Release/v10.9.5 (#1526)

* feat(api-keys): implement API key management with creation, retrieval, update, and deletion functionalities

* fix(collector): update button label and refactor collector configuration structure

Signed-off-by: Manuel Abascal <[email protected]>

* Revert "feat(api-keys): add API key management component with modal for creation and editing"

This reverts commit a574169.

* refactor(collectors): rename CollectorConfigKeysDTO to CollectorConfigDTO and simplify getters/setters

* fix(constants): correct formatting of secret token in installation commands

Signed-off-by: Manuel Abascal <[email protected]>

* feat(security): add TFA exemption header for bypassing two-factor authentication

* Revert "feat(api-keys): implement API key management with creation, retrieval, update, and deletion functionalities"

This reverts commit 34e2ac9

* Revert "feat(api-keys): implement API key management with creation, retrieval, update, and deletion functionalities"

This reverts commit 497e674

* chore(release): update version to 10.9.4 and adjust release notes

---------

Signed-off-by: Manuel Abascal <[email protected]>

Author: mjabascal10

CHANGELOG.md

@@ -1,4 +1,4 @@
-# UTMStack 10.9.5 Release Notes
+# UTMStack 10.9.4 Release Notes
 
 – Visual adjustments applied to the SOC AI Integration to ensure consistent behavior and user interaction.
 – Updated the header component to improve version visibility and overall UI consistency.

backend/pom.xml

@@ -273,7 +273,7 @@
         <dependency>
             <groupId>org.springdoc</groupId>
             <artifactId>springdoc-openapi-ui</artifactId>
-            <version>1.6.15</version>
+            <version>1.6.7</version>
         </dependency>
         <dependency>
             <groupId>com.utmstack</groupId>
@@ -351,11 +351,6 @@
             <artifactId>tika-core</artifactId>
             <version>2.9.1</version>
         </dependency>
-        <dependency>
-            <groupId>commons-net</groupId>
-            <artifactId>commons-net</artifactId>
-            <version>3.9.0</version>
-        </dependency>
     </dependencies>
 
     <build>

backend/src/main/java/com/park/utmstack/config/Constants.java

@@ -2,9 +2,7 @@
 
 import com.park.utmstack.domain.index_pattern.enums.SystemIndexPattern;
 
-import java.util.Collections;
 import java.util.HashMap;
-import java.util.List;
 import java.util.Map;
 
 public final class Constants {
@@ -130,7 +128,6 @@ public final class Constants {
     // Defines the index pattern for querying Elasticsearch statistics indexes.
     // ----------------------------------------------------------------------------------
     public static final String STATISTICS_INDEX_PATTERN = "v11-statistics-*";
-    public static final String API_ACCESS_LOGS = ".utmstack-api-logs";
 
     // Logging
     public static final String TRACE_ID_KEY = "traceId";
@@ -142,10 +139,7 @@ public final class Constants {
     public static final String DURATION_KEY = "duration";
     public static final String CAUSE_KEY = "cause";
     public static final String LAYER_KEY = "layer";
-
-    public static final String API_KEY_HEADER = "Utm-Api-Key";
-    public static final List<String> API_ENDPOINT_IGNORE = Collections.emptyList();
-
+    public static final String TFA_EXEMPTION_HEADER = "X-Bypass-TFA";
 
     private Constants() {
     }

backend/src/main/java/com/park/utmstack/config/OpenApiConfiguration.java

@@ -24,13 +24,10 @@ public OpenApiConfiguration(InfoEndpoint infoEndpoint) {
     public OpenAPI customOpenAPI() {
         final String securitySchemeBearer = "bearerAuth";
         final String securitySchemeApiKey = "ApiKeyAuth";
-
         final String apiTitle = "UTMStack API";
         String version = MapUtil.flattenToStringMap(infoEndpoint.info(), true).get("build.version");
         return new OpenAPI()
-            .addSecurityItem(new SecurityRequirement()
-                    .addList(securitySchemeBearer)
-                    .addList(securitySchemeApiKey))
+            .addSecurityItem(new SecurityRequirement().addList(securitySchemeBearer).addList(securitySchemeApiKey))
             .components(new Components()
                 .addSecuritySchemes(securitySchemeBearer,
                     new SecurityScheme()
@@ -39,7 +36,7 @@ public OpenAPI customOpenAPI() {
                         .scheme("bearer")
                         .bearerFormat("JWT"))
                 .addSecuritySchemes(securitySchemeApiKey, new SecurityScheme()
-                    .name(Constants.API_KEY_HEADER)
+                    .name("Utm-Internal-Key")
                     .type(SecurityScheme.Type.APIKEY)
                     .in(SecurityScheme.In.HEADER)))
             .info(new Info().title(apiTitle).version(version))

backend/src/main/java/com/park/utmstack/config/SecurityConfiguration.java

@@ -1,13 +1,10 @@
 package com.park.utmstack.config;
 
 import com.park.utmstack.security.AuthoritiesConstants;
-import com.park.utmstack.security.api_key.ApiKeyConfigurer;
-import com.park.utmstack.security.api_key.ApiKeyFilter;
 import com.park.utmstack.security.internalApiKey.InternalApiKeyConfigurer;
 import com.park.utmstack.security.internalApiKey.InternalApiKeyProvider;
 import com.park.utmstack.security.jwt.JWTConfigurer;
 import com.park.utmstack.security.jwt.TokenProvider;
-import lombok.RequiredArgsConstructor;
 import org.springframework.beans.factory.BeanInitializationException;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -32,7 +29,6 @@
 import javax.servlet.http.HttpServletResponse;
 
 @Configuration
-@RequiredArgsConstructor
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
 @Import(SecurityProblemSupport.class)
@@ -43,7 +39,17 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
     private final TokenProvider tokenProvider;
     private final CorsFilter corsFilter;
     private final InternalApiKeyProvider internalApiKeyProvider;
-    private final ApiKeyFilter apiKeyFilter;
+
+    public SecurityConfiguration(AuthenticationManagerBuilder authenticationManagerBuilder,
+                                 UserDetailsService userDetailsService,
+                                 TokenProvider tokenProvider,
+                                 CorsFilter corsFilter, InternalApiKeyProvider internalApiKeyProvider) {
+        this.authenticationManagerBuilder = authenticationManagerBuilder;
+        this.userDetailsService = userDetailsService;
+        this.tokenProvider = tokenProvider;
+        this.corsFilter = corsFilter;
+        this.internalApiKeyProvider = internalApiKeyProvider;
+    }
 
     @PostConstruct
     public void init() {
@@ -116,10 +122,7 @@ public void configure(HttpSecurity http) throws Exception {
                 .and()
                 .apply(securityConfigurerAdapterForJwt())
                 .and()
-                .apply(securityConfigurerAdapterForInternalApiKey())
-                .and()
-                .apply(securityConfigurerAdapterForApiKey())    ;
-
+                .apply(securityConfigurerAdapterForInternalApiKey());
 
     }
 
@@ -130,9 +133,4 @@ private JWTConfigurer securityConfigurerAdapterForJwt() {
     private InternalApiKeyConfigurer securityConfigurerAdapterForInternalApiKey() {
         return new InternalApiKeyConfigurer(internalApiKeyProvider);
     }
-
-    private ApiKeyConfigurer securityConfigurerAdapterForApiKey() {
-        return new ApiKeyConfigurer(apiKeyFilter);
-    }
-
 }

backend/src/main/java/com/park/utmstack/domain/User.java

@@ -90,7 +90,7 @@ public class User extends AbstractAuditingEntity implements Serializable {
     private Boolean defaultPassword;
 
     @JsonIgnore
-    @ManyToMany(fetch = FetchType.EAGER)
+    @ManyToMany
     @JoinTable(name = "jhi_user_authority", joinColumns = {@JoinColumn(name = "user_id", referencedColumnName = "id")}, inverseJoinColumns = {@JoinColumn(name = "authority_name", referencedColumnName = "name")})
 
     @BatchSize(size = 20)

backend/src/main/java/com/park/utmstack/domain/api_keys/ApiKey.java

@@ -42,9 +42,5 @@ public enum ApplicationEventType {
     ERROR,
     WARNING,
     INFO,
-    MODULE_ACTIVATION_ATTEMPT,
-    MODULE_ACTIVATION_SUCCESS,
-    API_KEY_ACCESS_SUCCESS,
-    API_KEY_ACCESS_FAILURE,
-    UNDEFINED
+    MODULE_ACTIVATION_ATTEMPT, MODULE_ACTIVATION_SUCCESS, UNDEFINED
 }