Compare commits
4 commits
5db4d4dab8
...
2953e81da9
Author | SHA1 | Date | |
---|---|---|---|
2953e81da9 | |||
3a174b64c1 | |||
1d4efc1f2b | |||
13a8ee5d50 |
20 changed files with 36 additions and 783 deletions
|
@ -1,7 +1,7 @@
|
|||
<component name="ProjectRunConfigurationManager">
|
||||
<configuration default="false" name="Run" type="SpringBootApplicationConfigurationType" factoryName="Spring Boot">
|
||||
<module name="Project_Management_Tool.main" />
|
||||
<option name="SPRING_BOOT_MAIN_CLASS" value="de.hmmh.pmt.OpenAPISpringBoot" />
|
||||
<option name="SPRING_BOOT_MAIN_CLASS" value="de.hmmh.pmt.ProjectManagementToolApplication" />
|
||||
<method v="2">
|
||||
<option name="Make" enabled="true" />
|
||||
<option name="RunConfigurationTask" enabled="false" run_configuration_name="Postgres" run_configuration_type="docker-deploy" />
|
||||
|
|
473
api/employee.yml
473
api/employee.yml
|
@ -1,473 +0,0 @@
|
|||
openapi: 3.0.1
|
||||
info:
|
||||
title: Employees Management Micro-Service
|
||||
description: "\n## Overview\n\nEmployees Management Service API manages the employees\
|
||||
\ of HighTec Gmbh including their qualifications. It offers the possibility to\
|
||||
\ create, read, update and delete employees and qualifications. Existing employees\
|
||||
\ can be assigned new qualifications or have them withdrawn. \nThe API is organized\
|
||||
\ around REST. It has predictable resource-oriented URLs, accepts JSON-encoded\
|
||||
\ request bodies, returns JSON-encoded responses, uses standard HTTP response\
|
||||
\ codes and authentication.\n\n## Authentication\n\nEmployees Management Service\
|
||||
\ API uses JWTs to authenticate requests. You will receive a bearer token by making\
|
||||
\ a POST-Request in IntelliJ on:\n\n\n```\nPOST http://keycloak.szut.dev/auth/realms/szut/protocol/openid-connect/token\n\
|
||||
Content-Type: application/x-www-form-urlencoded\ngrant_type=password&client_id=employee-management-service&username=user&password=test\n\
|
||||
```\n\n\nor by CURL\n```\ncurl -X POST 'http://keycloak.szut.dev/auth/realms/szut/protocol/openid-connect/token'\n\
|
||||
--header 'Content-Type: application/x-www-form-urlencoded'\n--data-urlencode 'grant_type=password'\n\
|
||||
--data-urlencode 'client_id=employee-management-service'\n--data-urlencode 'username=user'\n\
|
||||
--data-urlencode 'password=test'\n```\n\nTo get a bearer-token in Postman, you\
|
||||
\ have to follow the instructions in \n [Postman-Documentation](https://documenter.getpostman.com/view/7294517/SzmfZHnd).\n\
|
||||
\nAll API requests must be made over HTTPS. Calls made over plain HTTP will fail.\
|
||||
\ API requests without authentication will also fail. Each request has the URL\
|
||||
\ \n `https://employee.szut.dev` and the address of the desired resource."
|
||||
version: 1.0.1
|
||||
servers:
|
||||
- url: ""
|
||||
security:
|
||||
- bearerAuth: []
|
||||
paths:
|
||||
/qualifications/{id}:
|
||||
put:
|
||||
tags:
|
||||
- qualification-controller
|
||||
summary: updates a qualification
|
||||
operationId: updateQualification
|
||||
parameters:
|
||||
- name: id
|
||||
in: path
|
||||
required: true
|
||||
schema:
|
||||
type: integer
|
||||
format: int64
|
||||
requestBody:
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/QualificationPostDTO'
|
||||
required: true
|
||||
responses:
|
||||
"401":
|
||||
description: not authorized
|
||||
"400":
|
||||
description: invalid JSON posted
|
||||
"200":
|
||||
description: updated qualification
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/QualificationPostDTO'
|
||||
"404":
|
||||
description: resource not found
|
||||
delete:
|
||||
tags:
|
||||
- qualification-controller
|
||||
summary: deletes a qualification by id
|
||||
operationId: deleteQualificationByDesignation
|
||||
parameters:
|
||||
- name: id
|
||||
in: path
|
||||
required: true
|
||||
schema:
|
||||
type: integer
|
||||
format: int64
|
||||
responses:
|
||||
"401":
|
||||
description: not authorized
|
||||
"403":
|
||||
description: qualification is in use
|
||||
"204":
|
||||
description: delete successful
|
||||
"404":
|
||||
description: resource not found
|
||||
/employees/{id}:
|
||||
get:
|
||||
tags:
|
||||
- employee-controller
|
||||
summary: find employee by id
|
||||
operationId: findById
|
||||
parameters:
|
||||
- name: id
|
||||
in: path
|
||||
required: true
|
||||
schema:
|
||||
type: integer
|
||||
format: int64
|
||||
responses:
|
||||
"401":
|
||||
description: not authorized
|
||||
"200":
|
||||
description: employee
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/EmployeeResponseDTO'
|
||||
"404":
|
||||
description: resource not found
|
||||
put:
|
||||
tags:
|
||||
- employee-controller
|
||||
summary: updates employee by id - only changes the fields that are posted
|
||||
operationId: updateEmployee
|
||||
parameters:
|
||||
- name: id
|
||||
in: path
|
||||
required: true
|
||||
schema:
|
||||
type: integer
|
||||
format: int64
|
||||
requestBody:
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/EmployeeRequestPutDTO'
|
||||
required: true
|
||||
responses:
|
||||
"401":
|
||||
description: not authorized
|
||||
"200":
|
||||
description: employee
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/EmployeeResponseDTO'
|
||||
"404":
|
||||
description: resource not found
|
||||
delete:
|
||||
tags:
|
||||
- employee-controller
|
||||
summary: deletes a employee by id
|
||||
operationId: deleteCustomer
|
||||
parameters:
|
||||
- name: id
|
||||
in: path
|
||||
required: true
|
||||
schema:
|
||||
type: integer
|
||||
format: int64
|
||||
responses:
|
||||
"401":
|
||||
description: not authorized
|
||||
"204":
|
||||
description: delete successful
|
||||
"404":
|
||||
description: resource not found
|
||||
/qualifications:
|
||||
get:
|
||||
tags:
|
||||
- qualification-controller
|
||||
summary: delivers a list of all available qualifications
|
||||
operationId: findAll
|
||||
responses:
|
||||
"401":
|
||||
description: not authorized
|
||||
"200":
|
||||
description: list of qualifications
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/QualificationPostDTO'
|
||||
post:
|
||||
tags:
|
||||
- qualification-controller
|
||||
summary: creates a new qualification with its id and designation
|
||||
operationId: createQualification
|
||||
requestBody:
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/QualificationPostDTO'
|
||||
required: true
|
||||
responses:
|
||||
"401":
|
||||
description: not authorized
|
||||
"201":
|
||||
description: created qualification
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/QualificationPostDTO'
|
||||
"400":
|
||||
description: invalid JSON posted
|
||||
/employees:
|
||||
get:
|
||||
tags:
|
||||
- employee-controller
|
||||
summary: delivers a list of all employees
|
||||
operationId: findAll_1
|
||||
responses:
|
||||
"401":
|
||||
description: not authorized
|
||||
"200":
|
||||
description: list of employees
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
type: array
|
||||
items:
|
||||
$ref: '#/components/schemas/EmployeeResponseDTO'
|
||||
post:
|
||||
tags:
|
||||
- employee-controller
|
||||
summary: creates a new employee
|
||||
operationId: createEmployee
|
||||
requestBody:
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/EmployeeRequestDTO'
|
||||
required: true
|
||||
responses:
|
||||
"401":
|
||||
description: not authorized
|
||||
"400":
|
||||
description: invalid JSON posted
|
||||
"201":
|
||||
description: created employee
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/EmployeeResponseDTO'
|
||||
/employees/{id}/qualifications:
|
||||
get:
|
||||
tags:
|
||||
- employee-controller
|
||||
summary: finds all qualifications of an employee by id
|
||||
operationId: findAllQualificationOfAEmployeeById
|
||||
parameters:
|
||||
- name: id
|
||||
in: path
|
||||
required: true
|
||||
schema:
|
||||
type: integer
|
||||
format: int64
|
||||
responses:
|
||||
"401":
|
||||
description: not authorized
|
||||
"200":
|
||||
description: employee with a list of his qualifications
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/EmployeeNameAndSkillDataDTO'
|
||||
"404":
|
||||
description: resource not found
|
||||
post:
|
||||
tags:
|
||||
- employee-controller
|
||||
summary: adds a qualification to an employee by id
|
||||
operationId: addQualificationToEmployeeById
|
||||
parameters:
|
||||
- name: id
|
||||
in: path
|
||||
required: true
|
||||
schema:
|
||||
type: integer
|
||||
format: int64
|
||||
requestBody:
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/QualificationPostDTO'
|
||||
required: true
|
||||
responses:
|
||||
"401":
|
||||
description: not authorized
|
||||
"400":
|
||||
description: invalid JSON posted or employee already has this qualification
|
||||
"200":
|
||||
description: employee with a list of his qualifications
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/EmployeeNameAndSkillDataDTO'
|
||||
"404":
|
||||
description: resource not found
|
||||
delete:
|
||||
tags:
|
||||
- employee-controller
|
||||
summary: deletes a qualification of an employee by id
|
||||
operationId: removeQualificationFromEmployee
|
||||
parameters:
|
||||
- name: id
|
||||
in: path
|
||||
required: true
|
||||
schema:
|
||||
type: integer
|
||||
format: int64
|
||||
requestBody:
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/QualificationPostDTO'
|
||||
required: true
|
||||
responses:
|
||||
"401":
|
||||
description: not authorized
|
||||
"200":
|
||||
description: employee with a list of his qualifications
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/EmployeeNameAndSkillDataDTO'
|
||||
"404":
|
||||
description: resource not found
|
||||
/qualifications/{id}/employees:
|
||||
get:
|
||||
tags:
|
||||
- qualification-controller
|
||||
summary: find employees by qualification id
|
||||
operationId: findAllEmployeesByQualification
|
||||
parameters:
|
||||
- name: id
|
||||
in: path
|
||||
required: true
|
||||
schema:
|
||||
type: integer
|
||||
format: int64
|
||||
responses:
|
||||
"200":
|
||||
description: List of employees who have the desired qualification
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
$ref: '#/components/schemas/EmployeesForAQualificationDTO'
|
||||
"401":
|
||||
description: not authorized
|
||||
"404":
|
||||
description: qualification id does not exist
|
||||
components:
|
||||
schemas:
|
||||
QualificationPostDTO:
|
||||
required:
|
||||
- skill
|
||||
type: object
|
||||
properties:
|
||||
skill:
|
||||
type: string
|
||||
EmployeeRequestPutDTO:
|
||||
type: object
|
||||
properties:
|
||||
lastName:
|
||||
type: string
|
||||
firstName:
|
||||
type: string
|
||||
street:
|
||||
type: string
|
||||
postcode:
|
||||
type: string
|
||||
city:
|
||||
type: string
|
||||
phone:
|
||||
type: string
|
||||
skillSet:
|
||||
type: array
|
||||
items:
|
||||
type: integer
|
||||
format: int64
|
||||
EmployeeResponseDTO:
|
||||
required:
|
||||
- city
|
||||
- firstName
|
||||
- lastName
|
||||
- phone
|
||||
- postcode
|
||||
- street
|
||||
type: object
|
||||
properties:
|
||||
id:
|
||||
type: integer
|
||||
format: int64
|
||||
lastName:
|
||||
type: string
|
||||
firstName:
|
||||
type: string
|
||||
street:
|
||||
type: string
|
||||
postcode:
|
||||
maxLength: 5
|
||||
minLength: 5
|
||||
type: string
|
||||
city:
|
||||
type: string
|
||||
phone:
|
||||
type: string
|
||||
skillSet:
|
||||
type: array
|
||||
items:
|
||||
$ref: '#/components/schemas/QualificationGetDTO'
|
||||
QualificationGetDTO:
|
||||
type: object
|
||||
properties:
|
||||
skill:
|
||||
type: string
|
||||
id:
|
||||
type: integer
|
||||
format: int64
|
||||
EmployeeRequestDTO:
|
||||
required:
|
||||
- city
|
||||
- firstName
|
||||
- lastName
|
||||
- phone
|
||||
- postcode
|
||||
- street
|
||||
type: object
|
||||
properties:
|
||||
lastName:
|
||||
type: string
|
||||
firstName:
|
||||
type: string
|
||||
street:
|
||||
type: string
|
||||
postcode:
|
||||
maxLength: 5
|
||||
minLength: 5
|
||||
type: string
|
||||
city:
|
||||
type: string
|
||||
phone:
|
||||
type: string
|
||||
skillSet:
|
||||
type: array
|
||||
items:
|
||||
type: integer
|
||||
format: int64
|
||||
EmployeeNameAndSkillDataDTO:
|
||||
type: object
|
||||
properties:
|
||||
id:
|
||||
type: integer
|
||||
format: int64
|
||||
lastName:
|
||||
type: string
|
||||
firstName:
|
||||
type: string
|
||||
skillSet:
|
||||
uniqueItems: true
|
||||
type: array
|
||||
items:
|
||||
$ref: '#/components/schemas/QualificationPostDTO'
|
||||
EmployeeNameDataDTO:
|
||||
type: object
|
||||
properties:
|
||||
id:
|
||||
type: integer
|
||||
format: int64
|
||||
lastName:
|
||||
type: string
|
||||
firstName:
|
||||
type: string
|
||||
EmployeesForAQualificationDTO:
|
||||
type: object
|
||||
properties:
|
||||
qualification:
|
||||
$ref: '#/components/schemas/QualificationGetDTO'
|
||||
employees:
|
||||
uniqueItems: true
|
||||
type: array
|
||||
items:
|
||||
$ref: '#/components/schemas/EmployeeNameDataDTO'
|
||||
securitySchemes:
|
||||
bearerAuth:
|
||||
type: http
|
||||
scheme: bearer
|
||||
bearerFormat: JWT
|
|
@ -10,7 +10,7 @@ repositories {
|
|||
plugins {
|
||||
java
|
||||
checkstyle
|
||||
id("com.github.spotbugs") version "6.0.23"
|
||||
id("com.github.spotbugs") version "6.0.22"
|
||||
id("org.springframework.boot") version "3.3.3"
|
||||
id("io.spring.dependency-management") version "1.1.6"
|
||||
id("org.hidetake.swagger.generator") version "2.19.2"
|
||||
|
@ -44,25 +44,19 @@ configurations {
|
|||
}
|
||||
|
||||
dependencies {
|
||||
// Spring
|
||||
//Spring
|
||||
implementation("org.springframework.boot:spring-boot-starter-data-jpa")
|
||||
implementation("org.springframework.boot:spring-boot-starter-validation")
|
||||
implementation("org.springframework.boot:spring-boot-starter-web")
|
||||
implementation("org.springframework.boot:spring-boot-starter-security")
|
||||
implementation("org.springframework.boot:spring-boot-starter-oauth2-client")
|
||||
implementation("org.springframework.boot:spring-boot-starter-oauth2-resource-server")
|
||||
|
||||
// Postgres
|
||||
runtimeOnly("org.postgresql:postgresql")
|
||||
|
||||
// Lombok
|
||||
//Lombok
|
||||
compileOnly("org.projectlombok:lombok")
|
||||
annotationProcessor("org.projectlombok:lombok")
|
||||
|
||||
// Test
|
||||
//Test
|
||||
testImplementation("org.springframework.boot:spring-boot-starter-test")
|
||||
testImplementation("org.springframework.boot:spring-boot-testcontainers")
|
||||
testImplementation("org.springframework.security:spring-security-test")
|
||||
testImplementation("org.testcontainers:junit-jupiter")
|
||||
testImplementation("org.testcontainers:postgresql")
|
||||
testRuntimeOnly("org.junit.platform:junit-platform-launcher")
|
||||
|
@ -70,32 +64,25 @@ dependencies {
|
|||
//OAS
|
||||
swaggerCodegen("io.swagger.codegen.v3:swagger-codegen-cli:3.0.61")
|
||||
implementation("io.swagger.core.v3:swagger-annotations:2.2.22")
|
||||
implementation("jakarta.xml.bind:jakarta.xml.bind-api") //Needed for XML/HTML Validation
|
||||
}
|
||||
|
||||
swaggerSources {
|
||||
register("pmt") {
|
||||
setInputFile(file("${rootDir}/api/pmt.yml"))
|
||||
code.configFile = file("${rootDir}/gen/config-pmt.json")
|
||||
setInputFile(file("${rootDir}/src/main/resources/api.yml"))
|
||||
code.configFile = file("${rootDir}/src/main/resources/gen-config.json")
|
||||
val validationTask = validation
|
||||
code(delegateClosureOf<GenerateSwaggerCode> {
|
||||
language = "spring"
|
||||
components = listOf("models", "apis")
|
||||
code.rawOptions =
|
||||
listOf("--ignore-file-override=" + file("${rootDir}/gen/.ignore-pmt").absolutePath)
|
||||
listOf("--ignore-file-override=" + file("${rootDir}/src/main/resources/.codegen-ignore").absolutePath)
|
||||
dependsOn(validationTask)
|
||||
})
|
||||
}
|
||||
create("employee") {
|
||||
setInputFile(file("${rootDir}/api/employee.yml"))
|
||||
code.configFile = file("${rootDir}/gen/config-employee.json")
|
||||
code(delegateClosureOf<GenerateSwaggerCode> {
|
||||
language = "java"
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
tasks {
|
||||
withType()
|
||||
|
||||
withType<Checkstyle> {
|
||||
reports {
|
||||
xml.required.set(true)
|
||||
|
@ -113,7 +100,6 @@ tasks {
|
|||
}
|
||||
named("compileJava").configure {
|
||||
dependsOn(swaggerSources.getByName("pmt").code)
|
||||
dependsOn(swaggerSources.getByName("employee").code)
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -121,8 +107,5 @@ sourceSets {
|
|||
main {
|
||||
java.srcDir("${swaggerSources.getByName("pmt").code.outputDir}/src/main/java")
|
||||
resources.srcDir("${swaggerSources.getByName("pmt").code.outputDir}/src/main/resources")
|
||||
|
||||
java.srcDir("${swaggerSources.getByName("employee").code.outputDir}/src/main/java")
|
||||
resources.srcDir("${swaggerSources.getByName("employee").code.outputDir}/src/main/resources")
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,4 +0,0 @@
|
|||
**/*ApiController.java
|
||||
**/*application.properties
|
||||
**/io/swagger/configuration/HomeController.java
|
||||
**/io/swagger/configuration/SwaggerUiConfiguration.java
|
|
@ -1,11 +0,0 @@
|
|||
{
|
||||
"modelPackage": "de.hmmh.pmt.employee.dtos",
|
||||
"apiPackage": "de.hmmh.pmt.employee.api",
|
||||
"invokerPackage": "de.hmmh.pmt.employee",
|
||||
"java8": false,
|
||||
"java11": true,
|
||||
"dateLibrary": "java11",
|
||||
"library": "resttemplate",
|
||||
"serializableModel": true,
|
||||
"jakarta": true
|
||||
}
|
|
@ -1,4 +0,0 @@
|
|||
POST https://keycloak.szut.dev/auth/realms/szut/protocol/openid-connect/token
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
grant_type=password&client_id=employee-management-service&username=user&password=test
|
|
@ -1,30 +1,27 @@
|
|||
package de.hmmh.pmt;
|
||||
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import de.hmmh.pmt.employee.ApiClientFactory;
|
||||
import de.hmmh.pmt.db.Project;
|
||||
import de.hmmh.pmt.db.ProjectRepository;
|
||||
import de.hmmh.pmt.oas.DefaultApi;
|
||||
import de.hmmh.pmt.dtos.GetAllProjectsDTO;
|
||||
import de.hmmh.pmt.dtos.ProjectInfo;
|
||||
import de.hmmh.pmt.oas.dtos.GetAllProjectsDTO;
|
||||
import de.hmmh.pmt.oas.dtos.ProjectInfo;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
|
||||
@Controller
|
||||
@RequestMapping("${openapi.projectManagement.base-path:/api/v1}")
|
||||
public class ApiController implements DefaultApi {
|
||||
@Autowired
|
||||
private ApiClientFactory apiClientFactory;
|
||||
@Autowired
|
||||
private ProjectRepository projectRepository;
|
||||
|
||||
// apiClientFactory.getEmployeeApi().findAll1()
|
||||
|
||||
@Override
|
||||
public Optional<ObjectMapper> getObjectMapper() {
|
||||
return Optional.empty();
|
||||
|
|
|
@ -1,13 +0,0 @@
|
|||
package de.hmmh.pmt;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.web.client.RestTemplate;
|
||||
|
||||
@Configuration
|
||||
public class Config {
|
||||
@Bean
|
||||
public RestTemplate restTemplate() {
|
||||
return new RestTemplate();
|
||||
}
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
package de.hmmh.pmt;
|
||||
|
||||
import org.springframework.boot.SpringApplication;
|
||||
import org.springframework.boot.autoconfigure.SpringBootApplication;
|
||||
|
||||
@SpringBootApplication
|
||||
public class ProjectManagementToolApplication {
|
||||
|
||||
public static void main(String[] args) {
|
||||
SpringApplication.run(ProjectManagementToolApplication.class, args);
|
||||
}
|
||||
|
||||
}
|
|
@ -1,57 +0,0 @@
|
|||
package de.hmmh.pmt.auth;
|
||||
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.core.session.SessionRegistry;
|
||||
import org.springframework.security.core.session.SessionRegistryImpl;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
|
||||
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
|
||||
import org.springframework.security.web.session.HttpSessionEventPublisher;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
|
||||
@Configuration
|
||||
@EnableWebSecurity
|
||||
@EnableMethodSecurity
|
||||
public class AuthConfig {
|
||||
|
||||
private final JWT jwt;
|
||||
|
||||
AuthConfig(JWT jwt) {
|
||||
this.jwt = jwt;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SessionRegistry sessionRegistry() {
|
||||
return new SessionRegistryImpl();
|
||||
}
|
||||
|
||||
@Bean
|
||||
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
|
||||
return new RegisterSessionAuthenticationStrategy(sessionRegistry());
|
||||
}
|
||||
|
||||
@Bean
|
||||
public HttpSessionEventPublisher httpSessionEventPublisher() {
|
||||
return new HttpSessionEventPublisher();
|
||||
}
|
||||
|
||||
|
||||
@Bean
|
||||
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
|
||||
http
|
||||
.authorizeHttpRequests(auth -> auth
|
||||
.anyRequest()
|
||||
.authenticated()
|
||||
)
|
||||
.oauth2ResourceServer(resourceServer -> resourceServer
|
||||
.jwt(jwt -> jwt
|
||||
.jwtAuthenticationConverter(this.jwt.jwtAuthenticationConverter())
|
||||
)
|
||||
);
|
||||
return http.build();
|
||||
}
|
||||
}
|
|
@ -1,71 +0,0 @@
|
|||
package de.hmmh.pmt.auth;
|
||||
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
|
||||
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
|
||||
import org.springframework.security.web.authentication.logout.LogoutHandler;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.client.RestTemplate;
|
||||
import org.springframework.web.util.UriComponentsBuilder;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
@Component
|
||||
public class JWT implements LogoutHandler {
|
||||
private static final String REALM_ACCESS_CLAIM = "realm_access";
|
||||
private static final String ROLES_CLAIM = "roles";
|
||||
private static final String ROLE_PREFIX = "ROLE_";
|
||||
private static final String OIDC_LOGOUT_ROUTE = "/protocol/openid-connect/logout";
|
||||
private static final String OIDC_TOKEN_HINT_QUERY_PARAMETER = "id_token_hin";
|
||||
|
||||
@Autowired
|
||||
private RestTemplate template;
|
||||
|
||||
@Override
|
||||
public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
|
||||
OidcUser user = (OidcUser) authentication.getPrincipal();
|
||||
String endSessionEndpoint = user.getIssuer() + OIDC_LOGOUT_ROUTE;
|
||||
UriComponentsBuilder builder = UriComponentsBuilder
|
||||
.fromUriString(endSessionEndpoint)
|
||||
.queryParam(OIDC_TOKEN_HINT_QUERY_PARAMETER, user.getIdToken().getTokenValue());
|
||||
|
||||
ResponseEntity<String> logoutResponse = template.getForEntity(builder.toUriString(), String.class);
|
||||
if (logoutResponse.getStatusCode().is2xxSuccessful()) {
|
||||
System.out.println("Logged out successfully");
|
||||
} else {
|
||||
System.out.println("Failed to logout");
|
||||
}
|
||||
}
|
||||
|
||||
public JwtAuthenticationConverter jwtAuthenticationConverter() {
|
||||
JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
|
||||
jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(jwt -> {
|
||||
List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
|
||||
|
||||
Map<String, Object> realmAccess = jwt.getClaim(REALM_ACCESS_CLAIM);
|
||||
if (realmAccess == null || !realmAccess.containsKey(ROLES_CLAIM)) {
|
||||
return grantedAuthorities;
|
||||
}
|
||||
|
||||
Object rolesClaim = realmAccess.get(ROLES_CLAIM);
|
||||
if (!(rolesClaim instanceof List<?>)) {
|
||||
return grantedAuthorities;
|
||||
}
|
||||
for (Object role : (List<?>) rolesClaim) {
|
||||
assert role instanceof String;
|
||||
grantedAuthorities.add(new SimpleGrantedAuthority(ROLE_PREFIX + role));
|
||||
}
|
||||
|
||||
return grantedAuthorities;
|
||||
});
|
||||
return jwtAuthenticationConverter;
|
||||
}
|
||||
}
|
|
@ -1,12 +0,0 @@
|
|||
package de.hmmh.pmt.auth;
|
||||
|
||||
import lombok.Getter;
|
||||
import lombok.Setter;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
@Getter
|
||||
@Setter
|
||||
@Component
|
||||
public class JwtToken{
|
||||
private String token;
|
||||
}
|
|
@ -1,38 +0,0 @@
|
|||
package de.hmmh.pmt.auth;
|
||||
|
||||
import jakarta.servlet.FilterChain;
|
||||
import jakarta.servlet.ServletException;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import jakarta.servlet.http.HttpServletResponse;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.filter.OncePerRequestFilter;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
@Component
|
||||
public class JwtTokenFilter extends OncePerRequestFilter {
|
||||
|
||||
@Autowired
|
||||
private JwtToken token;
|
||||
|
||||
@Override
|
||||
protected void doFilterInternal(
|
||||
HttpServletRequest request,
|
||||
HttpServletResponse response,
|
||||
FilterChain filterChain
|
||||
) throws ServletException, IOException {
|
||||
token.setToken(null);
|
||||
String authHeader = request.getHeader("Authorization");
|
||||
if (authHeader == null) {
|
||||
filterChain.doFilter(request, response);
|
||||
return;
|
||||
}
|
||||
if (!authHeader.startsWith("Bearer ")) {
|
||||
filterChain.doFilter(request, response);
|
||||
return;
|
||||
}
|
||||
token.setToken(authHeader.substring("Bearer ".length()));
|
||||
filterChain.doFilter(request, response);
|
||||
}
|
||||
}
|
|
@ -1,37 +0,0 @@
|
|||
package de.hmmh.pmt.employee;
|
||||
|
||||
import de.hmmh.pmt.auth.JwtToken;
|
||||
import de.hmmh.pmt.employee.api.EmployeeControllerApi;
|
||||
import de.hmmh.pmt.employee.api.QualificationControllerApi;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
@Component
|
||||
public class ApiClientFactory {
|
||||
|
||||
@Autowired
|
||||
private ApiClient apiClient;
|
||||
@Autowired
|
||||
private JwtToken apiToken;
|
||||
@Autowired
|
||||
private EmployeeControllerApi employee;
|
||||
@Autowired
|
||||
private QualificationControllerApi qualification;
|
||||
|
||||
public EmployeeControllerApi getEmployeeApi() {
|
||||
prepareApiClient();
|
||||
employee.setApiClient(apiClient);
|
||||
return employee;
|
||||
}
|
||||
|
||||
public QualificationControllerApi getQualificationApi() {
|
||||
prepareApiClient();
|
||||
qualification.setApiClient(apiClient);
|
||||
return qualification;
|
||||
}
|
||||
|
||||
private void prepareApiClient() {
|
||||
apiClient.setAccessToken(apiToken.getToken());
|
||||
apiClient.setBasePath("https://employee.szut.dev");
|
||||
}
|
||||
}
|
2
src/main/resources/.codegen-ignore
Normal file
2
src/main/resources/.codegen-ignore
Normal file
|
@ -0,0 +1,2 @@
|
|||
**/*ApiController.java
|
||||
**/org/openapitools/configuration/
|
|
@ -5,15 +5,7 @@ info:
|
|||
version: 1.0.0
|
||||
servers:
|
||||
- url: /api/v1
|
||||
security:
|
||||
- JWTAuth: []
|
||||
|
||||
components:
|
||||
securitySchemes:
|
||||
JWTAuth:
|
||||
type: http
|
||||
scheme: bearer
|
||||
bearerFormat: JWT
|
||||
schemas:
|
||||
ProjectInfo:
|
||||
type: object
|
|
@ -7,11 +7,3 @@ spring.datasource.url=jdbc:postgresql://localhost:5432/pmt
|
|||
spring.datasource.username=pmt_user
|
||||
spring.datasource.password=pmt123
|
||||
spring.jpa.hibernate.ddl-auto=create-drop
|
||||
|
||||
# JWT Auth
|
||||
spring.security.oauth2.client.registration.keycloak.client-id=employee-management-service
|
||||
spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code
|
||||
spring.security.oauth2.client.registration.keycloak.scope=openid
|
||||
spring.security.oauth2.client.provider.keycloak.issuer-uri=https://keycloak.szut.dev/auth/realms/szut
|
||||
spring.security.oauth2.client.provider.keycloak.user-name-attribute=preferred_username
|
||||
spring.security.oauth2.resourceserver.jwt.issuer-uri=https://keycloak.szut.dev/auth/realms/szut
|
||||
|
|
|
@ -5,5 +5,5 @@
|
|||
>
|
||||
|
||||
<suppressions>
|
||||
<suppress files="build[\\/]" checks="."/>
|
||||
<suppress files="[\\/]de[\\/]hmmh[\\/]pmt[\\/]oas" checks="."/>
|
||||
</suppressions>
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{
|
||||
"modelPackage": "de.hmmh.pmt.dtos",
|
||||
"modelPackage": "de.hmmh.pmt.oas.dtos",
|
||||
"apiPackage": "de.hmmh.pmt.oas",
|
||||
"invokerPackage": "de.hmmh.pmt",
|
||||
"invokerPackage": "de.hmmh.pmt.oas",
|
||||
"java8": false,
|
||||
"java11": true,
|
||||
"dateLibrary": "java11",
|
|
@ -1,11 +1,5 @@
|
|||
<FindBugsFilter xmlns="https://raw.githubusercontent.com/spotbugs/spotbugs/4.8.6/spotbugs/etc/findbugsfilter.xsd">
|
||||
<FindBugsFilter>
|
||||
<Match>
|
||||
<!-- We Want This Exposure of Resources the Way it is for our usage -->
|
||||
<Class name="de.hmmh.pmt.employee.ApiClientFactory"/>
|
||||
<Bug code="M,V,EI"/>
|
||||
</Match>
|
||||
<Match>
|
||||
<!--Ignore Auto Generated Code -->
|
||||
<Source name="~.*build/.*"/>
|
||||
<Package name="de.hmmh.pmt.oas"/>
|
||||
</Match>
|
||||
</FindBugsFilter>
|
||||
|
|
Loading…
Reference in a new issue