From 3c2b90293a58a66eb072982134c7299302b6a711 Mon Sep 17 00:00:00 2001
From: ThanKarab <tkarabatsis@hotmail.com>
Date: Mon, 2 Aug 2021 18:30:18 +0300
Subject: [PATCH 1/2] Changed keycloak adapter to use client roles.
---
docker/config/application.tmpl | 1 +
src/main/resources/application.yml | 10 +---------
2 files changed, 2 insertions(+), 9 deletions(-)
diff --git a/docker/config/application.tmpl b/docker/config/application.tmpl
index 6c155eeb6..e6af51b24 100644
--- a/docker/config/application.tmpl
+++ b/docker/config/application.tmpl
@@ -55,6 +55,7 @@ keycloak:
auth-server-url: {{ .Env.KEYCLOAK_AUTH_URL }}
realm: {{ .Env.KEYCLOAK_REALM }}
resource: {{ .Env.KEYCLOAK_CLIENT_ID }}
+ use-resource-role-mappings: true
enable-basic-auth: true
credentials:
secret: {{ .Env.KEYCLOAK_CLIENT_SECRET }}
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index d8d542b6b..32ed7ce84 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -53,6 +53,7 @@ keycloak:
auth-server-url: "https://iam.humanbrainproject.eu/auth"
realm: "MIP"
resource: "mipfedqa"
+ use-resource-role-mappings: true
enable-basic-auth: true
credentials:
secret: "dae83a6b-c769-4186-8383-f0984c6edf05"
@@ -72,12 +73,3 @@ server:
contextPath: "/services"
port: 8080
forward-headers-strategy: native
-
-
-### ENDPOINTS ###
-endpoints:
- enabled: true
- health:
- enabled: true
- endpoint: "/health"
- sensitive: false
\ No newline at end of file
--
GitLab
From e5620de71e1a4d31230e989fa5d6587676ee946f Mon Sep 17 00:00:00 2001
From: ThanKarab <tkarabatsis@hotmail.com>
Date: Mon, 2 Aug 2021 18:30:33 +0300
Subject: [PATCH 2/2] Fixed portal-backend unhealthy container status.
---
Dockerfile | 4 ++--
build.sh | 2 +-
.../java/eu/hbp/mip/configurations/SecurityConfiguration.java | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index 866c01bf4..de7bf4c86 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,6 +14,7 @@ RUN cp /usr/share/maven/ref/settings-docker.xml /root/.m2/settings.xml \
FROM hbpmip/java-base:11.0.1-1
+RUN apt-get update && apt-get install -y --no-install-recommends curl jq
RUN rm -rf /var/lib/apt/lists/* /tmp/*
COPY docker/config/application.tmpl /opt/portal/config/application.tmpl
@@ -42,10 +43,9 @@ ENV APP_NAME="Portal backend" \
WORKDIR /home/portal
ENTRYPOINT ["/run.sh"]
-# 8080: Web service API, health checks on http://host:8080$CONTEXT_PATH/health
EXPOSE 8080
-HEALTHCHECK --start-period=60s CMD curl -v --silent http://localhost:8080$CONTEXT_PATH/health 2>&1 | grep UP
+HEALTHCHECK --start-period=60s CMD curl -v --silent http://localhost:8080/services/actuator/health 2>&1 | grep UP
LABEL org.label-schema.build-date=$BUILD_DATE \
org.label-schema.name="hbpmip/portal-backend" \
diff --git a/build.sh b/build.sh
index 6a18d98ec..ef4f10565 100755
--- a/build.sh
+++ b/build.sh
@@ -26,7 +26,7 @@ else
DOCKER="sudo docker"
fi
-IMAGE="kfilippopolitis/portal-backend"
+IMAGE="hbpmip/portal-backend"
VCS_REF=$(git describe --tags --dirty)
VERSION=$(git describe --tags --dirty)
diff --git a/src/main/java/eu/hbp/mip/configurations/SecurityConfiguration.java b/src/main/java/eu/hbp/mip/configurations/SecurityConfiguration.java
index 9f583da4e..3526335db 100644
--- a/src/main/java/eu/hbp/mip/configurations/SecurityConfiguration.java
+++ b/src/main/java/eu/hbp/mip/configurations/SecurityConfiguration.java
@@ -53,7 +53,7 @@ public class SecurityConfiguration extends KeycloakWebSecurityConfigurerAdapter
if (authenticationEnabled) {
http.authorizeRequests()
.antMatchers(
- "/sso/login",
+ "/sso/login", "/actuator/**",
"/v2/api-docs", "/swagger-ui/**", "/swagger-resources/**" // Swagger URLs
).permitAll()
.antMatchers("/galaxy*", "/galaxy/*").hasRole("WORKFLOW_ADMIN")
--
GitLab