Skip to content

Commit

Permalink
Examples security validation (helidon-io#8433)
Browse files Browse the repository at this point in the history
Signed-off-by: Maxim Nesen <[email protected]>
  • Loading branch information
senivam authored Feb 29, 2024
1 parent ca2bc73 commit f741b7a
Show file tree
Hide file tree
Showing 60 changed files with 213 additions and 213 deletions.
2 changes: 1 addition & 1 deletion examples/config/changes/conf/secrets/password
Original file line number Diff line number Diff line change
@@ -1 +1 @@
^ery$ecretP&ssword
changeit
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2017, 2023 Oracle and/or its affiliates.
* Copyright (c) 2017, 2024 Oracle and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -54,7 +54,7 @@ public void run() {

private static void logSecrets(Config secrets) {
LOGGER.info("Loaded secrets are u: " + secrets.get("username").asString().get()
+ ", p: " + secrets.get("password").asString().get());
+ ", p: " + secrets.get("changeit").asString().get());
}

}
2 changes: 1 addition & 1 deletion examples/config/sources/conf/secrets/password
Original file line number Diff line number Diff line change
@@ -1 +1 @@
^ery$ecretP&ssword
changeit
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2017, 2023 Oracle and/or its affiliates.
* Copyright (c) 2017, 2024 Oracle and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -48,9 +48,9 @@ public static void main(String... args) {
System.out.println("Username: " + username);
assert username.equals("libor");

String password = secrets.get("password").asString().get();
String password = secrets.get("changeit").asString().get();
System.out.println("Password: " + password);
assert password.equals("^ery$ecretP&ssword");
assert password.equals("changeit");
}

}
2 changes: 1 addition & 1 deletion examples/dbclient/jdbc/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ Instructions for Oracle can be found here: https://github.com/oracle/docker-imag

MySQL can be run as a docker container with the following command:
```
docker run --rm --name mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=root -e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=password mysql:5.7
docker run --rm --name mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=root -e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=changeit mysql:5.7
```


Expand Down
6 changes: 3 additions & 3 deletions examples/dbclient/jdbc/src/main/resources/application.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#
# Copyright (c) 2019, 2023 Oracle and/or its affiliates.
# Copyright (c) 2019, 2024 Oracle and/or its affiliates.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -38,10 +38,10 @@ db:
# MySQL configuration
#
# docker run --rm --name mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=root \
# -e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=password mysql:5.7
# -e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=changeit mysql:5.7
# url: jdbc:mysql://127.0.0.1:3306/pokemon?useSSL=false
# username: user
# password: password
# password: changeit
# poolName: mysql
#
# Oracle configuration
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ class PokemonServiceMySQLIT extends AbstractPokemonServiceTest {
@Container
static MySQLContainer<?> container = new MySQLContainer<>("mysql:8.0.36")
.withUsername("user")
.withPassword("password")
.withPassword("changeit")
.withNetworkAliases("mysql")
.withDatabaseName("pokemon");

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ db:
source: jdbc
connection:
username: user
password: password
password: changeit
poolName: mysql
initializationFailTimeout: -1
connectionTimeout: 2000
Expand Down
2 changes: 1 addition & 1 deletion examples/dbclient/pokemons/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ For details, see http://www.h2database.com/html/cheatSheet.html
MySQL:
```
docker run --rm --name mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=root \
-e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=password mysql:5.7
-e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=changeit mysql:5.7
```


Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ public class PokemonServiceMySQLIT extends AbstractPokemonServiceTest {
@Container
static MySQLContainer<?> container = new MySQLContainer<>("mysql:8.0.36")
.withUsername("user")
.withPassword("password")
.withPassword("changeit")
.withNetworkAliases("mysql")
.withDatabaseName("pokemon");

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ db:
source: jdbc
connection:
username: user
password: password
password: changeit
poolName: "mysql"
initializationFailTimeout: -1
connectionTimeout: 2000
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2019, 2023 Oracle and/or its affiliates.
* Copyright (c) 2019, 2024 Oracle and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -43,7 +43,7 @@ final class EmployeeRepositoryImplDB implements EmployeeRepository {
String driver = "oracle.jdbc.driver.OracleDriver";

String dbUserName = config.get("app.user").asString().orElse("sys as SYSDBA");
String dbUserPassword = config.get("app.password").asString().orElse("password");
String dbUserPassword = config.get("app.password").asString().orElse("changeit");
String dbHostURL = config.get("app.hosturl").asString().orElse("localhost:1521/xe");

try {
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#
# Copyright (c) 2018, 2023 Oracle and/or its affiliates.
# Copyright (c) 2018, 2024 Oracle and/or its affiliates.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -29,7 +29,7 @@ security:
# This is a nice way to be able to override this with local properties or env-vars
idcs-uri: "https://tenant-id.identity.oracle.com"
idcs-client-id: "client-id"
idcs-client-secret: "client-secret"
idcs-client-secret: "changeit"
# Used as a base for redirects back to us
frontend-uri: "http://localhost:7987"
proxy-host: "if you need proxy"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
#!/bin/bash -e

#
# Copyright (c) 2023 Oracle and/or its affiliates.
# Copyright (c) 2023, 2024 Oracle and/or its affiliates.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -39,7 +39,7 @@ prepareKeyToUpload() {
# Extract server/client private key
openssl pkcs12 -in "$KEYSTORE_FILE" \
-nocerts \
-passin pass:password -passout pass:password \
-passin pass:changeit -passout pass:changeit \
-out $PRIVATE_KEY_AS_PEM

## Upload server/client private key to vault
Expand All @@ -59,7 +59,7 @@ prepareKeyToUpload() {
# If the RSA private key you want to import is in PEM format, convert it to DER:
openssl pkcs8 -topk8 -nocrypt \
-inform PEM -outform DER \
-passin pass:password -passout pass:password \
-passin pass:changeit -passout pass:changeit \
-in $PRIVATE_KEY_AS_PEM -out $PRIVATE_KEY_AS_DER

# Wrap RSA private key with the temporary AES key:
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#
# Copyright (c) 2019, 2022 Oracle and/or its affiliates.
# Copyright (c) 2019, 2024 Oracle and/or its affiliates.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
Expand All @@ -23,7 +23,7 @@ security:
oidc-identity-uri: "https://tenant.some-server.com/oauth2/default"
# when you create a new client in identity server configuration, you should get a client id and a client secret
oidc-client-id: "some client id"
oidc-client-secret: "some client secret"
oidc-client-secret: "changeit"
# issuer of the tokens - identity server specific (maybe even configurable)
oidc-issuer: "https://tenant.some-server.com/oauth2/default"
# audience of the tokens - identity server specific (usually configurable)
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#
# Copyright (c) 2018, 2020 Oracle and/or its affiliates.
# Copyright (c) 2018, 2024 Oracle and/or its affiliates.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -27,13 +27,13 @@ security:
realm: "helidon"
users:
- login: "jack"
password: "password"
password: "changeit"
roles: ["user", "admin"]
- login: "jill"
password: "password"
password: "changeit"
roles: ["user"]
- login: "john"
password: "password"
password: "changeit"
web-server:
paths:
- path: "/static-cp[/{*}]"
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#
# Copyright (c) 2020 Oracle and/or its affiliates.
# Copyright (c) 2020, 2024 Oracle and/or its affiliates.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
Expand All @@ -20,9 +20,9 @@ server.host=0.0.0.0

#Truststore setup
server.tls.trust.keystore.resource.resource-path=server.p12
server.tls.trust.keystore.passphrase=password
server.tls.trust.keystore.passphrase=changeit
server.tls.trust.keystore.trust-store=true

#Keystore with private key and server certificate
server.tls.private-key.keystore.resource.resource-path=server.p12
server.tls.private-key.keystore.passphrase=password
server.tls.private-key.keystore.passphrase=changeit
Binary file modified examples/microprofile/tls/src/main/resources/server.p12
Binary file not shown.
10 changes: 5 additions & 5 deletions examples/security/basic-auth-with-static-content/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,9 @@ Try the application:
The application starts at the `8080` port
```shell
curl http://localhost:8080/public
curl -u "jill:password" http://localhost:8080/noRoles
curl -u "john:password" http://localhost:8080/user
curl -u "jack:password" http://localhost:8080/admin
curl -v -u "john:password" http://localhost:8080/deny
curl -u "jack:password" http://localhost:8080/noAuthn
curl -u "jill:changeit" http://localhost:8080/noRoles
curl -u "john:changeit" http://localhost:8080/user
curl -u "jack:changeit" http://localhost:8080/admin
curl -v -u "john:changeit" http://localhost:8080/deny
curl -u "jack:changeit" http://localhost:8080/noAuthn
```
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2020, 2023 Oracle and/or its affiliates.
* Copyright (c) 2020, 2024 Oracle and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -42,9 +42,9 @@ public final class BasicExampleBuilderMain {
private static final Map<String, MyUser> USERS = new HashMap<>();

static {
USERS.put("jack", new MyUser("jack", "password".toCharArray(), Set.of("user", "admin")));
USERS.put("jill", new MyUser("jill", "password".toCharArray(), Set.of("user")));
USERS.put("john", new MyUser("john", "password".toCharArray(), Set.of()));
USERS.put("jack", new MyUser("jack", "changeit".toCharArray(), Set.of("user", "admin")));
USERS.put("jill", new MyUser("jill", "changeit".toCharArray(), Set.of("user")));
USERS.put("john", new MyUser("john", "changeit".toCharArray(), Set.of()));
}

private BasicExampleBuilderMain() {
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#
# Copyright (c) 2020, 2023 Oracle and/or its affiliates.
# Copyright (c) 2020, 2024 Oracle and/or its affiliates.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -53,11 +53,11 @@ security:
realm: "helidon"
users:
- login: "jack"
password: "${CLEAR=password}"
password: "${CLEAR=changeit}"
roles: [ "user", "admin" ]
- login: "jill"
password: "${CLEAR=password}"
password: "${CLEAR=changeit}"
roles: [ "user" ]
- login: "john"
password: "${CLEAR=password}"
password: "${CLEAR=changeit}"
roles: [ ]
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2020, 2023 Oracle and/or its affiliates.
* Copyright (c) 2020, 2024 Oracle and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -75,9 +75,9 @@ public void testNoRoles() {
testNotAuthorized(uri);

//Must be accessible with authentication - to everybody
testProtected(uri, "jack", "password", Set.of("admin", "user"), Set.of());
testProtected(uri, "jill", "password", Set.of("user"), Set.of("admin"));
testProtected(uri, "john", "password", Set.of(), Set.of("admin", "user"));
testProtected(uri, "jack", "changeit", Set.of("admin", "user"), Set.of());
testProtected(uri, "jill", "changeit", Set.of("user"), Set.of("admin"));
testProtected(uri, "john", "changeit", Set.of(), Set.of("admin", "user"));
}

@Test
Expand All @@ -87,9 +87,9 @@ public void testUserRole() {
testNotAuthorized(uri);

//Jack and Jill allowed (user role)
testProtected(uri, "jack", "password", Set.of("admin", "user"), Set.of());
testProtected(uri, "jill", "password", Set.of("user"), Set.of("admin"));
testProtectedDenied(uri, "john", "password");
testProtected(uri, "jack", "changeit", Set.of("admin", "user"), Set.of());
testProtected(uri, "jill", "changeit", Set.of("user"), Set.of("admin"));
testProtectedDenied(uri, "john", "changeit");
}

@Test
Expand All @@ -99,9 +99,9 @@ public void testAdminRole() {
testNotAuthorized(uri);

//Only jack is allowed - admin role...
testProtected(uri, "jack", "password", Set.of("admin", "user"), Set.of());
testProtectedDenied(uri, "jill", "password");
testProtectedDenied(uri, "john", "password");
testProtected(uri, "jack", "changeit", Set.of("admin", "user"), Set.of());
testProtectedDenied(uri, "jill", "changeit");
testProtectedDenied(uri, "john", "changeit");
}

@Test
Expand All @@ -111,9 +111,9 @@ public void testDenyRole() {
testNotAuthorized(uri);

// nobody has the correct role
testProtectedDenied(uri, "jack", "password");
testProtectedDenied(uri, "jill", "password");
testProtectedDenied(uri, "john", "password");
testProtectedDenied(uri, "jack", "changeit");
testProtectedDenied(uri, "jill", "changeit");
testProtectedDenied(uri, "john", "changeit");
}

@Test
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#
# Copyright (c) 2018, 2023 Oracle and/or its affiliates.
# Copyright (c) 2018, 2024 Oracle and/or its affiliates.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -33,7 +33,7 @@ security:
# This is a nice way to be able to override this with local properties or env-vars
idcs-uri: "https://your-tenant-id.identity.oracle.com"
idcs-client-id: "your-client-id"
idcs-client-secret: "${CLEAR=your-client-secret}"
idcs-client-secret: "${CLEAR=changeit}"
proxy-host: ""
providers:
- abac:
Expand Down
8 changes: 4 additions & 4 deletions examples/security/outbound-override/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,8 @@ java -jar target/helidon-examples-security-outbound-override.jar
Try the endpoints (port is random, shall be replaced accordingly):
```shell
export PORT=35973
curl -u "jack:password" http://localhost:${PORT}/propagate
curl -u "jack:password" http://localhost:${PORT}/override
curl -u "jill:anotherPassword" http://localhost:${PORT}/propagate
curl -u "jill:anotherPassword" http://localhost:${PORT}/override
curl -u "jack:changeit" http://localhost:${PORT}/propagate
curl -u "jack:changeit" http://localhost:${PORT}/override
curl -u "jill:changeit" http://localhost:${PORT}/propagate
curl -u "jill:changeit" http://localhost:${PORT}/override
```
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2023 Oracle and/or its affiliates.
* Copyright (c) 2023, 2024 Oracle and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
Expand Down Expand Up @@ -49,7 +49,7 @@ private void override(ServerRequest req, ServerResponse res) {

String result = client.get("http://localhost:" + server.port("backend") + "/hello")
.property(EndpointConfig.PROPERTY_OUTBOUND_ID, "jill")
.property(EndpointConfig.PROPERTY_OUTBOUND_SECRET, "anotherPassword")
.property(EndpointConfig.PROPERTY_OUTBOUND_SECRET, "changeit")
.requestEntity(String.class);

res.send("You are: " + context.userName() + ", backend service returned: " + result + "\n");
Expand Down
Loading

0 comments on commit f741b7a

Please sign in to comment.