From 45247ee53522f39d24c114aaad088f885b4b4ec9 Mon Sep 17 00:00:00 2001 From: bobcaprice Date: Mon, 7 Aug 2023 14:14:08 +0100 Subject: [PATCH] Revert "test config for keystore" --- .github/workflows/maven.yml | 2 +- .../service/user/config/UaaConfiguration.java | 61 +++++++++--------- .../SecurityBeanOverrideConfiguration.java | 3 +- .../src/test/resources/config/application.yml | 14 ---- user-service/src/test/resources/keystore.p12 | Bin 2625 -> 0 bytes 5 files changed, 32 insertions(+), 48 deletions(-) delete mode 100644 user-service/src/test/resources/keystore.p12 diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index f32665b33..2cc488bd7 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -33,7 +33,7 @@ jobs: with: java-version: 11 - name: Build User service - run: mvn -B verify --file user-service/pom.xml + run: mvn -B verify -Pprod --file user-service/pom.xml build-assertion-service: runs-on: ubuntu-latest diff --git a/user-service/src/main/java/org/orcid/memberportal/service/user/config/UaaConfiguration.java b/user-service/src/main/java/org/orcid/memberportal/service/user/config/UaaConfiguration.java index 4c2605b38..b983da69d 100644 --- a/user-service/src/main/java/org/orcid/memberportal/service/user/config/UaaConfiguration.java +++ b/user-service/src/main/java/org/orcid/memberportal/service/user/config/UaaConfiguration.java @@ -12,8 +12,6 @@ import org.orcid.memberportal.service.user.security.AuthoritiesConstants; import org.orcid.memberportal.service.user.security.PasswordTokenGranter; import org.orcid.memberportal.service.user.services.UserService; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.beans.BeansException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; @@ -58,8 +56,6 @@ public class UaaConfiguration extends AuthorizationServerConfigurerAdapter imple */ private static final int MIN_ACCESS_TOKEN_VALIDITY_SECS = 60; - private static final Logger LOG = LoggerFactory.getLogger(UaaConfiguration.class); - private ApplicationContext applicationContext; @Autowired @@ -88,13 +84,13 @@ public ResourceServerConfiguration(TokenStore tokenStore, JHipsterProperties jHi @Override public void configure(HttpSecurity http) throws Exception { http.exceptionHandling().authenticationEntryPoint((request, response, authException) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED)).and().csrf() - .disable().addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class).headers().frameOptions().disable().and().sessionManagement() - .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests().antMatchers("/api/register").permitAll() - .antMatchers("/api/activate").permitAll().antMatchers("/api/authenticate").permitAll().antMatchers("/api/account/reset-password/init").permitAll() - .antMatchers("/api/account/reset-password/finish").permitAll().antMatchers("/api/account/reset-password/validate").permitAll() - .antMatchers("/api/users/**/resendActivation").permitAll().antMatchers("/api/**").authenticated().antMatchers("/management/health").permitAll() - .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/v2/api-docs/**").permitAll() - .antMatchers("/swagger-resources/configuration/ui").permitAll().antMatchers("/swagger-ui/index.html").hasAuthority(AuthoritiesConstants.ADMIN); + .disable().addFilterBefore(corsFilter, UsernamePasswordAuthenticationFilter.class).headers().frameOptions().disable().and().sessionManagement() + .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().authorizeRequests().antMatchers("/api/register").permitAll() + .antMatchers("/api/activate").permitAll().antMatchers("/api/authenticate").permitAll().antMatchers("/api/account/reset-password/init").permitAll() + .antMatchers("/api/account/reset-password/finish").permitAll().antMatchers("/api/account/reset-password/validate").permitAll() + .antMatchers("/api/users/**/resendActivation").permitAll().antMatchers("/api/**").authenticated().antMatchers("/management/health").permitAll() + .antMatchers("/management/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/v2/api-docs/**").permitAll() + .antMatchers("/swagger-resources/configuration/ui").permitAll().antMatchers("/swagger-ui/index.html").hasAuthority(AuthoritiesConstants.ADMIN); } @Override @@ -122,13 +118,13 @@ public void configure(ClientDetailsServiceConfigurer clients) throws Exception { int refreshTokenValidity = uaaProperties.getWebClientConfiguration().getRefreshTokenValidityInSecondsForRememberMe(); refreshTokenValidity = Math.max(refreshTokenValidity, accessTokenValidity); clients.inMemory().withClient(uaaProperties.getWebClientConfiguration().getClientId()) - .secret(passwordEncoder.encode(uaaProperties.getWebClientConfiguration().getSecret())).scopes("openid").autoApprove(true) - .authorizedGrantTypes("implicit", "refresh_token", "password", "authorization_code").accessTokenValiditySeconds(accessTokenValidity) - .refreshTokenValiditySeconds(refreshTokenValidity).and().withClient(jHipsterProperties.getSecurity().getClientAuthorization().getClientId()) - .secret(passwordEncoder.encode(jHipsterProperties.getSecurity().getClientAuthorization().getClientSecret())).scopes("web-app").authorities("ROLE_ADMIN") - .autoApprove(true).authorizedGrantTypes("client_credentials") - .accessTokenValiditySeconds((int) jHipsterProperties.getSecurity().getAuthentication().getJwt().getTokenValidityInSeconds()) - .refreshTokenValiditySeconds((int) jHipsterProperties.getSecurity().getAuthentication().getJwt().getTokenValidityInSecondsForRememberMe()); + .secret(passwordEncoder.encode(uaaProperties.getWebClientConfiguration().getSecret())).scopes("openid").autoApprove(true) + .authorizedGrantTypes("implicit", "refresh_token", "password", "authorization_code").accessTokenValiditySeconds(accessTokenValidity) + .refreshTokenValiditySeconds(refreshTokenValidity).and().withClient(jHipsterProperties.getSecurity().getClientAuthorization().getClientId()) + .secret(passwordEncoder.encode(jHipsterProperties.getSecurity().getClientAuthorization().getClientSecret())).scopes("web-app").authorities("ROLE_ADMIN") + .autoApprove(true).authorizedGrantTypes("client_credentials") + .accessTokenValiditySeconds((int) jHipsterProperties.getSecurity().getAuthentication().getJwt().getTokenValidityInSeconds()) + .refreshTokenValiditySeconds((int) jHipsterProperties.getSecurity().getAuthentication().getJwt().getTokenValidityInSecondsForRememberMe()); } @Override @@ -156,8 +152,7 @@ public DefaultTokenServices tokenServices() { private TokenGranter tokenGranter(final AuthorizationServerEndpointsConfigurer endpoints) { PasswordTokenGranter passwordTokenGranter = new PasswordTokenGranter(endpoints, authenticationManager, userService, tokenServices()); RefreshTokenGranter refreshTokenGranter = new RefreshTokenGranter(tokenServices(), endpoints.getClientDetailsService(), endpoints.getOAuth2RequestFactory()); - ClientCredentialsTokenGranter clientCredentialsTokenGranter = new ClientCredentialsTokenGranter(tokenServices(), endpoints.getClientDetailsService(), - endpoints.getOAuth2RequestFactory()); + ClientCredentialsTokenGranter clientCredentialsTokenGranter = new ClientCredentialsTokenGranter(tokenServices(), endpoints.getClientDetailsService(), endpoints.getOAuth2RequestFactory()); return new CompositeTokenGranter(Arrays.asList(passwordTokenGranter, refreshTokenGranter, clientCredentialsTokenGranter)); } @@ -167,7 +162,7 @@ private TokenGranter tokenGranter(final AuthorizationServerEndpointsConfigurer e /** * Apply the token converter (and enhancer) for token store. - * + * * @return the {@link JwtTokenStore} managing the tokens. */ @Bean @@ -180,19 +175,23 @@ public JwtTokenStore tokenStore() { * JWT access tokens and Authentication in both directions. * * @return an access token converter configured with the authorization - * server's public/private keys. + * server's public/private keys. */ @Bean public JwtAccessTokenConverter jwtAccessTokenConverter() { - JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); - try { - KeyPair keyPair = new KeyStoreKeyFactory(new FileUrlResource(uaaProperties.getKeyStore().getName()), - uaaProperties.getKeyStore().getPassword().toCharArray()).getKeyPair(uaaProperties.getKeyStore().getAlias()); - converter.setKeyPair(keyPair); - } catch (MalformedURLException e) { - throw new RuntimeException("Error creating keystore factory", e); + if (uaaProperties.getKeyStore().getName() != null) { + JwtAccessTokenConverter converter = new JwtAccessTokenConverter(); + try { + KeyPair keyPair = new KeyStoreKeyFactory(new FileUrlResource(uaaProperties.getKeyStore().getName()), + uaaProperties.getKeyStore().getPassword().toCharArray()).getKeyPair(uaaProperties.getKeyStore().getAlias()); + converter.setKeyPair(keyPair); + } catch (MalformedURLException e) { + throw new RuntimeException("Error creating keystore factory", e); + } + return converter; + } else { + return null; } - return converter; } public class RefreshTokenConverter extends JwtAccessTokenConverter { @@ -200,7 +199,7 @@ public RefreshTokenConverter() { super(); try { KeyPair keyPair = new KeyStoreKeyFactory(new FileUrlResource(uaaProperties.getKeyStore().getName()), - uaaProperties.getKeyStore().getPassword().toCharArray()).getKeyPair(uaaProperties.getKeyStore().getAlias()); + uaaProperties.getKeyStore().getPassword().toCharArray()).getKeyPair(uaaProperties.getKeyStore().getAlias()); super.setKeyPair(keyPair); } catch (MalformedURLException e) { throw new RuntimeException("Error creating keystore factory", e); diff --git a/user-service/src/test/java/org/orcid/memberportal/service/user/config/SecurityBeanOverrideConfiguration.java b/user-service/src/test/java/org/orcid/memberportal/service/user/config/SecurityBeanOverrideConfiguration.java index 64b2aad1f..ea245918a 100644 --- a/user-service/src/test/java/org/orcid/memberportal/service/user/config/SecurityBeanOverrideConfiguration.java +++ b/user-service/src/test/java/org/orcid/memberportal/service/user/config/SecurityBeanOverrideConfiguration.java @@ -1,6 +1,5 @@ package org.orcid.memberportal.service.user.config; -import org.springframework.boot.test.context.TestConfiguration; import org.springframework.cloud.client.loadbalancer.RestTemplateCustomizer; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -14,7 +13,7 @@ * configuration must be included in {@code @SpringBootTest} in order to take * effect. */ -@TestConfiguration +@Configuration public class SecurityBeanOverrideConfiguration { @Bean diff --git a/user-service/src/test/resources/config/application.yml b/user-service/src/test/resources/config/application.yml index b197f34c0..1c179bdd0 100644 --- a/user-service/src/test/resources/config/application.yml +++ b/user-service/src/test/resources/config/application.yml @@ -86,20 +86,6 @@ jhipster: enabled: true report-frequency: 60 # in seconds -uaa: - key-store: - name: src/test/resources/keystore.p12 - password: password - alias: userservicetest - web-client-configuration: - # Access Token is valid for 5 mins - access-token-validity-in-seconds: 300 - # Refresh Token is valid for 7 days - refresh-token-validity-in-seconds-for-remember-me: 604800 - #change client secret in production, keep in sync with gateway configuration - client-id: web_app - secret: changeit - # =================================================================== # Application specific properties # Add your own application properties here, see the ApplicationProperties class diff --git a/user-service/src/test/resources/keystore.p12 b/user-service/src/test/resources/keystore.p12 deleted file mode 100644 index 839fdbc9bce10424f817aa2d7c312cca26c61d29..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2625 zcmY+Ec{mgb7sdxOV<%=NT-O*WWNF5pWs%gM5!=&*O3h^Zs?k$HT@>!~=h#@WAh=vtXY8%g4{f zfl%SPnxS=m!o#0scG-S-At%B(=T&wNKo1s(2lnS8gByQ2W7ORSRaZv_ze0B`@p--p zc0tNYh`Vzxu&((JP}LlYXVvCgnXg3hXfcI}#e5G&lks+8*N_>aEvwR3u9rgE>qeH6 zz<$vS1N*rC)u8S^EsB91bG;OreDwH+Iu9tUXm*%YVWpBwgXot`$X}rmg_po(A6$cE z3v?fZp|}M5L^kC~eXK;>tlI;t$x6GjY9C_jR7?(9Feo!NeZk5HfD$k`gz#yDU z(4&%OaKr3&8DoOE(CHt+tFT+D9!1qUz_O5Zf?A%HsbHo^C|y~dub;JFTSlpz1I$Uf zQ&f}!N;2n#o_YNE*pt>)4UBTsH}Wl z8|QKFHk+wdq^ic|W20WzM?8k*$;O;_x>&Le{cD|eGap)Sbt&C4>b&$6-Ne(B^4Y7e zQSW`OCRqu-4LO|y$G2Ihx*br`vCL*G(ffzK*A=G34-^kBJ!XmEu#lkM^T6vG(;?{D zU#pNvYQt&I#D-^ApF~&`FqhLzripf4X?)q-X^}^Fy}uqN49io^+#a>hV5#FzY@Ual z{kc4nQ$vF|KhoHlL+q;~)L|3i*;UvAh~4R#^8_p5-O_~$T@Mo#`aarvE#DO9MuF(3 zAI%k5_P=Iuzp$e!*iFT8W@K=S&1hSf<%e3Lw-6nVD+N-lY;S{-9*Q&cgPoxU;xUbZ zojMG%WvR|G2oNnQXQ^}PV>IlfvabE7&nLtb-7pxb8f}itG1?m*7VU9X4i=KznqARh z0tiRV)&B6EyY;7tfrYOpm!8cvRWGx&6V7!Tgk?Pm(OXHuUYF{1P2E+OsoKZxUbS^U z#GR1DT2v=}-8B5;uM=y7GrOmzT=}zvj3neD!7jeN1T1_rUX95PsFZytHkn{a;PluS{k_e**wN zHQ39=_V+dJnW}7U=Q@FgNw+v0>!4tYjhKEDnbPp#H+rb4oQdSqt-@YyskN1XZTH$E z8A(zNS4gFzrOvw55U(khV44Y7AjfK(Pu&YP7gS>sUx!^#8S}$?Uo%Yp9>IUH=TWMA zcDQG3cZHwoY7BJ%_N0GrT}A1J;xCqs}_-&N2A6CLeT@c?xffpB*>7 zE~|X+!ac&MPi%1(CL2Jeo%VbiqPuYMYDHtuEyDcTTmTv1B|(<^bLZ;C)V`mqXuMMl zUR0Jwf1xp9)^i`ax+Eo5BkyLE?c5t|oy5appb#9wVNl@Ed9) zp09rrrqp;0@6zoi=pBjiaIx1~?Kq_ODTmVgom3T4`m4`gZ*J1zvhM@ju#!@f15T)1 zL8Zla{Kml2Y)oMaw*Fb+e^i3dRsP6k&)IV{UG88Cm>lfsOP}a~w zsi3sfl+{$#wT^M>@^^?6d`wu2W66}A4RAa#|2S;_VlMc<%&oeq`O?sQOY}vh|LoS_ z^hA9LW$=H@O~3=Wno2z{i~JrnkKHxmcQKE1el(JPyRx36am*p#-u3%~l&@(AGBWlY zaB|CKUX>H923eM$fb*4IRdkX*&(L?>^TUb(r;H0Pc6!K93d=zdqEKtg!p^;JvX1^6 z1G=q-!PdwzWW~DP zBg6)ivPTdTieasqtmdwumG!I*;%s^H!52$c^)0qWf0g2*xlHX@uHWY?&-m=iG#X%a z2o_8AJr$Y`_P(?zT}tMBA;;Re^_r}Z*CAa#XcH&sS6NSb@MMKkWB|A+f11{ zm$P3OxW^ZNZvb>byoL+c20(x-zq+1w%ez!u7Dn^R|Y>A$ULdL9Nc*=QCFU*WG zbDQX7DG5$uMiKlOWRO0gI0X`oTc6Ggh_oek@YX53wWvmXFvL1&*t>7tyz!Hoand7y z<9%Xd0lAH-Xpf^)t54=6Brp1Jt6@qd5HTIWb*4C$|D8{x*^iSs1*KBq&K3GeCplC5 zM!$_09!k1t7Q~XQDS?xpw3l~`o5XrMNaq<({dn)Aeg3zj&*T%EKEsgSCcrD`#OXNM0$cuL249u5LtT zCf}ch*Qdm7-Tljsnmg;=UUn>?aRJ)*~Ec>y;XdsX2_+kO~oj*bLfj{ zt2`%FY@!Rx@fQ{a=x277HM&4kH&xO)JvtZrzGmyLX%7;7^a`6!>L zEEi?pzRwKZt6G_4Qd29>=!r~J+d8ldv$mzaxKz;{Ma8tB^x7e2{_bzZkxe0vgSU|b zO7~C~P*NyvFi1gwgZ&o}00<59l}J($FWrHgk>YpYI_qP#4`zVS5>Rq`)g=vT=7B;z RLh&;V$3`k==U^ic{{xjX*5&{J