Skip to content

Commit e40b6e7

Browse files
phrockerphrocker
authored
Merge pull request #10 from SentriusLLC/gcp_deploy_domain
dry run of gcp deploy with automated domain creation
2 parents a2efbbd + 0bbc2e7 commit e40b6e7

File tree

33 files changed

+517
-234
lines changed

33 files changed

+517
-234
lines changed

.gcp.env

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
SENTRIUS_VERSION=1.0.9
1+
SENTRIUS_VERSION=1.0.15
22
SENTRIUS_SSH_VERSION=1.0.2
3-
SENTRIUS_KEYCLOAK_VERSION=1.0.2
4-
SENTRIUS_AGENT_VERSION=1.0.10
3+
SENTRIUS_KEYCLOAK_VERSION=1.0.4
4+
SENTRIUS_AGENT_VERSION=1.0.11

Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,4 +15,4 @@ RUN apt-get update && apt-get install -y curl
1515

1616

1717
# Command to run the app
18-
CMD ["java", "-jar", "/app/sentrius.jar", "--spring.config.location=/config/application.properties", "--dynamic.properties.path=/config/dynamic.properties"]
18+
CMD ["java", "-jar", "/app/sentrius.jar", "--spring.config.location=/config/api-application.properties", "--dynamic.properties.path=/config/dynamic.properties"]

analyagents/pom.xml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -48,6 +48,12 @@
4848
<artifactId>junit-jupiter-params</artifactId>
4949
<scope>test</scope>
5050
</dependency>
51+
52+
<dependency>
53+
<groupId>org.springframework.boot</groupId>
54+
<artifactId>spring-boot-starter-actuator</artifactId>
55+
<version>${spring.boot.version}</version>
56+
</dependency>
5157
<dependency>
5258
<groupId>org.postgresql</groupId>
5359
<artifactId>postgresql</artifactId>

analyagents/src/main/resources/application.properties

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,4 +59,6 @@ spring.security.oauth2.client.registration.keycloak.scope=openid,profile,email
5959
spring.security.oauth2.resourceserver.jwt.issuer-uri=http://192.168.1.162:8180/realms/sentrius
6060
spring.security.oauth2.client.provider.keycloak.issuer-uri=http://192.168.1.162:8180/realms/sentrius
6161
# for testing analytics agents
62-
agents.session-analytics.enabled=true
62+
agents.session-analytics.enabled=true
63+
management.endpoints.web.exposure.include=health
64+
management.endpoint.health.show-details=always

api/pom.xml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,17 @@
6363
<version>${spring.boot.version}</version>
6464
</dependency>
6565

66+
<dependency>
67+
<groupId>org.springframework.boot</groupId>
68+
<artifactId>spring-boot-starter-actuator</artifactId>
69+
<version>${spring.boot.version}</version>
70+
</dependency>
71+
<dependency>
72+
<groupId>org.springframework.boot</groupId>
73+
<artifactId>spring-boot-starter-webflux</artifactId>
74+
<version>${spring.boot.version}</version>
75+
</dependency>
76+
6677
<dependency>
6778
<groupId>org.springframework.boot</groupId>
6879
<artifactId>spring-boot-devtools</artifactId>

api/src/main/java/io/sentrius/sso/config/HttpsRedirectConfig.java

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
package io.sentrius.sso.config;
2+
3+
import java.net.URI;
4+
import org.springframework.beans.factory.annotation.Value;
5+
import org.springframework.context.annotation.Bean;
6+
import org.springframework.context.annotation.Configuration;
7+
import org.springframework.web.server.WebFilter;
8+
9+
@Configuration
10+
public class HttpsRedirectConfig {
11+
12+
@Value("${https.redirect.enabled:true}") // Default is true
13+
private boolean httpsRedirectEnabled;
14+
15+
@Bean
16+
public WebFilter httpsRedirectFilter() {
17+
return (exchange, chain) -> {
18+
if (httpsRedirectEnabled &&
19+
exchange.getRequest().getHeaders().containsKey("X-Forwarded-Proto") &&
20+
"http".equals(exchange.getRequest().getHeaders().getFirst("X-Forwarded-Proto"))) {
21+
URI httpsUri = exchange.getRequest()
22+
.getURI()
23+
.resolve(exchange.getRequest().getURI().toString().replace("http://", "https://"));
24+
return exchange.getResponse().setComplete();
25+
}
26+
return chain.filter(exchange);
27+
};
28+
}
29+
}

api/src/main/java/io/sentrius/sso/config/SecurityConfig.java

Lines changed: 3 additions & 55 deletions
Original file line numberDiff line numberDiff line change
@@ -42,56 +42,10 @@ public class SecurityConfig {
4242
@Bean
4343
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
4444

45-
/* http
46-
.authorizeRequests(authorize -> authorize
47-
.requestMatchers("/sso/v1/**", "/api/v1/**").authenticated() // Pages that need authentication
48-
.requestMatchers("/node/**", "/js/**", "/css/**", "/images/**", "/error", "/sso/login", "/api/v1/login/authenticate").permitAll() // Public endpoints
49-
.anyRequest().authenticated() // Other pages need authentication
50-
)
51-
.logout(logout -> logout
52-
.logoutSuccessUrl("/sso/login?logout") // Redirect after logout
53-
)
54-
.sessionManagement(session -> session
55-
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
56-
)
57-
.oauth2Login(oauth2 -> oauth2 // Enable OAuth2 login
58-
.loginPage("/oauth2/authorization/keycloak") // Redirect to Keycloak
59-
)
60-
.oauth2ResourceServer(oauth2 -> oauth2
61-
.jwt(jwt -> jwt.jwtAuthenticationConverter(jwtAuthenticationConverterForKeycloak()))
62-
)
63-
.csrf(csrf -> csrf
64-
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
65-
)
66-
67-
.cors(Customizer.withDefaults())
68-
.exceptionHandling(exception -> exception
69-
.accessDeniedPage("/error") // Handle access denied with error page
70-
);*/
71-
/*
7245
http
73-
.authorizeRequests(authorize -> authorize
74-
.requestMatchers("/sso/v1/**", "/api/v1/**").authenticated()
75-
.requestMatchers("/node/**", "/js/**", "/css/**", "/images/**", "/error", "/sso/login", "/api/v1/login/authenticate").permitAll()
76-
.anyRequest().authenticated()
77-
)
78-
.sessionManagement(session -> session
79-
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
80-
)
81-
.oauth2Login(oauth2 -> oauth2
82-
.loginPage("/oauth2/authorization/keycloak")
83-
)
84-
.oauth2ResourceServer(oauth2 -> oauth2
85-
.jwt(jwt -> jwt.jwtAuthenticationConverter(jwtAuthenticationConverterForKeycloak()))
86-
)
87-
.csrf(csrf -> csrf
88-
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
89-
)
90-
.cors(Customizer.withDefaults())
91-
.exceptionHandling(exception -> exception
92-
.accessDeniedPage("/error")
93-
);*/
94-
http.authorizeHttpRequests(auth -> auth.requestMatchers("/**").fullyAuthenticated())
46+
.authorizeHttpRequests(auth -> auth.
47+
requestMatchers("/actuator/**").permitAll() // Public endpoints
48+
.requestMatchers("/**").fullyAuthenticated())
9549
.oauth2ResourceServer(oauth2 -> oauth2
9650
.jwt(jwt -> jwt.jwtAuthenticationConverter(jwtAuthenticationConverterForKeycloak()))
9751
)
@@ -104,12 +58,6 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
10458
return http.build();
10559
}
10660

107-
/*
108-
@Bean
109-
public JwtDecoder jwtDecoder(OAuth2ResourceServerProperties properties) {
110-
return JwtDecoders.fromIssuerLocation("http://localhost:8180/realms/sentrius");
111-
}
112-
*/
11361
@Bean
11462
public JwtAuthenticationConverter jwtAuthenticationConverterForKeycloak() {
11563
JwtAuthenticationConverter converter = new JwtAuthenticationConverter();

api/src/main/java/io/sentrius/sso/controllers/api/RuleApiController.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -77,14 +77,15 @@ public ResponseEntity<List<ProfileRuleDTO>> listRules(HttpServletRequest request
7777
boolean canEditRules = AccessUtil.canAccess(user, RuleAccessEnum.CAN_EDIT_RULES);
7878
boolean canDeleteRules = AccessUtil.canAccess(user, RuleAccessEnum.CAN_MANAGE_RULES);
7979
if (AccessUtil.canAccess(user, ApplicationAccessEnum.CAN_MANAGE_APPLICATION)) {
80-
80+
log.info("User can manage rules {}", user.getAuthorizationType());
8181
for(ProfileRule rule: ruleService.getAllRules()) {
8282
var dto = new ProfileRuleDTO(rule, rule.getHostGroups().stream().toList(), canViewRules, canEditRules,
8383
canDeleteRules);
8484
rules.add(dto);
8585
log.info("Adding {}", dto);
8686
}
8787
} else {
88+
log.info("User can manage own rules");
8889
var groups = hostGroupService.getAllHostGroups(user);
8990
for (HostGroup group : groups) {
9091
for(ProfileRule rule : group.getRules()) {

api/src/main/java/io/sentrius/sso/startup/ConfigurationApplicationTask.java

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,7 @@
2929
import io.sentrius.sso.core.model.dto.UserTypeDTO;
3030
import io.sentrius.sso.core.model.hostgroup.HostGroup;
3131
import io.sentrius.sso.core.model.security.UserType;
32+
import io.sentrius.sso.core.model.security.enums.ApplicationAccessEnum;
3233
import io.sentrius.sso.core.model.security.enums.AutomationAccessEnum;
3334
import io.sentrius.sso.core.model.security.enums.RuleAccessEnum;
3435
import io.sentrius.sso.core.model.security.enums.SSHAccessEnum;
@@ -337,6 +338,10 @@ protected List<UserType> createUserTypes(List<SideEffect> sideEffects, InstallCo
337338
builder.ztAccessTokenAccess(ZeroTrustAccessTokenEnum.of(List.of(type.getZtAccessTokenAccess())));
338339
}
339340

341+
if (null != type.getApplicationAccess()){
342+
builder.applicationAccess(ApplicationAccessEnum.of(List.of(type.getApplicationAccess())));
343+
}
344+
340345
UserType newType = builder.userTypeName(type.getUserTypeName()).build();
341346
userTypeRepository.findByUserTypeName(type.getUserTypeName())
342347
.ifPresentOrElse(

api/src/main/resources/application.properties

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -72,4 +72,7 @@ spring.security.oauth2.client.registration.keycloak.redirect-uri=http://192.168.
7272
spring.security.oauth2.client.registration.keycloak.scope=openid,profile,email
7373

7474
spring.security.oauth2.resourceserver.jwt.issuer-uri=http://192.168.1.162:8180/realms/sentrius
75-
spring.security.oauth2.client.provider.keycloak.issuer-uri=http://192.168.1.162:8180/realms/sentrius
75+
spring.security.oauth2.client.provider.keycloak.issuer-uri=http://192.168.1.162:8180/realms/sentrius
76+
77+
management.endpoints.web.exposure.include=health
78+
management.endpoint.health.show-details=always

0 commit comments

Comments
 (0)