From 933571773fab75a3b992a1696e7809b292780238 Mon Sep 17 00:00:00 2001 From: Rui Han Date: Wed, 17 Apr 2024 14:48:45 +0800 Subject: [PATCH] Use indy-security CustomClientRequestFilter (#55) --- .../client/CustomClientRequestFilter.java | 61 ------------------- .../client/content/ContentService.java | 2 +- .../client/content/MaintenanceService.java | 2 +- .../client/promote/PromoteService.java | 2 +- src/main/resources/application.yaml | 8 +++ 5 files changed, 11 insertions(+), 64 deletions(-) delete mode 100644 src/main/java/org/commonjava/indy/service/tracking/client/CustomClientRequestFilter.java diff --git a/src/main/java/org/commonjava/indy/service/tracking/client/CustomClientRequestFilter.java b/src/main/java/org/commonjava/indy/service/tracking/client/CustomClientRequestFilter.java deleted file mode 100644 index 3f2c8b0..0000000 --- a/src/main/java/org/commonjava/indy/service/tracking/client/CustomClientRequestFilter.java +++ /dev/null @@ -1,61 +0,0 @@ -/** - * Copyright (C) 2022-2023 Red Hat, Inc. (https://github.com/Commonjava/indy-tracking-service) - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.commonjava.indy.service.tracking.client; - -import io.quarkus.oidc.client.OidcClient; -import io.quarkus.oidc.client.Tokens; -import org.eclipse.microprofile.config.inject.ConfigProperty; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import jakarta.annotation.Priority; -import jakarta.inject.Inject; -import jakarta.ws.rs.Priorities; -import jakarta.ws.rs.client.ClientRequestContext; -import jakarta.ws.rs.client.ClientRequestFilter; -import jakarta.ws.rs.core.HttpHeaders; -import jakarta.ws.rs.ext.Provider; -import java.io.IOException; - -@Provider -@Priority( Priorities.AUTHENTICATION ) -public class CustomClientRequestFilter - implements ClientRequestFilter -{ - private final Logger logger = LoggerFactory.getLogger( getClass() ); - - @Inject - OidcClient client; - - @ConfigProperty( name = "indy_security.enabled" ) - boolean securityEnabled; - - private volatile Tokens tokens; - - @Override - public void filter( ClientRequestContext requestContext ) throws IOException - { - if ( securityEnabled ) - { - if ( tokens == null || tokens.isAccessTokenExpired() ) - { - logger.debug( "Security enabled, get oidc Tokens" ); - tokens = client.getTokens().await().indefinitely(); - } - requestContext.getHeaders().add( HttpHeaders.AUTHORIZATION, "Bearer " + tokens.getAccessToken() ); - } - } -} diff --git a/src/main/java/org/commonjava/indy/service/tracking/client/content/ContentService.java b/src/main/java/org/commonjava/indy/service/tracking/client/content/ContentService.java index fc6a0d4..c352239 100644 --- a/src/main/java/org/commonjava/indy/service/tracking/client/content/ContentService.java +++ b/src/main/java/org/commonjava/indy/service/tracking/client/content/ContentService.java @@ -15,7 +15,7 @@ */ package org.commonjava.indy.service.tracking.client.content; -import org.commonjava.indy.service.tracking.client.CustomClientRequestFilter; +import org.commonjava.indy.service.security.jaxrs.CustomClientRequestFilter; import org.commonjava.indy.service.tracking.model.dto.ContentDTO; import org.commonjava.indy.service.tracking.model.dto.ContentTransferDTO; import org.eclipse.microprofile.rest.client.annotation.RegisterProvider; diff --git a/src/main/java/org/commonjava/indy/service/tracking/client/content/MaintenanceService.java b/src/main/java/org/commonjava/indy/service/tracking/client/content/MaintenanceService.java index a43bc17..253f3ab 100644 --- a/src/main/java/org/commonjava/indy/service/tracking/client/content/MaintenanceService.java +++ b/src/main/java/org/commonjava/indy/service/tracking/client/content/MaintenanceService.java @@ -15,7 +15,7 @@ */ package org.commonjava.indy.service.tracking.client.content; -import org.commonjava.indy.service.tracking.client.CustomClientRequestFilter; +import org.commonjava.indy.service.security.jaxrs.CustomClientRequestFilter; import org.eclipse.microprofile.rest.client.annotation.RegisterProvider; import org.eclipse.microprofile.rest.client.inject.RegisterRestClient; diff --git a/src/main/java/org/commonjava/indy/service/tracking/client/promote/PromoteService.java b/src/main/java/org/commonjava/indy/service/tracking/client/promote/PromoteService.java index 740b9dd..40f43f9 100644 --- a/src/main/java/org/commonjava/indy/service/tracking/client/promote/PromoteService.java +++ b/src/main/java/org/commonjava/indy/service/tracking/client/promote/PromoteService.java @@ -15,7 +15,7 @@ */ package org.commonjava.indy.service.tracking.client.promote; -import org.commonjava.indy.service.tracking.client.CustomClientRequestFilter; +import org.commonjava.indy.service.security.jaxrs.CustomClientRequestFilter; import org.eclipse.microprofile.rest.client.annotation.RegisterProvider; import org.eclipse.microprofile.rest.client.inject.RegisterRestClient; diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index 7bb14c0..2cdae43 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -14,6 +14,14 @@ quarkus: verification: none token: issuer: any + oidc-client: + auth-server-url: "keycloak_server_url/realms/your_realm" + client-id: your_client_id + credentials: + secret: your_secret + refresh-token-time-skew: 60 + early-tokens-acquisition: false + "%dev": quarkus: kubernetes-config: