SI-2506 Unauthentifizierter Endpunkt (prüfen, wie das umgesetzt werden kann)
diff --git a/addressImport/pom.xml b/addressImport/pom.xml index cdd6bba..712e8d6 100644 --- a/addressImport/pom.xml +++ b/addressImport/pom.xml
@@ -69,6 +69,10 @@ <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> + <groupId>org.springframework.boot</groupId> + <artifactId>spring-boot-starter-security</artifactId> + </dependency> + <dependency> <groupId>org.postgresql</groupId> <artifactId>postgresql</artifactId> <version>${postgresql.version}</version> @@ -112,6 +116,11 @@ </exclusions> </dependency> <dependency> + <groupId>org.springframework.security</groupId> + <artifactId>spring-security-test</artifactId> + <scope>test</scope> + </dependency> + <dependency> <groupId>org.powermock</groupId> <artifactId>powermock-reflect</artifactId> <version>${powerMockReflect.version}</version>
diff --git a/addressImport/src/main/java/org/eclipse/openk/gridfailureinformation/importadresses/config/SecurityConfig.java b/addressImport/src/main/java/org/eclipse/openk/gridfailureinformation/importadresses/config/SecurityConfig.java new file mode 100644 index 0000000..236578f --- /dev/null +++ b/addressImport/src/main/java/org/eclipse/openk/gridfailureinformation/importadresses/config/SecurityConfig.java
@@ -0,0 +1,69 @@ +/* + ******************************************************************************* + * Copyright (c) 2019 Contributors to the Eclipse Foundation + * + * See the NOTICE file(s) distributed with this work for additional + * information regarding copyright ownership. + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0. + * + * SPDX-License-Identifier: EPL-2.0 + ******************************************************************************* + */ +package org.eclipse.openk.gridfailureinformation.importadresses.config; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.crypto.factory.PasswordEncoderFactories; +import org.springframework.security.crypto.password.PasswordEncoder; + + +@Configuration +@EnableWebSecurity +@EnableGlobalMethodSecurity( + prePostEnabled = true, + securedEnabled = true, + jsr250Enabled = true) +public class SecurityConfig extends WebSecurityConfigurerAdapter { + + @Value("${security.endpoint.user}") + private String user; + @Value("${security.endpoint.password}") + private String password; + + @Override + protected void configure(HttpSecurity http ) throws Exception { + http + .csrf().disable() + .authorizeRequests().anyRequest().authenticated() + .and() + .httpBasic(); + } + + @Bean + public PasswordEncoder passwordEncoder() { + return PasswordEncoderFactories.createDelegatingPasswordEncoder(); + } + + @Autowired + public void configureGlobal(AuthenticationManagerBuilder auth) + throws Exception + { + auth.inMemoryAuthentication() + .withUser(user) + .password(passwordEncoder().encode(password)) + .roles("USER"); + } + + +} +
diff --git a/addressImport/src/main/java/org/eclipse/openk/gridfailureinformation/importadresses/config/SwaggerConfig.java b/addressImport/src/main/java/org/eclipse/openk/gridfailureinformation/importadresses/config/SwaggerConfig.java index fbedd0d..cac1f8a 100644 --- a/addressImport/src/main/java/org/eclipse/openk/gridfailureinformation/importadresses/config/SwaggerConfig.java +++ b/addressImport/src/main/java/org/eclipse/openk/gridfailureinformation/importadresses/config/SwaggerConfig.java
@@ -18,9 +18,9 @@ @Profile("!prod") public class SwaggerConfig { - @Value("${swagger.baseUrl}") + @Value("${swagger.baseUrl:}") public String baseUrl; - @Value("${swagger.proxyUrl}") + @Value("${swagger.proxyUrl:}") public String proxyUrl; @Bean
diff --git a/addressImport/src/main/resources/application.yml b/addressImport/src/main/resources/application.yml index 863ad63..712829e 100644 --- a/addressImport/src/main/resources/application.yml +++ b/addressImport/src/main/resources/application.yml
@@ -60,9 +60,9 @@ org.springframework.web: ERROR org.hibernate: ERROR -swagger: - baseUrl: - proxyUrl: +security.endpoint: + user: ${GFI_MANUAL_ENDPOINTS_USERNAME} + password: ${GFI_MANUAL_ENDPOINTS_PASSWORD} --- @@ -159,7 +159,6 @@ swagger: baseUrl: /addressImporter - proxyUrl: adressimport: cleanup: true
diff --git a/addressImport/src/main/resources/application_localdev.yml b/addressImport/src/main/resources/application_localdev.yml index 055b657..e5a4cfa 100644 --- a/addressImport/src/main/resources/application_localdev.yml +++ b/addressImport/src/main/resources/application_localdev.yml
@@ -74,10 +74,10 @@ org.eclipse.openk: DEBUG org.springframework.web: ERROR org.hibernate: ERROR - -swagger: - baseUrl: - proxyUrl: + +security.endpoint: + user: ${GFI_MANUAL_ENDPOINTS_USERNAME} + password: ${GFI_MANUAL_ENDPOINTS_PASSWORD} ---
diff --git a/addressImport/src/test/java/org/eclipse/openk/gridfailureinformation/importadresses/controller/AddressImportControllerTest.java b/addressImport/src/test/java/org/eclipse/openk/gridfailureinformation/importadresses/controller/AddressImportControllerTest.java index 5d467ee..c45fb37 100644 --- a/addressImport/src/test/java/org/eclipse/openk/gridfailureinformation/importadresses/controller/AddressImportControllerTest.java +++ b/addressImport/src/test/java/org/eclipse/openk/gridfailureinformation/importadresses/controller/AddressImportControllerTest.java
@@ -21,8 +21,11 @@ import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; import org.springframework.boot.test.context.SpringBootTest; import org.springframework.boot.test.mock.mockito.MockBean; +import org.springframework.security.test.context.support.WithMockUser; import org.springframework.test.context.ActiveProfiles; import org.springframework.test.web.servlet.MockMvc; + +import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; @@ -39,6 +42,7 @@ private MockMvc mockMvc; @Test + @WithMockUser(value = "mockedUser") public void shouldTriggerStartImport() throws Exception { mockMvc.perform(post("/addresses/import")) @@ -46,4 +50,13 @@ verify(jobManager).triggerStartImport(); } + + @Test + public void shouldTriggerStartImportAndReturnUnauthorized() throws Exception { + + mockMvc.perform(post("/addresses/import")) + .andExpect(status().isUnauthorized()); + + verify(jobManager, times(0)).triggerStartImport(); + } }
diff --git a/addressImport/src/test/resources/application-test.yml b/addressImport/src/test/resources/application-test.yml index c1b2fbe..ee48215 100644 --- a/addressImport/src/test/resources/application-test.yml +++ b/addressImport/src/test/resources/application-test.yml
@@ -52,6 +52,10 @@ readTimeout: 60000 cors: corsEnabled: false + +security.endpoint: + user: user + password: secret ---
diff --git a/stoerungsauskunftInterface/pom.xml b/stoerungsauskunftInterface/pom.xml index a29835f..e3aaf07 100644 --- a/stoerungsauskunftInterface/pom.xml +++ b/stoerungsauskunftInterface/pom.xml
@@ -57,6 +57,10 @@ </dependency> <dependency> <groupId>org.springframework.boot</groupId> + <artifactId>spring-boot-starter-security</artifactId> + </dependency> + <dependency> + <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-amqp</artifactId> </dependency> <dependency> @@ -98,6 +102,11 @@ </exclusions> </dependency> <dependency> + <groupId>org.springframework.security</groupId> + <artifactId>spring-security-test</artifactId> + <scope>test</scope> + </dependency> + <dependency> <groupId>org.powermock</groupId> <artifactId>powermock-reflect</artifactId> <version>${powerMockReflect.version}</version>
diff --git a/stoerungsauskunftInterface/src/main/java/org/eclipse/openk/gridfailureinformation/stoerauskunftinterface/config/SecurityConfig.java b/stoerungsauskunftInterface/src/main/java/org/eclipse/openk/gridfailureinformation/stoerauskunftinterface/config/SecurityConfig.java new file mode 100644 index 0000000..8edc1ac --- /dev/null +++ b/stoerungsauskunftInterface/src/main/java/org/eclipse/openk/gridfailureinformation/stoerauskunftinterface/config/SecurityConfig.java
@@ -0,0 +1,69 @@ +/* + ******************************************************************************* + * Copyright (c) 2019 Contributors to the Eclipse Foundation + * + * See the NOTICE file(s) distributed with this work for additional + * information regarding copyright ownership. + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0. + * + * SPDX-License-Identifier: EPL-2.0 + ******************************************************************************* + */ +package org.eclipse.openk.gridfailureinformation.stoerauskunftinterface.config; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.factory.PasswordEncoderFactories; +import org.springframework.security.crypto.password.PasswordEncoder; + + +@Configuration +@EnableWebSecurity +@EnableGlobalMethodSecurity( + prePostEnabled = true, + securedEnabled = true, + jsr250Enabled = true) +public class SecurityConfig extends WebSecurityConfigurerAdapter { + + @Value("${security.endpoint.user}") + private String user; + @Value("${security.endpoint.password}") + private String password; + + @Override + protected void configure(HttpSecurity http ) throws Exception { + http + .csrf().disable() + .authorizeRequests().anyRequest().authenticated() + .and() + .httpBasic(); + } + + @Bean + public PasswordEncoder passwordEncoder() { + return PasswordEncoderFactories.createDelegatingPasswordEncoder(); + } + + @Autowired + public void configureGlobal(AuthenticationManagerBuilder auth) + throws Exception + { + auth.inMemoryAuthentication() + .withUser(user) + .password(passwordEncoder().encode(password)) + .roles("USER"); + } + + +} +
diff --git a/stoerungsauskunftInterface/src/main/resources/application.yml b/stoerungsauskunftInterface/src/main/resources/application.yml index 3c09778..d00f9f9 100644 --- a/stoerungsauskunftInterface/src/main/resources/application.yml +++ b/stoerungsauskunftInterface/src/main/resources/application.yml
@@ -68,6 +68,9 @@ enabled: false cron: 0 */15 * ? * * +security.endpoint: + user: ${GFI_MANUAL_ENDPOINTS_USERNAME} + password: ${GFI_MANUAL_ENDPOINTS_PASSWORD} --- spring:
diff --git a/stoerungsauskunftInterface/src/main/resources/application_localdev.yml b/stoerungsauskunftInterface/src/main/resources/application_localdev.yml index 1c04bd5..80eafae 100644 --- a/stoerungsauskunftInterface/src/main/resources/application_localdev.yml +++ b/stoerungsauskunftInterface/src/main/resources/application_localdev.yml
@@ -81,6 +81,10 @@ enabled: false cron: 0 */15 * ? * * +security.endpoint: + user: ${GFI_MANUAL_ENDPOINTS_USERNAME} + password: ${GFI_MANUAL_ENDPOINTS_PASSWORD} + --- spring:
diff --git a/stoerungsauskunftInterface/src/test/java/org/eclipse/openk/gridfailureinformation/stoerauskunftinterface/controller/ImportExportControllerTest.java b/stoerungsauskunftInterface/src/test/java/org/eclipse/openk/gridfailureinformation/stoerauskunftinterface/controller/ImportExportControllerTest.java index 02b4b52..1ed2179 100644 --- a/stoerungsauskunftInterface/src/test/java/org/eclipse/openk/gridfailureinformation/stoerauskunftinterface/controller/ImportExportControllerTest.java +++ b/stoerungsauskunftInterface/src/test/java/org/eclipse/openk/gridfailureinformation/stoerauskunftinterface/controller/ImportExportControllerTest.java
@@ -15,6 +15,7 @@ package org.eclipse.openk.gridfailureinformation.stoerauskunftinterface.controller; import com.fasterxml.jackson.databind.ObjectMapper; +import lombok.With; import org.eclipse.openk.gridfailureinformation.stoerauskunftinterface.StoerungsauskunftInterfaceApplication; import org.eclipse.openk.gridfailureinformation.stoerauskunftinterface.api.StoerungsauskunftApi; import org.eclipse.openk.gridfailureinformation.stoerauskunftinterface.dtos.RabbitMqMessageDto; @@ -26,6 +27,8 @@ import org.springframework.boot.test.context.SpringBootTest; import org.springframework.boot.test.mock.mockito.MockBean; import org.springframework.http.MediaType; +import org.springframework.security.test.context.support.WithAnonymousUser; +import org.springframework.security.test.context.support.WithMockUser; import org.springframework.test.context.ActiveProfiles; import org.springframework.test.web.servlet.MockMvc; @@ -51,6 +54,7 @@ @Test + @WithMockUser(value = "mockedUser") public void shouldCallImport() throws Exception { mockMvc.perform(get("/stoerungsauskunft/usernotification-import-test")) @@ -60,6 +64,16 @@ } @Test + public void shouldCallImportAndReturnUnauthorized() throws Exception { + + mockMvc.perform(get("/stoerungsauskunft/usernotification-import-test")) + .andExpect(status().isUnauthorized()); + + verify(importExportService, times(0)).importUserNotifications(); + } + + @Test + @WithMockUser(value = "mockedUser") public void shouldCallExport() throws Exception { RabbitMqMessageDto rabbitMqMessageDto = MockDataHelper.mockRabbitMqMessageDto(); @@ -71,4 +85,17 @@ verify(importExportService, times(1)).exportStoerungsauskunftOutage(rabbitMqMessageDto); } + + @Test + public void shouldCallExportAndReturnUnauthorized() throws Exception { + + RabbitMqMessageDto rabbitMqMessageDto = MockDataHelper.mockRabbitMqMessageDto(); + + mockMvc.perform(post("/stoerungsauskunft/outage-export-test") + .contentType(MediaType.APPLICATION_JSON) + .content(new ObjectMapper().writeValueAsString(rabbitMqMessageDto))) + .andExpect(status().isUnauthorized()); + + verify(importExportService, times(0)).exportStoerungsauskunftOutage(rabbitMqMessageDto); + } } \ No newline at end of file
diff --git a/stoerungsauskunftInterface/src/test/resources/application.yml b/stoerungsauskunftInterface/src/test/resources/application.yml index 843be83..c2a1253 100644 --- a/stoerungsauskunftInterface/src/test/resources/application.yml +++ b/stoerungsauskunftInterface/src/test/resources/application.yml
@@ -67,6 +67,10 @@ useStaticJwt: true staticJwt: eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJIYlI3Z2pobmE2eXJRZnZJTWhUSV9tY2g3ZmtTQWVFX3hLTjBhZVl0bjdjIn0.eyJqdGkiOiI5MGI0NGFkOC1iYjlmLTQ1MzktYTQwYy0yYjQyZTNkNjNiOGEiLCJleHAiOjE1Nzg2NTU3OTUsIm5iZiI6MCwiaWF0IjoxNTc4NjU1NDk1LCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvYXV0aC9yZWFsbXMvRWxvZ2Jvb2siLCJhdWQiOiJlbG9nYm9vay1iYWNrZW5kIiwic3ViIjoiODYyNjY5NmYtZjFhMi00ZGI1LTkyZWYtZTlhMjQ2Njg1YTU0IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiZWxvZ2Jvb2stYmFja2VuZCIsImF1dGhfdGltZSI6MCwic2Vzc2lvbl9zdGF0ZSI6IjJmMWIzODE5LWZjNjQtNDEzNC1iNWQxLWY3ZWY4NzU5NDBkNCIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiKiJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsia29uLWFkbWluIiwia29uLXdyaXRlciIsImtvbi1hY2Nlc3MiLCJrb24tcmVhZGVyIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnt9LCJuYW1lIjoiVGVzdGVyRmlyc3RuYW1lX3J3YSBUZXN0ZXJMYXN0bmFtZV9yd2EiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJ0ZXN0dXNlcl9yd2EiLCJnaXZlbl9uYW1lIjoiVGVzdGVyRmlyc3RuYW1lX3J3YSIsImZhbWlseV9uYW1lIjoiVGVzdGVyTGFzdG5hbWVfcndhIn0.DAYXuv4tKn8RXqO1jyttnD-tF4nShUBQyfe4bKbAiPAyY2x5YbAf3M4eXnLrGqo8-loGKldICC28bL0LaMA3KKkQEOfW5sfpGqoN6212vs89mOklt0TJYc5PMXwFgJ5WC_TKjdwq7-aaDafOEWehV0U1ut3s-94ovNYIEn29nzXm2W1ldoXJEq03F880jlysQ5zlRvGF7eXEEpFfI2URyyNQ2UWh0Ssfq-gOAt2pbF1u6prA5RfvUmZ3v1eu21YLGZtgqPqxb1l6odyH3ip15j_HdgnTeo52ymxuRUj65Mskme3V5ev2DitHI9vZgnpV8Idhb4TTWliBeGCOMfDFCg +security.endpoint: + user: user + password: secret + stoerungsauskunft: apiUrl: https://stage-api-operator.stoerungsauskunft.de/api/v1.0/ user: userName