Skip to content

Latest commit

 

History

History
173 lines (138 loc) · 5.84 KB

README.md

File metadata and controls

173 lines (138 loc) · 5.84 KB

OpenAPI generated server

Spring Boot Server

Overview

This server was generated by the OpenAPI Generator project. By using the OpenAPI-Spec, you can easily generate a server stub. This is an example of building a OpenAPI-enabled server in Java using the SpringBoot framework.

The underlying library integrating OpenAPI to SpringBoot is springfox

Start your server as a simple java application

You can view the api documentation in swagger-ui by pointing to
https://localhost:8443/

Configuration setup hints

This back-end is only functional if an application.properties file is added to /src/main/resources. This file should contain at least the following:

# authentication
spring.security.enable-basic={true,false}
spring.security.enable-keycloak={true,false}

spring.jackson.date-format=org.openeo.spring.RFC3339DateFormat
spring.jackson.serialization.WRITE_DATES_AS_TIMESTAMPS=false
spring.h2.console.enabled=true
spring.h2.console.settings.web-allow-others=true

server.tomcat.port=8081
server.port=8443

spring.datasource.jdbc=jdbc:h2:/path/to/openeo.db;DB_CLOSE_DELAY=-1
spring.datasource.username=my_username
spring.datasource.initialization-mode

server.ssl.key-store-type=PKCS12
server.ssl.key-store=classpath:my_keystore.p12
server.ssl.key-store-password=my_keystore_password
server.ssl.key-alias=my_alias
#server.ssl.trust-store=classpath:my_truststore.p12
#server.ssl.trust-store-password=my_truststore_password

security.require-ssl=true
spring.security.filter.order=5

spring.jackson.serialization.write-dates-as-timestamps=false

co.elasticsearch.endpoint=https://my_elastic:9200
co.elasticsearch.service.name=openeo
co.elasticsearch.service.node.name=elk_node_hostname
co.elasticsearch.service.index.name=es_index_name
co.elasticsearch.service.truststore.password=my_password
co.elasticsearch.service.truststore.path=/path/to/elastic-certificates.p12
co.elasticsearch.service.keystore.password=my_password
co.elasticsearch.service.keystore.path=/path/to/http.p12
co.elasticsearch.service.username=elastic_uname
co.elasticsearch.service.password=my_password
	
org.openeo.tmp.dir=tmp/
org.openeo.tmp.file.expiry=60
org.openeo.file.expiry=1
org.openeo.querycollectionsonstartup=true
org.openeo.parallelizedHarvest=true

org.openeo.wcps.endpoint=http://my_wcps_server:8080
org.openeo.wcps.endpoint.version=2.0.1
org.openeo.wcps.provider.name=My Company
org.openeo.wcps.provider.url=http://www.my-company.url
org.openeo.wcps.provider.type=host
org.openeo.wcps.processes.list=classpath:processes_wcps.json
org.openeo.wcps.collections.list=collections_wcps.json

org.openeo.odc.endpoint=http://my_open_data_cube_endpoint
org.openeo.odc.deleteResultEndpoint=http://my_open_data_cube_endpoint_for_stopping_a_job
org.openeo.odc.collectionsEndpoint=http://my_open_data_cube_endpoint/collections/
org.openeo.odc.provider.name=open data cube provider name
org.openeo.odc.provider.url=http://www.open_data_cube_provider.url
org.openeo.odc.provider.type=host
org.openeo.odc.processes.list=classpath:processes_odc.json
org.openeo.odc.collections.list=collections_odc.json

org.openeo.endpoint=https://my_openeo.url
org.openeo.public.endpoint=https://my_openeo_public.url
org.openeo.udf.python.endpoint=http://my_openeo_python_udf_service.url
org.openeo.udf.candela.endpoint=http://my_openeo_candela_service.url
org.openeo.udf.r.endpoint=http://my_openeo_R_udf_service.url
org.openeo.udf.dir=/my/udf/working/directory/
org.openeo.udf.importscript=/my/udf/import/script/import_udf.sh

spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration

Further files needed are for authentication management through an external Keycloak server. The keycloak.properties:

spring.security.oauth2.client.registration.keycloak.client-id=openEO
spring.security.oauth2.client.registration.keycloak.client-secret={{secret}}
spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code
spring.security.oauth2.client.registration.keycloak.scope=openid

# OpenID Connect (OIDC)
spring.security.oauth2.client.provider.keycloak.issuer-uri=https://my_keycloak.url/auth/realms/my_realm
spring.security.oauth2.client.provider.keycloak.user-name-attribute=preferred_username

# OAUTH2-JWT token
spring.security.oauth2.resourceserver.jwt.issuer-uri=https://my_keycloak.url/auth/realms/my_realm

# openEO credentials
org.openeo.oidc.providers.list=classpath:oidc_providers.json

and for the support of default client id configuration: oidc_providers.json

{
	"providers": [
		{
			"id": "my_default_provider",
			"issuer": "https://my_keycloak.url/auth/realms/my_realm",
			"scopes": [
				"email",
				"profile",
				"roles",
				"web-origins",
				"address",
				"microprofile-jwt",
				"offline_access",
				"phone"
			],
			"title": "My Deault Provider",
			"description": "Some more information about my default oidc provider and setup.",
			"default_clients": [
				{
					"id": "my_client_id",
					"grant_types": [
						"authorization_code+pkce",
						"refresh-token"
					],
					"redirect_urls": [
						"https://editor.openeo.org/",
						"http://localhost:1410/*"
					]
				}
			]
		}
	]
}

For internal basic authentication instead, a bearer token issuer configuration file shall also be created: jwt.properties

jwt.secret={{secret-hash}}
jwt.issuer=ACME Srl
jwt.type=JWT
jwt.audience=openEO
jwt.exp-minutes={{N}}

Logging

All logging can be controlled through log4j2. For tweaking of log level and file output modify log4j2.xml in ./src/main/resources.

The latest server rolllog is stored in the openeo_$VERSION.log, which is rolled after reaching 250MB of size, storing the compressed rolled logs in monthly subfolders YYYY-MM/. The root log folder can be set via the OPENEO_LOGS_DIR environment variable (default to ./logs/).