* Endret kodeverk-service til å støtte token fra idporten og route de…

…nne korrekt videre til kodeverk-api #deploy-kodeverk-service
navikt · Aug 23, 2024 · 4d37a63 · 4d37a63
1 parent 4e6376c
commit 4d37a63
Show file tree

Hide file tree

Showing 6 changed files with 47 additions and 49 deletions.
diff --git a/apps/kodeverk-service/build.gradle b/apps/kodeverk-service/build.gradle
@@ -12,17 +12,26 @@ sonarqube {
 dependencies {
 
     implementation 'no.nav.testnav.libs:security-core'
+    implementation 'no.nav.testnav.libs:servlet-core'
     implementation 'no.nav.testnav.libs:reactive-core'
-    implementation 'no.nav.testnav.libs:reactive-security'
+    implementation 'no.nav.testnav.libs:servlet-insecure-security'
     implementation 'no.nav.testnav.libs:data-transfer-objects'
 
-    implementation 'org.springframework.boot:spring-boot-starter-oauth2-resource-server'
+    implementation 'org.springframework.boot:spring-boot-starter-web'
+    implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'
+    implementation 'org.springframework.boot:spring-boot-starter-security'
 
-    implementation 'org.springframework.boot:spring-boot-starter-cache'
+    implementation 'org.springframework.cloud:spring-cloud-starter-vault-config'
+    implementation 'org.springframework.boot:spring-boot-starter-actuator'
 
-    implementation "org.springdoc:springdoc-openapi-starter-webflux-ui:$versions.springdoc"
+    implementation 'io.micrometer:micrometer-registry-prometheus'
+    implementation "org.springdoc:springdoc-openapi-starter-webmvc-ui:$versions.springdoc"
     implementation "io.swagger.core.v3:swagger-annotations-jakarta:$versions.swagger"
 
+    implementation 'org.springframework.boot:spring-boot-starter-oauth2-resource-server'
+
+    implementation 'org.springframework.boot:spring-boot-starter-cache'
+
     implementation 'com.github.ben-manes.caffeine:caffeine'
 }
 

diff --git a/apps/kodeverk-service/settings.gradle b/apps/kodeverk-service/settings.gradle
@@ -7,8 +7,9 @@ rootProject.name = 'kodeverk-service'
 includeBuild "../../plugins/java"
 
 includeBuild '../../libs/data-transfer-objects'
+includeBuild '../../libs/servlet-core'
 includeBuild '../../libs/reactive-core'
-includeBuild '../../libs/reactive-security'
+includeBuild '../../libs/servlet-insecure-security'
 includeBuild '../../libs/security-core'
 
 develocity {

diff --git a/apps/kodeverk-service/src/main/java/no/nav/testnav/kodeverkservice/config/AppConfig.java b/apps/kodeverk-service/src/main/java/no/nav/testnav/kodeverkservice/config/AppConfig.java
@@ -1,14 +1,14 @@
 package no.nav.testnav.kodeverkservice.config;
 
-import no.nav.testnav.libs.reactivecore.config.CoreConfig;
-import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration;
+import no.nav.testnav.libs.servletcore.config.ApplicationCoreConfig;
+import no.nav.testnav.libs.standalone.servletsecurity.config.InsecureJwtServerToServerConfiguration;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
 
 @Configuration
 @Import({
-        CoreConfig.class,
-        SecureOAuth2ServerToServerConfiguration.class
+        ApplicationCoreConfig.class,
+        InsecureJwtServerToServerConfiguration.class
 })
 public class AppConfig {
 }

diff --git a/apps/kodeverk-service/src/main/java/no/nav/testnav/kodeverkservice/config/OpenApiConfig.java b/apps/kodeverk-service/src/main/java/no/nav/testnav/kodeverkservice/config/OpenApiConfig.java
@@ -7,19 +7,16 @@
 import io.swagger.v3.oas.models.info.License;
 import io.swagger.v3.oas.models.security.SecurityRequirement;
 import io.swagger.v3.oas.models.security.SecurityScheme;
-import no.nav.testnav.libs.reactivecore.config.ApplicationProperties;
+import no.nav.testnav.libs.servletcore.config.ApplicationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.http.HttpHeaders;
-import org.springframework.web.server.ServerWebExchange;
-import org.springframework.web.server.WebFilter;
-import org.springframework.web.server.WebFilterChain;
-import reactor.core.publisher.Mono;
+import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 import java.util.Arrays;
 
 @Configuration
-public class OpenApiConfig implements WebFilter {
+public class OpenApiConfig implements WebMvcConfigurer {
 
     @Bean
     public OpenAPI openApi(ApplicationProperties applicationProperties) {
@@ -29,7 +26,7 @@ public OpenAPI openApi(ApplicationProperties applicationProperties) {
                         .scheme("bearer")
                         .bearerFormat("JWT")
                         .in(SecurityScheme.In.HEADER)
-                        .name(HttpHeaders.AUTHORIZATION)
+                        .name("Authorization")
                 ))
                 .addSecurityItem(
                         new SecurityRequirement().addList("bearer-jwt", Arrays.asList("read", "write")))
@@ -51,15 +48,7 @@ public OpenAPI openApi(ApplicationProperties applicationProperties) {
     }
 
     @Override
-    public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
-        if (exchange.getRequest().getURI().getPath().equals("/swagger")) {
-            return chain
-                    .filter(exchange.mutate()
-                            .request(exchange.getRequest()
-                                    .mutate().path("/swagger-ui.html").build())
-                            .build());
-        }
-
-        return chain.filter(exchange);
+    public void addViewControllers(ViewControllerRegistry registry) {
+        registry.addViewController("/swagger").setViewName("redirect:/swagger-ui.html");
     }
 }
diff --git a/.../kodeverk-service/src/main/java/no/nav/testnav/kodeverkservice/config/SecurityConfig.java b/.../kodeverk-service/src/main/java/no/nav/testnav/kodeverkservice/config/SecurityConfig.java
@@ -1,38 +1,37 @@
 package no.nav.testnav.kodeverkservice.config;
 
-import lombok.RequiredArgsConstructor;
-import lombok.extern.slf4j.Slf4j;
-import no.nav.testnav.libs.reactivesecurity.manager.JwtReactiveAuthenticationManager;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
-import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
-import org.springframework.security.config.web.server.ServerHttpSecurity;
-import org.springframework.security.web.server.SecurityWebFilterChain;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.SecurityFilterChain;
 
-@Slf4j
+@EnableWebSecurity
 @Configuration
-@EnableWebFluxSecurity
-@EnableReactiveMethodSecurity
-@RequiredArgsConstructor
+@Profile({ "prod", "dev" })
 public class SecurityConfig {
 
-    private final JwtReactiveAuthenticationManager jwtReactiveAuthenticationManager;
-
     @Bean
-    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity httpSecurity) {
-        return httpSecurity
-                .csrf(ServerHttpSecurity.CsrfSpec::disable)
-                .authorizeExchange(authorizeConfig -> authorizeConfig.pathMatchers(
+    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
+
+        httpSecurity.sessionManagement(sessionConfig -> sessionConfig.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+                .csrf(AbstractHttpConfigurer::disable)
+                .authorizeHttpRequests(authorizeConfig -> authorizeConfig.requestMatchers(
                         "/internal/**",
                         "/webjars/**",
+                        "/swagger-resources/**",
                         "/v3/api-docs/**",
                         "/swagger-ui/**",
                         "/swagger",
                         "/error",
                         "/swagger-ui.html"
-                ).permitAll().anyExchange().authenticated())
-                .oauth2ResourceServer(oauth2RSConfig -> oauth2RSConfig.jwt(jwtSpec -> jwtSpec.authenticationManager(jwtReactiveAuthenticationManager)))
-                .build();
+                ).permitAll().requestMatchers("/api/**").fullyAuthenticated())
+                .oauth2ResourceServer(oauth2RSConfig -> oauth2RSConfig.jwt(Customizer.withDefaults()));
+
+        return httpSecurity.build();
     }
-}
+}
diff --git a/...everk-service/src/main/java/no/nav/testnav/kodeverkservice/consumer/KodeverkConsumer.java b/...everk-service/src/main/java/no/nav/testnav/kodeverkservice/consumer/KodeverkConsumer.java
@@ -4,8 +4,8 @@
 import no.nav.testnav.kodeverkservice.consumer.command.KodeverkGetCommand;
 import no.nav.testnav.kodeverkservice.dto.KodeverkBetydningerResponse;
 import no.nav.testnav.kodeverkservice.utility.FilterUtility;
-import no.nav.testnav.libs.reactivesecurity.exchange.TokenExchange;
 import no.nav.testnav.libs.securitycore.domain.ServerProperties;
+import no.nav.testnav.libs.standalone.servletsecurity.exchange.TokenExchange;
 import org.springframework.stereotype.Service;
 import org.springframework.web.reactive.function.client.ExchangeStrategies;
 import org.springframework.web.reactive.function.client.WebClient;