Merge branch 'ibm-kc-removed' into 'master'

Ibm kc removed See merge request !91

Merge branch 'ibm-kc-removed' into 'master'
64312274 · Anuj Gupta · 023bc7d4 · a7831c06 · 64312274 · 64312274
Commit 64312274 authored 3 years ago by Anuj Gupta
--- a/NOTICE
+++ b/NOTICE
@@ -410,15 +410,6 @@ The following software have components provided under the terms of this license:
 - KeePassJava2 :: KDB (from https://repo1.maven.org/maven2/org/linguafranca/pwdb/KeePassJava2-kdb)
 - KeePassJava2 :: KDBX (from https://repo1.maven.org/maven2/org/linguafranca/pwdb/KeePassJava2-kdbx)
 - KeePassJava2 :: Simple (from https://repo1.maven.org/maven2/org/linguafranca/pwdb/KeePassJava2-simple)
- KeyCloak Authz: Client API (from https://repo1.maven.org/maven2/org/keycloak/keycloak-authz-client)
- Keycloak :: Spring :: Boot :: Default ::  Starter (from https://repo1.maven.org/maven2/org/keycloak/keycloak-spring-boot-starter)
- Keycloak Adapter Core (from https://repo1.maven.org/maven2/org/keycloak/keycloak-adapter-core)
- Keycloak Adapter SPI (from https://repo1.maven.org/maven2/org/keycloak/keycloak-adapter-spi)
- Keycloak Common (from https://repo1.maven.org/maven2/org/keycloak/keycloak-common)
- Keycloak Core (from https://repo1.maven.org/maven2/org/keycloak/keycloak-core)
- Keycloak Spring Boot 2 Integration (from https://repo1.maven.org/maven2/org/keycloak/keycloak-spring-boot-2-adapter)
- Keycloak Spring Boot Adapter Core (from https://repo1.maven.org/maven2/org/keycloak/keycloak-spring-boot-adapter-core)
- Keycloak Spring Security Integration (from https://repo1.maven.org/maven2/org/keycloak/keycloak-spring-security-adapter)
 - Kotlin Stdlib (from https://kotlinlang.org/)
 - Kotlin Stdlib Common (from https://kotlinlang.org/)
 - Logback Contrib :: JSON :: Classic (from https://repo1.maven.org/maven2/ch/qos/logback/contrib/logback-json-classic)
@@ -580,7 +571,6 @@ The following software have components provided under the terms of this license:
 - spring-boot-actuator (from https://spring.io/projects/spring-boot)
 - spring-boot-actuator-autoconfigure (from https://spring.io/projects/spring-boot)
 - spring-boot-autoconfigure (from https://spring.io/projects/spring-boot)
- spring-boot-container-bundle (from https://repo1.maven.org/maven2/org/keycloak/spring-boot-container-bundle)
 - spring-boot-dependencies (from https://spring.io/projects/spring-boot)
 - spring-boot-starter (from https://spring.io/projects/spring-boot)
 - spring-boot-starter-actuator (from https://spring.io/projects/spring-boot)
@@ -656,7 +646,6 @@ The following software have components provided under the terms of this license:
 - Hamcrest (from http://hamcrest.org/JavaHamcrest/)
 - Hamcrest Core (from http://hamcrest.org/)
 - HdrHistogram (from http://hdrhistogram.github.io/HdrHistogram/)
- Jakarta Activation (from https://repo1.maven.org/maven2/com/sun/activation/jakarta.activation)
 - Jakarta Activation API jar (from https://repo1.maven.org/maven2/jakarta/activation/jakarta.activation-api)
 - Jakarta XML Binding API (from https://repo1.maven.org/maven2/jakarta/xml/bind/jakarta.xml.bind-api)
 - Microsoft Application Insights Java SDK Core (from https://github.com/Microsoft/ApplicationInsights-Java)
@@ -888,7 +877,6 @@ The following software have components provided under the terms of this license:
 - Azure Java Client Runtime for ARM (from https://github.com/Azure/autorest-clientruntime-for-java)
 - Azure Java Client Runtime for AutoRest (from https://github.com/Azure/autorest-clientruntime-for-java)
 - Azure Spring Boot AutoConfigure (from https://github.com/Azure/azure-sdk-for-java)
- Bouncy Castle Provider (from http://www.bouncycastle.org/java.html)
 - Checker Qual (from https://checkerframework.org)
 - Default Plexus Container (from https://repo1.maven.org/maven2/org/codehaus/plexus/plexus-container-default)
 - Extensions on Apache Proton-J library (from https://github.com/Azure/qpid-proton-j-extensions)
@@ -956,7 +944,6 @@ PHP-3.01
 ========================================================================
 The following software have components provided under the terms of this license:

- Jakarta Activation (from https://repo1.maven.org/maven2/com/sun/activation/jakarta.activation)
 - Jakarta Activation API jar (from https://repo1.maven.org/maven2/jakarta/activation/jakarta.activation-api)
 - Jakarta XML Binding API (from https://repo1.maven.org/maven2/jakarta/xml/bind/jakarta.xml.bind-api)

@@ -1007,15 +994,12 @@ The following software have components provided under the terms of this license:

 - AWS SDK for Java - Models (from https://aws.amazon.com/sdkforjava)
 - Asynchronous Http Client (from https://repo1.maven.org/maven2/org/asynchttpclient/async-http-client)
- Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs (from http://www.bouncycastle.org/java.html)
- Bouncy Castle Provider (from http://www.bouncycastle.org/java.html)
 - Guava: Google Core Libraries for Java (from https://repo1.maven.org/maven2/com/google/guava/guava)
 - HdrHistogram (from http://hdrhistogram.github.io/HdrHistogram/)
 - JTidy (from http://jtidy.sourceforge.net)
 - Joda-Time (from https://www.joda.org/joda-time/)
 - Joda-Time (from https://www.joda.org/joda-time/)
 - Joda-Time (from https://www.joda.org/joda-time/)
- Keycloak Common (from https://repo1.maven.org/maven2/org/keycloak/keycloak-common)
 - LatencyUtils (from http://latencyutils.github.io/LatencyUtils/)
 - Microsoft Application Insights Java SDK Core (from https://github.com/Microsoft/ApplicationInsights-Java)
 - Microsoft Azure SDK for EventGrid Management (from https://github.com/Azure/azure-sdk-for-java)
@@ -1035,8 +1019,6 @@ unknown
 ========================================================================
 The following software have components provided under the terms of this license:

- Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs (from http://www.bouncycastle.org/java.html)
- Bouncy Castle Provider (from http://www.bouncycastle.org/java.html)
 - Byte Buddy (without dependencies) (from https://repo1.maven.org/maven2/net/bytebuddy/byte-buddy)
 - Checker Qual (from https://checkerframework.org)
 - JSON in Java (from https://github.com/douglascrockford/JSON-java)
@@ -1048,7 +1030,6 @@ The following software have components provided under the terms of this license:
 - JUnit Jupiter Params (from https://junit.org/junit5/)
 - JUnit Platform Commons (from https://junit.org/junit5/)
 - JUnit Platform Engine API (from https://junit.org/junit5/)
- Jakarta Activation (from https://repo1.maven.org/maven2/com/sun/activation/jakarta.activation)
 - Jakarta Activation API jar (from https://repo1.maven.org/maven2/jakarta/activation/jakarta.activation-api)
 - Jakarta XML Binding API (from https://repo1.maven.org/maven2/jakarta/xml/bind/jakarta.xml.bind-api)
 - Spongy Castle (from http://rtyley.github.io/spongycastle/)

