diff --git a/apps/endringsmelding-service/src/main/resources/application.yml b/apps/endringsmelding-service/src/main/resources/application.yml index ca9967a8b1f..d7cdb8c63fc 100644 --- a/apps/endringsmelding-service/src/main/resources/application.yml +++ b/apps/endringsmelding-service/src/main/resources/application.yml @@ -4,7 +4,7 @@ spring: application: version: application.version.todo #TODO Finn ut hvordan denne kan settes fra gradle name: endringsmelding-service - desciption: Tjeneste for å sende endringsmeldinger + description: Tjeneste for å sende endringsmeldinger security: oauth2: resourceserver: diff --git a/apps/organisasjon-tilgang-service/src/main/resources/application.yml b/apps/organisasjon-tilgang-service/src/main/resources/application.yml index 1d4c4dbdf0a..543d3d30f23 100644 --- a/apps/organisasjon-tilgang-service/src/main/resources/application.yml +++ b/apps/organisasjon-tilgang-service/src/main/resources/application.yml @@ -4,7 +4,7 @@ spring: application: version: application.version.todo name: testnav-organisasjon-tilgang-service - desciption: Tjeneste for hente og sette tilganger for orgnisasjoner + description: Tjeneste for hente og sette tilganger for orgnisasjoner security: oauth2: resourceserver: diff --git a/apps/profil-api/src/main/java/no/nav/registre/testnorge/profil/service/AzureAdTokenService.java b/apps/profil-api/src/main/java/no/nav/registre/testnorge/profil/service/AzureAdTokenService.java index 07cbc158beb..f262be55d05 100644 --- a/apps/profil-api/src/main/java/no/nav/registre/testnorge/profil/service/AzureAdTokenService.java +++ b/apps/profil-api/src/main/java/no/nav/registre/testnorge/profil/service/AzureAdTokenService.java @@ -1,6 +1,7 @@ package no.nav.registre.testnorge.profil.service; import lombok.extern.slf4j.Slf4j; +import no.nav.testnav.libs.securitycore.domain.azuread.AzureClientCredential; import org.springframework.beans.factory.annotation.Value; import org.springframework.http.HttpHeaders; import org.springframework.http.MediaType; @@ -15,21 +16,19 @@ import no.nav.testnav.libs.securitycore.command.azuread.OnBehalfOfExchangeCommand; import no.nav.testnav.libs.securitycore.domain.AccessToken; -import no.nav.testnav.libs.securitycore.domain.azuread.AzureNavClientCredential; -import no.nav.testnav.libs.securitycore.domain.azuread.ClientCredential; import no.nav.testnav.libs.servletsecurity.action.GetAuthenticatedToken; @Slf4j @Service public class AzureAdTokenService { private final WebClient webClient; - private final ClientCredential clientCredential; + private final AzureClientCredential clientCredential; private final GetAuthenticatedToken getAuthenticatedToken; public AzureAdTokenService( @Value("${http.proxy:#{null}}") String proxyHost, @Value("${AAD_ISSUER_URI}") String issuerUrl, - AzureNavClientCredential clientCredential, + AzureClientCredential clientCredential, GetAuthenticatedToken getAuthenticatedToken ) { log.info("Init custom AzureAd token exchange."); diff --git a/apps/profil-api/src/main/resources/application.yml b/apps/profil-api/src/main/resources/application.yml index 9878c224663..4c9b6cac076 100644 --- a/apps/profil-api/src/main/resources/application.yml +++ b/apps/profil-api/src/main/resources/application.yml @@ -4,7 +4,7 @@ spring: application: version: application.version.todo #TODO Finn ut hvordan denne kan settes fra gradle name: testnorge-profil-api - desciption: API for hente ut profil fra Azure Ad + description: API for hente ut profil fra Azure Ad cluster: dev-gcp namespace: dolly security: diff --git a/apps/tenor-search-service/src/main/resources/application.yml b/apps/tenor-search-service/src/main/resources/application.yml index a8a87170a82..765f641ea55 100644 --- a/apps/tenor-search-service/src/main/resources/application.yml +++ b/apps/tenor-search-service/src/main/resources/application.yml @@ -3,7 +3,7 @@ spring: application: version: 1 name: testnav-tenor-search-service - desciption: Tjeneste som formidler søk til Tenor testdata hos Skatteetaten + description: Tjeneste som formidler søk til Tenor testdata hos Skatteetaten security: oauth2: resourceserver: diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/config/SecureOAuth2ServerToServerConfiguration.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/config/SecureOAuth2ServerToServerConfiguration.java index af8a38815fe..a33272d758a 100644 --- a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/config/SecureOAuth2ServerToServerConfiguration.java +++ b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/config/SecureOAuth2ServerToServerConfiguration.java @@ -1,48 +1,35 @@ package no.nav.testnav.libs.reactivesecurity.config; -import no.nav.testnav.libs.reactivesecurity.domain.AzureNavProxyClientCredential; -import no.nav.testnav.libs.reactivesecurity.exchange.azuread.NavAzureAdTokenService; -import no.nav.testnav.libs.reactivesecurity.properties.TrygdeetatenAzureAdResourceServerProperties; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.Import; - -import java.util.List; - import no.nav.testnav.libs.reactivesecurity.action.GetAuthenticatedResourceServerType; import no.nav.testnav.libs.reactivesecurity.action.GetAuthenticatedToken; import no.nav.testnav.libs.reactivesecurity.action.GetAuthenticatedUserId; -import no.nav.testnav.libs.reactivesecurity.domain.AzureTrygdeetatenClientCredential; import no.nav.testnav.libs.reactivesecurity.exchange.TokenExchange; -import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureAdTokenService; -import no.nav.testnav.libs.reactivesecurity.exchange.azuread.TrygdeetatenAzureAdTokenService; import no.nav.testnav.libs.reactivesecurity.exchange.tokenx.TokenXService; import no.nav.testnav.libs.reactivesecurity.manager.JwtReactiveAuthenticationManager; import no.nav.testnav.libs.reactivesecurity.properties.AzureAdResourceServerProperties; import no.nav.testnav.libs.reactivesecurity.properties.ResourceServerProperties; import no.nav.testnav.libs.reactivesecurity.properties.TokenxResourceServerProperties; -import no.nav.testnav.libs.securitycore.domain.azuread.AzureNavClientCredential; +import no.nav.testnav.libs.reactivesecurity.properties.TrygdeetatenAzureAdResourceServerProperties; import no.nav.testnav.libs.securitycore.domain.tokenx.TokenXProperties; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Import; + +import java.util.List; @Configuration @Import({ - AzureNavClientCredential.class, TokenXService.class, TokenxResourceServerProperties.class, AzureAdResourceServerProperties.class, TrygdeetatenAzureAdResourceServerProperties.class, - AzureAdTokenService.class, TokenExchange.class, GetAuthenticatedUserId.class, GetAuthenticatedResourceServerType.class, GetAuthenticatedToken.class, - TokenXProperties.class, - AzureTrygdeetatenClientCredential.class, - TrygdeetatenAzureAdTokenService.class, - AzureNavProxyClientCredential.class, - NavAzureAdTokenService.class + TokenXProperties.class }) public class SecureOAuth2ServerToServerConfiguration { diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/domain/AccessScopes.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/domain/AccessScopes.java deleted file mode 100644 index e1a65ddd613..00000000000 --- a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/domain/AccessScopes.java +++ /dev/null @@ -1,26 +0,0 @@ -package no.nav.testnav.libs.reactivesecurity.domain; - -import java.util.Arrays; -import java.util.Collections; -import java.util.List; - - -public class AccessScopes { - private final List scopes; - - public AccessScopes(List scopes) { - this.scopes = scopes; - } - - public AccessScopes(String... scopes) { - this.scopes = Arrays.asList(scopes); - } - - public AccessScopes(Scopeable scopeable) { - this.scopes = Collections.singletonList(scopeable.toScope()); - } - - public List getScopes() { - return scopes; - } -} diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/domain/AzureNavProxyClientCredential.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/domain/AzureNavProxyClientCredential.java deleted file mode 100644 index bd5d322fdeb..00000000000 --- a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/domain/AzureNavProxyClientCredential.java +++ /dev/null @@ -1,24 +0,0 @@ -package no.nav.testnav.libs.reactivesecurity.domain; - -import lombok.EqualsAndHashCode; -import lombok.Getter; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.context.annotation.Configuration; - -import no.nav.testnav.libs.securitycore.domain.azuread.ClientCredential; - -@Getter -@EqualsAndHashCode(callSuper = false) -@Configuration -public class AzureNavProxyClientCredential extends ClientCredential { - private final String tokenEndpoint; - - public AzureNavProxyClientCredential( - @Value("${AZURE_NAV_OPENID_CONFIG_TOKEN_ENDPOINT:#{null}}") String tokenEndpoint, - @Value("${AZURE_NAV_APP_CLIENT_ID:#{null}}") String clientId, - @Value("${AZURE_NAV_APP_CLIENT_SECRET:#{null}}") String clientSecret - ) { - super(clientId, clientSecret); - this.tokenEndpoint = tokenEndpoint; - } -} diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/domain/AzureTrygdeetatenClientCredential.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/domain/AzureTrygdeetatenClientCredential.java deleted file mode 100644 index 5e69f2cccbe..00000000000 --- a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/domain/AzureTrygdeetatenClientCredential.java +++ /dev/null @@ -1,41 +0,0 @@ -package no.nav.testnav.libs.reactivesecurity.domain; - -import org.springframework.beans.factory.annotation.Value; -import org.springframework.context.annotation.Configuration; - -import java.util.Objects; - -import no.nav.testnav.libs.securitycore.domain.azuread.ClientCredential; - -@Configuration -public class AzureTrygdeetatenClientCredential extends ClientCredential { - private final String tokenEndpoint; - - public AzureTrygdeetatenClientCredential( - @Value("${AZURE_TRYGDEETATEN_OPENID_CONFIG_TOKEN_ENDPOINT:#{null}}") String tokenEndpoint, - @Value("${AZURE_TRYGDEETATEN_APP_CLIENT_ID:#{null}}") String clientId, - @Value("${AZURE_TRYGDEETATEN_APP_CLIENT_SECRET:#{null}}") String clientSecret - ) { - super(clientId, clientSecret); - this.tokenEndpoint = tokenEndpoint; - } - - public String getTokenEndpoint() { - return tokenEndpoint; - } - - - @Override - public boolean equals(Object o) { - if (this == o) return true; - if (o == null || getClass() != o.getClass()) return false; - if (!super.equals(o)) return false; - AzureTrygdeetatenClientCredential that = (AzureTrygdeetatenClientCredential) o; - return Objects.equals(tokenEndpoint, that.tokenEndpoint); - } - - @Override - public int hashCode() { - return Objects.hash(super.hashCode(), tokenEndpoint); - } -} diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/domain/Scopeable.