From ae9460e7f64441b616650b9043d6e5b161d1a8ab Mon Sep 17 00:00:00 2001 From: Jan-Lucas Schwoerer Date: Sat, 4 Dec 2021 15:07:43 +0100 Subject: [PATCH 1/9] Add Spring Security OAuth2 Client depedency --- pom.xml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pom.xml b/pom.xml index 6f9ca4b..a38afa2 100644 --- a/pom.xml +++ b/pom.xml @@ -102,6 +102,10 @@ org.springframework.boot spring-boot-starter-logging + + org.springframework.boot + spring-boot-starter-oauth2-client + org.springframework.boot spring-boot-starter-test From c14c6daddf2f6b9b81aa0df03351a34c0f311cd2 Mon Sep 17 00:00:00 2001 From: Jan-Lucas Schwoerer Date: Sat, 4 Dec 2021 16:31:25 +0100 Subject: [PATCH 2/9] Add Spring Security OAuth2 config params --- src/main/resources/application-cloud.yml | 13 ++++++++++++- src/main/resources/application.yml | 12 ++++++++++++ src/test/resources/application.yml | 11 +++++++++++ 3 files changed, 35 insertions(+), 1 deletion(-) diff --git a/src/main/resources/application-cloud.yml b/src/main/resources/application-cloud.yml index 168e0e3..106b4fa 100644 --- a/src/main/resources/application-cloud.yml +++ b/src/main/resources/application-cloud.yml @@ -1,4 +1,15 @@ +spring: + security: + oauth2: + client: + provider: + dzhw: + issuer-uri: ${DZHW_ISSUER_URI} + registration: + dzhw: + client-id: ${DZHW_CLIENT_ID} + client-secret: ${DZHW_CLIENT_SECRET} mdm: endpoint: ${vcap.services.mdm.credentials.endpoint} username: ${vcap.services.mdm.credentials.username} - password: ${vcap.services.mdm.credentials.password} \ No newline at end of file + password: ${vcap.services.mdm.credentials.password} diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 8e2b880..7fe2891 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -1,8 +1,20 @@ +spring: + security: + oauth2: + client: + provider: + dzhw: + issuer-uri: ${DZHW_ISSUER_URI} + registration: + dzhw: + client-id: ${DZHW_CLIENT_ID} + client-secret: ${DZHW_CLIENT_SECRET} task: latex-input-dir: /app/doc latex-process-working-dir: /app/doc pdf-report: /app/doc/Main.pdf latex-process-command: make + mdm: endpoint: http://localhost:8080 username: aerjaeklrj diff --git a/src/test/resources/application.yml b/src/test/resources/application.yml index 5189011..0dbab2c 100644 --- a/src/test/resources/application.yml +++ b/src/test/resources/application.yml @@ -1,3 +1,14 @@ +spring: + security: + oauth2: + client: + provider: + dzhw: + issuer-uri: ${DZHW_ISSUER_URI} + registration: + dzhw: + client-id: ${DZHW_CLIENT_ID} + client-secret: ${DZHW_CLIENT_SECRET} task: latex-input-dir: target/test-classes/doc latex-process-working-dir: . From ef1432fa6eccaae565a9c13d68afa121af8caeed Mon Sep 17 00:00:00 2001 From: Jan-Lucas Schwoerer Date: Sat, 4 Dec 2021 16:54:32 +0100 Subject: [PATCH 3/9] Create all config related to OAuth2 client --- .../oauth2/client/OAuth2ClientConfig.java | 114 ++++++++++++++++++ 1 file changed, 114 insertions(+) create mode 100644 src/main/java/eu/dzhw/fdz/metadatamanagement/tasks/reporttask/config/oauth2/client/OAuth2ClientConfig.java diff --git a/src/main/java/eu/dzhw/fdz/metadatamanagement/tasks/reporttask/config/oauth2/client/OAuth2ClientConfig.java b/src/main/java/eu/dzhw/fdz/metadatamanagement/tasks/reporttask/config/oauth2/client/OAuth2ClientConfig.java new file mode 100644 index 0000000..b0da5c0 --- /dev/null +++ b/src/main/java/eu/dzhw/fdz/metadatamanagement/tasks/reporttask/config/oauth2/client/OAuth2ClientConfig.java @@ -0,0 +1,114 @@ +package eu.dzhw.fdz.metadatamanagement.tasks.reporttask.config.oauth2.client; + +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager; +import org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService; +import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProvider; +import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder; +import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService; +import org.springframework.security.oauth2.client.registration.ClientRegistration; +import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; +import org.springframework.security.oauth2.client.registration.ClientRegistrations; +import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository; +import org.springframework.security.oauth2.core.AuthorizationGrantType; + +/** + * Configure and create all beans related to Spring Security OAuth2 Client logic. + */ +@Configuration +public class OAuth2ClientConfig { + + /** + * The client registration which will be used to attempt to connect to the identity provider + * to get an access token. + * + * @param issuerUri The URI of the identity provider (if necessary, with an additional path) + * @param clientId The ID of the Client which will try to authenticate and authorize against + * the identity provider + * @param clientSecret The secret of the Client which will try to authenticate and authorize + * against the identity provider + * @return All information necessary for Spring Security to attempt to authenticate and authorize + * a user against the identity provider + */ + @Bean + public ClientRegistration dzhwClientRegistration( + @Value("${spring.security.oauth2.client.provider.dzhw.issuer-uri}") + final String issuerUri, + @Value("${spring.security.oauth2.client.registration.dzhw.client-id}") + final String clientId, + @Value("${spring.security.oauth2.client.registration.dzhw.client-secret}") + final String clientSecret + ) { + return ClientRegistrations + .fromIssuerLocation(issuerUri) + .registrationId("dzhw") + .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS) + .clientId(clientId) + .clientSecret(clientSecret) + .build(); + } + + /** + * A Repository which stores the information needed to authenticate and authorize a client + * against the identity provider. + * + * NOTE: Normally this would be added by Spring Boot, but since report-task does not have + * a servlet this needs to be added manually. + * + * @param dzhwClientRegistration information about a client registration + * @return a repository which stores client registration info + */ + @Bean + public ClientRegistrationRepository clientRegistrationRepository( + ClientRegistration dzhwClientRegistration + ) { + return new InMemoryClientRegistrationRepository(dzhwClientRegistration); + } + + /** + * A Service which manages OAuth2 authorized clients. + * + * NOTE: Normally this would be added by Spring Boot, but since report-task does not have + * a servlet this needs to be added manually. + * + * @param clientRegistrationRepository the repository which stores client registration info + * @return the service which will handle managing OAuth2 authorized client(s). + */ + @Bean + public OAuth2AuthorizedClientService authorizedClientService( + ClientRegistrationRepository clientRegistrationRepository + ) { + return new InMemoryOAuth2AuthorizedClientService(clientRegistrationRepository); + } + + /** + * The OAuth2 Client manager which handles the authentication and authorization attempts + * of a client using stored client registration info. + * + * @param clientRegistrationRepository the repository which stores client registration info + * @param authorizedClientService the service which manages Oauth2 authorized clients + * @return a manager which attempts to use the client registration info to authenticate and/or + * authorize an Oauth2 client. + */ + @Bean + public AuthorizedClientServiceOAuth2AuthorizedClientManager authorizedClientManager( + ClientRegistrationRepository clientRegistrationRepository, + OAuth2AuthorizedClientService authorizedClientService + ) { + OAuth2AuthorizedClientProvider authorizedClientProvider = + OAuth2AuthorizedClientProviderBuilder.builder() + .clientCredentials() + .build(); + + AuthorizedClientServiceOAuth2AuthorizedClientManager authorizedClientManager = + new AuthorizedClientServiceOAuth2AuthorizedClientManager( + clientRegistrationRepository, + authorizedClientService + ); + authorizedClientManager.setAuthorizedClientProvider(authorizedClientProvider); + + return authorizedClientManager; + } +} From 2ebc5f7708fcc9c17d78b1a8e292180751025650 Mon Sep 17 00:00:00 2001 From: Jan-Lucas Schwoerer Date: Sat, 4 Dec 2021 17:51:11 +0100 Subject: [PATCH 4/9] Replace Basic with Bearer Authorization Header --- .../tasks/reporttask/mdm/MdmRestClient.java | 34 +++++++++++++++++-- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/src/main/java/eu/dzhw/fdz/metadatamanagement/tasks/reporttask/mdm/MdmRestClient.java b/src/main/java/eu/dzhw/fdz/metadatamanagement/tasks/reporttask/mdm/MdmRestClient.java index 0bf0785..16c1a02 100644 --- a/src/main/java/eu/dzhw/fdz/metadatamanagement/tasks/reporttask/mdm/MdmRestClient.java +++ b/src/main/java/eu/dzhw/fdz/metadatamanagement/tasks/reporttask/mdm/MdmRestClient.java @@ -10,6 +10,8 @@ import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; +import org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager; +import org.springframework.security.oauth2.client.OAuth2AuthorizeRequest; import org.springframework.stereotype.Component; import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; @@ -40,6 +42,8 @@ public class MdmRestClient { private final FileSystemResource zippedEnglishTemplateDataPackageOverview; + private AuthorizedClientServiceOAuth2AuthorizedClientManager authorizedClientManager; + /** * Create the {@link RestTemplate} from the {@link MdmProperties}. * @@ -48,14 +52,19 @@ public class MdmRestClient { * @param zippedGermanTemplateDataSetReport The zipped german data set report template folder. * @param zippedEnglishTemplateDataSetReport The zipped english data set report template folder. */ - public MdmRestClient(MdmProperties mdmProperties, RestTemplateBuilder templateBuilder, + public MdmRestClient( + AuthorizedClientServiceOAuth2AuthorizedClientManager authorizedClientManager, + MdmProperties mdmProperties, + RestTemplateBuilder templateBuilder, FileSystemResource zippedGermanTemplateDataSetReport, FileSystemResource zippedEnglishTemplateDataSetReport, FileSystemResource zippedGermanTemplateDataPackageOverview, - FileSystemResource zippedEnglishTemplateDataPackageOverview) { + FileSystemResource zippedEnglishTemplateDataPackageOverview + ) { super(); + this.authorizedClientManager = authorizedClientManager; mdmTemplate = templateBuilder - .basicAuthentication(mdmProperties.getUsername(), mdmProperties.getPassword()) + .defaultHeader("Authorization", generateAuthorizationHeaderValue()) .rootUri(mdmProperties.getEndpoint()).build(); this.zippedGermanTemplateDataSetReport = zippedGermanTemplateDataSetReport; this.zippedEnglishTemplateDataSetReport = zippedEnglishTemplateDataSetReport; @@ -208,4 +217,23 @@ public void postTaskError(String id, String onBehalfOf, String errorMessage, Tas } } + private String generateAuthorizationHeaderValue() { + var request = OAuth2AuthorizeRequest + .withClientRegistrationId("dzhw") + .principal("report_task") + .build(); + var client = this.authorizedClientManager + .authorize(request); + + if (client == null) { + throw new IllegalStateException("Could not obtain OAuth2 client"); + } + + var token = client.getAccessToken(); + + return String.format( + "Bearer %s", + token.getTokenValue() + ); + } } From fb8ef26d7a0861ee67f1bd19c9c771dcc6c8a2aa Mon Sep 17 00:00:00 2001 From: Jan-Lucas Schwoerer Date: Sat, 4 Dec 2021 18:22:14 +0100 Subject: [PATCH 5/9] Remove and replace MDM user and password vars --- .github/workflows/build-and-deploy.yml | 4 ++-- .github/workflows/build.yml | 4 ++-- README.md | 6 +++--- bin/run-docker-task.sh | 2 +- .../tasks/reporttask/config/MdmProperties.java | 10 ---------- src/main/resources/application-cloud.yml | 2 -- src/main/resources/application.yml | 2 -- src/test/resources/application.yml | 2 -- 8 files changed, 8 insertions(+), 24 deletions(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index c95d2ba..50b66c6 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -36,8 +36,8 @@ jobs: run: ./deploy/build.sh unused ${BRANCH_NAME} env: MDM_ENDPOINT: ${{ secrets.MDM_ENDPOINT }} - MDM_TASK_PASSWORD: ${{ secrets.MDM_TASK_PASSWORD }} - MDM_TASK_USER: ${{ secrets.MDM_TASK_USER }} + DZHW_CLIENT_ID: ${{ secrets.DZHW_CLIENT_ID }} + DZHW_CLIENT_SECRET: ${{ secrets.DZHW_CLIENT_SECRET }} - name: Deploy to AWS run: ./deploy/deploy.sh unused ${BRANCH_NAME} env: diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 66890f6..42a9828 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -28,8 +28,8 @@ jobs: run: ./deploy/build.sh unused ${BRANCH_NAME} env: MDM_ENDPOINT: ${{ secrets.MDM_ENDPOINT }} - MDM_TASK_PASSWORD: ${{ secrets.MDM_TASK_PASSWORD }} - MDM_TASK_USER: ${{ secrets.MDM_TASK_USER }} + DZHW_CLIENT_ID: ${{ secrets.DZHW_CLIENT_ID }} + DZHW_CLIENT_SECRET: ${{ secrets.DZHW_CLIENT_SECRET }} - name: Report build status via Slack uses: act10ns/slack@v1 if: always() diff --git a/README.md b/README.md index f760c19..926a89f 100644 --- a/README.md +++ b/README.md @@ -10,8 +10,8 @@ Developers need to have at least `maven` and `docker` on their machines. Current The following environment variables have to be set for running the JUnit test: ```shell MDM_ENDPOINT=https://dev.metadata.fdz.dzhw.eu -MDM_TASK_USER=taskuser -MDM_TASK_PASSWORD=**** (see s3://metadatamanagement-private/sensitive_variables.tf) +DZHW_CLIENT_ID=**** (see Identity Provider) +DZHW_CLIENT_SECRET=**** (see s3://metadatamanagement-private/sensitive_variables.tf) ``` The docker image can be build with: @@ -21,7 +21,7 @@ mvn -Pdev clean install If you want to run the task against an [MDM] instance running on your local machine, you can run: ```shell -docker run -it --network=host dzhw/report-task java -jar /app/report-task.jar --task.id=dat-gra2005-ds2$ --task.version=1.2.3 --task.onBehalfOf=dataprovider --task.language=de --task.type=DATA_SET_REPORT --mdm.username=${MDM_TASK_USER} --mdm.password=${MDM_TASK_PASSWORD} --mdm.endpoint=http://127.0.0.1:8080 +docker run -it --network=host dzhw/report-task java -jar /app/report-task.jar --task.id=dat-gra2005-ds2$ --task.version=1.2.3 --task.onBehalfOf=dataprovider --task.language=de --task.type=DATA_SET_REPORT --mdm.endpoint=http://127.0.0.1:8080 ``` For further configuration options you should get familiar with [Spring Boot @ConfigurationProperties](https://www.baeldung.com/configuration-properties-in-spring-boot) and have a look into `src/main/java/eu/dzhw/fdz/metadatamanagement/tasks/reporttask/config`. diff --git a/bin/run-docker-task.sh b/bin/run-docker-task.sh index 4bdcef8..7142684 100755 --- a/bin/run-docker-task.sh +++ b/bin/run-docker-task.sh @@ -1,4 +1,4 @@ #!/bin/bash # this script gives an example for running the report generation # in the docker container connecting to localhost -docker run -it --network=host dzhw/report-task java -jar /app/report-task.jar --task.id=dat-gra2005-ds2$ --task.version=1.2.3 --task.onBehalfOf=rreitmann --task.type=DATASET_REPORT --task.language=de --mdm.username=${MDM_TASK_USER} --mdm.password=${MDM_TASK_PASSWORD} --mdm.endpoint=http://127.0.0.1:8080 +docker run -it --network=host dzhw/report-task java -jar /app/report-task.jar --task.id=dat-gra2005-ds2$ --task.version=1.2.3 --task.onBehalfOf=rreitmann --task.type=DATASET_REPORT --task.language=de --mdm.endpoint=http://127.0.0.1:8080 diff --git a/src/main/java/eu/dzhw/fdz/metadatamanagement/tasks/reporttask/config/MdmProperties.java b/src/main/java/eu/dzhw/fdz/metadatamanagement/tasks/reporttask/config/MdmProperties.java index 0faf69c..35ef4f7 100644 --- a/src/main/java/eu/dzhw/fdz/metadatamanagement/tasks/reporttask/config/MdmProperties.java +++ b/src/main/java/eu/dzhw/fdz/metadatamanagement/tasks/reporttask/config/MdmProperties.java @@ -23,14 +23,4 @@ public class MdmProperties { */ @NotEmpty private String endpoint; - /** - * The username which this task uses to interact with the API. - */ - @NotEmpty - private String username; - /** - * The password which this task uses to interact with the API. - */ - @NotEmpty - private String password; } diff --git a/src/main/resources/application-cloud.yml b/src/main/resources/application-cloud.yml index 106b4fa..06c376c 100644 --- a/src/main/resources/application-cloud.yml +++ b/src/main/resources/application-cloud.yml @@ -11,5 +11,3 @@ spring: client-secret: ${DZHW_CLIENT_SECRET} mdm: endpoint: ${vcap.services.mdm.credentials.endpoint} - username: ${vcap.services.mdm.credentials.username} - password: ${vcap.services.mdm.credentials.password} diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 7fe2891..46a3973 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -17,8 +17,6 @@ task: mdm: endpoint: http://localhost:8080 - username: aerjaeklrj - password: kajfja logging: level: root: warn diff --git a/src/test/resources/application.yml b/src/test/resources/application.yml index 0dbab2c..ee1865c 100644 --- a/src/test/resources/application.yml +++ b/src/test/resources/application.yml @@ -21,8 +21,6 @@ task: type: DATA_SET_REPORT mdm: endpoint: ${MDM_ENDPOINT} - username: ${MDM_TASK_USER} - password: ${MDM_TASK_PASSWORD} logging: level: root: warn From a1192664eb57075b01d204160482bfe96495ffa4 Mon Sep 17 00:00:00 2001 From: Jan-Lucas Schwoerer Date: Thu, 9 Dec 2021 10:50:29 +0100 Subject: [PATCH 6/9] Change DZHW to FDZ in configuration --- .github/workflows/build-and-deploy.yml | 4 ++-- .github/workflows/build.yml | 4 ++-- README.md | 4 ++-- .../config/oauth2/client/OAuth2ClientConfig.java | 14 +++++++------- .../tasks/reporttask/mdm/MdmRestClient.java | 2 +- src/main/resources/application-cloud.yml | 10 +++++----- src/main/resources/application.yml | 10 +++++----- src/test/resources/application.yml | 10 +++++----- 8 files changed, 29 insertions(+), 29 deletions(-) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index 50b66c6..d9ec88e 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -36,8 +36,8 @@ jobs: run: ./deploy/build.sh unused ${BRANCH_NAME} env: MDM_ENDPOINT: ${{ secrets.MDM_ENDPOINT }} - DZHW_CLIENT_ID: ${{ secrets.DZHW_CLIENT_ID }} - DZHW_CLIENT_SECRET: ${{ secrets.DZHW_CLIENT_SECRET }} + FDZ_CLIENT_ID: ${{ secrets.FDZ_CLIENT_ID }} + FDZ_CLIENT_SECRET: ${{ secrets.FDZ_CLIENT_SECRET }} - name: Deploy to AWS run: ./deploy/deploy.sh unused ${BRANCH_NAME} env: diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 42a9828..cf597ed 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -28,8 +28,8 @@ jobs: run: ./deploy/build.sh unused ${BRANCH_NAME} env: MDM_ENDPOINT: ${{ secrets.MDM_ENDPOINT }} - DZHW_CLIENT_ID: ${{ secrets.DZHW_CLIENT_ID }} - DZHW_CLIENT_SECRET: ${{ secrets.DZHW_CLIENT_SECRET }} + FDZ_CLIENT_ID: ${{ secrets.FDZ_CLIENT_ID }} + FDZ_CLIENT_SECRET: ${{ secrets.FDZ_CLIENT_SECRET }} - name: Report build status via Slack uses: act10ns/slack@v1 if: always() diff --git a/README.md b/README.md index 926a89f..eaf6881 100644 --- a/README.md +++ b/README.md @@ -10,8 +10,8 @@ Developers need to have at least `maven` and `docker` on their machines. Current The following environment variables have to be set for running the JUnit test: ```shell MDM_ENDPOINT=https://dev.metadata.fdz.dzhw.eu -DZHW_CLIENT_ID=**** (see Identity Provider) -DZHW_CLIENT_SECRET=**** (see s3://metadatamanagement-private/sensitive_variables.tf) +FDZ_CLIENT_ID=**** (see Identity Provider) +FDZ_CLIENT_SECRET=**** (see s3://metadatamanagement-private/sensitive_variables.tf) ``` The docker image can be build with: diff --git a/src/main/java/eu/dzhw/fdz/metadatamanagement/tasks/reporttask/config/oauth2/client/OAuth2ClientConfig.java b/src/main/java/eu/dzhw/fdz/metadatamanagement/tasks/reporttask/config/oauth2/client/OAuth2ClientConfig.java index b0da5c0..2f6a363 100644 --- a/src/main/java/eu/dzhw/fdz/metadatamanagement/tasks/reporttask/config/oauth2/client/OAuth2ClientConfig.java +++ b/src/main/java/eu/dzhw/fdz/metadatamanagement/tasks/reporttask/config/oauth2/client/OAuth2ClientConfig.java @@ -34,16 +34,16 @@ public class OAuth2ClientConfig { */ @Bean public ClientRegistration dzhwClientRegistration( - @Value("${spring.security.oauth2.client.provider.dzhw.issuer-uri}") + @Value("${spring.security.oauth2.client.provider.fdz.issuer-uri}") final String issuerUri, - @Value("${spring.security.oauth2.client.registration.dzhw.client-id}") + @Value("${spring.security.oauth2.client.registration.fdz.client-id}") final String clientId, - @Value("${spring.security.oauth2.client.registration.dzhw.client-secret}") + @Value("${spring.security.oauth2.client.registration.fdz.client-secret}") final String clientSecret ) { return ClientRegistrations .fromIssuerLocation(issuerUri) - .registrationId("dzhw") + .registrationId("fdz") .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS) .clientId(clientId) .clientSecret(clientSecret) @@ -57,14 +57,14 @@ public ClientRegistration dzhwClientRegistration( * NOTE: Normally this would be added by Spring Boot, but since report-task does not have * a servlet this needs to be added manually. * - * @param dzhwClientRegistration information about a client registration + * @param fdzClientRegistration information about a client registration * @return a repository which stores client registration info */ @Bean public ClientRegistrationRepository clientRegistrationRepository( - ClientRegistration dzhwClientRegistration + ClientRegistration fdzClientRegistration ) { - return new InMemoryClientRegistrationRepository(dzhwClientRegistration); + return new InMemoryClientRegistrationRepository(fdzClientRegistration); } /** diff --git a/src/main/java/eu/dzhw/fdz/metadatamanagement/tasks/reporttask/mdm/MdmRestClient.java b/src/main/java/eu/dzhw/fdz/metadatamanagement/tasks/reporttask/mdm/MdmRestClient.java index 16c1a02..c57d17e 100644 --- a/src/main/java/eu/dzhw/fdz/metadatamanagement/tasks/reporttask/mdm/MdmRestClient.java +++ b/src/main/java/eu/dzhw/fdz/metadatamanagement/tasks/reporttask/mdm/MdmRestClient.java @@ -219,7 +219,7 @@ public void postTaskError(String id, String onBehalfOf, String errorMessage, Tas private String generateAuthorizationHeaderValue() { var request = OAuth2AuthorizeRequest - .withClientRegistrationId("dzhw") + .withClientRegistrationId("fdz") .principal("report_task") .build(); var client = this.authorizedClientManager diff --git a/src/main/resources/application-cloud.yml b/src/main/resources/application-cloud.yml index 06c376c..247a9cb 100644 --- a/src/main/resources/application-cloud.yml +++ b/src/main/resources/application-cloud.yml @@ -3,11 +3,11 @@ spring: oauth2: client: provider: - dzhw: - issuer-uri: ${DZHW_ISSUER_URI} + fdz: + issuer-uri: ${FDZ_ISSUER_URI} registration: - dzhw: - client-id: ${DZHW_CLIENT_ID} - client-secret: ${DZHW_CLIENT_SECRET} + fdz: + client-id: ${FDZ_CLIENT_ID} + client-secret: ${FDZ_CLIENT_SECRET} mdm: endpoint: ${vcap.services.mdm.credentials.endpoint} diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index 46a3973..a163a14 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -3,12 +3,12 @@ spring: oauth2: client: provider: - dzhw: - issuer-uri: ${DZHW_ISSUER_URI} + fdz: + issuer-uri: ${FDZ_ISSUER_URI} registration: - dzhw: - client-id: ${DZHW_CLIENT_ID} - client-secret: ${DZHW_CLIENT_SECRET} + fdz: + client-id: ${FDZ_CLIENT_ID} + client-secret: ${FDZ_CLIENT_SECRET} task: latex-input-dir: /app/doc latex-process-working-dir: /app/doc diff --git a/src/test/resources/application.yml b/src/test/resources/application.yml index ee1865c..3de5786 100644 --- a/src/test/resources/application.yml +++ b/src/test/resources/application.yml @@ -3,12 +3,12 @@ spring: oauth2: client: provider: - dzhw: - issuer-uri: ${DZHW_ISSUER_URI} + fdz: + issuer-uri: ${FDZ_ISSUER_URI} registration: - dzhw: - client-id: ${DZHW_CLIENT_ID} - client-secret: ${DZHW_CLIENT_SECRET} + fdz: + client-id: ${FDZ_CLIENT_ID} + client-secret: ${FDZ_CLIENT_SECRET} task: latex-input-dir: target/test-classes/doc latex-process-working-dir: . From 5043b88730af19856411001992f2b2aa0a6c2cbb Mon Sep 17 00:00:00 2001 From: Jan-Lucas Schwoerer Date: Thu, 9 Dec 2021 10:54:17 +0100 Subject: [PATCH 7/9] Add FDZ_ISSUER_URI to documentation and workflows --- .github/workflows/build-and-deploy.yml | 1 + .github/workflows/build.yml | 1 + README.md | 1 + 3 files changed, 3 insertions(+) diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml index d9ec88e..797cbe0 100644 --- a/.github/workflows/build-and-deploy.yml +++ b/.github/workflows/build-and-deploy.yml @@ -36,6 +36,7 @@ jobs: run: ./deploy/build.sh unused ${BRANCH_NAME} env: MDM_ENDPOINT: ${{ secrets.MDM_ENDPOINT }} + FDZ_ISSUER_URI: ${{ secrets.FDZ_ISSUER_URI }} FDZ_CLIENT_ID: ${{ secrets.FDZ_CLIENT_ID }} FDZ_CLIENT_SECRET: ${{ secrets.FDZ_CLIENT_SECRET }} - name: Deploy to AWS diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cf597ed..0153e72 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -28,6 +28,7 @@ jobs: run: ./deploy/build.sh unused ${BRANCH_NAME} env: MDM_ENDPOINT: ${{ secrets.MDM_ENDPOINT }} + FDZ_ISSUER_URI: ${{ secrets.FDZ_ISSUER_URI }} FDZ_CLIENT_ID: ${{ secrets.FDZ_CLIENT_ID }} FDZ_CLIENT_SECRET: ${{ secrets.FDZ_CLIENT_SECRET }} - name: Report build status via Slack diff --git a/README.md b/README.md index eaf6881..e3579f2 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,7 @@ Developers need to have at least `maven` and `docker` on their machines. Current The following environment variables have to be set for running the JUnit test: ```shell MDM_ENDPOINT=https://dev.metadata.fdz.dzhw.eu +FDZ_ISSUER_URI=**** (Path to Identity Provider) FDZ_CLIENT_ID=**** (see Identity Provider) FDZ_CLIENT_SECRET=**** (see s3://metadatamanagement-private/sensitive_variables.tf) ``` From bbdf1572f4a7ee45153ecdb58aad96ee7a583f29 Mon Sep 17 00:00:00 2001 From: Jan-Lucas Schwoerer Date: Thu, 9 Dec 2021 12:54:52 +0100 Subject: [PATCH 8/9] Change principal to use client-id env var --- .../tasks/reporttask/mdm/MdmRestClient.java | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/main/java/eu/dzhw/fdz/metadatamanagement/tasks/reporttask/mdm/MdmRestClient.java b/src/main/java/eu/dzhw/fdz/metadatamanagement/tasks/reporttask/mdm/MdmRestClient.java index c57d17e..052c4bc 100644 --- a/src/main/java/eu/dzhw/fdz/metadatamanagement/tasks/reporttask/mdm/MdmRestClient.java +++ b/src/main/java/eu/dzhw/fdz/metadatamanagement/tasks/reporttask/mdm/MdmRestClient.java @@ -2,6 +2,7 @@ import java.net.URI; +import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.web.client.RestTemplateBuilder; import org.springframework.core.io.FileSystemResource; import org.springframework.http.HttpEntity; @@ -11,10 +12,13 @@ import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager; +import org.springframework.security.oauth2.client.ClientAuthorizationException; import org.springframework.security.oauth2.client.OAuth2AuthorizeRequest; +import org.springframework.security.oauth2.core.OAuth2AuthorizationException; import org.springframework.stereotype.Component; import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; +import org.springframework.web.client.HttpClientErrorException; import org.springframework.web.client.RestTemplate; import eu.dzhw.fdz.metadatamanagement.tasks.reporttask.config.MdmProperties; @@ -53,6 +57,7 @@ public class MdmRestClient { * @param zippedEnglishTemplateDataSetReport The zipped english data set report template folder. */ public MdmRestClient( + @Value("${spring.security.oauth2.client.registration.fdz.client-id}") final String clientId, AuthorizedClientServiceOAuth2AuthorizedClientManager authorizedClientManager, MdmProperties mdmProperties, RestTemplateBuilder templateBuilder, @@ -64,7 +69,7 @@ public MdmRestClient( super(); this.authorizedClientManager = authorizedClientManager; mdmTemplate = templateBuilder - .defaultHeader("Authorization", generateAuthorizationHeaderValue()) + .defaultHeader("Authorization", generateAuthorizationHeaderValue(clientId)) .rootUri(mdmProperties.getEndpoint()).build(); this.zippedGermanTemplateDataSetReport = zippedGermanTemplateDataSetReport; this.zippedEnglishTemplateDataSetReport = zippedEnglishTemplateDataSetReport; @@ -217,14 +222,14 @@ public void postTaskError(String id, String onBehalfOf, String errorMessage, Tas } } - private String generateAuthorizationHeaderValue() { + private String generateAuthorizationHeaderValue(final String principal) { var request = OAuth2AuthorizeRequest .withClientRegistrationId("fdz") - .principal("report_task") + .principal(principal) .build(); + var client = this.authorizedClientManager .authorize(request); - if (client == null) { throw new IllegalStateException("Could not obtain OAuth2 client"); } From 47e588be02b709716160d1f2da6b1acbe207f960 Mon Sep 17 00:00:00 2001 From: Jan-Lucas Schwoerer Date: Wed, 15 Dec 2021 10:49:36 +0100 Subject: [PATCH 9/9] Remove unused imports --- .../metadatamanagement/tasks/reporttask/mdm/MdmRestClient.java | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/main/java/eu/dzhw/fdz/metadatamanagement/tasks/reporttask/mdm/MdmRestClient.java b/src/main/java/eu/dzhw/fdz/metadatamanagement/tasks/reporttask/mdm/MdmRestClient.java index 052c4bc..52fcd3b 100644 --- a/src/main/java/eu/dzhw/fdz/metadatamanagement/tasks/reporttask/mdm/MdmRestClient.java +++ b/src/main/java/eu/dzhw/fdz/metadatamanagement/tasks/reporttask/mdm/MdmRestClient.java @@ -12,13 +12,10 @@ import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager; -import org.springframework.security.oauth2.client.ClientAuthorizationException; import org.springframework.security.oauth2.client.OAuth2AuthorizeRequest; -import org.springframework.security.oauth2.core.OAuth2AuthorizationException; import org.springframework.stereotype.Component; import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; -import org.springframework.web.client.HttpClientErrorException; import org.springframework.web.client.RestTemplate; import eu.dzhw.fdz.metadatamanagement.tasks.reporttask.config.MdmProperties;