docker profiles, docker compose, mysql entrypoint, security

Co-authored-by: Christoph <tobi@urpost.de>
2020-03-26 16:06:40 +01:00
parent f15d1f850d
commit 33e3d9d3f5
8 changed files with 38 additions and 45 deletions
--- a/6
+++ b/6
@ -1,10 +1,12 @@
 FROM gradle:jdk11 AS build
 COPY --chown=gradle:gradle . /home/gradle/src
 WORKDIR /home/gradle/src
 RUN chmod +x ./pull-wait-for-it.sh
 RUN gradle bootJar --no-daemon
 FROM openjdk:11-jre-slim
 RUN mkdir /app
 COPY --from=build /home/gradle/src/build/libs/*.jar /app/gruppen2.jar
-ENTRYPOINT ["java"]
+COPY --from=build /home/gradle/src/wait-for-it.sh /app/wait-for-it.sh
-CMD ["-Dspring.profiles.active=docker", "-jar", "/app/gruppen2.jar"]
+#ENTRYPOINT ["java"]
 #CMD ["-Dspring.profiles.active=docker", "-jar", "/app/gruppen2.jar"]
--- a/build.gradle
+++ b/build.gradle
@ -59,8 +59,8 @@ dependencies {
 	implementation 'org.springframework.boot:spring-boot-starter-security'
 	implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
 	implementation 'org.springframework.boot:spring-boot-starter-web'
-
+	implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'
-	compile group: 'org.springframework.boot', name: 'spring-boot-starter-oauth2-client', version: '2.2.5.RELEASE'
+	implementation 'org.springframework.security.oauth:spring-security-oauth2:2.4.0.RELEASE'
 	implementation 'org.keycloak:keycloak-spring-boot-starter:9.0.0'
 	implementation 'org.keycloak.bom:keycloak-adapter-bom:9.0.0'
@ -68,7 +68,7 @@ dependencies {
 	implementation 'io.springfox:springfox-swagger2:2.9.2'
 	implementation 'io.springfox:springfox-swagger-ui:2.9.2'
 	implementation 'com.github.javafaker:javafaker:1.0.2'
-	implementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-csv:2.10.2'
+	implementation 'com.fasterxml.jackson.dataformat:jackson-dataformat-csv:2.10.3'
 	compileOnly 'org.projectlombok:lombok'
 	annotationProcessor 'org.projectlombok:lombok'
@ -76,10 +76,6 @@ dependencies {
 	runtimeOnly 'com.h2database:h2'
 	runtimeOnly 'mysql:mysql-connector-java'
 	compile group: 'org.springframework.security.oauth', name: 'spring-security-oauth2', version: '2.4.0.RELEASE'
 	compile 'com.fasterxml.jackson.dataformat:jackson-dataformat-csv:2.10.3'
 	testImplementation 'org.assertj:assertj-core:3.15.0'
 	testImplementation('org.springframework.boot:spring-boot-starter-test') {
 		exclude group: 'org.junit.vintage', module: 'junit-vintage-engine'
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -10,12 +10,14 @@ services:
    restart: always
    volumes:
      - './mysql/db/storage:/var/lib/mysql'
      - './mysql/db/entrypoint:/docker-entrypoint-initdb.d/'
    ports:
      - '3306:3306'
-  gruppen2app:
+  gruppenapp:
    build: .
