Skip to content
Snippets Groups Projects
Commit fd79f50f authored by Nicholas.Iodice's avatar Nicholas.Iodice
Browse files

Merged PR 1003: auth fixes

auth fixes
parent d33c20f5
No related branches found
No related tags found
1 merge request!6Trusted ibm
// Copyright © Microsoft Corporation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package org.opengroup.osdu.indexer.azure.config;
import lombok.Getter;
import lombok.Setter;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.stereotype.Component;
@Getter
@Setter
@Component
@ConfigurationProperties("aad")
public class AADConfiguration {
String clientId;
String authority;
String secretKey;
String oboApi;
public String getAuthority(){
if (!authority.endsWith("/")) {
authority += "/";
}
return authority;
}
}
\ No newline at end of file
package org.opengroup.osdu.indexer.azure.config;
import com.azure.security.keyvault.secrets.SecretClient;
import org.opengroup.osdu.azure.KeyVaultFacade;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.stereotype.Component;
......@@ -9,6 +11,9 @@ import javax.inject.Named;
@Component
public class AzureBootstrapConfig {
@Value("${aad.oboApi}")
private String aadOboAPI;
@Value("${azure.keyvault.url}")
private String keyVaultURL;
......@@ -54,4 +59,32 @@ public class AzureBootstrapConfig {
return maxCacheValueSize;
}
private String authority;
private String secretKey;
@Bean
@Named("AAD_OBO_API")
public String aadClientID() {
return aadOboAPI;
}
@Bean
@Named("AUTH_CLIENT_ID")
public String authClientID(final SecretClient sc) {
return KeyVaultFacade.getSecretWithValidation(sc, "app-dev-sp-username");
}
@Bean
@Named("AUTH_CLIENT_SECRET")
public String authClientSecret(final SecretClient sc) {
return KeyVaultFacade.getSecretWithValidation(sc, "app-dev-sp-password");
}
@Bean
@Named("AUTH_URL")
public String authURL(final SecretClient sc) {
String urlFormat = "https://login.microsoftonline.com/%s/oauth2/token/";
String tenant = KeyVaultFacade.getSecretWithValidation(sc, "app-dev-sp-tenant-id");
return String.format(urlFormat, tenant);
}
}
......@@ -29,11 +29,11 @@ import org.opengroup.osdu.core.common.model.tenant.TenantInfo;
import org.opengroup.osdu.core.common.provider.interfaces.IJwtCache;
import org.opengroup.osdu.core.common.provider.interfaces.ITenantFactory;
import org.opengroup.osdu.core.common.util.IServiceAccountJwtClient;
import org.opengroup.osdu.indexer.azure.config.AADConfiguration;
import org.springframework.stereotype.Component;
import org.springframework.web.context.annotation.RequestScope;
import javax.inject.Inject;
import javax.inject.Named;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
......@@ -44,15 +44,31 @@ public class ServiceAccountJwtClientImpl implements IServiceAccountJwtClient {
@Inject
private ITenantFactory tenantInfoServiceProvider;
@Inject
private DpsHeaders dpsHeaders;
@Inject
private IJwtCache cacheService;
@Inject
private JaxRsDpsLog log;
@Inject
private AADConfiguration configuration;
@Named("AAD_OBO_API")
private String authAPI;
@Inject
@Named("AUTH_CLIENT_ID")
private String authClientID;
@Inject
@Named("AUTH_CLIENT_SECRET")
private String authClientSecret;
@Inject
@Named("AUTH_URL")
private String authURL;
public String getIdToken(String tenantName) {
this.log.info("Tenant name received for auth token is: " + tenantName);
......@@ -75,9 +91,9 @@ public class ServiceAccountJwtClientImpl implements IServiceAccountJwtClient {
AuthenticationContext context = null;
try {
context = new AuthenticationContext(configuration.getAuthority(), false, service);
ClientCredential credential = new ClientCredential(configuration.getClientId(), configuration.getSecretKey());
Future<AuthenticationResult> future = context.acquireToken(configuration.getOboApi(), credential, null);
context = new AuthenticationContext(authURL, false, service);
ClientCredential credential = new ClientCredential(authClientID, authClientSecret);
Future<AuthenticationResult> future = context.acquireToken(authAPI, credential, null);
ACCESS_TOKEN = future.get().getAccessToken();
......
......@@ -49,4 +49,5 @@ azure.keyvault.url=${KEYVAULT_URI}
azure.application-insights.instrumentation-key=${appinsights_key}
spring.application.name=indexer-azure
DEPLOYMENT_ENVIRONMENT=CLOUD
\ No newline at end of file
DEPLOYMENT_ENVIRONMENT=CLOUD
aad.oboApi=${aad_client_id}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment