diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/resources/system/IndexResource.java b/openmetadata-service/src/main/java/org/openmetadata/service/resources/system/IndexResource.java index 5635813f4a7f..b72aa8b3b63d 100644 --- a/openmetadata-service/src/main/java/org/openmetadata/service/resources/system/IndexResource.java +++ b/openmetadata-service/src/main/java/org/openmetadata/service/resources/system/IndexResource.java @@ -8,6 +8,7 @@ import java.io.BufferedReader; import java.io.InputStream; import java.io.InputStreamReader; +import java.nio.charset.StandardCharsets; import java.util.stream.Collectors; import lombok.extern.slf4j.Slf4j; import org.openmetadata.service.OpenMetadataApplicationConfig; @@ -18,11 +19,17 @@ public class IndexResource { private String indexHtml; public IndexResource() { - InputStream inputStream = getClass().getResourceAsStream("/assets/index.html"); - indexHtml = - new BufferedReader(new InputStreamReader(inputStream)) - .lines() - .collect(Collectors.joining("\n")); + try (InputStream inputStream = getClass().getResourceAsStream("/assets/index.html")) { + if (inputStream == null) { + throw new IllegalStateException("Resource /assets/index.html not found on classpath"); + } + try (BufferedReader reader = + new BufferedReader(new InputStreamReader(inputStream, StandardCharsets.UTF_8))) { + indexHtml = reader.lines().collect(Collectors.joining("\n")); + } + } catch (java.io.IOException e) { + throw new IllegalStateException("Failed to read /assets/index.html", e); + } } public void initialize(OpenMetadataApplicationConfig config) { @@ -32,11 +39,18 @@ public void initialize(OpenMetadataApplicationConfig config) { public static String getIndexFile(String basePath) { LOG.info("IndexResource.getIndexFile called with basePath: [{}]", basePath); - InputStream inputStream = IndexResource.class.getResourceAsStream("/assets/index.html"); - String indexHtml = - new BufferedReader(new InputStreamReader(inputStream)) - .lines() - .collect(Collectors.joining("\n")); + String indexHtml; + try (InputStream inputStream = IndexResource.class.getResourceAsStream("/assets/index.html")) { + if (inputStream == null) { + throw new IllegalStateException("Resource /assets/index.html not found on classpath"); + } + try (BufferedReader reader = + new BufferedReader(new InputStreamReader(inputStream, StandardCharsets.UTF_8))) { + indexHtml = reader.lines().collect(Collectors.joining("\n")); + } + } catch (java.io.IOException e) { + throw new IllegalStateException("Failed to read /assets/index.html", e); + } String result = indexHtml.replace("${basePath}", basePath); String basePathLine = diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/security/auth/validator/SamlValidator.java b/openmetadata-service/src/main/java/org/openmetadata/service/security/auth/validator/SamlValidator.java index 09968426ab32..d3f4e7172b59 100644 --- a/openmetadata-service/src/main/java/org/openmetadata/service/security/auth/validator/SamlValidator.java +++ b/openmetadata-service/src/main/java/org/openmetadata/service/security/auth/validator/SamlValidator.java @@ -294,46 +294,50 @@ private FieldError validateIdpConnectivity(SamlSSOClientConfig samlConfig) { URL url = new URL(urlWithParams); HttpURLConnection conn = (HttpURLConnection) url.openConnection(); - conn.setRequestMethod("GET"); - conn.setConnectTimeout(5000); - conn.setReadTimeout(5000); - conn.setInstanceFollowRedirects(false); - int responseCode = conn.getResponseCode(); - LOG.debug("IdP response code to SAML request: {}", responseCode); - - // Analyze response - if (responseCode == 404) { - return ValidationErrorBuilder.createFieldError( - ValidationErrorBuilder.FieldPaths.SAML_IDP_SSO_URL, - "SSO Login URL not found (HTTP 404). The URL '" + ssoUrl + "' does not exist."); - } else if (responseCode == 405) { - return ValidationErrorBuilder.createFieldError( - ValidationErrorBuilder.FieldPaths.SAML_IDP_SSO_URL, - "SSO URL doesn't accept GET requests (HTTP 405). Please check the SSO URL configuration."); - } else if (responseCode >= 200 && responseCode < 400) { - // 200 or 302 means the IdP accepted our SAML request - return null; // Success - SSO Login URL validated - } else if (responseCode >= 400 && responseCode < 500) { - // 400-499 could mean wrong URL or IdP rejecting the request - // Read a bit of the response to check for specific errors - String responseSnippet = readResponseSnippet(conn); - if (responseSnippet.toLowerCase().contains("saml") - || responseSnippet.toLowerCase().contains("invalid")) { - // Warning case - treat as success - LOG.warn( - "SSO URL responded with client error (HTTP {}). This might be due to the test SAML request format.", - responseCode); - return null; + try { + conn.setRequestMethod("GET"); + conn.setConnectTimeout(5000); + conn.setReadTimeout(5000); + conn.setInstanceFollowRedirects(false); + int responseCode = conn.getResponseCode(); + LOG.debug("IdP response code to SAML request: {}", responseCode); + + // Analyze