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/domain/Scopeable.java deleted file mode 100644 index c901355f115..00000000000 --- a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/domain/Scopeable.java +++ /dev/null @@ -1,5 +0,0 @@ -package no.nav.testnav.libs.reactivesecurity.domain; - -public interface Scopeable { - String toScope(); -} diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/TokenServiceAutoConfiguration.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/TokenServiceAutoConfiguration.java new file mode 100644 index 00000000000..007f512f24f --- /dev/null +++ b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/TokenServiceAutoConfiguration.java @@ -0,0 +1,86 @@ +package no.nav.testnav.libs.reactivesecurity.exchange; + +import com.fasterxml.jackson.databind.ObjectMapper; +import no.nav.testnav.libs.reactivesecurity.action.GetAuthenticatedToken; +import no.nav.testnav.libs.reactivesecurity.action.GetAuthenticatedUserId; +import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureTokenService; +import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureNavTokenService; +import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureTrygdeetatenTokenService; +import no.nav.testnav.libs.securitycore.domain.azuread.*; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.autoconfigure.AutoConfiguration; +import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Primary; +import org.springframework.context.annotation.Profile; +import org.springframework.util.Assert; + +@AutoConfiguration(after = ClientCredentialAutoConfiguration.class) +public class TokenServiceAutoConfiguration { + + @Value("${HTTP_PROXY:#{null}}") + private String httpProxy; + + @Primary + @Bean + @Profile("test") + AzureTokenService azureAdTokenServiceTest( + AzureClientCredential clientCredential, + GetAuthenticatedToken getAuthenticatedToken + ) { + return new AzureTokenService(null, null, clientCredential, getAuthenticatedToken); + } + + @Bean + @ConditionalOnDollyApplicationConfiguredForAzure + @ConditionalOnMissingBean(AzureTokenService.class) + AzureTokenService azureAdTokenService( + @Value("${AAD_ISSUER_URI:#{null}}") String issuerUrl, + AzureClientCredential clientCredential, + GetAuthenticatedToken getAuthenticatedToken + ) { + Assert.notNull(issuerUrl, "AAD_ISSUER_URI must be set"); + return new AzureTokenService(httpProxy, issuerUrl, clientCredential, getAuthenticatedToken); + } + + @Primary + @Bean + @Profile("test") + AzureNavTokenService azureNavTokenServiceTest( + AzureNavClientCredential azureNavClientCredential + ) { + return new AzureNavTokenService(null, azureNavClientCredential); + } + + @Bean + @ConditionalOnDollyApplicationConfiguredForNav + @ConditionalOnMissingBean(AzureNavTokenService.class) + AzureNavTokenService azureNavTokenService( + AzureNavClientCredential azureNavClientCredential + ) { + return new AzureNavTokenService(httpProxy, azureNavClientCredential); + } + + @Primary + @Bean + @Profile("test") + AzureTrygdeetatenTokenService trygdeetatenAzureAdTokenServiceTest( + AzureTrygdeetatenClientCredential clientCredential, + GetAuthenticatedUserId getAuthenticatedUserId, + ObjectMapper objectMapper + ) { + return new AzureTrygdeetatenTokenService(null, clientCredential, getAuthenticatedUserId, objectMapper); + } + + @Bean + @ConditionalOnDollyApplicationConfiguredForTrygdeetaten + @ConditionalOnMissingBean(AzureTrygdeetatenTokenService.class) + AzureTrygdeetatenTokenService trygdeetatenAzureAdTokenService( + AzureTrygdeetatenClientCredential clientCredential, + GetAuthenticatedUserId getAuthenticatedUserId, + ObjectMapper objectMapper + ) { + return new AzureTrygdeetatenTokenService(httpProxy, clientCredential, getAuthenticatedUserId, objectMapper); + } + +} diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/NavAzureAdTokenService.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/AzureNavTokenService.java similarity index 66% rename from libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/NavAzureAdTokenService.java rename to libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/AzureNavTokenService.java index 2800db0654c..ea7001cafd8 100644 --- a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/NavAzureAdTokenService.java +++ b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/AzureNavTokenService.java @@ -1,12 +1,16 @@ package no.nav.testnav.libs.reactivesecurity.exchange.azuread; import lombok.extern.slf4j.Slf4j; -import no.nav.testnav.libs.reactivesecurity.domain.AzureNavProxyClientCredential; -import org.springframework.beans.factory.annotation.Value; +import no.nav.testnav.libs.reactivesecurity.exchange.TokenService; +import no.nav.testnav.libs.securitycore.command.azuread.ClientCredentialExchangeCommand; +import no.nav.testnav.libs.securitycore.domain.AccessToken; +import no.nav.testnav.libs.securitycore.domain.ResourceServerType; +import no.nav.testnav.libs.securitycore.domain.ServerProperties; +import no.nav.testnav.libs.securitycore.domain.azuread.AzureNavClientCredential; +import no.nav.testnav.libs.securitycore.domain.azuread.ClientCredential; import org.springframework.http.HttpHeaders; import org.springframework.http.MediaType; import org.springframework.http.client.reactive.ReactorClientHttpConnector; -import org.springframework.stereotype.Service; import org.springframework.web.reactive.function.client.WebClient; import reactor.core.publisher.Mono; import reactor.netty.http.client.HttpClient; @@ -14,45 +18,43 @@ import java.net.URI; -import no.nav.testnav.libs.reactivesecurity.exchange.ExchangeToken; -import no.nav.testnav.libs.securitycore.command.azuread.ClientCredentialExchangeCommand; -import no.nav.testnav.libs.securitycore.domain.AccessToken; -import no.nav.testnav.libs.securitycore.domain.ServerProperties; -import no.nav.testnav.libs.securitycore.domain.azuread.ClientCredential; - @Slf4j -@Service -public class NavAzureAdTokenService implements ExchangeToken { +public class AzureNavTokenService implements TokenService { private final WebClient webClient; private final ClientCredential clientCredential; - public NavAzureAdTokenService( - @Value("${http.proxy:#{null}}") String proxyHost, - AzureNavProxyClientCredential azureNavProxyClientCredential + public AzureNavTokenService( + String proxyHost, + AzureNavClientCredential azureNavClientCredential ) { - this.clientCredential = azureNavProxyClientCredential; + this.clientCredential = azureNavClientCredential; log.info("Init AzureAd Nav token service."); WebClient.Builder builder = WebClient .builder() - .baseUrl(azureNavProxyClientCredential.getTokenEndpoint()) + .baseUrl(azureNavClientCredential.getTokenEndpoint()) .defaultHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE); if (proxyHost != null) { log.trace("Setter opp proxy host {} for Client Credentials", proxyHost); var uri = URI.create(proxyHost); HttpClient httpClient = HttpClient - .create() - .proxy(proxy -> proxy - .type(ProxyProvider.Proxy.HTTP) - .host(uri.getHost()) - .port(uri.getPort())); + .create() + .proxy(proxy -> proxy + .type(ProxyProvider.Proxy.HTTP) + .host(uri.getHost()) + .port(uri.getPort())); builder.clientConnector(new ReactorClientHttpConnector(httpClient)); } this.webClient = builder.build(); } + @Override + public ResourceServerType getType() { + return ResourceServerType.AZURE_AD; + } + @Override public Mono exchange(ServerProperties serverProperties) { return new ClientCredentialExchangeCommand( diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/AzureAdTokenService.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/AzureTokenService.java similarity index 79% rename from libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/AzureAdTokenService.java rename to libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/AzureTokenService.java index e65534dcfde..438dab7256a 100644 --- a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/AzureAdTokenService.java +++ b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/AzureTokenService.java @@ -9,15 +9,12 @@ import no.nav.testnav.libs.securitycore.domain.ResourceServerType; import no.nav.testnav.libs.securitycore.domain.ServerProperties; import no.nav.testnav.libs.securitycore.domain.Token; -import no.nav.testnav.libs.securitycore.domain.azuread.AzureNavClientCredential; +import no.nav.testnav.libs.securitycore.domain.azuread.AzureClientCredential; import no.nav.testnav.libs.securitycore.domain.azuread.ClientCredential; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.http.HttpHeaders; import org.springframework.http.MediaType; import org.springframework.http.client.reactive.ReactorClientHttpConnector; import org.springframework.security.access.AccessDeniedException; -import org.springframework.stereotype.Service; import org.springframework.web.reactive.function.client.WebClient; import reactor.core.publisher.Mono; import reactor.netty.http.client.HttpClient; @@ -29,17 +26,15 @@ import static java.util.Objects.isNull; @Slf4j -@Service -@ConditionalOnProperty("spring.security.oauth2.resourceserver.aad.issuer-uri") -public class AzureAdTokenService implements TokenService { +public class AzureTokenService implements TokenService { private final WebClient webClient; private final ClientCredential clientCredential; private final GetAuthenticatedToken getAuthenticatedToken; - public AzureAdTokenService( - @Value("${http.proxy:#{null}}") String proxyHost, - @Value("${AAD_ISSUER_URI}") String issuerUrl, - AzureNavClientCredential azureNavClientCredential, + public AzureTokenService( + String proxyHost, + String issuerUrl, + AzureClientCredential azureClientCredential, GetAuthenticatedToken getAuthenticatedToken ) { log.info("Init AzureAd token exchange."); @@ -53,17 +48,17 @@ public AzureAdTokenService( log.trace("Setter opp proxy host {} for Client Credentials", proxyHost); var uri = URI.create(proxyHost); builder.clientConnector(new ReactorClientHttpConnector( - HttpClient - .create() - .proxy(proxy -> proxy - .type(ProxyProvider.Proxy.HTTP) - .host(uri.getHost()) - .port(uri.getPort())) + HttpClient + .create() + .proxy(proxy -> proxy + .type(ProxyProvider.Proxy.HTTP) + .host(uri.getHost()) + .port(uri.getPort())) )); } this.webClient = builder.build(); this.getAuthenticatedToken = getAuthenticatedToken; - this.clientCredential = azureNavClientCredential; + this.clientCredential = azureClientCredential; } @Override diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/TrygdeetatenAzureAdTokenService.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/AzureTrygdeetatenTokenService.java similarity index 90% rename from libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/TrygdeetatenAzureAdTokenService.java rename to libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/AzureTrygdeetatenTokenService.java index c1a8adb73b2..a6fae4111f7 100644 --- a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/TrygdeetatenAzureAdTokenService.java +++ b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/AzureTrygdeetatenTokenService.java @@ -4,17 +4,16 @@ import lombok.SneakyThrows; import lombok.extern.slf4j.Slf4j; import no.nav.testnav.libs.reactivesecurity.action.GetAuthenticatedUserId; -import no.nav.testnav.libs.reactivesecurity.domain.AzureTrygdeetatenClientCredential; -import no.nav.testnav.libs.reactivesecurity.exchange.ExchangeToken; +import no.nav.testnav.libs.reactivesecurity.exchange.TokenService; import no.nav.testnav.libs.securitycore.command.azuread.ClientCredentialExchangeCommand; import no.nav.testnav.libs.securitycore.domain.AccessToken; +import no.nav.testnav.libs.securitycore.domain.ResourceServerType; import no.nav.testnav.libs.securitycore.domain.ServerProperties; +import no.nav.testnav.libs.securitycore.domain.azuread.AzureTrygdeetatenClientCredential; import no.nav.testnav.libs.securitycore.domain.azuread.ClientCredential; -import org.springframework.beans.factory.annotation.Value; import org.springframework.http.HttpHeaders; import org.springframework.http.MediaType; import org.springframework.http.client.reactive.ReactorClientHttpConnector; -import org.springframework.stereotype.Service; import org.springframework.web.reactive.function.client.WebClient; import reactor.core.publisher.Mono; import reactor.netty.http.client.HttpClient; @@ -29,8 +28,7 @@ import static java.util.Objects.nonNull; @Slf4j -@Service -public class TrygdeetatenAzureAdTokenService implements ExchangeToken { +public class AzureTrygdeetatenTokenService implements TokenService { private final WebClient webClient; private final ClientCredential clientCredential; @@ -38,8 +36,8 @@ public class TrygdeetatenAzureAdTokenService implements ExchangeToken { private final Map tokenCache; private final GetAuthenticatedUserId getAuthenticatedUserId; - public TrygdeetatenAzureAdTokenService( - @Value("${http.proxy:#{null}}") String proxyHost, + public AzureTrygdeetatenTokenService( + String proxyHost, AzureTrygdeetatenClientCredential azureTrygdeetatenClientCredential, GetAuthenticatedUserId getAuthenticatedUserId, ObjectMapper objectMapper) { @@ -70,6 +68,11 @@ public TrygdeetatenAzureAdTokenService( this.webClient = builder.build(); } + @Override + public ResourceServerType getType() { + return ResourceServerType.AZURE_AD; + } + @Override public Mono exchange(ServerProperties serverProperties) { diff --git a/libs/reactive-security/src/main/resources/META-INF/additional-spring-configuration-metadata.json b/libs/reactive-security/src/main/resources/META-INF/additional-spring-configuration-metadata.json new file mode 100644 index 00000000000..2018d3e877b --- /dev/null +++ b/libs/reactive-security/src/main/resources/META-INF/additional-spring-configuration-metadata.json @@ -0,0 +1,9 @@ +{ + "properties": [ + { + "name": "HTTP_PROXY", + "type": "java.lang.String", + "description": "Satt av NAIS i pod, hvis NAIS-manifestet har spec.webproxy." + } + ] +} \ No newline at end of file diff --git a/libs/reactive-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/libs/reactive-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports new file mode 100644 index 00000000000..618cfd98c75 --- /dev/null +++ b/libs/reactive-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports @@ -0,0 +1 @@ +no.nav.testnav.libs.reactivesecurity.exchange.TokenServiceAutoConfiguration \ No newline at end of file diff --git a/libs/reactive-session-security/src/main/java/no/nav/testnav/libs/reactivesessionsecurity/exchange/AzureAdTokenExchange.java b/libs/reactive-session-security/src/main/java/no/nav/testnav/libs/reactivesessionsecurity/exchange/AzureAdTokenExchange.java index 3df7e1c9e9f..e3d73c62bd4 100644 --- a/libs/reactive-session-security/src/main/java/no/nav/testnav/libs/reactivesessionsecurity/exchange/AzureAdTokenExchange.java +++ b/libs/reactive-session-security/src/main/java/no/nav/testnav/libs/reactivesessionsecurity/exchange/AzureAdTokenExchange.java @@ -1,15 +1,13 @@ package no.nav.testnav.libs.reactivesessionsecurity.exchange; -import com.fasterxml.jackson.databind.ObjectMapper; import lombok.extern.slf4j.Slf4j; import no.nav.testnav.libs.reactivesessionsecurity.resolver.TokenResolver; import no.nav.testnav.libs.securitycore.command.azuread.OnBehalfOfExchangeCommand; import no.nav.testnav.libs.securitycore.domain.AccessToken; import no.nav.testnav.libs.securitycore.domain.ServerProperties; -import no.nav.testnav.libs.securitycore.domain.azuread.AzureNavClientCredential; +import no.nav.testnav.libs.securitycore.domain.azuread.AzureClientCredential; import no.nav.testnav.libs.securitycore.domain.azuread.ClientCredential; import org.springframework.beans.factory.annotation.Value; -import org.springframework.context.annotation.Import; import org.springframework.http.HttpHeaders; import org.springframework.http.MediaType; import org.springframework.stereotype.Service; @@ -19,9 +17,6 @@ @Slf4j @Service -@Import({ - AzureNavClientCredential.class -}) public class AzureAdTokenExchange implements ExchangeToken { private final WebClient webClient; private final TokenResolver tokenResolver; @@ -30,7 +25,7 @@ public class AzureAdTokenExchange implements ExchangeToken { public AzureAdTokenExchange( @Value("${AAD_ISSUER_URI}") String issuerUrl, TokenResolver tokenResolver, - AzureNavClientCredential clientCredential) { + AzureClientCredential clientCredential) { this.webClient = WebClient .builder() diff --git a/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/AzureClientCredential.java b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/AzureClientCredential.java new file mode 100644 index 00000000000..ee581bc6c40 --- /dev/null +++ b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/AzureClientCredential.java @@ -0,0 +1,9 @@ +package no.nav.testnav.libs.securitycore.domain.azuread; + +public class AzureClientCredential extends ClientCredential { + + AzureClientCredential(String tokenEndpoint, String clientId, String clientSecret) { + super(tokenEndpoint, clientId, clientSecret); + } + +} \ No newline at end of file diff --git a/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/AzureNavClientCredential.java b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/AzureNavClientCredential.java index f7bbf72b012..01613b6bc6e 100644 --- a/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/AzureNavClientCredential.java +++ b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/AzureNavClientCredential.java @@ -1,16 +1,9 @@ package no.nav.testnav.libs.securitycore.domain.azuread; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.context.annotation.Configuration; - -@Configuration public class AzureNavClientCredential extends ClientCredential { - public AzureNavClientCredential( - @Value("${AZURE_APP_CLIENT_ID:#{null}}") String clientId, - @Value("${AZURE_APP_CLIENT_SECRET:#{null}}") String clientSecret - ) { - super(clientId, clientSecret); + AzureNavClientCredential(String tokenEndpoint, String clientId, String clientSecret) { + super(tokenEndpoint, clientId, clientSecret); } } diff --git a/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/AzureTrygdeetatenClientCredential.java b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/AzureTrygdeetatenClientCredential.java new file mode 100644 index 00000000000..0b454e37472 --- /dev/null +++ b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/AzureTrygdeetatenClientCredential.java @@ -0,0 +1,9 @@ +package no.nav.testnav.libs.securitycore.domain.azuread; + +public class AzureTrygdeetatenClientCredential extends ClientCredential { + + AzureTrygdeetatenClientCredential(String tokenEndpoint, String clientId, String clientSecret) { + super(tokenEndpoint, clientId, clientSecret); + } + +} diff --git a/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ClientCredential.java b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ClientCredential.java index c1d621f8bbc..774eddf9cdb 100644 --- a/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ClientCredential.java +++ b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ClientCredential.java @@ -1,17 +1,46 @@ package no.nav.testnav.libs.securitycore.domain.azuread; -import lombok.Data; +import lombok.EqualsAndHashCode; +import lombok.Getter; +import lombok.RequiredArgsConstructor; +import org.springframework.util.StringUtils; -@Data +import static lombok.AccessLevel.PACKAGE; + +@RequiredArgsConstructor(access = PACKAGE) +@Getter +@EqualsAndHashCode public class ClientCredential { + + private final String tokenEndpoint; private final String clientId; private final String clientSecret; @Override public final String toString() { - return "ClientCredential{" + - "clientId=[HIDDEN]" + - ", clientSecret=[HIDDEN]" + - '}'; + return "%s{tokenEndpoint=%s,clientId=[%s],clientSecret=[%s]}" + .formatted( + getClass().getSimpleName(), + tokenEndpoint, + maskClientId(clientId), + maskClientSecret(clientSecret) + ); + } + + private static String maskClientId(String clientId) { + if (!StringUtils.hasText(clientId) || clientId.length() <= 2) { + return clientId; + } + var firstChar = clientId.charAt(0); + var lastChar = clientId.charAt(clientId.length() - 1); + return firstChar + "*".repeat(clientId.length() - 2) + lastChar; } + + private static String maskClientSecret(String clientSecret) { + if (!StringUtils.hasText(clientSecret)) { + return clientSecret; // Return as is if null or empty + } + return "*".repeat(clientSecret.length()); + } + } diff --git a/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ClientCredentialAutoConfiguration.java b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ClientCredentialAutoConfiguration.java new file mode 100644 index 00000000000..581db32964e --- /dev/null +++ b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ClientCredentialAutoConfiguration.java @@ -0,0 +1,73 @@ +package no.nav.testnav.libs.securitycore.domain.azuread; + +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.autoconfigure.AutoConfiguration; +import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Primary; +import org.springframework.context.annotation.Profile; +import org.springframework.util.Assert; + +@AutoConfiguration +public class ClientCredentialAutoConfiguration { + + private static final String TEST_TOKEN_ENDPOINT = "test-token-endpoint"; + private static final String TEST_CLIENT_ID = "test-client-id"; + private static final String TEST_CLIENT_SECRET = "test-client-secret"; + + @Primary + @Bean + @Profile("test") + AzureClientCredential azureClientCredentialTest() { + return new AzureClientCredential(TEST_TOKEN_ENDPOINT, TEST_CLIENT_ID, TEST_CLIENT_SECRET); + } + + @Bean + @ConditionalOnDollyApplicationConfiguredForAzure + @ConditionalOnMissingBean(AzureClientCredential.class) + AzureClientCredential azureClientCredential( + @Value("${AAD_ISSUER_URI}") String azureTokenEndpoint, // TODO: Not currently used, AAD_ISSUER_URI is hardcoded elsewhere; should be refactored to use AZURE_OPENID_CONFIG_TOKEN_ENDPOINT instead. + @Value("${AZURE_APP_CLIENT_ID}") String azureClientId, + @Value("${AZURE_APP_CLIENT_SECRET}") String azureClientSecret + ) { + + return new AzureClientCredential(azureTokenEndpoint, azureClientId, azureClientSecret); + } + + @Primary + @Bean + @Profile("test") + AzureTrygdeetatenClientCredential azureTrygdeetatenClientCredentialTest() { + return new AzureTrygdeetatenClientCredential(TEST_TOKEN_ENDPOINT, TEST_CLIENT_ID, TEST_CLIENT_SECRET); + } + + @Bean + @ConditionalOnDollyApplicationConfiguredForTrygdeetaten + @ConditionalOnMissingBean(AzureTrygdeetatenClientCredential.class) + AzureTrygdeetatenClientCredential azureTrygdeetatenClientCredential( + @Value("${AZURE_TRYGDEETATEN_OPENID_CONFIG_TOKEN_ENDPOINT}") String azureTrygdeetatenTokenEndpoint, + @Value("${AZURE_TRYGDEETATEN_APP_CLIENT_ID}") String azureTrygdeetatenClientId, + @Value("${AZURE_TRYGDEETATEN_APP_CLIENT_SECRET}") String azureTrygdeetatenClientSecret + ) { + return new AzureTrygdeetatenClientCredential(azureTrygdeetatenTokenEndpoint, azureTrygdeetatenClientId, azureTrygdeetatenClientSecret); + } + + @Primary + @Bean + @Profile("test") + AzureNavClientCredential azureNavClientCredentialTest() { + return new AzureNavClientCredential(TEST_TOKEN_ENDPOINT, TEST_CLIENT_ID, TEST_CLIENT_SECRET); + } + + @Bean + @ConditionalOnDollyApplicationConfiguredForNav + @ConditionalOnMissingBean(AzureNavClientCredential.class) + AzureNavClientCredential azureNavClientCredential( + @Value("${AZURE_NAV_OPENID_CONFIG_TOKEN_ENDPOINT}") String azureNavTokenEndpoint, + @Value("${AZURE_NAV_APP_CLIENT_ID}") String azureNavClientId, + @Value("${AZURE_NAV_APP_CLIENT_SECRET}") String azureNavClientSecret + ) { + return new AzureNavClientCredential(azureNavTokenEndpoint, azureNavClientId, azureNavClientSecret); + } + +} diff --git a/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForAzure.java b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForAzure.java new file mode 100644 index 00000000000..31c111db587 --- /dev/null +++ b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForAzure.java @@ -0,0 +1,54 @@ +package no.nav.testnav.libs.securitycore.domain.azuread; + +import org.springframework.boot.autoconfigure.condition.ConditionOutcome; +import org.springframework.boot.autoconfigure.condition.SpringBootCondition; +import org.springframework.context.annotation.ConditionContext; +import org.springframework.context.annotation.Conditional; +import org.springframework.core.type.AnnotatedTypeMetadata; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; +import java.util.Arrays; +import java.util.List; + +import static org.springframework.util.StringUtils.hasText; + +/** + * Conditional that matches if the application is configured for Nav. + * Requires the following properties set: + *
    + *
  • AAD_ISSUER_URI
    • + *
  • AZURE_APP_CLIENT_ID
    • + *
  • AZURE_APP_CLIENT_SECRET
    • + *
+ */ +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.TYPE, ElementType.METHOD}) +@Conditional(OnDollyApplicationConfiguredForAzureCondition.class) +public @interface ConditionalOnDollyApplicationConfiguredForAzure { +} + +class OnDollyApplicationConfiguredForAzureCondition extends SpringBootCondition { + + private static final List REQUIRED = Arrays.asList( + "AAD_ISSUER_URI", + "AZURE_APP_CLIENT_ID", + "AZURE_APP_CLIENT_SECRET" + ); + + @Override + public ConditionOutcome getMatchOutcome(ConditionContext context, AnnotatedTypeMetadata metadata + ) { + var env = context.getEnvironment(); + var match = REQUIRED + .stream() + .allMatch(key -> hasText(env.getProperty(key))); + return new ConditionOutcome( + match, + match ? "Dolly configured for Azure" : "Dolly not configured for Azure - missing one or more required properties %s".formatted(REQUIRED) + ); + } + +} diff --git a/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForNav.java b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForNav.java new file mode 100644 index 00000000000..71648d785e5 --- /dev/null +++ b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForNav.java @@ -0,0 +1,54 @@ +package no.nav.testnav.libs.securitycore.domain.azuread; + +import org.springframework.boot.autoconfigure.condition.ConditionOutcome; +import org.springframework.boot.autoconfigure.condition.SpringBootCondition; +import org.springframework.context.annotation.ConditionContext; +import org.springframework.context.annotation.Conditional; +import org.springframework.core.type.AnnotatedTypeMetadata; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; +import java.util.Arrays; +import java.util.List; + +import static org.springframework.util.StringUtils.hasText; + + +/** + * Conditional that matches if the application is configured for Nav. + * Requires the following properties set: + *
    + *
  • AZURE_NAV_OPENID_CONFIG_TOKEN_ENDPOINT
    • + *
  • AZURE_NAV_APP_CLIENT_ID
    • + *
  • AZURE_NAV_APP_CLIENT_SECRET
    • + *
+ */ +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.TYPE, ElementType.METHOD}) +@Conditional(OnDollyApplicationConfiguredForNavCondition.class) +public @interface ConditionalOnDollyApplicationConfiguredForNav { +} + +class OnDollyApplicationConfiguredForNavCondition extends SpringBootCondition { + + private static final List REQUIRED = Arrays.asList( + "AZURE_NAV_OPENID_CONFIG_TOKEN_ENDPOINT", + "AZURE_NAV_APP_CLIENT_ID", + "AZURE_NAV_APP_CLIENT_SECRET" + ); + + @Override + public ConditionOutcome getMatchOutcome(ConditionContext context, AnnotatedTypeMetadata metadata + ) { + var env = context.getEnvironment(); + var match = REQUIRED + .stream() + .allMatch(key -> hasText(env.getProperty(key))); + return new ConditionOutcome( + match, + match ? "Dolly configured for Nav" : "Dolly not configured for Nav - missing one or more required properties %s".formatted(REQUIRED) + ); + } +} diff --git a/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForTrygdeetaten.java b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForTrygdeetaten.java new file mode 100644 index 00000000000..029fef88932 --- /dev/null +++ b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForTrygdeetaten.java @@ -0,0 +1,54 @@ +package no.nav.testnav.libs.securitycore.domain.azuread; + +import org.springframework.boot.autoconfigure.condition.ConditionOutcome; +import org.springframework.boot.autoconfigure.condition.SpringBootCondition; +import org.springframework.context.annotation.ConditionContext; +import org.springframework.context.annotation.Conditional; +import org.springframework.core.type.AnnotatedTypeMetadata; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; +import java.util.Arrays; +import java.util.List; + +import static org.springframework.util.StringUtils.hasText; + + +/** + * Conditional that matches if the application is configured for Trygdeetaten. + * Requires the following properties set: + *
    + *
  • AZURE_TRYGDEETATEN_OPENID_CONFIG_TOKEN_ENDPOINT
    • + *
  • AZURE_TRYGDEETATEN_APP_CLIENT_ID
    • + *
  • AZURE_TRYGDEETATEN_APP_CLIENT_SECRET
    • + *
+ */ +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.TYPE, ElementType.METHOD}) +@Conditional(OnDollyApplicationConfiguredForTrygdeetatenCondition.class) +public @interface ConditionalOnDollyApplicationConfiguredForTrygdeetaten { +} + +class OnDollyApplicationConfiguredForTrygdeetatenCondition extends SpringBootCondition { + + private static final List REQUIRED = Arrays.asList( + "AZURE_TRYGDEETATEN_OPENID_CONFIG_TOKEN_ENDPOINT", + "AZURE_TRYGDEETATEN_APP_CLIENT_ID", + "AZURE_TRYGDEETATEN_APP_CLIENT_SECRET" + ); + + @Override + public ConditionOutcome getMatchOutcome(ConditionContext context, AnnotatedTypeMetadata metadata + ) { + var env = context.getEnvironment(); + var match = REQUIRED + .stream() + .allMatch(key -> hasText(env.getProperty(key))); + return new ConditionOutcome( + match, + match ? "Dolly configured for Trygdeetaten" : "Dolly not configured for Trygdeetaten - missing one or more required properties %s".formatted(REQUIRED) + ); + } +} diff --git a/libs/security-core/src/main/resources/META-INF/additional-spring-configuration-metadata.json b/libs/security-core/src/main/resources/META-INF/additional-spring-configuration-metadata.json new file mode 100644 index 00000000000..bb1048cb6d6 --- /dev/null +++ b/libs/security-core/src/main/resources/META-INF/additional-spring-configuration-metadata.json @@ -0,0 +1,50 @@ +{ + "properties": [ + { + "name": "AZURE_APP_CLIENT_ID", + "type": "java.lang.String", + "description": "Satt av NAIS i pod. Se ClientCredentialConfig#azureNavClientCredential. Kan erstattes med ${sm://azure-app-client-id} for lokal kjøring." + }, + { + "name": "AZURE_APP_CLIENT_SECRET", + "type": "java.lang.String", + "description": "Satt av NAIS i pod. Se ClientCredentialConfig#azureNavClientCredential. Kan erstattes med ${sm://azure-app-client-secret} for lokal kjøring." + }, + { + "name": "AZURE_TRYGDEETATEN_OPENID_CONFIG_TOKEN_ENDPOINT", + "type": "java.lang.String", + "description": "Satt av NAIS i pod, fra en secret opprettet av en AzureAdApplication deployment (secretKeyPrefix: \"AZURE_TRYGDEETATEN\"). Hvis satt må også AZURE_TRYGDEETATEN_APP_CLIENT_ID og AZURE_TRYGDEETATEN_APP_CLIENT_SECRET være satt." + }, + { + "name": "AZURE_TRYGDEETATEN_APP_CLIENT_ID", + "type": "java.lang.String", + "description": "Satt av NAIS i pod, fra en secret opprettet av en AzureAdApplication deployment (secretKeyPrefix: \"AZURE_TRYGDEETATEN\")." + }, + { + "name": "AZURE_TRYGDEETATEN_APP_CLIENT_SECRET", + "type": "java.lang.String", + "description": "Satt av NAIS i pod, fra en secret opprettet av en AzureAdApplication deployment (secretKeyPrefix: \"AZURE_TRYGDEETATEN\")." + }, + { + "name": "AZURE_NAV_OPENID_CONFIG_TOKEN_ENDPOINT", + "type": "java.lang.String", + "description": "Satt av NAIS i pod, fra en secret opprettet av en AzureAdApplication deployment (secretKeyPrefix: \"AZURE_NAV\"). Hvis satt må også AZURE_NAV_APP_CLIENT_ID og AZURE_NAV_APP_CLIENT_SECRET være satt." + }, + { + "name": "AZURE_NAV_APP_CLIENT_ID", + "type": "java.lang.String", + "description": "Satt av NAIS i pod, fra en secret opprettet av en AzureAdApplication deployment (secretKeyPrefix: \"AZURE_NAV\")." + }, + { + "name": "AZURE_NAV_APP_CLIENT_SECRET", + "type": "java.lang.String", + "description": "Satt av NAIS i pod, fra en secret opprettet av en AzureAdApplication deployment (secretKeyPrefix: \"AZURE_NAV\")." + }, + { + "name": "TOKEN_X_ISSUER", + "type": "java.net.URL", + "description": "Satt av NAIS i pod hvis NAIS-manifestet har spec.tokenx.enabled: true.", + "defaultValue": "https://tokenx.dev-gcp.nav.cloud.nais.io" + } + ] +} \ No newline at end of file diff --git a/libs/security-core/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/libs/security-core/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports new file mode 100644 index 00000000000..c752f84a7da --- /dev/null +++ b/libs/security-core/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports @@ -0,0 +1 @@ +no.nav.testnav.libs.securitycore.domain.azuread.ClientCredentialAutoConfiguration \ No newline at end of file diff --git a/libs/servlet-insecure-security/src/main/java/no/nav/testnav/libs/standalone/servletsecurity/config/InsecureJwtServerToServerConfiguration.java b/libs/servlet-insecure-security/src/main/java/no/nav/testnav/libs/standalone/servletsecurity/config/InsecureJwtServerToServerConfiguration.java index bd9d9a9d193..7f12945ced7 100644 --- a/libs/servlet-insecure-security/src/main/java/no/nav/testnav/libs/standalone/servletsecurity/config/InsecureJwtServerToServerConfiguration.java +++ b/libs/servlet-insecure-security/src/main/java/no/nav/testnav/libs/standalone/servletsecurity/config/InsecureJwtServerToServerConfiguration.java @@ -1,6 +1,5 @@ package no.nav.testnav.libs.standalone.servletsecurity.config; -import no.nav.testnav.libs.securitycore.domain.azuread.AzureNavClientCredential; import no.nav.testnav.libs.standalone.servletsecurity.decoder.MultipleIssuersJwtDecoder; import no.nav.testnav.libs.standalone.servletsecurity.exchange.AzureAdTokenService; import no.nav.testnav.libs.standalone.servletsecurity.exchange.TokenExchange; @@ -20,8 +19,7 @@ TokenXResourceServerProperties.class, AzureAdResourceServerProperties.class, TokenExchange.class, - AzureAdTokenService.class, - AzureNavClientCredential.class + AzureAdTokenService.class }) public class InsecureJwtServerToServerConfiguration { diff --git a/libs/servlet-insecure-security/src/main/java/no/nav/testnav/libs/standalone/servletsecurity/exchange/AzureAdTokenService.java b/libs/servlet-insecure-security/src/main/java/no/nav/testnav/libs/standalone/servletsecurity/exchange/AzureAdTokenService.java index 00696ba6667..ed6e1851df4 100644 --- a/libs/servlet-insecure-security/src/main/java/no/nav/testnav/libs/standalone/servletsecurity/exchange/AzureAdTokenService.java +++ b/libs/servlet-insecure-security/src/main/java/no/nav/testnav/libs/standalone/servletsecurity/exchange/AzureAdTokenService.java @@ -4,7 +4,7 @@ import no.nav.testnav.libs.securitycore.command.azuread.ClientCredentialExchangeCommand; import no.nav.testnav.libs.securitycore.domain.AccessToken; import no.nav.testnav.libs.securitycore.domain.ServerProperties; -import no.nav.testnav.libs.securitycore.domain.azuread.AzureNavClientCredential; +import no.nav.testnav.libs.securitycore.domain.azuread.AzureClientCredential; import no.nav.testnav.libs.securitycore.domain.azuread.ClientCredential; import org.springframework.beans.factory.annotation.Value; import org.springframework.http.HttpHeaders; @@ -28,7 +28,7 @@ public class AzureAdTokenService implements ExchangeToken { public AzureAdTokenService( @Value("${http.proxy:#{null}}") String proxyHost, @Value("${AAD_ISSUER_URI}") String issuerUrl, - AzureNavClientCredential clientCredential + AzureClientCredential clientCredential ) { log.info("Init AzureAd token exchange."); WebClient.Builder builder = WebClient diff --git a/libs/servlet-security/src/main/java/no/nav/testnav/libs/servletsecurity/config/SecureOAuth2ServerToServerConfiguration.java b/libs/servlet-security/src/main/java/no/nav/testnav/libs/servletsecurity/config/SecureOAuth2ServerToServerConfiguration.java index 68477de2205..ffb286d1cfb 100644 --- a/libs/servlet-security/src/main/java/no/nav/testnav/libs/servletsecurity/config/SecureOAuth2ServerToServerConfiguration.java +++ b/libs/servlet-security/src/main/java/no/nav/testnav/libs/servletsecurity/config/SecureOAuth2ServerToServerConfiguration.java @@ -1,6 +1,5 @@ package no.nav.testnav.libs.servletsecurity.config; -import no.nav.testnav.libs.securitycore.domain.azuread.AzureNavClientCredential; import no.nav.testnav.libs.securitycore.domain.tokenx.TokenXProperties; import no.nav.testnav.libs.servletsecurity.action.GetAuthenticatedId; import no.nav.testnav.libs.servletsecurity.action.GetAuthenticatedResourceServerType; @@ -24,7 +23,6 @@ @Configuration @Import({ - AzureNavClientCredential.class, TokenXResourceServerProperties.class, AzureAdResourceServerProperties.class, TokenXService.class, diff --git a/libs/servlet-security/src/main/java/no/nav/testnav/libs/servletsecurity/exchange/AzureAdTokenService.java b/libs/servlet-security/src/main/java/no/nav/testnav/libs/servletsecurity/exchange/AzureAdTokenService.java index f6323dcb5fc..27b304895b0 100644 --- a/libs/servlet-security/src/main/java/no/nav/testnav/libs/servletsecurity/exchange/AzureAdTokenService.java +++ b/libs/servlet-security/src/main/java/no/nav/testnav/libs/servletsecurity/exchange/AzureAdTokenService.java @@ -7,7 +7,7 @@ import no.nav.testnav.libs.securitycore.domain.ResourceServerType; import no.nav.testnav.libs.securitycore.domain.ServerProperties; import no.nav.testnav.libs.securitycore.domain.Token; -import no.nav.testnav.libs.securitycore.domain.azuread.AzureNavClientCredential; +import no.nav.testnav.libs.securitycore.domain.azuread.AzureClientCredential; import no.nav.testnav.libs.securitycore.domain.azuread.ClientCredential; import no.nav.testnav.libs.servletsecurity.action.GetAuthenticatedToken; import org.springframework.beans.factory.annotation.Value; @@ -34,7 +34,7 @@ public class AzureAdTokenService implements TokenService { public AzureAdTokenService( @Value("${http.proxy:#{null}}") String proxyHost, @Value("${AAD_ISSUER_URI}") String issuerUrl, - AzureNavClientCredential clientCredential, + AzureClientCredential clientCredential, GetAuthenticatedToken getAuthenticatedToken ) { log.info("Init AzureAd token exchange."); diff --git a/proxies/aareg-proxy/src/main/java/no/nav/testnav/proxies/aareg/RouteLocatorConfig.java b/proxies/aareg-proxy/src/main/java/no/nav/testnav/proxies/aareg/RouteLocatorConfig.java index ecf4395c3a7..fc35f5c2b8d 100644 --- a/proxies/aareg-proxy/src/main/java/no/nav/testnav/proxies/aareg/RouteLocatorConfig.java +++ b/proxies/aareg-proxy/src/main/java/no/nav/testnav/proxies/aareg/RouteLocatorConfig.java @@ -3,7 +3,7 @@ import no.nav.testnav.libs.reactiveproxy.config.SecurityConfig; import no.nav.testnav.libs.reactiveproxy.filter.AddAuthenticationRequestGatewayFilterFactory; import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration; -import no.nav.testnav.libs.reactivesecurity.exchange.azuread.TrygdeetatenAzureAdTokenService; +import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureTrygdeetatenTokenService; import no.nav.testnav.libs.securitycore.domain.AccessToken; import no.nav.testnav.libs.securitycore.domain.ServerProperties; import org.springframework.cloud.gateway.filter.GatewayFilter; @@ -32,7 +32,7 @@ public class RouteLocatorConfig { @Bean public RouteLocator customRouteLocator( RouteLocatorBuilder builder, - TrygdeetatenAzureAdTokenService tokenService, + AzureTrygdeetatenTokenService tokenService, Consumers consumers) { var routes = builder.routes(); @@ -50,7 +50,7 @@ public RouteLocator customRouteLocator( return routes.build(); } - private GatewayFilter getAuthenticationFilter(TrygdeetatenAzureAdTokenService tokenService, ServerProperties serverProperties) { + private GatewayFilter getAuthenticationFilter(AzureTrygdeetatenTokenService tokenService, ServerProperties serverProperties) { return AddAuthenticationRequestGatewayFilterFactory .bearerAuthenticationHeaderFilter(() -> tokenService .exchange(serverProperties) diff --git a/proxies/aareg-synt-services-proxy/src/main/resources/application.yml b/proxies/aareg-synt-services-proxy/src/main/resources/application.yml index 42e48fd6556..daa83573144 100644 --- a/proxies/aareg-synt-services-proxy/src/main/resources/application.yml +++ b/proxies/aareg-synt-services-proxy/src/main/resources/application.yml @@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535 spring: application: name: aareg-synt-services-proxy - desciption: Proxy for aareg-synt-services som legger på sikkerhet. + description: Proxy for aareg-synt-services som legger på sikkerhet. security: oauth2: resourceserver: diff --git a/proxies/altinn3-tilgang-proxy/src/main/resources/application.yml b/proxies/altinn3-tilgang-proxy/src/main/resources/application.yml index 85818a36464..b15c0a9538d 100644 --- a/proxies/altinn3-tilgang-proxy/src/main/resources/application.yml +++ b/proxies/altinn3-tilgang-proxy/src/main/resources/application.yml @@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535 spring: application: name: testnav-altinn3-tilgang-proxy - desciption: Proxy for altinn3-tilgang som legger på Entra ID token sikkerhet + description: Proxy for altinn3-tilgang som legger på Entra ID token sikkerhet security: oauth2: resourceserver: diff --git a/proxies/arbeidsplassencv-proxy/src/main/resources/application.yml b/proxies/arbeidsplassencv-proxy/src/main/resources/application.yml index b639cc1088c..8502bac6bce 100644 --- a/proxies/arbeidsplassencv-proxy/src/main/resources/application.yml +++ b/proxies/arbeidsplassencv-proxy/src/main/resources/application.yml @@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535 spring: application: name: testnav-arbeidsplassencv-proxy - desciption: Proxy for arbeidsplassencv, henter fra fakedings og signerer med tokenx + description: Proxy for arbeidsplassencv, henter fra fakedings og signerer med tokenx security: oauth2: resourceserver: diff --git a/proxies/arena-forvalteren-proxy/src/main/resources/application.yml b/proxies/arena-forvalteren-proxy/src/main/resources/application.yml index 794459932cf..9e9ba088180 100644 --- a/proxies/arena-forvalteren-proxy/src/main/resources/application.yml +++ b/proxies/arena-forvalteren-proxy/src/main/resources/application.yml @@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535 spring: application: name: testnav-arena-forvalteren-proxy - desciption: Proxy for arena-forvalteren som legger på sikkerhet. + description: Proxy for arena-forvalteren som legger på sikkerhet. security: oauth2: resourceserver: diff --git a/proxies/batch-adeo-proxy/src/main/resources/application.yml b/proxies/batch-adeo-proxy/src/main/resources/application.yml index b3508b30109..0a0c0e11f2d 100644 --- a/proxies/batch-adeo-proxy/src/main/resources/application.yml +++ b/proxies/batch-adeo-proxy/src/main/resources/application.yml @@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535 spring: application: name: testnorge-batch-adeo-proxy - desciption: Proxy for batch.adeo.no som legger på sikkerhet. + description: Proxy for batch.adeo.no som legger på sikkerhet. security: oauth2: resourceserver: diff --git a/proxies/brregstub-proxy/src/main/resources/application.yml b/proxies/brregstub-proxy/src/main/resources/application.yml index c12d28aac67..95d8e31193b 100644 --- a/proxies/brregstub-proxy/src/main/resources/application.yml +++ b/proxies/brregstub-proxy/src/main/resources/application.yml @@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535 spring: application: name: testnav-brregstub-proxy - desciption: Proxy for brregstub som legger på sikkerhet. + description: Proxy for brregstub som legger på sikkerhet. security: oauth2: resourceserver: diff --git a/proxies/dokarkiv-proxy/src/main/java/no/nav/testnav/proxies/dokarkivproxy/DokarkivProxyApplicationStarter.java b/proxies/dokarkiv-proxy/src/main/java/no/nav/testnav/proxies/dokarkivproxy/DokarkivProxyApplicationStarter.java index bd4c514d485..437bce84a91 100644 --- a/proxies/dokarkiv-proxy/src/main/java/no/nav/testnav/proxies/dokarkivproxy/DokarkivProxyApplicationStarter.java +++ b/proxies/dokarkiv-proxy/src/main/java/no/nav/testnav/proxies/dokarkivproxy/DokarkivProxyApplicationStarter.java @@ -4,7 +4,7 @@ import no.nav.testnav.libs.reactiveproxy.config.SecurityConfig; import no.nav.testnav.libs.reactiveproxy.filter.AddAuthenticationRequestGatewayFilterFactory; import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration; -import no.nav.testnav.libs.reactivesecurity.exchange.azuread.TrygdeetatenAzureAdTokenService; +import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureTrygdeetatenTokenService; import no.nav.testnav.libs.securitycore.domain.AccessToken; import no.nav.testnav.libs.securitycore.domain.ServerProperties; import no.nav.testnav.proxies.dokarkivproxy.config.Consumers; @@ -35,7 +35,7 @@ public class DokarkivProxyApplicationStarter { @Bean public RouteLocator customRouteLocator( RouteLocatorBuilder builder, - TrygdeetatenAzureAdTokenService tokenService, + AzureTrygdeetatenTokenService tokenService, Consumers consumers) { var routes = builder.routes(); Arrays diff --git a/proxies/dokarkiv-proxy/src/main/resources/application.yml b/proxies/dokarkiv-proxy/src/main/resources/application.yml index 70d12c4d61d..54adda5c8c0 100644 --- a/proxies/dokarkiv-proxy/src/main/resources/application.yml +++ b/proxies/dokarkiv-proxy/src/main/resources/application.yml @@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535 spring: application: name: testnav-dokarkiv-proxy - desciption: Proxy for dokarkiv som legger på sikkerhet og redirecter til riktig miljø.. + description: Proxy for dokarkiv som legger på sikkerhet og redirecter til riktig miljø.. security: oauth2: resourceserver: diff --git a/proxies/ereg-proxy/src/main/resources/application.yml b/proxies/ereg-proxy/src/main/resources/application.yml index 060d27ef767..ef711ef083a 100644 --- a/proxies/ereg-proxy/src/main/resources/application.yml +++ b/proxies/ereg-proxy/src/main/resources/application.yml @@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535 spring: application: name: testnav-ereg-proxy - desciption: Proxy for ereg som legger på sikkerhet og redirecter til riktig miljø. + description: Proxy for ereg som legger på sikkerhet og redirecter til riktig miljø. security: oauth2: resourceserver: diff --git a/proxies/inntektstub-proxy/src/main/resources/application.yml b/proxies/inntektstub-proxy/src/main/resources/application.yml index b7851322180..95e755ce129 100644 --- a/proxies/inntektstub-proxy/src/main/resources/application.yml +++ b/proxies/inntektstub-proxy/src/main/resources/application.yml @@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535 spring: application: name: testnav-inntektstub-proxy - desciption: Proxy for inntektstub som legger på sikkerhet. + description: Proxy for inntektstub som legger på sikkerhet. security: oauth2: resourceserver: diff --git a/proxies/inst-proxy/src/main/java/no/nav/testnav/proxies/instproxy/InstProxyApplicationStarter.java b/proxies/inst-proxy/src/main/java/no/nav/testnav/proxies/instproxy/InstProxyApplicationStarter.java index a41d02d6804..b20a8cf4b84 100644 --- a/proxies/inst-proxy/src/main/java/no/nav/testnav/proxies/instproxy/InstProxyApplicationStarter.java +++ b/proxies/inst-proxy/src/main/java/no/nav/testnav/proxies/instproxy/InstProxyApplicationStarter.java @@ -4,7 +4,7 @@ import no.nav.testnav.libs.reactiveproxy.config.SecurityConfig; import no.nav.testnav.libs.reactiveproxy.filter.AddAuthenticationRequestGatewayFilterFactory; import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration; -import no.nav.testnav.libs.reactivesecurity.exchange.azuread.TrygdeetatenAzureAdTokenService; +import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureTrygdeetatenTokenService; import no.nav.testnav.libs.securitycore.domain.AccessToken; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; @@ -28,7 +28,7 @@ public static void main(String[] args) { @Bean public RouteLocator customRouteLocator( RouteLocatorBuilder builder, - TrygdeetatenAzureAdTokenService tokenService, + AzureTrygdeetatenTokenService tokenService, Consumers consumers ) { var addAuthenticationHeaderDevFilter = AddAuthenticationRequestGatewayFilterFactory diff --git a/proxies/kontoregister-person-proxy/src/main/java/no/nav/testnav/proxies/kontoregisterperson/KontoregisterProxyApplicationStarter.java b/proxies/kontoregister-person-proxy/src/main/java/no/nav/testnav/proxies/kontoregisterperson/KontoregisterProxyApplicationStarter.java index db2525486aa..15761c53e32 100644 --- a/proxies/kontoregister-person-proxy/src/main/java/no/nav/testnav/proxies/kontoregisterperson/KontoregisterProxyApplicationStarter.java +++ b/proxies/kontoregister-person-proxy/src/main/java/no/nav/testnav/proxies/kontoregisterperson/KontoregisterProxyApplicationStarter.java @@ -4,7 +4,7 @@ import no.nav.testnav.libs.reactiveproxy.config.SecurityConfig; import no.nav.testnav.libs.reactiveproxy.filter.AddAuthenticationRequestGatewayFilterFactory; import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration; -import no.nav.testnav.libs.reactivesecurity.exchange.azuread.TrygdeetatenAzureAdTokenService; +import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureTrygdeetatenTokenService; import no.nav.testnav.libs.securitycore.domain.AccessToken; import no.nav.testnav.proxies.kontoregisterperson.config.Consumers; import