From 8f9623205c22a937cf270713a5aa1c8d1833fc3f Mon Sep 17 00:00:00 2001
From: Nikhil Sadaphal <nikhil.sadaphal@appdirect.com>
Date: Thu, 21 Jan 2021 10:32:08 +0530
Subject: [PATCH 1/4] Removing unused dependency

---
 pom.xml | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/pom.xml b/pom.xml
index 8faa2921..ec2ed0a3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -48,16 +48,6 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-actuator</artifactId>
         </dependency>
-        <dependency>
-            <groupId>com.appdirect.authz</groupId>
-            <artifactId>authz-spring</artifactId>
-            <version>0.1.9</version>
-        </dependency>
-        <dependency>
-            <groupId>com.appdirect.authz</groupId>
-            <artifactId>authz-sdk-cached-signing-key-service</artifactId>
-            <version>0.1.9</version>
-        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
@@ -205,11 +195,6 @@
             <artifactId>jackson-datatype-jsr310</artifactId>
             <version>2.6.1</version>
         </dependency>
-        <dependency>
-            <groupId>org.springframework.security.oauth</groupId>
-            <artifactId>spring-security-oauth2</artifactId>
-            <version>2.0.52</version>
-        </dependency>
     </dependencies>
 
     <build>

From dfcb609bdcb514afa234e07a1e97d0c592d08166 Mon Sep 17 00:00:00 2001
From: Nikhil Sadaphal <nikhil.sadaphal@appdirect.com>
Date: Thu, 21 Jan 2021 10:35:15 +0530
Subject: [PATCH 2/4] Adding hook for getting filter from connector

---
 ...perSpecificOAuth2AuthorizationService.java | 15 +++++
 ...erSpecificOAuth2AuthorizationSupplier.java | 19 ++++++
 ...ecificOAuth2AuthorizationSupplierImpl.java | 16 +++++
 .../sdk/web/oauth/SecurityConfiguration.java  | 58 ++++++++++++++-----
 4 files changed, 95 insertions(+), 13 deletions(-)
 create mode 100644 src/main/java/com/appdirect/sdk/web/oauth/DeveloperSpecificOAuth2AuthorizationService.java
 create mode 100644 src/main/java/com/appdirect/sdk/web/oauth/DeveloperSpecificOAuth2AuthorizationSupplier.java
 create mode 100644 src/main/java/com/appdirect/sdk/web/oauth/DeveloperSpecificOAuth2AuthorizationSupplierImpl.java

diff --git a/src/main/java/com/appdirect/sdk/web/oauth/DeveloperSpecificOAuth2AuthorizationService.java b/src/main/java/com/appdirect/sdk/web/oauth/DeveloperSpecificOAuth2AuthorizationService.java
new file mode 100644
index 00000000..60447b71
--- /dev/null
+++ b/src/main/java/com/appdirect/sdk/web/oauth/DeveloperSpecificOAuth2AuthorizationService.java
@@ -0,0 +1,15 @@
+package com.appdirect.sdk.web.oauth;
+
+import javax.servlet.Filter;
+
+public class DeveloperSpecificOAuth2AuthorizationService {
+    private final DeveloperSpecificOAuth2AuthorizationSupplier oAuth2AuthorizationSupplier;
+
+    DeveloperSpecificOAuth2AuthorizationService(DeveloperSpecificOAuth2AuthorizationSupplier oAuth2AuthorizationSupplier) {
+        this.oAuth2AuthorizationSupplier = oAuth2AuthorizationSupplier;
+    }
+
+    public Filter getOAuth2Filter() {
+        return oAuth2AuthorizationSupplier.getOAuth2Filter();
+    }
+}
diff --git a/src/main/java/com/appdirect/sdk/web/oauth/DeveloperSpecificOAuth2AuthorizationSupplier.java b/src/main/java/com/appdirect/sdk/web/oauth/DeveloperSpecificOAuth2AuthorizationSupplier.java
new file mode 100644
index 00000000..8a73cce1
--- /dev/null
+++ b/src/main/java/com/appdirect/sdk/web/oauth/DeveloperSpecificOAuth2AuthorizationSupplier.java
@@ -0,0 +1,19 @@
+package com.appdirect.sdk.web.oauth;
+
+import javax.servlet.Filter;
+
+/**
+ * Implementations of this interface provide a way for the service-integration-sdk
+ * to retrieve the developer credentials. Each SDK client application must contain a bean
+ * of this type in its application context in order for the communication with AppMarket to work.
+ */
+@FunctionalInterface
+public interface DeveloperSpecificOAuth2AuthorizationSupplier {
+
+    /**
+     * Returns the oAuth2 Filter
+     *
+     * @return the Filter to authorize incoming requests
+     */
+    Filter getOAuth2Filter();
+}
diff --git a/src/main/java/com/appdirect/sdk/web/oauth/DeveloperSpecificOAuth2AuthorizationSupplierImpl.java b/src/main/java/com/appdirect/sdk/web/oauth/DeveloperSpecificOAuth2AuthorizationSupplierImpl.java
new file mode 100644
index 00000000..4485dbf8
--- /dev/null
+++ b/src/main/java/com/appdirect/sdk/web/oauth/DeveloperSpecificOAuth2AuthorizationSupplierImpl.java
@@ -0,0 +1,16 @@
+package com.appdirect.sdk.web.oauth;
+
+import javax.servlet.Filter;
+
+public class DeveloperSpecificOAuth2AuthorizationSupplierImpl implements DeveloperSpecificOAuth2AuthorizationSupplier{
+    private final Filter oAuth2Filter;
+
+    public DeveloperSpecificOAuth2AuthorizationSupplierImpl(Filter oAuth2Filter) {
+        this.oAuth2Filter = oAuth2Filter;
+    }
+
+    @Override
+    public Filter getOAuth2Filter() {
+        return oAuth2Filter;
+    }
+}
diff --git a/src/main/java/com/appdirect/sdk/web/oauth/SecurityConfiguration.java b/src/main/java/com/appdirect/sdk/web/oauth/SecurityConfiguration.java
index 1577148a..ee748bf0 100644
--- a/src/main/java/com/appdirect/sdk/web/oauth/SecurityConfiguration.java
+++ b/src/main/java/com/appdirect/sdk/web/oauth/SecurityConfiguration.java
@@ -14,11 +14,15 @@
 package com.appdirect.sdk.web.oauth;
 
 import static java.util.Arrays.asList;
+import static org.springframework.http.HttpStatus.UNAUTHORIZED;
+import static org.springframework.security.config.http.SessionCreationPolicy.STATELESS;
 import static org.springframework.util.CollectionUtils.isEmpty;
 
 import java.util.ArrayList;
 import java.util.List;
 
+import javax.servlet.Filter;
+
 import lombok.extern.slf4j.Slf4j;
 
 import org.springframework.beans.factory.annotation.Autowired;
@@ -27,7 +31,6 @@
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.oauth.provider.ConsumerDetailsService;
 import org.springframework.security.oauth.provider.OAuthProcessingFilterEntryPoint;
 import org.springframework.security.oauth.provider.OAuthProviderSupport;
@@ -35,7 +38,9 @@
 import org.springframework.security.oauth.provider.filter.ProtectedResourceProcessingFilter;
 import org.springframework.security.oauth.provider.token.InMemorySelfCleaningProviderTokenServices;
 import org.springframework.security.oauth.provider.token.OAuthProviderTokenServices;
+import org.springframework.security.web.authentication.HttpStatusEntryPoint;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.header.HeaderWriterFilter;
 
 import com.appdirect.sdk.appmarket.DeveloperSpecificAppmarketCredentialsSupplier;
 import com.appdirect.sdk.web.oauth.model.OpenIdCustomUrlPattern;
@@ -47,6 +52,9 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
 	@Autowired
 	private DeveloperSpecificAppmarketCredentialsSupplier credentialsSupplier;
 
