Implement service registry auto-initialization (apereo#1771)

* Implement JPA service registry auto-initialization

* Overlooked local dev changes pushed

* updated registries to implement size; moved initializer over

* fixed refreshscope issue

* fixed refreshscope issue

* Updated docs

* fixed cloud dependency conflicts

* fixed cloud dependency conflicts

* added amqp settings for the cloud bus

* added amqp settings for the cloud bus

* changed to ctor injection

* given that configuration classes are not able to pick up injections at the ctor level,

switched back to Component, which then helped to set the class as package private

* fixed cs errors with javadocs

* fixed cs errors with javadocs

* fixed cs errors with javadocs

* fixed cs errors with javadocs

* fixed cs errors with javadocs

* fixed cs errors with javadocs

* fixed cs errors with javadocs

* fixed cs errors with javadocs

* fixed cs errors with javadocs

* fixed cs errors with javadocs

* fixed cs errors with javadocs

build.gradle

@@ -24,7 +24,7 @@ buildscript {
         classpath "nl.eveoh:gradle-aspectj:1.6"
         classpath "org.springframework.boot:spring-boot-gradle-plugin:$springBootVersion"
         classpath "com.netflix.nebula:gradle-lint-plugin:0.27.0"
-        classpath "org.standardout:gradle-versioneye-plugin:1.3.0"
+        classpath "org.standardout:gradle-versioneye-plugin:1.4.0"
     }
 }
 
@@ -147,6 +147,7 @@ subprojects {
 
     versioneye {
         includePlugins = false
+        includeSubProjects = true
     }
 
     findbugs {

cas-server-core-api-services/src/main/java/org/apereo/cas/services/ServiceRegistryDao.java

@@ -6,7 +6,7 @@
  * Registry of all RegisteredServices.
  *
  * @author Scott Battaglia
-
+ * @author Dmitriy Kopylenko
  * @since 3.1
  */
 public interface ServiceRegistryDao {
@@ -41,4 +41,13 @@ public interface ServiceRegistryDao {
      * @return the registered service
      */
     RegisteredService findServiceById(long id);
+
+    /**
+     * Return number of records held in this service registry. Provides Java 8 supported default implementation so that implementations
+     * needed this new functionality could override it and other implementations not caring for it could be left alone.
+     *
+     * @return number of registered services held by any particular implementation
+     * @since 5.0.0
+     */
+    long size();
 }

cas-server-core-services/src/main/java/org/apereo/cas/services/AbstractRegisteredService.java

@@ -6,8 +6,6 @@
 import org.apache.commons.lang3.builder.HashCodeBuilder;
 import org.apache.commons.lang3.builder.ToStringBuilder;
 import org.apache.commons.lang3.builder.ToStringStyle;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 
 import javax.persistence.CascadeType;
 import javax.persistence.Column;
@@ -24,7 +22,6 @@
 import javax.persistence.OneToMany;
 import javax.persistence.PostLoad;
 import javax.persistence.Table;
-import javax.persistence.Transient;
 import java.net.URL;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -48,11 +45,7 @@
 public abstract class AbstractRegisteredService implements RegisteredService, Comparable<RegisteredService> {
 
     private static final long serialVersionUID = 7645279151115635245L;
-
-    /** The logger instance. */
-    @Transient
-    protected transient Logger logger = LoggerFactory.getLogger(this.getClass());
-
+
     /** The unique identifier for this service. */
     @Column(length = 255, updatable = true, insertable = true, nullable = false)
     protected String serviceId;

cas-server-core-services/src/main/java/org/apereo/cas/services/InMemoryServiceRegistryDaoImpl.java

@@ -35,8 +35,7 @@ public class InMemoryServiceRegistryDaoImpl implements ServiceRegistryDao {
      */
     public InMemoryServiceRegistryDaoImpl() {
     }
-
-
+
     /**
      * After properties set.
      */
@@ -106,7 +105,7 @@ private long findHighestId() {
         return this.registeredServices.stream().map(RegisteredService::getId).max(Comparator.naturalOrder()).orElse((long) 0);
     }
 
-    private void logWarning() {
+    private static void logWarning() {
         LOGGER.debug("Runtime memory is used as the persistence storage for retrieving and persisting service definitions. "
             + "Changes that are made to service definitions during runtime "
             + "will be LOST upon container restarts.");
@@ -116,4 +115,9 @@ private void logWarning() {
     public String toString() {
         return getClass().getSimpleName();
     }
+
+    @Override
+    public long size() {
+        return registeredServices.size();
+    }
 }

cas-server-core-services/src/main/java/org/apereo/cas/services/JsonServiceRegistryDao.java

@@ -229,6 +229,11 @@ public RegisteredService findServiceById(final long id) {
         return this.serviceMap.get(id);
     }
 
+    @Override
+    public long size() {
+        return this.serviceMap.size();
+    }
+
     /**
      * Load registered service from file.
      *

cas-server-core-services/src/main/java/org/apereo/cas/services/ServiceRegistryInitializer.java

@@ -0,0 +1,71 @@
+package org.apereo.cas.services;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+import javax.annotation.PostConstruct;
+
+
+/**
+ * Initializes Jpa service registry database with available JSON service definitions if necessary (based on configuration flag).
+ *
+ * @author Dmitriy Kopylenko
+ * @author Misagh Moayyed
+ * @since 5.0.0
+ */
+@Component("serviceRegistryInitializer")
+class ServiceRegistryInitializer {
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(ServiceRegistryInitializer.class);
+
+    private final ServiceRegistryDao serviceRegistryDao;
+
+    private final ServiceRegistryDao jsonServiceRegistryDao;
+
+    @Value("${svcreg.database.from.json:true}")
+    private boolean initFromJsonIfAvailable;
+
+    @Autowired
+    ServiceRegistryInitializer(@Qualifier("jsonServiceRegistryDao")
+                               final ServiceRegistryDao jsonServiceRegistryDao,
+                               @Qualifier("serviceRegistryDao")
+                               final ServiceRegistryDao serviceRegistryDao) {
+        this.jsonServiceRegistryDao = jsonServiceRegistryDao;
+        this.serviceRegistryDao = serviceRegistryDao;
+    }
+
+    /**
+     * Init service registry if necessary.
+     */
+    @PostConstruct
+    public void initServiceRegistryIfNecessary() {
+
+        if (this.serviceRegistryDao.equals(this.jsonServiceRegistryDao)) {
+            return;
+        }
+
+        final long size = this.serviceRegistryDao.size();
+
+        if (size == 0) {
+            if (this.initFromJsonIfAvailable) {
+                LOGGER.debug("Service registry database will be auto-initialized from default JSON services");
+                this.jsonServiceRegistryDao.load().forEach(r -> {
+                    LOGGER.debug("Initializing DB with the {} JSON service definition...", r);
+                    this.serviceRegistryDao.save(r);
+                });
+                this.serviceRegistryDao.load();
+            } else {
+                LOGGER.info("The service registry database will not be initialized from default JSON services. "
+                        + "Since the service registry database is empty, CAS will refuse to authenticate services "
+                        + "until service definitions are added to the database.");
+            }
+        } else {
+            LOGGER.debug("Service registry database contains {} service definitions", size);
+        }
+
+    }
+}

cas-server-core-tickets/src/main/java/org/apereo/cas/ticket/ServiceTicketImpl.java

@@ -49,8 +49,6 @@ public class ServiceTicketImpl extends AbstractTicket implements ServiceTicket {
     @Column(name="TICKET_ALREADY_GRANTED", nullable=false)
     private Boolean grantedTicketAlready = Boolean.FALSE;
 
-    private transient Object lock = new Object();
-
     /**
      * Instantiates a new service ticket impl.
      */
@@ -133,7 +131,7 @@ public boolean equals(final Object object) {
     public ProxyGrantingTicket grantProxyGrantingTicket(
         final String id, final Authentication authentication,
         final ExpirationPolicy expirationPolicy) throws AbstractTicketException {
-        synchronized (this.lock) {
+        synchronized (this) {
             if(this.grantedTicketAlready) {
                 throw new InvalidProxyGrantingTicketForServiceTicket(this.service);
             }

cas-server-core-util/src/main/java/org/apereo/cas/util/NoOpCipherExecutor.java

@@ -2,12 +2,14 @@
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Component;
 
 /**
  * No-Op cipher executor that does nothing for encryption/decryption.
  * @author Misagh Moayyed
  * @since 4.1
  */
+@Component("noOpCipherExecutor")
 public class NoOpCipherExecutor extends AbstractCipherExecutor<String, String> {
 
     private static final Logger LOGGER = LoggerFactory.getLogger(NoOpCipherExecutor.class);
@@ -19,7 +21,7 @@ public class NoOpCipherExecutor extends AbstractCipherExecutor<String, String> {
     public NoOpCipherExecutor() {
         super(NoOpCipherExecutor.class.getName());
         LOGGER.warn("[{}] does no encryption and may NOT be safe in a production environment. "
-                + "Consider using other choices, such as [{}] that handle encryption, signing and verification of "
+                + "Consider using other choices, such as [{}] to handle encryption, signing and verification of "
                 + "all appropriate values.", this.getClass().getName(), BaseStringCipherExecutor.class.getName());
     }
 

cas-server-documentation/installation/Configuration-Management.md

@@ -26,7 +26,7 @@ serves as a reference and a placeholder for all settings that are available to C
 
 CAS is also configured to load `*.properties` files from an external location that is `/etc/cas/config`. This location is constantly
 monitored by CAS to detect external changes. Note that this location simply needs to exist, and does not require any special permissions
-or structure. The names of the configuration files that go inside this directory also do not matter, and they can be many. 
+or structure. The names of the configuration files that go inside this directory also do not matter, and there can be many. 
 
 The configuration of this behavior is controlled via the `bootstrap.properties` file:
 
@@ -64,7 +64,7 @@ Needless to say, the repositories could use both YAML and Properties syntax to h
 
 <div class="alert alert-info"><strong>Keep What You Need!</strong><p>Again, in all of the above strategies,
 an adopter is encouraged to only keep and maintain properties needed for their particular deployment. It is
-unnecessary to grab a copy of all CAS settings and move it to an external location. Settings that are
+unnecessary to grab a copy of all CAS settings and move them to an external location. Settings that are
 defined by the external configuration location or repository are able to override what is provided by CAS
 as a default.</p></div>
 

cas-server-documentation/installation/Configuring-SSO-Session-Cookie.md

@@ -74,20 +74,15 @@ You should then grab each generated key for encryption and signing, and put them
 
 If you wish you manually generate keys, you may [use the following tool](https://github.com/mitreid-connect/json-web-key-generator).
 
+### Disable Encryption
 
 If you wish to turn off cookie encryption, adjust your configuration to be the following:
 
-In local `deployerConfigContext.xml`:
-
-```xml
-<bean id="noOpCipherExecutor" class="org.apereo.cas.util.NoOpCipherExecutor" />
-```
-
 In `application.properties`:
 
 ```properties
 #CAS components mappings
-defaultCookieCipherExecutor=noOpCipherExecutor
+cookieCipherExecutor=noOpCipherExecutor
 ```
 
 ## Cookie Generation for Renewed Authentications

cas-server-documentation/installation/Couchbase-Service-Management.md

@@ -41,3 +41,13 @@ redundancy and replication as per normal Couchbase configuration.
 The only truly mandatory setting is the list of nodes.
 The other settings are optional, but this is designed to store data in buckets
 so in reality the bucket property must also be set.
+
+## Auto Initialization
+
+Upon startup and if the services registry database is blank, 
+the registry is able to auto initialize itself from default 
+JSON service definitions available to CAS. This behavior can be controlled via:
+
+```properties
+# svcreg.database.from.json=false
+```

cas-server-documentation/installation/JPA-Service-Management.md

@@ -48,3 +48,13 @@ In `application.properties`:
 #CAS components mappings
 serviceRegistryDao=jpaServiceRegistryDao
 ```
+
+## Auto Initialization
+
+Upon startup and if the services registry database is blank, 
+the registry is able to auto initialize itself from default 
+JSON service definitions available to CAS. This behavior can be controlled via:
+
+```properties
+# svcreg.database.from.json=false
+```

cas-server-documentation/installation/LDAP-Service-Management.md

@@ -53,3 +53,13 @@ The following settings are applicable:
 ```properties
 svcreg.ldap.baseDn=dc=example,dc=org
 ```
+
+## Auto Initialization
+
+Upon startup and if the services registry database is blank, 
+the registry is able to auto initialize itself from default 
+JSON service definitions available to CAS. This behavior can be controlled via:
+
+```properties
+# svcreg.database.from.json=false
+```

cas-server-documentation/installation/Mongo-Service-Management.md

@@ -29,9 +29,20 @@ serviceRegistryDao=mongoServiceRegistryDao
 The following configuration in `application.properties` is required.
 
 ```properties
-mongodb.host=mongodb database url
-mongodb.port=mongodb database port
-mongodb.userId=mongodb userid to bind
-mongodb.userPassword=mongodb password to bind
-cas.service.registry.mongo.db=Collection name to store service definitions
+# mongodb.host=mongodb database url
+# mongodb.port=mongodb database port
+# mongodb.userId=mongodb userid to bind
+# mongodb.userPassword=mongodb password to bind
+# cas.service.registry.mongo.db=Collection name to store service definitions
 ```
+
+## Auto Initialization
+
+Upon startup and if the services registry database is blank, 
+the registry is able to auto initialize itself from default 
+JSON service definitions available to CAS. This behavior can be controlled via:
+
+```properties
+# svcreg.database.from.json=false
+```
+

cas-server-documentation/installation/Ticket-Registry-Replication-Encryption.md

@@ -17,11 +17,11 @@ when you use the above ticket registries. It requires explicit configuration bef
 
 ## Configuration
 
-Each ticket registry configuration supports a cipher component that needs to be configured by the deployer. A typical cipher configuration 
-may be the following, placed into the configuration:
+Each ticket registry configuration supports a cipher component that needs to be configured by the deployer. 
 
-```xml
-<alias name="defaultTicketCipherExecutor" alias="ticketCipherExecutor" />
+```properties
+#CAS components mappings
+ticketCipherExecutor=defaultTicketCipherExecutor
 ```
 
 The settings, algorithms and secret keys used for the cipher may be controlled via `application.properties`: