Make aai-common agnostic of the embedded server (remove jetty-specific code)

- replace custom authorization webfilter with spring security - make users configurable via aai.basic-auth.users[] in application.properties - remove Keycloak integration [0] [0] for the following reasons: - integration test (MultiTenancyTest) already not working - dependency is ancient (uses 11, 26 is available as of writing) - keycloak autoconfiguration is in conflict with spring security - keycloak-specific starters have been deprecated and users are advised to use the out-of-the-box spring OIDC integration [1] - there is no (and likely never will be a) starter that is compatible with spring-boot 3 [1] https://www.keycloak.org/2023/03/adapter-deprecation-update Issue-ID: AAI-4100 Change-Id: Ic49174adce29dbc43d1e7d0a99bf699f1e77f77e Signed-off-by: Fiete Ostkamp <Fiete.Ostkamp@telekom.de>
author: Fiete Ostkamp <Fiete.Ostkamp@telekom.de> 2025-01-06 15:58:29 +0100
committer: Fiete Ostkamp <Fiete.Ostkamp@telekom.de> 2025-01-27 15:37:47 +0100
commit: 6288d8cc35c4c96ae1f9e5f1e0f16572d0d19c03 (patch)
tree: 593bbe0c61712a6575ceb0bd28441853d086e760 /aai-traversal/src/test/resources/it
parent: 9fc9301f3e5b3ad96fdf180e662bd42f2b84c56b (diff)
2 files changed, 0 insertions, 189 deletions
diff --git a/aai-traversal/src/test/resources/it/application-keycloak-test.properties b/aai-traversal/src/test/resources/it/application-keycloak-test.properties
deleted file mode 100644
index 632ec81..0000000
--- a/aai-traversal/src/test/resources/it/application-keycloak-test.properties
+++ /dev/null
@@ -1,16 +0,0 @@
-test.keycloak.realm.json=it/multi-tenancy-realm.json
-test.keycloak.client.secret=secret
-test.keycloak.admin.cli=admin-cli
-test.keycloak.auth-server-port=58181
-
-keycloak.auth-server-url=http://localhost:58181/auth
-keycloak.realm=aai-resources
-keycloak.resource=aai-resources-app
-keycloak.public-client=true
-keycloak.principal-attribute=preferred_username
-
-keycloak.ssl-required=external
-keycloak.bearer-only=true
-
-multi.tenancy.enabled=true
-spring.profiles.active=production,keycloak
diff --git a/aai-traversal/src/test/resources/it/multi-tenancy-realm.json b/aai-traversal/src/test/resources/it/multi-tenancy-realm.json
deleted file mode 100644
index 401187b..0000000
--- a/aai-traversal/src/test/resources/it/multi-tenancy-realm.json
+++ /dev/null
@@ -1,173 +0,0 @@
-{
-    "id": "aai-resources",
-    "realm": "aai-resources",
-    "notBefore": 0,
-    "revokeRefreshToken": false,
-    "refreshTokenMaxReuse": 0,
-    "accessTokenLifespan": 300,
-    "accessTokenLifespanForImplicitFlow": 900,
-    "ssoSessionIdleTimeout": 1800,
-    "ssoSessionMaxLifespan": 36000,
-    "ssoSessionIdleTimeoutRememberMe": 0,
-    "ssoSessionMaxLifespanRememberMe": 0,
-    "offlineSessionIdleTimeout": 2592000,
-    "offlineSessionMaxLifespanEnabled": false,
-    "offlineSessionMaxLifespan": 5184000,
-    "clientSessionIdleTimeout": 0,
-    "clientSessionMaxLifespan": 0,
-    "clientOfflineSessionIdleTimeout": 0,
-    "clientOfflineSessionMaxLifespan": 0,
-    "accessCodeLifespan": 60,
-    "accessCodeLifespanUserAction": 300,
-    "accessCodeLifespanLogin": 1800,
-    "actionTokenGeneratedByAdminLifespan": 43200,
-    "actionTokenGeneratedByUserLifespan": 300,
-    "enabled": true,
-    "sslRequired": "external",
-    "registrationAllowed": false,
-    "registrationEmailAsUsername": false,
-    "rememberMe": false,
-    "verifyEmail": false,
-    "loginWithEmailAllowed": true,
-    "duplicateEmailsAllowed": false,
-    "resetPasswordAllowed": false,
-    "editUsernameAllowed": false,
-    "bruteForceProtected": false,
-    "permanentLockout": false,
-    "maxFailureWaitSeconds": 900,
-    "minimumQuickLoginWaitSeconds": 60,
-    "waitIncrementSeconds": 60,
-    "quickLoginCheckMilliSeconds": 1000,
-    "maxDeltaTimeSeconds": 43200,
-    "failureFactor": 30,
-    "users": [
-        {
-            "username": "admin",
-            "enabled": true,
-            "credentials": [
-                {
-                    "type": "password",
-                    "value": "admin"
-                }
-            ],
-            "clientRoles": {
-                "realm-management": ["manage-users", "view-clients", "view-realm", "view-users"]
-            }
-        },
-        {
-            "id": "ran",
-            "username": "ran",
-            "enabled": true,
-            "credentials": [
-                {
-                    "type": "password",
-                    "value": "ran"
-                }
-            ],
-            "realmRoles": [
-                "operator"
-            ]
-        },
-        {
-            "id": "bob",
-            "username": "bob",
-            "enabled": true,
-            "credentials": [
-                {
-                    "type": "password",
-                    "value": "bob"
-                }
-            ],
-            "realmRoles": [
-                "operator_readOnly"
-            ]
-        },
-        {
-            "id": "ted",
-            "username": "ted",
-            "enabled": true,
-            "credentials": [
-                {
-                    "type": "password",
-                    "value": "ted"
-                }
-            ],
-            "realmRoles": [
-                "selector"
-            ]
-        }
-    ],
-    "roles": {
-        "realm": [
-            {
-                "name": "operator",
-                "description": "Operator privileges"
-            },
-            {
-                "name": "operator_readOnly",
-                "description": "Operator's read only privileges"
-            },
-            {
-                "name": "selector",
-                "description": "Selector privileges"
-            },
-            {
-                "name": "selector_readOnly",
-                "description": "Selector's read only privileges"
-            },
-            {
-                "name": "admin",
-                "description": "Administrator privileges"
-            }
-        ]
-    },
-    "clients": [
-        {
-            "clientId": "aai-resources-app",
-            "enabled": true,
-            "secret": "secret",
-            "directAccessGrantsEnabled": true,
-            "authorizationServicesEnabled": true,
-            "authorizationSettings": {
-                "allowRemoteResourceManagement": true,
-                "policyEnforcementMode": "ENFORCING"
-            }
-        }
-    ],
-    "defaultDefaultClientScopes": [
-        "roles",
-        "email",
-        "web-origins",
-        "profile",
-        "role_list"
-    ],
-    "clientScopes": [
-        {
-            "id": "0f7dfd8b-c230-4664-8d77-da85bcc4fe2a",
-            "name": "roles",
-            "description": "OpenID Connect scope for add user roles to the access token",
-            "protocol": "openid-connect",
-            "attributes": {
-                "include.in.token.scope": "true",
-                "display.on.consent.screen": "true",
-                "consent.screen.text": "${rolesScopeConsentText}"
-            },
-            "protocolMappers": [
-                {
-                    "id": "4b9f8798-8990-4c0d-87d3-034e72655e3b",
-                    "name": "realm roles",
-                    "protocol": "openid-connect",
-                    "protocolMapper": "oidc-usermodel-realm-role-mapper",
-                    "consentRequired": false,
-                    "config": {
-                        "multivalued": "true",
-                        "user.attribute": "foo",
-                        "access.token.claim": "true",
-                        "claim.name": "realm_access.roles",
-                        "jsonType.label": "String"
-                    }
-                }
-            ]
-        }
-    ]
-}
-\ No newline at end of file
author	Fiete Ostkamp <Fiete.Ostkamp@telekom.de>	2025-01-06 15:58:29 +0100
committer	Fiete Ostkamp <Fiete.Ostkamp@telekom.de>	2025-01-27 15:37:47 +0100
commit	6288d8cc35c4c96ae1f9e5f1e0f16572d0d19c03 (patch)
tree	593bbe0c61712a6575ceb0bd28441853d086e760 /aai-traversal/src/test/resources/it
parent	9fc9301f3e5b3ad96fdf180e662bd42f2b84c56b (diff)