PMT-32: Rename End to Real End, because of Conflict with SQL syntax

Reviewed-on: #5
Reviewed-by: SZUT-Rajbir <rajbir2@schule.bremen.de>

.run/Run.run.xml

@@ -1,7 +1,7 @@
 <component name="ProjectRunConfigurationManager">
   <configuration default="false" name="Run" type="SpringBootApplicationConfigurationType" factoryName="Spring Boot">
     <module name="Project_Management_Tool.main" />
-    <option name="SPRING_BOOT_MAIN_CLASS" value="de.hmmh.pmt.ProjectManagementToolApplication" />
+    <option name="SPRING_BOOT_MAIN_CLASS" value="de.hmmh.pmt.OpenAPISpringBoot" />
     <method v="2">
       <option name="Make" enabled="true" />
       <option name="RunConfigurationTask" enabled="false" run_configuration_name="Postgres" run_configuration_type="docker-deploy" />

api/employee.yml

@@ -0,0 +1,473 @@
+openapi: 3.0.1
+info:
+  title: Employees Management Micro-Service
+  description: "\n## Overview\n\nEmployees Management Service API manages the employees\
+    \ of HighTec Gmbh including their qualifications. It offers the possibility to\
+    \ create, read, update and delete employees and qualifications. Existing employees\
+    \ can be assigned new qualifications or have them withdrawn. \nThe API is organized\
+    \ around REST. It has predictable resource-oriented URLs, accepts JSON-encoded\
+    \ request bodies, returns JSON-encoded responses, uses standard HTTP response\
+    \ codes and authentication.\n\n## Authentication\n\nEmployees Management Service\
+    \ API uses JWTs to authenticate requests. You will receive a bearer token by making\
+    \ a POST-Request in IntelliJ on:\n\n\n```\nPOST http://keycloak.szut.dev/auth/realms/szut/protocol/openid-connect/token\n\
+    Content-Type: application/x-www-form-urlencoded\ngrant_type=password&client_id=employee-management-service&username=user&password=test\n\
+    ```\n\n\nor by CURL\n```\ncurl -X POST 'http://keycloak.szut.dev/auth/realms/szut/protocol/openid-connect/token'\n\
+    --header 'Content-Type: application/x-www-form-urlencoded'\n--data-urlencode 'grant_type=password'\n\
+    --data-urlencode 'client_id=employee-management-service'\n--data-urlencode 'username=user'\n\
+    --data-urlencode 'password=test'\n```\n\nTo get a bearer-token in Postman, you\
+    \ have to follow the instructions in \n [Postman-Documentation](https://documenter.getpostman.com/view/7294517/SzmfZHnd).\n\
+    \nAll API requests must be made over HTTPS. Calls made over plain HTTP will fail.\
+    \ API requests without authentication will also fail. Each request has the URL\
+    \ \n `https://employee.szut.dev` and the address of the desired resource."
