Revert "test config for keystore"

ORCID · Aug 7, 2023 · 45247ee · 45247ee
1 parent 219857b
commit 45247ee
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 48 deletions.
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
@@ -33,7 +33,7 @@ jobs:
       with:
         java-version: 11
     - name: Build User service
-      run: mvn -B verify --file user-service/pom.xml
+      run: mvn -B verify  -Pprod --file user-service/pom.xml
 
   build-assertion-service:
     runs-on: ubuntu-latest

diff --git a/user-service/src/main/java/org/orcid/memberportal/service/user/config/UaaConfiguration.java b/user-service/src/main/java/org/orcid/memberportal/service/user/config/UaaConfiguration.java
@@ -12,8 +12,6 @@
 import org.orcid.memberportal.service.user.security.AuthoritiesConstants;
 import org.orcid.memberportal.service.user.security.PasswordTokenGranter;
 import org.orcid.memberportal.service.user.services.UserService;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
@@ -58,8 +56,6 @@ public class UaaConfiguration extends AuthorizationServerConfigurerAdapter imple
      */
     private static final int MIN_ACCESS_TOKEN_VALIDITY_SECS = 60;
 
-    private static final Logger LOG = LoggerFactory.getLogger(UaaConfiguration.class);
-
     private ApplicationContext applicationContext;
 
     @Autowired
@@ -88,13 +84,13 @@ public ResourceServerConfiguration(TokenStore tokenStore, JHipsterProperties jHi
         @Override
         public void configure(HttpSecurity http) throws Exception {
             http.exceptionHandling().authenticationEntryPoint((request, response, authException) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED)).and().csrf()
-                .disable().addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class).headers().frameOptions().disable().and().sessionManagement()
-                .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests().antMatchers("/api/register").permitAll()
-                .antMatchers("/api/activate").permitAll().antMatchers("/api/authenticate").permitAll().antMatchers("/api/account/reset-password/init").permitAll()
-                .antMatchers("/api/account/reset-password/finish").permitAll().antMatchers("/api/account/reset-password/validate").permitAll()
-                .antMatchers("/api/users/**/resendActivation").permitAll().antMatchers("/api/**").authenticated().antMatchers("/management/health").permitAll()
-                .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/v2/api-docs/**").permitAll()
-                .antMatchers("/swagger-resources/configuration/ui").permitAll().antMatchers("/swagger-ui/index.html").hasAuthority(AuthoritiesConstants.ADMIN);
+                    .disable().addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class).headers().frameOptions().disable().and().sessionManagement()
+                    .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests().antMatchers("/api/register").permitAll()
+                    .antMatchers("/api/activate").permitAll().antMatchers("/api/authenticate").permitAll().antMatchers("/api/account/reset-password/init").permitAll()
+                    .antMatchers("/api/account/reset-password/finish").permitAll().antMatchers("/api/account/reset-password/validate").permitAll()
+                    .antMatchers("/api/users/**/resendActivation").permitAll().antMatchers("/api/**").authenticated().antMatchers("/management/health").permitAll()
+                    .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/v2/api-docs/**").permitAll()
+                    .antMatchers("/swagger-resources/configuration/ui").permitAll().antMatchers("/swagger-ui/index.html").hasAuthority(AuthoritiesConstants.ADMIN);
         }
 
         @Override
@@ -122,13 +118,13 @@ public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
         int refreshTokenValidity = uaaProperties.getWebClientConfiguration().getRefreshTokenValidityInSecondsForRememberMe();
         refreshTokenValidity = Math.max(refreshTokenValidity, accessTokenValidity);
         clients.inMemory().withClient(uaaProperties.getWebClientConfiguration().getClientId())
-            .secret(passwordEncoder.encode(uaaProperties.getWebClientConfiguration().getSecret())).scopes("openid").autoApprove(true)
-            .authorizedGrantTypes("implicit", "refresh_token", "password", "authorization_code").accessTokenValiditySeconds(accessTokenValidity)
-            .refreshTokenValiditySeconds(refreshTokenValidity).and().withClient(jHipsterProperties.getSecurity().getClientAuthorization().getClientId())
-            .secret(passwordEncoder.encode(jHipsterProperties.getSecurity().getClientAuthorization().getClientSecret())).scopes("web-app").authorities("ROLE_ADMIN")
-            .autoApprove(true).authorizedGrantTypes("client_credentials")
-            .accessTokenValiditySeconds((int) jHipsterProperties.getSecurity().getAuthentication().getJwt().getTokenValidityInSeconds())
-            .refreshTokenValiditySeconds((int) jHipsterProperties.getSecurity().getAuthentication().getJwt().getTokenValidityInSecondsForRememberMe());
+                .secret(passwordEncoder.encode(uaaProperties.getWebClientConfiguration().getSecret())).scopes("openid").autoApprove(true)
+                .authorizedGrantTypes("implicit", "refresh_token", "password", "authorization_code").accessTokenValiditySeconds(accessTokenValidity)
+                .refreshTokenValiditySeconds(refreshTokenValidity).and().withClient(jHipsterProperties.getSecurity().getClientAuthorization().getClientId())
+                .secret(passwordEncoder.encode(jHipsterProperties.getSecurity().getClientAuthorization().getClientSecret())).scopes("web-app").authorities("ROLE_ADMIN")
+                .autoApprove(true).authorizedGrantTypes("client_credentials")
+                .accessTokenValiditySeconds((int) jHipsterProperties.getSecurity().getAuthentication().getJwt().getTokenValidityInSeconds())
+                .refreshTokenValiditySeconds((int) jHipsterProperties.getSecurity().getAuthentication().getJwt().getTokenValidityInSecondsForRememberMe());
     }
 
     @Override
@@ -156,8 +152,7 @@ public DefaultTokenServices tokenServices() {
     private TokenGranter tokenGranter(final AuthorizationServerEndpointsConfigurer endpoints) {
         PasswordTokenGranter passwordTokenGranter = new PasswordTokenGranter(endpoints, authenticationManager, userService, tokenServices());
         RefreshTokenGranter refreshTokenGranter = new RefreshTokenGranter(tokenServices(), endpoints.getClientDetailsService(), endpoints.getOAuth2RequestFactory());
-        ClientCredentialsTokenGranter clientCredentialsTokenGranter = new ClientCredentialsTokenGranter(tokenServices(), endpoints.getClientDetailsService(),
-            endpoints.getOAuth2RequestFactory());
+        ClientCredentialsTokenGranter clientCredentialsTokenGranter = new ClientCredentialsTokenGranter(tokenServices(), endpoints.getClientDetailsService(), endpoints.getOAuth2RequestFactory());
         return new CompositeTokenGranter(Arrays.asList(passwordTokenGranter, refreshTokenGranter, clientCredentialsTokenGranter));
     }
 
@@ -167,7 +162,7 @@ private TokenGranter tokenGranter(final AuthorizationServerEndpointsConfigurer e
 
     /**
      * Apply the token converter (and enhancer) for token store.
-     *
+     * 
      * @return the {@link JwtTokenStore} managing the tokens.
      */
     @Bean
@@ -180,27 +175,31 @@ public JwtTokenStore tokenStore() {
      * JWT access tokens and Authentication in both directions.
      *
      * @return an access token converter configured with the authorization
-     * server's public/private keys.
+     *         server's public/private keys.
      */
     @Bean
     public JwtAccessTokenConverter jwtAccessTokenConverter() {
-        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
-        try {
-            KeyPair keyPair = new KeyStoreKeyFactory(new FileUrlResource(uaaProperties.getKeyStore().getName()),
-                uaaProperties.getKeyStore().getPassword().toCharArray()).getKeyPair(uaaProperties.getKeyStore().getAlias());
-            converter.setKeyPair(keyPair);
-        } catch (MalformedURLException e) {
-            throw new RuntimeException("Error creating keystore factory", e);
+        if (uaaProperties.getKeyStore().getName() != null) {
+            JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
+            try {
+                KeyPair keyPair = new KeyStoreKeyFactory(new FileUrlResource(uaaProperties.getKeyStore().getName()),
+                        uaaProperties.getKeyStore().getPassword().toCharArray()).getKeyPair(uaaProperties.getKeyStore().getAlias());
+                converter.setKeyPair(keyPair);
+            } catch (MalformedURLException e) {
+                throw new RuntimeException("Error creating keystore factory", e);
+            }
+            return converter;
+        } else {
+            return null;
         }
-        return converter;
     }
 
     public class RefreshTokenConverter extends JwtAccessTokenConverter {
         public RefreshTokenConverter() {
             super();
             try {
                 KeyPair keyPair = new KeyStoreKeyFactory(new FileUrlResource(uaaProperties.getKeyStore().getName()),
-                    uaaProperties.getKeyStore().getPassword().toCharArray()).getKeyPair(uaaProperties.getKeyStore().getAlias());
+                        uaaProperties.getKeyStore().getPassword().toCharArray()).getKeyPair(uaaProperties.getKeyStore().getAlias());
                 super.setKeyPair(keyPair);
             } catch (MalformedURLException e) {
                 throw new RuntimeException("Error creating keystore factory", e);

diff --git a/...st/java/org/orcid/memberportal/service/user/config/SecurityBeanOverrideConfiguration.java b/...st/java/org/orcid/memberportal/service/user/config/SecurityBeanOverrideConfiguration.java
@@ -1,6 +1,5 @@
 package org.orcid.memberportal.service.user.config;
 
-import org.springframework.boot.test.context.TestConfiguration;
 import org.springframework.cloud.client.loadbalancer.RestTemplateCustomizer;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -14,7 +13,7 @@
  * configuration must be included in {@code @SpringBootTest} in order to take
  * effect.
  */
-@TestConfiguration
+@Configuration
 public class SecurityBeanOverrideConfiguration {
 
     @Bean

diff --git a/user-service/src/test/resources/config/application.yml b/user-service/src/test/resources/config/application.yml
@@ -86,20 +86,6 @@ jhipster:
       enabled: true
       report-frequency: 60 # in seconds
 
-uaa:
-  key-store:
-    name: src/test/resources/keystore.p12
-    password: password
-    alias: userservicetest
-  web-client-configuration:
-    # Access Token is valid for 5 mins
-    access-token-validity-in-seconds: 300
-    # Refresh Token is valid for 7 days
-    refresh-token-validity-in-seconds-for-remember-me: 604800
-    #change client secret in production, keep in sync with gateway configuration
-    client-id: web_app
-    secret: changeit
-
 # ===================================================================
 # Application specific properties
 # Add your own application properties here, see the ApplicationProperties class

diff --git a/user-service/src/test/resources/keystore.p12 b/user-service/src/test/resources/keystore.p12