Skip to content

Commit

Permalink
Merge pull request #1027 from ORCID/revert-1011-userITTests
Browse files Browse the repository at this point in the history
Revert "test config for keystore"
  • Loading branch information
auumgn authored Aug 7, 2023
2 parents 219857b + 45247ee commit 6a42c14
Show file tree
Hide file tree
Showing 5 changed files with 32 additions and 48 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/maven.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ jobs:
with:
java-version: 11
- name: Build User service
run: mvn -B verify --file user-service/pom.xml
run: mvn -B verify -Pprod --file user-service/pom.xml

build-assertion-service:
runs-on: ubuntu-latest
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,6 @@
import org.orcid.memberportal.service.user.security.AuthoritiesConstants;
import org.orcid.memberportal.service.user.security.PasswordTokenGranter;
import org.orcid.memberportal.service.user.services.UserService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
Expand Down Expand Up @@ -58,8 +56,6 @@ public class UaaConfiguration extends AuthorizationServerConfigurerAdapter imple
*/
private static final int MIN_ACCESS_TOKEN_VALIDITY_SECS = 60;

private static final Logger LOG = LoggerFactory.getLogger(UaaConfiguration.class);

private ApplicationContext applicationContext;

@Autowired
Expand Down Expand Up @@ -88,13 +84,13 @@ public ResourceServerConfiguration(TokenStore tokenStore, JHipsterProperties jHi
@Override
public void configure(HttpSecurity http) throws Exception {
http.exceptionHandling().authenticationEntryPoint((request, response, authException) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED)).and().csrf()
.disable().addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class).headers().frameOptions().disable().and().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests().antMatchers("/api/register").permitAll()
.antMatchers("/api/activate").permitAll().antMatchers("/api/authenticate").permitAll().antMatchers("/api/account/reset-password/init").permitAll()
.antMatchers("/api/account/reset-password/finish").permitAll().antMatchers("/api/account/reset-password/validate").permitAll()
.antMatchers("/api/users/**/resendActivation").permitAll().antMatchers("/api/**").authenticated().antMatchers("/management/health").permitAll()
.antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/v2/api-docs/**").permitAll()
.antMatchers("/swagger-resources/configuration/ui").permitAll().antMatchers("/swagger-ui/index.html").hasAuthority(AuthoritiesConstants.ADMIN);
.disable().addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class).headers().frameOptions().disable().and().sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests().antMatchers("/api/register").permitAll()
.antMatchers("/api/activate").permitAll().antMatchers("/api/authenticate").permitAll().antMatchers("/api/account/reset-password/init").permitAll()
.antMatchers("/api/account/reset-password/finish").permitAll().antMatchers("/api/account/reset-password/validate").permitAll()
.antMatchers("/api/users/**/resendActivation").permitAll().antMatchers("/api/**").authenticated().antMatchers("/management/health").permitAll()
.antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/v2/api-docs/**").permitAll()
.antMatchers("/swagger-resources/configuration/ui").permitAll().antMatchers("/swagger-ui/index.html").hasAuthority(AuthoritiesConstants.ADMIN);
}

@Override
Expand Down Expand Up @@ -122,13 +118,13 @@ public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
int refreshTokenValidity = uaaProperties.getWebClientConfiguration().getRefreshTokenValidityInSecondsForRememberMe();
refreshTokenValidity = Math.max(refreshTokenValidity, accessTokenValidity);
clients.inMemory().withClient(uaaProperties.getWebClientConfiguration().getClientId())
.secret(passwordEncoder.encode(uaaProperties.getWebClientConfiguration().getSecret())).scopes("openid").autoApprove(true)
.authorizedGrantTypes("implicit", "refresh_token", "password", "authorization_code").accessTokenValiditySeconds(accessTokenValidity)
.refreshTokenValiditySeconds(refreshTokenValidity).and().withClient(jHipsterProperties.getSecurity().getClientAuthorization().getClientId())
.secret(passwordEncoder.encode(jHipsterProperties.getSecurity().getClientAuthorization().getClientSecret())).scopes("web-app").authorities("ROLE_ADMIN")
.autoApprove(true).authorizedGrantTypes("client_credentials")
.accessTokenValiditySeconds((int) jHipsterProperties.getSecurity().getAuthentication().getJwt().getTokenValidityInSeconds())
.refreshTokenValiditySeconds((int) jHipsterProperties.getSecurity().getAuthentication().getJwt().getTokenValidityInSecondsForRememberMe());
.secret(passwordEncoder.encode(uaaProperties.getWebClientConfiguration().getSecret())).scopes("openid").autoApprove(true)
.authorizedGrantTypes("implicit", "refresh_token", "password", "authorization_code").accessTokenValiditySeconds(accessTokenValidity)
.refreshTokenValiditySeconds(refreshTokenValidity).and().withClient(jHipsterProperties.getSecurity().getClientAuthorization().getClientId())
.secret(passwordEncoder.encode(jHipsterProperties.getSecurity().getClientAuthorization().getClientSecret())).scopes("web-app").authorities("ROLE_ADMIN")
.autoApprove(true).authorizedGrantTypes("client_credentials")
.accessTokenValiditySeconds((int) jHipsterProperties.getSecurity().getAuthentication().getJwt().getTokenValidityInSeconds())
.refreshTokenValiditySeconds((int) jHipsterProperties.getSecurity().getAuthentication().getJwt().getTokenValidityInSecondsForRememberMe());
}

@Override
Expand Down Expand Up @@ -156,8 +152,7 @@ public DefaultTokenServices tokenServices() {
private TokenGranter tokenGranter(final AuthorizationServerEndpointsConfigurer endpoints) {
PasswordTokenGranter passwordTokenGranter = new PasswordTokenGranter(endpoints, authenticationManager, userService, tokenServices());
RefreshTokenGranter refreshTokenGranter = new RefreshTokenGranter(tokenServices(), endpoints.getClientDetailsService(), endpoints.getOAuth2RequestFactory());
ClientCredentialsTokenGranter clientCredentialsTokenGranter = new ClientCredentialsTokenGranter(tokenServices(), endpoints.getClientDetailsService(),
endpoints.getOAuth2RequestFactory());
ClientCredentialsTokenGranter clientCredentialsTokenGranter = new ClientCredentialsTokenGranter(tokenServices(), endpoints.getClientDetailsService(), endpoints.getOAuth2RequestFactory());
return new CompositeTokenGranter(Arrays.asList(passwordTokenGranter, refreshTokenGranter, clientCredentialsTokenGranter));
}

Expand All @@ -167,7 +162,7 @@ private TokenGranter tokenGranter(final AuthorizationServerEndpointsConfigurer e

/**
* Apply the token converter (and enhancer) for token store.
*
*
* @return the {@link JwtTokenStore} managing the tokens.
*/
@Bean
Expand All @@ -180,27 +175,31 @@ public JwtTokenStore tokenStore() {
* JWT access tokens and Authentication in both directions.
*
* @return an access token converter configured with the authorization
* server's public/private keys.
* server's public/private keys.
*/
@Bean
public JwtAccessTokenConverter jwtAccessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
try {
KeyPair keyPair = new KeyStoreKeyFactory(new FileUrlResource(uaaProperties.getKeyStore().getName()),
uaaProperties.getKeyStore().getPassword().toCharArray()).getKeyPair(uaaProperties.getKeyStore().getAlias());
converter.setKeyPair(keyPair);
} catch (MalformedURLException e) {
throw new RuntimeException("Error creating keystore factory", e);
if (uaaProperties.getKeyStore().getName() != null) {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
try {
KeyPair keyPair = new KeyStoreKeyFactory(new FileUrlResource(uaaProperties.getKeyStore().getName()),
uaaProperties.getKeyStore().getPassword().toCharArray()).getKeyPair(uaaProperties.getKeyStore().getAlias());
converter.setKeyPair(keyPair);
} catch (MalformedURLException e) {
throw new RuntimeException("Error creating keystore factory", e);
}
return converter;
} else {
return null;
}
return converter;
}

public class RefreshTokenConverter extends JwtAccessTokenConverter {
public RefreshTokenConverter() {
super();
try {
KeyPair keyPair = new KeyStoreKeyFactory(new FileUrlResource(uaaProperties.getKeyStore().getName()),
uaaProperties.getKeyStore().getPassword().toCharArray()).getKeyPair(uaaProperties.getKeyStore().getAlias());
uaaProperties.getKeyStore().getPassword().toCharArray()).getKeyPair(uaaProperties.getKeyStore().getAlias());
super.setKeyPair(keyPair);
} catch (MalformedURLException e) {
throw new RuntimeException("Error creating keystore factory", e);
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
package org.orcid.memberportal.service.user.config;

import org.springframework.boot.test.context.TestConfiguration;
import org.springframework.cloud.client.loadbalancer.RestTemplateCustomizer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
Expand All @@ -14,7 +13,7 @@
* configuration must be included in {@code @SpringBootTest} in order to take
* effect.
*/
@TestConfiguration
@Configuration
public class SecurityBeanOverrideConfiguration {

@Bean
Expand Down
14 changes: 0 additions & 14 deletions user-service/src/test/resources/config/application.yml
Original file line number Diff line number Diff line change
Expand Up @@ -86,20 +86,6 @@ jhipster:
enabled: true
report-frequency: 60 # in seconds

uaa:
key-store:
name: src/test/resources/keystore.p12
password: password
alias: userservicetest
web-client-configuration:
# Access Token is valid for 5 mins
access-token-validity-in-seconds: 300
# Refresh Token is valid for 7 days
refresh-token-validity-in-seconds-for-remember-me: 604800
#change client secret in production, keep in sync with gateway configuration
client-id: web_app
secret: changeit

# ===================================================================
# Application specific properties
# Add your own application properties here, see the ApplicationProperties class
Expand Down
Binary file removed user-service/src/test/resources/keystore.p12
Binary file not shown.

0 comments on commit 6a42c14

Please sign in to comment.