F1 (Java) Story 05: Implement Service Security using Spring Security

Description

Implement security for the service, considering that the service's only interface is a REST API. Use the Spring Security module and align with the best examples from the existing OSDU core services like Storage. Implement an Authorization Filter using Spring Security to authorize requests. This filter should take the API requestor's OAuth2 bearer token and the "data-partition-id" from the REST request headers. The token should be validated against the IdP (we assume AWS, but will leave spaces for future CSPs). Further, the filter will communicate with the OSDU Entitlements service to get user roles and authorize the request.

Acceptance Criteria

• Spring Security module is set up effectively in the service.
• Authorization Filter has been implemented and is efficiently validating requestor token against the AWS IdP. (Moved to MVP2)
• Authorization Filter successfully communicates with the Entitlements service to check user roles.
• The filter correctly grants or rejects access based on user roles, including sending meaningful error messages when access is denied.

Testing Scenarios

• Validate the successful setup and functioning of Spring Security module.
• Test the Authorization Filter's token validation process by sending requests with varying tokens (both valid and invalid).
• Verify the communication of Authorization Filter with the Entitlements service and the correctness of its subsequent authorization decisions, considering positive and negative cases.

Technical Notes

• Use Spring Security documentation as a guide to setting up the module and configuring the Authorization Filter.
• Implement the filter so that it can be easily extended to other CSPs as needed in the future.
• For error messages, ensure best practices for security and user experience are followed.
• Use "os-core-common" and "os-core-lib-aws" libraries in line with how other OSDU core services use them to reduce boilerplate in the pipeline scripts.