diff --git a/src/main/java/cz/cvut/kbss/analysis/config/conf/SecurityConf.java b/src/main/java/cz/cvut/kbss/analysis/config/conf/SecurityConf.java new file mode 100644 index 00000000..2bae7cd5 --- /dev/null +++ b/src/main/java/cz/cvut/kbss/analysis/config/conf/SecurityConf.java @@ -0,0 +1,26 @@ +package cz.cvut.kbss.analysis.config.conf; + +import lombok.Getter; +import lombok.Setter; +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.boot.context.properties.EnableConfigurationProperties; +import org.springframework.context.annotation.Configuration; + +@Setter +@Getter +@Configuration +@EnableConfigurationProperties +@ConfigurationProperties("security") +public class SecurityConf { + private String allowedOrigins; + + private String appContext; + + private String issuerUri; + + private String secretKey; + + private Long expiryMs; + + private String roleClaim; +} diff --git a/src/main/java/cz/cvut/kbss/analysis/security/SecurityConstants.java b/src/main/java/cz/cvut/kbss/analysis/security/SecurityConstants.java new file mode 100644 index 00000000..a7a52374 --- /dev/null +++ b/src/main/java/cz/cvut/kbss/analysis/security/SecurityConstants.java @@ -0,0 +1,33 @@ +package cz.cvut.kbss.analysis.security; + +public class SecurityConstants { + + private SecurityConstants() { + throw new AssertionError(); + } + + public static final String SESSION_COOKIE_NAME = "FSM_JSESSIONID"; + + public static final String REMEMBER_ME_COOKIE_NAME = "remember-me"; + + public static final String CSRF_COOKIE_NAME = "CSRF-TOKEN"; + + public static final String USERNAME_PARAM = "username"; + + public static final String PASSWORD_PARAM = "password"; + + public static final String SECURITY_CHECK_URI = "/j_spring_security_check"; + + public static final String LOGOUT_URI = "/j_spring_security_logout"; + + public static final String COOKIE_URI = "/"; + + /** + * Session timeout in seconds. + */ + public static final int SESSION_TIMEOUT = 12 * 60 * 60; + + public static final String ROLE_USER = "ROLE_USER"; + + public static final String ROLE_ADMIN = "ROLE_ADMIN"; +} \ No newline at end of file diff --git a/src/main/java/cz/cvut/kbss/analysis/service/ConfigReader.java b/src/main/java/cz/cvut/kbss/analysis/service/ConfigReader.java new file mode 100644 index 00000000..59c8d329 --- /dev/null +++ b/src/main/java/cz/cvut/kbss/analysis/service/ConfigReader.java @@ -0,0 +1,42 @@ +package cz.cvut.kbss.analysis.service; + +import cz.cvut.kbss.analysis.util.ConfigParam; +import org.springframework.core.env.Environment; +import org.springframework.stereotype.Component; + +import java.util.Map; + +@Component +public class ConfigReader { + + private final Environment environment; + + public ConfigReader(Environment environment) { + this.environment = environment; + } + + /** + * Gets value of the specified configuration parameter. + * + * @param param Configuration parameter + * @return Configuration parameter value, empty string if the parameter is not set + */ + public String getConfig(ConfigParam param) { + return getConfig(param, ""); + } + + public String getConfig(ConfigParam param, String defaultValue) { + if (environment.containsProperty(param.toString())) { + return environment.getProperty(param.toString()); + } + return defaultValue; + } + + public String getConfigWithParams(ConfigParam param, Map params) { + String str = environment.getProperty(param.toString()); + for ( String key : params.keySet() ) { + str = str.replace("{{" + key + "}}", params.get(key)); + } + return str; + } +} \ No newline at end of file diff --git a/src/main/java/cz/cvut/kbss/analysis/util/ConfigParam.java b/src/main/java/cz/cvut/kbss/analysis/util/ConfigParam.java new file mode 100644 index 00000000..4e408601 --- /dev/null +++ b/src/main/java/cz/cvut/kbss/analysis/util/ConfigParam.java @@ -0,0 +1,19 @@ +package cz.cvut.kbss.analysis.util; + +public enum ConfigParam { + + SECURITY_SAME_SITE("security.sameSite"), + + APP_CONTEXT("appContext"); + + private final String name; + + ConfigParam(String name) { + this.name = name; + } + + @Override + public String toString() { + return name; + } +} \ No newline at end of file diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index fab1ae42..a3271278 100755 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -2,7 +2,7 @@ server: port: 9999 repository: - url: http://localhost:1235/services/db-server/repositories/fta-fmea + url: http://localhost/ava/services/db-server/repositories/fta-fmea persistence: @@ -10,6 +10,11 @@ persistence: language: cs security: + provider: oidc + oidcRoleClaim: realm_access.roles + appContext: http://localhost:3000/fta-fmea + cors: + allowedOrigins: jwt: secretKey: lwrUj5PmCE6X8ekbLd9wDTRlBkEJA0HB expiryMs: 28800000 # 8 hours @@ -25,4 +30,13 @@ logging: annotator: list-documents-api: ${LIST_DOCUMENT_API:http://localhost:8282/s-pipes/service?_pId=list-documents} convert-document-api: ${CONVERT_DOCUMENT_API:http://localhost:8282/s-pipes/service?_pId=convert-document} - process-annotatoins-api: ${PROCESS_ANNOTATION_API:https://localhost:8090/annotator/process-annotation-service.sh} \ No newline at end of file + process-annotatoins-api: ${PROCESS_ANNOTATION_API:https://localhost:8090/annotator/process-annotation-service.sh} + +spring: + security: + oauth2: + resourceserver: + jwt: + issuer-uri: http://localhost/services/auth/realms/record-manager + jwk-set-uri: http://localhost/services/auth/realms/record-manager/protocol/openid-connect/certs +