Fix: update documentation

.github/workflows/develop.yaml

@@ -1,33 +1,121 @@
-# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
-# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-maven
-
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-
 name: Java CI with Maven
 
 on:
   push:
-    branches: [ "main" ]
+    branches:
+      - main
   pull_request:
-    branches: [ "main" ]
+    branches:
+      - main
 
 jobs:
   build:
 
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v4
-    - name: Set up JDK 17
-      uses: actions/setup-java@v4
-      with:
-        java-version: '17'
-        distribution: 'temurin'
-        cache: maven
-    - name: Build with Maven
-      run: mvn clean install
-
-#Add pmd check
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: 17
+          architecture: x64
+          distribution: 'temurin'
+
+      - name: Cache Maven packages
+        uses: actions/cache@v2
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+
+      - name: Set up Maven settings.xml
+        run: |
+          mkdir -p ~/.m2
+          echo "<settings>
+                  <servers>
+                    <server>
+                      <id>github-webank</id>
+                      <username>${{ github.actor }}</username>
+                      <password>${{ secrets.WEBANK_ACCESS_TOKEN }}</password>
+                    </server>
+                  </servers>
+                </settings>" > ~/.m2/settings.xml
+
+
+      - name: Build with webank Online banking
+        run: mvn clean install -s ~/.m2/settings.xml -DskipTests -DskipITs -Dmaven.javadoc.skip=true
+
+  # 2. Test Stage
+  test:
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+      - name: Cache Maven packages
+        uses: actions/cache@v2
+        with:
+          path: ~/.m2
+          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+          restore-keys: ${{ runner.os }}-m2
+
+      - name: Set up Maven settings.xml
+        run: |
+          mkdir -p ~/.m2
+          echo "<settings>
+                  <servers>
+                    <server>
+                      <id>github-webank</id>
+                      <username>${{ github.actor }}</username>
+                      <password>${{ secrets.WEBANK_ACCESS_TOKEN }}</password>
+                    </server>
+                  </servers>
+                </settings>" > ~/.m2/settings.xml
+
+      - name: Run Unit and Integration Tests
+        run: mvn verify -s ~/.m2/settings.xml -Dmaven.javadoc.skip=true
+
+  security-scan:
+         runs-on: ubuntu-latest
+         needs: build  # Ensures that the security scan runs only if the build job succeeds
+
+         steps:
+           # Step 1: Checkout code
+          - name: Checkout code
+            uses: actions/checkout@v4
+
+           # Step 2: Set up Java
+          - name: Set up Java 17
+            uses: actions/setup-java@v4
+            with:
+             java-version: '17'
+             distribution: 'temurin'
+
+           # Step 3: Run OWASP Dependency-Check
+          - name: Run OWASP Dependency-Check
+            uses: dependency-check/Dependency-Check_Action@main
+            env:
+           # actions/setup-java@v1 changes JAVA_HOME so it needs to be reset to match the depcheck image
+              JAVA_HOME: /opt/jdk
+            with:
+             project: 'webank-onlinebanking'
+             path: '.'
+             format: 'HTML'
+             out: 'reports'  
+             args: >
+              --failOnCVSS 5
+            # Step 4: Upload the Dependency-Check report as an artifact
+          - name: Upload Dependency Check report
+            uses: actions/upload-artifact@v3
+            with:
+              name: Dependency-Check Report
+              path: ${{ github.workspace }}/reports
+

Docs/GitHub_Workflow_overview.md

@@ -11,6 +11,7 @@ The workflow is triggered by the following events:
 * Push events: Direct commits to the `main` branch.
 * Pull requests: Pull requests targeting the `main` branch.
 
+
 ### Workflow Jobs
 
 **1. Build Stage**

Docs/OWASP-SETUP.md

@@ -0,0 +1,91 @@
+# OWASP Dependency-Check Integration in Multi-Module Maven Project
+
+## Overview
+
+This document provides the configuration and setup details for integrating **OWASP Dependency-Check** into a multi-module Maven project. The goal is to ensure that **all modules** within the project are properly scanned for vulnerabilities in their dependencies.
+
+## Prerequisites
+
+- Maven 3.x or higher
+- OWASP Dependency-Check plugin (version `11.1.0` or newer)
+- A multi-module Maven project setup
+
+## Project Structure
+
+The project has the following directory structure:
+
+root-pom.xml  
+├── obs  
+│ └── pom.xml  
+├── online-banking-app  
+│ └── pom.xml  
+└── target
+
+### Root `pom.xml`
+
+The parent POM (`root-pom.xml`) contains the common configurations and plugin definitions shared by all modules in the project. The OWASP Dependency-Check plugin is configured in this POM so that it can be inherited by child modules.
+
+## OWASP Dependency-Check Plugin Configuration
+
+### Parent `pom.xml` (root-pom.xml)
+
+In the root `pom.xml`, define the OWASP Dependency-Check plugin in the `<build>` section to ensure it is inherited by all child modules:
+
+```xml
+<build>
+    <plugins>
+        <!-- OWASP Dependency-Check Plugin -->
+        <plugin>
+            <groupId>org.owasp</groupId>
+            <artifactId>dependency-check-maven</artifactId>
+            <version>${owasp.dependency.check.version}</version>
+            <executions>
+                <execution>
+                    <goals>
+                        <goal>check</goal>
+                        <goal>update-only</goal>
+                    </goals>
+                </execution>
+            </executions>
+            <configuration>
+                <aggregate>true</aggregate>
+                <failBuildOnCVSS>0</failBuildOnCVSS>
+            </configuration>
+        </plugin>
+    </plugins>
+</build>
+```
+
+### Running the Plugin
+Once the OWASP Dependency-Check plugin is configured in the root POM, you can run the checks for all modules by executing the following Maven command from the root of the project:
+```mvn clean install``` or ```mvn dependency-check:check```
+
+### Viewing the Report
+
+After the build completes, the Dependency-Check plugin will generate a detailed report of any vulnerabilities found in the dependencies. The report will be saved in the following directory:
+```target/dependency-check-report``` of each project module
+
+### Troubleshooting
+
+**If you encounter issues where the modules are not being scanned:**
+
+1. Check that the child modules inherit the parent POM correctly.
+
+2. Ensure that the dependency-check-maven plugin version is correct 
+(version **11.1.0** in our case case).
+
+3. Verify that the executions block is correctly set up in the root POM.
+
+4. Ensure there are no exclusions or misconfigurations that could prevent the scan from running on a module.
+
+
+### Regular Database Updates
+It is important to keep the OWASP Dependency-Check database up to date. You can configure periodic updates for the vulnerability database using the **update-only** goal:
+
+```mvn dependency-check:update-only```
+
+This command will only update the vulnerability database, ensuring you are scanning with the latest data.
+
+### Conclusion
+
+With this setup, the OWASP Dependency-Check plugin will automatically scan all modules in the multi-module Maven project for known security vulnerabilities in their dependencies. This helps ensure that the project remains secure and that any vulnerabilities are identified early.

obs/obs-rest-api/pom.xml

@@ -35,17 +35,6 @@
             <artifactId>swagger-annotations-jakarta</artifactId>
         </dependency>
 
-        <!-- Spring Boot Starter for Web -->
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-web</artifactId>
-        </dependency>
-
-        <!-- Spring Boot Starter for Testing -->
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-test</artifactId>
-        </dependency>
 
         <dependency>
             <groupId>org.springdoc</groupId>

obs/obs-rest-api/src/main/java/com/adorsys/webank/obs/resource/RegistrationResourceApi.java

@@ -1,8 +1,3 @@
-/*
- * Copyright (c) 2018-2024 adorsys GmbH and Co. KG
- * All rights are reserved.
- */
-
 package com.adorsys.webank.obs.resource;
 
 import com.adorsys.webank.obs.dto.RegistrationRequest;
@@ -12,19 +7,17 @@
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 
-
-
 @RestController
 @RequestMapping("/api/registration")
+@CrossOrigin(origins = "http://localhost:5173")
 public interface RegistrationResourceApi {
 
     @Operation(summary = "Register a new bank account", description = "Accepts a phone number and public key for registration")
     @ApiResponses(value = {
-            @ApiResponse(responseCode = "200", description = "Registration successful"),
-            @ApiResponse(responseCode = "400", description = "Invalid input")
+            @ApiResponse(responseCode = "201", description = "Registration successful"),
+            @ApiResponse(responseCode = "400", description = "Invalid input"),
+            @ApiResponse(responseCode = "500", description = "Internal server error")
     })
     @PostMapping
-    ResponseEntity<String> registerAccount(
-             @RequestBody RegistrationRequest registrationRequest
-    );
+    ResponseEntity<String> registerAccount(@RequestBody RegistrationRequest registrationRequest);
 }

obs/obs-rest-server/src/test/java/com/adorsys/webank/obs/Config/WebConfig.java

@@ -0,0 +1,24 @@
+package com.adorsys.webank.obs.Config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+public class WebConfig {
+
+    @Bean
+    public WebMvcConfigurer corsConfigurer() {
+        return new WebMvcConfigurer() {
+            @Override
+            public void addCorsMappings(CorsRegistry registry) {
+                registry.addMapping("/**")  // Applies to all endpoints
+                        .allowedOrigins("http://localhost:5173")  // Replace with your frontend URL
+                        .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
+                        .allowedHeaders("*")
+                        .allowCredentials(true);
+            }
+        };
+    }
+}

obs/obs-rest-server/src/test/resources/application.properties

@@ -0,0 +1,15 @@
+# H2 Database Configuration
+spring.h2.console.enabled=true
+spring.datasource.url=jdbc:h2:mem:testdb
+
+# Swagger Configuration
+springdoc.api-docs.path=/api-docs
+springdoc.swagger-ui.path=/swagger-ui.html
+
+# Additional Settings (if needed)
+spring.datasource.driver-class-name=org.h2.Driver
+spring.datasource.username=sa
+spring.datasource.password=
+
+# Hibernate DDL auto (update, create-drop, validate, etc.)
+spring.jpa.hibernate.ddl-auto=update