Removing users endpoint and security cleanup.

dd3ac2f9 · ThanKarab · 9c851bfa · dd3ac2f9 · dd3ac2f9 · dd3ac2f9
Commit dd3ac2f9 authored 4 years ago by ThanKarab
--- a/pom.xml
+++ b/pom.xml
@@ -96,20 +96,6 @@
            <artifactId>keycloak-spring-security-adapter</artifactId>
            <version>${keycloak-spring.version}</version>
        </dependency>
-<!--        <dependency>-->
-<!--            <groupId>org.springframework.security</groupId>-->
-<!--            <artifactId>spring-security-oauth2-resource-server</artifactId>-->
-<!--        </dependency>-->
-<!--        <dependency>-->
-<!--            <groupId>org.springframework.security.oauth.boot</groupId>-->
-<!--            <artifactId>spring-security-oauth2-autoconfigure</artifactId>-->
-<!--            <version>2.0.1.RELEASE</version>-->
-<!--        </dependency>-->
-<!--        <dependency>-->
-<!--            <groupId>org.springframework.security.oauth</groupId>-->
-<!--            <artifactId>spring-security-oauth2</artifactId>-->
-<!--            <version>2.5.0.RELEASE</version>-->
-<!--        </dependency>-->
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-orm</artifactId>

--- a/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java
+++ b/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java
@@ -22,6 +22,9 @@ import org.springframework.security.web.authentication.session.SessionAuthentica
 import org.springframework.security.web.csrf.CsrfToken;
 import org.springframework.security.web.csrf.CsrfTokenRepository;
 import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.springframework.web.filter.OncePerRequestFilter;
 import org.springframework.web.util.WebUtils;
@@ -31,6 +34,8 @@ import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.util.Arrays;
+import java.util.Collections;
 // Reference for OAuth2 login: https://spring.io/guides/tutorials/spring-boot-oauth2/
@@ -104,9 +109,9 @@ public class SecurityConfiguration extends KeycloakWebSecurityConfigurerAdapter
        super.configure(http);
        //disableCertificateValidation();  //  TODO needed?
-        // TODO Check if needed.
+        // TODO Is that needed for development? On Galaxy?
-        // Check if it works when removing keycloak cors from app properties.
+//        http.addFilterBefore(new CORSFilter(), ChannelProcessingFilter.class);
-        http.addFilterBefore(new CORSFilter(), ChannelProcessingFilter.class);
+//        http.cors();
        if (authenticationEnabled) {
            http.antMatcher("/**")
@@ -138,6 +143,7 @@ public class SecurityConfiguration extends KeycloakWebSecurityConfigurerAdapter
        }
    }
 //    @Bean
 //    public FilterRegistrationBean corsFilter() {
 //        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();

--- a/src/main/java/eu/hbp/mip/configuration/SecurityUtils/CORSFilter.java
+++ b/src/main/java/eu/hbp/mip/configuration/SecurityUtils/CORSFilter.java
@@ -8,6 +8,7 @@ import java.io.IOException;
 * Created by mirco on 12.02.16.
 */
 public class CORSFilter implements Filter {
+    // TODO needed?
    @Override
    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {

--- a/src/main/java/eu/hbp/mip/controllers/SecurityApi.java
+++ b/src/main/java/eu/hbp/mip/controllers/SecurityApi.java
@@ -31,7 +31,7 @@ public class SecurityApi {
    @Autowired
    private SecurityConfiguration securityConfiguration;
-    // TODO How to redirect? keycloak off?
+    // TODO Fix no authentication instance
    @RequestMapping(path = "/login/hbp", method = RequestMethod.GET)
    @ConditionalOnExpression("${authentication.enabled:0}")
    public void noLogin(HttpServletResponse httpServletResponse) throws IOException {

--- a/src/main/java/eu/hbp/mip/controllers/UsersApi.java
+++ b/src/main/java/eu/hbp/mip/controllers/UsersApi.java
@@ -21,32 +21,17 @@ import java.net.URLEncoder;
 import static org.springframework.http.MediaType.APPLICATION_JSON_VALUE;
 @RestController
-@RequestMapping(value = "/users", produces = {APPLICATION_JSON_VALUE})
+@RequestMapping(value = "/activeUser", produces = {APPLICATION_JSON_VALUE})
-@Api(value = "/users")
+@Api(value = "/activeUser")
 public class UsersApi {
    @Autowired
    private ActiveUserService activeUserService;
-    @Autowired
-    private UserRepository userRepository;
-    @ApiOperation(value = "Get a user", response = UserDAO.class)
-    @RequestMapping(value = "/{username}", method = RequestMethod.GET)
-    public ResponseEntity<UserDAO> getAUser(
-            @ApiParam(value = "username", required = true) @PathVariable("username") String username
-    ) {
-        Logging.LogUserAction(activeUserService.getActiveUser().getUsername(), "(GET) /users/{username}",
-                "Loaded a user with username : " + username);
-        // TODO Error handling?
-        return ResponseEntity.ok(userRepository.findByUsername(username));
-    }
    @ApiOperation(value = "Get the active user", response = UserDAO.class)
-    @RequestMapping(value = "/activeUser", method = RequestMethod.GET)
+    @RequestMapping(method = RequestMethod.GET)
    public ResponseEntity<UserDAO> getTheActiveUser(HttpServletResponse response) {
-        Logging.LogUserAction(activeUserService.getActiveUser().getUsername(), "(GET) /users/activeUser",
+        Logging.LogUserAction(activeUserService.getActiveUser().getUsername(), "(GET) /activeUser",
                "Loading the details of the activeUser");
        UserDAO activeUser = activeUserService.getActiveUser();
@@ -62,7 +47,7 @@ public class UsersApi {
            response.addCookie(cookie);
        } catch (JsonProcessingException | UnsupportedEncodingException e) {
            Logging.LogUserAction(activeUser.getUsername(),
-                    "(GET) /users/activeUser", "Failed to add Cookie. Exception: " + e.getMessage());
+                    "(GET) /activeUser", "Failed to add Cookie. Exception: " + e.getMessage());
        }
        return ResponseEntity.ok(activeUserService.getActiveUser());
@@ -70,9 +55,9 @@ public class UsersApi {
    // TODO Kostas, why not working?
    @ApiOperation(value = "The active user agrees to the NDA", response = UserDAO.class)
-    @RequestMapping(value = "/activeUser/agreeNDA", method = RequestMethod.POST)
+    @RequestMapping(value = "/agreeNDA", method = RequestMethod.POST)
    public ResponseEntity<UserDAO> activeUserServiceAgreesToNDA(@RequestBody(required = false) UserDAO userDAO) {
-        Logging.LogUserAction(activeUserService.getActiveUser().getUsername(), "(GET) /users/activeUser/agreeNDA",
+        Logging.LogUserAction(activeUserService.getActiveUser().getUsername(), "(GET) /activeUser/agreeNDA",
                "The user agreed to the NDA");
        return ResponseEntity.ok(activeUserService.agreeToNDA());

--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -37,8 +37,6 @@ server:
    contextPath: "/services"
  port: 8080
  forward-headers-strategy: native
-  session:
-    timeout: "2592000"
 # ENDPOINTS
 endpoints:
@@ -75,11 +73,6 @@ keycloak:
  credentials:
    secret: "dae83a6b-c769-4186-8383-f0984c6edf05"
  principal-attribute: "preferred_username"
-  #  cors: true
-  #  cors-max-age: 3600
-  #  cors-allowed-methods: "GET, POST, PUT, PATCH, OPTIONS, DELETE"
-  #  cors-allowed-headers: "*"
-  #  cors-exposed-headers: "*"
  # logoutUrl: {{ .Env.LOGOUT_URL }}

--- a/src/main/resources/test.test
+++ b/src/main/resources/test.test
-# Configuration template for the portal running inside a Docker container
-# See http://docs.spring.io/spring-boot/docs/current/reference/html/common-application-properties.html
-spring.portal-datasource.url="jdbc:postgresql://127.0.0.1:5433/portal"
-spring.portal-datasource.schema="public"
-spring.portal-datasource.username="portal"
-spring.portal-datasource.password="portalpwd"
-spring.portal-datasource.driver-class-name=org.postgresql.Driver
-spring.data.jpa.repositories.bootstrap-mode=default
-spring.jpa.hibernate.dialect=org.hibernate.dialect.PostgreSQL9Dialect
-spring.jpa.hibernate.ddl-auto=validate
-# WEB FRONTEND
-frontend.loginUrl="http://127.0.0.1/services/login/hbp" }}
-frontend.redirectAfterLoginUrl="http://127.0.0.1/"
-frontend.redirectAfterLogoutUrl="http://127.0.0.1/services/login/hbp"
-logging.level.root="DEBUG"
-logging.level.org="DEBUG"
-logging.level.eu.hbp="DEBUG"
-# EMBEDDED SERVER CONFIGURATION
-server.servlet.contextPath="/services"
-server.port=8080
-server.forward-headers-strategy=native
-server.session.timeout="2592000"
-# ENDPOINTS
-endpoints.enabled=true
-endpoints.health.enabled: true
-endpoints.health.endpoint: "/health"
-endpoints.health.sensitive: false
-# External Services
-services.exareme.queryExaremeUrl="http://localhost:9090/mining/query"
-services.exareme.algorithmsUrl="http://localhost:9090/mining/algorithms.json"
-galaxy.galaxyUrl="http://localhost:8090/"
-galaxy.galaxyContext="nativeGalaxy/workflows/list"
-galaxy.galaxyApiKey="sfas"
-galaxy.galaxyUsername="admin"
-galaxy.galaxyPassword="password"
-# Authentication
-authentication.enabled="1"
-# Keycloak
-keycloak.enabled=true
-keycloak.auth-server-url="http://127.0.0.1/auth"
-keycloak.realm="MIP"
-keycloak.resource="MIP"
-keycloak.enable-basic-auth=true
-keycloak.credentials.secret="dae83a6b-c769-4186-8383-f0984c6edf05"
-keycloak.principal-attribute="preferred_username"
-#  cors: true
-#  cors-max-age: 3600
-#  cors-allowed-methods: "GET, POST, PUT, PATCH, OPTIONS, DELETE"
-#  cors-allowed-headers: "*"
-#  cors-exposed-headers: "*"
-# logoutUrl: {{ .Env.LOGOUT_URL }}