diff --git a/.env.unix.example b/.env.unix.example
index 0c0ec3bc05b29074c26887f5306074c31e1beb6b..890b2385aadbda123203fa85546631e1e42cace4 100644
--- a/.env.unix.example
+++ b/.env.unix.example
@@ -1,6 +1,6 @@
DBREPO_CLIENT_SECRET=MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG
RABBITMQ_CLIENT_SECRET=JEC2FexxrX4N65fLeDGukAl6R3Lc9y0u
-JWT_ISSUER=https://localhost:8443/realms/dbrepo
+JWT_ISSUER=https://localhost/realms/dbrepo
JWT_PUBKEY=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB
JWT_CERT=MIICmzCCAYMCBgGG3GWyBTANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZkYnJlcG8wHhcNMjMwMzEzMTkxMzE3WhcNMzMwMzEzMTkxNDU3WjARMQ8wDQYDVQQDDAZkYnJlcG8wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqqcdDYFZZb28M0tEJzEP77FmD/Xqioyj9zWX6VwUSOMAgmMmn8eqs9hT9T0a+q4YTo9tUW1PNbUpwprA5b4Uk04DcIajxDVMUR/PjcHytmkqwVskq9AZW/Vngdoo+8tSbuIybwe/3Vwt266hbHpDcM97a+DXcYooRl7tQWCEX7RP27wQrMD9epDQ6IgKayZg9vC9/03dsIqwH9jXQRiZlFvwiEKhX2aY7lPGBaCK414JO00K/Z49iov9TRa/IYVbSt5qwgrx6DcqsBSPwOnI6A85UGfeUEZ/7coVJiL7RvBlsllapsL9eWTbQajVh94k9Ei3sibEPbtH+U2OAM78zAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAASnN1Cuif1sdfEK2kWAURSXGJCohCROLWdKFjaeHPRaEfpbFJsgxW0Yj3nwX5O3bUlOWoTyENwnXSsXMQsqnNi+At32CKaKO8+AkhAbgQL9F0B+KeJwmYv3cUj5N/LYkJjBvZBzUZ4Ugu5dcxH0k7AktLAIwimkyEnxTNolOA3UyrGGpREr8MCKWVr10RFuOpF/0CsJNNwbHXzalO9D756EUcRWZ9VSg6QVNso0YYRKTnILWDn9hcTRnqGy3SHo3anFTqQZ+BB57YbgFWy6udC0LYRB3zdp6zNti87eu/VEymiDY/mmo1AB8Tm0b6vxFz4AKcL3ax5qS6YnZ9efSzk=
SHARED_FILESYSTEM=/tmp
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c01079417bcb336b0e471b092c01540ddc0e30bb..8f79a65c043ffb47054e3869fa94083754caf563 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -55,13 +55,6 @@ build-database-service:
script:
- "make build-database-service"
-build-discovery-service:
- stage: build-backend
- needs:
- - build-metadata-db
- script:
- - "make build-discovery-service"
-
build-gateway-service:
stage: build-backend
needs:
@@ -177,23 +170,6 @@ test-database-service:
coverage: '/Total.*?([0-9]{1,3})%/'
timeout: 2 hour
-test-discovery-service:
- stage: test-backend
- needs:
- - build-discovery-service
- script:
- - "make test-discovery-service"
- - "cat ./dbrepo-discovery-service/report/target/site/jacoco-aggregate/index.html | grep -o 'Total[^%]*%' | sed 's/<.*>/ /; s/Total/Jacoco Coverage Total:/'"
- artifacts:
- when: always
- paths:
- - ./dbrepo-discovery-service/report/target/site/jacoco-aggregate/
- - ./dbrepo-discovery-service/discovery/target/surefire-reports/
- expire_in: 1 days
- reports:
- junit: ./dbrepo-discovery-service/discovery/target/surefire-reports/TEST-*.xml
- coverage: '/Total.*?([0-9]{1,3})%/'
-
test-query-service:
stage: test-backend
needs:
@@ -246,23 +222,6 @@ test-metadata-service:
junit: ./dbrepo-metadata-service/rest-service/target/surefire-reports/TEST-*.xml
coverage: '/Total.*?([0-9]{1,3})%/'
-test-gateway-service:
- stage: test-backend
- needs:
- - build-gateway-service
- script:
- - "make test-gateway-service"
- - "echo 'Jacoco Coverage Total: 100%'"
- artifacts:
- when: always
- paths:
- - ./dbrepo-gateway-service/report/target/site/jacoco-aggregate/
- - ./dbrepo-metadata-service/gateway/target/surefire-reports/
- expire_in: 1 days
- reports:
- junit: ./dbrepo-gateway-service/gateway/target/surefire-reports/TEST-*.xml
- coverage: '/Total.*?([0-9]{1,3})%/'
-
test-semantics-service:
stage: test-backend
needs:
@@ -320,7 +279,6 @@ build-docker:
- build-identifier-service
- build-container-service
- build-database-service
- - build-discovery-service
- build-gateway-service
- build-query-service
- build-table-service
@@ -427,24 +385,6 @@ scan-database-service:
reports:
container_scanning: ./.trivy/trivy-database-service-report.json
-scan-discovery-service:
- stage: scan-docker
- needs:
- - build-docker
- allow_failure: true
- before_script:
- - docker logout ghcr.io
- script:
- - make scan-discovery-service
- cache:
- paths:
- - .trivycache/
- artifacts:
- when: always
- expire_in: 1 days
- reports:
- container_scanning: ./.trivy/trivy-discovery-service-report.json
-
scan-gateway-service:
stage: scan-docker
needs:
@@ -651,7 +591,6 @@ release-latest:
- scan-broker-service
- scan-container-service
- scan-database-service
- - scan-discovery-service
- scan-gateway-service
- scan-identifier-service
- scan-metadata-db
@@ -679,7 +618,6 @@ release-version:
- scan-broker-service
- scan-container-service
- scan-database-service
- - scan-discovery-service
- scan-gateway-service
- scan-identifier-service
- scan-metadata-db
diff --git a/dbrepo-analyse-service/Dockerfile b/dbrepo-analyse-service/Dockerfile
index 802686ed74e8a86e7e7395b7f496a0a0374e45e6..9e4c027a543e0bc3a00510d2f58ef6b4bf376dcd 100644
--- a/dbrepo-analyse-service/Dockerfile
+++ b/dbrepo-analyse-service/Dockerfile
@@ -4,12 +4,12 @@ MAINTAINER Martin Weise <martin.weise@tuwien.ac.at>
RUN apk update && apk --no-cache add build-base gcc python3-dev libpq-dev libffi-dev bash curl py3-pandas \
py3-sqlalchemy py3-requests py3-gevent py3-psycopg2
-COPY ./requirements.txt ./requirements.txt
-COPY ./healthcheck.sh ./healthcheck.sh
+WORKDIR /app
+COPY ./requirements.txt ./requirements.txt
RUN pip install -r requirements.txt > /dev/null
-WORKDIR /app
+COPY ./healthcheck.sh ./healthcheck.sh
ENV FLASK_APP=app.py
ENV FLASK_RUN_HOST=0.0.0.0
diff --git a/dbrepo-authentication-service/Dockerfile b/dbrepo-authentication-service/Dockerfile
index 579d599274724c62789bcbaf5f1deb3cb436bdd8..9355947d1a6967b8640561edf7734ef2ed614125 100644
--- a/dbrepo-authentication-service/Dockerfile
+++ b/dbrepo-authentication-service/Dockerfile
@@ -1,7 +1,6 @@
###### FIRST STAGE ######
-FROM keycloak/keycloak:21.1 as config
+FROM keycloak/keycloak:21.0 as config
MAINTAINER Martin Weise <martin.weise@tuwien.ac.at>
-LABEL service=authentication
# Enable health and metrics support
ENV KC_HEALTH_ENABLED=true
@@ -22,8 +21,8 @@ FROM redhat/ubi9-minimal as binary
RUN microdnf update -y && microdnf install -y curl-minimal libcurl-minimal
-###### FOURTH STAGE ######
-FROM keycloak/keycloak:21.1 as runtime
+###### THIRD STAGE ######
+FROM keycloak/keycloak:21.0 as runtime
COPY --from=config /opt/keycloak/ /opt/keycloak/
COPY --from=binary /usr/lib64 /usr/lib64
diff --git a/dbrepo-authentication-service/dbrepo-realm.json b/dbrepo-authentication-service/dbrepo-realm.json
index c3b1302374829703fd21ad3adc553d65ac8d9bf2..4e65cc8efebf40cc8d206326fd2b08e1fa574722 100644
--- a/dbrepo-authentication-service/dbrepo-realm.json
+++ b/dbrepo-authentication-service/dbrepo-realm.json
@@ -909,7 +909,7 @@
"otpPolicyLookAheadWindow" : 1,
"otpPolicyPeriod" : 30,
"otpPolicyCodeReusable" : false,
- "otpSupportedApplications" : [ "totpAppGoogleName", "totpAppFreeOTPName", "totpAppMicrosoftAuthenticatorName" ],
+ "otpSupportedApplications" : [ "totpAppFreeOTPName", "totpAppMicrosoftAuthenticatorName", "totpAppGoogleName" ],
"webAuthnPolicyRpEntityName" : "keycloak",
"webAuthnPolicySignatureAlgorithms" : [ "ES256" ],
"webAuthnPolicyRpId" : "",
@@ -1838,7 +1838,40 @@
"enabledEventTypes" : [ "SEND_RESET_PASSWORD", "UPDATE_CONSENT_ERROR", "GRANT_CONSENT", "VERIFY_PROFILE_ERROR", "REMOVE_TOTP", "REVOKE_GRANT", "UPDATE_TOTP", "LOGIN_ERROR", "CLIENT_LOGIN", "RESET_PASSWORD_ERROR", "IMPERSONATE_ERROR", "CODE_TO_TOKEN_ERROR", "CUSTOM_REQUIRED_ACTION", "OAUTH2_DEVICE_CODE_TO_TOKEN_ERROR", "RESTART_AUTHENTICATION", "IMPERSONATE", "UPDATE_PROFILE_ERROR", "LOGIN", "OAUTH2_DEVICE_VERIFY_USER_CODE", "UPDATE_PASSWORD_ERROR", "CLIENT_INITIATED_ACCOUNT_LINKING", "TOKEN_EXCHANGE", "AUTHREQID_TO_TOKEN", "LOGOUT", "REGISTER", "DELETE_ACCOUNT_ERROR", "CLIENT_REGISTER", "IDENTITY_PROVIDER_LINK_ACCOUNT", "DELETE_ACCOUNT", "UPDATE_PASSWORD", "CLIENT_DELETE", "FEDERATED_IDENTITY_LINK_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN", "CLIENT_DELETE_ERROR", "VERIFY_EMAIL", "CLIENT_LOGIN_ERROR", "RESTART_AUTHENTICATION_ERROR", "EXECUTE_ACTIONS", "REMOVE_FEDERATED_IDENTITY_ERROR", "TOKEN_EXCHANGE_ERROR", "PERMISSION_TOKEN", "SEND_IDENTITY_PROVIDER_LINK_ERROR", "EXECUTE_ACTION_TOKEN_ERROR", "SEND_VERIFY_EMAIL", "OAUTH2_DEVICE_AUTH", "EXECUTE_ACTIONS_ERROR", "REMOVE_FEDERATED_IDENTITY", "OAUTH2_DEVICE_CODE_TO_TOKEN", "IDENTITY_PROVIDER_POST_LOGIN", "IDENTITY_PROVIDER_LINK_ACCOUNT_ERROR", "OAUTH2_DEVICE_VERIFY_USER_CODE_ERROR", "UPDATE_EMAIL", "REGISTER_ERROR", "REVOKE_GRANT_ERROR", "EXECUTE_ACTION_TOKEN", "LOGOUT_ERROR", "UPDATE_EMAIL_ERROR", "CLIENT_UPDATE_ERROR", "AUTHREQID_TO_TOKEN_ERROR", "UPDATE_PROFILE", "CLIENT_REGISTER_ERROR", "FEDERATED_IDENTITY_LINK", "SEND_IDENTITY_PROVIDER_LINK", "SEND_VERIFY_EMAIL_ERROR", "RESET_PASSWORD", "CLIENT_INITIATED_ACCOUNT_LINKING_ERROR", "OAUTH2_DEVICE_AUTH_ERROR", "UPDATE_CONSENT", "REMOVE_TOTP_ERROR", "VERIFY_EMAIL_ERROR", "SEND_RESET_PASSWORD_ERROR", "CLIENT_UPDATE", "CUSTOM_REQUIRED_ACTION_ERROR", "IDENTITY_PROVIDER_POST_LOGIN_ERROR", "UPDATE_TOTP_ERROR", "CODE_TO_TOKEN", "VERIFY_PROFILE", "GRANT_CONSENT_ERROR", "IDENTITY_PROVIDER_FIRST_LOGIN_ERROR" ],
"adminEventsEnabled" : false,
"adminEventsDetailsEnabled" : false,
- "identityProviders" : [ ],
+ "identityProviders" : [ {
+ "alias" : "saml",
+ "displayName" : "",
+ "internalId" : "4a2378b1-4e46-4783-a663-b33f3bd95061",
+ "providerId" : "saml",
+ "enabled" : true,
+ "updateProfileFirstLoginMode" : "on",
+ "trustEmail" : false,
+ "storeToken" : false,
+ "addReadTokenRoleOnCreate" : false,
+ "authenticateByDefault" : false,
+ "linkOnly" : false,
+ "firstBrokerLoginFlowAlias" : "first broker login",
+ "config" : {
+ "validateSignature" : "false",
+ "postBindingLogout" : "false",
+ "nameIDPolicyFormat" : "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent",
+ "postBindingResponse" : "false",
+ "entityId" : "https://dbrepo2.ec.tuwien.ac.at/realms/dbrepo",
+ "backchannelSupported" : "false",
+ "signSpMetadata" : "false",
+ "wantAssertionsEncrypted" : "false",
+ "loginHint" : "false",
+ "allowCreate" : "true",
+ "wantAssertionsSigned" : "false",
+ "postBindingAuthnRequest" : "false",
+ "forceAuthn" : "false",
+ "attributeConsumingServiceIndex" : "0",
+ "singleSignOnServiceUrl" : "https://idp.zid.tuwien.ac.at/",
+ "wantAuthnRequestsSigned" : "false",
+ "allowedClockSkew" : "0",
+ "principalType" : "Subject NameID"
+ }
+ } ],
"identityProviderMappers" : [ ],
"components" : {
"org.keycloak.services.clientregistration.policy.ClientRegistrationPolicy" : [ {
@@ -1899,7 +1932,7 @@
"subType" : "authenticated",
"subComponents" : { },
"config" : {
- "allowed-protocol-mapper-types" : [ "oidc-full-name-mapper", "oidc-usermodel-property-mapper", "oidc-usermodel-attribute-mapper", "saml-user-property-mapper", "saml-role-list-mapper", "oidc-address-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper" ]
+ "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "oidc-full-name-mapper", "oidc-usermodel-property-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-property-mapper", "saml-role-list-mapper", "oidc-address-mapper", "saml-user-attribute-mapper" ]
}
}, {
"id" : "3ab11d74-5e76-408a-b85a-26bf8950f979",
@@ -1908,7 +1941,7 @@
"subType" : "anonymous",
"subComponents" : { },
"config" : {
- "allowed-protocol-mapper-types" : [ "oidc-usermodel-attribute-mapper", "saml-role-list-mapper", "oidc-full-name-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-user-attribute-mapper", "saml-user-property-mapper", "oidc-address-mapper", "oidc-usermodel-property-mapper" ]
+ "allowed-protocol-mapper-types" : [ "saml-user-property-mapper", "oidc-usermodel-attribute-mapper", "oidc-sha256-pairwise-sub-mapper", "saml-role-list-mapper", "oidc-address-mapper", "oidc-usermodel-property-mapper", "saml-user-attribute-mapper", "oidc-full-name-mapper" ]
}
} ],
"org.keycloak.keys.KeyProvider" : [ {
@@ -1960,7 +1993,7 @@
"internationalizationEnabled" : false,
"supportedLocales" : [ ],
"authenticationFlows" : [ {
- "id" : "85d85037-1863-4869-b9ab-09582853f779",
+ "id" : "7e7d6810-5b6c-4ec6-865c-5f0b62ec56d7",
"alias" : "Account verification options",
"description" : "Method with which to verity the existing account",
"providerId" : "basic-flow",
@@ -1982,7 +2015,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "e89d11ed-c578-409a-aaed-d00db2951f66",
+ "id" : "6d972ab3-0618-4971-b44a-0fc0d11c7280",
"alias" : "Authentication Options",
"description" : "Authentication options.",
"providerId" : "basic-flow",
@@ -2011,7 +2044,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "5bfb765d-30bf-4708-b85e-01beb0813a75",
+ "id" : "821a14e0-ef26-4b07-b716-fa34393eda56",
"alias" : "Browser - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
@@ -2033,7 +2066,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "dfe729c0-df4b-4b9b-8170-fd29d703f691",
+ "id" : "e70eadbd-4c39-4cfd-86ac-e50acc753b1b",
"alias" : "Direct Grant - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
@@ -2055,7 +2088,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "e52f6f8c-edd8-42eb-a956-1e642d054a09",
+ "id" : "4e35af97-acf4-4ca8-bc81-0477c1adfb6d",
"alias" : "First broker login - Conditional OTP",
"description" : "Flow to determine if the OTP is required for the authentication",
"providerId" : "basic-flow",
@@ -2077,7 +2110,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "0fcdfbb3-4e4f-4c55-9e06-9baf3afef314",
+ "id" : "2e0bd063-274a-4aab-a5f0-038a0bca5b98",
"alias" : "Handle Existing Account",
"description" : "Handle what to do if there is existing account with same email/username like authenticated identity provider",
"providerId" : "basic-flow",
@@ -2099,7 +2132,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "a3db4f3a-a772-4530-b948-c2ea688dc993",
+ "id" : "6a20fab2-44bb-4451-b29a-6fb7e14a52ce",
"alias" : "Reset - Conditional OTP",
"description" : "Flow to determine if the OTP should be reset or not. Set to REQUIRED to force.",
"providerId" : "basic-flow",
@@ -2121,7 +2154,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "d540d238-e69c-4eb1-8238-bf43c9f59118",
+ "id" : "159d7398-74a7-4f60-a3fd-eb2df46f5ce7",
"alias" : "User creation or linking",
"description" : "Flow for the existing/non-existing user alternatives",
"providerId" : "basic-flow",
@@ -2144,7 +2177,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "b0b433e3-3a58-4915-8833-ad55fef4aab7",
+ "id" : "85a66c55-4665-4ba0-bec9-7254eb8e5895",
"alias" : "Verify Existing Account by Re-authentication",
"description" : "Reauthentication of existing account",
"providerId" : "basic-flow",
@@ -2166,7 +2199,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "68ec036a-f399-4980-80b7-a27867f5e650",
+ "id" : "c002e6da-2397-4fae-8d48-1eec3719ca15",
"alias" : "browser",
"description" : "browser based authentication",
"providerId" : "basic-flow",
@@ -2202,7 +2235,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "aa32f681-942b-4194-b8df-124f210bcaa9",
+ "id" : "a03631cf-2fea-4a12-a35c-8137023503bd",
"alias" : "clients",
"description" : "Base authentication for clients",
"providerId" : "client-flow",
@@ -2238,7 +2271,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "1169765a-7850-4a9a-9a72-9a9dcf75ac8b",
+ "id" : "a89940e4-bf4d-4a04-8fdf-dcf775336b20",
"alias" : "direct grant",
"description" : "OpenID Connect Resource Owner Grant",
"providerId" : "basic-flow",
@@ -2267,7 +2300,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "60f23852-a761-4290-982b-c51876f4c382",
+ "id" : "2dc2582b-be6f-4d9a-b545-b2c0e79a3581",
"alias" : "docker auth",
"description" : "Used by Docker clients to authenticate against the IDP",
"providerId" : "basic-flow",
@@ -2282,7 +2315,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "a09aa7bd-3f8f-444d-83d0-f095b5f7c6bb",
+ "id" : "09e56692-226f-4384-85e0-e33463cdb226",
"alias" : "first broker login",
"description" : "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account",
"providerId" : "basic-flow",
@@ -2305,7 +2338,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "85d2028a-ab84-4fcb-8088-94c927051018",
+ "id" : "1439c900-92e0-4230-a1a7-ae82c3b8ddc9",
"alias" : "forms",
"description" : "Username, password, otp and other auth forms.",
"providerId" : "basic-flow",
@@ -2327,7 +2360,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "43ffa27d-3940-4b9b-857d-85f2b3729710",
+ "id" : "4cc3bb1b-e85d-447e-b50e-1afbe107bafe",
"alias" : "http challenge",
"description" : "An authentication flow based on challenge-response HTTP Authentication Schemes",
"providerId" : "basic-flow",
@@ -2349,7 +2382,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "2e900379-7ae7-431d-a586-2014f7688aa0",
+ "id" : "04c49d80-30e4-4a37-b1c7-4d18c1b6a7f1",
"alias" : "registration",
"description" : "registration flow",
"providerId" : "basic-flow",
@@ -2365,7 +2398,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "844942ca-41ae-4d50-b3ab-7815d9df6332",
+ "id" : "85abb75a-0774-4b2d-8a71-2a92b0cfb639",
"alias" : "registration form",
"description" : "registration form",
"providerId" : "form-flow",
@@ -2401,7 +2434,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "7c108a2a-abbd-462e-a9fc-917f28b67f80",
+ "id" : "948f68c1-015b-4349-a56f-6ee177d558ce",
"alias" : "reset credentials",
"description" : "Reset credentials for a user if they forgot their password or something",
"providerId" : "basic-flow",
@@ -2437,7 +2470,7 @@
"userSetupAllowed" : false
} ]
}, {
- "id" : "b47ae4b9-a177-44ef-b41e-c7e5da6220c7",
+ "id" : "6046d416-4a88-4af6-b440-9fbc87fba478",
"alias" : "saml ecp",
"description" : "SAML ECP Profile Authentication Flow",
"providerId" : "basic-flow",
@@ -2453,13 +2486,13 @@
} ]
} ],
"authenticatorConfig" : [ {
- "id" : "81c9b7e4-2574-46b1-8a2a-e35edc716c1c",
+ "id" : "3c91aefc-127f-4722-8375-72e8434d6266",
"alias" : "create unique user config",
"config" : {
"require.password.update.after.registration" : "false"
}
}, {
- "id" : "14491568-0d51-4082-9bb2-216d3cb4ab34",
+ "id" : "1041c583-4682-44a8-b61b-9712bd4987c4",
"alias" : "review profile config",
"config" : {
"update.profile.on.first.login" : "missing"
diff --git a/dbrepo-container-service/Dockerfile b/dbrepo-container-service/Dockerfile
index cab97691b1873da1c6b5e1597ada8e3b1c7cfe1e..4ea6ba61c2b1d94c0c65777960fb35be4a12d6c1 100644
--- a/dbrepo-container-service/Dockerfile
+++ b/dbrepo-container-service/Dockerfile
@@ -31,7 +31,7 @@ ENV USER_NETWORK=userdb
ENV LOG_LEVEL=debug
ENV DBREPO_CLIENT_SECRET=client-secret
ENV CLIENT_ID=dbrepo-client
-ENV JWT_ISSUER=http://localhost:8080/realms/dbrepo
+ENV JWT_ISSUER=https://localhost/realms/dbrepo
ENV JWT_PUBKEY=public-key
WORKDIR /app
diff --git a/dbrepo-container-service/rest-service/src/main/resources/application-local.yml b/dbrepo-container-service/rest-service/src/main/resources/application-local.yml
index 5ffa215283c5f634120d51fbd8343efedf2df4b9..a512f0b191036f43ee382174de7dbb890a222865 100644
--- a/dbrepo-container-service/rest-service/src/main/resources/application-local.yml
+++ b/dbrepo-container-service/rest-service/src/main/resources/application-local.yml
@@ -41,8 +41,8 @@ fda:
mount.path: /tmp
ready.path: ./ready
jwt:
- issuer: https://localhost:8443/realms/dbrepo
+ issuer: https://localhost/realms/dbrepo
public_key: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB
client_secret: client-secret
client_id: dbrepo-client
- gateway.endpoint: http://localhost
\ No newline at end of file
+ gateway.endpoint: https://localhost
\ No newline at end of file
diff --git a/dbrepo-container-service/rest-service/src/main/resources/application.yml b/dbrepo-container-service/rest-service/src/main/resources/application.yml
index d0b2927e65751b5a64329b653979692ed0b9f809..27b861dde15370ee5863a2a106e5abaa8e3a109d 100644
--- a/dbrepo-container-service/rest-service/src/main/resources/application.yml
+++ b/dbrepo-container-service/rest-service/src/main/resources/application.yml
@@ -45,4 +45,4 @@ fda:
public_key: "${JWT_PUBKEY}"
client_secret: "${DBREPO_CLIENT_SECRET}"
client_id: "${CLIENT_ID}"
- gateway.endpoint: http://gateway-service
\ No newline at end of file
+ gateway.endpoint: https://gateway-service
\ No newline at end of file
diff --git a/dbrepo-database-service/Dockerfile b/dbrepo-database-service/Dockerfile
index a2d4257a25edc04a812290520972f9343f6e60f0..428a19a221e8e7b14b26f04269bab8eb00883bbf 100644
--- a/dbrepo-database-service/Dockerfile
+++ b/dbrepo-database-service/Dockerfile
@@ -33,7 +33,7 @@ ENV GATEWAY_ENDPOINT=http://gateway-service
ENV LOG_LEVEL=debug
ENV DBREPO_CLIENT_SECRET=client-secret
ENV CLIENT_ID=dbrepo-client
-ENV JWT_ISSUER=http://localhost:8080/realms/dbrepo
+ENV JWT_ISSUER=https://localhost/realms/dbrepo
ENV JWT_PUBKEY=public-key
WORKDIR /app
diff --git a/dbrepo-database-service/rest-service/src/main/resources/application-local.yml b/dbrepo-database-service/rest-service/src/main/resources/application-local.yml
index 0fdd60eace0b1f9e072433b38e93eb20f459a8c7..b38fbd85e05542cd42ad1d8ea560dd9b7b203cb7 100644
--- a/dbrepo-database-service/rest-service/src/main/resources/application-local.yml
+++ b/dbrepo-database-service/rest-service/src/main/resources/application-local.yml
@@ -42,8 +42,8 @@ fda:
password: elastic
ready.path: ./ready
jwt:
- issuer: https://localhost:8443/realms/dbrepo
+ issuer: https://localhost/realms/dbrepo
public_key: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB
client_secret: client-secret
client_id: dbrepo-client
- gateway.endpoint: http://localhost
\ No newline at end of file
+ gateway.endpoint: https://localhost
\ No newline at end of file
diff --git a/dbrepo-gateway-service/Dockerfile b/dbrepo-gateway-service/Dockerfile
index 6086e614d19011a1df5854c3af5881fa7350a237..786eba8df6844511bc525cd3dad12763453dbf7a 100644
--- a/dbrepo-gateway-service/Dockerfile
+++ b/dbrepo-gateway-service/Dockerfile
@@ -2,3 +2,9 @@ FROM nginx:alpine AS runtime
MAINTAINER Martin Weise <martin.weise@tuwien.ac.at
COPY ./dbrepo.conf /etc/nginx/conf.d/default.conf
+
+COPY ./insecure.crt /insecure.crt
+COPY ./insecure.key /insecure.key
+
+EXPOSE 443
+EXPOSE 80
\ No newline at end of file
diff --git a/dbrepo-gateway-service/dbrepo.conf b/dbrepo-gateway-service/dbrepo.conf
index 08a12c17477ec885bdeec28a42d4c36ed0b33e7f..8bada96c72d9d89d4d8f20dee5866a9b808e6ac6 100644
--- a/dbrepo-gateway-service/dbrepo.conf
+++ b/dbrepo-gateway-service/dbrepo.conf
@@ -3,7 +3,7 @@ client_max_body_size 2G;
resolver 127.0.0.11 valid=30s; # docker dns
upstream authentication {
- server authentication-service:8444;
+ server authentication-service:8443;
}
upstream user {
@@ -35,11 +35,11 @@ upstream table {
}
upstream database {
- server database-service:9094;
+ server database-service:9092;
}
upstream container {
- server container-service:9092;
+ server container-service:9091;
