summaryrefslogtreecommitdiff
path: root/src/main/kotlin
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/kotlin')
-rw-r--r--src/main/kotlin/dev/dnpm/etl/processor/EtlProcessorApplication.kt3
-rw-r--r--src/main/kotlin/dev/dnpm/etl/processor/config/AppConfigProperties.kt12
-rw-r--r--src/main/kotlin/dev/dnpm/etl/processor/config/AppSecurityConfiguration.kt98
-rw-r--r--src/main/kotlin/dev/dnpm/etl/processor/web/LoginController.kt33
4 files changed, 144 insertions, 2 deletions
diff --git a/src/main/kotlin/dev/dnpm/etl/processor/EtlProcessorApplication.kt b/src/main/kotlin/dev/dnpm/etl/processor/EtlProcessorApplication.kt
index 5d28c97..4b9b307 100644
--- a/src/main/kotlin/dev/dnpm/etl/processor/EtlProcessorApplication.kt
+++ b/src/main/kotlin/dev/dnpm/etl/processor/EtlProcessorApplication.kt
@@ -20,9 +20,10 @@
package dev.dnpm.etl.processor
import org.springframework.boot.autoconfigure.SpringBootApplication
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration
import org.springframework.boot.runApplication
-@SpringBootApplication
+@SpringBootApplication(exclude = [SecurityAutoConfiguration::class])
class EtlProcessorApplication
fun main(args: Array<String>) {
diff --git a/src/main/kotlin/dev/dnpm/etl/processor/config/AppConfigProperties.kt b/src/main/kotlin/dev/dnpm/etl/processor/config/AppConfigProperties.kt
index 6b85603..9c92869 100644
--- a/src/main/kotlin/dev/dnpm/etl/processor/config/AppConfigProperties.kt
+++ b/src/main/kotlin/dev/dnpm/etl/processor/config/AppConfigProperties.kt
@@ -1,7 +1,7 @@
/*
* This file is part of ETL-Processor
*
- * Copyright (c) 2023 Comprehensive Cancer Center Mainfranken, Datenintegrationszentrum Philipps-Universität Marburg and Contributors
+ * Copyright (c) 2024 Comprehensive Cancer Center Mainfranken, Datenintegrationszentrum Philipps-Universität Marburg and Contributors
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published
@@ -76,6 +76,16 @@ data class KafkaTargetProperties(
}
}
+@ConfigurationProperties(SecurityConfigProperties.NAME)
+data class SecurityConfigProperties(
+ val adminUser: String?,
+ val adminPassword: String?,
+) {
+ companion object {
+ const val NAME = "app.security"
+ }
+}
+
enum class PseudonymGenerator {
BUILDIN,
GPAS
diff --git a/src/main/kotlin/dev/dnpm/etl/processor/config/AppSecurityConfiguration.kt b/src/main/kotlin/dev/dnpm/etl/processor/config/AppSecurityConfiguration.kt
new file mode 100644
index 0000000..68eb629
--- /dev/null
+++ b/src/main/kotlin/dev/dnpm/etl/processor/config/AppSecurityConfiguration.kt
@@ -0,0 +1,98 @@
+/*
+ * This file is part of ETL-Processor
+ *
+ * Copyright (c) 2023 Comprehensive Cancer Center Mainfranken, Datenintegrationszentrum Philipps-Universität Marburg and Contributors
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published
+ * by the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+package dev.dnpm.etl.processor.config
+
+import org.slf4j.LoggerFactory
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty
+import org.springframework.boot.context.properties.EnableConfigurationProperties
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.config.annotation.web.invoke
+import org.springframework.security.core.userdetails.User
+import org.springframework.security.core.userdetails.UserDetails
+import org.springframework.security.crypto.factory.PasswordEncoderFactories
+import org.springframework.security.crypto.password.PasswordEncoder
+import org.springframework.security.provisioning.InMemoryUserDetailsManager
+import org.springframework.security.web.SecurityFilterChain
+import java.util.*
+
+
+@Configuration
+@EnableConfigurationProperties(
+ value = [
+ SecurityConfigProperties::class
+ ]
+)
+@ConditionalOnProperty(value = ["app.security.admin-user"])
+@EnableWebSecurity
+class AppSecurityConfiguration(
+ private val securityConfigProperties: SecurityConfigProperties
+) {
+
+ private val logger = LoggerFactory.getLogger(AppSecurityConfiguration::class.java)
+
+ @Bean
+ fun userDetailsService(passwordEncoder: PasswordEncoder): InMemoryUserDetailsManager {
+ val adminUser = if (securityConfigProperties.adminUser.isNullOrBlank()) {
+ logger.warn("Using random Admin User: admin")
+ "admin"
+ } else {
+ securityConfigProperties.adminUser
+ }
+ val adminPassword = if (securityConfigProperties.adminPassword.isNullOrBlank()) {
+ val random = UUID.randomUUID().toString()
+ logger.warn("Using random Admin Passwort: {}", random)
+ random
+ } else {
+ securityConfigProperties.adminPassword
+ }
+
+ val user: UserDetails = User.withUsername(adminUser)
+ .password(passwordEncoder.encode(adminPassword))
+ .roles("ADMIN")
+ .build()
+
+ return InMemoryUserDetailsManager(user)
+ }
+
+ @Bean
+ fun filterChain(http: HttpSecurity): SecurityFilterChain {
+ http {
+ authorizeRequests {
+ authorize("/configs/**", hasRole("ADMIN"))
+ authorize(anyRequest, permitAll)
+ }
+ formLogin {
+ loginPage = "/login"
+ }
+ csrf { disable() }
+ }
+ return http.build()
+ }
+
+ @Bean
+ fun passwordEncoder(): PasswordEncoder {
+ return PasswordEncoderFactories.createDelegatingPasswordEncoder()
+ }
+
+}
+
diff --git a/src/main/kotlin/dev/dnpm/etl/processor/web/LoginController.kt b/src/main/kotlin/dev/dnpm/etl/processor/web/LoginController.kt
new file mode 100644
index 0000000..02c98cf
--- /dev/null
+++ b/src/main/kotlin/dev/dnpm/etl/processor/web/LoginController.kt
@@ -0,0 +1,33 @@
+/*
+ * This file is part of ETL-Processor
+ *
+ * Copyright (c) 2024 Comprehensive Cancer Center Mainfranken, Datenintegrationszentrum Philipps-Universität Marburg and Contributors
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published
+ * by the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+package dev.dnpm.etl.processor.web
+
+import org.springframework.stereotype.Controller
+import org.springframework.web.bind.annotation.GetMapping
+
+@Controller
+class LoginController {
+
+ @GetMapping(path = ["/login"])
+ fun login(): String {
+ return "login"
+ }
+
+} \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-01 07:49:26 +0000