DefaultValue=none]
+eu.cec.digit.ecas.client.filter.extraGroupHandler=eu.cec.digit.ecas.client.validation.CompositeUserDetailsExtraGroupHandler
+eu.cec.digit.ecas.client.filter.param.name.composite-extra-group-handlers=composite-extra-group-handlers
+eu.cec.digit.ecas.client.filter.param.value.composite-extra-group-handlers=examples.groups.DepartmentNumberExtraGroupHandler,examples.groups.DomainExtraGroupHandler,examples.groups.EmployeeTypeExtraGroupHandler
+###########################################################################
+## authEventListeners:
+### [Optional]
+### [DefaultValue=none]
+eu.cec.digit.ecas.client.filter.authEventListeners=eu.cec.digit.ecas.client.event.StatsEventListener
+###########################################################################
+## configurationOrder:
+### Defines the configuration order to use.
+### 'mbean' means the EcasIdentityAsserter MBean,
+### 'file' means the external configuration file (usually called ecas-config.xml or ecas-config.properties),
+### 'descriptor' means the resource or deployment descriptor (such as web.xml),
+### '<<' means 'overridden by'.
+### The default configuration chain order is 'mbean << file << descriptor',
+### which means first the MBean configuration, then the external file,
+### then the deployment descriptor, each time overriding already defined properties.
+### Hence, with the default value, the deployment descriptor takes precedence over the external file,
+### and the external file takes precedence over the MBean.
+### Another useful configuration for single-application domains is 'file << descriptor << mbean',
+### where it is the MBean that prevails instead of the descriptor for application entirely
+### configurable by the WebLogic Domain Administrator.
+### [Optional]
+### [DefaultValue=mbean << file << descriptor]
+eu.cec.digit.ecas.client.filter.configurationOrder=mbean << file
+###########################################################################
+## initSignatureUrl:
+### ECAS Server Signature init URL to negotiate a SignatureRequestId.
+### [Optional]
+### [DefaultValue=/cas/signature/init]
+#eu.cec.digit.ecas.client.filter.initSignatureUrl=/cas/signature/init
+###########################################################################
+## signatureUrl:
+### ECAS Server Signature page where the user performs the signature by re-authenticating.
+### [Optional]
+### [DefaultValue=/cas/signature/sign.cgi]
+#eu.cec.digit.ecas.client.filter.signatureUrl=/cas/signature/sign.cgi
+###########################################################################
+## retrieveSignatureUrl:
+### ECAS Server Signature get URL where applications retrieve signed XML documents.
+### [Optional]
+### [DefaultValue=/cas/signature/get]
+#eu.cec.digit.ecas.client.filter.retrieveSignatureUrl=/cas/signature/get
+###########################################################################
+## transactionUrl:
+### ECAS Server Signature transaction URL where applications sign XML documents based upon ECAS Proxy Tickets.
+### [Optional]
+### [DefaultValue=/cas/transaction/sign]
+#eu.cec.digit.ecas.client.filter.transactionUrl=/cas/transaction/sign
+###########################################################################
+## certificateRevocationUrl:
+### ECAS Server Signature certificateRevocation URL where applications can ask ECAS whether the signature certificate is valid.
+### [Optional]
+### [DefaultValue=/cas/signature/certValidate]
+#eu.cec.digit.ecas.client.filter.certificateRevocationUrl=/cas/signature/certValidate
+###########################################################################
+## requestingUserDetails:
+### Set "requestingUserDetails" on "true" to always request all additional user details such as
+### the domain, the username in this domain, first name, last name, email, department number, etc.
+### [Optional]
+### [DefaultValue=false]
+eu.cec.digit.ecas.client.filter.requestingUserDetails=true
+###########################################################################
+## serviceResolver:
+### Set "serviceResolver" to replace the default implementation using the
+### serverName or serviceUrl properties to construct the original service.
+### [Optional]
+### [DefaultValue=eu.cec.digit.ecas.client.resolver.service.DefaultServiceResolver]
+### ProvidedImplementations:
+#eu.cec.digit.ecas.client.filter.serviceResolver=eu.cec.digit.ecas.client.resolver.service.DefaultServiceResolver
+#eu.cec.digit.ecas.client.filter.serviceResolver=eu.cec.digit.ecas.client.resolver.service.ReverseProxyAwareServiceResolver
+###########################################################################
+### Custom configuration parameter name labelled "serviceResolverHeader":
+### [Optional]
+### Note that a custom parameter must have both a param.name and a param.value
+#eu.cec.digit.ecas.client.filter.param.name.serviceResolverHeader=serviceResolverHeader
+###########################################################################
+### Custom configuration parameter value for "serviceResolverHeader":
+### [Optional]
+### Note that a custom parameter must have both a param.name and a param.value
+#eu.cec.digit.ecas.client.filter.param.value.serviceResolverHeader=X-ori-url
+###########################################################################
+# loginDateValidator
+### Strategy to override the expiration of the SSO session.
+### Allows to refuse users who were authenticated too long ago.
+#eu.cec.digit.ecas.client.filter.loginDateValidator=eu.cec.digit.ecas.client.configuration.DummyLoginDateValidator
+#eu.cec.digit.ecas.client.filter.param.name.loginDateExpirationInMillis=loginDateExpirationInMillis
+# one hour:
+#eu.cec.digit.ecas.client.filter.param.value.loginDateExpirationInMillis=3600000
+###########################################################################
+# reSubmitPosts
+### Whether to re-submit form parameters that are posted to protected
+### resources while the user is not yet authenticated.
+### [Optional]
+### [DefaultValue=false]
+eu.cec.digit.ecas.client.filter.reSubmitPosts=true
+###########################################################################
+## httpRedirector
+### The implementation of HttpRedirector to use to redirect to the ECAS Server login URL.
+### [Optional]
+### [DefaultValue=eu.cec.digit.ecas.client.http.DefaultHttpRedirector]
+### ProvidedImplementations:
+#eu.cec.digit.ecas.client.filter.httpRedirector=eu.cec.digit.ecas.client.http.DefaultHttpRedirector
+#eu.cec.digit.ecas.client.filter.httpRedirector=eu.cec.digit.ecas.client.http.BrowserPostRedirector
+#eu.cec.digit.ecas.client.filter.httpRedirector=eu.cec.digit.ecas.client.http.LegacyHttpRedirector
+#eu.cec.digit.ecas.client.filter.httpRedirector=eu.cec.digit.ecas.client.http.ajax.JsonHttpRedirector
+#eu.cec.digit.ecas.client.filter.httpRedirector=eu.cec.digit.ecas.client.http.JavascriptHttpRedirector
+#eu.cec.digit.ecas.client.filter.httpRedirector=eu.cec.digit.ecas.client.http.LegacyJavascriptHttpRedirector
+###########################################################################
+## trustNonEcasJEESubject
+### Whether or not to trust users who are authenticated by the JEE container with another mechanism than ECAS.
+### If true, those users are not re-authenticated with ECAS but are granted immediate access into the application.
+### If false, these JEE-already-authenticated users are re-authenticated with ECAS for requests which are filtered
+### either by the GatewayFilter or the legacy EcasFilter.
+### This property has no effect when using security-constraints or a WebLogic Identity Assertion Provider.
+### [Optional]
+### [DefaultValue=false]
+#eu.cec.digit.ecas.client.filter.trustNonEcasJEESubject=true
+###########################################################################
+## acceptedTicketTypes
+### The "acceptedTicketTypes" property is the sequence of ECAS ticket-types accepted by the application.
+### If users try to access the application with other ticket types than the ones specified here,
+### an INVALID_TICKET error code is returned by ECAS.
+### [Optional]
+### [DefaultValue=SERVICE,PROXY]
+#### Legal values: SERVICE,PROXY,DESKTOP or a combination
+#eu.cec.digit.ecas.client.filter.acceptedTicketTypes=SERVICE
+#eu.cec.digit.ecas.client.filter.acceptedTicketTypes=SERVICE,PROXY
+#eu.cec.digit.ecas.client.filter.acceptedTicketTypes=SERVICE,PROXY,DESKTOP
+eu.cec.digit.ecas.client.filter.acceptedTicketTypes=SERVICE,PROXY,DESKTOP
+###########################################################################
+## assuranceLevel
+### The "assuranceLevel" property is the level of assurance in the user's identity
+### the application requires to grant access.
+### If users with assurance levels lower than the one configured here try to access the application,
+### an INVALID_USER error code is returned by ECAS.
+### [Optional]
+### [DefaultValue=TOP]
+#### Legal values: TOP,HIGH,MEDIUM,LOW,NO_ASSURANCE
+#eu.cec.digit.ecas.client.filter.assuranceLevel=TOP
+#eu.cec.digit.ecas.client.filter.assuranceLevel=HIGH
+#eu.cec.digit.ecas.client.filter.assuranceLevel=MEDIUM
+#eu.cec.digit.ecas.client.filter.assuranceLevel=LOW
+###########################################################################
+## proxyGrantingProtocol
+### The "proxyGrantingProtocol" property is used to specify the protocol to be used
+### to obtain ProxyGrantingTickets (PGT).
+### [Optional]
+### [DefaultValue=none]
+#### Legal values: PGT_URL,CLIENT_CERT,DESKTOP
+#eu.cec.digit.ecas.client.filter.proxyGrantingProtocol=PGT_URL
+#eu.cec.digit.ecas.client.filter.proxyGrantingProtocol=CLIENT_CERT
+#eu.cec.digit.ecas.client.filter.proxyGrantingProtocol=DESKTOP
+###########################################################################
+## trustedCertificates
+### The "trustedCertificates" property is used to specify the comma-separated list of base64-encoded X.509 certificates of the
+### trusted Certificate Authorities used for SSL by the ECAS server or mockup server.
+### [Optional]
+### [DefaultValue=none]
+#eu.cec.digit.ecas.client.filter.trustedCertificates=MIIDLTCCAhWgAwIBAgIBATANBgkqhkiG9w0BAQUFADAmMSQwIgYDVQQDExtFdXJv\
+#cGVhbiBDb21taXNzaW9uIFJvb3QgQ0EwHhcNMDMwMTIxMTgwMTM4WhcNMTIxMjMx\
+#MTgwMTM4WjAmMSQwIgYDVQQDExtFdXJvcGVhbiBDb21taXNzaW9uIFJvb3QgQ0Ew\
+#ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2qIU7u75rPCUqzM0a0HT4\
+#eSMa+bFzSWcIxqJU1dPY1WGkqsee8rom3waf3scuIXHdk6CL43+s2zMrd0W8gyLL\
+#DBN46Z4BG9dIyhvHTlGTg7grVvHypbsvgC0lzb7xM/oFFs4AVUVqNgQPx1bELB3s\
+#t3NZRLUvFWNHXWDzR6CC/JTznn7NYBB0OScX7oMjYPQFL6n7vgKIVaU7YcZ+tJ6r\
+#a4oVt7zu3seiBzO0gijTcvlZ8PMIZUc21DnV2PtFgzaq5iem8mGdlVZXyL6MzbRx\
+#d4GIODPnWpCKABHd8dUMbbkOtkp1HMEQmaEdYr4zFFs53Snq4YZzFFhxRrfZCZfj\
+#AgMBAAGjZjBkMB8GA1UdIwQYMBaAFI+na6QQzxN0Z0ZdrF1wdDKuMkbbMB0GA1Ud\
+#DgQWBBSPp2ukEM8TdGdGXaxdcHQyrjJG2zAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0T\
+#AQH/BAgwBgEB/wIBATANBgkqhkiG9w0BAQUFAAOCAQEAaPuj04oBLi6JExkkOzJX\
+#yYf+x0/dXXEt8oknr2qlfyaM2R6PXVcqE6HKtRcvxzuDSrgEHBb8N9k21YuF6ftM\
+#QeQTyRcJVJVuTW29Vw+vxj/NPqGSjpWTWA32jd2FqM8lcrw8JQ+cOtCMYxdjBb6j\
+#AJ9yiZ6AScEWGlN6hUS/KFZByKEnQTLiJ9BHooB651e1+TYs8BA3LuSYi3xKYniT\
+#sjde9nvePJAhTsxjs+oJklZiNR5yR6w385ah5Lgqyieb3+jAVfgExjc+h2hayOAl\
+#0/y2h8gQOlDzNRPUUftrUo9dMKJqAAyZyH18HH3kYbJ+9iy/cmHXY8OU5AdqTS/F\
+#hg\=\=\
+#,...\
+#,...\
+#,...
+###########################################################################
+## applicationSecurityLevel
+### The "applicationSecurityLevel" property is the level of security this application requires
+### [Optional]
+### [DefaultValue=NO_SECURITY]
+#### Legal values: TOP,HIGH,MEDIUM,LOW,NO_SECURITY
+#eu.cec.digit.ecas.client.filter.applicationSecurityLevel=TOP
+#eu.cec.digit.ecas.client.filter.applicationSecurityLevel=HIGH
+#eu.cec.digit.ecas.client.filter.applicationSecurityLevel=MEDIUM
+#eu.cec.digit.ecas.client.filter.applicationSecurityLevel=LOW
+###########################################################################
+## negotiatePrivateServiceTicket
+### The "negotiatePrivateServiceTicket" property controls whether or not the ECAS ticket must be
+### sent in the service URL or can be pre-negotiated when LoginRequestTransactions are
+### enabled (via a configured HttpRedirector equal to eu.cec.digit.ecas.client.http.DefaultHttpRedirector
+### or eu.cec.digit.ecas.client.http.BrowserPostRedirector).
+### If "true", the ticket is not sent in the service URL but is only sent through the back-channel
+### between the application and the ECAS server over SSL/TLS.
+### [Optional]
+### [DefaultValue=false]
+#### Legal values: false,true
+#eu.cec.digit.ecas.client.filter.negotiatePrivateServiceTicket=false
+#eu.cec.digit.ecas.client.filter.negotiatePrivateServiceTicket=true
+###########################################################################
+## advancedHttpSessionManagement
+### The "advancedHttpSessionManagement" property controls whether HTTP state management through the establishment of the HttpSession is mandatory.
+### If "true", the ECAS Client will take appropriate care to enforce that a valid HttpSession is created and maintained.
+### Otherwise, these actions are not undertaken.
+### You should let this value to "true" unless your end-users are only Web service clients unable to maintain cookie-based HttpSessions.
+### [Optional]
+### [DefaultValue=true]
+#### Legal values: true,false
+#eu.cec.digit.ecas.client.filter.advancedHttpSessionManagement=true
+#eu.cec.digit.ecas.client.filter.advancedHttpSessionManagement=false
+###########################################################################
+## ticketResolver:
+### Set "ticketResolver" to replace the default implementation.
+### [Optional]
+### [DefaultValue=eu.cec.digit.ecas.client.resolver.ticket.DefaultTicketResolver]
+### ProvidedImplementations:
+#eu.cec.digit.ecas.client.filter.ticketResolver=eu.cec.digit.ecas.client.resolver.ticket.DefaultTicketResolver
+###########################################################################
+## redirectionInterceptors:
+### Set "redirectionInterceptors" to replace the default implementation.
+### [Optional]
+### [DefaultValue=eu.cec.digit.ecas.client.http.robot.DefaultRobotInterceptor]
+### ProvidedImplementations:
+#eu.cec.digit.ecas.client.filter.redirectionInterceptors=eu.cec.digit.ecas.client.http.robot.DefaultRobotInterceptor
+#eu.cec.digit.ecas.client.filter.redirectionInterceptors=eu.cec.digit.ecas.client.http.robot.BlindRobotInterceptor
+#eu.cec.digit.ecas.client.filter.redirectionInterceptors=eu.cec.digit.ecas.client.http.robot.OnlyRobotInterceptor
+#eu.cec.digit.ecas.client.filter.redirectionInterceptors=eu.cec.digit.ecas.client.http.robot.DefaultRobotInterceptor, eu.cec.digit.ecas.client.http.ajax.UnauthorizedAjaxRedirectionInterceptor
+#eu.cec.digit.ecas.client.filter.redirectionInterceptors=eu.cec.digit.ecas.client.http.robot.DefaultRobotInterceptor, eu.cec.digit.ecas.client.http.ajax.JsonAjaxRedirectionInterceptor
+###########################################################################
+## extendedUserDetailsTypeMapper:
+### Set "extendedUserDetailsTypeMapper" to plugin your implementation of the eu.cec.digit.ecas.client.validation.ExtendedUserDetailsTypeMapper interface,
+### which is used to type extendedUserDetails instead of using a Map of Strings.
+### [Optional]
+### [DefaultValue=none]
+### Example:
+#eu.cec.digit.ecas.client.filter.extendedUserDetailsTypeMapper=eu.europa.ec.mydg.myapp.MyExtendedUserDetailsTypeMapper
+###########################################################################
+## singleLogoutCallbackUrl:
+### URL of your application used to receive LogoutRequests from the ECAS Server (for the Single Sign-Out Protocol).
+### [Optional] [For Clustered environments without HttpSession replication]
+### [DefaultValue=none]
+#eu.cec.digit.ecas.client.filter.singleLogoutCallbackUrl=https://myHost:7002/myService/singleLogout
+###########################################################################
+## configurationAdapterSelector:
+### Set "configurationAdapterSelector" to replace the default implementation.
+### [Optional]
+### [DefaultValue=eu.cec.digit.ecas.client.configuration.IdemConfigurationAdapterSelector]
+### ProvidedImplementations:
+#eu.cec.digit.ecas.client.filter.configurationAdapterSelector=eu.cec.digit.ecas.client.configuration.IdemConfigurationAdapterSelector
+###########################################################################
+## baseCallbackUrl:
+### The prefix to append to other callback URL properties when they are set as relative URLs.
+### [Optional]
+### [DefaultValue=none]
+#eu.cec.digit.ecas.client.filter.baseCallbackUrl=https://myHost:7002/myContextPath
+###########################################################################
diff --git a/smp-docker/compose/tomcat-mysql-smp-sml/eulogin/init-data/ecas.properties b/smp-docker/compose/tomcat-mysql-smp-sml/eulogin/init-data/ecas.properties
new file mode 100644
index 0000000000000000000000000000000000000000..775f9d9b59b1a5a9b25bd82e4238264d2ce2a429
--- /dev/null
+++ b/smp-docker/compose/tomcat-mysql-smp-sml/eulogin/init-data/ecas.properties
@@ -0,0 +1,547 @@
+#
+# ECAS Software
+# Copyright (c) 2014 European Commission
+# Licensed under the EUPL
+# You may not use this work except in compliance with the Licence.
+# You may obtain a copy of the Licence at:
+# http://ec.europa.eu/idabc/eupl
+#
+# This product includes the CAS software developed by Yale University,
+# Copyright (c) 2000-2004 Yale University. All rights reserved.
+# THE CAS SOFTWARE IS PROVIDED "AS IS," AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, ARE EXPRESSLY
+# DISCLAIMED. IN NO EVENT SHALL YALE UNIVERSITY OR ITS EMPLOYEES BE
+# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED, THE COSTS OF
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA OR
+# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED IN ADVANCE OF THE POSSIBILITY OF SUCH
+# DAMAGE.
