small security fix

assimbly · Mar 17, 2022 · 742e955 · 742e955
1 parent 598d6c4
commit 742e955
Show file tree

Hide file tree

Showing 7 changed files with 153 additions and 210 deletions.
diff --git a/angular.json b/angular.json
@@ -26,7 +26,7 @@
 			"allowedCommonJsDependencies": [
 				"sockjs-client", "codemirror"
 			],
-            "outputPath": "target/classes/static/",
+            "outputPath": "build/resources/main/static/",
             "index": "src/main/webapp/index.html",
             "main": "src/main/webapp/main.ts",
             "polyfills": "src/main/webapp/polyfills.ts",
@@ -113,7 +113,7 @@
   "cli": {
     "cache": {
       "enabled": true,
-      "path": "./target/angular/",
+      "path": "./build/angular/",
       "environment": "all"
     },
     "packageManager": "npm"

diff --git a/build.gradle b/build.gradle
@@ -399,7 +399,7 @@ dependencies {
     testImplementation "org.mockito:mockito-core"
     testImplementation "com.mattbertolini:liquibase-slf4j"
     testImplementation "org.hamcrest:hamcrest-library"
-    testImplementation "com.h2database:h2"
+    runtimeOnly "com.h2database:h2"
     liquibaseRuntime "com.h2database:h2"
 }
 

