new common module with base oidc client, reworked jetty authenticators

* New dsf-common-oidc maven module with base oidc client
* Reworked bpe server oidc client to be based on common base client
* Reworked BackChannelLogoutAuthenticator and BearerTokenAuthenticator
to used common oidc client, authenticators now also support tokens
sigend with EC keys
* New config parameter to set oidc token audience (aud) to validate
bearer tokens, default uses oidc client-id

Author: hhund

dsf-bpe/dsf-bpe-process-api-v2-impl/src/main/java/dev/dsf/bpe/v2/client/oidc/OidcClientDelegate.java

@@ -269,13 +269,6 @@ public Jwks getJwks() throws OidcClientException
 		return jwks == null ? null : new JwksApiDelegate(jwks);
 	}
 
-	@Override
-	public Jwks getJwks(Configuration configuration) throws OidcClientException
-	{
-		var jwks = delegate.getJwks(configuration == null ? null : new ConfigurationV2Delegate(configuration));
-		return jwks == null ? null : new JwksApiDelegate(jwks);
-	}
-
 	@Override
 	public char[] getAccessToken() throws OidcClientException
 	{

dsf-bpe/dsf-bpe-process-api-v2-impl/src/main/java/dev/dsf/bpe/v2/plugin/ProcessPluginImpl.java

@@ -127,75 +127,40 @@ protected void customizeApplicationContext(AnnotationConfigApplicationContext co
 				new ProcessPluginApiFactory(processPluginDefinition, parentContext));
 	}
 
-	private ProcessPluginApi getProcessPluginApi()
+	private <T> T getOrSet(AtomicReference<T> cache, Supplier<T> supplier)
 	{
-		ProcessPluginApi entry = processPluginApi.get();
-		if (entry == null)
+		T cached = cache.get();
+		if (cached == null)
 		{
-			ProcessPluginApi o = doGetProcessPluginApi();
-			if (processPluginApi.compareAndSet(entry, o))
-				return o;
+			T value = supplier.get();
+			if (cache.compareAndSet(cached, value))
+				return value;
 			else
-				return processPluginApi.get();
+				return cache.get();
 		}
 		else
-			return entry;
+			return cached;
 	}
 
-	private ProcessPluginApi doGetProcessPluginApi()
+	private ProcessPluginApi getProcessPluginApi()
 	{
-		return getApplicationContext().getBean(ProcessPluginApi.class);
+		return getOrSet(processPluginApi, () -> getApplicationContext().getBean(ProcessPluginApi.class));
 	}
 
 	private FhirContext getFhirContext()
 	{
-		FhirContext entry = fhirContext.get();
-		if (entry == null)
-		{
-			FhirContext o = doGetFhirContext();
-			if (fhirContext.compareAndSet(entry, o))
-				return o;
-			else
-				return fhirContext.get();
-		}
-		else
-			return entry;
-	}
-
-	private FhirContext doGetFhirContext()
-	{
-		return getApplicationContext().getBean(FhirContext.class);
+		return getOrSet(fhirContext, () -> getApplicationContext().getBean(FhirContext.class));
 	}
 
 	private ObjectMapper getObjectMapper()
 	{
-		ObjectMapper entry = objectMapper.get();
-		if (entry == null)
-		{
-			ObjectMapper o = doGetObjectMapper();
-			if (objectMapper.compareAndSet(entry, o))
-				return o;
-			else
-				return objectMapper.get();
-		}
-		else
-			return entry;
-	}
-
-	private ObjectMapper doGetObjectMapper()
-	{
-		try
+		return getOrSet(objectMapper, () ->
 		{
 			ObjectMapper objectMapper = getApplicationContext().getBean(ObjectMapper.class).copy();
 			objectMapper.setTypeFactory(TypeFactory.defaultInstance().withClassLoader(getProcessPluginClassLoader()));
 
 			return objectMapper;
-
-		}
-		catch (BeansException e)
-		{
-			throw new RuntimeException(e);
-		}
+		});
 	}
 
 	@Override

dsf-bpe/dsf-bpe-process-api-v2/src/main/java/dev/dsf/bpe/v2/client/oidc/OidcClient.java

@@ -20,15 +20,6 @@ public interface OidcClient
 	 */
 	Jwks getJwks() throws OidcClientException;
 
-	/**
-	 * @param configuration
-	 *            not <code>null</code>
-	 * @return {@link Jwks} resource
-	 * @throws OidcClientException
-	 *             if response status not 200 OK
-	 */
-	Jwks getJwks(Configuration configuration) throws OidcClientException;
-
 	/**
 	 * @return access token
 	 */

dsf-bpe/dsf-bpe-process-api/src/main/java/dev/dsf/bpe/api/client/oidc/OidcClient.java

@@ -15,11 +15,17 @@ public interface OidcClient
 	 * @throws OidcClientException
 	 *             if response status not 200 OK
 	 */
-	Jwks getJwks() throws OidcClientException;
+	default Jwks getJwks() throws OidcClientException
+	{
+		return getJwks(getConfiguration());
+	}
 
 	/**
+	 * <i>Implementation may ignore the configuration parameter and use value from {@link #getConfiguration()}
+	 * instead.</i>
+	 *
 	 * @param configuration
-	 *            not <code>null</code>
+	 *            may be <code>null</code>, uses value from {@link #getConfiguration()} if <code>null</code>
 	 * @return {@link Jwks} resource
 	 * @throws OidcClientException
 	 *             if response status not 200 OK

dsf-bpe/dsf-bpe-server/pom.xml

@@ -40,6 +40,10 @@
 			<groupId>dev.dsf</groupId>
 			<artifactId>dsf-common-documentation</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>dev.dsf</groupId>
+			<artifactId>dsf-common-oidc</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>dev.dsf</groupId>
 			<artifactId>dsf-common-status</artifactId>