org.springframework.boot.SpringApplication; @@ -29,7 +29,7 @@ public static void main(String[] args) { @Bean public RouteLocator customRouteLocator( RouteLocatorBuilder builder, - TrygdeetatenAzureAdTokenService tokenService, + AzureTrygdeetatenTokenService tokenService, Consumers consumers ) { var addAuthenticationHeaderDevFilter = AddAuthenticationRequestGatewayFilterFactory diff --git a/proxies/kontoregister-person-proxy/src/main/resources/application.yml b/proxies/kontoregister-person-proxy/src/main/resources/application.yml index 6c00b3b7101..1a9a7c4764f 100644 --- a/proxies/kontoregister-person-proxy/src/main/resources/application.yml +++ b/proxies/kontoregister-person-proxy/src/main/resources/application.yml @@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535 spring: application: name: testnav-kontoregister-person-proxy - desciption: Proxy for sokos-kontoregister-person som legger på sikkerhet. + description: Proxy for sokos-kontoregister-person som legger på sikkerhet. security: oauth2: resourceserver: diff --git a/proxies/krrstub-proxy/src/main/java/no/nav/testnav/proxies/krrstubproxy/KrrstubProxyApplicationStarter.java b/proxies/krrstub-proxy/src/main/java/no/nav/testnav/proxies/krrstubproxy/KrrstubProxyApplicationStarter.java index 84463fa8cdc..903712a2488 100644 --- a/proxies/krrstub-proxy/src/main/java/no/nav/testnav/proxies/krrstubproxy/KrrstubProxyApplicationStarter.java +++ b/proxies/krrstub-proxy/src/main/java/no/nav/testnav/proxies/krrstubproxy/KrrstubProxyApplicationStarter.java @@ -4,7 +4,7 @@ import no.nav.testnav.libs.reactiveproxy.config.SecurityConfig; import no.nav.testnav.libs.reactiveproxy.filter.AddAuthenticationRequestGatewayFilterFactory; import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration; -import no.nav.testnav.libs.reactivesecurity.exchange.azuread.TrygdeetatenAzureAdTokenService; +import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureTrygdeetatenTokenService; import no.nav.testnav.libs.securitycore.domain.AccessToken; import no.nav.testnav.proxies.krrstubproxy.config.Consumers; import org.springframework.boot.SpringApplication; @@ -29,7 +29,7 @@ public static void main(String[] args) { @Bean public RouteLocator customRouteLocator( RouteLocatorBuilder builder, - TrygdeetatenAzureAdTokenService tokenService, + AzureTrygdeetatenTokenService tokenService, Consumers consumers ) { var addAuthenticationHeaderDevFilter = AddAuthenticationRequestGatewayFilterFactory diff --git a/proxies/krrstub-proxy/src/main/resources/application.yml b/proxies/krrstub-proxy/src/main/resources/application.yml index f3100af5d9e..0316918759f 100644 --- a/proxies/krrstub-proxy/src/main/resources/application.yml +++ b/proxies/krrstub-proxy/src/main/resources/application.yml @@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535 spring: application: name: testnav-krrstub-proxy - desciption: Proxy for krr-stub som legger på sikkerhet. + description: Proxy for krr-stub som legger på sikkerhet. security: oauth2: resourceserver: diff --git a/proxies/medl-proxy/src/main/java/no/nav/testnav/proxies/medlproxy/MedlProxyApplicationStarter.java b/proxies/medl-proxy/src/main/java/no/nav/testnav/proxies/medlproxy/MedlProxyApplicationStarter.java index 52146c6cf38..fe56c5c9d10 100644 --- a/proxies/medl-proxy/src/main/java/no/nav/testnav/proxies/medlproxy/MedlProxyApplicationStarter.java +++ b/proxies/medl-proxy/src/main/java/no/nav/testnav/proxies/medlproxy/MedlProxyApplicationStarter.java @@ -4,7 +4,7 @@ import no.nav.testnav.libs.reactiveproxy.config.SecurityConfig; import no.nav.testnav.libs.reactiveproxy.filter.AddAuthenticationRequestGatewayFilterFactory; import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration; -import no.nav.testnav.libs.reactivesecurity.exchange.azuread.TrygdeetatenAzureAdTokenService; +import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureTrygdeetatenTokenService; import no.nav.testnav.libs.securitycore.domain.AccessToken; import no.nav.testnav.proxies.medlproxy.config.Consumers; import org.springframework.boot.SpringApplication; @@ -29,7 +29,7 @@ public static void main(String[] args) { @Bean public RouteLocator customRouteLocator( RouteLocatorBuilder builder, - TrygdeetatenAzureAdTokenService tokenService, + AzureTrygdeetatenTokenService tokenService, Consumers consumers ) { var addAuthenticationHeaderDevFilter = AddAuthenticationRequestGatewayFilterFactory diff --git a/proxies/medl-proxy/src/main/resources/application.yml b/proxies/medl-proxy/src/main/resources/application.yml index d4b194e21fa..733b6839ef3 100644 --- a/proxies/medl-proxy/src/main/resources/application.yml +++ b/proxies/medl-proxy/src/main/resources/application.yml @@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535 spring: application: name: testnav-medl-proxy - desciption: Proxy for medl-stub som legger på sikkerhet. + description: Proxy for medl-stub som legger på sikkerhet. security: oauth2: resourceserver: diff --git a/proxies/norg2-proxy/src/main/resources/application.yml b/proxies/norg2-proxy/src/main/resources/application.yml index 7d580bc2045..bc9ce452a8f 100644 --- a/proxies/norg2-proxy/src/main/resources/application.yml +++ b/proxies/norg2-proxy/src/main/resources/application.yml @@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535 spring: application: name: testnav-norg2-proxy - desciption: Proxy for Norg2 som legger på sikkerhet. + description: Proxy for Norg2 som legger på sikkerhet. security: oauth2: resourceserver: diff --git a/proxies/pdl-proxy/src/main/java/no/nav/testnav/proxies/pdlproxy/PdlProxyApplicationStarter.java b/proxies/pdl-proxy/src/main/java/no/nav/testnav/proxies/pdlproxy/PdlProxyApplicationStarter.java index 28d743293c1..b43200356c5 100644 --- a/proxies/pdl-proxy/src/main/java/no/nav/testnav/proxies/pdlproxy/PdlProxyApplicationStarter.java +++ b/proxies/pdl-proxy/src/main/java/no/nav/testnav/proxies/pdlproxy/PdlProxyApplicationStarter.java @@ -4,7 +4,7 @@ import no.nav.testnav.libs.reactiveproxy.config.SecurityConfig; import no.nav.testnav.libs.reactiveproxy.filter.AddAuthenticationRequestGatewayFilterFactory; import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration; -import no.nav.testnav.libs.reactivesecurity.exchange.azuread.TrygdeetatenAzureAdTokenService; +import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureTrygdeetatenTokenService; import no.nav.testnav.libs.securitycore.domain.AccessToken; import no.nav.testnav.libs.securitycore.domain.ServerProperties; import no.nav.testnav.proxies.pdlproxy.config.Consumers; @@ -36,7 +36,7 @@ public static void main(String[] args) { @Bean public RouteLocator customRouteLocator(RouteLocatorBuilder builder, CredentialsHolder credentialsHolder, - TrygdeetatenAzureAdTokenService tokenService, + AzureTrygdeetatenTokenService tokenService, Consumers consumers) { var addHendelselagerApiKeyAuthenticationHeader = AddAuthenticationRequestGatewayFilterFactory .apiKeyAuthenticationHeaderFilter(credentialsHolder.hendelselagerApiKey()); @@ -62,7 +62,7 @@ private Function> createRoute(String segment, St ).uri(host); } - private Function> createRoute(ServerProperties serverProperties, TrygdeetatenAzureAdTokenService tokenService) { + private Function> createRoute(ServerProperties serverProperties, AzureTrygdeetatenTokenService tokenService) { var segment = serverProperties.getName(); var host = serverProperties.getUrl(); var filter = AddAuthenticationRequestGatewayFilterFactory diff --git a/proxies/pdl-proxy/src/main/resources/application-local.yml b/proxies/pdl-proxy/src/main/resources/application-local.yml index ddc652232c4..97c5228e923 100644 --- a/proxies/pdl-proxy/src/main/resources/application-local.yml +++ b/proxies/pdl-proxy/src/main/resources/application-local.yml @@ -1,5 +1,8 @@ AZURE_APP_CLIENT_ID: ${sm://azure-app-client-id} AZURE_APP_CLIENT_SECRET: ${sm://azure-app-client-secret} +AZURE_TRYGDEETATEN_APP_CLIENT_ID: placeholder +AZURE_TRYGDEETATEN_APP_CLIENT_SECRET: placeholder +AZURE_TRYGDEETATEN_OPENID_CONFIG_TOKEN_ENDPOINT: http://localhost/placeholder TOKEN_X_ISSUER: dummy spring: diff --git a/proxies/pdl-proxy/src/main/resources/application.yml b/proxies/pdl-proxy/src/main/resources/application.yml index 0a8d4157349..853643daed8 100644 --- a/proxies/pdl-proxy/src/main/resources/application.yml +++ b/proxies/pdl-proxy/src/main/resources/application.yml @@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535 spring: application: name: testnav-pdl-proxy - desciption: Proxy for pdl som legger på AzureAd sikkerhet og lager en sts token.. + description: Proxy for pdl som legger på AzureAd sikkerhet og lager en sts token.. security: oauth2: resourceserver: diff --git a/proxies/pdl-proxy/src/test/resources/application-test.yml b/proxies/pdl-proxy/src/test/resources/application-test.yml index d77faa43b11..8c7464c31b9 100644 --- a/proxies/pdl-proxy/src/test/resources/application-test.yml +++ b/proxies/pdl-proxy/src/test/resources/application-test.yml @@ -1,14 +1,8 @@ -TOKEN_X_ISSUER: dummy - -sts: - token: - provider: - username: dummy - password: dummy +TOKEN_X_ISSUER: placeholder app: elastic: - username: dummy - password: dummy - hendelse.lager.api.key: dummy - person.aktor.api.key: dummy \ No newline at end of file + username: placeholder + password: placeholder + hendelse.lager.api.key: placeholder + person.aktor.api.key: placeholder \ No newline at end of file diff --git a/proxies/pensjon-testdata-facade-proxy/src/main/java/no/nav/testnav/proxies/pensjontestdatafacadeproxy/PensjonTestdataFacadeProxyApplicationStarter.java b/proxies/pensjon-testdata-facade-proxy/src/main/java/no/nav/testnav/proxies/pensjontestdatafacadeproxy/PensjonTestdataFacadeProxyApplicationStarter.java index 5fbc526b869..229d0192ee8 100644 --- a/proxies/pensjon-testdata-facade-proxy/src/main/java/no/nav/testnav/proxies/pensjontestdatafacadeproxy/PensjonTestdataFacadeProxyApplicationStarter.java +++ b/proxies/pensjon-testdata-facade-proxy/src/main/java/no/nav/testnav/proxies/pensjontestdatafacadeproxy/PensjonTestdataFacadeProxyApplicationStarter.java @@ -4,7 +4,7 @@ import no.nav.testnav.libs.reactiveproxy.config.SecurityConfig; import no.nav.testnav.libs.reactiveproxy.filter.AddAuthenticationRequestGatewayFilterFactory; import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration; -import no.nav.testnav.libs.reactivesecurity.exchange.azuread.TrygdeetatenAzureAdTokenService; +import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureTrygdeetatenTokenService; import no.nav.testnav.libs.securitycore.domain.AccessToken; import no.nav.testnav.libs.securitycore.domain.ServerProperties; import no.nav.testnav.proxies.pensjontestdatafacadeproxy.config.Consumers; @@ -31,7 +31,7 @@ public class PensjonTestdataFacadeProxyApplicationStarter { @Bean public RouteLocator customRouteLocator(RouteLocatorBuilder builder, - TrygdeetatenAzureAdTokenService tokenService, + AzureTrygdeetatenTokenService tokenService, Consumers consumers) { var routes = builder.routes(); Arrays @@ -67,7 +67,7 @@ public RouteLocator customRouteLocator(RouteLocatorBuilder builder, return routes.build(); } - private GatewayFilter getAuthenticationFilter(TrygdeetatenAzureAdTokenService tokenService, + private GatewayFilter getAuthenticationFilter(AzureTrygdeetatenTokenService tokenService, ServerProperties serverProperties) { return AddAuthenticationRequestGatewayFilterFactory .bearerAuthenticationHeaderFilter( diff --git a/proxies/pensjon-testdata-facade-proxy/src/main/resources/application.yml b/proxies/pensjon-testdata-facade-proxy/src/main/resources/application.yml index c614ed41395..3d4b23beb61 100644 --- a/proxies/pensjon-testdata-facade-proxy/src/main/resources/application.yml +++ b/proxies/pensjon-testdata-facade-proxy/src/main/resources/application.yml @@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535 spring: application: name: pensjon-testdata-facade-proxy - desciption: Proxy for pensjon-testdata-facade som legger på sikkerhet. + description: Proxy for pensjon-testdata-facade som legger på sikkerhet. security: oauth2: resourceserver: diff --git a/proxies/saf-proxy/src/main/java/no/nav/testnav/proxies/safproxy/SafProxyApplicationStarter.java b/proxies/saf-proxy/src/main/java/no/nav/testnav/proxies/safproxy/SafProxyApplicationStarter.java index e76df06ada6..53523c3045b 100644 --- a/proxies/saf-proxy/src/main/java/no/nav/testnav/proxies/safproxy/SafProxyApplicationStarter.java +++ b/proxies/saf-proxy/src/main/java/no/nav/testnav/proxies/safproxy/SafProxyApplicationStarter.java @@ -3,7 +3,7 @@ import no.nav.testnav.libs.reactivecore.config.CoreConfig; import no.nav.testnav.libs.reactiveproxy.config.SecurityConfig; import no.nav.testnav.libs.reactiveproxy.filter.AddAuthenticationRequestGatewayFilterFactory; -import no.nav.testnav.libs.reactivesecurity.exchange.azuread.TrygdeetatenAzureAdTokenService; +import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureTrygdeetatenTokenService; import no.nav.testnav.libs.securitycore.domain.AccessToken; import no.nav.testnav.libs.securitycore.domain.ServerProperties; import org.springframework.boot.SpringApplication; @@ -32,7 +32,7 @@ public class SafProxyApplicationStarter { @Bean public RouteLocator customRouteLocator( RouteLocatorBuilder builder, - TrygdeetatenAzureAdTokenService tokenService, + AzureTrygdeetatenTokenService tokenService, Consumers consumers ) { var routes = builder.routes(); diff --git a/proxies/saf-proxy/src/main/resources/application.yml b/proxies/saf-proxy/src/main/resources/application.yml index 0efb4d0b49b..acd7c3e6046 100644 --- a/proxies/saf-proxy/src/main/resources/application.yml +++ b/proxies/saf-proxy/src/main/resources/application.yml @@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535 spring: application: name: testnav-saf-proxy - desciption: Proxy for dokarkiv som legger på sikkerhet og redirecter til riktig miljø. + description: Proxy for dokarkiv som legger på sikkerhet og redirecter til riktig miljø. security: oauth2: resourceserver: diff --git a/proxies/sigrunstub-proxy/src/main/resources/application.yml b/proxies/sigrunstub-proxy/src/main/resources/application.yml index 4e14eb4e948..27bfb2e6c35 100644 --- a/proxies/sigrunstub-proxy/src/main/resources/application.yml +++ b/proxies/sigrunstub-proxy/src/main/resources/application.yml @@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535 spring: application: name: testnav-sigrunstub-proxy - desciption: Proxy for sigrunstub som legger på sikkerhet. + description: Proxy for sigrunstub som legger på sikkerhet. security: oauth2: resourceserver: diff --git a/proxies/skjermingsregister-proxy/src/main/java/no/nav/testnav/proxies/skjermingsregisterproxy/RouteLocatorConfig.java b/proxies/skjermingsregister-proxy/src/main/java/no/nav/testnav/proxies/skjermingsregisterproxy/RouteLocatorConfig.java index 8841a328d7c..168a865ef67 100644 --- a/proxies/skjermingsregister-proxy/src/main/java/no/nav/testnav/proxies/skjermingsregisterproxy/RouteLocatorConfig.java +++ b/proxies/skjermingsregister-proxy/src/main/java/no/nav/testnav/proxies/skjermingsregisterproxy/RouteLocatorConfig.java @@ -3,7 +3,7 @@ import no.nav.testnav.libs.reactiveproxy.config.SecurityConfig; import no.nav.testnav.libs.reactiveproxy.filter.AddAuthenticationRequestGatewayFilterFactory; import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration; -import no.nav.testnav.libs.reactivesecurity.exchange.azuread.TrygdeetatenAzureAdTokenService; +import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureTrygdeetatenTokenService; import no.nav.testnav.libs.securitycore.domain.AccessToken; import org.springframework.cloud.gateway.filter.GatewayFilter; import org.springframework.cloud.gateway.route.RouteLocator; @@ -36,7 +36,7 @@ public RouteLocator customRouteLocator( @Bean GatewayFilter getAuthenticationFilter( - TrygdeetatenAzureAdTokenService tokenService, + AzureTrygdeetatenTokenService tokenService, Consumers consumers ) { return AddAuthenticationRequestGatewayFilterFactory diff --git a/proxies/sykemelding-proxy/src/main/java/no/nav/testnav/proxies/sykemeldingproxy/RouteLocatorConfig.java b/proxies/sykemelding-proxy/src/main/java/no/nav/testnav/proxies/sykemeldingproxy/RouteLocatorConfig.java index fa2c69e5228..178db99692b 100644 --- a/proxies/sykemelding-proxy/src/main/java/no/nav/testnav/proxies/sykemeldingproxy/RouteLocatorConfig.java +++ b/proxies/sykemelding-proxy/src/main/java/no/nav/testnav/proxies/sykemeldingproxy/RouteLocatorConfig.java @@ -3,7 +3,7 @@ import no.nav.testnav.libs.reactiveproxy.config.SecurityConfig; import no.nav.testnav.libs.reactiveproxy.filter.AddAuthenticationRequestGatewayFilterFactory; import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration; -import no.nav.testnav.libs.reactivesecurity.exchange.azuread.TrygdeetatenAzureAdTokenService; +import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureTrygdeetatenTokenService; import no.nav.testnav.libs.securitycore.domain.AccessToken; import org.springframework.cloud.gateway.filter.GatewayFilter; import org.springframework.cloud.gateway.route.RouteLocator; @@ -36,7 +36,7 @@ public RouteLocator customRouteLocator( @Bean GatewayFilter getAuthenticationFilter( - TrygdeetatenAzureAdTokenService tokenService, + AzureTrygdeetatenTokenService tokenService, Consumers consumers ) { return AddAuthenticationRequestGatewayFilterFactory diff --git a/proxies/synthdata-meldekort-proxy/src/main/java/no/nav/testnav/proxies/synthdatameldekortproxy/SynthdataMeldekortProxyApplicationStarter.java b/proxies/synthdata-meldekort-proxy/src/main/java/no/nav/testnav/proxies/synthdatameldekortproxy/SynthdataMeldekortProxyApplicationStarter.java index 88a92c6bedc..22778c6a03c 100644 --- a/proxies/synthdata-meldekort-proxy/src/main/java/no/nav/testnav/proxies/synthdatameldekortproxy/SynthdataMeldekortProxyApplicationStarter.java +++ b/proxies/synthdata-meldekort-proxy/src/main/java/no/nav/testnav/proxies/synthdatameldekortproxy/SynthdataMeldekortProxyApplicationStarter.java @@ -4,7 +4,7 @@ import no.nav.testnav.libs.reactiveproxy.config.SecurityConfig; import no.nav.testnav.libs.reactiveproxy.filter.AddAuthenticationRequestGatewayFilterFactory; import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration; -import no.nav.testnav.libs.reactivesecurity.exchange.azuread.NavAzureAdTokenService; +import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureNavTokenService; import no.nav.testnav.libs.securitycore.domain.AccessToken; import no.nav.testnav.proxies.synthdatameldekortproxy.config.Consumers; import org.springframework.boot.SpringApplication; @@ -29,7 +29,7 @@ public static void main(String[] args) { @Bean public RouteLocator customRouteLocator( RouteLocatorBuilder builder, - NavAzureAdTokenService tokenService, + AzureNavTokenService tokenService, Consumers consumers ) { var addAuthenticationHeaderFilter = AddAuthenticationRequestGatewayFilterFactory diff --git a/proxies/synthdata-meldekort-proxy/src/main/resources/application.yml b/proxies/synthdata-meldekort-proxy/src/main/resources/application.yml index 72804a26497..9764f8f0631 100644 --- a/proxies/synthdata-meldekort-proxy/src/main/resources/application.yml +++ b/proxies/synthdata-meldekort-proxy/src/main/resources/application.yml @@ -1,7 +1,7 @@ spring: application: name: testnav-synthdata-meldekort-proxy - desciption: Proxy for synthdata-arena-meldekort som legger på sikkerhet. + description: Proxy for synthdata-arena-meldekort som legger på sikkerhet. security: oauth2: resourceserver: diff --git a/proxies/yrkesskade-proxy/src/main/resources/application.yml b/proxies/yrkesskade-proxy/src/main/resources/application.yml index d184bab8be3..49de1dcebe7 100644 --- a/proxies/yrkesskade-proxy/src/main/resources/application.yml +++ b/proxies/yrkesskade-proxy/src/main/resources/application.yml @@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535 spring: application: name: testnav-pdl-proxy - desciption: Proxy for pdl som legger på AzureAd sikkerhet og lager en sts token.. + description: Proxy for pdl som legger på AzureAd sikkerhet og lager en sts token.. security: oauth2: resourceserver: