commit 89242bc9b7b293c42834f71d214c96e4ecf2a979 Author: Timo Bejan Date: Thu May 4 11:00:39 2023 +0300 Initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..549e00a --- /dev/null +++ b/.gitignore @@ -0,0 +1,33 @@ +HELP.md +target/ +!.mvn/wrapper/maven-wrapper.jar +!**/src/main/**/target/ +!**/src/test/**/target/ + +### STS ### +.apt_generated +.classpath +.factorypath +.project +.settings +.springBeans +.sts4-cache + +### IntelliJ IDEA ### +.idea +*.iws +*.iml +*.ipr + +### NetBeans ### +/nbproject/private/ +/nbbuild/ +/dist/ +/nbdist/ +/.nb-gradle/ +build/ +!**/src/main/**/build/ +!**/src/test/**/build/ + +### VS Code ### +.vscode/ diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..b85809e --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,4 @@ +include: + - project: 'gitlab/gitlab' + ref: 'main' + file: 'ci-templates/maven_deps.yml' diff --git a/.mvn/wrapper/maven-wrapper.jar b/.mvn/wrapper/maven-wrapper.jar new file mode 100644 index 0000000..bf82ff0 Binary files /dev/null and b/.mvn/wrapper/maven-wrapper.jar differ diff --git a/.mvn/wrapper/maven-wrapper.properties b/.mvn/wrapper/maven-wrapper.properties new file mode 100644 index 0000000..ca5ab4b --- /dev/null +++ b/.mvn/wrapper/maven-wrapper.properties @@ -0,0 +1,18 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.7/apache-maven-3.8.7-bin.zip +wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar diff --git a/mvnw b/mvnw new file mode 100755 index 0000000..8a8fb22 --- /dev/null +++ b/mvnw @@ -0,0 +1,316 @@ +#!/bin/sh +# ---------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# ---------------------------------------------------------------------------- + +# ---------------------------------------------------------------------------- +# Maven Start Up Batch script +# +# Required ENV vars: +# ------------------ +# JAVA_HOME - location of a JDK home dir +# +# Optional ENV vars +# ----------------- +# M2_HOME - location of maven2's installed home dir +# MAVEN_OPTS - parameters passed to the Java VM when running Maven +# e.g. to debug Maven itself, use +# set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 +# MAVEN_SKIP_RC - flag to disable loading of mavenrc files +# ---------------------------------------------------------------------------- + +if [ -z "$MAVEN_SKIP_RC" ] ; then + + if [ -f /usr/local/etc/mavenrc ] ; then + . /usr/local/etc/mavenrc + fi + + if [ -f /etc/mavenrc ] ; then + . /etc/mavenrc + fi + + if [ -f "$HOME/.mavenrc" ] ; then + . "$HOME/.mavenrc" + fi + +fi + +# OS specific support. $var _must_ be set to either true or false. +cygwin=false; +darwin=false; +mingw=false +case "`uname`" in + CYGWIN*) cygwin=true ;; + MINGW*) mingw=true;; + Darwin*) darwin=true + # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home + # See https://developer.apple.com/library/mac/qa/qa1170/_index.html + if [ -z "$JAVA_HOME" ]; then + if [ -x "/usr/libexec/java_home" ]; then + export JAVA_HOME="`/usr/libexec/java_home`" + else + export JAVA_HOME="/Library/Java/Home" + fi + fi + ;; +esac + +if [ -z "$JAVA_HOME" ] ; then + if [ -r /etc/gentoo-release ] ; then + JAVA_HOME=`java-config --jre-home` + fi +fi + +if [ -z "$M2_HOME" ] ; then + ## resolve links - $0 may be a link to maven's home + PRG="$0" + + # need this for relative symlinks + while [ -h "$PRG" ] ; do + ls=`ls -ld "$PRG"` + link=`expr "$ls" : '.*-> \(.*\)$'` + if expr "$link" : '/.*' > /dev/null; then + PRG="$link" + else + PRG="`dirname "$PRG"`/$link" + fi + done + + saveddir=`pwd` + + M2_HOME=`dirname "$PRG"`/.. + + # make it fully qualified + M2_HOME=`cd "$M2_HOME" && pwd` + + cd "$saveddir" + # echo Using m2 at $M2_HOME +fi + +# For Cygwin, ensure paths are in UNIX format before anything is touched +if $cygwin ; then + [ -n "$M2_HOME" ] && + M2_HOME=`cygpath --unix "$M2_HOME"` + [ -n "$JAVA_HOME" ] && + JAVA_HOME=`cygpath --unix "$JAVA_HOME"` + [ -n "$CLASSPATH" ] && + CLASSPATH=`cygpath --path --unix "$CLASSPATH"` +fi + +# For Mingw, ensure paths are in UNIX format before anything is touched +if $mingw ; then + [ -n "$M2_HOME" ] && + M2_HOME="`(cd "$M2_HOME"; pwd)`" + [ -n "$JAVA_HOME" ] && + JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`" +fi + +if [ -z "$JAVA_HOME" ]; then + javaExecutable="`which javac`" + if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then + # readlink(1) is not available as standard on Solaris 10. + readLink=`which readlink` + if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then + if $darwin ; then + javaHome="`dirname \"$javaExecutable\"`" + javaExecutable="`cd \"$javaHome\" && pwd -P`/javac" + else + javaExecutable="`readlink -f \"$javaExecutable\"`" + fi + javaHome="`dirname \"$javaExecutable\"`" + javaHome=`expr "$javaHome" : '\(.