diff --git a/refarch-integrations/refarch-email-integration/refarch-email-integration-rest-example/src/main/resources/application-local.yml b/refarch-integrations/refarch-email-integration/refarch-email-integration-rest-example/src/main/resources/application-local.yml index f7438700..e4fc4356 100644 --- a/refarch-integrations/refarch-email-integration/refarch-email-integration-rest-example/src/main/resources/application-local.yml +++ b/refarch-integrations/refarch-email-integration/refarch-email-integration-rest-example/src/main/resources/application-local.yml @@ -6,6 +6,20 @@ spring: port: 1025 username: test@muenchen.de password: secret + security: + oauth2: + client: + provider: + sso: + issuer-uri: http://keycloak:8100/auth/realms/local_realm + user-info-uri: ${spring.security.oauth2.client.provider.sso.issuer-uri}/protocol/openid-connect/userinfo + jwk-set-uri: ${spring.security.oauth2.client.provider.sso.issuer-uri}/protocol/openid-connect/certs + registration: + s3: + provider: sso + authorization-grant-type: client_credentials + client-id: local + client-secret: client_secret refarch: mail: from-address: test@muenchen.de @@ -14,6 +28,3 @@ refarch: client: document-storage-url: http://localhost:8086 enable-security: true -SSO_ISSUER_URL: http://keycloak:8100/auth/realms/local_realm -SSO_S3_CLIENT_ID: local -SSO_S3_CLIENT_SECRET: client_secret diff --git a/refarch-integrations/refarch-s3-integration/README.md b/refarch-integrations/refarch-s3-integration/README.md index 9aeda3ee..1dbb5b00 100644 --- a/refarch-integrations/refarch-s3-integration/README.md +++ b/refarch-integrations/refarch-s3-integration/README.md @@ -47,7 +47,22 @@ Whether a property is an alias can be checked in the corresponding `application. | `refarch.s3.bucket-name` | Name of the bucket to connect to. | `refarch-bucket` | | `refarch.s3.access-key` | Access key to use for connection. | | | `refarch.s3.secret-key` | Secret key to use for connection. | | -| `SSO_ISSUER_URL` | Issuer url of oAuth2 service used for securing rest endpoints. | `https://sso.example.com/auth/realms/refarch` | + +For authenticating the different endpoints oAuth2 authentication needs to be configured. +See below example or the [according Spring documentation](https://docs.spring.io/spring-security/reference/servlet/oauth2/index.html#oauth2-resource-server). + +```yml +spring: + security: + oauth2: + resourceserver: + jwt: + issuer-uri: https://sso.example.com/auth/realms/refarch +security: + oauth2: + resource: + user-info-uri: ${spring.security.oauth2.resourceserver.jwt.issuer-uri}/protocol/openid-connect/userinfo +``` ### s3-integration-java-client-starter @@ -65,6 +80,31 @@ All properties of [s3-integration-java-client-starter](#s3-integration-rest-clie |------------------------------------------|----------------------------------------------------------------------------|-----------------------------------------------| | `refarch.s3.client.document-storage-url` | Url to the RefArch S3 integration service. | `http://s3-integration-service:8080` | | `refarch.s3.client.enable-security` | Switch to enable or disable oAuth2 authentication against s3 service. | `true` | -| `SSO_ISSUER_URL` | Issuer url of oAuth2 service to use for authentication against s3 service. | `https://sso.example.com/auth/realms/refarch` | -| `SSO_S3_CLIENT_ID` | Client id to be used for authentication. | `refarch_client` | -| `SSO_S3_CLIENT_SECRET` | Client secret to be used for gathering client service account token. | | + +For authentication against the s3-service a OAuth2 registration with the name `s3` needs to be provided. +See following example or the [according Spring documentation](https://docs.spring.io/spring-security/reference/servlet/oauth2/index.html#oauth2-client). + +```yml +spring: + security: + oauth2: + client: + provider: + sso: + issuer-uri: https://sso.example.com/auth/realms/refarch + user-info-uri: ${spring.security.oauth2.client.provider.sso.issuer-uri}/protocol/openid-connect/userinfo + jwk-set-uri: ${spring.security.oauth2.client.provider.sso.issuer-uri}/protocol/openid-connect/certs + # used for RequestResponseLoggingFilter in s3-rest-service + # only required if filter is explicitly enabled + user-name-attribute: user_name + registration: + s3: + provider: sso + authorization-grant-type: client_credentials + client-id: refarch_client + client-secret: client_secret_123 + # profile required for username used in s3-rest-service RequestResponseLoggingFilter + # openid required for user info endpoint used in s3-rest-service JwtUserInfoAuthenticationConverter + # both scopes are only required if the according functions are explicitly used + scope: profile, openid +``` diff --git a/refarch-integrations/refarch-s3-integration/refarch-s3-integration-rest/refarch-s3-integration-rest-client-starter/src/main/java/de/muenchen/refarch/integration/s3/client/configuration/S3IntegrationClientAutoConfiguration.java b/refarch-integrations/refarch-s3-integration/refarch-s3-integration-rest/refarch-s3-integration-rest-client-starter/src/main/java/de/muenchen/refarch/integration/s3/client/configuration/S3IntegrationClientAutoConfiguration.java index c631d59e..1b7c3f8f 100644 --- a/refarch-integrations/refarch-s3-integration/refarch-s3-integration-rest/refarch-s3-integration-rest-client-starter/src/main/java/de/muenchen/refarch/integration/s3/client/configuration/S3IntegrationClientAutoConfiguration.java +++ b/refarch-integrations/refarch-s3-integration/refarch-s3-integration-rest/refarch-s3-integration-rest-client-starter/src/main/java/de/muenchen/refarch/integration/s3/client/configuration/S3IntegrationClientAutoConfiguration.java @@ -4,7 +4,6 @@ import de.muenchen.refarch.integration.s3.client.api.FileApiApi; import de.muenchen.refarch.integration.s3.client.api.FolderApiApi; import de.muenchen.refarch.integration.s3.client.domain.model.SupportedFileExtensions; -import de.muenchen.refarch.integration.s3.client.factory.YamlPropertySourceFactory; import de.muenchen.refarch.integration.s3.client.properties.S3IntegrationClientProperties; import de.muenchen.refarch.integration.s3.client.repository.DocumentStorageFileRepository; import de.muenchen.refarch.integration.s3.client.repository.DocumentStorageFileRestRepository; @@ -40,7 +39,6 @@ ) @RequiredArgsConstructor @EnableConfigurationProperties(S3IntegrationClientProperties.class) -@PropertySource(value = "classpath:application-s3-client.yml", factory = YamlPropertySourceFactory.class) @Slf4j public class S3IntegrationClientAutoConfiguration { diff --git a/refarch-integrations/refarch-s3-integration/refarch-s3-integration-rest/refarch-s3-integration-rest-client-starter/src/main/java/de/muenchen/refarch/integration/s3/client/factory/YamlPropertySourceFactory.java b/refarch-integrations/refarch-s3-integration/refarch-s3-integration-rest/refarch-s3-integration-rest-client-starter/src/main/java/de/muenchen/refarch/integration/s3/client/factory/YamlPropertySourceFactory.java deleted file mode 100644 index 48ab8ca7..00000000 --- a/refarch-integrations/refarch-s3-integration/refarch-s3-integration-rest/refarch-s3-integration-rest-client-starter/src/main/java/de/muenchen/refarch/integration/s3/client/factory/YamlPropertySourceFactory.java +++ /dev/null @@ -1,25 +0,0 @@ -package de.muenchen.refarch.integration.s3.client.factory; - -import java.io.IOException; -import java.util.Objects; -import java.util.Properties; -import org.springframework.beans.factory.config.YamlPropertiesFactoryBean; -import org.springframework.core.env.PropertiesPropertySource; -import org.springframework.core.env.PropertySource; -import org.springframework.core.io.support.EncodedResource; -import