diff --git a/data-api/build.gradle b/data-api/build.gradle index e87c68ea..1c24a417 100644 --- a/data-api/build.gradle +++ b/data-api/build.gradle @@ -6,9 +6,9 @@ apply plugin: 'uk.gov.laa.ccms.springboot.laa-ccms-spring-boot-gradle-plugin' dependencies { + implementation 'io.swagger.core.v3:swagger-annotations:2.2.22' implementation 'org.springframework.boot:spring-boot-starter-web' implementation 'org.springframework.data:spring-data-commons' - implementation 'org.springdoc:springdoc-openapi-ui:1.7.0' implementation 'com.google.code.findbugs:jsr305:3.0.2' implementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-yaml' implementation 'com.fasterxml.jackson.datatype:jackson-datatype-jsr310' @@ -43,7 +43,9 @@ openApiGenerate { skipDefaultInterface : "true", useJakartaEe : "true", documentationProvider : "none", - serializableModel : "true" + serializableModel : "true", + annotationLibrary : "swagger2", + useSpringBoot3 : "true" ] } diff --git a/data-api/open-api-specification.yml b/data-api/open-api-specification.yml index 60cca900..d586dda0 100644 --- a/data-api/open-api-specification.yml +++ b/data-api/open-api-specification.yml @@ -27,6 +27,8 @@ paths: description: 'Bad request' '401': description: 'Unauthorized' + '403': + description: 'Forbidden' '404': description: 'Not found' '500': @@ -56,6 +58,8 @@ paths: description: 'Bad request' '401': description: 'Unauthorized' + '403': + description: 'Forbidden' '404': description: 'Not found' '500': @@ -85,6 +89,8 @@ paths: description: 'Bad request' '401': description: 'Unauthorized' + '403': + description: 'Forbidden' '404': description: 'Not found' '500': @@ -143,6 +149,8 @@ paths: description: 'Bad request' '401': description: 'Unauthorized' + '403': + description: 'Forbidden' '404': description: 'Not found' '500': @@ -172,6 +180,8 @@ paths: description: 'Bad request' '401': description: 'Unauthorized' + '403': + description: 'Forbidden' '404': description: 'Not found' '500': @@ -265,6 +275,8 @@ paths: description: 'Bad request' '401': description: 'Unauthorized' + '403': + description: 'Forbidden' '404': description: 'Not found' '500': @@ -298,6 +310,8 @@ paths: description: 'Bad request' '401': description: 'Unauthorized' + '403': + description: 'Forbidden' '404': description: 'Not found' '500': @@ -326,6 +340,8 @@ paths: description: 'Bad request' '401': description: 'Unauthorized' + '403': + description: 'Forbidden' '404': description: 'Not found' '500': @@ -354,6 +370,8 @@ paths: description: 'Bad request' '401': description: 'Unauthorized' + '403': + description: 'Forbidden' '404': description: 'Not found' '500': @@ -387,6 +405,8 @@ paths: description: 'Bad request' '401': description: 'Unauthorized' + '403': + description: 'Forbidden' '404': description: 'Not found' '500': @@ -420,6 +440,8 @@ paths: description: 'Bad request' '401': description: 'Unauthorized' + '403': + description: 'Forbidden' '404': description: 'Not found' '500': @@ -453,6 +475,8 @@ paths: description: 'Bad request' '401': description: 'Unauthorized' + '403': + description: 'Forbidden' '404': description: 'Not found' '500': @@ -486,6 +510,8 @@ paths: description: 'Bad request' '401': description: 'Unauthorized' + '403': + description: 'Forbidden' '404': description: 'Not found' '500': @@ -519,6 +545,8 @@ paths: description: 'Bad request' '401': description: 'Unauthorized' + '403': + description: 'Forbidden' '404': description: 'Not found' '500': @@ -552,6 +580,8 @@ paths: description: 'Bad request' '401': description: 'Unauthorized' + '403': + description: 'Forbidden' '404': description: 'Not found' '500': @@ -590,6 +620,8 @@ paths: description: 'Bad request' '401': description: 'Unauthorized' + '403': + description: 'Forbidden' '404': description: 'Not found' '500': @@ -628,6 +660,8 @@ paths: description: 'Bad request' '401': description: 'Unauthorized' + '403': + description: 'Forbidden' '404': description: 'Not found' '500': @@ -666,6 +700,8 @@ paths: description: 'Bad request' '401': description: 'Unauthorized' + '403': + description: 'Forbidden' '404': description: 'Not found' '500': @@ -699,6 +735,8 @@ paths: description: 'Bad request' '401': description: 'Unauthorized' + '403': + description: 'Forbidden' '404': description: 'Not found' '500': @@ -734,6 +772,8 @@ paths: description: 'Bad request' '401': description: 'Unauthorized' + '403': + description: 'Forbidden' '404': description: 'Not found' '500': @@ -776,11 +816,18 @@ paths: description: 'Bad request' '401': description: 'Unauthorized' + '403': + description: 'Forbidden' '404': description: 'Not found' '500': description: 'Internal server error' components: + securitySchemes: + ApiKeyAuth: + type: apiKey + in: header + name: Authorization schemas: baseOffice: type: 'object' @@ -1273,3 +1320,5 @@ components: size: type: 'integer' +security: + - ApiKeyAuth: [] diff --git a/data-service/build.gradle b/data-service/build.gradle index ab7857dd..e57ab4b4 100644 --- a/data-service/build.gradle +++ b/data-service/build.gradle @@ -6,8 +6,11 @@ dependencies { implementation 'org.springframework.boot:spring-boot-starter-data-jpa' implementation 'org.springframework.boot:spring-boot-starter-web' + //Enable access token authentication + implementation 'uk.gov.laa.ccms.springboot:laa-ccms-spring-boot-starter-auth:0.0.3-b2f8726-SNAPSHOT' + //Enable Swagger UI - implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.2.0' + implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.5.0' implementation files('lib/ojdbc8.jar') diff --git a/data-service/src/integrationTest/java/uk/gov/laa/ccms/data/IntegrationTestInterface.java b/data-service/src/integrationTest/java/uk/gov/laa/ccms/data/IntegrationTestInterface.java index 5a8bcfd7..c2e56f28 100644 --- a/data-service/src/integrationTest/java/uk/gov/laa/ccms/data/IntegrationTestInterface.java +++ b/data-service/src/integrationTest/java/uk/gov/laa/ccms/data/IntegrationTestInterface.java @@ -19,6 +19,10 @@ static void properties(DynamicPropertyRegistry registry) { registry.add("spring.datasource.url", oracleContainerSingleton.getOracleContainer()::getJdbcUrl); registry.add("spring.datasource.username", oracleContainerSingleton.getOracleContainer()::getUsername); registry.add("spring.datasource.password", oracleContainerSingleton.getOracleContainer()::getPassword); + + registry.add("laa.ccms.springboot.starter.auth.authorized-clients", () -> "[{\"name\":\"caab-ui\",\"roles\":[\"ALL\"],\"token\":\"d594f93f-e767-4b88-a9e9-2913441edfba\"}]"); + registry.add("laa.ccms.springboot.starter.auth.authorized-roles", () -> "[{\"name\":\"ALL\",\"URIs\":[\"/**\"]}]"); + registry.add("laa.ccms.springboot.starter.auth.unprotected-uris", () -> "[\"\"]"); } } diff --git a/data-service/src/main/resources/application-local.yml b/data-service/src/main/resources/application-local.yml index f814ed06..a2793231 100644 --- a/data-service/src/main/resources/application-local.yml +++ b/data-service/src/main/resources/application-local.yml @@ -11,4 +11,25 @@ spring: ddl-auto: none server: - port: 8009 \ No newline at end of file + port: 8009 + +laa.ccms.springboot.starter.auth: + authentication-header: "Authorization" + authorized-clients: '[ + { + "name": "caab-ui", + "roles": [ + "ALL" + ], + "token": "d594f93f-e767-4b88-a9e9-2913441edfba" + } + ]' + authorized-roles: '[ + { + "name": "ALL", + "URIs": [ + "/**" + ] + } + ]' + unprotected-uris: [ "/swagger-ui.html", "/swagger-ui/**", "/v3/api-docs/**", "/favicon.ico", "/open-api-specification.yml"] diff --git a/data-service/src/main/resources/application.yml b/data-service/src/main/resources/application.yml index edb6ff16..3b147835 100644 --- a/data-service/src/main/resources/application.yml +++ b/data-service/src/main/resources/application.yml @@ -10,5 +10,8 @@ spring: hibernate: ddl-auto: none - - +laa.ccms.springboot.starter.auth: + authentication-header: "Authorization" + authorized-clients: ${AUTHORIZED_CLIENTS} + authorized-roles: ${AUTHORIZED_ROLES} + unprotected-uris: ${UNPROTECTED_URIS} diff --git a/data-service/src/test/resources/application.yml b/data-service/src/test/resources/application.yml index fd9781d9..63b3e949 100644 --- a/data-service/src/test/resources/application.yml +++ b/data-service/src/test/resources/application.yml @@ -5,4 +5,25 @@ spring: jpa: database-platform: org.hibernate.dialect.H2Dialect hibernate: - ddl-auto: none \ No newline at end of file + ddl-auto: none + +laa.ccms.springboot.starter.auth: + authentication-header: "Authorization" + authorized-clients: '[ + { + "name": "test-runner", + "roles": [ + "ALL" + ], + "token": "d594f93f-e767-4b88-a9e9-2913441edfba" + } + ]' + authorized-roles: '[ + { + "name": "ALL", + "URIs": [ + "/**" + ] + } + ]' + unprotected-uris: [ "" ]