From 61b79d707826163b24c34def10181a12098596bc Mon Sep 17 00:00:00 2001 From: JordenReuter <149687553+JordenReuter@users.noreply.github.com> Date: Thu, 20 Jun 2024 12:21:43 +0200 Subject: [PATCH] feat: activated client security (#37) --- .../pages/onecx-shell-bff-docs.adoc | 12 ++++- .../pages/onecx-shell-bff-extensions.adoc | 52 +++++++++---------- src/main/helm/values.yaml | 4 ++ src/main/resources/application.properties | 11 +++- 4 files changed, 49 insertions(+), 30 deletions(-) diff --git a/docs/modules/onecx-shell-bff/pages/onecx-shell-bff-docs.adoc b/docs/modules/onecx-shell-bff/pages/onecx-shell-bff-docs.adoc index c20e815..4beadab 100644 --- a/docs/modules/onecx-shell-bff/pages/onecx-shell-bff-docs.adoc +++ b/docs/modules/onecx-shell-bff/pages/onecx-shell-bff-docs.adoc @@ -24,7 +24,6 @@ org.eclipse.microprofile.rest.client.propagateHeaders=apm-principal-token quarkus.http.filter.images.header."Cache-Control"=max-age=432000 quarkus.http.filter.images.matches=/themes/* onecx.component.mock.keys[0]=portalmenu -%prod.quarkus.oidc-client.client-id=${quarkus.application.name} quarkus.openapi-generator.codegen.input-base-dir=target/tmp/openapi quarkus.openapi-generator.codegen.spec.onecx_workspace_svc_external_v1_yaml.config-key=onecx_workspace_svc quarkus.openapi-generator.codegen.spec.onecx_workspace_svc_external_v1_yaml.base-package=gen.org.tkit.onecx.workspace.client @@ -52,6 +51,12 @@ quarkus.openapi-generator.codegen.spec.onecx_user_profile_svc_v1_yaml.base-packa quarkus.openapi-generator.codegen.spec.onecx_user_profile_svc_v1_yaml.return-response=true quarkus.openapi-generator.codegen.spec.onecx_user_profile_svc_v1_yaml.additional-api-type-annotations=@org.eclipse.microprofile.rest.client.annotation.RegisterClientHeaders; quarkus.openapi-generator.codegen.spec.onecx_user_profile_svc_v1_yaml.additional-model-type-annotations=@io.quarkus.runtime.annotations.RegisterForReflection; +%prod.quarkus.rest-client.onecx_workspace_svc_external_v1_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter +%prod.quarkus.rest-client.onecx_theme_svc_external_v1_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter +%prod.quarkus.rest-client.onecx_product_store_svc_v1_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter +%prod.quarkus.rest-client.onecx_permission_svc_v1_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter +%prod.quarkus.rest-client.onecx_user_profile_svc_v1_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter +%prod.quarkus.oidc-client.client-id=${quarkus.application.name} ---- ==== @@ -77,7 +82,10 @@ app: name: bff image: repository: "onecx/onecx-shell-bff" + operator: + keycloak: + client: + enabled: true ---- - diff --git a/docs/modules/onecx-shell-bff/pages/onecx-shell-bff-extensions.adoc b/docs/modules/onecx-shell-bff/pages/onecx-shell-bff-extensions.adoc index 1aee2c8..d6a6873 100644 --- a/docs/modules/onecx-shell-bff/pages/onecx-shell-bff-extensions.adoc +++ b/docs/modules/onecx-shell-bff/pages/onecx-shell-bff-extensions.adoc @@ -12,25 +12,25 @@ h| Version | https://quarkus.io/guides/rest[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-rest.adoc[Link] -| 3.9.4 +| 3.11.1 | quarkus-smallrye-openapi | https://quarkus.io/guides/openapi-swaggerui[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-smallrye-openapi.adoc[Link] -| 3.9.4 +| 3.11.1 | quarkus-rest-jackson | https://quarkus.io/guides/rest-json[Link] | -| 3.9.4 +| 3.11.1 | quarkus-smallrye-health | https://quarkus.io/guides/smallrye-health[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-smallrye-health.adoc[Link] -| 3.9.4 +| 3.11.1 | quarkus-openapi-generator @@ -42,89 +42,89 @@ h| Version | https://quarkus.io/guides/rest-client[Link] | -| 3.9.4 +| 3.11.1 | tkit-quarkus-log-cdi | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-cdi.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.23.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-cdi.adoc[Link] -| 2.23.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-cdi.adoc[Link] +| 2.25.0 | tkit-quarkus-log-rs | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-rs.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.23.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-rs.adoc[Link] -| 2.23.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-rs.adoc[Link] +| 2.25.0 | tkit-quarkus-log-json | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-json.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.23.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-json.adoc[Link] -| 2.23.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-json.adoc[Link] +| 2.25.0 | tkit-quarkus-rest | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-rest.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.23.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest.adoc[Link] -| 2.23.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest.adoc[Link] +| 2.25.0 | tkit-quarkus-rest-context | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-rest-context.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.23.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest-context.adoc[Link] -| 2.23.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest-context.adoc[Link] +| 2.25.0 | tkit-quarkus-security | https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-security.html[Link] -| https://github.com/1000kit/tkit-quarkus/blob/2.23.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-security.adoc[Link] -| 2.23.0 +| https://github.com/1000kit/tkit-quarkus/blob/2.25.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-security.adoc[Link] +| 2.25.0 | quarkus-hibernate-validator | https://quarkus.io/guides/validation[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-hibernate-validator.adoc[Link] -| 3.9.4 +| 3.11.1 | onecx-permissions | https://onecx.github.io/docs/onecx-quarkus/current/onecx-quarkus/onecx-permissions.html[Link] -| https://github.com/onecx/onecx-quarkus/blob/0.18.0/docs/modules/onecx-quarkus/pages/includes/onecx-permissions.adoc[Link] -| 0.18.0 +| https://github.com/onecx/onecx-quarkus/blob/0.20.0/docs/modules/onecx-quarkus/pages/includes/onecx-permissions.adoc[Link] +| 0.20.0 | quarkus-oidc | https://quarkus.io/guides/security-oidc-bearer-token-authentication-tutorial[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-oidc.adoc[Link] -| 3.9.4 +| 3.11.1 | onecx-core | https://onecx.github.io/docs/onecx-quarkus/current/onecx-quarkus/onecx-core.html[Link] | -| 0.18.0 +| 0.20.0 | quarkus-arc | https://quarkus.io/guides/cdi-reference[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-arc.adoc[Link] -| 3.9.4 +| 3.11.1 | quarkus-container-image-docker | https://quarkus.io/guides/container-image[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-container-image-docker.adoc[Link] -| 3.9.4 +| 3.11.1 | quarkus-rest-client-oidc-filter | | -| 3.9.4 +| 3.11.1 -|===://quarkus.io/guides/container-image[Link] +|===.io/guides/container-image[Link] | https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-container-image-docker.adoc[Link] | 3.9.3 diff --git a/src/main/helm/values.yaml b/src/main/helm/values.yaml index 3bb1daf..a0d7768 100644 --- a/src/main/helm/values.yaml +++ b/src/main/helm/values.yaml @@ -2,3 +2,7 @@ app: name: bff image: repository: "onecx/onecx-shell-bff" + operator: + keycloak: + client: + enabled: true diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 594bcb1..3814ef4 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -26,8 +26,6 @@ quarkus.http.filter.images.matches=/themes/* #MOCK FOR REMOTE COMPONENTS => should be removed when implemented onecx.component.mock.keys[0]=portalmenu -%prod.quarkus.oidc-client.client-id=${quarkus.application.name} - # DEV %dev.quarkus.rest-client.onecx_workspace_svc.url=http://onecx-workspace-svc %dev.quarkus.rest-client.onecx_theme_svc.url=http://onecx-theme-svc @@ -80,6 +78,15 @@ quarkus.openapi-generator.codegen.spec.onecx_user_profile_svc_v1_yaml.base-packa quarkus.openapi-generator.codegen.spec.onecx_user_profile_svc_v1_yaml.return-response=true quarkus.openapi-generator.codegen.spec.onecx_user_profile_svc_v1_yaml.additional-api-type-annotations=@org.eclipse.microprofile.rest.client.annotation.RegisterClientHeaders; quarkus.openapi-generator.codegen.spec.onecx_user_profile_svc_v1_yaml.additional-model-type-annotations=@io.quarkus.runtime.annotations.RegisterForReflection; + +# OIDC +%prod.quarkus.rest-client.onecx_workspace_svc_external_v1_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter +%prod.quarkus.rest-client.onecx_theme_svc_external_v1_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter +%prod.quarkus.rest-client.onecx_product_store_svc_v1_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter +%prod.quarkus.rest-client.onecx_permission_svc_v1_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter +%prod.quarkus.rest-client.onecx_user_profile_svc_v1_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter +%prod.quarkus.oidc-client.client-id=${quarkus.application.name} + # INTEGRATION TEST quarkus.test.integration-test-profile=test