add security config

README.md

@@ -1,36 +1,23 @@
-## Customize this file after creating the new REPO and remove this lines.
-What to adjust:  
-* Add the your project or repo name direct under the logo.
-* Add a short and long desciption.
-* Add links for your final repo to report a bug or request a feature.
-* Add list of used technologies.
-* If you have, add a roadmap or remove this section.
-* Fill up the section for set up and documentation.
- * Start in this file only with documentation and link to the docs folder.
-* Add project shields. Use [shields.io](https://shields.io/)
-
-## ------- end to remove -------
-<!-- add Project Logo, if existing -->
-
-# repo or project name
-
-*Add a description from your project here.*
+# Kitafinder-KitaApp-EAI
 
+*Dieses Enterprise Application Interface bietet eine Schnittstelle für die Kita-App an, über die Daten vom Kitafinder abgefragt werden können.*
 
 ### Built With
 
-The documentation project is built with technologies we use in our projects:
+This project is built with the following technologies:
 
-* *write here the list of used technologies*
+* Java
+* Spring Boot
+* Maven
 
 ## Roadmap
 
-*if you have a ROADMAP for your project add this here*
+![Under construction](https://www.pngplay.com/wp-content/uploads/6/Under-Construction-Icon-PNG.png)
 
+*This project is currently being developed.*
 
 See the [open issues](#) for a full list of proposed features (and known issues).
 
-
 ## Set up
 *how can i start and fly this project*
 
@@ -53,12 +40,10 @@ Don't forget to give the project a star! Thanks again!
 
 More about this in the [CODE_OF_CONDUCT](/CODE_OF_CONDUCT.md) file.
 
-
 ## License
 
 Distributed under the MIT License. See [LICENSE](LICENSE) file for more information.
 
-
 ## Contact
 
 it@M - [email protected]

pom.xml

@@ -21,10 +21,20 @@
 		<maven.compiler.target>${java.version}</maven.compiler.target>
 	</properties>
 	<dependencies>
+		<!-- Security -->
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-security</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-oauth2-jose</artifactId>
+		</dependency>
+
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-data-jdbc</artifactId>
@@ -57,6 +67,12 @@
 			<optional>true</optional>
 		</dependency>
 
+		<dependency>
+			<groupId>org.modelmapper</groupId>
+			<artifactId>modelmapper</artifactId>
+			<version>3.2.0</version>
+		</dependency>
+
 		<!-- Spring developer tools -->
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
@@ -71,19 +87,6 @@
 			<version>2.5.0</version>
 		</dependency>
 
-		<!-- SpringDoc dependencies -->
-		<dependency>
-			<groupId>org.springdoc</groupId>
-			<artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
-			<version>2.5.0</version>
-		</dependency>
-
-		<dependency>
-		    <groupId>org.modelmapper</groupId>
-		    <artifactId>modelmapper</artifactId>
-		    <version>3.2.0</version>
-		</dependency>
-
 		<!-- Bean Validation API support -->
 		<dependency>
 			<groupId>javax.validation</groupId>

src/main/java/de/muenchen/rbs/kitafindereai/config/SecurityConfiguration.java

@@ -4,37 +4,47 @@
  */
 package de.muenchen.rbs.kitafindereai.config;
 
-import org.springframework.boot.autoconfigure.web.client.RestTemplateAutoConfiguration;
-import org.springframework.boot.web.client.RestTemplateBuilder;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Import;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
 import org.springframework.security.web.SecurityFilterChain;
 
+import lombok.extern.slf4j.Slf4j;
+
 /**
  * The central class for configuration of all security aspects.
  */
+@Slf4j
 @Configuration
 @EnableWebSecurity
-@EnableMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
-@Import(RestTemplateAutoConfiguration.class)
+@EnableMethodSecurity(prePostEnabled = true)
 public class SecurityConfiguration {
 
     @Bean
-    public SecurityFilterChain filterChain(HttpSecurity http, RestTemplateBuilder restTemplateBuilder)
-            throws Exception {
-        http.authorizeHttpRequests(h -> h.anyRequest().permitAll());
+    @Profile("!no-security")
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http
+                .authorizeHttpRequests((authorize) -> authorize
+                        .requestMatchers("/actuator/info", "/actuator/health/**", "/explorer/**", "/h2-console/**",
+                                "/swagger-ui/**", "/v3/api-docs/**", "/**")
+                        .permitAll()
+                        .anyRequest().authenticated())
+                .oauth2ResourceServer((oauth2) -> oauth2
+                        .opaqueToken(Customizer.withDefaults()));
         return http.build();
     }
 
     @Bean
-    public WebSecurityCustomizer webSecurityCustomizer() {
-        return web -> web.ignoring().requestMatchers(
-                "/actuator/info", "/actuator/health/**", "/explorer/**", "/h2-console/**");
+    @Profile("no-security")
+    public SecurityFilterChain noSecurityFilterChain(HttpSecurity http)
+            throws Exception {
+        log.warn("Using mode 'no-security'!");
+        http.authorizeHttpRequests(authorize -> authorize.anyRequest().permitAll());
+        return http.build();
     }
 
 }

src/main/java/de/muenchen/rbs/kitafindereai/data/KitafinderKitaKonfigData.java

@@ -4,6 +4,7 @@
  */
 package de.muenchen.rbs.kitafindereai.data;
 
+import de.muenchen.rbs.kitafindereai.api.model.Institute;
 import jakarta.persistence.Column;
 import jakarta.persistence.Entity;
 import jakarta.persistence.Id;
@@ -12,7 +13,7 @@
 import lombok.Data;
 
 /**
- * 
+ * In der EAI gespeicherte Daten zu einer Einrichtung ({@link Institute})
  */
 @Entity
 @Data

src/main/java/de/muenchen/rbs/kitafindereai/data/KitafinderKitaKonfigDataDto.java

@@ -8,7 +8,7 @@
 import lombok.Data;
 
 /**
- * 
+ * DTO für {@link KitafinderKitaKonfigData}
  */
 @Data
 public class KitafinderKitaKonfigDataDto {

src/main/resources/META-INF/additional-spring-configuration-metadata.json

@@ -0,0 +1,12 @@
+{"properties": [
+  {
+    "name": "app.password-encoder.encryptor.password",
+    "type": "java.lang.String",
+    "description": "Passwort für die Erstellung eines TextEncryptors."
+  },
+  {
+    "name": "app.password-encoder.encryptor.salt",
+    "type": "java.lang.String",
+    "description": "Salt für die Erstellung eines TextEncryptors.Passwort für die Erstellung eines TextEncryptors."
+  }
+]}

src/main/resources/db/migration/V001__Initial_Schema.sql

@@ -0,0 +1,6 @@
+CREATE TABLE "KITA_DATA" (
+    "KIBIGWEB_ID" VARCHAR(255), 
+    "PASSWORD" VARCHAR(255), 
+    "KITA_ID_EXTERN" VARCHAR(255), 
+    "TRAEGER" VARCHAR(255)
+);