Skip to content
Snippets Groups Projects
Unverified Commit 645fd8c7 authored by Martin Weise's avatar Martin Weise
Browse files

Merge branch '122-test-amqp' into public-instance

parents 98c0c8da 67804dd9
No related branches found
No related tags found
3 merge requests!81New stable release,!43Merge dev to master,!36Resolve "Test AMQP"
Show whitespace changes
Inline Side-by-side
Showing
with 311 additions and 876 deletions
docker-compose.prod.yml
+ 126
59
View file @ 645fd8c7
......@@ -31,9 +31,12 @@ services:
build: ./fda-metadata-db
image: fda-metadata-db
networks:
- fda-public
fda-public:
ipv4_address: 172.29.0.5
volumes:
- fda-metadata-db-data:/var/lib/postgresql/data
ports:
- "5432:5432"
environment:
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
......@@ -46,9 +49,11 @@ services:
restart: on-failure
container_name: fda-discovery-service
hostname: fda-discovery-service
image: docker.ossdip.at/fda-discovery-service:latest
build: ./fda-discovery-service
image: fda-discovery-service
networks:
- fda-public
fda-public:
ipv4_address: 172.29.0.4
environment:
SPRING_PROFILES_ACTIVE: docker
TZ: Europe/Vienna
......@@ -61,19 +66,19 @@ services:
restart: on-failure
container_name: fda-gateway-service
hostname: fda-gateway-service
image: docker.ossdip.at/fda-gateway-service:latest
build: ./fda-gateway-service
image: fda-gateway-service
networks:
fda-public:
aliases:
- fda-gateway-service
ipv4_address: 172.29.0.2
environment:
SPRING_PROFILES_ACTIVE: docker
TZ: Europe/Vienna
ports:
- "9095:9095"
depends_on:
fda-container-service:
condition: service_healthy
fda-authentication-service:
condition: service_healthy
fda-database-service:
condition: service_healthy
fda-table-service:
......@@ -87,13 +92,17 @@ services:
restart: on-failure
container_name: fda-database-service
hostname: fda-database-service
image: docker.ossdip.at/fda-database-service:latest
build: ./fda-database-service
image: fda-database-service
networks:
- fda-userdb
- fda-public
fda-userdb:
fda-public:
ipv4_address: 172.29.0.9
environment:
SPRING_PROFILES_ACTIVE: docker,seeder
SPRING_PROFILES_ACTIVE: docker
TZ: Europe/Vienna
ports:
- "9092:9092"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
depends_on:
......@@ -112,12 +121,16 @@ services:
restart: on-failure
container_name: fda-container-service
hostname: fda-container-service
image: docker.ossdip.at/fda-container-service:latest
build: ./fda-container-service
image: fda-container-service
networks:
- fda-public
fda-public:
ipv4_address: 172.29.0.8
environment:
SPRING_PROFILES_ACTIVE: docker,seeder
TZ: Europe/Vienna
ports:
- "9091:9091"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
depends_on:
......@@ -132,20 +145,25 @@ services:
restart: on-failure
container_name: fda-authentication-service
hostname: fda-authentication-service
image: docker.ossdip.at/fda-authentication-service:latest
image: fda-authentication-service
build: fda-authentication-service
networks:
- fda-public
fda-public:
ipv4_address: 172.29.0.14
volumes:
- /tmp:/tmp
environment:
SERVER_NAME: dbrepo.ossdip.at
SPRING_PROFILES_ACTIVE: docker
KEY_STORE_PASSWORD: "${KEY_STORE_PASSWORD:-dbrepo}"
SAML_SIGN_PASSWORD: "${SAML_SIGN_PASSWORD}"
TZ: Europe/Vienna
ports:
- "9097:9097"
depends_on:
fda-metadata-db:
condition: service_healthy
fda-discovery-service:
condition: service_healthy
fda-gateway-service:
condition: service_healthy
fda-discovery-service:
condition: service_healthy
logging:
......@@ -155,13 +173,17 @@ services:
restart: on-failure
container_name: fda-query-service
hostname: fda-query-service
image: docker.ossdip.at/fda-query-service:latest
build: ./fda-query-service
image: fda-query-service
networks:
- fda-public
- fda-userdb
fda-public:
ipv4_address: 172.29.0.12
fda-userdb:
environment:
SPRING_PROFILES_ACTIVE: docker,seeder
SPRING_PROFILES_ACTIVE: docker
TZ: Europe/Vienna
ports:
- "9093:9093"
volumes:
- /tmp:/tmp
depends_on:
......@@ -180,14 +202,18 @@ services:
restart: on-failure
container_name: fda-table-service
hostname: fda-table-service
image: docker.ossdip.at/fda-table-service:latest
build: ./fda-table-service
image: fda-table-service
networks:
- fda-public
- fda-userdb
fda-public:
ipv4_address: 172.29.0.11
fda-userdb:
environment:
SPRING_PROFILES_ACTIVE: docker,seeder
SPRING_PROFILES_ACTIVE: docker
multipart.location: /tmp
TZ: Europe/Vienna
ports:
- "9094:9094"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /tmp:/tmp
......@@ -205,38 +231,43 @@ services:
logging:
driver: json-file
# fda-citation-service:
# restart: on-failure
# container_name: fda-citation-service
# hostname: fda-citation-service
# build: ./fda-citation-service
# image: fda-citation-service
# networks:
# - fda-public
# environment:
# SPRING_PROFILES_ACTIVE: docker
# TZ: Europe/Vienna
# ports:
# - "9096:9096"
# depends_on:
# fda-metadata-db:
# condition: service_healthy
# fda-discovery-service:
# condition: service_healthy
# fda-table-service:
# condition: service_healthy
fda-identifier-service:
restart: on-failure
container_name: fda-identifier-service
hostname: fda-identifier-service
build: ./fda-identifier-service
image: fda-identifier-service
networks:
fda-public:
ipv4_address: 172.29.0.13
environment:
SPRING_PROFILES_ACTIVE: docker
TZ: Europe/Vienna
ports:
- "9096:9096"
depends_on:
fda-metadata-db:
condition: service_healthy
fda-discovery-service:
condition: service_healthy
fda-query-service:
condition: service_healthy
fda-analyse-service:
restart: on-failure
container_name: fda-analyse-service
hostname: fda-analyse-service
image: docker.ossdip.at/fda-analyse-service:latest
build: ./fda-analyse-service
image: fda-analyse-service
networks:
- fda-public
- fda-userdb
fda-public:
ipv4_address: 172.29.0.10
fda-userdb:
command: sh -c "/wait && flask run" # docker-compose should not test the implementation
environment:
EUREKA_SERVER: http://fda-discovery-service:9090/eureka/
ports:
- "5000:5000"
volumes:
- /tmp:/tmp
- /var/run/docker.sock:/var/run/docker.sock
......@@ -248,15 +279,43 @@ services:
logging:
driver: json-file
fda-units-service:
restart: on-failure
container_name: fda-units-service
hostname: fda-units-service
build: ./fda-units-service
image: fda-units-service
networks:
fda-public:
ipv4_address: 172.29.0.7
environment:
EUREKA_SERVER: http://fda-discovery-service:9090/eureka/
TZ: Europe/Vienna
ports:
- "5010:5010"
volumes:
- /tmp:/tmp
- /var/run/docker.sock:/var/run/docker.sock
depends_on:
fda-discovery-service:
condition: service_healthy
logging:
driver: json-file
fda-broker-service:
restart: on-failure
container_name: fda-broker-service
hostname: fda-broker-service
image: docker.ossdip.at/fda-broker-service:latest
build: ./fda-broker-service
image: fda-broker-service
environment:
TZ: Europe/Vienna
networks:
- fda-public
fda-public:
ipv4_address: 172.29.0.3
ports:
- "5672:5672"
- "15672:15672"
volumes:
- fda-broker-service-data:/var/lib/rabbitmq/
logging:
......@@ -269,7 +328,8 @@ services:
image: elasticsearch:7.13.4
command: ["elasticsearch"]
networks:
- fda-public
fda-public:
ipv4_address: 172.29.0.6
environment:
- discovery.type=single-node
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
......@@ -277,6 +337,9 @@ services:
depends_on:
fda-discovery-service:
condition: service_healthy
ports:
- 9200:9200
- 9600:9600
logging:
driver: json-file
......@@ -284,20 +347,24 @@ services:
restart: on-failure
container_name: fda-ui
hostname: fda-ui
image: docker.ossdip.at/fda-ui:latest
build: ./fda-ui
image: fda-ui
networks:
- fda-public
fda-public:
ipv4_address: 172.29.0.15
ports:
- "443:3000"
- "3000:3000"
volumes:
- /tmp:/tmp
- "./fda-ui/.prod:/certs"
depends_on:
fda-gateway-service:
condition: service_healthy
fda-discovery-service:
condition: service_healthy
environment:
HOST: 0.0.0.0
API: http://fda-gateway-service:9095
KEY: "${UI_KEY}"
CERT: "${UI_CERT}"
TZ: Europe/Vienna
logging:
driver: json-file
\ No newline at end of file
docker-compose.sensors.yml 0 → 100644
+ 19
0
View file @ 645fd8c7
version: "3.6"
services:
fda-sensor-computer:
restart: on-failure
container_name: fda-sensor-computer
hostname: fda-sensor-computer
build: ./fda-sensor-computer
image: fda-sensor-computer
networks:
fda-public:
environment:
TZ: Europe/Vienna
volumes:
- /sys/class/thermal:/thermal
- /sys/class/hwmon:/hwmon
logging:
driver: json-file
\ No newline at end of file
docker-compose.yml
+ 49
29
View file @ 645fd8c7
......@@ -76,15 +76,6 @@ services:
TZ: Europe/Vienna
ports:
- "9095:9095"
depends_on:
fda-container-service:
condition: service_healthy
fda-database-service:
condition: service_healthy
fda-table-service:
condition: service_healthy
fda-query-service:
condition: service_healthy
logging:
driver: json-file
......@@ -108,6 +99,8 @@ services:
depends_on:
fda-discovery-service:
condition: service_healthy
fda-authentication-service:
condition: service_healthy
fda-broker-service:
condition: service_healthy
fda-metadata-db:
......@@ -136,11 +129,37 @@ services:
depends_on:
fda-discovery-service:
condition: service_healthy
fda-authentication-service:
condition: service_healthy
fda-metadata-db:
condition: service_healthy
logging:
driver: json-file
fda-authentication-service:
restart: on-failure
container_name: fda-authentication-service
hostname: fda-authentication-service
image: fda-authentication-service
build: fda-authentication-service
networks:
fda-public:
ipv4_address: 172.29.0.14
environment:
SPRING_PROFILES_ACTIVE: docker
TZ: Europe/Vienna
ports:
- "9097:9097"
depends_on:
fda-metadata-db:
condition: service_healthy
fda-discovery-service:
condition: service_healthy
fda-discovery-service:
condition: service_healthy
logging:
driver: json-file
fda-query-service:
restart: on-failure
container_name: fda-query-service
......@@ -163,6 +182,8 @@ services:
condition: service_healthy
fda-container-service:
condition: service_healthy
fda-authentication-service:
condition: service_healthy
fda-table-service:
condition: service_healthy
fda-metadata-db:
......@@ -194,6 +215,8 @@ services:
condition: service_healthy
fda-discovery-service:
condition: service_healthy
fda-authentication-service:
condition: service_healthy
fda-broker-service:
condition: service_healthy
fda-database-service:
......@@ -220,6 +243,8 @@ services:
depends_on:
fda-metadata-db:
condition: service_healthy
fda-authentication-service:
condition: service_healthy
fda-discovery-service:
condition: service_healthy
fda-query-service:
......@@ -322,16 +347,25 @@ services:
build: ./fda-ui
image: fda-ui
networks:
- fda-public
fda-public:
ipv4_address: 172.29.0.15
ports:
- "3000:3000"
volumes:
- /tmp:/tmp
- "./fda-ui/.prod:/certs"
depends_on:
fda-gateway-service:
fda-container-service:
condition: service_healthy
fda-discovery-service:
fda-database-service:
condition: service_healthy
fda-table-service:
condition: service_healthy
fda-query-service:
condition: service_healthy
fda-identifier-service:
condition: service_healthy
fda-authentication-service:
condition: service_healthy
environment:
HOST: 0.0.0.0
......@@ -339,17 +373,3 @@ services:
TZ: Europe/Vienna
logging:
driver: json-file
\ No newline at end of file
fda-producer-btc:
container_name: fda-producer-btc
hostname: fda-producer-btc
build: ./fda-producer-btc
image: fda-producer-btc
networks:
fda-public:
ipv4_address: 172.29.0.254
environment:
API_KEY: "${API_KEY}"
API_SECRET: "${API_SECRET}"
logging:
driver: json-file
fda-authentication-service/Dockerfile
+ 1
1
View file @ 645fd8c7
......@@ -16,7 +16,7 @@ COPY ./services ./services
COPY ./report ./report
# Make sure it compiles
RUN mvn -q clean package -DskipTests > /dev/null
RUN mvn -q clean package -DskipTests
###### THIRD STAGE ######
FROM openjdk:11-jre-slim as runtime
......
fda-authentication-service/pom.xml
+ 14
41
View file @ 645fd8c7
......@@ -30,8 +30,6 @@
<jacoco.version>0.8.7</jacoco.version>
<spring-saml.version>1.0.10.RELEASE</spring-saml.version>
<javax-rs.version>2.1.1</javax-rs.version>
<opensaml.version>2.6.4</opensaml.version>
<docker.version>3.2.7</docker.version>
</properties>
<dependencies>
......@@ -40,36 +38,22 @@
<artifactId>spring-boot-starter-validation</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-bootstrap</artifactId>
<version>${spring-cloud.version}</version>
</dependency>
<dependency>
<groupId>javax.ws.rs</groupId>
<artifactId>javax.ws.rs-api</artifactId>
<version>${javax-rs.version}</version>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!-- SAML -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security.extensions</groupId>
<artifactId>spring-security-saml2-core</artifactId>
<version>${spring-saml.version}</version>
<exclusions>
<!-- override since 2.6.6 is not available anymore -->
<exclusion>
<groupId>org.opensaml</groupId>
<artifactId>opensaml</artifactId>
</exclusion>
</exclusions>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-bootstrap</artifactId>
<version>${spring-cloud.version}</version>
</dependency>
<dependency>
<groupId>org.opensaml</groupId>
<artifactId>opensaml</artifactId>
<version>${opensaml.version}</version>
<groupId>javax.ws.rs</groupId>
<artifactId>javax.ws.rs-api</artifactId>
<version>${javax-rs.version}</version>
</dependency>
<!-- Entity and API -->
<dependency>
......@@ -106,23 +90,6 @@
<artifactId>jacoco-maven-plugin</artifactId>
<version>${jacoco.version}</version>
</dependency>
<!-- Docker -->
<dependency>
<groupId>com.github.docker-java</groupId>
<artifactId>docker-java</artifactId>
<version>${docker.version}</version>
<exclusions>
<exclusion>
<groupId>javax.ws.rs</groupId>
<artifactId>jsr311-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>com.github.docker-java</groupId>
<artifactId>docker-java-transport-httpclient5</artifactId>
<version>${docker.version}</version>
</dependency>
<!-- DataSource -->
<dependency>
<groupId>com.h2database</groupId>
......@@ -146,6 +113,12 @@
<artifactId>mapstruct</artifactId>
<version>${mapstruct.version}</version>
</dependency>
<!-- JWT -->
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>3.18.3</version>
</dependency>
<!-- Swagger -->
<dependency>
<groupId>io.springfox</groupId>
......
fda-authentication-service/report/pom.xml
+ 2
38
View file @ 645fd8c7
......@@ -9,48 +9,12 @@
<version>0.0.1-SNAPSHOT</version>
</parent>
<artifactId>report</artifactId>
<artifactId>api</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>fda-authentication-service-report</name>
<name>fda-authentication-service-api</name>
<description>
This module is only intended for the pipeline coverage report. See the detailed report in the
respective modules
</description>
<properties>
<jacoco.version>0.8.7</jacoco.version>
</properties>
<dependencies>
<dependency>
<groupId>at.tuwien</groupId>
<artifactId>rest-service</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>at.tuwien</groupId>
<artifactId>services</artifactId>
<version>${project.version}</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<version>${jacoco.version}</version>
<executions>
<execution>
<id>report-aggregate</id>
<phase>verify</phase>
<goals>
<goal>report-aggregate</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
</project>
\ No newline at end of file
fda-authentication-service/rest-service/src/main/java/at/tuwien/config/FdaProperties.java deleted 100644 → 0
+ 0
37
View file @ 98c0c8da
package at.tuwien.config;
import lombok.Getter;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
@Getter
@Configuration
@PropertySource("classpath:fda.properties")
public class FdaProperties {
@Value("${fda.idp.entity-id}")
private String entityId;
@Value("${fda.idp.metadata}")
private String metadataUrl;
@Value("${fda.sp.signkey}")
private String signKeyAlias;
@Value("${fda.sp.base-url}")
private String baseUrl;
@Value("${fda.sp.login.success-url}")
private String loginSuccessUrl;
@Value("${fda.sp.login.failure-url}")
private String loginFailureUrl;
@Value("${fda.sp.logout.success-url}")
private String logoutSuccessUrl;
@Value("${fda.saml.sign-password}")
private String samlSignPassword;
}
\ No newline at end of file
fda-authentication-service/rest-service/src/main/java/at/tuwien/config/SamlSecurityConfig.java deleted 100644 → 0
+ 0
341
View file @ 98c0c8da
package at.tuwien.config;
import at.tuwien.bootstrap.FdaSamlBootstrap;
import at.tuwien.service.impl.AuthenticationServiceImpl;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.MultiThreadedHttpConnectionManager;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.parse.StaticBasicParserPool;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.support.PropertySourcesPlaceholderConfigurer;
import org.springframework.core.io.DefaultResourceLoader;
import org.springframework.core.io.Resource;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.saml.*;
import org.springframework.security.saml.context.SAMLContextProviderImpl;
import org.springframework.security.saml.key.JKSKeyManager;
import org.springframework.security.saml.key.KeyManager;
import org.springframework.security.saml.log.SAMLDefaultLogger;
import org.springframework.security.saml.metadata.*;
import org.springframework.security.saml.parser.ParserPoolHolder;
import org.springframework.security.saml.processor.HTTPPostBinding;
import org.springframework.security.saml.processor.HTTPRedirectDeflateBinding;
import org.springframework.security.saml.processor.SAMLProcessor;
import org.springframework.security.saml.processor.SAMLProcessorImpl;
import org.springframework.security.saml.storage.EmptyStorageFactory;
import org.springframework.security.saml.util.VelocityFactory;
import org.springframework.security.saml.websso.*;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import java.util.*;
@Configuration
@EnableWebSecurity
@ComponentScan(basePackages = {"org.springframework.security.saml"})
public class SamlSecurityConfig extends WebSecurityConfigurerAdapter {
private final AuthenticationServiceImpl userService;
private final FdaProperties fdaProperties;
private final SslProperties sslProperties;
@Autowired
public SamlSecurityConfig(AuthenticationServiceImpl userService, FdaProperties fdaProperties, SslProperties sslProperties) {
this.userService = userService;
this.fdaProperties = fdaProperties;
this.sslProperties = sslProperties;
}
@Bean
public static PropertySourcesPlaceholderConfigurer propertySourcesPlaceholderConfigurer() {
return new PropertySourcesPlaceholderConfigurer();
}
@Bean
public static SAMLBootstrap samlBootstrap() {
return new FdaSamlBootstrap();
}
@Bean
public SAMLContextProviderImpl contextProvider() {
SAMLContextProviderImpl samlContextProvider = new SAMLContextProviderImpl();
samlContextProvider.setStorageFactory(emptyStorageFactory());
return samlContextProvider;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/**").fullyAuthenticated()
.antMatchers("/saml/**").permitAll()
.anyRequest()
.authenticated();
http.exceptionHandling().defaultAuthenticationEntryPointFor(samlEntryPoint(), new AntPathRequestMatcher("/"));
http.csrf().disable();
http.addFilterBefore(metadataGeneratorFilter(), ChannelProcessingFilter.class);
http.addFilterAfter(samlFilter(), BasicAuthenticationFilter.class);
}
@Override
public void configure(WebSecurity web) {
web.ignoring()
.antMatchers("/templates/**")
.antMatchers("/login")
.antMatchers("/static/**");
}
@Override
protected void configure(AuthenticationManagerBuilder auth) {
auth.authenticationProvider(samlAuthenticationProvider());
}
@Bean
public FilterChainProxy samlFilter() throws Exception {
List<SecurityFilterChain> chains = new ArrayList<>();
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/login/**"),
samlEntryPoint()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/logout/**"),
samlLogoutFilter()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/metadata/**"),
metadataDisplayFilter()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SSO/**"),
samlWebSSOProcessingFilter()));
chains.add(new DefaultSecurityFilterChain(new AntPathRequestMatcher("/saml/SingleLogout/**"),
samlLogoutProcessingFilter()));
return new FilterChainProxy(chains);
}
@Bean
public SAMLLogoutProcessingFilter samlLogoutProcessingFilter() {
return new SAMLLogoutProcessingFilter(successLogoutHandler(), logoutHandler());
}
@Bean
public SAMLAuthenticationProvider samlAuthenticationProvider() {
SAMLAuthenticationProvider samlAuthenticationProvider = new SAMLAuthenticationProvider();
samlAuthenticationProvider.setUserDetails(userService);
samlAuthenticationProvider.setForcePrincipalAsString(false);
return samlAuthenticationProvider;
}
@Bean
public SAMLEntryPoint samlEntryPoint() {
SAMLEntryPoint samlEntryPoint = new SAMLEntryPoint();
samlEntryPoint.setDefaultProfileOptions(defaultWebSSOProfileOptions());
return samlEntryPoint;
}
@Bean
public WebSSOProfileOptions defaultWebSSOProfileOptions() {
WebSSOProfileOptions webSSOProfileOptions = new WebSSOProfileOptions();
webSSOProfileOptions.setIncludeScoping(false);
return webSSOProfileOptions;
}
@Bean
public SAMLProcessingFilter samlWebSSOProcessingFilter() throws Exception {
SAMLProcessingFilter samlWebSSOProcessingFilter = new SAMLProcessingFilter();
samlWebSSOProcessingFilter.setAuthenticationManager(authenticationManager());
samlWebSSOProcessingFilter.setAuthenticationSuccessHandler(successRedirectHandler());
samlWebSSOProcessingFilter.setAuthenticationFailureHandler(failureRedirectHandler());
return samlWebSSOProcessingFilter;
}
@Bean
public SavedRequestAwareAuthenticationSuccessHandler successRedirectHandler() {
SavedRequestAwareAuthenticationSuccessHandler successRedirectHandler =
new SavedRequestAwareAuthenticationSuccessHandler();
successRedirectHandler.setDefaultTargetUrl("/");
return successRedirectHandler;
}
@Bean
public SimpleUrlAuthenticationFailureHandler failureRedirectHandler() {
SimpleUrlAuthenticationFailureHandler simpleUrlAuthenticationFailureHandler =
new SimpleUrlAuthenticationFailureHandler();
simpleUrlAuthenticationFailureHandler.setUseForward(true);
simpleUrlAuthenticationFailureHandler.setDefaultFailureUrl("/error.html");
return simpleUrlAuthenticationFailureHandler;
}
@Bean
public SAMLLogoutFilter samlLogoutFilter() {
return new SAMLLogoutFilter(successLogoutHandler(), new LogoutHandler[]{logoutHandler()},
new LogoutHandler[]{logoutHandler()});
}
@Bean
public SimpleUrlLogoutSuccessHandler successLogoutHandler() {
SimpleUrlLogoutSuccessHandler simpleUrlLogoutSuccessHandler = new SimpleUrlLogoutSuccessHandler();
simpleUrlLogoutSuccessHandler.setDefaultTargetUrl("/login");
simpleUrlLogoutSuccessHandler.setAlwaysUseDefaultTargetUrl(true);
return simpleUrlLogoutSuccessHandler;
}
@Bean
public SecurityContextLogoutHandler logoutHandler() {
SecurityContextLogoutHandler logoutHandler = new SecurityContextLogoutHandler();
logoutHandler.setInvalidateHttpSession(true);
logoutHandler.setClearAuthentication(true);
return logoutHandler;
}
@Bean
public MetadataDisplayFilter metadataDisplayFilter() {
return new MetadataDisplayFilter();
}
@Bean
public KeyManager keyManager() {
final DefaultResourceLoader loader = new DefaultResourceLoader();
final Resource storeFile = loader.getResource(sslProperties.getSslKeyStore());
final Map<String, String> passwords = new HashMap<>();
passwords.put(sslProperties.getSslKeyAlias(), sslProperties.getSslKeyStorePassword());
passwords.put("saml", fdaProperties.getSamlSignPassword());
passwords.put("saml-test", fdaProperties.getSamlSignPassword());
return new JKSKeyManager(storeFile, sslProperties.getSslKeyStorePassword(), passwords,
sslProperties.getSslKeyAlias());
}
@Bean
public SAMLProcessor processor() {
return new SAMLProcessorImpl(Arrays.asList(httpPostBinding(), httpRedirectDeflateBinding()));
}
@Bean
public SAMLDefaultLogger samlLogger() {
SAMLDefaultLogger samlDefaultLogger = new SAMLDefaultLogger();
samlDefaultLogger.setLogMessages(true);
return samlDefaultLogger;
}
@Bean
public EmptyStorageFactory emptyStorageFactory() {
return new EmptyStorageFactory();
}
@Bean
public WebSSOProfile webSSOprofile() {
return new WebSSOProfileImpl();
}
@Bean
public WebSSOProfileConsumerHoKImpl hokWebSSOProfile() {
return new WebSSOProfileConsumerHoKImpl();
}
@Bean
public WebSSOProfileConsumer webSSOprofileConsumer() {
return new WebSSOProfileConsumerImpl();
}
@Bean
public WebSSOProfileConsumerHoKImpl hokWebSSOprofileConsumer() {
return new WebSSOProfileConsumerHoKImpl();
}
@Bean
public SingleLogoutProfile logoutprofile() {
return new SingleLogoutProfileImpl();
}
@Bean
public MetadataGeneratorFilter metadataGeneratorFilter() {
return new MetadataGeneratorFilter(metadataGenerator());
}
@Bean
public MetadataGenerator metadataGenerator() {
MetadataGenerator metadataGenerator = new MetadataGenerator();
metadataGenerator.setEntityId(fdaProperties.getEntityId());
metadataGenerator.setExtendedMetadata(extendedMetadata());
metadataGenerator.setIncludeDiscoveryExtension(false);
metadataGenerator.setEntityBaseURL(fdaProperties.getBaseUrl());
metadataGenerator.setKeyManager(keyManager());
return metadataGenerator;
}
@Bean
public ExtendedMetadata extendedMetadata() {
ExtendedMetadata extendedMetadata = new ExtendedMetadata();
extendedMetadata.setIdpDiscoveryEnabled(false);
extendedMetadata.setSignMetadata(false);
return extendedMetadata;
}
@Bean
@Qualifier("metadata")
public CachingMetadataManager metadata() throws MetadataProviderException {
List<MetadataProvider> providers = new ArrayList<>();
providers.add(idpExtendedMetadataProvider());
return new CachingMetadataManager(providers);
}
@Bean
public ExtendedMetadataDelegate idpExtendedMetadataProvider() throws MetadataProviderException {
HTTPMetadataProvider httpMetadataProvider = new HTTPMetadataProvider(backgroundTimer(), httpClient(),
fdaProperties.getMetadataUrl());
httpMetadataProvider.setParserPool(parserPool());
ExtendedMetadataDelegate extendedMetadataDelegate = new ExtendedMetadataDelegate(httpMetadataProvider,
extendedMetadata());
extendedMetadataDelegate.setMetadataTrustCheck(false);
extendedMetadataDelegate.setMetadataRequireSignature(false);
return extendedMetadataDelegate;
}
@Bean
public Timer backgroundTimer() {
return new Timer(true);
}
@Bean
public HttpClient httpClient() {
return new HttpClient(multiThreadedHttpConnectionManager());
}
@Bean
public MultiThreadedHttpConnectionManager multiThreadedHttpConnectionManager() {
return new MultiThreadedHttpConnectionManager();
}
@Bean(initMethod = "initialize")
public StaticBasicParserPool parserPool() {
return new StaticBasicParserPool();
}
@Bean(name = "parserPoolHolder")
public ParserPoolHolder parserPoolHolder() {
return new ParserPoolHolder();
}
@Bean
public HTTPPostBinding httpPostBinding() {
return new HTTPPostBinding(parserPool(), VelocityFactory.getEngine());
}
@Bean
public HTTPRedirectDeflateBinding httpRedirectDeflateBinding() {
return new HTTPRedirectDeflateBinding(parserPool());
}
}
\ No newline at end of file
fda-authentication-service/rest-service/src/main/java/at/tuwien/config/SslProperties.java deleted 100644 → 0
+ 0
23
View file @ 98c0c8da
package at.tuwien.config;
import lombok.Getter;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
@Getter
@Configuration
public class SslProperties {
@Value("${server.ssl.key-alias}")
public String sslKeyAlias;
@Value("${server.ssl.key-store}")
public String sslKeyStore;
@Value("${server.ssl.key-store-password}")
public String sslKeyStorePassword;
@Value("${server.ssl.key-store-type}")
public String sslKeyStoreType;
}
fda-authentication-service/rest-service/src/main/java/at/tuwien/endpoints/AuthenticationEndpoint.java
+ 40
9
View file @ 645fd8c7
package at.tuwien.endpoints;
import at.tuwien.api.auth.JwtResponseDto;
import at.tuwien.api.auth.LoginRequestDto;
import at.tuwien.api.user.UserDto;
import at.tuwien.mapper.UserMapper;
import at.tuwien.service.AuthenticationService;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import lombok.extern.log4j.Log4j2;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.bind.annotation.*;
import javax.validation.Valid;
import java.security.Principal;
@Log4j2
@RestController
......@@ -15,11 +23,34 @@ import org.springframework.web.bind.annotation.RestController;
@RequestMapping("/api/auth")
public class AuthenticationEndpoint {
@RequestMapping("/info")
public ResponseEntity<UserDto> status() {
log.debug("logged in");
return ResponseEntity.ok()
.build();
private final UserMapper userMapper;
private final AuthenticationService authenticationService;
@Autowired
public AuthenticationEndpoint(UserMapper userMapper, AuthenticationService authenticationService) {
this.userMapper = userMapper;
this.authenticationService = authenticationService;
}
@PostMapping
@ApiOperation(value = "Authenticates a user")
@ApiResponses({
@ApiResponse(code = 201, message = "Successfully authenticated a user.")
})
public ResponseEntity<JwtResponseDto> authenticateUser(@Valid @RequestBody LoginRequestDto data) {
final JwtResponseDto response = authenticationService.authenticate(data);
return ResponseEntity.accepted()
.body(response);
}
@PutMapping
@ApiOperation(value = "Authenticates a token")
@ApiResponses({
@ApiResponse(code = 201, message = "Successfully authenticated a user.")
})
public ResponseEntity<UserDto> authenticateUser(Principal principal) {
return ResponseEntity.accepted()
.body(userMapper.principalToUserDto(principal));
}
}
\ No newline at end of file
fda-authentication-service/rest-service/src/main/java/at/tuwien/endpoints/RedirectEndpoint.java deleted 100644 → 0
+ 0
40
View file @ 98c0c8da
package at.tuwien.endpoints;
import at.tuwien.config.FdaProperties;
import at.tuwien.exception.LoginRedirectException;
import lombok.extern.log4j.Log4j2;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.bind.annotation.CrossOrigin;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@Log4j2
@RestController
@CrossOrigin(origins = "*")
@ControllerAdvice
@RequestMapping("/")
public class RedirectEndpoint {
private final FdaProperties fdaProperties;
@Autowired
public RedirectEndpoint(FdaProperties fdaProperties) {
this.fdaProperties = fdaProperties;
}
@RequestMapping("/")
public void index(HttpServletResponse response) throws LoginRedirectException {
log.debug("logged in");
try {
response.sendRedirect(fdaProperties.getLoginSuccessUrl());
} catch (IOException e) {
throw new LoginRedirectException("Sending redirect failed", e);
}
}
}
\ No newline at end of file
fda-authentication-service/rest-service/src/main/java/at/tuwien/endpoints/UserEndpoint.java
+ 34
11
View file @ 645fd8c7
package at.tuwien.endpoints;
import at.tuwien.api.auth.SignupRequestDto;
import at.tuwien.api.user.UserDto;
import at.tuwien.exception.UserNotFoundException;
import at.tuwien.entities.user.User;
import at.tuwien.exception.RoleNotFoundException;
import at.tuwien.exception.UserEmailExistsException;
import at.tuwien.exception.UserNameExistsException;
import at.tuwien.mapper.UserMapper;
import at.tuwien.service.UserService;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiResponse;
import io.swagger.annotations.ApiResponses;
import lombok.extern.log4j.Log4j2;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import javax.validation.Valid;
import java.util.List;
import java.util.stream.Collectors;
......@@ -28,19 +38,32 @@ public class UserEndpoint {
this.userService = userService;
}
@GetMapping("/")
public ResponseEntity<List<UserDto>> findAll() {
final List<UserDto> users = userService.findAll()
.stream()
@GetMapping
@ApiOperation(value = "List the users")
@ApiResponses({
@ApiResponse(code = 200, message = "List the users."),
})
@PreAuthorize("hasRole('ROLE_DATA_STEWARD') or hasRole('ROLE_DEVELOPER')")
public ResponseEntity<List<UserDto>> list() {
final List<User> users = userService.findAll();
return ResponseEntity.ok(users.stream()
.map(userMapper::userToUserDto)
.collect(Collectors.toList());
return ResponseEntity.ok(users);
.collect(Collectors.toList()));
}
@GetMapping("/{id}")
public ResponseEntity<UserDto> findById(@PathVariable("id") Long id) throws UserNotFoundException {
final UserDto user = userMapper.userToUserDto(userService.findById(id));
return ResponseEntity.ok(user);
@PostMapping
@ApiOperation(value = "Register a new user")
@ApiResponses({
@ApiResponse(code = 202, message = "Successfully created a new user."),
@ApiResponse(code = 400, message = "Invalid payload."),
@ApiResponse(code = 409, message = "The username is already taken."),
@ApiResponse(code = 417, message = "The mail is already taken."),
})
public ResponseEntity<UserDto> register(@Valid @RequestBody SignupRequestDto data) throws UserEmailExistsException,
UserNameExistsException, RoleNotFoundException {
final User user = userService.create(data);
return ResponseEntity.status(HttpStatus.CREATED)
.body(userMapper.userToUserDto(user));
}
}
\ No newline at end of file
fda-authentication-service/rest-service/src/main/java/at/tuwien/handlers/ApiExceptionHandler.java
+ 0
37
View file @ 645fd8c7
package at.tuwien.handlers;
import at.tuwien.api.error.ApiErrorDto;
import at.tuwien.exception.*;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.context.request.WebRequest;
import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler;
@ControllerAdvice
public class ApiExceptionHandler extends ResponseEntityExceptionHandler {
@ExceptionHandler({SamlObjectException.class})
public ResponseEntity<Object> handle(SamlObjectException e, WebRequest request) {
final ApiErrorDto response = ApiErrorDto.builder()
.status(HttpStatus.BAD_REQUEST)
.message(e.getLocalizedMessage())
.code("error.auth.invalid")
.build();
return new ResponseEntity<>(response, new HttpHeaders(), response.getStatus());
}
@ExceptionHandler({UserNotFoundException.class})
public ResponseEntity<Object> handle(UserNotFoundException e, WebRequest request) {
final ApiErrorDto response = ApiErrorDto.builder()
.status(HttpStatus.NOT_FOUND)
.message(e.getLocalizedMessage())
.code("error.auth.user-unknown")
.build();
return new ResponseEntity<>(response, new HttpHeaders(), response.getStatus());
}
@ExceptionHandler({LoginRedirectException.class})
public ResponseEntity<Object> handle(LoginRedirectException e, WebRequest request) {
final ApiErrorDto response = ApiErrorDto.builder()
.status(HttpStatus.BAD_GATEWAY)
.message(e.getLocalizedMessage())
.code("error.database.user-redirect")
.build();
return new ResponseEntity<>(response, new HttpHeaders(), response.getStatus());
}
}
\ No newline at end of file
fda-authentication-service/rest-service/src/main/resources/application-docker.yml
+ 12
129
View file @ 645fd8c7
spring:
main.banner-mode: off
datasource:
url: jdbc:h2:mem:testdb
driver-class-name: org.h2.Driver
username: sa
password: sa
url: jdbc:postgresql://fda-metadata-db:5432/fda
driver-class-name: org.postgresql.Driver
username: postgres
password: postgres
jpa:
show-sql: false
database-platform: org.hibernate.dialect.H2Dialect
database-platform: org.hibernate.dialect.PostgreSQLDialect
hibernate:
ddl-auto: create-drop
ddl-auto: validate
open-in-view: false
application:
name: fda-authentication-service
cloud:
loadbalancer.ribbon.enabled: false
saml2:
network:
read-timeout: 10000
connect-timeout: 5000
service-provider:
entity-id: at:tuwien
sign-metadata: true
sign-requests: true
want-assertions-signed: true
single-logout-enabled: true
name-ids:
- urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
- urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
- urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
keys:
active:
name: saml
private-key: |
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIJnDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIh2ZPgD3mFCQCAggA
MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECCFe/ygPmXGYBIIJSEqLBljzZBUp
QRI4DGXaamfXVdkdaTHXbCL0Y4myyvaDklgl5o0Vr17vPdPe2kLfD4JQk7ercyiU
QXYSov8MDOM98U75UazqzPb+duMhj4iPzCYvCX1ixPJPr/9xH6ZaQ70dczaxaciF
lyt0QnVQJT2+k69BWwkV1mOBPb6+OCIjww/jmg9j7bAN3liTPtwJQ3D6XRVrx63U
cZeXTcNcbFDl48PsA46YhYUatWSM+pBxJduwL6JiBToUoVxnxJJME0F9IUIE9AGB
b/kVE5U9FMOLyoCRfvW5l+1DEMcjt0K/YV/fTVdIbkavcrUAXLGsPDSq/yLgmW/7
VYmW7/wqrlDrM7hzuNOlo9E5qsTbvRL6A4wffnx4+lEvPT1gfCI7YaOD2kFfCNw8
Qh1JjNAOrAw50FGbt/jz13TjEyNWK3uRgwzTcaer3uBV+xnEKlCh+IJzV62tZL4I
Yv/XoX1H7XLMF+Bszf5M5eGpI5OKQ9Fufg5dhL/TQpYtTwpUpg5ch0TyiBGG4m6u
BYgatwxPf1DKmrVgx3zteFwwtdp+cicgBFftV1uKWpFEb3umr7TKW3fX7opplfQd
p4kOUHNFCUy0IyJFP0yA4uKVi4ci4VLlb02F+CIHR/YgLdtEwMY7oxmX1V+8u6Wu
8JutnrswslV1rTqeUtT3RTJckBMaLfYf/UZArqIYwG9jIWfyeBqRZsTH3O9N4STf
bt0lpJiOZRXAM1d4ynokZvXhViTuTniJKfs/qOhO7L0kxhRGQRh41ps8eyj3/r8/
MYN0IBzKP2QAh0cN30pi2stutb5Yw+l6MZfFyvQqkAWkxZ55qWRVHyDW/cgYal0p
+TrPCapEl2hHqG9mlos/Ozmu6nLkmGVBTI++F9gXoezYl0loZQ2HEETl7N05HTvg
0otvBbk1avoUs5eucEOmrAaPWLuTXJ/6oxubu4Bl9KOaKNQDLT/Kzp89LlBMZpYT
uOO+670RxOkBu2e4hZhMHwK/mTQ3B3Bbm02OLUSelJAend7lZwyqlcEapYDa7c7Q
Fi9baO9jbSaU11R6wFLR4xst/x62RuXtIh4KqjCs/RSPPNN4CwITm8Y+xGGrx5Iz
8G+mkb0ZFZxOysYpBeUV91ehGMs7OY6yQnfitfSRaeUjJyKO2r1HPiHDs9cxEPtn
mBSn1WkAWtz+drPLkFwy2fThziZgoesYky+oiTJOGa/tUBoK7lN4+KtwejXexQGg
6z5MBMx4Je8auOb3Dl1efZw6o5/s6WpmrE+DKs8fbda0oU2JJbbVSbhim59HoWje
wssPF3aBo2RGRUs/3vSNh57Ntz5W8xfHV0ksmcrKCsRu4mKLfuhVk+FwASUHuurr
Bb82cOF2f8TFecJAMijx8R4jktRtARSoyZ4EbQq5HipCjKC7ami0A5fKVL2s0VFC
ua7uu68BFMFtEE+AJGAUlIbAip7Uc3kxnbd8d+om4pw4pQEmB11ojs1gPDFJ2j9H
t1aroZcDtJEh53pKlqncrqi6o6tmqj2ZrVmpzxJSjnHFQXwte0p/MiECWknxw9ZL
AOuDTM5x5Pj2/IqT/UK21gFXxCTD6zpUEevjbgp6vLJrNOo3Z+qgKr9v5DtTbXjh
3iJ5SSeZSxBuIPPblJXkwBi4g9MPy1FK1c/rWYg/CSRqMpu6ljuJegBMkA8IMiqT
dqYYojrh18dcvbMqw7ZJIyMCcdL73QH/Dl6e4ztX4F7WuIzC8Ws6op1Ol4F80Hjz
+eIScC3YwC98UOupfmu0+W3YuKdW6xD50cnFD7aBcTB5KwNbr+O2AkLXUQTmWgdD
n+OnmZcdWX+1YcNF0krpMmv4Y0eVhkTWQxmHRV6gUm//QaNxRPcxYpymLVRx5Q2h
PCqIXPMLrDDDr+8HPhmCKdTLxNMiDAfLk4miMSNOQptXrWe+1UjYNzXWSVZQMwly
nGHtX8TgYWFdtvtrNWmFdoCFhq/eN6rXOLBJAwt8sYS7xX6JVsqfgMyCoY9xi3y1
IoRvi+2NbRt3M+gVJ+g+ak1yZwMuwCTf0QM6eM3HH2Z97qtYDu+2BRCSzYTPRFud
0ji97x37Skj6u8gJ1aTV5gh6T02Vs+4y/eDwR7EZvWsgPcD9L+wmDSn4X4C6AIPs
QhCepSKV1mJeeaXGLCjmJMiQP5+QKxNfYEOsuYyU1w+m0mLYCKQx+IImNVJo/YPP
V4dxxaK+x5T1G2BHJ+Hyc+5NAh+S9t2F1Ci+X44wEGg4JdyHnr1JOYShqoKh+uAN
ul2BkaOPrGw6u+7EKBTcAcyRfSEk3yTtSQ6dmqYUdsmYJpT+2jMorq3NB02kYNGZ
5PXfwvnkxqs0pRqAvofT1js5RhDi7bHr7YZx64l/7WCucZ/xMZYqFKjv3z3bDnPt
lgvY7qPrI3k5TFIrV9kIKD4iVEXVIo17p77ML1EIcwfihCteX2kZzj1FHrw2JuLP
XR9tqBJ16A33+Yoyg2AdpC207FtjAR6b2VVyYSEGptmjED618atr7tI+cf28360+
NfPMIHy9E+XBtDu+7/3aJgE8mmZnqx+bT0P7x7ZVS44oR/Qdcrs/6jQ9IS0/kGfG
19nhQrW+UeZtCG6eI7RlPjdGgdcGgL7M63LUOSKJYES6sFnwt1bTYZ/RZtYybRb+
/RVqn68pS1mC2PZB9fhDsXB7gyg1aKgK1CjfRAwww1rxoqRJq2DjtYVqMLLOKbik
5opm3JkrjBkDheUe2qJWtToec9zxwxrMjchGtUT6Y0Twclv/WV8MgjEXtypGuG1Y
WTmRy+yahi/PEXDE/a4pZaqLQIcfDbFwiOjzmV04AZgGbRYKzAW9eSOZoZf7eYxp
ZfUvIVHXc95xSTN5JCSK5FmGUBSj8r3W9Fe12tXkW/ka3WENOVbnR2Ay7JV253zh
SaUtRhkI2atbIPtWK9bbud4wtX7YicNlIukkBfI7VaUBdoht65uSp0VuNezE3+qh
thVCdqqFkqN3fCj3Fu63vJSIJQXA9u298nAMqOOEnAKVcIYmeSQqqjm9jjhLTBCi
eB0ovwpKv5xtKtsdLFx0tabBgvHgjO0kJPOnkUPqDgbEIRJhGbo3ETH6XKnzTrs7
bVYZFOVSeJB4lAkBea8TmjHTCuLXAyBWcpZX9e4uMLbqvKwbgq9umIwt4wjxUL8v
r6Fsd8D1f79LRxkg5dM+pg==
-----END ENCRYPTED PRIVATE KEY-----
passphrase: "${SAML_SIGN_PASSWORD}"
certificate: |
-----BEGIN CERTIFICATE-----
MIIGVTCCBD2gAwIBAgIUX+IqATTsZiVivn6etfKiy8KxHUEwDQYJKoZIhvcNAQEL
BQAwgbkxCzAJBgNVBAYTAkFUMQ8wDQYDVQQIDAZWaWVubmExDzANBgNVBAcMBlZp
ZW5uYTEQMA4GA1UECgwHVFUgV2llbjExMC8GA1UECwwoWmVudHJ1bSBmw4PCvHIg
Rm9yc2NodW5nc2RhdGVubWFuYWdlbWVudDEZMBcGA1UEAwwQZGJyZXBvLm9zc2Rp
cC5hdDEoMCYGCSqGSIb3DQEJARYZbWFydGluLndlaXNlQHR1d2llbi5hYy5hdDAe
Fw0yMTExMjgxNzE0NDBaFw0yMjExMjgxNzE0NDBaMIG5MQswCQYDVQQGEwJBVDEP
MA0GA1UECAwGVmllbm5hMQ8wDQYDVQQHDAZWaWVubmExEDAOBgNVBAoMB1RVIFdp
ZW4xMTAvBgNVBAsMKFplbnRydW0gZsODwrxyIEZvcnNjaHVuZ3NkYXRlbm1hbmFn
ZW1lbnQxGTAXBgNVBAMMEGRicmVwby5vc3NkaXAuYXQxKDAmBgkqhkiG9w0BCQEW
GW1hcnRpbi53ZWlzZUB0dXdpZW4uYWMuYXQwggIiMA0GCSqGSIb3DQEBAQUAA4IC
DwAwggIKAoICAQCamfgFkEkCLdt9DI3ceV1HshLW9KsLSAqCUfMmRaa+xk6Q8bc6
h9TMBcCkWHi6uAi/467cOWytxxCEfxiwhu1QRToX3vxRa86rrk5tTrX7BVeWAjka
+VgtANtDkpdKvhNCKzpOTjePRJ3lIv0v+UvOZaWxQnqNkal+dJgqcESVlSCePuxl
1KKe2cz3VqnydbJiXCETiknYFPoHRZhWX4yYzOY5e/divwi+Raadg6jL9iwzqFMC
kYozZSNLtvlFm2NnQeicxVMgLS9COkE4p499uiX0zWKnISHxVSrbSK6/aqXGBDU0
Xt/UNG9y3/AJUIWkdMQ4FQDAZu9P1MwWzrHNfRgDIf4VeK5xf3CY5YibUrfYWoXS
xs/U7L/FwzecScsSlPM/h3BgB0JiSGl5kLWnjhn95FWVYEYZlT95P3/M3hmNaJ9s
G1gsv9sXV6J70qGnkCmaY9ZrMiQBzPYn1ljtPaQjXZumAvueq7tFI9xoeEXfUE6z
GxwQSVmYf3fH/ssJoOn8fJdl6FSEVHH+4IyHJqJjtVhhVwcz3gtNnTiAjQsgImkj
e7GFwKYxdPut73TfWuAPhSq1IS/yCOm4LbxIG2MF8jmXKS/Y9D5suMwMaOAShL6t
zFlhdvaoTGlGNBmQR787WFthr/lZm6kUb761bYT8M3UfZzEHVijts5fPzwIDAQAB
o1MwUTAdBgNVHQ4EFgQUxvKTYCI3VKyE+pgU1hCGz/feF94wHwYDVR0jBBgwFoAU
xvKTYCI3VKyE+pgU1hCGz/feF94wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
AQsFAAOCAgEAFmFXEXrZgs5ckoWyXBc8Fe14QR4SqspxyfuZmIGN7hiQtNKCO6TU
NUipdo8laFAFC5JAo2x6bVXabMjdB7JGWi9JdthBWjLVGOtV9uty5K6jPLU/6nwa
29eotrK389g9sh60FYC0LcyVQu4i6jf9ccZOfHAqWbMwDfogu9yNA8yMYkQBtxB0
xKmg7sveIkH1jixLI5ZbQwRcWguLLXhLppoPROH3yNwWbZ44NjcAyOH90NC5x6xU
ITx3QnItxq4MCgQ+NHcg1FbcIaRbTdJXcBpbjwFFbOVc0vtIbUXarkeDpv6Aaqmp
R4pI/sx0CUgy8HUxXH+Nb49oCvZtkRLkja2E4TmaGTBwSMy6wJT6VBCJZmCiO36P
TgiwQk9OCX4oilX//to4gtGiPo8zlIE7a9QFIHpJeLTMmmv9gt1hCHvf1CxSn476
tc3kVJefGJu7F5xoL7XyRdTWqP6He3rPRgx9S6DSxWwPKdw5xOao747IX5l8dAQq
cNWwC9C2xj8FdnG8dPtS/zMurXElmbAgSnTXbX9f+hgabFSqraK+JLxIYO5SaAUV
ggPfZdUBg6RFDQAgTSXbbRaNR85pA0yMHRIL7TMga89+/iRqGKYL0xJxtEHt7Elp
Ec2c2LjZdbgFCBLeX2R/lYs7JUnwESJSP7kLZwcwJqDyga1ldWiWah4=
-----END CERTIFICATE-----
providers:
- entity-id: at:tuwien
metadata: https://idp.zid.tuwien.ac.at/saml2
link-text: TU Wien IdP Application
alias: tu
server:
port: 9097
ssl:
enabled: true
key-alias: ssl
key-store: file:/tmp/dbrepo.jks
key-store-password: "${KEY_STORE_PASSWORD}"
key-store-type: jks
logging:
pattern.console: "%d %highlight(%-5level) %msg%n"
level:
root: warn
org.springframework.security.saml.: debug
at.tuwien.: debug
eureka:
instance.hostname: fda-authentication-service
client.serviceUrl.defaultZone: http://fda-discovery-service:9090/eureka/
fda.ready.path: /ready
\ No newline at end of file
fda:
ready.path: ./ready
jwt:
issuer: fda-dbrepo
secret: fda-secret
expiration.ms: 86400000
\ No newline at end of file
fda-authentication-service/rest-service/src/main/resources/application.yml
+ 14
15
View file @ 645fd8c7
spring:
main.banner-mode: off
datasource:
url: jdbc:h2:mem:testdb
driver-class-name: org.h2.Driver
username: sa
password: sa
url: jdbc:postgresql://localhost:5432/fda
driver-class-name: org.postgresql.Driver
username: postgres
password: postgres
jpa:
show-sql: false
database-platform: org.hibernate.dialect.H2Dialect
database-platform: org.hibernate.dialect.PostgreSQLDialect
hibernate:
ddl-auto: create-drop
ddl-auto: validate
open-in-view: false
application:
name: fda-authentication-service
......@@ -17,18 +17,17 @@ spring:
loadbalancer.ribbon.enabled: false
server:
port: 9097
ssl:
enabled: true
key-alias: 1
key-store: classpath:saml/dbrepo.jks
key-store-password: ${KEY_STORE_PASSWORD}
key-store-type: jks
logging:
pattern.console: "%d %highlight(%-5level) %msg%n"
level:
root: warn
at.tuwien.: debug
eureka:
instance.hostname: fda-authentication-service
client.serviceUrl.defaultZone: http://fda-discovery-service:9090/eureka/
fda.ready.path: ./ready
\ No newline at end of file
instance.hostname: localhost
client.serviceUrl.defaultZone: http://localhost:9090/eureka/
fda:
ready.path: ./ready
jwt:
issuer: fda-dbrepo
secret: fda-secret
expiration.ms: 86400000
\ No newline at end of file
fda-authentication-service/rest-service/src/main/resources/bin/gen_jks deleted 100755 → 0
+ 0
29
View file @ 98c0c8da
#!/bin/bash
KEY_STORE_LOCATION="/tmp/dbrepo.p12"
JKS_LOCATION="/tmp/dbrepo.jks"
KEY_STORE_ALIAS="1"
KEY_STORE_PASS="dbrepo"
SSL_PASS="dbrepo"
TU_ALIAS="tu"
SAML_STORE_LOCATION="/tmp/saml.p12"
SAML_ALIAS="saml"
SAML_KEY="/tmp/saml_sign.key"
SAML_CERTIFICATE="/tmp/saml_sign.pem"
SAML_PASS="dbrepo"
# GENERATE SSL PRIVATE KEY AND PUBLIC KEY IN KEYSTORE
echo "Generate self-signed certificate ..."
keytool -genkey -keyalg RSA -alias "${KEY_STORE_ALIAS}" -storetype PKCS12 \
-dname "cn=FAIR Data Austria, ou=Zentrum für Forschungsdatenmanagement, o=TU Wien, c=AT, l=Vienna, st=Austria" \
-keystore "${KEY_STORE_LOCATION}" -storepass "${KEY_STORE_PASS}" -validity 3650 \
-keysize 4096 > /dev/null 2>&1
# CONVERT PKCS12 KEYSTORE TO JKS
echo "Convert to .jks ..."
keytool -importkeystore -srckeystore "${KEY_STORE_LOCATION}" -destkeystore "${JKS_LOCATION}" -srcstoretype PKCS12 \
-deststoretype jks -srcstorepass "${KEY_STORE_PASS}" -deststorepass "${KEY_STORE_PASS}" \
-srcalias "${KEY_STORE_ALIAS}" -destalias "${KEY_STORE_ALIAS}" -srckeypass "${SSL_PASS}" \
-destkeypass "${SSL_PASS}"
fda-authentication-service/rest-service/src/main/resources/fda.properties deleted 100644 → 0
+ 0
8
View file @ 98c0c8da
fda.idp.entity-id: at:tuwien
fda.idp.metadata: https://idp.zid.tuwien.ac.at/saml2
fda.sp.signkey: saml
fda.sp.base-url: https://dbrepo.ossdip.at:9097
fda.sp.login.success-url: https://dbrepo.ossdip.at/dashboard
fda.sp.login.failure-url: https://dbrepo.ossdip.at/
fda.sp.logout.success-url: https://dbrepo.ossdip.at/
fda.saml.sign-password: "${SAML_SIGN_PASSWORD}"
\ No newline at end of file
fda-authentication-service/rest-service/src/main/resources/saml/dbrepo.jks deleted 100644 → 0
+ 0
0
View file @ 98c0c8da
File deleted
fda-authentication-service/rest-service/src/main/resources/saml/idp_metadata.xml deleted 100644 → 0
+ 0
29
View file @ 98c0c8da
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://idp.zid.tuwien.ac.at/saml2">
<script/>
<md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:Extensions>
<shibmd:Scope xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" regexp="false">tuwien.ac.at</shibmd:Scope>
</md:Extensions>
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIDnTCCAoWgAwIBAgIJALst+VObcXe1MA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNVBAYTAkFUMQ8wDQYDVQQIDAZWaWVubmExDTALBgNVBAcMBFdpZW4xEDAOBgNVBAoMB1RVIFdpZW4xDDAKBgNVBAsMA1pJRDEWMBQGA1UEAwwNc2ltcGxlU0FNTHBocDAeFw0xNDA0MDkwOTMxMjRaFw0yNDA0MDgwOTMxMjRaMGUxCzAJBgNVBAYTAkFUMQ8wDQYDVQQIDAZWaWVubmExDTALBgNVBAcMBFdpZW4xEDAOBgNVBAoMB1RVIFdpZW4xDDAKBgNVBAsMA1pJRDEWMBQGA1UEAwwNc2ltcGxlU0FNTHBocDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANz8s2nk5tAVH9uCgpR6CCSQN3G9zHLRPaZq0SA7LE8tzbSiBFeOM6JuN4Er3P81pwDPzeIN6Qfmi5Fi5/mdBr2jiNZxH2anwhf6GpRqA6ckP2c3+1fj5vJPX557XdBpf/SlbcS4H0dCQTFZwPmQN1cbvZ5nPg2jT+GiLJv5X2ugfviG2eaM9HTMuWbwSrGMqM3gJz/GYq6mp6llRJ7PgM6/jY4dLcBQ64Xu+8yr2SJ2bDKyJwfYZIUqcyPhjJOcgj10EnZbJAPzSDDQ2yjBC5btBrO6yIGDwZm4lEJ4JshFDHLNbbiK78R5WlZD7gO+vaeT1069wl3ptGHT86dLQXUCAwEAAaNQME4wHQYDVR0OBBYEFJ5pkC4zjbtkq5dUo7N+GfDLam4AMB8GA1UdIwQYMBaAFJ5pkC4zjbtkq5dUo7N+GfDLam4AMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADIEncg+saezDSlvcsXvA8ZTd40/pKX2zbvWAU6PlVlT9zmkBMBevrxlodh5bSCrfRQyjsd8GaJGLfiZf+KuXmd9xj35J9Gz10VlZf6Pp+8scjayFesDnfMoA/GvywJUqZBMAvsa9LrSsA5c07NOiwcyWtXnS11zz3NFtX06OynAAmvlJHklSWhsJIBV+i5IYMfV7jzYOI8wmulTRWK3Pycr6PLM1wQD7Pf8xl8nuxyQ8tPG+4gzUeHW9LkJNflNOa1Bb+XMAIj1ZiwQyLWOuo6n2u5reN24gU0jMi/Vy4dhn5oU6Ve86nwITKKm/S+EOM8k5b+uOzI3g939xkINDpc=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIDnTCCAoWgAwIBAgIJALst+VObcXe1MA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNVBAYTAkFUMQ8wDQYDVQQIDAZWaWVubmExDTALBgNVBAcMBFdpZW4xEDAOBgNVBAoMB1RVIFdpZW4xDDAKBgNVBAsMA1pJRDEWMBQGA1UEAwwNc2ltcGxlU0FNTHBocDAeFw0xNDA0MDkwOTMxMjRaFw0yNDA0MDgwOTMxMjRaMGUxCzAJBgNVBAYTAkFUMQ8wDQYDVQQIDAZWaWVubmExDTALBgNVBAcMBFdpZW4xEDAOBgNVBAoMB1RVIFdpZW4xDDAKBgNVBAsMA1pJRDEWMBQGA1UEAwwNc2ltcGxlU0FNTHBocDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANz8s2nk5tAVH9uCgpR6CCSQN3G9zHLRPaZq0SA7LE8tzbSiBFeOM6JuN4Er3P81pwDPzeIN6Qfmi5Fi5/mdBr2jiNZxH2anwhf6GpRqA6ckP2c3+1fj5vJPX557XdBpf/SlbcS4H0dCQTFZwPmQN1cbvZ5nPg2jT+GiLJv5X2ugfviG2eaM9HTMuWbwSrGMqM3gJz/GYq6mp6llRJ7PgM6/jY4dLcBQ64Xu+8yr2SJ2bDKyJwfYZIUqcyPhjJOcgj10EnZbJAPzSDDQ2yjBC5btBrO6yIGDwZm4lEJ4JshFDHLNbbiK78R5WlZD7gO+vaeT1069wl3ptGHT86dLQXUCAwEAAaNQME4wHQYDVR0OBBYEFJ5pkC4zjbtkq5dUo7N+GfDLam4AMB8GA1UdIwQYMBaAFJ5pkC4zjbtkq5dUo7N+GfDLam4AMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADIEncg+saezDSlvcsXvA8ZTd40/pKX2zbvWAU6PlVlT9zmkBMBevrxlodh5bSCrfRQyjsd8GaJGLfiZf+KuXmd9xj35J9Gz10VlZf6Pp+8scjayFesDnfMoA/GvywJUqZBMAvsa9LrSsA5c07NOiwcyWtXnS11zz3NFtX06OynAAmvlJHklSWhsJIBV+i5IYMfV7jzYOI8wmulTRWK3Pycr6PLM1wQD7Pf8xl8nuxyQ8tPG+4gzUeHW9LkJNflNOa1Bb+XMAIj1ZiwQyLWOuo6n2u5reN24gU0jMi/Vy4dhn5oU6Ve86nwITKKm/S+EOM8k5b+uOzI3g939xkINDpc=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.zid.tuwien.ac.at/simplesaml/saml2/idp/SingleLogoutService.php"/>
<md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>
<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.zid.tuwien.ac.at/simplesaml/saml2/idp/SSOService.php"/>
</md:IDPSSODescriptor>
<md:ContactPerson contactType="technical">
<md:GivenName>Administrator</md:GivenName>
<md:EmailAddress>mailto:login-admin@tuwien.ac.at</md:EmailAddress>
</md:ContactPerson>
</md:EntityDescriptor>
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment