Commit fb3f4611 authored by femiadeyemi's avatar femiadeyemi
Browse files

make /tokens accessible to all

parent 300f649e
......@@ -5,7 +5,7 @@
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.3.0.RELEASE</version>
<version>2.3.5.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>de.helmholtz.marketplace</groupId>
......@@ -16,9 +16,11 @@
<properties>
<java.version>11</java.version>
<dependency-check-maven.version>5.3.2</dependency-check-maven.version>
<dependency-check-maven.version>6.2.2</dependency-check-maven.version>
<dependency-check-maven.cvss-threshold>8</dependency-check-maven.cvss-threshold>
<version.helmholtz-marketplace-webapp>0.0.1</version.helmholtz-marketplace-webapp>
<version.jacoco-maven-plugin>0.8.7</version.jacoco-maven-plugin>
<version.maven-assembly-plugin>3.3.0</version.maven-assembly-plugin>
<!--suppress UnresolvedMavenProperty -->
<sonar.token>${env.SONAR_AUTH_TOKEN}</sonar.token>
</properties>
......@@ -31,6 +33,16 @@
</repositories>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-actuator</artifactId>
</dependency>
<dependency>
<groupId>io.micrometer</groupId>
<artifactId>micrometer-registry-prometheus</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-client</artifactId>
......@@ -77,6 +89,7 @@
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>${project.parent.version}</version>
</plugin>
<plugin>
<groupId>org.owasp</groupId>
......@@ -97,7 +110,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-assembly-plugin</artifactId>
<version>3.3.0</version>
<version>${version.maven-assembly-plugin}</version>
<configuration>
<descriptors>
src/main/resources/distribution/distribution.xml
......@@ -124,7 +137,7 @@
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>0.8.5</version>
<version>${version.jacoco-maven-plugin}</version>
</plugin>
</plugins>
</pluginManagement>
......@@ -150,6 +163,7 @@
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>${version.jacoco-maven-plugin}</version>
<executions>
<execution>
<id>prepare-agent</id>
......
package de.helmholtz.marketplace.webappserver.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpStatus;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
@Configuration
@EnableWebSecurity
......@@ -20,16 +18,14 @@ public class HelmholtzMarketplaceServerSecurityConfig extends WebSecurityConfigu
// @formatter:off
http
.csrf().disable()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.authorizeRequests(requests -> requests
.antMatchers("/**", "/error").permitAll()
.antMatchers("/**", "/tokens", "/error", "/actuator/**", "/favicon.ico").permitAll()
.anyRequest().authenticated()
)
.exceptionHandling(error -> error
.authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED))
)
.csrf(c -> c
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
)
.exceptionHandling().disable()
.logout(l -> l
.logoutSuccessUrl("/").permitAll()
)
......
......@@ -2,6 +2,8 @@ package de.helmholtz.marketplace.webappserver.controller;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.MediaType;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
......@@ -15,6 +17,9 @@ import java.io.IOException;
@RestController
public class HelmholtzMarketServerController
{
@Value("${cerebrum.endpoint}")
String cerebrumUrl;
private final OAuth2AuthorizedClientService authorizedClientService;
public HelmholtzMarketServerController(
......@@ -23,7 +28,7 @@ public class HelmholtzMarketServerController
this.authorizedClientService = authorizedClientService;
}
@GetMapping("/tokens")
@GetMapping(path = "/tokens", produces = MediaType.APPLICATION_JSON_VALUE)
public JsonNode getAccessToken(OAuth2AuthenticationToken authentication,
HttpServletResponse response) throws IOException
{
......@@ -42,4 +47,10 @@ public class HelmholtzMarketServerController
{
return token;
}
@GetMapping(path = "/scripts/config.js", produces = "text/javascript")
public String getWebAppConfig()
{
return "var CONFIG = {\"cerebrum.endpoint\": \"" + cerebrumUrl +"\"}";
}
}
cerebrum:
endpoint: "http://localhost:8090/api/v0/"
logging:
level:
root: DEBUG
org.springframework.web: TRACE
org.springframework.security: TRACE
org.springframework.security.oauth2: TRACE
org.springframework.boot.autoconfigure: DEBUG
\ No newline at end of file
org.springframework.boot.autoconfigure: DEBUG
spring:
security:
oauth2:
client:
registration:
unity:
redirect-uri: "{baseUrl}/login/oauth2/code/unity"
\ No newline at end of file
cerebrum:
endpoint: "https://hifis-tp.desy.de/api/v0/"
logging:
level:
root: INFO
......@@ -11,8 +14,20 @@ server:
error:
whitelabel:
enabled: false
shutdown: "graceful"
management:
endpoints:
web:
exposure:
include: "prometheus,health,info,metric,shutdown"
metrics:
tags:
application: ${spring.application.name}
spring:
application:
name: marketplace-app
resources:
static-locations: ${path:'file:../webapp/'}
security:
......@@ -24,7 +39,7 @@ spring:
client-id: helmholtz-marketplace
client-secret: ${secret:nopass}
authorization-grant-type: authorization_code
redirect-uri: "https://hifis-tp.desy.de/login/oauth2/code/unity"
redirect-uri: "https://{baseHost}{basePort}{basePath}/login/oauth2/code/unity"
scope:
- offline_access
- credentials
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment