diff --git a/NOTICE b/NOTICE
index 473f1a6e1a5c60ea95eb00efa2d9bd0d664ce349..9cc38e4945a1f97d52010431bde3097a45ba9113 100644
--- a/NOTICE
+++ b/NOTICE
@@ -29,8 +29,8 @@ The following software have components provided under the terms of this license:
- Cloud Storage JSON API v1-rev58-1.21.0 (from )
- Elastic JNA Distribution (from https://github.com/java-native-access/jna)
- Elasticsearch: 5.0.0-alpha5 (from https://github.com/elastic/elasticsearch)
-- Expression Language 3.0 (from https://projects.eclipse.org/projects/ee4j.el)
- Expression Language 3.0 (from http://uel.java.net)
+- Expression Language 3.0 (from https://projects.eclipse.org/projects/ee4j.el)
- FindBugs-jsr305 (from http://findbugs.sourceforge.net/)
- Google APIs Client Library for Java (from )
- Google App Engine extensions to the Google HTTP Client Library for Java. (from )
@@ -90,8 +90,9 @@ The following software have components provided under the terms of this license:
- Lucene Spatial 3D (from )
- Lucene Spatial Extras (from )
- Lucene Suggest (from )
-- Mockito (from http://www.mockito.org)
+- MapStruct Core (from )
- Mockito (from http://mockito.org)
+- Mockito (from http://www.mockito.org)
- Netty/Buffer (from http://netty.io/)
- Netty/Codec (from )
- Netty/Common (from )
@@ -122,6 +123,9 @@ The following software have components provided under the terms of this license:
- Spring Context (from https://github.com/spring-projects/spring-framework)
- Spring Core (from https://github.com/spring-projects/spring-framework)
- Spring Expression Language (SpEL) (from https://github.com/spring-projects/spring-framework)
+- Spring Plugin - Core (from )
+- Spring Plugin - Metadata Extension (from )
+- Spring TestContext Framework (from https://github.com/spring-projects/spring-framework)
- Spring Web (from https://github.com/spring-projects/spring-framework)
- Spring Web MVC (from https://github.com/spring-projects/spring-framework)
- T-Digest (from https://github.com/tdunning/t-digest)
@@ -172,8 +176,16 @@ The following software have components provided under the terms of this license:
- spring-security-config (from http://spring.io/spring-security)
- spring-security-core (from http://spring.io/spring-security)
- spring-security-web (from http://spring.io/spring-security)
+- springfox-core (from https://github.com/springfox/springfox)
+- springfox-schema (from https://github.com/springfox/springfox)
+- springfox-spi (from https://github.com/springfox/springfox)
+- springfox-spring-web (from https://github.com/springfox/springfox)
+- springfox-swagger-common (from https://github.com/springfox/springfox)
+- springfox-swagger-ui (from https://github.com/springfox/springfox)
+- springfox-swagger2 (from https://github.com/springfox/springfox)
- swagger-annotations (from )
- swagger-jaxrs (from )
+- swagger-models (from )
- tomcat-embed-core (from http://tomcat.apache.org/)
- tomcat-embed-el (from http://tomcat.apache.org/)
- tomcat-embed-websocket (from http://tomcat.apache.org/)
@@ -310,8 +322,8 @@ GPL-2.0-with-classpath-exception
The following software have components provided under the terms of this license:
- Checker Qual (from https://checkerframework.org)
-- Expression Language 3.0 (from http://uel.java.net)
- Expression Language 3.0 (from https://projects.eclipse.org/projects/ee4j.el)
+- Expression Language 3.0 (from http://uel.java.net)
- Java Architecture For XML Binding (from )
- Java Architecture For XML Binding (from )
- Java Servlet API (from https://projects.eclipse.org/projects/ee4j.servlet)
diff --git a/provider/notification-azure/pom.xml b/provider/notification-azure/pom.xml
index 69593aaf8b75ca9958270559cc5453fbe7f08def..a3f38f44715e805d9e1a0567dea19be48a565ece 100644
--- a/provider/notification-azure/pom.xml
+++ b/provider/notification-azure/pom.xml
@@ -19,7 +19,6 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
- <groupId>org.opengroup.osdu</groupId>
<artifactId>notification-azure</artifactId>
<version>1.0.0</version>
<name>notification-azure</name>
@@ -142,6 +141,11 @@
<version>3.0.0</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>com.auth0</groupId>
+ <artifactId>jwks-rsa</artifactId>
+ <version>0.11.0</version>
+ </dependency>
</dependencies>
<build>
diff --git a/provider/notification-azure/src/main/java/org/opengroup/osdu/notification/provider/azure/security/SecurityConfig.java b/provider/notification-azure/src/main/java/org/opengroup/osdu/notification/provider/azure/security/SecurityConfig.java
index 853b37b2a7cffb3c022060471626e81fae56b713..5c7b8c02943e94e35c4ec110d4251a016a836bfd 100644
--- a/provider/notification-azure/src/main/java/org/opengroup/osdu/notification/provider/azure/security/SecurityConfig.java
+++ b/provider/notification-azure/src/main/java/org/opengroup/osdu/notification/provider/azure/security/SecurityConfig.java
@@ -15,23 +15,36 @@
package org.opengroup.osdu.notification.provider.azure.security;
import com.microsoft.azure.spring.autoconfigure.aad.AADAppRoleStatelessAuthenticationFilter;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
-import javax.inject.Inject;
-
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
