Merge branch 'release/5.0'

.gitignore

@@ -59,3 +59,6 @@ build/
 
 ### VS Code ###
 .vscode/
+
+### Special files
+test-em-all-external-auth.sh

docker-compose-kafka.yml

@@ -120,7 +120,21 @@ services:
   gateway:
     build: store-cloud-infra/edge-server
     ports:
-      - "8080:8080"
+      - "8443:8443"
+    environment:
+      - SPRING_PROFILES_ACTIVE=docker
+      - SERVER_SSL_KEY_STORE=file:/keystore/edge.p12
+      - SERVER_SSL_KEY_STORE_PASSWORD=password
+    volumes:
+      - $PWD/config/keystore:/keystore
+    depends_on:
+      - eureka
+    restart: on-failure
+  ## End - Edge Server definition
+
+  ## Start - Edge Server definition
+  auth-server:
+    build: store-cloud-infra/authorization-server
     environment:
       - SPRING_PROFILES_ACTIVE=docker
     depends_on:

docker-compose-partitions.yml

@@ -106,7 +106,21 @@ services:
   gateway:
     build: store-cloud-infra/edge-server
     ports:
-      - "8080:8080"
+      - "8443:8443"
+    environment:
+      - SPRING_PROFILES_ACTIVE=docker
+      - SERVER_SSL_KEY_STORE=file:/keystore/edge.p12
+      - SERVER_SSL_KEY_STORE_PASSWORD=password
+    volumes:
+      - $PWD/config/keystore:/keystore
+    depends_on:
+      - eureka
+    restart: on-failure
+  ## End - Edge Server definition
+
+  ## Start - Edge Server definition
+  auth-server:
+    build: store-cloud-infra/authorization-server
     environment:
       - SPRING_PROFILES_ACTIVE=docker
     depends_on:

docker-compose.yml

@@ -37,6 +37,7 @@ services:
   store:
     build: store-services/store-service
     environment:
+      # - SPRING_PROFILES_ACTIVE=external-OAuth-Provider
       - SPRING_PROFILES_ACTIVE=docker
     depends_on:
       - rabbitmq
@@ -54,7 +55,23 @@ services:
   gateway:
     build: store-cloud-infra/edge-server
     ports:
-      - "8080:8080"
+      - "8443:8443"
+    environment:
+      # - SPRING_PROFILES_ACTIVE=external-OAuth-Provider
+      - SPRING_PROFILES_ACTIVE=docker
+      # dynamically change certificate at run time
+      - SERVER_SSL_KEY_STORE=file:/keystore/edge.p12
+      - SERVER_SSL_KEY_STORE_PASSWORD=password
+    volumes:
+      - $PWD/config/keystore:/keystore
+    depends_on:
+      - eureka
+    restart: on-failure
+  ## End - Edge Server definition
+
+  ## Start - Edge Server definition
+  auth-server:
+    build: store-cloud-infra/authorization-server
     environment:
       - SPRING_PROFILES_ACTIVE=docker
     depends_on:

pom.xml

@@ -8,9 +8,40 @@
     <artifactId>store-aggregator</artifactId>
     <version>1.0-SNAPSHOT</version>
     <name>Springy Store Aggregator</name>
-    <description>Aggregator pom project for Springy μServices</description>
+    <description>Aggregator pom project for all Springy Store μServices</description>
     <packaging>pom</packaging>
 
+    <!-- Start - Springy Store Project Owner -->
+    <developers>
+        <developer>
+            <id>0001</id>
+            <name>Mohamed Taman</name>
+            <email>[email protected]</email>
+            <roles>
+                <role>
+                    Sr. Enterprise Architect
+                </role>
+                <role>
+                    Lead Software Architect
+                </role>
+            </roles>
+        </developer>
+    </developers>
+    <!-- End - Springy Store Project Owner -->
+    <!-- Start - Springy Store source repository -->
+    <scm>
+        <connection>https://github.com/mohamed-taman/Springy-Store-Microservices.git</connection>
+        <developerConnection>[email protected]:mohamed-taman/Springy-Store-Microservices.git</developerConnection>
+        <tag>HEAD</tag>
+    </scm>
+    <!-- End - Springy Store source repository -->
+    <!-- Start - Springy Store issue management -->
+    <issueManagement>
+        <system>GitHub</system>
+        <url>https://github.com/mohamed-taman/Springy-Store-Microservices/issues</url>
+    </issueManagement>
+    <!-- End - Springy Store issue management -->
+
     <properties>
         <maven.install.skip>true</maven.install.skip>
         <maven.deploy.skip>true</maven.deploy.skip>
@@ -28,7 +59,6 @@
         <module>store-services/store-service</module>
         <module>store-cloud-infra/eureka-server</module>
         <module>store-cloud-infra/edge-server</module>
-
-
+        <module>store-cloud-infra/authorization-server</module>
     </modules>
 </project>

store-cloud-infra/authorization-server/Dockerfile

@@ -0,0 +1,60 @@
+#### Start of builder image
+# ------------------------
+# Builder stage to prepare application for final image
+FROM openjdk:14-slim-buster as builder
+WORKDIR temp
+
+# Fatjar location, but could be set to different location from command line
+ARG JAR_FILE=target/*.jar
+
+# Copy fat jar file to current image builder
+COPY ${JAR_FILE} application.jar
+
+# Extract the jar file layers
+RUN java -Djarmode=layertools -jar --enable-preview application.jar extract
+
+# Workaround to avoid Copy command failure when directory is not exists.
+RUN test ! -d ./snapshot-dependencies \
+&& mkdir snapshot-dependencies \
+&& echo "Directory [snapshot-dependencies] created."
+
+#### End of builder stage
+
+#### Start of actual image
+# ------------------------
+# Build image based on JDK 14 base image, based on latest debian buster OS
+FROM openjdk:14-slim-buster
+VOLUME /tmp
+
+# Set image information, but could be set to different location from command line
+ARG IMAGE_VERSION="1.0-SNAPSHOT"
+ARG IMAGE_NAME="Authorization Server"
+ARG MAINTAINER="Mohamed Taman <[email protected]>"
+
+LABEL version=${IMAGE_VERSION} name=${IMAGE_NAME} maintainer=${MAINTAINER}
+
+# Limiting security access to not user root user
+RUN addgroup siriusxi && useradd -g siriusxi -ms /bin/bash taman
+
+# Setting user to current created user
+USER taman
+
+# Set working directory to application folder
+WORKDIR /home/taman/application
+
+# Copy all layers from builder stage to current image
+COPY --from=builder temp/dependencies/ ./
+COPY --from=builder temp/snapshot-dependencies/ ./
+COPY --from=builder temp/spring-boot-loader/ ./
+COPY --from=builder temp/application/ ./
+
+# Expose current server to port 9999
+EXPOSE 9999
+
+ARG JAVA_OPTS=""
+
+# Run the application with JVM configs if any
+ENTRYPOINT ["bash", "-c", \
+"java -server --enable-preview -XX:+UseContainerSupport -XX:+ShowCodeDetailsInExceptionMessages \
+-XX:+AlwaysActAsServerClassMachine -XX:+UseG1GC -XX:+UseStringDeduplication ${JAVA_OPTS} \
+org.springframework.boot.loader.JarLauncher ${0} ${@}"]

store-cloud-infra/authorization-server/pom.xml

@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>com.siriusxi.ms.store</groupId>
+        <artifactId>store-cloud-chassis</artifactId>
+        <version>1.0-SNAPSHOT</version>
+        <relativePath>../../store-base/store-cloud-chassis/pom.xml</relativePath>
+    </parent>
+
+    <groupId>com.siriusxi.cloud.infra</groupId>
+    <artifactId>auth-server</artifactId>
+    <version>0.0.1-SNAPSHOT</version>
+    <name>Authorization Server</name>
+    <description>OAuth2 Authorization Server, based on Spring boot.</description>
+    <packaging>jar</packaging>
+
+    <properties>
+        <spring.security.jwt.jose.version>5.0.0.M5</spring.security.jwt.jose.version>
+    </properties>
+
+    <dependencies>
+        <!-- Start - To register API Gateway server with Eureka Discovery Server -->
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId>
+        </dependency>
+        <!-- End - To register API Gateway server with Eureka Discovery Server -->
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.security.oauth.boot</groupId>
+            <artifactId>spring-security-oauth2-autoconfigure</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-jwt-jose</artifactId>
+            <version>${spring.security.jwt.jose.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+</project>

store-cloud-infra/authorization-server/src/main/java/com/siriusxi/cloud/infra/auth/server/AuthorizationServer.java

@@ -0,0 +1,15 @@
+package com.siriusxi.cloud.infra.auth.server;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
+
+@EnableAuthorizationServer
+@SpringBootApplication
+public class AuthorizationServer {
+
+	public static void main(String[] args) {
+		SpringApplication.run(AuthorizationServer.class, args);
+	}
+
+}

store-cloud-infra/authorization-server/src/main/java/com/siriusxi/cloud/infra/auth/server/api/IntrospectEndpoint.java

@@ -0,0 +1,47 @@
+package com.siriusxi.cloud.infra.auth.server.api;
+
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
+import org.springframework.security.oauth2.provider.endpoint.FrameworkEndpoint;
+import org.springframework.security.oauth2.provider.token.TokenStore;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * Legacy Authorization Server (spring-security-oauth2) does not support any Token Introspection
+ * endpoint.
+ *
+ * <p>This class adds ad-hoc support in order to better support the other samples in the repo.
+ */
+@FrameworkEndpoint
+class IntrospectEndpoint {
+  TokenStore tokenStore;
+
+  public IntrospectEndpoint(TokenStore tokenStore) {
+    this.tokenStore = tokenStore;
+  }
+
+  @PostMapping("/introspect")
+  @ResponseBody
+  public Map<String, Object> introspect(@RequestParam("token") String token) {
+    OAuth2AccessToken accessToken = this.tokenStore.readAccessToken(token);
+    Map<String, Object> attributes = new HashMap<>();
+    if (accessToken == null || accessToken.isExpired()) {
+      attributes.put("active", false);
+      return attributes;
+    }
+
+    OAuth2Authentication authentication = this.tokenStore.readAuthentication(token);
+
+    attributes.put("active", true);
+    attributes.put("exp", accessToken.getExpiration().getTime());
+    attributes.put("scope", String.join(" ", accessToken.getScope()));
+    attributes.put("sub", authentication.getName());
+
+    return attributes;
+  }
+}

store-cloud-infra/authorization-server/src/main/java/com/siriusxi/cloud/infra/auth/server/api/JwkSetEndpoint.java

@@ -0,0 +1,34 @@
+package com.siriusxi.cloud.infra.auth.server.api;
+
+import com.nimbusds.jose.jwk.JWKSet;
+import com.nimbusds.jose.jwk.RSAKey;
+import org.springframework.security.oauth2.provider.endpoint.FrameworkEndpoint;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+import java.security.KeyPair;
+import java.security.interfaces.RSAPublicKey;
+import java.util.Map;
+
+/**
+ * Legacy Authorization Server (spring-security-oauth2) does not support any <a href target="_blank"
+ * href="https://tools.ietf.org/html/rfc7517#section-5">JWK Set</a> endpoint.
+ *
+ * <p>This class adds ad-hoc support in order to better support the other samples in the repo.
+ */
+@FrameworkEndpoint
+class JwkSetEndpoint {
+  KeyPair keyPair;
+
+  public JwkSetEndpoint(KeyPair keyPair) {
+    this.keyPair = keyPair;
+  }
+
+  @GetMapping("/.well-known/jwks.json")
+  @ResponseBody
+  public Map<String, Object> getKey() {
+    RSAPublicKey publicKey = (RSAPublicKey) this.keyPair.getPublic();
+    RSAKey key = new RSAKey.Builder(publicKey).build();
+    return new JWKSet(key).toJSONObject();
+  }
+}