Merge branch 'release/6.0.0'

.travis.yml

@@ -6,6 +6,7 @@ branches:
   only:
   - master
   - develop
+  - /^epic\/.*\/develop$/
   - /^feature.*$/
 before_cache:
   - rm -f  $HOME/.gradle/caches/modules-2/modules-2.lock

README.md

@@ -1,54 +1,39 @@
-# ala-ws-security-plugin
-Web service specific security code, e.g. API Key filters
+# ala-security-libs
+Java libraries and Grails plugins for authentication and authorization with backwards compatibility to previous
+ALA plugins
 
-## Status
-[![Build Status](https://travis-ci.org/AtlasOfLivingAustralia/ala-ws-security-plugin.svg?branch=master)](https://travis-ci.org/AtlasOfLivingAustralia/ala-ws-security-plugin)
+Usage
+-----
 
-## Usage
-```
-compile "org.grails.plugins:ala-ws-security-plugin:4.0.0-SNAPSHOT"
-```
-
-### JWT Usage
+The current version of these libraries is: `6.0.0-SNAPSHOT`.
 
-From the client side, send an Authorization: Bearer request _header_ on all secured service requests, with a JWT access token issued by an OIDC IdP as the payload.
+To ensure that various plugins and libraries and self-consistent, a project should use the same version for
+each of the plugins and libraries that it consumes, eg for a Grails project:
 
-On the server side, the legacy `@RequireApiKey` annotations will still be honoured, but will
-look for a JWT in the request first before optionally falling back to the legacy behaviour.
-
-Optionally, you may add a `scopes` parameter to the `@RequireApiKey` annotation, to enforce incoming JWT
-requests to have the given scopes (ie, an app might have a `read:appname` scope defined for reading from its API)
+```gradle.properties
+alaSecurityLibsVersion=6.0.0-SNAPSHOT
+```
 
-### Legacy Usage
+```build.gradle
+dependencies {
+  implementation "org.grails.plugins:ala-auth-plugin:$alaSecurityLibsVersion"
+  implementation "org.grails.plugins:ala-ws-plugin:$alaSecurityLibsVersion"
+  implementation "org.grails.plugins:ala-ws-security-plugin:$alaSecurityLibsVersion"
+}
+```
 
-From the client side, set the ```apiKey``` request _header_  on all secured service requests to a valid API Key (registered in the API Key service).
+Components
+----------
 
-On the server side, annotate protected controllers (either the class or individual methods) with the ```RequireApiKey``` annotation.
+This project contains all of the following previously separate ALA Grails plugins and libs:
 
-## External configuration properties
+- [ala-auth-plugin](ala-auth) - For interactively authenticating users
+- [ala-ws-plugin](ala-ws-plugin) - For adding authenticated tokens to outgoing web service requests
+- [ala-ws-security-plugin](ala-ws-security-plugin) - For adding access token authentication for web services
+- [userdetails-service-client](userdetails-service-client) - For contacting userdetails web services
 
-### JWT support
-- ```security.jwt.enabled``` - Defaults to true.  True indicates the plugin should check for JWTs on incoming requests.
-- ```security.jwt.fallback-to-legacy-behaviour``` - Defaults to true.  True indicates that if no JWT is present on a request, legacy api keys will be checked instead.
-- ```security.jwt.discovery-uri``` - The discovery URI of the OIDC provider.  JWT validation will be bootstrapped from this document.
-- ```security.jwt.connect-timeout-ms``` - HTTP request connection timeout
-- ```security.jwt.read-timeout-ms``` - HTTP request read timeout
-- ```security.jwt.required-claims``` - The claims that must be present on the JWT for it to be valid.  By default this is `"sub", "iat", "exp", "nbf", "cid", "jti"`
-- ```security.jwt.required-scopes``` - List of scopes that are required for all JWT endpoints in this app
+In addition there is support for Spring Boot apps using the same underlying libraries and code in:
 
-### Mandatory
-- ```security.apikey.check.serviceUrl``` - URL of the API Key service endpoint, up to and including the key parameter name. E.g. https://auth.ala.org.au/apikey/ws/check?apikey=
+- [ala-ws-spring-security](ala-ws-spring-security)
 
-### Optional
-- ```security.apikey.ip.whitelist``` - comma separated list of IP Addresses that are exempt from the API key security check.
-- ```security.apikey.header.override ``` - override the default request header name (apiKey) to use a different name.
 
-## Changelog
-- **Version 4.0.0**
-  - Grails 4 version
-  - Add JWT support
-- **Version 2.0**
-  - Grails 3 version
-- **Version 1.0** (2/7/2015)
-  - Initial release.
-  - Includes a grails filter and a ```RequireApiKey``` annotation for securing web service calls via the ALA API Key infrastructure.

ala-auth/.gitignore

@@ -0,0 +1,12 @@
+.DS_Store
+*.zip
+*.xml
+*.iml
+*.sha1
+*.tld
+
+.gradle/
+.idea/
+target/
+build/
+out/

ala-auth/.travis.yml

@@ -0,0 +1,33 @@
+language: groovy
+dist: focal
+jdk:
+- openjdk11
+sudo: false
+branches:
+  only:
+  - master
+  - grails2
+  - 4.0.x
+  - 3.2.x
+  - 3.1.x
+  - 3.0.x
+  - 2.1.x
+  - gateway-experiment
+  - /^feature.*$/
+before_cache:
+  - rm -f  $HOME/.gradle/caches/modules-2/modules-2.lock
+  - rm -fr $HOME/.gradle/caches/*/plugin-resolution/
+cache:
+  directories:
+  - $HOME/.m2
+  - $HOME/.gradle/caches/
+  - $HOME/.gradle/wrapper/
+before_install:
+  - ./gradlew classes testClasses
+after_success:
+  - '[ "${TRAVIS_PULL_REQUEST}" = "false" ] && travis_retry ./gradlew publish'
+env:
+  global:
+  - JAVA_TOOL_OPTIONS=-Dhttps.protocols=TLSv1.2
+  - secure: UHC6qsBSvqs6VQbP1WWCDUtt+PXssJLlK3s8/1VB7TmIJEHy/f6r7HSZoFPA9p9UrAPWpeS0w1uiETKjhhC+842b/hNCa/0e4aM8hE/S8WQ9ic72T7DSnxx7s2tSBVANr/Qd9o2drbyophRVCFL7In2meaFIzAApmBI2aZ/Wn2w=
+  - secure: AZdwRjNv371AiUx1b7YdPhIjAY0aE74UQYS8arU46ony3FQObwGoiqii/qP7yKo+EynZvPR21azGC5FWAIInvy7rht6qiO1euQj9jK99H035nDd+OpWev54W1Fu7NlFgA44EQiPbCt1FtdI0BamgMs3OmyY4+wpj1pJBp7FwdPk=