+ @Autowired
+ private AADAppRoleStatelessAuthenticationFilter appRoleAuthFilter;
+
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
- // TODO : Add antMatchers after Swagger changes merge
- // TODO : Add the authZ
httpSecurity
- .csrf().disable();
+ .csrf().disable()
+ .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.NEVER)
+ .and()
+ .authorizeRequests()
+ .antMatchers("/",
+ "/swagger",
+ "/v2/api-docs",
+ "/swagger-resources/**",
+ "/swagger-ui.html",
+ "/webjars/**").permitAll()
+ .anyRequest().authenticated()
+ .and()
+ .addFilterBefore(appRoleAuthFilter, UsernamePasswordAuthenticationFilter.class);
}
}
diff --git a/provider/notification-azure/src/main/java/org/opengroup/osdu/notification/provider/azure/util/AzureServiceAccountValidatorImpl.java b/provider/notification-azure/src/main/java/org/opengroup/osdu/notification/provider/azure/util/AzureServiceAccountValidatorImpl.java
index 971666dd829edb794bcaac7fa7cfab32d56eafc8..dc1a345185f2f6c20384644f1772ff43ef0743bd 100644
--- a/provider/notification-azure/src/main/java/org/opengroup/osdu/notification/provider/azure/util/AzureServiceAccountValidatorImpl.java
+++ b/provider/notification-azure/src/main/java/org/opengroup/osdu/notification/provider/azure/util/AzureServiceAccountValidatorImpl.java
@@ -14,27 +14,31 @@
package org.opengroup.osdu.notification.provider.azure.util;
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.interfaces.DecodedJWT;
import org.opengroup.osdu.notification.provider.interfaces.IServiceAccountValidator;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
+import org.springframework.stereotype.Service;
-@Component
+@Service
public class AzureServiceAccountValidatorImpl implements IServiceAccountValidator {
+ @Autowired
+ AppProperties appProperties;
+
@Override
- public boolean isValidPublisherServiceAccount(String jwt) {
- // TODO : Implement the service account verification for PubSub Role
- // TODO : Also check the need and means to verify the other Roles.
+ public boolean isValidPublisherServiceAccount(String token) {
+ return isValidServiceAccount(token, this.appProperties.getAadClientID());
- // Marking it to return true, for the integration tests.
- return true;
}
@Override
- public boolean isValidServiceAccount(String jwt, String userIdentity, String... audiences) {
- // TODO : Implement the service account verification for PubSub Role
- // TODO : Also check the need and means to verify the other Roles.
-
- // Marking it to return true, for the integration tests.
- return true;
+ public boolean isValidServiceAccount(String token, String userIdentity, String... audiences) {
+ // TODO : find out if this will be required to authZ,
+ // when we are are authZ through Entitlement Service.
+ //
+ // Tracking through a issue.
+ return false;
}
}
diff --git a/provider/notification-azure/src/test/java/org/opengroup/osdu/notification/util/AzureServiceAccountValidatorImplTest.java b/provider/notification-azure/src/test/java/org/opengroup/osdu/notification/util/AzureServiceAccountValidatorImplTest.java
new file mode 100644
index 0000000000000000000000000000000000000000..0899d9a4c6275dc152c9bdce952a91449260d066
--- /dev/null
+++ b/provider/notification-azure/src/test/java/org/opengroup/osdu/notification/util/AzureServiceAccountValidatorImplTest.java
@@ -0,0 +1,58 @@
+// Copyright © Microsoft Corporation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package org.opengroup.osdu.notification.util;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.Spy;
+import org.mockito.junit.MockitoJUnitRunner;
+import org.opengroup.osdu.notification.provider.azure.util.AppProperties;
+import org.opengroup.osdu.notification.provider.azure.util.AzureServiceAccountValidatorImpl;
+
+import static org.mockito.Mockito.when;
+
+@RunWith(MockitoJUnitRunner.class)
+public class AzureServiceAccountValidatorImplTest {
+ private static String invalidAADClientID = "testInvalidAADClientID";
+ private static String invalidJWT = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJkdW1teUBkdW1teS5jb20iLCJpc3MiOiJkdW1teUBkdW1teS5jb20iLCJhdWQiOiJkdW1teS5kdW1teS5jb20iLCJpYXQiOjE1NTYxMzcyNzMsImV4cCI6MTU1NjIzMDk3OSwicHJvdmlkZXIiOiJkdW1teS5jb20iLCJjbGllbnQiOiJkdW1teS5jb20iLCJ1c2VyaWQiOiJkdW1teXRlc3Rlci5jb20iLCJlbWFpbCI6ImR1bW15dGVzdGVyLmNvbSIsImF1dGh6IjoiIiwibGFzdG5hbWUiOiJkdW1teSIsImZpcnN0bmFtZSI6ImR1bW15IiwiY291bnRyeSI6IiIsImNvbXBhbnkiOiIiLCJqb2J0aXRsZSI6IiIsInN1YmlkIjoiZHVtbXlpZCIsImlkcCI6ImR1bW15IiwiaGQiOiJkdW1teS5jb20iLCJkZXNpZCI6ImR1bW15aWQiLCJjb250YWN0X2VtYWlsIjoiZHVtbXlAZHVtbXkuY29tIiwianRpIjoiNGEyMWYyYzItZjU5Yy00NWZhLTk0MTAtNDNkNDdhMTg4ODgwIn0.nkiyKtfXXxAlC60iDjXuB2EAGDfZiVglP-CyU1T4etc";
+
+ @Mock
+ private AppProperties appProperties;
+
+ @InjectMocks
+ @Spy
+ private AzureServiceAccountValidatorImpl sut;
+
+ @Before
+ public void setup() {
+ when(this.appProperties.getAadClientID()).thenReturn(this.invalidAADClientID);
+ }
+
+ @Test
+ public void should_returnFalse_isValidServiceAccount() {
+ // Set Up
+ boolean expected = false;
+
+ // Act
+ boolean observed = this.sut.isValidPublisherServiceAccount(invalidJWT);
+
+ // Assert
+ Assert.assertEquals(expected, observed);
+ }
+}