Merge pull request #149 from scc-digitalhub/credentials-providers

Credentials providers

application/pom.xml

@@ -12,7 +12,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>3.3.2</version>
+        <version>3.3.5</version>
         <relativePath>../</relativePath>
     </parent>
     <groupId>it.smartcommunitylabdhub</groupId>
@@ -71,6 +71,11 @@
             <artifactId>spring-security-oauth2-resource-server</artifactId>
             <version>${spring-security.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-oauth2-client</artifactId>
+            <version>${spring-security.version}</version>
+        </dependency>
         <dependency>
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-oauth2-jose</artifactId>
@@ -270,6 +275,16 @@
             <artifactId>dh-authorization</artifactId>
             <version>${revision}</version>
         </dependency>
+        <dependency>
+            <groupId>it.smartcommunitylabdhub</groupId>
+            <artifactId>credentials-provider-minio</artifactId>
+            <version>${revision}</version>
+        </dependency>
+        <dependency>
+            <groupId>it.smartcommunitylabdhub</groupId>
+            <artifactId>credentials-provider-db</artifactId>
+            <version>${revision}</version>
+        </dependency>
     </dependencies>
 
     <build>

application/src/main/java/it/smartcommunitylabdhub/core/components/config/CoreConfig.java

@@ -0,0 +1,52 @@
+/**
+ * Copyright 2025 the original author or authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package it.smartcommunitylabdhub.core.components.config;
+
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.annotation.JsonProperty;
+import it.smartcommunitylabdhub.commons.infrastructure.AbstractConfiguration;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+import lombok.ToString;
+
+@Getter
+@Setter
+@ToString
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+@JsonInclude(JsonInclude.Include.NON_NULL)
+public class CoreConfig extends AbstractConfiguration {
+
+    @JsonProperty("endpoint")
+    private String endpoint;
+
+    @JsonProperty("name")
+    private String name;
+
+    @JsonProperty("version")
+    private String version;
+
+    @JsonProperty("api_level")
+    private String level;
+
+    @JsonProperty("api_version")
+    private String api;
+}

application/src/main/java/it/smartcommunitylabdhub/core/components/config/CoreConfigProvider.java

@@ -0,0 +1,57 @@
+/**
+ * Copyright 2025 the original author or authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package it.smartcommunitylabdhub.core.components.config;
+
+import it.smartcommunitylabdhub.commons.config.ApplicationProperties;
+import it.smartcommunitylabdhub.commons.infrastructure.ConfigurationProvider;
+import it.smartcommunitylabdhub.core.components.config.CoreConfig.CoreConfigBuilder;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Service;
+import org.springframework.util.Assert;
+
+@Service
+@Slf4j
+public class CoreConfigProvider implements ConfigurationProvider {
+
+    private CoreConfig config;
+
+    public CoreConfigProvider(ApplicationProperties properties) {
+        Assert.notNull(properties, "properties can not be null");
+
+        log.debug("Build configuration for provider...");
+
+        //build config
+        CoreConfigBuilder builder = CoreConfig
+            .builder()
+            .endpoint(properties.getEndpoint())
+            .name(properties.getName())
+            .version(properties.getVersion())
+            .level(properties.getLevel())
+            .api(properties.getApi());
+
+        this.config = builder.build();
+
+        if (log.isTraceEnabled()) {
+            log.trace("config: {}", config.toJson());
+        }
+    }
+
+    @Override
+    public CoreConfig getConfig() {
+        return config;
+    }
+}

application/src/main/java/it/smartcommunitylabdhub/core/components/run/states/RunStateBuilt.java

@@ -1,33 +1,29 @@
 package it.smartcommunitylabdhub.core.components.run.states;
 