response + if (responseCode == 404) { + return ValidationErrorBuilder.createFieldError( + ValidationErrorBuilder.FieldPaths.SAML_IDP_SSO_URL, + "SSO Login URL not found (HTTP 404). The URL '" + ssoUrl + "' does not exist."); + } else if (responseCode == 405) { + return ValidationErrorBuilder.createFieldError( + ValidationErrorBuilder.FieldPaths.SAML_IDP_SSO_URL, + "SSO URL doesn't accept GET requests (HTTP 405). Please check the SSO URL configuration."); + } else if (responseCode >= 200 && responseCode < 400) { + // 200 or 302 means the IdP accepted our SAML request + return null; // Success - SSO Login URL validated + } else if (responseCode >= 400 && responseCode < 500) { + // 400-499 could mean wrong URL or IdP rejecting the request + // Read a bit of the response to check for specific errors + String responseSnippet = readResponseSnippet(conn); + if (responseSnippet.toLowerCase().contains("saml") + || responseSnippet.toLowerCase().contains("invalid")) { + // Warning case - treat as success + LOG.warn( + "SSO URL responded with client error (HTTP {}). This might be due to the test SAML request format.", + responseCode); + return null; + } + return ValidationErrorBuilder.createFieldError( + ValidationErrorBuilder.FieldPaths.SAML_IDP_SSO_URL, + "SSO URL returned error (HTTP " + + responseCode + + "). Please verify the URL is correct."); + } else { + return ValidationErrorBuilder.createFieldError( + ValidationErrorBuilder.FieldPaths.SAML_IDP_SSO_URL, + "SSO URL is not accessible (HTTP " + responseCode + ")"); } - return ValidationErrorBuilder.createFieldError( - ValidationErrorBuilder.FieldPaths.SAML_IDP_SSO_URL, - "SSO URL returned error (HTTP " - + responseCode - + "). Please verify the URL is correct."); - } else { - return ValidationErrorBuilder.createFieldError( - ValidationErrorBuilder.FieldPaths.SAML_IDP_SSO_URL, - "SSO URL is not accessible (HTTP " + responseCode + ")"); + } finally { + conn.disconnect(); } } catch (Exception e) { LOG.warn("SSO URL validation failed", e); @@ -376,10 +380,13 @@ private String createTestSamlRequest(SamlSSOClientConfig samlConfig) { java.io.ByteArrayOutputStream bytesOut = new java.io.ByteArrayOutputStream(); java.util.zip.Deflater deflater = new java.util.zip.Deflater(java.util.zip.Deflater.DEFLATED, true); - java.util.zip.DeflaterOutputStream deflaterStream = - new java.util.zip.DeflaterOutputStream(bytesOut, deflater); - deflaterStream.write(samlRequestXml.getBytes(StandardCharsets.UTF_8)); - deflaterStream.finish(); + try (java.util.zip.DeflaterOutputStream deflaterStream = + new java.util.zip.DeflaterOutputStream(bytesOut, deflater)) { + deflaterStream.write(samlRequestXml.getBytes(StandardCharsets.UTF_8)); + deflaterStream.finish(); + } finally { + deflater.end(); + } // Base64 encode String base64Request = Base64.getEncoder().encodeToString(bytesOut.toByteArray()); @@ -395,15 +402,15 @@ private String createTestSamlRequest(SamlSSOClientConfig samlConfig) { private String readResponseSnippet(HttpURLConnection conn) { try { - java.io.InputStream inputStream = conn.getErrorStream(); - if (inputStream == null) { - inputStream = conn.getInputStream(); - } + java.io.InputStream errorStream = conn.getErrorStream(); + java.io.InputStream inputStream = (errorStream != null) ? errorStream : conn.getInputStream(); if (inputStream != null) { - byte[] buffer = new byte[500]; - int bytesRead = inputStream.read(buffer); - if (bytesRead > 0) { - return new String(buffer, 0, bytesRead, StandardCharsets.UTF_8); + try (inputStream) { + byte[] buffer = new byte[500]; + int bytesRead = inputStream.read(buffer); + if (bytesRead > 0) { + return new String(buffer, 0, bytesRead, StandardCharsets.UTF_8); + } } } } catch (Exception e) { diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/security/saml/SamlSettingsHolder.java b/openmetadata-service/src/main/java/org/openmetadata/service/security/saml/SamlSettingsHolder.java index b5bd10b4b705..54034c1efa10 100644 --- a/openmetadata-service/src/main/java/org/openmetadata/service/security/saml/SamlSettingsHolder.java +++ b/openmetadata-service/src/main/java/org/openmetadata/service/security/saml/SamlSettingsHolder.java @@ -118,9 +118,9 @@ public void initDefaultSettings(OpenMetadataApplicationConfig catalogApplication && !CommonUtil.nullOrEmpty(securityConfig.getKeyStorePassword()) && !CommonUtil.nullOrEmpty(securityConfig.getKeyStoreAlias())) { KeyStore keyStore = KeyStore.getInstance("JKS"); - keyStore.load( - new FileInputStream(securityConfig.getKeyStoreFilePath()), - securityConfig.getKeyStorePassword().toCharArray()); + try (FileInputStream fis = new FileInputStream(securityConfig.getKeyStoreFilePath())) { + keyStore.load(fis, securityConfig.getKeyStorePassword().toCharArray()); + } samlData.put(SettingsBuilder.KEYSTORE_KEY, keyStore); samlData.put(SettingsBuilder.KEYSTORE_ALIAS, securityConfig.getKeyStoreAlias()); samlData.put(SettingsBuilder.KEYSTORE_KEY_PASSWORD, securityConfig.getKeyStorePassword());