--- a/provider/partition-ibm/pom.xml
+++ b/provider/partition-ibm/pom.xml
@@ -41,6 +41,10 @@
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency> -->
+        <dependency>
+		<groupId>org.springframework.boot</groupId>
+		<artifactId>spring-boot-starter-security</artifactId>
+	</dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-oauth2-client</artifactId>
@@ -112,11 +116,11 @@
        
        
         <!-- Keycloak  -->
-        <dependency>
+      <!--   <dependency>
            <groupId>org.keycloak</groupId>
            <artifactId>keycloak-spring-boot-starter</artifactId>
            <version>${version.keycloak}</version>
-        </dependency>
+        </dependency> -->
        <!-- <dependency>
            <groupId>org.keycloak</groupId>
            <artifactId>keycloak-spring-boot-starter-security</artifactId>

--- a/provider/partition-ibm/src/main/java/org/opengroup/osdu/partition/provider/ibm/security/AuthorizationService.java
+++ b/provider/partition-ibm/src/main/java/org/opengroup/osdu/partition/provider/ibm/security/AuthorizationService.java
@@ -3,14 +3,13 @@

 package org.opengroup.osdu.partition.provider.ibm.security;

-import org.keycloak.KeycloakPrincipal;
-import org.keycloak.KeycloakSecurityContext;
 import org.opengroup.osdu.core.common.model.http.AppException;
 import org.opengroup.osdu.partition.provider.interfaces.IAuthorizationService;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.stereotype.Component;
 import org.springframework.web.context.annotation.RequestScope;

@@ -28,12 +27,14 @@ public class AuthorizationService implements IAuthorizationService {
 	@Override
 	public boolean isDomainAdminServiceAccount() {
 		try {
-			final Authentication auth = SecurityContextHolder.getContext().getAuthentication();
-			@SuppressWarnings("unchecked")
-			KeycloakPrincipal<KeycloakSecurityContext> principal = (KeycloakPrincipal<KeycloakSecurityContext>) auth.getPrincipal();
-			String upn =  principal.getName();
-			log.info("email : "+upn);
-			if(upn.equals(partitionAdminUser)) {
+			final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+			Jwt principal = (Jwt) authentication.getPrincipal();
+	        String memberEmail = principal.getClaimAsString("email");
+//			@SuppressWarnings("unchecked")
+//			KeycloakPrincipal<KeycloakSecurityContext> principal = (KeycloakPrincipal<KeycloakSecurityContext>) auth.getPrincipal();
+//			String upn =  principal.getName();
+			log.debug("email : "+memberEmail);
+			if(memberEmail.equals(partitionAdminUser)) {
 				return true;
 			} 
 		    else {

--- a/provider/partition-ibm/src/main/java/org/opengroup/osdu/partition/provider/ibm/security/KeycloakSecurityConfig.java
+++ b/provider/partition-ibm/src/main/java/org/opengroup/osdu/partition/provider/ibm/security/KeycloakSecurityConfig.java
-/* Licensed Materials - Property of IBM              */
-/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
-
-package org.opengroup.osdu.partition.provider.ibm.security;
-
-import org.keycloak.adapters.KeycloakConfigResolver;
-import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
-import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
-import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
-import org.springframework.security.core.session.SessionRegistryImpl;
-import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy;
-import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
-import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
-
-@Configuration
-@EnableWebSecurity
-@EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
-public class KeycloakSecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
-
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        super.configure(http);
-        http.authorizeRequests()
-        .anyRequest().authenticated().and().oauth2ResourceServer().jwt();
-           /* .anyRequest()
-            .permitAll();*/
-        http.csrf().disable();
-        http.headers().frameOptions().disable();
-    }
-
-    @Autowired
-    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-        KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
-        keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
-        auth.authenticationProvider(keycloakAuthenticationProvider);
-    }
-
-    @Bean
-    @Override
-    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
-        return new NullAuthenticatedSessionStrategy();
-    }
-
-    @Bean
-    public KeycloakConfigResolver KeycloakConfigResolver() {
-        return new KeycloakSpringBootConfigResolver();
-    }
-}
\ No newline at end of file
--- a/provider/partition-ibm/src/main/java/org/opengroup/osdu/partition/provider/ibm/security/SecurityConfig.java
+++ b/provider/partition-ibm/src/main/java/org/opengroup/osdu/partition/provider/ibm/security/SecurityConfig.java
+/* Licensed Materials - Property of IBM              */
+/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
+
+package org.opengroup.osdu.partition.provider.ibm.security;
+
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+
+
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.httpBasic().disable()
+                .csrf().disable().authorizeRequests().anyRequest()
+                .authenticated().and().oauth2ResourceServer().jwt();  
+    }
+}
+
+
--- a/testing/partition-test-ibm/src/test/java/org/opengroup/osdu/partition/api/TestCreatePartition.java
+++ b/testing/partition-test-ibm/src/test/java/org/opengroup/osdu/partition/api/TestCreatePartition.java
@@ -3,15 +3,10 @@

 package org.opengroup.osdu.partition.api;

-import static org.junit.Assert.assertEquals;
-
 import org.junit.After;
 import org.junit.Before;
-import org.junit.Test;
 import org.opengroup.osdu.partition.util.IBMTestUtils;

-import com.sun.jersey.api.client.ClientResponse;
-
 public class TestCreatePartition extends CreatePartitionTest {

    @Before
@@ -25,23 +20,6 @@ public class TestCreatePartition extends CreatePartitionTest {
    public void tearDown() {
        this.testUtils = null;
    }
-
-    @Test
-	@Override
-	public void should_return401_when_noAccessToken() throws Exception {
-		// Springboot Keycloak gives 403 when token does not have required roles
-    	 ClientResponse response = descriptor.runOnCustomerTenant(getId(), testUtils.getNoAccessToken());
-         assertEquals(error(response.getEntity(String.class)), 403, response.getStatus());
-	}
-
-    @Test
-	@Override
-	public void should_return401_when_accessingWithCredentialsWithoutPermission() throws Exception {
-		// Partition-ibm service does not required partition id
-    	// Here, no access token used hence checking with 403 response code in assertion statement  
-    	ClientResponse response = descriptor.run(getId(), testUtils.getNoAccessToken());
-        assertEquals(403, response.getStatus());
-	}
-       
+  

 }
--- a/testing/partition-test-ibm/src/test/java/org/opengroup/osdu/partition/api/TestDeletePartition.java
+++ b/testing/partition-test-ibm/src/test/java/org/opengroup/osdu/partition/api/TestDeletePartition.java
@@ -3,15 +3,10 @@

 package org.opengroup.osdu.partition.api;

-import static org.junit.Assert.assertEquals;
-
 import org.junit.After;
 import org.junit.Before;
-import org.junit.Test;
 import org.opengroup.osdu.partition.util.IBMTestUtils;

-import com.sun.jersey.api.client.ClientResponse;
-
 public class TestDeletePartition extends DeletePartitionTest {
    
    @Before
@@ -26,20 +21,4 @@ public class TestDeletePartition extends DeletePartitionTest {
        this.testUtils = null;
    }

-    @Test
-	@Override
-	public void should_return401_when_noAccessToken() throws Exception {
-		// Springboot Keycloak gives 403 when token does not have required roles
-    	 ClientResponse response = descriptor.runOnCustomerTenant(getId(), testUtils.getNoAccessToken());
-         assertEquals(error(response.getEntity(String.class)), 403, response.getStatus());
-	}
-
-    @Test
-	@Override
-	public void should_return401_when_accessingWithCredentialsWithoutPermission() throws Exception {
-		// Partition-ibm service does not required partition id
-    	// Here, no access token used hence checking with 403 response code in assertion statement  
-    	ClientResponse response = descriptor.run(getId(), testUtils.getNoAccessToken());
-        assertEquals(403, response.getStatus());
-	}
 }
--- a/testing/partition-test-ibm/src/test/java/org/opengroup/osdu/partition/api/TestGetPartitionById.java
+++ b/testing/partition-test-ibm/src/test/java/org/opengroup/osdu/partition/api/TestGetPartitionById.java
@@ -25,20 +25,5 @@ public class TestGetPartitionById extends GetPartitionByIdApitTest {
    public void tearDown() {
        this.testUtils = null;
    }
-    @Test
-	@Override
-	public void should_return401_when_noAccessToken() throws Exception {
-		// Springboot Keycloak gives 403 when token does not have required roles
-    	 ClientResponse response = descriptor.runOnCustomerTenant(getId(), testUtils.getNoAccessToken());
-         assertEquals(error(response.getEntity(String.class)), 403, response.getStatus());
-	}
-
-    @Test
-	@Override
-	public void should_return401_when_accessingWithCredentialsWithoutPermission() throws Exception {
-		// Partition-ibm service does not required partition id
-    	// Here, no access token used hence checking with 403 response code in assertion statement  
-    	ClientResponse response = descriptor.run(getId(), testUtils.getNoAccessToken());
-        assertEquals(403, response.getStatus());
-	}
+
 }
--- a/testing/partition-test-ibm/src/test/java/org/opengroup/osdu/partition/api/TestListPartitions.java
+++ b/testing/partition-test-ibm/src/test/java/org/opengroup/osdu/partition/api/TestListPartitions.java
@@ -3,15 +3,10 @@

 package org.opengroup.osdu.partition.api;

-import static org.junit.Assert.assertEquals;
-
 import org.junit.After;
 import org.junit.Before;
-import org.junit.Test;
 import org.opengroup.osdu.partition.util.IBMTestUtils;

-import com.sun.jersey.api.client.ClientResponse;
-
 public class TestListPartitions extends ListPartitionsApitTest {

    @Before
@@ -25,20 +20,5 @@ public class TestListPartitions extends ListPartitionsApitTest {
    public void tearDown() {
        this.testUtils = null;
    }
-    @Test
-	@Override
-	public void should_return401_when_noAccessToken() throws Exception {
-		// Springboot Keycloak gives 403 when token does not have required roles
-    	 ClientResponse response = descriptor.runOnCustomerTenant(getId(), testUtils.getNoAccessToken());
-         assertEquals(error(response.getEntity(String.class)), 403, response.getStatus());
-	}

-    @Test
-	@Override
-	public void should_return401_when_accessingWithCredentialsWithoutPermission() throws Exception {
-		// Partition-ibm service does not required partition id
-    	// Here, no access token used hence checking with 403 response code in assertion statement  
-    	ClientResponse response = descriptor.run(getId(), testUtils.getNoAccessToken());
-        assertEquals(403, response.getStatus());
-	}
 }
--- a/testing/partition-test-ibm/src/test/java/org/opengroup/osdu/partition/api/TestUpdatePartition.java
+++ b/testing/partition-test-ibm/src/test/java/org/opengroup/osdu/partition/api/TestUpdatePartition.java
@@ -25,20 +25,5 @@ public class TestUpdatePartition extends UpdatePartitionTest {
    public void tearDown() {
        this.testUtils = null;
    }
-    @Test
-	@Override
-	public void should_return401_when_noAccessToken() throws Exception {
-		// Springboot Keycloak gives 403 when token does not have required roles
-    	 ClientResponse response = descriptor.runOnCustomerTenant(getId(), testUtils.getNoAccessToken());
-         assertEquals(error(response.getEntity(String.class)), 403, response.getStatus());
-	}
-
-    @Test
-	@Override
-	public void should_return401_when_accessingWithCredentialsWithoutPermission() throws Exception {
-		// Partition-ibm service does not required partition id
-    	// Here, no access token used hence checking with 403 response code in assertion statement  
-    	ClientResponse response = descriptor.run(getId(), testUtils.getNoAccessToken());
-        assertEquals(403, response.getStatus());
-	}
+
 }