Verify token at each service in the future, assign token upon requests

Former-commit-id: a1896f53

Verify token at each service in the future, assign token upon requests
e53fdeea · Martin Weise · 4eee4437 · e53fdeea · e53fdeea · e53fdeea
Commit e53fdeea authored Feb 4, 2022 by Martin Weise
--- a/fda-authentication-service/services/src/main/java/at/tuwien/config/WebSecurityConfig.java
+++ b/fda-authentication-service/services/src/main/java/at/tuwien/config/WebSecurityConfig.java
@@ -82,7 +82,6 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
        /* set permissions on endpoints */
        http.authorizeRequests()
                /* our public endpoints */
-//                .antMatchers("/api/auth**").permitAll()
                .antMatchers(HttpMethod.POST, "/api/user").permitAll()
                .antMatchers(HttpMethod.POST, "/api/auth").permitAll()
                /* our private endpoints */

--- a/fda-container-service/rest-service/src/main/resources/application-docker.yml
+++ b/fda-container-service/rest-service/src/main/resources/application-docker.yml
@@ -26,3 +26,4 @@ eureka:
  client.serviceUrl.defaultZone: http://fda-discovery-service:9090/eureka/
 fda:
  ready.path: /ready
+  auth.url: http://fda-authentication-service:9097/api/auth
\ No newline at end of file
--- a/fda-container-service/rest-service/src/main/resources/application.yml
+++ b/fda-container-service/rest-service/src/main/resources/application.yml
@@ -26,3 +26,4 @@ eureka:
  client.serviceUrl.defaultZone: http://localhost:9090/eureka/
 fda:
  ready.path: ./ready
+  auth.url: http://localhost:9097/api/auth
\ No newline at end of file
--- a/fda-container-service/services/src/main/java/at/tuwien/config/WebSecurityConfig.java
+++ b/fda-container-service/services/src/main/java/at/tuwien/config/WebSecurityConfig.java
+package at.tuwien.config;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
+import javax.servlet.http.HttpServletResponse;
+@Configuration
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+    @Value("${fda.auth.url}")
+    private String authUrl;
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        /* enable CORS and disable CSRF */
+        http = http.cors().and().csrf().disable();
+        /* set session management to stateless */
+        http = http
+                .sessionManagement()
+                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                .and();
+        /* set unauthorized requests exception handler */
+        http = http
+                .exceptionHandling()
+                .authenticationEntryPoint(
+                        (request, response, ex) -> {
+                            response.sendError(HttpServletResponse.SC_UNAUTHORIZED,
+                                    ex.getMessage()
+                            );
+                        }
+                ).and();
+        /* set permissions on endpoints */
+        http.authorizeRequests()
+                /* our private endpoints */
+                .anyRequest().authenticated();
+        /* set auth url */
+        http.formLogin()
+                .loginProcessingUrl(authUrl);
+    }
+    @Bean
+    public CorsFilter corsFilter() {
+        final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        final CorsConfiguration config = new CorsConfiguration();
+        config.setAllowCredentials(true);
+        config.addAllowedOrigin("*");
+        config.addAllowedHeader("*");
+        config.addAllowedMethod("*");
+        source.registerCorsConfiguration("/**", config);
+        return new CorsFilter(source);
+    }
+}
--- a/fda-container-service/services/src/main/java/at/tuwien/exception/AuthenticationException.java
+++ b/fda-container-service/services/src/main/java/at/tuwien/exception/AuthenticationException.java
+package at.tuwien.exception;
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.ResponseStatus;
+@ResponseStatus(code = HttpStatus.FORBIDDEN, reason = "Persistence error")
+public class AuthenticationException extends Exception {
+   public AuthenticationException(String msg) {
+       super(msg);
+   }
+   public AuthenticationException(String msg, Throwable thr) {
+       super(msg, thr);
+   }
+    public AuthenticationException(Throwable thr) {
+        super(thr);
+    }
+}
--- a/fda-container-service/services/src/main/java/at/tuwien/service/impl/ContainerServiceImpl.java
+++ b/fda-container-service/services/src/main/java/at/tuwien/service/impl/ContainerServiceImpl.java
@@ -70,7 +70,7 @@ public class ContainerServiceImpl implements ContainerService {
        container.setPort(availableTcpPort);
        container.setName(createDto.getName());
        container.setInternalName(containerMapper.containerToInternalContainerName(container));
-        log.debug("will create host config {} and container {}", hostConfig, container);
+        log.trace("will create host config {} and container {}", hostConfig, container);
        /* create the container */
        final CreateContainerResponse response;
        try {
@@ -81,8 +81,12 @@ public class ContainerServiceImpl implements ContainerService {
                    .withHostConfig(hostConfig)
                    .exec();
        } catch (ConflictException e) {
-            log.error("conflicting names for container {}, reason: {}", createDto, e.getMessage());
+            log.error("Conflicting names {}", createDto.getName());
            throw new DockerClientException("Unexpected behavior", e);
+        } catch (NotFoundException e) {
+            log.error("The image {}:{} not available on the container service", createDto.getRepository(), createDto.getTag());
+            log.debug("payload was {}", createDto);
+            throw new DockerClientException("Image not available", e);
        }
        container.setHash(response.getId());
        container = containerRepository.save(container);

--- a/fda-ui/layouts/default.vue
+++ b/fda-ui/layouts/default.vue
@@ -31,7 +31,7 @@
      <v-btn
        class="mr-2 white--text"
        color="blue-grey"
-        @click="loginDialog = true">
+        to="/login">
        <v-icon left>mdi-login</v-icon> Login
      </v-btn>
      <v-menu bottom offset-y left>
@@ -44,7 +44,7 @@
          </v-btn>
        </template>
        <v-list>
-          <v-list-item @click="registerDialog = true">
+          <v-list-item to="/signup">
            <v-list-item-icon>
              <v-icon left>mdi-account-plus</v-icon>
            </v-list-item-icon>
@@ -79,18 +79,6 @@
        </v-card-text>
      </v-card>
    </v-footer>
-    <v-dialog
-      v-model="loginDialog"
-      persistent
-      max-width="640">
-      <Login @close="loginDialog = false" />
-    </v-dialog>
-    <v-dialog
-      v-model="registerDialog"
-      persistent
-      max-width="640">
-      <Register @close="registerDialog = false" />
-    </v-dialog>
  </v-app>
 </template>
@@ -104,20 +92,12 @@ import {
  mdiNewspaperVariantOutline,
  mdiCog
 } from '@mdi/js'
-import Login from '../components/dialogs/Login'
-import Register from '../components/dialogs/Register'
 export default {
  name: 'DefaultLayout',
-  components: {
-    Login,
-    Register
-  },
  data () {
    return {
      drawer: false,
-      loginDialog: null,
-      registerDialog: null,
      items: [
        {
          icon: mdiHome,

--- a/fda-ui/pages/container/index.vue
+++ b/fda-ui/pages/container/index.vue
@@ -76,6 +76,9 @@ export default {
  computed: {
    loadingColor () {
      return this.error ? 'red lighten-2' : 'primary'
+    },
+    token () {
+      return this.$store.state.token
    }
  },
  mounted () {
@@ -86,7 +89,9 @@ export default {
      this.createDbDialog = false
      try {
        this.loading = true
-        let res = await this.$axios.get('/api/container/')
+        let res = await this.$axios.get('/api/container/', {
+          headers: { Authorization: `Bearer ${this.token}` }
+        })
        this.containers = res.data
        console.debug('containers', this.containers)
        for (const container of this.containers) {

--- a/fda-ui/components/dialogs/Login.vue
+++ b/fda-ui/components/dialogs/Login.vue
@@ -30,11 +30,6 @@
      </v-card-text>
      <v-card-actions>
        <v-spacer />
-        <v-btn
-          class="mb-2"
-          @click="cancel">
-          Cancel
-        </v-btn>
        <v-btn
          id="login"
          class="mb-2"
@@ -69,17 +64,14 @@ export default {
  beforeMount () {
  },
  methods: {
-    cancel () {
-      this.$parent.$parent.$parent.$parent.loginDialog = false
-    },
    async login () {
      const url = '/api/auth'
      try {
        this.loading = true
        const res = await this.$axios.post(url, this.loginAccount)
        console.debug('login user', res.data)
+        this.$store.commit('SET_TOKEN', res.data.token)
        this.$toast.success('Welcome back!')
-        this.cancel()
      } catch (err) {
        console.error('login user failed', err)
        this.$toast.error('Failed to login user')

--- a/fda-ui/components/dialogs/Register.vue
+++ b/fda-ui/components/dialogs/Register.vue
@@ -101,9 +101,6 @@ export default {
  beforeMount () {
  },
  methods: {
-    cancel () {
-      this.$parent.$parent.$parent.$parent.registerDialog = false
-    },
    async register () {
      const url = '/api/user'
      try {
@@ -111,7 +108,6 @@ export default {
        const res = await this.$axios.post(url, this.createAccount)
        console.debug('create user', res.data)
        this.$toast.success('Success. Check your inbox!')
-        this.cancel()
      } catch (err) {
        console.error('create user failed', err)
        this.$toast.error('Failed to create user')

--- a/fda-ui/store/index.js
+++ b/fda-ui/store/index.js
 export const state = () => ({
-  db: null
+  db: null,
+  token: null
 })
 export const mutations = {
  SET_DATABASE (state, db) {
    state.db = db
  },
-  SET_THEME (state, theme) {
+  SET_TOKEN (state, token) {
-    state.theme = theme
+    state.token = token
  }
 }