commit 93d4cf863f990c12267158b22acc53126b90e2ec Author: Bernd Heidemann Date: Tue Sep 3 15:01:50 2024 +0200 first diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c2065bc --- /dev/null +++ b/.gitignore @@ -0,0 +1,37 @@ +HELP.md +.gradle +build/ +!gradle/wrapper/gradle-wrapper.jar +!**/src/main/**/build/ +!**/src/test/**/build/ + +### STS ### +.apt_generated +.classpath +.factorypath +.project +.settings +.springBeans +.sts4-cache +bin/ +!**/src/main/**/bin/ +!**/src/test/**/bin/ + +### IntelliJ IDEA ### +.idea +*.iws +*.iml +*.ipr +out/ +!**/src/main/**/out/ +!**/src/test/**/out/ + +### NetBeans ### +/nbproject/private/ +/nbbuild/ +/dist/ +/nbdist/ +/.nb-gradle/ + +### VS Code ### +.vscode/ diff --git a/GetBearerToken.http b/GetBearerToken.http new file mode 100644 index 0000000..467cc9f --- /dev/null +++ b/GetBearerToken.http @@ -0,0 +1,6 @@ +POST https://keycloak.szut.dev/auth/realms/szut/protocol/openid-connect/token +Content-Type: application/x-www-form-urlencoded + +grant_type=password&client_id=employee-management-service&username=user&password=test + + diff --git a/Readme.md b/Readme.md new file mode 100644 index 0000000..e96001c --- /dev/null +++ b/Readme.md @@ -0,0 +1,61 @@ +# Starter für das LF08 Projekt + +Erstellen Sie einen Fork dieses Projektes auf Github. Wählen Sie einen Namen und passen Sie diesen auch in der pom.xml in Zeile 12, 14 und 15 an. + +## Requirements +* Docker https://docs.docker.com/get-docker/ +* Docker compose (bei Windows und Mac schon in Docker enthalten) https://docs.docker.com/compose/install/ + +## Endpunkt +``` +http://localhost:8089 +``` +## Swagger +``` +http://localhost:8089/swagger +``` + + +# Postgres +### Terminal öffnen +für alles gilt, im Terminal im Ordner docker/local sein +```bash +cd docker/local +``` +### Postgres starten +```bash +docker compose up +``` +Achtung: Der Docker-Container läuft dauerhaft! Wenn er nicht mehr benötigt wird, sollten Sie ihn stoppen. + +### Postgres stoppen +```bash +docker compose down +``` + +### Postgres Datenbank wipen, z.B. bei Problemen +```bash +docker compose down +docker volume rm local_lf8_starter_postgres_data +docker compose up +``` + +### Intellij-Ansicht für Postgres Datenbank einrichten +```bash +1. Lasse den Docker-Container mit der PostgreSQL-Datenbank laufen +2. im Ordner resources die Datei application.properties öffnen und die URL der Datenbank kopieren +3. rechts im Fenster den Reiter Database öffnen +4. In der Database-Symbolleiste auf das Datenbanksymbol mit dem Schlüssel klicken +5. auf das Pluszeichen klicken +6. Datasource from URL auswählen +7. URL der DB einfügen und PostgreSQL-Treiber auswählen, mit OK bestätigen +8. Username lf8_starter und Passwort secret eintragen (siehe application.properties), mit Apply bestätigen +9. im Reiter Schemas alle Häkchen entfernen und lediglich vor lf8_starter_db und public Häkchen setzen +10. mit Apply und ok bestätigen +``` +# Keycloak + +### Keycloak Token +1. Auf der Projektebene [GetBearerToken.http](GetBearerToken.http) öffnen. +2. Neben der Request auf den grünen Pfeil drücken +3. Aus dem Reponse das access_token kopieren \ No newline at end of file diff --git a/SampleRequests.http b/SampleRequests.http new file mode 100644 index 0000000..aa31060 --- /dev/null +++ b/SampleRequests.http @@ -0,0 +1,21 @@ +@token = eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICIzUFQ0dldiNno5MnlQWk1EWnBqT1U0RjFVN0lwNi1ELUlqQWVGczJPbGU0In0.eyJleHAiOjE3MjUzNzE5NjcsImlhdCI6MTcyNTM2ODM2NywianRpIjoiMDc1NGRmOGItZjA2NC00ODZiLTkzNDItNjk0NWM2OTQ1Y2RmIiwiaXNzIjoiaHR0cHM6Ly9rZXljbG9hay5zenV0LmRldi9hdXRoL3JlYWxtcy9zenV0IiwiYXVkIjoiYWNjb3VudCIsInN1YiI6IjU1NDZjZDIxLTk4NTQtNDMyZi1hNDY3LTRkZTNlZWRmNTg4OSIsInR5cCI6IkJlYXJlciIsImF6cCI6ImVtcGxveWVlLW1hbmFnZW1lbnQtc2VydmljZSIsInNlc3Npb25fc3RhdGUiOiI0ZDAwNWU5My03OWI4LTQ4OGMtOGI1ZS1kYzMzODM4OGZkNmMiLCJhY3IiOiIxIiwiYWxsb3dlZC1vcmlnaW5zIjpbImh0dHA6Ly9sb2NhbGhvc3Q6NDIwMCJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsicHJvZHVjdF9vd25lciIsIm9mZmxpbmVfYWNjZXNzIiwiZGVmYXVsdC1yb2xlcy1zenV0IiwidW1hX2F1dGhvcml6YXRpb24iLCJ1c2VyIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJlbWFpbCBwcm9maWxlIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsInByZWZlcnJlZF91c2VybmFtZSI6InVzZXIifQ.Wl9t2UazAimPxcNByMyY0Zl2oI_ScVtehQ0iglpTNPBr9me1xf2ky0nUgVOP04H-TWAuQJQctVMP_Yi3YPDTxm7PXeQ_lj9JyK6nCDpb5gz5VIMNCYcLjWLz6R1pfbjZGkeID6oYTXSsoZSy6arof-rMG1phjnIdiXDwF4lFgOgqUoxbv58mvs73DUTKZjIEaw-N7A_ZQrC35JX6CaKUlnsaGepa2LQ-Pz6Smg1JipxOwjlH4TEBsBjifMjkedzfPm2NfwEy1qUHMLtLMLukIVH3iaSUVJ3hEZe6606ne1qwumT6Lnm3PAXSbF2Hxap89nbmG08EOlGx5VwMylEAVg +### +GET localhost:8080/welcome + +### +GET localhost:8080/roles +Authorization: Bearer {{token}} + +### +GET localhost:8080/hello +Authorization: Bearer {{token}} + +### +POST localhost:8080/hello +Authorization: Bearer {{token}} +Content-Type: application/json + +{ + "message": "test" +} + diff --git a/build.gradle.kts b/build.gradle.kts new file mode 100644 index 0000000..412c4e2 --- /dev/null +++ b/build.gradle.kts @@ -0,0 +1,47 @@ +plugins { + java + id("org.springframework.boot") version "3.3.3" + id("io.spring.dependency-management") version "1.1.6" +} + +group = "de.szut" +version = "0.0.1-SNAPSHOT" + +java { + toolchain { + languageVersion = JavaLanguageVersion.of(22) + } +} + +configurations { + compileOnly { + extendsFrom(configurations.annotationProcessor.get()) + } +} + +repositories { + mavenCentral() +} + +dependencies { + implementation("org.springframework.boot:spring-boot-starter-data-jpa") + implementation("org.springframework.boot:spring-boot-starter-web") + compileOnly("org.projectlombok:lombok") + annotationProcessor("org.projectlombok:lombok") + testImplementation("org.springframework.boot:spring-boot-starter-test") + testRuntimeOnly("org.junit.platform:junit-platform-launcher") + implementation("org.springframework.boot:spring-boot-starter-security") + implementation("org.springframework.boot:spring-boot-starter-oauth2-resource-server:3.3.3") + implementation("org.springframework.boot:spring-boot-starter-oauth2-client:3.3.3") + runtimeOnly("org.postgresql:postgresql") + //implementation("org.springdoc:springdoc-openapi-ui:1.8.0") + implementation("org.springdoc:springdoc-openapi-starter-webmvc-ui:2.6.0") + + + + +} + +tasks.withType { + useJUnitPlatform() +} diff --git a/docker/local/docker-compose.yml b/docker/local/docker-compose.yml new file mode 100644 index 0000000..7b556ef --- /dev/null +++ b/docker/local/docker-compose.yml @@ -0,0 +1,18 @@ +version: '3' + +volumes: + lf8_starter_postgres_data: + driver: local + +services: + postgres_for_lf8_starter: + container_name: lf8_starter_postgres_container + image: postgres:16.4 + volumes: + - lf8_starter_postgres_data:/var/lib/postgresql/data + environment: + POSTGRES_DB: lf8_starter_db + POSTGRES_USER: lf8_starter + POSTGRES_PASSWORD: secret + ports: + - "5432:5432" \ No newline at end of file diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar new file mode 100644 index 0000000..e644113 Binary files /dev/null and b/gradle/wrapper/gradle-wrapper.jar differ diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties new file mode 100644 index 0000000..a441313 --- /dev/null +++ b/gradle/wrapper/gradle-wrapper.properties @@ -0,0 +1,7 @@ +distributionBase=GRADLE_USER_HOME +distributionPath=wrapper/dists +distributionUrl=https\://services.gradle.org/distributions/gradle-8.8-bin.zip +networkTimeout=10000 +validateDistributionUrl=true +zipStoreBase=GRADLE_USER_HOME +zipStorePath=wrapper/dists diff --git a/gradlew b/gradlew new file mode 100755 index 0000000..b740cf1 --- /dev/null +++ b/gradlew @@ -0,0 +1,249 @@ +#!/bin/sh + +# +# Copyright © 2015-2021 the original authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +############################################################################## +# +# Gradle start up script for POSIX generated by Gradle. +# +# Important for running: +# +# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is +# noncompliant, but you have some other compliant shell such as ksh or +# bash, then to run this script, type that shell name before the whole +# command line, like: +# +# ksh Gradle +# +# Busybox and similar reduced shells will NOT work, because this script +# requires all of these POSIX shell features: +# * functions; +# * expansions «$var», «${var}», «${var:-default}», «${var+SET}», +# «${var#prefix}», «${var%suffix}», and «$( cmd )»; +# * compound commands having a testable exit status, especially «case»; +# * various built-in commands including «command», «set», and «ulimit». +# +# Important for patching: +# +# (2) This script targets any POSIX shell, so it avoids extensions provided +# by Bash, Ksh, etc; in particular arrays are avoided. +# +# The "traditional" practice of packing multiple parameters into a +# space-separated string is a well documented source of bugs and security +# problems, so this is (mostly) avoided, by progressively accumulating +# options in "$@", and eventually passing that to Java. +# +# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS, +# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly; +# see the in-line comments for details. +# +# There are tweaks for specific operating systems such as AIX, CygWin, +# Darwin, MinGW, and NonStop. +# +# (3) This script is generated from the Groovy template +# https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt +# within the Gradle project. +# +# You can find Gradle at https://github.com/gradle/gradle/. +# +############################################################################## + +# Attempt to set APP_HOME + +# Resolve links: $0 may be a link +app_path=$0 + +# Need this for daisy-chained symlinks. +while + APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path + [ -h "$app_path" ] +do + ls=$( ls -ld "$app_path" ) + link=${ls#*' -> '} + case $link in #( + /*) app_path=$link ;; #( + *) app_path=$APP_HOME$link ;; + esac +done + +# This is normally unused +# shellcheck disable=SC2034 +APP_BASE_NAME=${0##*/} +# Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036) +APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit + +# Use the maximum available, or set MAX_FD != -1 to use that value. +MAX_FD=maximum + +warn () { + echo "$*" +} >&2 + +die () { + echo + echo "$*" + echo + exit 1 +} >&2 + +# OS specific support (must be 'true' or 'false'). +cygwin=false +msys=false +darwin=false +nonstop=false +case "$( uname )" in #( + CYGWIN* ) cygwin=true ;; #( + Darwin* ) darwin=true ;; #( + MSYS* | MINGW* ) msys=true ;; #( + NONSTOP* ) nonstop=true ;; +esac + +CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar + + +# Determine the Java command to use to start the JVM. +if [ -n "$JAVA_HOME" ] ; then + if [ -x "$JAVA_HOME/jre/sh/java" ] ; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD=$JAVA_HOME/jre/sh/java + else + JAVACMD=$JAVA_HOME/bin/java + fi + if [ ! -x "$JAVACMD" ] ; then + die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." + fi +else + JAVACMD=java + if ! command -v java >/dev/null 2>&1 + then + die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. + +Please set the JAVA_HOME variable in your environment to match the +location of your Java installation." + fi +fi + +# Increase the maximum file descriptors if we can. +if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then + case $MAX_FD in #( + max*) + # In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked. + # shellcheck disable=SC2039,SC3045 + MAX_FD=$( ulimit -H -n ) || + warn "Could not query maximum file descriptor limit" + esac + case $MAX_FD in #( + '' | soft) :;; #( + *) + # In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked. + # shellcheck disable=SC2039,SC3045 + ulimit -n "$MAX_FD" || + warn "Could not set maximum file descriptor limit to $MAX_FD" + esac +fi + +# Collect all arguments for the java command, stacking in reverse order: +# * args from the command line +# * the main class name +# * -classpath +# * -D...appname settings +# * --module-path (only if needed) +# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables. + +# For Cygwin or MSYS, switch paths to Windows format before running java +if "$cygwin" || "$msys" ; then + APP_HOME=$( cygpath --path --mixed "$APP_HOME" ) + CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" ) + + JAVACMD=$( cygpath --unix "$JAVACMD" ) + + # Now convert the arguments - kludge to limit ourselves to /bin/sh + for arg do + if + case $arg in #( + -*) false ;; # don't mess with options #( + /?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath + [ -e "$t" ] ;; #( + *) false ;; + esac + then + arg=$( cygpath --path --ignore --mixed "$arg" ) + fi + # Roll the args list around exactly as many times as the number of + # args, so each arg winds up back in the position where it started, but + # possibly modified. + # + # NB: a `for` loop captures its iteration list before it begins, so + # changing the positional parameters here affects neither the number of + # iterations, nor the values presented in `arg`. + shift # remove old arg + set -- "$@" "$arg" # push replacement arg + done +fi + + +# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"' + +# Collect all arguments for the java command: +# * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments, +# and any embedded shellness will be escaped. +# * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be +# treated as '${Hostname}' itself on the command line. + +set -- \ + "-Dorg.gradle.appname=$APP_BASE_NAME" \ + -classpath "$CLASSPATH" \ + org.gradle.wrapper.GradleWrapperMain \ + "$@" + +# Stop when "xargs" is not available. +if ! command -v xargs >/dev/null 2>&1 +then + die "xargs is not available" +fi + +# Use "xargs" to parse quoted args. +# +# With -n1 it outputs one arg per line, with the quotes and backslashes removed. +# +# In Bash we could simply go: +# +# readarray ARGS < <( xargs -n1 <<<"$var" ) && +# set -- "${ARGS[@]}" "$@" +# +# but POSIX shell has neither arrays nor command substitution, so instead we +# post-process each arg (as a line of input to sed) to backslash-escape any +# character that might be a shell metacharacter, then use eval to reverse +# that process (while maintaining the separation between arguments), and wrap +# the whole thing up as a single "set" statement. +# +# This will of course break if any of these variables contains a newline or +# an unmatched quote. +# + +eval "set -- $( + printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" | + xargs -n1 | + sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' | + tr '\n' ' ' + )" '"$@"' + +exec "$JAVACMD" "$@" diff --git a/gradlew.bat b/gradlew.bat new file mode 100644 index 0000000..7101f8e --- /dev/null +++ b/gradlew.bat @@ -0,0 +1,92 @@ +@rem +@rem Copyright 2015 the original author or authors. +@rem +@rem Licensed under the Apache License, Version 2.0 (the "License"); +@rem you may not use this file except in compliance with the License. +@rem You may obtain a copy of the License at +@rem +@rem https://www.apache.org/licenses/LICENSE-2.0 +@rem +@rem Unless required by applicable law or agreed to in writing, software +@rem distributed under the License is distributed on an "AS IS" BASIS, +@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +@rem See the License for the specific language governing permissions and +@rem limitations under the License. +@rem + +@if "%DEBUG%"=="" @echo off +@rem ########################################################################## +@rem +@rem Gradle startup script for Windows +@rem +@rem ########################################################################## + +@rem Set local scope for the variables with windows NT shell +if "%OS%"=="Windows_NT" setlocal + +set DIRNAME=%~dp0 +if "%DIRNAME%"=="" set DIRNAME=. +@rem This is normally unused +set APP_BASE_NAME=%~n0 +set APP_HOME=%DIRNAME% + +@rem Resolve any "." and ".." in APP_HOME to make it shorter. +for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi + +@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script. +set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m" + +@rem Find java.exe +if defined JAVA_HOME goto findJavaFromJavaHome + +set JAVA_EXE=java.exe +%JAVA_EXE% -version >NUL 2>&1 +if %ERRORLEVEL% equ 0 goto execute + +echo. 1>&2 +echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2 +echo. 1>&2 +echo Please set the JAVA_HOME variable in your environment to match the 1>&2 +echo location of your Java installation. 1>&2 + +goto fail + +:findJavaFromJavaHome +set JAVA_HOME=%JAVA_HOME:"=% +set JAVA_EXE=%JAVA_HOME%/bin/java.exe + +if exist "%JAVA_EXE%" goto execute + +echo. 1>&2 +echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2 +echo. 1>&2 +echo Please set the JAVA_HOME variable in your environment to match the 1>&2 +echo location of your Java installation. 1>&2 + +goto fail + +:execute +@rem Setup the command line + +set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar + + +@rem Execute Gradle +"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %* + +:end +@rem End local scope for the variables with windows NT shell +if %ERRORLEVEL% equ 0 goto mainEnd + +:fail +rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of +rem the _cmd.exe /c_ return code! +set EXIT_CODE=%ERRORLEVEL% +if %EXIT_CODE% equ 0 set EXIT_CODE=1 +if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE% +exit /b %EXIT_CODE% + +:mainEnd +if "%OS%"=="Windows_NT" endlocal + +:omega diff --git a/settings.gradle.kts b/settings.gradle.kts new file mode 100644 index 0000000..c3f229f --- /dev/null +++ b/settings.gradle.kts @@ -0,0 +1 @@ +rootProject.name = "lf8_starter" diff --git a/src/main/java/de/szut/lf8_starter/Lf8StarterApplication.java b/src/main/java/de/szut/lf8_starter/Lf8StarterApplication.java new file mode 100644 index 0000000..2272125 --- /dev/null +++ b/src/main/java/de/szut/lf8_starter/Lf8StarterApplication.java @@ -0,0 +1,13 @@ +package de.szut.lf8_starter; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; + +@SpringBootApplication +public class Lf8StarterApplication { + + public static void main(String[] args) { + SpringApplication.run(Lf8StarterApplication.class, args); + } + +} diff --git a/src/main/java/de/szut/lf8_starter/config/OpenAPIConfiguration.java b/src/main/java/de/szut/lf8_starter/config/OpenAPIConfiguration.java new file mode 100644 index 0000000..0501902 --- /dev/null +++ b/src/main/java/de/szut/lf8_starter/config/OpenAPIConfiguration.java @@ -0,0 +1,60 @@ +package de.szut.lf8_starter.config; + + + +import io.swagger.v3.oas.models.Components; +import io.swagger.v3.oas.models.OpenAPI; +import io.swagger.v3.oas.models.info.Info; +import io.swagger.v3.oas.models.security.SecurityRequirement; +import io.swagger.v3.oas.models.security.SecurityScheme; +import io.swagger.v3.oas.models.servers.Server; +import jakarta.servlet.ServletContext; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; + + +@Configuration +public class OpenAPIConfiguration { + + private ServletContext context; + + public OpenAPIConfiguration(ServletContext context) { + this.context = context; + } + + + @Bean + public OpenAPI springShopOpenAPI( + // @Value("${info.app.version}") String appVersion, + ) { + final String securitySchemeName = "bearerAuth"; + + return new OpenAPI() + .addServersItem(new Server().url(this.context.getContextPath())) + .info(new Info() + .title("LF8 project starter") + .description("\n## Auth\n" + + "\n## Authentication\n" + "\nThis Hello service uses JWTs to authenticate requests. You will receive a bearer token by making a POST-Request in IntelliJ on:\n\n" + + "\n" + + "```\nPOST http://keycloak.szut.dev/auth/realms/szut/protocol/openid-connect/token\nContent-Type: application/x-www-form-urlencoded\ngrant_type=password&client_id=employee-management-service&username=user&password=test\n```\n" + + "\n" + + "\nor by CURL\n" + + "```\ncurl -X POST 'http://keycloak.szut.dev/auth/realms/szut/protocol/openid-connect/token'\n--header 'Content-Type: application/x-www-form-urlencoded'\n--data-urlencode 'grant_type=password'\n--data-urlencode 'client_id=employee-management-service'\n--data-urlencode 'username=user'\n--data-urlencode 'password=test'\n```\n" + + "\nTo get a bearer-token in Postman, you have to follow the instructions in \n [Postman-Documentation](https://documenter.getpostman.com/view/7294517/SzmfZHnd).") + + .version("0.1")) + .addSecurityItem(new SecurityRequirement().addList(securitySchemeName)) + .components( + new Components() + .addSecuritySchemes(securitySchemeName, + new SecurityScheme() + .name(securitySchemeName) + .type(SecurityScheme.Type.HTTP) + .scheme("bearer") + .bearerFormat("JWT") + ) + ); + } + + +} \ No newline at end of file diff --git a/src/main/java/de/szut/lf8_starter/config/SampleDataCreator.java b/src/main/java/de/szut/lf8_starter/config/SampleDataCreator.java new file mode 100644 index 0000000..9a7b889 --- /dev/null +++ b/src/main/java/de/szut/lf8_starter/config/SampleDataCreator.java @@ -0,0 +1,33 @@ +package de.szut.lf8_starter.config; + + +import de.szut.lf8_starter.hello.HelloEntity; +import de.szut.lf8_starter.hello.HelloRepository; +import org.springframework.boot.ApplicationArguments; +import org.springframework.boot.ApplicationRunner; +import org.springframework.context.annotation.Bean; +import org.springframework.stereotype.Component; +import org.springframework.web.client.RestTemplate; + +@Component +public class SampleDataCreator implements ApplicationRunner { + + private HelloRepository repository; + + public SampleDataCreator(HelloRepository repository) { + this.repository = repository; + } + + public void run(ApplicationArguments args) { + repository.save(new HelloEntity("Hallo Welt!")); + repository.save(new HelloEntity("Schöner Tag heute")); + repository.save(new HelloEntity("FooBar")); + + } + + @Bean + public RestTemplate restTemplate() { + return new RestTemplate(); + } + +} diff --git a/src/main/java/de/szut/lf8_starter/exceptionHandling/ErrorDetails.java b/src/main/java/de/szut/lf8_starter/exceptionHandling/ErrorDetails.java new file mode 100644 index 0000000..6464b61 --- /dev/null +++ b/src/main/java/de/szut/lf8_starter/exceptionHandling/ErrorDetails.java @@ -0,0 +1,14 @@ +package de.szut.lf8_starter.exceptionHandling; + +import lombok.AllArgsConstructor; +import lombok.Data; + +import java.util.Date; + +@Data +@AllArgsConstructor +public class ErrorDetails { + private Date timestamp; + private String message; + private String details; +} diff --git a/src/main/java/de/szut/lf8_starter/exceptionHandling/GlobalExceptionHandler.java b/src/main/java/de/szut/lf8_starter/exceptionHandling/GlobalExceptionHandler.java new file mode 100644 index 0000000..828331b --- /dev/null +++ b/src/main/java/de/szut/lf8_starter/exceptionHandling/GlobalExceptionHandler.java @@ -0,0 +1,28 @@ +package de.szut.lf8_starter.exceptionHandling; + +import io.swagger.v3.oas.annotations.media.Content; +import io.swagger.v3.oas.annotations.responses.ApiResponse; +import io.swagger.v3.oas.annotations.responses.ApiResponses; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.ControllerAdvice; +import org.springframework.web.bind.annotation.ExceptionHandler; +import org.springframework.web.context.request.WebRequest; + +import java.util.Date; + +@ControllerAdvice +@ApiResponses(value = { + @ApiResponse(responseCode = "500", description = "invalid JSON posted", + content = @Content) +}) +public class GlobalExceptionHandler { + + @ExceptionHandler(ResourceNotFoundException.class) + public ResponseEntity handleHelloEntityNotFoundException(ResourceNotFoundException ex, WebRequest request) { + ErrorDetails errorDetails = new ErrorDetails(new Date(), ex.getMessage(), request.getDescription(false)); + return new ResponseEntity<>(errorDetails, HttpStatus.NOT_FOUND); + } + + +} diff --git a/src/main/java/de/szut/lf8_starter/exceptionHandling/ResourceNotFoundException.java b/src/main/java/de/szut/lf8_starter/exceptionHandling/ResourceNotFoundException.java new file mode 100644 index 0000000..7a0cfd8 --- /dev/null +++ b/src/main/java/de/szut/lf8_starter/exceptionHandling/ResourceNotFoundException.java @@ -0,0 +1,11 @@ +package de.szut.lf8_starter.exceptionHandling; + +import org.springframework.http.HttpStatus; +import org.springframework.web.bind.annotation.ResponseStatus; + +@ResponseStatus(value = HttpStatus.NOT_FOUND) +public class ResourceNotFoundException extends RuntimeException { + public ResourceNotFoundException(String message) { + super(message); + } +} diff --git a/src/main/java/de/szut/lf8_starter/hello/HelloController.java b/src/main/java/de/szut/lf8_starter/hello/HelloController.java new file mode 100644 index 0000000..0f665f2 --- /dev/null +++ b/src/main/java/de/szut/lf8_starter/hello/HelloController.java @@ -0,0 +1,99 @@ +package de.szut.lf8_starter.hello; + + +import de.szut.lf8_starter.exceptionHandling.ResourceNotFoundException; +import de.szut.lf8_starter.hello.dto.HelloCreateDto; +import de.szut.lf8_starter.hello.dto.HelloGetDto; +import io.swagger.v3.oas.annotations.Operation; +import io.swagger.v3.oas.annotations.media.Content; +import io.swagger.v3.oas.annotations.media.Schema; +import io.swagger.v3.oas.annotations.responses.ApiResponse; +import io.swagger.v3.oas.annotations.responses.ApiResponses; +import jakarta.validation.Valid; +import org.springframework.http.HttpStatus; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.web.bind.annotation.