Story: [CCLS 2191] Use common auth starter

assessment-api/build.gradle

@@ -6,9 +6,9 @@ apply plugin: 'uk.gov.laa.ccms.springboot.laa-ccms-spring-boot-gradle-plugin'
 
 dependencies {
 
+    implementation 'io.swagger.core.v3:swagger-annotations:2.2.22'
     implementation 'org.springframework.boot:spring-boot-starter-web'
     implementation 'org.springframework.data:spring-data-commons'
-    implementation 'org.springdoc:springdoc-openapi-ui:1.7.0'
     implementation 'com.google.code.findbugs:jsr305:3.0.2'
     implementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml'
     implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310'
@@ -39,13 +39,14 @@ openApiGenerate {
     configOptions = [
             delegatePattern       : "false",
             interfaceOnly         : "true", // This will only generate interfaces, not implementations
-            dateLibrary           : "java17",
-            java17                : "true",
+            dateLibrary           : "legacy",
             useTags               : "true",
             skipDefaultInterface  : "true",
             useJakartaEe          : "true",
             documentationProvider : "none",
-            serializableModel     : "true"
+            serializableModel     : "true",
+            annotationLibrary     : "swagger2",
+            useSpringBoot3        : "true"
     ]
 }
 

assessment-api/open-api-specification.yml

@@ -25,6 +25,8 @@ paths:
           description: 'Bad request'
         '401':
           description: 'Unauthorized'
+        '403':
+          description: 'Forbidden'
         '404':
           description: 'Not found'
         '500':
@@ -57,6 +59,8 @@ paths:
           description: 'Bad request'
         '401':
           description: 'Unauthorized'
+        '403':
+          description: 'Forbidden'
         '404':
           description: 'Not found'
         '500':
@@ -81,6 +85,8 @@ paths:
           description: 'Bad request'
         '401':
           description: 'Unauthorized'
+        '403':
+          description: 'Forbidden'
         '500':
           description: 'Internal server error'
   /assessments/{assessment-id}:
@@ -102,6 +108,8 @@ paths:
           description: 'Bad request'
         '401':
           description: 'Unauthorized'
+        '403':
+          description: 'Forbidden'
         '404':
           description: 'Not found'
         '500':
@@ -127,6 +135,8 @@ paths:
           description: 'Bad request'
         '401':
           description: 'Unauthorized'
+        '403':
+          description: 'Forbidden'
         '500':
           description: 'Internal server error'
     patch:
@@ -150,6 +160,8 @@ paths:
           description: 'Bad request'
         '401':
           description: 'Unauthorized'
+        '403':
+          description: 'Forbidden'
         '404':
           description: 'Not found'
         '500':
@@ -170,12 +182,19 @@ paths:
           description: 'Bad request'
         '401':
           description: 'Unauthorized'
+        '403':
+          description: 'Forbidden'
         '404':
           description: 'Not found'
         '500':
           description: 'Internal server error'
 
 components:
+  securitySchemes:
+    ApiKeyAuth:
+      type: apiKey
+      in: header
+      name: Authorization
   parameters:
     assessmentType:
       name: name
@@ -372,3 +391,5 @@ components:
         target_entity_id:
           type: string
 
+security:
+  - ApiKeyAuth: []

assessment-service/build.gradle

@@ -7,8 +7,11 @@ dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-web'
     implementation files('lib/ojdbc8.jar')
 
+    //Enable access token authentication
+    implementation 'uk.gov.laa.ccms.springboot:laa-ccms-spring-boot-starter-auth:0.0.3-b2f8726-SNAPSHOT'
+
     //Enable Swagger UI
-    implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.0.2'
+    implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.5.0'
 
     compileOnly 'org.projectlombok:lombok'
     annotationProcessor 'org.projectlombok:lombok'
@@ -25,6 +28,7 @@ dependencies {
     testImplementation 'org.testcontainers:testcontainers'
     testImplementation 'org.testcontainers:junit-jupiter'
     testImplementation 'org.testcontainers:oracle-xe'
+    testImplementation 'com.h2database:h2'
 }
 
 test {

assessment-service/src/integrationTest/java/uk/gov/laa/ccms/caab/assessment/IntegrationTestInterface.java

@@ -19,6 +19,10 @@ static void properties(DynamicPropertyRegistry registry) {
     registry.add("spring.datasource.url", oracleContainerSingleton.getOracleContainer()::getJdbcUrl);
     registry.add("spring.datasource.username", oracleContainerSingleton.getOracleContainer()::getUsername);
     registry.add("spring.datasource.password", oracleContainerSingleton.getOracleContainer()::getPassword);
+
+    registry.add("laa.ccms.springboot.starter.auth.authorized-clients", () -> "[{\"name\":\"caab-ui\",\"roles\":[\"ALL\"],\"token\":\"78bd752c-814c-4fb5-801b-193839c8e768\"}]");
+    registry.add("laa.ccms.springboot.starter.auth.authorized-roles", () -> "[{\"name\":\"ALL\",\"URIs\":[\"/**\"]}]");
+    registry.add("laa.ccms.springboot.starter.auth.unprotected-uris", () -> "[\"\"]");
   }
 }
 

assessment-service/src/integrationTest/resources/application-local.yml

@@ -8,4 +8,25 @@ spring:
   jpa:
     database-platform: org.hibernate.dialect.OracleDialect
     hibernate:
-      ddl-auto: none
+      ddl-auto: none
+
+laa.ccms.springboot.starter.auth:
+  authentication-header: "Authorization"
+  authorized-clients: '[
+      {
+          "name": "integration-test-runner",
+          "roles": [
+              "ALL"
+          ],
+          "token": "78bd752c-814c-4fb5-801b-193839c8e768"
+      }
+  ]'
+  authorized-roles: '[
+      {
+          "name": "ALL",
+          "URIs": [
+              "/**"
+          ]
+      }
+  ]'
+  unprotected-uris: [ "/swagger-ui.html", "/swagger-ui/**", "/v3/api-docs/**", "/favicon.ico", "/open-api-specification.yml"]

assessment-service/src/main/resources/application-local.yml

@@ -12,3 +12,25 @@ spring:
 
 server:
   port: 8008
+
+
+laa.ccms.springboot.starter.auth:
+  authentication-header: "Authorization"
+  authorized-clients: '[
+      {
+          "name": "caab-ui",
+          "roles": [
+              "ALL"
+          ],
+          "token": "78bd752c-814c-4fb5-801b-193839c8e768"
+      }
+  ]'
+  authorized-roles: '[
+      {
+          "name": "ALL",
+          "URIs": [
+              "/**"
+          ]
+      }
+  ]'
+  unprotected-uris: [ "/swagger-ui.html", "/swagger-ui/**", "/v3/api-docs/**", "/favicon.ico", "/open-api-specification.yml"]

assessment-service/src/main/resources/application.yml

@@ -10,3 +10,9 @@ spring:
     hibernate:
       ddl-auto: none
     open-in-view: false
+
+laa.ccms.springboot.starter.auth:
+  authentication-header: "Authorization"
+  authorized-clients: ${AUTHORIZED_CLIENTS}
+  authorized-roles: ${AUTHORIZED_ROLES}
+  unprotected-uris: ${UNPROTECTED_URIS}

assessment-service/src/test/java/uk/gov/laa/ccms/caab/assessment/controller/AssessmentControllerTest.java

@@ -1,5 +1,9 @@
 package uk.gov.laa.ccms.caab.assessment.controller;
 
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertInstanceOf;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete;
@@ -8,37 +12,48 @@
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
-import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+import static org.springframework.test.web.servlet.setup.MockMvcBuilders.standaloneSetup;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
-import java.util.ArrayList;
-import java.util.List;
+import jakarta.servlet.ServletException;
+import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
-import org.springframework.boot.test.mock.mockito.MockBean;
-import org.springframework.context.annotation.Import;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
+import org.springframework.test.context.junit.jupiter.SpringExtension;
+import org.springframework.test.context.web.WebAppConfiguration;
 import org.springframework.test.web.servlet.MockMvc;
-import uk.gov.laa.ccms.caab.assessment.advice.GlobalExceptionHandler;
 import uk.gov.laa.ccms.caab.assessment.exception.ApplicationException;
 import uk.gov.laa.ccms.caab.assessment.model.AssessmentDetail;
 import uk.gov.laa.ccms.caab.assessment.model.AssessmentDetails;
 import uk.gov.laa.ccms.caab.assessment.model.PatchAssessmentDetail;
 import uk.gov.laa.ccms.caab.assessment.service.AssessmentService;
 
-@WebMvcTest(AssessmentController.class)
-@Import(GlobalExceptionHandler.class)
+import java.util.ArrayList;
+import java.util.List;
+
+@ExtendWith(SpringExtension.class)
+@WebAppConfiguration
 class AssessmentControllerTest {
 
-  @MockBean
+  @Mock
   private AssessmentService assessmentService;
 
-  @Autowired
+  @InjectMocks
+  private AssessmentController applicationController;
+
   private MockMvc mockMvc;
 
+  @BeforeEach
+  public void setup() {
+    mockMvc = standaloneSetup(applicationController)
+            .build();
+  }
+
   @Test
   public void createAssessment_createsAssessmentSuccessfully() throws Exception {
     Long assessmentId = 1L;
@@ -71,7 +86,7 @@ public void getAssessment() throws Exception {
   }
 
   @Test
-  public void getAssessment_throwsNotFound() throws Exception {
+  public void getAssessment_throwsNotFound() {
     Long assessmentId = 1L;
     String errorMessage = String.format("Assessment with id %s not found", assessmentId);
 
@@ -81,10 +96,16 @@ public void getAssessment_throwsNotFound() throws Exception {
                 errorMessage,
                 HttpStatus.NOT_FOUND));
 
-    this.mockMvc.perform(get("/assessments/{assessment-id}", assessmentId))
-        .andExpect(status().isNotFound())
-        .andExpect(jsonPath("$.error_message").value(errorMessage))
-        .andExpect(jsonPath("$.http_status").value(HttpStatus.NOT_FOUND.value()));
+    ServletException ex = assertThrows(ServletException.class, () ->
+            this.mockMvc.perform(get("/assessments/{assessment-id}", assessmentId)),
+            "Expected ServletException to be thrown, but wasn't.");
+
+    assertTrue(ex.getMessage().contains(errorMessage));
+    assertInstanceOf(ApplicationException.class, ex.getRootCause());
+
+    ApplicationException appEx = (ApplicationException) ex.getRootCause();
+    assertEquals(HttpStatus.NOT_FOUND, appEx.getHttpStatus());
+    assertEquals(errorMessage, appEx.getErrorMessage());
 
     verify(assessmentService).getAssessment(assessmentId);
   }

assessment-service/src/test/resources/application.yml

@@ -5,4 +5,25 @@ spring:
   jpa:
     database-platform: org.hibernate.dialect.H2Dialect
     hibernate:
-      ddl-auto: none
+      ddl-auto: none
+
+laa.ccms.springboot.starter.auth:
+  authentication-header: "Authorization"
+  authorized-clients: '[
+      {
+          "name": "test-runner",
+          "roles": [
+              "ALL"
+          ],
+          "token": "78bd752c-814c-4fb5-801b-193839c8e768"
+      }
+  ]'
+  authorized-roles: '[
+      {
+          "name": "ALL",
+          "URIs": [
+              "/**"
+          ]
+      }
+  ]'
+  unprotected-uris: [ "" ]