From b1d47f3fa45da6b3b5aa2f72bee066d39bdcae73 Mon Sep 17 00:00:00 2001
From: JordenReuter <149687553+JordenReuter@users.noreply.github.com>
Date: Fri, 5 Jul 2024 13:37:58 +0200
Subject: [PATCH] feat: security integration and tests (#30)
---
.../pages/onecx-welcome-svc-docs.adoc | 11 +++
.../pages/onecx-welcome-svc-extensions.adoc | 76 +++++++++------
pom.xml | 16 ++-
src/main/docker/Dockerfile.jvm | 2 +-
src/main/docker/Dockerfile.native | 2 +-
src/main/helm/values.yaml | 9 +-
.../onecx-welcome-internal-openapi.yaml | 27 ++++++
src/main/resources/application.properties | 97 ++++++++++---------
.../ImageInternalRestControllerTest.java | 25 +++++
.../tkit/onecx/welcome/test/SecurityTest.java | 19 ++++
.../onecx/welcome/test/SecurityTestIT.java | 7 ++
11 files changed, 212 insertions(+), 79 deletions(-)
create mode 100644 src/test/java/org/tkit/onecx/welcome/test/SecurityTest.java
create mode 100644 src/test/java/org/tkit/onecx/welcome/test/SecurityTestIT.java
diff --git a/docs/modules/onecx-welcome-svc/pages/onecx-welcome-svc-docs.adoc b/docs/modules/onecx-welcome-svc/pages/onecx-welcome-svc-docs.adoc
index 5f1cddb..9d32008 100644
--- a/docs/modules/onecx-welcome-svc/pages/onecx-welcome-svc-docs.adoc
+++ b/docs/modules/onecx-welcome-svc/pages/onecx-welcome-svc-docs.adoc
@@ -12,6 +12,10 @@ quarkus.datasource.db-kind=postgresql
quarkus.datasource.jdbc.max-size=30
quarkus.datasource.jdbc.min-size=10
quarkus.hibernate-orm.jdbc.timezone=UTC
+quarkus.http.auth.permission.health.paths=/q/*
+quarkus.http.auth.permission.health.policy=permit
+quarkus.http.auth.permission.default.paths=/*
+quarkus.http.auth.permission.default.policy=authenticated
quarkus.banner.enabled=false
quarkus.hibernate-orm.database.generation=validate
quarkus.hibernate-orm.multitenant=DISCRIMINATOR
@@ -49,5 +53,12 @@ app:
repository: "onecx/onecx-welcome-svc"
db:
enabled: true
+ operator:
+ keycloak:
+ client:
+ enabled: true
+ spec:
+ kcConfig:
+ defaultClientScopes: [ ocx-wc:read ]
----
diff --git a/docs/modules/onecx-welcome-svc/pages/onecx-welcome-svc-extensions.adoc b/docs/modules/onecx-welcome-svc/pages/onecx-welcome-svc-extensions.adoc
index 2397be8..b49f574 100644
--- a/docs/modules/onecx-welcome-svc/pages/onecx-welcome-svc-extensions.adoc
+++ b/docs/modules/onecx-welcome-svc/pages/onecx-welcome-svc-extensions.adoc
@@ -11,129 +11,147 @@ h| Version
| tkit-quarkus-jpa
| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-jpa.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.22.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-jpa.adoc[Link]
-| 2.22.0
+| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-jpa.adoc[Link]
+| 2.27.0
| tkit-quarkus-log-cdi
| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-cdi.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.22.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-cdi.adoc[Link]
-| 2.22.0
+| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-cdi.adoc[Link]
+| 2.27.0
| tkit-quarkus-log-rs
| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-rs.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.22.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-rs.adoc[Link]
-| 2.22.0
+| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-rs.adoc[Link]
+| 2.27.0
| tkit-quarkus-log-json
| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-log-json.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.22.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-json.adoc[Link]
-| 2.22.0
+| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-log-json.adoc[Link]
+| 2.27.0
| tkit-quarkus-rest
| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-rest.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.22.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest.adoc[Link]
-| 2.22.0
+| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest.adoc[Link]
+| 2.27.0
| onecx-tenant
| https://onecx.github.io/docs/onecx-quarkus/current/onecx-quarkus/onecx-tenant.html[Link]
-| https://github.com/onecx/onecx-quarkus/blob/0.18.0/docs/modules/onecx-quarkus/pages/includes/onecx-tenant.adoc[Link]
-| 0.18.0
+| https://github.com/onecx/onecx-quarkus/blob/0.22.0/docs/modules/onecx-quarkus/pages/includes/onecx-tenant.adoc[Link]
+| 0.22.0
| tkit-quarkus-jpa-tenant
| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-jpa-tenant.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.22.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-jpa-tenant.adoc[Link]
-| 2.22.0
+| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-jpa-tenant.adoc[Link]
+| 2.27.0
| tkit-quarkus-rest-context
| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-rest-context.html[Link]
-| https://github.com/1000kit/tkit-quarkus/blob/2.22.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest-context.adoc[Link]
-| 2.22.0
+| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-rest-context.adoc[Link]
+| 2.27.0
| quarkus-arc
| https://quarkus.io/guides/cdi-reference[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-arc.adoc[Link]
-| 3.9.4
+| 3.12.0
| quarkus-liquibase
| https://quarkus.io/guides/liquibase[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-liquibase.adoc[Link]
-| 3.9.4
+| 3.12.0
| quarkus-smallrye-health
| https://quarkus.io/guides/smallrye-health[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-smallrye-health.adoc[Link]
-| 3.9.4
+| 3.12.0
| quarkus-micrometer-registry-prometheus
| https://quarkus.io/guides/telemetry-micrometer[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-micrometer-registry-prometheus.adoc[Link]
-| 3.9.4
+| 3.12.0
| quarkus-hibernate-orm
| https://quarkus.io/guides/hibernate-orm[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-hibernate-orm.adoc[Link]
-| 3.9.4
+| 3.12.0
| quarkus-rest
| https://quarkus.io/guides/rest[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-rest.adoc[Link]
-| 3.9.4
+| 3.12.0
| quarkus-rest-jackson
| https://quarkus.io/guides/rest-json[Link]
|
-| 3.9.4
+| 3.12.0
| quarkus-jdbc-postgresql
| https://quarkus.io/guides/datasource[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-jdbc-postgresql.adoc[Link]
-| 3.9.4
+| 3.12.0
| quarkus-smallrye-openapi
| https://quarkus.io/guides/openapi-swaggerui[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-smallrye-openapi.adoc[Link]
-| 3.9.4
+| 3.12.0
| quarkus-hibernate-validator
| https://quarkus.io/guides/validation[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-hibernate-validator.adoc[Link]
-| 3.9.4
+| 3.12.0
| quarkus-opentelemetry
| https://quarkus.io/guides/opentelemetry[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-opentelemetry.adoc[Link]
-| 3.9.4
+| 3.12.0
+
+| quarkus-oidc
+
+| https://quarkus.io/guides/security-oidc-bearer-token-authentication-tutorial[Link]
+| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-oidc.adoc[Link]
+| 3.12.0
+
+| tkit-quarkus-security
+
+| https://1000kit.github.io/tkit-quarkus/current/tkit-quarkus/tkit-quarkus-security.html[Link]
+| https://github.com/1000kit/tkit-quarkus/blob/2.27.0/docs/modules/tkit-quarkus/pages/includes/tkit-quarkus-security.adoc[Link]
+| 2.27.0
| onecx-core
| https://onecx.github.io/docs/onecx-quarkus/current/onecx-quarkus/onecx-core.html[Link]
|
-| 0.18.0
+| 0.22.0
| quarkus-container-image-docker
| https://quarkus.io/guides/container-image[Link]
| https://github.com/quarkusio/quarkusio.github.io/blob/develop/_generated-doc/latest/config/quarkus-container-image-docker.adoc[Link]
-| 3.9.4
+| 3.12.0
+| onecx-security
+
+|
+|
+| 0.22.0
+
|===
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 2799b21..0c4d0bd 100644
--- a/pom.xml
+++ b/pom.xml
@@ -7,7 +7,7 @@
org.tkit.onecx
onecx-quarkus3-parent
- 0.53.0
+ 0.54.0
onecx-welcome-svc
@@ -35,6 +35,10 @@
org.tkit.quarkus.lib
tkit-quarkus-rest
+
+ org.tkit.onecx.quarkus
+ onecx-security
+
@@ -99,6 +103,10 @@
io.quarkus
quarkus-opentelemetry
+
+ io.quarkus
+ quarkus-oidc
+
@@ -131,6 +139,11 @@
tkit-quarkus-test-db-import
test
+
+ org.tkit.quarkus.lib
+ tkit-quarkus-security-test
+ test
+
@@ -148,6 +161,7 @@
false
true
quarkus
+ onecx-scopes=true
/
false
diff --git a/src/main/docker/Dockerfile.jvm b/src/main/docker/Dockerfile.jvm
index e768fd7..3f351f3 100644
--- a/src/main/docker/Dockerfile.jvm
+++ b/src/main/docker/Dockerfile.jvm
@@ -1,4 +1,4 @@
-FROM ghcr.io/onecx/docker-quarkus-jvm:0.7.0
+FROM ghcr.io/onecx/docker-quarkus-jvm:0.8.0
COPY --chown=185 target/quarkus-app/lib/ /deployments/lib/
COPY --chown=185 target/quarkus-app/*.jar /deployments/
diff --git a/src/main/docker/Dockerfile.native b/src/main/docker/Dockerfile.native
index 41637be..d89de71 100644
--- a/src/main/docker/Dockerfile.native
+++ b/src/main/docker/Dockerfile.native
@@ -1,3 +1,3 @@
-FROM ghcr.io/onecx/docker-quarkus-native:0.5.0
+FROM ghcr.io/onecx/docker-quarkus-native:0.6.0
COPY --chown=1001:root target/*-runner /work/application
diff --git a/src/main/helm/values.yaml b/src/main/helm/values.yaml
index c9f034f..4f42af5 100644
--- a/src/main/helm/values.yaml
+++ b/src/main/helm/values.yaml
@@ -3,4 +3,11 @@ app:
image:
repository: "onecx/onecx-welcome-svc"
db:
- enabled: true
\ No newline at end of file
+ enabled: true
+ operator:
+ keycloak:
+ client:
+ enabled: true
+ spec:
+ kcConfig:
+ defaultClientScopes: [ ocx-wc:read ]
\ No newline at end of file
diff --git a/src/main/openapi/onecx-welcome-internal-openapi.yaml b/src/main/openapi/onecx-welcome-internal-openapi.yaml
index 9b81717..d0b1609 100644
--- a/src/main/openapi/onecx-welcome-internal-openapi.yaml
+++ b/src/main/openapi/onecx-welcome-internal-openapi.yaml
@@ -10,6 +10,8 @@ tags:
paths:
/internal/images/info/{id}:
get:
+ security:
+ - oauth2: [ ocx-wc:all, ocx-wc:read ]
tags:
- imagesInternal
description: get Image information by id
@@ -26,6 +28,8 @@ paths:
"404":
description: NOT FOUND
put:
+ security:
+ - oauth2: [ ocx-wc:all, ocx-wc:write ]
tags:
- imagesInternal
description: update Image information
@@ -52,6 +56,8 @@ paths:
schema:
$ref: '#/components/schemas/ProblemDetailResponse'
delete:
+ security:
+ - oauth2: [ ocx-wc:all, ocx-wc:delete ]
tags:
- imagesInternal
description: delete image information
@@ -65,6 +71,8 @@ paths:
description: NOT FOUND
/internal/images/info:
post:
+ security:
+ - oauth2: [ ocx-wc:all, ocx-wc:write ]
tags:
- imagesInternal
description: create image info
@@ -90,6 +98,8 @@ paths:
$ref: '#/components/schemas/ProblemDetailResponse'
/internal/images/{workspaceName}/info:
get:
+ security:
+ - oauth2: [ ocx-wc:all, ocx-wc:read ]
tags:
- imagesInternal
description: get all existing image-infos
@@ -111,6 +121,8 @@ paths:
$ref: '#/components/schemas/ImageInfo'
/internal/images:
post:
+ security:
+ - oauth2: [ ocx-wc:all, ocx-wc:write ]
tags:
- imagesInternal
description: create image
@@ -144,6 +156,8 @@ paths:
$ref: '#/components/schemas/ProblemDetailResponse'
/internal/images/{id}:
get:
+ security:
+ - oauth2: [ ocx-wc:all, ocx-wc:read ]
tags:
- imagesInternal
description: get Image by id
@@ -160,6 +174,8 @@ paths:
"404":
description: NOT FOUND
put:
+ security:
+ - oauth2: [ ocx-wc:all, ocx-wc:write ]
tags:
- imagesInternal
description: update Image by id
@@ -193,6 +209,17 @@ paths:
schema:
$ref: '#/components/schemas/ProblemDetailResponse'
components:
+ securitySchemes:
+ oauth2:
+ type: oauth2
+ flows:
+ clientCredentials:
+ tokenUrl: https://oauth.simple.api/token
+ scopes:
+ ocx-wc:all: Grants access to all operations
+ ocx-wc:read: Grants read access
+ ocx-wc:write: Grants write access
+ ocx-wc:delete: Grants access to delete operations
schemas:
ImageDataResponse:
type: object
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index b96cde4..7d949ed 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -1,46 +1,51 @@
-# DEFAULT
-quarkus.datasource.db-kind=postgresql
-quarkus.datasource.jdbc.max-size=30
-quarkus.datasource.jdbc.min-size=10
-quarkus.hibernate-orm.jdbc.timezone=UTC
-
-quarkus.banner.enabled=false
-quarkus.hibernate-orm.database.generation=validate
-quarkus.hibernate-orm.multitenant=DISCRIMINATOR
-
-quarkus.liquibase.migrate-at-start=true
-quarkus.liquibase.validate-on-migrate=true
-tkit.log.json.enabled=true
-
-# enable or disable multi-tenancy support
-tkit.rs.context.tenant-id.enabled=true
-
-# DEV
-%dev.tkit.log.json.enabled=false
-%dev.quarkus.datasource.jdbc.url=${DB_URL:jdbc:postgresql://postgresdb:5432/onecx-welcome?sslmode=disable}
-%dev.quarkus.datasource.username=${DB_USER:onecx-welcome}
-%dev.quarkus.datasource.password=${DB_PWD:onecx-welcome}
-
-# TEST
-%test.tkit.log.json.enabled=false
-
-# Enable mocking for tenant service
-%test.tkit.jpa.tenant.default=tenant-100
-%test.tkit.rs.context.tenant-id.mock.enabled=true
-%test.tkit.rs.context.tenant-id.mock.default-tenant=tenant-100
-%test.tkit.rs.context.tenant-id.mock.claim-org-id=orgId
-%test.tkit.rs.context.tenant-id.mock.data.org1=tenant-100
-%test.tkit.rs.context.tenant-id.mock.data.org2=tenant-200
-%test.tkit.rs.context.tenant-id.mock.data.org3=tenant-300
-
-# TEST-IT (integration tests)
-quarkus.test.integration-test-profile=test
-
-# PROD
-%prod.quarkus.datasource.jdbc.url=${DB_URL:jdbc:postgresql://postgresdb:5432/onecx-welcome?sslmode=disable}
-%prod.quarkus.datasource.username=${DB_USER:onecx-welcome}
-%prod.quarkus.datasource.password=${DB_PWD:onecx-welcome}
-
-# PIPE CONFIG
-
-
+# DEFAULT
+quarkus.datasource.db-kind=postgresql
+quarkus.datasource.jdbc.max-size=30
+quarkus.datasource.jdbc.min-size=10
+quarkus.hibernate-orm.jdbc.timezone=UTC
+
+quarkus.http.auth.permission.health.paths=/q/*
+quarkus.http.auth.permission.health.policy=permit
+quarkus.http.auth.permission.default.paths=/*
+quarkus.http.auth.permission.default.policy=authenticated
+
+quarkus.banner.enabled=false
+quarkus.hibernate-orm.database.generation=validate
+quarkus.hibernate-orm.multitenant=DISCRIMINATOR
+
+quarkus.liquibase.migrate-at-start=true
+quarkus.liquibase.validate-on-migrate=true
+tkit.log.json.enabled=true
+
+# enable or disable multi-tenancy support
+tkit.rs.context.tenant-id.enabled=true
+
+# DEV
+%dev.tkit.log.json.enabled=false
+%dev.quarkus.datasource.jdbc.url=${DB_URL:jdbc:postgresql://postgresdb:5432/onecx-welcome?sslmode=disable}
+%dev.quarkus.datasource.username=${DB_USER:onecx-welcome}
+%dev.quarkus.datasource.password=${DB_PWD:onecx-welcome}
+
+# TEST
+%test.tkit.log.json.enabled=false
+
+# Enable mocking for tenant service
+%test.tkit.jpa.tenant.default=tenant-100
+%test.tkit.rs.context.tenant-id.mock.enabled=true
+%test.tkit.rs.context.tenant-id.mock.default-tenant=tenant-100
+%test.tkit.rs.context.tenant-id.mock.claim-org-id=orgId
+%test.tkit.rs.context.tenant-id.mock.data.org1=tenant-100
+%test.tkit.rs.context.tenant-id.mock.data.org2=tenant-200
+%test.tkit.rs.context.tenant-id.mock.data.org3=tenant-300
+
+# TEST-IT (integration tests)
+quarkus.test.integration-test-profile=test
+quarkus.test.enable-callbacks-for-integration-tests=true
+# PROD
+%prod.quarkus.datasource.jdbc.url=${DB_URL:jdbc:postgresql://postgresdb:5432/onecx-welcome?sslmode=disable}
+%prod.quarkus.datasource.username=${DB_USER:onecx-welcome}
+%prod.quarkus.datasource.password=${DB_PWD:onecx-welcome}
+
+# PIPE CONFIG
+
+
diff --git a/src/test/java/org/tkit/onecx/welcome/rs/internal/controllers/ImageInternalRestControllerTest.java b/src/test/java/org/tkit/onecx/welcome/rs/internal/controllers/ImageInternalRestControllerTest.java
index 29f1099..0be4893 100644
--- a/src/test/java/org/tkit/onecx/welcome/rs/internal/controllers/ImageInternalRestControllerTest.java
+++ b/src/test/java/org/tkit/onecx/welcome/rs/internal/controllers/ImageInternalRestControllerTest.java
@@ -5,6 +5,7 @@
import static jakarta.ws.rs.core.Response.Status.*;
import static org.assertj.core.api.Assertions.assertThat;
import static org.tkit.onecx.welcome.rs.internal.mappers.ExceptionMapper.ErrorKeys.CONSTRAINT_VIOLATIONS;
+import static org.tkit.quarkus.security.test.SecurityTestUtils.getKeycloakClientToken;
import java.io.File;
import java.util.Objects;
@@ -12,6 +13,7 @@
import org.junit.jupiter.api.Test;
import org.tkit.onecx.welcome.test.AbstractTest;
+import org.tkit.quarkus.security.test.GenerateKeycloakClient;
import org.tkit.quarkus.test.WithDBData;
import gen.org.tkit.onecx.welcome.rs.internal.model.ImageDataResponseDTO;
@@ -23,6 +25,7 @@
@QuarkusTest
@TestHTTPEndpoint(ImageInternalRestController.class)
@WithDBData(value = "data/testdata-internal.xml", deleteBeforeInsert = true, deleteAfterTest = true, rinseAndRepeat = true)
+@GenerateKeycloakClient(clientName = "testClient", scopes = { "ocx-wc:read", "ocx-wc:write", "ocx-wc:delete", "ocx-wc:all" })
class ImageInternalRestControllerTest extends AbstractTest {
private static final String MEDIA_TYPE_IMAGE_PNG = "image/png";
@@ -33,6 +36,7 @@ class ImageInternalRestControllerTest extends AbstractTest {
@Test
void getImageDataByIdTest() {
var data = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.pathParam("id", "d-11-111")
.get("/{id}")
@@ -47,6 +51,7 @@ void getImageDataByIdTest() {
@Test
void getImageInfoByIdTest() {
var data = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.pathParam("id", "11-111")
.get("/info/{id}")
@@ -63,6 +68,7 @@ void getImageInfoByIdTest() {
@Test
void createImageDataTest() {
var data = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.body(FILE)
.contentType(MEDIA_TYPE_IMAGE_PNG)
@@ -77,6 +83,7 @@ void createImageDataTest() {
@Test
void createImageDataEmptyBodyTest() {
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.contentType(MEDIA_TYPE_IMAGE_PNG)
.post()
@@ -90,6 +97,7 @@ void createImageInfoTest() {
//first create image data
var imageData = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.body(FILE)
.contentType(MEDIA_TYPE_IMAGE_PNG)
@@ -103,6 +111,7 @@ void createImageInfoTest() {
body.imageId(imageData.getImageId()).position("2").visible(true).workspaceName("w1");
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.body(body)
.contentType(APPLICATION_JSON)
@@ -116,6 +125,7 @@ void createImageInfoExternalURLTest() {
ImageInfoDTO body = new ImageInfoDTO();
body.url("randomURl").position("2").visible(true).workspaceName("w1");
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.body(body)
.contentType(APPLICATION_JSON)
@@ -128,6 +138,7 @@ void createImageInfoExternalURLTest() {
void updateImageDataByIdTest() {
// first get existing image
var data = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.pathParam("id", "d-11-111")
.get("/{id}")
@@ -140,6 +151,7 @@ void updateImageDataByIdTest() {
//update the image
var updatedImage = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.body(FILE)
.contentType(MEDIA_TYPE_IMAGE_PNG)
@@ -155,6 +167,7 @@ void updateImageDataByIdTest() {
//update not-existing image
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.body(FILE)
.contentType(MEDIA_TYPE_IMAGE_PNG)
@@ -168,6 +181,7 @@ void updateImageDataByIdTest() {
void updateImageInfoByIdTest() {
// get image info
var data = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.pathParam("id", "22-222")
.get("/info/{id}")
@@ -183,6 +197,7 @@ void updateImageInfoByIdTest() {
updateBody.workspaceName("w1");
var updatedInfo = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(updateBody)
.pathParam("id", "22-222")
@@ -196,6 +211,7 @@ void updateImageInfoByIdTest() {
//update second time, optimistic lock exception
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(updateBody)
.pathParam("id", "22-222")
@@ -206,6 +222,7 @@ void updateImageInfoByIdTest() {
//update not-existing image-info
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(updateBody)
.pathParam("id", "not-existing")
@@ -219,6 +236,7 @@ void updateImageInfoAssignedImageDataByIdTest() {
//create new imageData first
var data = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.body(FILE)
.contentType(MEDIA_TYPE_IMAGE_PNG)
@@ -235,6 +253,7 @@ void updateImageInfoAssignedImageDataByIdTest() {
updateBody.workspaceName("w1");
var updatedInfo = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(updateBody)
.pathParam("id", "11-111")
@@ -251,6 +270,7 @@ void updateImageInfoAssignedImageDataByIdTest() {
updateBody.setImageId("not-existing");
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.contentType(APPLICATION_JSON)
.body(updateBody)
.pathParam("id", "11-111")
@@ -264,6 +284,7 @@ void updateImageInfoAssignedImageDataByIdTest() {
@Test
void deleteImageInfoByIdTest() {
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.pathParam("id", "11-111")
.delete("/info/{id}")
.then()
@@ -272,6 +293,7 @@ void deleteImageInfoByIdTest() {
//assigned image data should be gone too
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.pathParam("id", "d-11-111")
.get("/{id}")
.then()
@@ -279,6 +301,7 @@ void deleteImageInfoByIdTest() {
//delete not-existing image-info
given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.pathParam("id", "not-existing")
.delete("/info/{id}")
.then()
@@ -288,6 +311,7 @@ void deleteImageInfoByIdTest() {
@Test
void getAllImageInfosByWorkspaceNameTest() {
var output = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.pathParam("workspaceName", "w1")
.get("/{workspaceName}/info")
.then()
@@ -304,6 +328,7 @@ void testMaxUploadSize() {
new Random().nextBytes(body);
var exception = given()
+ .auth().oauth2(getKeycloakClientToken("testClient"))
.when()
.body(body)
.contentType(MEDIA_TYPE_IMAGE_PNG)
diff --git a/src/test/java/org/tkit/onecx/welcome/test/SecurityTest.java b/src/test/java/org/tkit/onecx/welcome/test/SecurityTest.java
new file mode 100644
index 0000000..e4a2992
--- /dev/null
+++ b/src/test/java/org/tkit/onecx/welcome/test/SecurityTest.java
@@ -0,0 +1,19 @@
+package org.tkit.onecx.welcome.test;
+
+import java.util.List;
+
+import org.tkit.quarkus.security.test.AbstractSecurityTest;
+import org.tkit.quarkus.security.test.SecurityTestConfig;
+
+import io.quarkus.test.junit.QuarkusTest;
+
+@QuarkusTest
+public class SecurityTest extends AbstractSecurityTest {
+ @Override
+ public SecurityTestConfig getConfig() {
+ SecurityTestConfig config = new SecurityTestConfig();
+ config.addConfig("read", "/internal/images/id", 404, List.of("ocx-wc:read"), "get");
+ config.addConfig("write", "/internal/images/info", 400, List.of("ocx-wc:write"), "post");
+ return config;
+ }
+}
diff --git a/src/test/java/org/tkit/onecx/welcome/test/SecurityTestIT.java b/src/test/java/org/tkit/onecx/welcome/test/SecurityTestIT.java
new file mode 100644
index 0000000..4cf4f0a
--- /dev/null
+++ b/src/test/java/org/tkit/onecx/welcome/test/SecurityTestIT.java
@@ -0,0 +1,7 @@
+package org.tkit.onecx.welcome.test;
+
+import io.quarkus.test.junit.QuarkusIntegrationTest;
+
+@QuarkusIntegrationTest
+public class SecurityTestIT extends SecurityTest {
+}