From 8854780e37f340a0cd75d2532cfcadb8bbb2b60d Mon Sep 17 00:00:00 2001
From: tkuzynow <tomasz.kuzynowski@gmail.com>
Date: Mon, 22 Apr 2024 10:29:46 +0200
Subject: [PATCH 1/4] feat: move towards java 17 partial commit

---
 .github/workflows/dockerImage.yml             |  2 +-
 .github/workflows/feature-branch.yml          |  2 +-
 Dockerfile                                    |  2 +-
 pom.xml                                       | 53 +++++++++++++---
 .../api/auth/AuthorisationService.java        | 48 +++++++++++++++
 .../cob/liveservice/api/auth/Authority.java   | 46 ++++++++++++++
 .../api/auth/JwtAuthConverter.java            | 61 +++++++++++++++++++
 .../RoleAuthorizationAuthorityMapper.java     | 37 +++++++++++
 .../cob/liveservice/api/auth/UserRole.java    | 14 +++++
 .../security/JwtAuthConverterProperties.java  | 16 +++++
 .../config/security/WebSecurityConfig.java    | 44 +++++++------
 src/main/resources/application.properties     |  6 +-
 .../StompClientIntegrationTest.java           |  4 +-
 13 files changed, 300 insertions(+), 35 deletions(-)
 create mode 100644 src/main/java/de/caritas/cob/liveservice/api/auth/AuthorisationService.java
 create mode 100644 src/main/java/de/caritas/cob/liveservice/api/auth/Authority.java
 create mode 100644 src/main/java/de/caritas/cob/liveservice/api/auth/JwtAuthConverter.java
 create mode 100644 src/main/java/de/caritas/cob/liveservice/api/auth/RoleAuthorizationAuthorityMapper.java
 create mode 100644 src/main/java/de/caritas/cob/liveservice/api/auth/UserRole.java
 create mode 100644 src/main/java/de/caritas/cob/liveservice/config/security/JwtAuthConverterProperties.java

diff --git a/.github/workflows/dockerImage.yml b/.github/workflows/dockerImage.yml
index 653c052..897a241 100644
--- a/.github/workflows/dockerImage.yml
+++ b/.github/workflows/dockerImage.yml
@@ -27,7 +27,7 @@ jobs:
       - name: Setup JVM
         uses: actions/setup-java@v1
         with:
-          java-version: 11.0.10
+          java-version: 17.0.7
           java-package: jdk
           architecture: x64
       - name: Caching maven dependencies
diff --git a/.github/workflows/feature-branch.yml b/.github/workflows/feature-branch.yml
index 9aaa919..502d943 100644
--- a/.github/workflows/feature-branch.yml
+++ b/.github/workflows/feature-branch.yml
@@ -17,7 +17,7 @@ jobs:
       - name: Setup JVM
         uses: actions/setup-java@v2
         with:
-          java-version: "11"
+          java-version: 17.0.7
           distribution: "adopt"
           architecture: x64
 
diff --git a/Dockerfile b/Dockerfile
index 0210d5d..8fdee16 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM adoptopenjdk/openjdk11
+FROM openjdk:17-oracle
 VOLUME ["/tmp","/log"]
 EXPOSE 8080
 ARG JAR_FILE
diff --git a/pom.xml b/pom.xml
index 0e066af..a397423 100644
--- a/pom.xml
+++ b/pom.xml
@@ -14,21 +14,25 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>2.5.14</version>
+		<version>3.0.6</version>
 		<relativePath/>
 	</parent>
 
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
-		<java.version>11</java.version>
+		<java.version>17</java.version>
 		<keycloak.version>17.0.0</keycloak.version>
 		<!-- force at least version 2.16 due to https://logging.apache.org/log4j/2.x/security.html -->
-		<log4j.version>2.17.1</log4j.version>
+		<log4j.version>2.19.0</log4j.version>
 		<jackson-databind-nullable.version>0.2.3</jackson-databind-nullable.version>
-		<spring-security.version>5.7.5</spring-security.version>
-		<openapi-generator-maven-plugin.version>5.1.1</openapi-generator-maven-plugin.version>
+		<spring-security.version>6.0.5</spring-security.version>
+		<openapi-generator-maven-plugin.version>6.6.0</openapi-generator-maven-plugin.version>
 		<springfox-boot-starter.version>3.0.0</springfox-boot-starter.version>
+		<maven.compiler.source>17</maven.compiler.source>
+		<maven.compiler.target>17</maven.compiler.target>
+		<ehcache.version>2.10.9.2</ehcache.version>
+		<hibernate.validator.version>8.0.0.Final</hibernate.validator.version>
 	</properties>
 
 	<dependencies>
@@ -41,17 +45,14 @@
 		<dependency>
 			<groupId>org.springframework.security</groupId>
 			<artifactId>spring-security-messaging</artifactId>
-			<version>5.3.5.RELEASE</version>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>
 			<artifactId>spring-security-web</artifactId>
-			<version>5.3.9.RELEASE</version>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>
 			<artifactId>spring-security-config</artifactId>
-			<version>5.3.5.RELEASE</version>
 		</dependency>
 
 		<dependency>
@@ -66,6 +67,22 @@
 			<artifactId>spring-boot-starter-actuator</artifactId>
 		</dependency>
 
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
+		</dependency>
+
+		<dependency>
+			<groupId>net.sf.ehcache</groupId>
+			<artifactId>ehcache</artifactId>
+			<version>${ehcache.version}</version>
+			<exclusions>
+				<exclusion>
+					<groupId>com.fasterxml.jackson.core</groupId>
+					<artifactId>jackson-databind</artifactId>
+				</exclusion>
+			</exclusions>
+		</dependency>
 
 		<dependency>
 			<groupId>org.codehaus.plexus</groupId>
@@ -105,12 +122,24 @@
 			<version>${jackson-databind-nullable.version}</version>
 		</dependency>
 		<!-- SpringFox: generate YAML file from POJOs and generate documentation -->
+		<dependency>
+			<groupId>io.swagger.core.v3</groupId>
+			<artifactId>swagger-annotations</artifactId>
+			<version>2.2.15</version>
+		</dependency>
+		<!-- SpringFox: generate YAML file from POJOs and generate documentation -->
 		<dependency>
 			<groupId>io.springfox</groupId>
 			<artifactId>springfox-boot-starter</artifactId>
 			<version>${springfox-boot-starter.version}</version>
 		</dependency>
 
+		<dependency>
+			<groupId>org.hibernate.validator</groupId>
+			<artifactId>hibernate-validator</artifactId>
+			<version>${hibernate.validator.version}</version>
+		</dependency>
+
 		<!-- Keycloak dependencies -->
 		<dependency>
 			<groupId>org.keycloak</groupId>
@@ -175,6 +204,11 @@
 			<version>2.0</version>
 		</dependency>
 
+		<dependency>
+			<groupId>org.apache.httpcomponents.client5</groupId>
+			<artifactId>httpclient5</artifactId>
+		</dependency>
+
 		<!-- Test dependencies -->
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
@@ -241,7 +275,7 @@
 			<plugin>
 				<groupId>org.openapitools</groupId>
 				<artifactId>openapi-generator-maven-plugin</artifactId>
-				<version>5.1.1</version>
+				<version>6.6.0</version>
 				<executions>
 					<execution>
 						<goals>
@@ -251,6 +285,7 @@
 							<configOptions>
 								<interfaceOnly>true</interfaceOnly>
 								<sourceFolder>/</sourceFolder>
+								<useSpringBoot3>true</useSpringBoot3>
 							</configOptions>
 							<inputSpec>${project.basedir}/api/liveservice.yaml</inputSpec>
 							<generatorName>spring</generatorName>
diff --git a/src/main/java/de/caritas/cob/liveservice/api/auth/AuthorisationService.java b/src/main/java/de/caritas/cob/liveservice/api/auth/AuthorisationService.java
new file mode 100644
index 0000000..ab2ce16
--- /dev/null
+++ b/src/main/java/de/caritas/cob/liveservice/api/auth/AuthorisationService.java
@@ -0,0 +1,48 @@
+package de.caritas.cob.liveservice.api.auth;
+
+import com.google.common.collect.Lists;
+import java.util.Collection;
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.stereotype.Service;
+
+@Service
+public class AuthorisationService {
+
+  private final RoleAuthorizationAuthorityMapper roleAuthorizationAuthorityMapper =
+      new RoleAuthorizationAuthorityMapper();
+
+  public Object getUsername() {
+    return getPrincipal().getClaims().get("username");
+  }
+
+  private Authentication getAuthentication() {
+    return SecurityContextHolder.getContext().getAuthentication();
+  }
+
+  private Jwt getPrincipal() {
+    return (Jwt) getAuthentication().getPrincipal();
+  }
+
+  public Collection<GrantedAuthority> extractRealmAuthorities(Jwt jwt) {
+    var roles = extractRealmRoles(jwt);
+    return roleAuthorizationAuthorityMapper.mapAuthorities(
+        roles.stream().collect(Collectors.toSet()));
+  }
+
+  public Collection<String> extractRealmRoles(Jwt jwt) {
+    Map<String, Object> realmAccess = (Map<String, Object>) jwt.getClaims().get("realm_access");
+    if (realmAccess != null) {
+      var roles = (List<String>) realmAccess.get("roles");
+      if (roles != null) {
+        return roles;
+      }
+    }
+    return Lists.newArrayList();
+  }
+}
diff --git a/src/main/java/de/caritas/cob/liveservice/api/auth/Authority.java b/src/main/java/de/caritas/cob/liveservice/api/auth/Authority.java
new file mode 100644
index 0000000..91f2e9e
--- /dev/null
+++ b/src/main/java/de/caritas/cob/liveservice/api/auth/Authority.java
@@ -0,0 +1,46 @@
+package de.caritas.cob.liveservice.api.auth;
+
+import com.google.common.collect.Lists;
+import java.util.List;
+import java.util.stream.Stream;
+import lombok.Getter;
+
+/** Definition of all authorities and of the role-authority-mapping. */
+@Getter
+public enum Authority {
+  CONSULTANT(UserRole.CONSULTANT, "AUTHORIZATION_CONSULTANT_DEFAULT"),
+  USER(UserRole.USER, "AUTHORIZATION_USER_DEFAULT"),
+
+  JITSI_TECHNICAL(UserRole.JITSI_TECHNICAL, "AUTHORIZATION_JITSI_TECHNICAL_DEFAULT");
+
+  private final UserRole role;
+  private final List<String> authorities;
+
+  Authority(final UserRole role, final String authorityName) {
+    this.role = role;
+    this.authorities = Lists.newArrayList(authorityName);
+  }
+
+  /**
+   * Finds a {@link Authority} instance by given roleName.
+   *
+   * @param roleName the role name to search for
+   * @return the {@link Authority} instance
+   */
+  public static Authority fromRoleName(String roleName) {
+    return Stream.of(values())
+        .filter(authority -> authority.role.getValue().equals(roleName))
+        .findFirst()
+        .orElse(null);
+  }
+
+  public static class AuthorityValue {
+
+    private AuthorityValue() {}
+
+    public static final String PREFIX = "AUTHORIZATION_";
+    public static final String CONSULTANT = PREFIX + "CONSULTANT_DEFAULT";
+    public static final String USER = PREFIX + "USER_DEFAULT";
+    public static final String JITSI_TECHNICAL = PREFIX + "JITSI_TECHNICAL_DEFAULT";
+  }
+}
diff --git a/src/main/java/de/caritas/cob/liveservice/api/auth/JwtAuthConverter.java b/src/main/java/de/caritas/cob/liveservice/api/auth/JwtAuthConverter.java
new file mode 100644
index 0000000..17093e2
--- /dev/null
+++ b/src/main/java/de/caritas/cob/liveservice/api/auth/JwtAuthConverter.java
@@ -0,0 +1,61 @@
+package de.caritas.cob.liveservice.api.auth;
+
+import de.caritas.cob.liveservice.config.security.JwtAuthConverterProperties;
+import java.util.Collection;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+import lombok.NonNull;
+import lombok.RequiredArgsConstructor;
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.jwt.JwtClaimNames;
+import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
+import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
+import org.springframework.stereotype.Component;
+
+@Component
+@RequiredArgsConstructor
+public class JwtAuthConverter implements Converter<Jwt, AbstractAuthenticationToken> {
+
+  private final @NonNull AuthorisationService authorisationService;
+
+  private final JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter =
+      new JwtGrantedAuthoritiesConverter();
+
+  private final JwtAuthConverterProperties properties;
+
+  public JwtAuthConverter(
+      JwtAuthConverterProperties properties, AuthorisationService authorisationService) {
+    this.properties = properties;
+    this.authorisationService = authorisationService;
+  }
+
+  @Override
+  public AbstractAuthenticationToken convert(Jwt jwt) {
+    var authorities = getGrantedAuthorities(jwt);
+    return new JwtAuthenticationToken(jwt, authorities, getPrincipalClaimName(jwt));
+  }
+
+  private Collection<GrantedAuthority> getGrantedAuthorities(Jwt jwt) {
+    Collection<GrantedAuthority> convertedGrantedAuthorities =
+        jwtGrantedAuthoritiesConverter.convert(jwt);
+    if (convertedGrantedAuthorities != null) {
+      return Stream.concat(
+              convertedGrantedAuthorities.stream(),
+              authorisationService.extractRealmAuthorities(jwt).stream())
+          .collect(Collectors.toSet());
+    } else {
+      return authorisationService.extractRealmAuthorities(jwt);
+    }
+  }
+
+  private String getPrincipalClaimName(Jwt jwt) {
+    String claimName = JwtClaimNames.SUB;
+    if (properties.getPrincipalAttribute() != null) {
+      claimName = properties.getPrincipalAttribute();
+    }
+    return jwt.getClaim(claimName);
+  }
+}
diff --git a/src/main/java/de/caritas/cob/liveservice/api/auth/RoleAuthorizationAuthorityMapper.java b/src/main/java/de/caritas/cob/liveservice/api/auth/RoleAuthorizationAuthorityMapper.java
new file mode 100644
index 0000000..1169b19
--- /dev/null
+++ b/src/main/java/de/caritas/cob/liveservice/api/auth/RoleAuthorizationAuthorityMapper.java
@@ -0,0 +1,37 @@
+package de.caritas.cob.liveservice.api.auth;
+
+import java.util.Collection;
+import java.util.Objects;
+import java.util.Set;
+import java.util.stream.Collectors;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
+import org.springframework.stereotype.Component;
+
+/** Own implementation of the Spring GrantedAuthoritiesMapper. */
+@Component
+public class RoleAuthorizationAuthorityMapper implements GrantedAuthoritiesMapper {
+
+  @Override
+  public Collection<? extends GrantedAuthority> mapAuthorities(
+      Collection<? extends GrantedAuthority> authorities) {
+    Set<String> roleNames =
+        authorities.stream()
+            .map(GrantedAuthority::getAuthority)
+            .map(String::toLowerCase)
+            .collect(Collectors.toSet());
+
+    return mapAuthorities(roleNames);
+  }
+
+  public Set<GrantedAuthority> mapAuthorities(Set<String> roleNames) {
+    return roleNames.stream()
+        .map(Authority::fromRoleName)
+        .filter(Objects::nonNull)
+        .map(Authority::getAuthorities)
+        .flatMap(Collection::parallelStream)
+        .map(SimpleGrantedAuthority::new)
+        .collect(Collectors.toSet());
+  }
+}
diff --git a/src/main/java/de/caritas/cob/liveservice/api/auth/UserRole.java b/src/main/java/de/caritas/cob/liveservice/api/auth/UserRole.java
new file mode 100644
index 0000000..df55e6a
--- /dev/null
+++ b/src/main/java/de/caritas/cob/liveservice/api/auth/UserRole.java
@@ -0,0 +1,14 @@
+package de.caritas.cob.liveservice.api.auth;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+
+@AllArgsConstructor
+@Getter
+public enum UserRole {
+  USER("user"),
+  CONSULTANT("consultant"),
+  JITSI_TECHNICAL("jitsi-technical");
+
+  private final String value;
+}
diff --git a/src/main/java/de/caritas/cob/liveservice/config/security/JwtAuthConverterProperties.java b/src/main/java/de/caritas/cob/liveservice/config/security/JwtAuthConverterProperties.java
new file mode 100644
index 0000000..e3ff610
--- /dev/null
+++ b/src/main/java/de/caritas/cob/liveservice/config/security/JwtAuthConverterProperties.java
@@ -0,0 +1,16 @@
+package de.caritas.cob.liveservice.config.security;
+
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.validation.annotation.Validated;
+
+@Data
+@Validated
+@Configuration
+@ConfigurationProperties(prefix = "jwt.auth.converter")
+public class JwtAuthConverterProperties {
+
+  private String resourceId;
+  private String principalAttribute;
+}
diff --git a/src/main/java/de/caritas/cob/liveservice/config/security/WebSecurityConfig.java b/src/main/java/de/caritas/cob/liveservice/config/security/WebSecurityConfig.java
index bb566e7..7e477ea 100644
--- a/src/main/java/de/caritas/cob/liveservice/config/security/WebSecurityConfig.java
+++ b/src/main/java/de/caritas/cob/liveservice/config/security/WebSecurityConfig.java
@@ -1,16 +1,18 @@
 package de.caritas.cob.liveservice.config.security;
 
+import de.caritas.cob.liveservice.api.auth.AuthorisationService;
+import de.caritas.cob.liveservice.api.auth.JwtAuthConverter;
 import de.caritas.cob.liveservice.api.config.SpringFoxConfig;
 import org.keycloak.adapters.KeycloakConfigResolver;
 import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
 import org.keycloak.adapters.springsecurity.KeycloakConfiguration;
-import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy;
 import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
-import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.NegatedRequestMatcher;
 
@@ -18,36 +20,38 @@
  * Configuration class to provide the keycloak security configuration.
  */
 @KeycloakConfiguration
-public class WebSecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
+public class WebSecurityConfig {
 
-  /**
-   * Configures the basic http security behavior.
-   *
-   * @param http springs http security
-   */
-  @Override
-  protected void configure(HttpSecurity http) throws Exception {
-    http
+  @Autowired
+  AuthorisationService authorisationService;
+  @Autowired
+  JwtAuthConverterProperties jwtAuthConverterProperties;
+
+  @Bean
+  public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
+
+    httpSecurity
         .csrf().disable()
-        .authenticationProvider(keycloakAuthenticationProvider())
-        .addFilterBefore(keycloakAuthenticationProcessingFilter(), BasicAuthenticationFilter.class)
         .sessionManagement()
         .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
         .sessionAuthenticationStrategy(sessionAuthenticationStrategy())
         .and()
         .authorizeRequests()
-        .antMatchers(SpringFoxConfig.WHITE_LIST).permitAll()
+        .requestMatchers(SpringFoxConfig.WHITE_LIST).permitAll()
         .requestMatchers(new NegatedRequestMatcher(new AntPathRequestMatcher("/live"))).permitAll()
         .requestMatchers(new NegatedRequestMatcher(new AntPathRequestMatcher("/live/**")))
         .permitAll();
+
+    //httpSecurity.oauth2ResourceServer().jwt().jwtAuthenticationConverter(jwtAuthConverter());
+    return httpSecurity.build();
   }
 
-  /**
-   * Provides the authentication strategy.
-   *
-   * @return the configured {@link SessionAuthenticationStrategy}
-   */
-  @Override
+  @Bean
+  public JwtAuthConverter jwtAuthConverter() {
+    return new JwtAuthConverter(jwtAuthConverterProperties, authorisationService);
+  }
+
+
   protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
     return new NullAuthenticatedSessionStrategy();
   }
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 973dc64..2479cfb 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -28,4 +28,8 @@ logging.level.root=WARN
 management.endpoint.health.enabled=true
 management.endpoint.health.show-details=never
 management.endpoints.web.exposure.include=health
-management.health.probes.enabled=true
\ No newline at end of file
+management.health.probes.enabled=true
+spring.security.oauth2.resourceserver.jwt.issuer-uri: https://localhost/auth/realms/onlineberatung
+spring.security.oauth2.resourceserver.jwt.jwk-set-uri: https://localhost/auth/realms/onlineberatung/protocol/openid-connect/certs
+spring.jwt.auth.converter.resource-id: app
+spring.jwt.auth.converter.principal-attribute: preferred_username
\ No newline at end of file
diff --git a/src/test/java/de/caritas/cob/liveservice/StompClientIntegrationTest.java b/src/test/java/de/caritas/cob/liveservice/StompClientIntegrationTest.java
index f042c83..c129669 100644
--- a/src/test/java/de/caritas/cob/liveservice/StompClientIntegrationTest.java
+++ b/src/test/java/de/caritas/cob/liveservice/StompClientIntegrationTest.java
@@ -20,8 +20,8 @@
 import lombok.SneakyThrows;
 import org.junit.runner.RunWith;
 import org.keycloak.common.VerificationException;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.boot.web.server.LocalServerPort;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
@@ -57,7 +57,7 @@ public abstract class StompClientIntegrationTest extends AbstractJUnit4SpringCon
   private final StompSessionHandlerAdapter sessionHandler = new StompSessionHandlerAdapter() {
   };
 
-  @LocalServerPort
+  @Value("${server.port}")
   private Integer port;
 
   private final WebSocketStompClient socketStompClient = new WebSocketStompClient(

From 346d4a917db688a549367ef7a6822ccc19f182df Mon Sep 17 00:00:00 2001
From: tkuzynow <tomasz.kuzynowski@gmail.com>
Date: Mon, 22 Apr 2024 12:30:22 +0200
Subject: [PATCH 2/4] feat: move towards java 17 partial commit (part 2)

---
 .../CustomSwaggerApiResourceController.java   | 20 -------------------
 .../config/security/WebSecurityConfig.java    | 10 +++++++++-
 src/main/resources/application.properties     |  2 +-
 .../liveservice/LiveServiceApplicationIT.java |  4 ----
 .../StompClientIntegrationTest.java           |  6 +++---
 5 files changed, 13 insertions(+), 29 deletions(-)
 delete mode 100644 src/main/java/de/caritas/cob/liveservice/api/controller/CustomSwaggerApiResourceController.java

diff --git a/src/main/java/de/caritas/cob/liveservice/api/controller/CustomSwaggerApiResourceController.java b/src/main/java/de/caritas/cob/liveservice/api/controller/CustomSwaggerApiResourceController.java
deleted file mode 100644
index 75221be..0000000
--- a/src/main/java/de/caritas/cob/liveservice/api/controller/CustomSwaggerApiResourceController.java
+++ /dev/null
@@ -1,20 +0,0 @@
-package de.caritas.cob.liveservice.api.controller;
-
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.RequestMapping;
-import springfox.documentation.annotations.ApiIgnore;
-import springfox.documentation.swagger.web.ApiResourceController;
-import springfox.documentation.swagger.web.SwaggerResourcesProvider;
-
-@Controller
-@ApiIgnore
-@RequestMapping(value = "${springfox.docuPath}" + "/swagger-resources")
-public class CustomSwaggerApiResourceController extends ApiResourceController {
-
-  public static final String SWAGGER_UI_BASE_URL = "/liveevent/docs";
-
-  public CustomSwaggerApiResourceController(SwaggerResourcesProvider swaggerResources) {
-    super(swaggerResources, SWAGGER_UI_BASE_URL);
-  }
-
-}
diff --git a/src/main/java/de/caritas/cob/liveservice/config/security/WebSecurityConfig.java b/src/main/java/de/caritas/cob/liveservice/config/security/WebSecurityConfig.java
index 7e477ea..42e491a 100644
--- a/src/main/java/de/caritas/cob/liveservice/config/security/WebSecurityConfig.java
+++ b/src/main/java/de/caritas/cob/liveservice/config/security/WebSecurityConfig.java
@@ -5,8 +5,10 @@
 import de.caritas.cob.liveservice.api.config.SpringFoxConfig;
 import org.keycloak.adapters.KeycloakConfigResolver;
 import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
+import org.keycloak.adapters.springboot.KeycloakSpringBootProperties;
 import org.keycloak.adapters.springsecurity.KeycloakConfiguration;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.http.SessionCreationPolicy;
@@ -42,7 +44,7 @@ public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Excepti
         .requestMatchers(new NegatedRequestMatcher(new AntPathRequestMatcher("/live/**")))
         .permitAll();
 
-    //httpSecurity.oauth2ResourceServer().jwt().jwtAuthenticationConverter(jwtAuthConverter());
+    httpSecurity.oauth2ResourceServer().jwt().jwtAuthenticationConverter(jwtAuthConverter());
     return httpSecurity.build();
   }
 
@@ -66,4 +68,10 @@ public KeycloakConfigResolver keycloakConfigResolver() {
     return new KeycloakSpringBootConfigResolver();
   }
 
+  @Bean
+  @ConfigurationProperties(prefix = "keycloak", ignoreUnknownFields = false)
+  public KeycloakSpringBootProperties keycloakSpringBootProperties() {
+    return new KeycloakSpringBootProperties();
+  }
+
 }
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 2479cfb..9ebf1d2 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -1,7 +1,7 @@
 spring.main.allow-bean-definition-overriding=true
 keycloak.auth-server-url=
 keycloak.realm=
-keycloak.resource=
+keycloak.resource=resource1221
 keycloak.disable-trust-manager=true
 
 app.base.url=
diff --git a/src/test/java/de/caritas/cob/liveservice/LiveServiceApplicationIT.java b/src/test/java/de/caritas/cob/liveservice/LiveServiceApplicationIT.java
index fec4b72..e4b69f0 100644
--- a/src/test/java/de/caritas/cob/liveservice/LiveServiceApplicationIT.java
+++ b/src/test/java/de/caritas/cob/liveservice/LiveServiceApplicationIT.java
@@ -20,7 +20,6 @@
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
-import de.caritas.cob.liveservice.api.controller.CustomSwaggerApiResourceController;
 import de.caritas.cob.liveservice.api.model.LiveEventMessage;
 import de.caritas.cob.liveservice.api.model.VideoCallRequestDTO;
 import de.caritas.cob.liveservice.websocket.model.WebSocketUserSession;
@@ -43,9 +42,6 @@
 @TestPropertySource(properties = "spring.profiles.active=testing")
 class LiveServiceApplicationIT extends StompClientIntegrationTest {
 
-  @MockBean
-  private CustomSwaggerApiResourceController customSwaggerApiResourceController;
-
   @Autowired
   private SocketUserRegistry socketUserRegistry;
 
diff --git a/src/test/java/de/caritas/cob/liveservice/StompClientIntegrationTest.java b/src/test/java/de/caritas/cob/liveservice/StompClientIntegrationTest.java
index c129669..7baeb6e 100644
--- a/src/test/java/de/caritas/cob/liveservice/StompClientIntegrationTest.java
+++ b/src/test/java/de/caritas/cob/liveservice/StompClientIntegrationTest.java
@@ -20,8 +20,8 @@
 import lombok.SneakyThrows;
 import org.junit.runner.RunWith;
 import org.keycloak.common.VerificationException;
-import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.web.server.LocalServerPort;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Import;
@@ -57,8 +57,8 @@ public abstract class StompClientIntegrationTest extends AbstractJUnit4SpringCon
   private final StompSessionHandlerAdapter sessionHandler = new StompSessionHandlerAdapter() {
   };
 
-  @Value("${server.port}")
-  private Integer port;
+  @LocalServerPort
+  private int port;
 
   private final WebSocketStompClient socketStompClient = new WebSocketStompClient(
       new SockJsClient(singletonList(new WebSocketTransport(new StandardWebSocketClient()))));

From 21fe2dce32e41d23a6697bb8865b7e8f1f8c89fc Mon Sep 17 00:00:00 2001
From: tkuzynow <tomasz.kuzynowski@gmail.com>
Date: Mon, 22 Apr 2024 13:54:02 +0200
Subject: [PATCH 3/4] feat: remove deprecated docker registry

---
 .github/workflows/dockerImage.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dockerImage.yml b/.github/workflows/dockerImage.yml
index 897a241..c6bee83 100644
--- a/.github/workflows/dockerImage.yml
+++ b/.github/workflows/dockerImage.yml
@@ -62,7 +62,7 @@ jobs:
   push_to_registry:
     strategy:
       matrix:
-        registry: ["docker.pkg.github.com", "ghcr.io"]
+        registry: ["ghcr.io"]
     needs: [test]
     name: Push Docker image to GitHub Packages
     runs-on: ubuntu-latest

From 3074ed6b3a3b5db1672021b707d52edec81cade7 Mon Sep 17 00:00:00 2001
From: tkuzynow <tomasz.kuzynowski@gmail.com>
Date: Mon, 22 Apr 2024 14:17:59 +0200
Subject: [PATCH 4/4] feat: enable live service debugging

---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 8fdee16..4f1a568 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,4 +3,4 @@ VOLUME ["/tmp","/log"]
 EXPOSE 8080
 ARG JAR_FILE
 COPY ./LiveService.jar app.jar
-ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"]
+ENTRYPOINT ["java","-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:5005","-Djava.security.egd=file:/dev/./urandom","-jar","/app.jar"]