Merge pull request #16 from consiglionazionaledellericerche/7-aggiung…

…ere-autenticazione-basic-auth-ai-servizi-rest-integrati

Aggiunta autenticazione Basic Auth per i servizi REST.

pom.xml

@@ -28,6 +28,10 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-security</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-quartz</artifactId>
@@ -36,10 +40,6 @@
 			<groupId>org.flywaydb</groupId>
 			<artifactId>flyway-core</artifactId>
 		</dependency>
-<!--		<dependency>-->
-<!--			<groupId>org.flywaydb</groupId>-->
-<!--			<artifactId>flyway-database-oracle</artifactId>-->
-<!--		</dependency>-->
 		<dependency>
 			<groupId>org.hibernate.validator</groupId>
 			<artifactId>hibernate-validator</artifactId>
@@ -181,5 +181,4 @@
 			</plugin>
 		</plugins>
 	</build>
-
-</project>
+</project>

src/main/java/it/cnr/iit/epas/timesheet/ugovpj/config/SecurityConfig.java

@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2024  Consiglio Nazionale delle Ricerche
+ *
+ *     This program is free software: you can redistribute it and/or modify
+ *     it under the terms of the GNU Affero General Public License as
+ *     published by the Free Software Foundation, either version 3 of the
+ *     License, or (at your option) any later version.
+ *
+ *     This program is distributed in the hope that it will be useful,
+ *     but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *     GNU Affero General Public License for more details.
+ *
+ *     You should have received a copy of the GNU Affero General Public License
+ *     along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+package it.cnr.iit.epas.timesheet.ugovpj.config;
+
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import lombok.ToString;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+import jakarta.validation.constraints.NotNull;
+
+/**
+ * Contenitore dei parametri di configurazione per l'autenticazione
+ * con i servizi REST dell'applicazione.
+ *
+ * @author Cristian Lucchesi
+ *
+ */
+@Data
+@EqualsAndHashCode
+@ToString
+@Configuration
+@ConfigurationProperties(prefix = "security")
+public class SecurityConfig {
+
+  @NotNull
+  private String username;
+  @NotNull
+  private String password;
+
+}

src/main/java/it/cnr/iit/epas/timesheet/ugovpj/config/SecurityFilter.java

@@ -0,0 +1,75 @@
+/*
+ * Copyright (C) 2024  Consiglio Nazionale delle Ricerche
+ *
+ *     This program is free software: you can redistribute it and/or modify
+ *     it under the terms of the GNU Affero General Public License as
+ *     published by the Free Software Foundation, either version 3 of the
+ *     License, or (at your option) any later version.
+ *
+ *     This program is distributed in the hope that it will be useful,
+ *     but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *     GNU Affero General Public License for more details.
+ *
+ *     You should have received a copy of the GNU Affero General Public License
+ *     along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+package it.cnr.iit.epas.timesheet.ugovpj.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.provisioning.InMemoryUserDetailsManager;
+import org.springframework.security.web.SecurityFilterChain;
+
+import lombok.RequiredArgsConstructor;
+
+/**
+ * Configurazione della catena di filtri necessaria per la security dell'applicazione.
+ *
+ * @author Cristian Lucchesi
+ *
+ */
+@RequiredArgsConstructor
+@EnableWebSecurity
+@Configuration
+public class SecurityFilter {
+
+  private final SecurityConfig securityConfig;
+
+  // User Creation
+  @Bean
+  public UserDetailsService userDetailsService(PasswordEncoder encoder) {
+
+    // InMemoryUserDetailsManager
+    UserDetails admin = User.withUsername(securityConfig.getUsername())
+        .password(encoder.encode(securityConfig.getPassword()))
+        .build();
+    return new InMemoryUserDetailsManager(admin);
+  }
+
+  /**
+   * Configurazione della catena di filtri di autenticazione da applicare ai metodi REST.
+   */
+  @Bean
+  public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+    http
+      .authorizeHttpRequests(authorize -> authorize
+        .requestMatchers("/v3/api-docs/**", "/swagger-ui/**").permitAll()
+        .anyRequest().authenticated())
+      .httpBasic(Customizer.withDefaults());
+    return http.build();
+  }
+
+  @Bean
+  public PasswordEncoder passwordEncoder() {
+    return new BCryptPasswordEncoder(8);
+  }
+}

src/main/resources/application.properties

@@ -21,9 +21,15 @@ logging.level.it.cnr.iit.epas=DEBUG
 
 #Impostazioni dell'applicazione
 
+# Informazioni per l'accesso di questo servizio ai servizi REST di ePAS
 epas.server-url=http://localhost:9000
-epas.username=
-epas.password=
+epas.username=epas.timesheet
+epas.password=timesheet
 
+# Informazioni interne al servizio per la gestione dei dati delle presenze/assenze
 timesheet.stampings-type=N
-timesheet.days-in-the-past=90
+timesheet.days-in-the-past=90
+
+# Utilizzata per autenticare le chiamate REST a questo servizio
+security.username=epas.timesheet
+security.password=timesheet