Feature/14/14 web context (with ADR) #14
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
algattik
changed the title
Izzzu
approved these changes
Jun 29, 2022
cpeeyush
reviewed
Jun 30, 2022
|
|
||
| However, for docker health check (used in `docker-compose up --wait` in CI to wait until containers have successfully started), we use `curl` to access the health endpoint, which is deployed in the EDC default context. Therefore, we do not want to apply our authentication filter to the `default` context, and need to introduce an additional context for the API controller. | ||
|
|
||
| It is also good practice not to expose health and management endpoints to public API. |
There was a problem hiding this comment.
nit: not to expose health endpoint to public Do you mean that we need authentication on health endpoint as well ? Because from the doc it seems like we said health endpoint is in default context and there we do not want to apply authentication.
There was a problem hiding this comment.
No, by putting it on a different port we can have that port not accessible in deployment
cpeeyush
approved these changes
Jun 30, 2022
7 tasks
cpeeyush
pushed a commit
that referenced
this pull request
Jul 18, 2022
Izzzu
added a commit
that referenced
this pull request
Jul 19, 2022
* Feature/14/14 upgrade edc (#12) * Feature/14/14 web context (with ADR) (#14) * Feature/14/14 participant did (#13) * Feature/14/14 verify JWS (with ADR) (#11) * . * . * . * . * Update ParticipantsCommandTest.java * Update ParticipantManager.java * Update ParticipantManager.java * Update action.yml * Update verify.yaml * Update JsonWebSignatureHeaderInterceptor.java * . * . * . * . * . * . * . * . * . * . * . * Update RegistrationApiClientTest.java * . * . * Update Dockerfile * Update RegistrationServiceCli.java * Update RegistrationApiClientTest.java * Update RegistrationServiceExtension.java * Update RegistrationApiCommandLineClientTest.java * Create README.md * Update README.md * Renamed executeParticipantsAdd to executeParticipantsList * add comments for headers * Update RegistrationApiClientTest.java * Squashed commit of the following: commit a8cf714 Author: Alexandre Gattiker <algattik@microsoft.com> Date: Wed Jun 29 22:02:52 2022 +0200 Update RegistrationApiClientTest.java commit 4decadc Merge: b537c9b 39471c3 Author: Alexandre Gattiker <algattik@microsoft.com> Date: Wed Jun 29 21:56:59 2022 +0200 Merge branch 'feature/14/14-web-context' into feature/14/14-verify-jws commit b537c9b Merge: 4284f1e 830cc32 Author: Alexandre Gattiker <algattik@microsoft.com> Date: Wed Jun 29 21:54:43 2022 +0200 Merge branch 'feature/14/14-participant-did' into feature/14/14-verify-jws commit 4284f1e Author: Alexandre Gattiker <algattik@microsoft.com> Date: Wed Jun 29 07:42:10 2022 +0200 . commit df33c85 Author: Alexandre Gattiker <algattik@microsoft.com> Date: Wed Jun 29 07:36:48 2022 +0200 . commit e0a92f1 Author: Alexandre Gattiker <algattik@microsoft.com> Date: Wed Jun 29 07:00:27 2022 +0200 . commit 758839b Author: Alexandre Gattiker <algattik@microsoft.com> Date: Tue Jun 28 18:28:06 2022 +0200 . commit b68e5f4 Author: Alexandre Gattiker <algattik@microsoft.com> Date: Tue Jun 28 17:49:38 2022 +0200 . commit da1682b Author: Alexandre Gattiker <algattik@microsoft.com> Date: Tue Jun 28 17:45:30 2022 +0200 . commit f486517 Author: Alexandre Gattiker <algattik@microsoft.com> Date: Tue Jun 28 17:42:17 2022 +0200 . commit a0f871e Author: Alexandre Gattiker <algattik@microsoft.com> Date: Tue Jun 28 16:06:04 2022 +0200 . commit ce92919 Merge: 8644edb a75c1c8 Author: Alexandre Gattiker <algattik@microsoft.com> Date: Tue Jun 28 16:01:13 2022 +0200 Merge branch 'feature/14-verify-jws' into feature/14/14-verify-jws commit 8644edb Author: Alexandre Gattiker <algattik@microsoft.com> Date: Tue Jun 28 15:43:41 2022 +0200 . commit 357a195 Author: Alexandre Gattiker <algattik@microsoft.com> Date: Tue Jun 28 15:00:07 2022 +0200 Update JsonWebSignatureHeaderInterceptor.java commit 5e80400 Author: Alexandre Gattiker <algattik@microsoft.com> Date: Tue Jun 28 14:49:06 2022 +0200 Update verify.yaml commit 1df6120 Author: Alexandre Gattiker <algattik@microsoft.com> Date: Tue Jun 28 14:48:44 2022 +0200 Update action.yml commit 5a7d4b2 Author: Alexandre Gattiker <algattik@microsoft.com> Date: Tue Jun 28 14:48:11 2022 +0200 Update ParticipantManager.java commit cb2ea94 Author: Alexandre Gattiker <algattik@microsoft.com> Date: Tue Jun 28 14:48:11 2022 +0200 Update ParticipantManager.java commit c2db217 Author: Alexandre Gattiker <algattik@microsoft.com> Date: Tue Jun 28 14:44:19 2022 +0200 Update ParticipantsCommandTest.java commit e6a7b37 Author: Alexandre Gattiker <algattik@microsoft.com> Date: Tue Jun 28 13:48:41 2022 +0200 . commit 68fbcd3 Author: Alexandre Gattiker <algattik@microsoft.com> Date: Wed Jun 22 23:07:00 2022 +0200 . commit d28d030 Author: Alexandre Gattiker <algattik@microsoft.com> Date: Wed Jun 22 22:57:37 2022 +0200 . commit 6049d05 Author: Alexandre Gattiker <algattik@microsoft.com> Date: Wed Jun 22 22:57:31 2022 +0200 . * . * . * . * . * Create README.md * Update README.md * Update README.md * Make integration in EDC easier * Update docs/developer/decision-records/2022-07-01-service-authentication/README.md Co-authored-by: Izabela Kulakowska <ikulakowska@microsoft.com> * Update DidJwtAuthenticationFilter.java * Improve exception messages on auth failure * Split up method logic * Update name * Use double quotes for Boolean var in docker compose yaml to avoid error * Update docs/developer/decision-records/2022-07-01-service-authentication/README.md Co-authored-by: Ophélie Le Mentec <17216799+ouphi@users.noreply.github.com> Co-authored-by: Izabela Kulakowska <ikulakowska@microsoft.com> Co-authored-by: Peeyush Chandel <555114+cpeeyush@users.noreply.github.com> Co-authored-by: Ophélie Le Mentec <17216799+ouphi@users.noreply.github.com> * Move artifact version in config * Variable renaming for clarity * Externalize verbose error response config * PR feedback Co-authored-by: Alexandre Gattiker <algattik@users.noreply.github.com> Co-authored-by: Izabela Kulakowska <ikulakowska@microsoft.com> Co-authored-by: Ophélie Le Mentec <17216799+ouphi@users.noreply.github.com> Co-authored-by: Marc Gomez <marcgomez@microsoft.com>
7 tasks
algattik
pushed a commit
that referenced
this pull request
Jul 27, 2022
* add signing config * added snapshot repo * updated version conditionals
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR changes/adds
This is an intermediate PR for Registry Service JWS validation (agera-edc/MinimumViableDataspace#14).
Deploys the Registration Service controller to a custom Jersey context (port mapping), rather than the EDC
defaultcontext.Why it does that
In the next PR we want to enforce JWS authentication for the Registration Service controller, using a JAX-RS filter.
However for docker health check (used in
docker-compose up --waitin CI to wait until containers have successfully started), we usecurlto access the health endpoint, which is deployed in the EDCdefaultcontext. Therefere, we will want to apply our JWS authentication filter to thedefaultcontext.It is anyway good practice not to expose health and management endpoints to public API.
Further notes
Linked Issue(s)
agera-edc/MinimumViableDataspace#14
Checklist
no-changelog)