-import it.smartcommunitylabdhub.authorization.services.JwtTokenService;
+import it.smartcommunitylabdhub.authorization.model.UserAuthentication;
+import it.smartcommunitylabdhub.authorization.services.CredentialsService;
 import it.smartcommunitylabdhub.commons.accessors.spec.RunSpecAccessor;
-import it.smartcommunitylabdhub.commons.config.SecurityProperties;
+import it.smartcommunitylabdhub.commons.infrastructure.Credentials;
 import it.smartcommunitylabdhub.commons.infrastructure.RunRunnable;
 import it.smartcommunitylabdhub.commons.infrastructure.SecuredRunnable;
 import it.smartcommunitylabdhub.commons.models.enums.State;
+import it.smartcommunitylabdhub.core.components.security.UserAuthenticationHelper;
 import it.smartcommunitylabdhub.core.fsm.RunContext;
 import it.smartcommunitylabdhub.core.fsm.RunEvent;
 import it.smartcommunitylabdhub.fsm.FsmState;
 import it.smartcommunitylabdhub.fsm.Transition;
-import java.io.Serializable;
 import java.util.List;
 import java.util.Optional;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
 
 @Slf4j
 @Component
 public class RunStateBuilt implements FsmState.Builder<State, RunEvent, RunContext, RunRunnable> {
 
     @Autowired
-    JwtTokenService jwtTokenService;
-
-    @Autowired
-    SecurityProperties securityProperties;
+    CredentialsService credentialsService;
 
     public FsmState<State, RunEvent, RunContext, RunRunnable> build() {
         //define state
@@ -49,16 +45,14 @@ public FsmState<State, RunEvent, RunContext, RunRunnable> build() {
                     Optional<RunRunnable> runnable = Optional.ofNullable(context.runtime.run(context.run));
                     runnable.ifPresent(r -> {
                         //extract auth from security context to inflate secured credentials
-                        //TODO refactor properly
-                        if (r instanceof SecuredRunnable) {
-                            // check that auth is enabled via securityProperties
-                            Authentication auth = SecurityContextHolder.getContext().getAuthentication();
-                            if (auth != null && securityProperties.isRequired()) {
-                                Serializable credentials = jwtTokenService.generateCredentials(auth);
-                                if (credentials != null) {
-                                    ((SecuredRunnable) r).setCredentials(credentials);
-                                }
-                            }
+                        UserAuthentication<?> auth = UserAuthenticationHelper.getUserAuthentication();
+                        if (auth != null && r instanceof SecuredRunnable) {
+                            //get credentials from providers
+                            List<Credentials> credentials = credentialsService.getCredentials(
+                                (UserAuthentication<?>) auth
+                            );
+
+                            ((SecuredRunnable) r).setCredentials(credentials);
                         }
                     });
 

application/src/main/java/it/smartcommunitylabdhub/core/components/security/UserAuthenticationHelper.java

@@ -0,0 +1,39 @@
+package it.smartcommunitylabdhub.core.components.security;
+
+import it.smartcommunitylabdhub.authorization.model.UserAuthentication;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+
+public class UserAuthenticationHelper {
+
+    public static UserAuthentication<?> getUserAuthentication() {
+        Authentication auth = SecurityContextHolder.getContext().getAuthentication();
+
+        if (auth == null) {
+            return null;
+        }
+
+        if (auth instanceof UserAuthentication) {
+            return (UserAuthentication<?>) auth;
+        }
+
+        // //workaround: inflate basic auth tokens
+        // //TODO define authManager to produce proper authentication
+        // if (auth instanceof UsernamePasswordAuthenticationToken) {
+        //     UserAuthentication<UsernamePasswordAuthenticationToken> user = new UserAuthentication<>(
+        //         (UsernamePasswordAuthenticationToken) auth,
+        //         auth.getName(),
+        //         auth.getAuthorities()
+        //     );
+
+        //     //update context
+        //     SecurityContextHolder.getContext().setAuthentication(user);
+
+        //     return user;
+        // }
+
+        return null;
+    }
+
+    private UserAuthenticationHelper() {}
+}