Set DB case-insensitivity flag in SimpleSearchQueryConverter used in …

…JdbcScimUserProvisioning.retrieveByScimFilterOnlyActive
cloudfoundry · Apr 30, 2024 · 38a2048 · 38a2048
1 parent 20f1a47
commit 38a2048
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java b/server/src/main/java/org/cloudfoundry/identity/uaa/scim/jdbc/JdbcScimUserProvisioning.java
@@ -139,6 +139,8 @@ public Logger getLogger() {
     private final JdbcIdentityZoneProvisioning jdbcIdentityZoneProvisioning;
     private final IdentityZoneManager identityZoneManager;
 
+    private boolean useCaseInsensitiveQueries = false;
+
     public JdbcScimUserProvisioning(
             final JdbcTemplate jdbcTemplate,
             final JdbcPagingListFactory pagingListFactory,
@@ -159,6 +161,10 @@ public void setTimeService(TimeService timeService) {
         this.timeService = timeService;
     }
 
+    public void setUseCaseInsensitiveQueries(final boolean useCaseInsensitiveQueries) {
+        this.useCaseInsensitiveQueries = useCaseInsensitiveQueries;
+    }
+
     @Override
     public ScimUser retrieve(String id, String zoneId) {
         try {
@@ -185,7 +191,15 @@ public List<ScimUser> retrieveByScimFilterOnlyActive(
             final boolean ascending,
             final String zoneId
     ) {
+        /* We cannot reuse the query converter from the superclass here since the later query operates on both the
+         * "users" and the "identity_provider" table and they both have a column named "id". Since the SCIM filter might
+         * contain clauses on the "id" field, we must ensure that the "id" of the "users" table is used, which is done
+         * by attaching an AttributeNameMapper. */
         final SimpleSearchQueryConverter queryConverter = new SimpleSearchQueryConverter();
+
+        // ensure that the generated query handles the case-insensitivity of the underlying DB correctly
+        queryConverter.setDbCaseInsensitive(useCaseInsensitiveQueries);
+
         validateOrderBy(queryConverter.map(sortBy));
 
         /* since the two tables used in the query ('users' and 'identity_provider') have columns with identical names,

diff --git a/uaa/src/main/webapp/WEB-INF/spring/scim-endpoints.xml b/uaa/src/main/webapp/WEB-INF/spring/scim-endpoints.xml
@@ -31,6 +31,7 @@
         <property name="deactivateOnDelete" value="${scim.delete.deactivate:false}"/>
         <property name="usernamePattern" value="${scim.username_pattern:[\p{L}+0-9+\-_.@'!]+}"/>
         <property name="timeService" ref="timeService"/>
+        <property name="useCaseInsensitiveQueries" ref="useCaseInsensitiveQueries"/>
         <constructor-arg name="passwordEncoder" ref="nonCachingPasswordEncoder"/>
     </bean>