+  version: 1.0.1
+servers:
+- url: ""
+security:
+- bearerAuth: []
+paths:
+  /qualifications/{id}:
+    put:
+      tags:
+      - qualification-controller
+      summary: updates a qualification
+      operationId: updateQualification
+      parameters:
+      - name: id
+        in: path
+        required: true
+        schema:
+          type: integer
+          format: int64
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/QualificationPostDTO'
+        required: true
+      responses:
+        "401":
+          description: not authorized
+        "400":
+          description: invalid JSON posted
+        "200":
+          description: updated qualification
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/QualificationPostDTO'
+        "404":
+          description: resource not found
+    delete:
+      tags:
+      - qualification-controller
+      summary: deletes a qualification by id
+      operationId: deleteQualificationByDesignation
+      parameters:
+      - name: id
+        in: path
+        required: true
+        schema:
+          type: integer
+          format: int64
+      responses:
+        "401":
+          description: not authorized
+        "403":
+          description: qualification is in use
+        "204":
+          description: delete successful
+        "404":
+          description: resource not found
+  /employees/{id}:
+    get:
+      tags:
+      - employee-controller
+      summary: find employee by id
+      operationId: findById
+      parameters:
+      - name: id
+        in: path
+        required: true
+        schema:
+          type: integer
+          format: int64
+      responses:
+        "401":
+          description: not authorized
+        "200":
+          description: employee
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EmployeeResponseDTO'
+        "404":
+          description: resource not found
+    put:
+      tags:
+      - employee-controller
+      summary: updates employee by id - only changes the fields that are posted
+      operationId: updateEmployee
+      parameters:
+      - name: id
+        in: path
+        required: true
+        schema:
+          type: integer
+          format: int64
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/EmployeeRequestPutDTO'
+        required: true
+      responses:
+        "401":
+          description: not authorized
+        "200":
+          description: employee
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EmployeeResponseDTO'
+        "404":
+          description: resource not found
+    delete:
+      tags:
+      - employee-controller
+      summary: deletes a employee by id
+      operationId: deleteCustomer
+      parameters:
+      - name: id
+        in: path
+        required: true
+        schema:
+          type: integer
+          format: int64
+      responses:
+        "401":
+          description: not authorized
+        "204":
+          description: delete successful
+        "404":
+          description: resource not found
+  /qualifications:
+    get:
+      tags:
+      - qualification-controller
+      summary: delivers a list of all available qualifications
+      operationId: findAll
+      responses:
+        "401":
+          description: not authorized
+        "200":
+          description: list of qualifications
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/QualificationPostDTO'
+    post:
+      tags:
+      - qualification-controller
+      summary: creates a new qualification with its id and designation
+      operationId: createQualification
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/QualificationPostDTO'
+        required: true
+      responses:
+        "401":
+          description: not authorized
+        "201":
+          description: created qualification
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/QualificationPostDTO'
+        "400":
+          description: invalid JSON posted
+  /employees:
+    get:
+      tags:
+      - employee-controller
+      summary: delivers a list of all employees
+      operationId: findAll_1
+      responses:
+        "401":
+          description: not authorized
+        "200":
+          description: list of employees
+          content:
+            application/json:
+              schema:
+                type: array
+                items: 
+                  $ref: '#/components/schemas/EmployeeResponseDTO'
+    post:
+      tags:
+      - employee-controller
+      summary: creates a new employee
+      operationId: createEmployee
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/EmployeeRequestDTO'
+        required: true
+      responses:
+        "401":
+          description: not authorized
+        "400":
+          description: invalid JSON posted
+        "201":
+          description: created employee
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EmployeeResponseDTO'
+  /employees/{id}/qualifications:
+    get:
+      tags:
+      - employee-controller
+      summary: finds all qualifications of an employee by id
+      operationId: findAllQualificationOfAEmployeeById
+      parameters:
+      - name: id
+        in: path
+        required: true
+        schema:
+          type: integer
+          format: int64
+      responses:
+        "401":
+          description: not authorized
+        "200":
+          description: employee with a list of his qualifications
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EmployeeNameAndSkillDataDTO'
+        "404":
+          description: resource not found
+    post:
+      tags:
+      - employee-controller
+      summary: adds a qualification to an employee by id
+      operationId: addQualificationToEmployeeById
+      parameters:
+      - name: id
+        in: path
+        required: true
+        schema:
+          type: integer
+          format: int64
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/QualificationPostDTO'
+        required: true
+      responses:
+        "401":
+          description: not authorized
+        "400":
+          description: invalid JSON posted or employee already has this qualification
+        "200":
+          description: employee with a list of his qualifications
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EmployeeNameAndSkillDataDTO'
+        "404":
+          description: resource not found
+    delete:
+      tags:
+      - employee-controller
+      summary: deletes a qualification of an employee by id
+      operationId: removeQualificationFromEmployee
+      parameters:
+      - name: id
+        in: path
+        required: true
+        schema:
+          type: integer
+          format: int64
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/QualificationPostDTO'
+        required: true
+      responses:
+        "401":
+          description: not authorized
+        "200":
+          description: employee with a list of his qualifications
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EmployeeNameAndSkillDataDTO'
+        "404":
+          description: resource not found
+  /qualifications/{id}/employees:
+    get:
+      tags:
+      - qualification-controller
+      summary: find employees by qualification id
+      operationId: findAllEmployeesByQualification
+      parameters:
+      - name: id
+        in: path
+        required: true
+        schema:
+          type: integer
+          format: int64
+      responses:
+        "200":
+          description: List of employees who have the desired qualification
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/EmployeesForAQualificationDTO'
+        "401":
+          description: not authorized
+        "404":
+          description: qualification id does not exist
+components:
+  schemas:
+    QualificationPostDTO:
+      required:
+      - skill
+      type: object
+      properties:
+        skill:
+          type: string
+    EmployeeRequestPutDTO:
+      type: object
+      properties:
+        lastName:
+          type: string
+        firstName:
+          type: string
+        street:
+          type: string
+        postcode:
+          type: string
+        city:
+          type: string
+        phone:
+          type: string
+        skillSet:
+          type: array
+          items:
+            type: integer
+            format: int64
+    EmployeeResponseDTO:
+      required:
+      - city
+      - firstName
+      - lastName
+      - phone
+      - postcode
+      - street
+      type: object
+      properties:
+        id:
+          type: integer
+          format: int64
+        lastName:
+          type: string
+        firstName:
+          type: string
+        street:
+          type: string
+        postcode:
+          maxLength: 5
+          minLength: 5
+          type: string
+        city:
+          type: string
+        phone:
+          type: string
+        skillSet:
+          type: array
+          items:
+            $ref: '#/components/schemas/QualificationGetDTO'
+    QualificationGetDTO:
+      type: object
+      properties:
+        skill:
+          type: string
+        id:
+          type: integer
+          format: int64
+    EmployeeRequestDTO:
+      required:
+      - city
+      - firstName
+      - lastName
+      - phone
+      - postcode
+      - street
+      type: object
+      properties:
+        lastName:
+          type: string
+        firstName:
+          type: string
+        street:
+          type: string
+        postcode:
+          maxLength: 5
+          minLength: 5
+          type: string
+        city:
+          type: string
+        phone:
+          type: string
+        skillSet:
+          type: array
+          items:
+            type: integer
+            format: int64
+    EmployeeNameAndSkillDataDTO:
+      type: object
+      properties:
+        id:
+          type: integer
+          format: int64
+        lastName:
+          type: string
+        firstName:
+          type: string
+        skillSet:
+          uniqueItems: true
+          type: array
+          items:
+            $ref: '#/components/schemas/QualificationPostDTO'
+    EmployeeNameDataDTO:
+      type: object
+      properties:
+        id:
+          type: integer
+          format: int64
+        lastName:
+          type: string
+        firstName:
+          type: string
+    EmployeesForAQualificationDTO:
+      type: object
+      properties:
+        qualification:
+          $ref: '#/components/schemas/QualificationGetDTO'
+        employees:
+          uniqueItems: true
+          type: array
+          items:
+            $ref: '#/components/schemas/EmployeeNameDataDTO'
+  securitySchemes:
+    bearerAuth:
+      type: http
+      scheme: bearer
+      bearerFormat: JWT

api/pmt.yml

@@ -0,0 +1,48 @@
+openapi: 3.0.0
+info:
+  title: Project Management API
+  description: An API for Managing Internal tools
+  version: 1.0.0
+servers:
+  - url: /api/v1
+security:
+  - JWTAuth: []
+    
+components:
+  securitySchemes:
+    JWTAuth:
+      type: http
+      scheme: bearer
+      bearerFormat: JWT
+  schemas:
+    ProjectInfo:
+      type: object
+      properties:
+        id:
+          type: integer
+          format: int64
+        name:
+          type: string
+    GetAllProjectsDTO:
+      type: array
+      items:
+        $ref: "#/components/schemas/ProjectInfo"
+  responses:
+    InternalError:
+      description: "Internal Server Error"
+      content:
+        text/plain:
+          schema:
+            type: string
+paths:
+  /project:
+    get:
+      operationId: "getAllProjects"
+      description: "Get a List of all Projects"
+      responses:
+        200:
+          description: ""
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/GetAllProjectsDTO"

build.gradle.kts

@@ -10,7 +10,7 @@ repositories {
 plugins {
     java
     checkstyle
-    id("com.github.spotbugs") version "6.0.22"
+    id("com.github.spotbugs") version "6.0.23"
     id("org.springframework.boot") version "3.3.3"
     id("io.spring.dependency-management") version "1.1.6"
     id("org.hidetake.swagger.generator") version "2.19.2"
@@ -44,19 +44,25 @@ configurations {
 }
 
 dependencies {
-    //Spring
+    // Spring
     implementation("org.springframework.boot:spring-boot-starter-data-jpa")
     implementation("org.springframework.boot:spring-boot-starter-validation")
     implementation("org.springframework.boot:spring-boot-starter-web")
+    implementation("org.springframework.boot:spring-boot-starter-security")
+    implementation("org.springframework.boot:spring-boot-starter-oauth2-client")
+    implementation("org.springframework.boot:spring-boot-starter-oauth2-resource-server")
+
+    // Postgres
     runtimeOnly("org.postgresql:postgresql")
 
-    //Lombok
+    // Lombok
     compileOnly("org.projectlombok:lombok")
     annotationProcessor("org.projectlombok:lombok")
 
-    //Test
+    // Test
     testImplementation("org.springframework.boot:spring-boot-starter-test")
     testImplementation("org.springframework.boot:spring-boot-testcontainers")
+    testImplementation("org.springframework.security:spring-security-test")
     testImplementation("org.testcontainers:junit-jupiter")
     testImplementation("org.testcontainers:postgresql")
     testRuntimeOnly("org.junit.platform:junit-platform-launcher")
@@ -64,25 +70,32 @@ dependencies {
     //OAS
     swaggerCodegen("io.swagger.codegen.v3:swagger-codegen-cli:3.0.61")
     implementation("io.swagger.core.v3:swagger-annotations:2.2.22")
+    implementation("jakarta.xml.bind:jakarta.xml.bind-api") //Needed for XML/HTML Validation
 }
 
 swaggerSources {
     register("pmt") {
-        setInputFile(file("${rootDir}/src/main/resources/api.yml"))
+        setInputFile(file("${rootDir}/api/pmt.yml"))
-        code.configFile = file("${rootDir}/src/main/resources/gen-config.json")
+        code.configFile = file("${rootDir}/gen/config-pmt.json")
         val validationTask = validation
         code(delegateClosureOf<GenerateSwaggerCode> {
             language = "spring"
-            components = listOf("models", "apis")
             code.rawOptions =
-                listOf("--ignore-file-override=" + file("${rootDir}/src/main/resources/.codegen-ignore").absolutePath)
+                listOf("--ignore-file-override=" + file("${rootDir}/gen/.ignore-pmt").absolutePath)
             dependsOn(validationTask)
         })
     }
+    create("employee") {
+        setInputFile(file("${rootDir}/api/employee.yml"))
+        code.configFile = file("${rootDir}/gen/config-employee.json")
+        code(delegateClosureOf<GenerateSwaggerCode> {
+            language = "java" 
+        })
+    }
 }
 
 tasks {
-
+    withType()
     withType<Checkstyle> {
         reports {
             xml.required.set(true)
@@ -100,6 +113,7 @@ tasks {
     }
     named("compileJava").configure {
         dependsOn(swaggerSources.getByName("pmt").code)
+        dependsOn(swaggerSources.getByName("employee").code)
     }
 }
 
@@ -107,5 +121,8 @@ sourceSets {
     main {
         java.srcDir("${swaggerSources.getByName("pmt").code.outputDir}/src/main/java")
         resources.srcDir("${swaggerSources.getByName("pmt").code.outputDir}/src/main/resources")
+        
+        java.srcDir("${swaggerSources.getByName("employee").code.outputDir}/src/main/java")
+        resources.srcDir("${swaggerSources.getByName("employee").code.outputDir}/src/main/resources")
     }
 }

gen/.ignore-pmt

@@ -0,0 +1,4 @@
+**/*ApiController.java
+**/*application.properties
+**/io/swagger/configuration/HomeController.java
+**/io/swagger/configuration/SwaggerUiConfiguration.java

gen/config-employee.json

@@ -0,0 +1,11 @@
+{
+    "modelPackage": "de.hmmh.pmt.employee.dtos",
+    "apiPackage": "de.hmmh.pmt.employee.api",
+    "invokerPackage": "de.hmmh.pmt.employee",
+    "java8": false,
+    "java11": true,
+    "dateLibrary": "java11",
+    "library": "resttemplate",
+    "serializableModel": true,
+    "jakarta": true
+}

gen/config-pmt.json

@@ -1,7 +1,7 @@
 {
-    "modelPackage": "de.hmmh.pmt.oas.models",
+    "modelPackage": "de.hmmh.pmt.dtos",
     "apiPackage": "de.hmmh.pmt.oas",
-    "invokerPackage": "de.hmmh.pmt.oas",
+    "invokerPackage": "de.hmmh.pmt",
     "java8": false,
     "java11": true,
     "dateLibrary": "java11",

http/getToken.http

@@ -0,0 +1,4 @@
+POST https://keycloak.szut.dev/auth/realms/szut/protocol/openid-connect/token
+Content-Type: application/x-www-form-urlencoded
+
+grant_type=password&client_id=employee-management-service&username=user&password=test

src/main/java/de/hmmh/pmt/ApiController.java

@@ -1,9 +1,14 @@
 package de.hmmh.pmt;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
+import de.hmmh.pmt.employee.ApiClientFactory;
+import de.hmmh.pmt.db.Project;
+import de.hmmh.pmt.db.ProjectRepository;
 import de.hmmh.pmt.oas.DefaultApi;
-import de.hmmh.pmt.oas.models.HelloOut;
+import de.hmmh.pmt.dtos.GetAllProjectsDTO;
+import de.hmmh.pmt.dtos.ProjectInfo;
 import jakarta.servlet.http.HttpServletRequest;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -13,6 +18,12 @@ import java.util.Optional;
 @Controller
 @RequestMapping("${openapi.projectManagement.base-path:/api/v1}")
 public class ApiController implements DefaultApi {
+    @Autowired
+    private ApiClientFactory apiClientFactory;
+    @Autowired
+    private ProjectRepository projectRepository;
+    
+    // apiClientFactory.getEmployeeApi().findAll1()
 
     @Override
     public Optional<ObjectMapper> getObjectMapper() {
@@ -25,9 +36,16 @@ public class ApiController implements DefaultApi {
     }
 
     @Override
-    public ResponseEntity<HelloOut> getHello() {
+    public ResponseEntity<GetAllProjectsDTO> getAllProjects() {
-        HelloOut hello = new HelloOut();
+        GetAllProjectsDTO response = new GetAllProjectsDTO();
-        hello.setMsg("Hello World");
+
-        return ResponseEntity.ok(hello);
+        for (Project project : this.projectRepository.findAll()){
+            ProjectInfo projectInfo = new ProjectInfo();
+            projectInfo.setId(project.getId());
+            projectInfo.setName(project.getName());
+            response.add(projectInfo);
+        }
+
+        return ResponseEntity.ok(response);
     }
 }

src/main/java/de/hmmh/pmt/Config.java

@@ -0,0 +1,13 @@
+package de.hmmh.pmt;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.client.RestTemplate;
+
+@Configuration
+public class Config {
+    @Bean
+    public RestTemplate restTemplate() {
+        return new RestTemplate();
+    }
+}

src/main/java/de/hmmh/pmt/ProjectManagementToolApplication.java

@@ -1,13 +0,0 @@
-package de.hmmh.pmt;
-
-import org.springframework.boot.SpringApplication;
-import org.springframework.boot.autoconfigure.SpringBootApplication;
-
-@SpringBootApplication
-public class ProjectManagementToolApplication {
-
-    public static void main(String[] args) {
-        SpringApplication.run(ProjectManagementToolApplication.class, args);
-    }
-
-}

src/main/java/de/hmmh/pmt/auth/AuthConfig.java

@@ -0,0 +1,57 @@
+package de.hmmh.pmt.auth;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.core.session.SessionRegistry;
+import org.springframework.security.core.session.SessionRegistryImpl;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
+import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
+import org.springframework.security.web.session.HttpSessionEventPublisher;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+
+@Configuration
+@EnableWebSecurity
+@EnableMethodSecurity
+public class AuthConfig {
+
+    private final JWT jwt;
+
+    AuthConfig(JWT jwt) {
+        this.jwt = jwt;
+    }
+
+    @Bean
+    public SessionRegistry sessionRegistry() {
+        return new SessionRegistryImpl();
+    }
+
+    @Bean
+    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
+        return new RegisterSessionAuthenticationStrategy(sessionRegistry());
+    }
+
+    @Bean
+    public HttpSessionEventPublisher httpSessionEventPublisher() {
+        return new HttpSessionEventPublisher();
+    }
+
+
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http
+                .authorizeHttpRequests(auth -> auth
+                        .anyRequest()
+                        .authenticated()
+                )
+                .oauth2ResourceServer(resourceServer -> resourceServer
+                        .jwt(jwt -> jwt
+                                .jwtAuthenticationConverter(this.jwt.jwtAuthenticationConverter())
+                        )
+                );
+        return http.build();
+    }
+}

src/main/java/de/hmmh/pmt/auth/JWT.java

@@ -0,0 +1,71 @@
+package de.hmmh.pmt.auth;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.oauth2.core.oidc.user.OidcUser;
+import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
+import org.springframework.security.web.authentication.logout.LogoutHandler;
+import org.springframework.stereotype.Component;
+import org.springframework.web.client.RestTemplate;
+import org.springframework.web.util.UriComponentsBuilder;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+@Component
+public class JWT implements LogoutHandler {
+    private static final String REALM_ACCESS_CLAIM = "realm_access";
+    private static final String ROLES_CLAIM = "roles";
+    private static final String ROLE_PREFIX = "ROLE_";
+    private static final String OIDC_LOGOUT_ROUTE = "/protocol/openid-connect/logout";
+    private static final String OIDC_TOKEN_HINT_QUERY_PARAMETER = "id_token_hin";
+
+    @Autowired
+    private RestTemplate template;
+
+    @Override
+    public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
+        OidcUser user = (OidcUser) authentication.getPrincipal();
+        String endSessionEndpoint = user.getIssuer() + OIDC_LOGOUT_ROUTE;
+        UriComponentsBuilder builder = UriComponentsBuilder
+                .fromUriString(endSessionEndpoint)
+                .queryParam(OIDC_TOKEN_HINT_QUERY_PARAMETER, user.getIdToken().getTokenValue());
+
+        ResponseEntity<String> logoutResponse = template.getForEntity(builder.toUriString(), String.class);
+        if (logoutResponse.getStatusCode().is2xxSuccessful()) {
+            System.out.println("Logged out successfully");
+        } else {
+            System.out.println("Failed to logout");
+        }
+    }
+
+    public JwtAuthenticationConverter jwtAuthenticationConverter() {
+        JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
+        jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(jwt -> {
+            List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
+
+            Map<String, Object> realmAccess = jwt.getClaim(REALM_ACCESS_CLAIM);
+            if (realmAccess == null || !realmAccess.containsKey(ROLES_CLAIM)) {
+                return grantedAuthorities;
+            }
+
+            Object rolesClaim = realmAccess.get(ROLES_CLAIM);
+            if (!(rolesClaim instanceof List<?>)) {
+                return grantedAuthorities;
+            }
+            for (Object role : (List<?>) rolesClaim) {
+                assert role instanceof String;
+                grantedAuthorities.add(new SimpleGrantedAuthority(ROLE_PREFIX + role));
+            }
+
+            return grantedAuthorities;
+        });
+        return jwtAuthenticationConverter;
+    }
+}

src/main/java/de/hmmh/pmt/auth/JwtToken.java

@@ -0,0 +1,12 @@
+package de.hmmh.pmt.auth;
+
+import lombok.Getter;
+import lombok.Setter;
+import org.springframework.stereotype.Component;
+
+@Getter
+@Setter
+@Component
+public class JwtToken{
+    private String token;
+}

src/main/java/de/hmmh/pmt/auth/JwtTokenFilter.java

@@ -0,0 +1,38 @@
+package de.hmmh.pmt.auth;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import java.io.IOException;
+
+@Component
+public class JwtTokenFilter extends OncePerRequestFilter {
+
+    @Autowired
+    private JwtToken token;
+
+    @Override
+    protected void doFilterInternal(
+            HttpServletRequest request,
+            HttpServletResponse response,
+            FilterChain filterChain
+    ) throws ServletException, IOException {
+        token.setToken(null);
+        String authHeader = request.getHeader("Authorization");
+        if (authHeader == null) {
+            filterChain.doFilter(request, response);
+            return;
+        }
+        if (!authHeader.startsWith("Bearer ")) {
+            filterChain.doFilter(request, response);
+            return;
+        }
+        token.setToken(authHeader.substring("Bearer ".length()));
+        filterChain.doFilter(request, response);
+    }
+}

src/main/java/de/hmmh/pmt/db/Project.java

@@ -0,0 +1,47 @@
+package de.hmmh.pmt.db;
+
+import jakarta.persistence.*;
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.NotNull;
+import jakarta.validation.constraints.Size;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+import java.time.LocalDateTime;
+
+@NoArgsConstructor
+@AllArgsConstructor
+@Getter
+@Setter
+@Entity
+@Table(name = "project")
+public class Project {
+    @Id
+    @GeneratedValue(strategy =  GenerationType.IDENTITY)
+    private Long id;
+
+    @NotBlank
+    @Size(min = 3, max = 64)
+    private String name;
+
+    @NotBlank
+    @Size(min = 10)
+    private String goal;
+
+    @NotNull
+    private Long customerId;
+
+    @NotNull
+    private Long administratorId; // Is an Employee
+
+    @NotNull
+    private LocalDateTime start;
+
+    @NotNull
+    private LocalDateTime plannedEnd;
+
+    private LocalDateTime realEnd; // Cant be named just "end" because it's and SQL Keyword
+}
+

src/main/java/de/hmmh/pmt/db/ProjectRepository.java

@@ -0,0 +1,6 @@
+package de.hmmh.pmt.db;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+
+public interface ProjectRepository extends JpaRepository<Project, Long> {
+}

src/main/java/de/hmmh/pmt/employee/ApiClientFactory.java

@@ -0,0 +1,37 @@
+package de.hmmh.pmt.employee;
+
+import de.hmmh.pmt.auth.JwtToken;
+import de.hmmh.pmt.employee.api.EmployeeControllerApi;
+import de.hmmh.pmt.employee.api.QualificationControllerApi;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public class ApiClientFactory {
+
+    @Autowired
+    private ApiClient apiClient;
+    @Autowired
+    private JwtToken apiToken;
+    @Autowired
+    private EmployeeControllerApi employee;
+    @Autowired
+    private QualificationControllerApi qualification;
+
+    public EmployeeControllerApi getEmployeeApi() {
+        prepareApiClient();
+        employee.setApiClient(apiClient);
+        return employee;
+    }
+
+    public QualificationControllerApi getQualificationApi() {
+        prepareApiClient();
+        qualification.setApiClient(apiClient);
+        return qualification;
+    }
+
+    private void prepareApiClient() {
+        apiClient.setAccessToken(apiToken.getToken());
+        apiClient.setBasePath("https://employee.szut.dev");
+    }
+}

src/main/resources/.codegen-ignore

@@ -1,2 +0,0 @@
-**/*ApiController.java
-**/org/openapitools/configuration/

src/main/resources/api.yml

@@ -1,43 +0,0 @@
-openapi: 3.0.0
-info:
-  title: Project Management API
-  description: An API for Managing Internal tools
-  version: 1.0.0
-servers:
-  - url: /api/v1
-    
-components:
-  schemas: 
-    HelloOut:
-      description: "A Test Schema"
-      type: object
-      properties: 
-        msg:
-          type: string
-  responses:
-    OK:
-      description: "OK"
-      content: 
-        text/plain:
-          schema:
-            type: string
-    InternalError:
-      description: "Internal Server Error"
-      content:
-        text/plain:
-          schema:
-            type: string
-paths:
-  /hello:
-    get:
-      operationId: "GetHello"
-      description: "A Simple Hello World Endpoint"
-      responses:
-        200:
-          description: "A Hello Response"
-          content:
-            application/json:
-              schema:
-                $ref: "#/components/schemas/HelloOut"
-        500:
-          $ref: "#/components/responses/InternalError"

src/main/resources/application.properties

@@ -7,3 +7,11 @@ spring.datasource.url=jdbc:postgresql://localhost:5432/pmt
 spring.datasource.username=pmt_user
 spring.datasource.password=pmt123
 spring.jpa.hibernate.ddl-auto=create-drop
+
+# JWT Auth
+spring.security.oauth2.client.registration.keycloak.client-id=employee-management-service
+spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code
+spring.security.oauth2.client.registration.keycloak.scope=openid
+spring.security.oauth2.client.provider.keycloak.issuer-uri=https://keycloak.szut.dev/auth/realms/szut
+spring.security.oauth2.client.provider.keycloak.user-name-attribute=preferred_username
+spring.security.oauth2.resourceserver.jwt.issuer-uri=https://keycloak.szut.dev/auth/realms/szut

src/main/resources/checkstyle-ignore.xml

@@ -5,5 +5,5 @@
 >
 
 <suppressions>
-    <suppress files="[\\/]de[\\/]hmmh[\\/]pmt[\\/]oas" checks="."/>
+    <suppress files="build[\\/]" checks="."/>
 </suppressions>

src/main/resources/spotbugs-exclude.xml

@@ -1,5 +1,11 @@
-<FindBugsFilter>
+<FindBugsFilter xmlns="https://raw.githubusercontent.com/spotbugs/spotbugs/4.8.6/spotbugs/etc/findbugsfilter.xsd">
     <Match>
-        <Package name="de.hmmh.pmt.oas"/>
+        <!-- We Want This Exposure of Resources the Way it is for our usage -->
+        <Class name="de.hmmh.pmt.employee.ApiClientFactory"/>
+        <Bug code="M,V,EI"/>
+    </Match>
+    <Match>
+        <!--Ignore Auto Generated Code -->
+        <Source name="~.*build/.*"/>
     </Match>
 </FindBugsFilter>