it-at-m · simonhir · Aug 14, 2024 · Aug 12, 2024 · Aug 12, 2024 · Aug 12, 2024
@@ -12,6 +12,7 @@ As counterpart there are also [refarch-templates](https://github.com/it-at-m/ref
 The usage of the different components is described in their corresponding README.md
 
 - [refarch-gateway](./refarch-gateway/README.md)
+- [refarch-integrations](./refarch-integrations/README.md)
 
 ## Contributing
 

@@ -0,0 +1,16 @@
+# RefArch integrations
+
+Collection of different integration which can be used as is in RefArch projects.
+
+## Integrations
+
+- [s3-integration](./refarch-s3-integration/README.md): For CRUD operations on a s3 storage. Also used for file handling
+  in other integrations.
+
+## Naming conventions
+
+The different submodules of integrations follow following naming conventions:
+
+- `*-core`: Implementation of the base functionality of the integration in hexagonal architecture.
+- `*-starter`: Provides Beans of core services.
+- `*-service`: A Spring application using the starter. Is provided as container image. Should not be used as dependency.
@@ -0,0 +1,70 @@
+# RefArch S3 integration
+
+Integration for CRUD operations on a s3 storage. Also used for file handling in other integrations.
+
+## Modules
+
+The S3 integration follows the [default naming conventions](../README.md#naming-conventions).
+
+Beside the default integration it contains different client libraries for accessing the integration. The client
+libraries are especially provided for usage in other integrations.
+
+- REST: The rest client uses the rest endpoints of the s3-rest-service to manage data in s3.
+- Java: The Java client directly uses the in ports of the s3-core.
+
+## Usage
+
+```xml
+
+<dependencies>
+    <!-- REST -->
+    <!-- requires refarch-s3-integration-rest-service -->
+    <dependency>
+        <groupId>de.muenchen.refarch</groupId>
+        <artifactId>refarch-s3-integration-rest-starter</artifactId>
+        <version>...</version>
+    </dependency>
+    <!-- or Java -->
+    <dependency>
+        <groupId>de.muenchen.refarch</groupId>
+        <artifactId>refarch-s3-integration-java-starter</artifactId>
+        <version>...</version>
+    </dependency>
+</dependencies>
+```
+
+## Configuration
+
+Following are the properties to configure the different modules. Some of them a custom defined and others are synonyms
+for spring package properties.
+Whether a property is an alias can be checked in the corresponding `application.yml` of each module.
+
+### s3-integration-rest-service
+
+| Property                          | Description                                                    | Example                                           |
+|-----------------------------------|----------------------------------------------------------------|---------------------------------------------------|
+| `refarch.s3.url`                  | Url of s3 endpoint to connect to.                              | `s3p.muenchen.de`                                 |
+| `refarch.s3.bucket-name`          | Name of the bucket to connect to.                              | `refarch-bucket`                                  |
+| `refarch.s3.access-key`           | Access key to use for connection.                              |                                                   |
+| `refarch.s3.secret-key`           | Secret key to use for connection.                              |                                                   |
+| `refarch.security.sso-issuer-url` | Issuer url of oAuth2 service used for securing rest endpoints. | `https://sso.muenchen.de/auth/realms/muenchen.de` |
+
+### s3-integration-java-client-starter
+
+| Property                                                   | Description                                           | Example                  |
+|------------------------------------------------------------|-------------------------------------------------------|--------------------------|
+| `refarch.s3.client.max-file-size` (optional)               | Single file limit for up- or downloading in byte.     | `10MB`                   |
+| `refarch.s3.client.max-batch-size` (optional)              | Limit for up- or downloading a list of files in byte. | `100MB`                  |
+| `refarch.s3.client.supported-file-extensions.*` (optional) | Map of allowed file extensions for up- and download.  | `pdf: "application/pdf"` |
+
+### s3-integration-rest-client-starter
+
+All properties of [s3-integration-java-client-starter](#s3-integration-rest-client-starter) and following:
+
+| Property                                 | Description                                                                | Example                                           |
+|------------------------------------------|----------------------------------------------------------------------------|---------------------------------------------------|
+| `refarch.s3.client.document-storage-url` | Url to the RefArch S3 integration service.                                 | `http://s3-integration-service:8080`              |
+| `refarch.s3.client.enable-security`      | Switch to enable or disable oAuth2 authentication against s3 service.      | `true`                                            |
+| `refarch.security.sso-issuer-url`        | Issuer url of oAuth2 service to use for authentication against s3 service. | `https://sso.muenchen.de/auth/realms/muenchen.de` |
+| `refarch.s3.client.client-id`            | Client id to be used for authentication.                                   | `refarch_client`                                  |
+| `refarch.s3.client.client-secret`        | Client secret to be used for gathering client service account token.       |                                                   |
@@ -4,6 +4,7 @@
 import de.muenchen.refarch.integration.s3.client.api.FileApiApi;
 import de.muenchen.refarch.integration.s3.client.api.FolderApiApi;
 import de.muenchen.refarch.integration.s3.client.domain.model.SupportedFileExtensions;
+import de.muenchen.refarch.integration.s3.client.factory.YamlPropertySourceFactory;
 import de.muenchen.refarch.integration.s3.client.properties.S3IntegrationClientProperties;
 import de.muenchen.refarch.integration.s3.client.service.FileValidationService;
 import jakarta.annotation.PostConstruct;
@@ -16,10 +17,12 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.PropertySource;
 import org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction;
+import org.springframework.util.ResourceUtils;
 import org.springframework.web.reactive.function.client.WebClient;
 
 @Configuration
@@ -30,6 +33,7 @@
 )
 @RequiredArgsConstructor
 @EnableConfigurationProperties(S3IntegrationClientProperties.class)
+@PropertySource(value = ResourceUtils.CLASSPATH_URL_PREFIX + "application.yml", factory = YamlPropertySourceFactory.class)
 @Slf4j
 public class S3IntegrationClientAutoConfiguration {
 

@@ -0,0 +1,25 @@
+package de.muenchen.refarch.integration.s3.client.factory;
+
+import java.io.IOException;
+import java.util.Objects;
+import java.util.Properties;
+import org.springframework.beans.factory.config.YamlPropertiesFactoryBean;
+import org.springframework.core.env.PropertiesPropertySource;
+import org.springframework.core.env.PropertySource;
+import org.springframework.core.io.support.EncodedResource;
+import org.springframework.core.io.support.PropertySourceFactory;
+import org.springframework.lang.NonNull;
+
+public class YamlPropertySourceFactory implements PropertySourceFactory {
+
+    @Override
+    @NonNull
+    public PropertySource<?> createPropertySource(String name, EncodedResource resource) throws IOException {
+        YamlPropertiesFactoryBean factory = new YamlPropertiesFactoryBean();
+        factory.setResources(resource.getResource());
+        Properties properties = factory.getObject();
+        return new PropertiesPropertySource(
+                Objects.requireNonNull(resource.getResource().getFilename()),
+                Objects.requireNonNull(properties));
+    }
+}
@@ -0,0 +1,17 @@
+spring:
+  security:
+    oauth2:
+      client:
+        provider:
+          keycloak:
+            issuer-uri: ${refarch.security.sso-issuer-url}
+            user-info-uri: ${refarch.security.sso-issuer-url}/protocol/openid-connect/userinfo
+            jwk-set-uri: ${refarch.security.sso-issuer-url}/protocol/openid-connect/certs
+            user-name-attribute: user_name
+        registration:
+          s3:
+            provider: keycloak
+            authorization-grant-type: client_credentials
+            client-id: ${refarch.s3.client.client-id}
+            client-secret: ${refarch.s3.client.client-secret}
+            scope: email, profile, openid  # needed for userInfo endpoint
@@ -1,5 +1,6 @@
-SSO_ISSUER_URL: http://keycloak:8100/auth/realms/local_realm
 refarch:
+  security:
+    sso-issuer-url: http://keycloak:8100/auth/realms/local_realm
   s3:
     bucket-name: test-bucket
     access-key: minio

@@ -10,7 +10,7 @@ spring:
     oauth2:
       resourceserver:
         jwt:
-          issuer-uri: ${SSO_ISSUER_URL}
+          issuer-uri: ${refarch.security.sso-issuer-url}
 
 server:
   error:
@@ -36,7 +36,7 @@ management:
 
 security:
   oauth2:
-    resource.user-info-uri: ${SSO_ISSUER_URL}/protocol/openid-connect/userinfo
+    resource.user-info-uri: ${refarch.security.sso-issuer-url}/protocol/openid-connect/userinfo
 
 refarch:
   s3: