Merge pull request #19 from PatternAtlas/ba-meyer-master

BA Meyer final commit

Author: mhinkie

.docker/application.properties.tpl

@@ -15,7 +15,9 @@ spring.jpa.properties.hibernate.show_sql=true
 spring.jpa.properties.hibernate.format_sql=true
 spring.jpa.properties.hibernate.use_sql_comments=true
 spring.jpa.properties.hibernate.enable_lazy_load_no_trans=true
-spring.liquibase.enabled={{default .Env.PATTERN_ATLAS_FETCH_INITIAL_DATA "false"}}
+spring.liquibase.enabled=true
+spring.liquibase.change-log=file:patternatlas.xml
 spring.liquibase.password={{.Env.DB_INIT_PASSWORD}}
 spring.liquibase.user={{.Env.DB_INIT_USER}}
-spring.liquibase.url=jdbc:postgresql://{{.Env.JDBC_DATABASE_URL}}:{{.Env.JDBC_DATABASE_PORT}}/{{.Env.JDBC_DATABASE_NAME}}
+spring.liquibase.url=jdbc:postgresql://{{.Env.JDBC_DATABASE_URL}}:{{.Env.JDBC_DATABASE_PORT}}/{{.Env.JDBC_DATABASE_NAME}}
+security.oauth2.resource.jwk.key-set-uri={{.Env.JWK_URI}}

.docker/docker-compose.yml

@@ -0,0 +1,15 @@
+version: '3'
+services:
+  db:
+    image: postgres:10
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_DB: postgres
+    ports:
+      - "5432:5432"
+    networks:
+      - default
+networks:
+  default:
+    driver: bridge

.gitignore

@@ -1,3 +1,4 @@
+
 HELP.md
 target/
 !.mvn/wrapper/maven-wrapper.jar
@@ -30,10 +31,13 @@ build/
 ### VS Code ###
 .vscode/
 
+### MacOS File System ###
+**/.DS_STORE
+
 ### TexRendering ###
 *.png
 *.tex
 *.pdf
 *.log
 *.aux
-*.svg
+*.svg

Dockerfile

@@ -36,6 +36,8 @@ ENV JDBC_DATABASE_NAME postgres
 ENV JDBC_DATABASE_PORT 5060
 ENV HAL_EXPLORER true
 
+ENV JWK_URI "http://localhost:8080/realms/patternatlas/protocol/openid-connect/certs"
+
 RUN wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
     && tar -C /usr/local/bin -xzvf dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
     && rm dockerize-linux-amd64-$DOCKERIZE_VERSION.tar.gz

docs/dev/index.md

@@ -1,10 +1,14 @@
 # PatternAtlas Developer Guide
-This document provides an index to all development guidelines and background information of the PatternPedia.
+This document provides an index to all development guidelines and background information of the PatternAtlas.
 - [ADR](/adr) - Information on Architectural decisions can be found here
 
 ## Quick Develop
-<!---
 ### PatternPediaAuth
+PatternPediaAuth is a Spring Boot Authentication Server and it's main purpose is to give PatternAtlasAPI user management capabilities.
+This is achieved through using the OAuth 2.0 Authentication Code Flow, additionally new users can create accounts.
+It runs on Port 8081
+
+### Development
 1. Clone the repository `git clone https://github.com/PatternAtlas/pattern-pedia-auth.git`.
 2. Navigate to repository directory `cd pattern-pedia-auth/`.
 2. Build the repository 
@@ -22,8 +26,12 @@ This document provides an index to all development guidelines and background inf
 5. Insert the following commands  `docker-compose up -d`
 
 #### IntelliJ
-3. [Follow PatternPediaAPI from Step 5 pls](#step5) 
+3. [Follow PatternAtlasAPI from Step 5 pls](#step5)
 
+#### Turn authentication on/off for PatternAtlasAPI
+If you don't need the capabilities of the PatternPediaAuth server during development. You can follow the instructions in the following file 
+[Security Config file](https://github.com/PatternAtlas/pattern-atlas-api/blob/ba-meyer-master/src/main/java/io/github/patternatlas/api/config/ResourceServerConfig.java)
+to turn those off or on. An easier way will be added in a future realease.
 
 #### Default User
 During development default users are
@@ -32,9 +40,9 @@ During development default users are
 
 ### PatternAtlasAPI 
 --->
-1. Clone the repository `git clone https://github.com/PatternPedia/pattern-atlas-api.git`.
+1. Clone the repository `git clone https://github.com/PatternAtlas/pattern-atlas-api.git`.
 2. Build the repository `mvn package -DskipTests` (skiping the tests for a faster build), Java 8 required.
-3. Clone the repository `git clone https://github.com/PatternPedia/pattern-atlas-ui.git`.
+3. Clone the repository `git clone https://github.com/PatternAtlas/pattern-atlas-ui.git`.
 4. Build the repository `mvn package -DskipTests` (skiping the tests for a faster build), npm is required. (plus yarn, optionally)
 5. <a name="step5"></a>Continue your IDE setup:
     - [IntelliJ Ultimate](IntelliJ/)

pom.xml

@@ -17,6 +17,7 @@
         <java.version>1.8</java.version>
         <springdoc-ui.version>1.5.9</springdoc-ui.version>
         <spring-oauth2.version>2.5.0</spring-oauth2.version>
+        <jackson.version>2.13.2</jackson.version>
     </properties>
 
     <profiles>
@@ -137,11 +138,6 @@
 
         <!-- Swagger -->
 
-        <dependency>
-            <groupId>org.springdoc</groupId>
-            <artifactId>springdoc-openapi-ui</artifactId>
-            <version>${springdoc-ui.version}</version>
-        </dependency>
         <dependency>
             <groupId>org.springdoc</groupId>
             <artifactId>springdoc-openapi-data-rest</artifactId>
@@ -169,7 +165,17 @@
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-databind</artifactId>
-            <version>2.10.0</version>
+            <version>${jackson.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-annotations</artifactId>
+            <version>${jackson.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.core</groupId>
+            <artifactId>jackson-core</artifactId>
+            <version>${jackson.version}</version>
         </dependency>
     </dependencies>
 

src/main/java/io/github/patternatlas/api/PatternAtlasAPI.java

@@ -4,20 +4,33 @@
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.transaction.annotation.EnableTransactionManagement;
-
-import com.vladmihalcea.hibernate.type.util.Configuration;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.RestController;
 
 import io.swagger.v3.oas.annotations.OpenAPIDefinition;
 import io.swagger.v3.oas.annotations.info.Contact;
 import io.swagger.v3.oas.annotations.info.Info;
+
+import com.vladmihalcea.hibernate.type.util.Configuration;
+
 import lombok.extern.slf4j.Slf4j;
 
+import io.github.patternatlas.api.rest.controller.UserController;
+import io.github.patternatlas.api.service.IssueService;
+
 @EnableTransactionManagement
 @Slf4j
+@RestController
 @SpringBootApplication
 @OpenAPIDefinition(info = @Info(title = "pattern-atlas-api", version = "1.0", contact = @Contact(url = "https://github.com/PatternAtlas/pattern-atlas-api", name = "Pattern Atlas API")))
 public class PatternAtlasAPI implements CommandLineRunner {
 
+    @Autowired
+    private UserController userController;
+
+    @Autowired
+    private IssueService issueService;
+
     public static void main(String[] args) {
         System.setProperty(Configuration.PropertyKey.PRINT_BANNER.getKey(), Boolean.FALSE.toString());
         SpringApplication.run(PatternAtlasAPI.class, args);

src/main/java/io/github/patternatlas/api/config/Authority.java

@@ -0,0 +1,29 @@
+package io.github.patternatlas.api.config;
+
+public interface Authority {
+
+    // TODO will be phased out - after all authority checks are changed to hasResourcePermission, this file should not be
+    // needed anymore
+
+    /** Pattern */
+    String APPROVED_PATTERN_READ                    = "hasAuthority('APPROVED_PATTERN_READ')";
+    String APPROVED_PATTERN_CREATE                  = "hasAuthority('APPROVED_PATTERN_CREATE')";
+    String APPROVED_PATTERN_EDIT                    = "hasAuthority('APPROVED_PATTERN_EDIT')";
+    String APPROVED_PATTERN_DELETE                  = "hasAuthority('APPROVED_PATTERN_DELETE')";
+    String APPROVED_PATTERN_READ_ALL                = "hasAuthority('APPROVED_PATTERN_READ_ALL')";
+    String APPROVED_PATTERN_EDIT_ALL                = "hasAuthority('APPROVED_PATTERN_EDIT_ALL')";
+    String APPROVED_PATTERN_DELETE_ALL              = "hasAuthority('APPROVED_PATTERN_DELETE_ALL')";
+    /** USER */
+    String USER_READ                                = "hasAuthority('USER_READ')";
+    String USER_CREATE                              = "hasAuthority('USER_CREATE')";
+    String USER_EDIT                                = "hasAuthority('USER_EDIT')";
+    String USER_DELETE                              = "hasAuthority('USER_DELETE')";
+    String USER_READ_ALL                            = "hasAuthority('USER_READ_ALL')";
+    String USER_EDIT_ALL                            = "hasAuthority('USER_EDIT_ALL')";
+    String USER_DELETE_ALL                          = "hasAuthority('USER_DELETE_ALL')";
+    String USER_ALL                                 = "hasAuthority('USER_ALL')";
+    /** GENERAL */
+    String COMMENT                                  = "hasAuthority('COMMENT')";
+    String VOTE                                     = "hasAuthority('VOTE')";
+    String EVIDENCE                                 = "hasAuthority('EVIDENCE')";
+}

src/main/java/io/github/patternatlas/api/config/ResourceSecurityConfig.java

@@ -0,0 +1,24 @@
+package io.github.patternatlas.api.config;
+
+import io.github.patternatlas.api.security.ResourceMethodSecurityExpressionHandler;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
+
+@Configuration
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+public class ResourceSecurityConfig extends GlobalMethodSecurityConfiguration {
+
+    @Autowired
+    private ApplicationContext applicationContext;
+
+    @Override
+    protected MethodSecurityExpressionHandler createExpressionHandler() {
+        ResourceMethodSecurityExpressionHandler handler = new ResourceMethodSecurityExpressionHandler();
+        handler.setApplicationContext(applicationContext);
+        return handler;
+    }
+}

src/main/java/io/github/patternatlas/api/config/ResourceServerConfig.java

@@ -1,25 +1,31 @@
 package io.github.patternatlas.api.config;
 
+import org.springframework.boot.autoconfigure.security.oauth2.resource.JwtAccessTokenConverterConfigurer;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.Ordered;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
 import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
 import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
+import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
+import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
+import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
+import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import org.springframework.web.filter.CorsFilter;
 
+import java.util.Map;
+
 @Configuration
 @EnableResourceServer
-// START::Comment for local development with authorization
-//@EnableGlobalMethodSecurity(prePostEnabled = true)
-// END::Comment for local development with authorization
 class ResourceServerConfig extends ResourceServerConfigurerAdapter {
 
     @Override
@@ -29,17 +35,7 @@ public void configure(HttpSecurity http) throws Exception {
                 .antMatchers("/**")
                 .and()
                 .authorizeRequests()
-                .antMatchers("/swagger-ui/**").permitAll()
-                // START::Comment for local development with authorization
-//                .antMatchers(HttpMethod.GET, "/**").permitAll()
-//                .antMatchers(HttpMethod.POST, "/**").access("#oauth2.hasScope('write')")
-//                .antMatchers(HttpMethod.PUT, "/**").access("#oauth2.hasScope('write')")
-//                .antMatchers(HttpMethod.DELETE, "/**").hasAuthority("ADMIN")
-//                .anyRequest().authenticated()
-                //END::Comment for local development with authorization
-                // START::Uncomment for local development without authorization
                 .anyRequest().permitAll()
-                // END::Uncomment for local development without authorization
                 .and()
                 .sessionManagement()
                 .sessionCreationPolicy(SessionCreationPolicy.STATELESS);
@@ -69,4 +65,5 @@ public FilterRegistrationBean customCorsFilter() {
         bean.setOrder(Ordered.HIGHEST_PRECEDENCE);
         return bean;
     }
+
 }