first

src/main/java/de/szut/lf8_starter/Lf8StarterApplication.java

@@ -0,0 +1,13 @@
+package de.szut.lf8_starter;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class Lf8StarterApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(Lf8StarterApplication.class, args);
+    }
+
+}

src/main/java/de/szut/lf8_starter/config/OpenAPIConfiguration.java

@@ -0,0 +1,60 @@
+package de.szut.lf8_starter.config;
+
+
+
+import io.swagger.v3.oas.models.Components;
+import io.swagger.v3.oas.models.OpenAPI;
+import io.swagger.v3.oas.models.info.Info;
+import io.swagger.v3.oas.models.security.SecurityRequirement;
+import io.swagger.v3.oas.models.security.SecurityScheme;
+import io.swagger.v3.oas.models.servers.Server;
+import jakarta.servlet.ServletContext;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+
+@Configuration
+public class OpenAPIConfiguration {
+
+    private ServletContext context;
+
+    public OpenAPIConfiguration(ServletContext context) {
+        this.context = context;
+    }
+
+
+    @Bean
+    public OpenAPI springShopOpenAPI(
+            //  @Value("${info.app.version}") String appVersion,
+    ) {
+        final String securitySchemeName = "bearerAuth";
+
+        return new OpenAPI()
+                .addServersItem(new Server().url(this.context.getContextPath()))
+                .info(new Info()
+                        .title("LF8 project starter")
+                        .description("\n## Auth\n" +
+                                "\n## Authentication\n" + "\nThis Hello service uses JWTs to authenticate requests. You will receive a bearer token by making a POST-Request in IntelliJ on:\n\n" +
+                                "\n" +
+                                "```\nPOST http://keycloak.szut.dev/auth/realms/szut/protocol/openid-connect/token\nContent-Type: application/x-www-form-urlencoded\ngrant_type=password&client_id=employee-management-service&username=user&password=test\n```\n" +
+                                "\n" +
+                                "\nor by CURL\n" +
+                                "```\ncurl -X POST 'http://keycloak.szut.dev/auth/realms/szut/protocol/openid-connect/token'\n--header 'Content-Type: application/x-www-form-urlencoded'\n--data-urlencode 'grant_type=password'\n--data-urlencode 'client_id=employee-management-service'\n--data-urlencode 'username=user'\n--data-urlencode 'password=test'\n```\n" +
+                                "\nTo get a bearer-token in Postman, you have to follow the instructions in \n [Postman-Documentation](https://documenter.getpostman.com/view/7294517/SzmfZHnd).")
+
+                        .version("0.1"))
+                .addSecurityItem(new SecurityRequirement().addList(securitySchemeName))
+                .components(
+                        new Components()
+                                .addSecuritySchemes(securitySchemeName,
+                                        new SecurityScheme()
+                                                .name(securitySchemeName)
+                                                .type(SecurityScheme.Type.HTTP)
+                                                .scheme("bearer")
+                                                .bearerFormat("JWT")
+                                )
+                );
+    }
+
+
+}

src/main/java/de/szut/lf8_starter/config/SampleDataCreator.java

@@ -0,0 +1,33 @@
+package de.szut.lf8_starter.config;
+
+
+import de.szut.lf8_starter.hello.HelloEntity;
+import de.szut.lf8_starter.hello.HelloRepository;
+import org.springframework.boot.ApplicationArguments;
+import org.springframework.boot.ApplicationRunner;
+import org.springframework.context.annotation.Bean;
+import org.springframework.stereotype.Component;
+import org.springframework.web.client.RestTemplate;
+
+@Component
+public class SampleDataCreator implements ApplicationRunner {
+
+    private HelloRepository repository;
+
+    public SampleDataCreator(HelloRepository repository) {
+        this.repository = repository;
+    }
+
+    public void run(ApplicationArguments args) {
+        repository.save(new HelloEntity("Hallo Welt!"));
+        repository.save(new HelloEntity("Schöner Tag heute"));
+        repository.save(new HelloEntity("FooBar"));
+
+    }
+
+    @Bean
+    public RestTemplate restTemplate() {
+        return new RestTemplate();
+    }
+
+}

src/main/java/de/szut/lf8_starter/exceptionHandling/ErrorDetails.java

@@ -0,0 +1,14 @@
+package de.szut.lf8_starter.exceptionHandling;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+
+import java.util.Date;
+
+@Data
+@AllArgsConstructor
+public class ErrorDetails {
+    private Date timestamp;
+    private String message;
+    private String details;
+}

src/main/java/de/szut/lf8_starter/exceptionHandling/GlobalExceptionHandler.java

@@ -0,0 +1,28 @@
+package de.szut.lf8_starter.exceptionHandling;
+
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.responses.ApiResponses;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.ControllerAdvice;
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.context.request.WebRequest;
+
+import java.util.Date;
+
+@ControllerAdvice
+@ApiResponses(value = {
+        @ApiResponse(responseCode = "500", description = "invalid JSON posted",
+                content = @Content)
+})
+public class GlobalExceptionHandler {
+
+    @ExceptionHandler(ResourceNotFoundException.class)
+    public ResponseEntity<?> handleHelloEntityNotFoundException(ResourceNotFoundException ex, WebRequest request) {
+        ErrorDetails errorDetails = new ErrorDetails(new Date(), ex.getMessage(), request.getDescription(false));
+        return new ResponseEntity<>(errorDetails, HttpStatus.NOT_FOUND);
+    }
+
+
+}

src/main/java/de/szut/lf8_starter/exceptionHandling/ResourceNotFoundException.java

@@ -0,0 +1,11 @@
+package de.szut.lf8_starter.exceptionHandling;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.web.bind.annotation.ResponseStatus;
+
+@ResponseStatus(value = HttpStatus.NOT_FOUND)
+public class ResourceNotFoundException extends RuntimeException {
+    public ResourceNotFoundException(String message) {
+        super(message);
+    }
+}

src/main/java/de/szut/lf8_starter/hello/HelloController.java

@@ -0,0 +1,99 @@
+package de.szut.lf8_starter.hello;
+
+
+import de.szut.lf8_starter.exceptionHandling.ResourceNotFoundException;
+import de.szut.lf8_starter.hello.dto.HelloCreateDto;
+import de.szut.lf8_starter.hello.dto.HelloGetDto;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.media.Content;
+import io.swagger.v3.oas.annotations.media.Schema;
+import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import io.swagger.v3.oas.annotations.responses.ApiResponses;
+import jakarta.validation.Valid;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.List;
+import java.util.stream.Collectors;
+
+@RestController
+@RequestMapping(value = "hello")
+@PreAuthorize("hasAnyAuthority('user')")
+public class HelloController {
+    private final HelloService service;
+    private final HelloMapper helloMapper;
+
+    public HelloController(HelloService service, HelloMapper mappingService) {
+        this.service = service;
+        this.helloMapper = mappingService;
+    }
+
+    @Operation(summary = "creates a new hello with its id and message")
+    @ApiResponses(value = {
+            @ApiResponse(responseCode = "201", description = "created hello",
+                    content = {@Content(mediaType = "application/json",
+                            schema = @Schema(implementation = HelloGetDto.class))}),
+            @ApiResponse(responseCode = "400", description = "invalid JSON posted",
+                    content = @Content),
+            @ApiResponse(responseCode = "401", description = "not authorized",
+                    content = @Content)})
+    @PostMapping
+    public HelloGetDto create(@RequestBody @Valid HelloCreateDto helloCreateDto) {
+        HelloEntity helloEntity = this.helloMapper.mapCreateDtoToEntity(helloCreateDto);
+        helloEntity = this.service.create(helloEntity);
+        return this.helloMapper.mapToGetDto(helloEntity);
+    }
+
+    @Operation(summary = "delivers a list of hellos")
+    @ApiResponses(value = {
+            @ApiResponse(responseCode = "200", description = "list of hellos",
+                    content = {@Content(mediaType = "application/json",
+                            schema = @Schema(implementation = HelloGetDto.class))}),
+            @ApiResponse(responseCode = "401", description = "not authorized",
+                    content = @Content)})
+    @GetMapping
+    public List<HelloGetDto> findAll() {
+        return this.service
+                .readAll()
+                .stream()
+                .map(e -> this.helloMapper.mapToGetDto(e))
+                .collect(Collectors.toList());
+    }
+
+    @Operation(summary = "deletes a Hello by id")
+    @ApiResponses(value = {
+            @ApiResponse(responseCode = "204", description = "delete successful"),
+            @ApiResponse(responseCode = "401", description = "not authorized",
+                    content = @Content),
+            @ApiResponse(responseCode = "404", description = "resource not found",
+                    content = @Content)})
+    @DeleteMapping("/{id}")
+    @ResponseStatus(code = HttpStatus.NO_CONTENT)
+    public void deleteHelloById(@PathVariable long id) {
+        var entity = this.service.readById(id);
+        if (entity == null) {
+            throw new ResourceNotFoundException("HelloEntity not found on id = " + id);
+        } else {
+            this.service.delete(entity);
+        }
+    }
+
+    @Operation(summary = "find hellos by message")
+    @ApiResponses(value = {
+            @ApiResponse(responseCode = "200", description = "List of hellos who have the given message",
+                    content = {@Content(mediaType = "application/json",
+                            schema = @Schema(implementation = HelloGetDto.class))}),
+            @ApiResponse(responseCode = "404", description = "qualification description does not exist",
+                    content = @Content),
+            @ApiResponse(responseCode = "401", description = "not authorized",
+                    content = @Content)})
+    @GetMapping("/findByMessage")
+    public List<HelloGetDto> findAllEmployeesByQualification(@RequestParam String message) {
+        return this.service
+                .findByMessage(message)
+                .stream()
+                .map(e -> this.helloMapper.mapToGetDto(e))
+                .collect(Collectors.toList());
+    }
+}

src/main/java/de/szut/lf8_starter/hello/HelloEntity.java

@@ -0,0 +1,27 @@
+package de.szut.lf8_starter.hello;
+
+import jakarta.persistence.*;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+@NoArgsConstructor
+@AllArgsConstructor
+@Getter
+@Setter
+@Entity
+@Table(name = "hello")
+public class HelloEntity {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private long id;
+
+    private String message;
+
+    public HelloEntity(String message) {
+        this.message = message;
+    }
+}
+

src/main/java/de/szut/lf8_starter/hello/HelloMapper.java

@@ -0,0 +1,20 @@
+package de.szut.lf8_starter.hello;
+
+
+import de.szut.lf8_starter.hello.dto.HelloCreateDto;
+import de.szut.lf8_starter.hello.dto.HelloGetDto;
+import org.springframework.stereotype.Service;
+
+@Service
+public class HelloMapper {
+
+    public HelloGetDto mapToGetDto(HelloEntity entity) {
+        return new HelloGetDto(entity.getId(), entity.getMessage());
+    }
+
+    public HelloEntity mapCreateDtoToEntity(HelloCreateDto dto) {
+        var entity = new HelloEntity();
+        entity.setMessage(dto.getMessage());
+        return entity;
+    }
+}

src/main/java/de/szut/lf8_starter/hello/HelloRepository.java

@@ -0,0 +1,12 @@
+package de.szut.lf8_starter.hello;
+
+
+import org.springframework.data.jpa.repository.JpaRepository;
+
+import java.util.List;
+
+public interface HelloRepository extends JpaRepository<HelloEntity, Long> {
+
+
+    List<HelloEntity> findByMessage(String message);
+}

src/main/java/de/szut/lf8_starter/hello/HelloService.java

@@ -0,0 +1,40 @@
+package de.szut.lf8_starter.hello;
+
+import org.springframework.stereotype.Service;
+
+import java.util.List;
+import java.util.Optional;
+
+@Service
+public class HelloService {
+    private final HelloRepository repository;
+
+    public HelloService(HelloRepository repository) {
+        this.repository = repository;
+    }
+
+    public HelloEntity create(HelloEntity entity) {
+        return this.repository.save(entity);
+    }
+
+    public List<HelloEntity> readAll() {
+        return this.repository.findAll();
+    }
+
+    public HelloEntity readById(long id) {
+        Optional<HelloEntity> optionalQualification = this.repository.findById(id);
+        if (optionalQualification.isEmpty()) {
+            return null;
+        }
+        return optionalQualification.get();
+    }
+
+
+    public void delete(HelloEntity entity) {
+        this.repository.delete(entity);
+    }
+
+    public List<HelloEntity> findByMessage(String message) {
+        return this.repository.findByMessage(message);
+    }
+}

src/main/java/de/szut/lf8_starter/hello/dto/HelloCreateDto.java

@@ -0,0 +1,20 @@
+package de.szut.lf8_starter.hello.dto;
+
+import com.fasterxml.jackson.annotation.JsonCreator;
+import jakarta.validation.constraints.Size;
+import lombok.Getter;
+import lombok.Setter;
+
+
+@Getter
+@Setter
+public class HelloCreateDto {
+
+    @Size(min = 3, message = "at least length of 3")
+    private String message;
+
+    @JsonCreator
+    public HelloCreateDto(String message) {
+        this.message = message;
+    }
+}

src/main/java/de/szut/lf8_starter/hello/dto/HelloGetDto.java

@@ -0,0 +1,17 @@
+package de.szut.lf8_starter.hello.dto;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.Setter;
+
+@AllArgsConstructor
+@Getter
+@Setter
+public class HelloGetDto {
+
+    private long id;
+
+    private String message;
+
+}
+

src/main/java/de/szut/lf8_starter/security/KeycloakLogoutHandler.java

@@ -0,0 +1,49 @@
+package de.szut.lf8_starter.security;
+
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.oauth2.core.oidc.user.OidcUser;
+import org.springframework.security.web.authentication.logout.LogoutHandler;
+import org.springframework.stereotype.Component;
+import org.springframework.web.client.RestTemplate;
+import org.springframework.web.util.UriComponentsBuilder;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+@Slf4j
+@Component
+public class KeycloakLogoutHandler implements LogoutHandler {
+
+
+    private final RestTemplate restTemplate;
+
+    public KeycloakLogoutHandler(RestTemplate restTemplate) {
+        this.restTemplate = restTemplate;
+    }
+
+    @Override
+    public void logout(HttpServletRequest request, HttpServletResponse response, Authentication auth) {
+        logout(request, auth);
+    }
+
+    public void logout(HttpServletRequest request, Authentication auth) {
+        logoutFromKeycloak((OidcUser) auth.getPrincipal());
+    }
+
+    private void logoutFromKeycloak(OidcUser user) {
+        String endSessionEndpoint = user.getIssuer() + "/protocol/openid-connect/logout";
+        UriComponentsBuilder builder = UriComponentsBuilder
+                .fromUriString(endSessionEndpoint)
+                .queryParam("id_token_hint", user.getIdToken().getTokenValue());
+
+        ResponseEntity<String> logoutResponse = restTemplate.getForEntity(builder.toUriString(), String.class);
+        if (logoutResponse.getStatusCode().is2xxSuccessful()) {
+            log.info("Successfulley logged out from Keycloak");
+        } else {
+            log.error("Could not propagate logout to Keycloak");
+        }
+    }
+
+}

