Merge branch 'features/keycloak'

Author: Psilo

.gitlab-ci.yml

@@ -1,31 +1,33 @@
 version: '3'
 services:
-  backend:
-    image: gufalcon/http-server:latest
-    restart: always
-    depends_on:
-      - db
-    ports:
-      - "1280:8080"
-      - "12443:8443"
-    environment:
-      - HTTP_PORT=8080
-      - HTTP_HOST=0.0.0.0
-      - DB_DRIVER=mysql
-      - DB_SERVER=db
-      - DB_PORT=3306
-      - DB_NAME=httpserver
-      - DB_USER=httpserver
-      - DB_PASSWORD=DP5V7hi7xgknaH39lDTX
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http-server.port=8080"
-      - "traefik.http-server.backend=http-server"
-      - "traefik.http-server.frontend.rule=Host:http-server.unterrainer.info"
-      - "traefik.http-server.frontend.entryPoints=http,https"
+#  backend:
+#    image: gufalcon/http-server:latest
+#    restart: always
+#    depends_on:
+#      - db
+#    ports:
+#      - "1280:8080"
+#      - "12443:8443"
+#    environment:
+#      - HTTP_PORT=8080
+#      - HTTP_HOST=0.0.0.0
+#      - DB_DRIVER=mysql
+#      - DB_SERVER=db
+#      - DB_PORT=3306
+#      - DB_NAME=httpserver
+#      - DB_USER=httpserver
+#      - DB_PASSWORD=DP5V7hi7xgknaH39lDTX
+#      - KEYCLOAK_HOST=keycloak
+#      - KEYCLOAK_REALM=nexus
+#    labels:
+#      - "traefik.enable=true"
+#      - "traefik.http-server.port=8080"
+#      - "traefik.http-server.backend=http-server"
+#      - "traefik.http-server.frontend.rule=Host:http-server.unterrainer.info"
+#      - "traefik.http-server.frontend.entryPoints=http,https"
 
-  db:
-    image: mariadb:latest
+  db-container:
+    image: mysql:latest
     restart: always
     ports:
       - 14300:3306
@@ -37,6 +39,35 @@ services:
     volumes:
       - "/app/data/http-server/mysql-data/db:/var/lib/mysql"
 
+  keycloak_db:
+    image: mariadb:latest
+    restart: always
+    ports:
+      - 14310:3306
+    environment:
+      - MYSQL_ROOT_PASSWORD=3YazHzbLuzChlwroXLSm5I
+      - MYSQL_DATABASE=keycloak
+      - MYSQL_USER=keycloak
+      - MYSQL_PASSWORD=8KNM3flMpEyCYkFw5wrGoCN3
+    volumes:
+      - "/app/data/keycloak/mysql-data/db:/var/lib/mysql"
+
+  keycloak:
+    image: quay.io/keycloak/keycloak:latest
+    restart: always
+    depends_on:
+      - keycloak_db
+    ports:
+      - 14888:8080
+    environment:
+      DB_VENDOR: mariadb
+      DB_ADDR: keycloak_db
+      DB_DATABASE: keycloak
+      DB_USER: keycloak
+      DB_PASSWORD: 8KNM3flMpEyCYkFw5wrGoCN3
+      KEYCLOAK_USER: admin
+      KEYCLOAK_PASSWORD: cTWJiYZDutP6tYxXnv2yg0A
+
 networks:
   default:
     external:

deploy/docker-compose.yml

@@ -17,7 +17,7 @@
 
 	<modelVersion>4.0.0</modelVersion>
 	<artifactId>http-server</artifactId>
-	<version>0.0.42</version>
+	<version>0.1.0</version>
 	<name>HttpServer</name>
 	<packaging>jar</packaging>
 
@@ -57,6 +57,11 @@
 			<artifactId>jetty-server</artifactId>
 			<version>9.4.30.v20200611</version>
 		</dependency>
+		<dependency>
+			<groupId>org.keycloak</groupId>
+			<artifactId>keycloak-core</artifactId>
+			<version>11.0.2</version>
+		</dependency>
 	</dependencies>
 
 </project>

pom.xml

@@ -1,7 +1,10 @@
 package info.unterrainer.commons.httpserver;
 
 import java.io.IOException;
+import java.util.ArrayList;
+import java.util.LinkedHashMap;
 import java.util.List;
+import java.util.Map.Entry;
 import java.util.concurrent.ExecutorService;
 
 import info.unterrainer.commons.httpserver.daos.BasicDao;
@@ -19,6 +22,7 @@
 import info.unterrainer.commons.serialization.exceptions.JsonMappingException;
 import info.unterrainer.commons.serialization.exceptions.JsonProcessingException;
 import info.unterrainer.commons.serialization.jsons.BasicJson;
+import io.javalin.core.security.Role;
 import io.javalin.http.Context;
 import lombok.AccessLevel;
 import lombok.RequiredArgsConstructor;
@@ -37,6 +41,7 @@ public class GenericHandlerGroup<P extends BasicJpa, J extends BasicJson, E> imp
 	private final List<Endpoint> endpoints;
 	private final List<GetListInterceptor> getListInterceptors;
 	private final HandlerExtensions<P, J, E> extensions;
+	private final LinkedHashMap<Endpoint, Role[]> accessRoles;
 	private final ExecutorService executorService;
 	private final HandlerUtils hu = new HandlerUtils();
 
@@ -46,18 +51,42 @@ public void addHandlers(final HttpServer server) {
 		if (!p.startsWith("/"))
 			p = "/" + p;
 		String pId = p + "/:" + QueryField.ID;
-		if (endpoints.contains(Endpoint.ALL) || endpoints.contains(Endpoint.READONLY)
-				|| endpoints.contains(Endpoint.GET_SINGLE))
-			server.get(pId, this::getEntry);
-		if (endpoints.contains(Endpoint.ALL) || endpoints.contains(Endpoint.READONLY)
-				|| endpoints.contains(Endpoint.GET_LIST))
-			server.get(p, this::getList);
-		if (endpoints.contains(Endpoint.ALL) || endpoints.contains(Endpoint.CREATE))
-			server.post(p, this::create);
-		if (endpoints.contains(Endpoint.ALL) || endpoints.contains(Endpoint.UPDATE_FULL))
-			server.put(pId, this::fullUpdate);
-		if (endpoints.contains(Endpoint.ALL) || endpoints.contains(Endpoint.DELETE))
-			server.delete(pId, this::delete);
+
+		List<Endpoint> endpointList;
+		endpointList = List.of(Endpoint.ALL, Endpoint.READONLY, Endpoint.GET_SINGLE);
+		if (endpointsToCreate(endpointList))
+			server.get(pId, this::getEntry, rolesFor(endpointList));
+
+		endpointList = List.of(Endpoint.ALL, Endpoint.READONLY, Endpoint.GET_LIST);
+		if (endpointsToCreate(endpointList))
+			server.get(p, this::getList, rolesFor(endpointList));
+
+		endpointList = List.of(Endpoint.ALL, Endpoint.WRITEONLY, Endpoint.CREATE);
+		if (endpointsToCreate(endpointList))
+			server.post(p, this::create, rolesFor(endpointList));
+
+		endpointList = List.of(Endpoint.ALL, Endpoint.WRITEONLY, Endpoint.UPDATE_FULL);
+		if (endpointsToCreate(endpointList))
+			server.put(pId, this::fullUpdate, rolesFor(endpointList));
+
+		endpointList = List.of(Endpoint.ALL, Endpoint.WRITEONLY, Endpoint.DELETE);
+		if (endpointsToCreate(endpointList))
+			server.delete(pId, this::delete, rolesFor(endpointList));
+	}
+
+	private boolean endpointsToCreate(final List<Endpoint> endpointList) {
+		for (Endpoint endpoint : endpointList)
+			if (endpoints.contains(endpoint))
+				return true;
+		return false;
+	}
+
+	private Role[] rolesFor(final List<Endpoint> endpointList) {
+		List<Role> roles = new ArrayList<>();
+		for (Entry<Endpoint, Role[]> entry : accessRoles.entrySet())
+			if (endpointList.contains(entry.getKey()))
+				roles.addAll(List.of(entry.getValue()));
+		return roles.toArray(new Role[0]);
 	}
 
 	private void getEntry(final Context ctx) {

src/main/java/info/unterrainer/commons/httpserver/GenericHandlerGroup.java

@@ -2,6 +2,7 @@
 
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.concurrent.ExecutorService;
 
@@ -12,6 +13,7 @@
 import info.unterrainer.commons.rdbutils.entities.BasicJpa;
 import info.unterrainer.commons.serialization.JsonMapper;
 import info.unterrainer.commons.serialization.jsons.BasicJson;
+import io.javalin.core.security.Role;
 import lombok.AccessLevel;
 import lombok.RequiredArgsConstructor;
 import ma.glasnost.orika.MapperFactory;
@@ -33,6 +35,7 @@ public class GenericHandlerGroupBuilder<P extends BasicJpa, J extends BasicJson,
 	private ExecutorService executorService;
 
 	HandlerExtensions<P, J, E> extensions = new HandlerExtensions<>();
+	private LinkedHashMap<Endpoint, Role[]> accessRoles = new LinkedHashMap<>();
 
 	public HttpServer add() {
 		if (jsonMapper == null)
@@ -43,7 +46,7 @@ public HttpServer add() {
 			executorService = server.executorService;
 		GenericHandlerGroup<P, J, E> handlerGroupInstance = new GenericHandlerGroup<>(dao, jpaType, jsonType,
 				daoTransactionManager, jsonMapper, orikaFactory.getMapperFacade(), path, endpoints, getListInterceptors,
-				extensions, executorService);
+				extensions, accessRoles, executorService);
 		server.addHandlerGroup(handlerGroupInstance);
 		return server;
 	}
@@ -52,6 +55,11 @@ public AddonBuilder<P, J, E> extension() {
 		return new AddonBuilder<>(this);
 	}
 
+	public GenericHandlerGroupBuilder<P, J, E> addRoleFor(final Endpoint endpoint, final Role... roles) {
+		accessRoles.put(endpoint, roles);
+		return this;
+	}
+
 	public GenericHandlerGroupBuilder<P, J, E> dao(final BasicDao<P, E> dao) {
 		this.dao = dao;
 		return this;

src/main/java/info/unterrainer/commons/httpserver/GenericHandlerGroupBuilder.java

@@ -14,14 +14,17 @@
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.server.ServerConnector;
 
+import info.unterrainer.commons.httpserver.accessmanager.HttpAccessManager;
 import info.unterrainer.commons.httpserver.daos.DaoTransactionManager;
 import info.unterrainer.commons.httpserver.enums.Attribute;
+import info.unterrainer.commons.httpserver.enums.ResponseType;
 import info.unterrainer.commons.httpserver.exceptions.HttpException;
 import info.unterrainer.commons.httpserver.exceptions.NotFoundException;
 import info.unterrainer.commons.httpserver.handlers.AppNameHandler;
 import info.unterrainer.commons.httpserver.handlers.AppVersionHandler;
 import info.unterrainer.commons.httpserver.handlers.DateTimeHandler;
 import info.unterrainer.commons.httpserver.handlers.HealthHandler;
+import info.unterrainer.commons.httpserver.handlers.PostmanCollectionHandler;
 import info.unterrainer.commons.httpserver.jsons.MessageJson;
 import info.unterrainer.commons.jreutils.ShutdownHook;
 import info.unterrainer.commons.rdbutils.entities.BasicJpa;
@@ -95,11 +98,14 @@ private void create() {
 		connector.setPort(config.port());
 		server.setConnectors(new ServerConnector[] { connector });
 
-		javalin = Javalin.create(config -> {
-			config.server(() -> server).enableCorsForAllOrigins();
+		javalin = Javalin.create(c -> {
+			c.server(() -> server)
+					.accessManager(new HttpAccessManager(config.keycloakHost(), config.keycloakRealm()))
+					.enableCorsForAllOrigins();
 		}).start(config.port());
 
 		javalin.before(ctx -> ctx.attribute(Attribute.JAVALIN_SERVER, this));
+		javalin.before(ctx -> ctx.attribute(Attribute.RESPONSE_TYPE, ResponseType.JSON));
 		javalin.before(ctx -> ctx.contentType("application/json"));
 
 		javalin.after(ctx -> render(ctx));
@@ -119,6 +125,7 @@ private void create() {
 		get("/version", new AppVersionHandler(appVersionFqns));
 		get("/datetime", new DateTimeHandler());
 		get("/health", new HealthHandler());
+		get("/postman", new PostmanCollectionHandler());
 
 		registerShutdownHook();
 	}
@@ -214,7 +221,13 @@ private void render(final Context ctx) throws IOException {
 
 		Object dto = ctx.attribute(Attribute.RESPONSE_OBJECT);
 		if (dto != null)
-			ctx.result(jsonMapper.toStringFrom(dto));
+			switch ((ResponseType) ctx.attribute(Attribute.RESPONSE_TYPE)) {
+			case JSON:
+				ctx.result(jsonMapper.toStringFrom(dto));
+				break;
+			default:
+				ctx.result((String) dto);
+			}
 
 		Integer status = ctx.attribute(Attribute.RESPONSE_STATUS);
 		if (status != null)

src/main/java/info/unterrainer/commons/httpserver/HttpServer.java

@@ -14,6 +14,8 @@ private HttpServerConfiguration() {
 
 	private int port;
 	private String host;
+	private String keycloakHost;
+	private String keycloakRealm;
 
 	public static HttpServerConfiguration read() {
 		return read(null);
@@ -26,6 +28,8 @@ public static HttpServerConfiguration read(final String prefix) {
 		HttpServerConfiguration config = new HttpServerConfiguration();
 		config.port = Integer.parseInt(Optional.ofNullable(System.getenv(p + "HTTP_PORT")).orElse("8080"));
 		config.host = Optional.ofNullable(System.getenv(p + "HTTP_HOST")).orElse("0.0.0.0");
+		config.keycloakHost = Optional.ofNullable(System.getenv(p + "KEYCLOAK_HOST")).orElse("http://localhost:14888");
+		config.keycloakRealm = Optional.ofNullable(System.getenv(p + "KEYCLOAK_REALM")).orElse("nexus");
 		return config;
 	}
 }

src/main/java/info/unterrainer/commons/httpserver/HttpServerConfiguration.java

@@ -0,0 +1,8 @@
+package info.unterrainer.commons.httpserver.accessmanager;
+
+import io.javalin.core.security.Role;
+
+enum DefaultRole implements Role {
+	OPEN,
+	AUTHENTICATED;
+}