Adapt to optimized IAS server API (#1359)

Author: finkmanAtSap

CHANGELOG.md

@@ -1,6 +1,18 @@
 # Change Log
 All notable changes to this project will be documented in this file.
 
+## 3.3.0
+**Breaking Change [java-security-test]**: To validate mocked XSUAA tokens issued by java-security-test module, the UAA_DOMAIN property of the service configuration must now include the port of the Wiremock server.\
+Likewise for validating IAS tokens, the trusted *domains* array of the service configuration also needs to include the Wiremock URL including the port.\
+The full wiremock URL is available via SecurityTestContext#getWireMockServer#baseUrl.
+
+*Note*: If you are building your configuration via SecurityTestContext#getOAuth2ServiceConfigurationBuilderFromFile, this will already be preconfigured correctly, but you must not overwrite these properties with only "localhost".
+
+- [java-security]
+  - [XSUAA/IAS] Adapt optimized server API
+- [spring-xsuaa]
+  - Adapt optimized server API
+
 ## 3.2.1
 Hot fix for the CVE-2023-5072
 

README.md

@@ -124,7 +124,7 @@ The SAP Cloud Security Services Integration is published to maven central: https
         <dependency>
             <groupId>com.sap.cloud.security</groupId>
             <artifactId>java-bom</artifactId>
-            <version>3.2.1</version>
+            <version>3.3.0</version>
             <scope>import</scope>
             <type>pom</type>
         </dependency>

bom/pom.xml

@@ -8,7 +8,7 @@
 
     <groupId>com.sap.cloud.security</groupId>
     <artifactId>java-bom</artifactId>
-    <version>3.2.1</version>
+    <version>3.3.0</version>
     <packaging>pom</packaging>
     <name>java-bom</name>
 

env/pom.xml

@@ -9,7 +9,7 @@
     <parent>
         <groupId>com.sap.cloud.security.xsuaa</groupId>
         <artifactId>parent</artifactId>
-        <version>3.2.1</version>
+        <version>3.3.0</version>
     </parent>
 
     <groupId>com.sap.cloud.security</groupId>

java-api/README.md

@@ -5,6 +5,6 @@
 <dependency>
     <groupId>com.sap.cloud.security</groupId>
     <artifactId>java-api</artifactId>
-    <version>3.2.1</version>
+    <version>3.3.0</version>
 </dependency>
 ```

java-api/pom.xml

@@ -9,7 +9,7 @@
 	<parent>
 		<groupId>com.sap.cloud.security.xsuaa</groupId>
 		<artifactId>parent</artifactId>
-		<version>3.2.1</version>
+		<version>3.3.0</version>
 	</parent>
 
 	<groupId>com.sap.cloud.security</groupId>

java-security-it/pom.xml

@@ -9,7 +9,7 @@
     <parent>
         <artifactId>parent</artifactId>
         <groupId>com.sap.cloud.security.xsuaa</groupId>
-        <version>3.2.1</version>
+        <version>3.3.0</version>
     </parent>
 
     <artifactId>java-security-it</artifactId>

java-security-it/src/test/java/com/sap/cloud/security/test/integration/XsuaaIntegrationTest.java

@@ -83,7 +83,7 @@ public void xsuaaTokenValidationFails_withIasCombiningValidator() {
 		ValidationResult result = tokenValidator.validate(token);
 		assertThat(result.isValid()).isFalse();
 		assertThat(result.getErrorDescription()).startsWith(
-				"Issuer is not trusted because issuer 'http://auth.com' doesn't match any of these domains '[myauth.com]' of the identity provider");
+				"Issuer http://auth.com was not a trusted domain or a subdomain of the trusted domains [myauth.com].");
 	}
 
 	@Test

java-security-it/src/test/java/com/sap/cloud/security/test/integration/ssrf/JavaSSRFAttackTest.java

@@ -7,7 +7,6 @@
 
 import com.sap.cloud.security.config.OAuth2ServiceConfigurationBuilder;
 import com.sap.cloud.security.config.Service;
-import com.sap.cloud.security.config.ServiceConstants;
 import com.sap.cloud.security.test.RSAKeys;
 import com.sap.cloud.security.test.extension.SecurityTestExtension;
 import com.sap.cloud.security.token.Token;
@@ -65,9 +64,8 @@ class JavaSSRFAttackTest {
 	void maliciousPartOfJwksIsNotUsedToObtainToken(String jwksUrl, boolean isValid)
 			throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
 		OAuth2ServiceConfigurationBuilder configuration =
-				extension.getContext()
-				.getOAuth2ServiceConfigurationBuilderFromFile("/xsuaa/vcap_services-single.json")
-						.withProperty(ServiceConstants.XSUAA.UAA_DOMAIN, extension.getContext().getWireMockServer().baseUrl());
+				extension.getContext().getOAuth2ServiceConfigurationBuilderFromFile("/xsuaa/vcap_services-single.json");
+
 		Token token;
 		if (isValid) {
 			token = extension.getContext().getJwtGeneratorFromFile("/xsuaa/token.json")

java-security-it/src/test/java/com/sap/cloud/security/test/performance/SpringSecurityPerformanceIT.java

@@ -80,7 +80,7 @@ private OAuth2ServiceConfigurationBuilder createXsuaaConfigurationBuilder() {
 
 	private OAuth2ServiceConfigurationBuilder createIasConfigurationBuilder() {
 		return OAuth2ServiceConfigurationBuilder.forService(IAS)
-				.withDomains(SecurityTest.DEFAULT_DOMAIN)
+				.withDomains(securityIasTest.getWireMockServer().baseUrl())
 				.withClientId(SecurityTest.DEFAULT_CLIENT_ID);
 	}
 }