diff --git a/examples/config/changes/conf/secrets/password b/examples/config/changes/conf/secrets/password index 387f307495b..5bbaf875819 100644 --- a/examples/config/changes/conf/secrets/password +++ b/examples/config/changes/conf/secrets/password @@ -1 +1 @@ -^ery$ecretP&ssword \ No newline at end of file +changeit \ No newline at end of file diff --git a/examples/config/changes/src/main/java/io/helidon/examples/config/changes/OnChangeExample.java b/examples/config/changes/src/main/java/io/helidon/examples/config/changes/OnChangeExample.java index 03b303dae5d..c771c4a9aef 100644 --- a/examples/config/changes/src/main/java/io/helidon/examples/config/changes/OnChangeExample.java +++ b/examples/config/changes/src/main/java/io/helidon/examples/config/changes/OnChangeExample.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017, 2023 Oracle and/or its affiliates. + * Copyright (c) 2017, 2024 Oracle and/or its affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -54,7 +54,7 @@ public void run() { private static void logSecrets(Config secrets) { LOGGER.info("Loaded secrets are u: " + secrets.get("username").asString().get() - + ", p: " + secrets.get("password").asString().get()); + + ", p: " + secrets.get("changeit").asString().get()); } } diff --git a/examples/config/sources/conf/secrets/password b/examples/config/sources/conf/secrets/password index 387f307495b..5bbaf875819 100644 --- a/examples/config/sources/conf/secrets/password +++ b/examples/config/sources/conf/secrets/password @@ -1 +1 @@ -^ery$ecretP&ssword \ No newline at end of file +changeit \ No newline at end of file diff --git a/examples/config/sources/src/main/java/io/helidon/examples/config/sources/DirectorySourceExample.java b/examples/config/sources/src/main/java/io/helidon/examples/config/sources/DirectorySourceExample.java index cd54b0d4fde..d058cf65e2b 100644 --- a/examples/config/sources/src/main/java/io/helidon/examples/config/sources/DirectorySourceExample.java +++ b/examples/config/sources/src/main/java/io/helidon/examples/config/sources/DirectorySourceExample.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2017, 2023 Oracle and/or its affiliates. + * Copyright (c) 2017, 2024 Oracle and/or its affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -48,9 +48,9 @@ public static void main(String... args) { System.out.println("Username: " + username); assert username.equals("libor"); - String password = secrets.get("password").asString().get(); + String password = secrets.get("changeit").asString().get(); System.out.println("Password: " + password); - assert password.equals("^ery$ecretP&ssword"); + assert password.equals("changeit"); } } diff --git a/examples/dbclient/jdbc/README.md b/examples/dbclient/jdbc/README.md index d78895e3eeb..638dd6aed5f 100644 --- a/examples/dbclient/jdbc/README.md +++ b/examples/dbclient/jdbc/README.md @@ -31,7 +31,7 @@ Instructions for Oracle can be found here: https://github.com/oracle/docker-imag MySQL can be run as a docker container with the following command: ``` -docker run --rm --name mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=root -e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=password mysql:5.7 +docker run --rm --name mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=root -e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=changeit mysql:5.7 ``` diff --git a/examples/dbclient/jdbc/src/main/resources/application.yaml b/examples/dbclient/jdbc/src/main/resources/application.yaml index 64cbce16324..cb175d49dcc 100644 --- a/examples/dbclient/jdbc/src/main/resources/application.yaml +++ b/examples/dbclient/jdbc/src/main/resources/application.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2019, 2023 Oracle and/or its affiliates. +# Copyright (c) 2019, 2024 Oracle and/or its affiliates. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -38,10 +38,10 @@ db: # MySQL configuration # # docker run --rm --name mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=root \ - # -e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=password mysql:5.7 + # -e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=changeit mysql:5.7 # url: jdbc:mysql://127.0.0.1:3306/pokemon?useSSL=false # username: user -# password: password +# password: changeit # poolName: mysql # # Oracle configuration diff --git a/examples/dbclient/jdbc/src/test/java/io/helidon/examples/dbclient/jdbc/PokemonServiceMySQLIT.java b/examples/dbclient/jdbc/src/test/java/io/helidon/examples/dbclient/jdbc/PokemonServiceMySQLIT.java index 9326f8461d6..eee51c64b23 100644 --- a/examples/dbclient/jdbc/src/test/java/io/helidon/examples/dbclient/jdbc/PokemonServiceMySQLIT.java +++ b/examples/dbclient/jdbc/src/test/java/io/helidon/examples/dbclient/jdbc/PokemonServiceMySQLIT.java @@ -35,7 +35,7 @@ class PokemonServiceMySQLIT extends AbstractPokemonServiceTest { @Container static MySQLContainer container = new MySQLContainer<>("mysql:8.0.36") .withUsername("user") - .withPassword("password") + .withPassword("changeit") .withNetworkAliases("mysql") .withDatabaseName("pokemon"); diff --git a/examples/dbclient/jdbc/src/test/resources/application-mysql-test.yaml b/examples/dbclient/jdbc/src/test/resources/application-mysql-test.yaml index d271d1a30a4..8bf82887909 100644 --- a/examples/dbclient/jdbc/src/test/resources/application-mysql-test.yaml +++ b/examples/dbclient/jdbc/src/test/resources/application-mysql-test.yaml @@ -25,7 +25,7 @@ db: source: jdbc connection: username: user - password: password + password: changeit poolName: mysql initializationFailTimeout: -1 connectionTimeout: 2000 diff --git a/examples/dbclient/pokemons/README.md b/examples/dbclient/pokemons/README.md index 58564d0f77f..807dc1ae664 100644 --- a/examples/dbclient/pokemons/README.md +++ b/examples/dbclient/pokemons/README.md @@ -67,7 +67,7 @@ For details, see http://www.h2database.com/html/cheatSheet.html MySQL: ``` docker run --rm --name mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=root \ - -e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=password mysql:5.7 + -e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=changeit mysql:5.7 ``` diff --git a/examples/dbclient/pokemons/src/test/java/io/helidon/examples/dbclient/pokemons/PokemonServiceMySQLIT.java b/examples/dbclient/pokemons/src/test/java/io/helidon/examples/dbclient/pokemons/PokemonServiceMySQLIT.java index fa79469b3d7..36d03ddc02e 100644 --- a/examples/dbclient/pokemons/src/test/java/io/helidon/examples/dbclient/pokemons/PokemonServiceMySQLIT.java +++ b/examples/dbclient/pokemons/src/test/java/io/helidon/examples/dbclient/pokemons/PokemonServiceMySQLIT.java @@ -34,7 +34,7 @@ public class PokemonServiceMySQLIT extends AbstractPokemonServiceTest { @Container static MySQLContainer container = new MySQLContainer<>("mysql:8.0.36") .withUsername("user") - .withPassword("password") + .withPassword("changeit") .withNetworkAliases("mysql") .withDatabaseName("pokemon"); diff --git a/examples/dbclient/pokemons/src/test/resources/application-mysql-test.yaml b/examples/dbclient/pokemons/src/test/resources/application-mysql-test.yaml index 0e67870a821..58e56aee301 100644 --- a/examples/dbclient/pokemons/src/test/resources/application-mysql-test.yaml +++ b/examples/dbclient/pokemons/src/test/resources/application-mysql-test.yaml @@ -26,7 +26,7 @@ db: source: jdbc connection: username: user - password: password + password: changeit poolName: "mysql" initializationFailTimeout: -1 connectionTimeout: 2000 diff --git a/examples/employee-app/src/main/java/io/helidon/examples/employee/EmployeeRepositoryImplDB.java b/examples/employee-app/src/main/java/io/helidon/examples/employee/EmployeeRepositoryImplDB.java index 5ece4d33f98..e95694c0bca 100644 --- a/examples/employee-app/src/main/java/io/helidon/examples/employee/EmployeeRepositoryImplDB.java +++ b/examples/employee-app/src/main/java/io/helidon/examples/employee/EmployeeRepositoryImplDB.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2019, 2023 Oracle and/or its affiliates. + * Copyright (c) 2019, 2024 Oracle and/or its affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -43,7 +43,7 @@ final class EmployeeRepositoryImplDB implements EmployeeRepository { String driver = "oracle.jdbc.driver.OracleDriver"; String dbUserName = config.get("app.user").asString().orElse("sys as SYSDBA"); - String dbUserPassword = config.get("app.password").asString().orElse("password"); + String dbUserPassword = config.get("app.password").asString().orElse("changeit"); String dbHostURL = config.get("app.hosturl").asString().orElse("localhost:1521/xe"); try { diff --git a/examples/microprofile/idcs/src/main/resources/application.yaml b/examples/microprofile/idcs/src/main/resources/application.yaml index ccf068a70c6..44f5084842f 100644 --- a/examples/microprofile/idcs/src/main/resources/application.yaml +++ b/examples/microprofile/idcs/src/main/resources/application.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2018, 2023 Oracle and/or its affiliates. +# Copyright (c) 2018, 2024 Oracle and/or its affiliates. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -29,7 +29,7 @@ security: # This is a nice way to be able to override this with local properties or env-vars idcs-uri: "https://tenant-id.identity.oracle.com" idcs-client-id: "client-id" - idcs-client-secret: "client-secret" + idcs-client-secret: "changeit" # Used as a base for redirects back to us frontend-uri: "http://localhost:7987" proxy-host: "if you need proxy" diff --git a/examples/microprofile/oidc/src/main/resources/application.yaml b/examples/microprofile/oidc/src/main/resources/application.yaml index 44773fcfe4c..c3def999ac2 100644 --- a/examples/microprofile/oidc/src/main/resources/application.yaml +++ b/examples/microprofile/oidc/src/main/resources/application.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2019, 2022 Oracle and/or its affiliates. +# Copyright (c) 2019, 2024 Oracle and/or its affiliates. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -23,7 +23,7 @@ security: oidc-identity-uri: "https://tenant.some-server.com/oauth2/default" # when you create a new client in identity server configuration, you should get a client id and a client secret oidc-client-id: "some client id" - oidc-client-secret: "some client secret" + oidc-client-secret: "changeit" # issuer of the tokens - identity server specific (maybe even configurable) oidc-issuer: "https://tenant.some-server.com/oauth2/default" # audience of the tokens - identity server specific (usually configurable) diff --git a/examples/microprofile/security/src/main/resources/application.yaml b/examples/microprofile/security/src/main/resources/application.yaml index bdbb4f58891..2ea4cce613c 100644 --- a/examples/microprofile/security/src/main/resources/application.yaml +++ b/examples/microprofile/security/src/main/resources/application.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2018, 2020 Oracle and/or its affiliates. +# Copyright (c) 2018, 2024 Oracle and/or its affiliates. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -27,13 +27,13 @@ security: realm: "helidon" users: - login: "jack" - password: "password" + password: "changeit" roles: ["user", "admin"] - login: "jill" - password: "password" + password: "changeit" roles: ["user"] - login: "john" - password: "password" + password: "changeit" web-server: paths: - path: "/static-cp[/{*}]" diff --git a/examples/microprofile/tls/src/main/resources/META-INF/microprofile-config.properties b/examples/microprofile/tls/src/main/resources/META-INF/microprofile-config.properties index eb65e6a917b..2c3978a78bc 100644 --- a/examples/microprofile/tls/src/main/resources/META-INF/microprofile-config.properties +++ b/examples/microprofile/tls/src/main/resources/META-INF/microprofile-config.properties @@ -1,5 +1,5 @@ # -# Copyright (c) 2020 Oracle and/or its affiliates. +# Copyright (c) 2020, 2024 Oracle and/or its affiliates. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -20,9 +20,9 @@ server.host=0.0.0.0 #Truststore setup server.tls.trust.keystore.resource.resource-path=server.p12 -server.tls.trust.keystore.passphrase=password +server.tls.trust.keystore.passphrase=changeit server.tls.trust.keystore.trust-store=true #Keystore with private key and server certificate server.tls.private-key.keystore.resource.resource-path=server.p12 -server.tls.private-key.keystore.passphrase=password +server.tls.private-key.keystore.passphrase=changeit diff --git a/examples/microprofile/tls/src/main/resources/server.p12 b/examples/microprofile/tls/src/main/resources/server.p12 index ff8e4ddfc7f..d2599833af5 100644 Binary files a/examples/microprofile/tls/src/main/resources/server.p12 and b/examples/microprofile/tls/src/main/resources/server.p12 differ diff --git a/examples/security/basic-auth-with-static-content/README.md b/examples/security/basic-auth-with-static-content/README.md index 3c5102cb598..051ca33d842 100644 --- a/examples/security/basic-auth-with-static-content/README.md +++ b/examples/security/basic-auth-with-static-content/README.md @@ -23,9 +23,9 @@ Try the application: The application starts at the `8080` port ```shell curl http://localhost:8080/public -curl -u "jill:password" http://localhost:8080/noRoles -curl -u "john:password" http://localhost:8080/user -curl -u "jack:password" http://localhost:8080/admin -curl -v -u "john:password" http://localhost:8080/deny -curl -u "jack:password" http://localhost:8080/noAuthn +curl -u "jill:changeit" http://localhost:8080/noRoles +curl -u "john:changeit" http://localhost:8080/user +curl -u "jack:changeit" http://localhost:8080/admin +curl -v -u "john:changeit" http://localhost:8080/deny +curl -u "jack:changeit" http://localhost:8080/noAuthn ``` diff --git a/examples/security/basic-auth-with-static-content/src/main/java/io/helidon/examples/security/basicauth/BasicExampleBuilderMain.java b/examples/security/basic-auth-with-static-content/src/main/java/io/helidon/examples/security/basicauth/BasicExampleBuilderMain.java index eb1d515d6e0..b3577f3a76f 100644 --- a/examples/security/basic-auth-with-static-content/src/main/java/io/helidon/examples/security/basicauth/BasicExampleBuilderMain.java +++ b/examples/security/basic-auth-with-static-content/src/main/java/io/helidon/examples/security/basicauth/BasicExampleBuilderMain.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020, 2023 Oracle and/or its affiliates. + * Copyright (c) 2020, 2024 Oracle and/or its affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -42,9 +42,9 @@ public final class BasicExampleBuilderMain { private static final Map USERS = new HashMap<>(); static { - USERS.put("jack", new MyUser("jack", "password".toCharArray(), Set.of("user", "admin"))); - USERS.put("jill", new MyUser("jill", "password".toCharArray(), Set.of("user"))); - USERS.put("john", new MyUser("john", "password".toCharArray(), Set.of())); + USERS.put("jack", new MyUser("jack", "changeit".toCharArray(), Set.of("user", "admin"))); + USERS.put("jill", new MyUser("jill", "changeit".toCharArray(), Set.of("user"))); + USERS.put("john", new MyUser("john", "changeit".toCharArray(), Set.of())); } private BasicExampleBuilderMain() { diff --git a/examples/security/basic-auth-with-static-content/src/main/resources/application.yaml b/examples/security/basic-auth-with-static-content/src/main/resources/application.yaml index a0140402389..da4d6065f24 100644 --- a/examples/security/basic-auth-with-static-content/src/main/resources/application.yaml +++ b/examples/security/basic-auth-with-static-content/src/main/resources/application.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2020, 2023 Oracle and/or its affiliates. +# Copyright (c) 2020, 2024 Oracle and/or its affiliates. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -53,11 +53,11 @@ security: realm: "helidon" users: - login: "jack" - password: "${CLEAR=password}" + password: "${CLEAR=changeit}" roles: [ "user", "admin" ] - login: "jill" - password: "${CLEAR=password}" + password: "${CLEAR=changeit}" roles: [ "user" ] - login: "john" - password: "${CLEAR=password}" + password: "${CLEAR=changeit}" roles: [ ] diff --git a/examples/security/basic-auth-with-static-content/src/test/java/io/helidon/examples/security/basicauth/BasicExampleTest.java b/examples/security/basic-auth-with-static-content/src/test/java/io/helidon/examples/security/basicauth/BasicExampleTest.java index e69f466bcd8..34874e6ab2c 100644 --- a/examples/security/basic-auth-with-static-content/src/test/java/io/helidon/examples/security/basicauth/BasicExampleTest.java +++ b/examples/security/basic-auth-with-static-content/src/test/java/io/helidon/examples/security/basicauth/BasicExampleTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020, 2023 Oracle and/or its affiliates. + * Copyright (c) 2020, 2024 Oracle and/or its affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -75,9 +75,9 @@ public void testNoRoles() { testNotAuthorized(uri); //Must be accessible with authentication - to everybody - testProtected(uri, "jack", "password", Set.of("admin", "user"), Set.of()); - testProtected(uri, "jill", "password", Set.of("user"), Set.of("admin")); - testProtected(uri, "john", "password", Set.of(), Set.of("admin", "user")); + testProtected(uri, "jack", "changeit", Set.of("admin", "user"), Set.of()); + testProtected(uri, "jill", "changeit", Set.of("user"), Set.of("admin")); + testProtected(uri, "john", "changeit", Set.of(), Set.of("admin", "user")); } @Test @@ -87,9 +87,9 @@ public void testUserRole() { testNotAuthorized(uri); //Jack and Jill allowed (user role) - testProtected(uri, "jack", "password", Set.of("admin", "user"), Set.of()); - testProtected(uri, "jill", "password", Set.of("user"), Set.of("admin")); - testProtectedDenied(uri, "john", "password"); + testProtected(uri, "jack", "changeit", Set.of("admin", "user"), Set.of()); + testProtected(uri, "jill", "changeit", Set.of("user"), Set.of("admin")); + testProtectedDenied(uri, "john", "changeit"); } @Test @@ -99,9 +99,9 @@ public void testAdminRole() { testNotAuthorized(uri); //Only jack is allowed - admin role... - testProtected(uri, "jack", "password", Set.of("admin", "user"), Set.of()); - testProtectedDenied(uri, "jill", "password"); - testProtectedDenied(uri, "john", "password"); + testProtected(uri, "jack", "changeit", Set.of("admin", "user"), Set.of()); + testProtectedDenied(uri, "jill", "changeit"); + testProtectedDenied(uri, "john", "changeit"); } @Test @@ -111,9 +111,9 @@ public void testDenyRole() { testNotAuthorized(uri); // nobody has the correct role - testProtectedDenied(uri, "jack", "password"); - testProtectedDenied(uri, "jill", "password"); - testProtectedDenied(uri, "john", "password"); + testProtectedDenied(uri, "jack", "changeit"); + testProtectedDenied(uri, "jill", "changeit"); + testProtectedDenied(uri, "john", "changeit"); } @Test diff --git a/examples/security/idcs-login/src/main/resources/application.yaml b/examples/security/idcs-login/src/main/resources/application.yaml index 892436973c5..3143f33f23b 100644 --- a/examples/security/idcs-login/src/main/resources/application.yaml +++ b/examples/security/idcs-login/src/main/resources/application.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2018, 2023 Oracle and/or its affiliates. +# Copyright (c) 2018, 2024 Oracle and/or its affiliates. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -33,7 +33,7 @@ security: # This is a nice way to be able to override this with local properties or env-vars idcs-uri: "https://your-tenant-id.identity.oracle.com" idcs-client-id: "your-client-id" - idcs-client-secret: "${CLEAR=your-client-secret}" + idcs-client-secret: "${CLEAR=changeit}" proxy-host: "" providers: - abac: diff --git a/examples/security/outbound-override/README.md b/examples/security/outbound-override/README.md index 797916cf2d8..c4692698b77 100644 --- a/examples/security/outbound-override/README.md +++ b/examples/security/outbound-override/README.md @@ -14,8 +14,8 @@ java -jar target/helidon-examples-security-outbound-override.jar Try the endpoints (port is random, shall be replaced accordingly): ```shell export PORT=35973 -curl -u "jack:password" http://localhost:${PORT}/propagate -curl -u "jack:password" http://localhost:${PORT}/override -curl -u "jill:anotherPassword" http://localhost:${PORT}/propagate -curl -u "jill:anotherPassword" http://localhost:${PORT}/override +curl -u "jack:changeit" http://localhost:${PORT}/propagate +curl -u "jack:changeit" http://localhost:${PORT}/override +curl -u "jill:changeit" http://localhost:${PORT}/propagate +curl -u "jill:changeit" http://localhost:${PORT}/override ``` diff --git a/examples/security/outbound-override/src/main/java/io/helidon/security/examples/outbound/OverrideService.java b/examples/security/outbound-override/src/main/java/io/helidon/security/examples/outbound/OverrideService.java index cf811295c91..94acb5daa6d 100644 --- a/examples/security/outbound-override/src/main/java/io/helidon/security/examples/outbound/OverrideService.java +++ b/examples/security/outbound-override/src/main/java/io/helidon/security/examples/outbound/OverrideService.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Oracle and/or its affiliates. + * Copyright (c) 2023, 2024 Oracle and/or its affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -49,7 +49,7 @@ private void override(ServerRequest req, ServerResponse res) { String result = client.get("http://localhost:" + server.port("backend") + "/hello") .property(EndpointConfig.PROPERTY_OUTBOUND_ID, "jill") - .property(EndpointConfig.PROPERTY_OUTBOUND_SECRET, "anotherPassword") + .property(EndpointConfig.PROPERTY_OUTBOUND_SECRET, "changeit") .requestEntity(String.class); res.send("You are: " + context.userName() + ", backend service returned: " + result + "\n"); diff --git a/examples/security/outbound-override/src/main/resources/backend-service.yaml b/examples/security/outbound-override/src/main/resources/backend-service.yaml index cd87aee5fdc..e40cfd46a69 100644 --- a/examples/security/outbound-override/src/main/resources/backend-service.yaml +++ b/examples/security/outbound-override/src/main/resources/backend-service.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2018, 2023 Oracle and/or its affiliates. +# Copyright (c) 2018, 2024 Oracle and/or its affiliates. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,10 +19,10 @@ security: - http-basic-auth: users: - login: "jack" - password: "password" + password: "changeit" roles: ["user", "admin"] - login: "jill" - password: "anotherPassword" + password: "changeit" roles: ["user"] web-server: defaults: diff --git a/examples/security/outbound-override/src/main/resources/client-service-jwt.yaml b/examples/security/outbound-override/src/main/resources/client-service-jwt.yaml index 9661c20a1b4..c4d11dba67a 100644 --- a/examples/security/outbound-override/src/main/resources/client-service-jwt.yaml +++ b/examples/security/outbound-override/src/main/resources/client-service-jwt.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2018, 2020 Oracle and/or its affiliates. +# Copyright (c) 2018, 2024 Oracle and/or its affiliates. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,13 +25,13 @@ security: - http-basic-auth: users: - login: "john" - password: "johnnyPassword" + password: "changeit" roles: ["admin"] - login: "jack" - password: "password" + password: "changeit" roles: ["user", "admin"] - login: "jill" - password: "anotherPassword" + password: "changeit" roles: ["user"] - jwt: allow-impersonation: true diff --git a/examples/security/outbound-override/src/main/resources/client-service.yaml b/examples/security/outbound-override/src/main/resources/client-service.yaml index 94b3924f9fb..0219ab30eeb 100644 --- a/examples/security/outbound-override/src/main/resources/client-service.yaml +++ b/examples/security/outbound-override/src/main/resources/client-service.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2018, 2020 Oracle and/or its affiliates. +# Copyright (c) 2018, 2024 Oracle and/or its affiliates. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,13 +19,13 @@ security: - http-basic-auth: users: - login: "john" - password: "johnnyPassword" + password: "changeit" roles: ["admin"] - login: "jack" - password: "password" + password: "changeit" roles: ["user", "admin"] - login: "jill" - password: "anotherPassword" + password: "changeit" roles: ["user"] outbound: - name: "propagate-all" diff --git a/examples/security/outbound-override/src/test/java/io/helidon/security/examples/outbound/OutboundOverrideExampleTest.java b/examples/security/outbound-override/src/test/java/io/helidon/security/examples/outbound/OutboundOverrideExampleTest.java index d8b1e1c5956..fabb17b179b 100644 --- a/examples/security/outbound-override/src/test/java/io/helidon/security/examples/outbound/OutboundOverrideExampleTest.java +++ b/examples/security/outbound-override/src/test/java/io/helidon/security/examples/outbound/OutboundOverrideExampleTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020, 2023 Oracle and/or its affiliates. + * Copyright (c) 2020, 2024 Oracle and/or its affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -61,7 +61,7 @@ public void testOverrideExample() { String value = client.get() .path("/override") .property(EndpointConfig.PROPERTY_OUTBOUND_ID, "jack") - .property(EndpointConfig.PROPERTY_OUTBOUND_SECRET, "password") + .property(EndpointConfig.PROPERTY_OUTBOUND_SECRET, "changeit") .requestEntity(String.class); assertThat(value, is("You are: jack, backend service returned: jill\n")); @@ -72,7 +72,7 @@ public void testPropagateExample() { String value = client.get() .path("/propagate") .property(EndpointConfig.PROPERTY_OUTBOUND_ID, "jack") - .property(EndpointConfig.PROPERTY_OUTBOUND_SECRET, "password") + .property(EndpointConfig.PROPERTY_OUTBOUND_SECRET, "changeit") .requestEntity(String.class); assertThat(value, is("You are: jack, backend service returned: jack\n")); diff --git a/examples/security/outbound-override/src/test/java/io/helidon/security/examples/outbound/OutboundOverrideJwtExampleTest.java b/examples/security/outbound-override/src/test/java/io/helidon/security/examples/outbound/OutboundOverrideJwtExampleTest.java index 9db9742c00d..d99934259de 100644 --- a/examples/security/outbound-override/src/test/java/io/helidon/security/examples/outbound/OutboundOverrideJwtExampleTest.java +++ b/examples/security/outbound-override/src/test/java/io/helidon/security/examples/outbound/OutboundOverrideJwtExampleTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021, 2023 Oracle and/or its affiliates. + * Copyright (c) 2021, 2024 Oracle and/or its affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -62,7 +62,7 @@ public void testOverrideExample() { try (Http1ClientResponse response = client.get() .path("/override") .property(EndpointConfig.PROPERTY_OUTBOUND_ID, "jack") - .property(EndpointConfig.PROPERTY_OUTBOUND_SECRET, "password") + .property(EndpointConfig.PROPERTY_OUTBOUND_SECRET, "changeit") .request()) { assertThat(response.status().code(), is(200)); @@ -77,7 +77,7 @@ public void testPropagateExample() { try (Http1ClientResponse response = client.get() .path("/propagate") .property(EndpointConfig.PROPERTY_OUTBOUND_ID, "jack") - .property(EndpointConfig.PROPERTY_OUTBOUND_SECRET, "password") + .property(EndpointConfig.PROPERTY_OUTBOUND_SECRET, "changeit") .request()) { assertThat(response.status().code(), is(200)); diff --git a/examples/security/programmatic/src/main/java/io/helidon/examples/security/programmatic/ProgrammaticSecurity.java b/examples/security/programmatic/src/main/java/io/helidon/examples/security/programmatic/ProgrammaticSecurity.java index fac90c64987..2fb76665dc3 100644 --- a/examples/security/programmatic/src/main/java/io/helidon/examples/security/programmatic/ProgrammaticSecurity.java +++ b/examples/security/programmatic/src/main/java/io/helidon/examples/security/programmatic/ProgrammaticSecurity.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, 2023 Oracle and/or its affiliates. + * Copyright (c) 2018, 2024 Oracle and/or its affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -135,7 +135,7 @@ private Subject login() { SecurityContext securityContext = CONTEXT.get(); securityContext.env(securityContext.env().derive() .path("/some/path") - .header("Authorization", buildBasic("aUser", "aPassword"))); + .header("Authorization", buildBasic("aUser", "changeit"))); AuthenticationResponse response = securityContext.atnClientBuilder().buildAndGet(); diff --git a/examples/security/vaults/src/main/resources/application.yaml b/examples/security/vaults/src/main/resources/application.yaml index 63e95c48c80..30fb258b198 100644 --- a/examples/security/vaults/src/main/resources/application.yaml +++ b/examples/security/vaults/src/main/resources/application.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2021, 2022 Oracle and/or its affiliates. +# Copyright (c) 2021, 2024 Oracle and/or its affiliates. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -51,7 +51,7 @@ security: config: path: "app/secret" key: "username" -# - name: "password" +# - name: "changeit" # provider: "oci-vault" # config: # ocid: "${oci.properties.secret-ocid}" diff --git a/examples/security/webserver-digest-auth/README.md b/examples/security/webserver-digest-auth/README.md index 4814ae232f8..bc9628e8749 100644 --- a/examples/security/webserver-digest-auth/README.md +++ b/examples/security/webserver-digest-auth/README.md @@ -23,9 +23,9 @@ The application starts on a random port, the following assumes it is `56551` ```shell export PORT=38529 curl http://localhost:${PORT}/public -curl --digest -u "jill:password" http://localhost:${PORT}/noRoles -curl --digest -u "john:password" http://localhost:${PORT}/user -curl --digest -u "jack:password" http://localhost:${PORT}/admin -curl -v --digest -u "john:password" http://localhost:${PORT}/deny -curl --digest -u "jack:password" http://localhost:${PORT}/noAuthn +curl --digest -u "jill:changeit" http://localhost:${PORT}/noRoles +curl --digest -u "john:changeit" http://localhost:${PORT}/user +curl --digest -u "jack:changeit" http://localhost:${PORT}/admin +curl -v --digest -u "john:changeit" http://localhost:${PORT}/deny +curl --digest -u "jack:changeit" http://localhost:${PORT}/noAuthn ``` diff --git a/examples/security/webserver-digest-auth/src/main/java/io/helidon/examples/security/digest/DigestExampleBuilderMain.java b/examples/security/webserver-digest-auth/src/main/java/io/helidon/examples/security/digest/DigestExampleBuilderMain.java index f12099b3b03..72a34dbefcf 100644 --- a/examples/security/webserver-digest-auth/src/main/java/io/helidon/examples/security/digest/DigestExampleBuilderMain.java +++ b/examples/security/webserver-digest-auth/src/main/java/io/helidon/examples/security/digest/DigestExampleBuilderMain.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, 2023 Oracle and/or its affiliates. + * Copyright (c) 2018, 2024 Oracle and/or its affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -48,9 +48,9 @@ public final class DigestExampleBuilderMain { private static final char[] HEX_ARRAY = "0123456789abcdef".toCharArray(); static { - USERS.put("jack", new MyUser("jack", "password".toCharArray(), Set.of("user", "admin"))); - USERS.put("jill", new MyUser("jill", "password".toCharArray(), Set.of("user"))); - USERS.put("john", new MyUser("john", "password".toCharArray(), Set.of())); + USERS.put("jack", new MyUser("jack", "changeit".toCharArray(), Set.of("user", "admin"))); + USERS.put("jill", new MyUser("jill", "changeit".toCharArray(), Set.of("user"))); + USERS.put("john", new MyUser("john", "changeit".toCharArray(), Set.of())); } private DigestExampleBuilderMain() { @@ -127,7 +127,7 @@ private static Security security() { .addAuthenticationProvider( HttpDigestAuthProvider.builder() .realm("mic") - .digestServerSecret("aPassword".toCharArray()) + .digestServerSecret("changeit".toCharArray()) .userStore(buildUserStore()), "digest-auth") .build(); diff --git a/examples/security/webserver-digest-auth/src/main/resources/application.yaml b/examples/security/webserver-digest-auth/src/main/resources/application.yaml index 6a6d762e1f4..cc933bea773 100644 --- a/examples/security/webserver-digest-auth/src/main/resources/application.yaml +++ b/examples/security/webserver-digest-auth/src/main/resources/application.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2016, 2023 Oracle and/or its affiliates. +# Copyright (c) 2016, 2024 Oracle and/or its affiliates. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -47,14 +47,14 @@ security: providers: - http-digest-auth: realm: "mic" - server-secret: "aPassword" + server-secret: "changeit" users: - login: "jack" - password: "${CLEAR=password}" + password: "${CLEAR=changeit}" roles: ["user", "admin"] - login: "jill" - password: "${CLEAR=password}" + password: "${CLEAR=changeit}" roles: ["user"] - login: "john" - password: "${CLEAR=password}" + password: "${CLEAR=changeit}" roles: [] diff --git a/examples/security/webserver-digest-auth/src/test/java/io/helidon/examples/security/digest/DigestExampleTest.java b/examples/security/webserver-digest-auth/src/test/java/io/helidon/examples/security/digest/DigestExampleTest.java index f065afb64fa..4c1aeb3fc69 100644 --- a/examples/security/webserver-digest-auth/src/test/java/io/helidon/examples/security/digest/DigestExampleTest.java +++ b/examples/security/webserver-digest-auth/src/test/java/io/helidon/examples/security/digest/DigestExampleTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, 2023 Oracle and/or its affiliates. + * Copyright (c) 2018, 2024 Oracle and/or its affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -67,9 +67,9 @@ public void testNoRoles() { testNotAuthorized(uri); //Must be accessible with authentication - to everybody - testProtected(uri, "jack", "password", Set.of("admin", "user"), Set.of()); - testProtected(uri, "jill", "password", Set.of("user"), Set.of("admin")); - testProtected(uri, "john", "password", Set.of(), Set.of("admin", "user")); + testProtected(uri, "jack", "changeit", Set.of("admin", "user"), Set.of()); + testProtected(uri, "jill", "changeit", Set.of("user"), Set.of("admin")); + testProtected(uri, "john", "changeit", Set.of(), Set.of("admin", "user")); } @Test @@ -79,9 +79,9 @@ public void testUserRole() { testNotAuthorized(uri); //Jack and Jill allowed (user role) - testProtected(uri, "jack", "password", Set.of("admin", "user"), Set.of()); - testProtected(uri, "jill", "password", Set.of("user"), Set.of("admin")); - testProtectedDenied(uri, "john", "password"); + testProtected(uri, "jack", "changeit", Set.of("admin", "user"), Set.of()); + testProtected(uri, "jill", "changeit", Set.of("user"), Set.of("admin")); + testProtectedDenied(uri, "john", "changeit"); } @Test @@ -91,9 +91,9 @@ public void testAdminRole() { testNotAuthorized(uri); //Only jack is allowed - admin role... - testProtected(uri, "jack", "password", Set.of("admin", "user"), Set.of()); - testProtectedDenied(uri, "jill", "password"); - testProtectedDenied(uri, "john", "password"); + testProtected(uri, "jack", "changeit", Set.of("admin", "user"), Set.of()); + testProtectedDenied(uri, "jill", "changeit"); + testProtectedDenied(uri, "john", "changeit"); } @Test @@ -103,9 +103,9 @@ public void testDenyRole() { testNotAuthorized(uri); // nobody has the correct role - testProtectedDenied(uri, "jack", "password"); - testProtectedDenied(uri, "jill", "password"); - testProtectedDenied(uri, "john", "password"); + testProtectedDenied(uri, "jack", "changeit"); + testProtectedDenied(uri, "jill", "changeit"); + testProtectedDenied(uri, "john", "changeit"); } @Test @@ -117,9 +117,9 @@ public void getNoAuthn() { assertThat(response.status().code(), is(403)); // doesn't matter, we are never challenged - testProtectedDenied(uri, "jack", "password"); - testProtectedDenied(uri, "jill", "password"); - testProtectedDenied(uri, "john", "password"); + testProtectedDenied(uri, "jack", "changeit"); + testProtectedDenied(uri, "jill", "changeit"); + testProtectedDenied(uri, "john", "changeit"); } } diff --git a/examples/security/webserver-signatures/README.md b/examples/security/webserver-signatures/README.md index ad8fac058fb..3fbd0d5dbb1 100644 --- a/examples/security/webserver-signatures/README.md +++ b/examples/security/webserver-signatures/README.md @@ -24,7 +24,7 @@ java -jar target/helidon-examples-security-webserver-signatures.jar Try the endpoints (port is random, shall be replaced accordingly): ```shell export PORT=34941 -curl -u "jack:password" http://localhost:${PORT}/service1 -curl -u "jill:password" http://localhost:${PORT}/service1-rsa -curl -v -u "john:password" http://localhost:${PORT}/service1 +curl -u "jack:changeit" http://localhost:${PORT}/service1 +curl -u "jill:changeit" http://localhost:${PORT}/service1-rsa +curl -v -u "john:changeit" http://localhost:${PORT}/service1 ``` diff --git a/examples/security/webserver-signatures/src/main/java/io/helidon/examples/security/signatures/SignatureExampleBuilderMain.java b/examples/security/webserver-signatures/src/main/java/io/helidon/examples/security/signatures/SignatureExampleBuilderMain.java index b139fd4348f..5b9adcbf789 100644 --- a/examples/security/webserver-signatures/src/main/java/io/helidon/examples/security/signatures/SignatureExampleBuilderMain.java +++ b/examples/security/webserver-signatures/src/main/java/io/helidon/examples/security/signatures/SignatureExampleBuilderMain.java @@ -1,6 +1,6 @@ /* - * Copyright (c) 2018, 2023 Oracle and/or its affiliates. + * Copyright (c) 2018, 2024 Oracle and/or its affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -52,9 +52,9 @@ public class SignatureExampleBuilderMain { private static final Map USERS = new HashMap<>(); static { - addUser("jack", "password", List.of("user", "admin")); - addUser("jill", "password", List.of("user")); - addUser("john", "password", List.of()); + addUser("jack", "changeit", List.of("user", "admin")); + addUser("jill", "changeit", List.of("user")); + addUser("john", "changeit", List.of()); } private SignatureExampleBuilderMain() { @@ -159,7 +159,7 @@ private static Security security2() { .addInbound(InboundClientDefinition .builder("service1-hmac") .principalName("Service1 - HMAC signature") - .hmacSecret("somePasswordForHmacShouldBeEncrypted") + .hmacSecret("changeit") .build()) .addInbound(InboundClientDefinition .builder("service1-rsa") @@ -167,7 +167,7 @@ private static Security security2() { .publicKeyConfig(Keys.builder() .keystore(k -> k .keystore(Resource.create("keystore.p12")) - .passphrase("password") + .passphrase("changeit") .certAlias("service_cert") .build()) .build()) @@ -209,7 +209,7 @@ private static OutboundTarget rsaTarget() { .privateKeyConfig(Keys.builder() .keystore(k -> k .keystore(Resource.create("keystore.p12")) - .passphrase("password") + .passphrase("changeit") .keyAlias("myPrivateKey") .build()) .build()) @@ -225,7 +225,7 @@ private static OutboundTarget hmacTarget() { OutboundTargetDefinition.class, OutboundTargetDefinition .builder("service1-hmac") - .hmacSecret("somePasswordForHmacShouldBeEncrypted") + .hmacSecret("changeit") .build()) .build(); } diff --git a/examples/security/webserver-signatures/src/main/resources/keystore.p12 b/examples/security/webserver-signatures/src/main/resources/keystore.p12 index ff2c52d6694..96df596265a 100644 Binary files a/examples/security/webserver-signatures/src/main/resources/keystore.p12 and b/examples/security/webserver-signatures/src/main/resources/keystore.p12 differ diff --git a/examples/security/webserver-signatures/src/main/resources/service1.yaml b/examples/security/webserver-signatures/src/main/resources/service1.yaml index 91b9f89bf08..7af4407c1cf 100644 --- a/examples/security/webserver-signatures/src/main/resources/service1.yaml +++ b/examples/security/webserver-signatures/src/main/resources/service1.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2016, 2020 Oracle and/or its affiliates. +# Copyright (c) 2016, 2024 Oracle and/or its affiliates. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -33,14 +33,14 @@ security: realm: "helidon" users: - login: "jack" - password: "${CLEAR=password}" + password: "${CLEAR=changeit}" roles: ["user", "admin"] - login: "jill" - # master password is "jungle", password is "password" - password: "${CLEAR=password}" + # master password is "changeit", password is "changeit" + password: "${CLEAR=changeit}" roles: ["user"] - login: "john" - password: "${CLEAR=password}" + password: "${CLEAR=changeit}" roles: [] outbound: - name: "propagate-all" @@ -52,7 +52,7 @@ security: paths: ["/service2"] signature: key-id: "service1-hmac" - hmac.secret: "${CLEAR=somePasswordForHmacShouldBeEncrypted}" + hmac.secret: "${CLEAR=changeit}" - name: "service2-rsa" hosts: ["localhost"] paths: ["/service2-rsa.*"] @@ -67,7 +67,7 @@ security: # defaults to jdk default type: "PKCS12" # password of the keystore - passphrase: "password" + passphrase: "changeit" # alias of the key to sign request key.alias: "myPrivateKey" web-server: diff --git a/examples/security/webserver-signatures/src/main/resources/service2.yaml b/examples/security/webserver-signatures/src/main/resources/service2.yaml index 0e58c9adb98..55f426a506f 100644 --- a/examples/security/webserver-signatures/src/main/resources/service2.yaml +++ b/examples/security/webserver-signatures/src/main/resources/service2.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2016, 2020 Oracle and/or its affiliates. +# Copyright (c) 2016, 2024 Oracle and/or its affiliates. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -36,7 +36,7 @@ security: keys: - key-id: "service1-hmac" principal-name: "Service1 - HMAC signature" - hmac.secret: "${CLEAR=somePasswordForHmacShouldBeEncrypted}" + hmac.secret: "${CLEAR=changeit}" - key-id: "service1-rsa" principal-name: "Service1 - RSA signature" public-key: @@ -48,7 +48,7 @@ security: # defaults to jdk default # keystore-type: "PKCS12" # password of the keystore - passphrase: "password" + passphrase: "changeit" # alias of the certificate to get public key from cert.alias: "service_cert" # Security provider - basic authentication (supports roles) @@ -56,13 +56,13 @@ security: realm: "helidon" users: - login: "jack" - password: "${CLEAR=password}" + password: "${CLEAR=changeit}" roles: [ "user", "admin" ] - login: "jill" - password: "${CLEAR=password}" + password: "${CLEAR=changeit}" roles: [ "user" ] - login: "john" - password: "${CLEAR=password}" + password: "${CLEAR=changeit}" roles: [] web-server: # Configuration of integration with web server diff --git a/examples/security/webserver-signatures/src/test/java/io/helidon/examples/security/signatures/SignatureExampleTest.java b/examples/security/webserver-signatures/src/test/java/io/helidon/examples/security/signatures/SignatureExampleTest.java index 1f86105d880..16ebbf59818 100644 --- a/examples/security/webserver-signatures/src/test/java/io/helidon/examples/security/signatures/SignatureExampleTest.java +++ b/examples/security/webserver-signatures/src/test/java/io/helidon/examples/security/signatures/SignatureExampleTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2018, 2023 Oracle and/or its affiliates. + * Copyright (c) 2018, 2024 Oracle and/or its affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -67,7 +67,7 @@ public void testService1Rsa() { private void test(String uri, Set expectedRoles, Set invalidRoles, String service) { try (Http1ClientResponse response = client.get(uri) .property(PROPERTY_OUTBOUND_ID, "jack") - .property(PROPERTY_OUTBOUND_SECRET, "password") + .property(PROPERTY_OUTBOUND_SECRET, "changeit") .request()) { assertThat(response.status().code(), is(200)); diff --git a/examples/todo-app/backend/src/main/resources/application.yaml b/examples/todo-app/backend/src/main/resources/application.yaml index cebe7db0a75..8727766ddce 100644 --- a/examples/todo-app/backend/src/main/resources/application.yaml +++ b/examples/todo-app/backend/src/main/resources/application.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2018, 2023 Oracle and/or its affiliates. +# Copyright (c) 2018, 2024 Oracle and/or its affiliates. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -31,7 +31,7 @@ cassandra: security: config: require-encryption: false - aes.insecure-passphrase: "jungle" + aes.insecure-passphrase: "changeit" provider-policy: type: "COMPOSITE" authentication: @@ -45,4 +45,4 @@ security: inbound.keys: - key-id: "frontend" principal-name: "Frontend Service" - hmac.secret: "${CLEAR=frontend2backend}" + hmac.secret: "${CLEAR=changeit}" diff --git a/examples/todo-app/backend/src/test/java/io/helidon/examples/todos/backend/BackendTests.java b/examples/todo-app/backend/src/test/java/io/helidon/examples/todos/backend/BackendTests.java index a40cc1fb6eb..e5f0316b75a 100644 --- a/examples/todo-app/backend/src/test/java/io/helidon/examples/todos/backend/BackendTests.java +++ b/examples/todo-app/backend/src/test/java/io/helidon/examples/todos/backend/BackendTests.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021, 2023 Oracle and/or its affiliates. + * Copyright (c) 2021, 2024 Oracle and/or its affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -107,7 +107,7 @@ private static Properties initCassandra() { @Test void testTodoScenario() { - String basicAuth = "Basic " + Base64.getEncoder().encodeToString("john:password".getBytes()); + String basicAuth = "Basic " + Base64.getEncoder().encodeToString("john:changeit".getBytes()); JsonObject todo = Json.createObjectBuilder() .add("title", "todo title") .build(); diff --git a/examples/todo-app/backend/src/test/resources/test-application.yaml b/examples/todo-app/backend/src/test/resources/test-application.yaml index aa071626dd7..299eed138e7 100644 --- a/examples/todo-app/backend/src/test/resources/test-application.yaml +++ b/examples/todo-app/backend/src/test/resources/test-application.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2021 Oracle and/or its affiliates. +# Copyright (c) 2021, 2024 Oracle and/or its affiliates. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -37,4 +37,4 @@ security: realm: "helidon" users: - login: "john" - password: "password" + password: "changeit" diff --git a/examples/todo-app/frontend/src/main/resources/application.yaml b/examples/todo-app/frontend/src/main/resources/application.yaml index d546b220f37..a8cbb7be070 100644 --- a/examples/todo-app/frontend/src/main/resources/application.yaml +++ b/examples/todo-app/frontend/src/main/resources/application.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2018, 2023 Oracle and/or its affiliates. +# Copyright (c) 2018, 2024 Oracle and/or its affiliates. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -39,7 +39,7 @@ services: security: config: require-encryption: false - aes.insecure-passphrase: "jungle" + aes.insecure-passphrase: "changeit" provider-policy: type: "COMPOSITE" authentication: @@ -60,4 +60,4 @@ security: hosts: [ "localhost" ] signature: key-id: "frontend" - hmac.secret: "${CLEAR=frontend2backend}" + hmac.secret: "${CLEAR=changeit}" diff --git a/examples/todo-app/frontend/src/test/java/io/helidon/examples/todos/frontend/TodoServiceTest.java b/examples/todo-app/frontend/src/test/java/io/helidon/examples/todos/frontend/TodoServiceTest.java index f6159312668..dc412ca9c37 100644 --- a/examples/todo-app/frontend/src/test/java/io/helidon/examples/todos/frontend/TodoServiceTest.java +++ b/examples/todo-app/frontend/src/test/java/io/helidon/examples/todos/frontend/TodoServiceTest.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2021, 2023 Oracle and/or its affiliates. + * Copyright (c) 2021, 2024 Oracle and/or its affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -49,7 +49,7 @@ class TodoServiceTest { private static final JsonObject TODO = Json.createObjectBuilder().add("msg", "todo").build(); - private static final String ENCODED_ID = Base64.getEncoder().encodeToString("john:password".getBytes()); + private static final String ENCODED_ID = Base64.getEncoder().encodeToString("john:changeit".getBytes()); private static final Header BASIC_AUTH = HeaderValues.create(HeaderNames.AUTHORIZATION, "Basic " + ENCODED_ID); private static URI backendUri; diff --git a/examples/todo-app/frontend/src/test/resources/application-test.yaml b/examples/todo-app/frontend/src/test/resources/application-test.yaml index 663f75ad0a5..cfc65f4c8dd 100644 --- a/examples/todo-app/frontend/src/test/resources/application-test.yaml +++ b/examples/todo-app/frontend/src/test/resources/application-test.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2021, 2023 Oracle and/or its affiliates. +# Copyright (c) 2021, 2024 Oracle and/or its affiliates. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -28,4 +28,4 @@ security: realm: "helidon" users: - login: "john" - password: "password" + password: "changeit" diff --git a/examples/webclient/standalone/src/main/resources/full-webclient-config.yaml b/examples/webclient/standalone/src/main/resources/full-webclient-config.yaml index 7eabb560ca4..e106ffd7504 100644 --- a/examples/webclient/standalone/src/main/resources/full-webclient-config.yaml +++ b/examples/webclient/standalone/src/main/resources/full-webclient-config.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2020 Oracle and/or its affiliates. +# Copyright (c) 2020, 2024 Oracle and/or its affiliates. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -66,10 +66,10 @@ client: truststore: keystore-resource-path: "path to the keystore" keystore-type: "JKS" - keystore-passphrase: "password" + keystore-passphrase: "changeit" trust-store: true client: keystore: keystore-resource-path: "path to client keystore" - keystore-passphrase: "password" + keystore-passphrase: "changeit" trust-store: true diff --git a/examples/webserver/mutual-tls/automatic-store-generator.sh b/examples/webserver/mutual-tls/automatic-store-generator.sh index e40ccfe94ab..03d7da1ca75 100644 --- a/examples/webserver/mutual-tls/automatic-store-generator.sh +++ b/examples/webserver/mutual-tls/automatic-store-generator.sh @@ -1,6 +1,6 @@ #!/bin/bash -e # -# Copyright (c) 2020 Oracle and/or its affiliates. +# Copyright (c) 2020, 2024 Oracle and/or its affiliates. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -25,54 +25,54 @@ SINGLE=true createCertificatesAndStores() { mkdir out echo 'Generating new key stores...' - keytool -genkeypair -keyalg RSA -keysize 2048 -alias root-ca -dname "CN=$NAME-CA" -validity 21650 -keystore ca.jks -storepass password -keypass password -deststoretype pkcs12 -ext KeyUsage=digitalSignature,keyEncipherment,keyCertSign -ext ExtendedKeyUsage=serverAuth,clientAuth -ext BasicConstraints=ca:true,PathLen:3 - keytool -genkeypair -keyalg RSA -keysize 2048 -alias server -dname "CN=localhost" -validity 21650 -keystore server.jks -storepass password -keypass password -deststoretype pkcs12 - keytool -genkeypair -keyalg RSA -keysize 2048 -alias client -dname "C=CZ,CN=$NAME-client,OU=Prague,O=Oracle" -validity 21650 -keystore client.jks -storepass password -keypass password -deststoretype pkcs12 + keytool -genkeypair -keyalg RSA -keysize 2048 -alias root-ca -dname "CN=$NAME-CA" -validity 21650 -keystore ca.jks -storepass changeit -keypass changeit -deststoretype pkcs12 -ext KeyUsage=digitalSignature,keyEncipherment,keyCertSign -ext ExtendedKeyUsage=serverAuth,clientAuth -ext BasicConstraints=ca:true,PathLen:3 + keytool -genkeypair -keyalg RSA -keysize 2048 -alias server -dname "CN=localhost" -validity 21650 -keystore server.jks -storepass changeit -keypass changeit -deststoretype pkcs12 + keytool -genkeypair -keyalg RSA -keysize 2048 -alias client -dname "C=CZ,CN=$NAME-client,OU=Prague,O=Oracle" -validity 21650 -keystore client.jks -storepass changeit -keypass changeit -deststoretype pkcs12 echo 'Obtaining client and server certificates...' - keytool -exportcert -keystore client.jks -storepass password -alias client -rfc -file client.cer - keytool -exportcert -keystore server.jks -storepass password -alias server -rfc -file server.cer + keytool -exportcert -keystore client.jks -storepass changeit -alias client -rfc -file client.cer + keytool -exportcert -keystore server.jks -storepass changeit -alias server -rfc -file server.cer echo 'Generating CSR for client and server...' - keytool -certreq -keystore server.jks -alias server -keypass password -storepass password -keyalg rsa -file server.csr - keytool -certreq -keystore client.jks -alias client -keypass password -storepass password -keyalg rsa -file client.csr + keytool -certreq -keystore server.jks -alias server -keypass changeit -storepass changeit -keyalg rsa -file server.csr + keytool -certreq -keystore client.jks -alias client -keypass changeit -storepass changeit -keyalg rsa -file client.csr echo 'Obtaining CA pem and key...' - keytool -importkeystore -srckeystore ca.jks -destkeystore ca.p12 -srcstoretype jks -deststoretype pkcs12 -srcstorepass password -deststorepass password - openssl pkcs12 -in ca.p12 -out ca.key -nocerts -passin pass:password -passout pass:password - openssl pkcs12 -in ca.p12 -out ca.pem -nokeys -passin pass:password -passout pass:password + keytool -importkeystore -srckeystore ca.jks -destkeystore ca.p12 -srcstoretype jks -deststoretype pkcs12 -srcstorepass changeit -deststorepass changeit + openssl pkcs12 -in ca.p12 -out ca.key -nocerts -passin pass:changeit -passout pass:changeit + openssl pkcs12 -in ca.p12 -out ca.pem -nokeys -passin pass:changeit -passout pass:changeit echo 'Signing client and server certificates...' - openssl x509 -req -in client.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out client-signed.cer -days 21650 -passin pass:password - openssl x509 -req -in server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server-signed.cer -sha256 -days 21650 -passin pass:password + openssl x509 -req -in client.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out client-signed.cer -days 21650 -passin pass:changeit + openssl x509 -req -in server.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out server-signed.cer -sha256 -days 21650 -passin pass:changeit echo 'Replacing server and client certificates with the signed ones...' - keytool -importkeystore -srckeystore client.jks -destkeystore client.p12 -srcstoretype jks -deststoretype pkcs12 -srcstorepass password -deststorepass password - openssl pkcs12 -in client.p12 -nodes -out client-private.key -nocerts -passin pass:password - openssl pkcs12 -export -in client-signed.cer -inkey client-private.key -out client-signed.p12 -name client -passout pass:password - keytool -delete -alias client -keystore client.jks -storepass password - keytool -importkeystore -srckeystore client-signed.p12 -srcstoretype PKCS12 -destkeystore client.jks -srcstorepass password -deststorepass password - keytool -importkeystore -srckeystore server.jks -destkeystore server.p12 -srcstoretype jks -deststoretype pkcs12 -srcstorepass password -deststorepass password - openssl pkcs12 -in server.p12 -nodes -out server-private.key -nocerts -passin pass:password - openssl pkcs12 -export -in server-signed.cer -inkey server-private.key -out server-signed.p12 -name server -passout pass:password - keytool -delete -alias server -keystore server.jks -storepass password - keytool -importkeystore -srckeystore server-signed.p12 -srcstoretype PKCS12 -destkeystore server.jks -srcstorepass password -deststorepass password + keytool -importkeystore -srckeystore client.jks -destkeystore client.p12 -srcstoretype jks -deststoretype pkcs12 -srcstorepass changeit -deststorepass changeit + openssl pkcs12 -in client.p12 -nodes -out client-private.key -nocerts -passin pass:changeit + openssl pkcs12 -export -in client-signed.cer -inkey client-private.key -out client-signed.p12 -name client -passout pass:changeit + keytool -delete -alias client -keystore client.jks -storepass changeit + keytool -importkeystore -srckeystore client-signed.p12 -srcstoretype PKCS12 -destkeystore client.jks -srcstorepass changeit -deststorepass changeit + keytool -importkeystore -srckeystore server.jks -destkeystore server.p12 -srcstoretype jks -deststoretype pkcs12 -srcstorepass changeit -deststorepass changeit + openssl pkcs12 -in server.p12 -nodes -out server-private.key -nocerts -passin pass:changeit + openssl pkcs12 -export -in server-signed.cer -inkey server-private.key -out server-signed.p12 -name server -passout pass:changeit + keytool -delete -alias server -keystore server.jks -storepass changeit + keytool -importkeystore -srckeystore server-signed.p12 -srcstoretype PKCS12 -destkeystore server.jks -srcstorepass changeit -deststorepass changeit echo "Importing CA cert to the client and server stores..." if [ "$SINGLE" = true ] ; then - keytool -v -trustcacerts -keystore client.jks -importcert -file ca.pem -alias root-ca -storepass password -noprompt - keytool -v -trustcacerts -keystore server.jks -importcert -file ca.pem -alias root-ca -storepass password -noprompt + keytool -v -trustcacerts -keystore client.jks -importcert -file ca.pem -alias root-ca -storepass changeit -noprompt + keytool -v -trustcacerts -keystore server.jks -importcert -file ca.pem -alias root-ca -storepass changeit -noprompt else - keytool -v -trustcacerts -keystore client-truststore.jks -importcert -file ca.pem -alias root-ca -storepass password -noprompt - keytool -v -trustcacerts -keystore server-truststore.jks -importcert -file ca.pem -alias root-ca -storepass password -noprompt + keytool -v -trustcacerts -keystore client-truststore.jks -importcert -file ca.pem -alias root-ca -storepass changeit -noprompt + keytool -v -trustcacerts -keystore server-truststore.jks -importcert -file ca.pem -alias root-ca -storepass changeit -noprompt fi echo "Changing aliases to 1..." - keytool -changealias -alias server -destalias 1 -keypass password -keystore server.jks -storepass password - keytool -changealias -alias client -destalias 1 -keypass password -keystore client.jks -storepass password + keytool -changealias -alias server -destalias 1 -keypass changeit -keystore server.jks -storepass changeit + keytool -changealias -alias client -destalias 1 -keypass changeit -keystore client.jks -storepass changeit echo "Generating requested type of stores..." if [ "$TYPE" = PKCS12 ] || [ "$TYPE" = P12 ] ; then - keytool -importkeystore -srckeystore client.jks -destkeystore out/client.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass password -deststorepass password - keytool -importkeystore -srckeystore server.jks -destkeystore out/server.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass password -deststorepass password + keytool -importkeystore -srckeystore client.jks -destkeystore out/client.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass changeit -deststorepass changeit + keytool -importkeystore -srckeystore server.jks -destkeystore out/server.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass changeit -deststorepass changeit if [ "$SINGLE" = false ] ; then - keytool -importkeystore -srckeystore server-truststore.jks -destkeystore out/server-truststore.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass password -deststorepass password - keytool -importkeystore -srckeystore client-truststore.jks -destkeystore out/client-truststore.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass password -deststorepass password + keytool -importkeystore -srckeystore server-truststore.jks -destkeystore out/server-truststore.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass changeit -deststorepass changeit + keytool -importkeystore -srckeystore client-truststore.jks -destkeystore out/client-truststore.p12 -srcstoretype JKS -deststoretype PKCS12 -srcstorepass changeit -deststorepass changeit fi else mv client.jks out/client.jks diff --git a/examples/webserver/mutual-tls/src/main/java/io/helidon/examples/webserver/mtls/ClientBuilderMain.java b/examples/webserver/mutual-tls/src/main/java/io/helidon/examples/webserver/mtls/ClientBuilderMain.java index 34c999346a6..071d64631c9 100644 --- a/examples/webserver/mutual-tls/src/main/java/io/helidon/examples/webserver/mtls/ClientBuilderMain.java +++ b/examples/webserver/mutual-tls/src/main/java/io/helidon/examples/webserver/mtls/ClientBuilderMain.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020, 2023 Oracle and/or its affiliates. + * Copyright (c) 2020, 2024 Oracle and/or its affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -55,7 +55,7 @@ static Http1Client createClient() { .keystore(store -> store .trustStore(true) .keystore(Resource.create("client.p12")) - .passphrase("password")) + .passphrase("changeit")) .build(); return Http1Client.builder() .tls(Tls.builder() diff --git a/examples/webserver/mutual-tls/src/main/java/io/helidon/examples/webserver/mtls/ServerBuilderMain.java b/examples/webserver/mutual-tls/src/main/java/io/helidon/examples/webserver/mtls/ServerBuilderMain.java index a56686c9cc5..6f1878aa1d4 100644 --- a/examples/webserver/mutual-tls/src/main/java/io/helidon/examples/webserver/mtls/ServerBuilderMain.java +++ b/examples/webserver/mutual-tls/src/main/java/io/helidon/examples/webserver/mtls/ServerBuilderMain.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020, 2023 Oracle and/or its affiliates. + * Copyright (c) 2020, 2024 Oracle and/or its affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -71,7 +71,7 @@ private static void securedSocket(WebServerConfig.Builder server, ListenerConfig .keystore(store -> store .trustStore(true) .keystore(Resource.create("server.p12")) - .passphrase("password")) + .passphrase("changeit")) .build(); socket.from(server.sockets().get("secured")) diff --git a/examples/webserver/mutual-tls/src/main/resources/application.yaml b/examples/webserver/mutual-tls/src/main/resources/application.yaml index d7ca3f52f34..959a9d9b01a 100644 --- a/examples/webserver/mutual-tls/src/main/resources/application.yaml +++ b/examples/webserver/mutual-tls/src/main/resources/application.yaml @@ -24,13 +24,13 @@ server: client-auth: "REQUIRED" trust: keystore: - passphrase: "password" + passphrase: "changeit" trust-store: true resource: resource-path: "server.p12" private-key: keystore: - passphrase: "password" + passphrase: "changeit" resource: resource-path: "server.p12" @@ -39,12 +39,12 @@ client: client-auth: "REQUIRED" trust: keystore: - passphrase: "password" + passphrase: "changeit" trust-store: true resource: resource-path: "client.p12" private-key: keystore: - passphrase: "password" + passphrase: "changeit" resource: resource-path: "client.p12" diff --git a/examples/webserver/mutual-tls/src/main/resources/client.p12 b/examples/webserver/mutual-tls/src/main/resources/client.p12 index 4eb3b8325cd..9529b6722be 100644 Binary files a/examples/webserver/mutual-tls/src/main/resources/client.p12 and b/examples/webserver/mutual-tls/src/main/resources/client.p12 differ diff --git a/examples/webserver/mutual-tls/src/main/resources/server.p12 b/examples/webserver/mutual-tls/src/main/resources/server.p12 index ff8e4ddfc7f..5fc1fba05d2 100644 Binary files a/examples/webserver/mutual-tls/src/main/resources/server.p12 and b/examples/webserver/mutual-tls/src/main/resources/server.p12 differ diff --git a/examples/webserver/observe/src/main/resources/application.yaml b/examples/webserver/observe/src/main/resources/application.yaml index f573eff012d..32fcd606c3a 100644 --- a/examples/webserver/observe/src/main/resources/application.yaml +++ b/examples/webserver/observe/src/main/resources/application.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2022, 2023 Oracle and/or its affiliates. +# Copyright (c) 2022, 2024 Oracle and/or its affiliates. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -36,7 +36,7 @@ security: - http-basic-auth: users: - login: "admin" - password: "password" + password: "changeit" roles: ["observe"] app: greeting: "Hello!" diff --git a/examples/webserver/tls/src/main/java/io/helidon/examples/webserver/tls/Main.java b/examples/webserver/tls/src/main/java/io/helidon/examples/webserver/tls/Main.java index f7a710fc1b2..88660353fb9 100644 --- a/examples/webserver/tls/src/main/java/io/helidon/examples/webserver/tls/Main.java +++ b/examples/webserver/tls/src/main/java/io/helidon/examples/webserver/tls/Main.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2020, 2023 Oracle and/or its affiliates. + * Copyright (c) 2020, 2024 Oracle and/or its affiliates. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -60,11 +60,11 @@ static void setupBuilderBased(WebServerConfig.Builder server) { .tls(tls -> tls .privateKey(key -> key .keystore(store -> store - .passphrase("password") + .passphrase("changeit") .keystore(Resource.create("server.p12")))) .privateKeyCertChain(key -> key .keystore(store -> store - .passphrase("password") + .passphrase("changeit") .keystore(Resource.create("server.p12"))))); } diff --git a/examples/webserver/tls/src/main/resources/application.yaml b/examples/webserver/tls/src/main/resources/application.yaml index fbfce40a383..dcbd7702801 100644 --- a/examples/webserver/tls/src/main/resources/application.yaml +++ b/examples/webserver/tls/src/main/resources/application.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2020, 2023 Oracle and/or its affiliates. +# Copyright (c) 2020, 2024 Oracle and/or its affiliates. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,7 +19,7 @@ config-based: tls: private-key: keystore: - passphrase: "password" + passphrase: "changeit" resource: resource-path: "server.p12" diff --git a/examples/webserver/tls/src/main/resources/server.p12 b/examples/webserver/tls/src/main/resources/server.p12 index ff8e4ddfc7f..a692efcf98d 100644 Binary files a/examples/webserver/tls/src/main/resources/server.p12 and b/examples/webserver/tls/src/main/resources/server.p12 differ