If you try to use your one time password to reset your password once again - you'll get status 'internal server error'. Something that indicates that this operation is not possible or forbidden would help to identify what the user tried to do.

Like already discussed in the OSIAM umbrella repo, the time is right to support standalone application with Spring Boot fat jars. But there are several steps to discuss for an easy migration and what of the Spring Boot magic we should use to make the life easier for operations and developers. I will create a few issues to discuss these steps. This issue was only created to clarify the need for the migration to Spring Boot. This issue will be closed if the migration is finally done!

At the bottom of CONTRIBUTING.md, there is a broken link to crate.io.

There is no need to make the extension and the fields configurable and makes the setup/installation more complex.

Only those groups are in the list of 'Andere Gruppen', which have at least one member. Sems, that an inner join has to be changed by an outer join.

This repo should contain stuff so that a Debian package can be build. It's still open whether we should use vanilla Debian packaging scripts and stuff, or maybe use the excellent pkg-maven-plugin. I would recommend the pkg-maven-plugin.

When the "notify user" checkbox is enabled for Account deactivation, the following error message is shown. The user does not receive an e-mail, but the deactivation has occurred nonetheless.

Exception: Error resolving template "deactivate-email", template might not exist or might not be accessible by any of the configured Template Resolvers
org.thymeleaf.exceptions.TemplateInputException: Error resolving template "deactivate-email", template might not exist or might not be accessible by any of the configured Template Resolvers
at org.thymeleaf.TemplateRepository.getTemplate(TemplateRepository.java:246)
at org.thymeleaf.TemplateEngine.process(TemplateEngine.java:1104)
at org.thymeleaf.TemplateEngine.process(TemplateEngine.java:1060)

It seems that the template is expected to have another name.

/etc/osiam/addon-self-administration/templates/mail/deactivation-email.html ->
/etc/osiam/addon-self-administration/templates/mail/deactivate-email.html

After #124 has been solved, we can move on and finally switch to a standalone, runnable .jar deployment. This does not contain switching to YAML files, which will be done in a separate step.

If you enter all registration correctly and press submit, you will see a stacktrace if the e-mail server cannot be found (e.g. it is down)

The add-ons are not yet updated to the new deployment process. So, one still has to download the complete distribution to get started. Therefore, we must also deploy the distribution to Bintray. I think that only deploying the release distribution is enough, and snapshot distributions don't have to be deployed. AFAIK, we've never deployed snapshot distributions anyway.

It is possible to store javascript into user attributes (in osiam database) using the registration form.

This is the umbrella issue for the transition of this component to a Spring Boot standalone application with an executable fat JAR. See also osiam/osiam#5 for the initial reasons and discussion.

Tasks that have to be done:

• Switch from xml to java configuration (#72)
• Introduce Spring Boot, but keep WAR deployment (#124)
• Switch to YAML configration (#134)
• Switch to standalone application (#135 / PR: #127)

Please, maintain this list, if you add new issues or close existing ones.

When entering to different passwords while registration, no message is displayed. in former versions "Die Passwörter stimmen nicht überein" was shown.

As add-ons will be removed from OSIAM core, their tests have to be moved to their repos, too.

Part of: osiam/osiam#93

If you enter an umlaut (äöü and also ß) in registration fields (e.g. first name) than you are faced with encoding problems. A possible fix to that problem can be adding characterEncodingFilter settings with utf8 in web.xml of the addon-self-administration project

To start the self-administration out-of-the-box, it would be really nice if no mail server is configured an embedded mail server will be started to provide a fully functional application (except the fact that the self-admin needs running auth- and resource-server). This is more intended for an easy try of the self-admin without the disadvantage of setting up a mail server. I like the idea of starting a greenmail smtp server when nothing is configured. This idea fits even more if we migrate to Spring Boot and run the self-admin with a simple java -jar.
I think the port should be by default an empty string and if the port is not configured the mail configuration should be changed to the greenmail parameters. right?

When the server fails to send the activation mail, the user creation is not rolled back. When trying to register the same user after a failed attempt, the user name is already taken. The user creation has to be rolled back after an error occurs.

If we migrate to Spring Boot, configuration and web-resource (template, css, js and message) files should be customizable like before.

If you like to override the internal provided default properties, the easiest way is to provide a copy of this file as application.properties in the same folder where the jar is started. This is a feature of Spring Boot, which loads properties from several locations. Another way is to start the fat jar with java -jar self-admin.jar --spring.config.location=/my/location. There are many options to load the configuration file.

I think we should provide the same way for the web-resources, but a little bit fancier. Thanks to the idea of @tkrille, we should copy the web-resources out of the jar in the same folder where the jar lives (or any other default folder) to make it easy as possible to customize these files. This will be prevent if the web-resource property is set when starting the jar (e.g. java -jar self-admin.jar --osiam.self.admin.resource.location=/var/lib/osiam/self-admin). For sure the external resource location is also configurable with the external properties.

Any objections?

This repo should contain stuff so that a Docker image can be build. It should be possible to build it as a trusted image on the Hub and also for local testing during development. This can be achieved in the following way:

The install script that runs during the build process checks if there is a locally-built war file in the target folder and uses this. Otherwise it installs Maven, etc. and builds the war itself or downloads it from the central/Sonatype snapshots or something else.

If we migrate to Spring Boot, we need to set a default ports for the service and the admin/metrics endpoints. Any suggestions? Remember that we need to set two ports for every OSIAM component (auth-server, resource-server, self-administration, addon-administration). Maybe something like:
Service: 41001
Admin: 42001

If we migrate to Spring Boot we can choose between YAML and properties configuration files.
Because the migration to Spring Boot is already a breaking change, we should use this fact and also migrate the configuration file from properties to YAML.

While registering when an invalid e-mail is entered, the following exception is displayed. Would be desirable that the output of stack trackes remain hidden from the user.

(dchrome has verified this issue: the validation does not work. it should return a specific error for the html field where the error occurred in this case the email field.)

HTTP Status 500 - Request processing failed; nested exception is org.osiam.resources.exception.SCIMDataValidationException: The value 'c.peters@tarent' is not a well-formed email.

org.osiam.addons.self_administration.exception.OsiamExceptionHandler handleException
WARNING: An exception occurred
org.osiam.resources.exception.SCIMDataValidationException: The value 'c.peters@tarent' is not a well-formed email.
at org.osiam.resources.scim.Email$Builder.setValue(Email.java:179)
at org.osiam.addons.self_administration.registration.UserConverter.toScimUser(UserConverter.java:68)
at org.osiam.addons.self_administration.registration.RegistrationService.convertToScimUser(RegistrationService.java:125)
at org.osiam.addons.self_administration.registration.RegistrationController.register(RegistrationController.java:87)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:215)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:132)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:781)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:721)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:83)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:943)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:877)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:961)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:863)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:837)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:200)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:579)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)

ERROR [org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver] - <Failed to invoke @ExceptionHandler method: protected org.springframework.web.servlet.ModelAndView org.osiam.addons.self_administration.exception.OsiamExceptionHandler.handleException(java.lang.RuntimeException,javax.servlet.http.HttpServletResponse)>
java.lang.NullPointerException
at org.osiam.addons.self_administration.exception.OsiamExceptionHandler.getLogLevel(OsiamExceptionHandler.java:95)
at org.osiam.addons.self_administration.exception.OsiamExceptionHandler.getLogLevel(OsiamExceptionHandler.java:95)
at org.osiam.addons.self_administration.exception.OsiamExceptionHandler.getLogLevel(OsiamExceptionHandler.java:95)
at org.osiam.addons.self_administration.exception.OsiamExceptionHandler.getLogLevel(OsiamExceptionHandler.java:95)
at org.osiam.addons.self_administration.exception.OsiamExceptionHandler.getLogLevel(OsiamExceptionHandler.java:95)
at org.osiam.addons.self_administration.exception.OsiamExceptionHandler.getLogLevel(OsiamExceptionHandler.java:95)
at org.osiam.addons.self_administration.exception.OsiamExceptionHandler.getLogLevel(OsiamExceptionHandler.java:95)
at org.osiam.addons.self_administration.exception.OsiamExceptionHandler.getLogLevel(OsiamExceptionHandler.java:95)
at org.osiam.addons.self_administration.exception.OsiamExceptionHandler.getLogLevel(OsiamExceptionHandler.java:95)
at org.osiam.addons.self_administration.exception.OsiamExceptionHandler.getLogLevel(OsiamExceptionHandler.java:95)
at org.osiam.addons.self_administration.exception.OsiamExceptionHandler.getLogLevel(OsiamExceptionHandler.java:95)
at org.osiam.addons.self_administration.exception.OsiamExceptionHandler.setLoggingInformation(OsiamExceptionHandler.java:83)
at org.osiam.addons.self_administration.exception.OsiamExceptionHandler.handleException(OsiamExceptionHandler.java:78)

The Self-Admin uses OsiamConnector.getMe() that is only compatible with OSIAM 3.0. What should we do about this? We could make it compatible again, because the Self-Admin is able to detect, whether it is configured for OSIAM 2.x or 3.x. Or we leave it incompatible, releasing version 2.0 and annoying forcing the current users to update to OSIAM 3.0. What do you think?

A failed email delivery will not remove the newly created user. That's a problem, because if the user tries to register again, their username will already be taken. There should be a way to compensate this, e.g. delete the user if the mail delivery failed and request the user to try again. I think, that a similar compensation for lost password and change email is not necessary.

If no postalCode is given in the registration, OSIAM saves a string value "null" for the postal code.
The address update over the java api leads to a similar behavior: On saving null, the string "null" gets saved.

A fix for this is important for us.

As I already mentioned, to provide the self-admin as a fully functional standalone application in form of a fat jar, some migration steps need to be done. Next step should be the migration of the maven pom to Spring Boot. The deployer doesn't have to change anything, the self-administration will be run as a war like before in an application container (and with the same configuration mess). Anyway it's a fat war which is theoretically runnable with java -jar addon-self-administration.war. But the fact that we didn't provide the properties configuration files and the web-resources within the classpath, the self-administration isn't runnable as fat war, because of the missing files.
There are two ways (I guess) to get rid off this problem:

• Throw an exception in the main method to prevent the run via java -jar
• Link the config files as an external classpath if possible

But I'm not sure if we should put so much work to get this running, because next step is the switch to a fat jar without tomcat deployment... what do you think?

The self administration does not react on the browsers language preferences.

Also there is no easy or documented way of setting the default locale.
My poor solution was to modify JAVA_OPTS on catalina.sh with: -Duser.language=de -Duser.region=DE

The xml configuration should be removed and migrated to java configuration. The Spring Framework provides this since version 3.1 and this can be done as a first step to Spring Boot. For reference, these steps can be used to apply also to the OSIAM server.

At this time one can only configure what fields show up on the registration page. Which fields are required or not is statically implemented and so cannot be changed by a deployer/operator. I think we should make it possible for a deployer/operator to define which fields are required or not. @dacrome already made up an example how to specify that in the properties file: https://gist.github.com/dacrome/31edbb3b9e894258e937

Using properties files is not really an optimal way to configure this application. As discussed here, we decided to switch to YAML.