Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat: Add API Key security #91

Merged
merged 22 commits into from
Nov 27, 2023
Merged

Feat: Add API Key security #91

merged 22 commits into from
Nov 27, 2023

Conversation

tom-rm-meyer-ISST
Copy link
Contributor

@tom-rm-meyer-ISST tom-rm-meyer-ISST commented Nov 18, 2023
edited
Loading

Description

For minimal level of security I added an api key header ("X-API-KEY": "value from properties / environment var") for all routes in spring context except for swagger ui:

  • Security filter configuration in backend that secures ALL routes with own authentication
  • added configuration (application.properties files, local/docker-compose)
  • updated frontend stock view to use the api-key
  • Fixed configuration of EDC in local/tractus-x-edc/config for control planes: edc.receiver.http.dynamic.endpoint + property for auth key and code.
  • update of local.env + INSTALL.md
  • updates springdoc / swagger

Pre-review checks

Please ensure to do as many of the following checks as possible, before asking for committer review:

@tom-rm-meyer-ISST
feat: initial code for api key security
9f5d7c0
@tom-rm-meyer-ISST
refactor: moved all to security package
4873303
@tom-rm-meyer-ISST
feat: added api key authentication statically
9f83cce
@tom-rm-meyer-ISST
feat: externalized api key to application properties
5288373
@tom-rm-meyer-ISST
refactor: renamed security classes to ApiKey*
d3635b8
@tom-rm-meyer-ISST
feat: added apiKey to stockView
087f603
@tom-rm-meyer-ISST
fix: renamed wrong environment properties for local deployment
0b24d38
@tom-rm-meyer-ISST
feat: added cors integration
c031590
@tom-rm-meyer-ISST
ci: added backend api key to integrationtest env
18741d1
@tom-rm-meyer-ISST
feat: added api-key usage to PartnerStockSFC
f775683
@tom-rm-meyer-ISST
feat: prepared asset creation and dynamic EDR in transfer for api key
20f31a2
@tom-rm-meyer-ISST
Merge branch 'main' into feat/security
8358eb2
@tom-rm-meyer-ISST
feat: got dynamic EDR running with api key by configutation
b831fa2
@tom-rm-meyer-ISST
feat: added dynamic endpoint for EDR and noted hints for 0.5.x
eb8d39e
@tom-rm-meyer-ISST
feat: excluded swagger from api key security
755c3f3
@tom-rm-meyer-ISST
chore: added missing license headers
b7ffb78
@tom-rm-meyer-ISST
chore: changed intendation
cfd77aa
mhellmeier
mhellmeier approved these changes Nov 27, 2023
View reviewed changes
...ain/java/org/eclipse/tractusx/puris/backend/common/edc/logic/util/EDCRequestBodyBuilder.java
@@ -167,7 +167,16 @@ public JsonNode buildTransferRequestBody(String transferId,
transferNode.set("transferType", transferTypeNode);
transferNode.put("managedResources", false);
propertiesNode = MAPPER.createObjectNode();
// TODO: reminder for EDC 0.5.x: receiverHttpEndpoint - auth key and code still not possible
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Those TODOs should be extracted into the issue board of the project to keep track of it.

@mhellmeier mhellmeier merged commit 03eed0a into eclipse-tractusx:main Nov 27, 2023
8 checks passed
@tom-rm-meyer-ISST tom-rm-meyer-ISST mentioned this pull request Nov 28, 2023
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mhellmeier mhellmeier mhellmeier approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tom-rm-meyer-ISST @mhellmeier