Merge branch 'dev' of codecommit://os-dataset into dev

45200936 · Rucha Deshpande · 566ca164 · ff3e2bc0 · 45200936 · 45200936
Commit 45200936 authored May 13, 2021 by Rucha Deshpande
--- a/dataset-core/src/main/java/org/opengroup/osdu/dataset/service/DatasetRegistryServiceImpl.java
+++ b/dataset-core/src/main/java/org/opengroup/osdu/dataset/service/DatasetRegistryServiceImpl.java
@@ -213,7 +213,7 @@ public class DatasetRegistryServiceImpl implements DatasetRegistryService {
                    } catch (HttpResponseBodyParsingException | NullPointerException e1) {
                        throw new AppException(HttpStatus.INTERNAL_SERVER_ERROR.value(),
                                HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase(),
-                                "Failed to parse error from Schema Service");
+                                "Failed to parse error from Schema Service", e1);
                    }
                }
            }           

--- a/provider/dataset-azure/pom.xml
+++ b/provider/dataset-azure/pom.xml
@@ -40,7 +40,8 @@
        <maven.compiler.target>1.8</maven.compiler.target>
        <maven.compiler.source>1.8</maven.compiler.source>
        <osdu.corelibazure.version>0.8.0</osdu.corelibazure.version>
-        <osdu.oscorecommon.version>0.8.0</osdu.oscorecommon.version>
+        <osdu.oscorecommon.version>0.9.0-rc5</osdu.oscorecommon.version>
+        <nimbus-jose-jwt.version>7.9</nimbus-jose-jwt.version>
    </properties>

    <dependencyManagement>
@@ -57,6 +58,43 @@
    </dependencyManagement>

    <dependencies>
+        <dependency>
+            <groupId>com.nimbusds</groupId>
+            <artifactId>nimbus-jose-jwt</artifactId>
+            <version>${nimbus-jose-jwt.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.microsoft.azure</groupId>
+            <artifactId>azure-active-directory-spring-boot-starter</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.springframework.boot</groupId>
+                    <artifactId>spring-boot-starter-logging</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+            <exclusions>
+                <exclusion>
+                    <groupId>ch.qos.logback</groupId>
+                    <artifactId>logback-classic</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.logging.log4j</groupId>
+                    <artifactId>log4j-to-slf4j</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-oauth2-client</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-oauth2-jose</artifactId>
+        </dependency>
        <dependency>
            <groupId>org.opengroup.osdu</groupId>
            <artifactId>os-core-common</artifactId>

--- a/provider/dataset-azure/src/main/java/org/opengroup/osdu/dataset/provider/azure/security/AADSecurityConfig.java
+++ b/provider/dataset-azure/src/main/java/org/opengroup/osdu/dataset/provider/azure/security/AADSecurityConfig.java
+/*
+ * Copyright 2021  Microsoft Corporation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.opengroup.osdu.dataset.provider.azure.security;
+
+import com.microsoft.azure.spring.autoconfigure.aad.AADAppRoleStatelessAuthenticationFilter;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+@ConditionalOnProperty(value = "azure.istio.auth.enabled", havingValue = "false")
+public class AADSecurityConfig extends WebSecurityConfigurerAdapter {
+    @Autowired
+    private AADAppRoleStatelessAuthenticationFilter appRoleAuthFilter;
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http
+                .csrf().disable()
+                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER)
+                .and()
+                .authorizeRequests()
+                .antMatchers("/", "/index.html",
+                        "/v2/api-docs",
+                        "/configuration/ui",
+                        "/swagger-resources/**",
+                        "/configuration/security",
+                        "/swagger",
+                        "/swagger-ui.html",
+                        "/webjars/**").permitAll()
+                .anyRequest().authenticated()
+                .and()
+                .addFilterBefore(appRoleAuthFilter, UsernamePasswordAuthenticationFilter.class);
+    }
+}
--- a/provider/dataset-azure/src/main/java/org/opengroup/osdu/dataset/provider/azure/security/AzureIstioSecurityConfig.java
+++ b/provider/dataset-azure/src/main/java/org/opengroup/osdu/dataset/provider/azure/security/AzureIstioSecurityConfig.java
+/*
+ * Copyright 2021  Microsoft Corporation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.opengroup.osdu.dataset.provider.azure.security;
+
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+@ConditionalOnProperty(value = "azure.istio.auth.enabled", havingValue = "true", matchIfMissing = true)
+public class AzureIstioSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.httpBasic().disable()
+                .csrf().disable();  //AuthN is disabled. AuthN is handled by sidecar proxy
+    }
+}