First attempt to add Security

2023-10-26 18:00:09 +03:00 · 2023-10-26 18:00:09 +03:00 · 1fe6200d94
parent 369b24c673
commit 1fe6200d94
6 changed files with 44 additions and 20 deletions
--- a/core/pom.xml
+++ b/core/pom.xml
@ -45,7 +45,7 @@
        <dependency>
            <groupId>gr.cite.opendmp</groupId>
            <artifactId>repositorydepositbase</artifactId>
-            <version>1.0.4</version>
+            <version>1.0.0-SNAPSHOT</version>
        </dependency>

        <dependency>
--- a/core/src/main/java/eu/eudat/depositinterface/zenodorepository/configuration/zenodo/ZenodoProperties.java
+++ b/core/src/main/java/eu/eudat/depositinterface/zenodorepository/configuration/zenodo/ZenodoProperties.java
@ -1,7 +1,6 @@
 package eu.eudat.depositinterface.zenodorepository.configuration.zenodo;

 import eu.eudat.depositinterface.repository.RepositoryDepositConfiguration;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.boot.context.properties.ConstructorBinding;

@ -30,22 +29,22 @@ public class ZenodoProperties {
    }

    public static class ZenodoConfig extends RepositoryDepositConfiguration {
-        private int depositType;
-        private String repositoryId;
-        private String accessToken;
-        private String repositoryUrl;
-        private String repositoryAuthorizationUrl;
-        private String repositoryRecordUrl;
-        private String repositoryAccessTokenUrl;
-        private String repositoryClientId;
-        private String repositoryClientSecret;
-        private String redirectUri;
-        private boolean hasLogo;
-        private String logo;
-        private String doiFunder;
-        private String community;
-        private String affiliation;
-        private String domain;
+        private final int depositType;
+        private final String repositoryId;
+        private final String accessToken;
+        private final String repositoryUrl;
+        private final String repositoryAuthorizationUrl;
+        private final String repositoryRecordUrl;
+        private final String repositoryAccessTokenUrl;
+        private final String repositoryClientId;
+        private final String repositoryClientSecret;
+        private final String redirectUri;
+        private final boolean hasLogo;
+        private final String logo;
+        private final String doiFunder;
+        private final String community;
+        private final String affiliation;
+        private final String domain;

        @ConstructorBinding
        public ZenodoConfig(int depositType, String repositoryId, String accessToken, String repositoryUrl, String repositoryAuthorizationUrl, String repositoryRecordUrl, String repositoryAccessTokenUrl, String repositoryClientId, String repositoryClientSecret, String redirectUri, boolean hasLogo, String logo, String doiFunder, String community, String affiliation, String domain) {
--- a/pom.xml
+++ b/pom.xml
@ -5,7 +5,7 @@
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.7.4</version>
+        <version>3.1.0</version>
        <relativePath/>
    </parent>

--- a/web/pom.xml
+++ b/web/pom.xml
@ -27,6 +27,11 @@
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
+		<dependency>
+			<groupId>gr.cite</groupId>
+			<artifactId>oidc-authn</artifactId>
+			<version>2.1.0</version>
+		</dependency>
    </dependencies>

 	<build>
--- a/web/src/main/resources/config/application.yml
+++ b/web/src/main/resources/config/application.yml
@ -7,4 +7,5 @@ spring:
      optional:classpath:config/zenodo.yml[.yml], optional:classpath:config/zenodo-${spring.profiles.active}.yml[.yml], optional:file:../config/zenodo-${spring.profiles.active}.yml[.yml],
      optional:classpath:config/pid.yml[.yml], optional:classpath:config/pid-${spring.profiles.active}.yml[.yml], optional:file:../config/pid-${spring.profiles.active}.yml[.yml],
      optional:classpath:config/funder.yml[.yml], optional:classpath:config/funder-${spring.profiles.active}.yml[.yml], optional:file:../config/funder-${spring.profiles.active}.yml[.yml],
-      optional:classpath:config/identifiers.yml[.yml], optional:classpath:config/identifiers-${spring.profiles.active}.yml[.yml], optional:file:../config/identifiers-${spring.profiles.active}.yml[.yml]
+      optional:classpath:config/identifiers.yml[.yml], optional:classpath:config/identifiers-${spring.profiles.active}.yml[.yml], optional:file:../config/identifiers-${spring.profiles.active}.yml[.yml],
+      optional:classpath:config/security.yml[.yml], optional:classpath:config/security-${spring.profiles.active}.yml[.yml], optional:file:../config/security-${spring.profiles.active}.yml[.yml]
--- a/web/src/main/resources/config/security.yml
+++ b/web/src/main/resources/config/security.yml
@ -0,0 +1,19 @@
+web:
+  security:
+    enabled: true
+    authorized-endpoints: [ api ]
+    idp:
+      api-key:
+        enabled: true
+        authorization-header: Authorization
+        client-id: ${IDP_APIKEY_CLIENT_ID:}
+        client-secret: ${IDP_APIKEY_CLIENT_SECRET:}
+        scope: ${IDP_APIKEY_SCOPE:}
+      resource:
+        token-type: JWT #| opaque
+        opaque:
+          client-id: ${IDP_OPAQUE_CLIENT_ID:}
+          client-secret: ${IDP_OPAQUE_CLIENT_SECRET:}
+        jwt:
+          claims: [ role, x-role ]
+          issuer-uri: ${IDP_ISSUER_URI:}