+#
+
+###############################################################################
+# #
+# ECAS Server properties file - ecas.properties #
+# #
+###############################################################################
+ejb/LDAP/ContextFactory=
+ejb/LDAP/Strong/BaseDN=dc=commission,dc=europa,dc=eu
+strong.ldap.passwordPolicies.dn=,dc=commission,dc=europa,dc=eu
+ejb/LDAP/MailSettingsDn=,dc=commission,dc=europa,dc=eu
+ejb/Mail/URL=https://mockupserver:1234/ecas/
+strong.ldap.openidconnect.applications.dn=ou=OpenIDConnect,ou=ClientApplications,dc=commission,dc=europa,dc=eu
+
+ejb/external/details/url=
+ejb/LDAP/Master=dummy
+
+# Timeout settings for the ticket caches:
+edu.yale.its.tp.cas.grantingTimeout=46800
+edu.yale.its.tp.cas.serviceTimeout=300
+edu.yale.its.tp.cas.loginTimeout=3600
+eu.cec.digit.ecas.transactionTimeout=600
+eu.cec.digit.ecas.signatureTimeout=3600
+eu.cec.digit.ecas.loginRequestTransactionTimeout=3600
+
+strong.ldap.pool.maxActive=
+strong.ldap.pool.maxIdle=
+strong.ldap.pool.maxWait=
+strong.ldap.pool.minIdle=
+strong.ldap.pool.batchIncrement=
+strong.ldap.pool.numTestsPerEvictionRun=
+strong.ldap.pool.testOnCreate=
+strong.ldap.pool.testOnBorrow=
+strong.ldap.pool.testOnReturn=
+strong.ldap.pool.testWhileIdle=
+strong.ldap.pool.timeBetweenEvictionRunsMillis=
+strong.ldap.pool.minEvictableIdleTimeMillis=
+strong.ldap.pool.softMinEvictableIdleTimeMillis=
+strong.ldap.pool.whenExhaustedAction=
+strong.ldap.pool.monitor.creation=
+strong.ldap.pool.monitor.destruction=
+strong.ldap.pool.monitor.validation=
+strong.ldap.pool.monitor.activation=
+strong.ldap.pool.monitor.passivation=
+strong.ldap.pool.command.timeout.millis=
+strong.ldap.pool.connect.timeout.millis=15000
+strong.ldap.pool.read.timeout.millis=15000
+
+# GUESTS:
+guests.cudgroup=AIDA_SELFRG
+
+# For now, the GroupHandler implementing class has to match the one in ecas-jaas.config
+ecas.auth.groupHandler=eu.cec.digit.ecas.auth.provider.EcasGroupHandler
+## The defaultStrength used for authentication, may be PASSWORD for a real ECAS or BASIC for a Mock-up Server
+ecas.auth.defaultStrength=BASIC
+## The ordered list of strengths which can be used in ECAS (all the strengths defined here must also exist in ecas-jaas.config)
+## The order of the strengths is only taken from this property (the order in JAAS does not matter)
+ecas.auth.orderedEnabledStrengths=BASIC,MOBILE_APP,PASSWORD_MOBILE_APP,PASSWORD_SOFTWARE_TOKEN,PASSWORD_SMS,PASSWORD_TOKEN,PASSWORD_TOKEN_CRAM,STORK,SOCIAL_NETWORKS,CLIENT_CERT
+## These are the default strengths for /cas/login, which are used only when no strength is requested by the client:
+ecas.auth.ecas.defaultStrengths=BASIC,MOBILE_APP,PASSWORD_MOBILE_APP,PASSWORD_SOFTWARE_TOKEN,PASSWORD_SMS,PASSWORD_TOKEN,PASSWORD_TOKEN_CRAM,STORK,SOCIAL_NETWORKS,CLIENT_CERT
+## These are the previous default strengths per version, which are used only when no strength is requested by the client:
+ecas.auth.client.defaultStrengths.version.1.11=BASIC,CLIENT_CERT
+ecas.auth.client.defaultStrengths.version.1.18=BASIC,PASSWORD_SMS,CLIENT_CERT
+ecas.auth.client.defaultStrengths.version.3.1=BASIC,PASSWORD_SMS,PASSWORD_TOKEN,CLIENT_CERT
+
+ecas.auth.adminStrengths=PASSWORD_SMS,MOBILE_APP,PASSWORD_MOBILE_APP,PASSWORD_SOFTWARE_TOKEN,PASSWORD_SMS,PASSWORD_TOKEN,PASSWORD_TOKEN_CRAM
+ecas.auth.admin.multiFactorEnforced=true
+ecas.auth.jaasConfigFile=ecas-jaas.config
+
+# Do we have to check whether new passwords are the same as basic passwords (Internet) ?
+ecas.policy.basicPassword.checkEnabled=true
+
+# Stats persistence interval in milliseconds:
+stats.persistence.interval=300000
+
+contextRoot.cas=cas
+#contextRoot.ecas=cas/ec
+contextRoot.ecas.redir=ecas
+
+ecas.hostname=eulogin-mock-server
+ecas.port.HTTP=7101
+ecas.port.HTTPS=7102
+ecas.port.HTTPS.2waySSL=7103
+
+ecas.production.hostname=ecas.cc.cec.eu.int
+ecas.production.port.HTTP=7001
+ecas.production.port.HTTPS=7002
+ecas.production.port.HTTPS.2waySSL=7003
+
+# expected concurrency level (i.e. number of concurrent threads):
+expectedConcurrency=64
+
+authentication.domains.dn=ou=AuthenticationDomains,dc=commission,dc=europa,dc=eu
+domain.categories.dn=ou=DomainCategories,dc=commission,dc=europa,dc=eu
+
+# implementation classes:
+signature.service=eu.cec.digit.ecas.signature.impl.SignatureControllerImpl
+
+# DaoFactory:
+dao.factory=eu.cec.digit.ecas.data.impl.PropertyDaoFactory
+dao.user=eu.europa.ec.ecas.mockup.data.impl.UserSaxDao
+dao.policy.attributes=eu.europa.ec.ecas.mockup.data.impl.PropertyFilePolicyAttributesDao
+dao.authentication.domainsAndCategories=eu.europa.ec.ecas.mockup.data.memory.MemoryAuthenticationDomainsAndCategoriesDao
+dao.mail.settings=eu.europa.ec.ecas.mockup.data.memory.MemoryMailSettingsDAO
+dao.registration.service=eu.cec.digit.ecas.registration.persistence.impl.DerbyServiceRegistrationDAO
+dao.messageResources=eu.cec.digit.ecas.data.impl.derby.DerbyMessageResourcesDAO
+dao.monitoringConfig=eu.cec.digit.ecas.data.impl.derby.DerbyMonitoringConfigDAO
+dao.antiAbuseProxyConfig=eu.cec.digit.ecas.data.impl.derby.DerbyAntiDenialOfServiceProxyConfigurationDAO
+dao.applicationSettings=eu.cec.digit.ecas.data.impl.CompositeApplicationSettingsDAO
+dao.stsConfiguration=eu.europa.ec.ecas.sts.data.jaxb.JaxbStsConfigurationDAO
+dao.selfRegistration=eu.europa.ec.ecas.mockup.data.memory.SelfRegistrationMockupDao
+dao.samlConfiguration=eu.europa.ec.ecas.saml.data.jaxb.JaxbSamlConfigurationDAO
+dao.tokenCram=eu.europa.ec.ecas.mockup.data.impl.tokencram.MockTokenCramDAO
+dao.mdmCert=eu.europa.ec.ecas.mockup.data.impl.mdm.MockMdmDAO
+dao.mdmCert.getDevice.path=/api/v1/dm/devices/
+dao.mdmCert.wakeupDevice.path=/api/v1/dm/devices/wakeup/
+dao.signature=eu.cec.digit.ecas.data.impl.softwaretoken.Log4jSoftwareTokenSignatureAuditTrailDao
+
+debug.mode=true
+mockup.mode=true
+mobile.mockup.mode=true
+peps.attribute.validation.level=lax
+production.mode=false
+
+ecas.default.locale=en
+ecas.default.timeZone=Europe/Brussels
+
+captcha.alphabet=ABCDEFGHJKLMNPQRSTUVWXYZabcdefhijkmnpqrstuvwxyz23456789
+captcha.minAcceptedWordLength=5
+captcha.maxAcceptedWordLength=5
+captcha.fonts=Lucida Sans,Lucida Bright
+captcha.audio.backgroundSound.enabled=true
+captcha.audio.backgroundSound.list=background_0,background_1,background_2,background_3,background_4,background_5,background_6,background_7,background_8,background_9,background_10,background_11,background_12,background_13,background_14
+captcha.audio.echoFilter.enabled=true
+captcha.audio.echoFilter.echoDelay=250
+captcha.audio.echoFilter.decay=5
+captcha.audio.pitchFilter.enabled=true
+captcha.audio.pitchFilter.pitchMinValue=80
+captcha.audio.pitchFilter.pitchMaxValue=110
+captcha.audio.voices.de.enabled=klara,reiner,reinhard
+captcha.audio.voices.en.enabled=anjali,audrey,charles,claire,crystal,george,jane,john,judith,kate,lauren,mike,patrick,rich
+captcha.audio.voices.es.enabled=alberto,daniel,dolores,martha,rene,rosa
+captcha.audio.voices.fr.enabled=alain,arnaud,juliette,lutece,pascal
+
+#ECAS XML Schema in all XML messages:
+xml.schema=https://ecas.ec.europa.eu/cas/schemas
+
+# comma separated list of IP addresses used for end-to-end monitoring using 2-way SSL
+monitoring.ipAddresses=
+## configured in reloading properties:
+#monitoring.userAgentPatterns=
+
+i18n.supportedLanguages=bg,cs,da,de,et,el,en,es,fr,ga,hr,it,lv,lt,hu,mt,nl,pl,pt,ro,sk,sl,fi,sv
+
+###########################################################################
+antiDenialOfService.filters=COSTLY,FRONTEND,BACKEND,OIDC_FRONTEND,OIDC_BACKEND,DEFAULT
+
+antiDenialOfService.DEFAULT.warn.threshold=100
+antiDenialOfService.DEFAULT.kick.threshold=200
+antiDenialOfService.DEFAULT.ban.threshold=400
+antiDenialOfService.DEFAULT.sampling.seconds=1
+antiDenialOfService.DEFAULT.kick.release.seconds=900
+antiDenialOfService.DEFAULT.ban.release.seconds=3600
+
+antiDenialOfService.DEFAULT.bypass.list=127.0.0.1,eulogin-mock-server
+antiDenialOfService.DEFAULT.invalidateCaches.hours=24
+antiDenialOfService.DEFAULT.notifyOnKickAndBan=false
+antiDenialOfService.DEFAULT.notifyEmailAddresses=
+
+antiDenialOfService.COSTLY.warn.threshold=10
+antiDenialOfService.COSTLY.kick.threshold=20
+antiDenialOfService.COSTLY.ban.threshold=50
+antiDenialOfService.COSTLY.sampling.seconds=1
+antiDenialOfService.COSTLY.kick.release.seconds=900
+antiDenialOfService.COSTLY.ban.release.seconds=3600
+
+antiDenialOfService.COSTLY.bypass.list=127.0.0.1,eulogin-mock-server
+antiDenialOfService.COSTLY.invalidateCaches.hours=24
+antiDenialOfService.COSTLY.notifyOnKickAndBan=false
+antiDenialOfService.COSTLY.notifyEmailAddresses=
+
+antiDenialOfService.BACKEND.warn.threshold=100
+antiDenialOfService.BACKEND.kick.threshold=200
+antiDenialOfService.BACKEND.ban.threshold=400
+antiDenialOfService.BACKEND.sampling.seconds=1
+antiDenialOfService.BACKEND.kick.release.seconds=900
+antiDenialOfService.BACKEND.ban.release.seconds=3600
+
+antiDenialOfService.BACKEND.bypass.list=127.0.0.1,eulogin-mock-server
+antiDenialOfService.BACKEND.invalidateCaches.hours=24
+antiDenialOfService.BACKEND.notifyOnKickAndBan=false
+antiDenialOfService.BACKEND.notifyEmailAddresses=
+
+antiDenialOfService.FRONTEND.warn.threshold=100
+antiDenialOfService.FRONTEND.kick.threshold=200
+antiDenialOfService.FRONTEND.ban.threshold=400
+antiDenialOfService.FRONTEND.sampling.seconds=1
+antiDenialOfService.FRONTEND.kick.release.seconds=900
+antiDenialOfService.FRONTEND.ban.release.seconds=3600
+
+antiDenialOfService.FRONTEND.bypass.list=127.0.0.1,eulogin-mock-server
+antiDenialOfService.FRONTEND.invalidateCaches.hours=24
+antiDenialOfService.FRONTEND.notifyOnKickAndBan=false
+antiDenialOfService.FRONTEND.notifyEmailAddresses=
+
+antiDenialOfService.OIDC_BACKEND.warn.threshold=100
+antiDenialOfService.OIDC_BACKEND.kick.threshold=200
+antiDenialOfService.OIDC_BACKEND.ban.threshold=400
+antiDenialOfService.OIDC_BACKEND.sampling.seconds=1
+antiDenialOfService.OIDC_BACKEND.kick.release.seconds=900
+antiDenialOfService.OIDC_BACKEND.ban.release.seconds=3600
+antiDenialOfService.OIDC_BACKEND.bypass.list=127.0.0.1,eulogin-mock-server
+antiDenialOfService.OIDC_BACKEND.invalidateCaches.hours=24
+antiDenialOfService.OIDC_BACKEND.notifyOnKickAndBan=false
+antiDenialOfService.OIDC_BACKEND.notifyEmailAddresses=
+
+antiDenialOfService.OIDC_FRONTEND.warn.threshold=100
+antiDenialOfService.OIDC_FRONTEND.kick.threshold=200
+antiDenialOfService.OIDC_FRONTEND.ban.threshold=400
+antiDenialOfService.OIDC_FRONTEND.sampling.seconds=1
+antiDenialOfService.OIDC_FRONTEND.kick.release.seconds=900
+antiDenialOfService.OIDC_FRONTEND.ban.release.seconds=3600
+antiDenialOfService.OIDC_FRONTEND.bypass.list=127.0.0.1,eulogin-mock-server
+antiDenialOfService.OIDC_FRONTEND.invalidateCaches.hours=24
+antiDenialOfService.OIDC_FRONTEND.notifyOnKickAndBan=false
+antiDenialOfService.OIDC_FRONTEND.notifyEmailAddresses=
+#
+antiDenialOfService.load.samplingTimeSeconds=60
+###########################################################################
+
+# Denotes if the "sso warn me" checkbox on the login page should be checked by default (true) or not (false)
+sso.warning.default.checked=true
+# Denotes if the "show account details after login" checkbox on the login page should be checked by default (true) or not (false)
+login.showAccount.default.checked=false
+
+#selfcertweb crl url
+crl.url=https://eulogin-mock-server:7102/cas/ca/crl
+
+definition.smsChallenge.authn.alphabet=234679ACDEFGHJKLMNPRTUVWXYZ
+definition.smsChallenge.authn.groupBy=3
+definition.smsChallenge.authn.minLength=9
+definition.smsChallenge.authn.maxLength=9
+definition.smsChallenge.authn.separator=-
+definition.smsChallenge.gsmAddition.alphabet=234679ACDEFGHJKLMNPRTUVWXYZ
+definition.smsChallenge.gsmAddition.groupBy=4
+definition.smsChallenge.gsmAddition.minLength=8
+definition.smsChallenge.gsmAddition.maxLength=8
+definition.smsChallenge.gsmAddition.separator=-
+definition.smsChallenge.signature.alphabet=234679ACDEFGHJKLMNPRTUVWXYZ
+definition.smsChallenge.signature.groupBy=4
+definition.smsChallenge.signature.minLength=16
+definition.smsChallenge.signature.maxLength=16
+definition.smsChallenge.signature.separator=-
+
+definition.sponsorshipCodeService.alphabet=234679ACDEFGHJKLMNPRTUVWXYZ
+definition.sponsorshipCodeService.groupBy=3
+definition.sponsorshipCodeService.minLength=6
+definition.sponsorshipCodeService.maxLength=6
+definition.sponsorshipCodeService.separator=-
+
+definition.tokenCram.authnChallenge.alphabet=1234567890
+definition.tokenCram.authnChallenge.groupBy=4
+definition.tokenCram.authnChallenge.minLength=12
+definition.tokenCram.authnChallenge.maxLength=12
+definition.tokenCram.authnChallenge.separator=-
+
+definition.tokenCram.authnResponse.alphabet=1234567890
+definition.tokenCram.authnResponse.groupBy=4
+definition.tokenCram.authnResponse.minLength=12
+definition.tokenCram.authnResponse.maxLength=12
+definition.tokenCram.authnResponse.separator=-
+
+definition.tokenCram.signature.alphabet=1234567890
+definition.tokenCram.signature.groupBy=4
+definition.tokenCram.signature.minLength=12
+definition.tokenCram.signature.maxLength=12
+definition.tokenCram.signature.separator=-
+
+definition.mobile.uniqueDeviceIdentifier.alphabet=234679ACDEFGHJKLMNPRTUVWXYZ
+definition.mobile.uniqueDeviceIdentifier.groupBy=8
+definition.mobile.uniqueDeviceIdentifier.minLength=64
+definition.mobile.uniqueDeviceIdentifier.maxLength=64
+definition.mobile.uniqueDeviceIdentifier.separator=-
+
+definition.mobile.softwaretoken.signature.alphabet=234679ACDEFGHJKLMNPRTUVWXYZ
+definition.mobile.softwaretoken.signature.length=16
+definition.mobile.softwaretoken.signature.minLength=16
+definition.mobile.softwaretoken.signature.maxLength=16
+definition.mobile.softwaretoken.signature.groupBy=4
+definition.mobile.softwaretoken.signature.separator=-
+definition.mobile.softwaretoken.signature.macAlgorithm=HmacSHA512
+
+
+digests.secure=ARG2,SEQ202,SEQ2,SEQ103,SEQ106,SEQ105,SEQ104,SEQ102,SEQ1,SEQH,SXDSHA,ESSHA,SSHA,SHA,CRYPT
+digests.history=SEQ106,SEQ105,SEQ104,SEQ103,SEQ102,SEQ1,SEQH,SXDSHA,ESSHA,SSHA,SHA,CRYPT
+
+# RADIUS:
+radius.authenticator=eu.cec.digit.ecas.business.authentication.impl.MockRadiusCredentialBasedAuthenticator
+radius.configuration=eu.europa.ec.ecas.mockup.business.MockRadiusConfiguration
+radius.username.builder=eu.cec.digit.ecas.radius.StrictEcVascoUsernameBuilder
+
+replication.server.host=
+replication.server.port=
+replication.nodes.hostsAndPorts=
+
+relying.party.url.cache.timeoutSeconds=1
+relying.party.url.cache.maximumSize=5000
+
+allocateMemoryOutsideJavaHeap=false
+policy.numberOfLastSecureLoginTimes=2
+
+eimWebService.connectTimeoutMillis=30000
+eimWebService.readTimeoutMillis=30000
+
+# (01) accountFailureCountTimeout
+admin.policy.constraint.AccountFailureCountTimeout.min=600
+admin.policy.constraint.AccountFailureCountTimeout.default=900
+admin.policy.constraint.AccountFailureCountTimeout.max=15552000
+# (02) accountLockoutTimeout
+admin.policy.constraint.AccountLockoutTimeout.min=600
+admin.policy.constraint.AccountLockoutTimeout.default=900
