Motivation:

Inside the dockerfile the variable name for the client
secret was mistyped. Also start shell file wasn't able
to pass the secret to the jar file.

Modification:

- fix the mistyped in the dockerfile
- set the value of the client-secret by using the
    spring variable

Result:

User can now be authenticated.

Target: master

Motivation:

At the moment the utility controller is for obtaining
access and refresh token. These are no longer needed
at this time. Since the helmholtz-marketplace-webapp
will is now a dependency of this project, there is no
need for the index.html page.

Modification:

- delete the controller and index.html page

Result:

The server now render the helmholtz-marketplace-webapp
static files.

Target: master

Motivation:

The maven assembly is now use for packaging of the helmholtz-
marketplace-server. Hence, the ci/cd needs to be adjusted to
pick up the new structure.

Modification:

- add helmholtz-marketplace-webapp as a dependency to the project
- add maven assembly plugin with the instruction of how to package
    the distribution inside the distribution.xml. Inside this file
    the helmholtz-marketplace-webapp.jar file will be upacked and
    the output will be put inside the webapp directory
- create a shell script that can be use to start the server
- in the application.yml file, add a custom location for the static
    files, which is webapp directory
- adjust the dockerfile to reflect the new package structure
- adjust the matcher in the security configuration to allow access
    to the static files
- in the ci, add a build stage and rename test_sonar to
    code_quality_analysis
- move the sonar test job into the ci.yml file
- delete static-code-analysis.yml since it is no longer needed
- rename the profile name for the sonar test in the pom file
    from static-code-analysis to sonar
- run sonar test provided the ci/cd is not trigger by upstream
    repository, that is, helmholtz-marketplace-webapp

Result:

1. Create distribution package for the project. The tar file created
will have a structure like this:

| | |____hm-server
| | | |____bin
| | | | |____start.sh
| | | |____classes/
| | | |____webapp
| | | | |____index.html
| | | | |____images/
| | | | |____styles/
| | | |____lib
| | | | |____helmholtz-marketplace-server-0.0.1-SNAPSHOT.jar

2. A stable ci/cd that get trigger by push, merge-request and
pipeline. The following stages are now in the ci:
- build: check if the code compile
- test: both unit and integration test
- sonar: mainly for code quality analysis
- package: when trigger by pipiline it will use the newly available
    snapshot of helmholtz-marketplace-webapp
- deploy: push the artifact into the docker container that will
    be push into the docker hub

Target: master

Motivation:

Each time a aai access token is needed, we need to authenticate
again to obtain a new access token. However, this is not necessary
since we can use the refresh token, provided one is available
to obtain a new access_token.

Modification:

- initialise OAuth2AuthorizedClientService by using constructor
    instead of autowiring
- add a GET controller and a link that can be use to get the
    refresh token
- add to the list of scope `offline_access` to request for the
    refresh token from the auth server (that is Helmholtz AAI server).

Result:

Refresh token can now be obtain

Target: master
Review-at: https://gitlab.hzdr.de/hifis-technical-platform/helmholtz-marketplace-server/-/merge_requests/12

Motivation:

Since we are providing a service which is open to the public we should be aware of vulnerabilities in our code as well in our libraries. For our own code we already have Sonja which covers at least some of it, for the dependencies there is a Maven plugin.

Modifications:

Add the Maven Dependency-Check plugin (https://jeremylong.github.io/DependencyCheck/index.html) to the build.

Result:

The plugin binds to the verify stage of the Maven build and lets the build fail if there are vulnerabilities with a score greater than or equal to the configured CVSS value (currently 8)

Target: master

Request:

Acked-by: @femiadeyemi

Pull-request: !9

Motivation:

The maintainer of helmholtz changed to a new domain.

Modification:

Change the uris of the hdf to reflect the new domain
    name

Result:

AAI works and no visible changes to users

Target: master
Acked-by: Franz Stephan
Review: https://gitlab.hzdr.de/hifis-technical-platform/helmholtz-marketplace-server/-/merge_requests/11

Motivation:

The display name should be the human readable name for the project which can be different from the artifactId

Modifications:

* change property `name` of the project

Result

The project is now shown as "Helmholtz Marketplace Server"

Target: master

Request:

Acked-by:

Pull-request: !4

Motivation:

There was no continuous static code analysis until now. This is an important part of the quality assurance and should be covered in all builds

Modifications:

* add configuration for static code analysis as part of the Maven build
* add the neccessary GitLab configuration

Result

Static code analysis can be executed from the command line and the execution as part of the CI is prepared and only needs to be aenabled

Target: master

Request:

Acked-by: @femiadeyemi

Pull-request: !3

Add GitLab CI Configuration

See merge request hifis-technical-platform/helmholtz-marketplace-server!2

change version for Docker to 19.03.11

remove `maven-wrapper.jar` from the repository

add basic project configuration stuff

See merge request hifis-technical-platform/helmholtz-marketplace-server!1

remove `maven-wrapper.jar` because it is downloaded when building (https://github.com/takari/maven-wrapper#usage-without-binary-jar)

add Dockerfile and add configuration to respect X-Forward-* headers

add option to pass the secret for the Helmholtz AAI into the Docker container

Motivation:

The Helmholtz AAI service is a Identity and Authorisation
Management (IAM) system which arbitrates authenticated
access to registered services in the context of the Helmholtz
Assosiation. Integrating Helmholtz AAI service into the
Helmholtz Marketplace is in alignment with the goal of this
project.

Modification:

- authenticate -> able to get token
- logout
- enable csrf support

Result:

User can now be authenticate using Unity IDM.

Motivation:

A web server for helmholtz marketplace. This will be use to serve
the static files in `helmholtz-marketplace-webapp` repository.

Modification:Ã

Add boilerplate code generated by Spring Initializr.

Result:

A spring boot application that will be use to serve web related
static files and oauth2 client.