-    container_name: 'gruppen2app'
+    container_name: 'gruppenapp'
    depends_on:
      - dbmysql
    command: ["/app/wait-for-it.sh", "dbmysql:3306", "--", "java", "-Dspring.profiles.active=docker", "-jar", "/app/gruppen2.jar"]
    ports:
      - '8081:8080'
--- a/src/main/java/mops/gruppen2/security/SecurityConfig.java
+++ b/src/main/java/mops/gruppen2/security/SecurityConfig.java
@ -48,7 +48,7 @@ class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
    @Bean
    @Scope(scopeName = WebApplicationContext.SCOPE_REQUEST,
-            proxyMode = ScopedProxyMode.TARGET_CLASS)
+           proxyMode = ScopedProxyMode.TARGET_CLASS)
    public AccessToken getAccessToken() {
        HttpServletRequest request =
                ((ServletRequestAttributes) RequestContextHolder
@ -61,17 +61,14 @@ class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
    protected void configure(HttpSecurity http) throws Exception {
        super.configure(http);
        http.authorizeRequests()
-                .antMatchers("/actuator/**")
+            .antMatchers("/actuator/**")
-                .hasRole("monitoring")
+            .hasRole("monitoring")
-                .and()
+            .anyRequest()
-                .authorizeRequests()
+            .permitAll()
-                .antMatchers("/h2-console/**")
+            .and()
-                .permitAll()
+            .csrf()
-                .anyRequest()
+            .ignoringAntMatchers("/gruppen2/createOrga")
-                .permitAll();
+            .ignoringAntMatchers("/gruppen2/details/members/addUsersFromCsv");
        http.csrf().disable();
        http.headers().frameOptions().disable();
    }
    /**
--- a/src/main/resources/application-dev.properties
+++ b/src/main/resources/application-dev.properties
@ -1,12 +1,13 @@
 application.name=gruppen2
 logging.pattern.console=[${application.name}],%magenta(%-5level), %d{dd-MM-yyyy HH:mm:ss.SSS}, %highlight(%msg),%thread,%logger.%M%n
 spring.datasource.platform=h2
 spring.datasource.url=jdbc:h2:mem:blogdb
-spring.datasource.driverClassName=org.h2.Driver
+spring.datasource.driver-class-name=org.h2.Driver
 spring.datasource.username=sa
 spring.datasource.password=
 spring.jpa.database-platform=org.hibernate.dialect.H2Dialect
-spring.h2.console.enabled=true
+spring.h2.console.enabled=false
-logging.level.org.springframework.jdbc.core=DEBUG
+logging.level.org.springframework.jdbc.core=INFO
 keycloak.principal-attribute=preferred_username
 keycloak.auth-server-url=https://keycloak.cs.hhu.de/auth
 keycloak.realm=MOPS
@ -18,4 +19,3 @@ keycloak.use-resource-role-mappings=true
 keycloak.autodetect-bearer-only=true
 keycloak.confidential-port=443
 server.error.include-stacktrace=always
 server.port=8080
--- a/src/main/resources/application-docker.properties
+++ b/src/main/resources/application-docker.properties
@ -1,17 +1,17 @@
 application.name=gruppen2
 logging.pattern.console=[${application.name}],%magenta(%-5level), %d{dd-MM-yyyy HH:mm:ss.SSS}, %highlight(%msg),%thread,%logger.%M%n
-
+spring.datasource.platform=mysql
-spring.datasource.initialization-mode=always
+spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
 spring.datasource.initialization-mode=NEVER
 spring.datasource.url=jdbc:mysql://dbmysql:3306/gruppen2
 spring.datasource.username=root
 spring.datasource.password=geheim
 keycloak.principal-attribute=preferred_username
 keycloak.auth-server-url=https://keycloak.cs.hhu.de/auth
 keycloak.realm=MOPS
 hhu_keycloak.token-uri=https://keycloak.cs.hhu.de/auth/realms/MOPS/protocol/openid-connect/token
 keycloak.resource=gruppenfindung
-keycloak.credentials.secret= fc6ebf10-8c63-4e71-a667-4eae4e8209a1
+keycloak.credentials.secret=fc6ebf10-8c63-4e71-a667-4eae4e8209a1
 keycloak.verify-token-audience=true
 keycloak.use-resource-role-mappings=true
 keycloak.autodetect-bearer-only=true
--- a/src/main/resources/schema-h2.sql
+++ b/src/main/resources/schema-h2.sql
@ -0,0 +1,10 @@
 DROP TABLE IF EXISTS event;
 CREATE TABLE event
 (
    event_id      INT PRIMARY KEY AUTO_INCREMENT,
    group_id      VARCHAR(36) NOT NULL,
    user_id       VARCHAR(50),
    event_type    VARCHAR(32),
    event_payload VARCHAR(2500)
 );
--- a/src/main/resources/schema.sql
+++ b/src/main/resources/schema.sql
@ -1,14 +0,0 @@
 -- noinspection SqlDialectInspectionForFile
 -- noinspection SqlNoDataSourceInspectionForFile
 DROP TABLE IF EXISTS event;
 CREATE TABLE event
 (
    event_id INT PRIMARY KEY AUTO_INCREMENT,
    group_id VARCHAR(36) NOT NULL,
    user_id VARCHAR(50),
    event_type VARCHAR(32),
    event_payload VARCHAR(2500)
 );