}
upstream semantics {
@@ -57,14 +57,23 @@ upstream ui {
server {
listen 80 default_server;
server_name _;
+ return 301 https://$host$request_uri;
+}
+
+server {
+ listen 443 ssl;
+ server_name _;
+
+ ssl_certificate /insecure.crt;
+ ssl_certificate_key /insecure.key;
location /api/auth {
- rewrite /api/auth/(.*) /api/$1 break;
+ rewrite /api/auth/(.*) /$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
- proxy_pass http://authentication;
+ proxy_pass https://authentication;
proxy_read_timeout 90;
}
@@ -124,7 +133,7 @@ server {
proxy_read_timeout 90;
}
- location /api/container/[0-9]+/database/[0-9]+/query {
+ location /api/container/(.*)/database/(.*)/query {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -133,7 +142,7 @@ server {
proxy_read_timeout 90;
}
- location /api/container/[0-9]+/database/[0-9]+/view {
+ location /api/container/(.*)/database/(.*)/view {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -142,7 +151,7 @@ server {
proxy_read_timeout 90;
}
- location /api/container/[0-9]+/database/[0-9]+/table/[0-9]+/history {
+ location /api/container/(.*)/database/(.*)/table/(.*)/history {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -151,7 +160,7 @@ server {
proxy_read_timeout 90;
}
- location /api/container/[0-9]+/database/[0-9]+/table/[0-9]+/data {
+ location /api/container/(.*)/database/(.*)/table/(.*)/data {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -160,7 +169,7 @@ server {
proxy_read_timeout 90;
}
- location /api/container/[0-9]+/database/[0-9]+/table/[0-9]+/query {
+ location /api/container/(.*)/database/(.*)/table/(.*)/query {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -169,7 +178,7 @@ server {
proxy_read_timeout 90;
}
- location /api/container/[0-9]+/database/[0-9]+/table/[0-9]+/export {
+ location /api/container/(.*)/database/(.*)/table/(.*)/export {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -178,7 +187,7 @@ server {
proxy_read_timeout 90;
}
- location /api/container/[0-9]+/database/[0-9]+/table/[0-9]+/consumer {
+ location /api/container/(.*)/database/(.*)/table/(.*)/consumer {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -187,7 +196,7 @@ server {
proxy_read_timeout 90;
}
- location /api/container/[0-9]+/database/[0-9]+/version {
+ location /api/container/(.*)/database/(.*)/version {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -196,7 +205,7 @@ server {
proxy_read_timeout 90;
}
- location /api/container/[0-9]+/database/[0-9]+/table {
+ location /api/container/(.*)/database/(.*)/table {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -205,7 +214,7 @@ server {
proxy_read_timeout 90;
}
- location /api/container/[0-9]+/database {
+ location /api/container/(.*)/database {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -214,7 +223,7 @@ server {
proxy_read_timeout 90;
}
- location /api/container/[0-9]+/database/[0-9]+/access {
+ location /api/container/(.*)/database/(.*)/access {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
diff --git a/dbrepo-gateway-service/generate-ssl.sh b/dbrepo-gateway-service/generate-ssl.sh
new file mode 100755
index 0000000000000000000000000000000000000000..80558924fea0cfcb54d7a3f004d048afd50959e8
--- /dev/null
+++ b/dbrepo-gateway-service/generate-ssl.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+openssl req -x509 -sha256 -days 365 -nodes -newkey rsa:2048 -subj "/CN=localhost/C=AT/O=Technische Universität Wien/OU=Research Unit Data Science" \
+ -keyout insecure.key -out insecure.crt
diff --git a/dbrepo-gateway-service/insecure.crt b/dbrepo-gateway-service/insecure.crt
new file mode 100644
index 0000000000000000000000000000000000000000..71dfd7762ae1a941d4c16f64bcbd232b369276bf
--- /dev/null
+++ b/dbrepo-gateway-service/insecure.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDRTCCAi2gAwIBAgIUKMZr1e+8yJTPmL0HkhfSkbaj+R8wDQYJKoZIhvcNAQEL
+BQAwMjESMBAGA1UEAwwJbG9jYWxob3N0MQswCQYDVQQGEwJBVDEPMA0GA1UEBwwG
+Vmllbm5hMB4XDTIzMDUwODEyMzA1NloXDTI0MDQyODEyMzA1NlowMjESMBAGA1UE
+AwwJbG9jYWxob3N0MQswCQYDVQQGEwJBVDEPMA0GA1UEBwwGVmllbm5hMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAluG4GG0lP0qdHCVuZH2ColrIk6PS
+Tx9JyXjSQvpNnoZKK/x1/MIvVffMKrONkHVmt2+iWLp9mvH7iKVjCKCUo8+ybCV+
+5ej8uqyl93JhYieylk79QwNooebufnMdh29D8avlcM/TXKuTPyOgNkA/68Eh7bZ7
+M6wx8NjKHFgbgfCa1/i6o+Dlzc37LUXHeZk4TggAJ5oEfn2IE1xLdnvUeWUflhTY
+Snw7y8DvJyFnz21LfQCVL9Bux3EMws1c8I+gEjWgfpTnloDfa907B18z1MruUqqS
+CC3P1Io3r7TlyDWYRvyXSGtawMlBFrAz3oVnZCoytoIUmMYmusrVtksJ3QIDAQAB
+o1MwUTAdBgNVHQ4EFgQUexF6h64i6D+RtkS6DJp6wkgfQuIwHwYDVR0jBBgwFoAU
+exF6h64i6D+RtkS6DJp6wkgfQuIwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
+AQsFAAOCAQEAc9eNXiQKnEC/a53a3LedJ9wPgfuQxb9Qr2jQUo/3uQjtsRgafwyA
+r/yLEQwkPFquoqTv7ZOVrP/det84BT4zLC8Ja3yKaP3Iprn+BRwPnUVhgHh9h2l4
+tIeKla6qKa1tzg+AmGSmEfb6dbEO3BYvdbj1Iyhi3Q9sTos20wmd+HXAzs+CAF7Q
+WhDggzJa5jODjv6Wb4gV0UXuKU1LaeQkGlLw48tAMtYWR9vHiR8k/bfcCjhj2GU7
+LRvoNh9pdKyAepA+LxA9UESJLEpKaCy1OyFymQ58JfkGxvEQZqQBeg32XJGHp7I5
+YbOCefirePLIG8P/vmKCuoGG9qaVz/JqNw==
+-----END CERTIFICATE-----
diff --git a/dbrepo-gateway-service/insecure.key b/dbrepo-gateway-service/insecure.key
new file mode 100644
index 0000000000000000000000000000000000000000..d17fb91702e90ccc2759cdc026eb40ca12cc19d8
--- /dev/null
+++ b/dbrepo-gateway-service/insecure.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCW4bgYbSU/Sp0c
+JW5kfYKiWsiTo9JPH0nJeNJC+k2ehkor/HX8wi9V98wqs42QdWa3b6JYun2a8fuI
+pWMIoJSjz7JsJX7l6Py6rKX3cmFiJ7KWTv1DA2ih5u5+cx2Hb0Pxq+Vwz9Ncq5M/
+I6A2QD/rwSHttnszrDHw2MocWBuB8JrX+Lqj4OXNzfstRcd5mThOCAAnmgR+fYgT
+XEt2e9R5ZR+WFNhKfDvLwO8nIWfPbUt9AJUv0G7HcQzCzVzwj6ASNaB+lOeWgN9r
+3TsHXzPUyu5SqpIILc/UijevtOXINZhG/JdIa1rAyUEWsDPehWdkKjK2ghSYxia6
+ytW2SwndAgMBAAECggEAW7BbgWyCYA3ln78XcLXc9vCYRzAck7x9yJNFozIcjSMq
+W8SVpr4Sqfll9uUaOBlADGUokSbzQX+fzZBDuHBtI4cJ9DJtBSYqvv4/9Tlq+I0L
+N9BUk660nP6LHAi0fyMcdPZy/bUtynjxiEMMDyvILGo3Rg/ImsQfrS7w03yvaqxv
+bgLMDyL4qRGQJJxlxqWcMqRhPgNTdaBR35a0Ux4fAw2XUFltXzjpiGozWKRZh88G
+vvloV+F1e9C9+/0hp+RHOr0z1l7ZaMoOczXc5ZI40OWqgDzvi0HyL7nbkrGeOMWt
+3b+FM8gIoNgMhMdRlMuvD+LMCNwL+RHIG5MV3HELOQKBgQDFj9vKqR/UAUiWBe8A
+Z9ULjvXOFR9MatMD5BX9WrEA0NfDHLMnKGkQUrOQpvxn07jDMzitRSIxyMghb9M5
+0t2NeYJ4k44JMhPB++z+4IKUY2CVuzd3n6vEU9p76qAl76DhWPASqHHJC3ErI09h
+/eAhwpm1novedm427Zm5QJ1R4wKBgQDDgw5VJ/LwX42Gb8C/Gti2j2xeJxInASRh
+f/5GIE1GZx/guTGS8Xb9v6ieajBGAifBpr23LzrL0N2XW35PqwVsWZmlZQZu20un
+6cJWsKhCFscuu7uPf615zwEkRaiJA1PW5/9padSk8rN4QS7sdnxxR5zHiBcxxNF4
+FBWnkFYBPwKBgQDEA/gPG754ms1qDHkV7e9ziGRaFJr5NwQm2Cb5OQJlzNBGxjL6
+px2XFHcVDplgarDm++s//1fuDUiD5G+u74ji1ayd9cj3VrhDv7FlMVxd3jv2U8q0
+5beHE6uzRxeejCMTcyq/WGGNF80w/9fDYiD/XhUkHiqojtjLpvLe2z08AQKBgGCn
+VpuUn05j/qQ6dRBE5mQCLXGyYQ/1SZYF35+tcmZeruy6wR5Czy+M44BFQM4rXJoo
+o1t/NtLx08pyydP62TiCZynT8sU1FobRUmjm9peNiTS6THQZi5pPUuIqqbHqejUh
+BiyHzD8rWLwXhWoS/VxHKeOejNDm2yNA0p+/BDWjAoGAVtQQ3LA41EY7tfl1p8Jw
+J0XMSqFKHSeldIkL38lZ9LHI2DGkDToKRzgr/zTAlo2E7i4hI+qx5nzdKTYi5jzu
+Sf5nqn15gInGJDCaUOeFIXHEry8tQFLFVpFIXMGLbSyXuOPzGk4eKsHTGPxgAU7C
+v852yVAAajTuqQQ44S2qdZU=
+-----END PRIVATE KEY-----
diff --git a/dbrepo-identifier-service/Dockerfile b/dbrepo-identifier-service/Dockerfile
index a8f39e3d7fd063b67e883e9bd673c23dcefd6897..6a1c97438a24a566df6d979a999629141addfc3a 100644
--- a/dbrepo-identifier-service/Dockerfile
+++ b/dbrepo-identifier-service/Dockerfile
@@ -30,7 +30,7 @@ ENV WEBSITE=http://localhost
ENV LOG_LEVEL=debug
ENV DBREPO_CLIENT_SECRET=client-secret
ENV CLIENT_ID=dbrepo-client
-ENV JWT_ISSUER=http://localhost:8080/realms/dbrepo
+ENV JWT_ISSUER=https://localhost/realms/dbrepo
ENV JWT_PUBKEY=public-key
WORKDIR /app
diff --git a/dbrepo-identifier-service/rest-service/src/main/resources/application-local.yml b/dbrepo-identifier-service/rest-service/src/main/resources/application-local.yml
index 20b898bb03590e5bb0840effd8e6db995f8f92bd..924bb5c79c089a57aa50411a0351e281b0a71b18 100644
--- a/dbrepo-identifier-service/rest-service/src/main/resources/application-local.yml
+++ b/dbrepo-identifier-service/rest-service/src/main/resources/application-local.yml
@@ -39,12 +39,12 @@ logging:
fda:
ready.path: ./ready
jwt:
- issuer: https://localhost:8443/realms/dbrepo
+ issuer: https://localhost/realms/dbrepo
public_key: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB
client_secret: client-secret
client_id: dbrepo-client
- gateway.endpoint: http://localhost
- website: http://localhost:3000
+ gateway.endpoint: https://localhost
+ website: https://localhost
elastic:
endpoint: localhost:9200
username: elastic
diff --git a/dbrepo-identifier-service/rest-service/src/test/java/at/tuwien/endpoint/IdentifierEndpointIntegrationTest.java b/dbrepo-identifier-service/rest-service/src/test/java/at/tuwien/endpoint/IdentifierEndpointIntegrationTest.java
index 1d642305dd1d129877f67542091af5122e757514..a2ea25e54284cb6df30fa4558a3724832bf7fc9e 100644
--- a/dbrepo-identifier-service/rest-service/src/test/java/at/tuwien/endpoint/IdentifierEndpointIntegrationTest.java
+++ b/dbrepo-identifier-service/rest-service/src/test/java/at/tuwien/endpoint/IdentifierEndpointIntegrationTest.java
@@ -162,7 +162,7 @@ public class IdentifierEndpointIntegrationTest extends BaseUnitTest {
identifierRepository.save(IDENTIFIER_1);
/* test */
- final List<IdentifierDto> response = this.generic_list(DATABASE_1_ID, QUERY_1_ID, IdentifierTypeDto.SUBSET);
+ final List<IdentifierDto> response = this.generic_list(DATABASE_1_ID, QUERY_1_ID, IdentifierTypeDto.DATABASE);
assertEquals(1, response.size());
final IdentifierDto identifier = response.get(0);
assertEquals(IDENTIFIER_1_ID, identifier.getId());
diff --git a/dbrepo-identifier-service/rest-service/src/test/java/at/tuwien/endpoint/IdentifierEndpointUnitTest.java b/dbrepo-identifier-service/rest-service/src/test/java/at/tuwien/endpoint/IdentifierEndpointUnitTest.java
index 8f8955b0c5c4b004a544da6dffcbedef45800674..1be9690cb0e989e974a8f81494a98ccd68acf202 100644
--- a/dbrepo-identifier-service/rest-service/src/test/java/at/tuwien/endpoint/IdentifierEndpointUnitTest.java
+++ b/dbrepo-identifier-service/rest-service/src/test/java/at/tuwien/endpoint/IdentifierEndpointUnitTest.java
@@ -150,7 +150,7 @@ public class IdentifierEndpointUnitTest extends BaseUnitTest {
assertEquals(HttpStatus.MOVED_PERMANENTLY, response.getStatusCode());
assertNotNull(response.getHeaders().get("Location"));
assertEquals(endpointConfig.getWebsiteUrl() + "/container/" + IDENTIFIER_1_CONTAINER_ID + "/database/"
- + IDENTIFIER_1_DATABASE_ID + "/query/" + IDENTIFIER_1_QUERY_ID, response.getHeaders().getFirst("Location"));
+ + IDENTIFIER_1_DATABASE_ID, response.getHeaders().getFirst("Location"));
}
@Test
diff --git a/dbrepo-identifier-service/rest-service/src/test/java/at/tuwien/service/DataCiteIdentifierServiceUnitTest.java b/dbrepo-identifier-service/rest-service/src/test/java/at/tuwien/service/DataCiteIdentifierServiceUnitTest.java
index c38f19bb746c3d5fcf994a6af346fa7550a9b03a..fbd3a6ff9b9d99f5510ca37c54aa42a9d3ecf1bb 100644
--- a/dbrepo-identifier-service/rest-service/src/test/java/at/tuwien/service/DataCiteIdentifierServiceUnitTest.java
+++ b/dbrepo-identifier-service/rest-service/src/test/java/at/tuwien/service/DataCiteIdentifierServiceUnitTest.java
@@ -11,10 +11,7 @@ import at.tuwien.config.EndpointConfig;
import at.tuwien.config.IndexInitializer;
import at.tuwien.entities.identifier.Identifier;
import at.tuwien.exception.*;
-import at.tuwien.repository.jpa.ContainerRepository;
-import at.tuwien.repository.jpa.DatabaseRepository;
-import at.tuwien.repository.jpa.IdentifierRepository;
-import at.tuwien.repository.jpa.ImageRepository;
+import at.tuwien.repository.jpa.*;
import at.tuwien.service.impl.IdentifierServiceImpl;
import org.apache.http.auth.BasicUserPrincipal;
import org.junit.jupiter.api.BeforeEach;
@@ -71,6 +68,12 @@ public class DataCiteIdentifierServiceUnitTest extends BaseUnitTest {
@Autowired
private IdentifierRepository identifierRepository;
+ @Autowired
+ private RealmRepository realmRepository;
+
+ @Autowired
+ private UserRepository userRepository;
+
@MockBean
@Qualifier("restTemplate")
private RestTemplate restTemplate;
@@ -86,8 +89,10 @@ public class DataCiteIdentifierServiceUnitTest extends BaseUnitTest {
@BeforeEach
public void beforeEach() {
+ realmRepository.save(REALM_DBREPO);
+ userRepository.save(USER_1);
imageRepository.save(IMAGE_1);
- containerRepository.save(CONTAINER_1);
+ containerRepository.save(CONTAINER_1_SIMPLE);
databaseRepository.save(DATABASE_1);
}
diff --git a/dbrepo-metadata-service/rest-service/src/main/resources/application-local.yml b/dbrepo-metadata-service/rest-service/src/main/resources/application-local.yml
index eef6f76815fba864d5b66e9527425d0fc7bda3a6..aed14c2d7d870c7b8ef2cf608df1b90e1a9b31fb 100644
--- a/dbrepo-metadata-service/rest-service/src/main/resources/application-local.yml
+++ b/dbrepo-metadata-service/rest-service/src/main/resources/application-local.yml
@@ -37,11 +37,11 @@ logging:
org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
fda:
ready.path: ./ready
- pid.base: http://example.com/pid/
- gateway.endpoint: http://localhost
+ pid.base: https://example.com/pid/
+ gateway.endpoint: https://localhost
dbrepo:
repository-name: TU Wien Database Repository
- base-url: http://dbrepo.ossdip.at/api/oai
+ base-url: https://dbrepo1.ec.tuwien.at/api/oai
admin-email: noreply@example.com
earliest-datestamp: 2022-09-17T16:09:00Z
deleted-record: persistent
diff --git a/dbrepo-metadata-service/rest-service/src/main/resources/application.yml b/dbrepo-metadata-service/rest-service/src/main/resources/application.yml
index 74ee7061931c59b69a9d5329e9e103ad119ff39b..9dc26e2876dff6f825c3ea27dd18bdab085119e1 100644
--- a/dbrepo-metadata-service/rest-service/src/main/resources/application.yml
+++ b/dbrepo-metadata-service/rest-service/src/main/resources/application.yml
@@ -36,7 +36,7 @@ logging:
at.tuwien.: "${LOG_LEVEL}"
org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
fda:
- ready.path: ./ready
+ ready.path: /ready
pid.base: "${PID_BASE}"
gateway.endpoint: "${GATEWAY_ENDPOINT}"
dbrepo:
diff --git a/dbrepo-query-service/Dockerfile b/dbrepo-query-service/Dockerfile
index 7b32d8c70bdd561512a907839c6813b8b396760e..6c20dd48dfe27ec2c656ce20c436d2875bab0636 100644
--- a/dbrepo-query-service/Dockerfile
+++ b/dbrepo-query-service/Dockerfile
@@ -33,7 +33,7 @@ ENV BROKER_CONSUMERS=2
ENV LOG_LEVEL=debug
ENV DBREPO_CLIENT_SECRET=client-secret
ENV CLIENT_ID=dbrepo-client
-ENV JWT_ISSUER=http://localhost:8080/realms/dbrepo
+ENV JWT_ISSUER=https://localhost/realms/dbrepo
ENV JWT_PUBKEY=public-key
ENV NOT_SUPPORTED_KEYWORDS=\\*,AVG,BIT_AND,BIT_OR,BIT_XOR,COUNT,COUNTDISTINCT,GROUP_CONCAT,JSON_ARRAYAGG,JSON_OBJECTAGG,MAX,MIN,STD,STDDEV,STDDEV_POP,STDDEV_SAMP,SUM,VARIANCE,VAR_POP,VAR_SAMP,--
diff --git a/dbrepo-query-service/rest-service/src/main/resources/application-local.yml b/dbrepo-query-service/rest-service/src/main/resources/application-local.yml
index 59ec68cf1aa181044a0b615edf2666fcf025af06..bb1bf4a0f8bcce0ef403a4ce86d8cf45d3c4561c 100644
--- a/dbrepo-query-service/rest-service/src/main/resources/application-local.yml
+++ b/dbrepo-query-service/rest-service/src/main/resources/application-local.yml
@@ -40,10 +40,10 @@ logging:
at.tuwien.: trace
org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug
fda:
- gateway.endpoint: http://localhost
+ gateway.endpoint: https://localhost
ready.path: ./ready
jwt:
- issuer: https://localhost:8443/realms/dbrepo
+ issuer: https://localhost/realms/dbrepo
public_key: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB
client_secret: client-secret
client_id: dbrepo-client
diff --git a/dbrepo-query-service/rest-service/src/test/java/at/tuwien/service/ContainerServiceIntegrationTest.java b/dbrepo-query-service/rest-service/src/test/java/at/tuwien/service/ContainerServiceIntegrationTest.java
index ee513b6340e03404d64e799f1520fbaf2a4f389b..f009f87f64efa1a6ded33455300ab1c135303314 100644
--- a/dbrepo-query-service/rest-service/src/test/java/at/tuwien/service/ContainerServiceIntegrationTest.java
+++ b/dbrepo-query-service/rest-service/src/test/java/at/tuwien/service/ContainerServiceIntegrationTest.java
@@ -51,6 +51,12 @@ public class ContainerServiceIntegrationTest extends BaseUnitTest {
@Autowired
private ImageRepository imageRepository;
+ @Autowired
+ private RealmRepository realmRepository;
+
+ @Autowired
+ private UserRepository userRepository;
+
@Autowired
private ContainerRepository containerRepository;
@@ -59,6 +65,8 @@ public class ContainerServiceIntegrationTest extends BaseUnitTest {
@BeforeEach
public void beforeEach() {
+ realmRepository.save(REALM_DBREPO);
+ userRepository.save(USER_1);
imageRepository.save(IMAGE_1);
containerRepository.save(CONTAINER_1);
}
diff --git a/dbrepo-semantics-service/Dockerfile b/dbrepo-semantics-service/Dockerfile
index d676ca3f38d2e9dd55da8b2ae2af33dee7cd5afa..601e0d71a4429f52945552ddaf41d18a21589fbc 100644
--- a/dbrepo-semantics-service/Dockerfile
+++ b/dbrepo-semantics-service/Dockerfile
@@ -18,7 +18,7 @@ ENV LOG_LEVEL=debug
ENV METADATA_DB=fda
ENV METADATA_USERNAME=root
ENV METADATA_PASSWORD=dbrepo
-ENV JWT_ISSUER=http://localhost:8080/realms/dbrepo
+ENV JWT_ISSUER=https://localhost/realms/dbrepo
ENV JWT_PUBKEY=public-key
COPY ./requirements.txt ./requirements.txt
diff --git a/dbrepo-table-service/Dockerfile b/dbrepo-table-service/Dockerfile
index f4741fc864e57308be33fd48fbdedce6af48f8f7..2615670a222096fe494d370b27af5cd016ded019 100644
--- a/dbrepo-table-service/Dockerfile
+++ b/dbrepo-table-service/Dockerfile
@@ -31,7 +31,7 @@ ENV USER_NETWORK=userdb
ENV LOG_LEVEL=debug
ENV DBREPO_CLIENT_SECRET=client-secret
ENV CLIENT_ID=dbrepo-client
-ENV JWT_ISSUER=http://localhost:8080/realms/dbrepo
+ENV JWT_ISSUER=https://localhost/realms/dbrepo
ENV JWT_PUBKEY=public-key
WORKDIR /app
diff --git a/dbrepo-table-service/rest-service/src/main/resources/application-local.yml b/dbrepo-table-service/rest-service/src/main/resources/application-local.yml
index 325e6444db47bc38804d8004a9b0b8d0d96ae573..d46fd8e969afde0570379ce9242d2c945546ad64 100644
--- a/dbrepo-table-service/rest-service/src/main/resources/application-local.yml
+++ b/dbrepo-table-service/rest-service/src/main/resources/application-local.yml
@@ -38,11 +38,11 @@ logging:
fda:
ready.path: ./ready
jwt:
- issuer: https://localhost:8443/realms/dbrepo
+ issuer: https://localhost/realms/dbrepo
public_key: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB
client_secret: client-secret
client_id: dbrepo-client
- gateway.endpoint: http://localhost
+ gateway.endpoint: https://localhost
elastic:
endpoint: localhost:9200
username: elastic
diff --git a/dbrepo-table-service/rest-service/src/main/resources/application.yml b/dbrepo-table-service/rest-service/src/main/resources/application.yml
index fbe68f32422001cfdbc47cc7cfc3526ad59e03be..e446103449b5c1928309b0abc68f512d642ae00e 100644
--- a/dbrepo-table-service/rest-service/src/main/resources/application.yml
+++ b/dbrepo-table-service/rest-service/src/main/resources/application.yml
@@ -42,7 +42,7 @@ fda:
public_key: "${JWT_PUBKEY}"
client_secret: "${DBREPO_CLIENT_SECRET}"
client_id: "${CLIENT_ID}"
- gateway.endpoint: http://gateway-service
+ gateway.endpoint: https://gateway-service
elastic:
endpoint: search-service:9200
username: elastic
diff --git a/dbrepo-ui/.prod/default.conf b/dbrepo-ui/.prod/default.conf
deleted file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..0000000000000000000000000000000000000000
diff --git a/dbrepo-ui/root.crt b/dbrepo-ui/root.crt
deleted file mode 100644
index 798a1f673479c075782eeed6458beb2d7d693e07..0000000000000000000000000000000000000000
--- a/dbrepo-ui/root.crt
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDPzCCAiegAwIBAgIEHaMDRDANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJB
-VDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMQ8wDQYDVQQDEwZS
-b290Q0EwHhcNMjMwNDAzMTczOTU5WhcNMzMwMjA5MTczOTU5WjBBMQswCQYDVQQG
-EwJBVDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMQ8wDQYDVQQD
-EwZSb290Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCK8FuP0bGt
-QAvhZEjRWTQuCdE6vXpDWjvSoevZaSclgJ9SncDHtRzkH0x0ArVfIRZFtjSUEcHb
-2r8mnOvqQ+9vs2azjTlacdPvezbhfgFFGIdrnHSm3RTB7smeOFceFkIvwiXT49+y
-ZGkB/p0QCDoVYhgRxFNtZKBTYa0uJLQ7cM8LK2g66/yugJsB4zOlre1zPiWGY/5k
-sWu780XVKpl9j6CR/xp3012bKlT/t7j7fKRamJYVYtW2guRQnl5J5AKRzlRGh84G
-onNI5qiwS0gAZUajpL00lb2XxSkv11DY0743EOSsqOvUDr+5h4v7pXEt+O5aFvFN
-ewRTHON1624fAgMBAAGjPzA9MB0GA1UdDgQWBBSdLp+I30uB4jAMP1PnZLolxbF/
-AzALBgNVHQ8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
-AQEAIqrbs8mXC07a8VURnu3EFxO3dliDgxY1yQfB0VqMFL1yxGKXrVAJFLP/1MVr
-HVx53vZd/KBNGUjhLfnj3vF+TpqnOoJ/QEDSJPuEnpfFPtx0tE3e3lQQlebIA8aM
-m1iP2SJuKAYQUYOg1N9XXa+UPs9tWWrllY5dcYdHOK168eUwo1h6v0OOnaP7RvSn
-457jewK6fJ3tUhox2Hu1JEowupYE5QhMiLwG30MGkf2pWkTNfz005LTzmgvfMSz7
-k1rfO9oKdVbxNYxZPdzKZRsnCfOka/MmYcXstjp5KKXLo4Z3LLs8N0GDWlKRvX9p
-z2CJQ6CG+Aws4+J3mFOm2G9rIw==
------END CERTIFICATE-----
diff --git a/dbrepo-user-service/Dockerfile b/dbrepo-user-service/Dockerfile
index 8473a7fc59f5e63302554b16d9ab9e0d22b47d24..c179ac046155a98fb22634e42eccd7b85801469b 100644
--- a/dbrepo-user-service/Dockerfile
+++ b/dbrepo-user-service/Dockerfile
@@ -25,7 +25,7 @@ ENV METADATA_DB=fda
ENV METADATA_USERNAME=root
ENV METADATA_PASSWORD=dbrepo
ENV GATEWAY_ENDPOINT=http://gateway-service
-ENV JWT_ISSUER=http://localhost:8080/realms/dbrepo
+ENV JWT_ISSUER=https://localhost/realms/dbrepo
ENV JWT_PUBKEY=public-key
ENV LOG_LEVEL=debug
ENV DEFAULT_ROLE=default-researcher-roles
diff --git a/dbrepo-user-service/rest-service/src/main/resources/application-local.yml b/dbrepo-user-service/rest-service/src/main/resources/application-local.yml
index c93c21664f50d1f9ceaebc8bf33f0ae26d29e89d..8e9ee40175be91cc479ae3740036aa653b3ba783 100644
--- a/dbrepo-user-service/rest-service/src/main/resources/application-local.yml
+++ b/dbrepo-user-service/rest-service/src/main/resources/application-local.yml
@@ -41,8 +41,8 @@ fda:
username: elastic
password: elastic
ready.path: ./ready
- gateway.endpoint: http://localhost
+ gateway.endpoint: https://localhost
default_role: default-researcher-roles
jwt:
- issuer: https://localhost:8443/realms/dbrepo
+ issuer: https://localhost/realms/dbrepo
public_key: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index 00b55f085c52d77ccf150ae09da0e40d391eda67..17033b3de6309868605dde38b3854fbed683f0f5 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -104,7 +104,7 @@ services:
core:
ports:
- "8443:8443"
- - "8081:8080"
+ - "8080:8080"
env_file:
- .env
volumes:
@@ -341,8 +341,6 @@ services:
public:
ports:
- "80:80"
- - "8080:8080"
- - "3000:3000"
- "443:443"
env_file:
- .env