*; + +import java.util.List; +import java.util.stream.Collectors; + +@RestController +@RequestMapping(value = "hello") +@PreAuthorize("hasAnyAuthority('user')") +public class HelloController { + private final HelloService service; + private final HelloMapper helloMapper; + + public HelloController(HelloService service, HelloMapper mappingService) { + this.service = service; + this.helloMapper = mappingService; + } + + @Operation(summary = "creates a new hello with its id and message") + @ApiResponses(value = { + @ApiResponse(responseCode = "201", description = "created hello", + content = {@Content(mediaType = "application/json", + schema = @Schema(implementation = HelloGetDto.class))}), + @ApiResponse(responseCode = "400", description = "invalid JSON posted", + content = @Content), + @ApiResponse(responseCode = "401", description = "not authorized", + content = @Content)}) + @PostMapping + public HelloGetDto create(@RequestBody @Valid HelloCreateDto helloCreateDto) { + HelloEntity helloEntity = this.helloMapper.mapCreateDtoToEntity(helloCreateDto); + helloEntity = this.service.create(helloEntity); + return this.helloMapper.mapToGetDto(helloEntity); + } + + @Operation(summary = "delivers a list of hellos") + @ApiResponses(value = { + @ApiResponse(responseCode = "200", description = "list of hellos", + content = {@Content(mediaType = "application/json", + schema = @Schema(implementation = HelloGetDto.class))}), + @ApiResponse(responseCode = "401", description = "not authorized", + content = @Content)}) + @GetMapping + public List findAll() { + return this.service + .readAll() + .stream() + .map(e -> this.helloMapper.mapToGetDto(e)) + .collect(Collectors.toList()); + } + + @Operation(summary = "deletes a Hello by id") + @ApiResponses(value = { + @ApiResponse(responseCode = "204", description = "delete successful"), + @ApiResponse(responseCode = "401", description = "not authorized", + content = @Content), + @ApiResponse(responseCode = "404", description = "resource not found", + content = @Content)}) + @DeleteMapping("/{id}") + @ResponseStatus(code = HttpStatus.NO_CONTENT) + public void deleteHelloById(@PathVariable long id) { + var entity = this.service.readById(id); + if (entity == null) { + throw new ResourceNotFoundException("HelloEntity not found on id = " + id); + } else { + this.service.delete(entity); + } + } + + @Operation(summary = "find hellos by message") + @ApiResponses(value = { + @ApiResponse(responseCode = "200", description = "List of hellos who have the given message", + content = {@Content(mediaType = "application/json", + schema = @Schema(implementation = HelloGetDto.class))}), + @ApiResponse(responseCode = "404", description = "qualification description does not exist", + content = @Content), + @ApiResponse(responseCode = "401", description = "not authorized", + content = @Content)}) + @GetMapping("/findByMessage") + public List findAllEmployeesByQualification(@RequestParam String message) { + return this.service + .findByMessage(message) + .stream() + .map(e -> this.helloMapper.mapToGetDto(e)) + .collect(Collectors.toList()); + } +} diff --git a/src/main/java/de/szut/lf8_starter/hello/HelloEntity.java b/src/main/java/de/szut/lf8_starter/hello/HelloEntity.java new file mode 100644 index 0000000..1b42cfc --- /dev/null +++ b/src/main/java/de/szut/lf8_starter/hello/HelloEntity.java @@ -0,0 +1,27 @@ +package de.szut.lf8_starter.hello; + +import jakarta.persistence.*; +import lombok.AllArgsConstructor; +import lombok.Getter; +import lombok.NoArgsConstructor; +import lombok.Setter; + +@NoArgsConstructor +@AllArgsConstructor +@Getter +@Setter +@Entity +@Table(name = "hello") +public class HelloEntity { + + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + private long id; + + private String message; + + public HelloEntity(String message) { + this.message = message; + } +} + diff --git a/src/main/java/de/szut/lf8_starter/hello/HelloMapper.java b/src/main/java/de/szut/lf8_starter/hello/HelloMapper.java new file mode 100644 index 0000000..d4feb7e --- /dev/null +++ b/src/main/java/de/szut/lf8_starter/hello/HelloMapper.java @@ -0,0 +1,20 @@ +package de.szut.lf8_starter.hello; + + +import de.szut.lf8_starter.hello.dto.HelloCreateDto; +import de.szut.lf8_starter.hello.dto.HelloGetDto; +import org.springframework.stereotype.Service; + +@Service +public class HelloMapper { + + public HelloGetDto mapToGetDto(HelloEntity entity) { + return new HelloGetDto(entity.getId(), entity.getMessage()); + } + + public HelloEntity mapCreateDtoToEntity(HelloCreateDto dto) { + var entity = new HelloEntity(); + entity.setMessage(dto.getMessage()); + return entity; + } +} diff --git a/src/main/java/de/szut/lf8_starter/hello/HelloRepository.java b/src/main/java/de/szut/lf8_starter/hello/HelloRepository.java new file mode 100644 index 0000000..77c76e4 --- /dev/null +++ b/src/main/java/de/szut/lf8_starter/hello/HelloRepository.java @@ -0,0 +1,12 @@ +package de.szut.lf8_starter.hello; + + +import org.springframework.data.jpa.repository.JpaRepository; + +import java.util.List; + +public interface HelloRepository extends JpaRepository { + + + List findByMessage(String message); +} diff --git a/src/main/java/de/szut/lf8_starter/hello/HelloService.java b/src/main/java/de/szut/lf8_starter/hello/HelloService.java new file mode 100644 index 0000000..eb254e8 --- /dev/null +++ b/src/main/java/de/szut/lf8_starter/hello/HelloService.java @@ -0,0 +1,40 @@ +package de.szut.lf8_starter.hello; + +import org.springframework.stereotype.Service; + +import java.util.List; +import java.util.Optional; + +@Service +public class HelloService { + private final HelloRepository repository; + + public HelloService(HelloRepository repository) { + this.repository = repository; + } + + public HelloEntity create(HelloEntity entity) { + return this.repository.save(entity); + } + + public List readAll() { + return this.repository.findAll(); + } + + public HelloEntity readById(long id) { + Optional optionalQualification = this.repository.findById(id); + if (optionalQualification.isEmpty()) { + return null; + } + return optionalQualification.get(); + } + + + public void delete(HelloEntity entity) { + this.repository.delete(entity); + } + + public List findByMessage(String message) { + return this.repository.findByMessage(message); + } +} diff --git a/src/main/java/de/szut/lf8_starter/hello/dto/HelloCreateDto.java b/src/main/java/de/szut/lf8_starter/hello/dto/HelloCreateDto.java new file mode 100644 index 0000000..fe47d1e --- /dev/null +++ b/src/main/java/de/szut/lf8_starter/hello/dto/HelloCreateDto.java @@ -0,0 +1,20 @@ +package de.szut.lf8_starter.hello.dto; + +import com.fasterxml.jackson.annotation.JsonCreator; +import jakarta.validation.constraints.Size; +import lombok.Getter; +import lombok.Setter; + + +@Getter +@Setter +public class HelloCreateDto { + + @Size(min = 3, message = "at least length of 3") + private String message; + + @JsonCreator + public HelloCreateDto(String message) { + this.message = message; + } +} diff --git a/src/main/java/de/szut/lf8_starter/hello/dto/HelloGetDto.java b/src/main/java/de/szut/lf8_starter/hello/dto/HelloGetDto.java new file mode 100644 index 0000000..babac4f --- /dev/null +++ b/src/main/java/de/szut/lf8_starter/hello/dto/HelloGetDto.java @@ -0,0 +1,17 @@ +package de.szut.lf8_starter.hello.dto; + +import lombok.AllArgsConstructor; +import lombok.Getter; +import lombok.Setter; + +@AllArgsConstructor +@Getter +@Setter +public class HelloGetDto { + + private long id; + + private String message; + +} + diff --git a/src/main/java/de/szut/lf8_starter/security/KeycloakLogoutHandler.java b/src/main/java/de/szut/lf8_starter/security/KeycloakLogoutHandler.java new file mode 100644 index 0000000..3cc82f7 --- /dev/null +++ b/src/main/java/de/szut/lf8_starter/security/KeycloakLogoutHandler.java @@ -0,0 +1,49 @@ +package de.szut.lf8_starter.security; + +import lombok.extern.slf4j.Slf4j; +import org.springframework.http.ResponseEntity; +import org.springframework.security.core.Authentication; +import org.springframework.security.oauth2.core.oidc.user.OidcUser; +import org.springframework.security.web.authentication.logout.LogoutHandler; +import org.springframework.stereotype.Component; +import org.springframework.web.client.RestTemplate; +import org.springframework.web.util.UriComponentsBuilder; + +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpServletResponse; + +@Slf4j +@Component +public class KeycloakLogoutHandler implements LogoutHandler { + + + private final RestTemplate restTemplate; + + public KeycloakLogoutHandler(RestTemplate restTemplate) { + this.restTemplate = restTemplate; + } + + @Override + public void logout(HttpServletRequest request, HttpServletResponse response, Authentication auth) { + logout(request, auth); + } + + public void logout(HttpServletRequest request, Authentication auth) { + logoutFromKeycloak((OidcUser) auth.getPrincipal()); + } + + private void logoutFromKeycloak(OidcUser user) { + String endSessionEndpoint = user.getIssuer() + "/protocol/openid-connect/logout"; + UriComponentsBuilder builder = UriComponentsBuilder + .fromUriString(endSessionEndpoint) + .queryParam("id_token_hint", user.getIdToken().getTokenValue()); + + ResponseEntity logoutResponse = restTemplate.getForEntity(builder.toUriString(), String.class); + if (logoutResponse.getStatusCode().is2xxSuccessful()) { + log.info("Successfulley logged out from Keycloak"); + } else { + log.error("Could not propagate logout to Keycloak"); + } + } + +} \ No newline at end of file diff --git a/src/main/java/de/szut/lf8_starter/security/KeycloakSecurityConfig.java b/src/main/java/de/szut/lf8_starter/security/KeycloakSecurityConfig.java new file mode 100644 index 0000000..d47d6ec --- /dev/null +++ b/src/main/java/de/szut/lf8_starter/security/KeycloakSecurityConfig.java @@ -0,0 +1,97 @@ +package de.szut.lf8_starter.security; + +import java.util.*; +import java.util.stream.Collectors; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.http.HttpMethod; +import org.springframework.security.config.Customizer; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper; +import org.springframework.security.core.session.SessionRegistry; +import org.springframework.security.core.session.SessionRegistryImpl; +import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority; +import org.springframework.security.oauth2.core.user.OAuth2UserAuthority; +import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter; +import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter; +import org.springframework.security.web.SecurityFilterChain; +import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy; +import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy; +import org.springframework.security.web.session.HttpSessionEventPublisher; +import org.springframework.security.web.util.matcher.AntPathRequestMatcher; + +@Configuration +@EnableWebSecurity +class KeycloakSecurityConfig { + + private static final String GROUPS = "groups"; + private static final String REALM_ACCESS_CLAIM = "realm_access"; + private static final String ROLES_CLAIM = "roles"; + + private final KeycloakLogoutHandler keycloakLogoutHandler; + + KeycloakSecurityConfig(KeycloakLogoutHandler keycloakLogoutHandler) { + this.keycloakLogoutHandler = keycloakLogoutHandler; + } + + @Bean + public SessionRegistry sessionRegistry() { + return new SessionRegistryImpl(); + } + + @Bean + protected SessionAuthenticationStrategy sessionAuthenticationStrategy() { + return new RegisterSessionAuthenticationStrategy(sessionRegistry()); + } + + @Bean + public HttpSessionEventPublisher httpSessionEventPublisher() { + return new HttpSessionEventPublisher(); + } + + + @Bean + public SecurityFilterChain resourceServerFilterChain(HttpSecurity http) throws Exception { + + http.authorizeHttpRequests(auth -> auth + .requestMatchers(new AntPathRequestMatcher("/welcome")) + .permitAll() + .requestMatchers( + new AntPathRequestMatcher("/swagger"), + new AntPathRequestMatcher("/swagger-ui/**"), + new AntPathRequestMatcher("/v3/api-docs/**")) + .permitAll() + .requestMatchers(new AntPathRequestMatcher("/hello/**")) + .hasRole("user") + .requestMatchers(new AntPathRequestMatcher("/roles")) + .authenticated() + .requestMatchers(new AntPathRequestMatcher("/")) + .permitAll() + .anyRequest() + .authenticated()).oauth2ResourceServer(spec -> spec.jwt(Customizer.withDefaults())); + return http.build(); + } + + @Bean + public JwtAuthenticationConverter jwtAuthenticationConverter() { + JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter(); + jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(jwt -> { + List grantedAuthorities = new ArrayList<>(); + + Map realmAccess = jwt.getClaim("realm_access"); + if (realmAccess != null && realmAccess.containsKey("roles")) { + List roles = (List) realmAccess.get("roles"); + for (String role : roles) { + grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_" + role)); + } + } + + return grantedAuthorities; + }); + return jwtAuthenticationConverter; + } +} \ No newline at end of file diff --git a/src/main/java/de/szut/lf8_starter/welcome/WelcomeController.java b/src/main/java/de/szut/lf8_starter/welcome/WelcomeController.java new file mode 100644 index 0000000..6ed067b --- /dev/null +++ b/src/main/java/de/szut/lf8_starter/welcome/WelcomeController.java @@ -0,0 +1,27 @@ +package de.szut.lf8_starter.welcome; + + + +import org.springframework.http.ResponseEntity; +import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.core.Authentication; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RestController; + +import java.security.Principal; + +@RestController +public class WelcomeController { + + @GetMapping("/welcome") + public String welcome() { + return "welcome to lf8_starter"; + } + + @GetMapping("/roles") + public ResponseEntity getRoles(Authentication authentication) { + return ResponseEntity.ok(authentication.getAuthorities()); + } + + +} diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties new file mode 100644 index 0000000..93548c2 --- /dev/null +++ b/src/main/resources/application.properties @@ -0,0 +1,24 @@ +spring.datasource.url=jdbc:postgresql://localhost:5432/lf8_starter_db +spring.datasource.username=lf8_starter +spring.datasource.password=secret +server.port=8080 +spring.jpa.hibernate.ddl-auto=create-drop + + + +spring.application.name=lf8_starter +#client registration configuration +spring.security.oauth2.client.registration.keycloak.client-id=employee-management-service +spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code +spring.security.oauth2.client.registration.keycloak.scope=openid + +#OIDC provider configuration: +spring.security.oauth2.client.provider.keycloak.issuer-uri=https://keycloak.szut.dev/auth/realms/szut +spring.security.oauth2.client.provider.keycloak.user-name-attribute=preferred_username +logging.level.org.springframework.security=DEBUG +#validating JWT token against our Keycloak server +spring.security.oauth2.resourceserver.jwt.issuer-uri=https://keycloak.szut.dev/auth/realms/szut + +springdoc.swagger-ui.path=swagger +springdoc.swagger-ui.try-it-out-enabled=true + diff --git a/src/test/java/de/szut/lf8_starter/Lf8StarterApplicationTests.java b/src/test/java/de/szut/lf8_starter/Lf8StarterApplicationTests.java new file mode 100644 index 0000000..942f2cb --- /dev/null +++ b/src/test/java/de/szut/lf8_starter/Lf8StarterApplicationTests.java @@ -0,0 +1,13 @@ +package de.szut.lf8_starter; + +import org.junit.jupiter.api.Test; +import org.springframework.boot.test.context.SpringBootTest; + +@SpringBootTest +class Lf8StarterApplicationTests { + + @Test + void contextLoads() { + } + +}