diff --git a/Dockerfile b/Dockerfile index ee3a4f589..3c2b7c7b9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM maven:3.8.1-openjdk-11 as builder +FROM maven:3.8-eclipse-temurin-21-alpine as builder WORKDIR /home @@ -38,7 +38,7 @@ WORKDIR /home/jpo-conflictvisualizer-api RUN mvn clean package -DskipTests # ENTRYPOINT ["tail", "-f", "/dev/null"] -FROM openjdk:11-jre +FROM eclipse-temurin:21-jre-alpine WORKDIR /home diff --git a/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/KeycloakConfig.java b/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/KeycloakConfig.java index cf5a73ccc..574571232 100644 --- a/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/KeycloakConfig.java +++ b/jpo-conflictvisualizer-api/src/main/java/us/dot/its/jpo/ode/api/KeycloakConfig.java @@ -1,31 +1,19 @@ package us.dot.its.jpo.ode.api; -//import org.keycloak.adapters.KeycloakConfigResolver; -//import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver; -//import org.keycloak.adapters.springsecurity.KeycloakConfiguration; -//import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider; -//import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter; import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.KeycloakBuilder; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; -import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; -import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; -import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository; +import org.springframework.security.oauth2.core.AuthenticationMethod; import org.springframework.security.oauth2.core.AuthorizationGrantType; import org.springframework.security.web.SecurityFilterChain; -import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy; -import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy; import static org.springframework.security.config.Customizer.withDefaults; @@ -73,16 +61,22 @@ private ClientRegistration keycloakClientRegistration() { .clientId(resource) .clientSecret(clientSecret) .authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE) - .redirectUri(redirectServer + "/login/oauth2/code/" + resource) .issuerUri(authServer + "/realms/" + realm) - .scope("openid") + .redirectUri(redirectServer) + .authorizationUri(authServer + "/realms/" + realm + "/protocol/openid-connect/auth") + .tokenUri(authServer + "/realms/" + realm + "/protocol/openid-connect/token") + .userInfoUri(authServer + "/realms/" + realm + "/protocol/openid-connect/userinfo") + .userInfoAuthenticationMethod(AuthenticationMethod.HEADER) .build(); } + + @Bean public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception { if(securityEnabled){ System.out.println("Running with KeyCloak Authentication"); + return httpSecurity .cors(AbstractHttpConfigurer::disable) .csrf(AbstractHttpConfigurer::disable) @@ -91,7 +85,7 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws request.anyRequest().fullyAuthenticated(); } ) - .oauth2Login(withDefaults()) + .oauth2Client(withDefaults()) .build(); }else{ System.out.println("Running without KeyCloak Authentication"); @@ -109,91 +103,21 @@ public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws -// -// -// // sets KeycloakAuthenticationProvider as an authentication provider -// // sets SimpleAuthorityMapper as the authority mapper -// @Autowired -// protected void configureGlobal(final AuthenticationManagerBuilder auth) { -// final KeycloakAuthenticationProvider provider = super.keycloakAuthenticationProvider(); -// provider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper()); -// auth.authenticationProvider(provider); -// } -// -// -// @Bean -// @Override -// protected SessionAuthenticationStrategy sessionAuthenticationStrategy() { -// -// return new NullAuthenticatedSessionStrategy(); -// } -// -// // ensure that spring boot will resolve the keycloak configuration -// // from application.yml (or application.properties) -// @Bean -// public KeycloakConfigResolver keycloakConfigResolver() { -// return new KeycloakSpringBootConfigResolver(); -// } -// -// @Bean -// public Keycloak keyCloakBuilder() { -// System.out.println("Auth Server: " + authServer); -// System.out.println("Realm: " + realm); -// System.out.println("Resource: " + resource); -// Keycloak keycloak = KeycloakBuilder.builder() -// .serverUrl(authServer) -// .grantType("password") -// .realm("master") -// .clientId("admin-cli") -// .username(username) -// .password(password) -// .build(); -// return keycloak; -// } -// -// @Override -// protected void configure(final HttpSecurity httpSecurity) throws Exception { -// super.configure(httpSecurity); -// -// if(securityEnabled){ -// System.out.println("Running with KeyCloak Authentication"); -// httpSecurity -// .cors() -// .and() -// .csrf().disable() -// .authorizeRequests() -// .requestMatchers("/**").permitAll() -// .anyRequest().fullyAuthenticated(); -// }else{ -// System.out.println("Running without KeyCloak Authentication"); -// httpSecurity -// .cors() -// .and() -// .csrf().disable() -// .authorizeRequests().anyRequest().permitAll(); -// } -// } -// -// @Override -// public void init(WebSecurity builder) throws Exception { -// -// } -// -// @Override -// public void configure(WebSecurity builder) throws Exception { -// -// } -// -// -// // This is condition allows for disabling securit -// @ConditionalOnProperty(prefix = "security", -// name = "enabled", -// havingValue = "true") -// @EnableGlobalMethodSecurity(prePostEnabled = true) -// static class Dummy { -// public Dummy(){ -// System.out.println("Initializing Security"); -// } -// -// } + @Bean + public Keycloak keyCloakBuilder() { + System.out.println("Auth Server: " + authServer); + System.out.println("Realm: " + realm); + System.out.println("Resource: " + resource); + Keycloak keycloak = KeycloakBuilder.builder() + .serverUrl(authServer) + .grantType("password") + .realm("master") + .clientId("admin-cli") + .username(username) + .password(password) + .build(); + return keycloak; + } + + } \ No newline at end of file