Merge pull request #91 from com-pas/develop

Merge branch 'develop' into main

Author: Rob Tjalma

.github/dependabot.yml

@@ -0,0 +1,35 @@
+# SPDX-FileCopyrightText: 2021 Alliander N.V.
+#
+# SPDX-License-Identifier: Apache-2.0
+
+version: 2
+
+registries:
+  maven-github:
+    type: maven-repository
+    url: https://maven.pkg.github.com/com-pas/*
+    username: OWNER
+    password: ${{ secrets.DB_GITHUB_PACKAGES }}
+
+updates:
+  # Maintain dependencies for GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 5
+
+  # Maintain dependencies for Maven
+  - package-ecosystem: "maven"
+    directory: "/"
+    registries:
+      - maven-github
+    schedule:
+      interval: "daily"
+    open-pull-requests-limit: 5
+    ignore:
+      # Next two dependencies shouldn't be upgrade, because RestEasy isn't using newer version. (2.3.X)
+      - dependency-name: jakarta.xml.bind:jakarta.xml.bind-api
+        versions: [ "[3.0,)" ]
+      - dependency-name: com.sun.xml.bind:jaxb-impl
+        versions: [ "[3.0,)" ]

.github/workflows/build-project.yml

@@ -15,9 +15,10 @@ jobs:
     steps:
     - uses: actions/checkout@v2
     - name: Set up JDK 1.11
-      uses: actions/setup-java@v1
+      uses: actions/setup-java@v2.3.0
       with:
-        java-version: 1.11
+        distribution: 'zulu'
+        java-version: '11'
     - name: Create custom Maven Settings.xml
       uses: whelk-io/maven-settings-xml-action@v18
       with:

.github/workflows/release-project.yml

@@ -24,10 +24,11 @@ jobs:
         shell: bash
         # Extra the tagname form the git reference, value of GITHUB_REF will be something like refs/tags/<tag_name>.
         run: echo "##[set-output name=tagname;]$(echo ${GITHUB_REF##*/})"
-      - uses: actions/setup-java@v2
+      - name: Set up JDK 11
+        uses: actions/[email protected]
         with:
+          distribution: 'zulu'
           java-version: '11'
-          distribution: 'adopt'
       - name: Create custom Maven Settings.xml
         uses: whelk-io/maven-settings-xml-action@v18
         with:

.github/workflows/sonarcloud-analysis.yml

@@ -17,17 +17,18 @@ jobs:
         with:
           fetch-depth: 0
       - name: Set up JDK 11
-        uses: actions/setup-java@v1
+        uses: actions/setup-java@v2.3.0
         with:
-          java-version: 1.11
+          distribution: 'zulu'
+          java-version: '11'
       - name: Cache SonarCloud packages
-        uses: actions/cache@v1
+        uses: actions/cache@v2.1.6
         with:
           path: ~/.sonar/cache
           key: ${{ runner.os }}-sonar
           restore-keys: ${{ runner.os }}-sonar
       - name: Cache Maven packages
-        uses: actions/cache@v1
+        uses: actions/cache@v2.1.6
         with:
           path: ~/.m2
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}

README.md

@@ -71,3 +71,66 @@ You can then execute your native executable with: `./app/target/code-with-quarku
 
 If you want to learn more about building native executables, please consult https://quarkus.io/guides/maven-tooling.html
 .
+
+## Environment variables
+
+Below environment variable(s) can be used to configure the connection to BaseX, if BaseX Server is used.
+
+| Environment variable             | Java Property             | Description                                   | Example          |
+| -------------------------------- | ------------------------- | --------------------------------------------- | ---------------- |
+| BASEX_HOST                       | basex.host                | Name of the Host where BaseX runs.            | localhost        |
+| BASEX_PORT                       | basex.port                | Port on the Host on which BaseX runs.         | 1984             |
+| BASEX_USERNAME                   | basex.username            | Username under which the application logs in. | admin            |
+| BASEX_PASSWORD                   | basex.password            | Password of the username used above.          | admin            |
+
+Below environment variable(s) can be used to configure which claims are used to fill the UserInfo response.
+
+| Environment variable             | Java Property                  | Description                                   | Example          |
+| -------------------------------- | ------------------------------ | --------------------------------------------- | ---------------- |
+| USERINFO_NAME_CLAIMNAME          | compas.userinfo.name.claimname | The Name of the user logged in.               | name             |
+| USERINFO_WHO_CLAIMNAME           | compas.userinfo.who.claimname  | The Name of the user used in the Who History. | name             |
+
+## Security
+
+To use most of the endpoints the users needs to be authenticated using JWT in the authorization header. There are 4
+environment variables that can be set in the container to configure the validation/processing of the JWT.
+
+| Environment variable             | Java Property                    | Description                                        | Example                                                                |
+| -------------------------------- | -------------------------------- | -------------------------------------------------- | ---------------------------------------------------------------------- |
+| JWT_VERIFY_KEY                   | smallrye.jwt.verify.key.location | Location of certificates to verify the JWT.        | http://localhost:8089/auth/realms/compas/protocol/openid-connect/certs |
+| JWT_VERIFY_ISSUER                | mp.jwt.verify.issuer             | The issuer of the JWT.                             | http://localhost:8089/auth/realms/compas                               |
+| JWT_VERIFY_CLIENT_ID             | mp.jwt.verify.audiences          | The Client ID that should be in the "aud" claim.   | scl-data-service                                                       |
+| JWT_GROUPS_PATH                  | smallrye.jwt.path.groups         | The JSON Path where to find the roles of the user. | resource_access/scl-data-service/roles                                 |
+
+The application uses the following list of roles. The fine-grained roles are built up of the types of SCL Files this
+service supports and the rights READ/CREATE/UPDATE/DElETE. This way the mapping of the roles to groups/users can be
+configured as needed.
+
+- ICD_CREATE
+- ICD_DELETE
+- ICD_READ
+- ICD_UPDATE
+- SCD_CREATE
+- SCD_DELETE
+- SCD_READ
+- SCD_UPDATE
+- SSD_CREATE
+- SSD_DELETE
+- SSD_READ
+- SSD_UPDATE
+- ISD_CREATE
+- ISD_DELETE
+- ISD_READ
+- ISD_UPDATE
+- CID_CREATE
+- CID_DELETE
+- CID_READ
+- CID_UPDATE
+- IID_CREATE
+- IID_DELETE
+- IID_READ
+- IID_UPDATE
+- SED_CREATE
+- SED_DELETE
+- SED_READ
+- SED_UPDATE

app/pom.xml

@@ -18,7 +18,7 @@ SPDX-License-Identifier: Apache-2.0
     <packaging>jar</packaging>
 
     <properties>
-        <quarkus.platform.version>2.0.0.Final</quarkus.platform.version>
+        <quarkus.platform.version>2.2.1.Final</quarkus.platform.version>
     </properties>
 
     <dependencyManagement>
@@ -104,7 +104,7 @@ SPDX-License-Identifier: Apache-2.0
         </dependency>
         <dependency>
             <groupId>io.quarkus</groupId>
-            <artifactId>quarkus-test-security</artifactId>
+            <artifactId>quarkus-test-security-jwt</artifactId>
             <scope>test</scope>
         </dependency>
         <dependency>

app/src/main/java/org/lfenergy/compas/scl/data/rest/UserInfoProperties.java

@@ -0,0 +1,16 @@
+// SPDX-FileCopyrightText: 2021 Alliander N.V.
+//
+// SPDX-License-Identifier: Apache-2.0
+package org.lfenergy.compas.scl.data.rest;
+
+import io.smallrye.config.ConfigMapping;
+import io.smallrye.config.WithName;
+
+@ConfigMapping(prefix = "compas.userinfo")
+public interface UserInfoProperties {
+    @WithName("name.claimname")
+    String name();
+
+    @WithName("who.claimname")
+    String who();
+}

app/src/main/java/org/lfenergy/compas/scl/data/rest/v1/CompasCommonResource.java

@@ -4,10 +4,12 @@
 package org.lfenergy.compas.scl.data.rest.v1;
 
 import io.quarkus.security.Authenticated;
-import io.quarkus.security.identity.SecurityIdentity;
+import org.eclipse.microprofile.jwt.JsonWebToken;
 import org.lfenergy.compas.scl.data.model.SclType;
+import org.lfenergy.compas.scl.data.rest.UserInfoProperties;
 import org.lfenergy.compas.scl.data.rest.v1.model.Type;
 import org.lfenergy.compas.scl.data.rest.v1.model.TypeListResponse;
+import org.lfenergy.compas.scl.data.rest.v1.model.UserInfoResponse;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -31,16 +33,19 @@ public class CompasCommonResource {
     private static final Logger LOGGER = LoggerFactory.getLogger(CompasCommonResource.class);
 
     @Inject
-    SecurityIdentity securityIdentity;
+    JsonWebToken jsonWebToken;
+
+    @Inject
+    UserInfoProperties userInfoProperties;
 
     @GET
     @Path("/type/list")
     @Produces(MediaType.APPLICATION_XML)
     public TypeListResponse list(@HeaderParam("Authorization") String authHeader) {
-        LOGGER.debug("Authorization Header '{}'", authHeader);
+        LOGGER.trace("Authorization Header '{}'", authHeader);
 
         // Retrieve the roles the logged in user has.
-        var roles = securityIdentity.getRoles();
+        var roles = jsonWebToken.getGroups();
 
         var response = new TypeListResponse();
         response.setTypes(
@@ -52,4 +57,15 @@ public TypeListResponse list(@HeaderParam("Authorization") String authHeader) {
                         .collect(Collectors.toList()));
         return response;
     }
+
+    @GET
+    @Path("/userinfo")
+    @Produces(MediaType.APPLICATION_XML)
+    public UserInfoResponse getUserInfo(@HeaderParam("Authorization") String authHeader) {
+        LOGGER.trace("Authorization Header '{}'", authHeader);
+
+        var response = new UserInfoResponse();
+        response.setName(jsonWebToken.getClaim(userInfoProperties.name()));
+        return response;
+    }
 }

app/src/main/java/org/lfenergy/compas/scl/data/rest/v1/CompasSclDataResource.java

@@ -4,11 +4,15 @@
 package org.lfenergy.compas.scl.data.rest.v1;
 
 import io.quarkus.security.Authenticated;
+import org.eclipse.microprofile.jwt.JsonWebToken;
 import org.lfenergy.compas.core.commons.ElementConverter;
 import org.lfenergy.compas.scl.data.model.SclType;
 import org.lfenergy.compas.scl.data.model.Version;
+import org.lfenergy.compas.scl.data.rest.UserInfoProperties;
 import org.lfenergy.compas.scl.data.rest.v1.model.*;
 import org.lfenergy.compas.scl.data.service.CompasSclDataService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
@@ -23,9 +27,17 @@
 @RequestScoped
 @Path("/scl/v1/{" + TYPE_PATH_PARAM + "}")
 public class CompasSclDataResource {
+    private static final Logger LOGGER = LoggerFactory.getLogger(CompasSclDataResource.class);
+
     private final CompasSclDataService compasSclDataService;
     private final ElementConverter converter;
 
+    @Inject
+    JsonWebToken jsonWebToken;
+
+    @Inject
+    UserInfoProperties userInfoProperties;
+
     @Inject
     public CompasSclDataResource(CompasSclDataService compasSclDataService,
                                  ElementConverter converter) {
@@ -38,8 +50,11 @@ public CompasSclDataResource(CompasSclDataService compasSclDataService,
     @Produces(MediaType.APPLICATION_XML)
     public CreateResponse create(@PathParam(TYPE_PATH_PARAM) SclType type,
                                  @Valid CreateRequest request) {
+        String who = jsonWebToken.getClaim(userInfoProperties.who());
+        LOGGER.trace("Username used for Who {}", who);
+
         var response = new CreateResponse();
-        response.setId(compasSclDataService.create(type, request.getName(), request.getElements().get(0)));
+        response.setId(compasSclDataService.create(type, request.getName(), who, request.getComment(), request.getElements().get(0)));
         return response;
     }
 
@@ -109,7 +124,10 @@ public String findRawSCLByUUIDAndVersion(@PathParam(TYPE_PATH_PARAM) SclType typ
     public void update(@PathParam(TYPE_PATH_PARAM) SclType type,
                        @PathParam(ID_PATH_PARAM) UUID id,
                        @Valid UpdateRequest request) {
-        compasSclDataService.update(type, id, request.getChangeSetType(), request.getElements().get(0));
+        String who = jsonWebToken.getClaim(userInfoProperties.who());
+        LOGGER.trace("Username used for Who {}", who);
+
+        compasSclDataService.update(type, id, request.getChangeSetType(), who, request.getComment(), request.getElements().get(0));
     }
 
     @DELETE

app/src/main/java/org/lfenergy/compas/scl/data/rest/v1/model/CreateRequest.java

@@ -26,6 +26,10 @@ public class CreateRequest {
     @XmlElement(name = "Name", namespace = SCL_DATA_SERVICE_V1_NS_URI, required = true)
     private String name;
 
+    @Schema(description = "Comment that will be added to the new history record.")
+    @XmlElement(name = "Comment", namespace = SCL_DATA_SERVICE_V1_NS_URI)
+    private String comment;
+
     @Size(min = 1, max = 1, message = "{org.lfenergy.compas.XmlAnyElementValid.moreElements.message}")
     @XmlAnyElementValid(elementName = "SCL", elementNamespace = SCL_NS_URI)
     @Schema(description = "Can contain one element, named 'SCL', containing a SCL XML Definition")
@@ -40,6 +44,14 @@ public void setName(String name) {
         this.name = name;
     }
 
+    public String getComment() {
+        return comment;
+    }
+
+    public void setComment(String comment) {
+        this.comment = comment;
+    }
+
     public List<Element> getElements() {
         return elements;
     }