Commit 5d7b1a8f authored by Kiran Veerapaneni's avatar Kiran Veerapaneni Committed by Hema Vishnu Pola [Microsoft]
Browse files

Disabling AAD auth in search service

parent 9db43086
......@@ -237,6 +237,7 @@ The following software have components provided under the terms of this license:
- Spring Context Support (from https://github.com/spring-projects/spring-framework)
- Spring Core (from https://github.com/spring-projects/spring-framework)
- Spring Data Core (from )
- Spring Data Core (from )
- Spring Data KeyValue (from )
- Spring Data Redis (from )
- Spring Expression Language (SpEL) (from https://github.com/spring-projects/spring-framework)
......@@ -368,6 +369,7 @@ The following software have components provided under the terms of this license:
- Lucene Common Analyzers (from )
- Lucene Common Analyzers (from )
- StAX (from http://stax.codehaus.org/)
- Stax2 API (from http://github.com/FasterXML/stax2-api)
- jersey-ext-bean-validation (from )
- jersey-spring4 (from )
......@@ -742,9 +744,9 @@ The following software have components provided under the terms of this license:
- Microsoft Azure client library for KeyVault Secrets (from https://github.com/Azure/azure-sdk-for-java)
- Microsoft Azure common module for Storage (from https://github.com/Azure/azure-sdk-for-java)
- Mockito (from http://www.mockito.org)
- Mockito (from http://www.mockito.org)
- Mockito (from http://mockito.org)
- Mockito (from http://mockito.org)
- Mockito (from http://www.mockito.org)
- Netty/Codec/HTTP (from )
- Netty/Common (from )
- Project Lombok (from https://projectlombok.org)
......@@ -752,6 +754,7 @@ The following software have components provided under the terms of this license:
- Spring Data for Azure Cosmos DB SQL API (from https://github.com/Microsoft/spring-data-cosmosdb)
- adal4j (from https://github.com/AzureAD/azure-activedirectory-library-for-java)
- azure-documentdb (from https://azure.microsoft.com/en-us/services/cosmos-db/)
- micrometer-core (from https://github.com/micrometer-metrics/micrometer)
- msal4j (from https://github.com/AzureAD/microsoft-authentication-library-for-java)
- spring-security-core (from http://spring.io/spring-security)
......@@ -779,7 +782,6 @@ The following software have components provided under the terms of this license:
- jersey-core-common (from )
- jersey-core-server (from git://java.net/jersey~code/jersey-server)
- jts-core (from )
- reactive-streams (from http://www.reactive-streams.org/)
========================================================================
SPL-1.0
......@@ -815,6 +817,7 @@ The following software have components provided under the terms of this license:
- RESTEasy JAX-RS Implementation (from )
- Spring Security JWT Library (from http://github.com/spring-projects/spring-security-oauth)
- Spring Web (from https://github.com/spring-projects/spring-framework)
- reactive-streams (from http://www.reactive-streams.org/)
========================================================================
unknown
......
......@@ -118,3 +118,5 @@ spec:
value: "60"
- name: search_service_spring_logging_level
value: debug
- name: azure_istioauth_enabled
value: "true"
......@@ -58,7 +58,7 @@ az keyvault secret show --vault-name $KEY_VAULT_NAME --name $KEY_VAULT_SECRET_NA
| `AZURE_CLIENT_SECRET` | `********` | Secret for `$AZURE_CLIENT_ID` | yes | keyvault secret: `$KEYVAULT_URI/secrets/app-dev-sp-password` |
| `azure.application-insights.instrumentation-key` | `********` | API Key for App Insights | yes | output of infrastructure deployment |
| `appinsights_key` | `********` | API Key for App Insights | yes | output of infrastructure deployment |
| `azure_istioauth_enabled` | `true` | Flag to Disable AAD auth | no | -- |
**Required to run integration tests**
......
......@@ -16,6 +16,7 @@ package org.opengroup.osdu.search.provider.azure.security;
import com.microsoft.azure.spring.autoconfigure.aad.AADAppRoleStatelessAuthenticationFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
......@@ -25,6 +26,7 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@ConditionalOnProperty(value = "azure.istio.auth.enabled", havingValue = "false", matchIfMissing = false)
public class AADSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private AADAppRoleStatelessAuthenticationFilter appRoleAuthFilter;
......
// Copyright © Microsoft Corporation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package org.opengroup.osdu.search.provider.azure.security;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
@ConditionalOnProperty(value = "azure.istio.auth.enabled", havingValue = "true", matchIfMissing = true)
public class AzureIstioSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic().disable()
.csrf().disable(); //AuthN is disabled. AuthN is handled by sidecar proxy
}
}
......@@ -29,10 +29,14 @@ azure.cosmosdb.uri=${cosmosdb_account}
azure.cosmosdb.key=${cosmosdb_key}
azure.cosmosdb.database=${cosmosdb_database}
# Azure AD configuration
azure.activedirectory.client-id=${aad_client_id}
azure.activedirectory.AppIdUri=api://${aad_client_id}
azure.activedirectory.session-stateless=true
# Azure AD configuration, commented below settings to disable AAD AuthN ,
#Uncomment it In the Istio AUTHN disabled Scenario
#azure.activedirectory.client-id=${aad_client_id}
#azure.activedirectory.AppIdUri=api://${aad_client_id}
#azure.activedirectory.session-stateless=true
# Istio Auth Enabled
azure.istio.auth.enabled=${azure_istioauth_enabled}
# Azure KeyVault configuration
azure.keyvault.url=${KEYVAULT_URI}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment