diff --git a/docker/config/application.tmpl b/docker/config/application.tmpl
index d685d2f2f6e3d11c509d72e774789fa2532649b4..257bfa0871747ff23d288c5cdf53be4086ce2827 100644
--- a/docker/config/application.tmpl
+++ b/docker/config/application.tmpl
@@ -1,6 +1,6 @@
# Configuration template for the portal running inside a Docker container
-# See http://docs.spring.io/spring-boot/docs/current/reference/html/common-application-properties.html
+### DATABASE CONFIGURATION ###
spring:
portal-datasource:
url: {{ default .Env.PORTAL_DB_URL "jdbc:postgresql://88.197.53.106:5432/portal" }}
@@ -8,7 +8,6 @@ spring:
username: {{ default .Env.PORTAL_DB_USER "postgres" }}
password: {{ .Env.PORTAL_DB_PASSWORD }}
driver-class-name: org.postgresql.Driver
-
data:
jpa:
repositories:
@@ -18,12 +17,7 @@ spring:
dialect: org.hibernate.dialect.PostgreSQL9Dialect
ddl-auto: validate
-# WEB FRONTEND
-frontend:
- loginUrl: {{ default .Env.FRONTEND_LOGIN_URL "http://frontend/services/login/hbp" }}
- redirectAfterLoginUrl: {{ default .Env.FRONTEND_AFTER_LOGIN_URL "http://frontend/" }}
- redirectAfterLogoutUrl: {{ default .Env.FRONTEND_AFTER_LOGOUT_URL "http://frontend/services/login/hbp" }}
-
+### LOG LEVELS ###
logging:
level:
root: {{ default .Env.LOG_LEVEL_FRAMEWORK "ERROR" }}
@@ -31,16 +25,14 @@ logging:
eu:
hbp: {{ default .Env.LOG_LEVEL "INFO" }}
-# EMBEDDED SERVER CONFIGURATION
+### EMBEDDED SERVER CONFIGURATION ###
server:
servlet:
- contextPath: {{ default .Env.CONTEXT_PATH "/services" }}
+ contextPath: "/services"
port: 8080
- use-forward-headers: true
- session:
- timeout: {{ default .Env.SESSION_TIMEOUT "2592000" }}
+ forward-headers-strategy: native
-# ENDPOINTS
+### ENDPOINTS ###
endpoints:
enabled: true
health:
@@ -48,7 +40,7 @@ endpoints:
endpoint: /health
sensitive: false
-# External Services
+### EXTERNAL SERVICES ###
services:
exareme:
queryExaremeUrl: {{ default .Env.EXAREME_URL "http://localhost:9090" }}/mining/query
@@ -61,11 +53,11 @@ services:
galaxyUsername: {{ default .Env.GALAXY_USERNAME "admin" }}
galaxyPassword: {{ default .Env.GALAXY_PASSWORD "password" }}
-# Authentication
+### Authentication ###
authentication:
enabled: {{ default .Env.AUTHENTICATION "1" }}
-# Keycloak
+### Keycloak ###
keycloak:
enabled: true
auth-server-url: {{ .Env.KEYCLOAK_AUTH_URL }}
@@ -75,14 +67,8 @@ keycloak:
credentials:
secret: {{ .Env.CLIENT_SECRET }}
principal-attribute: "preferred_username"
-# cors: true
-# cors-max-age: 3600
-# cors-allowed-methods: "GET, POST, PUT, PATCH, OPTIONS, DELETE"
-# cors-allowed-headers: "*"
-# cors-exposed-headers: "*"
-
- # logoutUrl: {{ .Env.LOGOUT_URL }}
+### EXTERNAL FILES ###
# Files are imported when building the docker image
files:
pathologies_json: "file:/opt/portal/api/pathologies.json"
diff --git a/src/main/java/eu/hbp/mip/configuration/CacheConfiguration.java b/src/main/java/eu/hbp/mip/configuration/CacheConfiguration.java
deleted file mode 100644
index b7300fc257fcef4afd29421d8ccef64aeb0a11dd..0000000000000000000000000000000000000000
--- a/src/main/java/eu/hbp/mip/configuration/CacheConfiguration.java
+++ /dev/null
@@ -1,13 +0,0 @@
-package eu.hbp.mip.configuration;
-
-import org.springframework.cache.annotation.EnableCaching;
-import org.springframework.context.annotation.Configuration;
-
-/**
- * Created by mirco on 07.11.16.
- */
-
-@Configuration
-@EnableCaching
-public class CacheConfiguration {
-}
diff --git a/src/main/java/eu/hbp/mip/controllers/SecurityApi.java b/src/main/java/eu/hbp/mip/configuration/GalaxyAuthentication.java
similarity index 74%
rename from src/main/java/eu/hbp/mip/controllers/SecurityApi.java
rename to src/main/java/eu/hbp/mip/configuration/GalaxyAuthentication.java
index 9ee70b0bee545d5ebb0ca71001baa18477968c67..7910e809f48118daea416f71fb2b2596aa25430a 100644
--- a/src/main/java/eu/hbp/mip/controllers/SecurityApi.java
+++ b/src/main/java/eu/hbp/mip/configuration/GalaxyAuthentication.java
@@ -1,4 +1,4 @@
-package eu.hbp.mip.controllers;
+package eu.hbp.mip.configuration;
import com.google.gson.Gson;
import com.google.gson.JsonObject;
@@ -21,24 +21,11 @@ import java.io.IOException;
import java.util.Base64;
@RestController
-public class SecurityApi {
-
- private static final Gson gson = new Gson();
+public class GalaxyAuthentication {
@Autowired
private ActiveUserService activeUserService;
- @Autowired
- private SecurityConfiguration securityConfiguration;
-
- // TODO Fix no authentication instance
- @RequestMapping(path = "/login/hbp", method = RequestMethod.GET)
- @ConditionalOnExpression("${authentication.enabled:0}")
- public void noLogin(HttpServletResponse httpServletResponse) throws IOException {
- Logging.LogUserAction(activeUserService.getActiveUser().getUsername(), "(GET) /user/login/hbp", "Unauthorized login.");
- httpServletResponse.sendRedirect(securityConfiguration.getFrontendRedirectAfterLogin());
- }
-
@Value("#{'${services.galaxy.galaxyUsername:admin}'}")
private String galaxyUsername;
@@ -63,6 +50,6 @@ public class SecurityApi {
object.addProperty("context", galaxyContext);
Logging.LogUserAction(activeUserService.getActiveUser().getUsername(), "(GET) /user/galaxy", "Successfully Loaded galaxy information.");
- return ResponseEntity.ok(gson.toJson(object));
+ return ResponseEntity.ok(new Gson().toJson(object));
}
}
diff --git a/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java b/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java
index 8ebf2c376b89338be738c98d94baf18a56cf7e11..796f900a59d4f895c22f4f4bb44e66160992a63a 100644
--- a/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java
+++ b/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java
@@ -1,14 +1,10 @@
package eu.hbp.mip.configuration;
-import eu.hbp.mip.configuration.SecurityUtils.CORSFilter;
import org.keycloak.adapters.KeycloakConfigResolver;
import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
import org.keycloak.adapters.springsecurity.KeycloakConfiguration;
import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider;
-import org.keycloak.adapters.springsecurity.authentication.KeycloakLogoutHandler;
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
@@ -16,67 +12,54 @@ import org.springframework.security.config.annotation.authentication.builders.Au
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
import org.springframework.security.core.session.SessionRegistryImpl;
-import org.springframework.security.web.access.channel.ChannelProcessingFilter;
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
-import org.springframework.security.web.csrf.CsrfToken;
-import org.springframework.security.web.csrf.CsrfTokenRepository;
-import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
-import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.CorsConfigurationSource;
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
-import org.springframework.web.filter.OncePerRequestFilter;
-import org.springframework.web.util.WebUtils;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
-import javax.servlet.FilterChain;
import javax.servlet.ServletException;
-import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.Arrays;
-import java.util.Collections;
-// Reference for OAuth2 login: https://spring.io/guides/tutorials/spring-boot-oauth2/
-// also http://cscarioni.blogspot.ch/2013/04/pro-spring-security-and-oauth-2.html
-// Security with Keycloak: https://www.thomasvitale.com/keycloak-authentication-flow-sso-client/
+// Keycloak security with keycloak-spring-boot-starter
+@Controller
@KeycloakConfiguration
public class SecurityConfiguration extends KeycloakWebSecurityConfigurerAdapter {
- private static final Logger LOGGER = LoggerFactory.getLogger(SecurityConfiguration.class);
-
- /**
- * Enable HBP collab authentication (1) or disable it (0). Default is 1
- */
@Value("#{'${authentication.enabled}'}")
private boolean authenticationEnabled;
- /**
- * Absolute URL to redirect to when login is required
- */
- @Value("#{'${frontend.loginUrl}'}")
- private String loginUrl;
-
- /**
- * Absolute URL to redirect to after successful login
- */
- @Value("#{'${frontend.redirectAfterLoginUrl}'}")
- private String frontendRedirectAfterLogin;
+ // Redirect to login page url
+ private static final String logoutRedirectURL = "/sso/login";
- /**
- * Absolute URL to redirect to after successful logout
- */
- @Value("#{'${frontend.redirectAfterLogoutUrl}'}")
- private String redirectAfterLogoutUrl;
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ super.configure(http);
- public boolean getAuthenticationEnabled() {
- return authenticationEnabled;
+ if (authenticationEnabled) {
+ http.authorizeRequests()
+ .antMatchers(
+ "/sso/login", "/webjars/**",
+ "/v2/api-docs", "/swagger-ui/**", "/swagger-resources/**" // Swagger URLs
+ ).permitAll()
+ .antMatchers("/galaxy*", "/galaxy/*").hasRole("DATA MANAGER")
+ .anyRequest().hasRole("RESEARCHER");
+ } else {
+ http.antMatcher("/**")
+ .authorizeRequests()
+ .antMatchers("/**").permitAll()
+ .and().csrf().disable();
+ }
}
- public String getFrontendRedirectAfterLogin() {
- return frontendRedirectAfterLogin;
+ @Autowired
+ private HttpServletRequest request;
+
+ @GetMapping(value = "/logout")
+ public String logout() throws ServletException {
+ request.logout();
+ return "redirect:" + logoutRedirectURL;
}
@Bean
@@ -99,215 +82,4 @@ public class SecurityConfiguration extends KeycloakWebSecurityConfigurerAdapter
auth.authenticationProvider(keycloakAuthenticationProvider);
}
- @Override
- protected KeycloakLogoutHandler keycloakLogoutHandler() throws Exception {
- return super.keycloakLogoutHandler();
- }
-
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- super.configure(http);
- //disableCertificateValidation(); // TODO needed?
-
- // TODO Is that needed for development? On Galaxy?
-// http.addFilterBefore(new CORSFilter(), ChannelProcessingFilter.class);
-// http.cors();
-
- if (authenticationEnabled) {
- http.antMatcher("/**")
- .authorizeRequests()
- .antMatchers("/**").permitAll()
- .and().csrf().disable();
-// .antMatchers(
-// "/login**", "/health/**", "/info/**", "/metrics/**",
-// "/trace/**", "/frontend/**", "/webjars/**", "/v2/api-docs",
-// "/swagger-ui.html", "/swagger-resources/**"
-// ).permitAll()
-// .antMatchers("/galaxy*", "/galaxy/*").hasRole("DATA MANAGER")
-// .anyRequest().hasRole("RESEARCHER")
- // .and().exceptionHandling().authenticationEntryPoint(new CustomLoginUrlAuthenticationEntryPoint(loginUrl))
- // .accessDeniedHandler(new CustomAccessDeniedHandler())
-// .and().csrf().ignoringAntMatchers("/logout").csrfTokenRepository(csrfTokenRepository())
-// .and().addFilterAfter(csrfHeaderFilter(), CsrfFilter.class).csrf();
-// .and().logout().logoutSuccessUrl("/logout");
-//
-//
-// // TODO .and().logout().addLogoutHandler(authLogoutHandler()).logoutSuccessUrl(redirectAfterLogoutUrl)
-// .and().logout().permitAll()
- // TODO ?? .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
- } else {
- http.antMatcher("/**")
- .authorizeRequests()
- .antMatchers("/**").permitAll()
- .and().csrf().disable();
- }
- }
-
-
-// @Bean
-// public FilterRegistrationBean corsFilter() {
-// UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
-// CorsConfiguration config = new CorsConfiguration();
-// config.setAllowCredentials(true);
-// config.addAllowedOrigin("*");
-// config.addAllowedHeader("*");
-// config.addAllowedMethod("*");
-// source.registerCorsConfiguration("/**", config);
-//
-// FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
-// bean.setOrder(-100);
-// return bean;
-// }
-
-// private Filter ssoFilter() {
-// OAuth2ClientAuthenticationProcessingFilter hbpFilter = new OAuth2ClientAuthenticationProcessingFilter("/login/hbp");
-// OAuth2RestTemplate hbpTemplate = new OAuth2RestTemplate(hbp(), oauth2ClientContext);
-// hbpFilter.setAuthenticationSuccessHandler(new SimpleUrlAuthenticationSuccessHandler(frontendRedirectAfterLogin));
-// hbpFilter.setRestTemplate(hbpTemplate);
-// hbpFilter.setTokenServices(new activeUserServiceTokenServices(hbpResource().getactiveUserServiceUri(), hbp().getClientId()));
-// return hbpFilter;
-// }
-
-// @Bean
-// public FilterRegistrationBean oauth2ClientFilterRegistration(
-// OAuth2ClientContextFilter filter) {
-// FilterRegistrationBean registration = new FilterRegistrationBean();
-// registration.setFilter(filter);
-// registration.setOrder(-100);
-// return registration;
-// }
-
-// @Bean(name = "hbp")
-// @ConfigurationProperties("hbp.client")
-// public BaseOAuth2ProtectedResourceDetails hbp() {
-// return new AuthorizationCodeResourceDetails();
-// }
-//
-// @Bean(name = "hbpResource")
-// @ConfigurationProperties("hbp.resource")
-// public ResourceServerProperties hbpResource() {
-// return new ResourceServerProperties();
-// }
-
-
- private OncePerRequestFilter csrfHeaderFilter() {
- return new OncePerRequestFilter() {
- @Override
- protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
- FilterChain filterChain) throws ServletException, IOException {
- CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class.getName());
- if (csrf != null) {
- Cookie cookie = WebUtils.getCookie(request, "XSRF-TOKEN");
- String token = csrf.getToken();
- if (cookie == null || token != null && !token.equals(cookie.getValue())) {
- cookie = new Cookie("XSRF-TOKEN", token);
- cookie.setPath("/");
- response.addCookie(cookie);
- }
- }
- filterChain.doFilter(request, response);
- }
- };
- }
-
- private CsrfTokenRepository csrfTokenRepository() {
- HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
- repository.setHeaderName("X-XSRF-TOKEN");
- return repository;
- }
-
-// @Bean
-// public AuthoritiesExtractor keycloakAuthoritiesExtractor() {
-// return new KeycloakAuthoritiesExtractor();
-// }
-//
-//
-// public class KeycloakAuthoritiesExtractor
-// implements AuthoritiesExtractor {
-//
-// @Override
-// public List<GrantedAuthority> extractAuthorities
-// (Map<String, Object> map) {
-// return AuthorityUtils
-// .commaSeparatedStringToAuthorityList(asAuthorities(map));
-// }
-//
-// private String asAuthorities(Map<String, Object> map) {
-// List<String> authorities = new ArrayList<>();
-//// authorities.add("BAELDUNG_USER");
-// List<LinkedHashMap<String, String>> authz;
-// authz = (List<LinkedHashMap<String, String>>) map.get("authorities");
-// for (LinkedHashMap<String, String> entry : authz) {
-// authorities.add(entry.get("authority"));
-// }
-// return String.join(",", authorities);
-// }
-// }
-
-
-// private LogoutHandler authLogoutHandler() {
-// return (request, response, authentication) -> {
-// logout();
-// };
-// }
-
-
-// public void logout() {
-// // TODO Try removing
-//
-// RestTemplate restTemplate = new RestTemplate();
-// MultiValueMap<String, String> formParams = new LinkedMultiValueMap<>();
-// formParams.add("client_id", hbp().getClientId());
-// formParams.add("client_secret", hbp().getClientSecret());
-// formParams.add("refresh_token", this.oauth2ClientContext.getAccessToken().getRefreshToken().getValue());
-//
-// HttpHeaders httpHeaders = new HttpHeaders();
-// httpHeaders.add(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE);
-// RequestEntity<MultiValueMap<String, String>> requestEntity =
-// new RequestEntity<>(formParams, httpHeaders, HttpMethod.POST,
-// URI.create(logoutUrl));
-// restTemplate.exchange(requestEntity, String.class);
-// }
-
- // TODO needed?
-// @Value("#{'${keycloak.auth-server-url}'}")
-// private String keycloakUrl;
-//
-// public void disableCertificateValidation() {
-//
-// //TODO Refactor logging
-//
-// LOGGER.info("disabling certificate validation host : " + keycloakUrl);
-//
-// // Create a trust manager that does not validate certificate chains
-// TrustManager[] trustAllCerts = new TrustManager[]{
-// new X509TrustManager() {
-// public X509Certificate[] getAcceptedIssuers() {
-// return new X509Certificate[0];
-// }
-//
-// public void checkClientTrusted(X509Certificate[] certs, String authType) {
-// }
-//
-// public void checkServerTrusted(X509Certificate[] certs, String authType) {
-// }
-// }};
-//
-//
-// // Ignore differences between given hostname and certificate hostname
-// HostnameVerifier hv =
-// (hostname, session) -> hostname.equals(keycloakUrl) && session.getPeerHost().equals(keycloakUrl);
-//
-// // Install the all-trusting trust manager
-// try {
-// SSLContext sc = SSLContext.getInstance("SSL");
-// sc.init(null, trustAllCerts, new SecureRandom());
-// HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
-// HttpsURLConnection.setDefaultHostnameVerifier(hv);
-// } catch (Exception e) {
-// // TODO add log message
-// }
-//
-// }
-
}
diff --git a/src/main/java/eu/hbp/mip/configuration/SecurityUtils/CORSFilter.java b/src/main/java/eu/hbp/mip/configuration/SecurityUtils/CORSFilter.java
deleted file mode 100644
index b7d3f7733dfb1703a90f04bc2364d39ca7db241b..0000000000000000000000000000000000000000
--- a/src/main/java/eu/hbp/mip/configuration/SecurityUtils/CORSFilter.java
+++ /dev/null
@@ -1,23 +0,0 @@
-package eu.hbp.mip.configuration.SecurityUtils;
-
-import javax.servlet.*;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
-/**
- * Created by mirco on 12.02.16.
- */
-public class CORSFilter implements Filter {
- // TODO needed?
-
- @Override
- public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
- HttpServletResponse response = (HttpServletResponse) res;
- response.setHeader("Access-Control-Allow-Origin", "*");
- response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE, PUT");
- response.setHeader("Access-Control-Max-Age", "3600");
- response.setHeader("Access-Control-Allow-Headers", "*");
- response.setHeader("Access-Control-Request-Headers", "*");
- chain.doFilter(req, res);
- }
-}
diff --git a/src/main/java/eu/hbp/mip/configuration/SecurityUtils/CustomAccessDeniedHandler.java b/src/main/java/eu/hbp/mip/configuration/SecurityUtils/CustomAccessDeniedHandler.java
deleted file mode 100644
index 552abd29f9487bfb2c991937094e5796f7587dd7..0000000000000000000000000000000000000000
--- a/src/main/java/eu/hbp/mip/configuration/SecurityUtils/CustomAccessDeniedHandler.java
+++ /dev/null
@@ -1,32 +0,0 @@
-package eu.hbp.mip.configuration.SecurityUtils;
-
-import org.codehaus.jettison.json.JSONException;
-import org.codehaus.jettison.json.JSONObject;
-import org.springframework.security.access.AccessDeniedException;
-import org.springframework.security.web.access.AccessDeniedHandler;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.sql.Timestamp;
-
-public class CustomAccessDeniedHandler implements AccessDeniedHandler {
- @Override
- public void handle(HttpServletRequest request, HttpServletResponse response,
- AccessDeniedException accessDeniedException) throws IOException {
- response.setContentType("application/json;charset=UTF-8");
- response.setStatus(403);
- try {
- response.getWriter().write(new JSONObject()
- .put("timestamp", new Timestamp(System.currentTimeMillis()))
- .put("status", 403)
- .put("error", "Forbidden")
- .put("message", "Access Denied. Please contact the system administrator to request access.")
- .put("path", request.getServletPath())
- .toString());
- } catch (JSONException e) {
- response.getWriter().write("");
- e.printStackTrace();
- }
- }
-}
diff --git a/src/main/java/eu/hbp/mip/configuration/SecurityUtils/CustomLoginUrlAuthenticationEntryPoint.java b/src/main/java/eu/hbp/mip/configuration/SecurityUtils/CustomLoginUrlAuthenticationEntryPoint.java
deleted file mode 100644
index 068ca591b17628dbfb97ed3ac0e3eb00430e7414..0000000000000000000000000000000000000000
--- a/src/main/java/eu/hbp/mip/configuration/SecurityUtils/CustomLoginUrlAuthenticationEntryPoint.java
+++ /dev/null
@@ -1,20 +0,0 @@
-package eu.hbp.mip.configuration.SecurityUtils;
-
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
-public class CustomLoginUrlAuthenticationEntryPoint extends LoginUrlAuthenticationEntryPoint {
-
- public CustomLoginUrlAuthenticationEntryPoint(String url) {
- super(url);
- }
-
- @Override
- public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException {
- response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
- }
-}
diff --git a/src/main/java/eu/hbp/mip/configuration/WebConfiguration.java b/src/main/java/eu/hbp/mip/configuration/WebConfiguration.java
index 72bcad78905f685bc15b11ca493f255db577f071..50fbe43aeb71ed201651aaab2ac630bf21e1b7f9 100644
--- a/src/main/java/eu/hbp/mip/configuration/WebConfiguration.java
+++ b/src/main/java/eu/hbp/mip/configuration/WebConfiguration.java
@@ -18,11 +18,6 @@ import springfox.documentation.swagger2.annotations.EnableSwagger2;
@EnableSwagger2
public class WebConfiguration {
-// @Bean
-// public String[] swaggerUiConfig() {
-// return UiConfiguration.Constants.DEFAULT_SUBMIT_METHODS;
-// }
-
@Bean
public Docket swaggerDocumentation() {
return new Docket(DocumentationType.SWAGGER_2)
diff --git a/src/main/java/eu/hbp/mip/controllers/UsersApi.java b/src/main/java/eu/hbp/mip/controllers/UsersApi.java
index 1c60aba1e141697fa506d3a113f2ead0ba6996df..c8b1193f812144aec66a31de8ca541c93ed2cd07 100644
--- a/src/main/java/eu/hbp/mip/controllers/UsersApi.java
+++ b/src/main/java/eu/hbp/mip/controllers/UsersApi.java
@@ -36,7 +36,7 @@ public class UsersApi {
UserDAO activeUser = activeUserService.getActiveUser();
- // Add the active user to a cookie
+ // Add the active user object to a cookie
try {
// TODO needed? Ask Manuel
ObjectMapper mapper = new ObjectMapper();
@@ -53,7 +53,6 @@ public class UsersApi {
return ResponseEntity.ok(activeUserService.getActiveUser());
}
- // TODO Kostas, why not working?
@ApiOperation(value = "The active user agrees to the NDA", response = UserDAO.class)
@RequestMapping(value = "/agreeNDA", method = RequestMethod.POST)
public ResponseEntity<UserDAO> activeUserServiceAgreesToNDA(@RequestBody(required = false) UserDAO userDAO) {
diff --git a/src/main/java/eu/hbp/mip/services/ActiveUserService.java b/src/main/java/eu/hbp/mip/services/ActiveUserService.java
index d925ce3f50bc4cb83b533c25253771a5de27306f..3d881537315d5635f815ad8894c1e46e460068db 100644
--- a/src/main/java/eu/hbp/mip/services/ActiveUserService.java
+++ b/src/main/java/eu/hbp/mip/services/ActiveUserService.java
@@ -18,14 +18,14 @@ import javax.inject.Named;
@Scope(value = "session", proxyMode = ScopedProxyMode.TARGET_CLASS)
public class ActiveUserService {
- @Autowired
- private UserRepository userRepository;
-
@Value("#{'${authentication.enabled}'}")
private boolean authentication;
private UserDAO user;
+ @Autowired
+ private UserRepository userRepository;
+
/**
* Fetches the details of the active user.
* If the user doesn't exist, it's created on the fly from the auth token.
@@ -46,7 +46,7 @@ public class ActiveUserService {
return user;
}
- // If authentication is ON
+ // If authentication is ON get user info from Token
KeycloakPrincipal keycloakPrincipal =
(KeycloakPrincipal) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
IDToken idToken = keycloakPrincipal.getKeycloakSecurityContext().getIdToken();
diff --git a/src/main/java/eu/hbp/mip/utils/ClaimUtils.java b/src/main/java/eu/hbp/mip/utils/ClaimUtils.java
index 5872819bc883efd98a453e363a46ad0a1cb537cd..cdbe41c9ef2bb110266d8d13d14cb809ed2a66fb 100644
--- a/src/main/java/eu/hbp/mip/utils/ClaimUtils.java
+++ b/src/main/java/eu/hbp/mip/utils/ClaimUtils.java
@@ -15,11 +15,11 @@ public class ClaimUtils {
private static final Gson gson = new Gson();
public static String allDatasetsAllowedClaim() {
- return "dataset_all";
+ return "role_dataset_all";
}
public static String getDatasetClaim(String datasetCode) {
- return "dataset_" + datasetCode.toLowerCase();
+ return "role_dataset_" + datasetCode.toLowerCase();
}
public static boolean userHasDatasetsAuthorization(String username, Collection<? extends GrantedAuthority> authorities,
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index 7ff94d0875d55fdf53d078aa7a41f9dd2f2588ba..30c82a447c62125c69a90159870e5a5fc8c6cc54 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -1,6 +1,6 @@
-# Configuration template for the portal running inside a Docker container
+# Configuration for development purposes
-# See http://docs.spring.io/spring-boot/docs/current/reference/html/common-application-properties.html
+### DATABASE CONFIGURATION ###
spring:
portal-datasource:
url: "jdbc:postgresql://127.0.0.1:5433/portal"
@@ -8,7 +8,6 @@ spring:
username: "portal"
password: "portalpwd"
driver-class-name: org.postgresql.Driver
-
data:
jpa:
repositories:
@@ -18,12 +17,7 @@ spring:
dialect: org.hibernate.dialect.PostgreSQL9Dialect
ddl-auto: validate
-# WEB FRONTEND
-frontend:
- loginUrl: "http://127.0.0.1/services/login/hbp"
- redirectAfterLoginUrl: "http://127.0.0.1/"
- redirectAfterLogoutUrl: "http://127.0.0.1/services/login/hbp"
-
+### LOG LEVELS ###
logging:
level:
root: "ERROR"
@@ -31,14 +25,14 @@ logging:
eu:
hbp: "DEBUG"
-# EMBEDDED SERVER CONFIGURATION
+### EMBEDDED SERVER CONFIGURATION ###
server:
servlet:
contextPath: "/services"
port: 8080
forward-headers-strategy: native
-# ENDPOINTS
+### ENDPOINTS ###
endpoints:
enabled: true
health:
@@ -46,12 +40,11 @@ endpoints:
endpoint: "/health"
sensitive: false
-# External Services
+### EXTERNAL SERVICES ###
services:
exareme:
queryExaremeUrl: "http://127.0.0.1:9090/mining/query"
algorithmsUrl: "http://127.0.0.1:9090/mining/algorithms.json"
-
galaxy:
galaxyUrl: "http://127.0.0.1:8090"
galaxyContext: "nativeGalaxy/workflows/list"
@@ -59,11 +52,11 @@ services:
galaxyUsername: "admin"
galaxyPassword: "password"
-# Authentication
+### Authentication ###
authentication:
enabled: true
-# Keycloak
+### Keycloak ###
keycloak:
enabled: true
auth-server-url: "http://127.0.0.1/auth"
@@ -74,8 +67,7 @@ keycloak:
secret: "dae83a6b-c769-4186-8383-f0984c6edf05"
principal-attribute: "preferred_username"
- # logoutUrl: {{ .Env.LOGOUT_URL }}
-
+### EXTERNAL FILES ###
# Files are loaded from the resources
files:
pathologies_json: "classPath:/pathologies.json"