Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Open Subsurface Data Universe Software
Platform
System
Partition
Commits
a7831c06
Commit
a7831c06
authored
Sep 09, 2021
by
Bhushan Rade
Committed by
Anuj Gupta
Sep 09, 2021
Browse files
Ibm kc removed
parent
023bc7d4
Changes
10
Hide whitespace changes
Inline
Side-by-side
NOTICE
View file @
a7831c06
...
...
@@ -410,15 +410,6 @@ The following software have components provided under the terms of this license:
- KeePassJava2 :: KDB (from https://repo1.maven.org/maven2/org/linguafranca/pwdb/KeePassJava2-kdb)
- KeePassJava2 :: KDBX (from https://repo1.maven.org/maven2/org/linguafranca/pwdb/KeePassJava2-kdbx)
- KeePassJava2 :: Simple (from https://repo1.maven.org/maven2/org/linguafranca/pwdb/KeePassJava2-simple)
- KeyCloak Authz: Client API (from https://repo1.maven.org/maven2/org/keycloak/keycloak-authz-client)
- Keycloak :: Spring :: Boot :: Default :: Starter (from https://repo1.maven.org/maven2/org/keycloak/keycloak-spring-boot-starter)
- Keycloak Adapter Core (from https://repo1.maven.org/maven2/org/keycloak/keycloak-adapter-core)
- Keycloak Adapter SPI (from https://repo1.maven.org/maven2/org/keycloak/keycloak-adapter-spi)
- Keycloak Common (from https://repo1.maven.org/maven2/org/keycloak/keycloak-common)
- Keycloak Core (from https://repo1.maven.org/maven2/org/keycloak/keycloak-core)
- Keycloak Spring Boot 2 Integration (from https://repo1.maven.org/maven2/org/keycloak/keycloak-spring-boot-2-adapter)
- Keycloak Spring Boot Adapter Core (from https://repo1.maven.org/maven2/org/keycloak/keycloak-spring-boot-adapter-core)
- Keycloak Spring Security Integration (from https://repo1.maven.org/maven2/org/keycloak/keycloak-spring-security-adapter)
- Kotlin Stdlib (from https://kotlinlang.org/)
- Kotlin Stdlib Common (from https://kotlinlang.org/)
- Logback Contrib :: JSON :: Classic (from https://repo1.maven.org/maven2/ch/qos/logback/contrib/logback-json-classic)
...
...
@@ -580,7 +571,6 @@ The following software have components provided under the terms of this license:
- spring-boot-actuator (from https://spring.io/projects/spring-boot)
- spring-boot-actuator-autoconfigure (from https://spring.io/projects/spring-boot)
- spring-boot-autoconfigure (from https://spring.io/projects/spring-boot)
- spring-boot-container-bundle (from https://repo1.maven.org/maven2/org/keycloak/spring-boot-container-bundle)
- spring-boot-dependencies (from https://spring.io/projects/spring-boot)
- spring-boot-starter (from https://spring.io/projects/spring-boot)
- spring-boot-starter-actuator (from https://spring.io/projects/spring-boot)
...
...
@@ -656,7 +646,6 @@ The following software have components provided under the terms of this license:
- Hamcrest (from http://hamcrest.org/JavaHamcrest/)
- Hamcrest Core (from http://hamcrest.org/)
- HdrHistogram (from http://hdrhistogram.github.io/HdrHistogram/)
- Jakarta Activation (from https://repo1.maven.org/maven2/com/sun/activation/jakarta.activation)
- Jakarta Activation API jar (from https://repo1.maven.org/maven2/jakarta/activation/jakarta.activation-api)
- Jakarta XML Binding API (from https://repo1.maven.org/maven2/jakarta/xml/bind/jakarta.xml.bind-api)
- Microsoft Application Insights Java SDK Core (from https://github.com/Microsoft/ApplicationInsights-Java)
...
...
@@ -888,7 +877,6 @@ The following software have components provided under the terms of this license:
- Azure Java Client Runtime for ARM (from https://github.com/Azure/autorest-clientruntime-for-java)
- Azure Java Client Runtime for AutoRest (from https://github.com/Azure/autorest-clientruntime-for-java)
- Azure Spring Boot AutoConfigure (from https://github.com/Azure/azure-sdk-for-java)
- Bouncy Castle Provider (from http://www.bouncycastle.org/java.html)
- Checker Qual (from https://checkerframework.org)
- Default Plexus Container (from https://repo1.maven.org/maven2/org/codehaus/plexus/plexus-container-default)
- Extensions on Apache Proton-J library (from https://github.com/Azure/qpid-proton-j-extensions)
...
...
@@ -956,7 +944,6 @@ PHP-3.01
========================================================================
The following software have components provided under the terms of this license:
- Jakarta Activation (from https://repo1.maven.org/maven2/com/sun/activation/jakarta.activation)
- Jakarta Activation API jar (from https://repo1.maven.org/maven2/jakarta/activation/jakarta.activation-api)
- Jakarta XML Binding API (from https://repo1.maven.org/maven2/jakarta/xml/bind/jakarta.xml.bind-api)
...
...
@@ -1007,15 +994,12 @@ The following software have components provided under the terms of this license:
- AWS SDK for Java - Models (from https://aws.amazon.com/sdkforjava)
- Asynchronous Http Client (from https://repo1.maven.org/maven2/org/asynchttpclient/async-http-client)
- Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs (from http://www.bouncycastle.org/java.html)
- Bouncy Castle Provider (from http://www.bouncycastle.org/java.html)
- Guava: Google Core Libraries for Java (from https://repo1.maven.org/maven2/com/google/guava/guava)
- HdrHistogram (from http://hdrhistogram.github.io/HdrHistogram/)
- JTidy (from http://jtidy.sourceforge.net)
- Joda-Time (from https://www.joda.org/joda-time/)
- Joda-Time (from https://www.joda.org/joda-time/)
- Joda-Time (from https://www.joda.org/joda-time/)
- Keycloak Common (from https://repo1.maven.org/maven2/org/keycloak/keycloak-common)
- LatencyUtils (from http://latencyutils.github.io/LatencyUtils/)
- Microsoft Application Insights Java SDK Core (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Azure SDK for EventGrid Management (from https://github.com/Azure/azure-sdk-for-java)
...
...
@@ -1035,8 +1019,6 @@ unknown
========================================================================
The following software have components provided under the terms of this license:
- Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs (from http://www.bouncycastle.org/java.html)
- Bouncy Castle Provider (from http://www.bouncycastle.org/java.html)
- Byte Buddy (without dependencies) (from https://repo1.maven.org/maven2/net/bytebuddy/byte-buddy)
- Checker Qual (from https://checkerframework.org)
- JSON in Java (from https://github.com/douglascrockford/JSON-java)
...
...
@@ -1048,7 +1030,6 @@ The following software have components provided under the terms of this license:
- JUnit Jupiter Params (from https://junit.org/junit5/)
- JUnit Platform Commons (from https://junit.org/junit5/)
- JUnit Platform Engine API (from https://junit.org/junit5/)
- Jakarta Activation (from https://repo1.maven.org/maven2/com/sun/activation/jakarta.activation)
- Jakarta Activation API jar (from https://repo1.maven.org/maven2/jakarta/activation/jakarta.activation-api)
- Jakarta XML Binding API (from https://repo1.maven.org/maven2/jakarta/xml/bind/jakarta.xml.bind-api)
- Spongy Castle (from http://rtyley.github.io/spongycastle/)
...
...
provider/partition-ibm/pom.xml
View file @
a7831c06
...
...
@@ -41,6 +41,10 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency> -->
<dependency>
<groupId>
org.springframework.boot
</groupId>
<artifactId>
spring-boot-starter-security
</artifactId>
</dependency>
<dependency>
<groupId>
org.springframework.security
</groupId>
<artifactId>
spring-security-oauth2-client
</artifactId>
...
...
@@ -112,11 +116,11 @@
<!-- Keycloak -->
<dependency>
<!--
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-spring-boot-starter</artifactId>
<version>${version.keycloak}</version>
</dependency>
</dependency>
-->
<!-- <dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-spring-boot-starter-security</artifactId>
...
...
provider/partition-ibm/src/main/java/org/opengroup/osdu/partition/provider/ibm/security/AuthorizationService.java
View file @
a7831c06
...
...
@@ -3,14 +3,13 @@
package
org.opengroup.osdu.partition.provider.ibm.security
;
import
org.keycloak.KeycloakPrincipal
;
import
org.keycloak.KeycloakSecurityContext
;
import
org.opengroup.osdu.core.common.model.http.AppException
;
import
org.opengroup.osdu.partition.provider.interfaces.IAuthorizationService
;
import
org.springframework.beans.factory.annotation.Value
;
import
org.springframework.http.HttpStatus
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.core.context.SecurityContextHolder
;
import
org.springframework.security.oauth2.jwt.Jwt
;
import
org.springframework.stereotype.Component
;
import
org.springframework.web.context.annotation.RequestScope
;
...
...
@@ -28,12 +27,14 @@ public class AuthorizationService implements IAuthorizationService {
@Override
public
boolean
isDomainAdminServiceAccount
()
{
try
{
final
Authentication
auth
=
SecurityContextHolder
.
getContext
().
getAuthentication
();
@SuppressWarnings
(
"unchecked"
)
KeycloakPrincipal
<
KeycloakSecurityContext
>
principal
=
(
KeycloakPrincipal
<
KeycloakSecurityContext
>)
auth
.
getPrincipal
();
String
upn
=
principal
.
getName
();
log
.
info
(
"email : "
+
upn
);
if
(
upn
.
equals
(
partitionAdminUser
))
{
final
Authentication
authentication
=
SecurityContextHolder
.
getContext
().
getAuthentication
();
Jwt
principal
=
(
Jwt
)
authentication
.
getPrincipal
();
String
memberEmail
=
principal
.
getClaimAsString
(
"email"
);
// @SuppressWarnings("unchecked")
// KeycloakPrincipal<KeycloakSecurityContext> principal = (KeycloakPrincipal<KeycloakSecurityContext>) auth.getPrincipal();
// String upn = principal.getName();
log
.
debug
(
"email : "
+
memberEmail
);
if
(
memberEmail
.
equals
(
partitionAdminUser
))
{
return
true
;
}
else
{
...
...
provider/partition-ibm/src/main/java/org/opengroup/osdu/partition/provider/ibm/security/KeycloakSecurityConfig.java
deleted
100644 → 0
View file @
023bc7d4
/* Licensed Materials - Property of IBM */
/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
package
org.opengroup.osdu.partition.provider.ibm.security
;
import
org.keycloak.adapters.KeycloakConfigResolver
;
import
org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver
;
import
org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider
;
import
org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.context.annotation.Bean
;
import
org.springframework.context.annotation.Configuration
;
import
org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder
;
import
org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
;
import
org.springframework.security.config.annotation.web.builders.HttpSecurity
;
import
org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
;
import
org.springframework.security.core.authority.mapping.SimpleAuthorityMapper
;
import
org.springframework.security.core.session.SessionRegistryImpl
;
import
org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy
;
import
org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy
;
import
org.springframework.security.web.authentication.session.SessionAuthenticationStrategy
;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity
(
prePostEnabled
=
true
,
jsr250Enabled
=
true
)
public
class
KeycloakSecurityConfig
extends
KeycloakWebSecurityConfigurerAdapter
{
@Override
protected
void
configure
(
HttpSecurity
http
)
throws
Exception
{
super
.
configure
(
http
);
http
.
authorizeRequests
()
.
anyRequest
().
authenticated
().
and
().
oauth2ResourceServer
().
jwt
();
/* .anyRequest()
.permitAll();*/
http
.
csrf
().
disable
();
http
.
headers
().
frameOptions
().
disable
();
}
@Autowired
public
void
configureGlobal
(
AuthenticationManagerBuilder
auth
)
throws
Exception
{
KeycloakAuthenticationProvider
keycloakAuthenticationProvider
=
keycloakAuthenticationProvider
();
keycloakAuthenticationProvider
.
setGrantedAuthoritiesMapper
(
new
SimpleAuthorityMapper
());
auth
.
authenticationProvider
(
keycloakAuthenticationProvider
);
}
@Bean
@Override
protected
SessionAuthenticationStrategy
sessionAuthenticationStrategy
()
{
return
new
NullAuthenticatedSessionStrategy
();
}
@Bean
public
KeycloakConfigResolver
KeycloakConfigResolver
()
{
return
new
KeycloakSpringBootConfigResolver
();
}
}
\ No newline at end of file
provider/partition-ibm/src/main/java/org/opengroup/osdu/partition/provider/ibm/security/SecurityConfig.java
0 → 100644
View file @
a7831c06
/* Licensed Materials - Property of IBM */
/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
package
org.opengroup.osdu.partition.provider.ibm.security
;
import
org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
;
import
org.springframework.security.config.annotation.web.builders.HttpSecurity
;
import
org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
;
import
org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
;
@EnableWebSecurity
@EnableGlobalMethodSecurity
(
prePostEnabled
=
true
)
public
class
SecurityConfig
extends
WebSecurityConfigurerAdapter
{
@Override
protected
void
configure
(
HttpSecurity
http
)
throws
Exception
{
http
.
httpBasic
().
disable
()
.
csrf
().
disable
().
authorizeRequests
().
anyRequest
()
.
authenticated
().
and
().
oauth2ResourceServer
().
jwt
();
}
}
testing/partition-test-ibm/src/test/java/org/opengroup/osdu/partition/api/TestCreatePartition.java
View file @
a7831c06
...
...
@@ -3,15 +3,10 @@
package
org.opengroup.osdu.partition.api
;
import
static
org
.
junit
.
Assert
.
assertEquals
;
import
org.junit.After
;
import
org.junit.Before
;
import
org.junit.Test
;
import
org.opengroup.osdu.partition.util.IBMTestUtils
;
import
com.sun.jersey.api.client.ClientResponse
;
public
class
TestCreatePartition
extends
CreatePartitionTest
{
@Before
...
...
@@ -25,23 +20,6 @@ public class TestCreatePartition extends CreatePartitionTest {
public
void
tearDown
()
{
this
.
testUtils
=
null
;
}
@Test
@Override
public
void
should_return401_when_noAccessToken
()
throws
Exception
{
// Springboot Keycloak gives 403 when token does not have required roles
ClientResponse
response
=
descriptor
.
runOnCustomerTenant
(
getId
(),
testUtils
.
getNoAccessToken
());
assertEquals
(
error
(
response
.
getEntity
(
String
.
class
)),
403
,
response
.
getStatus
());
}
@Test
@Override
public
void
should_return401_when_accessingWithCredentialsWithoutPermission
()
throws
Exception
{
// Partition-ibm service does not required partition id
// Here, no access token used hence checking with 403 response code in assertion statement
ClientResponse
response
=
descriptor
.
run
(
getId
(),
testUtils
.
getNoAccessToken
());
assertEquals
(
403
,
response
.
getStatus
());
}
}
testing/partition-test-ibm/src/test/java/org/opengroup/osdu/partition/api/TestDeletePartition.java
View file @
a7831c06
...
...
@@ -3,15 +3,10 @@
package
org.opengroup.osdu.partition.api
;
import
static
org
.
junit
.
Assert
.
assertEquals
;
import
org.junit.After
;
import
org.junit.Before
;
import
org.junit.Test
;
import
org.opengroup.osdu.partition.util.IBMTestUtils
;
import
com.sun.jersey.api.client.ClientResponse
;
public
class
TestDeletePartition
extends
DeletePartitionTest
{
@Before
...
...
@@ -26,20 +21,4 @@ public class TestDeletePartition extends DeletePartitionTest {
this
.
testUtils
=
null
;
}
@Test
@Override
public
void
should_return401_when_noAccessToken
()
throws
Exception
{
// Springboot Keycloak gives 403 when token does not have required roles
ClientResponse
response
=
descriptor
.
runOnCustomerTenant
(
getId
(),
testUtils
.
getNoAccessToken
());
assertEquals
(
error
(
response
.
getEntity
(
String
.
class
)),
403
,
response
.
getStatus
());
}
@Test
@Override
public
void
should_return401_when_accessingWithCredentialsWithoutPermission
()
throws
Exception
{
// Partition-ibm service does not required partition id
// Here, no access token used hence checking with 403 response code in assertion statement
ClientResponse
response
=
descriptor
.
run
(
getId
(),
testUtils
.
getNoAccessToken
());
assertEquals
(
403
,
response
.
getStatus
());
}
}
testing/partition-test-ibm/src/test/java/org/opengroup/osdu/partition/api/TestGetPartitionById.java
View file @
a7831c06
...
...
@@ -25,20 +25,5 @@ public class TestGetPartitionById extends GetPartitionByIdApitTest {
public
void
tearDown
()
{
this
.
testUtils
=
null
;
}
@Test
@Override
public
void
should_return401_when_noAccessToken
()
throws
Exception
{
// Springboot Keycloak gives 403 when token does not have required roles
ClientResponse
response
=
descriptor
.
runOnCustomerTenant
(
getId
(),
testUtils
.
getNoAccessToken
());
assertEquals
(
error
(
response
.
getEntity
(
String
.
class
)),
403
,
response
.
getStatus
());
}
@Test
@Override
public
void
should_return401_when_accessingWithCredentialsWithoutPermission
()
throws
Exception
{
// Partition-ibm service does not required partition id
// Here, no access token used hence checking with 403 response code in assertion statement
ClientResponse
response
=
descriptor
.
run
(
getId
(),
testUtils
.
getNoAccessToken
());
assertEquals
(
403
,
response
.
getStatus
());
}
}
testing/partition-test-ibm/src/test/java/org/opengroup/osdu/partition/api/TestListPartitions.java
View file @
a7831c06
...
...
@@ -3,15 +3,10 @@
package
org.opengroup.osdu.partition.api
;
import
static
org
.
junit
.
Assert
.
assertEquals
;
import
org.junit.After
;
import
org.junit.Before
;
import
org.junit.Test
;
import
org.opengroup.osdu.partition.util.IBMTestUtils
;
import
com.sun.jersey.api.client.ClientResponse
;
public
class
TestListPartitions
extends
ListPartitionsApitTest
{
@Before
...
...
@@ -25,20 +20,5 @@ public class TestListPartitions extends ListPartitionsApitTest {
public
void
tearDown
()
{
this
.
testUtils
=
null
;
}
@Test
@Override
public
void
should_return401_when_noAccessToken
()
throws
Exception
{
// Springboot Keycloak gives 403 when token does not have required roles
ClientResponse
response
=
descriptor
.
runOnCustomerTenant
(
getId
(),
testUtils
.
getNoAccessToken
());
assertEquals
(
error
(
response
.
getEntity
(
String
.
class
)),
403
,
response
.
getStatus
());
}
@Test
@Override
public
void
should_return401_when_accessingWithCredentialsWithoutPermission
()
throws
Exception
{
// Partition-ibm service does not required partition id
// Here, no access token used hence checking with 403 response code in assertion statement
ClientResponse
response
=
descriptor
.
run
(
getId
(),
testUtils
.
getNoAccessToken
());
assertEquals
(
403
,
response
.
getStatus
());
}
}
testing/partition-test-ibm/src/test/java/org/opengroup/osdu/partition/api/TestUpdatePartition.java
View file @
a7831c06
...
...
@@ -25,20 +25,5 @@ public class TestUpdatePartition extends UpdatePartitionTest {
public
void
tearDown
()
{
this
.
testUtils
=
null
;
}
@Test
@Override
public
void
should_return401_when_noAccessToken
()
throws
Exception
{
// Springboot Keycloak gives 403 when token does not have required roles
ClientResponse
response
=
descriptor
.
runOnCustomerTenant
(
getId
(),
testUtils
.
getNoAccessToken
());
assertEquals
(
error
(
response
.
getEntity
(
String
.
class
)),
403
,
response
.
getStatus
());
}
@Test
@Override
public
void
should_return401_when_accessingWithCredentialsWithoutPermission
()
throws
Exception
{
// Partition-ibm service does not required partition id
// Here, no access token used hence checking with 403 response code in assertion statement
ClientResponse
response
=
descriptor
.
run
(
getId
(),
testUtils
.
getNoAccessToken
());
assertEquals
(
403
,
response
.
getStatus
());
}
}
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment