Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce Spring Boot Security Starter & Oauth2 Camunda Run modules #4451

Closed
4 tasks done
Tracked by #4450
danielkelemen opened this issue Jun 24, 2024 · 5 comments
Closed
4 tasks done
Tracked by #4450

Introduce Spring Boot Security Starter & Oauth2 Camunda Run modules #4451

danielkelemen opened this issue Jun 24, 2024 · 5 comments
Assignees
@danielkelemen
Labels
scope:run Changes to the Run distribution. scope:spring-boot Changes to the Spring Boot starter. type:subtask Issues that are subtasks of another issue. Must always be part of the breakdown of the parent issue. version:7.22.0-alpha5 version:7.22.0

Comments

@danielkelemen
Copy link
Member

danielkelemen commented Jun 24, 2024
edited by yanavasileva
Loading

Acceptance Criteria (Required on creation)

  • There is an oauth2 Camunda Run module
    • This module can be activated via --oauth2 flag
  • There is a spring security Camunda Spring Boot module
  • These reference the required dependencies for Spring Security with oauth2
  • If activated, Spring Security is disabled for Camunda endpoints and regular Camunda auth is used.

Hints

  • License check!

Links

Breakdown

PRs
Preview Give feedback
  1. feat(run): add spring security module #4478
    bot:java-dependency-check bot:java-dependency-tree ci:run ci:spring-boot
    danielkelemen
  2. fix(ci): skip starter-security module for jdk11 stages #4568
    ci:jdk
    danielkelemen
  4. fix(modules): oauth2 module should be available for ce and ee #4572
    ci:skipTests ci:spring-boot
    yanavasileva
@danielkelemen danielkelemen mentioned this issue Jun 24, 2024
Closed
1 task
@danielkelemen danielkelemen added type:subtask Issues that are subtasks of another issue. Must always be part of the breakdown of the parent issue. scope:run Changes to the Run distribution. scope:spring-boot Changes to the Spring Boot starter. potential:7.22.0 labels Jun 24, 2024
@danielkelemen danielkelemen changed the title Define Spring Security & Oauth2 for Camunda Run Define Spring Security & Oauth2 module for Camunda Run Jun 24, 2024
@danielkelemen danielkelemen self-assigned this Jul 1, 2024
@punitdarira
Copy link
Contributor

Hi Daniel,
I would very much like to work on these security issues if no one else has already started working on it

@danielkelemen
Copy link
Member Author

Hi @punitdarira,
Thanks for the heads up!
There was a POC where many implementation details were already done. I think most work on these sub-tasks will be about testing. This issue is also mostly done already.
We still might be able to find you something, I will think about it and ping you!
-Daniel

danielkelemen added a commit that referenced this issue Jul 4, 2024
@danielkelemen
feat(run): add spring security module
6b60c1e 
related to #4451
@danielkelemen danielkelemen mentioned this issue Jul 4, 2024
Merged
@punitdarira
Copy link
Contributor

punitdarira commented Jul 4, 2024
edited
Loading

Thank you for the response @danielkelemen. Yes please do let me know I would love to work on spring-security

danielkelemen added a commit that referenced this issue Jul 5, 2024
@danielkelemen
feat(run): add spring security module
27fc72c 
related to #4451
danielkelemen added a commit that referenced this issue Jul 5, 2024
@danielkelemen
feat(run): add spring security module
05ae585 
related to #4451
danielkelemen added a commit that referenced this issue Aug 22, 2024
@danielkelemen
feat(run): add spring security module
c4cf52a 
related to #4451
@danielkelemen
Copy link
Member Author

danielkelemen commented Aug 28, 2024
edited
Loading

For the reviewer:

This change only adds a new module containing Spring Security. We decided that in Run it will be deactivated by default, in Boot it won't be deactivated.

You can test this in Spring Boot or Run:

Boot:

  • Run a Spring Boot application with the new camunda-bpm-spring-boot-starter-security dependency added
  <dependency>
    <groupId>org.camunda.bpm.springboot</groupId>
    <artifactId>camunda-bpm-spring-boot-starter-security</artifactId>
    <version>${camunda.version}</version> <!-- Not necessary, bom contains dependency -->
  </dependency>
  • Start application. Default Spring login form should appear.
  • You can disable this with some security filter chain configuration. This for instance turns it off:
@Bean
public SecurityFilterChain filterChainPermitAll(HttpSecurity http) throws Exception {
  http.authorizeHttpRequests(customizer -> customizer.anyRequest().permitAll())
      .cors(AbstractHttpConfigurer::disable)
      .csrf(AbstractHttpConfigurer::disable);
  return http.build();
}

Run:

  • Build Run, I usually do it with-pl distro/run/distro -am
  • Start Run with ./start.sh --webapps --rest --example --oauth2
  • Application works normally because Spring Security is configured to permit all by default.
  • This can be deactivated if someone deploys a Spring plugin jar with @EnableAutoConfig(exclude= CamundaBpmSpringSecurityDisableAutoConfiguration.class)

Some additional notes: #4478 (comment)

@danielkelemen danielkelemen changed the title Define Spring Security & Oauth2 module for Camunda Run Introduce Spring Boot Security Starter & Oauth2 Camunda Run modules Aug 28, 2024
@yanavasileva
Copy link
Member

yanavasileva commented Aug 28, 2024
edited
Loading

Started an example with camunda-bpm-spring-boot-starter-security. Spring login page is there.
I think Camunda Run with the new flag doesn't work as expected at the moment. Clarified that's expected

danielkelemen added a commit that referenced this issue Aug 29, 2024
@danielkelemen
feat(spring-boot/run): add spring security & oauth2 modules (#4478)
2368e55 
related to #4451
danielkelemen added a commit that referenced this issue Aug 30, 2024
@danielkelemen
fix(ci): skip starter-security module for jdk11 stages
541b730 
#4451
@danielkelemen danielkelemen mentioned this issue Aug 30, 2024
Merged
danielkelemen added a commit that referenced this issue Aug 30, 2024
@danielkelemen
fix(ci): skip starter-security module for jdk11 stages (#4568)
ef20a92 
related to #4451
@yanavasileva yanavasileva mentioned this issue Sep 3, 2024
Merged
yanavasileva added a commit that referenced this issue Sep 3, 2024
@yanavasileva
fix(modules): oauth2 module should be available for ce and ee (#4572)
2020a34 
Moving the `modules/oauth2` from `distro-ce` to `distro` profile since it should be available in both builds ce and ee.


#4451
hauptmedia added a commit to hauptmedia/operaton that referenced this issue Nov 6, 2024
@hauptmedia
feat(spring-boot/run): add spring security & oauth2 modules (#4478)
696b01d 
related to camunda/camunda-bpm-platform#4451

Backported commit 2368e55663 from the camunda-bpm-platform repository.
Original author: Daniel Kelemen <[email protected]>
@hauptmedia hauptmedia mentioned this issue Nov 6, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@danielkelemen danielkelemen

Labels
scope:run Changes to the Run distribution. scope:spring-boot Changes to the Spring Boot starter. type:subtask Issues that are subtasks of another issue. Must always be part of the breakdown of the parent issue. version:7.22.0-alpha5 version:7.22.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@danielkelemen @punitdarira @yanavasileva