+admin.policy.constraint.AccountLockoutTimeout.max=7200
+# (03) passwordAgeMax
+admin.policy.constraint.PasswordAgeMax.min=864000
+admin.policy.constraint.PasswordAgeMax.default=1576800000
+admin.policy.constraint.PasswordAgeMax.max=1576800000
+# (04) passwordAgeMaxWarning
+admin.policy.constraint.PasswordAgeMaxWarning.min=43600
+admin.policy.constraint.PasswordAgeMaxWarning.default=31536000
+admin.policy.constraint.PasswordAgeMaxWarning.max=31536000
+# (05) passwordAgeMin
+admin.policy.constraint.PasswordAgeMin.min=60
+admin.policy.constraint.PasswordAgeMin.default=60
+admin.policy.constraint.PasswordAgeMin.max=432000
+# (06) passwordFailureCountMax
+admin.policy.constraint.PasswordFailureCountMax.min=2
+admin.policy.constraint.PasswordFailureCountMax.default=5
+admin.policy.constraint.PasswordFailureCountMax.max=9
+# (07) passwordHistoryCountMax
+admin.policy.constraint.PasswordHistoryCountMax.min=2
+admin.policy.constraint.PasswordHistoryCountMax.default=5
+admin.policy.constraint.PasswordHistoryCountMax.max=9
+# (08) passwordLengthMin
+admin.policy.constraint.PasswordLengthMin.min=1
+admin.policy.constraint.PasswordLengthMin.default=1
+admin.policy.constraint.PasswordLengthMin.max=15
+# (09) resetCodeAgeMax
+admin.policy.constraint.ResetCodeAgeMax.min=60
+admin.policy.constraint.ResetCodeAgeMax.default=900
+admin.policy.constraint.ResetCodeAgeMax.max=86400
+# (10) resetCodeEnabled // 0 = enabled, 1 = disabled
+admin.policy.constraint.ResetCodeEnabled.min=0
+admin.policy.constraint.ResetCodeEnabled.default=0
+admin.policy.constraint.ResetCodeEnabled.max=1
+# (11) resetCodeFailureCountMax
+admin.policy.constraint.ResetCodeFailureCountMax.min=2
+admin.policy.constraint.ResetCodeFailureCountMax.default=5
+admin.policy.constraint.ResetCodeFailureCountMax.max=9
+# (12) resetCodeRequestCountMax
+admin.policy.constraint.ResetCodeRequestCountMax.min=2
+admin.policy.constraint.ResetCodeRequestCountMax.default=5
+admin.policy.constraint.ResetCodeRequestCountMax.max=100
+# (13) smsChallengeAgeMax
+admin.policy.constraint.SmsChallengeAgeMax.min=0
+admin.policy.constraint.SmsChallengeAgeMax.default=600
+admin.policy.constraint.SmsChallengeAgeMax.max=86400
+# (14) smsChallengeFailureCountMax
+admin.policy.constraint.SmsChallengeFailureCountMax.min=2
+admin.policy.constraint.SmsChallengeFailureCountMax.default=5
+admin.policy.constraint.SmsChallengeFailureCountMax.max=9
+# (15) smsChallengeRequestCountMax
+admin.policy.constraint.SmsChallengeRequestCountMax.min=2
+admin.policy.constraint.SmsChallengeRequestCountMax.default=5
+admin.policy.constraint.SmsChallengeRequestCountMax.max=9
+# (16) mobilePhoneCountMax
+admin.policy.constraint.MobilePhoneCountMax.min=0
+admin.policy.constraint.MobilePhoneCountMax.default=10
+admin.policy.constraint.MobilePhoneCountMax.max=10
+# (17) mobileDeviceCountMax
+admin.policy.constraint.MobileDeviceCountMax.min=0
+admin.policy.constraint.MobileDeviceCountMax.default=10
+admin.policy.constraint.MobileDeviceCountMax.max=10
+# (18) mobileDeviceFailureCountMax
+admin.policy.constraint.MobileDeviceFailureCountMax.min=2
+admin.policy.constraint.MobileDeviceFailureCountMax.default=5
+admin.policy.constraint.MobileDeviceFailureCountMax.max=9
+# (19) mobileDeviceRequestCountMax
+admin.policy.constraint.MobileDeviceRequestCountMax.min=2
+admin.policy.constraint.MobileDeviceRequestCountMax.default=5
+admin.policy.constraint.MobileDeviceRequestCountMax.max=9
+# (20) tokenCramFailureCountMax
+admin.policy.constraint.TokenCramFailureCountMax.min=2
+admin.policy.constraint.TokenCramFailureCountMax.default=5
+admin.policy.constraint.TokenCramFailureCountMax.max=9
+# (21) tokenCramRequestCountMax
+admin.policy.constraint.TokenCramRequestCountMax.min=2
+admin.policy.constraint.TokenCramRequestCountMax.default=5
+admin.policy.constraint.TokenCramRequestCountMax.max=9
+# (22) webAuthnDeviceCountMax
+admin.policy.constraint.WebAuthnDeviceCountMax.min=0
+admin.policy.constraint.WebAuthnDeviceCountMax.default=10
+admin.policy.constraint.WebAuthnDeviceCountMax.max=10
+# (23) webAuthnDeviceFailureCountMax
+admin.policy.constraint.WebAuthnDeviceFailureCountMax.min=2
+admin.policy.constraint.WebAuthnDeviceFailureCountMax.default=5
+admin.policy.constraint.WebAuthnDeviceFailureCountMax.max=9
+# (24) webAuthnDeviceRequestCountMax
+admin.policy.constraint.WebAuthnDeviceRequestCountMax.min=2
+admin.policy.constraint.WebAuthnDeviceRequestCountMax.default=5
+admin.policy.constraint.WebAuthnDeviceRequestCountMax.max=9
+
+
+########################################################
+# Compression implementation
+########################################################
+compression.implementation=JZLIB
+
+########################################################
+# Ecas Mobile
+########################################################
+ecasMobile.pushService.providerFactory=eu.europa.ec.ecas.mockup.mobile.push.MockPushMessageServiceProviderFactory
+ecasMobile.pushService.apple.productionMode=false
+ecasMobile.passwordAuthService=eu.cec.digit.ecas.mobile.auth.password.PasswordMobileAuthServiceImpl
+
+ecasMobile.cache.expiry.minutes=10
+
+eu.cec.digit.ecas.mobile.auth.onmobile.MobileAppRequestor=eu.cec.digit.ecas.mobile.auth.onmobile.MobileAppRequestorImpl
+
+definition.ecasMobile.authn.alphabet=0123456789
+definition.ecasMobile.authn.groupBy=1000
+definition.ecasMobile.authn.minLength=18
+definition.ecasMobile.authn.maxLength=18
+definition.ecasMobile.authn.separator=.
+
+ecasMobile.otp.sharedSecret.lengthInBytes=64
+ecasMobile.otp.macAlgorithm=HmacSHA512
+ecasMobile.otp.length=8
+ecasMobile.otp.alphabet=23456789ABCDEFGHJKLMNPQRSTUVWXYZ
+
+ecasMobile.softwareToken.challenge.lengthInBytes=64
+
+ecasMobile.mobileChallenge.lengthInBytes=64
+
+eu.europa.ec.ecas.servlet.login.plugin.impl.PluginFactory=eu.europa.ec.ecas.servlet.login.plugin.impl.DefaultPluginFactory
+eu.europa.ec.ecas.servlet.login.engine.compliance.impl.AuthenticationComplianceEngine=eu.europa.ec.ecas.servlet.login.engine.compliance.impl.DefaultAuthenticationComplianceEngine
+eu.europa.ec.ecas.servlet.login.engine.attribute.impl.AdditionalAttributeProvider=eu.europa.ec.ecas.servlet.login.engine.attribute.impl.DefaultAdditionalAttributeProvider
+eu.europa.ec.ecas.servlet.login.engine.accesscontrol.impl.AccessDenialEngine=eu.europa.ec.ecas.servlet.login.engine.accesscontrol.impl.ServiceWhitelistAccessDenialEngine
+eu.europa.ec.ecas.servlet.login.engine.impl.ApplicationServerIntegrationEngine=eu.europa.ec.ecas.servlet.login.engine.impl.WebLogicIntegrationEngine
+eu.europa.ec.ecas.servlet.login.engine.impl.AuditTrailEngine=eu.europa.ec.ecas.servlet.login.engine.impl.EcasAuditTrailEngine
+eu.europa.ec.ecas.servlet.validation.engine.impl.ExtendedAttributeEngine=eu.europa.ec.ecas.servlet.validation.engine.impl.DefaultExtendedAttributeEngine
+
+tokenCram.webService.endPoint=
+tokenCram.webService.connectTimeoutMillis=30000
+tokenCram.webService.requestTimeoutMillis=30000
+tokenCram.forNonProd.helper=eu.europa.ec.ecas.mockup.data.impl.tokencram.MockTokenCramForNonProdHelper
+tokenCram.webService.passwordFormat=4
+
+############################
+# UUMDS
+############################
+loginRequest.interceptor=eu.europa.ec.ecas.servlet.login.engine.impl.EmptyLoginRequestInterceptor
+uumds.wayf.url=
+uumds.wayf.init.transaction.path=${uumds.wayf.init.transaction.path}
+uumds.wayf.login.path=${uumds.wayf.login.path}
+
+definition.uumds.secret.alphabet=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
+definition.uumds.secret.groupBy=1000
+definition.uumds.secret.minLength=12
+definition.uumds.secret.maxLength=12
+definition.uumds.secret.separator=.
+
+plugin.folder=_application_files/ecas-plugins
+
+saml.configuration.location=samlConfiguration.xml
+sts.configuration.location=stsConfiguration.xml
+
+#Always TRUE except in UUM&DS environments
+showEnvironmentStamp=true
+
+##########################################################
+# Settings of the ServiceWhitelistAccessDenialEngine
+##########################################################
+accessDenialEngine.serviceWhitelist.location=ecas-access-denial.properties
+
+##########################################################
+# OAuth
+##########################################################
+eu.cec.digit.ecas.auth.oauth.settings.impl.facebook=eu.europa.ec.ecas.mockup.auth.oauth.settings.facebook.MockFacebookOAuthSettings
+eu.cec.digit.ecas.auth.oauth.settings.impl.google=eu.europa.ec.ecas.mockup.auth.oauth.settings.google.MockGoogleOAuthSettings
+eu.cec.digit.ecas.auth.oauth.settings.impl.twitter=eu.europa.ec.ecas.mockup.auth.oauth.settings.twitter.MockTwitterOAuthSettings
+
+saml.assertion.issuer.eulogin.urn=urn:ec.europa.eu:eulogin:mockup:saml
+
+#OpenID Connect
+openidconnect.issuer.url=https://eulogin-mock-server:7102/cas/oauth2
+openidconnect.issuer.url.path=/oauth2
+openidconnect.jwks_uri.url=https://eulogin-mock-server:7102/cas/oauth2/keys
+openidconnect.metadata.url=https://eulogin-mock-server:7102/cas/oauth2/.well-known/openid-configuration
+openidconnect.metadataWithUserInfo.path=/.unsafe/openid-configuration
+openidconnect.authorization_endpoint.url=https://eulogin-mock-server:7102/cas/oauth2/authorize
+openidconnect.authorization_endpoint.path=/authorize
+openidconnect.token_endpoint.url=https://eulogin-mock-server:7102/cas/oauth2/token
+openidconnect.token_introspection_endpoint.url=https://eulogin-mock-server:7102/cas/oauth2/token/introspect
+openidconnect.userinfo_endpoint.url=https://eulogin-mock-server:7102/cas/oauth2/userinfo
+openidconnect.registration_endpoint.url=https://eulogin-mock-server:7102/cas/oauth2/register
+openidconnect.token_revocation_endpoint.url=https://eulogin-mock-server:7102/cas/oauth2/token/revoke
+openidconnect.end_session_endpoint.url=https://eulogin-mock-server:7102/cas/oauth2/logout
+
+
+openidconnect.metadata.validityDurationSeconds=3600
+openidconnect.authorizationCode.timeoutSeconds=300
+openidconnect.idToken.timeoutSeconds=300
+openidconnect.accessToken.timeoutSeconds=300
+openidconnect.refreshToken.timeoutSeconds=60
+
+openidconnect.configuration.location=openIdConnectConfiguration.json
+dao.openidconnect=eu.europa.ec.ecas.openidconnect.data.JsonOpenIdConnectConfigurationDao
+
+# Derby encryption and password hashing:
+registration.storage.encryption.provider=com.sun.crypto.provider.SunJCE
+registration.storage.encryption.keyLength=256
+registration.storage.encryption.algorithm=AES/CFB/NoPadding
+registration.storage.authentication.algorithm=SHA-512
+registration.storage.authentication.saltLength=64
+registration.storage.authentication.iterations=90000
diff --git a/smp-docker/compose/tomcat-mysql-smp-sml/eulogin/init-data/userDataBase.xml b/smp-docker/compose/tomcat-mysql-smp-sml/eulogin/init-data/userDataBase.xml
new file mode 100644
index 0000000000000000000000000000000000000000..e0b1449abc63125a854be5dcb8c406e5c4a111cd
--- /dev/null
+++ b/smp-docker/compose/tomcat-mysql-smp-sml/eulogin/init-data/userDataBase.xml
@@ -0,0 +1,53 @@
+<userDataBase xmlns="https://ecas.ec.europa.eu/cas/schemas/mockup/db">
+ <user>
+ <authenticationCount>1</authenticationCount>
+ <badAuthenticationCount>0</badAuthenticationCount>
+ <email>Peter.PARKER@dummy-mail-not-exists.eu</email>
+ <firstName>Peter</firstName>
+ <goodAuthenticationCount>1</goodAuthenticationCount>
+ <lastName>Parker</lastName>
+ <objectStatus>a</objectStatus>
+ <organisation>eu.europa.ec</organisation>
+ <organisationUsername>user</organisationUsername>
+ <passwordChangeDn>uid=user,ou=people,dc=commission,dc=europa,dc=eu</passwordChangeDn>
+ <strongPasswordHash>123456</strongPasswordHash>
+ <passwordLastChangedTime></passwordLastChangedTime>
+ <uid>user</uid>
+ <cudGroups>DIGIT_SMP_USER</cudGroups>
+ </user>
+
+ <user>
+ <authenticationCount>1</authenticationCount>
+ <badAuthenticationCount>0</badAuthenticationCount>
+ <email>Tony.STARK@dummy-mail-not-exists.eu</email>
+ <firstName>Tony</firstName>
+ <goodAuthenticationCount>1</goodAuthenticationCount>
+ <lastName>Stark</lastName>
+ <objectStatus>a</objectStatus>
+ <organisation>eu.europa.ec</organisation>
+ <organisationUsername>smp</organisationUsername>
+ <passwordChangeDn>uid=smp,ou=people,dc=commission,dc=europa,dc=eu</passwordChangeDn>
+ <strongPasswordHash>123456</strongPasswordHash>
+ <passwordLastChangedTime></passwordLastChangedTime>
+ <uid>smp</uid>
+ <cudGroups>DIGIT_SMP_ADMIN</cudGroups>
+ </user>
+
+ <user>
+ <authenticationCount>1</authenticationCount>
+ <badAuthenticationCount>0</badAuthenticationCount>
+ <email>Bruce.BANNER@dummy-mail-not-exists.eu</email>
+ <firstName>Bruce</firstName>
+ <goodAuthenticationCount>1</goodAuthenticationCount>
+ <lastName>Banner</lastName>
+ <objectStatus>a</objectStatus>
+ <organisation>eu.europa.ec</organisation>
+ <organisationUsername>system</organisationUsername>
+ <passwordChangeDn>uid=system,ou=people,dc=commission,dc=europa,dc=eu</passwordChangeDn>
+ <strongPasswordHash>123456</strongPasswordHash>
+ <passwordLastChangedTime></passwordLastChangedTime>
+ <uid>system</uid>
+ <cudGroups>DIGIT_SMP_SYSTEM</cudGroups>
+ </user>
+
+</userDataBase>
diff --git a/smp-docker/compose/tomcat-mysql-smp-sml/properties/keystores/smp-eulogin-mock.p12 b/smp-docker/compose/tomcat-mysql-smp-sml/properties/keystores/smp-eulogin-mock.p12
new file mode 100644
index 0000000000000000000000000000000000000000..37ac05fc91ad8cdaafe40c84c25da69312314b7a
Binary files /dev/null and b/smp-docker/compose/tomcat-mysql-smp-sml/properties/keystores/smp-eulogin-mock.p12 differ
diff --git a/smp-docker/images/tomcat-mysql-smp-sml/entrypoint.sh b/smp-docker/images/tomcat-mysql-smp-sml/entrypoint.sh
index 22fb94713c7713510eb03ded008ab0e37aeb030b..e5067b1d88cfa62fc81da8716db1dc0fe94eb5b4 100755
--- a/smp-docker/images/tomcat-mysql-smp-sml/entrypoint.sh
+++ b/smp-docker/images/tomcat-mysql-smp-sml/entrypoint.sh
@@ -30,6 +30,12 @@ init_tomcat() {
fi
# add allow encoded slashes and disable scheme for proxy
JAVA_OPTS="$JAVA_OPTS -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true -Djdk.http.auth.tunneling.disabledSchemes="
+ # add truststore for eulogin
+ if [ -e /tmp/keystores/smp-eulogin-mock.p12 ]; then
+ echo "add eulogin trustStore: /tmp/keystores/smp-eulogin-mock.p12"
+ JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=/tmp/keystores/smp-eulogin-mock.p12 -Djavax.net.ssl.trustStoreType=PKCS12 -Djavax.net.ssl.trustStorePassword=test123"
+ fi
+
export JAVA_OPTS
echo "[INFO] init tomcat folders: $tfile"
@@ -177,10 +183,8 @@ addOrReplaceProperties() {
if [ -n "$INIT_PROPERTIES" ]; then
echo "Parse init properties: $INIT_PROPERTIES"
# add delimiter also to end :)
-
s="$INIT_PROPERTIES$INIT_PROPERTY_DELIMITER"
-
array=()
while [[ $s ]]; do
array+=("${s%%"$INIT_PROPERTY_DELIMITER"*}")
@@ -191,15 +195,15 @@ addOrReplaceProperties() {
IFS='='
for property in "${array[@]}"; do
read -r key value <<<"$property"
- # escape regex chars ..
- keyRE="$(printf '%s' "$key" | sed 's/[.[\*^$()+?{|]/\\&/g')"
- propertyRE="$(printf '%s' "$property" | sed 's/[.[\*^$()+?{|/]/\\&/g')"
+ # escape regex chars and remove trailing and leading spaces..