*\)/bin'` + JAVA_HOME="$javaHome" + export JAVA_HOME + fi + fi +fi + +if [ -z "$JAVACMD" ] ; then + if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD="$JAVA_HOME/jre/sh/java" + else + JAVACMD="$JAVA_HOME/bin/java" + fi + else + JAVACMD="`\\unset -f command; \\command -v java`" + fi +fi + +if [ ! -x "$JAVACMD" ] ; then + echo "Error: JAVA_HOME is not defined correctly." >&2 + echo " We cannot execute $JAVACMD" >&2 + exit 1 +fi + +if [ -z "$JAVA_HOME" ] ; then + echo "Warning: JAVA_HOME environment variable is not set." +fi + +CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher + +# traverses directory structure from process work directory to filesystem root +# first directory with .mvn subdirectory is considered project base directory +find_maven_basedir() { + + if [ -z "$1" ] + then + echo "Path not specified to find_maven_basedir" + return 1 + fi + + basedir="$1" + wdir="$1" + while [ "$wdir" != '/' ] ; do + if [ -d "$wdir"/.mvn ] ; then + basedir=$wdir + break + fi + # workaround for JBEAP-8937 (on Solaris 10/Sparc) + if [ -d "${wdir}" ]; then + wdir=`cd "$wdir/.."; pwd` + fi + # end of workaround + done + echo "${basedir}" +} + +# concatenates all lines of a file +concat_lines() { + if [ -f "$1" ]; then + echo "$(tr -s '\n' ' ' < "$1")" + fi +} + +BASE_DIR=`find_maven_basedir "$(pwd)"` +if [ -z "$BASE_DIR" ]; then + exit 1; +fi + +########################################################################################## +# Extension to allow automatically downloading the maven-wrapper.jar from Maven-central +# This allows using the maven wrapper in projects that prohibit checking in binary data. +########################################################################################## +if [ -r "$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" ]; then + if [ "$MVNW_VERBOSE" = true ]; then + echo "Found .mvn/wrapper/maven-wrapper.jar" + fi +else + if [ "$MVNW_VERBOSE" = true ]; then + echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..." + fi + if [ -n "$MVNW_REPOURL" ]; then + jarUrl="$MVNW_REPOURL/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar" + else + jarUrl="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar" + fi + while IFS="=" read key value; do + case "$key" in (wrapperUrl) jarUrl="$value"; break ;; + esac + done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties" + if [ "$MVNW_VERBOSE" = true ]; then + echo "Downloading from: $jarUrl" + fi + wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" + if $cygwin; then + wrapperJarPath=`cygpath --path --windows "$wrapperJarPath"` + fi + + if command -v wget > /dev/null; then + if [ "$MVNW_VERBOSE" = true ]; then + echo "Found wget ... using wget" + fi + if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then + wget "$jarUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath" + else + wget --http-user=$MVNW_USERNAME --http-password=$MVNW_PASSWORD "$jarUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath" + fi + elif command -v curl > /dev/null; then + if [ "$MVNW_VERBOSE" = true ]; then + echo "Found curl ... using curl" + fi + if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then + curl -o "$wrapperJarPath" "$jarUrl" -f + else + curl --user $MVNW_USERNAME:$MVNW_PASSWORD -o "$wrapperJarPath" "$jarUrl" -f + fi + + else + if [ "$MVNW_VERBOSE" = true ]; then + echo "Falling back to using Java to download" + fi + javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java" + # For Cygwin, switch paths to Windows format before running javac + if $cygwin; then + javaClass=`cygpath --path --windows "$javaClass"` + fi + if [ -e "$javaClass" ]; then + if [ ! -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then + if [ "$MVNW_VERBOSE" = true ]; then + echo " - Compiling MavenWrapperDownloader.java ..." + fi + # Compiling the Java class + ("$JAVA_HOME/bin/javac" "$javaClass") + fi + if [ -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then + # Running the downloader + if [ "$MVNW_VERBOSE" = true ]; then + echo " - Running MavenWrapperDownloader.java ..." + fi + ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$MAVEN_PROJECTBASEDIR") + fi + fi + fi +fi +########################################################################################## +# End of extension +########################################################################################## + +export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"} +if [ "$MVNW_VERBOSE" = true ]; then + echo $MAVEN_PROJECTBASEDIR +fi +MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS" + +# For Cygwin, switch paths to Windows format before running java +if $cygwin; then + [ -n "$M2_HOME" ] && + M2_HOME=`cygpath --path --windows "$M2_HOME"` + [ -n "$JAVA_HOME" ] && + JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"` + [ -n "$CLASSPATH" ] && + CLASSPATH=`cygpath --path --windows "$CLASSPATH"` + [ -n "$MAVEN_PROJECTBASEDIR" ] && + MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"` +fi + +# Provide a "standardized" way to retrieve the CLI args that will +# work with both Windows and non-Windows executions. +MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@" +export MAVEN_CMD_LINE_ARGS + +WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain + +exec "$JAVACMD" \ + $MAVEN_OPTS \ + $MAVEN_DEBUG_OPTS \ + -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \ + "-Dmaven.home=${M2_HOME}" \ + "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \ + ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@" diff --git a/mvnw.cmd b/mvnw.cmd new file mode 100644 index 0000000..1d8ab01 --- /dev/null +++ b/mvnw.cmd @@ -0,0 +1,188 @@ +@REM ---------------------------------------------------------------------------- +@REM Licensed to the Apache Software Foundation (ASF) under one +@REM or more contributor license agreements. See the NOTICE file +@REM distributed with this work for additional information +@REM regarding copyright ownership. The ASF licenses this file +@REM to you under the Apache License, Version 2.0 (the +@REM "License"); you may not use this file except in compliance +@REM with the License. You may obtain a copy of the License at +@REM +@REM https://www.apache.org/licenses/LICENSE-2.0 +@REM +@REM Unless required by applicable law or agreed to in writing, +@REM software distributed under the License is distributed on an +@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +@REM KIND, either express or implied. See the License for the +@REM specific language governing permissions and limitations +@REM under the License. +@REM ---------------------------------------------------------------------------- + +@REM ---------------------------------------------------------------------------- +@REM Maven Start Up Batch script +@REM +@REM Required ENV vars: +@REM JAVA_HOME - location of a JDK home dir +@REM +@REM Optional ENV vars +@REM M2_HOME - location of maven2's installed home dir +@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands +@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending +@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven +@REM e.g. to debug Maven itself, use +@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000 +@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files +@REM ---------------------------------------------------------------------------- + +@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on' +@echo off +@REM set title of command window +title %0 +@REM enable echoing by setting MAVEN_BATCH_ECHO to 'on' +@if "%MAVEN_BATCH_ECHO%" == "on" echo %MAVEN_BATCH_ECHO% + +@REM set %HOME% to equivalent of $HOME +if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%") + +@REM Execute a user defined script before this one +if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre +@REM check for pre script, once with legacy .bat ending and once with .cmd ending +if exist "%USERPROFILE%\mavenrc_pre.bat" call "%USERPROFILE%\mavenrc_pre.bat" %* +if exist "%USERPROFILE%\mavenrc_pre.cmd" call "%USERPROFILE%\mavenrc_pre.cmd" %* +:skipRcPre + +@setlocal + +set ERROR_CODE=0 + +@REM To isolate internal variables from possible post scripts, we use another setlocal +@setlocal + +@REM ==== START VALIDATION ==== +if not "%JAVA_HOME%" == "" goto OkJHome + +echo. +echo Error: JAVA_HOME not found in your environment. >&2 +echo Please set the JAVA_HOME variable in your environment to match the >&2 +echo location of your Java installation. >&2 +echo. +goto error + +:OkJHome +if exist "%JAVA_HOME%\bin\java.exe" goto init + +echo. +echo Error: JAVA_HOME is set to an invalid directory. >&2 +echo JAVA_HOME = "%JAVA_HOME%" >&2 +echo Please set the JAVA_HOME variable in your environment to match the >&2 +echo location of your Java installation. >&2 +echo. +goto error + +@REM ==== END VALIDATION ==== + +:init + +@REM Find the project base dir, i.e. the directory that contains the folder ".mvn". +@REM Fallback to current working directory if not found. + +set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR% +IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir + +set EXEC_DIR=%CD% +set WDIR=%EXEC_DIR% +:findBaseDir +IF EXIST "%WDIR%"\.mvn goto baseDirFound +cd .. +IF "%WDIR%"=="%CD%" goto baseDirNotFound +set WDIR=%CD% +goto findBaseDir + +:baseDirFound +set MAVEN_PROJECTBASEDIR=%WDIR% +cd "%EXEC_DIR%" +goto endDetectBaseDir + +:baseDirNotFound +set MAVEN_PROJECTBASEDIR=%EXEC_DIR% +cd "%EXEC_DIR%" + +:endDetectBaseDir + +IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig + +@setlocal EnableExtensions EnableDelayedExpansion +for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a +@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS% + +:endReadAdditionalConfig + +SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe" +set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar" +set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain + +set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar" + +FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO ( + IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B +) + +@REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central +@REM This allows using the maven wrapper in projects that prohibit checking in binary data. +if exist %WRAPPER_JAR% ( + if "%MVNW_VERBOSE%" == "true" ( + echo Found %WRAPPER_JAR% + ) +) else ( + if not "%MVNW_REPOURL%" == "" ( + SET DOWNLOAD_URL="%MVNW_REPOURL%/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar" + ) + if "%MVNW_VERBOSE%" == "true" ( + echo Couldn't find %WRAPPER_JAR%, downloading it ... + echo Downloading from: %DOWNLOAD_URL% + ) + + powershell -Command "&{"^ + "$webclient = new-object System.Net.WebClient;"^ + "if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^ + "$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^ + "}"^ + "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')"^ + "}" + if "%MVNW_VERBOSE%" == "true" ( + echo Finished downloading %WRAPPER_JAR% + ) +) +@REM End of extension + +@REM Provide a "standardized" way to retrieve the CLI args that will +@REM work with both Windows and non-Windows executions. +set MAVEN_CMD_LINE_ARGS=%* + +%MAVEN_JAVA_EXE% ^ + %JVM_CONFIG_MAVEN_PROPS% ^ + %MAVEN_OPTS% ^ + %MAVEN_DEBUG_OPTS% ^ + -classpath %WRAPPER_JAR% ^ + "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" ^ + %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %* +if ERRORLEVEL 1 goto error +goto end + +:error +set ERROR_CODE=1 + +:end +@endlocal & set ERROR_CODE=%ERROR_CODE% + +if not "%MAVEN_SKIP_RC%"=="" goto skipRcPost +@REM check for post script, once with legacy .bat ending and once with .cmd ending +if exist "%USERPROFILE%\mavenrc_post.bat" call "%USERPROFILE%\mavenrc_post.bat" +if exist "%USERPROFILE%\mavenrc_post.cmd" call "%USERPROFILE%\mavenrc_post.cmd" +:skipRcPost + +@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on' +if "%MAVEN_BATCH_PAUSE%"=="on" pause + +if "%MAVEN_TERMINATE_CMD%"=="on" exit %ERROR_CODE% + +cmd /C exit /B %ERROR_CODE% diff --git a/pom.xml b/pom.xml new file mode 100644 index 0000000..31a405e --- /dev/null +++ b/pom.xml @@ -0,0 +1,68 @@ + + + 4.0.0 + + org.springframework.boot + spring-boot-starter-parent + 3.0.5 + + + com.knecon.fforesight + keycloak-commons + 1.0-SNAPSHOT + keycloak-commons + keycloak-commons + + 17 + 21.0.1 + 1.7 + 1.0-SNAPSHOT + + + + + com.knecon.fforesight + tenant-commons + ${tennat-commons.version} + + + + org.keycloak + keycloak-admin-client + ${keycloak.version} + + + + org.springframework.boot + spring-boot-starter-oauth2-resource-server + + + + org.springframework.boot + spring-boot-starter-security + + + + org.springframework.boot + spring-boot-starter-web + + + + org.springframework.boot + spring-boot-configuration-processor + true + + + org.projectlombok + lombok + true + + + org.springframework.boot + spring-boot-starter-test + test + + + + diff --git a/src/main/java/com/knecon/fforesight/keycloakcommons/DefaultKeyCloakCommonsAutoConfiguration.java b/src/main/java/com/knecon/fforesight/keycloakcommons/DefaultKeyCloakCommonsAutoConfiguration.java new file mode 100644 index 0000000..768a1c3 --- /dev/null +++ b/src/main/java/com/knecon/fforesight/keycloakcommons/DefaultKeyCloakCommonsAutoConfiguration.java @@ -0,0 +1,14 @@ +package com.knecon.fforesight.keycloakcommons; + +import org.springframework.boot.autoconfigure.AutoConfiguration; +import org.springframework.boot.context.properties.EnableConfigurationProperties; +import org.springframework.context.annotation.ComponentScan; + +import com.knecon.fforesight.keycloakcommons.security.properties.CommonsKeyCloakProperties; + +@ComponentScan +@AutoConfiguration +@EnableConfigurationProperties(CommonsKeyCloakProperties.class) +public class DefaultKeyCloakCommonsAutoConfiguration { + +} diff --git a/src/main/java/com/knecon/fforesight/keycloakcommons/security/CustomJwtAuthoritiesConverter.java b/src/main/java/com/knecon/fforesight/keycloakcommons/security/CustomJwtAuthoritiesConverter.java new file mode 100644 index 0000000..8646480 --- /dev/null +++ b/src/main/java/com/knecon/fforesight/keycloakcommons/security/CustomJwtAuthoritiesConverter.java @@ -0,0 +1,41 @@ +package com.knecon.fforesight.keycloakcommons.security; + +import java.util.Collection; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.stream.Collectors; + +import org.springframework.core.convert.converter.Converter; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.oauth2.jwt.Jwt; + +import com.knecon.fforesight.tenantcommons.model.AuthDetails; + +public class CustomJwtAuthoritiesConverter implements Converter> { + + private final AuthDetails authDetails; + + + public CustomJwtAuthoritiesConverter(AuthDetails authDetails) { + + this.authDetails = authDetails; + } + + + @Override + public Collection convert(Jwt source) { + + Map>> resourceAccess = source.getClaim("resource_access"); + + var unfilteredPermissions = resourceAccess.values().stream().map(Map::values).flatMap(Collection::stream).flatMap(List::stream).toList(); + + var allValidRoles = new HashSet<>(); + allValidRoles.addAll(authDetails.getClientRoles()); + allValidRoles.addAll(authDetails.getRealmRoles()); + + return unfilteredPermissions.stream().filter(allValidRoles::contains).map(SimpleGrantedAuthority::new).collect(Collectors.toList()); + } + +} diff --git a/src/main/java/com/knecon/fforesight/keycloakcommons/security/KeycloakSecurity.java b/src/main/java/com/knecon/fforesight/keycloakcommons/security/KeycloakSecurity.java new file mode 100644 index 0000000..53147ed --- /dev/null +++ b/src/main/java/com/knecon/fforesight/keycloakcommons/security/KeycloakSecurity.java @@ -0,0 +1,40 @@ +package com.knecon.fforesight.keycloakcommons.security; + +import java.util.Optional; + +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken; + +import lombok.experimental.UtilityClass; +import lombok.extern.slf4j.Slf4j; + +/** + * Collection of helpful functions to easily access information about an authenticated user. + */ +@Slf4j +@UtilityClass +public class KeycloakSecurity { + + /** + * Determines the unique identifier for the currently logged in user. + * + * @return The unique user identifier. Never {@code null}. + */ + public String getUserId() { + + Authentication auth = SecurityContextHolder.getContext().getAuthentication(); + if (auth == null) { + return "anonymousUser"; + } + return auth.getName(); + } + + + public Optional getRealm() { + + var authentication = (JwtAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); + return Optional.of(TokenUtils.toTenant(authentication.getToken().getTokenValue())); + } + +} diff --git a/src/main/java/com/knecon/fforesight/keycloakcommons/security/SecuredKeyCloakConfiguration.java b/src/main/java/com/knecon/fforesight/keycloakcommons/security/SecuredKeyCloakConfiguration.java new file mode 100644 index 0000000..be19781 --- /dev/null +++ b/src/main/java/com/knecon/fforesight/keycloakcommons/security/SecuredKeyCloakConfiguration.java @@ -0,0 +1,90 @@ +package com.knecon.fforesight.keycloakcommons.security; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.http.HttpMethod; +import org.springframework.http.HttpStatus; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer; +import org.springframework.security.config.http.SessionCreationPolicy; +import org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator; +import org.springframework.security.oauth2.core.OAuth2TokenValidator; +import org.springframework.security.oauth2.jwt.Jwt; +import org.springframework.security.oauth2.jwt.JwtDecoder; +import org.springframework.security.oauth2.jwt.JwtValidators; +import org.springframework.security.oauth2.jwt.NimbusJwtDecoder; +import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.authentication.HttpStatusEntryPoint; + +import com.knecon.fforesight.keycloakcommons.security.properties.CommonsKeyCloakProperties; +import com.nimbusds.jose.proc.SecurityContext; +import com.nimbusds.jwt.proc.ConfigurableJWTProcessor; +import com.nimbusds.jwt.proc.DefaultJWTProcessor; +import com.nimbusds.jwt.proc.JWTProcessor; + +import lombok.RequiredArgsConstructor; + +@Configuration +@EnableWebSecurity +@RequiredArgsConstructor +@EnableMethodSecurity +public class SecuredKeyCloakConfiguration { + + private final TenantAuthenticationManagerResolver tenantAuthenticationManagerResolver; + + + @Bean + JWTProcessor jwtProcessor(TenantJWSKeySelector keySelector) { + + ConfigurableJWTProcessor jwtProcessor = new DefaultJWTProcessor<>(); + jwtProcessor.setJWTClaimsSetAwareJWSKeySelector(keySelector); + return jwtProcessor; + } + + + @Bean + JwtDecoder jwtDecoder(JWTProcessor jwtProcessor, OAuth2TokenValidator jwtValidator) { + + NimbusJwtDecoder decoder = new NimbusJwtDecoder(jwtProcessor); + OAuth2TokenValidator validator = new DelegatingOAuth2TokenValidator<>(JwtValidators.createDefault(), jwtValidator); + decoder.setJwtValidator(validator); + return decoder; + } + + + @Bean + AuthenticationManager mockAuthenticationManager() { + + return authentication -> null; + } + + + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + + http.anonymous().disable(); + http.httpBasic().disable(); + http.csrf().disable(); + + http.oauth2ResourceServer(oauth2 -> oauth2.authenticationManagerResolver(tenantAuthenticationManagerResolver)); + http.authorizeHttpRequests().anyRequest().authenticated(); + http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS); + http.exceptionHandling().authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)); + + return http.build(); + } + + + @Bean + public WebSecurityCustomizer webSecurityCustomizer(CommonsKeyCloakProperties commonsKeyCloakProperties) { + + return (web) -> web.debug(false) + .ignoring() + .requestMatchers(commonsKeyCloakProperties.getIgnoredEndpoints().toArray(new String[0])) + .requestMatchers(HttpMethod.OPTIONS, "/**"); + } + +} diff --git a/src/main/java/com/knecon/fforesight/keycloakcommons/security/TenantAuthenticationManagerResolver.java b/src/main/java/com/knecon/fforesight/keycloakcommons/security/TenantAuthenticationManagerResolver.java new file mode 100644 index 0000000..2d727b0 --- /dev/null +++ b/src/main/java/com/knecon/fforesight/keycloakcommons/security/TenantAuthenticationManagerResolver.java @@ -0,0 +1,58 @@ +package com.knecon.fforesight.keycloakcommons.security; + +import java.util.HashMap; +import java.util.Map; +import java.util.Optional; + +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.AuthenticationManagerResolver; +import org.springframework.security.oauth2.jwt.JwtDecoders; +import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter; +import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider; +import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver; +import org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver; +import org.springframework.stereotype.Component; + +import com.knecon.fforesight.tenantcommons.TenantProvider; + +import jakarta.servlet.http.HttpServletRequest; +import lombok.RequiredArgsConstructor; + +@Component +@RequiredArgsConstructor +public class TenantAuthenticationManagerResolver implements AuthenticationManagerResolver { + + private final BearerTokenResolver resolver = new DefaultBearerTokenResolver(); + private final TenantProvider tenantProvider; + + private final Map authenticationManagers = new HashMap<>(); + + + @Override + public AuthenticationManager resolve(HttpServletRequest request) { + + return this.authenticationManagers.computeIfAbsent(toTenant(request), this::fromTenant); + } + + + private String toTenant(HttpServletRequest request) { + + return TokenUtils.toTenant(this.resolver.resolve(request)); + } + + + private AuthenticationManager fromTenant(String tenant) { + + return Optional.ofNullable(this.tenantProvider.getTenant(tenant)).map(tt -> + + { + var provider = new JwtAuthenticationProvider(JwtDecoders.fromIssuerLocation(tt.getAuthDetails().getIssuer())); + var converter = new JwtAuthenticationConverter(); + converter.setJwtGrantedAuthoritiesConverter(new CustomJwtAuthoritiesConverter(tt.getAuthDetails())); + provider.setJwtAuthenticationConverter(converter); + return provider; + }).orElseThrow(() -> new IllegalArgumentException("unknown tenant"))::authenticate; + } + +} + diff --git a/src/main/java/com/knecon/fforesight/keycloakcommons/security/TenantJWSKeySelector.java b/src/main/java/com/knecon/fforesight/keycloakcommons/security/TenantJWSKeySelector.java new file mode 100644 index 0000000..ed86313 --- /dev/null +++ b/src/main/java/com/knecon/fforesight/keycloakcommons/security/TenantJWSKeySelector.java @@ -0,0 +1,62 @@ +package com.knecon.fforesight.keycloakcommons.security; + +import java.net.URL; +import java.security.Key; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import java.util.concurrent.ConcurrentHashMap; + +import org.springframework.stereotype.Component; + +import com.knecon.fforesight.tenantcommons.TenantProvider; +import com.nimbusds.jose.JWSHeader; +import com.nimbusds.jose.KeySourceException; +import com.nimbusds.jose.proc.JWSAlgorithmFamilyJWSKeySelector; +import com.nimbusds.jose.proc.JWSKeySelector; +import com.nimbusds.jose.proc.SecurityContext; +import com.nimbusds.jwt.JWTClaimsSet; +import com.nimbusds.jwt.proc.JWTClaimsSetAwareJWSKeySelector; + +import lombok.RequiredArgsConstructor; + +@Component +@RequiredArgsConstructor +public class TenantJWSKeySelector implements JWTClaimsSetAwareJWSKeySelector { + + private final TenantProvider tenants; + private final Map> selectors = new ConcurrentHashMap<>(); + + + @Override + public List selectKeys(JWSHeader jwsHeader, JWTClaimsSet jwtClaimsSet, SecurityContext securityContext) throws KeySourceException { + + return this.selectors.computeIfAbsent(toTenant(jwtClaimsSet), this::fromTenant).selectJWSKeys(jwsHeader, securityContext); + } + + + private String toTenant(JWTClaimsSet claimSet) { + + return TokenUtils.toTenant(claimSet); + } + + + private JWSKeySelector fromTenant(String tenant) { + + return Optional.ofNullable(this.tenants.getTenant(tenant)) + .map(t -> t.getAuthDetails().getJwksUri()) + .map(this::fromUri) + .orElseThrow(() -> new IllegalArgumentException("unknown tenant")); + } + + + private JWSKeySelector fromUri(String uri) { + + try { + return JWSAlgorithmFamilyJWSKeySelector.fromJWKSetURL(new URL(uri)); + } catch (Exception ex) { + throw new IllegalArgumentException(ex); + } + } + +} diff --git a/src/main/java/com/knecon/fforesight/keycloakcommons/security/TenantJwtIssuerValidator.java b/src/main/java/com/knecon/fforesight/keycloakcommons/security/TenantJwtIssuerValidator.java new file mode 100644 index 0000000..31fd1b8 --- /dev/null +++ b/src/main/java/com/knecon/fforesight/keycloakcommons/security/TenantJwtIssuerValidator.java @@ -0,0 +1,46 @@ +package com.knecon.fforesight.keycloakcommons.security; + +import java.util.Map; +import java.util.Optional; +import java.util.concurrent.ConcurrentHashMap; + +import org.springframework.security.oauth2.core.OAuth2TokenValidator; +import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult; +import org.springframework.security.oauth2.jwt.Jwt; +import org.springframework.security.oauth2.jwt.JwtIssuerValidator; +import org.springframework.stereotype.Component; + +import com.knecon.fforesight.tenantcommons.TenantProvider; + +import lombok.RequiredArgsConstructor; + +@Component +@RequiredArgsConstructor +public class TenantJwtIssuerValidator implements OAuth2TokenValidator { + + private final TenantProvider tenants; + private final Map validators = new ConcurrentHashMap<>(); + + + @Override + public OAuth2TokenValidatorResult validate(Jwt token) { + + return this.validators.computeIfAbsent(toTenant(token), this::fromTenant).validate(token); + } + + + private String toTenant(Jwt jwt) { + + return jwt.getIssuer().toString(); + } + + + private JwtIssuerValidator fromTenant(String tenant) { + + return Optional.ofNullable(this.tenants.getTenant(tenant)) + .map(t -> t.getAuthDetails().getIssuer()) + .map(JwtIssuerValidator::new) + .orElseThrow(() -> new IllegalArgumentException("unknown tenant")); + } + +} diff --git a/src/main/java/com/knecon/fforesight/keycloakcommons/security/TokenUtils.java b/src/main/java/com/knecon/fforesight/keycloakcommons/security/TokenUtils.java new file mode 100644 index 0000000..0fd3ee9 --- /dev/null +++ b/src/main/java/com/knecon/fforesight/keycloakcommons/security/TokenUtils.java @@ -0,0 +1,37 @@ +package com.knecon.fforesight.keycloakcommons.security; + +import com.nimbusds.jwt.JWT; +import com.nimbusds.jwt.JWTClaimsSet; +import com.nimbusds.jwt.JWTParser; + +import lombok.SneakyThrows; + +public class TokenUtils { + + @SneakyThrows + public static String toTenant(String token) { + + return toTenant(JWTParser.parse(token)); + } + + + public static String toTenant(JWT jwt) { + + try { + var claims = jwt.getJWTClaimsSet(); + return toTenant(claims); + } catch (Exception e) { + throw new IllegalArgumentException(e); + } + } + + + public static String toTenant(JWTClaimsSet claims) { + + var issuer = claims.getClaim("iss"); + var issuerString = issuer.toString(); + var realm = issuerString.substring(issuerString.lastIndexOf("/") + 1); + return realm; + } + +} diff --git a/src/main/java/com/knecon/fforesight/keycloakcommons/security/properties/CommonsKeyCloakProperties.java b/src/main/java/com/knecon/fforesight/keycloakcommons/security/properties/CommonsKeyCloakProperties.java new file mode 100644 index 0000000..4b47fd7 --- /dev/null +++ b/src/main/java/com/knecon/fforesight/keycloakcommons/security/properties/CommonsKeyCloakProperties.java @@ -0,0 +1,27 @@ +package com.knecon.fforesight.keycloakcommons.security.properties; + +import java.util.ArrayList; +import java.util.List; + +import org.springframework.boot.context.properties.ConfigurationProperties; + +import lombok.Data; + +@Data +@ConfigurationProperties("commons.keycloak") +public class CommonsKeyCloakProperties { + + private String serverUrl; + private String realm; + private String applicationClientId; + private String clientId; + private String clientSecret; + private String basePath = "/"; + private List ignoredEndpoints = new ArrayList<>(); + private int connectionPoolSize = 10; + private String applicationName; + private Integer tenantAccessTokenLifeSpan = 300; + private String defaultTheme = "fforesight"; + private List validRedirectUris = new ArrayList<>(); + +} diff --git a/src/main/resources/META-INF/spring.factories b/src/main/resources/META-INF/spring.factories new file mode 100644 index 0000000..b8fbe22 --- /dev/null +++ b/src/main/resources/META-INF/spring.factories @@ -0,0 +1 @@ +org.springframework.boot.autoconfigure.EnableAutoConfiguration=com.knecon.fforesight.keycloakcommons.DefaultKeyCloakCommonsAutoConfiguration diff --git a/src/test/java/com/knecon/fforesight/keycloakcommons/KeycloakCommonsApplicationTests.java b/src/test/java/com/knecon/fforesight/keycloakcommons/KeycloakCommonsApplicationTests.java new file mode 100644 index 0000000..38349a0 --- /dev/null +++ b/src/test/java/com/knecon/fforesight/keycloakcommons/KeycloakCommonsApplicationTests.java @@ -0,0 +1,14 @@ +package com.knecon.fforesight.keycloakcommons; + +import org.junit.jupiter.api.Test; +import org.springframework.boot.test.context.SpringBootTest; + +@SpringBootTest +class KeycloakCommonsApplicationTests { + + @Test + void contextLoads() { + + } + +}