+	@Autowired
+	private DeveloperSpecificOAuth2AuthorizationSupplier oAuth2AuthorizationSupplier;
+
 	@Bean
 	public OpenIdCustomUrlPattern openIdUrlPatterns() {
 		return new OpenIdCustomUrlPattern();
@@ -57,11 +65,21 @@ public ConsumerDetailsService consumerDetailsService() {
 		return new DeveloperSpecificAppmarketCredentialsConsumerDetailsService(credentialsSupplier);
 	}
 
+	@Bean
+	public DeveloperSpecificOAuth2AuthorizationService oAuth2consumerDetailsService() {
+		return new DeveloperSpecificOAuth2AuthorizationService(oAuth2AuthorizationSupplier);
+	}
+
 	@Bean
 	public OAuthProviderTokenServices oauthProviderTokenServices() {
 		return new InMemorySelfCleaningProviderTokenServices();
 	}
 
+	@Bean
+	public Filter oAuth2SignatureCheckingFilter() {
+		return oAuth2consumerDetailsService().getOAuth2Filter();
+	}
+
 	@Bean
 	public OAuthProcessingFilterEntryPoint oAuthProcessingFilterEntryPoint() {
 		return new OAuthProcessingFilterEntryPoint();
@@ -91,25 +109,39 @@ public RequestIdFilter requestIdFilter() {
 		return new RequestIdFilter();
 	}
 
+
 	@Override
 	protected void configure(HttpSecurity http) throws Exception {
-		String[] securedUrlPatterns = createSecuredUrlPatterns();
+		mainConfiguration(http);
+		authZProtectionOnApi(http);
+	}
 
+	private void mainConfiguration(HttpSecurity http) throws Exception {
 		http
-				.authorizeRequests()
-				.antMatchers("/unsecured/**")
-				.permitAll()
-					.and()
 				.requestMatchers()
-					.antMatchers(securedUrlPatterns)
-					.and()
-				.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
-					.and()
+				.antMatchers("/api/v1/integration/**", "/api/v1/domainassociation/**", "/api/v1/migration/**", "/api/v1/restrictions/**")
+				.and()
+				.cors().disable()
 				.csrf().disable()
-				.authorizeRequests().anyRequest().authenticated()
-					.and()
+				.logout().disable()
+				.x509().disable()
+				.formLogin().disable()
+				.httpBasic().disable()
+				.rememberMe().disable()
+				.sessionManagement().sessionCreationPolicy(STATELESS)
+				.and()
+				.addFilterAfter(oAuth2SignatureCheckingFilter(), HeaderWriterFilter.class)
 				.addFilterBefore(oAuthSignatureCheckingFilter(), UsernamePasswordAuthenticationFilter.class)
-				.addFilterBefore(requestIdFilter(), ProtectedResourceProcessingFilter.class);
+				.exceptionHandling().authenticationEntryPoint(new HttpStatusEntryPoint(UNAUTHORIZED));
+	}
+
+
+	private void authZProtectionOnApi(HttpSecurity http) throws Exception {
+		http
+				.authorizeRequests()
+				.antMatchers("/unsecured/**").permitAll()
+				.antMatchers("/api/v1/integration/**", "/api/v1/domainassociation/**", "/api/v1/migration/**", "/api/v1/restrictions/**")
+				.authenticated();
 	}
 
 	private String[] createSecuredUrlPatterns() {

From 9ffec435a8a8f40f3ae18642d0557dd229a6a25c Mon Sep 17 00:00:00 2001
From: Nikhil Sadaphal <nikhil.sadaphal@appdirect.com>
Date: Thu, 21 Jan 2021 10:35:36 +0530
Subject: [PATCH 3/4] removing unused class

---
 .../web/oauth/OAuth2SecurityConfiguraton.java | 58 -------------------
 1 file changed, 58 deletions(-)
 delete mode 100644 src/main/java/com/appdirect/sdk/web/oauth/OAuth2SecurityConfiguraton.java

diff --git a/src/main/java/com/appdirect/sdk/web/oauth/OAuth2SecurityConfiguraton.java b/src/main/java/com/appdirect/sdk/web/oauth/OAuth2SecurityConfiguraton.java
deleted file mode 100644
index 9ae3a6a5..00000000
--- a/src/main/java/com/appdirect/sdk/web/oauth/OAuth2SecurityConfiguraton.java
+++ /dev/null
@@ -1,58 +0,0 @@
-package com.appdirect.sdk.web.oauth;
-
-import lombok.extern.slf4j.Slf4j;
-
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.oauth2.provider.authentication.BearerTokenExtractor;
-import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationManager;
-import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter;
-import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
-
-
-@Slf4j
-@Configuration
-public class OAuth2SecurityConfiguraton {
-
-
-    @Bean
-    public OAuth2AuthenticationProcessingFilter filter(){
-        return  new OAuth2AuthenticationProcessingFilter();
-    }
-
-    @Bean
-    public BearerTokenExtractor tokenExtractor(){
-        return new BearerTokenExtractor();
-    }
-
-    @Bean
-    public OAuth2AuthenticationManager manager(){
-        return new OAuth2AuthenticationManager();
-    }
-
-    public OAuth2AuthenticationProcessingFilter getOAuth2Filter() {
-        // configure token Extractor
-        // BearerTokenExtractor tokenExtractor = new BearerTokenExtractor();
-        // log.info("tokenExtractor is {}", tokenExtractor.toString());
-        // configure Auth manager
-        OAuth2AuthenticationManager manager = manager();
-        // configure RemoteTokenServices with your client Id and auth server endpoint
-        manager.setTokenServices(tokenService());
-
-        OAuth2AuthenticationProcessingFilter filter =  filter();
-        filter.setTokenExtractor(tokenExtractor());
-        filter.setAuthenticationManager(manager);
-        log.info("filter is {}", filter.toString());
-        return filter;
-    }
-
-    @Bean
-    public RemoteTokenServices tokenService() {
-        RemoteTokenServices tokenService = new RemoteTokenServices();
-        //tokenService.setCheckTokenEndpointUrl( "localhost:8080/spring-security-oauth-server/oauth/…");
-        tokenService.setClientId("UF1iM3f25M");
-        tokenService.setClientSecret("mYLa1YoDYUGn8PWDNzhc");
-        log.info("tokenService is {}", tokenService.toString());
-        return tokenService;
-    }
-}

From f4d1edc62fe65acd2385cb32aac7a63c3db9d82a Mon Sep 17 00:00:00 2001
From: Nikhil Sadaphal <nikhil.sadaphal@appdirect.com>
Date: Thu, 21 Jan 2021 10:36:28 +0530
Subject: [PATCH 4/4] removing unused repositories

---
 pom.xml | 13 +------------
 1 file changed, 1 insertion(+), 12 deletions(-)

diff --git a/pom.xml b/pom.xml
index ec2ed0a3..a6bd9ebf 100644
--- a/pom.xml
+++ b/pom.xml
@@ -30,18 +30,7 @@
         <artifactId>spring-boot-starter-parent</artifactId>
         <version>1.5.4.RELEASE</version>
     </parent>
-
-    <repositories>
-        <repository>
-            <id>appdirect-artifactory</id>
-            <name>appdirect-artifactory</name>
-            <snapshots>
-                <enabled>false</enabled>
-            </snapshots>
-            <url>https://artifactory.appdirect.tools/artifactory/repo</url>
-        </repository>
-    </repositories>
-
+    
     <dependencies>
         <!-- Spring -->
         <dependency>