[SCIM-42] add support for auth http header (#138)

Author: andrea-patricelli

src/main/java/net/tirasa/connid/bundles/scim/common/SCIMConnectorConfiguration.java

@@ -97,6 +97,10 @@ public class SCIMConnectorConfiguration extends AbstractConfiguration implements
     private boolean requestAttributesOnSearch = true;
 
     private boolean useColonOnExtensionAttributes = true;
+    
+    private String authHttpHeaderName;
+    
+    private GuardedString authHttpHeaderValue;
 
     @ConfigurationProperty(order = 1,
             displayMessageKey = "baseAddress.display",
@@ -403,6 +407,29 @@ public void setUseColonOnExtensionAttributes(final boolean useColonOnExtensionAt
         this.useColonOnExtensionAttributes = useColonOnExtensionAttributes;
     }
 
+    @ConfigurationProperty(displayMessageKey = "authHttpHeaderName.display",
+            helpMessageKey = "authHttpHeaderName.help",
+            order = 29)
+    public String getAuthHttpHeaderName() {
+        return authHttpHeaderName;
+    }
+
+    public void setAuthHttpHeaderName(final String authHttpHeaderName) {
+        this.authHttpHeaderName = authHttpHeaderName;
+    }
+
+    @ConfigurationProperty(displayMessageKey = "authHttpHeaderValue.display",
+            helpMessageKey = "authHttpHeaderValue.help",
+            order = 30,
+            confidential = true)
+    public GuardedString getAuthHttpHeaderValue() {
+        return authHttpHeaderValue;
+    }
+
+    public void setAuthHttpHeaderValue(final GuardedString authHttpHeaderValue) {
+        this.authHttpHeaderValue = authHttpHeaderValue;
+    }
+
     @Override
     public void validate() {
         if (StringUtil.isBlank(baseAddress)) {
@@ -469,6 +496,11 @@ public void validate() {
         if (StringUtil.isNotBlank(proxyServerPassword) && StringUtil.isBlank(proxyServerUser)) {
             failValidation("Proxy server user cannot be null or empty if password is specified.");
         }
+
+        if ((StringUtil.isNotBlank(authHttpHeaderName) && authHttpHeaderValue == null) || (
+                StringUtil.isBlank(authHttpHeaderName) && authHttpHeaderValue != null)) {
+            failValidation("If provided both auth http header value and auth http header name must be set.");
+        }
     }
 
     @Override

src/main/java/net/tirasa/connid/bundles/scim/common/service/AbstractSCIMService.java

@@ -118,6 +118,11 @@ protected WebClient getWebclient(final String path, final Map<String, String> pa
             conduit.setClient(policy);
         }
 
+        // include additional api key header if requested by configuration
+        if (StringUtil.isNotBlank(config.getAuthHttpHeaderName())) {
+            webClient.header(config.getAuthHttpHeaderName(), SecurityUtil.decrypt(config.getAuthHttpHeaderValue()));
+        }
+        
         webClient.type(config.getContentType()).accept(config.getAccept()).path(path);
 
         Optional.ofNullable(params).ifPresent(p -> p.forEach((k, v) -> webClient.query(k, v)));
@@ -492,7 +497,7 @@ protected <T extends SCIMBaseAttribute<T>> void readCustomAttributes(
     }
 
     protected <T extends SCIMBaseAttribute<T>> List<Object> extractValuesFromJsonNode(
-            final T attr, 
+            final T attr,
             final JsonNode arrayNode) {
         List<Object> values = new ArrayList<>();
         for (JsonNode element : arrayNode) {

src/main/resources/net/tirasa/connid/bundles/scim/common/Messages.properties

@@ -75,3 +75,8 @@ requestAttributesOnSearch.display=Request attributes while searching
 requestAttributesOnSearch.help=Specifies whether to request 'attributes' while searching. Defaults to true, but may be set to false, to comply with some providers like Egnyte.
 useColonOnExtensionAttributes.display=Use colon for extension attributes
 useColonOnExtensionAttributes.help=Specifies whether to use colon ':' to separate the attribute name from the extension schema URI definition, e.g. urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager.value. Defaults to true, according to the SCIM specification, but may be set to false, to comply with some providers.
+authHttpHeaderName.display=Auth http header name
+authHttpHeaderName.help=Specifies the name of the additional header sent on requests containing the authentication information. If empty header won't be added.
+authHttpHeaderValue.display=Auth http header value
+authHttpHeaderValue.help=The auth http header value to use to authenticate against the server.
+

src/main/resources/net/tirasa/connid/bundles/scim/common/Messages_it.properties

@@ -75,3 +75,8 @@ requestAttributesOnSearch.display=Richiedi gli attributi in ricerca
 requestAttributesOnSearch.help=Specifica se richiedere gli attributi tramite parametro 'attributes' durante la ricerca. Il valore di default \u00e8 true, ma pu\u00f2 essere settato a false, se necessario, per integrarsi con provider come Egnyte.
 useColonOnExtensionAttributes.display=Usa i due punti per gli attributi estesi
 useColonOnExtensionAttributes.help=Specifica se usare i due punti ':' per separare il nome dell'attributo dalla definizione dello schema estensione, ad es. urn:ietf:params:scim:schemas:extension:enterprise:2.0:User:manager.value. Il valore di default \u00e8 true, secondo specifica SCIM, ma pu\u00f2 essere settato a false, se necessario, per integrarsi con i vari provider.
+authHttpHeaderName.display=Nome header per autenticazione
+authHttpHeaderName.help=Specifica il nome dell \u0027header aggiuntivo inviato nelle richieste, contenente informazioni di authenticazione. Se vuota l \u0027header non viene aggiunto.
+authHttpHeaderValue.display=Valore http header per l \u0027autenticazione
+authHttpHeaderValue.help=Il valore dell \u0027header da usare per l \u0027autenticazione sul server.
+

src/test/java/net/tirasa/connid/bundles/scim/v2/SCIMv2ConnectorTestsUtils.java

@@ -135,6 +135,12 @@ public static SCIMConnectorConfiguration buildConfiguration(
                 case "auth.genericComplexType":
                     connectorConfiguration.setGenericComplexType(entry.getValue());
                     break;
+                case "auth.authHttpHeaderName":
+                    connectorConfiguration.setAuthHttpHeaderName(entry.getValue());
+                    break;
+                case "auth.authHttpHeaderValue":
+                    connectorConfiguration.setAuthHttpHeaderValue(new GuardedString(entry.getValue().toCharArray()));
+                    break;
                 default:
                     LOG.info("Occurrence of an non defined parameter");
                     break;

src/test/resources/net/tirasa/connid/bundles/scim/authv2.properties

@@ -39,3 +39,6 @@ auth.customDeltaAttributesKeys=urn:mem:params:scim:schemas:extension:LuckyNumber
 auth.customDeltaAttributesValues=12345
 # other schemas you want to add and retrieve to and from entities
 auth.otherSchemas=urn:mem:params:scim:schemas:extension:LuckyNumberExtension
+auth.authHttpHeaderName=apikey
+auth.authHttpHeaderValue=abcd12345!
+