+ keyRE="$(printf '%s' "${key// }" | sed 's/[.[\*^$()+?{|]/\\&/g')"
+ propertyRE="$(printf '%s' "${property// }" | sed 's/[.[\*^$()+?{|/]/\\&/g')"
- echo "replace or add property: $property"
+ echo "replace or add property: [$keyRE] with value [$propertyRE]"
# replace key line and commented #key line with new property
sed -i "s/^$keyRE=.*/$propertyRE/;s/^#$keyRE=.*/$propertyRE/" $PROP_FILE
# test if replaced if the line not exists add in on the end
- grep -qF -- "$property" "$PROP_FILE" || echo "$property" >>"$PROP_FILE"
+ grep -qF -- "$propertyRE" "$PROP_FILE" || echo "$propertyRE" >>"$PROP_FILE"
done
fi
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/DatabaseProperties.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/DatabaseProperties.java
index 1b8d3492316eb2629b478dc51a73d26e4d170a52..b39f942c155aafa7ceee0e19b9deb27dfb58f68f 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/DatabaseProperties.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/DatabaseProperties.java
@@ -12,6 +12,8 @@ import java.util.List;
import java.util.Optional;
import java.util.Properties;
+import static org.apache.commons.lang3.StringUtils.trim;
+
public class DatabaseProperties extends Properties {
SMPLogger LOG = SMPLoggerFactory.getLogger(DatabaseProperties.class);
private static final long serialVersionUID = 1L;
@@ -23,27 +25,28 @@ public class DatabaseProperties extends Properties {
TypedQuery<DBConfiguration> tq = em.createNamedQuery("DBConfiguration.getAll", DBConfiguration.class);
List<DBConfiguration> lst = tq.getResultList();
for (DBConfiguration dc : lst) {
- if(dc.getValue()!=null) {
- LOG.info("Database property: '{}' value: '{}'",dc.getProperty(),
- isSensitiveData(dc.getProperty())?"******": dc.getValue());
- setProperty(dc.getProperty(), dc.getValue());
+ if (dc.getValue() != null) {
+ LOG.info("Database property: [{}] value: [{}]", dc.getProperty(),
+ isSensitiveData(dc.getProperty()) ? "******" : dc.getValue());
+ setProperty(trim(dc.getProperty()), trim(dc.getValue()));
}
- lastUpdate = (lastUpdate==null || lastUpdate.isBefore(dc.getLastUpdatedOn()) )? dc.getLastUpdatedOn() :lastUpdate;
+ lastUpdate = (lastUpdate == null || lastUpdate.isBefore(dc.getLastUpdatedOn())) ? dc.getLastUpdatedOn() : lastUpdate;
}
}
/**
* Return true for properties which must not be logged!
+ *
* @param property - value to validate if contains sensitive data
* @return true if data is sensitive, else return false
*/
- public boolean isSensitiveData(String property){
- Optional<SMPPropertyEnum> propOpt = SMPPropertyEnum.getByProperty(property);
- if (propOpt.isPresent()){
- return propOpt.get().isEncrypted() || property.toLowerCase().contains(".password.decrypted");
- }
- LOG.warn("Database property [{}] is not recognized by the SMP!", property);
- return false;
+ public boolean isSensitiveData(String property) {
+ Optional<SMPPropertyEnum> propOpt = SMPPropertyEnum.getByProperty(property);
+ if (propOpt.isPresent()) {
+ return propOpt.get().isEncrypted() || property.toLowerCase().contains(".password.decrypted");
+ }
+ LOG.warn("Database property [{}] is not recognized by the SMP!", property);
+ return false;
}
public OffsetDateTime getLastUpdate() {
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDao.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDao.java
index 348a142ac928fc57a4853106fca9e1130665f33d..2ae1290c6ccea56b30885369264855856cd22c5f 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDao.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDao.java
@@ -27,7 +27,7 @@ import eu.europa.ec.edelivery.smp.utils.SecurityUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.springframework.context.ApplicationContext;
-import org.springframework.context.event.ContextRefreshedEvent;
+import org.springframework.context.event.ContextStartedEvent;
import org.springframework.context.event.ContextStoppedEvent;
import org.springframework.context.event.EventListener;
import org.springframework.stereotype.Repository;
@@ -216,10 +216,10 @@ public class ConfigurationDao extends BaseDao<DBConfiguration> {
}
/**
- * Application event when an {@code ApplicationContext} gets initialized or refreshed
+ * Application event when an {@code ApplicationContext} gets initialized or start
*/
- @EventListener({ContextRefreshedEvent.class})
- protected void contextRefreshedEvent() {
+ @EventListener({ContextStartedEvent.class})
+ public void contextRefreshedEvent() {
LOG.debug("Application context is initialized: triggered refresh to update all property listeners");
applicationInitialized = true;
initiateDate = OffsetDateTime.now();
@@ -233,7 +233,7 @@ public class ConfigurationDao extends BaseDao<DBConfiguration> {
protected void contextStopEvent() {
LOG.debug("Application context is stopped!");
applicationInitialized = false;
- initiateDate =null;
+ initiateDate = null;
}
private void updatePropertyListeners() {
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/SmpInfoRO.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/SmpInfoRO.java
index 50ee17066605bf379c9011ebf0deb436d5470b48..5afd6bca5d229814515f60d345714e9685ce4c05 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/SmpInfoRO.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/SmpInfoRO.java
@@ -7,6 +7,7 @@ public class SmpInfoRO implements Serializable {
private static final long serialVersionUID = -49712226560325302L;
String version;
String ssoAuthenticationLabel;
+ String ssoAuthenticationURI;
String contextPath;
List<String> authTypes;
@@ -34,6 +35,14 @@ public class SmpInfoRO implements Serializable {
this.ssoAuthenticationLabel = ssoAuthenticationLabel;
}
+ public String getSsoAuthenticationURI() {
+ return ssoAuthenticationURI;
+ }
+
+ public void setSsoAuthenticationURI(String ssoAuthenticationURI) {
+ this.ssoAuthenticationURI = ssoAuthenticationURI;
+ }
+
public List<String> getAuthTypes() {
return authTypes;
}
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/UserRO.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/UserRO.java
index 9472970873ceffaa4c9ecf0c800207c39461ebf8..47740d866df5fd1579abf06ecec4af619b2f3b36 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/UserRO.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/UserRO.java
@@ -37,6 +37,7 @@ public class UserRO extends BaseRO implements UserDetails {
boolean passwordExpired = false;
boolean showPasswordExpirationWarning = false;
boolean forceChangeExpiredPassword =false;
+ boolean casAuthenticated = false;
/**
* Get DB user hash value. It can be used as unique ID for the user. Use hash value for the webservice/ui and do not
@@ -165,6 +166,14 @@ public class UserRO extends BaseRO implements UserDetails {
this.forceChangeExpiredPassword = forceChangeExpiredPassword;
}
+ public boolean isCasAuthenticated() {
+ return casAuthenticated;
+ }
+
+ public void setCasAuthenticated(boolean casAuthenticated) {
+ this.casAuthenticated = casAuthenticated;
+ }
+
@Override
@JsonIgnore
public boolean isAccountNonExpired() {
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java
index b02931eddc6020c911b9329467cc1300573eb889..8ae09d7b42f26d9111e335ab0a2e5233fc06029f 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java
@@ -90,7 +90,6 @@ public enum SMPPropertyEnum {
ACCESS_TOKEN_SUSPENSION_TIME("smp.accessToken.login.suspension.time","3600",
"Time in seconds for a suspended accessToken to be reactivated. (if 0 the user will not be reactivated)", false, false,false, INTEGER),
-
// authentication
UI_AUTHENTICATION_TYPES("smp.ui.authentication.types", "PASSWORD", "Set list of '|' separated authentication types: PASSWORD|SSO.", false, false, false, LIST_STRING),
AUTOMATION_AUTHENTICATION_TYPES("smp.automation.authentication.types", "PASSWORD|CERTIFICATE",
@@ -105,10 +104,11 @@ public enum SMPPropertyEnum {
// SSO configuration
SSO_CAS_UI_LABEL("smp.sso.cas.ui.label", "EU Login", "The SSO service provider label.", false, false, true, STRING),
- SSO_CAS_URL("smp.sso.cas.url", "http://localhost:8080/cas/", "The SSO CAS URL enpoint", false, false, true, URL),
+ SSO_CAS_URL("smp.sso.cas.url", "http://localhost:8080/cas/", "The SSO CAS URL endpoint", false, false, true, URL),
SSO_CAS_URLPATH_LOGIN("smp.sso.cas.urlpath.login", "login", "The CAS URL path for login. Complete URL is composed from parameters: ${smp.sso.cas.url}/${smp.sso.cas.urlpath.login}.", false, false, true, STRING),
- SSO_CAS_CALLBACK_URL("smp.sso.cas.callback.url", "http://localhost:8080/smp/ui/rest/security/cas", "The URL is the callback URL belonging to the local SMP Security System. If using RP make sure it target SMP path '/ui/rest/security/cas'", false, false, true, URL),
- SSO_CAS_TOKEN_VALIDATION_URLPATH("smp.sso.cas.token.validation.urlpath", "http://localhost:8080/cas/", "The CAS URL path for login. Complete URL is composed from parameters: ${smp.sso.cas.url}/${smp.sso.cas.urlpath.token.validation}.", false, false, true, STRING),
+ SSO_CAS_CALLBACK_URL("smp.sso.cas.callback.url", "http://localhost:8080/smp/ui/public/rest/security/cas", "The URL is the callback URL belonging to the local SMP Security System. If using RP make sure it target SMP path '/ui/public/rest/security/cas'", false, false, true, URL),
+ SSO_CAS_SMP_LOGIN_URI("smp.sso.cas.smp.uri", "/smp/ui/public/rest/security/cas", "SMP relative path which triggers CAS authentication", false, false, true, STRING),
+ SSO_CAS_TOKEN_VALIDATION_URLPATH("smp.sso.cas.token.validation.urlpath", "laxValidate", "The CAS URL path for login. Complete URL is composed from parameters: ${smp.sso.cas.url}/${smp.sso.cas.urlpath}.", false, false, true, STRING),
SSO_CAS_TOKEN_VALIDATION_PARAMS("smp.sso.cas.token.validation.params", "acceptStrengths:BASIC,CLIENT_CERT|assuranceLevel:TOP", "The CAS token validation key:value properties separated with '|'.Ex: 'acceptStrengths:BASIC,CLIENT_CERT|assuranceLevel:TOP'", false, false, true, MAP_STRING),
SSO_CAS_TOKEN_VALIDATION_GROUPS("smp.sso.cas.token.validation.groups", "DIGIT_SMP|DIGIT_ADMIN", "'|' separated CAS groups user must belong to.", false, false, true, LIST_STRING),
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
index c18ebe7222d1d270f99331c89c7836bc530b86e7..11619ba97d6e662a515e0117d6b1311eb4ac7d6b 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
@@ -287,6 +287,10 @@ public class ConfigurationService {
return (java.net.URL) configurationDAO.getCachedPropertyValue(SSO_CAS_CALLBACK_URL);
}
+ public String getCasSMPLoginRelativePath() {
+ return (String) configurationDAO.getCachedPropertyValue(SSO_CAS_SMP_LOGIN_URI);
+ }
+
public String getCasURLPathLogin() {
return (String) configurationDAO.getCachedPropertyValue(SSO_CAS_URLPATH_LOGIN);
}
diff --git a/smp-server-library/src/test/resources/data.sql b/smp-server-library/src/test/resources/data.sql
deleted file mode 100755
index 60ec3d66c368bb67bdefe17b29de8670f9b88d40..0000000000000000000000000000000000000000
--- a/smp-server-library/src/test/resources/data.sql
+++ /dev/null
@@ -1,165 +0,0 @@
---------------------------------------------------------
--- File created - Thursday-August-30-2018
---------------------------------------------------------
-/*
-
-Insert into SMP_DOMAIN (DOMAINID,BDMSLCLIENTCERTHEADER,BDMSLCLIENTCERTALIAS,BDMSLSMPID,SIGNATURECERTALIAS) values ('peppol','sno=3b3b162e7d37dd2e50edc6d3378997e1&subject=CN=SMP_OpenPEPPOL SMK 003,O=OpenPEPPOL,C=BE&validfrom=Oct 12 10:37:53 2016 CEST&validto=Oct 1 10:37:53 2018 CEST&issuer=CN=PEPPOL Root TEST CA,OU=FOR TEST PURPOSES ONLY,O=NATIONAL IT AND TELECOM AGENCY,C=DK',null,'CEF-TEST-PEPPOL-SMP',null);
-Insert into SMP_DOMAIN (DOMAINID,BDMSLCLIENTCERTHEADER,BDMSLCLIENTCERTALIAS,BDMSLSMPID,SIGNATURECERTALIAS) values ('default','sno=3b3b162e7d37dd2e50edc6d3378997e1&subject=CN=SMP_OpenPEPPOL SMK 003,O=OpenPEPPOL,C=BE&validfrom=Oct 12 10:37:53 2016 CEST&validto=Oct 1 10:37:53 2018 CEST&issuer=CN=PEPPOL Root TEST CA,OU=FOR TEST PURPOSES ONLY,O=NATIONAL IT AND TELECOM AGENCY,C=DK',null,'DEFAULT-SMP-ID',null);
-
-
-Insert into SMP_OWNERSHIP (USERNAME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME) values ('AdminSMP1TEST','0007:001:oasis','iso6523-actorid-upis');
-Insert into SMP_OWNERSHIP (USERNAME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME) values ('AdminSMP1TEST','0007:002:oasis','iso6523-actorid-upis');
-Insert into SMP_OWNERSHIP (USERNAME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME) values ('AdminSMP1TEST','00117770010100777','urn:oasis:names:tc:ebcore:partyid-type:iso6523:0088');
-Insert into SMP_OWNERSHIP (USERNAME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME) values ('AdminSMP1TEST','0077:7777717777777difi','ehealth-actorid-qns');
-Insert into SMP_OWNERSHIP (USERNAME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME) values ('AdminSMP1TEST','0077:RP:TEST','ehealth-actorid-qns');
-Insert into SMP_OWNERSHIP (USERNAME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME) values ('AdminSMP1TEST','0088:7770010100777','ehealth-actorid-qns');
-Insert into SMP_OWNERSHIP (USERNAME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME) values ('CN=EHEALTH_AP_TEST_00000,O=European Commission,C=BE:23b207cb468b8519','urn:ehealth:pt:ncpb-idp','ehealth-participantid-qns');
-Insert into SMP_OWNERSHIP (USERNAME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME) values ('CN=EHEALTH_SMP_EC,O=European Commission,C=BE:f71ee8b11cb3b787','0007:9340033829dev01','ehealth-actorid-qns');
-Insert into SMP_OWNERSHIP (USERNAME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME) values ('CN=EHEALTH_SMP_EC,O=European Commission,C=BE:f71ee8b11cb3b787','0007:9340033829dev02','ehealth-actorid-qns');
-Insert into SMP_OWNERSHIP (USERNAME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME) values ('CN=EHEALTH_SMP_EC,O=European Commission,C=BE:f71ee8b11cb3b787','0007:9340033829dev1','ehealth-actorid-qns');
-Insert into SMP_OWNERSHIP (USERNAME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME) values ('CN=EHEALTH_SMP_EC,O=European Commission,C=BE:f71ee8b11cb3b787','0007:9340033829test2','ehealth-actorid-qns');
-Insert into SMP_OWNERSHIP (USERNAME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME) values ('CN=EHEALTH_SMP_EC,O=European Commission,C=BE:f71ee8b11cb3b787','0088:777ehealth10100777','ehealth-actorid-qns');
-Insert into SMP_OWNERSHIP (USERNAME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME) values ('CN=EHEALTH_SMP_TEST_BRAZIL,O=European Commission,C=BE:0000000000000123','urn:cipa:ncpb','ehealth-actorid-qns');
-Insert into SMP_OWNERSHIP (USERNAME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME) values ('CN=EHEALTH_SMP_TEST_BRAZIL,O=European Commission,C=BE:48b681ee8e0dcc08','0088:5798000000120','iso6523-actorid-upis');
-Insert into SMP_OWNERSHIP (USERNAME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME) values ('CN=GENERALERDS_AP_TEST_00000,O=European Commission,C=BE:e6588be5c376f78e','0088:123456','iso6523-actorid-upis');
-Insert into SMP_OWNERSHIP (USERNAME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME) values ('CN=GENERALERDS_AP_TEST_00000,O=European Commission,C=BE:e6588be5c376f78e','0088:1234567','iso6523-actorid-upis');
-Insert into SMP_OWNERSHIP (USERNAME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME) values ('CN=GENERALERDS_AP_TEST_00000,O=European Commission,C=BE:e6588be5c376f78e','0088:918247451','iso6523-actorid-upis');
-Insert into SMP_OWNERSHIP (USERNAME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME) values ('CN=SMP_CONNECTIVITYTEST_05,O=Connectivity Test,C=BE:0000000000001052','0007:9340033829:jrc:02','ehealth-actorid-qns');
-Insert into SMP_OWNERSHIP (USERNAME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME) values ('CN=SMP_OpenPEPPOL SMK 003,O=OpenPEPPOL,C=BE:3b3b162e7d37dd2e50edc6d3378997e1','0007:9340033829:jrc','ehealth-actorid-qns');
-Insert into SMP_OWNERSHIP (USERNAME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME) values ('CN=SMP_OpenPEPPOL SMK 003,O=OpenPEPPOL,C=BE:3b3b162e7d37dd2e50edc6d3378997e1','0007:9340033829:jrc:01','ehealth-actorid-qns');
-Insert into SMP_OWNERSHIP (USERNAME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME) values ('CN=SMP_OpenPEPPOL SMK 003,O=OpenPEPPOL,C=BE:3b3b162e7d37dd2e50edc6d3378997e1','0007:9340033829dev03','ehealth-actorid-qns');
-
-
-Insert into SMP_PROCESS (DOCUMENTIDENTIFIERSCHEME,PROCESSIDENTIFIER,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER,PROCESSIDENTIFIERTYPE) values ('busdox-docid-qns','urn:www.cenbii.eu:profile:bii04:ver1.0','0088:5798000000112','iso6523-actorid-upis','urn:oasis:names:specification:ubl:schema:xsd:Invoice-12::Invoice##urn:www.cenbii.eu:transaction:biicoretrdm010:ver1.0:#urn:www.peppol.eu:bis:peppol4a:ver1.0::2.0','cenbii-procid-ubl');
-Insert into SMP_PROCESS (DOCUMENTIDENTIFIERSCHEME,PROCESSIDENTIFIER,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER,PROCESSIDENTIFIERTYPE) values ('busdox-docid-qns','urn:www.cenbii.eu:profile:bii05:ver2.0','0007:9340033829test','iso6523-actorid-upis','urn:oasis:names:specification:ubl:schema:xsd:CreditNote-2::CreditNote##urn:www.cenbii.eu:transaction:biitrns014:ver2.0:extended:urn:www.peppol.eu:bis:peppol5a:ver2.0::2.1','cenbii-procid-ubl');
-Insert into SMP_PROCESS (DOCUMENTIDENTIFIERSCHEME,PROCESSIDENTIFIER,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER,PROCESSIDENTIFIERTYPE) values ('busdox-docid-qns','urn:www.cenbii.eu:profile:bii05:ver2.0','0007:9340033829test','iso6523-actorid-upis','urn:oasis:names:specification:ubl:schema:xsd:Invoice-2::Invoice##urn:www.cenbii.eu:transaction:biitrns010:ver2.0:extended:urn:www.peppol.eu:bis:peppol5a:ver2.0::2.1','cenbii-procid-ubl');
-Insert into SMP_PROCESS (DOCUMENTIDENTIFIERSCHEME,PROCESSIDENTIFIER,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER,PROCESSIDENTIFIERTYPE) values ('ehealth-resid-qns','urn:www.cenbii.eu:profile:bii04:ver1.0','0002:gutek','iso6523-actorid-upis','urn::epsos##services:extended:epsos::51','cenbii-procid-ubl');
-Insert into SMP_PROCESS (DOCUMENTIDENTIFIERSCHEME,PROCESSIDENTIFIER,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER,PROCESSIDENTIFIERTYPE) values ('ehealth-resid-qns','urn:www.cenbii.eu:profile:bii04:ver1.0','0002:gutek','iso6523-actorid-upis','urn::epsos##services:extended:epsos::52','cenbii-procid-ubl');
-
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('0088:5798000000113','iso6523-actorid-upis','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('urn:aaaa:ncpb','ehealth-actorid-qns','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('0088:5798000000112','iso6523-actorid-upis','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('0088:5798700000112','iso6523-actorid-upis','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('0007:002:oasis','iso6523-actorid-upis','peppol');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('0007:1238000000666','iso6523-actorid-upis','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('0088:123456','iso6523-actorid-upis','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('0002:gutek','iso6523-actorid-upis','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('0088:918247451','iso6523-actorid-upis','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('00117770010100777','urn:oasis:names:tc:ebcore:partyid-type:iso6523:0088','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('0088:5798000000120','iso6523-actorid-upis','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('urn:aaa:ncpb','ehealth-actorid-qns','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('urn:bbb:ncpb','ehealth-actorid-qns','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('0077:7777717777777difi','ehealth-actorid-qns','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('0088:777ehealth10100777','ehealth-actorid-qns','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('urn:ehealth:eu:ncp-idp','ehealth-participantid-qns','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('0007:9340033829test2','ehealth-actorid-qns','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('0088:1234567','iso6523-actorid-upis','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('0007:9340033829dev1','ehealth-actorid-qns','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('0088:7770010100777','ehealth-actorid-qns','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('urn:ro:ncpb','ehealth-actorid-qns','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('ro','participant-demo-scheme','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('ro-0001','participant-demo-scheme','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('ro-0002','participant-demo-scheme','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('it-0001','participant-demo-scheme','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('it-0002','participant-demo-scheme','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('bg-l001','participant-demo-scheme','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('bg-l002','participant-demo-scheme','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('it-l001','participant-demo-scheme','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('bg-lx001','participant-demo-scheme','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('bg-xx123','participant-demo-scheme','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('it-lx001','participant-demo-scheme','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('0077:RP:TEST','ehealth-actorid-qns','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('0007:9340033829dev01','ehealth-actorid-qns','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('0007:9340033829dev02','ehealth-actorid-qns','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('0007:9340033829dev03','ehealth-actorid-qns','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('0007:9340033829:jrc:02','ehealth-actorid-qns','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('0007:9340033829test','iso6523-actorid-upis','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('urn:ehealth:pt:ncpb-idp','ehealth-participantid-qns','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('urn:cipa:ncpb','ehealth-actorid-qns','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('urn:romania:ncpb','ehealth-actorid-qns','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('0007:9340033829:jrc','ehealth-actorid-qns','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('0007:9340033829:jrc:01','ehealth-actorid-qns','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('0007:9340033829testsupport','iso6523-actorid-upis','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('urn:poland:ncpb','ehealth-actorid-qns','default');
-Insert into SMP_SERVICE_GROUP (BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOMAINID) values ('0007:001:oasis','iso6523-actorid-upis','peppol');
-
-
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('busdox-docid-qns','0007:001:oasis','iso6523-actorid-upis','urn:oasis:names:specification:ubl:schema:xsd:creditnote-2::creditnote##urn:www.cenbii.eu:transaction:biitrns014:ver2.0:extended:urn:www.peppol.eu:bis:peppol5a:ver2.0::2.1');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('busdox-docid-qns','0007:002:oasis','iso6523-actorid-upis','urn:oasis:names:specification:ubl:schema:xsd:creditnote-2::creditnote##urn:www.cenbii.eu:transaction:biitrns014:ver2.0:extended:urn:www.peppol.eu:bis:peppol5a:ver2.0::2.1');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('busdox-docid-qns','0007:9340033829dev1','ehealth-actorid-qns','urn:oasis:names:specification:ubl:schema:xsd:invoice-2::invoice##urn:www.cenbii.eu:transaction:biitrns010:ver2.0:extended:urn:www.peppol.eu:bis:peppol5a:ver2.0::2.2');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('busdox-docid-qns','0007:9340033829test','iso6523-actorid-upis','urn:oasis:names:specification:ubl:schema:xsd:CreditNote-2::CreditNote##urn:www.cenbii.eu:transaction:biitrns014:ver2.0:extended:urn:www.peppol.eu:bis:peppol5a:ver2.0::2.1');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('busdox-docid-qns','0007:9340033829test','iso6523-actorid-upis','urn:oasis:names:specification:ubl:schema:xsd:Invoice-2::Invoice##urn:www.cenbii.eu:transaction:biitrns010:ver2.0:extended:urn:www.peppol.eu:bis:peppol5a:ver2.0::2.1');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('busdox-docid-qns','0007:9340033829test2','ehealth-actorid-qns','urn:oasis:names:specification:ubl:schema:xsd:creditnote-2::creditnote##urn:www.cenbii.eu:transaction:biitrns014:ver2.0:extended:urn:www.peppol.eu:bis:peppol5a:ver2.0::2.1');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('busdox-docid-qns','0007:9340033829test2','ehealth-actorid-qns','urn:oasis:names:specification:ubl:schema:xsd:invoice-2::invoice##urn:www.cenbii.eu:transaction:biitrns010:ver2.0:extended:urn:www.peppol.eu:bis:peppol5a:ver2.0::2.1');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('busdox-docid-qns','0007:9340033829testsupport','iso6523-actorid-upis','urn:oasis:names:specification:ubl:schema:xsd:Invoice-12::Invoice##urn:www.cenbii.eu:transaction:biicoretrdm010:ver1.0:#urn:www.peppol.eu:bis:peppol5a:ver2.0::2.1');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('busdox-docid-qns','0088:5798000000112','iso6523-actorid-upis','urn:oasis:names:specification:ubl:schema:xsd:Invoice-12::Invoice##urn:www.cenbii.eu:transaction:biicoretrdm010:ver1.0:#urn:www.peppol.eu:bis:peppol4a:ver1.0::2.0');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('document-demo-scheme','bg-l001','participant-demo-scheme','agrex');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('document-demo-scheme','bg-l001','participant-demo-scheme','agrim');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('document-demo-scheme','bg-l002','participant-demo-scheme','agrex');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('document-demo-scheme','bg-l002','participant-demo-scheme','agrim');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('document-demo-scheme','bg-lx001','participant-demo-scheme','agrex');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('document-demo-scheme','bg-lx001','participant-demo-scheme','agrim');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('document-demo-scheme','bg-xx123','participant-demo-scheme','agrex');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('document-demo-scheme','bg-xx123','participant-demo-scheme','agrim');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('document-demo-scheme','it-0001','participant-demo-scheme','agrex-request');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('document-demo-scheme','it-0001','participant-demo-scheme','agrim-request');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('document-demo-scheme','it-0002','participant-demo-scheme','agrex-request');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('document-demo-scheme','it-0002','participant-demo-scheme','agrim-request');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('document-demo-scheme','it-l001','participant-demo-scheme','agrex');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('document-demo-scheme','it-l001','participant-demo-scheme','agrim');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('document-demo-scheme','it-lx001','participant-demo-scheme','agrex');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('document-demo-scheme','it-lx001','participant-demo-scheme','agrim');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('document-demo-scheme','ro-0001','participant-demo-scheme','agrex-request');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('document-demo-scheme','ro-0001','participant-demo-scheme','agrim-request');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('document-demo-scheme','ro-0002','participant-demo-scheme','agrex-request');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('document-demo-scheme','ro-0002','participant-demo-scheme','agrim-request');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('ehealth-resid-qns','0002:gutek','iso6523-actorid-upis','urn::epsos##services:extended:epsos::51');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('ehealth-resid-qns','0002:gutek','iso6523-actorid-upis','urn::epsos##services:extended:epsos::52');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('ehealth-resid-qns','urn:aaa:ncpb','ehealth-actorid-qns','urn::epsos##services:extended:epsos::107');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('ehealth-resid-qns','urn:cipa:ncpb','ehealth-actorid-qns','urn::epsos##services:extended:epsos::107');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('ehealth-resid-qns','urn:ehealth:eu:ncp-idp','ehealth-participantid-qns','urn:ehealth:ism::internationalsearchmask##ehealth-107');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('ehealth-resid-qns','urn:ehealth:pt:ncpb-idp','ehealth-participantid-qns','urn:ehealth:CountryBIdentityProvider::XUA::ProvideX-UserAssertion##ITI-40');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('ehealth-resid-qns','urn:ehealth:pt:ncpb-idp','ehealth-participantid-qns','urn:ehealth:ISM::InternationalSearchMask##ehealth-107');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('ehealth-resid-qns','urn:ehealth:pt:ncpb-idp','ehealth-participantid-qns','urn:ehealth:PatientIdentificationAndAuthentication::XCPD::CrossGatewayPatientDiscovery##ITI-55');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('ehealth-resid-qns','urn:ehealth:pt:ncpb-idp','ehealth-participantid-qns','urn:ehealth:ProvisioningOfData:BPPC-RegisterUpdate::XDR::ProvideandRegisterDocumentSet-b##ITI-41');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('ehealth-resid-qns','urn:ehealth:pt:ncpb-idp','ehealth-participantid-qns','urn:ehealth:ProvisioningOfData:Provide::XDR::ProvideandRegisterDocumentSet-b##ITI-41');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('ehealth-resid-qns','urn:ehealth:pt:ncpb-idp','ehealth-participantid-qns','urn:ehealth:RequestOfData::XCA::CrossGatewayQuery##ITI-38');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('ehealth-resid-qns','urn:ehealth:pt:ncpb-idp','ehealth-participantid-qns','urn:ehealth:VPN::VPNGatewayServer##ehealth-105');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('ehealth-resid-qns','urn:ehealth:pt:ncpb-idp','ehealth-participantid-qns','urn:ehealth:countrybidentityprovider::identityprovider::hpauthentication##epsos-91');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('ehealth-resid-qns','urn:ehealth:pt:ncpb-idp','ehealth-participantid-qns','urn:ehealth:ism::internationalsearchmask##ehealth-107');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('ehealth-resid-qns','urn:ehealth:pt:ncpb-idp','ehealth-participantid-qns','urn:ehealth:patientidentificationandauthentication::xcpd::crossgatewaypatientdiscovery##iti-55');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('ehealth-resid-qns','urn:ehealth:pt:ncpb-idp','ehealth-participantid-qns','urn:ehealth:provisioningofdata:bppc-registerupdate::xdr::provideandregisterdocumentset-b##iti-41');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('ehealth-resid-qns','urn:ehealth:pt:ncpb-idp','ehealth-participantid-qns','urn:ehealth:provisioningofdata:provide::xdr::provideandregisterdocumentset-b##iti-41');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('ehealth-resid-qns','urn:ehealth:pt:ncpb-idp','ehealth-participantid-qns','urn:ehealth:requestofdata::xca::crossgatewayquery##iti-38');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('ehealth-resid-qns','urn:ehealth:pt:ncpb-idp','ehealth-participantid-qns','urn:ehealth:requestofdata::xca::crossgatewayretrieve##iti-39');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('ehealth-resid-qns','urn:ehealth:pt:ncpb-idp','ehealth-participantid-qns','urn:ehealth:requestofdata::xcf::crossgatewayfetchrequest##iti-63');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('ehealth-resid-qns','urn:ehealth:pt:ncpb-idp','ehealth-participantid-qns','urn:ehealth:vpn::vpngatewayclient##ehealth-106');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('ehealth-resid-qns','urn:ehealth:pt:ncpb-idp','ehealth-participantid-qns','urn:ehealth:vpn::vpngatewayserver##ehealth-105');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('ehealth-resid-qns','urn:poland:ncpb','ehealth-actorid-qns','urn::epsos##services:extended:epsos::107');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('ehealth-resid-qns','urn:poland:ncpb','ehealth-actorid-qns','utf-8');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('ehealth-resid-qns','urn:ro:ncpb','ehealth-actorid-qns','urn::epsos##services:extended:epsos::107');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('ehealth-resid-qns','urn:romania:ncpb','ehealth-actorid-qns','urn::epsos##services:extended:epsos::107');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('iso6523-actorid-upis','0088:123456','iso6523-actorid-upis','services:extended:epsos::107');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('iso6523-actorid-upis','0088:5798000000120','iso6523-actorid-upis','services:extended:epsos::107');
-Insert into SMP_SERVICE_METADATA (DOCUMENTIDENTIFIERSCHEME,BUSINESSIDENTIFIER,BUSINESSIDENTIFIERSCHEME,DOCUMENTIDENTIFIER) values ('iso6523-actorid-upis','0088:918247451','iso6523-actorid-upis','services:extended:epsos::107');
-
-
-Insert into SMP_USER (USERNAME,PASSWORD,ISADMIN) values ('test','$2a$10$fvONLZ1J80Sj.4C2w0/UBuYxHEGoXLIZgZfxqEXoDSH8q3fbTcGJ6',0);
-Insert into SMP_USER (USERNAME,PASSWORD,ISADMIN) values ('CN=GENERALERDS_AP_TEST_00000,O=European Commission,C=BE:e6588be5c376f78e',null,0);
-Insert into SMP_USER (USERNAME,PASSWORD,ISADMIN) values ('CN=GENERALERDS_AP_TEST_00000/serialNumber\=1,O=European Commission,C=BE:e6588be5c376f78e',null,0);
-Insert into SMP_USER (USERNAME,PASSWORD,ISADMIN) values ('smp_admin','$2a$10$.iCtVZuxZM1l4MwNZ7P9..DfwTOplrq8OeynghNiHNE.LIP.UmF42',1);
-Insert into SMP_USER (USERNAME,PASSWORD,ISADMIN) values ('CN=EHEALTH_SMP_TEST_BRAZIL,O=European Commission,C=BE:48b681ee8e0dcc08',null,0);
-Insert into SMP_USER (USERNAME,PASSWORD,ISADMIN) values ('CN=EHEALTH_SMP_EC_PassedDate,O=European Commission,C=BE:00000000589C4C3B',null,0);
-Insert into SMP_USER (USERNAME,PASSWORD,ISADMIN) values ('CN=EHEALTH_SMP_EC,O=European Commission,C=BE:f71ee8b11cb3b787',null,0);
-Insert into SMP_USER (USERNAME,PASSWORD,ISADMIN) values ('CN=EHEALTH_AP_TEST_00000/serialNumber\=1,O=European Commission,C=BE:23b207cb468b8519',null,0);
-Insert into SMP_USER (USERNAME,PASSWORD,ISADMIN) values ('CN=EHEALTH_AP_TEST_00000,O=European Commission,C=BE:23b207cb468b8519',null,0);
-Insert into SMP_USER (USERNAME,PASSWORD,ISADMIN) values ('AdminSMP1TEST','$2a$10$vrTybiXuFJiGaCJksihuNeaLZnAKwjIcL7KYopxFyZdoRlzs9qZCm',1);
-Insert into SMP_USER (USERNAME,PASSWORD,ISADMIN) values ('AdminSMP2TEST','$2a$10$OIRWlcLV7TXEoWr9SsxLk..vpHhNPDmBPxUjgCL/euNVHxhvtnhBi',1);
-Insert into SMP_USER (USERNAME,PASSWORD,ISADMIN) values ('CN=GRP:SMP_TEST_\+\,& \=eau/emailAddress\=CEF-EDELIVERY-SUPPORT@ec.europa.eu/serialNumber\=1,O=European Commission,C=BE:6eef83f5ef06a05b',null,0);
-Insert into SMP_USER (USERNAME,PASSWORD,ISADMIN) values ('CN=SMP_OpenPEPPOL SMK 003,O=OpenPEPPOL,C=BE:3b3b162e7d37dd2e50edc6d3378997e1',null,0);
-Insert into SMP_USER (USERNAME,PASSWORD,ISADMIN) values ('CN=SMP_CONNECTIVITYTEST_05,O=Connectivity Test,C=BE:0000000000001052',null,0);
-Insert into SMP_USER (USERNAME,PASSWORD,ISADMIN) values ('CN=SMP_CONNECTIVITYTEST_05/emailAddress/=CEF-EDELIVERY-SUPPORT@ec.europa.eu,O=Connectivity Test,C=BE:0000000000001052',null,0);
-Insert into SMP_USER (USERNAME,PASSWORD,ISADMIN) values ('CN=EHEALTH_SMP_TEST_BRAZIL,O=European Commission,C=BE:0000000000000123',null,0);
-Insert into SMP_USER (USERNAME,PASSWORD,ISADMIN) values ('CN=slash/backslash\\quote\"colon:_rfc2253special_ampersand&comma\,equals\=plus\+lessthan\<greaterthan\>hash\#semicolon\;end,O=DEẞßÄäPLżółćNOÆæØøÅå,C=PL:0000000000001010',null,1);
-Insert into SMP_USER (USERNAME,PASSWORD,ISADMIN) values ('admin','$2a$10$jsZamGH2qv8SVnRy55bKOOXof0QbIOaOqsYT/Ujo2Eb7dVQxG0Hd6',0);
-*/
\ No newline at end of file
diff --git a/smp-server-library/src/test/resources/schema.sql b/smp-server-library/src/test/resources/schema.sql
deleted file mode 100755
index 0744b70731d39613bcb496b450a43838cd6e363d..0000000000000000000000000000000000000000
--- a/smp-server-library/src/test/resources/schema.sql
+++ /dev/null
@@ -1,141 +0,0 @@
--- Copyright 2018 European Commission | CEF eDelivery
---
--- Licensed under the EUPL, Version 1.2 or – as soon they will be approved by the European Commission - subsequent versions of the EUPL (the "Licence");
--- You may not use this work except in compliance with the Licence.
---
--- You may obtain a copy of the Licence attached in file: LICENCE-EUPL-v1.2.pdf
---
--- Unless required by applicable law or agreed to in writing, software distributed under the Licence is distributed on an "AS IS" basis,
--- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
--- See the Licence for the specific language governing permissions and limitations under the Licence.
-
-CREATE TABLE smp_domain (
- domainId VARCHAR(50) NOT NULL,
- bdmslClientCertHeader VARCHAR(4000) ,
- bdmslClientCertAlias VARCHAR(50) ,
- bdmslSmpId VARCHAR(50) NOT NULL,
- signatureCertAlias VARCHAR(50) ,
- PRIMARY KEY(domainId)
-);
-
-
-CREATE TABLE smp_domain_AUD (
- domainId VARCHAR(50) NOT NULL,
- bdmslClientCertHeader VARCHAR(4000),
- bdmslClientCertAlias VARCHAR(50),
- bdmslSmpId VARCHAR(50) NOT NULL,
- signatureCertAlias VARCHAR(50) NULL,
- REV integer not null,
- REVTYPE tinyint,
- PRIMARY KEY(domainId, REV)
-);
-
-
-
-CREATE TABLE smp_service_group (
- businessIdentifier VARCHAR(50) NOT NULL,
- businessIdentifierScheme VARCHAR(100) NOT NULL,
- domainId VARCHAR(50) DEFAULT 'domain1' NOT NULL ,
- xmlContent TEXT NULL DEFAULT NULL,
- PRIMARY KEY (businessIdentifier, businessIdentifierScheme),
- CONSTRAINT FK_srv_group_domain FOREIGN KEY (domainId)
- REFERENCES smp_domain (domainId)
-);
-
-CREATE TABLE smp_service_group_AUD (
- businessIdentifier VARCHAR(50) NOT NULL,
- businessIdentifierScheme VARCHAR(100) NOT NULL,
- domainId VARCHAR(50) NOT NULL,
- xmlContent TEXT NULL DEFAULT NULL,
- REV integer not null,
- REVTYPE tinyint,
- PRIMARY KEY (businessIdentifier, businessIdentifierScheme, REV)
-);
-
-CREATE TABLE smp_service_metadata (
- documentIdentifier VARCHAR(500) NOT NULL,
- documentIdentifierScheme VARCHAR(100) NOT NULL,
- businessIdentifier VARCHAR(50) NOT NULL,
- businessIdentifierScheme VARCHAR(100) NOT NULL,
- xmlcontent TEXT,
- PRIMARY KEY (documentIdentifier, documentIdentifierScheme, businessIdentifier, businessIdentifierScheme),
- FOREIGN KEY (businessIdentifier, businessIdentifierScheme) REFERENCES smp_service_group (businessIdentifier, businessIdentifierScheme)
- ON DELETE CASCADE
- ON UPDATE CASCADE
-);
-
-CREATE TABLE smp_service_metadata_AUD (
- documentIdentifier VARCHAR(500) NOT NULL,
- documentIdentifierScheme VARCHAR(100) NOT NULL,
- businessIdentifier VARCHAR(50) NOT NULL,
- businessIdentifierScheme VARCHAR(100) NOT NULL,
- xmlcontent TEXT,
- REV integer not null,
- REVTYPE tinyint,
- PRIMARY KEY (documentIdentifier, documentIdentifierScheme, businessIdentifier, businessIdentifierScheme, REV)
-);
-
-
-CREATE TABLE smp_user (
- username VARCHAR(256) NOT NULL,
- password VARCHAR(256),
- isadmin TINYINT(1) DEFAULT 0 NOT NULL,
- PRIMARY KEY (username)
-);
-
-CREATE TABLE smp_user_AUD (
- username VARCHAR(256) NOT NULL,
- password VARCHAR(256),
- isadmin TINYINT(1) DEFAULT 0 NOT NULL,
- REV integer not null,
- REVTYPE tinyint,
- PRIMARY KEY (username, REV)
-);
-
-
-CREATE TABLE smp_ownership (
- username VARCHAR(256) NOT NULL,
- businessIdentifier VARCHAR(50) NOT NULL,
- businessIdentifierScheme VARCHAR(100),
- PRIMARY KEY (businessIdentifier, businessIdentifierScheme, username),
- FOREIGN KEY (businessIdentifier, businessIdentifierScheme) REFERENCES smp_service_group (businessIdentifier, businessIdentifierScheme)
- ON DELETE CASCADE
- ON UPDATE CASCADE,
- FOREIGN KEY (username) REFERENCES smp_user (username)
- ON DELETE CASCADE
- ON UPDATE CASCADE
-);
-
-
-CREATE TABLE smp_ownership_AUD (
- username VARCHAR(256) NOT NULL,
- businessIdentifier VARCHAR(50) NOT NULL,
- businessIdentifierScheme VARCHAR(100) NOT NULL,
- REV integer not null,
- REVTYPE tinyint,
- PRIMARY KEY (username, businessIdentifier, businessIdentifierScheme, REV)
-);
-
-
-CREATE TABLE SMP_REV_INFO (
- ID INT AUTO_INCREMENT NOT NULL,
- TIMESTAMP BIGINT NULL,
- REVISION_DATE timestamp NULL,
- username VARCHAR(255) NULL,
- CONSTRAINT PK_SMP_REV_INFO PRIMARY KEY (ID)
-);
-
-
-
-
-create table hibernate_sequence(
- next_val BIGINT NOT NULL
-);
-
-INSERT INTO hibernate_sequence(next_val) values(1);
-
-INSERT INTO smp_domain(domainId, bdmslSmpId) VALUES('domain1', 'DEFAULT-SMP-ID');
--- default admin user with password "changeit"
-INSERT INTO smp_user(username, password, isadmin) VALUES ('smp_admin', '$2a$10$SZXMo7K/wA.ULWxH7uximOxeNk4mf3zU6nxJx/2VfKA19QlqwSpNO', '1');
-
-commit;
diff --git a/smp-server-library/src/test/resources/service_integration_test_data.sql b/smp-server-library/src/test/resources/service_integration_test_data.sql
deleted file mode 100644
index f06c8dbf885ddfe33a00ff8dc8231fd4aee5856b..0000000000000000000000000000000000000000
--- a/smp-server-library/src/test/resources/service_integration_test_data.sql
+++ /dev/null
@@ -1,4 +0,0 @@
-insert into smp_user(username, password, ACCESS_TOKEN_ID, ACCESS_TOKEN, isadmin) values ('test_admin','$2a$06$k.Q/6anG4Eq/nNTZ0C1UIuAKxpr6ra5oaMkMSrlESIyA5jKEsUdyS', 'test_pat_admin','$2a$10$bP44Ij/mE6U6OUo/QrKCvOb7ouSClKnyE0Ak6t58BLob9OTI534IO', 1);
-insert into smp_user(username, password, ACCESS_TOKEN_ID, ACCESS_TOKEN, isadmin) values ('test_user_hashed_pass','$2a$06$k.Q/6anG4Eq/nNTZ0C1UIuAKxpr6ra5oaMkMSrlESIyA5jKEsUdyS','test_pat_hashed_pass','$2a$10$WftDXn7YqMI/15D8r6fMOOHGQOPxAin8BwQJOjDe1d66SkEuekJ5q', 0);
-insert into smp_user(username, password, ACCESS_TOKEN_ID, ACCESS_TOKEN, isadmin) values ('test_user_clear_pass', 'gutek123','test_user_clear_pass', 'gutek123',0);
-insert into smp_user(username, password, ACCESS_TOKEN_ID, ACCESS_TOKEN, isadmin) values ('CN=common name,O=org,C=BE:0000000000000066', 'CN=common name,O=org,C=BE:0000000000000066', '',0);
diff --git a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/SMPAuthenticationProvider.java b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/SMPAuthenticationProvider.java
index 475a426d93a9409a844f3a944295d52a305a0397..6dc991bacff2f0793f8ac95daaee29740f509c5f 100644
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/SMPAuthenticationProvider.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/SMPAuthenticationProvider.java
@@ -100,6 +100,11 @@ public class SMPAuthenticationProvider implements AuthenticationProvider {
LOG.warn("Unknown or null PreAuthenticatedAuthenticationToken principal type: " + principal);
}
} else if (authenticationToken instanceof UsernamePasswordAuthenticationToken) {
+ LOG.info("try to authentication Token: [{}] with user:[{}]" , authenticationToken.getClass(), authenticationToken.getPrincipal());
+ if ("_cas_stateful_".equalsIgnoreCase((String)authenticationToken.getPrincipal())){
+ LOG.debug("Ignore CAS authentication and leave it to cas authentication module");
+ return null;
+ }
authentication = authenticateByUsernameToken((UsernamePasswordAuthenticationToken) authenticationToken);
}
diff --git a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/SMPAuthenticationProviderForUI.java b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/SMPAuthenticationProviderForUI.java
index d3de04a62646dedfda85d549a8c794eda56b27a2..4c5509fb4892aebf89568ade7ebaf424ae0f10cd 100644
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/SMPAuthenticationProviderForUI.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/SMPAuthenticationProviderForUI.java
@@ -66,6 +66,7 @@ public class SMPAuthenticationProviderForUI implements AuthenticationProvider {
Authentication authentication = null;
// PreAuthentication token for the rest service certificate authentication
+ LOG.debug("Authenticate authentication token type: [{}]", authenticationToken.getClass());
if (authenticationToken instanceof UsernamePasswordAuthenticationToken) {
authentication = authenticateByUsernamePassword((UsernamePasswordAuthenticationToken) authenticationToken);
}
diff --git a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/cas/SMPCasConfigurer.java b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/cas/SMPCasConfigurer.java
index ae9fae979bf6ec0637adb62e938b5efcb1eb1e7d..dd1275b4abc926a0455126fbd6700273bd42937e 100644
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/cas/SMPCasConfigurer.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/cas/SMPCasConfigurer.java
@@ -82,7 +82,7 @@ public class SMPCasConfigurer {
CasAuthenticationEntryPoint entryPoint = new CasAuthenticationEntryPoint();
entryPoint.setLoginUrl(casUrlLogin);
entryPoint.setServiceProperties(serviceProperties);
- LOG.info("Configured CAS Login Url: " + entryPoint.getLoginUrl());
+ LOG.info("Configured CAS CasAuthenticationEntryPoint Url: " + entryPoint.getLoginUrl());
return entryPoint;
}
@@ -99,6 +99,7 @@ public class SMPCasConfigurer {
String casUrl = configService.getCasURL().toString();
String casTokenValidationSuffix = configService.getCasURLTokenValidation();
+ LOG.debug("Create Bean SMPCas20ServiceTicketValidator with cas URL [{}] and token suffix [{}]!", casUrl,casTokenValidationSuffix );
SMPCas20ServiceTicketValidator validator = new SMPCas20ServiceTicketValidator(casUrl, casTokenValidationSuffix);
validator.setCustomParameters(getCustomParameters(configService));
validator.setRenew(false);
@@ -140,6 +141,7 @@ public class SMPCasConfigurer {
return null;
}
+ LOG.debug("Configure Bean [CasAuthenticationProvider:{}]!", SMP_CAS_PROPERTIES_BEAN);
CasAuthenticationProvider provider = new CasAuthenticationProvider();
provider.setServiceProperties(serviceProperties);
provider.setTicketValidator(serviceTicketValidator);
@@ -164,6 +166,7 @@ public class SMPCasConfigurer {
CasAuthenticationFilter filter = new CasAuthenticationFilter();
filter.setFilterProcessesUrl(SMP_SECURITY_PATH_CAS_AUTHENTICATE + "/login");
+ //filter.setFilterProcessesUrl(SMP_SECURITY_PATH_CAS_AUTHENTICATE);
filter.setServiceProperties(casServiceProperties);
filter.setAuthenticationManager(authenticationManager);
LOG.info("Created CAS Filter: " + filter.getClass().getSimpleName() + "with the properties: " + casServiceProperties.getArtifactParameter());
diff --git a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/cas/SMPCasUserService.java b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/cas/SMPCasUserService.java
index eb05e70e77d80cddd71cc9f29addbd16d4e89175..eab8b8425f476d04086834e37af58bc2d086460d 100644
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/cas/SMPCasUserService.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/cas/SMPCasUserService.java
@@ -61,6 +61,7 @@ public class SMPCasUserService implements AuthenticationUserDetailsService<CasAs
throw new UsernameNotFoundException("User with the username ["+username+"] is not registered in SMP", ex);
}
UserRO userRo = uiUserService.convertToRo(dbuser);
+ userRo.setCasAuthenticated(true);
userRo.setPassword(null);
userRo.setAuthorities(Collections.singletonList(new SMPAuthority(userRo.getRole())));
return userRo;
diff --git a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/UISecurityConfigurerAdapter.java b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/UISecurityConfigurerAdapter.java
index 6d269ecaac38bf61ab677e2b92e1c8d5b061a494..74cedbff88d74b3f1d5fa134d4e494d0a66356c8 100644
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/UISecurityConfigurerAdapter.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/UISecurityConfigurerAdapter.java
@@ -12,16 +12,12 @@ import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Lazy;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.cas.authentication.CasAuthenticationProvider;
-import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
-import org.springframework.security.cas.web.CasAuthenticationFilter;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
@@ -35,12 +31,12 @@ import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.security.web.firewall.HttpFirewall;
import org.springframework.security.web.session.HttpSessionEventPublisher;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.AnyRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.web.server.adapter.ForwardedHeaderTransformer;
-import static eu.europa.ec.edelivery.smp.config.SMPSecurityConstants.*;
+import static eu.europa.ec.edelivery.smp.config.SMPSecurityConstants.SMP_SECURITY_PATH_CAS_AUTHENTICATE;
+import static eu.europa.ec.edelivery.smp.config.SMPSecurityConstants.SMP_UI_AUTHENTICATION_MANAGER_BEAN;
/**
* SMP UI Security configuration
@@ -49,20 +45,16 @@ import static eu.europa.ec.edelivery.smp.config.SMPSecurityConstants.*;
* @since 4.1
*/
+@Order(2)
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
-@Order(1)
@ComponentScan("eu.europa.ec.edelivery.smp.auth")
public class UISecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
private static final Logger LOG = LoggerFactory.getLogger(UISecurityConfigurerAdapter.class);
SMPAuthenticationProviderForUI smpAuthenticationProviderForUI;
- CasAuthenticationProvider casAuthenticationProvider;
MDCLogRequestFilter mdcLogRequestFilter;
- // User account
- CasAuthenticationFilter casAuthenticationFilter;
- CasAuthenticationEntryPoint casAuthenticationEntryPoint;
CsrfTokenRepository csrfTokenRepository;
HttpFirewall httpFirewall;
@@ -75,19 +67,12 @@ public class UISecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Lazy MDCLogRequestFilter mdcLogRequestFilter,
@Lazy CsrfTokenRepository csrfTokenRepository,
@Lazy RequestMatcher csrfURLMatcher,
- @Lazy HttpFirewall httpFirewall,
- // optional cas authentication configuration
- @Lazy CasAuthenticationProvider casAuthenticationProvider,
- @Lazy @Qualifier(SMP_CAS_FILTER_BEAN) CasAuthenticationFilter casAuthenticationFilter,
- @Lazy CasAuthenticationEntryPoint casAuthenticationEntryPoint
+ @Lazy HttpFirewall httpFirewall
) {
super(false);
this.configurationService = configurationService;
this.smpAuthenticationProviderForUI = smpAuthenticationProviderForUI;
- this.casAuthenticationProvider = casAuthenticationProvider;
- this.casAuthenticationFilter = casAuthenticationFilter;
this.mdcLogRequestFilter = mdcLogRequestFilter;
- this.casAuthenticationEntryPoint = casAuthenticationEntryPoint;
this.csrfTokenRepository = csrfTokenRepository;
this.csrfURLMatcher = csrfURLMatcher;
this.httpFirewall = httpFirewall;
@@ -99,11 +84,6 @@ public class UISecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
configureSecurityHeaders(httpSecurity);
ExceptionHandlingConfigurer<HttpSecurity> exceptionHandlingConfigurer = httpSecurity.exceptionHandling();
- if (configurationService.isSSOEnabledForUserAuthentication()) {
- LOG.debug("The CAS authentication is enabled. Set casAuthenticationEntryPoint!");
- exceptionHandlingConfigurer = exceptionHandlingConfigurer.defaultAuthenticationEntryPointFor(casAuthenticationEntryPoint, new AntPathRequestMatcher(SMP_SECURITY_PATH_CAS_AUTHENTICATE));
- }
-
SMPSecurityExceptionHandler smpSecurityExceptionHandler = new SMPSecurityExceptionHandler();
exceptionHandlingConfigurer.authenticationEntryPoint(smpSecurityExceptionHandler);
@@ -115,13 +95,6 @@ public class UISecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
.contentTypeOptions().and()
.xssProtection().xssProtectionEnabled(true).and()
.and();
-
- if (configurationService.isSSOEnabledForUserAuthentication()) {
- LOG.debug("The CAS authentication is enabled. Add CAS filter!");
- httpSecurity = httpSecurity.addFilter(casAuthenticationFilter);
- }
-
-
httpSecurity
.addFilterAfter(mdcLogRequestFilter, BasicAuthenticationFilter.class)
.httpBasic().authenticationEntryPoint(smpSecurityExceptionHandler).and() // username
@@ -196,10 +169,6 @@ public class UISecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) {
LOG.info("configureAuthenticationManagerBuilder, set SMP provider ");
- if (configurationService.isSSOEnabledForUserAuthentication()) {
- LOG.info("[CAS] Authentication Provider enabled");
- auth.authenticationProvider(casAuthenticationProvider);
- }
// add UI authentication provider
auth.authenticationProvider(smpAuthenticationProviderForUI);
}
@@ -228,7 +197,7 @@ public class UISecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
// init pages
requestMatcher.addIgnoreUrl("^$", HttpMethod.GET);
//ignore CSRF for SMP rest API
- requestMatcher.addIgnoreUrl("^/(?!ui/)[^/]*(/services/.*)?$", HttpMethod.GET,HttpMethod.PUT,HttpMethod.DELETE,HttpMethod.POST);
+ requestMatcher.addIgnoreUrl("^/(?!ui/)[^/]*(/services/.*)?$", HttpMethod.GET, HttpMethod.PUT, HttpMethod.DELETE, HttpMethod.POST);
//requestMatcher.addIgnoreUrl("^(/smp)?/$", HttpMethod.GET);
//requestMatcher.addIgnoreUrl("/favicon(-[0-9x]{2,7})?.(png|ico)$", HttpMethod.GET);
@@ -272,7 +241,6 @@ public class UISecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Bean
public ForwardedHeaderTransformer smpForwardedHeaderTransformer() {
ForwardedHeaderTransformer forwardedHeaderTransformer = new ForwardedHeaderTransformer();
- // WebHttpHandlerBuilder.forwardedHeaderTransformer(ForwardedHeaderTransformer);
forwardedHeaderTransformer.setRemoveOnly(false);
return forwardedHeaderTransformer;
diff --git a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/WSSecurityConfigurerAdapter.java b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/WSSecurityConfigurerAdapter.java
index 35ad4ff583af732376647dc4d0cc47361ff274a6..410dcc9572dbb38a8b2a4e1dcf33876aae983eff 100644
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/WSSecurityConfigurerAdapter.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/WSSecurityConfigurerAdapter.java
@@ -26,12 +26,16 @@ import org.apache.commons.lang3.exception.ExceptionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Lazy;
import org.springframework.context.annotation.Primary;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.cas.authentication.CasAuthenticationProvider;
+import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
+import org.springframework.security.cas.web.CasAuthenticationFilter;
import org.springframework.security.config.BeanIds;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
@@ -44,6 +48,7 @@ import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.security.web.firewall.DefaultHttpFirewall;
import org.springframework.security.web.firewall.HttpFirewall;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.AnyRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
@@ -56,7 +61,7 @@ import static eu.europa.ec.edelivery.smp.config.SMPSecurityConstants.*;
* @author gutowpa
* @since 3.0
*/
-@Order(2)
+@Order(1)
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
public class WSSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@@ -73,6 +78,10 @@ public class WSSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
// Accounts supporting automated application functionalities
ClientCertAuthenticationFilter clientCertAuthenticationFilter;
EDeliveryX509AuthenticationFilter x509AuthenticationFilter;
+ // cas authentication
+ CasAuthenticationProvider casAuthenticationProvider;
+ CasAuthenticationFilter casAuthenticationFilter;
+ CasAuthenticationEntryPoint casAuthenticationEntryPoint;
@Autowired
public WSSecurityConfigurerAdapter(SMPAuthenticationProvider smpAuthenticationProvider,
@@ -80,7 +89,11 @@ public class WSSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Lazy MDCLogRequestFilter mdcLogRequestFilter,
@Lazy CsrfTokenRepository csrfTokenRepository,
@Lazy RequestMatcher csrfURLMatcher,
- @Lazy HttpFirewall httpFirewall
+ @Lazy HttpFirewall httpFirewall,
+ // optional cas authentication configuration
+ @Lazy CasAuthenticationProvider casAuthenticationProvider,
+ @Lazy @Qualifier(SMP_CAS_FILTER_BEAN) CasAuthenticationFilter casAuthenticationFilter,
+ @Lazy CasAuthenticationEntryPoint casAuthenticationEntryPoint
) {
super(false);
this.configurationService = configurationService;
@@ -89,18 +102,25 @@ public class WSSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
this.csrfTokenRepository = csrfTokenRepository;
this.csrfURLMatcher = csrfURLMatcher;
this.httpFirewall = httpFirewall;
+ this.casAuthenticationEntryPoint = casAuthenticationEntryPoint;
+ this.casAuthenticationProvider = casAuthenticationProvider;
+ this.casAuthenticationFilter = casAuthenticationFilter;
+
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
-
configureSecurityHeaders(httpSecurity);
-
ExceptionHandlingConfigurer<HttpSecurity> exceptionHandlingConfigurer = httpSecurity.exceptionHandling();
-
SMPSecurityExceptionHandler smpSecurityExceptionHandler = new SMPSecurityExceptionHandler();
+ //exceptionHandlingConfigurer.authenticationEntryPoint(smpSecurityExceptionHandler);
+ if (configurationService.isSSOEnabledForUserAuthentication()) {
+ String casEndpointAntPattern = SMP_SECURITY_PATH_CAS_AUTHENTICATE;
+ LOG.debug("The CAS authentication is enabled. Set casAuthenticationEntryPoint for endpoint [{}]!", casEndpointAntPattern);
+ exceptionHandlingConfigurer = exceptionHandlingConfigurer
+ .defaultAuthenticationEntryPointFor(casAuthenticationEntryPoint, new AntPathRequestMatcher(casEndpointAntPattern));
+ }
- exceptionHandlingConfigurer.authenticationEntryPoint(smpSecurityExceptionHandler);
httpSecurity = exceptionHandlingConfigurer
.accessDeniedHandler(smpSecurityExceptionHandler)
.and()
@@ -109,11 +129,17 @@ public class WSSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
.xssProtection().xssProtectionEnabled(true).and()
.and();
+ if (configurationService.isSSOEnabledForUserAuthentication()) {
+ LOG.debug("The CAS authentication is enabled. Add CAS filter!");
+ httpSecurity = httpSecurity.addFilter(casAuthenticationFilter);
+ }
httpSecurity
.addFilterAfter(mdcLogRequestFilter, EDeliveryX509AuthenticationFilter.class)
.addFilter(getClientCertAuthenticationFilter())
- .addFilter(getEDeliveryX509AuthenticationFilter())
- .httpBasic().authenticationEntryPoint(smpSecurityExceptionHandler).and() // username
+ .addFilter(getEDeliveryX509AuthenticationFilter());
+
+
+ httpSecurity.httpBasic().authenticationEntryPoint(smpSecurityExceptionHandler).and() // username
.anonymous().authorities(SMPAuthority.S_AUTHORITY_ANONYMOUS.getAuthority()).and()
.authorizeRequests()
.antMatchers(HttpMethod.DELETE, SMP_SECURITY_PATH_AUTHENTICATE).permitAll()
@@ -121,13 +147,13 @@ public class WSSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
.antMatchers(HttpMethod.GET, SMP_SECURITY_PATH_CAS_AUTHENTICATE).authenticated()
.and()
.authorizeRequests()
- .antMatchers(HttpMethod.DELETE).hasAnyAuthority(
+ .regexMatchers(HttpMethod.DELETE, "^/(?!ui/)[^/]*(/services/.*)?$").hasAnyAuthority(
SMPAuthority.S_AUTHORITY_TOKEN_WS_SERVICE_GROUP_ADMIN,
SMPAuthority.S_AUTHORITY_TOKEN_WS_SMP_ADMIN)
- .antMatchers(HttpMethod.PUT).hasAnyAuthority(
+ .regexMatchers(HttpMethod.PUT, "^/(?!ui/)[^/]*(/services/.*)?$").hasAnyAuthority(
SMPAuthority.S_AUTHORITY_TOKEN_WS_SERVICE_GROUP_ADMIN,
SMPAuthority.S_AUTHORITY_TOKEN_WS_SMP_ADMIN)
- .antMatchers(HttpMethod.GET).permitAll().and()
+ .regexMatchers(HttpMethod.GET, "^/(?!ui/)[^/]*(/services/.*)?$").permitAll().and()
;
}
@@ -180,6 +206,10 @@ public class WSSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) {
LOG.info("configureAuthenticationManagerBuilder, set SMP provider ");
+ if (configurationService.isSSOEnabledForUserAuthentication()) {
+ LOG.info("[CAS] Authentication Provider enabled");
+ auth.authenticationProvider(casAuthenticationProvider);
+ }
// fallback automation user token authentication
auth.authenticationProvider(smpAuthenticationProvider);
}
@@ -206,7 +236,7 @@ public class WSSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
clientCertAuthenticationFilter.setClientCertAuthenticationEnabled(configurationService.isExternalTLSAuthenticationWithClientCertHeaderEnabled());
}
return clientCertAuthenticationFilter;
- }
+ }
public EDeliveryX509AuthenticationFilter getEDeliveryX509AuthenticationFilter() throws Exception {
if (x509AuthenticationFilter == null) {
diff --git a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/AuthenticationResource.java b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/AuthenticationResource.java
index 374eca0350699e024d4157ecd700b30b583ebac1..11a02caaddc75403ff79340b98ac9deba71c29a5 100644
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/AuthenticationResource.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/AuthenticationResource.java
@@ -103,7 +103,7 @@ public class AuthenticationResource {
public RedirectView authenticateCAS() {
LOG.debug("Authenticating cas");
// if user was able to access resource - redirect back to main page
- return new RedirectView("../../#/");
+ return new RedirectView("../../../#/");
}
@GetMapping(value = "user")
@@ -134,6 +134,7 @@ public class AuthenticationResource {
/**
* Method updates data with "show expire dialog" flag, forces the password change flag and
* sanitize ui data/
+ *
* @param userRO
* @return updated user data according to SMP configuration
*/
@@ -143,7 +144,7 @@ public class AuthenticationResource {
.minusDays(configurationService.getPasswordPolicyUIWarningDaysBeforeExpire())
.isBefore(userRO.getPasswordExpireOn()));
- userRO.setForceChangePassword(userRO.isPasswordExpired() && configurationService.getPasswordPolicyForceChangeIfExpired()) ;
+ userRO.setForceChangePassword(userRO.isPasswordExpired() && configurationService.getPasswordPolicyForceChangeIfExpired());
return authorizationService.sanitize(userRO);
}
diff --git a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/external/ApplicationResource.java b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/external/ApplicationResource.java
index e59c25b6fd4d1d0e84a9aa790c608c57414cdcd0..e0bfeaaa34961d4a642580539531eb7ae9170472 100644
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/external/ApplicationResource.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/external/ApplicationResource.java
@@ -50,7 +50,10 @@ public class ApplicationResource {
SmpInfoRO info = new SmpInfoRO();
info.setVersion(getDisplayVersion());
info.setAuthTypes(configurationService.getUIAuthenticationTypes());
- info.setSsoAuthenticationLabel(configurationService.getCasUILabel());
+ if (configurationService.getUIAuthenticationTypes().contains("SSO")){
+ info.setSsoAuthenticationLabel(configurationService.getCasUILabel());
+ info.setSsoAuthenticationURI(configurationService.getCasSMPLoginRelativePath());
+ }
info.setContextPath(getRootContext());
return info;
}
diff --git a/smp-webapp/src/test/java/eu/europa/ec/cipa/smp/server/security/SecurityConfigurationClientCertTest.java b/smp-webapp/src/test/java/eu/europa/ec/cipa/smp/server/security/SecurityConfigurationClientCertTest.java
index 5ebeca8a28c55ea006d491c811eedffb9ae3acad..f5820446afc4e414390ea1fb44452f3b67a0854a 100644
--- a/smp-webapp/src/test/java/eu/europa/ec/cipa/smp/server/security/SecurityConfigurationClientCertTest.java
+++ b/smp-webapp/src/test/java/eu/europa/ec/cipa/smp/server/security/SecurityConfigurationClientCertTest.java
@@ -156,10 +156,9 @@ public class SecurityConfigurationClientCertTest {
@Before
public void setup() throws IOException {
X509CertificateTestUtils.reloadKeystores();
-
configurationDao.setPropertyToDatabase(SMPPropertyEnum.EXTERNAL_TLS_AUTHENTICATION_CLIENT_CERT_HEADER_ENABLED,"true", null);
- configurationDao.reloadPropertiesFromDatabase();
mvc = MockMvcUtils.initializeMockMvc(context);
+ configurationDao.contextRefreshedEvent();
}
@Parameterized.Parameter()
diff --git a/smp-webapp/src/test/java/eu/europa/ec/cipa/smp/server/security/SecurityConfigurationTest.java b/smp-webapp/src/test/java/eu/europa/ec/cipa/smp/server/security/SecurityConfigurationTest.java
index 74f56c067273054a6d74668e232431ff5d1458ca..9db8b52071360c776117f87cbfbcbe4deda470e2 100644
--- a/smp-webapp/src/test/java/eu/europa/ec/cipa/smp/server/security/SecurityConfigurationTest.java
+++ b/smp-webapp/src/test/java/eu/europa/ec/cipa/smp/server/security/SecurityConfigurationTest.java
@@ -15,6 +15,7 @@ package eu.europa.ec.cipa.smp.server.security;
import eu.europa.ec.edelivery.exception.ClientCertParseException;
import eu.europa.ec.edelivery.smp.data.dao.ConfigurationDao;
+import eu.europa.ec.edelivery.smp.data.ui.enums.SMPPropertyEnum;
import eu.europa.ec.edelivery.smp.test.SmpTestWebAppConfig;
import eu.europa.ec.edelivery.smp.test.testutils.MockMvcUtils;
import eu.europa.ec.edelivery.smp.test.testutils.X509CertificateTestUtils;
@@ -78,11 +79,11 @@ public class SecurityConfigurationTest {
@Before
public void setup() throws IOException {
X509CertificateTestUtils.reloadKeystores();
+ configurationDao.setPropertyToDatabase(SMPPropertyEnum.EXTERNAL_TLS_AUTHENTICATION_CLIENT_CERT_HEADER_ENABLED,"true", null);
mvc = MockMvcUtils.initializeMockMvc(context);
- configurationDao.reloadPropertiesFromDatabase();
+ configurationDao.contextRefreshedEvent();
}
-
@Test
public void getMethodAccessiblePubliclyTest() throws Exception {
mvc.perform(MockMvcRequestBuilders.get(RETURN_LOGGED_USER_PATH)
diff --git a/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/test/testutils/MockMvcUtils.java b/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/test/testutils/MockMvcUtils.java
index ae8c88af52adc2b1938a7f0ae22b470d7c7c4aca..1f52cfbf24d3b7c8a66f043f7e4090700d27bac0 100644
--- a/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/test/testutils/MockMvcUtils.java
+++ b/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/test/testutils/MockMvcUtils.java
@@ -40,6 +40,9 @@ public class MockMvcUtils {
private static final String SG_USER_USERNAME = "sg_admin";
private static final String SG_USER_PASSWD = "test123";
+ private static final String SG_USER2_USERNAME = "test_user_hashed_pass";
+ private static final String SG_USER2_PASSWD = "test123";
+
public static RequestPostProcessor getHttpBasicSystemAdminCredentials() {
return httpBasic(SYS_ADMIN_USERNAME, SYS_ADMIN_PASSWD);
@@ -53,6 +56,10 @@ public class MockMvcUtils {
return httpBasic(SG_USER_USERNAME, SG_USER_PASSWD);
}
+ public static RequestPostProcessor getHttpBasicServiceGroupUser2Credentials() {
+ return httpBasic(SG_USER2_USERNAME, SG_USER2_PASSWD);
+ }
+
/**
* Login with system the username and data
*
@@ -86,6 +93,10 @@ public class MockMvcUtils {
return loginWithCredentials(mvc, SG_USER_USERNAME, SG_USER_PASSWD);
}
+ public static MockHttpSession loginWithServiceGroupUser2(MockMvc mvc) throws Exception {
+ return loginWithCredentials(mvc, SG_USER2_USERNAME, SG_USER2_PASSWD);
+ }
+
/**
* Login with the username and data
*
diff --git a/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/external/ServiceGroupResourceIntegrationTest.java b/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/external/ServiceGroupResourceIntegrationTest.java
index 4bc1007f04ba986b215d87810cc6eb1f7490769b..63890fbcfe25ac0f6b80395d8ace1c9014797ae8 100644
--- a/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/external/ServiceGroupResourceIntegrationTest.java
+++ b/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/external/ServiceGroupResourceIntegrationTest.java
@@ -7,12 +7,14 @@ import eu.europa.ec.edelivery.smp.data.ui.ServiceGroupRO;
import eu.europa.ec.edelivery.smp.data.ui.ServiceGroupValidationRO;
import eu.europa.ec.edelivery.smp.data.ui.ServiceResult;
import eu.europa.ec.edelivery.smp.test.SmpTestWebAppConfig;
+import eu.europa.ec.edelivery.smp.test.testutils.MockMvcUtils;
import eu.europa.ec.edelivery.smp.ui.ResourceConstants;
import org.apache.commons.io.IOUtils;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.mock.web.MockHttpSession;
import org.springframework.mock.web.MockServletContext;
import org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers;
import org.springframework.test.context.ContextConfiguration;
@@ -29,7 +31,10 @@ import org.springframework.web.context.WebApplicationContext;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import java.io.IOException;
+import java.util.Arrays;
+import static eu.europa.ec.edelivery.smp.test.testutils.MockMvcUtils.*;
+import static eu.europa.ec.edelivery.smp.ui.ResourceConstants.CONTEXT_PATH_PUBLIC_SERVICE_METADATA;
import static org.junit.Assert.*;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
@@ -65,30 +70,18 @@ public class ServiceGroupResourceIntegrationTest {
private WebApplicationContext webAppContext;
private MockMvc mvc;
- private static final RequestPostProcessor SMP_ADMIN_CREDENTIALS = httpBasic("smp_admin", "test123");
- private static final RequestPostProcessor SG_ADMIN_CREDENTIALS = httpBasic("sg_admin", "test123");
-
@Before
public void setup() throws IOException {
- mvc = MockMvcBuilders.webAppContextSetup(webAppContext)
- .apply(SecurityMockMvcConfigurers.springSecurity())
- .build();
-
- initServletContext();
+ mvc = MockMvcUtils.initializeMockMvc(webAppContext);
validExtension = new String(IOUtils.toByteArray(ServiceGroupResourceIntegrationTest.class.getResourceAsStream("/input/extensionMarshal.xml")));
}
- private void initServletContext() {
- MockServletContext sc = new MockServletContext("");
- ServletContextListener listener = new ContextLoaderListener(webAppContext);
- ServletContextEvent event = new ServletContextEvent(sc);
- }
-
@Test
public void getServiceGroupListForSMPAdmin() throws Exception {
// given when
+ MockHttpSession sessionAdmin = loginWithSMPAdmin(mvc);
MvcResult result = mvc.perform(get(PATH_PUBLIC)
- .with(SMP_ADMIN_CREDENTIALS).with(csrf())
+ .session(sessionAdmin).with(csrf())
).andExpect(status().isOk()).andReturn();
//them
@@ -111,8 +104,9 @@ public class ServiceGroupResourceIntegrationTest {
@Test
public void getServiceGroupListForServiceGroupAdmin() throws Exception {
// given when
+ MockHttpSession sessionAdmin = loginWithSMPAdmin(mvc);
MvcResult result = mvc.perform(get(PATH_PUBLIC)
- .with(SG_ADMIN_CREDENTIALS).with(csrf())
+ .session(sessionAdmin).with(csrf())
).andExpect(status().isOk()).andReturn();
//them
@@ -120,12 +114,13 @@ public class ServiceGroupResourceIntegrationTest {
ServiceResult res = mapper.readValue(result.getResponse().getContentAsString(), ServiceResult.class);
assertNotNull(res);
- assertEquals(1, res.getServiceEntities().size());
+ assertFalse(res.getServiceEntities().isEmpty());
res.getServiceEntities().forEach(sgMap -> {
ServiceGroupRO sgro = mapper.convertValue(sgMap, ServiceGroupRO.class);
assertNotNull(sgro.getId());
assertNotNull(sgro.getParticipantScheme());
assertNotNull(sgro.getParticipantIdentifier());
+ assertTrue(Arrays.asList("urn:australia:ncpb","urn:brazil:ncpb").contains(sgro.getParticipantIdentifier()));
assertEquals(1, sgro.getUsers().size());
assertNotNull(sgro.getUsers().get(0).getUserId());
});
@@ -133,10 +128,10 @@ public class ServiceGroupResourceIntegrationTest {
@Test
public void getServiceGroupById() throws Exception {
-
// given when
+ MockHttpSession sessionAdmin = loginWithSMPAdmin(mvc);
MvcResult result = mvc.perform(get(PATH_PUBLIC + "/100000")
- .with(SMP_ADMIN_CREDENTIALS).with(csrf())).
+ .session(sessionAdmin).with(csrf())).
andExpect(status().isOk()).andReturn();
//them
@@ -164,8 +159,9 @@ public class ServiceGroupResourceIntegrationTest {
serviceGroupDao.update(sg);
// given when
+ MockHttpSession sessionAdmin = loginWithSMPAdmin(mvc);
MvcResult result = mvc.perform(get(PATH_PUBLIC + "/100000/extension")
- .with(SMP_ADMIN_CREDENTIALS).with(csrf()))
+ .session(sessionAdmin).with(csrf()))
.andExpect(status().isOk()).andReturn();
//them
@@ -179,6 +175,14 @@ public class ServiceGroupResourceIntegrationTest {
assertEquals(new String(sg.getExtension()), res.getExtension());
}
+ @Test
+ public void getExtensionServiceGroupByIdNotAuthorizedBasicAuthentication() throws Exception {
+ // given when
+ MvcResult result = mvc.perform(get(PATH_PUBLIC + "/100000/extension")
+ .with(getHttpBasicSMPAdminCredentials()).with(csrf()))
+ .andExpect(status().isUnauthorized()).andReturn();
+ }
+
@Test
public void testValidateInvalid() throws Exception {
ObjectMapper mapper = new ObjectMapper();
@@ -186,8 +190,9 @@ public class ServiceGroupResourceIntegrationTest {
validate.setExtension(validExtension + "<ADFA>sdfadsf");
// given when
+ MockHttpSession sessionAdmin = loginWithSMPAdmin(mvc);
MvcResult result = mvc.perform(post(PATH_PUBLIC + "/extension/validate")
- .with(SMP_ADMIN_CREDENTIALS)
+ .session(sessionAdmin)
.header("Content-Type","application/json")
.content(mapper.writeValueAsString(validate))
.with(csrf()))
diff --git a/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/external/ServiceMetadataResourceIntegrationTest.java b/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/external/ServiceMetadataResourceIntegrationTest.java
index dffca393729a1069ee3dffc515b59c629a1fce9f..38c5767eac0794bba207e8d825c7cfddf2344b9f 100644
--- a/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/external/ServiceMetadataResourceIntegrationTest.java
+++ b/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/external/ServiceMetadataResourceIntegrationTest.java
@@ -4,10 +4,12 @@ import com.fasterxml.jackson.databind.ObjectMapper;
import eu.europa.ec.edelivery.smp.data.ui.ServiceMetadataRO;
import eu.europa.ec.edelivery.smp.data.ui.ServiceMetadataValidationRO;
import eu.europa.ec.edelivery.smp.test.SmpTestWebAppConfig;
+import eu.europa.ec.edelivery.smp.test.testutils.MockMvcUtils;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.mock.web.MockHttpSession;
import org.springframework.mock.web.MockServletContext;
import org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers;
import org.springframework.test.context.ContextConfiguration;
@@ -26,6 +28,7 @@ import javax.servlet.ServletContextListener;
import javax.ws.rs.core.MediaType;
import java.io.IOException;
+import static eu.europa.ec.edelivery.smp.test.testutils.MockMvcUtils.*;
import static eu.europa.ec.edelivery.smp.ui.ResourceConstants.CONTEXT_PATH_PUBLIC_SERVICE_METADATA;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
@@ -56,30 +59,19 @@ public class ServiceMetadataResourceIntegrationTest {
private WebApplicationContext webAppContext;
private MockMvc mvc;
- private static final RequestPostProcessor SMP_ADMIN_CREDENTIALS = httpBasic("smp_admin", "test123");
- private static final RequestPostProcessor SG_USER2_CREDENTIALS = httpBasic("test_user_hashed_pass", "test123");
ObjectMapper mapper = new ObjectMapper();
@Before
- public void setup() throws IOException {
- mvc = MockMvcBuilders.webAppContextSetup(webAppContext)
- .apply(SecurityMockMvcConfigurers.springSecurity())
- .build();
-
- initServletContext();
- }
-
- private void initServletContext() {
- MockServletContext sc = new MockServletContext("");
- ServletContextListener listener = new ContextLoaderListener(webAppContext);
- ServletContextEvent event = new ServletContextEvent(sc);
+ public void setup() {
+ mvc = MockMvcUtils.initializeMockMvc(webAppContext);
}
@Test
public void getServiceGroupMetadataById() throws Exception {
// given when
+ MockHttpSession sessionAdmin = loginWithSMPAdmin(mvc);
MvcResult result = mvc.perform(get(CONTEXT_PATH_PUBLIC_SERVICE_METADATA + "/" + SERVICE_METADATA_ID)
- .with(SMP_ADMIN_CREDENTIALS).with(csrf())
+ .session(sessionAdmin).with(csrf())
).andExpect(status().isOk()).andReturn();
//them
@@ -96,10 +88,18 @@ public class ServiceMetadataResourceIntegrationTest {
@Test
public void getServiceGroupMetadataByIdNotAuthorized() throws Exception {
// given when
+ MockHttpSession session = loginWithServiceGroupUser2(mvc);
MvcResult result = mvc.perform(get(CONTEXT_PATH_PUBLIC_SERVICE_METADATA + "/" + SERVICE_METADATA_ID)
- .with(SG_USER2_CREDENTIALS).with(csrf())
+ .session(session).with(csrf())
).andExpect(status().isUnauthorized()).andReturn();
+ }
+ @Test
+ public void getServiceGroupMetadataByIdNotAuthorizedForBasicAuthentication() throws Exception {
+ // given when
+ MvcResult result = mvc.perform(get(CONTEXT_PATH_PUBLIC_SERVICE_METADATA + "/" + SERVICE_METADATA_ID)
+ .with(getHttpBasicSMPAdminCredentials()).with(csrf())
+ ).andExpect(status().isUnauthorized()).andReturn();
}
@Test
@@ -127,8 +127,10 @@ public class ServiceMetadataResourceIntegrationTest {
smv.setParticipantScheme("partSch");
smv.setXmlContent("Invalid content");
+ MockHttpSession session = loginWithServiceGroupUser2(mvc);
+
MvcResult result = mvc.perform(post(CONTEXT_PATH_PUBLIC_SERVICE_METADATA + "/validate")
- .with(SG_USER2_CREDENTIALS)
+ .session(session)
.with(csrf())
.contentType(MediaType.APPLICATION_JSON)
.content(mapper.writeValueAsString(smv))
diff --git a/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/external/UserResourceIntegrationTest.java b/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/external/UserResourceIntegrationTest.java
index eafcca60b5f9b9fcad2fe8d5111191d56fc87b36..ea4bfc71562e23a8ea2e9d81bc4e418eb48c7750 100644
--- a/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/external/UserResourceIntegrationTest.java
+++ b/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/external/UserResourceIntegrationTest.java
@@ -12,6 +12,7 @@ import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.mock.web.MockHttpSession;
+import org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.jdbc.Sql;
import org.springframework.test.context.junit4.SpringRunner;
@@ -127,9 +128,11 @@ public class UserResourceIntegrationTest {
public void testUpdateUserList() throws Exception {
// given when
MockHttpSession session = loginWithSystemAdmin(mvc);
+
+ SecurityMockMvcRequestPostProcessors.CsrfRequestPostProcessor csrf = csrf();
MvcResult result = mvc.perform(get(CONTEXT_PATH_INTERNAL_USER)
.session(session)
- .with(csrf()))
+ .with(csrf))
.andExpect(status().isOk()).andReturn();
ServiceResult res = mapper.readValue(result.getResponse().getContentAsString(), ServiceResult.class);
assertNotNull(res);
@@ -146,7 +149,7 @@ public class UserResourceIntegrationTest {
mvc.perform(put(CONTEXT_PATH_INTERNAL_USER)
.session(session)
- .with(csrf())
+ .with(csrf)
.contentType(MediaType.APPLICATION_JSON)
.content(mapper.writeValueAsString(Arrays.asList(userRO)))
).andExpect(status().isOk());
diff --git a/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/internal/ApplicationAdminResourceIntegrationTest.java b/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/internal/ApplicationAdminResourceIntegrationTest.java
index af87c66f90419fe8864c167e09b53fd5a6f74da7..b2b11b28f8ca99ec13829067d6d4fa73c6b6cd1f 100644
--- a/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/internal/ApplicationAdminResourceIntegrationTest.java
+++ b/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/internal/ApplicationAdminResourceIntegrationTest.java
@@ -9,25 +9,18 @@ import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.mock.web.MockServletContext;
-import org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers;
+import org.springframework.mock.web.MockHttpSession;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.jdbc.Sql;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.context.web.WebAppConfiguration;
import org.springframework.test.web.servlet.MockMvc;
-import org.springframework.test.web.servlet.request.RequestPostProcessor;
-import org.springframework.test.web.servlet.setup.MockMvcBuilders;
-import org.springframework.web.context.ContextLoaderListener;
import org.springframework.web.context.WebApplicationContext;
-import javax.servlet.ServletContextEvent;
-import javax.servlet.ServletContextListener;
-
+import static eu.europa.ec.edelivery.smp.test.testutils.MockMvcUtils.*;
import static org.junit.Assert.*;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
-import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
import static org.springframework.test.context.jdbc.Sql.ExecutionPhase.BEFORE_TEST_METHOD;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@@ -47,9 +40,6 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
})
public class ApplicationAdminResourceIntegrationTest {
private static final String PATH = ResourceConstants.CONTEXT_PATH_INTERNAL_APPLICATION;
- private static final RequestPostProcessor SMP_ADMIN_CREDENTIALS = httpBasic("smp_admin", "test123");
- private static final RequestPostProcessor SG_ADMIN_CREDENTIALS = httpBasic("sg_admin", "test123");
- private static final RequestPostProcessor SYSTEM_CREDENTIALS = httpBasic("sys_admin", "test123");
@Autowired
private WebApplicationContext webAppContext;
@@ -57,16 +47,7 @@ public class ApplicationAdminResourceIntegrationTest {
@Before
public void setup() {
- mvc = MockMvcBuilders.webAppContextSetup(webAppContext)
- .apply(SecurityMockMvcConfigurers.springSecurity())
- .build();
- initServletContext();
- }
-
- private void initServletContext() {
- MockServletContext sc = new MockServletContext("");
- ServletContextListener listener = new ContextLoaderListener(webAppContext);
- ServletContextEvent event = new ServletContextEvent(sc);
+ mvc = initializeMockMvc(webAppContext);
}
@Test
@@ -82,8 +63,9 @@ public class ApplicationAdminResourceIntegrationTest {
@Test
public void testGetApplicationConfigAuthorized() throws Exception {
// SMP admin
+ MockHttpSession session = loginWithSMPAdmin(mvc);
String val = mvc.perform(get(PATH + "/config")
- .with(SMP_ADMIN_CREDENTIALS)
+ .session(session)
.with(csrf()))
.andExpect(status().isOk())
.andReturn()
@@ -91,7 +73,9 @@ public class ApplicationAdminResourceIntegrationTest {
.getContentAsString();
assertNotNull(val);
// service group
- val = mvc.perform(get(PATH + "/config").with(SG_ADMIN_CREDENTIALS)
+ MockHttpSession sessionUser = loginWithServiceGroupUser(mvc);
+ val = mvc.perform(get(PATH + "/config")
+ .session(sessionUser)
.with(csrf()))
.andExpect(status().isOk())
.andReturn()
@@ -99,8 +83,9 @@ public class ApplicationAdminResourceIntegrationTest {
.getContentAsString();
assertNotNull(val);
// system admin
+ MockHttpSession sessionSystem = loginWithSystemAdmin(mvc);
val = mvc.perform(get(PATH + "/config")
- .with(SYSTEM_CREDENTIALS)
+ .session(sessionSystem)
.with(csrf()))
.andExpect(status().isOk())
.andReturn()
@@ -112,8 +97,9 @@ public class ApplicationAdminResourceIntegrationTest {
@Test
public void testGetApplicationConfigSMPAdmin() throws Exception {
// when
+ MockHttpSession session = loginWithSMPAdmin(mvc);
String value = mvc.perform(get(PATH + "/config")
- .with(SMP_ADMIN_CREDENTIALS)
+ .session(session)
.with(csrf()))
.andExpect(status().isOk())
.andReturn()
@@ -127,7 +113,7 @@ public class ApplicationAdminResourceIntegrationTest {
assertNotNull(res);
assertEquals("Participant scheme must start with:urn:oasis:names:tc:ebcore:partyid-type:(iso6523:|unregistered:) OR must be up to 25 characters long with form [domain]-[identifierArea]-[identifierType] (ex.: 'busdox-actorid-upis') and may only contain the following characters: [a-z0-9].", res.getParticipantSchemaRegExpMessage());
assertEquals("^$|^(?!^.{26})([a-z0-9]+-[a-z0-9]+-[a-z0-9]+)$|^urn:oasis:names:tc:ebcore:partyid-type:(iso6523|unregistered)(:.+)?$", res.getParticipantSchemaRegExp());
- assertEquals(SMPPropertyEnum.PARTC_EBCOREPARTYID_CONCATENATE.getDefValue(), res.isConcatEBCorePartyId()+"");
+ assertEquals(SMPPropertyEnum.PARTC_EBCOREPARTYID_CONCATENATE.getDefValue(), res.isConcatEBCorePartyId() + "");
assertFalse(res.isSmlIntegrationOn());
assertFalse(res.isSmlParticipantMultiDomainOn());
}
diff --git a/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/internal/DomainAdminResourceIntegrationTest.java b/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/internal/DomainAdminResourceIntegrationTest.java
index f0870307ce0bcb6244cdd79f29baae78380e24b8..6f37725ea74cd80335175a84bac8e622e27a1969 100644
--- a/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/internal/DomainAdminResourceIntegrationTest.java
+++ b/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/internal/DomainAdminResourceIntegrationTest.java
@@ -4,31 +4,25 @@ import com.fasterxml.jackson.databind.ObjectMapper;
import eu.europa.ec.edelivery.smp.data.dao.DomainDao;
import eu.europa.ec.edelivery.smp.data.ui.DeleteEntityValidation;
import eu.europa.ec.edelivery.smp.test.SmpTestWebAppConfig;
+import eu.europa.ec.edelivery.smp.test.testutils.MockMvcUtils;
import eu.europa.ec.edelivery.smp.ui.ResourceConstants;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.mock.web.MockServletContext;
-import org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers;
+import org.springframework.mock.web.MockHttpSession;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.jdbc.Sql;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.context.web.WebAppConfiguration;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.MvcResult;
-import org.springframework.test.web.servlet.request.RequestPostProcessor;
-import org.springframework.test.web.servlet.setup.MockMvcBuilders;
-import org.springframework.web.context.ContextLoaderListener;
import org.springframework.web.context.WebApplicationContext;
-import javax.servlet.ServletContextEvent;
-import javax.servlet.ServletContextListener;
-
+import static eu.europa.ec.edelivery.smp.test.testutils.MockMvcUtils.loginWithSystemAdmin;
import static org.hamcrest.Matchers.stringContainsInOrder;
import static org.junit.Assert.*;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
-import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
import static org.springframework.test.context.jdbc.Sql.ExecutionPhase.BEFORE_TEST_METHOD;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
@@ -52,31 +46,19 @@ public class DomainAdminResourceIntegrationTest {
DomainDao domainDao;
private MockMvc mvc;
- private static final RequestPostProcessor SYSTEM_CREDENTIALS = httpBasic("sys_admin", "test123");
@Before
public void setup() {
- mvc = MockMvcBuilders.webAppContextSetup(webAppContext)
- .apply(SecurityMockMvcConfigurers.springSecurity())
- .build();
-
- initServletContext();
- }
-
- private void initServletContext() {
- MockServletContext sc = new MockServletContext("");
- ServletContextListener listener = new ContextLoaderListener(webAppContext);
- ServletContextEvent event = new ServletContextEvent(sc);
+ mvc = MockMvcUtils.initializeMockMvc(webAppContext);
}
-
@Test
public void updateDomainListOkDelete() throws Exception {
// given when
assertEquals("CEF-SMP-002", domainDao.getDomainByCode("domainTwo").get().getSmlSmpId());
-
+ MockHttpSession session = loginWithSystemAdmin(mvc);
MvcResult result = mvc.perform(put(PATH)
- .with(SYSTEM_CREDENTIALS)
+ .session(session)
.with(csrf())
.header("Content-Type", " application/json")
.content("[{\"status\":3,\"index\":9,\"id\":2,\"domainCode\":\"domainTwo\",\"smlSubdomain\":\"newdomain\",\"smlSmpId\":\"CEF-SMP-010\",\"smlParticipantIdentifierRegExp\":null,\"smlClientCertHeader\":null,\"smlClientKeyAlias\":null,\"signatureKeyAlias\":\"sig-key\",\"smlClientCertAuth\":true,\"smlRegistered\":false}]")) // delete domain with id 2
@@ -90,8 +72,9 @@ public class DomainAdminResourceIntegrationTest {
@Test
public void updateDomainListNotExists() throws Exception {
// given when
+ MockHttpSession session = loginWithSystemAdmin(mvc);
MvcResult result = mvc.perform(put(PATH)
- .with(SYSTEM_CREDENTIALS)
+ .session(session)
.with(csrf())
.header("Content-Type", " application/json")
.content("[{\"status\":3,\"index\":9,\"id\":10,\"domainCode\":\"domainTwoNotExist\",\"smlSubdomain\":\"newdomain\",\"smlSmpId\":\"CEF-SMP-010\",\"smlParticipantIdentifierRegExp\":null,\"smlClientCertHeader\":null,\"smlClientKeyAlias\":null,\"signatureKeyAlias\":\"sig-key\",\"smlClientCertAuth\":true,\"smlRegistered\":false}]")) // delete domain with id 2
@@ -101,8 +84,9 @@ public class DomainAdminResourceIntegrationTest {
@Test
public void validateDeleteDomainOK() throws Exception {
// given when
+ MockHttpSession session = loginWithSystemAdmin(mvc);
MvcResult result = mvc.perform(put(PATH + "/validate-delete")
- .with(SYSTEM_CREDENTIALS)
+ .session(session)
.with(csrf())
.header("Content-Type", " application/json")
.content("[2]")) // delete domain with id 2
@@ -123,9 +107,9 @@ public class DomainAdminResourceIntegrationTest {
public void updateDomainListOkUpdate() throws Exception {
// given when
assertEquals("CEF-SMP-002", domainDao.getDomainByCode("domainTwo").get().getSmlSmpId());
-
+ MockHttpSession session = loginWithSystemAdmin(mvc);
MvcResult result = mvc.perform(put(PATH)
- .with(SYSTEM_CREDENTIALS)
+ .session(session)
.with(csrf())
.header("Content-Type", " application/json")
.content("[{\"status\":1,\"index\":9,\"id\":2,\"domainCode\":\"domainTwo\",\"smlSubdomain\":\"newdomain\",\"smlSmpId\":\"CEF-SMP-010\",\"smlParticipantIdentifierRegExp\":null,\"smlClientCertHeader\":null,\"smlClientKeyAlias\":null,\"signatureKeyAlias\":\"sig-key\",\"smlClientCertAuth\":true,\"smlRegistered\":false}]")) // delete domain with id 2
@@ -138,8 +122,9 @@ public class DomainAdminResourceIntegrationTest {
@Test
public void validateDeleteDomainFalse() throws Exception {
// given when
+ MockHttpSession session = loginWithSystemAdmin(mvc);
MvcResult result = mvc.perform(put(PATH + "/validate-delete")
- .with(SYSTEM_CREDENTIALS)
+ .session(session)
.with(csrf())
.header("Content-Type", " application/json")
.content("[1]")) // delete domain with id 2
@@ -161,8 +146,9 @@ public class DomainAdminResourceIntegrationTest {
// given when
// 3- user id
// domainTwo - domain code
+ MockHttpSession session = loginWithSystemAdmin(mvc);
mvc.perform(put(PATH + "/3/sml-register/domainTwo")
- .with(SYSTEM_CREDENTIALS)
+ .session(session)
.with(csrf())
.header("Content-Type", " application/json"))
.andExpect(status().isOk())
@@ -174,8 +160,9 @@ public class DomainAdminResourceIntegrationTest {
// given when
// 3- user id
// domainTwo - domain code
+ MockHttpSession session = loginWithSystemAdmin(mvc);
mvc.perform(put(PATH + "/3/sml-unregister/domainTwo")
- .with(SYSTEM_CREDENTIALS)
+ .session(session)
.with(csrf())
.header("Content-Type", " application/json"))
.andExpect(status().isOk())