From 65e21d3f6a394cbfc34f6c6d8b49d92a02a4aa9e Mon Sep 17 00:00:00 2001 From: Seun Matt Date: Sun, 29 Mar 2020 21:36:54 +0100 Subject: [PATCH] example code for BAEL-3749 (#8815) * example code for BAEL-3749 * added live test * added live test * improved exception handling in response log filter * propage exception in example code * updated repo with upstream * added example code for BAEL-3293 * updated the example code for BAEL-3749 * updated the example code for BAEL-3749 * updated the example code for BAEL-3749 * updated the example code for BAEL-3749 --- cas/cas-secured-app/pom.xml | 8 +- .../CasSecuredAppApplication.java | 91 ------ .../cassecuredapp/CasSecuredApplication.java | 97 +++++++ .../cassecuredapp/config/SecurityConfig.java | 83 ------ .../config/WebSecurityConfig.java | 79 ++++++ .../controllers/AuthController.java | 29 +- .../controllers/IndexController.java | 8 +- .../controllers/SecuredController.java | 30 ++ .../controllers/SecuredPageController.java | 24 -- .../src/main/resources/application.properties | 3 +- ...CasSecuredApplicationIntegrationTest.java} | 2 +- cas/cas-server/.factorypath | 228 ---------------- cas/cas-server/.gitignore | 7 + cas/cas-server/.mergify.yml | 32 +++ cas/cas-server/.travis.yml | 62 +++++ cas/cas-server/Dockerfile | 40 +++ cas/cas-server/README.md | 151 ++++++---- cas/cas-server/build.cmd | 102 ------- cas/cas-server/build.gradle | 106 +++++++ cas/cas-server/build.sh | 189 ------------- cas/cas-server/docker-build.sh | 10 + cas/cas-server/docker-compose.yml | 7 + cas/cas-server/docker-push.sh | 12 + cas/cas-server/docker-run.sh | 7 + cas/cas-server/etc/cas/config/application.yml | 2 - cas/cas-server/etc/cas/config/cas.properties | 9 +- cas/cas-server/etc/cas/config/log4j2.xml | 120 ++++---- cas/cas-server/etc/cas/saml/.gitkeep | 1 + cas/cas-server/etc/cas/services/.donotdel | 0 cas/cas-server/etc/cas/thekeystore | Bin 0 -> 2266 bytes cas/cas-server/gradle.properties | 28 ++ cas/cas-server/gradle/dockerjib.gradle | 52 ++++ cas/cas-server/gradle/springboot.gradle | 24 ++ cas/cas-server/gradle/tasks.gradle | 258 ++++++++++++++++++ .../gradle/wrapper/gradle-wrapper.properties | 5 + cas/cas-server/gradlew | 188 +++++++++++++ cas/cas-server/gradlew.bat | 100 +++++++ cas/cas-server/maven/maven-wrapper.jar | Bin 71910 -> 0 bytes cas/cas-server/maven/maven-wrapper.properties | 3 - cas/cas-server/mvnw | 234 ---------------- cas/cas-server/mvnw.bat | 174 ------------ cas/cas-server/pom.xml | 208 -------------- cas/cas-server/settings.gradle | 1 + .../src/main/jib/docker/entrypoint.sh | 22 ++ .../src/main/resources/application.properties | 136 +-------- .../src/main/resources/cas.properties | 9 - .../create_test_db_and_users_tbl.sql | 12 +- .../resources/etc/cas/config/application.yml | 2 - .../resources/etc/cas/config/cas.properties | 18 +- .../main/resources/etc/cas/config/log4j2.xml | 117 -------- .../etc/cas/services/casSecuredApp-8900.json | 8 + .../src/main/resources/etc/cas/thekeystore | Bin 2258 -> 2251 bytes .../main/resources/etc/cas/thekeystore.crt | Bin 901 -> 0 bytes cas/cas-server/src/main/resources/log4j2.xml | 117 -------- .../services/casSecuredApp-19991.json | 8 - cas/pom.xml | 23 -- pom.xml | 2 - 57 files changed, 1390 insertions(+), 1898 deletions(-) delete mode 100644 cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/CasSecuredAppApplication.java create mode 100644 cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/CasSecuredApplication.java delete mode 100644 cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/config/SecurityConfig.java create mode 100644 cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/config/WebSecurityConfig.java create mode 100644 cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/controllers/SecuredController.java delete mode 100644 cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/controllers/SecuredPageController.java rename cas/cas-secured-app/src/test/java/com/baeldung/cassecuredapp/{CasSecuredAppApplicationIntegrationTest.java => CasSecuredApplicationIntegrationTest.java} (84%) delete mode 100644 cas/cas-server/.factorypath mode change 100644 => 100755 cas/cas-server/.gitignore create mode 100644 cas/cas-server/.mergify.yml create mode 100644 cas/cas-server/.travis.yml create mode 100644 cas/cas-server/Dockerfile delete mode 100644 cas/cas-server/build.cmd create mode 100644 cas/cas-server/build.gradle delete mode 100644 cas/cas-server/build.sh create mode 100755 cas/cas-server/docker-build.sh create mode 100644 cas/cas-server/docker-compose.yml create mode 100755 cas/cas-server/docker-push.sh create mode 100755 cas/cas-server/docker-run.sh delete mode 100644 cas/cas-server/etc/cas/config/application.yml create mode 100644 cas/cas-server/etc/cas/saml/.gitkeep create mode 100644 cas/cas-server/etc/cas/services/.donotdel create mode 100644 cas/cas-server/etc/cas/thekeystore create mode 100644 cas/cas-server/gradle.properties create mode 100644 cas/cas-server/gradle/dockerjib.gradle create mode 100644 cas/cas-server/gradle/springboot.gradle create mode 100644 cas/cas-server/gradle/tasks.gradle create mode 100644 cas/cas-server/gradle/wrapper/gradle-wrapper.properties create mode 100755 cas/cas-server/gradlew create mode 100644 cas/cas-server/gradlew.bat delete mode 100644 cas/cas-server/maven/maven-wrapper.jar delete mode 100644 cas/cas-server/maven/maven-wrapper.properties delete mode 100644 cas/cas-server/mvnw delete mode 100644 cas/cas-server/mvnw.bat create mode 100644 cas/cas-server/settings.gradle create mode 100755 cas/cas-server/src/main/jib/docker/entrypoint.sh delete mode 100644 cas/cas-server/src/main/resources/cas.properties delete mode 100644 cas/cas-server/src/main/resources/etc/cas/config/application.yml delete mode 100644 cas/cas-server/src/main/resources/etc/cas/config/log4j2.xml create mode 100644 cas/cas-server/src/main/resources/etc/cas/services/casSecuredApp-8900.json delete mode 100644 cas/cas-server/src/main/resources/etc/cas/thekeystore.crt delete mode 100644 cas/cas-server/src/main/resources/log4j2.xml delete mode 100644 cas/cas-server/src/main/resources/services/casSecuredApp-19991.json diff --git a/cas/cas-secured-app/pom.xml b/cas/cas-secured-app/pom.xml index 8e6f28e3a8..426d65c32b 100644 --- a/cas/cas-secured-app/pom.xml +++ b/cas/cas-secured-app/pom.xml @@ -11,11 +11,15 @@ com.baeldung - parent-boot-1 + parent-boot-2 0.0.1-SNAPSHOT - ../../parent-boot-1 + ../../parent-boot-2 + + 2.2.6.RELEASE + + org.springframework.boot diff --git a/cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/CasSecuredAppApplication.java b/cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/CasSecuredAppApplication.java deleted file mode 100644 index 25cbb9bc9b..0000000000 --- a/cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/CasSecuredAppApplication.java +++ /dev/null @@ -1,91 +0,0 @@ -package com.baeldung.cassecuredapp; - -import org.jasig.cas.client.session.SingleSignOutFilter; -import org.jasig.cas.client.session.SingleSignOutHttpSessionListener; -import org.jasig.cas.client.validation.Cas30ServiceTicketValidator; -import org.jasig.cas.client.validation.TicketValidator; -import org.springframework.boot.SpringApplication; -import org.springframework.boot.autoconfigure.SpringBootApplication; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Primary; -import org.springframework.context.event.EventListener; -import org.springframework.security.cas.ServiceProperties; -import org.springframework.security.cas.authentication.CasAuthenticationProvider; -import org.springframework.security.cas.web.CasAuthenticationEntryPoint; -import org.springframework.security.core.authority.AuthorityUtils; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.core.userdetails.User; -import org.springframework.security.web.AuthenticationEntryPoint; -import org.springframework.security.web.authentication.logout.LogoutFilter; -import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler; - -import javax.servlet.http.HttpSessionEvent; - -@SpringBootApplication -public class CasSecuredAppApplication { - - public static void main(String[] args) { - SpringApplication.run(CasSecuredAppApplication.class, args); - } - - @Bean - public ServiceProperties serviceProperties() { - ServiceProperties serviceProperties = new ServiceProperties(); - serviceProperties.setService("http://localhost:9000/login/cas"); - serviceProperties.setSendRenew(false); - return serviceProperties; - } - - @Bean - @Primary - public AuthenticationEntryPoint authenticationEntryPoint(ServiceProperties sP) { - CasAuthenticationEntryPoint entryPoint = new CasAuthenticationEntryPoint(); - entryPoint.setLoginUrl("https://localhost:6443/cas/login"); - entryPoint.setServiceProperties(sP); - return entryPoint; - } - - @Bean - public TicketValidator ticketValidator() { - return new Cas30ServiceTicketValidator("https://localhost:6443/cas"); - } - - @Bean - public CasAuthenticationProvider casAuthenticationProvider() { - CasAuthenticationProvider provider = new CasAuthenticationProvider(); - provider.setServiceProperties(serviceProperties()); - provider.setTicketValidator(ticketValidator()); - provider.setUserDetailsService((s) -> new User("test@test.com", "smatt", - true, true, true, true, - AuthorityUtils.createAuthorityList("ROLE_ADMIN"))); - provider.setKey("CAS_PROVIDER_LOCALHOST_9000"); - return provider; - } - - - @Bean - public SecurityContextLogoutHandler securityContextLogoutHandler() { - return new SecurityContextLogoutHandler(); - } - - @Bean - public LogoutFilter logoutFilter() { - LogoutFilter logoutFilter = new LogoutFilter( - "https://localhost:6443/cas/logout", securityContextLogoutHandler()); - logoutFilter.setFilterProcessesUrl("/logout/cas"); - return logoutFilter; - } - - @Bean - public SingleSignOutFilter singleSignOutFilter() { - SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter(); - singleSignOutFilter.setCasServerUrlPrefix("https://localhost:6443/cas"); - singleSignOutFilter.setIgnoreInitConfiguration(true); - return singleSignOutFilter; - } - - @EventListener - public SingleSignOutHttpSessionListener singleSignOutHttpSessionListener(HttpSessionEvent event) { - return new SingleSignOutHttpSessionListener(); - } -} diff --git a/cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/CasSecuredApplication.java b/cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/CasSecuredApplication.java new file mode 100644 index 0000000000..4a2c609758 --- /dev/null +++ b/cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/CasSecuredApplication.java @@ -0,0 +1,97 @@ +package com.baeldung.cassecuredapp; + +import org.jasig.cas.client.session.SingleSignOutFilter; +import org.jasig.cas.client.session.SingleSignOutHttpSessionListener; +import org.jasig.cas.client.validation.Cas30ServiceTicketValidator; +import org.jasig.cas.client.validation.TicketValidator; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Primary; +import org.springframework.context.event.EventListener; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.cas.ServiceProperties; +import org.springframework.security.cas.authentication.CasAuthenticationProvider; +import org.springframework.security.cas.web.CasAuthenticationEntryPoint; +import org.springframework.security.cas.web.CasAuthenticationFilter; +import org.springframework.security.core.authority.AuthorityUtils; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.web.AuthenticationEntryPoint; +import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler; +import org.springframework.security.web.authentication.logout.LogoutFilter; +import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler; + +import javax.servlet.http.HttpSessionEvent; + +@SpringBootApplication +public class CasSecuredApplication { + + private static final Logger logger = LoggerFactory.getLogger(CasSecuredApplication.class); + + public static void main(String... args) { + SpringApplication.run(CasSecuredApplication.class, args); + } + + @Bean + public CasAuthenticationFilter casAuthenticationFilter( + AuthenticationManager authenticationManager, + ServiceProperties serviceProperties) throws Exception { + CasAuthenticationFilter filter = new CasAuthenticationFilter(); + filter.setAuthenticationManager(authenticationManager); + filter.setServiceProperties(serviceProperties); + return filter; + } + + @Bean + public ServiceProperties serviceProperties() { + logger.info("service properties"); + ServiceProperties serviceProperties = new ServiceProperties(); + serviceProperties.setService("http://cas-client:8900/login/cas"); + serviceProperties.setSendRenew(false); + return serviceProperties; + } + + @Bean + public TicketValidator ticketValidator() { + return new Cas30ServiceTicketValidator("https://localhost:8443"); + } + + @Bean + public CasAuthenticationProvider casAuthenticationProvider( + TicketValidator ticketValidator, + ServiceProperties serviceProperties) { + CasAuthenticationProvider provider = new CasAuthenticationProvider(); + provider.setServiceProperties(serviceProperties); + provider.setTicketValidator(ticketValidator); + provider.setUserDetailsService( + s -> new User("test@test.com", "Mellon", true, true, true, true, + AuthorityUtils.createAuthorityList("ROLE_ADMIN"))); + provider.setKey("CAS_PROVIDER_LOCALHOST_8900"); + return provider; + } + + + @Bean + public SecurityContextLogoutHandler securityContextLogoutHandler() { + return new SecurityContextLogoutHandler(); + } + + @Bean + public LogoutFilter logoutFilter() { + LogoutFilter logoutFilter = new LogoutFilter("https://localhost:8443/logout", securityContextLogoutHandler()); + logoutFilter.setFilterProcessesUrl("/logout/cas"); + return logoutFilter; + } + + @Bean + public SingleSignOutFilter singleSignOutFilter() { + SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter(); + singleSignOutFilter.setCasServerUrlPrefix("https://localhost:8443"); + singleSignOutFilter.setLogoutCallbackPath("/exit/cas"); + singleSignOutFilter.setIgnoreInitConfiguration(true); + return singleSignOutFilter; + } + +} diff --git a/cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/config/SecurityConfig.java b/cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/config/SecurityConfig.java deleted file mode 100644 index 2eabed49e1..0000000000 --- a/cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/config/SecurityConfig.java +++ /dev/null @@ -1,83 +0,0 @@ -package com.baeldung.cassecuredapp.config; - -import org.jasig.cas.client.session.SingleSignOutFilter; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.security.authentication.AuthenticationManager; -import org.springframework.security.authentication.AuthenticationProvider; -import org.springframework.security.authentication.ProviderManager; -import org.springframework.security.cas.ServiceProperties; -import org.springframework.security.cas.authentication.CasAuthenticationProvider; -import org.springframework.security.cas.web.CasAuthenticationFilter; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.web.AuthenticationEntryPoint; -import org.springframework.security.web.authentication.logout.LogoutFilter; - -import java.util.Arrays; - -@EnableWebSecurity -@Configuration -public class SecurityConfig extends WebSecurityConfigurerAdapter { - - private AuthenticationProvider authenticationProvider; - private AuthenticationEntryPoint authenticationEntryPoint; - private SingleSignOutFilter singleSignOutFilter; - private LogoutFilter logoutFilter; - - @Autowired - public SecurityConfig(CasAuthenticationProvider casAuthenticationProvider, AuthenticationEntryPoint eP, - LogoutFilter lF - , SingleSignOutFilter ssF - ) { - this.authenticationProvider = casAuthenticationProvider; - this.authenticationEntryPoint = eP; - - this.logoutFilter = lF; - this.singleSignOutFilter = ssF; - - } - - @Override - protected void configure(HttpSecurity http) throws Exception { - http - .authorizeRequests() - .regexMatchers("/secured.*", "/login") - .authenticated() - .and() - .authorizeRequests() - .regexMatchers("/") - .permitAll() - .and() - .httpBasic() - .authenticationEntryPoint(authenticationEntryPoint) - .and() - .logout().logoutSuccessUrl("/logout") - .and() - .addFilterBefore(singleSignOutFilter, CasAuthenticationFilter.class) - .addFilterBefore(logoutFilter, LogoutFilter.class); - - } - - @Override - protected void configure(AuthenticationManagerBuilder auth) throws Exception { - auth.authenticationProvider(authenticationProvider); - } - - @Override - protected AuthenticationManager authenticationManager() throws Exception { - return new ProviderManager(Arrays.asList(authenticationProvider)); - } - - @Bean - public CasAuthenticationFilter casAuthenticationFilter(ServiceProperties sP) throws Exception { - CasAuthenticationFilter filter = new CasAuthenticationFilter(); - filter.setServiceProperties(sP); - filter.setAuthenticationManager(authenticationManager()); - return filter; - } - -} diff --git a/cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/config/WebSecurityConfig.java b/cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/config/WebSecurityConfig.java new file mode 100644 index 0000000000..b0c3c68387 --- /dev/null +++ b/cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/config/WebSecurityConfig.java @@ -0,0 +1,79 @@ +package com.baeldung.cassecuredapp.config; + +import org.jasig.cas.client.session.SingleSignOutFilter; +import org.jasig.cas.client.validation.Cas30ServiceTicketValidator; +import org.jasig.cas.client.validation.TicketValidator; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Primary; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.ProviderManager; +import org.springframework.security.cas.ServiceProperties; +import org.springframework.security.cas.authentication.CasAuthenticationProvider; +import org.springframework.security.cas.web.CasAuthenticationEntryPoint; +import org.springframework.security.cas.web.CasAuthenticationFilter; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.core.authority.AuthorityUtils; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.web.AuthenticationEntryPoint; +import org.springframework.security.web.authentication.logout.LogoutFilter; + +import java.util.Collections; + +@EnableWebSecurity +public class WebSecurityConfig extends WebSecurityConfigurerAdapter { + + private Logger logger = LoggerFactory.getLogger(WebSecurityConfig.class); + private SingleSignOutFilter singleSignOutFilter; + private LogoutFilter logoutFilter; + private CasAuthenticationProvider casAuthenticationProvider; + private ServiceProperties serviceProperties; + + @Autowired + public WebSecurityConfig(SingleSignOutFilter singleSignOutFilter, LogoutFilter logoutFilter, + CasAuthenticationProvider casAuthenticationProvider, + ServiceProperties serviceProperties) { + this.logoutFilter = logoutFilter; + this.singleSignOutFilter = singleSignOutFilter; + this.serviceProperties = serviceProperties; + this.casAuthenticationProvider = casAuthenticationProvider; + } + + + @Override + protected void configure(HttpSecurity http) throws Exception { + http.authorizeRequests().antMatchers( "/secured", "/login").authenticated() + .and() + .exceptionHandling().authenticationEntryPoint(authenticationEntryPoint()) + .and() + .addFilterBefore(singleSignOutFilter, CasAuthenticationFilter.class) + .addFilterBefore(logoutFilter, LogoutFilter.class) + .csrf().ignoringAntMatchers("/exit/cas"); + } + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + auth.authenticationProvider(casAuthenticationProvider); + } + + @Bean + @Override + protected AuthenticationManager authenticationManager() throws Exception { + return new ProviderManager(Collections.singletonList(casAuthenticationProvider)); + } + + public AuthenticationEntryPoint authenticationEntryPoint() { + CasAuthenticationEntryPoint entryPoint = new CasAuthenticationEntryPoint(); + entryPoint.setLoginUrl("https://localhost:8443/login"); + entryPoint.setServiceProperties(serviceProperties); + return entryPoint; + } + + + +} diff --git a/cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/controllers/AuthController.java b/cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/controllers/AuthController.java index 2c88b74a83..16254c8cbd 100644 --- a/cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/controllers/AuthController.java +++ b/cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/controllers/AuthController.java @@ -1,7 +1,7 @@ package com.baeldung.cassecuredapp.controllers; -import org.apache.log4j.LogManager; -import org.apache.log4j.Logger; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler; @@ -13,24 +13,27 @@ import org.springframework.web.bind.annotation.GetMapping; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import static org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY; + @Controller public class AuthController { - private Logger logger = LogManager.getLogger(AuthController.class); - - @GetMapping("/logout") - public String logout( - HttpServletRequest request, HttpServletResponse response, SecurityContextLogoutHandler logoutHandler) { - Authentication auth = SecurityContextHolder.getContext().getAuthentication(); - logoutHandler.logout(request, response, auth ); - new CookieClearingLogoutHandler(AbstractRememberMeServices.SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY).logout(request, response, auth); - return "auth/logout"; - } - + private Logger logger = LoggerFactory.getLogger(AuthController.class); @GetMapping("/login") public String login() { + logger.info("/login called"); return "redirect:/secured"; } + + @GetMapping("/logout") + public String logout(HttpServletRequest request, HttpServletResponse response, SecurityContextLogoutHandler logoutHandler) { + Authentication auth = SecurityContextHolder.getContext().getAuthentication(); + CookieClearingLogoutHandler cookieClearingLogoutHandler = new CookieClearingLogoutHandler(SPRING_SECURITY_REMEMBER_ME_COOKIE_KEY); + cookieClearingLogoutHandler.logout(request, response, auth); + logoutHandler.logout(request, response, auth); + return "auth/logout"; + } + } diff --git a/cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/controllers/IndexController.java b/cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/controllers/IndexController.java index 75956cf493..d4800206d4 100644 --- a/cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/controllers/IndexController.java +++ b/cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/controllers/IndexController.java @@ -1,15 +1,19 @@ package com.baeldung.cassecuredapp.controllers; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.RequestMapping; - @Controller public class IndexController { + private Logger logger = LoggerFactory.getLogger(IndexController.class); + @GetMapping("/") public String index() { + logger.info("Index controller called"); return "index"; } + } diff --git a/cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/controllers/SecuredController.java b/cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/controllers/SecuredController.java new file mode 100644 index 0000000000..0b3ab6199f --- /dev/null +++ b/cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/controllers/SecuredController.java @@ -0,0 +1,30 @@ +package com.baeldung.cassecuredapp.controllers; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.stereotype.Controller; +import org.springframework.ui.ModelMap; +import org.springframework.web.bind.annotation.GetMapping; + +@Controller +public class SecuredController { + + private Logger logger = LoggerFactory.getLogger(SecuredController.class); + + @GetMapping("/secured") + public String securedIndex(ModelMap modelMap) { + + logger.info("/secured called"); + + Authentication auth = SecurityContextHolder.getContext() + .getAuthentication(); + + if(auth.getPrincipal() instanceof UserDetails) + modelMap.put("username", ((UserDetails) auth.getPrincipal()).getUsername()); + + return "secure/index"; + } +} diff --git a/cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/controllers/SecuredPageController.java b/cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/controllers/SecuredPageController.java deleted file mode 100644 index 9a872d1f40..0000000000 --- a/cas/cas-secured-app/src/main/java/com/baeldung/cassecuredapp/controllers/SecuredPageController.java +++ /dev/null @@ -1,24 +0,0 @@ -package com.baeldung.cassecuredapp.controllers; - -import org.springframework.security.core.Authentication; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.core.userdetails.UserDetails; -import org.springframework.stereotype.Controller; -import org.springframework.ui.ModelMap; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.RequestMapping; - -@Controller -@RequestMapping(value = "/secured") -public class SecuredPageController { - - @GetMapping - public String index(ModelMap modelMap) { - Authentication auth = SecurityContextHolder.getContext().getAuthentication(); - if( auth != null && auth.getPrincipal() != null - && auth.getPrincipal() instanceof UserDetails) { - modelMap.put("username", ((UserDetails) auth.getPrincipal()).getUsername()); - } - return "secure/index"; - } -} diff --git a/cas/cas-secured-app/src/main/resources/application.properties b/cas/cas-secured-app/src/main/resources/application.properties index 99802c632f..f8789997d5 100644 --- a/cas/cas-secured-app/src/main/resources/application.properties +++ b/cas/cas-secured-app/src/main/resources/application.properties @@ -1 +1,2 @@ -server.port=9000 \ No newline at end of file +server.port=8900 +spring.freemarker.suffix=.ftl \ No newline at end of file diff --git a/cas/cas-secured-app/src/test/java/com/baeldung/cassecuredapp/CasSecuredAppApplicationIntegrationTest.java b/cas/cas-secured-app/src/test/java/com/baeldung/cassecuredapp/CasSecuredApplicationIntegrationTest.java similarity index 84% rename from cas/cas-secured-app/src/test/java/com/baeldung/cassecuredapp/CasSecuredAppApplicationIntegrationTest.java rename to cas/cas-secured-app/src/test/java/com/baeldung/cassecuredapp/CasSecuredApplicationIntegrationTest.java index 2f2644e2ea..de13f6665d 100644 --- a/cas/cas-secured-app/src/test/java/com/baeldung/cassecuredapp/CasSecuredAppApplicationIntegrationTest.java +++ b/cas/cas-secured-app/src/test/java/com/baeldung/cassecuredapp/CasSecuredApplicationIntegrationTest.java @@ -7,7 +7,7 @@ import org.springframework.test.context.junit4.SpringRunner; @RunWith(SpringRunner.class) @SpringBootTest -public class CasSecuredAppApplicationIntegrationTest { +public class CasSecuredApplicationIntegrationTest { @Test public void contextLoads() { diff --git a/cas/cas-server/.factorypath b/cas/cas-server/.factorypath deleted file mode 100644 index 006c761796..0000000000 --- a/cas/cas-server/.factorypath +++ /dev/null @@ -1,228 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/cas/cas-server/.gitignore b/cas/cas-server/.gitignore old mode 100644 new mode 100755 index 5304519922..6121b5ea9d --- a/cas/cas-server/.gitignore +++ b/cas/cas-server/.gitignore @@ -2,6 +2,8 @@ !/.project .project .settings +.history +.vscode target/ .idea/ .DS_Store @@ -9,6 +11,11 @@ target/ overlays/ .gradle/ build/ +log/ bin/ +*.war *.iml *.log +tmp/ +./apache-tomcat +apache-tomcat.zip \ No newline at end of file diff --git a/cas/cas-server/.mergify.yml b/cas/cas-server/.mergify.yml new file mode 100644 index 0000000000..4fcbdbe4ac --- /dev/null +++ b/cas/cas-server/.mergify.yml @@ -0,0 +1,32 @@ +# +# Licensed to Apereo under one or more contributor license +# agreements. See the NOTICE file distributed with this work +# for additional information regarding copyright ownership. +# Apereo licenses this file to you under the Apache License, +# Version 2.0 (the "License"); you may not use this file +# except in compliance with the License. You may obtain a +# copy of the License at the following location: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +pull_request_rules: +- name: automatic merge by dependabot + conditions: + - status-success=continuous-integration/travis-ci/pr + - status-success=WIP + - "#changes-requested-reviews-by=0" + - base=master + - label=dependencies + actions: + merge: + method: merge + strict: true + delete_head_branch: \ No newline at end of file diff --git a/cas/cas-server/.travis.yml b/cas/cas-server/.travis.yml new file mode 100644 index 0000000000..8347dd1719 --- /dev/null +++ b/cas/cas-server/.travis.yml @@ -0,0 +1,62 @@ +language: java +sudo: required +dist: trusty +services: + - docker +branches: + only: + - master +before_cache: + - rm -rf $HOME/.gradle/caches/5.*/ + - rm -rf $HOME/.gradle/caches/4.*/ + - rm -fr $HOME/.gradle/caches/*/plugin-resolution/ + - find ~/.gradle/caches/ -name "*.lock" -type f -delete +cache: + bundler: false + cargo: false + directories: + - $HOME/.m2 + - $HOME/.npm/ + - $HOME/.gradle/caches/ + - $HOME/.gradle/wrapper/ +env: + global: + - JAVA_OPTS="-Xms512m -Xmx4048m -Xss128m -XX:ReservedCodeCacheSize=512m -XX:+UseG1GC -Xverify:none -server" + - GRADLE_OPTS="-Xms512m -Xmx1024m -Xss128m -XX:ReservedCodeCacheSize=512m -XX:+UseG1GC -Xverify:none -server" +jdk: +- openjdk11 +before_install: +- echo -e "Configuring Gradle wrapper...\n" +- mkdir -p ~/.gradle && echo "org.gradle.daemon=false" >> ~/.gradle/gradle.properties +- chmod -R 777 ./gradlew +- chmod -R 777 *.sh +install: true +stages: + - build + - validate + - docker +jobs: + include: + - stage: build + script: ./gradlew clean build --stacktrace --no-daemon --refresh-dependencies -Dorg.gradle.internal.http.socketTimeout=600000 -Dorg.gradle.internal.http.connectionTimeout=600000 + name: "Build CAS" + ############################################ + - stage: validate + script: ./gradlew downloadShell + name: "Download CAS Shell" + - stage: validate + script: ./gradlew listTemplateViews + name: "List CAS Template Views" + - stage: validate + script: ./gradlew explodeWar + name: "Unzip CAS Web Application" + ############################################ + - stage: docker + script: ./gradlew build jibDockerBuild --stacktrace --no-daemon --refresh-dependencies + name: "Build Docker Image via Jib" + - stage: docker + script: docker-compose build + name: "Build Docker Image via Docker Compose" + - stage: docker + script: ./docker-build.sh + name: "Build Docker Image" \ No newline at end of file diff --git a/cas/cas-server/Dockerfile b/cas/cas-server/Dockerfile new file mode 100644 index 0000000000..b2f15ef4c3 --- /dev/null +++ b/cas/cas-server/Dockerfile @@ -0,0 +1,40 @@ +FROM adoptopenjdk/openjdk11:alpine-slim AS overlay + +RUN mkdir -p cas-overlay +COPY ./src cas-overlay/src/ +COPY ./gradle/ cas-overlay/gradle/ +COPY ./gradlew ./settings.gradle ./build.gradle ./gradle.properties /cas-overlay/ + +RUN mkdir -p ~/.gradle \ + && echo "org.gradle.daemon=false" >> ~/.gradle/gradle.properties \ + && echo "org.gradle.configureondemand=true" >> ~/.gradle/gradle.properties \ + && cd cas-overlay \ + && chmod 750 ./gradlew \ + && ./gradlew --version; + +RUN cd cas-overlay \ + && ./gradlew clean build --parallel; + +FROM adoptopenjdk/openjdk11:alpine-jre AS cas + +LABEL "Organization"="Apereo" +LABEL "Description"="Apereo CAS" + +RUN cd / \ + && mkdir -p /etc/cas/config \ + && mkdir -p /etc/cas/services \ + && mkdir -p /etc/cas/saml \ + && mkdir -p cas-overlay; + +COPY etc/cas/ /etc/cas/ +COPY etc/cas/config/ /etc/cas/config/ +COPY etc/cas/services/ /etc/cas/services/ +COPY etc/cas/saml/ /etc/cas/saml/ +COPY --from=overlay cas-overlay/build/libs/cas.war cas-overlay/ + +EXPOSE 8080 8443 + +ENV PATH $PATH:$JAVA_HOME/bin:. + +WORKDIR cas-overlay +ENTRYPOINT ["java", "-server", "-noverify", "-Xmx2048M", "-jar", "cas.war"] diff --git a/cas/cas-server/README.md b/cas/cas-server/README.md index 44cfa2246c..b224738732 100644 --- a/cas/cas-server/README.md +++ b/cas/cas-server/README.md @@ -1,105 +1,146 @@ -CAS Overlay Template -============================ +CAS Overlay Template [![Build Status](https://travis-ci.org/apereo/cas-overlay-template.svg?branch=master)](https://travis-ci.org/apereo/cas-overlay-template) +======================= -Generic CAS WAR overlay to exercise the latest versions of CAS. This overlay could be freely used as a starting template for local CAS war overlays. The CAS services management overlay is available [here](https://github.com/apereo/cas-services-management-overlay). +Generic CAS WAR overlay to exercise the latest versions of CAS. This overlay could be freely used as a starting template for local CAS war overlays. # Versions -```xml -5.3.x +- CAS `6.1.x` +- JDK `11` + +# Overview + +To build the project, use: + +```bash +# Use --refresh-dependencies to force-update SNAPSHOT versions +./gradlew[.bat] clean build ``` -# Requirements - -* JDK 1.8+ - -# Configuration - -The `etc` directory contains the configuration files and directories that need to be copied to `/etc/cas/config`. - -# Build - To see what commands are available to the build script, run: ```bash -./build.sh help +./gradlew[.bat] tasks ``` -To package the final web application, run: +To launch into the CAS command-line shell: ```bash -./build.sh package +./gradlew[.bat] downloadShell runShell ``` -To update `SNAPSHOT` versions run: +To fetch and overlay a CAS resource or view, use: ```bash -./build.sh package -U +./gradlew[.bat] getResource -PresourceName=[resource-name] ``` +To list all available CAS views and templates: + +```bash +./gradlew[.bat] listTemplateViews +``` + +To unzip and explode the CAS web application file and the internal resources jar: + +```bash +./gradlew[.bat] explodeWar +``` + +# Configuration + +- The `etc` directory contains the configuration files and directories that need to be copied to `/etc/cas/config`. + +```bash +./gradlew[.bat] copyCasConfiguration +``` + +- The specifics of the build are controlled using the `gradle.properties` file. + +## Adding Modules + +CAS modules may be specified under the `dependencies` block of the [Gradle build script](build.gradle): + +```gradle +dependencies { + compile "org.apereo.cas:cas-server-some-module:${project.casVersion}" + ... +} +``` + +To collect the list of all project modules and dependencies: + +```bash +./gradlew[.bat] allDependencies +``` + +### Clear Gradle Cache + +If you need to, on Linux/Unix systems, you can delete all the existing artifacts (artifacts and metadata) Gradle has downloaded using: + +```bash +# Only do this when absolutely necessary +rm -rf $HOME/.gradle/caches/ +``` + +Same strategy applies to Windows too, provided you switch `$HOME` to its equivalent in the above command. + # Deployment -- Create a keystore file `thekeystore` under `/etc/cas`. Use the password `changeit` for both the keystore and the key/certificate entries. +- Create a keystore file `thekeystore` under `/etc/cas`. Use the password `changeit` for both the keystore and the key/certificate entries. This can either be done using the JDK's `keytool` utility or via the following command: + +```bash +./gradlew[.bat] createKeystore +``` + - Ensure the keystore is loaded up with keys and certificates of the server. On a successful deployment via the following methods, CAS will be available at: -* `http://cas.server.name:8080/cas` * `https://cas.server.name:8443/cas` ## Executable WAR -Run the CAS web application as an executable WAR. +Run the CAS web application as an executable WAR: ```bash -./build.sh run +./gradlew[.bat] run ``` -## Spring Boot - -Run the CAS web application as an executable WAR via Spring Boot. This is most useful during development and testing. +Debug the CAS web application as an executable WAR: ```bash -./build.sh bootrun +./gradlew[.bat] debug ``` -### Warning! +Run the CAS web application as a *standalone* executable WAR: -Be careful with this method of deployment. `bootRun` is not designed to work with already executable WAR artifacts such that CAS server web application. YMMV. Today, uses of this mode ONLY work when there is **NO OTHER** dependency added to the build script and the `cas-server-webapp` is the only present module. See [this issue](https://github.com/spring-projects/spring-boot/issues/8320) for more info. - - -## Spring Boot App Server Selection - -There is an app.server property in the `pom.xml` that can be used to select a spring boot application server. -It defaults to `-tomcat` but `-jetty` and `-undertow` are supported. - -It can also be set to an empty value (nothing) if you want to deploy CAS to an external application server of your choice. - -```xml --tomcat -``` - -## Windows Build - -If you are building on windows, try `build.cmd` instead of `build.sh`. Arguments are similar but for usage, run: - -``` -build.cmd help +```bash +./gradlew[.bat] clean executable ``` ## External -Deploy resultant `target/cas.war` to a servlet container of choice. +Deploy the binary web application file `cas.war` after a successful build to a servlet container of choice. +## Docker -## Command Line Shell +The following strategies outline how to build and deploy CAS Docker images. -Invokes the CAS Command Line Shell. For a list of commands either use no arguments or use `-h`. To enter the interactive shell use `-sh`. +### Jib + +The overlay embraces the [Jib Gradle Plugin](https://github.com/GoogleContainerTools/jib) to provide easy-to-use out-of-the-box tooling for building CAS docker images. Jib is an open-source Java containerizer from Google that lets Java developers build containers using the tools they know. It is a container image builder that handles all the steps of packaging your application into a container image. It does not require you to write a Dockerfile or have Docker installed, and it is directly integrated into the overlay. ```bash -./build.sh cli +./gradlew build jibDockerBuild ``` -### Relevant Articles: +### Dockerfile -- [CAS SSO With Spring Security](https://www.baeldung.com/spring-security-cas-sso) +You can also use the native Docker tooling and the provided `Dockerfile` to build and run CAS. + +```bash +chmod +x *.sh +./docker-build.sh +./docker-run.sh +``` diff --git a/cas/cas-server/build.cmd b/cas/cas-server/build.cmd deleted file mode 100644 index 2cf9262afe..0000000000 --- a/cas/cas-server/build.cmd +++ /dev/null @@ -1,102 +0,0 @@ -@echo off - -@set JAVA_ARGS=-Xms500m -Xmx1g -@set CAS_DIR=\etc\cas -@set CONFIG_DIR=\etc\cas\config - -@rem Call this script with DNAME and CERT_SUBJ_ALT_NAMES already set to override -@if "%DNAME%" == "" set DNAME=CN=cas.example.org,OU=Example,OU=Org,C=US -@rem List other host names or ip addresses you want in your certificate, may help with host name verification, -@rem if client apps make https connection for ticket validation and compare name in cert (include sub. alt. names) -@rem to name used to access CAS -@if "%CERT_SUBJ_ALT_NAMES%" == "" set CERT_SUBJ_ALT_NAMES=dns:example.org,dns:localhost,dns:%COMPUTERNAME%,ip:127.0.0.1 - -@rem Check for mvn in path, use it if found, otherwise use maven wrapper -@set MAVEN_CMD=mvn -@where /q mvn -@if %ERRORLEVEL% neq 0 set MAVEN_CMD=.\mvnw.bat - -@if "%1" == "" call:help -@if "%1" == "copy" call:copy -@if "%1" == "clean" call:clean %2 %3 %4 -@if "%1" == "package" call:package %2 %3 %4 -@if "%1" == "bootrun" call:bootrun %2 %3 %4 -@if "%1" == "debug" call:debug %2 %3 %4 -@if "%1" == "run" call:run %2 %3 %4 -@if "%1" == "runalone" call:runalone %2 %3 %4 -@if "%1" == "help" call:help -@if "%1" == "gencert" call:gencert -@if "%1" == "cli" call:runcli %2 %3 %4 - -@rem function section starts here -@goto:eof - -:copy - @echo "Creating configuration directory under %CONFIG_DIR%" - if not exist %CONFIG_DIR% mkdir %CONFIG_DIR% - - @echo "Copying configuration files from etc/cas to /etc/cas" - xcopy /S /Y etc\cas\* \etc\cas -@goto:eof - -:help - @echo "Usage: build.bat [copy|clean|package|run|debug|bootrun|gencert|cli] [optional extra args for maven or cli]" - @echo "To get started on a clean system, run "build.bat copy" and "build.bat gencert", then "build.bat run" - @echo "Note that using the copy or gencert arguments will create and/or overwrite the %CAS_DIR% which is outside this project" -@goto:eof - -:clean - call %MAVEN_CMD% clean %1 %2 %3 - exit /B %ERRORLEVEL% -@goto:eof - -:package - call %MAVEN_CMD% clean package -T 5 %1 %2 %3 - exit /B %ERRORLEVEL% -@goto:eof - -:bootrun - call %MAVEN_CMD% clean package spring-boot:run -T 5 %1 %2 %3 - exit /B %ERRORLEVEL% -@goto:eof - -:debug - call:package %1 %2 %3 & java %JAVA_ARGS% -Xdebug -Xrunjdwp:transport=dt_socket,address=5000,server=y,suspend=n -jar target/cas.war -@goto:eof - -:run - call:package %1 %2 %3 & java %JAVA_ARGS% -jar target/cas.war -@goto:eof - -:runalone - call:package %1 %2 %3 & target/cas.war -@goto:eof - -:gencert - where /q keytool - if ERRORLEVEL 1 ( - @echo Java keytool.exe not found in path. - exit /b 1 - ) else ( - if not exist %CAS_DIR% mkdir %CAS_DIR% - @echo on - @echo Generating self-signed SSL cert for %DNAME% in %CAS_DIR%\thekeystore - keytool -genkeypair -alias cas -keyalg RSA -keypass changeit -storepass changeit -keystore %CAS_DIR%\thekeystore -dname %DNAME% -ext SAN=%CERT_SUBJ_ALT_NAMES% - @echo Exporting cert for use in trust store (used by cas clients) - keytool -exportcert -alias cas -storepass changeit -keystore %CAS_DIR%\thekeystore -file %CAS_DIR%\cas.cer - ) -@goto:eof - -:runcli - for /f %%i in ('call %MAVEN_CMD% -q --non-recursive "-Dexec.executable=cmd" "-Dexec.args=/C echo ${cas.version}" "org.codehaus.mojo:exec-maven-plugin:1.3.1:exec"') do set CAS_VERSION=%%i - @set CAS_VERSION=%CAS_VERSION: =% - @set DOWNLOAD_DIR=target - @set COMMAND_FILE=cas-server-support-shell-%CAS_VERSION%.jar - @if not exist %DOWNLOAD_DIR% mkdir %DOWNLOAD_DIR% - @if not exist %DOWNLOAD_DIR%\%COMMAND_FILE% ( - @call mvn org.apache.maven.plugins:maven-dependency-plugin:3.0.2:get -DgroupId=org.apereo.cas -DartifactId=cas-server-support-shell -Dversion=%CAS_VERSION% -Dpackaging=jar -DartifactItem.outputDirectory=%DOWNLOAD_DIR% -DartifactItem.destFileName=%COMMAND_FILE% -DremoteRepositories=central::default::http://repo1.maven.apache.org/maven2,snapshots::::https://oss.sonatype.org/content/repositories/snapshots -Dtransitive=false - @call mvn org.apache.maven.plugins:maven-dependency-plugin:3.0.2:copy -Dmdep.useBaseVersion=true -Dartifact=org.apereo.cas:cas-server-support-shell:%CAS_VERSION%:jar -DoutputDirectory=%DOWNLOAD_DIR% - ) - @call java %JAVA_ARGS% -jar %DOWNLOAD_DIR%\%COMMAND_FILE% %1 %2 %3 - -@goto:eof \ No newline at end of file diff --git a/cas/cas-server/build.gradle b/cas/cas-server/build.gradle new file mode 100644 index 0000000000..41381e2d8f --- /dev/null +++ b/cas/cas-server/build.gradle @@ -0,0 +1,106 @@ +buildscript { + repositories { + mavenLocal() + mavenCentral() + jcenter() + maven { url "https://repo.spring.io/libs-milestone" } + maven { url "https://repo.spring.io/libs-snapshot" } + maven { url "https://plugins.gradle.org/m2/" } + } + dependencies { + classpath "de.undercouch:gradle-download-task:${project.gradleDownloadTaskVersion}" + classpath "org.springframework.boot:spring-boot-gradle-plugin:${project.springBootVersion}" + classpath "gradle.plugin.com.google.cloud.tools:jib-gradle-plugin:${project.jibVersion}" + classpath "io.freefair.gradle:maven-plugin:${project.gradleMavenPluginVersion}" + } +} + +repositories { + mavenLocal() + mavenCentral() + jcenter() + maven { url "https://oss.sonatype.org/content/repositories/snapshots" } + maven { url "https://build.shibboleth.net/nexus/content/repositories/releases/" } + maven { url "https://repo.spring.io/milestone/" } + maven { url "https://repo.spring.io/snapshot/" } + maven { url "https://oss.jfrog.org/artifactory/oss-snapshot-local" } +} + +def casServerVersion = project.'cas.version' +def casWebApplicationBinaryName = "cas.war" + +project.ext."casServerVersion" = casServerVersion +project.ext."casWebApplicationBinaryName" = casWebApplicationBinaryName + +apply plugin: "io.freefair.war-overlay" +apply from: rootProject.file("gradle/tasks.gradle") + +apply plugin: "war" +apply plugin: "eclipse" +apply plugin: "idea" + +apply from: rootProject.file("gradle/springboot.gradle") +apply from: rootProject.file("gradle/dockerjib.gradle") + +dependencies { + // Other CAS dependencies/modules may be listed here... + compile "org.apereo.cas:cas-server-support-json-service-registry:${casServerVersion}" + compile "org.apereo.cas:cas-server-support-jdbc:${casServerVersion}" +} + +tasks.findByName("jibDockerBuild") + .dependsOn(copyWebAppIntoJib, copyConfigIntoJib) + .finalizedBy(deleteWebAppFromJib) + +tasks.findByName("jib") + .dependsOn(copyWebAppIntoJib, copyConfigIntoJib) + .finalizedBy(deleteWebAppFromJib) + +configurations.all { + resolutionStrategy { + cacheChangingModulesFor 0, "seconds" + cacheDynamicVersionsFor 0, "seconds" + + preferProjectModules() + + def failIfConflict = project.hasProperty("failOnVersionConflict") && Boolean.valueOf(project.getProperty("failOnVersionConflict")) + if (failIfConflict) { + failOnVersionConflict() + } + } +} + +eclipse { + classpath { + downloadSources = true + downloadJavadoc = true + } +} + +idea { + module { + downloadJavadoc = true + downloadSources = true + } +} + +bootWar { + entryCompression = ZipEntryCompression.STORED + overlays { + // https://docs.freefair.io/gradle-plugins/current/reference/#_io_freefair_war_overlay + // Note: The "excludes" property is only for files in the war dependency. + // If a jar is excluded from the war, it could be brought back into the final war as a dependency + // of non-war dependencies. Those should be excluded via normal gradle dependency exclusions. + cas { + from "org.apereo.cas:cas-server-webapp${project.appServer}:${casServerVersion}@war" + provided = false + //excludes = ["WEB-INF/lib/somejar-1.0*"] + } + } +} + + +wrapper { + distributionType = Wrapper.DistributionType.BIN + gradleVersion = "${project.gradleVersion}" +} diff --git a/cas/cas-server/build.sh b/cas/cas-server/build.sh deleted file mode 100644 index 4d80aa2593..0000000000 --- a/cas/cas-server/build.sh +++ /dev/null @@ -1,189 +0,0 @@ -#!/bin/bash - - -function copy() { - echo -e "Creating configuration directory under /etc/cas" - mkdir -p /etc/cas/config - - echo -e "Copying configuration files from etc/cas to /etc/cas" - cp -rfv etc/cas/* /etc/cas -} - -function help() { - echo "Usage: build.sh [copy|clean|package|run|debug|bootrun|gencert]" - echo " copy: Copy config from ./etc/cas/config to /etc/cas/config" - echo " clean: Clean Maven build directory" - echo " package: Clean and build CAS war" - echo " run: Build and run cas.war via Java (i.e. java -jar target/cas.war)" - echo " runalone: Build and run cas.war on its own as a standalone executable (target/cas.war)" - echo " debug: Run CAS.war and listen for Java debugger on port 5000" - echo " bootrun: Run with maven spring boot plugin" - echo " listviews: List all CAS views that ship with the web application and can be customized in the overlay" - echo " getview: Ask for a view name to be included in the overlay for customizations" - echo " gencert: Create keystore with SSL certificate in location where CAS looks by default" - echo " cli: Run the CAS command line shell and pass commands" -} - -function clean() { - shift - ./mvnw clean "$@" -} - -function package() { - shift - ./mvnw clean package -T 5 "$@" - # copy -} - -function bootrun() { - shift - ./mvnw clean package spring-boot:run -P bootiful -T 5 "$@" -} - -function debug() { - package && java -Xdebug -Xrunjdwp:transport=dt_socket,address=5000,server=y,suspend=n -jar target/cas.war -} - -function run() { - package && java -jar target/cas.war -} - -function runalone() { - shift - ./mvnw clean package -P default,exec "$@" - chmod +x target/cas.war - target/cas.war -} - -function listviews() { - shift - explodeapp - find $PWD/target/cas -type f -name "*.html" | xargs -n 1 basename | sort | more -} - -function explodeapp() { - if [ ! -d $PWD/target/cas ];then - echo "Building the CAS web application and exploding the final war file..." - ./mvnw clean package war:exploded "$@" - fi - echo "Exploded the CAS web application file." -} - -function getview() { - shift - explodeapp - echo "Searching for view name $@..." - results=`find $PWD/target/cas -type f -name "*.html" | grep -i "$@"` - echo -e "Found view(s): \n$results" - count=`wc -w <<< "$results"` - if [ "$count" -eq 1 ];then - # echo "Found view $results to include in the overlay" - firststring="target/cas/WEB-INF/classes" - secondstring="src/main/resources" - overlayfile=`echo "${results/$firststring/$secondstring}"` - overlaypath=`dirname "${overlayfile}"` - # echo "Overlay file is $overlayfile to be created at $overlaypath" - mkdir -p $overlaypath - cp $results $overlaypath - echo "Created view at $overlayfile" - ls $overlayfile - else - echo "More than one view file is found. Narrow down the search query..." - fi -} - - -function gencert() { - if [[ ! -d /etc/cas ]] ; then - copy - fi - which keytool - if [[ $? -ne 0 ]] ; then - echo Error: Java JDK \'keytool\' is not installed or is not in the path - exit 1 - fi - # override DNAME and CERT_SUBJ_ALT_NAMES before calling or use dummy values - DNAME="${DNAME:-CN=cas.example.org,OU=Example,OU=Org,C=US}" - CERT_SUBJ_ALT_NAMES="${CERT_SUBJ_ALT_NAMES:-dns:example.org,dns:localhost,ip:127.0.0.1}" - echo "Generating keystore for CAS with DN ${DNAME}" - keytool -genkeypair -alias cas -keyalg RSA -keypass changeit -storepass changeit -keystore /etc/cas/thekeystore -dname ${DNAME} -ext SAN=${CERT_SUBJ_ALT_NAMES} - keytool -exportcert -alias cas -storepass changeit -keystore /etc/cas/thekeystore -file /etc/cas/cas.cer -} - -function cli() { - - CAS_VERSION=$(./mvnw -q -Dexec.executable="echo" -Dexec.args='${cas.version}' --non-recursive org.codehaus.mojo:exec-maven-plugin:1.3.1:exec 2>/dev/null) - # echo "CAS version: $CAS_VERSION" - JAR_FILE_NAME="cas-server-support-shell-${CAS_VERSION}.jar" - # echo "JAR name: $JAR_FILE_NAME" - JAR_PATH="org/apereo/cas/cas-server-support-shell/${CAS_VERSION}/${JAR_FILE_NAME}" - # echo "JAR path: $JAR_PATH" - - JAR_FILE_LOCAL="$HOME/.m2/repository/$JAR_PATH"; - # echo "Local JAR file path: $JAR_FILE_LOCAL"; - if [ -f "$JAR_FILE_LOCAL" ]; then - # echo "Using JAR file locally at $JAR_FILE_LOCAL" - java -jar $JAR_FILE_LOCAL "$@" - exit 0; - fi - - DOWNLOAD_DIR=./target - COMMAND_FILE="${DOWNLOAD_DIR}/${JAR_FILE_NAME}" - if [ ! -f "$COMMAND_FILE" ]; then - mkdir -p $DOWNLOAD_DIR - ./mvnw org.apache.maven.plugins:maven-dependency-plugin:3.0.2:get -DgroupId=org.apereo.cas -DartifactId=cas-server-support-shell -Dversion=$CAS_VERSION -Dpackaging=jar -DartifactItem.outputDirectory=$DOWNLOAD_DIR -DremoteRepositories=central::default::http://repo1.maven.apache.org/maven2,snapshots::::https://oss.sonatype.org/content/repositories/snapshots -Dtransitive=false - ./mvnw org.apache.maven.plugins:maven-dependency-plugin:3.0.2:copy -Dmdep.useBaseVersion=true -Dartifact=org.apereo.cas:cas-server-support-shell:$CAS_VERSION:jar -DoutputDirectory=$DOWNLOAD_DIR - fi - java -jar $COMMAND_FILE "$@" - exit 0; - -} - -if [ $# -eq 0 ]; then - echo -e "No commands provided. Defaulting to [run]\n" - run - exit 0 -fi - -case "$1" in -"copy") - copy - ;; -"clean") - shift - clean "$@" - ;; -"package") - shift - package "$@" - ;; -"bootrun") - shift - bootrun "$@" - ;; -"debug") - debug "$@" - ;; -"run") - run "$@" - ;; -"runalone") - runalone "$@" - ;; -"listviews") - listviews "$@" - ;; -"gencert") - gencert "$@" - ;; -"getview") - getview "$@" - ;; -"cli") - shift - cli "$@" - ;; -*) - help - ;; -esac diff --git a/cas/cas-server/docker-build.sh b/cas/cas-server/docker-build.sh new file mode 100755 index 0000000000..8f2c2776bf --- /dev/null +++ b/cas/cas-server/docker-build.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +image_tag=(`cat gradle.properties | grep "cas.version" | cut -d= -f2`) + +echo "Building CAS docker image tagged as [$image_tag]" +# read -p "Press [Enter] to continue..." any_key; + +docker build --tag="org.apereo.cas/cas:$image_tag" . \ + && echo "Built CAS image successfully tagged as org.apereo.cas/cas:$image_tag" \ + && docker images "org.apereo.cas/cas:$image_tag" \ No newline at end of file diff --git a/cas/cas-server/docker-compose.yml b/cas/cas-server/docker-compose.yml new file mode 100644 index 0000000000..8f2e6ca7c9 --- /dev/null +++ b/cas/cas-server/docker-compose.yml @@ -0,0 +1,7 @@ +version: '3' +services: + cas: + build: . + ports: + - "8443:8443" + - "8080:8080" \ No newline at end of file diff --git a/cas/cas-server/docker-push.sh b/cas/cas-server/docker-push.sh new file mode 100755 index 0000000000..e04b107212 --- /dev/null +++ b/cas/cas-server/docker-push.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +read -p "Docker username: " docker_user +read -s -p "Docker password: " docker_psw + +echo "$docker_psw" | docker login --username "$docker_user" --password-stdin + +image_tag=(`cat gradle.properties | grep "cas.version" | cut -d= -f2`) + +echo "Pushing CAS docker image tagged as $image_tag to org.apereo.cas/cas..." +docker push org.apereo.cas/cas:"$image_tag" \ + && echo "Pushed org.apereo.cas/cas:$image_tag successfully."; \ No newline at end of file diff --git a/cas/cas-server/docker-run.sh b/cas/cas-server/docker-run.sh new file mode 100755 index 0000000000..f8627859f2 --- /dev/null +++ b/cas/cas-server/docker-run.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +docker stop cas > /dev/null 2>&1 +docker rm cas > /dev/null 2>&1 +image_tag=(`cat gradle.properties | grep "cas.version" | cut -d= -f2`) +docker run -d -p 8080:8080 -p 8443:8443 --name="cas" org.apereo.cas/cas:"${image_tag}" +docker logs -f cas \ No newline at end of file diff --git a/cas/cas-server/etc/cas/config/application.yml b/cas/cas-server/etc/cas/config/application.yml deleted file mode 100644 index be1f7c3edd..0000000000 --- a/cas/cas-server/etc/cas/config/application.yml +++ /dev/null @@ -1,2 +0,0 @@ -info: - description: CAS Configuration \ No newline at end of file diff --git a/cas/cas-server/etc/cas/config/cas.properties b/cas/cas-server/etc/cas/config/cas.properties index 47a1477308..a3be0e1388 100644 --- a/cas/cas-server/etc/cas/config/cas.properties +++ b/cas/cas-server/etc/cas/config/cas.properties @@ -1,7 +1,6 @@ -cas.server.name: https://cas.example.org:8443 -cas.server.prefix: https://cas.example.org:8443/cas - -cas.adminPagesSecurity.ip=127\.0\.0\.1 +cas.server.name=https://cas.example.org:8443 +cas.server.prefix=${cas.server.name}/cas logging.config: file:/etc/cas/config/log4j2.xml -# cas.serviceRegistry.config.location: classpath:/services + +# cas.authn.accept.users= diff --git a/cas/cas-server/etc/cas/config/log4j2.xml b/cas/cas-server/etc/cas/config/log4j2.xml index e688cc0350..685dfab245 100644 --- a/cas/cas-server/etc/cas/config/log4j2.xml +++ b/cas/cas-server/etc/cas/config/log4j2.xml @@ -2,20 +2,26 @@ - - . - - warn + /var/log + + info + warn + info + warn + debug + warn + warn + warn + warn + warn + warn - + - + @@ -23,8 +29,8 @@ - + @@ -33,16 +39,6 @@ - - - - - - - - - @@ -52,52 +48,58 @@ - - - - + + + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/cas/cas-server/etc/cas/saml/.gitkeep b/cas/cas-server/etc/cas/saml/.gitkeep new file mode 100644 index 0000000000..882c99944d --- /dev/null +++ b/cas/cas-server/etc/cas/saml/.gitkeep @@ -0,0 +1 @@ +This directory is references in the Dockerfile so it needs to be here. \ No newline at end of file diff --git a/cas/cas-server/etc/cas/services/.donotdel b/cas/cas-server/etc/cas/services/.donotdel new file mode 100644 index 0000000000..e69de29bb2 diff --git a/cas/cas-server/etc/cas/thekeystore b/cas/cas-server/etc/cas/thekeystore new file mode 100644 index 0000000000000000000000000000000000000000..78f49baf743bc53e74cb67746992be258229c310 GIT binary patch literal 2266 zcmcgtc{J1w7oOkD7#YUW2w6i>BlG^ol6P!l$THbwi=vqO} zmYOk062e%@YtIrw=n$_u-*?XY$M^U5$35ph&%O7Yd!BpGy}Ms`zd|4o=)M8J4R(p_ zyYExV1$Fib4gjRWe}cRSqyhqf0~n|P0B}IyRQMbrXw&-UkX;%=H~+&uQHb3Frx62$ z_ZK7qS)+$zucd0azsOV;vTvu0vLqElCvV!Bz-nJ9z0&irkt8K}> zJrJ0~8>Cg57A~TFKxJviS1W$}L~4=(L-R7?3at^Tsq;scd>n;pKWwh!gk zHC$)eb@&cVlM2zX_W@HEh9*x)v zgKta)@yyS69GS8R`>Z(0YN)IEzQVZ^iDlFD;~52}`o5~x{X!0;0pT&YEiSI}8E*;U z=hN#w;gi$FL-$)IGePw7*< zmNTt?+v_`pF(tYoc73CozG)E;p5DJDwJ}sl^L{c-AVfM3FdF-nd0(@{#`N_#H$=jLe(4bHNWu@5aLK?nlJknSS zu;;hSYCw!P&g=g0h>DA|=talkLx%R|qAzD47Oqr8`8qpGzj2xSa^Qn(uAdbwMsdNq z8RKuxv6h}(9Kj}IsMQqz}-*N4iT_2YBLotQ?S`s7Ck z$~3kH>KB-NiI17cT&J_|b_E^F^X1J*BHCxAoz6)-HlC&Ad9Wr*vQ?52Z>g=@Bn@VI zR=b)L-5MX)P;KD2`NI*Kuu{44*b+r-aJt`rY`43SMqajA)YU6i{_b1TT5mgbXe5!Gu1wODRyDKyKPR}CzVMcuGh@|Q-ek5 zA4QaYQ4<$hmyFrb>5MYPjq~pBG_(84xfv&W`g(l`T!E`E`qOjU8N($aQ7>Z~h3rhy zpWJ8qC6ChX34iDPbl#?W`ZPMhG;+`FrCUS8WLuDxArD@CtVPGHIjy;T8Y7}QCHHFS z;Nu`}=~i#s;a*Ag*rw|B=B413OsXDxt7wtYjUyQ5mO`v$S9DvU=_q<2v_3GogQOC} zHjB)rH#74^nnj62H=8P;%>z+?`}cV#bLh$L74>df7vk>Xg?^Aq$VJy41tWm3;&*}u+! zHva7yjdS>;&Tb92p?=E*A6BMuectg9sHt4CbqaaA=GeAaox#W5Dj$-j-R&B_s9;X{ z0#1V`H=3~6(uXD|6R12RJ7f)Q5j?E@L_|X8(haAnVcs5Z?K&ji`j;2%^MX^gq zN*viE94`y+7+A#X%+iX=R?S=%@}M%JUSXjHiY^7(IiHQ(+E3T5hbXmuAgjVinXE|h z%5Mvqd1O6#L8%)TlscV;(YM`>UclguYfrdmeH;}?iWB+p`zmtSV^u*s1Om$dsjyU# z3JuPOK>;Wf?p*0c22ltuOtew-CJF$!IUt}1jvM4cz--_MG}Pwof58DXl<0ut-@m2% z5l%Fxp~qE<>kU5~-+uW%gG3{2yge@Yc;k3LdvapIupF9buQy}W$L!NIOB zSpVO7SZ`N9P*NC$`x8_F@i-i)qO9Z~j8ejZI8f<7@c-Eg6_EM25c_WeMg{mFAQeDD zsQ>`EV_RHzx&jx_^cq|Zo*Uu0^uq(A+_E@k`j$#e6S&rY_(#^dxusOEK69>M9?MpY)kf|5u@rMWaLTZzZfK#}jVIyAih7z9a+uP;{Dy@L*x%FsVpunNTDoZ9;=G z{@!%%t=+EC*UkW*#j5U{;A!G7+r4Oh(le*nVg3nK2{TF78IqV$ms7|rn{<-wwG`Ka z!T<H82FI)&Nn30Q)ncWKYf3nUB_0+rRnkXY-@Nbd# zw{2f!0OIJNo^3StQ#U7l<9+9DKVZxlEaJ%$!wJ6 z6y$N8ju9&GIoHjG{`%BfHLvFEghR}L(EF*~33ki6J^q26u&QY?_ulsTmLA~Z?EJ_K z#`Cbk_~lkrrplSv7MNqqO;V5i7h)I!ubXvUEq!K7elbcRf@d1WB|+%te4Vg!V~%mD zKu{0Q3~v%(o|O36HCAaN%H{v`*!faCu~=huy*1>n1`V@gq#)KN;|&`^$Sln(Arrays.asList("-server -noverify -Xmx2048M -XX:+TieredCompilation -XX:TieredStopAtLevel=1".split(" "))) + if (project.hasProperty('args')) { + casRunArgs.addAll(project.args.split('\\s+')) + } + javaexec { + main = "-jar" + jvmArgs = casRunArgs + args = ["build/libs/${casWebApplicationBinaryName}"] + logger.info "Started ${commandLine}" + } + } +} + +task setExecutable(group: "build", description: "Configure the project to run in executable mode") { + doFirst { + project.setProperty("executable", "true") + logger.info "Configuring the project as executable" + } +} + +task executable(type:Exec, group: "build", description: "Run the CAS web application in standalone executable mode") { + dependsOn setExecutable, 'build' + doFirst { + workingDir "." + if (!Os.isFamily(Os.FAMILY_WINDOWS)) { + commandLine "chmod", "+x", bootWar.archivePath + } + logger.info "Running ${bootWar.archivePath}" + commandLine bootWar.archivePath + } +} + +task debug(group: "build", description: "Debug the CAS web application in embedded mode on port 5005") { + dependsOn 'build' + doLast { + logger.info "Debugging process is started in a suspended state, listening on port 5005." + def casArgs = Arrays.asList("-Xmx2048M".split(" ")) + javaexec { + main = "-jar" + jvmArgs = casArgs + debug = true + args = ["build/libs/${casWebApplicationBinaryName}"] + logger.info "Started ${commandLine}" + } + } +} + +task downloadShell(group: "shell", description: "Download CAS shell jar from snapshot or release maven repo") { + doFirst { + mkdir "${project.shellDir}" + } + doLast { + def downloadFile + if (isRunningCasServerSnapshot(casServerVersion)) { + def snapshotDir = "https://oss.sonatype.org/content/repositories/snapshots/org/apereo/cas/cas-server-support-shell/${casServerVersion}/" + def files = new ApacheURLLister().listFiles(new URL(snapshotDir)) + files = files.sort{it.path} + files.each { + if (it.path.endsWith(".jar")) { + downloadFile = it + } + } + } else { + downloadFile = "https://repo1.maven.org/maven2/org/apereo/cas/cas-server-support-shell/${casServerVersion}/cas-server-support-shell-${casServerVersion}.jar" + } + logger.info "Downloading file: ${downloadFile}" + download { + src downloadFile + dest new File("${project.shellDir}", "cas-server-support-shell-${casServerVersion}.jar") + overwrite false + } + } +} + +task runShell(group: "shell", description: "Run the CAS shell") { + dependsOn downloadShell + doLast { + println "Run the following command to launch the shell:\n\tjava -jar ${project.shellDir}/cas-server-support-shell-${casServerVersion}.jar" + } +} + +task debugShell(group: "shell", description: "Run the CAS shell with debug options, wait for debugger on port 5005") { + dependsOn downloadShell + doLast { + println """ + Run the following command to launch the shell:\n\t + java -Xrunjdwp:transport=dt_socket,address=5000,server=y,suspend=y -jar ${project.shellDir}/cas-server-support-shell-${casServerVersion}.jar + """ + } +} + +task showConfiguration(group: "build", description: "Show configurations for each dependency, etc") { + doLast() { + def cfg = project.hasProperty("configuration") ? project.property("configuration") : "compile" + configurations.getByName(cfg).each { println it } + } +} + +task allDependenciesInsight(group: "build", type: DependencyInsightReportTask, description: "Produce insight information for all dependencies") {} + +task allDependencies(group: "build", type: DependencyReportTask, description: "Display a graph of all project dependencies") {} + +task casVersion (group: "build", description: "Display the current CAS version") { + doFirst { + def verbose = project.hasProperty("verbose") && Boolean.valueOf(project.getProperty("verbose")) + if (verbose) { + def out = services.get(StyledTextOutputFactory).create("CAS") + println "******************************************************************" + out.withStyle(Style.Info).println "Apereo CAS $casServerVersion" + out.withStyle(Style.Description).println "Enterprise Single SignOn for all earthlings and beyond" + out.withStyle(Style.SuccessHeader).println "- GitHub: " + out.withStyle(Style.Success).println "https://github.com/apereo/cas" + out.withStyle(Style.SuccessHeader).println "- Docs: " + out.withStyle(Style.Success).println "https://apereo.github.io/cas" + out.withStyle(Style.SuccessHeader).println "- Blog: " + out.withStyle(Style.Success).println "https://apereo.github.io" + println "******************************************************************" + } else { + println casServerVersion + } + } +} + +task createKeystore(group: "build", description: "Create CAS keystore") { + doFirst { + mkdir "/etc/cas" + + def keystorePath = "/etc/cas/thekeystore" + + def dn = "CN=cas.example.org,OU=Example,OU=Org,C=US" + if (project.hasProperty("certificateDn")) { + dn = project.getProperty("certificateDn") + } + def subjectAltName = "dns:example.org,dns:localhost,ip:127.0.0.1" + if (project.hasProperty("certificateSubAltName")) { + subjectAltName = project.getProperty("certificateSubAltName") + } + // this will fail if thekeystore exists and has cert with cas alias already (so delete if you want to recreate) + logger.info "Generating keystore for CAS with DN ${dn}" + exec { + workingDir "." + commandLine "keytool", "-genkeypair", "-alias", "cas", + "-keyalg", "RSA", + "-keypass", "changeit", "-storepass", "changeit", + "-keystore", keystorePath, + "-dname", dn, "-ext", "SAN=${subjectAltName}" + } + logger.info "Exporting cert from keystore..." + exec { + workingDir "." + commandLine "keytool", "-exportcert", "-alias", "cas", + "-storepass", "changeit", "-keystore", keystorePath, + "-file", "/etc/cas/cas.cer" + } + logger.info "Import /etc/cas/cas.cer into your Java truststore (JAVA_HOME/lib/security/cacerts)" + } +} + +task listTemplateViews (group: "build", description: "List all CAS views") { + dependsOn explodeWar + + doFirst { + fileTree(explodedResourcesDir).matching { + include "**/*.html" + } + .collect { it.name } + .toSorted() + .each { println it } + } +} + +task getResource(group: "build", description: "Fetch a CAS resource and move it into the overlay") { + dependsOn explodeWar + + doFirst { + def resourceName = project.getProperty("resourceName") + + def results = fileTree(explodedResourcesDir).matching { + include "**/${resourceName}.*" + } + if (results.isEmpty()) { + println "No resources could be found matching ${resourceName}" + return + } + if (results.size() > 1) { + println "Multiple resources found matching ${resourceName}: ${results}" + return + } + + def fromFile = explodedResourcesDir + def resourcesDir = "src/main/resources" + mkdir resourcesDir + + def resourceFile = results[0].canonicalPath + def toResourceFile = resourceFile.replace(fromFile, resourcesDir) + + def parent = file(toResourceFile).getParent() + mkdir parent + + Files.copy(Paths.get(resourceFile), Paths.get(toResourceFile), StandardCopyOption.REPLACE_EXISTING) + println "Copied file ${resourceFile} to ${toResourceFile}" + } +} + +def isRunningCasServerSnapshot(casServerVersion) { + return "${casServerVersion}".contains("-SNAPSHOT") +} \ No newline at end of file diff --git a/cas/cas-server/gradle/wrapper/gradle-wrapper.properties b/cas/cas-server/gradle/wrapper/gradle-wrapper.properties new file mode 100644 index 0000000000..f04d6a20ae --- /dev/null +++ b/cas/cas-server/gradle/wrapper/gradle-wrapper.properties @@ -0,0 +1,5 @@ +distributionBase=GRADLE_USER_HOME +distributionPath=wrapper/dists +distributionUrl=https\://services.gradle.org/distributions/gradle-5.6.3-bin.zip +zipStoreBase=GRADLE_USER_HOME +zipStorePath=wrapper/dists diff --git a/cas/cas-server/gradlew b/cas/cas-server/gradlew new file mode 100755 index 0000000000..83f2acfdc3 --- /dev/null +++ b/cas/cas-server/gradlew @@ -0,0 +1,188 @@ +#!/usr/bin/env sh + +# +# Copyright 2015 the original author or authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +############################################################################## +## +## Gradle start up script for UN*X +## +############################################################################## + +# Attempt to set APP_HOME +# Resolve links: $0 may be a link +PRG="$0" +# Need this for relative symlinks. +while [ -h "$PRG" ] ; do + ls=`ls -ld "$PRG"` + link=`expr "$ls" : '.*-> \(.*\)$'` + if expr "$link" : '/.*' > /dev/null; then + PRG="$link" + else + PRG=`dirname "$PRG"`"/$link" + fi +done +SAVED="`pwd`" +cd "`dirname \"$PRG\"`/" >/dev/null +APP_HOME="`pwd -P`" +cd "$SAVED" >/dev/null + +APP_NAME="Gradle" +APP_BASE_NAME=`basename "$0"` + +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' + +# Use the maximum available, or set MAX_FD != -1 to use that value. +MAX_FD="maximum" + +warn () { + echo "$*" +} + +die () { + echo + echo "$*" + echo + exit 1 +} + +# OS specific support (must be 'true' or 'false'). +cygwin=false +msys=false +darwin=false +nonstop=false +case "`uname`" in + CYGWIN* ) + cygwin=true + ;; + Darwin* ) + darwin=true + ;; + MINGW* ) + msys=true + ;; + NONSTOP* ) + nonstop=true + ;; +esac + +CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + +# Determine the Java command to use to start the JVM. +if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD="$JAVA_HOME/jre/sh/java" + else + JAVACMD="$JAVA_HOME/bin/java" + fi + if [ ! -x "$JAVACMD" ] ; then + die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." + fi +else + JAVACMD="java" + which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." +fi + +# Increase the maximum file descriptors if we can. +if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then + MAX_FD_LIMIT=`ulimit -H -n` + if [ $? -eq 0 ] ; then + if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then + MAX_FD="$MAX_FD_LIMIT" + fi + ulimit -n $MAX_FD + if [ $? -ne 0 ] ; then + warn "Could not set maximum file descriptor limit: $MAX_FD" + fi + else + warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT" + fi +fi + +# For Darwin, add options to specify how the application appears in the dock +if $darwin; then + GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\"" +fi + +# For Cygwin or MSYS, switch paths to Windows format before running java +if [ "$cygwin" = "true" -o "$msys" = "true" ] ; then + APP_HOME=`cygpath --path --mixed "$APP_HOME"` + CLASSPATH=`cygpath --path --mixed "$CLASSPATH"` + JAVACMD=`cygpath --unix "$JAVACMD"` + + # We build the pattern for arguments to be converted via cygpath + ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null` + SEP="" + for dir in $ROOTDIRSRAW ; do + ROOTDIRS="$ROOTDIRS$SEP$dir" + SEP="|" + done + OURCYGPATTERN="(^($ROOTDIRS))" + # Add a user-defined pattern to the cygpath arguments + if [ "$GRADLE_CYGPATTERN" != "" ] ; then + OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)" + fi + # Now convert the arguments - kludge to limit ourselves to /bin/sh + i=0 + for arg in "$@" ; do + CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -` + CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option + + if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition + eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"` + else + eval `echo args$i`="\"$arg\"" + fi + i=$((i+1)) + done + case $i in + (0) set -- ;; + (1) set -- "$args0" ;; + (2) set -- "$args0" "$args1" ;; + (3) set -- "$args0" "$args1" "$args2" ;; + (4) set -- "$args0" "$args1" "$args2" "$args3" ;; + (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;; + (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;; + (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;; + (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;; + (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;; + esac +fi + +# Escape application args +save () { + for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done + echo " " +} +APP_ARGS=$(save "$@") + +# Collect all arguments for the java command, following the shell quoting and substitution rules +eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS" + +# by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong +if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then + cd "$(dirname "$0")" +fi + +exec "$JAVACMD" "$@" diff --git a/cas/cas-server/gradlew.bat b/cas/cas-server/gradlew.bat new file mode 100644 index 0000000000..24467a141f --- /dev/null +++ b/cas/cas-server/gradlew.bat @@ -0,0 +1,100 @@ +@rem +@rem Copyright 2015 the original author or authors. +@rem +@rem Licensed under the Apache License, Version 2.0 (the "License"); +@rem you may not use this file except in compliance with the License. +@rem You may obtain a copy of the License at +@rem +@rem https://www.apache.org/licenses/LICENSE-2.0 +@rem +@rem Unless required by applicable law or agreed to in writing, software +@rem distributed under the License is distributed on an "AS IS" BASIS, +@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +@rem See the License for the specific language governing permissions and +@rem limitations under the License. +@rem + +@if "%DEBUG%" == "" @echo off +@rem ########################################################################## +@rem +@rem Gradle startup script for Windows +@rem +@rem ########################################################################## + +@rem Set local scope for the variables with windows NT shell +if "%OS%"=="Windows_NT" setlocal + +set DIRNAME=%~dp0 +if "%DIRNAME%" == "" set DIRNAME=. +set APP_BASE_NAME=%~n0 +set APP_HOME=%DIRNAME% + +@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" + +@rem Find java.exe +if defined JAVA_HOME goto findJavaFromJavaHome + +set JAVA_EXE=java.exe +%JAVA_EXE% -version >NUL 2>&1 +if "%ERRORLEVEL%" == "0" goto init + +echo. +echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:findJavaFromJavaHome +set JAVA_HOME=%JAVA_HOME:"=% +set JAVA_EXE=%JAVA_HOME%/bin/java.exe + +if exist "%JAVA_EXE%" goto init + +echo. +echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% +echo. +echo Please set the JAVA_HOME variable in your environment to match the +echo location of your Java installation. + +goto fail + +:init +@rem Get command-line arguments, handling Windows variants + +if not "%OS%" == "Windows_NT" goto win9xME_args + +:win9xME_args +@rem Slurp the command line arguments. +set CMD_LINE_ARGS= +set _SKIP=2 + +:win9xME_args_slurp +if "x%~1" == "x" goto execute + +set CMD_LINE_ARGS=%* + +:execute +@rem Setup the command line + +set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + +@rem Execute Gradle +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS% + +:end +@rem End local scope for the variables with windows NT shell +if "%ERRORLEVEL%"=="0" goto mainEnd + +:fail +rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of +rem the _cmd.exe /c_ return code! +if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1 +exit /b 1 + +:mainEnd +if "%OS%"=="Windows_NT" endlocal + +:omega diff --git a/cas/cas-server/maven/maven-wrapper.jar b/cas/cas-server/maven/maven-wrapper.jar deleted file mode 100644 index 18ba302c65c4f71f57e0daa0ea1b59cb85759b5c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 71910 zcmb@t1#nzTk}fR97BgAQ%wRDyGoytqwpg+xics%_`HC{i2v=+-@jl#e&xheh3KW^#Tga8TMq8G2zD=z{|F1Wei1 zP_t5ZxFL@rk09iG>Nb7qRU%rtJHVct@57ZND9C>p2Li(Pmp(vz7-wP!{7>`$tHdAX z{~_UM2{d!GbF#Df>TGFe>+~-)aQ`nFKqD73+kc@)@-Ox5ZN8dY{>yf0{-5++9gXbm z%^d&1j;Ftj3DU=N{?o7j&S>WUD*Q2841XCdhQB?A;lK9buWkP^!T!?rzkl4{yF~xD zM(F=+V}v z%l|YG=5O;m0fyU-_(O&8<6{4~{=3=xr=|blkN+?M=wjH^QLz*e z$q@i!j}Z3g0JwL0utz9UQ&e_P+ynd1nEJC#*YlE;1W*tVG;k0Q?*DC@48}&zfy(2y z>rBWU@G}B*5H+m@aE|nbISmufC}*J0vG{PvbdxK>=*mQ^MQ<;09t%N!Y*>EnpEELX zXhKP833!!t)dK3+w=h=yXF@rK6Pk51OrOWTNhNmSY&FdlxR-o-AvtagBTd-nqh5jg z$xNyM0jhoBl$1Ewe3)@xAC|N@g!Eii(R6GqUex|H^Gt_p3mo5sohh*hq~_7c@A|e} z?=`eE?$0E9jE64apeg{K+fZO#M`_&>obQ5Lz`Qn~^i4h3_l4!o|LxL0nU^&F#Rrqg z;H`PqpYsZ~O7X<&Q!>p35soVGQxZl#j1u()N_xZV=tYNLFFZtNv0?&QVO371W1|#j>f_4q<*n7)NCbvKhro%bDb~$ZSWuP`KPNf80`BuKCmB% z_rIE67G_4KW{!heK&LfH)ZbIpCnKsh#SsU;=99b+qE@(wcLyPTq-eIj3*idZ#;o9s zrpO(3Z_ks$!k$l(r|V{_AX+SJ&cEHAMYv{hn+Q1HRn&N*h&mCQ=MF)_31@N`9ght!L=!WhD#e{_ zQ~}KMOAz;Hc3tHG&J7@?Y~Fqy3%W@5;RO$^w!|s@oF*7|#hcBE3Hn5gc_fZ-Ma_*d zcH2+QpFH(9pVPM!S(_~_wRi3BPx>{7@gh8H)Lmtjbgm{AMxUxa|67wJk z@`={d@**4is8v%5doaO5YlPxyXG{#Bm%HSJ@{7bdmAl@i6CC|DWi(`{7NnKQMUjm< zJ~o8*v*GYGT@==ERK4y8m?kumvVV0v%itioKulw&vf--g6SP7|_$}!LX)#QT3V*U6 z#@qlHhoJP*!vwsCECjBa>1)_cSPx`TR-Q_h^T)RVUyDP(Og$XPkw z+*vNuW_kA#d1+S8oui*E@3~pOWLCaBIM2=AM%eqSYmx6W5o}3Ktd}NL6NuF_px{oL zIKjFHCC)>FvEWR>3#%w_UR0J`F5k0M7%?VL)ybe zVI`_1c^3u2IM=vMd&U~2oprA22FtSN&Z(QTec72Yf!{|N7ESvn?sDYrx_+?~I~)n; zq|-odj;r}kOUy}b!~~Re9n;p7aBt}{lr?S->4S}v&TSk9Zdhq6HhaWh=2f^kJ~Ql3_~x70dhufJP+b=T#ksC=+tw&Jb1I$GzOBjn6oQ7Ny9V_lth=$j-UJc2vsv<@ei& zNJug+fURbRpf{Bi7TAFWs)IAOcM>CM4a87KxqCO%sqD~%Fo9eJ)tC5+A3@TXZ}OB8 zW}2nQg`#MVrsq7Z{MKMlV_R;)g`oyt8p_VCho`o5)+g3~vVy*br{JQGmd8WpN6J={ zv{`T|IP(_NvSoq!XaPgiNLra>MSD(vR29hxRHPTjhf%7YS|X+-pNb4(P~j|5!J?>> z!ZXA0$qRI~T7ES+SD_dP;pgs6moI-gf?`yL?XXRnj&Q3mf4K^W!w~q4hqMrt*WMwU zJ5IObWs1QGUl=K+d&rds@bePnJM6(8Pi=Y37bQpu8`LDR$ZMC|ZQW30P$`AS*nH8~ zzVwuC0i9Xhp%TETt*rt%Z#|xNZW}ZLy=3l)h3PHeT zEs*f8VACZ+evH14hh+5*nL_A4^o)W~@l%W(;k+AsoUtz-Fyxwl4Z?<6$y6J8_}w{k zdc|jC5{c}6-VmFw^Wvo1JA#L@(SCf>q(7&z?bI`oBba(7EH5q2?|`R$cOs6XLJ+|` zFf>|R=cU4wei=&IUV^HzB7a!t^6H>E9|V&1s{eE3kv1Qj6I)vVleMmzTybv(vrMMz z>^GI>vS7@1Yv{u`b6D28d|zRs3Cfsa4JT4mwsD;48$}Z+_MVKg9kHPl!DR_h4#bXg zGdS|wB?;apW9}JDg88bqyoWH`$8)Uam&MHlz|kR_A(LvFs!v1m)M zLiIan7Dzp94>R>;+Rt#gS@4{UH+=M@@@@4YRcw#VPbg6w39Mh@d$>Cstk#(1L38Ep zL9{~Lf^rGA?S)%^H1R8XKm{~YdYz!}!bJrLafjWJk;xGdkZGm7#@4dW;>-*rmYY%T6tJM z(9EXUTuQj$C6`5-!e|QP=zTQaxYBUb3W(35i1;PfCmy)hO$X`32n zgN_UxIXBA+{v%(=GFZF%vxN(<7D*HC$V-4-2OFV5v7Op(QBgNxQp z&#b)Tvr+#Q!MY>O`D7L+Q=s2NMU4j@$NcAtBIQ^fhD}XV_oGqRBhKgznA>zbXxjBW zjp^tmFHz1oT@)6eReOPPdc+NA=H(%0*klt6XP+)(;$rM>XLVkT9q*IJ0B33TX$WZr z5a+rmVf*g+qQ19gv*kxt7x3XMHf_!JV0RRMvb%b;eyB1);x=Kkr8KD zqx>c@6NFAN!!*P|mO-e;gsm&}Ou|Vk8x=6=2qo-rapzdSYUX)97-oeV$hSfM`w>Z` zHCqkOCOz@$PWn7=+jE(>(`yr(ZCd-y<6fpMgO6~z%rm;P_PtTLjdLK%jD9&8m>!4V zGj;sZnwjNO;a!F)Ob4}3(%I#As?JaM>znj+ULliEv1x@@>Lx~JlMeQM(Q7b5!Q&jX z%WE)Hlq#CXKFs@}m@i{&A63QSv?a*!_?PaIFPO>o=ReV*xIIe;jQwuRY)$Ouf}^fP!Z(RG9ap>Mz)J(W55&@R&E2&tz1vSys!yXD?*~GM-~X~RV9{B0fPn@9 z@kaY!?F{}*7ysB9Olkt{_Qa8Yf1-XjvPwLvB9Tv1z(_22>S>K>7Yt}Upb--e@9fdH zscyFx{x!F~m3sdi2ydC+RdNWw(tbNJ!D`pukq)tJ|BB>;h_r=rAc1l%dy5SRI~evo zyB?-nxRr`S)}bZljP6Td3{J;&e|WQRw65Po3uFwOawr~YDu(pLGGv#ew4$NRp!-<8 za61U`v3S1)FTn%2W=Mg5NFamQY(ylLdW)RJisU^Ayr_u--3UmM@5q&y)kJMw7-MRf zSd%FDO(p8M8mMEuL!kzVM5W3Nbw`Qp9Jz}O_j6~W^_hA&sEjO@ElT)?fRn;5f^Cgs z)aFjd+bBqZ4SXt{VWoRM_%D@#Td)i9+c{nox^NnhGs{ZY$hX105%*rj0Gw<=hP8EH z407MV-sv)`o2}8&FZB+o%v*_8?#k|7Hz=o{0(+TxYDk}`Wm=X-cB-v&W1gQdHKRDh zZK9GWZA5C>iP={Dpn&L5BswnizEyDr1U*3`V}=KLouH+rYIpbo0Y)c1t%QjE3>yf= z$@>Z_Ew_|t-`EJCh$ARx2&19;Pwjd8is7#$x;1x^`e$?C@hwFIU#T??5Yp&EEIu_W zSJeg7m4@a_xszd%2y4_IrqOfL9g=F`kgH6o(Xb8bhyRJzK+|D<`zuUzA zrp# zT67=Y>N{`#mj-Z-uGFBAIMzXBeM8RP?6yV6>J`%OIyNx0S$^8)6rgg>X{gYb40@;` zPhLO`A@nrLaE8VVn!?#R@lw~<)(xLm9HZ`m^bQTGq*L9pzVPtWq*-vrwlrEnv?88mDqW2R~Ds2emy-VW(t`Z*)AqxfwdA(34kz+ewb)YGi3) z%LX+I4Zn6=7bg=O10xA}uVL^QztA3q_CaV9Db&*6(Euk0SVRcE&SIB))qz%HFp}ez z5{mMN+NvhHa5?5Vs+*uSjpzl0yWvDZ1UolCV$n`vhFF$OLUBs(w>i&%{SE-nzj@j^ zng{g4_VuA9_CjHL%r%#l7+K6gU*}=rrovhNAqle1l9UG>< zmAH6AjP3PE6@g-&lF{|`o@DT}GZvgfDRQ6NW|Q3F|MX-m{a@5W=nVv%^rt&XL(W@MRp@G9Ht>k76u z?5^y^IL_S1$={FLF(f=`<_?z6uHPW$R^Pi+P~K2k*@nm7zJQnnbR^ ziDUy@3^ov)%K~|QlGT;Hyig{VM(Tn*@V%3@z?QaJr`Z9a*_+udl^gfd6#f*CcPBl$ z&i7j3^3?;fEP3pbz^Oo*FY)E$Kl8ETmse+%p4HH62?hOj5gj?UYvZbg#1bpub4iLD z8_v^zC0Gt-DJXPB78TEqy3&P>aAKQDL==W4$8=I^Jd9qIfyGn!L~=OQz?0Gh=dy9w zebsVItatig3$WK>4UC-iI>+k+8B9o}nbxed=9?nDQyfBiilnTiZ8x}T58#96<$R-p zf~DjAKvy~G%;w#2vx}rY-=kPC2w-c50pSC)e=Ls_EG)0hmEZ&$?Wb1?s`nP^5N6%T zu1Mbykg`%ND5uBGL(O_qJ^VVMPmW7GvwbOajhu3{*Bwb^W#5V5=klc3q{S6=Mwy0t z4C9`>ISR+%Z28esvtzlh^ZH_e@Tv_D{s4FOHY;zm>Cm&CbXUTrYMC!;#IJ~8{-%t23k0lIGz|$?_Q22uakjH+-e|W)NXo^7 z<7FynNl^*4+B*ZoQZ&43{VC+q+rz#Mw0lHz`y0M|qK`Q!D{%*1WjDBGJ1z3IUvfAM zcxS zj@-1AqtbA|PkGjkS&)sv)&SrWLG_vPpLuk-VKVW#9tjU)!n=67C-Evr;C>cpnLP}xH8WP!VQW{ho{IQQ)jjo6r0i&3NS!Sb z)(qAua=aMv=V#mg+X!M}-$C=LLz%Z)3}O8Nb`R^Ij6Z--+hD!cZ5T67!auxiC2!Y9 zK^mw1JafBJP;Gt&)VviOKY^55&NcHv^W=1Pof@JoG-YGP?_EC3gdhY z_M6<(6R*D~1H-!$j&OhDUC8twg5NPZ*@Cva(OtK`|44LqRQQDlh+Sw3kJa<${W(Uh zx}i&DTT(xIFD^Ancq|bt*PCLjI+hRh! zuuW1>7EAsyC=ieXS`d&w zPG9~4kALFa-ylv~$8Mbi-DkRbCn8rN(UkIZCVU@EuclHk98#{He;yUc8ZQ}HaBeE{ z`(=u_G~A3_4xKcrIa#n^iu?K3^@gPR>u(yF(KzbKLN1($zFl7?l<|P@r_r6gGsfPt z-j~td-e18)MBOaC=O7Fn$9QRnzwvMEs*(+GmsECSvvJ zqo-e&&!KyjWr?65ro^-}Mii}@imOZx%{~`kpurb$$$Gc&o3Uyad@)w_%S&feI`$DClU=PY9j7`aCk<<-Nj}Osu>jJhgtE#$2A|5yJeY_NmxgXu( z$hl<~)Ws<5P0fDrj{4P)4^0MVeK0|H`?(9aBReV+V{w)^54>iiOCCFEa^uzun}5=+ zF*tB9WknTFBpS>`?n49+m=W zA;=o(#~H<8CJn4tjG#Dn9^xgB3{@_=DYuGFi@(=RZOnLFJT3FEu5#i?6^1fJ7hF}k zZQSlGXiOhXLzZdDoo@)xK}ctjD}LwF3FlkThR;b>`(>D7^`(M4jusYxJH_T_NC|Ms zG9+^eM)zXlxLZb`C;nwD2g1adnBSSN1V9v{j22O`gSLu%6_5At}{CkUDda zA>pXFNm&(6EjlYdBRa6OT~%~R<#x2^I0qD6I{p4Txg5L;ON}akLg4rQoh>p3KO5az zip9D$G+mltZ~A>w-aS7#+_dOdSeHJ2gWjJ=1cMGArmL5E!Q3dnipCUk|x87{kbg9la@l~;~e&S%`| zLrmOs>P3J&81kOV%Od>!x%4k+-;mX&K1qfyud=>Tv5f@yvYL9S1L=Y|+iHFtjpu%X z$1FTngYx^ATdD_E$Qrdc*2mJ&3R`aeN3y|mr%{Qrvt!AKVMzvRHrBvVc<_b-*aL9? zYL#pzyu@@=Jy~!{)rasx40F8Ka{U|iQr_mG2mhHkI0f|QHBPEs$HIL0-s&bXS$C9q zxdHLI$7J-w=0dpX^9f6K2P_Ti#cRwm-t6r|D{F`rT<>pCULr=UeOjfj8%wV_`px+~ z-rY*T<{)?z$2SiD#I+^-yz&DCs)48(-`Zz-RTOMNMg($hVOUCht+=-yy$GY>RX=3y z>8RDAvNZBTeQ#G4&y!lovl2oPx~DvAx#D)l|M3 zXz7PH6Ibb_=!_0!wzT6!6&hcZ-|&bC9qLUBEYd$KaRHE)ZD@Ya)hzpxmcZsiPG ze+~h3y83>%?5$;9!Q1(&2a`iL8-Ux!xiTKw32O7*{-sW2Hx5RmAP8Xne< z1@Irr8vd*S_>Z%H;g4f~C+Cmi5IG}DTNP&`$B!Za1```2C#OVp9St-M^xsjbrh8m) z;)>tZBx2KuOcT`04Qs=+XMH8n@oJN$9EtMdQ=Px~&$L%|ZZk4^U&t7o$rvuGy=;A( z{WeRv?o9z3gsfLyG1z+EIlcAr^1$tRvz)(82!`FK0Jq0gz5_Bf%Eh>E2Fa|e$P^V0 z$3RRU1Pe(lOVbiT&8!=0tS!l+q>Hh%j6SjBfnGf_BJLm(@+H58dS4Bv&HutpZs-hd z%NIpV-s0AnO0*Ya!bo478BT@Hj(WykCuk6v+j6Z)U<_HB%pALbxwr?1XRc_HlC}`v zwHlW@oUFDXp0fg{pM9{4A>lRel=;MRICD9&E|$@;)0EC$r+Xjwkj3?$HEQ3JA4mb1 zpZXPa=Hwbcd>%^P?>AucoK$Ogl4LY}hO^Cn@f4dj;Cy#mG$`R;0dURQv#~ars9_Fq z>!nr_)>+Cj3xOI750ZhoiMqHI`!>PC%XoneDc|RI;XCR5w&vU>rRHR_<`-gQt#TkJ z>LGSQ*<#=f2jG)~V#uy{+gi5fsoUsE>L_&l-czOCO!*=acX6mVXO!^Wm&L|0%Ynu=D;w$V+67V?)_~^usv-NUzGvoi-_vEwv5YQ?Rv z4xjm&hb7faSOq^tnJ7W%L6UOGFNo~8>EXTcRvlG!ob1wH_y#k*__4)%GG2vy)*FQ~ ziXzM_2}6cu?-bXkW52`)n}0<`eEOVGwbG@vSHAcK8_$VGU8tVGp#Eg)m+o!2ZaT7W zBNXA<;QV}=<#Hip{FwO>&0dE~&GhFK{kQE_^g%vgS5IIDZoyBqwQ7> zKKXO9xJgC}FVl-e>}s8&Wv!yoy7s{9p~4?&$39<1Z`~~~bbxLae8gKc1gR{#wkj%8 z9BI;|b7=CRQ*)}DjWynuyb6RxeBtW)42Em1`#t2@*e#U;Bl1vn^#3Fv5<{FqeZAkbQ6(aH)*dtn8 zbWL>OoQ5;G``fJMrD4SvA~IHR5}ir^0eC>& z9AQjdZZA!rnkWlxOnC@{$$m`(7&(JlEj7d70u2XJu!#;-*@>pm@%_pYbch+W@p{s% z8rEQct*v7tA70qSh-$497iu&U>Og(2NW;%o9|1uU<%?k9eSK-Me)Yc9@V5jD#w^N& z{D50HtwY!lnIy2OK<%-wT*irTn#kq-T*5OXRI@*;Ne{ZQRNSI?rS87LNjOAUjO3#+ z?r>>kmc*;fBgESVkfBP+$6-AqFL8G%ppdc|pfVv1xH zaw2uX4h+T`J&#=yng$Nkgn$APScK5`3S%vTjuIWG{xF}E)+rG=F< zHzvm!+@1{EUY=9uKLrGQKsANs1H)9YEiptSOR;7;Frnne32#WV7@XP@wn(s)NYU(Aeds==1<44(xk@{iSyY3NR19Udoifqs zB32_TMMdPS=wsIboAj1z&*Ma^y56l)*q6)J?wRyiBhIzS)7ue(L!=%uDdl;YI_4RI zX|6AtK`$rAF`zG}`f6C*%tGBNkC%TyEuxu^6e3x)<(YeSAdG;)d#gxZek#Iia_=x( z*0aUCL&(#fUK5&h`kg^v@wI#UYx=WoUe%VmYdOL&6DK`0Eo-uzh_q@Xk$*a%v^R~z zU#&tcMu@||Jwz;rn4y6aP`;ccA5<&<2^$ldVvhy}$b2SWs>BRzW>;lXbY}Oem3GWY zs@^n8m%uw@-iQ$%Id$k`mu!5^^BfgdGJL9nHpmb`I)+=9>-3qdZE7;XvU5 zVziKN7BNM52AFAMhPmhZ5a-IpL6c@H-J}(5r%>?=&E1AIbzH_TgU?~aAzgfNVC6Q)Ct1!R6_ zS{$Q`$+Bp5bjn8;Pm&Uw-TXuC;~#XWI|0aB_Xiz{f&c;{_5T`DijH<46|v5iW={Y2 z;ObP@Qo)lz{w=OuJ68u)po#1?h;0usGSd4CBHpm43EzRtk!S_+x=wq*zoGoRip%lX zykP97yPW<(jH8ge&Bqjm9W4m2QON9qtFiCa|A)ulK*J zI~xTe@gGd8*ovamj+N4okPDkw;4C9-rW#&}Lt)|sP_v3{JOtQUI6a-0ec@A8XB~hg zmsK03qe+??CNJ8lIOFJ-?Q580CNC~I)21u8u@tviS9au{3@gRq<7l<|oRr4{pCm;m zv3yR=nywasZeTjb))Z2zWdi7JP{&-$oaSz`WXgyDkZ~l?lP4)fIMbbKw#8D+UgFML zPAc6+BpGw5m`|zGcbYQiqz$EIP3au;B#w;d5`wkmXmaEp2w9D`dIyaUFH-2$L*zSb z<{=fVTUo3-^t+&oke~NDn%+cZg-+6N$H9=@H{^0v*)5kJ4_kw4ji(aP=4o%B2L+Pu z?YAZJ1bnT4Q>GWSn<_{!a*!^S1G*}W9yF$AW)!YA;Uy_{ZeoTD)kjBY(|>}ZZq9b) ztu4QHR;PHdt;*QYNRQYGEyyoPFW6l}sTDU*Q=B+2(Vm4zu?#YQXQ@Nzv*duJiQatu z5mdx8pl^eEZ$$eQK_@aX#v{xczV(S`4!UM#0%Z`;q3vY^z41>4f zxe?$}af-wFg#T?5m-eMRnj>EV3xD(CGE-<4pr&gNyLl8?P#M?1v;62(RWF>I5&r6v zi#%=lIqC(@L-Z$ZKS4-a?3~NdGIrm+ZuIRqoq{7LNh5h>ZyQ$4?dy3AA0p$Y>X#K* zi67U2pFD;$!QR0PJ4lo~lf;?xR7rR6ybvD=62dsDQ`!Ral??C)}#*<`T zq#LqT;#xzNWyGDxF33F`Mjp|4$G3XHI!4X>LSpE8IPvIn%s8Y)YC+!TddrAm79M6~ z?!Z9L$;Z7J{BOmq#UN}M{Xw+A9P#ApWpcGd0s;(7f_N?fj61F5&hWWWVE)Tq zM%%0q`D}oTT@1#gu3k%A_x>(0c^7!2?5hS}d&?g`f9B(7?&N)jo)w!@zz%{P#CWE3 zAQ*26rEEFO`$R6=e{c;m`6TI>@Vnf0LH!}W-ru@laAON$?motL)nE#Tbc*Y~ANjYS z;=qLf3L0~-kI3>*w)-OZkljjUMT*Zw)Ge-7H-)}aKSq{DlcS_=zLYhv=A&zM#n0_1 z-a)p(x!s##7Q{(F`|^@Y&Zjt>ZhrfRnv6eC@<8}@R^_8w+x#Q>__vA2KVYJeqxn~$ znXR*!n~9nIAFo0Dxk1c~ot6e?MjoPkt1oZVu59wB(o|Rr1GQ78mQ+Hu9KeTV#jpU&wJaRk zAd=(qgRd4gpI8O-qENde$D4yl@kE?dK4%YhkdTG@plv#cm`089MvKc(JH?9_bFNkr zrlC_3I$>~v(1~U>fR<;GE~>T2hsuI8F0M3IXzPS1UbnD$nm<|vrIZ6y@ri9A=&>G`2olK0Xj+Ri)LO9FC?PsG6&fhF9Mj&QX{w95xe&ye~V|#j& z(}!gXg>MeY*@&VAOw|!XQiEp)E55rUx)!gdfx6c|T4T$o^9_uVY7VP->jypu6>=#C z$(dp=E%|?qX1!@?pImwZI0_gc*znZW?7Od`9x)gmsrmt}9fn;r1pdNeH>eL3N`CmO z{iC{`^WUv%|KP8`B#4P|+tU3^=tBx$n%kc2eh+i5FtEv^I1_-U!u1InnLKK_R^R}& z>ujEF^nZcyC#0AuhJ~-(Q;a@wb^o+~_V)hf1=a(J-)_ItM+~|gJqRcyQ7r#DY%^pr zA}UCTA(i!3Wgj>^?&q@Aj*AjJSyeX;oB zJ!z#4OxCOXo^i}EuMgkduFaVQY6g325G!sIQifpZl8 zF@n_foY2hBeVU}|E$iNhk`(zDNYLj3I6{1dX(8802;V@IwPnOsC}i4dRuR(W;NgD! zVr;pVZ@m^K(1A*Iz-Mf^QsCO3w#UDA=UjKbJq*FxeDt37oN~%?n!1&LUf&jY1MI+b zg&1-&jJKc);W4-xVpX{iedn%i#~kFv%=?8LzUQPjq>N6u8x#>ecrS<3Omb2tT58-( z=b}|R9vY1~bis7f*Mb_vAnR(nk!U0tQ<;~q^F>Pdae?5gnp`r$rldKWxu~#&_;h-i zN)tQmikUO2^0vFBb@6x-mb7_k zEgjcU$q@EFnUI9BajkMi#YucVNA20Ay0R++MPNL`-OQwodn$)ROqC2w5Xk3)1hmsQ&xv@@R`^MI0&&bk+|UEok@^6;>1FO$<|6%%<*u?^9t@MFd%O z=U&?MWvdwUdWstCtes!V2lKuZ*9T>Ns-D4Eskb%M122;$8?c_Q{iZ+mWkRQ+n{~fr zwSC@d7U8ReZj4Y<={tZ#8+Fur>b!`qi5vM zvmohuG{-ews#4Vh&Z?Hp{E3eeH8Se`d$ca(IY}aHw}nWPIt?D3v$;r7z1il7R)G$v%H;Wf|zCRs&r8F+aef#*Vf#BT5E*UFFM!j{sz3cT->dAn`PZ;i`wOTY-%e!)^|Jgk zBFU&zSg`?$V9c534RyhRQv*G}m?1&$0g{D*1l2vDF5pyT8ae3-yS?=^<_eyKb(9bV z-y_HZ4>POdb>CAM!Xadvlj!zyj|yR%6wlOMaH?B?lmhbwvfWGS9aA1QMXj%76x+1D ztLGI5?5AD*UG3VA{!OLJ=KKqCYork_iv5-dS3dz*_0m^9p3EMp>MAw`k`BGA*Qu{u z2Tcmt!Fre&uP%(Pkfs4mN*&YHAl&ldSFn^OC>*4%fuz6FLEHmJtl??Tjif3XV1woW z`w-0X9D~^XmPq{uvgY2*CURl1_E6@XJIo&8qK+($QBy&$Xn-_l;ysM!A9SV>PW&Xd zqKTtFKczh2>#0gVqT}3m_{O20K{e6aM|KL5H2N)f36m|(cl&Jxs@k--pvg14qJ?{Q zeg2eRz12MZb+t!ch4YZ{X!ZB?(H@?VB(Ps6+(jw~%v1PF#mun!{=a#dEYZKYQx_kHhmrB~*< z)vJF^b4)v6>1#g_8T4c6 zTm-+&W)uF^%xsuHWZJrm$*8VjtwnLwk+e9U7PTNC^|o*?>0U{-AFKAqveSB)#+vF6 zvHN>D>~~FCA0sXZ*no2*jUZrYQ?T}3XiPWdB)`zf4)lyWwNEYRqepo>Yl{lPWSw@m%Pjr4kW%g z_ZGup!hEPiG#)UTVTPrqgt-<`H5KN*sfuNz#BkPBmIz?Co}7Yn z;xSKoZmFSd%cR&8>SxO!hN@hzzNtRc%RR-dbe<*?VX~Gx0|4WgI5>4?E_Ct~Nu(vF z=0q)(SAsS)LWNSX`gx3^C zx04$9Wr8rrGwcH{4#uO5Qt`2H);b%HQ&JGMvQDQqF>ZzFVe3oextfeH=kF6fb!#oU z=Y`+~=p~R>)yp5-wcel`%dI`p0QcVxEJqGTi(P)UQMF5)xLlD31;2N+z9yA!1BZLw z3hmuyqisL-LE~f0( zO%vIrKgwG7>gGebRt>|MAU%xb44>#fIdir})lc1HpUQo0S?&!0Yt+GU)JNP0tagJy z|E_<`8>NHMG01%Lh}aeA+;*0GbE%9jx>YS14=g%Oly)YP;-uJr;dyjhVLiqsPwWu_ z8>9g zxBy>~Hz_};m9Q|4Mln{Hk!q0Ni{*7OiSBS$H^{>gN@K0%gz1oAx(1B| z^%9@g{E6jE=ch0jI*)Jiv&PH;b}S)5N7#ZUi%7Y}HFdS_1d2}NGzMx_rJ>$@Wh#qw zOuuD!fLDTc*VG;+m>ST^BU}zbo+*khF)ELxl-}D#Jmx@00(?*fpF-1E+qH#UnTBJN zQaKljr0v=ZLo3|;I*8(GO{4*P*T#P71T0w*yM=UImwrFZ6kS!g^~>?MwIrF7#ia%a z`V^>Ollg=k5sxss!L1sCaHmy6Clda17}t*Q>(za1*O)%IVxj*zmi;Y^|I9d@{tVwn zb>K(%BKtgOdmL(0l@N91=k=*^>qB5Hl#~p7ki~1F-Sih)^6Q;nJUe~`zXpi=OD~AN zokz1w=}$Y(<#EHdn!0{*IZ91kH-Eewo}M-UjW8PXje>`Y!?vNcl$2N!#7_nQ`sbMQ zOcIFI>}fF=!nh??0HoX+Np$*$f#mCDR~R2Wb(}_dQv;mYaN2R*7cBE8(jpwxWrAHd zPMjg=d?=(toIO_CSXA=_Biq(Gi}7KvTG=FU?&h9xcLst&=%JS8g9Yrl=4{UKFc zdR}B2+gLYAwNx$~Ku`rEbb@ViQZ;^G(Qu+9AwwUda}c(stU}SKVml)@hT&B8Yg6Y( zw8xRoS6p^auIeZUsLw2%c}4j5s|A&jC4O#vm;}DPn)bWnJifU3e!pQP>5Hw25 zOAQb`sb>r(2b7_|FulY3b4w&2OmFxH(<}Wy4+vqiFLsV*|NX+Iv8nQL-u=Eg**7?u zM+}+Jq}f0f1A$sYC`^KZynqV}T;N!#o~#R6H07*c4FMXg$qxtf-&G>LF*@5o>l6{% zWuAVU6)4EeYR7xB@UJUj^OzzZPINRO#-aNJQLZ>^n`-qO zDaMj!z~Y33va~KMGTJp@zjPJ1cB2)SRHqHa@wv2Ey?R}d8J(s4r2U*ThlzI4=gAx- zXuelBpJ+?7_0qc$b}08LeP(P#*goS0N;8}>=&!8W0UKqCNO{Sd-B zGp20u(b3spkSx@Fo*B-Ru2%UXz*q;yqQ_9C_8`8dYw%gLm}7l(#!|;!!)ZfzksTPm z4=0i=@W?)2Bon6*T+i9Ku3cB5RcN~PRkl3AwkQIEy<7^77|v2&imO$MN6h!)I{x!p zXt&V#M$}>ITkneMeB)$kYtT^VaQQdkmL$44JH4ec{SZY&r8#?DvtO63!*+_$5uPZF zn^K|EEx%-$WFeCKatL4L3QmA~IB3mfdoa(ccY93GrE&s;Kv<=prEY|fQDzv+ z*P#8HHR;ON#Qerwgvf(xXGvz&TJ(;GBeps;QM)aI70j}iYMT)%Wg39-%qzJmABOz01)fse_rVMS-+l^kw7Vq%6A_JO$9 z4hwqq83l2aW7~*ei}!K6EEyZN{)DN~Q?``A-BffpdC1}V386}&j{T@l4L93P43+EY z>%VO&ZVVzdIf9_6lEYI)Jotn%~xA5`hZbJbp-rwQV*Sf_4GuzHc zZvpj^qHL0BfkdG`ut8XsU;UPdaThgTB_wOzj0tjI8j`M1y^+HB9;nw=%wg)MuUTe2 zETezTD%9;xmcXM#?y6jm2#ojcpvwoy=W~6`dT+ZA`zJ zww=C%zLV{LdT=TgwJpENHc$P_GOLZ1)b9n0O1wo<^Yf;k2;vlCeBc93F>_BRE@?8- zCjIB6ub1J3pFh3?bv;YB1D?-q5pSk06-rAbdV(`Oj;30l);(Mf*P^F&e=Nw2_YNt* zBAJYCcd6qptFi9HMTSM9U?~I60ZNSPMq-I$9?&NMAAIy84TaE3ep}sR?XImtvDyQV zj`rb3<~QOL*l44kn&oXjvogLCK7a%HYHm{5{I!QymHV+JXmM%6Oe8JbFMbFv8eLbd z&7;j&I}cCtgg1pdZ(XycGl^tI4=tP&T$dKuK%G}G{>- zyvT&~guN%hlX7RK4e;&r77<6>k$yo?5snv^kxsN}_usMG*lUlUwby;GW(DgFH!(Z% z=IgynXNT2l)ql|~_Kp~(nv6wn?DPUxo)wD&sfYQ+m3tbKBLZluy`k3^1D zq~ijxX*tw_&h%ht1$UklV2c?9VG&_foT)q1>TjaN$%*ps4wDUquT@7mqjEjT^9i&O~15GzACl9pCn(+$3~o)ts>R78&pTN~Yp4jYYmTe0{mY2^keeXe?2 zt90Ab+w1xg??bNpSu*WWgor^r7S!u<^7jeramjI%rTynXce?XO4vr6WE=>Gj13JNK zR=hoL;19%z)ZM}T!CjKkajuljq#fX$F|i;!tRg`<`u>?9eA=XK#LZEmE6AMoi3z7RChGs+L(K&K^J0&)>CDYnTgZTabWpK$UJ4A>`C!r_Dr(Mn@_-EV4pWY`<)w>XbD*6k2GOW2<*0gDGxe z!NV$i*lE`Wn73>QkUzZWY{r@1J(zS&t%U_(ih%s;RLS7BgNlbPEE;ltYhca7mvZX~ zGY^%YWOchD0y_WcHx^&SVpznYgG4ucr%c91bgMeT=y4vpkYLmHtN4@+RH*;208@!^ zYcLxl8aYYd@(VxBNq0vCPua?4jCU`|AaL7Ra|!=S;APfKMxrX}0^9l(PlgRC66ad| zj3hoKtN8Ryzjx$vwrRq1Ey5+20&EAz)QQ0k4Qr`%Kb%Xj}{G-HPix#7eY2lEc88jCa? zol@L^UB{Z=>JLIa)>5PgF-@U1#FS79=^b%|($Uj(iYrB;6<{Hd)Sf?e+~hs~t~(%^ z@B-=Ghx$U{-86)8f~|b*_}EWpr`=0;L*-ZYfGnyYLRhu703suMTIQd814-A7S~3;F zgw0Y#X3ZnQ8d^RnbdRN#e4`1{ZFtyidg#+r!?*QSAPbJYsidsYZ=eago=bzw<;TUQ z8wt$Gs<>JjTDjoot=i18L@3&Ls2K#z`8~Jf%~NnFY>63-xqNqCT%RfP+P%cY>bUxEBc6@XEZ(fAm?I{Zierl1 ziNe;3bET=HRvt!$od#Zc>r7@-13l1d$CQ|q0oEi#}`G|s{k1A2y z<_UuFD+IY&fXfeI@H=oJxs+o3E6ISEr$Y6Sx48^pKO$hsV;Z`now0U`n+jnvGP5Ue zNN^x#Vay`};Q>NO!g25jnmjvP;n*Vgk=R3bU?LVjcVtluaICgd`}1OFG^1bUeMnzI zLB#sSO1>KkKRgNrm?eZ;g3UPPM&9ia1AM`1H{-x+4?%DT+Q7I&8tI5H0QBc)&&cBX zuel??Bya~S$K{6l3jL1cSykZOQEx|B*6TuU(Xh~JXdJOO-K6Z~_Yj*T*##q9v{GjPjOLC2-v<29%#Kp z>=%|^Np}8S9^y83KT#Y@^kI_ZDCmRdjFlp5Tg$5}l#3!@2rmQ*3j`7$-TV`oiFB{M za4Y2?#DS{mDl@yJknan5G9Tm-_6lE>Bm8-ZdV!2zyWCQ&CLVnft+|8Sl*@`>G~(xT z20OX|ndYU?jZrq0c+89UYQx_Q|CBFisCEbw1EAjQBdn8+|OKRPJ zHp+g!RhzSVROe^npJ3YPir@%ac(v&NL^y2n9kNrzG!gJe<#W}XdpmXxgn)c$2WimR zxd^+6*2hXM3lb@q{5W=Dx-ZGwyi6TXxTB z%V2SDzfw!bCa*sujFg^a@k{Fy4k@?Hr24!R=Z-BJ2Ne5*QS1bPWj-j%_#GB!_}l+J zKpyBwFeHcFpn`{UM)J_LmuvS#oG9b zf=B>AY60dpt==%kHX z5>0%|=*-7@GFs~%r0M8hmL7eU7)3@ZrmOZ2BRA!m%;G+bjyjS_rY*R+4QIzJe3W{r z`eB52wPUMBQvo=+U~r7${#_OcjcuAft*eukcPascVYNbq_L!Z1XBS}xnrER171_8; z&{9&XAq9_?l$#}L;oRMXgSMm!(7s?XrU^G5OHmWH1e4~Gttzm26xw<0wAKsD*0xFH zcvp)jFcW6pdisSbc7Xw}8V!YFArN zXP-7qmRy09DI9wh=kA;{X96BTtQk4<%oDq`uEn1{@JO&+rBG)PRXSCkHf~b1J7tm}0X^Hu_=nxNS+u@ng<_E_hB1fkpv)tWa0!ERi?8 zElqZf`1~E}sTb_D{+PRjcSYc1YEM2-ES$j|YqKl3ZSUt6zn+@VGiZB>Iq|SqPlOMG zXK!>p4L^#Zeg5O=B=mV{vo?&qAGEek5CkkYr`0R`o81-ZFVGq z6LH4expD)YB@HC>z}RD-{>me$h|QtfI4bre*8U zo~x>*zY@9o3JX2}?SyOEe#* zV}QabjIS^F4(1yz)6#x;RH`O~z@ei?72=?qM1N``a~q{VaB8Gd*s2+*m=?Q}225hI z097xcZMOKUy4PEN=6jU~|GY93p&5kfKX+nea&NOM0@B5FFxvchDnB%PV1?Up)^fk) z&nG0hk2AX;3Zy4DMHVaEUx*`(0B3pofi4rPL>f(BS!!j2L_OX`kdV17^jwbz6-L6v zlvBqUH!%QzGG~;Jt}*>i`$kjfNJsQf$ zv?T-q&lJcjOO@aaMBo23KhaC{o@Y)|PNjgDW`O(g=P1p9s;B(Nex}Ny63H)1q9L89 zeVX$_nrC;qc^!VU`%r(XeTPM&%w7zQdLbhI=-U&q5XkiY!Vu3i#}wjd_DaPBqoH!) zbGUy-Np!Ps)z~*m^uAFd{O{j8|ACT!ZJiV<{R1B+?Z%SkwOS}0IsQ#SeF6uB$gRs} za|J)+F%iA6#tNucE?L)TZu34te8B0td}9Z$zqO966Pud3yb4z9=?}&uPo^y&&ks=i za8G1=DUn&KuRrvK`kas`e~{}_=3^GGiNit?h}33k$TyOixfg3H^n-FO7i*whBMA~D zuINkLJ!I+E$uX0bEtFh??$WN(3Qp)&jcqRNhGXigl{UQcr(%|?S^?Gv7Z#CR>y0=7 zwcfhGcsBP=+7ZKgGcJ_OB{z57V`Xo0>W|EROO~Buwn&PU=squKI(`;Hfp7zmch6zxZZt$tOh%&&$tSSx!pO8Qy00ftHMo3P+mp2xzqNF)ap4csmToYqP5JsvV5tS7Y^J z4v}WQz--)x-Pmp+K`qPr--!rnWWirv3>CYnpaK`+K7EPJzA7ECuB;;#dzgO>mwQNm ze%!)hH2q?YIdYb-IqfUMsSDA=(Es>dy<>#~&dc{`==V4LX5=u3_KXpW+9G z^`{-lE7g>(Yc2EVMhLE<@v(a?!3<&2bG?^H#iXpI?O@)nl18~5A+j==`DB9KNCQz{ zb^|S{)CApo-f_lxVZZVIy7TsD^$Qp4OKl^p2)eD`%MvaYn6DGR#+aar0`f#ci)9G~ z(x6SmqTn-!k7fTEEZD@J)%D-b27+%9|1mxCUxodDfaSlOCWVU9vTJ|bC~v46}IbDLtzRKk8xga9>1s;3G+u4>ql`-CGYz5IwFg! zp_kLRjI57k4mL<|Fg1@ECgedBX?C@a$rx|NP_JIX1c2-R5~Nh+#qsN;41p@BD7ka*YUW$98IN}MXg|N z?7I}$ywS#L`^V<3Biy=A=0n{(K%bYj_C0UC%f-gNNeiB4A_qe+^7^K#UHsc>)c%_@ zp276y^DCdkYU#tQPo)#VC-Dmx@6w{rQQa5*n$m!HD0Py`Em_MgrBZCYV5?==*;0Tn zSPw(TlOu$ug z%AFuJeG>*A*B_6^f6>Lf-i_tkzV}e9@6?0;fl&O9viL_6`X3#;LZu5CBzbtAW;`qP zB!zHaa!5k4_694>>u^+L223Pin6O@-Ipu|0_AKpAP|o81v0fPx8I>HGjUh zegJ7E7nAGZ#6;@G$H&ny-476I=X|s_2?GsbYz%!9!xVXa{9^oS0e+DXfB1TaiO^*a zNL+Ha5%@!$AcEGq{-+lC1DQcJIPSGlWQ?};KYH!36eMf40m6V%B}=Vxvd&(3b(e8e z!L6_hwet2xnsJZu=CY)c{j`p@ULMV5X;b3mCNEHHX;iD8n3p+wYTMQ^udTebAe5zY z^p2@X>+zBso^b|V_YR$A?*59^p*qcS`(kRyuEQ)_cO=tUvkbRE$gCCb&av)_TTJE7 zG>K-cc2}P5!(r79+H}S15CYVeNK25r@0pxIf#Qur65HHq4uV?&WOT^PeENI4`36rP z!r#e6HEgAlH-D1|oi{cfq|RDtlGv90>4_AWwfF@D5kCZwS?&q=6^-i$N&twc=m1)Q z-y4nP#^dufA;Xv=41GOym^OMsy-0vv5>S1y_wuHuM#I!zjwNxWD#gAN6p7HuQtzJ5 z9v@qi`iY6mXP-gZlFZe^IoR(0A_ff+qZ}5bdp>A_=26#>)h1GcX z@9~Y|Dk)REAL#mCukZ*wj^Hl%ieN?>zO;w_a&z58aS^z=XH+8I0xR4iQYjnzrcT)WAAp_s@GM8Pw*k&6v)fF6O(%vwtG@ij;1Q>yGmo;xmiV3Q0m#<)Bm?`+>7$lPY=kinCld?; zU}$ru#%-J693(=$Zt?ISuEYca={>}Kq3D+eWra*>_Xei*N1Ry6GXw<%Qif`mWJ2X# z(Ux-NWcQK-pZ_umO(>{8U-Au%)o+>Re@wyu59*AP^tYD+-P@%7qOUC|Ob&%6hp+*8 zC5g^ZBBVfmzQA7`CUg_PXpXkFVd5J82}4IYfNrDn=jK-^sYvxFsiCK-raZMpn%lDb z??dRX7Hf?di)({i&EcdMkXH0G`uWx9>rfM=2ZX6*L;_9X35t_M)p z)~gn1k=~}D^lJNQq`-Dnr}eN=tPU*{lgul~HP6#q5y2LdR+Cg@^`plo>JQ)cEITsU z>2$-HF+X7%DY9@b&*XF#8`TL`#-$5!6!Ia6I^zRsZQs2M_q>5}&MH~<$LC=FO|#LX z1F|Rge5SY1J}gbHyz`?ro>G5MNF9ks&OfYV(Sq(t`YBgDNx9ud%2tffg^Agg>VQ8 za5<&6xd0VYpT?xc0o;28XFUDF#O35u+&+slpas!$@Ezt{A{q%qNXY2fXoxW=XmYw( zIURk86;TEE$ckG~s4@PT8H0ASVuI4l;h>yR7A<1w+(T6QFv$caKXENmX%ZM@90r^E zYI-$~MMF#GDK*oK^gy`Sh^d0#{ON^P@LrYOc8J!^@bQmAWTP~362WpVoVhow+bv)8 zRoj#o!FDt~vb%rqi|wNJ$zR@L`{2#@5OL4)%@xE9@45b&K(yg&AtQVPg7F&=eE&Xy z`2V5~w)1@OUVH5Jb_!|08abYc3KDZOElRsTO5qhi5G@u^K^|t-NYzQIcAXpSq29@8 zwfJ^>;I>5xOfDJ({L1-xWAXoB=N<`Msyao%rneafa%1`4VI)Dkl721dp z?&^JZDkxmt589EtJGLX7R*`|`ZN%%~%M{-7nlqq_T{OORH6wxg$>Au{>8s-ql_Np= zJhZz=wtU zXb|s;7OfbhA}}eqVHFpva6AGkWY`jcGy&fJh;c#uz1k+ zS_8=1XtrJsFR5kpEQ+qUv5j7SuvsXBEplh&9_s~MpMH_`06nwKe*CSq5)EWie&#-&a z(q_@Q^H5)zO<|NEhXUMwlHZVMS}yz*y1h)vx^K;5#@*J>Xu{sZ+u>XzDR47|acmmL zuxuH8%<@C4^ZAz{7Sasd$NleeGyQh3N&oxhrfg&Re~}dj|HF(b5C1vUw3c-7tB`LH zi!!fCQoprKO9YG6DALU`S|`GV>fN5KnW|-+Z~_C z;9%O)l5PI&?fnL;haJr_5VJS~*kO$mA!Z=KNJKNlOqCL1KpFG`ZQQk=4%;OV^h|6= z8P|@71oaXJAJ?Y7l^86epP=Eg>D@QZTC1Bt+-eGJ-Me*IahTMaWkt(W2n~O)qp83g z(*s(j77S?z0qoy`bxlqZqJcP0I$F!;l)GInC+pu&+j}l}3Nrr+nONz2JjCEFl-+BF zbd6qN0!(u^@olQpGfwVp&6=2uCV zI`DsH&=D<`Gt#Eja0o5N==wauF8jL@ggeR z%~HvlqEG47^)tGm$shWHJKLx2tkp9Ut=#F-`Z4Si(vuQry?~An%Zo%nY%DfDAwhE6 zaTRD6f!u+gkKsfqPcg-DE-fK4v3c_snIiSlYD zzhjuBjmhH2@%LXF)cinVeTHP0W0{Fuwb&p{Hz6sW+z%#MRz{(|z*3 zcw!I`DKm}5{6boi$kh##l8TuHL@+R@hkY=reBc(R-GmY9tC3+yN78wNf`cg4BYj=nh4pC}DXrsF-yl0~RdmG~pi#`P?-^lhhC6 z>JstBWu+{}tqY}_kb)|Qd)(>=$%}xD$~Mb{W5;)gsyX{g-P6S@P{F^cEkX=Bbf_M; z7;W0AcA*o@``q2klvq=2wc@NLn;_mRCHr&pXlZlAXc!K)JsL=`T(fO4IN=-&z01y- zH+sbD=-;W!*3Pj}GF%qJMDl{P2vVi>hEr*F6A;7xH`^+v^szZT+L>LK3cb%TJ2X2Z zO*LGtn^8ji%S?u(N<#bm8{;##vS#VNDCoJ(&fZNDKq0 zq2pNPUNh>=<;KuI&dWQfjB1w+B6(9e_JXX1*mCWYQJfeK=^!r{K>LP;9+LEwyJ0$A zL@aeK^_`1Vr(s}%$`39_2K+jPH8fVk?Rg8$4314h9~gE0*2=U2gO)_IO_c5PHa4zh zoadD?Ef$&!m*-A-%9FWz$^uu7y)}E3b#4?S$g8<>Mw(uB?elSVAV^n)y=FXFwP+a> z7WSO^GWC@oQmIa8AA1&v5lSbyk+b;0qkrz5P)OxForLL4Y#}-B{i{jQVTY0-9VAV) z@vj$zHL#627cGuYm-mIHRRfV5S?8>RX>0QNAGjEfLz}@$hcb|w7B+wirOYM91N|lb z^ltO}H7n8}R8V)il?0o5)#=exl1OvE9I(N?7htNVKu#pCrDq!9$5|+wV=iKz7FPVm z*hyj~t*!Sz=)YgPC%_QS;w4+}qc%vX(DxOIW2khY4mU?cMyH)U(ZUipi?gJHHLOb= zO*zN58nbWaPQNKKi641P+eynZzh9m(Tc1sh7_s6?Bw<9@RKl~I1T@@E z%w0RrLez7H@})4w90t}1i49rw1Bw4`zGt_pH%?qBW%L%Du*s+TbppEJpxrVUsY#lK zGTPI{5Nj5WBn?``g*gt~BSI$gGasC-QsazRnjdp=RZj}xz{cK%-oAM?w`xyxOb&ft zfebsE5|wJh)}C}hW~pC7u7Ik_fS^283KSO!$AudQnI&9#RDUjFq9)_fO>iM_YaQ03 zT~DJ3EDAw<9_(cs-6*_1HTGhCq^-@RhLX&_ZQ}Q5YN9Z!B&^`7nh?gEjhNh$Si1T# z{1=<3zfg4A9CMd*tlWtCU&8vIE~rwsx5)DHDX?m1tk$GRAhv%PlU5IV8Cxb9$dvn^ zS)Ci3%06&^3(Yw2b}v-PU4TqqEenXQgyXsj?2{#;=IYEL`(KOFn8BYmk!tY~QBh_%K?Br!e$v zDRz}aZDLqJwK^doNAR^wKuw7P1l7E)0>x%n97MMb3dN>htS1on)K=wYs+xhdxBP7@ z7i>~1cyqu^44tnW~?T!*M7i$&N1vKM&aZ8&`gS36K#EB3T+c z3N`IlBIxW$SEJh54*%X{d`R{SNRThT2S=H6ykd#gVwM7mOu9w~)^vXgHT?9gm|M z-AM9OZ{5XRF(2)8$R>FjzewWF`K9lalrJXx4o!ne-w+F)3UPA%lWpsxXSQA{HtZ;MtET05!oCu?;G*aXO=ahM0Uw>3J;mC1J zlKLI`%VIR&q4`G=H>n5pOBuJp$R4Ura%U1ZLx}WgPD6oaP@$=al?Xc#=SF^CT=l4O z5;uizaR$a8qHF`D0SSqPUy@lWTx_gwxq2f^VV~-~3k`A6c3URFY8tN2HMrv15NaK* zwB)HAM6C71=v1|WLeWV$BsA2KeKL}TbGuj;{aN+vI<=MPAx7L z0Iz5Tj}&;E_af2qdB!6GEV?b;Zr*`D<+kovNY!+7Fz;u< zj4LyavtgY!xZBP+c@C4el)E#7kmm1huVc!m?y5D~F(ZU#&D>Pnbt- zqXPF_=&`v}J6)cwV3_^GD&nH#9m>w6xa0l=QA}EljIfeT-P-h^&sV|PcJ!!gTxNjiEm}^V%CAjL9cF0mF%v3K4b3vu~}gL zj_l+2W_Mt?w4wQgW4@h9U5X6iJ>He&B9mc3n;8~d3V5HzL>=MOrdlRrN0#10O$vu!vYGnKi#b= ztj#{2?OvNt{U>VaIHw%F&c?~J2eG;PlZgkJ4~<_ikDikH?+$6Yo+YS!w9g}!fcE9I z_h02LRxDiuSqE`@HlC@vgQr=*<&q;3voh3Y!niA`(w!q)(ONE*MJt`?wRns@%^?dt z99EVi7g`zqjcH$M$)f({vUsh^@YxN>Wyf<*78(MhEZz-+N z`oqwq?}9f}+i?fX?S)RaOk!K2!*}hPB6m>bO^eW~Qt>BfZ{*l}!2BAfMXooa4 zFjK)_(-^h7#dKH3d_dcQ;WBBmMV8aPTWb=(9i;sLf_udB>7x!WdX(*^r327;OPUqu zdeh+Pd$dn<9^aiO8nw+Q1N-WP%N;3TvD@G87I@K_;$OWj|MSF z(bZ2UrnjMSk7vv*qb!+t-JLVHu-0cML?h-!rgNV0SWIN>UMrw2`s)n8BRKsoKQxKM zNo-f}!gHJ<%qCDBZlOq6gA@LJVBVop4zL|VHkv){g!SQ1?|WijOI}fA3v}bGkLv^& z-_UTcYPlENLjCO6zOMB8`Vox2UFEuG7Zub__U*cn4Ov?RpM8%HwSw)sG~fCZKBak~ zb+x(hLKqYZq0@eKj^*WOW9ai$3t3^jB&4X62U_eMn8kTJCDjYZl?pj4mAJ?u*u#-B z;`l`)2Uf>kyViY>TSP5dxlZ7cRLTofH{8Jm-`|=lkNPmF&W2+>_XD}}qS@fj;Zq#G zjub(Z70On+f?bE5SR(Q~VBCHkzAM21E#co}u70ZgXPn0Mb5q4R;+Aac4~VN6gF1<` zP_TL*zigjov&%`cG1>~48uz&mf_Rxv4>X=B4up?9bcO(=Fy`DTSROU8pfr@StBwTH z6r@tjDBAm&2b1`=x5VsiP|=$zn*rh3vOh-?Qzjmzizc5Cdf@1xeh+B9gP+|X`H#p# zkk}%ydJh4eSQi~}MYQSGJz2hUc?WFmG`nSA@W11VURR~KMfcovA#cMm!ucc^Kl7bl z=QivRtpI+HX0nrS4H3N1!j5BU<^H;Y&Dws_2l47lC>kKUL43ssSwj!m8W@*a-O}eQ zyvzk$86pzt%vO>u>b#DKawGwO0u*S8GCqiw7}eq_CO6BW?KiXbl{)}e^yffz(K9pC z30YKdyV+_5ZY4M4Zkcksi{`x1x~lO$GUm6SNXv=WJW;LOpCp5O(ti|tdu1ZH!z`Y` zwL!i0wu3>vjkbq{K;b=A`mj0mx5?VR6s4WOCBf0b>>+n{=t(WE-3Xq@Gxu>Ckl7=C z?c@cdc!Lu$Kigesf-&gwhnM2&A~}zWzP~Cd&qqt5GbaD_NSgYD^%Q=v9DlV_|I_P> z5$d12%4N=WJLZn+<6_v#8Az+zxn8&-x@GXb3Bg12K4tv}k`$J)^7P>o6cm9Xk z{8yUp!OhJzwn(nuSBxNi1JZHBmZwy3Ys{;rikSz7Am#*mEZ}kAa^>NmntD=uo8nPw zHDKu0V0zu6x(cf!w2fdUT3T9oGIZgN6_-zv4qJr?Qb!~H&N|@8_WF9;rwGqkx(xVS z*u$$8z)b2XD2zxzsqkZGmXYT`Tch|Ae^k`0F#3*9tC%1BuL9P^8`aC#3lRd#O zUHr;2^#OMdm3_6+&d=2N+e>tl1s$)BivjRVyt1;5OiB*dz2DBGtr(6@xCdssGC^11 z@1WjvP9}*_{S-caPxN8VF^qFXD9<;#&sPH{3WL?Fa0eXI^8pqcrwxvS;jW2#wBFI; z+)nnF+X5VKyT6SRGaL=#zQBAY>eOWT81rue76y&7vVKB_`|~VM^!Lug$XOixd0Dk$coC?0Qqyl1=D{1Te) z@AbOOjHOoJD|mj!-gxS|tD0_~c+P(Myhr=-X3rBvEJ0bpEWKR)Ao3ML4FwA+)SVl?fx{cz=4UjEqK`dS^x3}uEq~ygA zg_B_Ll*q`A+F{y#uZVfhn0faE>+&sY@s>w_jtiq3zD{I!*(=9+#_Xas>dM_ship5q zvs_g<*xpSzOHuL5xVd}v&nj;-VPMNm4n}E^O$Cv3Esx68D|$Hzaiuv`AvnT7$8F9O zkfA$syc4M^phH)=^v_Qo2gIjSrM1SlDKgv!pDTzr-|iI|XT*F4i=GtMpQEGnJMgF! zawJgn7mie!$oP7gkF*?fzNRRaB$-74SXoOV(^2%zpD6!g7Ojd%jXQ~=aL3rdvmatc z@oF*y-ejplur>tGbC zc%KN-MhcKc_Jr&ptnUIAEXvg&QE50g6GCOVZ^tV2iz#<#G z)v6Yi?IatNv(qWeV-f1%EVWrq{p7fH;lhS80@On7VJ`aXYV=_bnK96)DlrhAHA8Aw zP>&cHWP9wm31ffA>f7~Nf>o_cgetu-U6pL193!1rk6$_(+%)J^B3WWgyG77CjxG|a zdwnSQ9=(h8H{=G2&&!xhu^9$I#hON7LPnUOce#YDK|=HY7-!v85(IS8z&&fs(EDci zOH;uOVTs^HHZl*OL8<>FtYG_KdJ4QEsn# zV+ixRR~Ci)ym~fwAxnaF@tqT?gY*EY{%EBOlhj_IfBM?7tKzR39HhWX0zg+UbS+o5 zpPiJMJ5n9y`~59S@4_9BjM-~TEybF8eHc4l$Un8Hy*uHKfao3-x?-iRED7DQx(%gG z_F<_zpggmQBQ{L$a5k2ASko<-Ez}lvwz4(4iGIQiLZ?8Vp96PvmduNW&c1LlpDTqnY(2S2Cs8xdo^#4pTY=1PCU zerU}T+J1Rgs|^u-rbyoxbwP(*vcCw6Tad+2`dwmT`w=L?l6WLx|bHYcFF z-ED13_6uhjfc$vP^nr1|Oa7|Icm*}_jOf@kkpVkmmACJ@O97o5sqn@SfuP|AIGRT{ z224aZKmCfs?C0OL4`~>h-{Y1%r9asSp`N!=8$>|4QZ$EonknB+3ES)V0PFlBallQQ zmJfys=oUgOKGsx|Bxw@*irAN8@0VKCbknmSB^+tN{|c#GDy$l5R1|qcZ(`iN;D%cu zl6aW~3_#vd1~t1kLHu@|5iDtz782=nfEET$K|JQ?f8i6w`-5|1wcDG%%$q6AO&pzN z)=$IT*6<#EE`8q81^Get@_XgyK&WXNxJl^FUW91~LgdXA`7D>rJ!yzK%m=f}E-^_S zVld`h@wIoTQ^ajC{owQ7f;TRn-X_&CROvkLt0sI`aA25uklL28#30z#;g>z`Iur6P z>*Efuh)js7tI3r#H#bcUDRwD*)#6R0q#u&dML`7f3B|(RnTd%YbMdwy`&s@w=rs7W zH>O8H?qc(zhS$6ifTrt?GB4Ira{LQcw>%&@;UrssJc|SyPoL_AeHDDbdD_S)j^>r# zlazt15bK`K?4RbDx21FERu-Wih*a}XFSA%$CbeQ*E5{IAnM^l185J?W_Y)6jUf58) zse+rsbYwTcd3k%P8XH)VP%t#O50f4o81Fp6{@L^O-qtMofgBG(^dEoA>bfRWI@je? zDsig-?ijQ!$Ww2qG~E?kX>w`E+VP1{RMKc~D$$21S=A2Ay7AtOSwU^tI1W4Hafp_r zLMM@kIrOb`5}Jcw|Ds4%!;Rt`ek+pt-vT)2f2TSA{7J7S|1wD#jip0sp<)4wWGH(XKGUPFgM7$pJv7f|$ zB@oi_?(b)0b}s2yUc_(tbbbAxj~s?5h*6|Z^^MTN)^3T-F_z%x1*P#Lw;{EMnrB!? zy}|%-9caf-YKOd}XrUu$8;l@zB`yd{w+c6xR%L6*yKJdP+$HI>U~D#bgfO(uK6Scno<;Zl3{ap)e#`)swE}pFj6jQDKANX7q0K>y->C4&k<`gOH8dDveM27 z&|9uN87PozI4>K*tkBxi$h5Xs^f0X#30TuunQ2U(aB(vpEn7-eN9ZYsQEis8z%6%h zl^%(mNzY`LloJpgH9lybRwp_}|6P{Tbdn#Z0yQ)ZJdKcLlsJ~BZT+|PMB;cnYZB3W zVA)>cRrlS1~sY@Xxu0H=@9zOHk?|$B(*0$Qw@qM$S6aHB*hkKl@Q4|gH z1p|7jO0<4Dl08A@uBKX$tpQ}@4fQIvb?bs@1TL`%+mG3W zoOmkFi5{7rKz4uz#E*mVGuR=6VPg_*piXg>0Uc2v0|LGIiT_$tVlQ6Q%gw+)*y zK@Hcpar0SF&rC|(@NCk~lrJE>-|NIn@F@R$lw zquqZo8d93btOLINr!3#$QeyutdK_#mj18Us|0FFJ#*NGL@gW1IN0fzP!_h**+ZgzM zNw5DAN8Sx1hX8!YMH!2&nFD_IYo3e^1i@_!V#wxV21KSU5592ud|geXn&@n0>HgS8 zr^FBwpn%~rUzYCIfqYbyGl}6w$(lKWHdxfi=IHHiz}1o6_*tgOYd1pSR4|yy zt4gRAY@!uC5Xj$7lxXdctx3eJ%_}(Fp}PJgpPEE8Q59#{zzo5mv0Xr-o$S%C7oBu( zVwA_JAJcq8#N2(;7=s(2(D)bQ4ucKna>YcJYG(zR#wWZ<-f?F;rk8)9IkZq{nPEO& z(Re2j99HgY-fB|MpSl2l($^Wo=!0Yt{{chmQ4T8?<=DV1A~2wmA~ zRXTsx`H25=B6GThX;33R?fnal(d=V+-++EL?CUQGECD|oiQ8_Ezo4RaaiaK`7}5io zUi5t(C`Q?6ka{3Y*^05RlcS$4KW!iu0X9_yPeo25o!L3kMiif6c?m-3A<@h;cpUzXM5!WnEm;rzYJ~!T*Bk zqcr)`@w)ld?gUIgNj+vc57W-El1!3*sJs$CZ-ZS6hMKDinPB+4vy;6XeQ|L>ygYk) zfcY9O(+I$xf-F<_sQhfYtBDT=^;^eqOzpsru{jm|l}d|8c-?OLVkHNq9Rc_ zEo}i;s<*?5%H+`J`D=q0Es3AULT1M97+QNzTy9!WKZTVE)Q@hq6-f&sE_dr7N^ry8 zO(?mYi6oDmM6OY8sA&6dd_+6&sdVR;nCU`IsU-#wMT#YbO>>SOg+VWZ13AI7a5KHnc;32)#=Zeav=jGTqTu*1P&i+BEbq=hQLk_OV6 zil*g52L3vat3O6#aY-|T)8~iT=|S?};|NcR5{hJ1KcJDaYJ@20nCmRcs*=Q9MtKg8 zd&qrZX$3hY2DDHX@=~=dEG3=DYnGA$J1W3@?`-8H^gZlvWvg%W|0d=|M(}(G%EAY2 zJtw1sD5`6!g|-}{y#Iu%y#_X9BpqwRVwJx#`EC~^v>2H0LEqs5;ceYH`}|1BMZyQ4 zAr<2Cun(<>(g6Pm!hX&x59-9Q=0IWNxJiWQEEI2`i6&hWOI%~-6GGQarl4gX70!I2 z6xqN=3u1rB$B=>8Xk^$uOdD5_5O`;xnj}?R`w)){qkq*!hvO^R;d1W2)&-K@f@$ys zd=gI2fQ9t4{d1xJy;tg@{iXy<-==!SfA8b}wd}tE;O5Tn>}2*Gm~3wNPf;HKk(QR&D>zvZqmLsAw%JHEAA8B1wQ+~rnNTB zsaR)#(^}v>uGT#+TTKtA-d{gH$b3EAj0_O#NvS6=QzZ2_2c)SBYEt^*Tx?U-hOCk7 z*+FkXFX@T1|M(SWF$`p`vkK;6{{`-U2}27}y*R9jv3;(RMQBGqL^Jz(3ccD2o34@xYW>O5z6VHRLwQ2(E;|0G0ql^%}HBIl>4i_xw{CkOZSuo zwh_HWMQAzO<*|LU;5i5O9s=pn=?gS(={fKP#xB@39?p4ndb3|NkvNWPqNg9oQHNS7Bfw;Az!3yxUcPq z3}m)j68K3Qd7-;&O9SNOu*f%?$K|NY=B~F*&_DjgiMYBLdubS&Xg?K3u(5aJF6a9H zP<9SMqC{P~E!(zjSKYF0+qSJ+wr$(CZQHiZcVGN3I-+~f5pR$=$U#P)$Q*pR&)#c& z+F+7B*L_ZR!c5AVKok_AFG;m05{8Tt`3Ct)@aYhEQi z^Ni>EtfrNQS_}9&3_Z~T@JMR58(a9Njo}l#BxhkPJjuNT;5z_%w($U1Ym;U2gRKkP zgNeA%eFERRxgH=OyDqT7#eal2fiv{t%%>awm0Nm!L@;TQlklgUf}zNbi-vuwoA+e$ z>En-msX5TBz4C=IFca>ja>SQ2q{+jpF~UKyzj7s|64_Z|3`xR|N1=tlT(w` zBK=U7QGZMu8=2E#GL3;DBU|*3;@z;S0{RstAUZIBOeO5YBNC@cG}f{;%uJEzS~fzP z;Xmt^RcVKLi>rP7gJDsZc$KX5{3L#ZOLnufjorpumV z?*70=yNeE<-dE}S2@IpNdPC}=4LU*f6zo^NWx)Khw^Zkl_0$}A!0z_3vv&ETt9VOU z_s|~cA|<6NcU2vrqV6g<=nlK7Xv^PM1l(G@@%rZNg+lp~2*|0YoWq#GuCnStUXMG~ zn4QG@aout5iaK|6dD;3Kz;36hOJ?KVLQLps{dMMZNIZU2zW+%+f)__XN@9)CLc7XL zW4ADdHpRJL6cmylE)*&{B1ei$E+)RQOp-r8cG@VYG}1B>l|@O&=DDHH@X;8;x|;ix z6~)>bI|NlPvFPweB5W(Mo@vJyvXgTqS3~YRD+vLw#mv0WfyF4@D0r*s9EZK6u}6i= z#+V$IocINh@oL&EEjUMEGyRhNLDX~SY8Df^WV!cjj&Sju&wK_exXNu#x2d6p(TMZu zd8Nr_+Vlh}#>1(_yY`YZh!{H|C!W`7Xbik$DV;w!s9Jy}<@{MLiabD^$@Mp1dgZB5 zJ}Mn^)cIVqNi&Huhf#;#2(+bO*^Jbj*lf{Mmq7=VFJ-RDlFh)Q#0XR4L(RT{of7YO z+`OMP8`#OzpQ4dZCoP*b+|S%Hj7}qXtBrEYZi?$A>&|wK4x+d!ba2TMog1>+>Ia9` z{XIa;SejVu+TbMW$F`ynuw_?u>N>}a9 z2^5~{4YZ!L;aqU#ZYq2kgT(sktV+ck%Rz^lK?XuPVF=T;EpEXtE*t2O{5ps3Y zmh|2~F{iYlNXLGm1Rx+>U5&#>Fh52B=6o%%oAU;35RjpD-eY$1^;m>49027@akSQ6 zVj%uiFLm?xR|ai_p4we#wALYbeaQh;1Xrr9GjEhDuMwaEu<%u>TuRQwK)Hf-dzsJ`3v>-;w@9W8s2hO5TG9K3g`?=YEwJCV9hr7Sg6WDMTE^e z&Tf7G<<`E{<;wo`{g;b6rOW0xfQ!>7qj;KV`QGhIXyE#nXQX*=Eu0r%4;V>v;$`K= z2jSRqQhggt{9bpdBcEn%1Knv^^f|h!g;5jL{k%lw-PL=i9$m_&PH~Q2U694hQ(!$O zv93|HveqLWoRgP-b%%HFb=fhF-RFR1^(jDTsI7ocZTy{+=wv#H5YrE068o`c2XC{evOvMhCk^AAv zA*e6sM0(7^BbD?fm3FOl@6}Gs?)z~}dH#&BNh+@>!-OF%>lk-3I#*6bFpW?=dUn+4 z6y;Km_**XDuW*XO_<7ZJgx!4A^$`qJduK>O`Fv)rPIW}Tjkl?bkRbiQS^yyL8OcBF zlL`d>@y|@ew@z3%+O&(bv&9UPN8sA%J>Ct>#GOZAN)4&F&bAuj#YKAr=gmN>4=DcO z8q~cf^2mpLtgrArVg+`euVQO*%;90%s^4Do+X;yuDNM*)tX@dpmVzYo&PbX!Y`lqZ zt&oI-lzeTz?po#JwTMr)n_w|rzR23V)F}|xU{BSO;DJEYT#&qNJPBOOGfIB<6aWW1 zN`CIy#f`>5NW+gJ_viaacPd-RTM&=$6v!7Oa%gc2kUhV6O3>TBZfGK zi-tNfmRjesD-O%$nNV+JOOD#Iq(u(mjU~gW$CEY^rCCKh|I{TUuFg4GRNFOug6Uw< zF#toGj}T$6YFHoRr*Peaa7`rg_8pRr0<{@)NB!vyWkJaE_;*G=gHdzg&eiw0GV#|6 zpTVp#zStObT%SBRGXb7@A4W7RhvKt-p`QN|ywdq%EkCj$Gu`-~d7&EGqM+_yPB{E` zQ2wuZ;lD!se}aNYw9LN<4->4{)bb3D!tD>u-r>+!t%V9AAn(lAlHanF&a{%-*nS6q zCz(~T#xLG;M0)$)!3PjE{~-T5NAQ;4Q=vQ=H-}Aw>=7^MK-Y3Pd?Zzm_Q-KOZZBp& zWeaHLQMEiSwD=&JE7LceGnezjTaSsF8q~uUAD0dTM-%ffAgLWa#l%*Sgv5!Tsazpm z^#Te0CtoY(Cx-5?ya3`6LWMoeDh=v#^Z9xY&@b$NPw@z_LPXX7*kxJN0089w+p@*~ z3GQX=EbacY=w?l5Z{_1;J~Q1{Q%B%&et$y$KnRk=AOg)I-~vP-ki@hEfC$wz687;u zW7DkkySakq0-v(#mKIbkP(2Z78v#gATs>f)uVU+>o$ z;&G7kA7ARJ?%hN0Q?A%wx0!dkp0^)lIpldF-*G9f_9-dZ7YlBQ)A3>L8Ko}n#ZK~V zDpIAQr<&^~e@9$&EB2VO;iUZXWn(8kt+VkKJ>sRa3m@A#{lqgOO)j|UpYM>e`Dn7^ zWbMwnluL;@VK1EdM^eVYPNA0_v*{^LpxbrP^oky#vehJe^V8JsEj_B{+Y}C)8?Foy zYb5ZdhnteLg8tn@%jGBRtV#Bi4byVfy*pLaDILLv;w0L;oSQE3hHU-GF~39bH1@(d za7GR4a+mHqK0>3mTe?&EPWSrw5LC9WR7Xc);C^qk}LjN_-d3x!8-iZYrxj zWjzOmJkMhri#fwQ#x7b2*Gm1$>v7d)DOU{Av~od~Jc zs;kIAtTY{=(Xghh(nzI^8CPx~O+civ&{j;Zi4IY=WXhOo@`Px8SbC%BAc)RO9OS#t zMQV87s9bXy+w?l->4`kK@-aBGh9v=%lE%8Sm&I>^kZnSVI^|4maNM*FK9SVs-2PN$ zdOwJXk|=g0ckWFz+Re&45sK~+QIe$xGiR0wly7>=!1bkc7}BS%)=@r3L2FOc-pzHG zE4?Jj%ucK#aGVd!>yMH!+ugc#YXxV!FiQJ)8vR{qcPC5!4(r=)g}WztJ)J)T<#4RsP_q~ zlH0mBne*X4AT=z_j~B@-dpC6g+o$~yQJwgLG$D#XrK|xJw_>3JQJ`h7;L_`qK%k>FB!>#F|Is4!JhjegornVA>06W7u3+nBWZ8dT6@npv%c+&cgCAWX3S zFQCz?`aKDUgFOQSF+aD~v(xw}gh0g0A3S)riYk(H1e~g+P==%!sQ}4nVi_YNz%O*t zf_?ES2}Z}_X>J3N%*JpY?gm zHGfq}4}D;{>{Ap~!P3>tZTdOKrnHW2B45e5rd1Hfu}IS&4FA#?Rq%ErP1A{McdJJu zB(c=q#Oeb>bSz&5aGYPt%Nv+cwsy6gIDzZ&UPO?ONX1 zd}&1UncZD`gD-~s)<*N%-J!q9CQ*R-#rGQDrM}alP=np>cPeyXe4%#0j+XMnjyCDz z+){+HlzEc%)-b(Qdc#l6yc(YGswL!4;M5W@pNVcvFU{>(fi=|AG4QEb&B7OX9)8c) z@Pk7fl#6pVOjkiZl>&_PeUU<+f)AAY>rBxzxYPTs*04} zlEEeC$9m%N?9aQMdxQw!8F%+9sGrQ+z2g=3M_|B~Eg{}6^JbiQ4ZqJRK85MY#qaY5 z2zt^YV>%P@9M8js*zt_R7tCLYVcH3?%tK$u>tTAc`iiUDiOmL5JT0#KE7mLs#y1t4 z2gLk#>D{*%_yx;=nH}#R05rakm%A_v^HWmwiDo?-N1_204W*3cUe%|n0ff&kxqtS))#Mm5F#AeS0KbgwjcadY z_R(#g=Tb8;Hgc$Ia_<&0N_X#e@=)Zc{~pfK2i%eO&Mdf38)Zz#BaKS#^(KVl^KVg^ z1Jt$+lNYsB(<|BGX0_EwQ2aRj%`7a-fSbV;SA@z0DHCrw79V)9>Nle zl8uSL{K$9J-c8hqNj7>1dtn^JtGJD}M%@|&TAlEY_>FGu#lrQzF%9`_Idys#o+sx{ zN_!&FLXm=NiR`&g`>^OWyugekWt}$V^S7C($=?MoyFziaMJ1|7t67*8fkMK))-p$o zEcWqlRTt5WQJ^gEny?})qwV{Uw5(FPc9jA%)R1fSQ0uG~sweRal=O?kkt7nvS{+MDLoZ*_j><$c;g{B&je?HZB>m=)!9YbKVHs}t_I%yv)B)76# z8Zh@G7oFq^k{pHh17$q>Ql$AYj@FWj0Jo?DWm#M~a((&S7B->e+u?Gl5+!V6rt(83 z6ZS~OZ`|}+oa0~u!dzV{Y-pJ|YsUpylr}s^aap0`PsS(7`<>wUOGS(>UJ-mTY|ua+ zttwLuQ@cJ8sEYbY+aweAd>^O$^-PnOM3!vc;xu2ZM!1E!->8C?kJd6&iq88l8qte8 z(Qm<9R4ZlG;;fPTna&U5WcpcQDEGSzDaxYeVLfo$^R zI#4lc`k}OIgF|$<&OGMBWoq(>D>6m&3#s}WPCbwb8qv#_G`Ky2s54x!cJGrb46b*oO?y#&7TPBMd6d-0)q!L z6o99(d|-RO-*~uTVy#|qeg?yuL+}JNydPB*mX{0d= z%Hg0=TJZ86qvSe6$;usiS#Nj+7XjMNWk$;m8U!-tajIUXaf&o(`!#nl15qH_=hA3l zTV?+Kq@Tgh;p}R-=W(&uQgdW5^FIpW^X8D*gqf`~?2#aA}Z7@f0pMtMmeFXxqep#okg z2YVzQ<;m#x*WH_Q{W6Id_6tU0WnXH zIMgZF1q{sMn7KLqkTIYkAEDSOO!d!^IL-u+4`&cLhr*S1M0s$X5QL>&KwW|C91>M! zOuEWw)AIb8FFm6B-`8>e%lKO$FKU|Q~Y}`R_MQ{HV{>Kpn&Z7 z9{}Wfj-0Z-u#!K_!XCJY*QqSPVOpZUDW^xv8Y*gLDmvLN55Ww};^dQK5agdD9Pg!1 z%u?*5rcn|PT+rottch*BOyZYmGud#y?X-DQf}s@SqWI&~W>9b}o4+8*I~ zE30JOEWNH-8($fmc~lzJ6Le3_lSEb%n&pnmhfTilv=3e}O0)@;$*mQj3ItB&Bx-bt z#l&EZNtVxIb>AV@zMJO9t(LpR?@2~V%EMtOD%bQWA2$u(gLWqibIE-q^M3tZy?+;d zBOgv}^j~p{GTkhgzjJCv_S>_6u!CoE)ep|9WO(2fZ}CZJ=CztrehU@{PxGHxVJr^$VaDZ=mWQfb zh5>~)!2uY`QXN2jpeF};UjfesDt0&^cIVHifeEg_rL#Ekw(pjbrkDL5NpzsiHoQ_A zn*a`d8Em09Nz(zW(>D&O=fHQe|Fwa3CB=9YWWc8a?bNMMFp21!f&Z-%QbBllv-HQ| zc(?8yZM6uabL-=AVyLpoOLd6``y$*|I?;gNp6Y7Yty7mAXi=ol$WEam4=$RtZsYt_`{IzGp zY$4d|7qs6XX{*dK1%xwuVBricUG&TmaLAG1a!2zC0e*s*Eg9qv4cWUucgOnKS+7PL;-FhSe< zz6D4I@Bh;IfLH0f;@|$w04fJ4jnE#X_Ia{3Sp&ETl0g6A#lrX%0kR>ewUyvx}cG zP2E7)jG_{Jgh&Z-k`M9~1Xc4`_h?J{&pBpIx${!-xc7#gEa=Po*9Gof(^l#gf&ScFy+f&}+T~7XE9O2nrA>dkwV8OMA5z%7k$`o%J z`?8g2$zCFyXubpI_PtRR|NONPxyf@s1RE!Xse%vYvX_d7Sw?B6;v%1jbd@b2nB76W z5whEPAg;$>5zNaV+!Bl|DTW`>XN3q_)s56~3ATMHJ#QQkl*(2NtNE1l z*ZHr!r&EpK_}y!qyvlD|J(YGVQTl(q9wXP&w{)-&;#rZAlab2{pXY|XtzGW^36ar` zg-z!8GN~pL$l;jbHCG!N$D)|mn_|dJ+$f!nLK&Tr`$dBjD%g+1W27yx%5bGRLU=uB zWnY>TUPD527Bso0OS_Y00$)6F$HNp z*u?YomGLE@{r@92o1XTN$jcPC0zUWn0Xo9KbV(qZpm(Ze03@tyJ1tGr0=+ zHXi<_o60{lDu`t-hm=9JYDYEv0?Fv``m=#7!M))|PH{7PLQP@#!RUCU(Emndf_|`g zGhof>aPrlXqE7%0Yu8pZD`_b5bOVu$TEA6>#cq1zBN1mxa!JT%6AD%df8&fVU18hC zFB&Uj7XvKyEd3Y8+LwEN05@7fO_hOJH%*!zY%|oaYeH1%iW+c3Ine#8&0kPt4ofZI z_{3bkx{zEVhB>eYXH0e4-D@?&VUGE85UsqHQ~Mpa+#?z9%_Csx)`yVY56I}g_5ORs zH}JzJx#HiZI5$230LA}S@%?97aW=5FHu-;Em11>RZ{_9W-`pt@J0_2yxHx`!dto3# zkb*n`-~fK4Xfi-ZLQ&<9gs#4^sV;{TSOm*uRjuX~O+HIdE1PP`O_$E$W#K6N?d_V) z>y{dw?Uv2&y2|An*Vb*Unn{4rIPa!nE$}1VHX@!F(%je;Mv_1=8GA_hw}Douvx zfEIh9G>hqa7z-Ff!wp+;r~=Lt5B@BmM^pY;s6(~JCgoKLjVilNKnqp3%T&+WLNm|> za+*)|CDJPs?;q-BV;=-HahAMGwF2$@kZc$Y^Kmi)FlS&=n#*ZyIu`H~!Hx>@oJWSZ z&6j1{aZ(`7)i&4Io?NZh*4Jn2|A=@-w=FT#+gz>IYp(Hm4Ud*qwaX~=hMgInTf!VI zR?+$+WaKH%)oGpE5k*)2&QL%?Gd=1<^&ucG*|LUeiKwk$ZksX+R<*cR8>w{%4qWp~ zoC3z=Nm5&mZg%2i*Ju1gvJe+?U3OBuq^&7cu%iPvoc$?o>q+ES#((Iy>F(?tL#+F! zX6&bKWJSQQhS(w_FQClkBCK1H48C*Ho;o`RCHf1HrOxElL>4^3!I4{zH>&rGsMUYz zI$n!+pC0Yq)u;^G4ai$eEjZB(O3Qh0>XWmvqxJA&E>rWoA1dr9q-$p|rcMdXJ#z)m z!wD-gA>fOiI@uA&BO=yqm2Owy5|XsyeOAO9SR(=3we?HLy^NBY#TcjyZmgycO~lbl zxya?5%*1F!d5F+}g-%UY*El7%Y_{y;Nw-&AqH!U@ zk|$Q62(hGNHx`L2@Ue6CGO}`8lV9amzX&^~l57)_izKO?hTFO!DNMTX0Qm*Ii}2n9 z_IGs=HInYbY>Xd`D03v7kT?h|D+B4&H(r$sj{d`Btr`~|UY~_27!#qoUFUlzD8fsk z|50dQ?7k->$7(hN36bz5pBG_Vq4RXhaYM3xjPT*H;+SM_4Ndgf$JiGZd%H+Qx+9fs z*i^JF7IGb0VUd$Q`*Tigkfxl_AN({zOO7Lw13z=c@EER{Ln zVC5Kgosx+%K0JKS(aKB%wdp7r?l(HdZ)irsl*C_A&P;4Aq)my~Sf|p*87rF0D%a*2 z4|#ehJE$K@U_2WV<21Zak^;7-rc#er;ADR3hLw*wk4QD@Sh$V1Q_ran*|U=7~|Oy;tlphK*R0cADe##L3uY3nfE+xtAj}QwIuj)mjG(nqUj(ci3vx+c|PUj3Y;Bw z5~P(dRe7bFRBY+@x{r5a$HH(2&>%*H7*>(j1py~H<#{L?DdHf1j4fOj2$%Zbq=(-mALTLo$%o)#%sW>QX++2ymjxFUykJQS1AX@xrGJ%GQZdl`Wf( zH{rj{>z+0f*8`l_wNfj?EO5C~ai}XgN;mQiptri7ps<-)%En`X5)V8!oK{jpEeUM# zs0+GMgK364F+l@^`H1AG8>76+z-dI$YQva}gAz4i^(dJSl?XfyY)ZUUjlTU)l&7CemXl^F$EzRm_Lj!u$LJL> z-KCXdzDQvQPG!2H)TG}7tl5tUm3k=Pu^+-HVRySV+}ZX1|57Df%B? zm+4F`4}`78n6%d1>mp}loZCFRIKpAlxQCAVjZb36X|Jm&HB=BfyO1Zj5)*gR0KYqo$u#0@wPuQ$9XN*W+epo`IZIG4Y|~xWIL7G8LH^2*jgOGu^_rwl`VFjRr%=s6yC>E^N?&MtAaeF{xVXU4zztpSVUrmpXm8PqP^baoY^m@F3U@q_Ld?lRsNh5Q* zQh}z?cLh$7TyjNtZEm%ZB5qtF1)?vtTTXFsK1azU}5D3-G;S#hbidYb8v&8B5#Z8SKyuu%Z!A*@dG&KRmFHB<%nMmQc(MM77i8XowQ7~ae z#}-o%3Q(BJk1811=u?;~b_1HoZ<*b-F6;B4{Ts5;haqc0S~5q#v~bgpxiHj zGe7SwAXUfajsopmp&?cZ*%PBLrI9m)K)R9=eel$zN!8q94FmlNhwn!idj&&EEs>}~ zw-C#}pM#WLHhGq`Y<$Ck_NqpA&lmaOt7kN;q|O-%tK|>!c9%h#(A2RfqOi7vrxPE7Im4zZ<4&Jpk8)#Aee5c-;ny ze!!+3)oBk2mk+HsZ0Zf3dQiF+p;rLjJHn>nud5Mt-2mj{NcT~Un<|A~lSEyYxT+MX zHUZd<))HC_JS0k=aZhN8Oi(J)mQ%wg4`mE!#;!OP`TDEA9HAcO=s@ZiN@D5r)Z@VvZWNxK^x&``jbYu$hxf;3;Sh zd661Dib;1|PJ1NtMX=Hy*Nj;BDJbh|-)S&j+OHPp8?{O~h6$&%Vx0w^n3JCbv-*x*H4j_4-rk3*uwx{(p`p-Xrr|yMWz^4TXQSMrN7tTw13eVN>|Fd7_z~e z|K=!Y4+VWWR5M1z+zggUNOcDdHayi;dc8xdCy;k~HCWfE*q(esz}A-Rho*yn_~K*> z7mS=xP2Drt)O~=Sol+IFXQb(fEVUriV~49iV{O;eM>BK17=q&U7dpQ`mmSW~D;!Lx&3-FP=!md*gZc@> zG$D}3?#E&_&?mlB9$k~`;rdKhUe}sA+;hgbx0MY@CHZEX?MJ>TJv@52w?Pz3M@~BW z@9iRk<*+b7bp^hIjlgibz(8~OWIcSnJNJnKi_x>)HPr`YjowcUAvR^|iFnUeZatvT z`QT`Y%`diBIc`#TM&gOq|1$0x?ewQ`MdJ~w;)}r2=15^L;3U z?=ViOz(zc=S3s7_%>xg6*Xo`eZ$S05xV^7T+j-v*X6@|lw>bPr0;P&{t=FCk*5B4= zdS`@^R8N#Q#R2h`VmaqXv`&}gadMA88A+VHN>&t5<;Xa=6n%84l}%_I{lNIi;*p^p z(%-?(`Y*4`SG`E;Z}?;0bq6{E`%ymniIElXl@&`xDmR*1*>WA8UFxxgOfE3o-0J!! zJ*R++!Gm)>wRI3>YpUT5{nM-|@YNJ}6t0aYxwq%9)H35^gbsIMozdrE4(?%uh#KJY z{-B!hd6QWAFgF9ELLFpsbM_419BwvUiD>>H&5XKv_;&^He(`|4#;!sGv924b5I z=w&lI` z?SEg!z}3W7&C$T#-o#PHz{2)FonFOi;O^MRn7+U2FXIn?T#qspGxCpbeKq#7mZ&F&$OPuEg+<==JBBAr4H961dw!LnJnIw{dvI@6@9^L+>^1wn zc*;^kUEFiEyY=Ak<2L^_O2-8-L)|zY+QNIcjRyV`R5~Un3`XIYZoidbzj`u+#*TmE z;%$X~@^D0gbH8!$?)Q`5Q-bEI-sORB-p7IG_M2_Hs}p(8M9)&c1!(&!=<*WL_mY%z zAB?1u=GV5}tAOeyQst%$u5P!9%E{e+oH ze}q=Kucd7f%isFL!rt1J%Yo;TTtW4uS3F!{n(M4Q)O|)R8m~X&Ng-gP-*I zm@|! z1A+5gfD-#!cSNv*7yu#x&QQsJk;(|PkVSqj2ME0?e-%)|n&^*JsFgFX;@%NRjV|i5I z$*H?nopI8|Sf6;}=6BJSOB;6=hbM8bv{LxH5mmJKK z15pV(wXf!^Nq}y4cv`Wd7s{G4f+tTy>94S0>;jJiYOCaZZ4!}gcrRoV>M&OyQ9@l? zJXl_$30V0X*AF4WTd$Hr-uF0Zc7)%79@S6uZy87Es4{m9`Pm$(23g(-SS$adhno3F zF6>-RbukOVp%R1&4Kitk{k&~K(hHhNTRQ!iN>uop>E8$(l#mQ6lzmmEODM}SuC27>kB8(bHs)`8CdQE-3 zP*aSOW9(InJqp@WXptsiBGKPZvZ*%u>dx5OFuQ=_HS~i@H*Kl2o@#WGmX<{jjh4_@ zz3NaJm8D45ghNf0s>CbNFQ5K>el0gYwT&E_(rbqabarG@5(~B8mnK5u@$tI&v{v^_ zpN*5O4C9-G~J+*5PB7G%o1I}uGy`|8G4;8 z^C#~eOF71EEpqFiB~-P*3d5iU3d0PdYuQJsgTRV{=~%~@P!(%LEen%BFK2KnEE4Et z?eWa?&jU#9eTi__pck-m!_&yJ^oh{srL<0#imi@Tmlq``hO|PM8el|-FA_2ycCFs| zl2b*=T0`Iz;w@q9*>-jUkQm)!5BSXFgWwOk{aJ1V{O(5D72~b<5-dzwnKP&LDNqR> z_ZiugD_#-6v=q~95+bdj`KJ4VHX;s+>7mAuX@aQRCsdzR;de#bGull-iou(N68Rxr z)5ydltYFW)+`C{m=9&W!!=9Cjoo*-)Xg8H9MP|sDv-wn7QO?MebMJi0T2a}XjU1%$ zAnd5I?OA(mbrh9fulEG)>$v=|%ytfst@-wasf%Qrn3cmWgN_LW+>NC#+OJj(Xypz( zX!FLA$Z~gvtM9=c`6bmS1dDXF(5{qcrCK;j|SpZ1{M%v zT<<<7EaqQlTEeVeQl6EO+xO*U#XJ94Oy|Mbnj4*F1~%6wB$_2UMvnw0tDT&yp6Q+! zB#BQ%-E=m(C3=}lL=6Hqnm7{ESM(F=8wFU~4isdC=_ zK+hD@G9$RH6Ud#ao8o`m!NgPm`y08FojRIx$WnxVQEUZ)gqYP=wYs2@`rv4PH&Se0 zSGYA#70`ed+o0XpxD|S%XTIKVT|P=X+YCQJd~%3rypv#!Tn2 z1*>RiY$)_QP^;Jyy_(X9QCrr*Ue1X^esi}Yq#AL7aljjd(mwKv(FHNsVq5v+3nDKS zW`U(0Sz?wu-zS;_krtuyW2hllq$kx11a*ko&TI9;4H-)%>$m>l-KG2mT6j_&L)T7a)e`Y-M(e&jv2fr z7I`y!@6c$27>CG*wixAF1Uw|uO}FQ#N=YsXceK}OLoM~Cg!#pfRWpM|5ls7K^UUUv zsiZ&Fe3E!ML8z8WI9j{L(*Bu`fOqy{EBzPEPAZ=V)NeMstcblOws}T>RHLD7>@x|4 zt_QaAINz=Gl2@Bab%BW`Qir+i$yzgIn|aM?#8d^8zOZx%ttj3Tz=yjtpfnT{A2_O+ zaKkd~20QZ~)7DFCZIZQu5!Z30GbSl?Q|#M+Rg ziGh719lbLRvJ*378)i%hM$94*&9E8a18u_uvmV$TFK6}<%ya=dj2uEk0J@vOCR(*^ z#vnNWohKw3O1El{R8Bnf!Ji8Pl-_5cg;$NfaMy17?OPOz8n=0SlP6M$hZbJ2Ih%s# z>^fcKR$cBUUVAH=ce7XgvVEima@Cb>5@tJ)H{FJayo%k?I~ez(_UnHPb1zF* zR4$_c06ftA|K#NVnuw^@g!E2YZssFTKl)^P1QjIc1Gu0NZa@%KAchSKK_Ez&mL>p0 z;gskh2~13PKtoz;*;wdk($s2|)Uilzv82v}3=7zv)4cAvjkLM`_}J)q)f74Z-MY!AjZPKEB z*gC#Okc;}Daefr(o;-ryIX0f!HZ~Xyq#;l zg6(YU;)vZkSt|6x6}&#la@&}E)dXL(mBP|n|kju>kH1eG;w!$wetcVI9Es3m%dld zlzn1ErlCvXG}EO=2?a~`v$-9-N_x9#W zOA}iwdkd@GrS+9=Z*^yTbz^gVXL@;;OQ&DxF7{JsNLPbe>;2Qh0E4`iEoD&}9Js{uMrR2k{q<`KbA|%ckL?35|ofml`nw zTy!dBE{30G4xI&CDBpeyAHMHT+RV5Rc^U>(kfE+0*6bzVq+UvX}nU<4qIL?HjZDPF%RZR9Wk5g*9>UPdf#6Isr0h2JntwTn4I$DybZHzrKr zlRQ2|=?>3Zdv3gNR`+fNW~3NU``ejfwDaPW5+MhO#2wf)Mw$RJj7Sgidjr~wB_K51 z=nvwyl~NK-JUc+v_$ckk*&O{pS$=&{(2vHa6ngnvtA4C%3m&Wlfz^-81XyQyj&T z7jQToQ=SpfrzpUBzXd<8&m%?Qu?VKcf{GMLD680nj%`_!Z%E64RRha>5SRX~;SA7^&HSi_@T2H`IR-V(d{6Z`#`Q1KNI+I}@o%#{h z{)fEP00AGIM^uqaOOckfn|BAm*r}0NGX&M@Dl#A2{wq%`3-eJ-M4ur&ZD;41sGi3} zt-*s7FV2y%kT|ItiK@%oP}86v{Eeh%qhyTR$!)g8RhvG=b$+pp1*exBR)mDKMhO!n z&`eakn-cR>GxAz-+9%p{WxhPm50_5ppvW+6L@qdI!V=AGWGq&;95OIf;zttsEKh>i+E;LTN5lP6W_rr`5=<6UC z5(T5!Hhd2!TQ~^;I#aI8?RiW-eU-gaM$M<`bOYwyk#8{oAOaa z`fD^5wUHD{Ma2{vKARwvlS17(A9AWotUdpGbeh7!B`7%+upHEj4eocEh2H!%#mniu ziX50h374iGo&AVwH;MNGt*3T3-JvF(rlD%FON_LMu%9nfuHBSd2kcbPlxzKQ$4weN z8C%Vh52N8*q7T`3*>180E~gOu4`U}ZKR0JMG0<}F#S66G>XoWug!Cg~-y!kcRYs}O z!~0w1rmv65vw%b573{#T^bjy#ZJt4sTKE&Ji@r>TTN%k>xQf4{?6p2L?KM~=!pVF2 zMLMw+-YbHD{R+DKjm)Vra2Dc{Xoe|6RN}{ zif5!*##ao}Qzh6MjEc3T_#EjkLM8X@mfWIe(OpH5tDA}@&aQZ>pKE8p!y&qT=0i`y zKErVv%Vyu@fVuvn{~}mAtvhth=dsofbSY1?om#XeD332(#-!&R4d*`h5W!?5kv$EV z(-^3XL~zkFYsm<9R4umM_OlL2BVOJ!lj?gtapz?E08EiP4Q)Rij)$z{NDe)3UHvH~eoWSL`HZ-`BDz+(j zIpSI|`S1_K1kAhd9sF^<-{@pWzdbd}M?%EF@l3pf z;cEX5-oJBbRWB{Qyi=^dz@AB;O31qS6w*8WGIVqmG_WKL^keeY3-I-~vPg+z@r72$ z&e!hP-m7Z_$B0{}B>vu`d~dIcAiqR-N0pf!(_bZvRY7(RcQReg-{JUcZ>|#WW8ZQ4 z-er1+`#bQ}*+a-NnBDJA@$wDF3l+)+z%2zyl@!kfL14iJZ=&~RUxvgtF(JiM!wzL@ z`pJ^@k6hL7=hjj!VY9O~jvPrRv#~pl&HN2ac>e| zItQrk&_dat6Gc*h&GUH*YTR{Zl&_| zRZ7chj3w|rdn$GVPdZFJ^4ZR%^v*9KB#bS7-vV4s)496MWZCe7=inLSh z&1!-F#K3*hY_Ywfx)QAM=X8~1EO|ULeVWvQ*F_iW;xcK0uB#T!d{c?Ux@<*Zcx~lo zwI*I+bkg z$>&HT)+x-N$%Lr)94vZ4TJGQ2jG`uw$S4<&mJjda)oh_6N|S$Jj<<4;yPR(ug1R8b zUBqG%m7h_PvfZcTTXgVdc-je{LM$NB-(1FC&=WS9AMxyVmi9AA=GlCy2{Co!Ao#PV z8S|r(w(@6TB6*)pYAit;P0K-cmvr+|65%i+0SDx$N9D=nc=X^2e6s&@a3~KH%jd?dmT2zZD?J zi(U#=25sf9GB?XA^gA;x@`JQ7YRzR>>aL+29F+_9$IlTxeM>c3fCf?i4z-R(7wf03))+|Fxj%XPsz^Sk@k6o&tNSPQ+`@)x=|}0!{oBi z2RcH@?fN60leDE+bh}KscV0*w{B*@mD=Hqz#P%&?naPbj)_O-21x5Kr1HaPCsXL{5d0204yO}h4#Z%8= zjaFGuvl*AivkT*$ScRlb`Jh2Y-DKO{G59HVj4ZM;^iyOE>eO&M{`mC4D-D8t;Ac`W z0x0@tnlpt*zAMoJ*SE#gd>~r{xm0&hb>6w3Y$3Yy@QLp6*3dVS7}vsixU)Zdu3`Ax z*u8qG9ziXQcpj**vua&BbKo;RcMSs!(Wa{@tBz%bM0= zRn|v{dDTs)7QC$yid{?iiu)NthMp+} z)g9wtr5Gwlv*WxQ&UFcyLz}E1mMwXg99GZk0xqyQNj25?nkCCi7=E`XZF>1AX)(3u?h)Zad-?d%x^nN4jnf1K#I?XdjRMaHL+Z$k+~I%;DZ z@3^j@>2{(?^KsTH#AEiZ;`)%=PCr=q%PgTU5HiyxxH}IxF2Z`p1{GbOUMm4V&=RRx zj<5OF+K?I_$S9OmVhk#Zi4SP0=64AO(eBX4=AZiYc)VIcpzz2*Z;8DZKDvsic*tfUgff${|=`4&!pi6eXSaugGX3C>4;*H%=&md^-^ zP+^&Q<12#VEFD_G*a%aGn=`X{%el)GbT511`y0&1h|EbAH9v8Xo=R?w-)n)_lMuR-H>s`BMSJaa|d_re%|3 zq7&p~FP`kPFQ%+U`FM1M8L%aO;k%M_g=Ta)_6x$A7L!VuB3_x&;2P45nd0oHG%fMe zyS$kah_&hXTM%cMSt5_Cydd}URJ=j=lNa(dN+o8ymE{cA&=U1j##R(eMMV|eVG%-Z zU(S~eHzaoRU&BOvC?aH*aKz6Bak)boB{8bV-(W9M(|>HXr0$S014%d4)TF3yK!njj zR_X7u*e`wUxFF5=S`m`eP5ePy%*rMt$Xxgh0^?euC9t~^J%fQUXO5;Oe1ebdh@ogQ zlC2eRGIxQ6P}N+XlRvI$7qX%S(%wQ!bVWee7~#nyVX%7?djxXhPtfF84Kc3u(m8_a zrTKC86Z>biY%j{-8&7xX;7`2cmx$64-q{T?a-t}@+R%>)6%IWz2XkuG(Rr+A2Bqk8 z?A(scsxWY0D#BMFGO{+GU4u-Y52p1Tp@KB>_2g%TY21ne`=+Rmu9W2)_Pb2H$!;!K zxNF?l8*VAEU7OPE&(PH#DQCYOk{j;*p z-u*v8C~o8J;*u4d2o00vwn!n)h-Lgw(fC{RHTsze{YA2N?0|dn zJR=ITV!U99Du6iS{@UIrNGCSg>`xvv%4~(N_Z40eSNO8|^|C)mLwFbE#z`>pfyTtz zYuOToT)m3HH~s9jSnH6P;fBWpm2!t6gq$*~uEHCDD%b$yw7h1Le4riQS5D5IHO@5;d9|Y)%jIK}8!dV4+?^6)?TLtedtFg4$(Ro4kec8GB zP1j{Vl@?T^ERqA1+*z+rL`JYKS`j;^eq$bsd_N?Cey9AB_6?BQ)C)*$%KNiO0$E)L z69IdBLrXp2^Z==(wZ5*!b5nZONCM@4#UBpyr%IgLcTUrS$vtc zwnaOu=_*jH!2CW!Sae36$toN?wSTp4*C9WOFTCx%VJY!IjhHpBeV$738mIfVS|ATh zB(Gl6uQh{}RJX8H?z(!uLi}ElAqGjQwnfY-P>CF$T$3bCwxJ%+D@>_gtD+_W$wN%O zq!H!K%yJEDVOOHJ$O%_Z;pi9Xg}_8A^Z7>A54yxc=A`rFN)!zVo99!Y2(By@ zR&zslYoBGqG;aM`*Ooh-+L3>*woR_FCu(ja?=tf^S4uUr~6-ybXS;k4aS0`e`MB7lGZE9fBBcEVu&{6_r3zv8eRu#KbZ%;3Y$ zhuiU15d2;~aE^#`^yjubKDeJj(@eQ{xlx~Uk1avcOFmHo0WCX~jy1;dT3)*}0wHd2 zxkcgjkn3dz#qBKuyJGPU-%#b_CD~{O;SHa-KDh?5+Hlos>#C&>xgzfDMD2Rwks4eX za#b2qd3|yY5_FtPKwo`4!tLSj=oN3gihN?p*U>Y5baN6$unN0&>ynt$wmpD&cSS_t zCDrAt%0s(Ts5s3uqwrSFQOXB(o~18kc&M->1y+SKZW>iCpj;?oy z4hCwxVg$#IhQfS7C2rh&!5(a}&|$33U`#E^URap_b}R6Dz_<|obs`uJDyuXF2J!pK-U*bTJngi8Z9^4{(&uh2=pN@%llv z$k*WI%L{1rggTUWE7>cxJMdG2G}z4&HO=IN{LAD_#;^K9A-AzJtw*Q}DUB0NSzo6l z`GATJDohCr)i>ycE>4ghNm;7CYLj{$5BA8ep;csm)JTo8>G`$f(j!$dHM<)(LArOT z&xJ)yb)LF<3Z*X8p^nu7>kt;(kMv%Ipk!HPa(E!LjGKg^sjGz?2|bc;H~3H*+DRfc z44Z&S?DfHhMI5xwpSg)ov{iU>-DUbsz81?AjJ2HaC-FK)ULswv9kN$FJ;Yu#x{!Ra zHfS>9Dt#!(yb;ezAJl++?P2p|Pn*csWO>4da??hh1_fkQk4~Jx5|fdy!)r;cB_n(F z)oO1#f^L4XW~?e)4Y?{07;*9Ic3Y0XE2?rj)Jv5qr#1~Yi9hDL%WM(RyNL*i3t&Ha z4DH>kj=UnG%Af2>DzmK@Z^l-k`XZ@XSw#n|5%V(Z5w1lH8Q6`JGe%fi!FFO=^u4?r zV=}a93z}M9K0=9Fj!EFFIv{Pt5fVMiLVp(7a(^rGAp?Em!g6TqW}sYk1+>H!?8A$N z4^GOZpNSo3sw2!ouF?ZK?Kvop5r?hE^J3C*JVW`}sOEv>rI}ng8Ws2ozuU!6SOyJNZsbh0UR#U<{+hl=~>7y%xi1WHm zlgoT(w1|_LH>n)0z=vhl_t|i$$2pMW<>PY{j++Q}tG5okMPz*kd^Tyzob`O6w++&K z>;y&bZrwf0e4c%RA`N00>}{MwR@Y1wtlAvFt+>IP@NY!0?}3cj=<{&*keBM|=J~g^m;33#ts&UaSzE)a1yw zl>^yaX*Qp}e~&QDQ;pSrMc6O!vOp0<#Kg0~h(`pGRU_@zH2Q`#4wlt^uIux2UQd8(Wh@OT* ze9^_(Ugn@aLL;%{a(SeoII&eLkz7L-rY!XkNSSL1FCL>0#r-Vn4)P-O~} zFQ`i*8g#he+wrl7cZ;)6%bZ0oy6_j)@KxQ}YTO4KBmJpkwX7>E{VL>UGXypeTzoX1 z1tPSh5)fZN+N9xLgKYFZklT*YY1wrtYqo`k*NHy!Hx{#cRp+P!9z9)_>R@sog_MryK6B7TF@^1N~y1F=2&Ih3hA)_b(GQ3ym=>&@dA_AJdCSW+v3)+KZS zJCqL5?}~}X_ozxq*udUoGIo&1!Rf7t%=Yqe&L849M9D-!+*+-7Jc^y?V`oz9?_!H8 zbAcMUM+@K-GQ_1NYhbKH<`${u^ctA+NZ`OB^^7QrzFT)ViLF95I4M95OMa@_nLdMDU{M3-!)SX#Lm@g>$-LA69p??grZ6K-A>*D!6QVMNl7MI+J zc$E9fZX8U3mup|bb0p}J2qZj9%$6aCaN+)Twei6aZ zJi5BrSoDmNt{LauFy&zEPIdfz2ZBXF842f-Nkvj)-X6>ixpx{T(gEry2wbI+W^%6h zcVkuI%)rbN&S*ank5Y_(u03?2wYE2dK~PIpM=(fN@ITjA1 zO3r3ZziM@tY(IIjs7!U@H;+rOb2YFL4-)$JxE#CY2X{Gr2N%RW;6$W6Wt4qoNYvp` zbxn^7kIbFoN)^~%6`r9Kk~=|me*yV^e4a;M#C8Evb$394fUx~+eEu;xx0tS#!5@b} z6P46ua70lbAm_>$CA!HpaOJ?n7wsbDfn7eqbfl-GkaCjZ;+5f8$H=w&74sTyuKN-* z+LNVn1*OOz)o;LZ#iX)sCX*kspjhvXEEypE)JV5qJv+@Z>EdAx;0GdmHjDtt%CbMr1(MUs^uJ2UC#WPULUeyG!9sMNQ zqMFyRQyHuna&DN9$6>h6hWV$qxow%nPTdB751H zGc`QdIG0_LMkCTM^j@?8!F`5%czkG0%joKi^P?eK&-=>~A{urYR3}~tlaI07KRTVm z^CK@5Wk+T@P>mX^?J7QKP6z7`u#|8nH8f(PGSRe+G3O0Cw%_X+rNV;m8-k$v93s_1 zsT75Q@`9kG{bA5Hha%T63GY(Fv;rm|oJsQCURg3%7}XczF!t%kESG3Ic*B=Cmso@3KF)GMSHrTJh;OU9vgf-Y=0t|J8`zm-0l^)Td z!(>H2AXM>F*eh1JycumBH8_j;K+JsaTlWtB6tX zgL9vvtq#A$N2EI8F^aFK&Gf#9D1w%0DcoUjNlo--yK~^)z{4lNKY#WT7n%h1LR1Q^33g71rujB+ip{m{8_{+Ul z)Nl*)$vX-xGDBy!5OqwH*(RLUfeyI9*^ zs7B2nbG~#y@8l;zzH&t*JLP&B>1ZKzi|;#LWbyHD_Qw zf~^Wzq3(S9-|!oARE1Y{vC&bL56wH-mY^awYTdoRMlJZ1jn`h*h;iRx(QUab4ACmf zvnm8Xuk>i)+*R-Of-$D$b4NSpj1KGUbng{+%Ey$}`aUc7m_1UYCfATJ??Q;~0(7$) zb?ul%7MFHQPU=F{FkDHsBkVJnLI_+y*$1sLSDDNZT`jv&+J<% z7EY491BDW*T;LORv}%Y>wQw@#bC)JXXID1}_V8~M^jAXt-c=g$seDk=3Fl>`onBI6 zNM9mO5qra1c&@Ne7csn6r_V8=T4a0-z9?EYuNO76lf$@?kx~IxZo#D)`Q%GzPDTxL z&(t{H+!0RH90DoYM!^CeM?{Z}*7R&3$<%|x=LmC`jTfZOU2o%hQgjRCNLFJD%w76I zUliD@>y^8_%aZnCw)diUo>flbGzmx{sUjb|)OlAQz{Lx# zB*^aUF;(?=JoaSf1Fc$;;~MCW+zF8tRnwPFw;~-wZRUR4!E^@Jm8MMF7e_(E)+)xmwEH!m z;tc34xfyo)gd_O%^t!hX*3v0<3qq-C~kywQ$#r_rX~gB-r!NPzk((NTy&a1+;8?@jU}BK1(cMW>rtD-s0x3=FEZ!k_^pn zfA%JRSbAzY!@fP>w3yZu9LU?kE9-r0{-V%yH32I?@mZ=VUrv|nb4l3KlsrreqcQlm!xM zO9;pj57NuUSbrd-d=l_d(impY4eGNjOdPs^)(ZjrA%Q94LG!RZDbNKd0sLD=nFsLi zUEeyr<;yuRg*ik40ipW`t}pCjsPE`t{aX%;MCEI5)Ge$p(lzM|G~mAQ%7T-LLP=6= z>Mzxs>!5q%*htOUe1Ryvg$z>g^o)Z~G(>6z7`g9~8kEWxg{qPk{e#eJW)${9%iE7` z53|;bE?ieqN2Qb2kApoYcJ6owxNaA}0LPTOAn%m>9~*i+4L}Tj>7U1hk3bTluPX-3 zMeq}CxdR3aJV+y=H}rL9HlJgj+DP^f^q6#2yXD?JLd^QGZi~;`w=8pfOd8LP)?MW4 zl_rz9K3hxV5wtV$`M4R0cjDBZ`xV?e>cqt9F$5NUz_IY0Ynp2(st7WDjiUDUtg_4b zEK)~5dRFX-W8t$Nb_y3(vP}!j#tj^g`!R;`b#B-UguDn?T@P6LKn9W=Q+H>#?9Ntu zo9xy~=Px?m6AudB+NH0(b;JbocYNH$q_$`7OqeWF-Mk!X1Fn}MJl@Kk&e5?dPm!`r zJegdGJ^U=D(on=z&&M-4zpCiToJ>2*Sk;qN{*hdRA=1xCtwkxJYNnymV6WL=n1=!f zL!tO^&feeySh^g0T$?dHxdO8c!g*qu;Euq}(hRVRz`WGwGS+KYB0~9POXdlAn zwdK|4b!p{^WAmR@jSa@d!}GXl?bAjgns0-^u7hA>u{KJuI<9a9!{zA52W%PSkuWF* zF5J}>7$F=gz#?eBN9U)otIr$e+Kk8^-?lz$5zaF(qJm~}7n*&} z-yDQy*e29EB|7fR4A6Xu2dfF@~35tmGf2|+w)Ed+MA%_7TS_MZgsa z6E7vUHkFDjss;wUJD)?vS{u{%)1hmANA^n7yX2U3>BL{iUlI^%ba>7$Se) z(SzK|)BtPaGHKm2bYbf5JQ9N!4(}H?T1@7$Emx{?7j;X+ov1>>$~trpEdvt$BwP~F z9>fGUq!NSt@OG6ZLoHz%@+988cL@fACxJQa;f3JqH_vC5FQ&YL25!e-z?VH{ zR^kjME>P2l@ft_%T$9-HYL6i=W=%g&_BeU{41;Z;@_K{aBbDQ$lgAL=A7-G z!xisT-)J8zf7F3_=x3bJ&5G!xzIyyXxv32UoRksU-DS-sF3&@0VMXUDmRhW)MX!tC z%{5;r&b&M~VuM{YMk)Uo8e7$EZtccoT@uU_!g^D;^lTR)BDFt&wnT7gC$_4pMUSkk z<8vOb`p(RanLhViXc=wT0si6?EO*5e#h^%**Sck#lhG}E1eq64m;)>7>(waX>SlU8 zc~+%%hF9?cR-?*_`fsC~)E*fhZPi_vrkGsrLZmZloLPOs2`<}R=&f9le4hgC{ZU*p z%`Bt!*yC{Pj5Vh5lhU@=BZUr#-5tIkKRPE-4^KLFi9B-VPdsf3eb5}u^OiX` z={B;+d9SoMODJ&5#dEt=*Ev$#8GB)U`AOYmb$y{yFd&_-oMhR#PqJKjbSBnRNoM8Lqr#xpOE29eG-ujbTgM}843PmXO0$j@}kBr3a3k- z+EdFIJHzxC2t{Jv$Vp}uUjLgMF^*%VZTQ*#X^iXy#xKPCk;)~n(LSP2!dZ|Kr4Nmj z9uoyQRej8j-nTSPf^5wb-S4u&joujN zD6=VMz63!Nnw7WDlq9X6sv?qf$`V<~lvY&T&1+sgp%hk&^Qji+pthK!b%0`Zzi=*lG8+V4?m4-$ltKNtx zc|sjjtJJj+kj5^i!QbC%2siYOM4z4%>ynN_&aKC^&L0=4%p9sg1yQ&8L6If&IcIRc zY42V@H+G81l7cx|!xP<6Ev7@Q7lZc+4OlWB^Bf|OlFV-PxEa(v-Xt5Ms+ic8;v<%&drN6CzEq zcPCJ@MbzRM6L%j{MMMRoQ;`0NTKJX9uwH~-M8c}R&;?}m>^P+O4k2E#y%dia-;JA% znH~7pC)L66u|`GZOUCF+q5*g4%|Wg^@nF8eyV+3+?ool{1wt{)S9TweFbwj?=DY?9 z`E%<-?esTQmE$zeWso{#^qyqe#it0drnfwK;Vf?wnhhoKLGlrqUro}LUGrcYa8443KMXkgvCo}4ipaO^Il5+`gOw1-MSkrytS zSfq!^Pgxh|r{aCwdFnvHNH8HU-svOqs<5g3DQdsv%ZhHaC_%0EXeHKOtely58>q%S zW?G{D5y5^Aj=hd_TMoh+I7zpIAw+bhp;*xgKYU^u&J;%b5w}*jQKvG2&IfA!X6!oGM3Q0Pr=7N`4UQ0$3K|!#aj$|x6{MabIcPVm*DxH+;aww4pk3e$mlq-?3?Flx-Sgg< z^jxuU+#YP2xIs1&9M&n6CcQgm{u{9 zr8oSgx+EQj5l|&hJ2y%gnTYY*bMakz`x)_3ShkVK;BW<=JRwSS+ayid#sP&d=^m<} zZ_&ppgg!xm_LAZbBwS4Km>xkwJfYP!9OZk3yTmnD7}XtMcPTyfO6_REfh%Wearx6y zR&=yT7p7i3Q;7o-NOFEFlPdRymfkeXuq;Yn#@Vzmb58A=^8~Bx#ZJI7g#dbwmEiij z#Cks#KTqRQ6(D>OB0A6a$d6OPE@;;CQA>ftr-gW7d>YjD?#w9*xwI0C0Xkax&jyr- z54-OgVdoZ@Ps0jQody{sNSkSmODqdGgax=E*UaH)aX8Ro@SmqpMo`MMmo$fB?`3c@ zVcCzCqki64aY7O6D?m1@`l!kGq4 zc_1>N3ronaFBx6Oa6&gRP$tOl;9Xidl3;3u0l$ktm5rmST4h(a2iS+I_XH%J&tC{|HT@uh>N?{%!_B*L^nHo>143@Gs51q z8RlA|)d6o(EbnW(W&(cS02RVV8nj$9wc;=&+mZdn{G zJ}<6Q8DicGWJTs4$7CVpH1N^EP&jfb-$qB`bP|_^ZMuyvsF2nJj_DD5=d4h4B}OUb z%u=bT@76wyw?vq(36Y?{M&lY?La{fCbYU%vOw-6=Xy$O4gbz@KDaOAOX%T+A1!;7_ zXwKf?c=T38mL!S^dxLO~h<96$t(+D~;k0H)c)S2hb;Ll!!$R}D<4OX=do_URj-WIUWr1} z3<`b8wwPVMC^`PCcE11{br}kBh?E2Puq0I|i9*V1$%$BW9_2@OYs=4~5iJ!i|qzz5E zg3|yd70wK!)miF^0vd@74)HnGO-%35^Ar>s%veooqL$lb(k`O`skM)hY$&rr`W3-^Mx`6UY2zR#b8yFOJvjKudWt5ZNGd{uVmNa zXn0s*(oz$yh}QtJk*BxAt4Kc^sOA(JZ^{o;EzmVjXt!zGkMxr=_q4CBafq&^=8WnK zOJA@kIFhFYd;A2Q!(nVfRpWqZ{7lO8(A8PufK|%zQ^nFvWUp_27`HSM>iY+(B9FY3 zfv^Gxi;Eod8@6F}XD%EFuRcqwnQO%n{=7NS#VL_%?REpg47bnNcr&|}}ujd$-{Ty6{@`Q+*FhBcyyrNy*2aeMtGv<5Y^ugFJ zzO|$vU~w|Vv@c|hOZ=$5%UUUUx|DV(BA_4T{}?wOx>LP@SXCwO#(|}`dfw+KCuT=T zLmtug9Fm*tV<7y*lT&0{^LA||$1HKxIsKO$X1zTy_KoHUi`2RZI+t^tHnL->)4eiNBt6{nskU%DRv~4Gw*NGMLCk15l{nfn*8;s#unr+0X z9@-Tz2VPg8idhswA6hppB>I&G8T-nkGCbzD7^@ZrPd)|VVsWpJBOS;QifnmVYZH1u z6Zxs0L#8`4IgUN1?u!*CouLyECG`T&rxf-(WE>Lld+>9DVnkU9P%u<*AiW9j+ydhM z^5wT5!0PaC4-&|Mz}K&TOm@B%g95n$imm3-Xqf~5!58=dXF&gW@_i|Q?|&4N5|9=b z5tdh=lM?xc00P4E12M48_S^H7xEJ^iOsjx)`Bv2*OMK(}T4MXR5nrDv2)~Bn{H!L#-{Hvq6zBIT;m`1>zQc?8M|gjP3jIlA*FWeO$YA^1^Htt= z0PY{H^!GwC{$BPMWkCS982?cC@2A0kmifoJeY3)^byN6X;D1xW_p|IjbN*;S-`iXh z!1*-->t`ikzf;2EZzX<<+4@<*C*KtW2R35pU`&4o zqi8;;#u%&#Z|62p|hG2 z3MTbgTPWbA(Gys8|6UR%r2moPM@ha~327;vNg1FTU!Xfw{7zx9K=P`8?V^9_L%+5k ztqE|Q;nz3TKTGJOvA657j>#tzqYsJGPAV5H(fsyI! z4(0DpzHc?jU%1Qf#v};X5fCSZ&6@a}EzTeS- z-}$~$!0na);g7!)eDwqYy{{Dd4no$JmOyNWq^Xr5utDks4CVig%oPvhz7uGdC-5L3 z;@^>F1EHS(hzz*m{kO@&Kd1d5c=}cz@E>D9&hKUH2RiVd(*B7=z|Ppw61Z4i*hSya z=GzAFj|#0*>Malh$XWqsW&ch_C!hiUDcRpBGE8IKM+`6vP&g0}mhVVVfIjG-lF0l- z41+dk+G+q96cFWWn9uJ|zHd3_KWC8DwX+8zw;BK1_D)2uZ*>4Q6$2y4_vTQ;^{+Vu zi~zF}F}1UIkayJkt=ayXwtA3Pvj#8)2EgP6ewPdQo$u=kSjRtA-fyD)Li?*C?f;r? zU~_7Y7%=*9!02CmM;9jeujvF0jjZhq|B;x|;F;n&fS5vnohW?Aiz@oBd4+WC4S_uV zhF12b4yI0q@<0r}l`)`Y8(kn6;`d$AA6=o|aV2CF=~){ zxxXs zdFod$3RnLhDgRbX&pX4HEr6Ifz`**w=jLkukDR|+@?V<~v5@X`F+jHnc+mIF*{bt@ zqWe4Dwh(HdJ^_fC0Al{{nsZeDUlaeWR>@!CUwi=AjDh~}>q`FbPrfgg(Z6O>v@-t} zjykS8E}#j#1`q*nci)d=VW$6<`mfut`SwMEAm9~n0L%9b&w$m8pSt8PiZl3aDET_O z`D=zs#38(GKz+JEV*x|sA5XsTnBTu;_|@nCnup3rdN~MiI96c96#IkatHZ$t{T+{; zwV9#5!~ZgO3Phic4hC4s0anrPSTBSBhV{n);6G{dZ>Be{4ZOAG0NFM0Vfv1AGxR5< z&kc=q9W5N5|8cSUf17yBohfwC0Zld!^j-4b;je}LEBqft1T^g8D&Xi~0?ZRl_5b_G zh?0FDvhmd_fz=0w?<(LO`EM%l*Ov0*74*Lo9P0Z&;ZXkd_#n^&{TRyoBf*a$g5L;~j{ctD`+&heWB=9e`8Vw3tN&OY(EmT} urT>}wuNLyZQ3r#7{{LDW0c!khSzlHH0+_G?%iF*|4PXJr;p \(.*\)$'` - if expr "$link" : '/.*' > /dev/null; then - PRG="$link" - else - PRG="`dirname "$PRG"`/$link" - fi - done - - saveddir=`pwd` - - M2_HOME=`dirname "$PRG"`/.. - - # make it fully qualified - M2_HOME=`cd "$M2_HOME" && pwd` - - cd "$saveddir" - # echo Using m2 at $M2_HOME -fi - -# For Cygwin, ensure paths are in UNIX format before anything is touched -if $cygwin ; then - [ -n "$M2_HOME" ] && - M2_HOME=`cygpath --unix "$M2_HOME"` - [ -n "$JAVA_HOME" ] && - JAVA_HOME=`cygpath --unix "$JAVA_HOME"` - [ -n "$CLASSPATH" ] && - CLASSPATH=`cygpath --path --unix "$CLASSPATH"` -fi - -# For Migwn, ensure paths are in UNIX format before anything is touched -if $mingw ; then - [ -n "$M2_HOME" ] && - M2_HOME="`(cd "$M2_HOME"; pwd)`" - [ -n "$JAVA_HOME" ] && - JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" - # TODO classpath? -fi - -if [ -z "$JAVA_HOME" ]; then - javaExecutable="`which javac`" - if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then - # readlink(1) is not available as standard on Solaris 10. - readLink=`which readlink` - if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then - if $darwin ; then - javaHome="`dirname \"$javaExecutable\"`" - javaExecutable="`cd \"$javaHome\" && pwd -P`/javac" - else - javaExecutable="`readlink -f \"$javaExecutable\"`" - fi - javaHome="`dirname \"$javaExecutable\"`" - javaHome=`expr "$javaHome" : '\(.*\)/bin'` - JAVA_HOME="$javaHome" - export JAVA_HOME - fi - fi -fi - -if [ -z "$JAVACMD" ] ; then - if [ -n "$JAVA_HOME" ] ; then - if [ -x "$JAVA_HOME/jre/sh/java" ] ; then - # IBM's JDK on AIX uses strange locations for the executables - JAVACMD="$JAVA_HOME/jre/sh/java" - else - JAVACMD="$JAVA_HOME/bin/java" - fi - else - JAVACMD="`which java`" - fi -fi - -if [ ! -x "$JAVACMD" ] ; then - echo "Error: JAVA_HOME is not defined correctly." >&2 - echo " We cannot execute $JAVACMD" >&2 - exit 1 -fi - -if [ -z "$JAVA_HOME" ] ; then - echo "Warning: JAVA_HOME environment variable is not set." -fi - -CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher - -# For Cygwin, switch paths to Windows format before running java -if $cygwin; then - [ -n "$M2_HOME" ] && - M2_HOME=`cygpath --path --windows "$M2_HOME"` - [ -n "$JAVA_HOME" ] && - JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"` - [ -n "$CLASSPATH" ] && - CLASSPATH=`cygpath --path --windows "$CLASSPATH"` -fi - -# traverses directory structure from process work directory to filesystem root -# first directory with .mvn subdirectory is considered project base directory -find_maven_basedir() { - local basedir=$(pwd) - local wdir=$(pwd) - while [ "$wdir" != '/' ] ; do - wdir=$(cd "$wdir/.."; pwd) - if [ -d "$wdir"/.mvn ] ; then - basedir=$wdir - break - fi - done - echo "${basedir}" -} - -# concatenates all lines of a file -concat_lines() { - if [ -f "$1" ]; then - echo "$(tr -s '\n' ' ' < "$1")" - fi -} - -export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-$(find_maven_basedir)} -MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS" - -# Provide a "standardized" way to retrieve the CLI args that will -# work with both Windows and non-Windows executions. -MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@" -export MAVEN_CMD_LINE_ARGS - -WRAPPER_LAUNCHER="org.apache.maven.wrapper.MavenWrapperMain" - -exec "$JAVACMD" \ - $MAVEN_OPTS \ - "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ - -classpath \ -"$MAVEN_PROJECTBASEDIR/maven/maven-wrapper.jar" \ - ${WRAPPER_LAUNCHER} "$@" diff --git a/cas/cas-server/mvnw.bat b/cas/cas-server/mvnw.bat deleted file mode 100644 index d391151aa7..0000000000 --- a/cas/cas-server/mvnw.bat +++ /dev/null @@ -1,174 +0,0 @@ -@REM ---------------------------------------------------------------------------- -@REM Licensed to the Apache Software Foundation (ASF) under one -@REM or more contributor license agreements. See the NOTICE file -@REM distributed with this work for additional information -@REM regarding copyright ownership. The ASF licenses this file -@REM to you under the Apache License, Version 2.0 (the -@REM "License"); you may not use this file except in compliance -@REM with the License. You may obtain a copy of the License at -@REM -@REM http://www.apache.org/licenses/LICENSE-2.0 -@REM -@REM Unless required by applicable law or agreed to in writing, -@REM software distributed under the License is distributed on an -@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -@REM KIND, either express or implied. See the License for the -@REM specific language governing permissions and limitations -@REM under the License. -@REM ---------------------------------------------------------------------------- - -@REM ---------------------------------------------------------------------------- -@REM Maven2 Start Up Batch script -@REM -@REM Required ENV vars: -@REM JAVA_HOME - location of a JDK home dir -@REM -@REM Optional ENV vars -@REM M2_HOME - location of maven2's installed home dir -@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands -@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending -@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven -@REM e.g. to debug Maven itself, use -@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 -@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files -@REM ---------------------------------------------------------------------------- - -@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on' -@echo off -@REM enable echoing my setting MAVEN_BATCH_ECHO to 'on' -@if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO% - -@REM set %HOME% to equivalent of $HOME -if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%") - -@REM Execute a user defined script before this one -if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre -@REM check for pre script, once with legacy .bat ending and once with .cmd ending -if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat" -if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd" -:skipRcPre - -@setlocal - -set ERROR_CODE=0 - -@REM To isolate internal variables from possible post scripts, we use another setlocal -@setlocal - -@REM ==== START VALIDATION ==== -if not "%JAVA_HOME%" == "" goto OkJHome - -echo. -echo Error: JAVA_HOME not found in your environment. >&2 -echo Please set the JAVA_HOME variable in your environment to match the >&2 -echo location of your Java installation. >&2 -echo. -goto error - -:OkJHome -if exist "%JAVA_HOME%\bin\java.exe" goto chkMHome - -echo. -echo Error: JAVA_HOME is set to an invalid directory. >&2 -echo JAVA_HOME = "%JAVA_HOME%" >&2 -echo Please set the JAVA_HOME variable in your environment to match the >&2 -echo location of your Java installation. >&2 -echo. -goto error - -:chkMHome -if not "%M2_HOME%"=="" goto valMHome - -SET "M2_HOME=%~dp0.." -if not "%M2_HOME%"=="" goto valMHome - -echo. -echo Error: M2_HOME not found in your environment. >&2 -echo Please set the M2_HOME variable in your environment to match the >&2 -echo location of the Maven installation. >&2 -echo. -goto error - -:valMHome - -:stripMHome -if not "_%M2_HOME:~-1%"=="_\" goto checkMCmd -set "M2_HOME=%M2_HOME:~0,-1%" -goto stripMHome - -:checkMCmd -if exist "%M2_HOME%\bin\mvn.cmd" goto init - -echo. -echo Error: M2_HOME is set to an invalid directory. >&2 -echo M2_HOME = "%M2_HOME%" >&2 -echo Please set the M2_HOME variable in your environment to match the >&2 -echo location of the Maven installation >&2 -echo. -goto error -@REM ==== END VALIDATION ==== - -:init - -set MAVEN_CMD_LINE_ARGS=%* - -@REM Find the project base dir, i.e. the directory that contains the folder ".mvn". -@REM Fallback to current working directory if not found. - -set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR% -IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir - -set EXEC_DIR=%CD% -set WDIR=%EXEC_DIR% -:findBaseDir -IF EXIST "%WDIR%"\.mvn goto baseDirFound -cd .. -IF "%WDIR%"=="%CD%" goto baseDirNotFound -set WDIR=%CD% -goto findBaseDir - -:baseDirFound -set MAVEN_PROJECTBASEDIR=%WDIR% -cd "%EXEC_DIR%" -goto endDetectBaseDir - -:baseDirNotFound -set MAVEN_PROJECTBASEDIR=%EXEC_DIR% -cd "%EXEC_DIR%" - -:endDetectBaseDir - -IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig - -@setlocal EnableExtensions EnableDelayedExpansion -for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a -@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS% - -:endReadAdditionalConfig - -SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe" -set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\maven\maven-wrapper.jar" -set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain -%MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% %WRAPPER_LAUNCHER% %MAVEN_CMD_LINE_ARGS% - -if ERRORLEVEL 1 goto error -goto end - -:error -set ERROR_CODE=1 - -:end -@endlocal & set ERROR_CODE=%ERROR_CODE% - -if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost -@REM check for post script, once with legacy .bat ending and once with .cmd ending -if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat" -if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd" -:skipRcPost - -@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on' -if "%MAVEN_BATCH_PAUSE%" == "on" pause - -if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE% - -exit /B %ERROR_CODE% diff --git a/cas/cas-server/pom.xml b/cas/cas-server/pom.xml index abcf251667..e69de29bb2 100644 --- a/cas/cas-server/pom.xml +++ b/cas/cas-server/pom.xml @@ -1,208 +0,0 @@ - - - 4.0.0 - cas-server - 1.0 - cas-server - war - - - com.baeldung - parent-boot-1 - 0.0.1-SNAPSHOT - ../../parent-boot-1 - - - - - org.apereo.cas - cas-server-support-json-service-registry - ${cas.version} - - - org.apereo.cas - cas-server-support-jdbc - ${cas.version} - - - org.apereo.cas - cas-server-support-jdbc-drivers - ${cas.version} - - - - - - - com.rimerosolutions.maven.plugins - wrapper-maven-plugin - ${wrapper-maven-plugin.version} - - true - MD5 - - - - org.springframework.boot - spring-boot-maven-plugin - - ${mainClassName} - true - ${isExecutable} - WAR - - - - - repackage - - - - - - org.apache.maven.plugins - maven-war-plugin - ${maven-war-plugin.version} - - cas - false - false - - false - ${manifestFileToUse} - - - - org.apereo.cas - cas-server-webapp${app.server} - - - - - - cas - - - - - - true - - default - - - org.apereo.cas - cas-server-webapp${app.server} - ${cas.version} - war - runtime - - - - - - - - false - - exec - - org.apereo.cas.web.CasWebApplication - true - - - - - - com.soebes.maven.plugins - echo-maven-plugin - ${echo-maven-plugin.version} - - - prepare-package - - echo - - - - - - Executable profile to make the generated CAS web application executable. - - - - - - - - - - false - - bootiful - - -tomcat - false - - - - org.apereo.cas - cas-server-webapp${app.server} - ${cas.version} - war - runtime - - - - - - - false - - pgp - - - - com.github.s4u.plugins - pgpverify-maven-plugin - ${pgpverify-maven-plugin.version} - - - - check - - - - - hkp://pool.sks-keyservers.net - ${settings.localRepository}/pgpkeys-cache - test - true - false - - - - - - - - - 5.3.3 - - -tomcat - - org.springframework.boot.loader.WarLauncher - false - ${project.build.directory}/war/work/org.apereo.cas/cas-server-webapp${app.server}/META-INF/MANIFEST.MF - - 0.0.4 - 2.6 - - 0.3.0 - 1.1.0 - - - diff --git a/cas/cas-server/settings.gradle b/cas/cas-server/settings.gradle new file mode 100644 index 0000000000..3ad50900ea --- /dev/null +++ b/cas/cas-server/settings.gradle @@ -0,0 +1 @@ +rootProject.name='cas' \ No newline at end of file diff --git a/cas/cas-server/src/main/jib/docker/entrypoint.sh b/cas/cas-server/src/main/jib/docker/entrypoint.sh new file mode 100755 index 0000000000..a3a0895b04 --- /dev/null +++ b/cas/cas-server/src/main/jib/docker/entrypoint.sh @@ -0,0 +1,22 @@ +#!/bin/sh + +#echo -e "\nChecking java..." +#java -version + +#echo -e "\nCreating CAS configuration directories..." +mkdir -p /etc/cas/config +mkdir -p /etc/cas/services + +#echo "Listing provided CAS docker artifacts..." +#ls -R docker/cas + +#echo -e "\nMoving CAS configuration artifacts..." +mv docker/cas/thekeystore /etc/cas 2>/dev/null +mv docker/cas/config/*.* /etc/cas/config 2>/dev/null +mv docker/cas/services/*.* /etc/cas/services 2>/dev/null + +#echo -e "\nListing CAS configuration under /etc/cas..." +#ls -R /etc/cas + +echo -e "\nRunning CAS..." +exec java -Xms512m -Xmx2048M -XX:+TieredCompilation -XX:TieredStopAtLevel=1 -jar docker/cas/war/cas.war diff --git a/cas/cas-server/src/main/resources/application.properties b/cas/cas-server/src/main/resources/application.properties index 7735fcabdc..185532f943 100644 --- a/cas/cas-server/src/main/resources/application.properties +++ b/cas/cas-server/src/main/resources/application.properties @@ -1,134 +1,4 @@ -## -# CAS Server Context Configuration -# -server.context-path=/cas -server.port=6443 - +server.port=8443 +spring.main.allow-bean-definition-overriding=true server.ssl.key-store=classpath:/etc/cas/thekeystore -server.ssl.key-store-password=changeit -server.ssl.key-password=changeit -# server.ssl.ciphers= -# server.ssl.client-auth= -# server.ssl.enabled= -# server.ssl.key-alias= -# server.ssl.key-store-provider= -# server.ssl.key-store-type= -# server.ssl.protocol= -# server.ssl.trust-store= -# server.ssl.trust-store-password= -# server.ssl.trust-store-provider= -# server.ssl.trust-store-type= - -server.max-http-header-size=2097152 -server.use-forward-headers=true -server.connection-timeout=20000 -server.error.include-stacktrace=NEVER - -server.tomcat.max-http-post-size=2097152 -server.tomcat.basedir=build/tomcat -server.tomcat.accesslog.enabled=true -server.tomcat.accesslog.pattern=%t %a "%r" %s (%D ms) -server.tomcat.accesslog.suffix=.log -server.tomcat.max-threads=10 -server.tomcat.port-header=X-Forwarded-Port -server.tomcat.protocol-header=X-Forwarded-Proto -server.tomcat.protocol-header-https-value=https -server.tomcat.remote-ip-header=X-FORWARDED-FOR -server.tomcat.uri-encoding=UTF-8 - -spring.http.encoding.charset=UTF-8 -spring.http.encoding.enabled=true -spring.http.encoding.force=true - -## -#CAS CONFIG LOCATION -# -standalone.config=classpath:/etc/cas/config - - -## -# CAS Cloud Bus Configuration -# -spring.cloud.bus.enabled=false -# spring.cloud.bus.refresh.enabled=true -# spring.cloud.bus.env.enabled=true -# spring.cloud.bus.destination=CasCloudBus -# spring.cloud.bus.ack.enabled=true - -endpoints.enabled=false -endpoints.sensitive=true - -endpoints.restart.enabled=false -endpoints.shutdown.enabled=false - -management.security.enabled=true -management.security.roles=ACTUATOR,ADMIN -management.security.sessions=if_required -management.context-path=/status -management.add-application-context-header=false - -security.basic.authorize-mode=role -security.basic.enabled=false -security.basic.path=/cas/status/** - -## -# CAS Web Application Session Configuration -# -server.session.timeout=300 -server.session.cookie.http-only=true -server.session.tracking-modes=COOKIE - -## -# CAS Thymeleaf View Configuration -# -spring.thymeleaf.encoding=UTF-8 -spring.thymeleaf.cache=true -spring.thymeleaf.mode=HTML -## -# CAS Log4j Configuration -# -# logging.config=file:/etc/cas/log4j2.xml - -server.context-parameters.isLog4jAutoInitializationDisabled=true - -## -# CAS AspectJ Configuration -# -spring.aop.auto=true -spring.aop.proxy-target-class=true - -## -# CAS Authentication Credentials -# -#cas.authn.accept.users=casuser::Mellon -cas.authn.accept.users= -cas.authn.accept.name= - -#CAS Database Authentication Property -cas.authn.jdbc.query[0].sql=SELECT * FROM users WHERE email = ? -cas.authn.jdbc.query[0].url=jdbc:mysql://127.0.0.1:3306/test?useUnicode=true&useJDBCCompliantTimezoneShift=true&useLegacyDatetimeCode=false&serverTimezone=UTC -cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQLDialect -cas.authn.jdbc.query[0].user=root -cas.authn.jdbc.query[0].password=1234 -cas.authn.jdbc.query[0].ddlAuto=none -#cas.authn.jdbc.query[0].driverClass=com.mysql.jdbc.Driver -cas.authn.jdbc.query[0].driverClass=com.mysql.cj.jdbc.Driver -cas.authn.jdbc.query[0].fieldPassword=password -cas.authn.jdbc.query[0].passwordEncoder.type=NONE - - -## -# CAS Delegated Authentication -# -cas.authn.pac4j.bitbucket.clientName=Bitbucket -cas.authn.pac4j.dropbox.clientName=Dropbox -cas.authn.pac4j.facebook.clientName=Facebook -cas.authn.pac4j.foursquare.clientName=Foursquare -cas.authn.pac4j.github.clientName=Github -cas.authn.pac4j.google.clientName=Google -cas.authn.pac4j.linkedIn.clientName=LinkedIn -cas.authn.pac4j.paypal.clientName=PayPal -cas.authn.pac4j.twitter.clientName=Twitter -cas.authn.pac4j.yahoo.clientName=Yahoo -cas.authn.pac4j.windowsLive.clientName=Windows Live -cas.authn.pac4j.wordpress.clientName=WordPress +server.ssl.key-store-password=changeit \ No newline at end of file diff --git a/cas/cas-server/src/main/resources/cas.properties b/cas/cas-server/src/main/resources/cas.properties deleted file mode 100644 index e39d68f312..0000000000 --- a/cas/cas-server/src/main/resources/cas.properties +++ /dev/null @@ -1,9 +0,0 @@ -cas.server.name: https://localhost:6443 -cas.server.prefix: https://localhost:643/cas - -cas.adminPagesSecurity.ip=127\.0\.0\.1 - -logging.config: file:/etc/cas/config/log4j2.xml - -cas.serviceRegistry.initFromJson=true -cas.serviceRegistry.config.location=classpath:/services \ No newline at end of file diff --git a/cas/cas-server/src/main/resources/create_test_db_and_users_tbl.sql b/cas/cas-server/src/main/resources/create_test_db_and_users_tbl.sql index 79a4a48a82..104b515813 100644 --- a/cas/cas-server/src/main/resources/create_test_db_and_users_tbl.sql +++ b/cas/cas-server/src/main/resources/create_test_db_and_users_tbl.sql @@ -4,13 +4,13 @@ USE `test`; -- Dumping structure for table test.users CREATE TABLE IF NOT EXISTS `users` ( - `id` int(11) NOT NULL AUTO_INCREMENT, - `email` varchar(50) DEFAULT NULL, - `password` text DEFAULT NULL, - PRIMARY KEY (`id`) -) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1; + `id` int(11) NOT NULL AUTO_INCREMENT, + `email` varchar(50) DEFAULT NULL, + `password` text DEFAULT NULL, + PRIMARY KEY (`id`) + ) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1; /*!40000 ALTER TABLE `users` DISABLE KEYS */; INSERT INTO `users` (`id`, `email`, `password`) VALUES - (1, 'test@test.com', 'Mellon'); + (1, 'test@test.com', 'Mellon'); /*!40000 ALTER TABLE `users` ENABLE KEYS */; \ No newline at end of file diff --git a/cas/cas-server/src/main/resources/etc/cas/config/application.yml b/cas/cas-server/src/main/resources/etc/cas/config/application.yml deleted file mode 100644 index be1f7c3edd..0000000000 --- a/cas/cas-server/src/main/resources/etc/cas/config/application.yml +++ /dev/null @@ -1,2 +0,0 @@ -info: - description: CAS Configuration \ No newline at end of file diff --git a/cas/cas-server/src/main/resources/etc/cas/config/cas.properties b/cas/cas-server/src/main/resources/etc/cas/config/cas.properties index 47a1477308..dda939bc1d 100644 --- a/cas/cas-server/src/main/resources/etc/cas/config/cas.properties +++ b/cas/cas-server/src/main/resources/etc/cas/config/cas.properties @@ -1,7 +1,15 @@ -cas.server.name: https://cas.example.org:8443 -cas.server.prefix: https://cas.example.org:8443/cas +cas.serviceRegistry.initFromJson=true +cas.serviceRegistry.json.location=classpath:/etc/cas/services -cas.adminPagesSecurity.ip=127\.0\.0\.1 -logging.config: file:/etc/cas/config/log4j2.xml -# cas.serviceRegistry.config.location: classpath:/services +cas.authn.accept.users= + +cas.authn.jdbc.query[0].sql=SELECT * FROM users WHERE email = ? +cas.authn.jdbc.query[0].url=jdbc:mysql://127.0.0.1:3306/test?useUnicode=true&useJDBCCompliantTimezoneShift=true&useLegacyDatetimeCode=false&serverTimezone=UTC +cas.authn.jdbc.query[0].dialect=org.hibernate.dialect.MySQLDialect +cas.authn.jdbc.query[0].user=root +cas.authn.jdbc.query[0].password=smattroot +cas.authn.jdbc.query[0].ddlAuto=none +cas.authn.jdbc.query[0].driverClass=com.mysql.cj.jdbc.Driver +cas.authn.jdbc.query[0].fieldPassword=password +cas.authn.jdbc.query[0].passwordEncoder.type=NONE \ No newline at end of file diff --git a/cas/cas-server/src/main/resources/etc/cas/config/log4j2.xml b/cas/cas-server/src/main/resources/etc/cas/config/log4j2.xml deleted file mode 100644 index e688cc0350..0000000000 --- a/cas/cas-server/src/main/resources/etc/cas/config/log4j2.xml +++ /dev/null @@ -1,117 +0,0 @@ - - - - - - . - - warn - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/cas/cas-server/src/main/resources/etc/cas/services/casSecuredApp-8900.json b/cas/cas-server/src/main/resources/etc/cas/services/casSecuredApp-8900.json new file mode 100644 index 0000000000..5d468945ff --- /dev/null +++ b/cas/cas-server/src/main/resources/etc/cas/services/casSecuredApp-8900.json @@ -0,0 +1,8 @@ +{ + "@class" : "org.apereo.cas.services.RegexRegisteredService", + "serviceId" : "http://cas-client:8900/login/cas", + "name" : "casSecuredApp", + "id" : 8900, + "logoutType" : "BACK_CHANNEL", + "logoutUrl" : "http://cas-client:8900/exit/cas" +} \ No newline at end of file diff --git a/cas/cas-server/src/main/resources/etc/cas/thekeystore b/cas/cas-server/src/main/resources/etc/cas/thekeystore index 77bf895249a044c3320c6dd79003dd108c369c3b..a361bf03f9f77a8356cd0f5369f29e6965aa8cee 100644 GIT binary patch delta 1998 zcmV;<2Qm245z7&O{_Xzl00002000010000100U!Ta{vGVaH)mM2LJ#C0x*IE{xA*( z3M&Qy1OX}n5di@O00e>r>JTevl?8iHU**OQuXwP_equ#0yJWpYt6vAcu(G-#DdgT(@6f9j_Di@G1{c9Ud@9nzJB*274?7O9+;%L(aiLju)5vjga{5 zPOP~&?DHXiJd_gi?ALS)VY*u;NRKvdviqjbkaNggdvzj-MA?c^j9o6y^fE3oq8}Sb zZI0mI*SBFh>@)<_z4$}F?- z^8*D{=2I|FpyW?udqvC!ik%1ua_d5fiI_CHsi0@FNdF+;u=*in6%l|1A-I z=-IGehUETa(&YU9>rV_RsDTeFqm_Rg*n>zM@wYo1H2gZ>{0}kj^hd0v+}|(thG{%z z(v?lLttAHYf_CXPuio?*|A^8(In@j2Ei7mZ^V1TXiZ0(Zv^Ilgn~LTwX%xh92=*YOf(Ou{37~S@`EmZ z2>8Li;;Fgsovy6GfPQSnV#VIXS7h56Rz|UL5eUjLJ zVLI1It2X+OT#`}^(hPIr`!i@$;69oAb_BDn85fy43f0Q~AcQkjWhtey9+F8J!Q$)< zmg-a>BaDRFqO1DJi{5k=e7Fj@%y1kv-H7|V{&T<4>D>1?7{nZ`*w6l1a9ukAgq^(g z;~4gJQ$7xAN0Lx;jgKJnj0-a3`u)X!cYPtgDWtHDK{nh^=XIOO(WZI!p+X!^k$FKGR)lo@l+P|ux|@<#GpY$2zUS%_`X*D@kXMX<#MVMD zgzT=T+I@%#GGPh9`9eQ4z|{08>?phxzw3%sG9}qbbl;Z-B5P&?Rr-eGEq)yHYlBpWiB2U4Kgq=GcYwUH!wFfI9eACGB7YUFf%YWFgGaxvS4Sh$bEVOeD%a%LMr91t? z-7Bq;j4-_8*9IgocN7HtwC|-T8NoI8ylPGS@OAFgUEDzM0cEpo?ljd)CHs0gQV&@S zZB`M?g4go0KuR7J=RiQ~L8#eA<9_U$Vl2WhYpmV67<1$>J%%dv z@=Q1i)m$J0*7W}X^hMsjoX`QW;`rsdXLns?tHwv$8NAJ7ANDNLTjXtr>5wrCIpGPs6l)R9*!&LspsQ=E-}d?p0+1^EI0<_VHP0%4W8ORp7Jb=&lT&Hrife`L5uM%qFBc>-5`+x&F^TjQSwq9)A?$^eps_OZ27HU6 zB6yuPni?B_K%X=p0yrL1s>9Vr%-G<-Nt~76@S9$15BfPJa^Eihu&fPt65uT$)LeG; z9tt8&@Xv$>hmI`_eIcVKHY%kY@f5kP;RSM}Tz36l7)g;}g))-iT=lf2X0~7{y6PG# zS!8tSyrc%TQVlIYl+)dK_dY$YR2ev-E?6jWi6BmYC=BcoB4RiFa(gItVL>FMmh1B3 z|Bqw4EgtmRCYIdzWKM^gGRJ0B>{_xcrlGfMH7N_%5inuG?$cNH$ViZfWrgwDx$bZG zNl*skLI=E=^BZLZD3f9y%AjW7wxzGFV%AB|(41`GUA$?~Nw6$SYYUVdKpi`~<>Dt8 z;h)TZC?7viUt^7j$_Vz62l3a?k9}0iQ{nD5(_K>|YW78%zf8`=?^mQ~58~lXiH$MG z3+?p;!y=jbNYxq-Pd%z*O{X12o-a2t{hS6kG z@4XRL#Wf{u$JQMtZmQb=!I(C{?>EBp%qD!eJqQ%t~ueBu0!G_4IhSV1T2CVjWX|#}7rVoYya3 z5snLR%~mZMaUtR~3bDJnS}yS8ODdY1hhV&S_gF7LjpM->7LJqu~vDk&(%;%YJ| zMI#^Q(NgyeBu?;CgY(4=G5tq>tTK?ney<06UmPPmw1CV#Sb7sRvk*`zLP$P?5_?YX z@rSHAVUY?B-+dZj<~AnZ8%#{Dqs0o2rV9^PXNp?G*d;&egBG5l+j7BQ#DH%-<$M1R zt;o0g>TpRe%D|%nw6Y*0nHj7<*F&LNQUC}VnA+c@T7E7s(+{c`>B?;_$HU>Tq|bx#u_8tb5X`6zA9DkeLp^O;L8 z;A<(|L`|_1(ztBIIZuDD0;DgFzv`-p z)TH-JPo)C|jC_1=+kE$E@?n~@M>o~mf0x9i_s9@>n_zcJJ*>QOt$3!^g^889pdJQO zCSMB_>?GnzolJSeOJ{KXtg}EsR$Qk+(VVz*Y4M%haMx4#=>Xs*FKck-IY4-W@3xzk z!z=gM4NI0ciSqr1nah84YXSoS00E;RFdr}-1_MF)$4V2`Yw2hW8Bt0Sg5H1A+ko06Yg34XrD?Zy1U+!O@~)Bod$Kl!rUnqaxD< zWR_x+&Msxq+ce)f%ps5vW+Ll^E|zvJM7OfT{3NRWu%ul2uzr8Suw z<$ggx3Lt2p-uz8|0c5pi4tR!ph2t+T*4&Nhi7N&Z>=_1IX|e<^&Ttza(69=G`_oG0 z%<&l1;f{T=xkF2`>`%t8MqWq^&6sfb5%X)yfL uVDKwZsx%V*r{QPU&xaX{PMP5o7}#G`0IM@1x_B`~7222oaqPh#p0`H$4zQ;H diff --git a/cas/cas-server/src/main/resources/etc/cas/thekeystore.crt b/cas/cas-server/src/main/resources/etc/cas/thekeystore.crt deleted file mode 100644 index 12ef688a08439af5a75accd1cf5d4bedfce3bd9a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 901 zcmXqLVs12OV#-{=%*4pV#FD?sAkl!AjZ>@5qwPB{BO^B}gF&Gow*e;`b0`a&FjG;! zp^$+9h{GYwnUkNKn3IuTTmlng$0EjsMT{GZ7&DTXft)z6p@o5|k%gg&k-4d56p(8P zuimboeq`zQ69QGU z6Ux18*X$`=Te0j~Yv)#ABD-l#nCoa=Ow5c7jEfZwzj*}F0-agOPYL6FZJSWllzuu6ekFzDZOsdn^valvVGIxKPs#KZCDcX zYeU_kr=prmpDb7>sw-|%Se=z}&9U25zH6IWMbl%o^_op?3Rxy<$MX7aCZ$WiS~klz zMVuqVdZC1{SohYqn>=e{f2KaIb9CTR$XIaik8d4g%GNZ#ini+3$NKu$?)1Lw)MgWY zBgqz>xrs&ZT!FOwg$-OSzb|_|eX{+3@#55T5BF@WZVz8{VlBHk?~$$RPMsIJp8r?& zr=;HTe1|iR|J70(dMB;ya4*U<_;WeogLdF56QO_0AEsYF-!9qhH}j#e#Ep0WqPkU< diff --git a/cas/cas-server/src/main/resources/log4j2.xml b/cas/cas-server/src/main/resources/log4j2.xml deleted file mode 100644 index e688cc0350..0000000000 --- a/cas/cas-server/src/main/resources/log4j2.xml +++ /dev/null @@ -1,117 +0,0 @@ - - - - - - . - - warn - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/cas/cas-server/src/main/resources/services/casSecuredApp-19991.json b/cas/cas-server/src/main/resources/services/casSecuredApp-19991.json deleted file mode 100644 index 336007e484..0000000000 --- a/cas/cas-server/src/main/resources/services/casSecuredApp-19991.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "@class" : "org.apereo.cas.services.RegexRegisteredService", - "serviceId" : "^http://localhost:9000/login/cas", - "name" : "CAS Spring Secured App", - "description": "This is a Spring App that usses the CAS Server for it's authentication", - "id" : 19991, - "evaluationOrder" : 1 -} \ No newline at end of file diff --git a/cas/pom.xml b/cas/pom.xml index 77fae3b50a..e69de29bb2 100644 --- a/cas/pom.xml +++ b/cas/pom.xml @@ -1,23 +0,0 @@ - - - 4.0.0 - cas - cas - pom - - - com.baeldung - parent-modules - 1.0.0-SNAPSHOT - .. - - - - cas-secured-app - cas-server - - - diff --git a/pom.xml b/pom.xml index 04a2ce054c..e82390a37e 100644 --- a/pom.xml +++ b/pom.xml @@ -388,7 +388,6 @@ blade bootique - cas cdi checker-plugin @@ -899,7 +898,6 @@ blade bootique - cas cdi checker-plugin