diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index f4c0cadb..9838a109 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -47,7 +47,7 @@ zipkinReporter = "3.5.1" # --- Authentication --- auth0Jwt = "4.5.0" -keycloak = "26.4.0" +keycloakAdminClient = "26.0.7" # --- Testing --- junitJupiter = "5.12.2" @@ -55,7 +55,7 @@ junitPlatform = "1.12.2" mockk = "1.14.5" assertj = "3.27.4" testcontainers = "1.21.3" -testcontainersKeycloak = "3.8.0" +testcontainersKeycloak = "3.9.0" # --- Resilience4j --- resilience4j = "2.3.0" @@ -162,7 +162,7 @@ spring-boot-starter-aop = { module = "org.springframework.boot:spring-boot-start # --- Authentication --- auth0-java-jwt = { module = "com.auth0:java-jwt", version.ref = "auth0Jwt" } -keycloak-admin-client = { module = "org.keycloak:keycloak-admin-client", version.ref = "keycloak" } +keycloak-admin-client = { module = "org.keycloak:keycloak-admin-client", version.ref = "keycloakAdminClient" } # --- Utilities --- uuid = { module = "com.benasher44:uuid", version.ref = "uuid" } @@ -272,7 +272,8 @@ testing-jvm = [ testcontainers = [ "testcontainers-core", "testcontainers-junit-jupiter", - "testcontainers-postgresql" + "testcontainers-postgresql", + "testcontainers-keycloak" ] # Bündelt alle Abhängigkeiten, die ein Service für Metriken und Tracing benötigt. monitoring-client = [ diff --git a/gradlew b/gradlew index 23d15a93..ef07e016 100755 --- a/gradlew +++ b/gradlew @@ -1,7 +1,7 @@ #!/bin/sh # -# Copyright © 2015-2021 the original authors. +# Copyright © 2015 the original authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. diff --git a/infrastructure/auth/auth-server/build.gradle.kts b/infrastructure/auth/auth-server/build.gradle.kts index c481a8a1..5cd07666 100644 --- a/infrastructure/auth/auth-server/build.gradle.kts +++ b/infrastructure/auth/auth-server/build.gradle.kts @@ -33,8 +33,10 @@ dependencies { // Spring Security für die Absicherung des Servers. implementation(libs.spring.boot.starter.security) implementation(libs.spring.boot.starter.oauth2.resource.server) + // Keycloak Admin Client zur Verwaltung von Benutzern und Realms. implementation(libs.keycloak.admin.client) + // API-Dokumentation mit OpenAPI/Swagger. implementation(libs.springdoc.openapi.starter.webmvc.ui) // Monitoring und Metriken für Production-Readiness. diff --git a/infrastructure/auth/auth-server/src/main/kotlin/at/mocode/infrastructure/auth/AuthServerApplication.kt b/infrastructure/auth/auth-server/src/main/kotlin/at/mocode/infrastructure/auth/AuthServerApplication.kt index f536df9f..a8bcb83a 100644 --- a/infrastructure/auth/auth-server/src/main/kotlin/at/mocode/infrastructure/auth/AuthServerApplication.kt +++ b/infrastructure/auth/auth-server/src/main/kotlin/at/mocode/infrastructure/auth/AuthServerApplication.kt @@ -3,9 +3,24 @@ package at.mocode.infrastructure.auth import org.springframework.boot.autoconfigure.SpringBootApplication import org.springframework.boot.runApplication +/** + * Hauptklasse für den Auth-Server. + * + * Dieser Service fungiert als zentraler Authentifizierungs- und Autorisierungsserver, + * der mit Keycloak kommuniziert und JWT-Token-Management bereitstellt. + * + * Funktionalitäten: + * - JWT Token Generation und Validierung + * - Integration mit Keycloak + * - Benutzer- und Berechtigungsverwaltung + * - REST API für Authentifizierung + */ @SpringBootApplication class AuthServerApplication +/** + * Haupteinstiegspunkt für den Auth-Server Service + */ fun main(args: Array) { runApplication(*args) } diff --git a/infrastructure/auth/auth-server/src/test/kotlin/at/mocode/infrastructure/auth/KeycloakIntegrationTest.kt b/infrastructure/auth/auth-server/src/test/kotlin/at/mocode/infrastructure/auth/KeycloakIntegrationTest.kt index 73b100b1..33dc3891 100644 --- a/infrastructure/auth/auth-server/src/test/kotlin/at/mocode/infrastructure/auth/KeycloakIntegrationTest.kt +++ b/infrastructure/auth/auth-server/src/test/kotlin/at/mocode/infrastructure/auth/KeycloakIntegrationTest.kt @@ -29,7 +29,7 @@ import java.time.Duration class KeycloakIntegrationTest { companion object { - private const val KEYCLOAK_VERSION = "25.0.2" + private const val KEYCLOAK_VERSION = "26.4.0" private const val KEYCLOAK_PORT = 8080 private const val KEYCLOAK_ADMIN_USER = "admin" private const val KEYCLOAK_ADMIN_PASSWORD = "admin" diff --git a/infrastructure/gateway/build.gradle.kts b/infrastructure/gateway/build.gradle.kts index ae040af0..47535f11 100644 --- a/infrastructure/gateway/build.gradle.kts +++ b/infrastructure/gateway/build.gradle.kts @@ -1,3 +1,5 @@ +import org.jetbrains.kotlin.gradle.tasks.KotlinCompile + // Dieses Modul ist das API-Gateway und der einzige öffentliche Einstiegspunkt // für alle externen Anfragen an das Meldestelle-System. plugins { @@ -104,3 +106,7 @@ tasks.register("integrationTest") { exceptionFormat = org.gradle.api.tasks.testing.logging.TestExceptionFormat.FULL } } +val compileKotlin: KotlinCompile by tasks +compileKotlin.compilerOptions { + freeCompilerArgs.set(listOf("-Xannotation-default-target=param-property")) +} diff --git a/infrastructure/gateway/src/main/kotlin/at/mocode/infrastructure/gateway/security/SecurityConfig.kt b/infrastructure/gateway/src/main/kotlin/at/mocode/infrastructure/gateway/security/SecurityConfig.kt index 5b90fa3b..31e6125c 100644 --- a/infrastructure/gateway/src/main/kotlin/at/mocode/infrastructure/gateway/security/SecurityConfig.kt +++ b/infrastructure/gateway/src/main/kotlin/at/mocode/infrastructure/gateway/security/SecurityConfig.kt @@ -8,8 +8,8 @@ import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity import org.springframework.security.config.web.server.ServerHttpSecurity -import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder import org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder +import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder import org.springframework.security.web.server.SecurityWebFilterChain import org.springframework.web.cors.CorsConfiguration import org.springframework.web.cors.reactive.CorsConfigurationSource @@ -66,8 +66,8 @@ import java.time.Duration @EnableConfigurationProperties(GatewaySecurityProperties::class) class SecurityConfig( private val securityProperties: GatewaySecurityProperties, - @Value("\${keycloak.issuer-uri:}") private val issuerUri: String, - @Value("\${keycloak.jwk-set-uri:}") private val jwkSetUri: String + @Value($$"${keycloak.issuer-uri:}") private val issuerUri: String, + @Value($$"${keycloak.jwk-set-uri:}") private val jwkSetUri: String ) { /** @@ -75,7 +75,7 @@ class SecurityConfig( * * Diese Methode konfiguriert die reaktive Sicherheits-Filterkette mit: * - CSRF deaktiviert für zustandslosen API-Betrieb - * - Expliziter CORS-Konfiguration für Cross-Origin-Unterstützung + * - Explizite CORS-Konfiguration für Cross-Origin-Unterstützung * - Permissiver Autorisierung (Authentifizierung durch den JWT-Filter) * * Die Konfiguration bleibt kompatibel mit der bestehenden Filterarchitektur