feat(impl):[#259] update changelog and spotbug

CHANGELOG.md

@@ -5,11 +5,15 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
-
 ### Added
-
 - Added cache mechanism in DiscoveryFinderClientImpl for findDiscoveryEndpoints
 
+### Changed
+- Authentication was redesigned to use API keys, instead of OAuth2 protocol. The api key has to be sent as a X-API-KEY request header. IRS is supporting two types of API keys - one for admin and one for regular/view usage. Use new ``apiKeyAdmin`` and ``apiKeyRegular`` config entries to set up API keys.
+
+### Removed
+- Removed ``oauth.resourceClaim``, ``oauth.irsNamespace``,``oauth.roles``,``oauth2.jwkSetUri`` config entries
+
 ## [4.3.0] - 2023-12-08
 ### Added
 - Added support for `hasAlternatives` property in SingleLevelBomAsBuilt aspect

irs-api/pom.xml

@@ -92,10 +92,6 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-log4j2</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
-        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-oauth2-client</artifactId>

irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/security/ApiKeyAuthentication.java

@@ -33,18 +33,18 @@ public class ApiKeyAuthentication extends AbstractAuthenticationToken {
     private final ApiKeyAuthority apiKeyAuthority;
 
     public ApiKeyAuthentication(final ApiKeyAuthority apiKeyAuthority) {
-        super(apiKeyAuthority.authorities());
+        super(apiKeyAuthority.getAuthorities());
         this.apiKeyAuthority = apiKeyAuthority;
         setAuthenticated(true);
     }
 
     @Override
     public Object getCredentials() {
-        return apiKeyAuthority.apiKey();
+        return apiKeyAuthority.getApiKey();
     }
 
     @Override
     public Object getPrincipal() {
-        return apiKeyAuthority.apiKey();
+        return apiKeyAuthority.getApiKey();
     }
 }

irs-api/src/main/java/org/eclipse/tractusx/irs/configuration/security/ApiKeyAuthority.java

@@ -23,15 +23,20 @@
  ********************************************************************************/
 package org.eclipse.tractusx.irs.configuration.security;
 
+import java.io.Serializable;
 import java.util.List;
 
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
 import org.springframework.security.core.GrantedAuthority;
 
 /**
- * @param apiKey
- * @param authorities
  */
-public record ApiKeyAuthority(String apiKey, List<GrantedAuthority> authorities) {
+@RequiredArgsConstructor
+@Getter
+public class ApiKeyAuthority implements Serializable {
+    private final String apiKey;
+    private final List<GrantedAuthority> authorities;
 
     @SuppressWarnings("PMD.ShortMethodName")
     public static ApiKeyAuthority of(final String apiKey, final List<GrantedAuthority> authorities) {