1. 16 Sep, 2020 1 commit
    • femiadeyemi's avatar
      enable access to aai refresh token · 63afad43
      femiadeyemi authored
      Motivation:
      
      Each time a aai access token is needed, we need to authenticate
      again to obtain a new access token. However, this is not necessary
      since we can use the refresh token, provided one is available
      to obtain a new access_token.
      
      Modification:
      
      - initialise OAuth2AuthorizedClientService by using constructor
          instead of autowiring
      - add a GET controller and a link that can be use to get the
          refresh token
      - add to the list of scope `offline_access` to request for the
          refresh token from the auth server (that is Helmholtz AAI server).
      
      Result:
      
      Refresh token can now be obtain
      
      Target: master
      Review-at: https://gitlab.hzdr.de/hifis-technical-platform/helmholtz-marketplace-server/-/merge_requests/12
      63afad43
  2. 05 Aug, 2020 1 commit
    • Carsten Heidmann's avatar
      Introduce vulnerability scan · 2d3bce58
      Carsten Heidmann authored
      Motivation:
      
      Since we are providing a service which is open to the public we should be aware of vulnerabilities in our code as well in our libraries. For our own code we already have Sonja which covers at least some of it, for the dependencies there is a Maven plugin.
      
      Modifications:
      
      Add the Maven Dependency-Check plugin (https://jeremylong.github.io/DependencyCheck/index.html) to the build.
      
      Result:
      
      The plugin binds to the verify stage of the Maven build and lets the build fail if there are vulnerabilities with a score greater than or equal to the configured CVSS value (currently 8)
      
      Target: master
      
      Request:
      
      Acked-by: @femiadeyemi
      
      Pull-request: !9
      2d3bce58
  3. 29 Jul, 2020 1 commit
  4. 22 Jul, 2020 2 commits
  5. 20 Jul, 2020 2 commits
    • Carsten Heidmann's avatar
      Fix CI build · 9e480943
      Carsten Heidmann authored
      9e480943
    • Carsten Heidmann's avatar
      Rename display name of the project · 6dc6c033
      Carsten Heidmann authored
      Motivation:
      
      The display name should be the human readable name for the project which can be different from the artifactId
      
      Modifications:
      
      * change property `name` of the project
      
      Result
      
      The project is now shown as "Helmholtz Marketplace Server"
      
      Target: master
      
      Request:
      
      Acked-by:
      
      Pull-request: !4
      6dc6c033
  6. 06 Jul, 2020 1 commit
    • Carsten Heidmann's avatar
      Add static code analysis as part of the build · f2533448
      Carsten Heidmann authored
      Motivation:
      
      There was no continuous static code analysis until now. This is an important part of the quality assurance and should be covered in all builds
      
      Modifications:
      
      * add configuration for static code analysis as part of the Maven build
      * add the neccessary GitLab configuration
      
      Result
      
      Static code analysis can be executed from the command line and the execution as part of the CI is prepared and only needs to be aenabled
      
      Target: master
      
      Request:
      
      Acked-by: @femiadeyemi
      
      Pull-request: !3
      f2533448
  7. 26 Jun, 2020 2 commits
  8. 25 Jun, 2020 6 commits
  9. 22 Jun, 2020 1 commit
  10. 18 Jun, 2020 2 commits
  11. 16 Jun, 2020 2 commits
  12. 08 Jun, 2020 1 commit
    • femiadeyemi's avatar
      authentication: add Helmholtz AAI service · 78fad52e
      femiadeyemi authored
      Motivation:
      
      The Helmholtz AAI service is a Identity and Authorisation
      Management (IAM) system which arbitrates authenticated
      access to registered services in the context of the Helmholtz
      Assosiation. Integrating Helmholtz AAI service into the
      Helmholtz Marketplace is in alignment with the goal of this
      project.
      
      Modification:
      
      - authenticate -> able to get token
      - logout
      - enable csrf support
      
      Result:
      
      User can now be authenticate using Unity IDM.
      78fad52e
  13. 20 May, 2020 1 commit
    • femiadeyemi's avatar
      helmholtz-marketplace-server: first commit · 8dc41ddb
      femiadeyemi authored
      Motivation:
      
      A web server for helmholtz marketplace. This will be use to serve
      the static files in `helmholtz-marketplace-webapp` repository.
      
      Modification:Ã
      
      Add boilerplate code generated by Spring Initializr.
      
      Result:
      
      A spring boot application that will be use to serve web related
      static files and oauth2 client.
      8dc41ddb