From 0e0d1b06164261806cc4cfb0739cd9f0eb853040 Mon Sep 17 00:00:00 2001 From: Sean Sylver Date: Thu, 26 Sep 2024 17:43:57 -0700 Subject: [PATCH 1/2] Test sonar --- .github/workflows/sonarscan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarscan.yml b/.github/workflows/sonarscan.yml index 19590a92a..16bd77569 100644 --- a/.github/workflows/sonarscan.yml +++ b/.github/workflows/sonarscan.yml @@ -20,7 +20,7 @@ jobs: with: java-version: 17 distribution: 'adopt' - - name: SonarCloud Scan + - name: SonarCloud Scan run: | export MAVEN_OPTS="-Xmx10000m" export NODE_OPTIONS="--max-old-space-size=4096" From c432d7533fb7c11f925cae09cecece652d5cc420 Mon Sep 17 00:00:00 2001 From: Sean Sylver Date: Sun, 29 Sep 2024 17:21:22 -0700 Subject: [PATCH 2/2] Reapply security config --- .../ca/bc/gov/nrs/wfprev/SecurityConfig.java | 140 +++++++++--------- 1 file changed, 70 insertions(+), 70 deletions(-) diff --git a/server/wfprev-api/src/main/java/ca/bc/gov/nrs/wfprev/SecurityConfig.java b/server/wfprev-api/src/main/java/ca/bc/gov/nrs/wfprev/SecurityConfig.java index 7bd0c66df..4cd89fec7 100644 --- a/server/wfprev-api/src/main/java/ca/bc/gov/nrs/wfprev/SecurityConfig.java +++ b/server/wfprev-api/src/main/java/ca/bc/gov/nrs/wfprev/SecurityConfig.java @@ -20,81 +20,81 @@ import jakarta.servlet.http.HttpServletRequest; /** - * Default security configuration. - * Assumes all secure endpoints, bearer token, using existing Webade Authentication + * Default security configuration. Assumes all secure endpoints, bearer token, + * using existing Webade Authentication */ - @Configuration @EnableWebSecurity public class SecurityConfig { - @Value("${security.oauth.clientId}") - private String oauthClientId; - - @Value("${security.oauth.clientSecret}") - private String oauthClientSecret; - - @Value("${security.oauth.checkTokenUrl}") - private String oauthCheckTokenUrl; - - @Value("${security.oauth.authTokenUrl}") - private String authTokenUrl; - - @Bean - AuthenticationEntryPoint authenticationEntryPoint() { - BasicAuthenticationEntryPoint result; - - result = new BasicAuthenticationEntryPoint(); - result.setRealmName("wfim-incidents-api"); - - return result; - } - - @Bean - public TokenService tokenServiceImpl() { - return new TokenServiceImpl( - oauthClientId, - oauthClientSecret, - oauthCheckTokenUrl, - authTokenUrl); - } - - @Bean - public AuthenticationProvider authenticationProvider() { - return new WebadeOauth2AuthenticationProvider(tokenServiceImpl(), "WFIM.*"); - } - - @Bean - public AuthenticationManagerResolver authenticationManagerResolver() { - return new AuthenticationManagerResolver() { - @Override - public AuthenticationManager resolve(HttpServletRequest httpServletRequest) { - return new AuthenticationManager() { - @Override - public Authentication authenticate(Authentication authentication) throws AuthenticationException { - return authenticationProvider().authenticate(authentication); - }}; - }}; - } + + @Value("${security.oauth.clientId}") + private String oauthClientId; + + @Value("${security.oauth.clientSecret}") + private String oauthClientSecret; + + @Value("${security.oauth.checkTokenUrl}") + private String oauthCheckTokenUrl; + + @Value("${security.oauth.authTokenUrl}") + private String authTokenUrl; + + @Bean + AuthenticationEntryPoint authenticationEntryPoint() { + BasicAuthenticationEntryPoint result; + + result = new BasicAuthenticationEntryPoint(); + result.setRealmName("wfim-incidents-api"); + + return result; + } @Bean - public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { - - http.csrf().disable(); - - http.authorizeHttpRequests().anyRequest().permitAll(); - - // http - // .oauth2ResourceServer(oauth2 -> oauth2 - // .authenticationManagerResolver(authenticationManagerResolver()) - // ) - // .httpBasic().and() - // .authorizeHttpRequests((authorize) -> authorize - // .anyRequest().authenticated() - // ) - // .exceptionHandling() - // .authenticationEntryPoint(authenticationEntryPoint()); - - return http.build(); - } + public TokenService tokenServiceImpl() { + return new TokenServiceImpl( + oauthClientId, + oauthClientSecret, + oauthCheckTokenUrl, + authTokenUrl); + } + + @Bean + public AuthenticationProvider authenticationProvider() { + return new WebadeOauth2AuthenticationProvider(tokenServiceImpl(), "WFIM.*"); + } + + @Bean + public AuthenticationManagerResolver authenticationManagerResolver() { + return new AuthenticationManagerResolver() { + @Override + public AuthenticationManager resolve(HttpServletRequest httpServletRequest) { + return new AuthenticationManager() { + @Override + public Authentication authenticate(Authentication authentication) throws AuthenticationException { + return authenticationProvider().authenticate(authentication); + } + }; + } + }; + } + + @Bean + public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { + + http.csrf().disable(); + + http + .oauth2ResourceServer(oauth2 -> oauth2 + .authenticationManagerResolver(authenticationManagerResolver()) + ) + .httpBasic().and() + .authorizeHttpRequests((authorize) -> authorize + .anyRequest().authenticated() + ) + .exceptionHandling() + .authenticationEntryPoint(authenticationEntryPoint()); + + return http.build(); + } }