From 6c135e3c2358b32927b0d5f59c819e1cab2b793f Mon Sep 17 00:00:00 2001
From: JordenReuter <149687553+JordenReuter@users.noreply.github.com>
Date: Thu, 20 Jun 2024 12:17:24 +0200
Subject: [PATCH] feat: activated client security (#39)

---
 .../pages/onecx-announcement-bff-docs.adoc             | 10 ++++++----
 src/main/helm/values.yaml                              |  5 ++++-
 src/main/resources/application.properties              |  8 ++++++--
 3 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/docs/modules/onecx-announcement-bff/pages/onecx-announcement-bff-docs.adoc b/docs/modules/onecx-announcement-bff/pages/onecx-announcement-bff-docs.adoc
index f54fc47..be707da 100644
--- a/docs/modules/onecx-announcement-bff/pages/onecx-announcement-bff-docs.adoc
+++ b/docs/modules/onecx-announcement-bff/pages/onecx-announcement-bff-docs.adoc
@@ -16,7 +16,6 @@ onecx.permissions.application-id=${quarkus.application.name}
 org.eclipse.microprofile.rest.client.propagateHeaders=apm-principal-token
 %prod.quarkus.rest-client.onecx_announcement_svc.url=http://onecx-announcement-svc:8080
 %prod.quarkus.rest-client.onecx_workspace_svc_v1.url=http://onecx-workspace-svc:8080
-%prod.quarkus.oidc-client.client-id=${quarkus.application.name}
 quarkus.openapi-generator.codegen.input-base-dir=target/tmp/openapi
 quarkus.openapi-generator.codegen.spec.onecx_announcement_svc_yaml.config-key=onecx_announcement_svc
 quarkus.openapi-generator.codegen.spec.onecx_announcement_svc_yaml.base-package=gen.org.tkit.onecx.announcement.client
@@ -28,6 +27,9 @@ quarkus.openapi-generator.codegen.spec.onecx_workspace_svc_v1_yaml.base-package=
 quarkus.openapi-generator.codegen.spec.onecx_workspace_svc_v1_yaml.return-response=true
 quarkus.openapi-generator.codegen.spec.onecx_workspace_svc_v1_yaml.additional-api-type-annotations=@org.eclipse.microprofile.rest.client.annotation.RegisterClientHeaders;
 quarkus.openapi-generator.codegen.spec.onecx_workspace_svc_v1_yaml.additional-model-type-annotations=@io.quarkus.runtime.annotations.RegisterForReflection;
+%prod.quarkus.rest-client.onecx_announcement_svc_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
+%prod.quarkus.rest-client.onecx_workspace_svc_v1_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
+%prod.quarkus.oidc-client.client-id=${quarkus.application.name}
 ----
 ====
 
@@ -63,8 +65,8 @@ app:
             read: permission on all GET requests and POST search
             write: permission on PUT, POST, PATCH requests, where objects are saved or updated
             delete: permission on all DELETE requests
-----
-
-e: permission on all DELETE requests
+    keycloak:
+      client:
+        enabled: true
 ----
 
diff --git a/src/main/helm/values.yaml b/src/main/helm/values.yaml
index 2957d4e..0482a22 100644
--- a/src/main/helm/values.yaml
+++ b/src/main/helm/values.yaml
@@ -11,4 +11,7 @@ app:
           announcement:
             read: permission on all GET requests and POST search
             write: permission on PUT, POST, PATCH requests, where objects are saved or updated
-            delete: permission on all DELETE requests
\ No newline at end of file
+            delete: permission on all DELETE requests
+    keycloak:
+      client:
+        enabled: true
\ No newline at end of file
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 3adb86e..aa400ff 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -12,8 +12,6 @@ org.eclipse.microprofile.rest.client.propagateHeaders=apm-principal-token
 %prod.quarkus.rest-client.onecx_announcement_svc.url=http://onecx-announcement-svc:8080
 %prod.quarkus.rest-client.onecx_workspace_svc_v1.url=http://onecx-workspace-svc:8080
 
-%prod.quarkus.oidc-client.client-id=${quarkus.application.name}
-
 # BUILD
 quarkus.openapi-generator.codegen.input-base-dir=target/tmp/openapi
 
@@ -31,6 +29,12 @@ quarkus.openapi-generator.codegen.spec.onecx_workspace_svc_v1_yaml.return-respon
 quarkus.openapi-generator.codegen.spec.onecx_workspace_svc_v1_yaml.additional-api-type-annotations=@org.eclipse.microprofile.rest.client.annotation.RegisterClientHeaders;
 quarkus.openapi-generator.codegen.spec.onecx_workspace_svc_v1_yaml.additional-model-type-annotations=@io.quarkus.runtime.annotations.RegisterForReflection;
 
+# OIDC
+%prod.quarkus.rest-client.onecx_announcement_svc_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
+%prod.quarkus.rest-client.onecx_workspace_svc_v1_yaml.providers=io.quarkus.oidc.client.reactive.filter.OidcClientRequestReactiveFilter
+%prod.quarkus.oidc-client.client-id=${quarkus.application.name}
+
+
 # DEV
 %dev.quarkus.rest-client.onecx_announcement_svc.url=${quarkus.mockserver.endpoint}
 %dev.quarkus.rest-client.onecx_workspace_svc_v1.url=${quarkus.mockserver.endpoint}