From 01d8e6aef5512605aa9d6d9a3db7e033e27f3169 Mon Sep 17 00:00:00 2001
From: Mme-adorsys <107761361+Mme-adorsys@users.noreply.github.com>
Date: Mon, 12 Feb 2024 16:30:05 +0400
Subject: [PATCH] Klartax prod issues (#166)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
* Increased version to 1.1.16
* Changed cors configuration to set disabled first to prevent cors configuration exceptions
* Updated version to 1.17
* Replaced deprecated PostgreSQL94Dialect with PostgreSQLDialect
* spring.jpa.open-in-view ist standardmäßig aktiviert: behoben
* Excluded SecurityAutoConfiguration to prevent Spring from creating a default user
* Changed SecurityConfiguration to allow access to swagger
* Changed SecurityConfiguration to allow access to swagger
* Excluded AutoConfiguration for UserDetailsService
* Added RequestMatchers to address warnings for ignored paths
* Increased version to 1.19
---
keycloak-storage-provider/pom.xml | 2 +-
pom.xml | 2 +-
sts-common/pom.xml | 2 +-
sts-example/pom.xml | 2 +-
sts-keymanagement/pom.xml | 2 +-
.../sts-keymanagement-api/pom.xml | 2 +-
.../sts-keymanagement-impl/pom.xml | 4 +-
sts-persistence-jpa/pom.xml | 2 +-
.../main/resources/application-postgres.yml | 4 +-
sts-persistence-mongo/pom.xml | 2 +-
sts-pop/pom.xml | 2 +-
sts-resource-server/pom.xml | 2 +-
sts-secret-server/pom.xml | 2 +-
.../secretserver/SecretServerApplication.java | 5 +-
.../configuration/CorsProperties.java | 2 +-
.../configuration/SecurityConfiguration.java | 67 +++++++++----------
.../src/main/resources/application.yml | 8 ++-
sts-secret/pom.xml | 2 +-
sts-server-info/pom.xml | 2 +-
sts-service-component-example/pom.xml | 2 +-
sts-simple-encryption/pom.xml | 2 +-
sts-spring/pom.xml | 2 +-
sts-token-auth/pom.xml | 2 +-
.../de/adorsys/sts/tokenauth/AuthServer.java | 2 +-
sts-token/pom.xml | 2 +-
25 files changed, 65 insertions(+), 63 deletions(-)
diff --git a/keycloak-storage-provider/pom.xml b/keycloak-storage-provider/pom.xml
index 4a147118..31547b11 100644
--- a/keycloak-storage-provider/pom.xml
+++ b/keycloak-storage-provider/pom.xml
@@ -6,7 +6,7 @@
de.adorsys.sts
secure-token-service
- 1.1.15
+ 1.1.19
keycloak-storage-provider
diff --git a/pom.xml b/pom.xml
index 1533e316..6fcd15aa 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
de.adorsys.sts
secure-token-service
- 1.1.15
+ 1.1.19
pom
SecureTokenService
diff --git a/sts-common/pom.xml b/sts-common/pom.xml
index a0146982..231a87f7 100644
--- a/sts-common/pom.xml
+++ b/sts-common/pom.xml
@@ -5,7 +5,7 @@
de.adorsys.sts
secure-token-service
- 1.1.15
+ 1.1.19
sts-common
diff --git a/sts-example/pom.xml b/sts-example/pom.xml
index 746cc892..bfc46dce 100644
--- a/sts-example/pom.xml
+++ b/sts-example/pom.xml
@@ -5,7 +5,7 @@
secure-token-service
de.adorsys.sts
- 1.1.15
+ 1.1.19
4.0.0
diff --git a/sts-keymanagement/pom.xml b/sts-keymanagement/pom.xml
index 6061fe03..40edfbad 100644
--- a/sts-keymanagement/pom.xml
+++ b/sts-keymanagement/pom.xml
@@ -5,7 +5,7 @@
secure-token-service
de.adorsys.sts
- 1.1.15
+ 1.1.19
4.0.0
diff --git a/sts-keymanagement/sts-keymanagement-api/pom.xml b/sts-keymanagement/sts-keymanagement-api/pom.xml
index 26eb5c11..b7baf071 100644
--- a/sts-keymanagement/sts-keymanagement-api/pom.xml
+++ b/sts-keymanagement/sts-keymanagement-api/pom.xml
@@ -5,7 +5,7 @@
sts-keymanagement
de.adorsys.sts
- 1.1.15
+ 1.1.19
4.0.0
diff --git a/sts-keymanagement/sts-keymanagement-impl/pom.xml b/sts-keymanagement/sts-keymanagement-impl/pom.xml
index 9487fcfa..15c0ccaf 100644
--- a/sts-keymanagement/sts-keymanagement-impl/pom.xml
+++ b/sts-keymanagement/sts-keymanagement-impl/pom.xml
@@ -5,7 +5,7 @@
sts-keymanagement
de.adorsys.sts
- 1.1.15
+ 1.1.19
4.0.0
@@ -14,7 +14,7 @@
de.adorsys.sts
sts-keymanagement-api
- 1.1.15
+ 1.1.19
de.adorsys.sts
diff --git a/sts-persistence-jpa/pom.xml b/sts-persistence-jpa/pom.xml
index ce3f2a32..eae67aa3 100644
--- a/sts-persistence-jpa/pom.xml
+++ b/sts-persistence-jpa/pom.xml
@@ -5,7 +5,7 @@
secure-token-service
de.adorsys.sts
- 1.1.15
+ 1.1.19
4.0.0
diff --git a/sts-persistence-jpa/src/main/resources/application-postgres.yml b/sts-persistence-jpa/src/main/resources/application-postgres.yml
index 9f40fe44..7b47fa50 100644
--- a/sts-persistence-jpa/src/main/resources/application-postgres.yml
+++ b/sts-persistence-jpa/src/main/resources/application-postgres.yml
@@ -1,7 +1,6 @@
spring:
liquibase:
default-schema: sts
-
flyway:
locations:
- classpath:/db/migration/flyway/postgres
@@ -10,4 +9,5 @@ spring:
url: jdbc:postgresql://localhost:5432/sts
jpa:
show-sql: false
- database-platform: org.hibernate.dialect.PostgreSQL94Dialect
+ database-platform: org.hibernate.dialect.PostgreSQLDialect
+ open-in-view: false
diff --git a/sts-persistence-mongo/pom.xml b/sts-persistence-mongo/pom.xml
index d578a4de..e8560885 100644
--- a/sts-persistence-mongo/pom.xml
+++ b/sts-persistence-mongo/pom.xml
@@ -5,7 +5,7 @@
secure-token-service
de.adorsys.sts
- 1.1.15
+ 1.1.19
4.0.0
diff --git a/sts-pop/pom.xml b/sts-pop/pom.xml
index 884a2ef2..2df08154 100644
--- a/sts-pop/pom.xml
+++ b/sts-pop/pom.xml
@@ -5,7 +5,7 @@
secure-token-service
de.adorsys.sts
- 1.1.15
+ 1.1.19
4.0.0
diff --git a/sts-resource-server/pom.xml b/sts-resource-server/pom.xml
index 324763a8..cf798d6d 100644
--- a/sts-resource-server/pom.xml
+++ b/sts-resource-server/pom.xml
@@ -5,7 +5,7 @@
secure-token-service
de.adorsys.sts
- 1.1.15
+ 1.1.19
4.0.0
diff --git a/sts-secret-server/pom.xml b/sts-secret-server/pom.xml
index 06ef7a62..70bc10d0 100644
--- a/sts-secret-server/pom.xml
+++ b/sts-secret-server/pom.xml
@@ -5,7 +5,7 @@
secure-token-service
de.adorsys.sts
- 1.1.15
+ 1.1.19
diff --git a/sts-secret-server/src/main/java/de/adorsys/sts/secretserver/SecretServerApplication.java b/sts-secret-server/src/main/java/de/adorsys/sts/secretserver/SecretServerApplication.java
index 8b5fe0f5..4d390e33 100644
--- a/sts-secret-server/src/main/java/de/adorsys/sts/secretserver/SecretServerApplication.java
+++ b/sts-secret-server/src/main/java/de/adorsys/sts/secretserver/SecretServerApplication.java
@@ -1,9 +1,12 @@
package de.adorsys.sts.secretserver;
import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
+import org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration;
-@SpringBootApplication
+@SpringBootApplication(exclude = {UserDetailsServiceAutoConfiguration.class, SecurityAutoConfiguration.class})
public class SecretServerApplication {
public static void main(String[] args) {
SpringApplication.run(SecretServerApplication.class, args);
diff --git a/sts-secret-server/src/main/java/de/adorsys/sts/secretserver/configuration/CorsProperties.java b/sts-secret-server/src/main/java/de/adorsys/sts/secretserver/configuration/CorsProperties.java
index a34e78f9..5918a184 100644
--- a/sts-secret-server/src/main/java/de/adorsys/sts/secretserver/configuration/CorsProperties.java
+++ b/sts-secret-server/src/main/java/de/adorsys/sts/secretserver/configuration/CorsProperties.java
@@ -11,6 +11,6 @@ public class CorsProperties {
private boolean disbaled;
private String[] allowedOrigins;
- private String allowedHeaders;
+ private String[] allowedHeaders;
private String[] allowedMethods;
}
\ No newline at end of file
diff --git a/sts-secret-server/src/main/java/de/adorsys/sts/secretserver/configuration/SecurityConfiguration.java b/sts-secret-server/src/main/java/de/adorsys/sts/secretserver/configuration/SecurityConfiguration.java
index caf9c52f..53ebc649 100644
--- a/sts-secret-server/src/main/java/de/adorsys/sts/secretserver/configuration/SecurityConfiguration.java
+++ b/sts-secret-server/src/main/java/de/adorsys/sts/secretserver/configuration/SecurityConfiguration.java
@@ -2,13 +2,11 @@
import de.adorsys.sts.filter.JWTAuthenticationFilter;
import de.adorsys.sts.token.authentication.TokenAuthenticationService;
-import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
@@ -23,32 +21,44 @@
public class SecurityConfiguration {
- @Autowired
- private CorsProperties corsProperties;
+ private final CorsProperties corsProperties;
+
+ public SecurityConfiguration(CorsProperties corsProperties) {
+ this.corsProperties = corsProperties;
+ }
@Bean
protected SecurityFilterChain securityFilterChain(HttpSecurity http, TokenAuthenticationService tokenAuthenticationService) throws Exception {
- // @formatter:off
- http
- .cors()
- .and()
- .csrf()
- .disable()
- .sessionManagement()
- .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
- .and()
- .authorizeHttpRequests((requests) ->requests.requestMatchers(HttpMethod.GET, "/pop").permitAll()
+ if (corsProperties.isDisbaled()) { // Achten Sie auf die korrekte Schreibweise von isDisabled(), falls es ein
+ // Tippfehler war.
+ http.cors().disable();
+ } else {
+ http.cors().configurationSource(request -> {
+ CorsConfiguration corsConfiguration = new CorsConfiguration();
+ corsConfiguration.setAllowedOrigins(Arrays.asList(corsProperties.getAllowedOrigins()));
+ corsConfiguration.setAllowedMethods(Arrays.asList(corsProperties.getAllowedMethods()));
+ corsConfiguration.setAllowedHeaders(Arrays.asList(corsProperties.getAllowedHeaders()));
+ return corsConfiguration;
+ });
+ }
+
+ http.csrf().disable()
+ .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+ .and()
+ .authorizeHttpRequests((requests) -> requests
+ // Erlauben Sie den Zugriff auf Swagger-Dokumentation und UI-Ressourcen
+ .requestMatchers("/v2/api-docs", "/swagger-resources/**", "/swagger-ui.html", "/webjars/**").permitAll()
+ .requestMatchers("/cloudfoundryapplication/**").permitAll()
+ // Erlauben Sie den Zugriff auf andere spezifische Endpunkte
+ .requestMatchers(HttpMethod.GET, "/pop").permitAll()
.requestMatchers(HttpMethod.GET, "/actuator/**").permitAll()
- .anyRequest().authenticated())
+ // Alle anderen Anfragen erfordern eine Authentifizierung
+ .anyRequest().authenticated()
+ );
- ;
- // @formatter:on
+ // Fügt den JWTAuthenticationFilter vor dem UsernamePasswordAuthenticationFilter hinzu
http.addFilterBefore(new JWTAuthenticationFilter(tokenAuthenticationService), UsernamePasswordAuthenticationFilter.class);
- if (corsProperties.isDisbaled()) {
- http.cors().disable();
- }
-
return http.build();
}
@@ -57,7 +67,7 @@ public CorsFilter corsFilter() {
CorsConfiguration config = new CorsConfiguration();
config.setAllowCredentials(true);
Arrays.stream(corsProperties.getAllowedOrigins()).forEach(config::addAllowedOrigin);
- config.addAllowedHeader(corsProperties.getAllowedHeaders());
+ Arrays.asList(corsProperties.getAllowedHeaders()).forEach(config::addAllowedHeader);
Arrays.stream(corsProperties.getAllowedMethods()).forEach(config::addAllowedMethod);
UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
@@ -65,17 +75,4 @@ public CorsFilter corsFilter() {
return new CorsFilter(source);
}
-
-
- @Bean
- public WebSecurityCustomizer customize() {
- return (web) -> web.ignoring().requestMatchers(
- "/v2/api-docs",
- "/swagger-resources",
- "/swagger-resources/configuration/ui",
- "/swagger-resources/configuration/security",
- "/swagger-ui.html",
- "/webjars/**"
- );
- }
}
diff --git a/sts-secret-server/src/main/resources/application.yml b/sts-secret-server/src/main/resources/application.yml
index f8dc4900..c2f3b80d 100644
--- a/sts-secret-server/src/main/resources/application.yml
+++ b/sts-secret-server/src/main/resources/application.yml
@@ -10,13 +10,14 @@ spring:
password: db_user@123
jpa:
show-sql: false
+ open-in-view: false
properties:
hibernate:
default_schema: sts
flyway:
enabled: false
locations:
- - db/migration/flyway/h2
+ - db/migration/flyway/h2
liquibase:
enabled: true
change-log: classpath:/db/migration/liquibase/changelog.yml
@@ -26,10 +27,11 @@ spring:
- org.springframework.boot.autoconfigure.mongo.MongoAutoConfiguration
- org.springframework.boot.autoconfigure.data.mongo.MongoDataAutoConfiguration
+#Example values, do not use for production
cors:
disabled: false
- allowedOrigins: "*"
- allowedHeaders: "*"
+ allowedOrigins: localhost:8080, localhost:8081
+ allowedHeaders: Content-Type,Authorization,Accept,Origin,Referer,User-Agent
allowedMethods: GET,POST,PUT,DELETE
sts:
diff --git a/sts-secret/pom.xml b/sts-secret/pom.xml
index d69b8ff2..020bb609 100644
--- a/sts-secret/pom.xml
+++ b/sts-secret/pom.xml
@@ -5,7 +5,7 @@
secure-token-service
de.adorsys.sts
- 1.1.15
+ 1.1.19
4.0.0
diff --git a/sts-server-info/pom.xml b/sts-server-info/pom.xml
index a617e0a8..683ed467 100644
--- a/sts-server-info/pom.xml
+++ b/sts-server-info/pom.xml
@@ -5,7 +5,7 @@
secure-token-service
de.adorsys.sts
- 1.1.15
+ 1.1.19
4.0.0
diff --git a/sts-service-component-example/pom.xml b/sts-service-component-example/pom.xml
index ba082f55..58f35a9e 100644
--- a/sts-service-component-example/pom.xml
+++ b/sts-service-component-example/pom.xml
@@ -5,7 +5,7 @@
secure-token-service
de.adorsys.sts
- 1.1.15
+ 1.1.19
4.0.0
diff --git a/sts-simple-encryption/pom.xml b/sts-simple-encryption/pom.xml
index 16a94e79..13ffc8b4 100644
--- a/sts-simple-encryption/pom.xml
+++ b/sts-simple-encryption/pom.xml
@@ -5,7 +5,7 @@
secure-token-service
de.adorsys.sts
- 1.1.15
+ 1.1.19
4.0.0
diff --git a/sts-spring/pom.xml b/sts-spring/pom.xml
index 5c164b24..0bb1b7a6 100644
--- a/sts-spring/pom.xml
+++ b/sts-spring/pom.xml
@@ -3,7 +3,7 @@
secure-token-service
de.adorsys.sts
- 1.1.15
+ 1.1.19
4.0.0
diff --git a/sts-token-auth/pom.xml b/sts-token-auth/pom.xml
index 968a1db1..cab132e0 100644
--- a/sts-token-auth/pom.xml
+++ b/sts-token-auth/pom.xml
@@ -5,7 +5,7 @@
secure-token-service
de.adorsys.sts
- 1.1.15
+ 1.1.19
4.0.0
diff --git a/sts-token-auth/src/main/java/de/adorsys/sts/tokenauth/AuthServer.java b/sts-token-auth/src/main/java/de/adorsys/sts/tokenauth/AuthServer.java
index f250344e..95edd501 100644
--- a/sts-token-auth/src/main/java/de/adorsys/sts/tokenauth/AuthServer.java
+++ b/sts-token-auth/src/main/java/de/adorsys/sts/tokenauth/AuthServer.java
@@ -95,7 +95,7 @@ protected void onJsonWebKeySetRetrieved(List jwks) {
log.info("Retrieved {} keys from {}", jwks.size(), jwksUrl);
}
- public static class JsonWebKeyRetrievalException extends RuntimeException {
+ protected static class JsonWebKeyRetrievalException extends RuntimeException {
public JsonWebKeyRetrievalException(Throwable cause) {
super(cause);
}
diff --git a/sts-token/pom.xml b/sts-token/pom.xml
index 0f14d7f2..b4fe429e 100644
--- a/sts-token/pom.xml
+++ b/sts-token/pom.xml
@@ -5,7 +5,7 @@
secure-token-service
de.adorsys.sts
- 1.1.15
+ 1.1.19
4.0.0