WIP

- updated endpoints - added client secret env variable - modified entities, still work to do to reflect keycloak entity

WIP
56cb47f9 · Martin Weise · 111b53a9 · 56cb47f9 · 56cb47f9 · 56cb47f9
Unverified Commit 56cb47f9 authored Mar 23, 2023 by Martin Weise
--- a/.env.unix.example
+++ b/.env.unix.example
@@ -21,3 +21,4 @@ LOG_LEVEL=trace # error, warning, info, debug, trace
 DEFAULT_ROLES=ROLE_RESEARCHER
 SUPERUSERS=user1,user2
 ELASTIC_PASSWORD=elastic
+CLIENT_SECRET=client-secret
\ No newline at end of file
--- a/.env.win.example
+++ b/.env.win.example
@@ -21,3 +21,4 @@ LOG_LEVEL=trace # error, warning, info, debug, trace
 DEFAULT_ROLES=ROLE_RESEARCHER
 SUPERUSERS=user1,user2
 ELASTIC_PASSWORD=elastic
+CLIENT_SECRET=client-secret
\ No newline at end of file
--- a/fda-container-service/Dockerfile
+++ b/fda-container-service/Dockerfile
@@ -29,6 +29,8 @@ ENV BROKER_PASSWORD=fda
 ENV SHARED_FILESYSTEM=/tmp
 ENV USER_NETWORK=userdb
 ENV LOG_LEVEL=debug
+ENV CLIENT_SECRET=client-secret
+ENV CLIENT_ID=dbrepo-client

 COPY ./service_ready /usr/bin
 RUN chmod +x /usr/bin/service_ready

--- a/fda-container-service/rest-service/src/main/java/at/tuwien/endpoints/ContainerEndpoint.java
+++ b/fda-container-service/rest-service/src/main/java/at/tuwien/endpoints/ContainerEndpoint.java
@@ -60,7 +60,7 @@ public class ContainerEndpoint {

    @PostMapping
    @Transactional
-    @PreAuthorize("hasRole('ROLE_RESEARCHER')")
+    @PreAuthorize("hasAuthority('create-container')")
    @Operation(summary = "Create container", security = @SecurityRequirement(name = "bearerAuth"))
    public ResponseEntity<ContainerBriefDto> create(@Valid @RequestBody ContainerCreateRequestDto data,
                                                    @NotNull Principal principal)

--- a/fda-container-service/rest-service/src/main/resources/application-docker.yml
+++ b/fda-container-service/rest-service/src/main/resources/application-docker.yml
@@ -38,4 +38,6 @@ fda:
  network: userdb
  mount.path: /tmp
  ready.path: /ready
+  client_secret: "${CLIENT_SECRET}"
+  client_id: "${CLIENT_ID}"
  gateway.endpoint: http://gateway-service:9095
\ No newline at end of file
--- a/fda-container-service/rest-service/src/main/resources/application-local.yml
+++ b/fda-container-service/rest-service/src/main/resources/application-local.yml
@@ -38,4 +38,6 @@ fda:
  network: userdb
  mount.path: /tmp
  ready.path: ./ready
+  client_secret: Gp9IALXWsfftK8ek1J6jNT9hNfWV5U5c
+  client_id: dbrepo-client
  gateway.endpoint: http://localhost:9095
\ No newline at end of file
--- a/fda-container-service/rest-service/src/main/resources/application.yml
+++ b/fda-container-service/rest-service/src/main/resources/application.yml
@@ -38,4 +38,6 @@ fda:
  network: "${USER_NETWORK}"
  mount.path: "${SHARED_FILESYSTEM}"
  ready.path: /ready
+  client_secret: "${CLIENT_SECRET}"
+  client_id: "${CLIENT_ID}"
  gateway.endpoint: http://gateway-service:9095
\ No newline at end of file
--- a/fda-container-service/rest-service/src/test/java/at/tuwien/BaseUnitTest.java
+++ b/fda-container-service/rest-service/src/test/java/at/tuwien/BaseUnitTest.java
@@ -34,7 +34,7 @@ public abstract class BaseUnitTest {
            .authority("ROLE_RESEARCHER")
            .build();

-    public final static Long USER_1_ID = 1L;
+    public final static String USER_1_ID = "090dc12a-a46a-4515-b1f0-cff697d5f985";
    public final static String USER_1_USERNAME = "junit";
    public final static String USER_1_EMAIL = "junit@gmail.com";
    public final static String USER_1_AFFILIATION = "TU Wien";
@@ -89,7 +89,7 @@ public abstract class BaseUnitTest {
    public final static Principal USER_1_PRINCIPAL = new UsernamePasswordAuthenticationToken(USER_1_DETAILS,
            USER_1_PASSWORD, USER_1_DETAILS.getAuthorities());

-    public final static Long USER_2_ID = 2L;
+    public final static String USER_2_ID = "0153f998-bd4c-4154-993e-75c355499044";
    public final static String USER_2_USERNAME = "dev";
    public final static String USER_2_EMAIL = "dev@gmail.com";
    public final static Boolean USER_2_EMAIL_VERIFIED = false;
@@ -126,7 +126,7 @@ public abstract class BaseUnitTest {
    public final static Principal USER_2_PRINCIPAL = new UsernamePasswordAuthenticationToken(USER_2_DETAILS,
            USER_2_PASSWORD, USER_2_DETAILS.getAuthorities());

-    public final static Long USER_3_ID = 3L;
+    public final static String USER_3_ID = "fea123c7-1851-4e01-969a-53407fa6a451";
    public final static String USER_3_USERNAME = "steward";
    public final static String USER_3_EMAIL = "steward@gmail.com";
    public final static Boolean USER_3_EMAIL_VERIFIED = false;
@@ -163,6 +163,7 @@ public abstract class BaseUnitTest {
    public final static Principal USER_3_PRINCIPAL = new UsernamePasswordAuthenticationToken(USER_3_DETAILS,
            USER_3_PASSWORD, USER_3_DETAILS.getAuthorities());

+    public final static String USER_4_ID = "824d2c13-78d9-43c5-a4af-288120e2b44b";
    public final static String USER_4_USERNAME = "nobody";
    public final static String USER_4_EMAIL = "nobody@gmail.com";
    public final static Boolean USER_4_EMAIL_VERIFIED = false;
@@ -171,6 +172,7 @@ public abstract class BaseUnitTest {
    public final static String USER_4_DATABASE_PASSWORD = "*A8C67ABBEAE837AABCF49680A157D85D44A117E9";

    public final static User USER_4 = User.builder()
+            .id(USER_4_ID)
            .username(USER_4_USERNAME)
            .email(USER_4_EMAIL)
            .emailVerified(USER_4_EMAIL_VERIFIED)
@@ -180,7 +182,7 @@ public abstract class BaseUnitTest {
            .roles(List.of())
            .build();

-    public final static Long USER_5_ID = 5L;
+    public final static String USER_5_ID = "d2f3a8f4-c7fe-49e8-9d14-6dad0f6b9406";
    public final static String USER_5_USERNAME = "mweise";
    public final static String USER_5_EMAIL = "mweise@gmail.com";
    public final static Boolean USER_5_EMAIL_VERIFIED = false;

--- a/fda-container-service/services/src/main/java/at/tuwien/config/GatewayConfig.java
+++ b/fda-container-service/services/src/main/java/at/tuwien/config/GatewayConfig.java
 package at.tuwien.config;

+import lombok.Getter;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.client.RestTemplate;
 import org.springframework.web.util.DefaultUriBuilderFactory;

+@Getter
 @Configuration
 public class GatewayConfig {

    @Value("${fda.gateway.endpoint}")
    private String gatewayEndpoint;

+    @Value("${fda.client_secret}")
+    private String clientSecret;
+
+    @Value("${fda.client_id}")
+    private String clientId;
+
    @Bean
    public RestTemplate restTemplate() {
        final RestTemplate restTemplate =  new RestTemplate();

--- a/fda-container-service/services/src/main/java/at/tuwien/gateway/impl/AuthenticationServiceGatewayImpl.java
+++ b/fda-container-service/services/src/main/java/at/tuwien/gateway/impl/AuthenticationServiceGatewayImpl.java
 package at.tuwien.gateway.impl;

-import at.tuwien.api.user.UserDto;
+import at.tuwien.api.auth.TokenIntrospectDto;
+import at.tuwien.api.user.UserBriefDto;
+import at.tuwien.api.user.UserDetailsDto;
+import at.tuwien.config.GatewayConfig;
 import at.tuwien.gateway.AuthenticationServiceGateway;
 import at.tuwien.mapper.UserMapper;
 import lombok.extern.slf4j.Slf4j;
@@ -8,6 +11,8 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.*;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.stereotype.Service;
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;
 import org.springframework.web.client.HttpStatusCodeException;
 import org.springframework.web.client.RestTemplate;

@@ -19,25 +24,35 @@ public class AuthenticationServiceGatewayImpl implements AuthenticationServiceGa

    private final UserMapper userMapper;
    private final RestTemplate restTemplate;
+    private final GatewayConfig gatewayConfig;

    @Autowired
-    public AuthenticationServiceGatewayImpl(UserMapper userMapper, RestTemplate restTemplate) {
+    public AuthenticationServiceGatewayImpl(UserMapper userMapper, RestTemplate restTemplate, GatewayConfig gatewayConfig) {
        this.userMapper = userMapper;
        this.restTemplate = restTemplate;
+        this.gatewayConfig = gatewayConfig;
    }

    @Override
    public UserDetails validate(String token) throws ServletException {
        final HttpHeaders headers = new HttpHeaders();
-        headers.set("Authorization", "Bearer " + token);
+        headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
+        final MultiValueMap<String, String> body = new LinkedMultiValueMap<>();
+        body.add("client_secret", gatewayConfig.getClientSecret());
+        body.add("client_id", gatewayConfig.getClientId());
+        body.add("token", token);
        try {
-            final ResponseEntity<UserDto> response = restTemplate.exchange("/api/auth", HttpMethod.PUT,
-                    new HttpEntity<>(null, headers), UserDto.class);
-            if (!response.getStatusCode().equals(HttpStatus.ACCEPTED)) {
+            final ResponseEntity<TokenIntrospectDto> response = restTemplate.exchange("/api/auth/realms/dbrepo/protocol/openid-connect/token/introspect", HttpMethod.POST,
+                    new HttpEntity<>(body, headers), TokenIntrospectDto.class);
+            if (!response.getStatusCode().equals(HttpStatus.OK)) {
                log.error("Failed to validate token with status code {}", response.getStatusCode());
-                throw new ServletException("Failed to validate token");
+                throw new ServletException("Failed to validate token: http status code is not ok");
+            } else if (response.getBody() == null) {
+                throw new ServletException("Failed to validate token: body is null");
+            } else if (!response.getBody().getActive()) {
+                throw new ServletException("Failed to validate token: token is not active");
            }
-            final UserDetails dto = userMapper.userDtoToUserDetailsDto(response.getBody());
+            final UserDetailsDto dto = userMapper.tokenIntrospectDtoToUserDetailsDto(response.getBody());
            log.trace("gateway authenticated user {}", dto);
            return dto;
        } catch (HttpStatusCodeException e) {

--- a/fda-container-service/services/src/main/java/at/tuwien/mapper/UserMapper.java
+++ b/fda-container-service/services/src/main/java/at/tuwien/mapper/UserMapper.java
 package at.tuwien.mapper;

+import at.tuwien.api.auth.TokenIntrospectDto;
 import at.tuwien.api.user.GrantedAuthorityDto;
+import at.tuwien.api.user.UserBriefDto;
 import at.tuwien.api.user.UserDetailsDto;
-import at.tuwien.api.user.UserDto;
 import org.mapstruct.Mapper;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;

+import java.util.Arrays;
+import java.util.List;
+import java.util.stream.Collectors;
+
 @Mapper(componentModel = "spring")
 public interface UserMapper {

    org.slf4j.Logger log = org.slf4j.LoggerFactory.getLogger(UserMapper.class);

-    UserDetailsDto userDtoToUserDetailsDto(UserDto data);
+    UserDetailsDto userBriefDtoToUserDetailsDto(UserBriefDto data);
+
+    default UserDetailsDto tokenIntrospectDtoToUserDetailsDto(TokenIntrospectDto data) {
+        return UserDetailsDto.builder()
+                .id(data.getSub())
+                .username(data.getUsername())
+                .authorities(Arrays.stream(data.getRealmAccess().getRoles())
+                        .map(SimpleGrantedAuthority::new)
+                        .collect(Collectors.toList()))
+                .build();
+    }

    default GrantedAuthority grantedAuthorityDtoToGrantedAuthority(GrantedAuthorityDto data) {
        final GrantedAuthority authority = new SimpleGrantedAuthority(data.getAuthority());

--- a/fda-container-service/services/src/main/java/at/tuwien/service/impl/UserServiceImpl.java
+++ b/fda-container-service/services/src/main/java/at/tuwien/service/impl/UserServiceImpl.java
@@ -25,8 +25,8 @@ public class UserServiceImpl implements UserService {
    public User findByUsername(String username) throws UserNotFoundException {
        final Optional<User> optional = userRepository.findByUsername(username);
        if (optional.isEmpty()) {
-            log.error("Failed to find user with username {}", username);
-            throw new UserNotFoundException("Failed to find user");
+            log.error("Failed to find user with username '{}'", username);
+            throw new UserNotFoundException("Failed to find user with username '" + username + "'");
        }
        return optional.get();
    }

--- a/fda-database-service/rest-service/src/test/java/at/tuwien/BaseUnitTest.java
+++ b/fda-database-service/rest-service/src/test/java/at/tuwien/BaseUnitTest.java
@@ -78,7 +78,7 @@ public abstract class BaseUnitTest {
            .image(IMAGE_SEARCH)
            .build();

-    public final static Long USER_1_ID = 1L;
+    public final static String USER_1_ID = "090dc12a-a46a-4515-b1f0-cff697d5f985";
    public final static String USER_1_USERNAME = "junit";
    public final static String USER_1_PASSWORD = "junit";
    public final static String USER_1_DATABASE_PASSWORD = "*A8C67ABBEAE837AABCF49680A157D85D44A117E9";
@@ -116,6 +116,7 @@ public abstract class BaseUnitTest {
            .build();

    public final static UserDetails USER_1_DETAILS = UserDetailsDto.builder()
+            .id(USER_1_ID)
            .username(USER_1_USERNAME)
            .email(USER_1_EMAIL)
            .password(USER_1_PASSWORD)
@@ -125,11 +126,13 @@ public abstract class BaseUnitTest {
    public final static Principal USER_1_PRINCIPAL = new UsernamePasswordAuthenticationToken(USER_1_DETAILS,
            USER_1_PASSWORD, USER_1_DETAILS.getAuthorities());

-    public final static Long USER_2_ID = 2L;
-    public final static String USER_2_USERNAME = "junit2";
-    public final static String USER_2_PASSWORD = "junit2";
+    public final static String USER_2_ID = "0153f998-bd4c-4154-993e-75c355499044";
+    public final static String USER_2_USERNAME = "dev";
+    public final static String USER_2_EMAIL = "dev@gmail.com";
+    public final static Boolean USER_2_EMAIL_VERIFIED = false;
+    public final static Boolean USER_2_THEME_DARK = false;
+    public final static String USER_2_PASSWORD = "p455w0rdh45";
    public final static String USER_2_DATABASE_PASSWORD = "*A8C67ABBEAE837AABCF49680A157D85D44A117E9";
-    public final static String USER_2_EMAIL = "junit2@ossdip.at";
    public final static Boolean USER_2_VERIFIED = true;
    public final static Boolean USER_2_THEME = false;

@@ -172,11 +175,13 @@ public abstract class BaseUnitTest {
    public final static Principal USER_2_PRINCIPAL = new UsernamePasswordAuthenticationToken(USER_2_DETAILS,
            USER_2_PASSWORD, USER_2_DETAILS.getAuthorities());

-    public final static Long USER_3_ID = 3L;
-    public final static String USER_3_USERNAME = "junit3";
-    public final static String USER_3_PASSWORD = "junit3";
+    public final static String USER_3_ID = "fea123c7-1851-4e01-969a-53407fa6a451";
+    public final static String USER_3_USERNAME = "steward";
+    public final static String USER_3_EMAIL = "steward@gmail.com";
+    public final static Boolean USER_3_EMAIL_VERIFIED = false;
+    public final static Boolean USER_3_THEME_DARK = false;
+    public final static String USER_3_PASSWORD = "p455w0rdh45";
    public final static String USER_3_DATABASE_PASSWORD = "*A8C67ABBEAE837AABCF49680A157D85D44A117E9";
-    public final static String USER_3_EMAIL = "junit3@ossdip.at";
    public final static Boolean USER_3_VERIFIED = true;
    public final static Boolean USER_3_THEME = false;

@@ -184,10 +189,9 @@ public abstract class BaseUnitTest {
            .id(USER_3_ID)
            .username(USER_3_USERNAME)
            .email(USER_3_EMAIL)
-            .emailVerified(USER_3_VERIFIED)
-            .themeDark(USER_3_THEME)
+            .emailVerified(USER_3_EMAIL_VERIFIED)
+            .themeDark(USER_3_THEME_DARK)
            .password(USER_3_PASSWORD)
-            .roles(List.of(RoleType.ROLE_DEVELOPER))
            .databasePassword(USER_3_DATABASE_PASSWORD)
            .build();

@@ -212,22 +216,23 @@ public abstract class BaseUnitTest {
    public final static Principal USER_3_PRINCIPAL = new UsernamePasswordAuthenticationToken(USER_3_DETAILS,
            USER_3_PASSWORD, USER_3_DETAILS.getAuthorities());

-    public final static Long USER_4_ID = 4L;
-    public final static String USER_4_USERNAME = "junit4";
-    public final static String USER_4_PASSWORD = "junit4";
-    public final static String USER_4_DATABASE_PASSWORD = "*A8C67ABBEAE847AABCF49680A157D85D44A117E9";
-    public final static String USER_4_EMAIL = "junit4@ossdip.at";
-    public final static Boolean USER_4_VERIFIED = true;
-    public final static Boolean USER_4_THEME = false;
+    public final static String USER_4_ID = "824d2c13-78d9-43c5-a4af-288120e2b44b";
+    public final static String USER_4_USERNAME = "nobody";
+    public final static String USER_4_EMAIL = "nobody@gmail.com";
+    public final static Boolean USER_4_EMAIL_VERIFIED = false;
+    public final static Boolean USER_4_THEME_DARK = false;
+    public final static String USER_4_PASSWORD = "p455w0rdh45";
+    public final static String USER_4_DATABASE_PASSWORD = "*A8C67ABBEAE837AABCF49680A157D85D44A117E9";

    public final static User USER_4 = User.builder()
            .id(USER_4_ID)
            .username(USER_4_USERNAME)
            .email(USER_4_EMAIL)
-            .emailVerified(USER_4_VERIFIED)
-            .themeDark(USER_4_THEME)
+            .emailVerified(USER_4_EMAIL_VERIFIED)
+            .themeDark(USER_4_THEME_DARK)
            .password(USER_4_PASSWORD)
            .databasePassword(USER_4_DATABASE_PASSWORD)
+            .roles(List.of())
            .build();

    public final static UserDetails USER_4_DETAILS = UserDetailsDto.builder()

--- a/fda-database-service/rest-service/src/test/java/at/tuwien/endpoint/AccessEndpointUnitTest.java
+++ b/fda-database-service/rest-service/src/test/java/at/tuwien/endpoint/AccessEndpointUnitTest.java
@@ -260,7 +260,7 @@ public class AccessEndpointUnitTest extends BaseUnitTest {
    }

    protected void generic_find(Long containerId, Long databaseId, Database database, DatabaseAccess access,
-                                String username, Long userId, Principal principal) throws AccessDeniedException,
+                                String username, String userId, Principal principal) throws AccessDeniedException,
            NotAllowedException {

        /* mock */

--- a/fda-database-service/rest-service/src/test/java/at/tuwien/service/AccessServiceIntegrationTest.java
+++ b/fda-database-service/rest-service/src/test/java/at/tuwien/service/AccessServiceIntegrationTest.java
@@ -283,7 +283,7 @@ public class AccessServiceIntegrationTest extends BaseUnitTest {
    /* ## GENERIC TEST CASES                                                                            ## */
    /* ################################################################################################### */

-    protected void create_generic(AccessTypeDto accessTypeDto, AccessType access, String username, Long userId)
+    protected void create_generic(AccessTypeDto accessTypeDto, AccessType access, String username, String userId)
            throws UserNotFoundException, NotAllowedException, QueryMalformedException, DatabaseNotFoundException,
            DatabaseMalformedException {
        final DatabaseGiveAccessDto request = DatabaseGiveAccessDto.builder()
@@ -301,7 +301,7 @@ public class AccessServiceIntegrationTest extends BaseUnitTest {
    }

    protected void update_generic(Long containerId, Long databaseId, AccessTypeDto accessTypeDto, AccessType access,
-                                  String username, Long userId) throws UserNotFoundException, NotAllowedException,
+                                  String username, String userId) throws UserNotFoundException, NotAllowedException,
            QueryMalformedException, DatabaseNotFoundException, DatabaseMalformedException {
        final DatabaseModifyAccessDto request = DatabaseModifyAccessDto.builder()
                .type(accessTypeDto)

--- a/fda-database-service/services/src/main/java/at/tuwien/repository/jpa/DatabaseAccessRepository.java
+++ b/fda-database-service/services/src/main/java/at/tuwien/repository/jpa/DatabaseAccessRepository.java
@@ -12,9 +12,9 @@ import java.util.Optional;
 @Repository
 public interface DatabaseAccessRepository extends JpaRepository<DatabaseAccess, Long> {

-    void deleteByHdbidAndHuserid(Long databaseId, Long userId);
+    void deleteByHdbidAndHuserid(Long databaseId, String userId);

-    Optional<DatabaseAccess> findByHdbidAndHuserid(Long databaseId, Long userId);
+    Optional<DatabaseAccess> findByHdbidAndHuserid(Long databaseId, String userId);

    List<DatabaseAccess> findByHdbid(Long databaseId);


--- a/fda-identifier-service/rest-service/src/test/java/at/tuwien/BaseUnitTest.java
+++ b/fda-identifier-service/rest-service/src/test/java/at/tuwien/BaseUnitTest.java
@@ -16,6 +16,7 @@ import at.tuwien.entities.identifier.*;
 import at.tuwien.entities.user.RoleType;
 import at.tuwien.entities.user.User;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.test.context.TestPropertySource;
@@ -32,7 +33,7 @@ public abstract class BaseUnitTest {

    public final static String JWT_1 = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJtd2Vpc2UiLCJybmQiOjk2NjIyNzAwMCwiZXhwIjoxNjczODg2MDk5LCJpYXQiOjE2NzM3OTk2OTl9.y1jqokCfZE7c_Ztt_nLQlf73jCYXPH5TZpCvo3RwS0C5azyrqLh03bphl6R8A24g6Kv_3qjzvnubNIwmO7y7pA";

-    public final static Long USER_1_ID = 1L;
+    public final static String USER_1_ID = "090dc12a-a46a-4515-b1f0-cff697d5f985";
    public final static String USER_1_USERNAME = "junit";
    public final static String USER_1_PASSWORD = "junit";
    public final static String USER_1_DATABASE_PASSWORD = "*A8C67ABBEAE837AABCF49680A157D85D44A117E9";
@@ -89,7 +90,7 @@ public abstract class BaseUnitTest {
    public final static Principal USER_1_PRINCIPAL = new UsernamePasswordAuthenticationToken(USER_1_DETAILS,
            USER_1_PASSWORD, USER_1_DETAILS.getAuthorities());

-    public final static Long USER_2_ID = 2L;
+    public final static String USER_2_ID = "0153f998-bd4c-4154-993e-75c355499044";
    public final static String USER_2_USERNAME = "junit2";
    public final static String USER_2_PASSWORD = "junit2";
    public final static String USER_2_DATABASE_PASSWORD = "*A8C67ABBEAE837AABCF49680A157D85D44A117E9";
@@ -134,15 +135,18 @@ public abstract class BaseUnitTest {
    public final static Principal USER_2_PRINCIPAL = new UsernamePasswordAuthenticationToken(USER_2_DETAILS,
            USER_2_PASSWORD, USER_2_DETAILS.getAuthorities());

-    public final static String USER_3_USERNAME = "junit3";
-    public final static String USER_3_PASSWORD = "junit3";
-    public final static String USER_3_DATABASE_PASSWORD = "*A8C67ABBEAE837AABCF49680A157D85D44A117E9";
-    public final static String USER_3_EMAIL = "junit3@example.com";
-    public final static Boolean USER_3_EMAIL_VERIFIED = true;
+    public final static String USER_3_ID = "fea123c7-1851-4e01-969a-53407fa6a451";
+    public final static String USER_3_USERNAME = "steward";
+    public final static String USER_3_EMAIL = "steward@gmail.com";
+    public final static Boolean USER_3_EMAIL_VERIFIED = false;
    public final static Boolean USER_3_THEME_DARK = false;
+    public final static String USER_3_PASSWORD = "p455w0rdh45";
+    public final static String USER_3_DATABASE_PASSWORD = "*A8C67ABBEAE837AABCF49680A157D85D44A117E9";
+    public final static RoleType USER_3_ROLE_TYPE = RoleType.ROLE_DATA_STEWARD;
    public final static Instant USER_3_CREATED = Instant.now()
            .minus(1, ChronoUnit.DAYS);
    public final static Instant USER_3_LAST_MODIFIED = USER_3_CREATED;
+    public final static GrantedAuthority USER_3_AUTHORITY = new SimpleGrantedAuthority("ROLE_DATA_STEWARD");

    public final static User USER_3 = User.builder()
            .username(USER_3_USERNAME)

--- a/fda-metadata-db/api/src/main/java/at/tuwien/api/auth/RealmAccessDto.java
+++ b/fda-metadata-db/api/src/main/java/at/tuwien/api/auth/RealmAccessDto.java
+package at.tuwien.api.auth;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.*;
+
+import javax.validation.constraints.NotNull;
+
+@Getter
+@Setter
+@ToString
+@Builder
+@AllArgsConstructor
+@NoArgsConstructor
+public class RealmAccessDto {
+
+    @NotNull
+    @Schema(description = "list of roles associated to the user", example = "[\"create-container\",\"create-database\"]")
+    private String[] roles;
+
+
+
+}
--- a/fda-metadata-db/api/src/main/java/at/tuwien/api/auth/TokenIntrospectDto.java
+++ b/fda-metadata-db/api/src/main/java/at/tuwien/api/auth/TokenIntrospectDto.java
+package at.tuwien.api.auth;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.*;
+
+import javax.validation.constraints.NotNull;
+
+@Getter
+@Setter
+@ToString
+@Builder
+@AllArgsConstructor
+@NoArgsConstructor
+public class TokenIntrospectDto {
+
+    @NotNull
+    @Schema(description = "expiration timestamp", example = "1679602372")
+    private Long exp;
+
+    @NotNull
+    @Schema(example = "1679602072")
+    private Long iat;
+
+    @NotNull
+    @Schema(example = "6aa375aa-d5bb-4b1e-9f89-347084a739e3")
+    private String jti;
+
+    @NotNull
+    @Schema(description = "issuer", example = "6aa375aa-d5bb-4b1e-9f89-347084a739e3")
+    private String iss;
+
+    @NotNull
+    @Schema(description = "user id", example = "9670828b-8159-4642-be19-e77ca018e644")
+    private String sub;
+
+    @NotNull
+    @Schema(description = "type", example = "Bearer")
+    private String typ;
+
+    @NotNull
+    @Schema(example = "0170887f-4ffc-4bb7-9292-9334132cd430")
+    private String azp;
+
+    @NotNull
+    @Schema(example = "0170887f-4ffc-4bb7-9292-9334132cd430")
+    @JsonProperty("session_state")
+    private String sessionState;
+
+    @NotNull
+    @Schema(example = "1")
+    private Integer acr;
+
+    @NotNull
+    @JsonProperty("allowed-origins")
+    @Schema(example = "[\"*\"]")
+    private String[] allowedOrigins;
+
+    @NotNull
+    @JsonProperty("realm_access")
+    private RealmAccessDto realmAccess;
+
+    @NotNull
+    @JsonProperty("client_id")
+    @Schema(example = "dbrepo-client")
+    private String clientId;
+
+    @NotNull
+    @JsonProperty("preferred_username")
+    @Schema(example = "jdoe")
+    private String username;
+
+    @NotNull
+    @Schema(example = "openid email profile")
+    private String scope;
+
+    @NotNull
+    @Schema(example = "true")
+    private Boolean active;
+
+}
--- a/fda-metadata-db/api/src/main/java/at/tuwien/api/database/ViewBriefDto.java
+++ b/fda-metadata-db/api/src/main/java/at/tuwien/api/database/ViewBriefDto.java
@@ -52,7 +52,7 @@ public class ViewBriefDto {
    private Instant created;

    @JsonIgnore
-    private Long createdBy;
+    private String createdBy;

    @NotNull
    private UserDto creator;