diff --git a/ngsw-config.json b/ngsw-config.json
@@ -0,0 +1,21 @@
+{
+  "$schema": "./node_modules/@angular/service-worker/config/schema.json",
+  "index": "/index.html",
+  "assetGroups": [
+    {
+      "name": "app",
+      "installMode": "prefetch",
+      "resources": {
+        "files": ["/favicon.ico", "/index.html", "/manifest.webapp", "/*.css", "/*.js"]
+      }
+    },
+    {
+      "name": "assets",
+      "installMode": "lazy",
+      "updateMode": "prefetch",
+      "resources": {
+        "files": ["/content/**", "/*.(eot|svg|cur|jpg|png|webp|gif|otf|ttf|woff|woff2|ani|webp)"]
+      }
+    }
+  ]
+}
diff --git a/package.json b/package.json
@@ -5,54 +5,42 @@
   "description": "A message gateway based on Apache camel",
   "license": "Apache License 2.0",
   "scripts": {
-    "app:start": "./mvnw",
-    "backend:build-cache": "./mvnw dependency:go-offline",
-    "backend:debug": "./mvnw -Dspring-boot.run.jvmArguments=\"-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:8000\"",
-    "backend:doc:test": "./mvnw -ntp javadoc:javadoc --batch-mode",
-    "backend:info": "./mvnw -ntp enforcer:display-info --batch-mode",
-    "backend:nohttp:test": "./mvnw -ntp checkstyle:check --batch-mode",
-    "backend:start": "./mvnw -Dskip.installnodenpm -Dskip.npm",
-    "backend:unit:test": "./mvnw -ntp -Dskip.installnodenpm -Dskip.npm verify --batch-mode -Dlogging.level.ROOT=OFF -Dlogging.level.org.zalando=OFF -Dlogging.level.tech.jhipster=OFF -Dlogging.level.org.assimbly.gateway=OFF -Dlogging.level.org.springframework=OFF -Dlogging.level.org.springframework.web=OFF -Dlogging.level.org.springframework.security=OFF",
+    "app:start": "./gradlew",
+    "backend:build-cache": "npm run backend:info && npm run backend:nohttp:test && npm run ci:e2e:package",
+    "backend:doc:test": "./gradlew javadoc -x webapp -x webapp_test",
+    "backend:info": "./gradlew -v",
+    "backend:nohttp:test": "./gradlew checkstyleNohttp -x webapp -x webapp_test",
+    "backend:start": "./gradlew -x webapp -x webapp_test",
+    "backend:unit:test": "./gradlew test integrationTest -x webapp -x webapp_test -Dlogging.level.ROOT=OFF -Dlogging.level.org.zalando=OFF -Dlogging.level.tech.jhipster=OFF -Dlogging.level.org.assimbly.gateway=OFF -Dlogging.level.org.springframework=OFF -Dlogging.level.org.springframework.web=OFF -Dlogging.level.org.springframework.security=OFF",
     "build": "npm run webapp:prod --",
     "build-watch": "concurrently 'npm run webapp:build:dev -- --watch' npm:backend:start",
     "ci:backend:test": "npm run backend:info && npm run backend:doc:test && npm run backend:nohttp:test && npm run backend:unit:test -- -P$npm_package_config_default_environment",
     "ci:e2e:package": "npm run java:$npm_package_config_packaging:$npm_package_config_default_environment -- -Pe2e -Denforcer.skip=true",
+    "postci:e2e:package": "cp build/libs/*.$npm_package_config_packaging e2e.$npm_package_config_packaging",
     "ci:e2e:prepare": "npm run ci:e2e:prepare:docker",
     "ci:e2e:prepare:docker": "npm run docker:db:up && npm run docker:others:up && docker ps -a",
-    "ci:e2e:run": "concurrently -k -s first \"npm run ci:e2e:server:start\" \"npm run e2e:headless\"",
     "preci:e2e:server:start": "npm run docker:db:await --if-present && npm run docker:others:await --if-present",
-    "ci:e2e:server:start": "java -jar target/e2e.$npm_package_config_packaging --spring.profiles.active=e2e,$npm_package_config_default_environment -Dlogging.level.ROOT=OFF -Dlogging.level.org.zalando=OFF -Dlogging.level.tech.jhipster=OFF -Dlogging.level.org.assimbly.gateway=OFF -Dlogging.level.org.springframework=OFF -Dlogging.level.org.springframework.web=OFF -Dlogging.level.org.springframework.security=OFF --logging.level.org.springframework.web=ERROR",
+    "ci:e2e:server:start": "java -jar e2e.$npm_package_config_packaging --spring.profiles.active=e2e,$npm_package_config_default_environment -Dlogging.level.ROOT=OFF -Dlogging.level.org.zalando=OFF -Dlogging.level.tech.jhipster=OFF -Dlogging.level.org.assimbly.gateway=OFF -Dlogging.level.org.springframework=OFF -Dlogging.level.org.springframework.web=OFF -Dlogging.level.org.springframework.security=OFF --logging.level.org.springframework.web=ERROR",
     "ci:e2e:teardown": "npm run ci:e2e:teardown:docker",
     "ci:e2e:teardown:docker": "npm run docker:db:down --if-present && npm run docker:others:down && docker ps -a",
     "ci:frontend:build": "npm run webapp:build:$npm_package_config_default_environment",
     "ci:frontend:test": "npm run ci:frontend:build && npm test",
-    "ci:server:await": "echo \"Waiting for server at port $npm_package_config_backend_port to start\" && wait-on -t 180000 http-get://localhost:$npm_package_config_backend_port/management/health && echo \"Server at port $npm_package_config_backend_port started\"",
-    "clean-www": "rimraf target/classes/static/app/{src,target/}",
-    "cleanup": "rimraf target/classes/static/",
+    "clean-www": "rimraf build/resources/main/static/app/{src,build/}",
+    "cleanup": "rimraf build/resources/main/static/",
     "docker:app:up": "docker-compose -f src/main/docker/app.yml up -d",
-    "docker:db:down": "docker-compose -f src/main/docker/postgresql.yml down -v --remove-orphans",
-    "docker:db:up": "docker-compose -f src/main/docker/postgresql.yml up -d",
+    "docker:db:down": "docker-compose -f src/main/docker/mysql.yml down -v --remove-orphans",
+    "docker:db:up": "docker-compose -f src/main/docker/mysql.yml up -d",
     "docker:others:await": "",
     "docker:others:down": "",
     "predocker:others:up": "",
     "docker:others:up": "",
-    "e2e": "npm run e2e:protractor --",
-    "e2e:dev": "concurrently -k -s first \"./mvnw\" \"npm run e2e\"",
-    "e2e:devserver": "concurrently -k -s first \"npm run backend:start\" \"npm start\" \"wait-on -t 180000 http-get://localhost:9000 && npm run e2e:headless -- -c baseUrl=http://localhost:9000\"",
-    "pree2e:headless": "npm run ci:server:await",
-    "e2e:headless": "npm run e2e:protractor:headless --",
-    "e2e:protractor": "protractor src/test/javascript/protractor.conf.js",
-    "e2e:protractor:headless": "npm run e2e:protractor --",
-    "e2e:update-webdriver": "webdriver-manager update --gecko false",
-    "postinstall": "npm run e2e:update-webdriver",
-    "java:docker": "./mvnw -ntp verify -DskipTests -Pprod jib:dockerBuild",
-    "java:docker:arm64": "npm run java:docker -- -Djib-maven-plugin.architecture=arm64",
+    "java:docker": "./gradlew bootJar -Pprod jibDockerBuild",
     "java:docker:dev": "npm run java:docker -- -Pdev,webapp",
     "java:docker:prod": "npm run java:docker -- -Pprod",
-    "java:jar": "./mvnw -ntp verify -DskipTests --batch-mode",
+    "java:jar": "./gradlew bootJar -x test -x integrationTest",
     "java:jar:dev": "npm run java:jar -- -Pdev,webapp",
     "java:jar:prod": "npm run java:jar -- -Pprod",
-    "java:war": "./mvnw -ntp verify -DskipTests --batch-mode -Pwar",
+    "java:war": "./gradlew bootWar -Pwar -x test -x integrationTest",
     "java:war:dev": "npm run java:war -- -Pdev,webapp",
     "java:war:prod": "npm run java:war -- -Pprod",
     "jest": "jest --coverage --logHeapUsage --maxWorkers=2 --config jest.conf.js",
@@ -175,7 +163,7 @@
     "node_modules"
   ],
   "jestSonar": {
-    "reportPath": "target/test-results/jest",
+    "reportPath": "build/test-results/jest",
     "reportFile": "TESTS-results-sonar.xml"
   },
   "overrides": {

diff --git a/src/main/java/org/assimbly/gateway/config/SecurityConfiguration.java b/src/main/java/org/assimbly/gateway/config/SecurityConfiguration.java
@@ -48,24 +48,13 @@ public PasswordEncoder passwordEncoder() {
         return new BCryptPasswordEncoder();
     }
 
-    @Override
-    public void configure(WebSecurity web) {
-        web
-            .ignoring()
-            .antMatchers(HttpMethod.OPTIONS, "/**")
-            .antMatchers("/app/**/*.{js,html}")
-            .antMatchers("/i18n/**")
-            .antMatchers("/content/**")
-            .antMatchers("/h2-console/**")
-            .antMatchers("/swagger-ui/**")
-            .antMatchers("/test/**")
-			.antMatchers("/management/jolokia/**")
-            .antMatchers("/management/hawtio/**")
-            .antMatchers("/jolokia/**");
-    }
-
     @Override
     public void configure(HttpSecurity http) throws Exception {
+
+		String[] staticResources  =  {
+                "/**","/app/**/*.{js,html}","/i18n/**","/content/**","/h2-console/**","/swagger-ui/**","/test/**"
+		};
+
         // @formatter:off
         http
             .csrf()
@@ -89,6 +78,8 @@ public void configure(HttpSecurity http) throws Exception {
             .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
         .and()
             .authorizeRequests()
+			.antMatchers(HttpMethod.OPTIONS).permitAll()	
+			.antMatchers(staticResources).permitAll()
             .antMatchers("/api/authenticate").permitAll()
             .antMatchers("/api/register").permitAll()
             .antMatchers("/api/activate").permitAll()
@@ -97,7 +88,7 @@ public void configure(HttpSecurity http) throws Exception {
             .antMatchers("/api/admin/**").hasAuthority(AuthoritiesConstants.ADMIN)
             .antMatchers("/api/**").authenticated()
             .antMatchers("/websocket/**").permitAll() 
-			.antMatchers("/ws/**").permitAll()			
+			.antMatchers("/ws/**").permitAll()
             .antMatchers("/management/health").permitAll()
             .antMatchers("/management/health/**").permitAll()
             .antMatchers("/management/info").permitAll()

diff --git a/src/main/resources/config/application-prod.yml b/src/main/resources/config/application-prod.yml
@@ -24,6 +24,12 @@ logging:
     org.assimbly.gateway: INFO
     io.github.jhipster: INFO
 
+management:
+  metrics:
+    export:
+      prometheus:
+        enabled: false
+
 spring:
   devtools:
     restart:
@@ -50,14 +56,20 @@ spring:
       hibernate.generate_statistics: false
       # hibernate.cache.region.factory_class: io.github.jhipster.config.jcache.BeanClassLoaderAwareJCacheRegionFactory
   liquibase:
-    contexts: dev
+    contexts: prod
   mail:
     host: localhost
     port: 25
     username:
     password:
+  messages:
+    cache-duration: PT1S # 1 second, see the ISO 8601 standard
   thymeleaf:
     cache: true
+  encryption:
+    jasypt:
+      algorithm: PBEWithHMACSHA512AndAES_256
+      password: Pl34s3_Ch4ng3!_Th1s_1s_N0t_V3ry_S3c4r3!
 
 # ===================================================================
 # To enable TLS in production, generate a certificate using:
@@ -79,7 +91,8 @@ spring:
 #        ciphers: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 ,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 ,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
 # ===================================================================
 server:
-  port: 8080
+  port: 8080  
+  shutdown: graceful
   compression:
     enabled: true
     mime-types: text/html,text/xml,text/plain,text/css, application/javascript, application/json
@@ -122,6 +135,7 @@ jhipster:
   #enabled: false
   #report-frequency: 60 # in seconds
   logging:
+    use-json-format: false
     logstash: # Forward logs to logstash over a socket, used by LoggingConfiguration
       enabled: false
       host: localhost