diff --git a/docker/README.md b/docker/README.md
index 361c5ae5687777bf385c3f7a0b5a70bd8820770c..eb3c76498ffaf3f780f14c9b4be348000b099676 100644
--- a/docker/README.md
+++ b/docker/README.md
@@ -7,72 +7,37 @@
To use this image, you need a running instance of PostgreSQL and to configure the software using the following environment variables.
-### DATABASES
-
-* PORTAL_DB_URL: JDBC URL to connect to the portal database, default value is "jdbc:postgresql://172.22.0.1:5432/portal".
-* PORTAL_DB_SCHEMA: Database schema, default value is "public".
-* PORTAL_DB_USER: User to use when connecting to the portal database, default value is "postgres".
-* PORTAL_DB_PASSWORD: Password to use when connecting to the portal database.
-
-* META_DB_URL: JDBC URL to connect to the metadata database, default value is "jdbc:postgresql://172.22.0.1:5432/meta".
-* META_DB_SCHEMA: Database schema, default value is "public".
-* META_DB_USER: User to use when connecting to the metadata database.
-* META_DB_PASSWORD: Password to use when connecting to the metadata database.
-
-* FEATURES_DB_URL: JDBC URL to connect to the science database, default value is "jdbc:postgresql://172.22.0.1:5433/features".
-* FEATURES_DB_SCHEMA: Database schema, default value is "public".
-* FEATURES_DB_USER: User to use when connecting to the science database, default value is "postgres".
-* FEATURES_DB_PASSWORD: Password to use when connecting to the science database.
-* FEATURES_DB_MAIN_TABLE: Table that contains the scientific data to use, default value is "features".
-
-
-### OAUTH2 LOGIN
-
-* AUTHENTICATION: "0" to disable authentication or "1" to enable authentication, default value is "1".
-* CLIENT_ID: required when authentication is turned on, client ID for the [OpenID server of HBP](https://services.humanbrainproject.eu/oidc/).
-* CLIENT_SECRET: required when authentication is turned on, client secret for the [OpenID server of HBP](https://services.humanbrainproject.eu/oidc/).
-* TOKEN_URI: default to "https://services.humanbrainproject.eu/oidc/token".
-* AUTH_URI: default to "https://services.humanbrainproject.eu/oidc/authorize".
-* USER_INFO_URI: default to "https://services.humanbrainproject.eu/oidc/userInfo".
-* REVOKE_TOKEN_URI "https://services.humanbrainproject.eu/oidc/slo".
-
-
-### WEB FRONTEND
-
-* FRONTEND_LOGIN_URL: URL to redirect to when login is required. Default to "http://frontend/services/login/hbp".
-* FRONTEND_AFTER_LOGIN_URL: URL to redirect after login. Default to "http://frontend/home".
-* FRONTEND_AFTER_LOGOUT_URL: URL to redirect to after logout. Default to "http://frontend/services/login/hbp".
-
-
-### LOGGING
-
+### LOG LEVELS ###
* LOG_LEVEL: log level for the developer added logs. Default is "ERROR".
* LOG_LEVEL_FRAMEWORK: log level for all the framework logs. Default is "ERROR".
-### ENDPOINTS
+### AUTHENTICATION ###
+* AUTHENTICATION: true for production, false for development.
-* EXAREME_URL: URL to Exareme server, default value is "http://hbps2.chuv.ch:9090".
-* WORKFLOW_URL: URL to Workflow server
-* JWT_SECRET: "secret"
-### EMBEDDED SERVER CONFIGURATION
+### RELEASE STAGE ###
+* PRODUCTION: Deployed on production? (True/False) Default is True.
-* CONTEXT_PATH: context path appended to all services running in this container. Default to "/services".
-* SESSION_TIMEOUT: Timeout in milliseconds for session expiration. Default to 2592000.
-### PROXY
+### DATABASE CONFIGURATION ###
+* PORTAL_DB_URL: JDBC URL to connect to the portal database, default value is "jdbc:postgresql://127.0.0.1:5432/portal".
+* PORTAL_DB_SCHEMA: Database schema, default value is "public".
+* PORTAL_DB_USER: User to use when connecting to the portal database, default value is "postgres".
+* PORTAL_DB_PASSWORD: Password to use when connecting to the portal database.
-* HTTP_PROXY_HOST: HTTP proxy host
-* HTTP_PROXY_PORT: HTTP proxy port
-* HTTPS_PROXY_HOST: HTTPS proxy host
-* HTTPS_PROXY_PORT: HTTPS proxy port
-## ERROR REPORTING
+### EXTERNAL SERVICES ###
+* EXAREME_URL: URL to Exareme server. Default is "http://localhost:9090" .
-* RELEASE_STAGE: Release stage used when reporting errors to Bugsnag. Values are dev, staging, production
-* DATA_CENTER_LOCATION: Location of the datacenter, used when reporting errors to Bugsnag
+* GALAXY_URL: URL to Workflow server. Default is "http://localhost:8090/" .
+* GALAXY_API_KEY: The api key to authorize galaxy requests.
+* GALAXY_USERNAME: The username of galaxy user to be able to embed the frame.
+* GALAXY_PASSWORD: The password of galaxy user.
-# TODO Refactor variables
-# TODO Refactor variables on mip-deployent as well
\ No newline at end of file
+### KEYCLOAK ###
+* KEYCLOAK_AUTH_URL: Keycloak authentication URL.
+* KEYCLOAK_REALM: Keycloak realm user for authentication.
+* KEYCLOAK_CLIENT_ID: The keycloak client id.
+* KEYCLOAK_CLIENT_SECRET: The keycloak secret to be able to authenticate.
\ No newline at end of file
diff --git a/docker/config/application.tmpl b/docker/config/application.tmpl
index 257bfa0871747ff23d288c5cdf53be4086ce2827..423baccff30b89cd211744ffef45325092cd9096 100644
--- a/docker/config/application.tmpl
+++ b/docker/config/application.tmpl
@@ -1,5 +1,24 @@
# Configuration template for the portal running inside a Docker container
+### LOG LEVELS ###
+logging:
+ level:
+ root: {{ default .Env.LOG_LEVEL_FRAMEWORK "ERROR" }}
+ org: {{ default .Env.LOG_LEVEL_FRAMEWORK "ERROR" }}
+ eu:
+ hbp: {{ default .Env.LOG_LEVEL "INFO" }}
+
+
+### AUTHENTICATION ###
+authentication:
+ enabled: {{ default .Env.AUTHENTICATION "true" }}
+
+
+### RELEASE STAGE ###
+release_stage:
+ production: {{ default .Env.PRODUCTION "true" }}
+
+
### DATABASE CONFIGURATION ###
spring:
portal-datasource:
@@ -17,28 +36,6 @@ spring:
dialect: org.hibernate.dialect.PostgreSQL9Dialect
ddl-auto: validate
-### LOG LEVELS ###
-logging:
- level:
- root: {{ default .Env.LOG_LEVEL_FRAMEWORK "ERROR" }}
- org: {{ default .Env.LOG_LEVEL_FRAMEWORK "ERROR" }}
- eu:
- hbp: {{ default .Env.LOG_LEVEL "INFO" }}
-
-### EMBEDDED SERVER CONFIGURATION ###
-server:
- servlet:
- contextPath: "/services"
- port: 8080
- forward-headers-strategy: native
-
-### ENDPOINTS ###
-endpoints:
- enabled: true
- health:
- enabled: true
- endpoint: /health
- sensitive: false
### EXTERNAL SERVICES ###
services:
@@ -48,24 +45,21 @@ services:
galaxy:
galaxyUrl: {{ default .Env.GALAXY_URL "http://localhost:8090/" }}
- galaxyContext: {{ default .Env.GALAXY_CONTEXT "nativeGalaxy/workflows/list" }}
+ galaxyContext: "nativeGalaxy/workflows/list"
galaxyApiKey: {{ .Env.GALAXY_API_KEY }}
galaxyUsername: {{ default .Env.GALAXY_USERNAME "admin" }}
galaxyPassword: {{ default .Env.GALAXY_PASSWORD "password" }}
-### Authentication ###
-authentication:
- enabled: {{ default .Env.AUTHENTICATION "1" }}
-### Keycloak ###
+### KEYCLOAK ###
keycloak:
enabled: true
auth-server-url: {{ .Env.KEYCLOAK_AUTH_URL }}
realm: {{ .Env.KEYCLOAK_REALM }}
- resource: {{ .Env.CLIENT_ID }}
+ resource: {{ .Env.KEYCLOAK_CLIENT_ID }}
enable-basic-auth: true
credentials:
- secret: {{ .Env.CLIENT_SECRET }}
+ secret: {{ .Env.KEYCLOAK_CLIENT_SECRET }}
principal-attribute: "preferred_username"
### EXTERNAL FILES ###
@@ -73,3 +67,20 @@ keycloak:
files:
pathologies_json: "file:/opt/portal/api/pathologies.json"
disabledAlgorithms_json: "file:/opt/portal/api/disabledAlgorithms.json"
+
+
+### EMBEDDED SERVER CONFIGURATION ###
+server:
+ servlet:
+ contextPath: "/services"
+ port: 8080
+ forward-headers-strategy: native
+
+
+### ENDPOINTS ###
+endpoints:
+ enabled: true
+ health:
+ enabled: true
+ endpoint: /health
+ sensitive: false
\ No newline at end of file
diff --git a/src/main/java/eu/hbp/mip/configurations/SecurityConfiguration.java b/src/main/java/eu/hbp/mip/configurations/SecurityConfiguration.java
index 21a494b88faaed146d14de2dc4526d71db11c640..82f23772655a232ee978e42a4455b10a287c6a2d 100644
--- a/src/main/java/eu/hbp/mip/configurations/SecurityConfiguration.java
+++ b/src/main/java/eu/hbp/mip/configurations/SecurityConfiguration.java
@@ -31,15 +31,17 @@ public class SecurityConfiguration extends KeycloakWebSecurityConfigurerAdapter
@Value("#{'${authentication.enabled}'}")
private boolean authenticationEnabled;
+ @Value("#{'${release_stage.production}'}")
+ private boolean deployedOnProduction;
+
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
if (authenticationEnabled) {
- // Used for development with authentication turned on.
- // Should not be enabled on production.
- http.csrf().disable();
+ if(!deployedOnProduction)
+ http.csrf().disable();
http.authorizeRequests()
.antMatchers(
diff --git a/src/main/java/eu/hbp/mip/controllers/ExperimentAPI.java b/src/main/java/eu/hbp/mip/controllers/ExperimentAPI.java
index 78f6032e06beb3aa0607a03553975b2a5c72037c..21669bf9476247c272247f592faa4df2d28fa97e 100644
--- a/src/main/java/eu/hbp/mip/controllers/ExperimentAPI.java
+++ b/src/main/java/eu/hbp/mip/controllers/ExperimentAPI.java
@@ -2,7 +2,6 @@ package eu.hbp.mip.controllers;
import eu.hbp.mip.models.DTOs.ExperimentDTO;
-import eu.hbp.mip.services.ActiveUserService;
import eu.hbp.mip.services.ExperimentService;
import eu.hbp.mip.utils.JsonConverters;
import io.swagger.annotations.Api;
@@ -76,15 +75,6 @@ public class ExperimentAPI {
}
- @ApiOperation(value = "Create a transient experiment", response = ExperimentDTO.class)
- @RequestMapping(value = "/transient", method = RequestMethod.POST)
- public ResponseEntity<String> createTransientExperiment(Authentication authentication, @RequestBody ExperimentDTO experimentDTO) {
- experimentDTO = experimentService.createTransientExperiment(authentication, experimentDTO, "(POST) /experiments/transient");
-
- return new ResponseEntity<>(JsonConverters.convertObjectToJsonString(experimentDTO), HttpStatus.OK);
- }
-
-
@ApiOperation(value = "Update an experiment", response = ExperimentDTO.class)
@RequestMapping(value = "/{uuid}", method = RequestMethod.PATCH)
public ResponseEntity<String> updateExperiment(@RequestBody ExperimentDTO experimentDTO, @ApiParam(value = "uuid", required = true) @PathVariable("uuid") String uuid) {
@@ -100,4 +90,13 @@ public class ExperimentAPI {
experimentService.deleteExperiment(uuid, "(DELETE) /experiments/{uuid}");
return new ResponseEntity<>(HttpStatus.OK);
}
+
+
+ @ApiOperation(value = "Create a transient experiment", response = ExperimentDTO.class)
+ @RequestMapping(value = "/transient", method = RequestMethod.POST)
+ public ResponseEntity<String> createTransientExperiment(Authentication authentication, @RequestBody ExperimentDTO experimentDTO) {
+ experimentDTO = experimentService.createTransientExperiment(authentication, experimentDTO, "(POST) /experiments/transient");
+
+ return new ResponseEntity<>(JsonConverters.convertObjectToJsonString(experimentDTO), HttpStatus.OK);
+ }
}
\ No newline at end of file
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index 30c82a447c62125c69a90159870e5a5fc8c6cc54..076ed3b59d5ea730239d4e9d083aab2490cd858a 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -1,5 +1,24 @@
# Configuration for development purposes
+### LOG LEVELS ###
+logging:
+ level:
+ root: "ERROR"
+ org: "ERROR"
+ eu:
+ hbp: "DEBUG"
+
+
+### AUTHENTICATION ###
+authentication:
+ enabled: true
+
+
+### RELEASE STAGE ###
+release_stage:
+ production: false
+
+
### DATABASE CONFIGURATION ###
spring:
portal-datasource:
@@ -17,28 +36,6 @@ spring:
dialect: org.hibernate.dialect.PostgreSQL9Dialect
ddl-auto: validate
-### LOG LEVELS ###
-logging:
- level:
- root: "ERROR"
- org: "ERROR"
- eu:
- hbp: "DEBUG"
-
-### EMBEDDED SERVER CONFIGURATION ###
-server:
- servlet:
- contextPath: "/services"
- port: 8080
- forward-headers-strategy: native
-
-### ENDPOINTS ###
-endpoints:
- enabled: true
- health:
- enabled: true
- endpoint: "/health"
- sensitive: false
### EXTERNAL SERVICES ###
services:
@@ -52,11 +49,8 @@ services:
galaxyUsername: "admin"
galaxyPassword: "password"
-### Authentication ###
-authentication:
- enabled: true
-### Keycloak ###
+### KEYCLOAK ###
keycloak:
enabled: true
auth-server-url: "http://127.0.0.1/auth"
@@ -67,8 +61,26 @@ keycloak:
secret: "dae83a6b-c769-4186-8383-f0984c6edf05"
principal-attribute: "preferred_username"
+
### EXTERNAL FILES ###
# Files are loaded from the resources
files:
pathologies_json: "classPath:/pathologies.json"
disabledAlgorithms_json: "classPath:/disabledAlgorithms.json"
+
+
+### EMBEDDED SERVER CONFIGURATION ###
+server:
+ servlet:
+ contextPath: "/services"
+ port: 8080
+ forward-headers-strategy: native
+
+
+### ENDPOINTS ###
+endpoints:
+ enabled: true
+ health:
+ enabled: true
+ endpoint: "/health"
+ sensitive: false
\ No newline at end of file