Feature implement opaque token introspection #3633 (#3635)

* implement opaque token introspection #3633 * merge develop * increase developer admin 64k archive entry limit * fix pr findings
mercedes-benz · Nov 27, 2024 · afa4f7d · afa4f7d
1 parent 639d9f5
commit afa4f7d
Show file tree

Hide file tree

Showing 96 changed files with 2,420 additions and 913 deletions.
diff --git a/gradle/libraries.gradle b/gradle/libraries.gradle
@@ -100,16 +100,17 @@ ext {
       cycloneDX_core:                          "8.0.0",
       cyclonedx_gradle_plugin:                 "1.7.4",
 
-     /* Prepare wrapper */
-     jgit_core:                                "6.9.0.202403050737-r",
+      /* Prepare wrapper */
+      jgit_core:                                "6.9.0.202403050737-r",
 
-     /* ArchUnit */
-     arch_unit:                                "1.3.0",
+      /* ArchUnit */
+      arch_unit:                                "1.3.0",
 
       /* encryption */
       // https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk18on
-      bouncy_castle_bcprov_jdk8:                "1.78.1"
+      bouncy_castle_bcprov_jdk8:                "1.78.1",
 
+      jakarta_servlet_api:                      "6.0.0"
    ]    
 
    library = [
@@ -133,6 +134,8 @@ ext {
         springframework_restdocs:                  "org.springframework.restdocs:spring-restdocs-mockmvc",
         springframework_security_test:             "org.springframework.security:spring-security-test",
         springframework_web:                       "org.springframework:spring-web",
+        springboot_test_autoconfigure:             "org.springframework.boot:spring-boot-test-autoconfigure",
+        springframework_webmvc:                    "org.springframework:spring-webmvc",
 
         micrometer_prometheus:                 "io.micrometer:micrometer-registry-prometheus",
 
@@ -228,6 +231,8 @@ ext {
         javaxAnnotationApi:                     "javax.annotation:javax.annotation-api:${libraryVersion.javaxAnnotationApi}",
         findbugs:                               "com.google.code.findbugs:jsr305:${libraryVersion.findbugs}",
         httpmime:                               "org.apache.httpcomponents:httpmime:${libraryVersion.httpmime}",
+
+        jakarta_servlet_api:                   "jakarta.servlet:jakarta.servlet-api:${libraryVersion.jakarta_servlet_api}",
    ]
 
 

diff --git a/gradle/projects.gradle b/gradle/projects.gradle
@@ -41,6 +41,7 @@ projectType = [
                     project(':sechub-integrationtest'),
                     project(':sechub-developertools'),
                     project(':sechub-test'),
+                    project(':sechub-commons-security-spring'),
                     project(':sechub-testframework-spring'),
                     project(':sechub-storage-sharedvolume-spring'),
 

diff --git a/...om/mercedesbenz/sechub/domain/administration/TestAdministrationSecurityConfiguration.java b/...om/mercedesbenz/sechub/domain/administration/TestAdministrationSecurityConfiguration.java
@@ -0,0 +1,21 @@
+// SPDX-License-Identifier: MIT
+package com.mercedesbenz.sechub.domain.administration;
+
+import static org.mockito.Mockito.mock;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
+import org.springframework.web.client.RestTemplate;
+
+import com.mercedesbenz.sechub.sharedkernel.security.SecHubSecurityConfiguration;
+
+@Configuration
+@Import(SecHubSecurityConfiguration.class)
+public class TestAdministrationSecurityConfiguration {
+
+    @Bean
+    RestTemplate restTemplate() {
+        return mock();
+    }
+}
diff --git a/...enz/sechub/domain/administration/project/ProjectAdministrationRestControllerMockTest.java b/...enz/sechub/domain/administration/project/ProjectAdministrationRestControllerMockTest.java
@@ -29,11 +29,9 @@
 import org.mockito.invocation.InvocationOnMock;
 import org.mockito.stubbing.Answer;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
-import org.springframework.boot.test.context.TestConfiguration;
 import org.springframework.boot.test.mock.mockito.MockBean;
-import org.springframework.context.annotation.Profile;
+import org.springframework.context.annotation.Import;
 import org.springframework.http.MediaType;
 import org.springframework.security.test.context.support.WithMockUser;
 import org.springframework.test.context.ActiveProfiles;
@@ -42,18 +40,19 @@
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.validation.Errors;
 
+import com.mercedesbenz.sechub.domain.administration.TestAdministrationSecurityConfiguration;
 import com.mercedesbenz.sechub.domain.administration.project.ProjectJsonInput.ProjectMetaData;
 import com.mercedesbenz.sechub.domain.administration.user.User;
 import com.mercedesbenz.sechub.sharedkernel.Profiles;
-import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration;
 import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants;
 import com.mercedesbenz.sechub.test.TestPortProvider;
 
 @RunWith(SpringRunner.class)
-@WebMvcTest(ProjectAdministrationRestController.class)
-@ContextConfiguration(classes = { ProjectAdministrationRestController.class, ProjectAdministrationRestControllerMockTest.SimpleTestConfiguration.class })
+@WebMvcTest
+@ContextConfiguration(classes = { ProjectAdministrationRestController.class })
 @WithMockUser(roles = RoleConstants.ROLE_SUPERADMIN)
 @ActiveProfiles({ Profiles.TEST, Profiles.ADMIN_ACCESS })
+@Import(TestAdministrationSecurityConfiguration.class)
 public class ProjectAdministrationRestControllerMockTest {
 
     private static final int PORT_USED = TestPortProvider.DEFAULT_INSTANCE.getWebMVCTestHTTPSPort();
@@ -240,12 +239,4 @@ public void when_admin_tries_to_change_project_description_but_request_body_is_m
 
         /* @formatter:on */
     }
-
-    @TestConfiguration
-    @Profile(Profiles.TEST)
-    @EnableAutoConfiguration
-    public static class SimpleTestConfiguration extends AbstractSecHubAPISecurityConfiguration {
-
-    }
-
 }
diff --git a/...chub/domain/administration/project/ProjectUpdateAdministrationRestControllerMockTest.java b/...chub/domain/administration/project/ProjectUpdateAdministrationRestControllerMockTest.java
@@ -19,11 +19,9 @@
 import org.mockito.invocation.InvocationOnMock;
 import org.mockito.stubbing.Answer;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
-import org.springframework.boot.test.context.TestConfiguration;
 import org.springframework.boot.test.mock.mockito.MockBean;
-import org.springframework.context.annotation.Profile;
+import org.springframework.context.annotation.Import;
 import org.springframework.http.MediaType;
 import org.springframework.security.test.context.support.WithMockUser;
 import org.springframework.test.context.ActiveProfiles;
@@ -32,16 +30,16 @@
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.validation.Errors;
 
+import com.mercedesbenz.sechub.domain.administration.TestAdministrationSecurityConfiguration;
 import com.mercedesbenz.sechub.domain.administration.project.ProjectJsonInput.ProjectMetaData;
 import com.mercedesbenz.sechub.sharedkernel.Profiles;
-import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration;
 import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants;
 import com.mercedesbenz.sechub.test.TestPortProvider;
 
 @RunWith(SpringRunner.class)
-@WebMvcTest(ProjectUpdateAdministrationRestController.class)
-@ContextConfiguration(classes = { ProjectUpdateAdministrationRestController.class,
-        ProjectUpdateAdministrationRestControllerMockTest.SimpleTestConfiguration.class })
+@WebMvcTest
+@ContextConfiguration(classes = { ProjectUpdateAdministrationRestController.class })
+@Import(TestAdministrationSecurityConfiguration.class)
 @WithMockUser(roles = RoleConstants.ROLE_SUPERADMIN)
 @ActiveProfiles({ Profiles.TEST, Profiles.ADMIN_ACCESS })
 public class ProjectUpdateAdministrationRestControllerMockTest {
@@ -157,11 +155,4 @@ public Void answer(InvocationOnMock invocation) {
 		verifyNoInteractions(mockedProjectUpdateMetaDataService);
 		/* @formatter:on */
     }
-
-    @TestConfiguration
-    @Profile(Profiles.TEST)
-    @EnableAutoConfiguration
-    public static class SimpleTestConfiguration extends AbstractSecHubAPISecurityConfiguration {
-
-    }
 }
diff --git a/...rcedesbenz/sechub/domain/administration/signup/AnonymousSignupRestControllerMockTest.java b/...rcedesbenz/sechub/domain/administration/signup/AnonymousSignupRestControllerMockTest.java
@@ -10,20 +10,18 @@
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
-import org.springframework.boot.test.context.TestConfiguration;
 import org.springframework.boot.test.mock.mockito.MockBean;
-import org.springframework.context.annotation.Profile;
+import org.springframework.context.annotation.Import;
 import org.springframework.http.MediaType;
 import org.springframework.security.test.context.support.WithMockUser;
 import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 
+import com.mercedesbenz.sechub.domain.administration.TestAdministrationSecurityConfiguration;
 import com.mercedesbenz.sechub.sharedkernel.Profiles;
-import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration;
 import com.mercedesbenz.sechub.sharedkernel.validation.ApiVersionValidationFactory;
 import com.mercedesbenz.sechub.sharedkernel.validation.EmailValidationImpl;
 import com.mercedesbenz.sechub.sharedkernel.validation.UserIdValidationImpl;
@@ -38,9 +36,9 @@
         SignupJsonInputValidator.class,
         UserIdValidationImpl.class,
         EmailValidationImpl.class,
-		ApiVersionValidationFactory.class,
-		AnonymousSignupRestControllerMockTest.SimpleTestConfiguration.class })
+		ApiVersionValidationFactory.class })
 /* @formatter:on */
+@Import(TestAdministrationSecurityConfiguration.class)
 @WithMockUser
 @ActiveProfiles(Profiles.TEST)
 public class AnonymousSignupRestControllerMockTest {
@@ -152,13 +150,6 @@ public void calling_with_api_1_0_and_userid_set_but_NO_valid_email_returns_HTTP_
         /* @formatter:on */
     }
 
-    @TestConfiguration
-    @Profile(Profiles.TEST)
-    @EnableAutoConfiguration
-    public static class SimpleTestConfiguration extends AbstractSecHubAPISecurityConfiguration {
-
-    }
-
     private SignupJsonInput createUserSelfRegistration(String api, String email, String name) {
 
         SignupJsonInput created = new SignupJsonInput();

diff --git a/...sbenz/sechub/domain/administration/signup/SignupAdministrationRestControllerMockTest.java b/...sbenz/sechub/domain/administration/signup/SignupAdministrationRestControllerMockTest.java
@@ -13,25 +13,24 @@
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
-import org.springframework.boot.test.context.TestConfiguration;
 import org.springframework.boot.test.mock.mockito.MockBean;
-import org.springframework.context.annotation.Profile;
+import org.springframework.context.annotation.Import;
 import org.springframework.security.test.context.support.WithMockUser;
 import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 
+import com.mercedesbenz.sechub.domain.administration.TestAdministrationSecurityConfiguration;
 import com.mercedesbenz.sechub.sharedkernel.Profiles;
-import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration;
 import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants;
 import com.mercedesbenz.sechub.test.TestPortProvider;
 
 @RunWith(SpringRunner.class)
-@WebMvcTest(SignupAdministrationRestController.class)
-@ContextConfiguration(classes = { SignupAdministrationRestController.class, SignupAdministrationRestControllerMockTest.SimpleTestConfiguration.class })
+@WebMvcTest
+@ContextConfiguration(classes = { SignupAdministrationRestController.class })
+@Import(TestAdministrationSecurityConfiguration.class)
 @WithMockUser(roles = RoleConstants.ROLE_SUPERADMIN)
 @ActiveProfiles({ Profiles.TEST, Profiles.ADMIN_ACCESS })
 public class SignupAdministrationRestControllerMockTest {
@@ -96,11 +95,4 @@ public void listUserSignups_results_in_a_filled_list_when_2_signups_exist() thro
         /* @formatter:on */
     }
 
-    @TestConfiguration
-    @Profile(Profiles.TEST)
-    @EnableAutoConfiguration
-    public static class SimpleTestConfiguration extends AbstractSecHubAPISecurityConfiguration {
-
-    }
-
 }
diff --git a/...cedesbenz/sechub/domain/administration/user/UserAdministrationRestControllerMockTest.java b/...cedesbenz/sechub/domain/administration/user/UserAdministrationRestControllerMockTest.java
@@ -22,30 +22,29 @@
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
 import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
-import org.springframework.boot.test.context.TestConfiguration;
 import org.springframework.boot.test.mock.mockito.MockBean;
-import org.springframework.context.annotation.Profile;
+import org.springframework.context.annotation.Import;
 import org.springframework.security.test.context.support.WithMockUser;
 import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 
+import com.mercedesbenz.sechub.domain.administration.TestAdministrationSecurityConfiguration;
 import com.mercedesbenz.sechub.domain.administration.project.Project;
 import com.mercedesbenz.sechub.domain.administration.signup.AnonymousSignupCreateService;
 import com.mercedesbenz.sechub.domain.administration.signup.Signup;
 import com.mercedesbenz.sechub.domain.administration.signup.SignupRepository;
 import com.mercedesbenz.sechub.sharedkernel.Profiles;
-import com.mercedesbenz.sechub.sharedkernel.security.AbstractSecHubAPISecurityConfiguration;
 import com.mercedesbenz.sechub.sharedkernel.security.RoleConstants;
 import com.mercedesbenz.sechub.test.TestPortProvider;
 
 @RunWith(SpringRunner.class)
-@WebMvcTest(UserAdministrationRestController.class)
-@ContextConfiguration(classes = { UserAdministrationRestController.class, UserAdministrationRestControllerMockTest.SimpleTestConfiguration.class })
+@WebMvcTest
+@ContextConfiguration(classes = { UserAdministrationRestController.class })
 @WithMockUser(roles = RoleConstants.ROLE_SUPERADMIN)
+@Import(TestAdministrationSecurityConfiguration.class)
 @ActiveProfiles({ Profiles.TEST, Profiles.ADMIN_ACCESS })
 public class UserAdministrationRestControllerMockTest {
 
@@ -194,11 +193,4 @@ public void calling_with_api_1_0_and_valid_userid_and_email_returns_HTTP_200() t
         /* @formatter:on */
     }
 
-    @TestConfiguration
-    @Profile(Profiles.TEST)
-    @EnableAutoConfiguration
-    public static class SimpleTestConfiguration extends AbstractSecHubAPISecurityConfiguration {
-
-    }
-
 }
diff --git a/...on/src/main/java/com/mercedesbenz/sechub/domain/authorization/AuthUserDetailsService.java b/...on/src/main/java/com/mercedesbenz/sechub/domain/authorization/AuthUserDetailsService.java
@@ -52,7 +52,7 @@ public class AuthUserDetailsService implements UserDetailsService {
     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
         /* @formatter:off */
         return repository
-                .findByUserId(username)
+                .findByUserId(username.toLowerCase())
                 .map(AuthUserDetailsService::adoptUser)
                 .orElseThrow(() -> new UsernameNotFoundException(username));
         /* @formatter:on */

diff --git a/sechub-commons-security-spring/build.gradle b/sechub-commons-security-spring/build.gradle
@@ -0,0 +1,21 @@
+// SPDX-License-Identifier: MIT
+/*============================================================================
+* Build file for subproject
+*
+* Root build file: "${rootProject.projectDir}/build.gradle"
+* ============================================================================
+*/
+dependencies {
+
+    implementation project(':sechub-commons-core')
+    implementation project(':sechub-testframework-spring')
+    implementation library.springboot_starter_security
+    implementation library.springboot_starter_oauth2_resource_server
+
+    testImplementation library.springframework_web
+    testImplementation library.springframework_webmvc
+    testImplementation library.springboot_test_autoconfigure
+    testImplementation library.springboot_starter_test
+    testImplementation library.springframework_security_test
+    testImplementation library.jakarta_servlet_api
+}