Management Portal is an application which is used to manage clinical studies for RADAR-base platform.
- Quickstart
- Configuration
- Development
- Building for production
- Testing
- Using Docker to simplify development (optional)
- Documentation
- Client libraries
The following are the prerequisites to run ManagementPortal from source on your machine:
- Java 17
- Node.js (v16 or later is recommended)
- Yarn (3.1.0 or later is recommended)
Management Portal can be easily run either by running from source or by using the provided docker-compose
file. For documentation on how to run ManagementPortal in production, please see RADAR-Kubernetes.
The quickest way to get Management Portal up and running in production mode is by using the included docker-compose files.
- Make sure Docker and Docker-Compose are installed on your system.
- Generate a key pair for signing JWT tokens as follows:
keytool -genkeypair -alias radarbase-managementportal-ec -keyalg EC -validity 3650 -keysize 256 -sigalg SHA256withECDSA -storetype PKCS12 -keystore src/main/docker/etc/config/keystore.p12 -storepass radarbase -keypass radarbase
- Now, we can start the stack with
docker-compose -f src/main/docker/management-portal.yml up -d
.
This will start a Postgres database and ManagementPortal. The default password for the admin
account is admin
. An angular live development server to access the managementportal can be started using the yarn start
command (see Development).
You must install and configure the following dependencies on your machine to run from source.
-
Node.js: We use Node to run a development web server and build the project. Depending on your system, you can install Node either from source or as a pre-packaged bundle.
-
Yarn: We use Yarn to manage Node dependencies. Depending on your system, you can install Yarn either from source or as a pre-packaged bundle.
-
Generate a key pair for signing JWT tokens as follows:
keytool -genkeypair -alias radarbase-managementportal-ec -keyalg EC -validity 3650 -keysize 256 -sigalg SHA256withECDSA -storetype PKCS12 -keystore src/main/resources/config/keystore.p12 -storepass radarbase -keypass radarbase
Make sure the key password and store password are the same! This is a requirement for Spring Security.
-
Profile configurations : ManagementPortal can be run with either
development
orproduction
profile. The table below lists the main differences between the profiles. Configure the application using the property file atsrc/main/resources/config/application-<profile>.yml
.Read more about configurations here -
Run ManagementPortal by running
./gradlew bootRun -Pprod
or./gradlew bootRun -Pdev
. Development mode will start an in memory database and ManagementPortal. An angular live development server to access the managementportal can be started using theyarn start
command (see Development). -
You can log in to the application using
admin:admin
. Please don't forgot to change the password ofadmin
, if you are using the application on production environment.
Development | Production | |
---|---|---|
Database type | In-memory | Postgres |
Demo data loaded | Yes | No |
The docker image can be pulled by running docker pull radarbase/management-portal:latest
.
Management Portal comes with a set of default values for its configuration. You can either modify
the application.yml
and application-prod.yml
(or application-dev.yml
when running the
development profile) before building the application, or override the defaults using environment
variables.
The table below lists the variables that are most likely in need of change when deploying Management Portal. You can find the complete configuration in the application.yml and application-prod.yml files. See Spring external configuration for other options on overriding the default configuration.
Variable | Default value | Description |
---|---|---|
SPRING_DATASOURCE_URL |
jdbc:postgresql://localhost:5432/managementportal |
URL for the database to be used |
SPRING_DATASOURCE_USERNAME |
<username> |
Username to access the database |
SPRING_DATASOURCE_PASSWORD |
<password> |
Password to access the database |
SPRING_APPLICATION_JSON |
None | Generic environment variable for overriding all types of application settings |
MANAGEMENTPORTAL_MAIL_FROM |
None, you need to override this | Email address that will be set in the From email header. |
MANAGEMENTPORTAL_FRONTEND_CLIENT_SECRET |
None, you need to override this | OAuth client secret for the frontend |
MANAGEMENTPORTAL_FRONTEND_ACCESS_TOKEN_VALIDITY_SECONDS |
14400 |
Frontend access token validity period in seconds |
MANAGEMENTPORTAL_FRONTEND_REFRESH_TOKEN_VALIDITY_SECONDS |
259200 |
Frontend refresh token validity period in seconds |
MANAGEMENTPORTAL_OAUTH_CLIENTS_FILE |
/mp-includes/config/oauth_client_details.csv |
Location of the OAuth clients file |
MANAGEMENTPORTAL_OAUTH_KEY_STORE_PASSWORD |
radarbase |
Password for the JWT keystore |
MANAGEMENTPORTAL_OAUTH_SIGNING_KEY_ALIAS |
radarbase-managementportal-ec |
Alias in the keystore of the keypair to use for signing |
MANAGEMENTPORTAL_OAUTH_ENABLE_PUBLIC_KEY_VERIFIERS |
false |
Whether to use additional verifiers using public-keys and deprecated verifier implementation. If you set this to true , also set RADAR_IS_CONFIG_LOCATION and provide yaml file with public keys. Read more at radar-auth documentation. |
MANAGEMENTPORTAL_CATALOGUE_SERVER_ENABLE_AUTO_IMPORT |
false |
Whether to enable or disable auto import of sources from the catalogue server |
MANAGEMENTPORTAL_CATALOGUE_SERVER_SERVER_URL |
None | URL to the catalogue server |
MANAGEMENTPORTAL_COMMON_BASE_URL |
None | Resolvable baseUrl of the hosted platform |
MANAGEMENTPORTAL_COMMON_MANAGEMENT_PORTAL_BASE_URL |
None | Resolvable baseUrl of this managementportal instance |
MANAGEMENTPORTAL_COMMON_PRIVACY_POLICY_URL |
None | Resolvable URL to the common privacy policy url |
MANAGEMENTPORTAL_COMMON_ADMIN_PASSWORD |
None | Admin password |
MANAGEMENTPORTAL_COMMON_ACTIVATION_KEY_TIMEOUT_IN_SECONDS |
86400 | Account activation/reset timeout in seconds |
RADAR_IS_CONFIG_LOCATION |
radar-is.yml from class path |
Location of additional public-key configuration file. |
JHIPSTER_SLEEP |
10 |
Time in seconds that the application should wait at bootup. Used to allow the database to become ready |
JAVA_OPTS |
-Xmx512m |
Options to pass on the JVM |
Lists cannot directly be encoded by environment variables in this version of Spring. So for example the OAuth checking key aliases need to be encoded using the SPRING_APPLICATION_JSON
variable. For setting two aliases, set it to {"managementportal":{"oauth":{"checkingKeyAliases":["one","two"]}}}
, for example. If this list is not set, the signing key will also be used as the checking key.
ManagementPortal uses OAuth2
workflow to provide authentication and authorization. To add new OAuth clients, you can add at runtime through the UI, or you can add them to the OAuth clients file
referenced by the MANAGEMENTPORTAL_OAUTH_CLIENTS_FILE
configuration option.
- If your client is supposed to work with the
Pair app
feature, you need to set a key calleddynamic_registration
totrue
like this{"dynamic_registration": true}
in itsadditional_information
map. See the aRMT and pRMT clients for an example. - If your client is
dynamic_registration
enabled, the QR code generated byPair app
feature will contain a short-living URL. By doing aGET
request on that URL therefresh-token
and related meta-data can be fetched. - If you want to prevent an OAuth client from being altered through the UI, you can add a key
{"protected": true}
in theadditional_information
map.
If the app is paired via the Pair App dialog, the QR code that will be scanned contains a short-lived URL, e.g. https://radar-base-url.org/api/meta-token/bMUkowOmTOci
Your app should access the URL, where it will receive an OAuth2 refresh token as well as the platform's base URL and a URL to the privacy policy. No authorization is required to access this URL. Important: For security reasons, the information at this URL can only be accessed once. Once it has been accessed it can not be retrieved again.
The app can use that refresh token to get new access and refresh tokens by doing the following HTTP request to the base URL, using HTTP basic authentication with your OAuth client ID as username, and an empty password.
POST /oauth/token
Content-Type: application/x-www-form-urlencoded
grant_type=refresh_token&refresh_token=<refresh_token>
This will respond with at least the access token and refresh token:
{
"access_token": "...",
"refresh_token": "...",
"expires_in": 14400
}
Both tokens are valid for a limited time only. When the access token runs out, you will need to
perform another request like the one above, but you need to use the new refresh_token
, since
refresh tokens are valid only once.
The code grant flow for OAuth2 clients can be the following:
- Register an oauth-client with grant_type
authorization_code
and add a validredirect_uri
to that client. (e.g. https://my.example.com/oauth_redirect
in this example) - Ask user authorization for your app:
where you replace
GET /oauth/authorize?client_id=MyId&response_type=code&redirect_uri=https://my.example.com/oauth_redirect
MyId
with your OAuth client id. This needs to be done from a interactive web view, either a browser or a web window. If the user approves, this will redirect tohttps://my.example.com/oauth_redirect?code=abcdef
. In Android, with [https://appauth.io] (AppAuth library), the URL could becom.example.my://oauth_redirect
for thecom.example.my
app. You can add an optional parameter forstate
. If you add the state parameter, it will be returned with thecode
. - Request a token for your app by doing a POST, again with HTTP basic authentication with as
username your OAuth client id, and leaving the password empty:
This will respond with the access token and refresh token:
POST /oauth/token Content-Type: application/x-www-form-urlencoded grant_type=authorization_code&code=abcdef&redirect_uri=https://my.example.com/oauth_redirect
Now the app can use the refresh token flow as shown above.{ "access_token": "...", "refresh_token": "..." }
The code grant flow for OAuth2 clients can also be the following:
- Register an oauth-client with grant_type
client_credentials
- Request a token for your app by doing a POST with HTTP basic authentication with as
username your OAuth client id and password your OAuth client secret:
This will respond with the access token:
POST /oauth/token Content-Type: application/x-www-form-urlencoded grant_type=client_credentials
Now the app can use the access token flow.{ "access_token": "...", "token_type": "bearer", "...": "..." }
You can customize ManagementPortal web app by replacing images located in src/main/webapp/content/images
with your logos:
navbar-logo.png
is a 70x45 (WxH in pixels) image shown at the top of every page;home-page-logo.png
is shown on the home page only; 350x350 px image recommended.
Once you build the project, you will find these images in build/www/assets/images
.
Before you can build this project, you must install and configure the following dependencies on your machine:
- Node.js: We use Node to run a development web server and build the project. Depending on your system, you can install Node either from source or as a pre-packaged bundle.
- Yarn: We use Yarn to manage Node dependencies. Depending on your system, you can install Yarn either from source or as a pre-packaged bundle.
- Local SMTP server: currently a simple docker-compose is provided with a local SMTP server. Create
smtp.env
fromsmtp.env.template
and modifyapplication.yml
accordingly.
After installing Node, you should be able to run the following command to install development tools. You will only need to run this command when dependencies change in package.json.
yarn install
We use yarn scripts and Webpack as our build system.
Run the following commands in two separate terminals to create a blissful development experience where your browser auto-refreshes when files change on your hard drive.
./gradlew
yarn start
Then open http://localhost:8081/ to start the interface and sign in with admin/admin.
Yarn is also used to manage CSS and JavaScript dependencies used in this application. You can upgrade dependencies by
specifying a newer version in package.json. You can also run yarn update
and yarn install
to manage dependencies.
Add the help
flag on any command to see how you can use it. For example, yarn help update
.
The yarn run
command will list all the scripts available to run for this project.
You can also use Angular CLI to generate some custom client code.
For example, the following command:
ng generate component my-component
will generate few files:
create src/main/webapp/app/my-component/my-component.component.html
create src/main/webapp/app/my-component/my-component.component.ts
update src/main/webapp/app/app.module.ts
To optimize the ManagementPortal application for production, run:
./gradlew -Pprod clean bootWar
The latest Meta-QR code implementation requires REST resources on api/meta-token/*
should definitely be rate-limited by upstream servers.
This will concatenate and minify the client CSS and JavaScript files. It will also modify index.html
so it references these new files.
To ensure everything worked, run:
java -jar build/libs/*.war
Then navigate to http://localhost:8080 in your browser.
To launch your application's tests, run:
./gradlew test
Unit tests are run by Karma and written with Jasmine. They're located in src/test/javascript/
and can be run with:
yarn test
UI end-to-end tests are powered by Cypress, which is built on top of WebDriverJS. They're located in src/test/javascript/e2e
and can be run by starting Spring Boot in one terminal (./gradlew bootRun
) and running the tests (yarn run e2e
) in a second one.
Performance tests are run by Gatling and written in Scala. They're located in src/test/gatling
and can be run with:
./gradlew gatlingRunAll
or
./gradlew gatlingRun<SIMULATION_CLASS_NAME> # E.g., gatlingRunProjectGatlingTest
For more information, refer to the Running tests page.
You can use Docker to improve your JHipster development experience. A number of docker-compose configuration are available in the src/main/docker folder to launch required third party services. For example, to start a postgreSQL database in a docker container, run:
docker-compose -f src/main/docker/postgresql.yml up -d
To stop it and remove the container, run:
docker-compose -f src/main/docker/postgresql.yml down
You can also fully dockerize your application and all the services that it depends on. To achieve this, first build a docker image of your app by running:
./gradlew bootWar -Pprod buildDocker
Then run:
docker-compose -f src/main/docker/app.yml up -d
For more information refer to Using Docker and Docker-Compose, this page also contains information on the docker-compose sub-generator (yo jhipster:docker-compose
), which is able to generate docker configurations for one or several JHipster applications.
Please find the links for some of the documentation per category/component
The pages site is published from the gh-pages
branch, which has its own history. If you want to
contribute to the documentation, it is probably more convenient to clone a separate copy of this
repository for working on the gh-pages
branch:
git clone --branch gh-pages https://github.com/RADAR-base/ManagementPortal.git ManagementPortal-docs
This project provides a Gradle task to generate an OpenAPI specification from which client libraries can be automatically generated:
./gradlew generateOpenApiSpec
ManagementPortal needs to be running and be accessible at http://localhost:8080
for this task to work.
The resulting file can be imported into the Swagger editor, or used with Swagger codegen to generate client libraries.