Loading movie-microservice/src/main/java/cz/muni/fi/iamdb/config/SecurityConfig.java +1 −2 Original line number Diff line number Diff line package cz.muni.fi.iamdb.config; import cz.muni.fi.iamdb.MovieMicroservice; import io.swagger.v3.oas.models.security.OAuthFlow; import io.swagger.v3.oas.models.security.OAuthFlows; import io.swagger.v3.oas.models.security.Scopes; Loading @@ -22,7 +21,7 @@ import org.springframework.security.web.SecurityFilterChain; @Profile("prod") public class SecurityConfig { private static final Logger log = LoggerFactory.getLogger(MovieMicroservice.class); private static final Logger log = LoggerFactory.getLogger(SecurityConfig.class); private static final String SECURITY_SCHEME_OAUTH2 = "MUNI"; private static final String SECURITY_SCHEME_BEARER = "Bearer"; Loading movie-recommender-microservice/src/main/java/cz/muni/fi/iamdb/MovieRecommenderMicroservice.java +0 −89 Original line number Diff line number Diff line package cz.muni.fi.iamdb; import io.swagger.v3.oas.models.security.OAuthFlow; import io.swagger.v3.oas.models.security.OAuthFlows; import io.swagger.v3.oas.models.security.Scopes; import io.swagger.v3.oas.models.security.SecurityScheme; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springdoc.core.customizers.OpenApiCustomizer; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.web.servlet.context.ServletWebServerInitializedEvent; import org.springframework.context.annotation.Bean; import org.springframework.context.event.EventListener; import org.springframework.http.HttpMethod; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.web.SecurityFilterChain; @SpringBootApplication public class MovieRecommenderMicroservice { private static final Logger log = LoggerFactory.getLogger(MovieRecommenderMicroservice.class); private static final String SECURITY_SCHEME_OAUTH2 = "MUNI"; private static final String SECURITY_SCHEME_BEARER = "Bearer"; public static void main(String[] args) { SpringApplication.run(MovieRecommenderMicroservice.class, args); } /** * Configure access restrictions to the API. * Introspection of opaque access token is configured, introspection endpoint is defined in application.yml. */ @Bean SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { // todo extract from properties final String RECOMMEND_GET_SCOPE = "SCOPE_test_1"; final String BEST_RATED_IN_GENRE_GET_SCOPE = "SCOPE_test_2"; http .authorizeHttpRequests(x -> x .requestMatchers(HttpMethod.GET, "/recommend/{id}").hasAuthority(RECOMMEND_GET_SCOPE) .requestMatchers(HttpMethod.GET, "/best-rated-in-genre/{id}").hasAuthority(BEST_RATED_IN_GENRE_GET_SCOPE) // defensively deny all other requests .anyRequest().denyAll() ) .oauth2ResourceServer(oauth2 -> oauth2.opaqueToken(Customizer.withDefaults())) ; return http.build(); } /** * Add security definitions to generated openapi.yaml. */ @Bean public OpenApiCustomizer openAPICustomizer() { return openApi -> { log.info("adding security to OpenAPI description"); openApi.getComponents() .addSecuritySchemes(SECURITY_SCHEME_OAUTH2, new SecurityScheme() .type(SecurityScheme.Type.OAUTH2) .description("get access token with OAuth 2 Authorization Code Grant") .flows(new OAuthFlows() .authorizationCode(new OAuthFlow() .authorizationUrl("https://oidc.muni.cz/oidc/authorize") .tokenUrl("https://oidc.muni.cz/oidc/token") .scopes(new Scopes() .addString("test_read", "reading things") .addString("test_write", "creating things") .addString("test_1", "deleting things") ) ) ) ) .addSecuritySchemes(SECURITY_SCHEME_BEARER, new SecurityScheme() .type(SecurityScheme.Type.HTTP) .scheme("bearer") .description("provide a valid access token") ) ; }; } /** * Display a hint in the log. */ @EventListener public void onApplicationEvent(ServletWebServerInitializedEvent event) { log.info("**************************"); int port = event.getWebServer().getPort(); log.info("visit http://localhost:{}/swagger-ui.html for UI", port); log.info("visit http://localhost:{}/openapi.yaml for OpenAPI document", port); log.info("**************************"); } } movie-recommender-microservice/src/main/java/cz/muni/fi/iamdb/config/SecurityConfig.java 0 → 100644 +97 −0 Original line number Diff line number Diff line package cz.muni.fi.iamdb.config; import io.swagger.v3.oas.models.security.OAuthFlow; import io.swagger.v3.oas.models.security.OAuthFlows; import io.swagger.v3.oas.models.security.Scopes; import io.swagger.v3.oas.models.security.SecurityScheme; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springdoc.core.customizers.OpenApiCustomizer; import org.springframework.boot.web.servlet.context.ServletWebServerInitializedEvent; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Profile; import org.springframework.context.event.EventListener; import org.springframework.http.HttpMethod; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.web.SecurityFilterChain; @Configuration @Profile("prod") public class SecurityConfig { private static final Logger log = LoggerFactory.getLogger(SecurityConfig.class); private static final String SECURITY_SCHEME_OAUTH2 = "MUNI"; private static final String SECURITY_SCHEME_BEARER = "Bearer"; /** * Configure access restrictions to the API. * Introspection of opaque access token is configured, introspection endpoint is defined in application.yml. */ @Bean SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { // todo extract from properties final String RECOMMEND_GET_SCOPE = "SCOPE_test_1"; final String BEST_RATED_IN_GENRE_GET_SCOPE = "SCOPE_test_2"; http .authorizeHttpRequests(x -> x .requestMatchers(HttpMethod.GET, "/recommend/{id}").hasAuthority(RECOMMEND_GET_SCOPE) .requestMatchers(HttpMethod.GET, "/best-rated-in-genre/{id}").hasAuthority(BEST_RATED_IN_GENRE_GET_SCOPE) // defensively deny all other requests .anyRequest().denyAll() ) .oauth2ResourceServer(oauth2 -> oauth2.opaqueToken(Customizer.withDefaults())) ; return http.build(); } /** * Add security definitions to generated openapi.yaml. */ @Bean public OpenApiCustomizer openAPICustomizer() { return openApi -> { log.info("adding security to OpenAPI description"); openApi.getComponents() .addSecuritySchemes(SECURITY_SCHEME_OAUTH2, new SecurityScheme() .type(SecurityScheme.Type.OAUTH2) .description("get access token with OAuth 2 Authorization Code Grant") .flows(new OAuthFlows() .authorizationCode(new OAuthFlow() .authorizationUrl("https://oidc.muni.cz/oidc/authorize") .tokenUrl("https://oidc.muni.cz/oidc/token") .scopes(new Scopes() .addString("test_read", "reading things") .addString("test_write", "creating things") .addString("test_1", "deleting things") ) ) ) ) .addSecuritySchemes(SECURITY_SCHEME_BEARER, new SecurityScheme() .type(SecurityScheme.Type.HTTP) .scheme("bearer") .description("provide a valid access token") ) ; }; } /** * Display a hint in the log. */ @EventListener public void onApplicationEvent(ServletWebServerInitializedEvent event) { log.info("**************************"); int port = event.getWebServer().getPort(); log.info("visit http://localhost:{}/swagger-ui.html for UI", port); log.info("visit http://localhost:{}/openapi.yaml for OpenAPI document", port); log.info("**************************"); } } movie-recommender-microservice/src/main/resources/application.yaml +2 −0 Original line number Diff line number Diff line Loading @@ -7,6 +7,8 @@ server: include-message: always spring: profiles: active: prod jackson: property-naming-strategy: SNAKE_CASE mvc: Loading movie-recommender-microservice/src/test/java/cz/muni/fi/iamdb/config/SecurityConfig.java 0 → 100644 +26 −0 Original line number Diff line number Diff line package cz.muni.fi.iamdb.config; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Profile; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.web.SecurityFilterChain; @Configuration @Profile("test") public class SecurityConfig { /** * Configure access restrictions to the API. * Introspection of opaque access token is configured, introspection endpoint is defined in application.yml. */ @Bean SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .authorizeHttpRequests(x -> x .anyRequest().permitAll() ) ; return http.build(); } } Loading
movie-microservice/src/main/java/cz/muni/fi/iamdb/config/SecurityConfig.java +1 −2 Original line number Diff line number Diff line package cz.muni.fi.iamdb.config; import cz.muni.fi.iamdb.MovieMicroservice; import io.swagger.v3.oas.models.security.OAuthFlow; import io.swagger.v3.oas.models.security.OAuthFlows; import io.swagger.v3.oas.models.security.Scopes; Loading @@ -22,7 +21,7 @@ import org.springframework.security.web.SecurityFilterChain; @Profile("prod") public class SecurityConfig { private static final Logger log = LoggerFactory.getLogger(MovieMicroservice.class); private static final Logger log = LoggerFactory.getLogger(SecurityConfig.class); private static final String SECURITY_SCHEME_OAUTH2 = "MUNI"; private static final String SECURITY_SCHEME_BEARER = "Bearer"; Loading
movie-recommender-microservice/src/main/java/cz/muni/fi/iamdb/MovieRecommenderMicroservice.java +0 −89 Original line number Diff line number Diff line package cz.muni.fi.iamdb; import io.swagger.v3.oas.models.security.OAuthFlow; import io.swagger.v3.oas.models.security.OAuthFlows; import io.swagger.v3.oas.models.security.Scopes; import io.swagger.v3.oas.models.security.SecurityScheme; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springdoc.core.customizers.OpenApiCustomizer; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.web.servlet.context.ServletWebServerInitializedEvent; import org.springframework.context.annotation.Bean; import org.springframework.context.event.EventListener; import org.springframework.http.HttpMethod; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.web.SecurityFilterChain; @SpringBootApplication public class MovieRecommenderMicroservice { private static final Logger log = LoggerFactory.getLogger(MovieRecommenderMicroservice.class); private static final String SECURITY_SCHEME_OAUTH2 = "MUNI"; private static final String SECURITY_SCHEME_BEARER = "Bearer"; public static void main(String[] args) { SpringApplication.run(MovieRecommenderMicroservice.class, args); } /** * Configure access restrictions to the API. * Introspection of opaque access token is configured, introspection endpoint is defined in application.yml. */ @Bean SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { // todo extract from properties final String RECOMMEND_GET_SCOPE = "SCOPE_test_1"; final String BEST_RATED_IN_GENRE_GET_SCOPE = "SCOPE_test_2"; http .authorizeHttpRequests(x -> x .requestMatchers(HttpMethod.GET, "/recommend/{id}").hasAuthority(RECOMMEND_GET_SCOPE) .requestMatchers(HttpMethod.GET, "/best-rated-in-genre/{id}").hasAuthority(BEST_RATED_IN_GENRE_GET_SCOPE) // defensively deny all other requests .anyRequest().denyAll() ) .oauth2ResourceServer(oauth2 -> oauth2.opaqueToken(Customizer.withDefaults())) ; return http.build(); } /** * Add security definitions to generated openapi.yaml. */ @Bean public OpenApiCustomizer openAPICustomizer() { return openApi -> { log.info("adding security to OpenAPI description"); openApi.getComponents() .addSecuritySchemes(SECURITY_SCHEME_OAUTH2, new SecurityScheme() .type(SecurityScheme.Type.OAUTH2) .description("get access token with OAuth 2 Authorization Code Grant") .flows(new OAuthFlows() .authorizationCode(new OAuthFlow() .authorizationUrl("https://oidc.muni.cz/oidc/authorize") .tokenUrl("https://oidc.muni.cz/oidc/token") .scopes(new Scopes() .addString("test_read", "reading things") .addString("test_write", "creating things") .addString("test_1", "deleting things") ) ) ) ) .addSecuritySchemes(SECURITY_SCHEME_BEARER, new SecurityScheme() .type(SecurityScheme.Type.HTTP) .scheme("bearer") .description("provide a valid access token") ) ; }; } /** * Display a hint in the log. */ @EventListener public void onApplicationEvent(ServletWebServerInitializedEvent event) { log.info("**************************"); int port = event.getWebServer().getPort(); log.info("visit http://localhost:{}/swagger-ui.html for UI", port); log.info("visit http://localhost:{}/openapi.yaml for OpenAPI document", port); log.info("**************************"); } }