src/main/java/de/szut/lf8_starter/security/KeycloakSecurityConfig.java

@@ -0,0 +1,97 @@
+package de.szut.lf8_starter.security;
+
+import java.util.*;
+import java.util.stream.Collectors;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
+import org.springframework.security.core.session.SessionRegistry;
+import org.springframework.security.core.session.SessionRegistryImpl;
+import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
+import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
+import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
+import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy;
+import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
+import org.springframework.security.web.session.HttpSessionEventPublisher;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+
+@Configuration
+@EnableWebSecurity
+class KeycloakSecurityConfig {
+
+    private static final String GROUPS = "groups";
+    private static final String REALM_ACCESS_CLAIM = "realm_access";
+    private static final String ROLES_CLAIM = "roles";
+
+    private final KeycloakLogoutHandler keycloakLogoutHandler;
+
+    KeycloakSecurityConfig(KeycloakLogoutHandler keycloakLogoutHandler) {
+        this.keycloakLogoutHandler = keycloakLogoutHandler;
+    }
+
+    @Bean
+    public SessionRegistry sessionRegistry() {
+        return new SessionRegistryImpl();
+    }
+
+    @Bean
+    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
+        return new RegisterSessionAuthenticationStrategy(sessionRegistry());
+    }
+
+    @Bean
+    public HttpSessionEventPublisher httpSessionEventPublisher() {
+        return new HttpSessionEventPublisher();
+    }
+
+
+    @Bean
+    public SecurityFilterChain resourceServerFilterChain(HttpSecurity http) throws Exception {
+
+        http.authorizeHttpRequests(auth -> auth
+                .requestMatchers(new AntPathRequestMatcher("/welcome"))
+                .permitAll()
+                .requestMatchers(
+                        new AntPathRequestMatcher("/swagger"),
+                        new AntPathRequestMatcher("/swagger-ui/**"),
+                        new AntPathRequestMatcher("/v3/api-docs/**"))
+                .permitAll()
+                .requestMatchers(new AntPathRequestMatcher("/hello/**"))
+                .hasRole("user")
+                .requestMatchers(new AntPathRequestMatcher("/roles"))
+                .authenticated()
+                .requestMatchers(new AntPathRequestMatcher("/"))
+                .permitAll()
+                .anyRequest()
+                .authenticated()).oauth2ResourceServer(spec -> spec.jwt(Customizer.withDefaults()));
+        return http.build();
+    }
+
+    @Bean
+    public JwtAuthenticationConverter jwtAuthenticationConverter() {
+        JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
+        jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(jwt -> {
+            List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
+
+            Map<String, Object> realmAccess = jwt.getClaim("realm_access");
+            if (realmAccess != null && realmAccess.containsKey("roles")) {
+                List<String> roles = (List<String>) realmAccess.get("roles");
+                for (String role : roles) {
+                    grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_" + role));
+                }
+            }
+
+            return grantedAuthorities;
+        });
+        return jwtAuthenticationConverter;
+    }
+}

src/main/java/de/szut/lf8_starter/welcome/WelcomeController.java

@@ -0,0 +1,27 @@
+package de.szut.lf8_starter.welcome;
+
+
+
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.core.Authentication;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.security.Principal;
+
+@RestController
+public class WelcomeController {
+
+    @GetMapping("/welcome")
+    public String welcome() {
+        return "welcome to lf8_starter";
+    }
+
+    @GetMapping("/roles")
+    public ResponseEntity<?> getRoles(Authentication authentication) {
+        return ResponseEntity.ok(authentication.getAuthorities());
+    }
+
+
+}

src/main/resources/application.properties

@@ -0,0 +1,24 @@
+spring.datasource.url=jdbc:postgresql://localhost:5432/lf8_starter_db
+spring.datasource.username=lf8_starter
+spring.datasource.password=secret
+server.port=8080
+spring.jpa.hibernate.ddl-auto=create-drop
+
+
+
+spring.application.name=lf8_starter
+#client registration configuration
+spring.security.oauth2.client.registration.keycloak.client-id=employee-management-service
+spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code
+spring.security.oauth2.client.registration.keycloak.scope=openid
+
+#OIDC provider configuration:
+spring.security.oauth2.client.provider.keycloak.issuer-uri=https://keycloak.szut.dev/auth/realms/szut
+spring.security.oauth2.client.provider.keycloak.user-name-attribute=preferred_username
+logging.level.org.springframework.security=DEBUG
+#validating JWT token against our Keycloak server
+spring.security.oauth2.resourceserver.jwt.issuer-uri=https://keycloak.szut.dev/auth/realms/szut
+
+springdoc.swagger-ui.path=swagger
+springdoc.swagger-ui.try-it-out-enabled=true
+

src/test/java/de/szut/lf8_starter/Lf8StarterApplicationTests.java

@@ -0,0 +1,13 @@
+package de.szut.lf8_starter;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+
+@SpringBootTest
+class Lf8StarterApplicationTests {
+
+    @Test
+    void contextLoads() {
+    }
+
+}