org.springframework.core.io.support.PropertySourceFactory; -import org.springframework.lang.NonNull; - -public class YamlPropertySourceFactory implements PropertySourceFactory { - - @Override - @NonNull - public PropertySource createPropertySource(String name, EncodedResource resource) throws IOException { - YamlPropertiesFactoryBean factory = new YamlPropertiesFactoryBean(); - factory.setResources(resource.getResource()); - Properties properties = factory.getObject(); - return new PropertiesPropertySource( - Objects.requireNonNull(resource.getResource().getFilename()), - Objects.requireNonNull(properties)); - } -} diff --git a/refarch-integrations/refarch-s3-integration/refarch-s3-integration-rest/refarch-s3-integration-rest-client-starter/src/main/resources/application-s3-client.yml b/refarch-integrations/refarch-s3-integration/refarch-s3-integration-rest/refarch-s3-integration-rest-client-starter/src/main/resources/application-s3-client.yml deleted file mode 100644 index 781a41e5..00000000 --- a/refarch-integrations/refarch-s3-integration/refarch-s3-integration-rest/refarch-s3-integration-rest-client-starter/src/main/resources/application-s3-client.yml +++ /dev/null @@ -1,17 +0,0 @@ -spring: - security: - oauth2: - client: - provider: - keycloak: - issuer-uri: ${SSO_ISSUER_URL} - user-info-uri: ${SSO_ISSUER_URL}/protocol/openid-connect/userinfo - jwk-set-uri: ${SSO_ISSUER_URL}/protocol/openid-connect/certs - user-name-attribute: user_name - registration: - s3: - provider: keycloak - authorization-grant-type: client_credentials - client-id: ${SSO_S3_CLIENT_ID} - client-secret: ${SSO_S3_CLIENT_SECRET} - scope: email, profile, openid # needed for userInfo endpoint diff --git a/refarch-integrations/refarch-s3-integration/refarch-s3-integration-rest/refarch-s3-integration-rest-service/src/main/resources/application-local.yml b/refarch-integrations/refarch-s3-integration/refarch-s3-integration-rest/refarch-s3-integration-rest-service/src/main/resources/application-local.yml index d8b6a4d3..f3b47855 100644 --- a/refarch-integrations/refarch-s3-integration/refarch-s3-integration-rest/refarch-s3-integration-rest-service/src/main/resources/application-local.yml +++ b/refarch-integrations/refarch-s3-integration/refarch-s3-integration-rest/refarch-s3-integration-rest-service/src/main/resources/application-local.yml @@ -1,4 +1,13 @@ -SSO_ISSUER_URL: http://keycloak:8100/auth/realms/local_realm +spring: + security: + oauth2: + resourceserver: + jwt: + issuer-uri: http://keycloak:8100/auth/realms/local_realm +security: + oauth2: + resource: + user-info-uri: ${spring.security.oauth2.resourceserver.jwt.issuer-uri}/protocol/openid-connect/userinfo refarch: s3: bucket-name: test-bucket diff --git a/refarch-integrations/refarch-s3-integration/refarch-s3-integration-rest/refarch-s3-integration-rest-service/src/main/resources/application.yml b/refarch-integrations/refarch-s3-integration/refarch-s3-integration-rest/refarch-s3-integration-rest-service/src/main/resources/application.yml index 72abf507..0c906ad9 100644 --- a/refarch-integrations/refarch-s3-integration/refarch-s3-integration-rest/refarch-s3-integration-rest-service/src/main/resources/application.yml +++ b/refarch-integrations/refarch-s3-integration/refarch-s3-integration-rest/refarch-s3-integration-rest-service/src/main/resources/application.yml @@ -6,11 +6,6 @@ info: spring: application: name: ${info.application.name} - security: - oauth2: - resourceserver: - jwt: - issuer-uri: ${SSO_ISSUER_URL} server: error: @@ -33,14 +28,3 @@ management: health.enabled: true info.enabled: true prometheus.enabled: true - -security: - oauth2: - resource.user-info-uri: ${SSO_ISSUER_URL}/protocol/openid-connect/userinfo - -refarch: - s3: - bucket-name: ${S3_BUCKETNAME} - access-key: ${S3_ACCESSKEY} - url: ${S3_URL:http://localhost:9000} - secret-key: ${S3_SECRETKEY}