Merge with master.

README.md

@@ -18,25 +18,26 @@ https://localhost:8443/
 
 ## Configuration setup hints
 
-This back-end is only functional if an application.properties file is added to ```/src/main/resources```.
+This back-end is only functional if an `application.properties` file is added to */src/main/resources*.
 This file should contain at least the following:
 
 ```
-springfox.documentation.swagger.v2.path=/api-docs
+# authentication
+spring.security.enable-basic={true,false}
+spring.security.enable-keycloak={true,false}
 
 spring.jackson.date-format=org.openeo.spring.RFC3339DateFormat
 spring.jackson.serialization.WRITE_DATES_AS_TIMESTAMPS=false
 spring.h2.console.enabled=true
 spring.h2.console.settings.web-allow-others=true
-spring.autoconfigure.exclude = org.keycloak.adapters.springboot.KeycloakAutoConfiguration
-spring.datasource.jdbc=jdbc:h2:/path/to/openeo.db;DB_CLOSE_DELAY=-1
-spring.datasource.username=my_username
-spring.datasource.initialization-mode
-spring.security.filter.order=5
 
 server.tomcat.port=8081
 server.port=8443
 
+spring.datasource.jdbc=jdbc:h2:/path/to/openeo.db;DB_CLOSE_DELAY=-1
+spring.datasource.username=my_username
+spring.datasource.initialization-mode
+
 server.ssl.key-store-type=PKCS12
 server.ssl.key-store=classpath:my_keystore.p12
 server.ssl.key-store-password=my_keystore_password
@@ -95,31 +96,28 @@ org.openeo.udf.candela.endpoint=http://my_openeo_candela_service.url
 org.openeo.udf.r.endpoint=http://my_openeo_R_udf_service.url
 org.openeo.udf.dir=/my/udf/working/directory/
 org.openeo.udf.importscript=/my/udf/import/script/import_udf.sh
+
+spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration
 ```
 
-Further files needed are for connection with keycloak: `keycloak.json`
+Further files needed are for authentication management through an external Keycloak server.
+The `keycloak.properties`:
 
 ```
-{
-	"realm": "my_realm",
-	"auth-server-url": "https://my_keycloak.url/auth",
-	"ssl-required": "external",
-	"resource": "my_client_id",
-	"verify-token-audience": false,
-	"credentials": {
-		"secret": "my_secret"
-	},
-	"use-resource-role-mappings": true,
-	"confidential-port": 0,
-	"policy-enforcer": {
-		"enforcement-mode" : "PERMISSIVE",
-		"claim-information-point": {
-			"claims": {
-				"claim-from-relativePath": "{request.relativePath}"
-			}
-		}
-	}
-}
+spring.security.oauth2.client.registration.keycloak.client-id=openEO
+spring.security.oauth2.client.registration.keycloak.client-secret={{secret}}
+spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code
+spring.security.oauth2.client.registration.keycloak.scope=openid
+
+# OpenID Connect (OIDC)
+spring.security.oauth2.client.provider.keycloak.issuer-uri=https://my_keycloak.url/auth/realms/my_realm
+spring.security.oauth2.client.provider.keycloak.user-name-attribute=preferred_username
+
+# OAUTH2-JWT token
+spring.security.oauth2.resourceserver.jwt.issuer-uri=https://my_keycloak.url/auth/realms/my_realm
+
+# openEO credentials
+org.openeo.oidc.providers.list=classpath:oidc_providers.json
 ```
 
 and for the support of default client id configuration: `oidc_providers.json`
@@ -160,6 +158,16 @@ and for the support of default client id configuration: `oidc_providers.json`
 }
 ```
 
+For internal basic authentication instead, a bearer token issuer configuration file shall also be created: ``jwt.properties``
+
+```
+jwt.secret={{secret-hash}}
+jwt.issuer=ACME Srl
+jwt.type=JWT
+jwt.audience=openEO
+jwt.exp-minutes={{N}}
+```
+
 ## Logging
 
 All logging can be controlled through **log4j2**.

pom.xml

@@ -1,36 +1,48 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0"
 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.openeo</groupId>
 	<artifactId>openeo-spring-driver</artifactId>
 	<packaging>jar</packaging>
 	<name>openeo-spring-driver</name>
-	<version>1.0.0</version>
+	<version>1.1.0</version>
+
+    <parent>
+		<groupId>org.springframework.boot</groupId>
+		<artifactId>spring-boot-starter-parent</artifactId>
+		<version>2.6.1</version>
+		<!--
+		  2.5.1  ->  Spring Framework v5.3.8
+		  2.5.1  ->  Spring Security  v5.5.0
+		  
+		  2.6.1  ->  Spring Framework v5.3.13
+		  2.6.1  ->  Spring Security  v5.6.0
+		  
+		  See : https://repo1.maven.org/maven2/org/springframework/boot/spring-boot-dependencies/2.5.1/spring-boot-dependencies-2.5.1.pom 
+		-->
+	</parent>
+
 	<properties>
 		<java.version>11</java.version>
 		<maven.compiler.source>${java.version}</maven.compiler.source>
 		<maven.compiler.target>${java.version}</maven.compiler.target>
 		<springfox-version>3.0.0</springfox-version>
-		<springdoc-version>1.4.6</springdoc-version>
-		<gdal.path>/usr/share/java/gdal.jar</gdal.path>
-		<gdal.version>3.1.0</gdal.version>
+		<springdoc-version>1.5.13</springdoc-version>
+		<!--gdal.path>/usr/share/java/gdal.jar</gdal.path-->
+		<gdal.version>3.4.0</gdal.version>
 		<netcdfJavaVersion>5.2.0</netcdfJavaVersion>
 		<log4JVersion>2.17.0</log4JVersion>
 		<commonsio.version>2.8.0</commonsio.version>
-		<json.version>20200518</json.version>
+		<json.version>20230618</json.version>
 		<keycloak.version>12.0.4</keycloak.version>
 		<tomcat.dbcp.version>9.0.37</tomcat.dbcp.version>
 		<jackson.nullable.version>0.2.1</jackson.nullable.version>
-		<spring.security.version>5.5.1</spring.security.version>
-		<spring.test.version>2.7.4</spring.test.version>
+		<jjwt.version>0.11.5</jjwt.version>
 		<maven.test.skip>false</maven.test.skip>
 	</properties>
-	<parent>
-		<groupId>org.springframework.boot</groupId>
-		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>2.5.1</version>
-	</parent>
+
 	<build>
 		<sourceDirectory>src/main/java</sourceDirectory>
 		<plugins>
@@ -75,20 +87,11 @@
 					<outputDir>${project.build.directory}</outputDir>
 				</configuration>
 			</plugin>
-			<!--plugin>
-			    <artifactId>maven-surefire-plugin</artifactId>
-			    <executions>
-					<execution>
-						<phase>test</phase>
-						<goals>
-							<goal>test</goal>
-						</goals>
-					</execution>
-				</executions>
-            </plugin-->
 		</plugins>
 	</build>
+
 	<dependencies>
+		<!-- Spring Boot -->
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>
@@ -115,6 +118,41 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-security</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-devtools</artifactId>
+			<scope>runtime</scope>
+			<optional>true</optional>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-test</artifactId>
+			<scope>test</scope>
+			<exclusions>
+				<!-- JsonObject implementation selection --> 
+				<exclusion>
+					<groupId>com.vaadin.external.google</groupId>
+					<artifactId>android-json</artifactId>
+			    </exclusion>
+			    <!-- Force Junit 5 -->
+			    <exclusion>
+					<groupId>junit</groupId>
+					<artifactId>junit</artifactId>
+		        </exclusion>
+			</exclusions>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-test</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.junit.jupiter</groupId>
+			<artifactId>junit-jupiter-api</artifactId>
+		    <scope>test</scope>
+		</dependency>
+
+        <!-- deprecated Keycloak adapters --> 
 		<dependency>
 			<groupId>org.keycloak</groupId>
 			<artifactId>keycloak-spring-security-adapter</artifactId>
@@ -125,21 +163,40 @@
 			<artifactId>keycloak-authz-client</artifactId>
 			<version>${keycloak.version}</version>
 		</dependency>
+
+		<!-- 
+		    Spring Boot - OAuth2 libraries
+		    @see https://www.baeldung.com/spring-boot-keycloak
+		-->
 		<dependency>
-			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-core</artifactId>
-			<version>${spring.security.version}</version>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-web</artifactId>
-			<version>${spring.security.version}</version>
-		</dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-oauth2-client</artifactId>
+	    </dependency>
 		<dependency>
-			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-config</artifactId>
-			<version>${spring.security.version}</version>
-		</dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
+	    </dependency>
+
+	    <!-- JWT (Bearer Token) Dependencies -->
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-api</artifactId>
+            <version>${jjwt.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-impl</artifactId>
+            <version>${jjwt.version}</version>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>io.jsonwebtoken</groupId>
+            <artifactId>jjwt-jackson</artifactId>
+            <version>${jjwt.version}</version>
+            <scope>runtime</scope>
+        </dependency>
+
+	    <!-- Spring Misc -->
 		<dependency>
 			<groupId>org.springdoc</groupId>
 			<artifactId>springdoc-openapi-ui</artifactId>
@@ -148,8 +205,10 @@
 		<dependency>
 			<groupId>io.springfox</groupId>
 			<artifactId>springfox-boot-starter</artifactId>
-			<version>3.0.0</version>
+			<version>${springfox-version}</version>
 		</dependency>
+
+		<!-- Misc -->
 		<dependency>
 			<groupId>com.fasterxml.jackson.datatype</groupId>
 			<artifactId>jackson-datatype-jsr310</artifactId>
@@ -190,12 +249,6 @@
 			<artifactId>json</artifactId>
 			<version>${json.version}</version>
 		</dependency>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-devtools</artifactId>
-			<scope>runtime</scope>
-			<optional>true</optional>
-		</dependency>
 		<dependency>
 			<groupId>org.hibernate</groupId>
 			<artifactId>hibernate-core</artifactId>
@@ -219,18 +272,8 @@
 			<artifactId>log4j2-ecs-layout</artifactId>
 			<version>1.2.0</version>
 		</dependency>
-	    <dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-test</artifactId>
-			<version>${spring.test.version}</version>  
-			<scope>test</scope>
-		</dependency>
-		<!--dependency>
-		    <groupId>org.junit.jupiter</groupId>
-		    <artifactId>junit-jupiter-engine</artifactId>
-		    <scope>test</scope>
-        </dependency-->			
 	</dependencies>
+
 	<dependencyManagement>
 		<dependencies>
 			<dependency>
@@ -242,6 +285,7 @@
 			</dependency>
 		</dependencies>
 	</dependencyManagement>
+
 	<repositories>
 		<repository>
 			<id>unidata-all</id>
@@ -254,4 +298,5 @@
 			<url>http://oss.jfrog.org/artifactory/oss-snapshot-local/</url>
 		</repository>
 	</repositories>
+
 </project>

src/main/java/org/openeo/spring/ApiFilter.java

@@ -20,32 +20,30 @@ public class ApiFilter extends OncePerRequestFilter {
 	@Override
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) 
     		throws IOException, ServletException {
-        HttpServletResponse res = (HttpServletResponse) response;
-        HttpServletRequest req = (HttpServletRequest) request;
+
+        HttpServletResponse res = response;
+        HttpServletRequest req = request;
         log.debug("Filter: URL" + " called: "+req.getRequestURL().toString());
-        Enumeration<String> headerEnum = req.getHeaderNames();
+
+        Enumeration<String> headerEnum = req.getHeaderNames();        
         while(headerEnum.hasMoreElements()) {
         	String headerName = headerEnum.nextElement();
         	log.trace(headerName + " = " + req.getHeader(headerName));
         }
+
         String clientIp = req.getHeader("Origin");
         if(clientIp == null) {
-        	clientIp = req.getHeader("X-Forwarded-For");
-        	if(clientIp == null) {
-	        	clientIp = request.getRemoteHost();
-	        	log.debug("Got direct request from the following client: " + clientIp);
-        	}else {
-        		log.debug("Got proxy forwared request from the following client: " + clientIp);
-        	}
-        }else {
-        	log.debug("Got request from the following js client: " + clientIp);
-        }        
-        res.addHeader("Access-Control-Allow-Origin", clientIp);
-        res.addHeader("Access-Control-Allow-Methods", "OPTIONS, GET, POST, DELETE, PUT, PATCH");
-        res.addHeader("Access-Control-Allow-Headers", "origin, content-type, accept, authorization");
-        res.addHeader("Access-Control-Allow-Credentials", "true");
-        res.addHeader("Access-Control-Expose-Headers", "Location, OpenEO-Identifier, OpenEO-Costs");
+            clientIp = req.getHeader("X-Forwarded-For");
+            if(clientIp == null) {
+                clientIp = request.getRemoteHost();
+                log.debug("Got direct request from the following client: " + clientIp);
+            } else {
+                log.debug("Got proxy forwared request from the following client: " + clientIp);
+            }
+        } else {
+            log.debug("Got request from the following js client: " + clientIp);
+        }
+
         chain.doFilter(request, response);
     }
-
 }