movie-recommender-microservice/src/main/java/cz/muni/fi/iamdb/config/SecurityConfig.java 0 → 100644 +97 −0 Original line number Diff line number Diff line package cz.muni.fi.iamdb.config; import io.swagger.v3.oas.models.security.OAuthFlow; import io.swagger.v3.oas.models.security.OAuthFlows; import io.swagger.v3.oas.models.security.Scopes; import io.swagger.v3.oas.models.security.SecurityScheme; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springdoc.core.customizers.OpenApiCustomizer; import org.springframework.boot.web.servlet.context.ServletWebServerInitializedEvent; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Profile; import org.springframework.context.event.EventListener; import org.springframework.http.HttpMethod; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.web.SecurityFilterChain; @Configuration @Profile("prod") public class SecurityConfig { private static final Logger log = LoggerFactory.getLogger(SecurityConfig.class); private static final String SECURITY_SCHEME_OAUTH2 = "MUNI"; private static final String SECURITY_SCHEME_BEARER = "Bearer"; /** * Configure access restrictions to the API. * Introspection of opaque access token is configured, introspection endpoint is defined in application.yml. */ @Bean SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { // todo extract from properties final String RECOMMEND_GET_SCOPE = "SCOPE_test_1"; final String BEST_RATED_IN_GENRE_GET_SCOPE = "SCOPE_test_2"; http .authorizeHttpRequests(x -> x .requestMatchers(HttpMethod.GET, "/recommend/{id}").hasAuthority(RECOMMEND_GET_SCOPE) .requestMatchers(HttpMethod.GET, "/best-rated-in-genre/{id}").hasAuthority(BEST_RATED_IN_GENRE_GET_SCOPE) // defensively deny all other requests .anyRequest().denyAll() ) .oauth2ResourceServer(oauth2 -> oauth2.opaqueToken(Customizer.withDefaults())) ; return http.build(); } /** * Add security definitions to generated openapi.yaml. */ @Bean public OpenApiCustomizer openAPICustomizer() { return openApi -> { log.info("adding security to OpenAPI description"); openApi.getComponents() .addSecuritySchemes(SECURITY_SCHEME_OAUTH2, new SecurityScheme() .type(SecurityScheme.Type.OAUTH2) .description("get access token with OAuth 2 Authorization Code Grant") .flows(new OAuthFlows() .authorizationCode(new OAuthFlow() .authorizationUrl("https://oidc.muni.cz/oidc/authorize") .tokenUrl("https://oidc.muni.cz/oidc/token") .scopes(new Scopes() .addString("test_read", "reading things") .addString("test_write", "creating things") .addString("test_1", "deleting things") ) ) ) ) .addSecuritySchemes(SECURITY_SCHEME_BEARER, new SecurityScheme() .type(SecurityScheme.Type.HTTP) .scheme("bearer") .description("provide a valid access token") ) ; }; } /** * Display a hint in the log. */ @EventListener public void onApplicationEvent(ServletWebServerInitializedEvent event) { log.info("**************************"); int port = event.getWebServer().getPort(); log.info("visit http://localhost:{}/swagger-ui.html for UI", port); log.info("visit http://localhost:{}/openapi.yaml for OpenAPI document", port); log.info("**************************"); } }
movie-recommender-microservice/src/main/resources/application.yaml +2 −0 Original line number Diff line number Diff line Loading @@ -7,6 +7,8 @@ server: include-message: always spring: profiles: active: prod jackson: property-naming-strategy: SNAKE_CASE mvc: Loading
movie-recommender-microservice/src/test/java/cz/muni/fi/iamdb/config/SecurityConfig.java 0 → 100644 +26 −0 Original line number Diff line number Diff line package cz.muni.fi.iamdb.config; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Profile; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.web.SecurityFilterChain; @Configuration @Profile("test") public class SecurityConfig { /** * Configure access restrictions to the API. * Introspection of opaque access token is configured, introspection endpoint is defined in application.yml. */ @Bean SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { http .authorizeHttpRequests(x -> x .anyRequest().permitAll() ) ; return http.build(); } }
