SDIT-1336 Add in Spring Security by including the library hmpps-kotlin-spring-boot-starter #196
Conversation
…n-spring-boot-starter
mikehalmamoj
force-pushed
the
mh-SDIT-1336-secure-endpoint
branch
from
56e464e to
9fc5b27
Compare
| @PreAuthorize("hasRole('TEMPLATE_EXAMPLE')") | ||
| @GetMapping | ||
| fun getTime() = "${LocalDateTime.now()}" |
There was a problem hiding this comment.
This is the secure endpoint we were asked to add by @rj-adams. The plan is to call this from the Typescript template so it has an example of calling a secured endpoint.
I like it because it's simple and there's no harm if somebody forgets to remove it - it doesn't poolute the API model. On the other hand we're going to have to add some kind of model if when we get onto the OpenAPI docs ticket as an example of an OpenAPI specification.
| @@ -50,20 +58,3 @@ class HmppsTemplateKotlinExceptionHandler { | |||
| private val log = LoggerFactory.getLogger(this::class.java) | |||
| } | |||
| } | |||
|
|
|||
| data class ErrorResponse( | |||
There was a problem hiding this comment.
Now comes from the library hmpps-kotlin-spring-boot-starter
| /** | ||
| * TODO | ||
| * Once you have a client registration defined in properties `spring.security.client.registration` then you'll | ||
| * need to uncomment this @Bean and create both a health and authorized web client. |
There was a problem hiding this comment.
I've got an idea around generating all web clients in the library hmpps-kotlin-spring-boot-starter by reading the client registrations from configuration and automatically creating web clients for each. But this will have to do for now.
| // @Bean | ||
| fun authorizedClientManager( | ||
| clientRegistrationRepository: ClientRegistrationRepository, | ||
| oAuth2AuthorizedClientService: OAuth2AuthorizedClientService, | ||
| ): OAuth2AuthorizedClientManager { |
There was a problem hiding this comment.
If you don't have any client registrations then Spring doesn't create a ClientRegistrationRepository, hence the @Bean annotation is commented out.
…n-spring-boot-starter
| @RestControllerAdvice | ||
| class HmppsTemplateKotlinExceptionHandler { |
There was a problem hiding this comment.
This is a prime candidate for moving to the library hmpps-kotlin-spring-boot-starter, as long we make it easy to extend.
helm_deploy/values-dev.yaml
Outdated
| @@ -9,6 +9,7 @@ generic-service: | |||
|
|
|||
| env: | |||
| APPLICATIONINSIGHTS_CONFIGURATION_FILE: applicationinsights.dev.json | |||
| API_BASE_URL_OAUTH: "https://sign-in-dev.hmpps.service.justice.gov.uk/auth" | |||
There was a problem hiding this comment.
Wondering if we could have a better variable now for HMPPS Auth instead
|
|
||
| @Configuration | ||
| class WebClientConfiguration( | ||
| @Value("\${api.base.url.oauth}") val oauthApiBaseUri: String, |
There was a problem hiding this comment.
could this be hmppsAuthBaseUri instead?
| import org.springframework.web.reactive.function.client.WebClientResponseException | ||
| import reactor.core.publisher.Mono | ||
|
|
||
| abstract class HealthCheck(private val webClient: WebClient) : ReactiveHealthIndicator { |
There was a problem hiding this comment.
should this be extending the Reactive version?
| WireMock.get("/auth/health/ping").willReturn( | ||
| aResponse() | ||
| .withHeader("Content-Type", "application/json") | ||
| .withBody(if (status == 200) "pong" else "some error") |
There was a problem hiding this comment.
don't think it matters too much, but these days this should be {"status":"UP"}
| * This is just an example of what a secured endpoint might look like. | ||
| * Remove this class and associated tests in [TimeResourceIntTest] and replace with your own implementation. | ||
| */ | ||
| @RestController |
There was a problem hiding this comment.
wondering if you could do something like only enabling for local / dev/ test based on a bean property so it doesn't get deployed to other people's instances if they don't remove it?
|
|
||
| @PreAuthorize("hasRole('TEMPLATE_EXAMPLE')") | ||
| @GetMapping | ||
| fun getTime() = "${LocalDateTime.now()}" |
There was a problem hiding this comment.
| fun getTime() = "${LocalDateTime.now()}" | |
| fun getTime() = LocalDateTime.now().toString() |
mikehalmamoj
force-pushed
the
mh-SDIT-1336-secure-endpoint
branch
5 times, most recently
from
abeebb9 to
10f4b45
Compare
mikehalmamoj
force-pushed
the
mh-SDIT-1336-secure-endpoint
branch
from
10f4b45 to
4eb7fb7
Compare
I think I'm going to keep this draft open for a while and keep it up to date with the hmpps-kotlin-spring-boot-starter. But not planning on merging until we have more confidence in the starter - until it's a bit more battle tested.