Adding Spring Security, Gradlew Build tasks to build ui and Generate KeyPair

Author: ricardo-ribeiro

.github/workflows/gradle.yml

@@ -13,6 +13,10 @@ jobs:
       uses: actions/setup-java@v1
       with:
         java-version: 1.8
+    - name: Set up NodeJs 10.x
+      uses: actions/setup-node@v1
+      with:
+        node-version: '10.x'
     - name: Grant execute permission for gradlew
       run: chmod +x gradlew
     - name: Build with Gradle

.gitignore

@@ -5,5 +5,6 @@ build/
 services/zookeeperAndKafka
 
 ui/node_modules
+node_modules
 
-node_modules
+build

README.md

@@ -73,16 +73,71 @@ Password: guest
 
 ```yml
 server:
-  port: 5757
+  port: 5757 // Set the Server Port
+
+logging.level.root: INFO // Set the root Logging Level ex.: INFO | DEBUG | TRACE
+logging.level.<classpath>.<name>: INFO // INFO | DEBUG ...
+
+# Use When Having Spring Actuator, Expose All Endpoints {Security Concerns}
+management:
+  endpoints:
+    web:
+      exposure:
+        include: "*" # Expose All The Actuator Endpoints
+
+# When Using spring.security.xtype: JWT ; You Can Customise The token Generation
+# key paths and other details.
+custom:
+  security:
+    masterUser:
+      username: master@localhost.com
+      password: root
+      roles:
+        - MASTER
+        - DEVELOPER
+        - CUSTOMER
+    jwt:
+      header:
+        key: Authorization
+        value:
+          prefix: Bearer
+      algorithm : RSA512
+      token:
+        aliveFor: 3600
+        issuer: ExampleApplication@localhost
+        audience:
+          - banana
+          - banana1
+          - banana2
+        scope:
+          - ui
+      keys:
+        public:
+          path: /banana
+        private:
+          path: /banana
 
-logging.level.root: INFO
 
 spring:
+  # Spring Security Details
+  security:
+    xtype: BASIC # custom: BASIC or JWT
+    user:
+      name: root
+      password: root
+  # Spring Data Default Data Source - MariaDB
+  datasource:
+    url: jdbc:mariadb://localhost:3306/ExampleDatabase
+    username: root
+    password: root
+    driver-class-name: org.mariadb.jdbc.Driver
+    validationQuery: SELECT 1
   application:
     name: ExampleApp
   h2:
     console:
       enabled: true
+  # Spring Cloud Streams Binder and Bindings Details
   cloud:
     stream:
       defaultBinder: rabbit
@@ -114,6 +169,7 @@ spring:
               binder:
                 brokers: localhost
                 defaultBrokerPort: 9092
+              # Specific Internal Kafka Consumer and Producer Properties per Binding
               bindings:
                 globalEventsOutput:
                   producer:
@@ -130,6 +186,7 @@ spring:
               cloud:
                 stream:
                   rabbit:
+                    # Specific Internal RabbitMQ Consumer and Producer Properties per Binding
                     bindings:
                       paymentsReceived:
                         consumer:
@@ -148,3 +205,32 @@ spring:
 ```
 
 
+
+
+# In This Repository
+
+## A Example React Application
+
+#### Start React Development Server
+```bash
+cd ui 
+npm install
+npm start
+```
+[GO TO UI ON DEVELOPMENT SERVER](http://localhost:3000)
+
+[GO TO BUILT_UI ON SPRING BOOT SERVER](http://localhost:5757)
+
+Proxyed Requests : htto://localhost:3000 : http://localhost:5757
+
+
+## A Kafka Spring Cloud Binder 
+## A Kafka Spring Cloud Binder 
+### With a Consumer
+### With a Producer
+
+
+## A RabbitMQ Spring Cloud Binder 
+### With a Consumer
+### With a Producer
+

build.gradle

@@ -29,6 +29,8 @@ dependencyManagement {
 
 dependencies {
 
+    runtime 'org.springframework.boot:spring-boot-devtools'
+
     /**
      * Adding Spring Boot Starter For Web Application
      */
@@ -41,10 +43,17 @@ dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
     compile 'org.mariadb.jdbc:mariadb-java-client:2.3.0'
 
-
+    /**
+     * Adding Spring Boot Actuator - Registers Endpoints
+     *
+     */
     compile("org.springframework.boot:spring-boot-starter-actuator")
+    /**
+     * Adding Spring Boot Security
+     */
+    compile("org.springframework.boot:spring-boot-starter-security")
 
-
+    compile 'io.jsonwebtoken:jjwt:0.9.1'
 
     /**
      * Requires Cloud Stream Dependency Management
@@ -75,6 +84,28 @@ dependencies {
 }
 
 
-task react{
+task react(type:Exec){
+    workingDir './ui'
+    executable "sh"
+    args "-c", "npm run build"
+}
+
+task Generate_JWT_Security_Key_Pair(type:Exec){
+    workingDir './'
+    executable "sh"
+    args "-c", "echo" +
+            " '\n############## ROTATING JWT SECURITY KEY PAIR ###############\n' " +
+            "&& " +
+            "source ./scripts/utils.sh " +
+            "&& " +
+            "generateJWTKeyPair"
 
 }
+
+/**
+ * Assemble Process Build The React Application to the src/resources/public
+ * Generate JWT Token Key Pair In Use when spring.security.xtype: JWT
+ * Not needed when using with BASIC
+ */
+assemble.dependsOn(react)
+assemble.dependsOn(Generate_JWT_Security_Key_Pair)

scripts/utils.sh

@@ -1,6 +1,26 @@
-#! /bin/bash
+#!/bin/bash
 
 
-function ui-create(){
+function uiCreate(){
     npx create-react-app
 }
+
+# $1 - Name
+function generateKeyPair(){
+
+    ssh-keygen -t rsa -N '' -b 4096 -m PEM -f $1.key
+    # Don't add passphrase
+    openssl rsa -in $1.key -pubout -outform PEM -out $1.key.pub
+
+    echo "Generated Key Pair"
+
+    cat $1.key
+    cat $1.key.pub
+
+}
+
+function generateJWTKeyPair() {
+    rm src/main/resources/private/jwt_authentication_RS256.key
+    rm src/main/resources/private/jwt_authentication_RS256.key.pub
+    generateKeyPair src/main/resources/private/jwt_authentication_RS256
+}

src/main/java/springboot/Application.java

@@ -7,14 +7,13 @@
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.cloud.stream.annotation.EnableBinding;
 import org.springframework.context.annotation.Bean;
-import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 import springboot.messaging.KafkaEventChannels;
 import springboot.messaging.PaymentMessagingChannel;
 import springboot.services.InvoicingService;
 
 @SpringBootApplication
 @EnableBinding({PaymentMessagingChannel.class, KafkaEventChannels.class})
-@EnableWebMvc
+//@EnableWebMvc
 public class Application {
 
     @Bean

src/main/java/springboot/config/JwtInMemoryUserDetailsService.java

@@ -0,0 +1,36 @@
+package springboot.config;
+
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Optional;
+
+@Service
+@ConditionalOnProperty(value = "spring.security.xtype", havingValue = "JWT")
+public class JwtInMemoryUserDetailsService implements UserDetailsService {
+
+    static List<JwtUserDetails> inMemoryUserList = new ArrayList<>();
+
+    static {
+        inMemoryUserList.add(new JwtUserDetails(1L, "in28minutes",
+                "$2a$10$3zHzb.Npv1hfZbLEU5qsdOju/tk2je6W6PnNnY.c1ujWPcZh4PL6e", "ROLE_USER_2"));
+    }
+
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+        Optional<JwtUserDetails> findFirst = inMemoryUserList.stream()
+                .filter(user -> user.getUsername().equals(username)).findFirst();
+
+        if (!findFirst.isPresent()) {
+            throw new UsernameNotFoundException(String.format("USER_NOT_FOUND '%s'.", username));
+        }
+
+        return findFirst.get();
+    }
+
+}

src/main/java/springboot/config/JwtUserDetails.java

@@ -0,0 +1,77 @@
+package springboot.config;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.List;
+
+@ConditionalOnProperty(value = "spring.security.xtype", havingValue = "JWT")
+public class JwtUserDetails implements UserDetails {
+
+    private final Long id;
+    private final String username;
+    private final String password;
+    private final Collection<? extends GrantedAuthority> authorities;
+
+    public JwtUserDetails(Long id, String username, String password, String role) {
+        this.id = id;
+        this.username = username;
+        this.password = password;
+
+        List<SimpleGrantedAuthority> authorities = new ArrayList<SimpleGrantedAuthority>();
+        authorities.add(new SimpleGrantedAuthority(role));
+
+        this.authorities = authorities;
+    }
+
+    @JsonIgnore
+    public Long getId() {
+        return id;
+    }
+
+    @Override
+    public String getUsername() {
+        return username;
+    }
+
+    @JsonIgnore
+    @Override
+    public boolean isAccountNonExpired() {
+        return true;
+    }
+
+    @JsonIgnore
+    @Override
+    public boolean isAccountNonLocked() {
+        return true;
+    }
+
+    @JsonIgnore
+    @Override
+    public boolean isCredentialsNonExpired() {
+        return true;
+    }
+
+    @JsonIgnore
+    @Override
+    public String getPassword() {
+        return password;
+    }
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return authorities;
+    }
+
+    @Override
+    public boolean isEnabled() {
+        return true;
+    }
+
+}

src/main/java/springboot/config/RequestInterceptorFilter.java

@@ -0,0 +1,30 @@
+package springboot.config;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.Optional;
+
+@Component
+public class RequestInterceptorFilter extends OncePerRequestFilter {
+
+    @Value("${custom.security.jwt.header.key:Authorization}")
+    private String jwtAuthorizationHeaderKey;
+
+    @Value("${custom.security.jwt.header.value.prefix:Bearer }")
+    private String jwtHeaderValuePrefix;
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
+        Optional<String> headerValue = Optional.ofNullable(request.getHeader(jwtAuthorizationHeaderKey));
+
+
+        filterChain.doFilter(request,response);
+    }
+}