Commit a7831c06 authored by Bhushan Rade's avatar Bhushan Rade Committed by Anuj Gupta
Browse files

Ibm kc removed

parent 023bc7d4
......@@ -410,15 +410,6 @@ The following software have components provided under the terms of this license:
- KeePassJava2 :: KDB (from https://repo1.maven.org/maven2/org/linguafranca/pwdb/KeePassJava2-kdb)
- KeePassJava2 :: KDBX (from https://repo1.maven.org/maven2/org/linguafranca/pwdb/KeePassJava2-kdbx)
- KeePassJava2 :: Simple (from https://repo1.maven.org/maven2/org/linguafranca/pwdb/KeePassJava2-simple)
- KeyCloak Authz: Client API (from https://repo1.maven.org/maven2/org/keycloak/keycloak-authz-client)
- Keycloak :: Spring :: Boot :: Default :: Starter (from https://repo1.maven.org/maven2/org/keycloak/keycloak-spring-boot-starter)
- Keycloak Adapter Core (from https://repo1.maven.org/maven2/org/keycloak/keycloak-adapter-core)
- Keycloak Adapter SPI (from https://repo1.maven.org/maven2/org/keycloak/keycloak-adapter-spi)
- Keycloak Common (from https://repo1.maven.org/maven2/org/keycloak/keycloak-common)
- Keycloak Core (from https://repo1.maven.org/maven2/org/keycloak/keycloak-core)
- Keycloak Spring Boot 2 Integration (from https://repo1.maven.org/maven2/org/keycloak/keycloak-spring-boot-2-adapter)
- Keycloak Spring Boot Adapter Core (from https://repo1.maven.org/maven2/org/keycloak/keycloak-spring-boot-adapter-core)
- Keycloak Spring Security Integration (from https://repo1.maven.org/maven2/org/keycloak/keycloak-spring-security-adapter)
- Kotlin Stdlib (from https://kotlinlang.org/)
- Kotlin Stdlib Common (from https://kotlinlang.org/)
- Logback Contrib :: JSON :: Classic (from https://repo1.maven.org/maven2/ch/qos/logback/contrib/logback-json-classic)
......@@ -580,7 +571,6 @@ The following software have components provided under the terms of this license:
- spring-boot-actuator (from https://spring.io/projects/spring-boot)
- spring-boot-actuator-autoconfigure (from https://spring.io/projects/spring-boot)
- spring-boot-autoconfigure (from https://spring.io/projects/spring-boot)
- spring-boot-container-bundle (from https://repo1.maven.org/maven2/org/keycloak/spring-boot-container-bundle)
- spring-boot-dependencies (from https://spring.io/projects/spring-boot)
- spring-boot-starter (from https://spring.io/projects/spring-boot)
- spring-boot-starter-actuator (from https://spring.io/projects/spring-boot)
......@@ -656,7 +646,6 @@ The following software have components provided under the terms of this license:
- Hamcrest (from http://hamcrest.org/JavaHamcrest/)
- Hamcrest Core (from http://hamcrest.org/)
- HdrHistogram (from http://hdrhistogram.github.io/HdrHistogram/)
- Jakarta Activation (from https://repo1.maven.org/maven2/com/sun/activation/jakarta.activation)
- Jakarta Activation API jar (from https://repo1.maven.org/maven2/jakarta/activation/jakarta.activation-api)
- Jakarta XML Binding API (from https://repo1.maven.org/maven2/jakarta/xml/bind/jakarta.xml.bind-api)
- Microsoft Application Insights Java SDK Core (from https://github.com/Microsoft/ApplicationInsights-Java)
......@@ -888,7 +877,6 @@ The following software have components provided under the terms of this license:
- Azure Java Client Runtime for ARM (from https://github.com/Azure/autorest-clientruntime-for-java)
- Azure Java Client Runtime for AutoRest (from https://github.com/Azure/autorest-clientruntime-for-java)
- Azure Spring Boot AutoConfigure (from https://github.com/Azure/azure-sdk-for-java)
- Bouncy Castle Provider (from http://www.bouncycastle.org/java.html)
- Checker Qual (from https://checkerframework.org)
- Default Plexus Container (from https://repo1.maven.org/maven2/org/codehaus/plexus/plexus-container-default)
- Extensions on Apache Proton-J library (from https://github.com/Azure/qpid-proton-j-extensions)
......@@ -956,7 +944,6 @@ PHP-3.01
========================================================================
The following software have components provided under the terms of this license:
- Jakarta Activation (from https://repo1.maven.org/maven2/com/sun/activation/jakarta.activation)
- Jakarta Activation API jar (from https://repo1.maven.org/maven2/jakarta/activation/jakarta.activation-api)
- Jakarta XML Binding API (from https://repo1.maven.org/maven2/jakarta/xml/bind/jakarta.xml.bind-api)
......@@ -1007,15 +994,12 @@ The following software have components provided under the terms of this license:
- AWS SDK for Java - Models (from https://aws.amazon.com/sdkforjava)
- Asynchronous Http Client (from https://repo1.maven.org/maven2/org/asynchttpclient/async-http-client)
- Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs (from http://www.bouncycastle.org/java.html)
- Bouncy Castle Provider (from http://www.bouncycastle.org/java.html)
- Guava: Google Core Libraries for Java (from https://repo1.maven.org/maven2/com/google/guava/guava)
- HdrHistogram (from http://hdrhistogram.github.io/HdrHistogram/)
- JTidy (from http://jtidy.sourceforge.net)
- Joda-Time (from https://www.joda.org/joda-time/)
- Joda-Time (from https://www.joda.org/joda-time/)
- Joda-Time (from https://www.joda.org/joda-time/)
- Keycloak Common (from https://repo1.maven.org/maven2/org/keycloak/keycloak-common)
- LatencyUtils (from http://latencyutils.github.io/LatencyUtils/)
- Microsoft Application Insights Java SDK Core (from https://github.com/Microsoft/ApplicationInsights-Java)
- Microsoft Azure SDK for EventGrid Management (from https://github.com/Azure/azure-sdk-for-java)
......@@ -1035,8 +1019,6 @@ unknown
========================================================================
The following software have components provided under the terms of this license:
- Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs (from http://www.bouncycastle.org/java.html)
- Bouncy Castle Provider (from http://www.bouncycastle.org/java.html)
- Byte Buddy (without dependencies) (from https://repo1.maven.org/maven2/net/bytebuddy/byte-buddy)
- Checker Qual (from https://checkerframework.org)
- JSON in Java (from https://github.com/douglascrockford/JSON-java)
......@@ -1048,7 +1030,6 @@ The following software have components provided under the terms of this license:
- JUnit Jupiter Params (from https://junit.org/junit5/)
- JUnit Platform Commons (from https://junit.org/junit5/)
- JUnit Platform Engine API (from https://junit.org/junit5/)
- Jakarta Activation (from https://repo1.maven.org/maven2/com/sun/activation/jakarta.activation)
- Jakarta Activation API jar (from https://repo1.maven.org/maven2/jakarta/activation/jakarta.activation-api)
- Jakarta XML Binding API (from https://repo1.maven.org/maven2/jakarta/xml/bind/jakarta.xml.bind-api)
- Spongy Castle (from http://rtyley.github.io/spongycastle/)
......
......@@ -41,6 +41,10 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency> -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-client</artifactId>
......@@ -112,11 +116,11 @@
<!-- Keycloak -->
<dependency>
<!-- <dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-spring-boot-starter</artifactId>
<version>${version.keycloak}</version>
</dependency>
</dependency> -->
<!-- <dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-spring-boot-starter-security</artifactId>
......
......@@ -3,14 +3,13 @@
package org.opengroup.osdu.partition.provider.ibm.security;
import org.keycloak.KeycloakPrincipal;
import org.keycloak.KeycloakSecurityContext;
import org.opengroup.osdu.core.common.model.http.AppException;
import org.opengroup.osdu.partition.provider.interfaces.IAuthorizationService;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.stereotype.Component;
import org.springframework.web.context.annotation.RequestScope;
......@@ -28,12 +27,14 @@ public class AuthorizationService implements IAuthorizationService {
@Override
public boolean isDomainAdminServiceAccount() {
try {
final Authentication auth = SecurityContextHolder.getContext().getAuthentication();
@SuppressWarnings("unchecked")
KeycloakPrincipal<KeycloakSecurityContext> principal = (KeycloakPrincipal<KeycloakSecurityContext>) auth.getPrincipal();
String upn = principal.getName();
log.info("email : "+upn);
if(upn.equals(partitionAdminUser)) {
final Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
Jwt principal = (Jwt) authentication.getPrincipal();
String memberEmail = principal.getClaimAsString("email");
// @SuppressWarnings("unchecked")
// KeycloakPrincipal<KeycloakSecurityContext> principal = (KeycloakPrincipal<KeycloakSecurityContext>) auth.getPrincipal();
// String upn = principal.getName();
log.debug("email : "+memberEmail);
if(memberEmail.equals(partitionAdminUser)) {
return true;
}
else {
......
/* Licensed Materials - Property of IBM */
/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
package org.opengroup.osdu.partition.provider.ibm.security;
import org.keycloak.adapters.KeycloakConfigResolver;
import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy;
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true)
public class KeycloakSecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.authorizeRequests()
.anyRequest().authenticated().and().oauth2ResourceServer().jwt();
/* .anyRequest()
.permitAll();*/
http.csrf().disable();
http.headers().frameOptions().disable();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
KeycloakAuthenticationProvider keycloakAuthenticationProvider = keycloakAuthenticationProvider();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper());
auth.authenticationProvider(keycloakAuthenticationProvider);
}
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new NullAuthenticatedSessionStrategy();
}
@Bean
public KeycloakConfigResolver KeycloakConfigResolver() {
return new KeycloakSpringBootConfigResolver();
}
}
\ No newline at end of file
/* Licensed Materials - Property of IBM */
/* (c) Copyright IBM Corp. 2020. All Rights Reserved.*/
package org.opengroup.osdu.partition.provider.ibm.security;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().disable()
.csrf().disable().authorizeRequests().anyRequest()
.authenticated().and().oauth2ResourceServer().jwt();
}
}
......@@ -3,15 +3,10 @@
package org.opengroup.osdu.partition.api;
import static org.junit.Assert.assertEquals;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.opengroup.osdu.partition.util.IBMTestUtils;
import com.sun.jersey.api.client.ClientResponse;
public class TestCreatePartition extends CreatePartitionTest {
@Before
......@@ -25,23 +20,6 @@ public class TestCreatePartition extends CreatePartitionTest {
public void tearDown() {
this.testUtils = null;
}
@Test
@Override
public void should_return401_when_noAccessToken() throws Exception {
// Springboot Keycloak gives 403 when token does not have required roles
ClientResponse response = descriptor.runOnCustomerTenant(getId(), testUtils.getNoAccessToken());
assertEquals(error(response.getEntity(String.class)), 403, response.getStatus());
}
@Test
@Override
public void should_return401_when_accessingWithCredentialsWithoutPermission() throws Exception {
// Partition-ibm service does not required partition id
// Here, no access token used hence checking with 403 response code in assertion statement
ClientResponse response = descriptor.run(getId(), testUtils.getNoAccessToken());
assertEquals(403, response.getStatus());
}
}
......@@ -3,15 +3,10 @@
package org.opengroup.osdu.partition.api;
import static org.junit.Assert.assertEquals;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.opengroup.osdu.partition.util.IBMTestUtils;
import com.sun.jersey.api.client.ClientResponse;
public class TestDeletePartition extends DeletePartitionTest {
@Before
......@@ -26,20 +21,4 @@ public class TestDeletePartition extends DeletePartitionTest {
this.testUtils = null;
}
@Test
@Override
public void should_return401_when_noAccessToken() throws Exception {
// Springboot Keycloak gives 403 when token does not have required roles
ClientResponse response = descriptor.runOnCustomerTenant(getId(), testUtils.getNoAccessToken());
assertEquals(error(response.getEntity(String.class)), 403, response.getStatus());
}
@Test
@Override
public void should_return401_when_accessingWithCredentialsWithoutPermission() throws Exception {
// Partition-ibm service does not required partition id
// Here, no access token used hence checking with 403 response code in assertion statement
ClientResponse response = descriptor.run(getId(), testUtils.getNoAccessToken());
assertEquals(403, response.getStatus());
}
}
......@@ -25,20 +25,5 @@ public class TestGetPartitionById extends GetPartitionByIdApitTest {
public void tearDown() {
this.testUtils = null;
}
@Test
@Override
public void should_return401_when_noAccessToken() throws Exception {
// Springboot Keycloak gives 403 when token does not have required roles
ClientResponse response = descriptor.runOnCustomerTenant(getId(), testUtils.getNoAccessToken());
assertEquals(error(response.getEntity(String.class)), 403, response.getStatus());
}
@Test
@Override
public void should_return401_when_accessingWithCredentialsWithoutPermission() throws Exception {
// Partition-ibm service does not required partition id
// Here, no access token used hence checking with 403 response code in assertion statement
ClientResponse response = descriptor.run(getId(), testUtils.getNoAccessToken());
assertEquals(403, response.getStatus());
}
}
......@@ -3,15 +3,10 @@
package org.opengroup.osdu.partition.api;
import static org.junit.Assert.assertEquals;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.opengroup.osdu.partition.util.IBMTestUtils;
import com.sun.jersey.api.client.ClientResponse;
public class TestListPartitions extends ListPartitionsApitTest {
@Before
......@@ -25,20 +20,5 @@ public class TestListPartitions extends ListPartitionsApitTest {
public void tearDown() {
this.testUtils = null;
}
@Test
@Override
public void should_return401_when_noAccessToken() throws Exception {
// Springboot Keycloak gives 403 when token does not have required roles
ClientResponse response = descriptor.runOnCustomerTenant(getId(), testUtils.getNoAccessToken());
assertEquals(error(response.getEntity(String.class)), 403, response.getStatus());
}
@Test
@Override
public void should_return401_when_accessingWithCredentialsWithoutPermission() throws Exception {
// Partition-ibm service does not required partition id
// Here, no access token used hence checking with 403 response code in assertion statement
ClientResponse response = descriptor.run(getId(), testUtils.getNoAccessToken());
assertEquals(403, response.getStatus());
}
}
......@@ -25,20 +25,5 @@ public class TestUpdatePartition extends UpdatePartitionTest {
public void tearDown() {
this.testUtils = null;
}
@Test
@Override
public void should_return401_when_noAccessToken() throws Exception {
// Springboot Keycloak gives 403 when token does not have required roles
ClientResponse response = descriptor.runOnCustomerTenant(getId(), testUtils.getNoAccessToken());
assertEquals(error(response.getEntity(String.class)), 403, response.getStatus());
}
@Test
@Override
public void should_return401_when_accessingWithCredentialsWithoutPermission() throws Exception {
// Partition-ibm service does not required partition id
// Here, no access token used hence checking with 403 response code in assertion statement
ClientResponse response = descriptor.run(getId(), testUtils.getNoAccessToken());
assertEquals(403, response.getStatus());
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment