Merge branch 'DEVELOP' of ssh://git.eclipse.org:29418/openk-usermodules/org.eclipse.openk-usermodules.contactBaseData.backend
diff --git a/src/main/asciidoc/architectureDocumentation/architectureDocumentation.adoc b/src/main/asciidoc/architectureDocumentation/architectureDocumentation.adoc
index 313b619..6a79087 100644
--- a/src/main/asciidoc/architectureDocumentation/architectureDocumentation.adoc
+++ b/src/main/asciidoc/architectureDocumentation/architectureDocumentation.adoc
@@ -733,6 +733,8 @@
like the Auth'n'Auth-Modul, because the token will be out of date)
* *authNAuthService.ribbon.listOfServers* Here one can configure the base
url to the Auth'n'Auth-Service
+* *ldap.enabled* If set to "true" the ldap functionality will be enabled
+* *ldap.scheduling.enabled* (true or false) swtiches the ldap synchronisation on/off
=== CI- and CD-Components
diff --git a/src/main/java/org/eclipse/openk/contactbasedata/controller/AddressController.java b/src/main/java/org/eclipse/openk/contactbasedata/controller/AddressController.java
index 1de9cc9..37e9c06 100644
--- a/src/main/java/org/eclipse/openk/contactbasedata/controller/AddressController.java
+++ b/src/main/java/org/eclipse/openk/contactbasedata/controller/AddressController.java
@@ -52,6 +52,7 @@
}
@GetMapping("/{contactUuid}/addresses/{addressUuid}")
+ @Secured({"ROLE_KON-READER", "ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
@ApiOperation(value = "Eine bestimmte Adresse eines bestimmten Kontakts anzeigen.")
@ApiResponses(value = {
@ApiResponse(code = 404, message = "Kontaktadresse nicht gefunden."),
@@ -66,6 +67,7 @@
@PostMapping("/{contactUuid}/addresses")
+ @Secured({"ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
@ApiOperation(value = "Anlegen einer neuen Adresse")
@ApiResponses(value = {
@ApiResponse(code = 200, message = "Adresse erfolgreich angelegt"),
@@ -88,6 +90,7 @@
@PutMapping("/{contactUuid}/addresses/{addressUuid}")
+ @Secured({"ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
@ApiOperation(value = "Eine bestimmte Adresse eines bestimmten Kontakts bearbeiten.")
@ApiResponses(value = {
@ApiResponse(code = 404, message = "Adresse nicht gefunden."),
@@ -105,6 +108,7 @@
}
@DeleteMapping("{contactUuid}/addresses/{addressUuid}")
+ @Secured({"ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
@ResponseStatus(HttpStatus.OK)
@ApiOperation(value = "Eine bestimmte Adresse eines bestimmten Kontakts löschen")
@ApiResponses(value = {
diff --git a/src/main/java/org/eclipse/openk/contactbasedata/controller/AssignmentModulContactController.java b/src/main/java/org/eclipse/openk/contactbasedata/controller/AssignmentModulContactController.java
index 5694d05..119da7a 100644
--- a/src/main/java/org/eclipse/openk/contactbasedata/controller/AssignmentModulContactController.java
+++ b/src/main/java/org/eclipse/openk/contactbasedata/controller/AssignmentModulContactController.java
@@ -53,6 +53,7 @@
}
@GetMapping("/{contactUuid}/assignments/{assignmentUuid}")
+ @Secured({"ROLE_KON-READER", "ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
@ApiOperation(value = "Lesen einer Zuordnung Kontakt:Modul")
@ApiResponses(value = {
@ApiResponse(code = 404, message = "Zuordnung nicht gefunden."),
@@ -66,6 +67,7 @@
@PostMapping("/{contactUuid}/assignments")
+ @Secured({"ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
@ApiOperation(value = "Anlegen einer neuen Zuordnung Kontakt:Modul")
@ApiResponses(value = {
@ApiResponse(code = 200, message = "Zuordnung erfolgreich angelegt"),
@@ -88,6 +90,7 @@
@PutMapping("/{contactUuid}/assignments/{assignmentUuid}")
+ @Secured({"ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
@ApiOperation(value = "Ändern einer Zuordnung Kontakt:Modul")
@ApiResponses(value = {
@ApiResponse(code = 404, message = "Zuordnung nicht gefunden."),
@@ -105,6 +108,7 @@
}
@DeleteMapping("{contactUuid}/assignments/{assignmentUuid}")
+ @Secured({"ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
@ResponseStatus(HttpStatus.OK)
@ApiOperation(value = "Eine bestimmte Zuordnung eines bestimmten Kontakts löschen")
@ApiResponses(value = {
diff --git a/src/main/java/org/eclipse/openk/contactbasedata/controller/CommunicationController.java b/src/main/java/org/eclipse/openk/contactbasedata/controller/CommunicationController.java
index f425049..32d52e7 100644
--- a/src/main/java/org/eclipse/openk/contactbasedata/controller/CommunicationController.java
+++ b/src/main/java/org/eclipse/openk/contactbasedata/controller/CommunicationController.java
@@ -52,6 +52,7 @@
}
@GetMapping("/{contactUuid}/communications/{communicationUuid}")
+ @Secured({"ROLE_KON-READER", "ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
@ApiOperation(value = "Einen bestimmten Kommunikationsweg eines bestimmten Kontakts anzeigen.")
@ApiResponses(value = {
@ApiResponse(code = 404, message = "Kontaktadresse nicht gefunden."),
@@ -66,6 +67,7 @@
@PostMapping("/{contactUuid}/communications")
+ @Secured({"ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
@ApiOperation(value = "Anlegen eines neuen Kommunikationswegs")
@ApiResponses(value = {
@ApiResponse(code = 200, message = "Kommunikationsweg erfolgreich angelegt"),
@@ -88,6 +90,7 @@
@PutMapping("/{contactUuid}/communications/{communicationUuid}")
+ @Secured({"ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
@ApiOperation(value = "Einen bestimmten Kommunikationsweg eines bestimmten Kontakts bearbeiten.")
@ApiResponses(value = {
@ApiResponse(code = 404, message = "Kommunikationsweg nicht gefunden."),
@@ -105,6 +108,7 @@
}
@DeleteMapping("{contactUuid}/communications/{communicationUuid}")
+ @Secured({"ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
@ResponseStatus(HttpStatus.OK)
@ApiOperation(value = "Einen bestimmten Kommunikationsweg eines bestimmten Kontakts löschen")
@ApiResponses(value = {
diff --git a/src/main/java/org/eclipse/openk/contactbasedata/controller/ContactPersonController.java b/src/main/java/org/eclipse/openk/contactbasedata/controller/ContactPersonController.java
index 1ace3df..66977b6 100644
--- a/src/main/java/org/eclipse/openk/contactbasedata/controller/ContactPersonController.java
+++ b/src/main/java/org/eclipse/openk/contactbasedata/controller/ContactPersonController.java
@@ -28,6 +28,7 @@
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
+
import java.net.URI;
import java.util.UUID;
@@ -50,7 +51,7 @@
}
@PostMapping
- @Secured("ROLE_KON-ADMIN")
+ @Secured({"ROLE_KON-ADMIN", "ROLE_KON-WRITER"})
@ApiOperation(value = "Anlegen einer Kontaktperson")
@ApiResponses(value = {
@ApiResponse(code = 201, message = "Kontaktperson erfolgreich angelegt"),
@@ -68,7 +69,7 @@
}
@PutMapping("/{contactUuid}")
- @Secured("ROLE_KON-ADMIN")
+ @Secured({"ROLE_KON-ADMIN", "ROLE_KON-WRITER"})
@ApiOperation(value = "Ändern einer Kontaktperson")
@ApiResponses(value = {
@ApiResponse(code = 200, message = "Kontaktperson wurde aktualisiert"),
@@ -85,6 +86,7 @@
}
@DeleteMapping("/{contactUuid}")
+ @Secured({"ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
@ResponseStatus(HttpStatus.OK)
@ApiOperation(value = "Eine bestimmte Adresse eines bestimmten Kontakts löschen")
@ApiResponses(value = {
diff --git a/src/main/java/org/eclipse/openk/contactbasedata/controller/ExternalPersonController.java b/src/main/java/org/eclipse/openk/contactbasedata/controller/ExternalPersonController.java
index 6ea0938..de60063 100644
--- a/src/main/java/org/eclipse/openk/contactbasedata/controller/ExternalPersonController.java
+++ b/src/main/java/org/eclipse/openk/contactbasedata/controller/ExternalPersonController.java
@@ -67,7 +67,7 @@
}
@PostMapping
- @Secured("ROLE_KON-ADMIN")
+ @Secured({"ROLE_KON-ADMIN", "ROLE_KON-WRITER"})
@ApiOperation(value = "Anlegen einer externen Person")
@ApiResponses(value = {
@ApiResponse(code = 201, message = "externe Person erfolgreich angelegt"),
@@ -85,7 +85,7 @@
}
@PutMapping("/{contactUuid}")
- @Secured("ROLE_KON-ADMIN")
+ @Secured({"ROLE_KON-ADMIN", "ROLE_KON-WRITER"})
@ApiOperation(value = "Ändern einer externen Person")
@ApiResponses(value = {
@ApiResponse(code = 200, message = "Externe Person wurde aktualisiert"),
diff --git a/src/main/java/org/eclipse/openk/contactbasedata/controller/InternalPersonController.java b/src/main/java/org/eclipse/openk/contactbasedata/controller/InternalPersonController.java
index bd7639d..fee5cdc 100644
--- a/src/main/java/org/eclipse/openk/contactbasedata/controller/InternalPersonController.java
+++ b/src/main/java/org/eclipse/openk/contactbasedata/controller/InternalPersonController.java
@@ -73,7 +73,7 @@
}
@PostMapping
- @Secured("ROLE_KON-ADMIN")
+ @Secured({"ROLE_KON-ADMIN", "ROLE_KON-WRITER"})
@ApiOperation(value = "Anlegen einer internen Person")
@ApiResponses(value = {
@ApiResponse(code = 201, message = "interne Person erfolgreich angelegt"),
@@ -91,7 +91,7 @@
}
@PutMapping("/{contactUuid}")
- @Secured("ROLE_KON-ADMIN")
+ @Secured({"ROLE_KON-ADMIN", "ROLE_KON-WRITER"})
@ApiOperation(value = "Ändern einer internen Person")
@ApiResponses(value = {
@ApiResponse(code = 200, message = "Interne Person wurde aktualisiert"),
diff --git a/src/main/java/org/eclipse/openk/contactbasedata/controller/LdapController.java b/src/main/java/org/eclipse/openk/contactbasedata/controller/LdapController.java
index 8ceaaaa..45fc76c 100644
--- a/src/main/java/org/eclipse/openk/contactbasedata/controller/LdapController.java
+++ b/src/main/java/org/eclipse/openk/contactbasedata/controller/LdapController.java
@@ -23,6 +23,7 @@
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.annotation.Secured;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseStatus;
@@ -42,6 +43,7 @@
@ApiResponses(value = {@ApiResponse(code = 200, message = "Erfolgreich durchgeführt")})
@ResponseStatus(HttpStatus.OK)
@GetMapping( "/users")
+ @Secured({"ROLE_KON-READER", "ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
public List<LdapUser> getLdapUser() {
return ldapService.getAllLdapUsers();
}
@@ -50,6 +52,7 @@
@ApiResponses(value = {@ApiResponse(code = 200, message = "Erfolgreich durchgeführt")})
@ResponseStatus(HttpStatus.OK)
@GetMapping( "/sync")
+ @Secured({"ROLE_KON-ADMIN"})
public ResponseEntity<Object> syncLdapUser() {
ldapService.synchronizeLDAP();
return ResponseEntity.ok().build();
diff --git a/src/main/java/org/eclipse/openk/contactbasedata/controller/UserController.java b/src/main/java/org/eclipse/openk/contactbasedata/controller/UserController.java
index cb581ce..9737961 100644
--- a/src/main/java/org/eclipse/openk/contactbasedata/controller/UserController.java
+++ b/src/main/java/org/eclipse/openk/contactbasedata/controller/UserController.java
@@ -22,6 +22,7 @@
import org.eclipse.openk.contactbasedata.service.UserService;
import org.eclipse.openk.contactbasedata.viewmodel.UserModule;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.annotation.Secured;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@@ -39,6 +40,7 @@
@ApiOperation(value = "Ermitteln der UserModules vom Auth'n'Auth-Service")
@ApiResponses(value = {@ApiResponse(code = 200, message = "Erfolgreich durchgeführt")})
@GetMapping("/modules")
+ @Secured({"ROLE_KON-READER", "ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
public List<UserModule> getUserModules() {
return userService.getUserModules();
}
@@ -46,6 +48,7 @@
@ApiOperation(value = "Ermitteln der KeycloakUsers vom Auth'n'Auth-Service")
@ApiResponses(value = {@ApiResponse(code = 200, message = "Erfolgreich durchgeführt")})
@GetMapping("/keycloak-users")
+ @Secured({"ROLE_KON-READER", "ROLE_KON-WRITER", "ROLE_KON-ADMIN"})
public List<KeyCloakUser> getKeycloakUsers() {
return userService.getKeycloakUsers();
}
diff --git a/src/main/java/org/eclipse/openk/contactbasedata/service/LdapService.java b/src/main/java/org/eclipse/openk/contactbasedata/service/LdapService.java
index cc67420..f608005 100644
--- a/src/main/java/org/eclipse/openk/contactbasedata/service/LdapService.java
+++ b/src/main/java/org/eclipse/openk/contactbasedata/service/LdapService.java
@@ -1,4 +1,5 @@
package org.eclipse.openk.contactbasedata.service;
+
import lombok.extern.log4j.Log4j2;
import org.apache.commons.lang.StringUtils;
import org.eclipse.openk.contactbasedata.exceptions.NotFoundException;
@@ -26,6 +27,9 @@
@Service
public class LdapService {
+ @Value("${ldap.enabled}")
+ private Boolean ldapEnabled;
+
@Value("${ldap-sync.attribute-mapping.uid}")
private String uid;
@@ -55,8 +59,9 @@
* @return list of LdapUsers
*/
public List<LdapUser> getAllLdapUsers() {
- return ldapTemplate.search(query()
- .where("objectclass").is("person"), ldapUserAttributesMapper);
+ return ldapEnabled.booleanValue()
+ ? ldapTemplate.search(query().where("objectclass").is("person"), ldapUserAttributesMapper)
+ : new ArrayList<>();
}
/**
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index 0c70ee9..557f8a3 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -24,6 +24,8 @@
port: 10389
urls: ldap://entopkon:10389
+ldap:
+ enabled: true
ldap-sync:
attribute-mapping:
uid: uid
@@ -38,7 +40,7 @@
mail-id: 1
telephone-number-id: 2
scheduling:
- enabled: true
+ enabled: false
cron-expression: '*/10 * * * * *'
authnauth-sync:
@@ -93,6 +95,9 @@
flyway:
enabled: false
+ldap:
+ enabled: false
+
jwt:
tokenHeader: Authorization
useStaticJwt: true
@@ -108,6 +113,36 @@
useStaticJwt: false
staticJwt: eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJIYlI3Z2pobmE2eXJRZnZJTWhUSV9tY2g3ZmtTQWVFX3hLTjBhZVl0bjdjIn0.eyJqdGkiOiI5MGI0NGFkOC1iYjlmLTQ1MzktYTQwYy0yYjQyZTNkNjNiOGEiLCJleHAiOjE1Nzg2NTU3OTUsIm5iZiI6MCwiaWF0IjoxNTc4NjU1NDk1LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvRWxvZ2Jvb2siLCJhdWQiOiJlbG9nYm9vay1iYWNrZW5kIiwic3ViIjoiODYyNjY5NmYtZjFhMi00ZGI1LTkyZWYtZTlhMjQ2Njg1YTU0IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiZWxvZ2Jvb2stYmFja2VuZCIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6IjJmMWIzODE5LWZjNjQtNDEzNC1iNWQxLWY3ZWY4NzU5NDBkNCIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiKiJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsia29uLWFkbWluIiwia29uLXdyaXRlciIsImtvbi1hY2Nlc3MiLCJrb24tcmVhZGVyIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnt9LCJuYW1lIjoiVGVzdGVyRmlyc3RuYW1lX3J3YSBUZXN0ZXJMYXN0bmFtZV9yd2EiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJ0ZXN0dXNlcl9yd2EiLCJnaXZlbl9uYW1lIjoiVGVzdGVyRmlyc3RuYW1lX3J3YSIsImZhbWlseV9uYW1lIjoiVGVzdGVyTGFzdG5hbWVfcndhIn0.DAYXuv4tKn8RXqO1jyttnD-tF4nShUBQyfe4bKbAiPAyY2x5YbAf3M4eXnLrGqo8-loGKldICC28bL0LaMA3KKkQEOfW5sfpGqoN6212vs89mOklt0TJYc5PMXwFgJ5WC_TKjdwq7-aaDafOEWehV0U1ut3s-94ovNYIEn29nzXm2W1ldoXJEq03F880jlysQ5zlRvGF7eXEEpFfI2URyyNQ2UWh0Ssfq-gOAt2pbF1u6prA5RfvUmZ3v1eu21YLGZtgqPqxb1l6odyH3ip15j_HdgnTeo52ymxuRUj65Mskme3V5ev2DitHI9vZgnpV8Idhb4TTWliBeGCOMfDFCg
+
+ldap:
+ enabled: true
+ldap-sync:
+ attribute-mapping:
+ uid: uid
+ fullname: cn
+ lastname: sn
+ firstname: givenname
+ title: title
+ mail: mail
+ department: department
+ telephone-number: phone
+ db-id-mapping:
+ mail-id: 1
+ telephone-number-id: 2
+ scheduling:
+ enabled: false
+ cron-expression: '*/10 * * * * *'
+
+authnauth-sync:
+ attribute-mapping:
+ lastname: true
+ firstname: true
+ scheduling:
+ enabled: true
+ cron-expression: '*/10 * * * * *'
+ technical-userpassword: admin
+ technical-username: admin
+
server:
port: 9155
@@ -123,6 +158,10 @@
spring:
profiles: devserver
+
+ldap:
+ enabled: true
+
jwt:
tokenHeader: Authorization
useStaticJwt: false
@@ -140,6 +179,9 @@
spring:
profiles: devserver-unsecure
+ldap:
+ enabled: true
+
jwt:
tokenHeader: Authorization
useStaticJwt: true
@@ -162,6 +204,9 @@
flyway:
enabled: false
+ldap:
+ enabled: false
+
server:
port: 9155
max-http-header-size: 262144
diff --git a/src/main/resources/application_localdev.yml b/src/main/resources/application_localdev.yml
index c699abf..df6c57e 100644
--- a/src/main/resources/application_localdev.yml
+++ b/src/main/resources/application_localdev.yml
@@ -17,6 +17,41 @@
password: cbd_service
flyway:
enabled: false
+ ldap:
+ base: o=sevenSeas
+ username: uid=admin,ou=system
+ password: secret
+ port: 10389
+ urls: ldap://entopkon:10389
+
+ldap:
+ enabled: true
+ldap-sync:
+ attribute-mapping:
+ uid: uid
+ fullname: cn
+ lastname: sn
+ firstname: givenname
+ title: title
+ mail: mail
+ department: department
+ telephone-number: phone
+ db-id-mapping:
+ mail-id: 1
+ telephone-number-id: 2
+ scheduling:
+ enabled: false
+ cron-expression: '*/10 * * * * *'
+
+authnauth-sync:
+ attribute-mapping:
+ lastname: true
+ firstname: true
+ scheduling:
+ enabled: false
+ cron-expression: '*/10 * * * * *'
+ technical-userpassword: admin
+ technical-username: admin
server:
port: 9155
@@ -39,7 +74,6 @@
listOfServers: http://entopkon:8880
cors:
- allowedOrigins: http://localhost:8080
corsEnabled: false
logging:
