Commit 3f148d6d authored by Ashutosh Shimpi's avatar Ashutosh Shimpi
Browse files

Changes related to integration test

parent 198ff6ff
Pipeline #123486 passed with stages
in 16 minutes and 34 seconds
......@@ -228,6 +228,20 @@ public class MyAccessTokenConverter implements AccessTokenConverter {
.orElse(""));
}
private Map<String, List<String>> getDatasetFileMap(final List<String> ga4ghDatasets) {
return ga4ghDatasets
.parallelStream()
.map(jwtService::parse)
.filter(Optional::isPresent)
.map(Optional::get)
.filter(jwtService::isValidSignature)
.filter(this::isValidToken)
.map(this::getDatasetId)
.filter(Optional::isPresent)
.map(Optional::get)
.collect(toMap(datasetId -> datasetId, fileDatasetService::getFileIds));
}
private boolean isValidToken(final SignedJWT signedJWT) {
try {
return new Date(currentTimeMillis())
......@@ -253,20 +267,6 @@ public class MyAccessTokenConverter implements AccessTokenConverter {
return empty();
}
private Map<String, List<String>> getDatasetFileMap(final List<String> ga4ghDatasets) {
return ga4ghDatasets
.parallelStream()
.map(jwtService::parse)
.filter(Optional::isPresent)
.map(Optional::get)
.filter(jwtService::isValidSignature)
.filter(this::isValidToken)
.map(this::getDatasetId)
.filter(Optional::isPresent)
.map(Optional::get)
.collect(toMap(datasetId -> datasetId, fileDatasetService::getFileIds));
}
/**
* Extracts the authentication audience (held in the 'AUD' key) from the
* given authentication map.
......
......@@ -17,6 +17,11 @@
*/
package eu.elixir.ega.ebi.dataedge.config;
import com.nimbusds.jose.jwk.JWKSet;
import eu.elixir.ega.ebi.commons.config.CachingMultipleRemoteTokenService;
import eu.elixir.ega.ebi.commons.config.CachingRemoteTokenService;
import eu.elixir.ega.ebi.commons.config.MyAccessTokenConverter;
import eu.elixir.ega.ebi.commons.config.MyUserAuthenticationConverter;
import eu.elixir.ega.ebi.commons.shared.service.FileDatasetService;
import eu.elixir.ega.ebi.commons.shared.service.Ga4ghService;
import eu.elixir.ega.ebi.commons.shared.service.JWTService;
......@@ -28,11 +33,20 @@ import eu.elixir.ega.ebi.commons.shared.service.internal.UserDetailsServiceImpl;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.context.annotation.Profile;
import org.springframework.core.annotation.Order;
import org.springframework.core.task.TaskExecutor;
import org.springframework.scheduling.annotation.EnableAsync;
import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
import org.springframework.security.oauth2.provider.token.AccessTokenConverter;
import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URISyntaxException;
......@@ -67,6 +81,7 @@ public class DataEdgeConfig {
);
}
@Profile("!integration-test")
@Bean
public JWTService initJWTServiceImpl(@Value("${ega.aai.public.jwk.url}") final String jwkPublicKeyURL,
@Value("${ega.aai.public.jwk.connection-timeout}") final int connectTimeout,
......@@ -83,6 +98,12 @@ public class DataEdgeConfig {
keyId);
}
@Profile("integration-test")
@Bean
public JWTService initJWTServiceImplIntegrationTest() {
return new JWTServiceImpl(new JWKSet(), "rsa1");
}
@Bean
public FileDatasetService initFileDatasetServiceImpl(final RestTemplate restTemplate) {
return new FileDatasetServiceImpl(restTemplate);
......@@ -92,4 +113,90 @@ public class DataEdgeConfig {
public UserDetailsService initUserDetailsServiceImpl(final RestTemplate restTemplate) {
return new UserDetailsServiceImpl(restTemplate);
}
/**
* This is a bit of a Hack! MitreID doesn't return 'user_name' but 'user_id',
* The customized User Authentication Converter simply changes the field name
* for extraction.
*
* @return The converted access token
*/
@Bean
public AccessTokenConverter accessTokenConverter(final JWTService jwtService,
final Ga4ghService ga4ghService,
final FileDatasetService fileDatasetService,
final UserDetailsService userDetailsService) {
return new MyAccessTokenConverter(
jwtService,
ga4ghService,
fileDatasetService,
new MyUserAuthenticationConverter(),
userDetailsService
);
}
/**
* Creates a combined token service including both EGA AAI and Elixir AAI
* authentication.
*
* @param request Unused
* @param checkTokenUrl EGA AAI token endpoint url
* @param clientId Client id for the EGA AAI
* @param clientSecret Client secret for the EGA AAI
* @param zuulCheckTokenUrl Elixir token endpoint url
* @param zuulClientId Elixir AAI ID
* @param zuulClientSecret Elixir AAI client
*
* @return A combined authentication token service
*/
@Profile("enable-aai")
@Primary
@Bean
public RemoteTokenServices remoteTokenServices(HttpServletRequest request,
final @Value("${auth.server.url}") String checkTokenUrl,
final @Value("${auth.server.clientId}") String clientId,
final @Value("${auth.server.clientsecret}") String clientSecret,
final @Value("${auth.zuul.server.url}") String zuulCheckTokenUrl,
final @Value("${auth.zuul.server.clientId}") String zuulClientId,
final @Value("${auth.zuul.server.clientsecret}") String zuulClientSecret,
final AccessTokenConverter accessTokenConverter) {
final CachingMultipleRemoteTokenService remoteTokenServices = new CachingMultipleRemoteTokenService();
// EGA AAI
CachingRemoteTokenService b = new CachingRemoteTokenService();
b.setCheckTokenEndpointUrl(checkTokenUrl);
b.setClientId(clientId);
b.setClientSecret(clientSecret);
b.setAccessTokenConverter(accessTokenConverter);
remoteTokenServices.addRemoteTokenService(b);
// ELIXIR AAI
CachingRemoteTokenService a = new CachingRemoteTokenService();
a.setCheckTokenEndpointUrl(zuulCheckTokenUrl);
a.setClientId(zuulClientId);
a.setClientSecret(zuulClientSecret);
a.setAccessTokenConverter(accessTokenConverter);
remoteTokenServices.addRemoteTokenService(a);
return remoteTokenServices;
}
/**
* Sets CORS headers to allow all methods and all hosts.
*
* @return CORSfilter
*/
@Bean
@Order(0)
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("*");
source.registerCorsConfiguration("/**", config);
return new CorsFilter(source);
}
}
......@@ -109,91 +109,4 @@ public class OAuth2ResourceConfig extends ResourceServerConfigurerAdapter {
.and()
.csrf().disable();
}
/**
* This is a bit of a Hack! MitreID doesn't return 'user_name' but 'user_id',
* The customized User Authentication Converter simply changes the field name
* for extraction.
*
* @return The converted access token
*/
@Bean
public AccessTokenConverter accessTokenConverter(final JWTService jwtService,
final Ga4ghService ga4ghService,
final FileDatasetService fileDatasetService,
final UserDetailsService userDetailsService) {
return new MyAccessTokenConverter(
jwtService,
ga4ghService,
fileDatasetService,
new MyUserAuthenticationConverter(),
userDetailsService
);
}
/**
* Creates a combined token service including both EGA AAI and Elixir AAI
* authentication.
*
* @param request Unused
* @param checkTokenUrl EGA AAI token endpoint url
* @param clientId Client id for the EGA AAI
* @param clientSecret Client secret for the EGA AAI
* @param zuulCheckTokenUrl Elixir token endpoint url
* @param zuulClientId Elixir AAI ID
* @param zuulClientSecret Elixir AAI client
*
* @return A combined authentication token service
*/
@Profile("enable-aai")
@Primary
@Bean
public RemoteTokenServices remoteTokenServices(HttpServletRequest request,
final @Value("${auth.server.url}") String checkTokenUrl,
final @Value("${auth.server.clientId}") String clientId,
final @Value("${auth.server.clientsecret}") String clientSecret,
final @Value("${auth.zuul.server.url}") String zuulCheckTokenUrl,
final @Value("${auth.zuul.server.clientId}") String zuulClientId,
final @Value("${auth.zuul.server.clientsecret}") String zuulClientSecret,
final AccessTokenConverter accessTokenConverter) {
final CachingMultipleRemoteTokenService remoteTokenServices = new CachingMultipleRemoteTokenService();
// EGA AAI
CachingRemoteTokenService b = new CachingRemoteTokenService();
b.setCheckTokenEndpointUrl(checkTokenUrl);
b.setClientId(clientId);
b.setClientSecret(clientSecret);
b.setAccessTokenConverter(accessTokenConverter);
remoteTokenServices.addRemoteTokenService(b);
// ELIXIR AAI
CachingRemoteTokenService a = new CachingRemoteTokenService();
a.setCheckTokenEndpointUrl(zuulCheckTokenUrl);
a.setClientId(zuulClientId);
a.setClientSecret(zuulClientSecret);
a.setAccessTokenConverter(accessTokenConverter);
remoteTokenServices.addRemoteTokenService(a);
return remoteTokenServices;
}
/**
* Sets CORS headers to allow all methods and all hosts.
*
* @return CORSfilter
*/
@Bean
@Order(0)
public CorsFilter corsFilter() {
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
config.addAllowedOrigin("*");
config.addAllowedHeader("*");
config.addAllowedMethod("*");
source.registerCorsConfiguration("/**", config);
return new CorsFilter(source);
}
}
......@@ -22,6 +22,9 @@ RES2:
KEYSERVER:
listOfServers: ${KEYS_SERVERS:keys}
PERMISSIONSDATABASESERVER:
listOfServers: ${PERMISSIONS_DATABASE_SERVER:data}
ega.ega.external.url:
ega.ega.cram.fasta.a:
......@@ -45,4 +48,8 @@ res:
chunksize:
header: 4096
data: 20971520
index: 1048576
\ No newline at end of file
index: 1048576
# EGA AAI proxy config
ega.aai.proxy.url:
ega.aai.proxy.basic-authorization:
......@@ -6,12 +6,13 @@ services:
- "9058:9058"
- "5059:5059"
environment:
- SPRING_PROFILES_ACTIVE=no-oss,LocalEGA
- SPRING_PROFILES_ACTIVE=no-oss,LocalEGA,integration-test
- server.port=9058
- JWTKEY=${JWTKEY}
- FILEDATABASE.listOfServers=filedatabase:9051
- RES2.listOfServers=resserver:9092
- KEYSERVER.listOfServers=keyserver:9095
- PERMISSIONSDATABASESERVER.listOfServers=dataserver:9054
- ega.ega.external.url=https://ega.ebi.ac.uk:8051/elixir/data/files/
- ega.ega.cram.fasta=/homes/ega-prod/ngs_dev/Homo_sapiens_assembly38.fasta
- ega.ega.cram.fasta.a=/homes/ega-prod/ngs_dev/Homo_sapiens_assembly38.fasta
......@@ -19,6 +20,9 @@ services:
- ega.internal.filedatabase.url=https://FILEDATABASE
- ega.internal.res.url=https://RES2
- ega.internal.key.url=https://KEYSERVER
- ega.aai.proxy.url=https://ega.ebi.ac.uk:8053/ega-openid-connect-server
- ega.aai.proxy.basic-authorization=test-auth
- ega.internal.data.url=http://PERMISSIONSDATABASE
volumes:
- "$TRAVIS_BUILD_DIR/extras/certificate/rootCA.pem:/etc/ssl/certs/ca-certificates.crt"
- "$TRAVIS_BUILD_DIR/extras/certificate/server.p12:/dataedge.p12"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment