Skip to content
Snippets Groups Projects
Commit 3f72f918 authored by Ludovic Claude's avatar Ludovic Claude
Browse files

Reorganise configuration and environment variables

parent 1ac197ab
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
config/application.tmpl
+ 24
10
View file @ 3f72f918
# Configuration template for the portal running inside a Docker container
# See http://docs.spring.io/spring-boot/docs/current/reference/html/common-application-properties.html
spring:
datasource:
url: {{ default .Env.DB_URL "jdbc:postgresql://172.22.0.1:5432/postgres" }}
......@@ -9,12 +10,17 @@ spring:
jpa:
hibernate:
dialect: org.hibernate.dialect.PostgreSQL9Dialect
# SPRING RESOURCES HANDLING
resources:
chain:
enabled: true
chain:
enabled: true # TODO: why is that enabled? Do we serve any resources from the backend?
# SECURITY
security:
enabled: false
enabled: false # TODO: why Spring security is disabled? It supports OAuth2 out of the box...
authentication:
enabled: {{ default .Env.AUTHENTICATION "1" }}
hbp:
client:
......@@ -28,11 +34,18 @@ hbp:
resource:
userInfoUri: {{ default .Env.USER_INFO_URI "https://services.humanbrainproject.eu/oidc/userinfo" }}
# WEB FRONTEND
frontend:
loginUrl: {{ default .Env.LOGIN_URL "http://frontend/services/login/hbp" }}
redirectAfterLogoutUrl: {{ default .Env.AFTER_LOGOUT_URL (default .Env.LOGIN_URI "http://frontend/services/login/hbp") }}
redirectAfterLoginUrl: {{ default .Env.AFTER_LOGIN_URL "http://frontend/home" }}
logging:
level:
logging.level.org.springframework.web = {{ default .Env.LOGGING_LEVEL_WEB "WARN" }}
logging.level.org.hibernate = {{ default .Env.LOGGING_LEVEL_HIBERNATE "WARN" }}
# EMBEDDED SERVER CONFIGURATION
server:
contextPath: {{ default .Env.CONTEXT_PATH "/services" }}
port: 8080
......@@ -40,15 +53,16 @@ server:
session:
timeout: {{ default .Env.SESSION_TIMEOUT "2592000" }}
# ENDPOINTS
endpoints
enabled: true
health:
enabled: true
endoint: /health
sentitive: false
workflow:
experimentUrl: {{ default .Env.WOKEN_URL "http://172.22.0.1:8087" }}/experiment
listMethodsUrl: {{ default .Env.WOKEN_URL "http://172.22.0.1:8087" }}/list-methods
miningMipUrl: {{ default .Env.WOKEN_URL "http://172.22.0.1:8087" }}/mining"
miningExaremeUrl: {{ default .Env.EXAREME_URL "http://hbps2.chuv.ch:9090" }}/mining/query
frontend:
redirect:
url: {{ default .Env.FRONTEND_REDIRECT_URL "http://frontend/home" }}
authentication:
enabled: {{ default .Env.AUTHENTICATION "1" }}
src/docker/run/README.md
+ 6
4
View file @ 3f72f918
......@@ -12,16 +12,18 @@ Environment variables:
* DB_URL: JDBC URL to connect to the database, for example "jdbc:postgresql://db:5432/portal"
* DB_USER: User to use when connecting to the database
* DB_PASSWORD: Password to use when connecting to the database
* CONTEXT_PATH: context path appended to all services running in this container. Default to "/services"
* AUTHENTICATION: 0 to disable authentication or 1 to enable authentication.
* CLIENT_ID: required when authentication is turned on, client ID for the [OpenID server of HBP](https://services.humanbrainproject.eu/oidc/)
* CLIENT_SECRET: required when authentication is turned on, client secret for the [OpenID server of HBP](https://services.humanbrainproject.eu/oidc/)
* TOKEN_URI: default to "https://services.humanbrainproject.eu/oidc/token"
* AUTH_URI: default to "https://services.humanbrainproject.eu/oidc/authorize"
* USER_INFO_URI: default to "https://services.humanbrainproject.eu/oidc/userinfo"
* FRONTEND_LOGIN_URL: URL to redirect to when login is required. Default to "http://frontend/services/login/hbp"
* FRONTEND_AFTER_LOGIN_URL: URL to redirect after login. Default to "http://frontend/home"
* FRONTEND_AFTER_LOGOUT_URL: URL to redirect to after logout. Default to "http://frontend/services/login/hbp"
* WOKEN_URL: URL to woken machine learning server.
* EXAREME_URL: URL to Exareme server.
* LOGGING_LEVEL_WEB: log level for the web layer of the application. Default to "DEBUG"
* LOGGING_LEVEL_HIBERNATE: log level for the Hibernate layer of the application. Default to "DEBUG"
* CONTEXT_PATH: context path appended to all services running in this container. Default to "/services"
* SESSION_TIMEOUT: Timeout in milliseconds for session expiration. Default to 2592000
* WOKEN_URL: URL to woken machine learning server.
* EXAREME_URL: URL to Exareme server.
* FRONTEND_REDIRECT_URL: URL to to redirect after login. Default to "http://frontend/home"
src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java
+ 45
33
View file @ 3f72f918
......@@ -57,9 +57,8 @@ import java.net.URLEncoder;
import java.security.Principal;
/**
* Created by mirco on 11.07.16.
* Configuration for security.
*/
@Configuration
@EnableOAuth2Client
@RestController
......@@ -68,39 +67,51 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private static final Logger LOGGER = Logger.getLogger(ArticlesApi.class);
@Autowired
OAuth2ClientContext oauth2ClientContext;
private OAuth2ClientContext oauth2ClientContext;
@Autowired
UserRepository userRepository;
private UserRepository userRepository;
@Value("#{'${hbp.client.pre-established-redirect-uri:/login/hbp}'}")
String loginUrl;
/**
* Enable authentication (1) or disable it (0). Default is 1
*/
@Value("#{'${authentication.enabled:1}'}")
private boolean authentication;
@Value("#{'${hbp.client.logout-uri:/logout}'}")
String logoutUrl;
/**
* Absolute URL to redirect to when login is required
*/
@Value("#{'${frontend.loginUrl:/login/hbp}'}")
private String loginUrl;
@Value("#{'${frontend.redirect.url:http://frontend/home}'}")
String frontendRedirect;
/**
* Absolute URL to redirect to after successful login
*/
@Value("#{'${frontend.redirectAfterLoginUrl:http://frontend/home}'}")
private String frontendRedirectAfterLogin;
@Value("#{'${authentication.enabled:1}'}")
boolean authentication;
/**
* Absolute URL to redirect to after logout has occurred
*/
@Value("#{'${frontend.redirectAfterLogoutUrl:/login/hbp}'}")
private String redirectAfterLogoutUrl;
@Override
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.addFilterBefore(new CORSFilter(), ChannelProcessingFilter.class);
if(authentication) {
if (authentication) {
http.antMatcher("/**")
.authorizeRequests()
.antMatchers(
"/", "/health/**", "/info/**", "/metrics/**", "/trace/**", "/frontend/**", "/webjars/**", "/v2/api-docs"
"/", "/login/**", "/health/**", "/info/**", "/metrics/**", "/trace/**", "/frontend/**", "/webjars/**", "/v2/api-docs"
).permitAll()
.anyRequest().authenticated()
.and().exceptionHandling().authenticationEntryPoint(new CustomLoginUrlAuthenticationEntryPoint(loginUrl))
.and().logout().logoutSuccessUrl(loginUrl).permitAll()
.and().logout().logoutUrl(logoutUrl).permitAll()
.and().csrf().ignoringAntMatchers(logoutUrl).csrfTokenRepository(csrfTokenRepository())
.and().logout().logoutSuccessUrl(redirectAfterLogoutUrl)
.and().logout().permitAll()
.and().csrf().ignoringAntMatchers("/logout").csrfTokenRepository(csrfTokenRepository())
.and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class)
.addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
}
......@@ -115,7 +126,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private Filter ssoFilter() {
OAuth2ClientAuthenticationProcessingFilter hbpFilter = new OAuth2ClientAuthenticationProcessingFilter(loginUrl);
OAuth2RestTemplate hbpTemplate = new OAuth2RestTemplate(hbp(), oauth2ClientContext);
hbpFilter.setAuthenticationSuccessHandler(new SimpleUrlAuthenticationSuccessHandler(frontendRedirect));
hbpFilter.setAuthenticationSuccessHandler(new SimpleUrlAuthenticationSuccessHandler(frontendRedirectAfterLogin));
hbpFilter.setRestTemplate(hbpTemplate);
hbpFilter.setTokenServices(new UserInfoTokenServices(hbpResource().getUserInfoUri(), hbp().getClientId()));
return hbpFilter;
......@@ -168,12 +179,14 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
return repository;
}
public String getUserInfos() {
private String getUserInfos() {
OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) SecurityContextHolder.getContext().getAuthentication();
Authentication userAuthentication = oAuth2Authentication.getUserAuthentication();
return userAuthentication.getDetails().toString();
}
private transient User user;
/**
* returns the user for the current session.
* <p>
......@@ -184,23 +197,22 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
* - log in using the front end
* - check you have no 500 error in the network logs.
*
* @return
* @return the user for the current session
*/
public synchronized User getUser() {
User user;
if(!authentication)
{
user = new User();
user.setUsername("TestUser");
}
else {
user = new User(getUserInfos());
User foundUser = userRepository.findOne(user.getUsername());
if (foundUser != null) {
user.setAgreeNDA(foundUser.getAgreeNDA());
if (user == null) {
if (!authentication) {
user = new User();
user.setUsername("TestUser");
} else {
user = new User(getUserInfos());
User foundUser = userRepository.findOne(user.getUsername());
if (foundUser != null) {
user.setAgreeNDA(foundUser.getAgreeNDA());
}
}
userRepository.save(user);
}
userRepository.save(user);
return user;
}
......@@ -221,7 +233,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
}
@RequestMapping(path = "/user", method = RequestMethod.POST)
public ResponseEntity<Void> postUser(@ApiParam(value = "Has the user agreed on the NDA") @RequestParam(value = "agreeNDA", required = true) Boolean agreeNDA) {
public ResponseEntity<Void> postUser(@ApiParam(value = "Has the user agreed on the NDA") @RequestParam(value = "agreeNDA") Boolean agreeNDA) {
User user = getUser();
if (user != null) {
user.setAgreeNDA(agreeNDA);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment