This is an automated email from the ASF dual-hosted git repository. dimuthuupe pushed a commit to branch cybershuttle-staging in repository https://gitbox.apache.org/repos/asf/airavata.git
commit 6ea5fe13291aac0e6bb51eb8d972329938d72b14 Author: ganning127 <[email protected]> AuthorDate: Fri Apr 4 14:57:00 2025 -0400 Add auth to swagger --- .../research/service/config/AuthzTokenFilter.java | 11 +++++ .../research/service/config/OpenApiConfig.java | 54 ++++++++++++++++++++++ .../service/controller/ResourceController.java | 3 ++ .../src/main/resources/application.yml | 9 ++++ 4 files changed, 77 insertions(+) diff --git a/modules/research-framework/research-service/src/main/java/org/apache/airavata/research/service/config/AuthzTokenFilter.java b/modules/research-framework/research-service/src/main/java/org/apache/airavata/research/service/config/AuthzTokenFilter.java index 82c3b4e9ba..d31cc28c37 100644 --- a/modules/research-framework/research-service/src/main/java/org/apache/airavata/research/service/config/AuthzTokenFilter.java +++ b/modules/research-framework/research-service/src/main/java/org/apache/airavata/research/service/config/AuthzTokenFilter.java @@ -53,6 +53,17 @@ public class AuthzTokenFilter extends OncePerRequestFilter { this.airavataService = airavataService; } + @Override + protected boolean shouldNotFilter(HttpServletRequest request) throws ServletException { + String path = request.getRequestURI(); + return path.startsWith("/swagger") || + path.startsWith("/v2/api-docs") || + path.startsWith("/v3/api-docs") || + path.startsWith("/swagger-ui") || + path.startsWith("/swagger-resources") || + path.startsWith("/webjars/"); + } + @Override protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { diff --git a/modules/research-framework/research-service/src/main/java/org/apache/airavata/research/service/config/OpenApiConfig.java b/modules/research-framework/research-service/src/main/java/org/apache/airavata/research/service/config/OpenApiConfig.java new file mode 100644 index 0000000000..0cd5392040 --- /dev/null +++ b/modules/research-framework/research-service/src/main/java/org/apache/airavata/research/service/config/OpenApiConfig.java @@ -0,0 +1,54 @@ +package org.apache.airavata.research.service.config; + +import io.swagger.v3.oas.annotations.enums.ParameterIn; +import io.swagger.v3.oas.models.Components; +import io.swagger.v3.oas.models.OpenAPI; +import io.swagger.v3.oas.models.info.Info; +import io.swagger.v3.oas.models.media.StringSchema; +import io.swagger.v3.oas.models.parameters.Parameter; +import io.swagger.v3.oas.models.security.*; +import io.swagger.v3.oas.models.servers.Server; +import org.springdoc.core.models.GroupedOpenApi; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; + +import java.util.List; + +@Configuration +public class OpenApiConfig { + + @Value("${airavata.openid.url}") + private String openIdConfigURL; + + @Bean + public GroupedOpenApi publicApi() { + return GroupedOpenApi.builder() + .group("public") + .pathsToMatch("/api/**") + .build(); + } + + @Bean + public OpenAPI researchServiceOpenAPI() { + return new OpenAPI() + .info(new Info() + .title("Research Service API") + .version("1.0.0")) + .addSecurityItem(new SecurityRequirement().addList("oauth2-pkce")) + .components(new io.swagger.v3.oas.models.Components() + .addSecuritySchemes("oauth2-pkce", + new SecurityScheme() + .type(SecurityScheme.Type.OAUTH2) + .flows(new OAuthFlows() + .authorizationCode(new OAuthFlow() + .authorizationUrl("https://auth.dev.cybershuttle.org/realms/default/protocol/openid-connect/auth";) + .tokenUrl("https://auth.dev.cybershuttle.org/realms/default/protocol/openid-connect/token";) + .scopes(new Scopes() + .addString("openid", "openid") + .addString("email", "email")))))); + + + } + +} diff --git a/modules/research-framework/research-service/src/main/java/org/apache/airavata/research/service/controller/ResourceController.java b/modules/research-framework/research-service/src/main/java/org/apache/airavata/research/service/controller/ResourceController.java index d61c4e198e..9f4228b554 100644 --- a/modules/research-framework/research-service/src/main/java/org/apache/airavata/research/service/controller/ResourceController.java +++ b/modules/research-framework/research-service/src/main/java/org/apache/airavata/research/service/controller/ResourceController.java @@ -18,9 +18,11 @@ */ package org.apache.airavata.research.service.controller; +import io.swagger.v3.oas.annotations.enums.ParameterIn; import org.apache.airavata.research.service.ResponseTypes.ResourceResponse; import org.apache.airavata.research.service.enums.ResourceTypeEnum; import org.apache.airavata.research.service.model.entity.*; +import org.junit.runner.Request; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.data.domain.Page; @@ -84,6 +86,7 @@ public class ResourceController { ) @GetMapping("/") public ResponseEntity<Page<Resource>> getAllResources( + @RequestHeader(name="X-Claims", required=true) String claims, @RequestParam(value="pageNumber", defaultValue = "0") int pageNumber, @RequestParam(value="pageSize", defaultValue = "10") int pageSize, @RequestParam(value="type") ResourceTypeEnum[] types diff --git a/modules/research-framework/research-service/src/main/resources/application.yml b/modules/research-framework/research-service/src/main/resources/application.yml index 42b99ebf12..ac21eb7ba2 100644 --- a/modules/research-framework/research-service/src/main/resources/application.yml +++ b/modules/research-framework/research-service/src/main/resources/application.yml @@ -13,6 +13,9 @@ airavata: research-portal: url: http://localhost:5173 + openid: + url: "https://auth.dev.cybershuttle.org/realms/default/.well-known/openid-configuration"; + user-profile: server: url: api.dev.cybershuttle.org @@ -44,3 +47,9 @@ springdoc: operationsSorter: alpha tagsSorter: alpha doc-expansion: none + oauth: + use-pkce-with-authorization-code-grant: true + client-id: data-catalog-portal + + +
