Merge pull request 'Implement liveness and readiness probes' (#3) from feature/22879 into develop

Author: fmichielssen

pom.xml

@@ -12,7 +12,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>2.0.0.RELEASE</version>
+                <version>2.3.3.RELEASE</version>
 		<relativePath />
 	</parent>
 
@@ -45,6 +45,11 @@
 			<id>alfresco</id>
 			<url>https://artifacts.alfresco.com/nexus/content/repositories/public/</url>
 		</repository>
+                <repository>
+                        <!-- Currently used only for the spring-social-github 1.0.0.M4 dependency -->
+                        <id>spring</id>
+                        <url>https://repo.spring.io/plugins-release/</url>
+                </repository>
 	</repositories>
 
 	<dependencies>
@@ -98,7 +103,7 @@
 		<dependency>
 			<groupId>org.springframework.security.oauth.boot</groupId>
 			<artifactId>spring-security-oauth2-autoconfigure</artifactId>
-			<version>2.1.2.RELEASE</version>
+			<version>2.3.3.RELEASE</version>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.security</groupId>
@@ -123,10 +128,13 @@
 			<artifactId>spring-security-test</artifactId>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-actuator</artifactId>
+		</dependency>
 
 		<!-- Spring social security components -->
-		<!-- Note: also includes an embedded datasource (H2) to remember social
-			logins -->
+		<!-- Note: also includes an embedded datasource (H2) to remember social logins -->
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-jdbc</artifactId>
@@ -223,6 +231,7 @@
 		<dependency>
 			<groupId>org.thymeleaf.extras</groupId>
 			<artifactId>thymeleaf-extras-springsecurity4</artifactId>
+			<version>3.0.2.RELEASE</version>
 		</dependency>
 		<dependency>
 			<groupId>org.webjars</groupId>
@@ -290,6 +299,7 @@
 
 				<executions>
 					<execution>
+			            <id>repackage</id>
 						<goals>
 							<goal>repackage</goal>
 						</goals>

src/main/java/eu/openanalytics/containerproxy/ContainerProxyApplication.java

@@ -30,9 +30,11 @@
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.event.ContextRefreshedEvent;
+import org.springframework.context.event.EventListener;
 import org.springframework.core.env.Environment;
+import org.springframework.web.filter.FormContentFilter;
 import org.springframework.web.filter.HiddenHttpMethodFilter;
-import org.springframework.web.filter.HttpPutFormContentFilter;
 
 import com.fasterxml.jackson.datatype.jsr353.JSR353Module;
 
@@ -41,6 +43,7 @@
 import java.net.UnknownHostException;
 import java.nio.file.Files;
 import java.nio.file.Paths;
+import java.util.Properties;
 
 @SpringBootApplication
 @ComponentScan("eu.openanalytics")
@@ -59,7 +62,9 @@ public static void main(String[] args) {
 
 		boolean hasExternalConfig = Files.exists(Paths.get(CONFIG_FILENAME));
 		if (!hasExternalConfig) app.setAdditionalProfiles(CONFIG_DEMO_PROFILE);
-
+		
+		setDefaultProperties(app);
+		
 		try {
 			app.setLogStartupInfo(false);
 			app.run(args);
@@ -75,6 +80,7 @@ public static void main(String[] args) {
 	public UndertowServletWebServerFactory servletContainer() {
 		UndertowServletWebServerFactory factory = new UndertowServletWebServerFactory();
 		factory.addDeploymentInfoCustomizers(info -> {
+			info.setPreservePathOnForward(false); // required for the /api/route/{id}/ endpoint to work properly
 			if (Boolean.valueOf(environment.getProperty("logging.requestdump", "false"))) {
 				info.addOuterHandlerChainWrapper(defaultHandler -> Handlers.requestDump(defaultHandler));
 			}
@@ -98,15 +104,8 @@ public UndertowServletWebServerFactory servletContainer() {
 	// Disable specific Spring filters that parse the request body, preventing it from being proxied.
 
 	@Bean
-	public FilterRegistrationBean<HiddenHttpMethodFilter> registration1(HiddenHttpMethodFilter filter) {
-		FilterRegistrationBean<HiddenHttpMethodFilter> registration = new FilterRegistrationBean<>(filter);
-		registration.setEnabled(false);
-		return registration;
-	}
-	
-	@Bean
-	public FilterRegistrationBean<HttpPutFormContentFilter> registration2(HttpPutFormContentFilter filter) {
-		FilterRegistrationBean<HttpPutFormContentFilter> registration = new FilterRegistrationBean<>(filter);
+	public FilterRegistrationBean<FormContentFilter> registration2(FormContentFilter filter) {
+		FilterRegistrationBean<FormContentFilter> registration = new FilterRegistrationBean<>(filter);
 		registration.setEnabled(false);
 		return registration;
 	}
@@ -119,4 +118,12 @@ public FilterRegistrationBean<HttpPutFormContentFilter> registration2(HttpPutFor
 	public JSR353Module jsr353Module() {
 	  return new JSR353Module();
 	}
+	
+	private static void setDefaultProperties(SpringApplication app ) {
+		Properties properties = new Properties();
+		properties.put("management.health.ldap.enabled", false);
+		properties.put("management.endpoint.health.probes.enabled", true);
+		app.setDefaultProperties(properties);
+	}
+	
 }

src/main/java/eu/openanalytics/containerproxy/auth/IAuthenticationBackend.java

@@ -24,6 +24,8 @@
 
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
+import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl;
 
 import eu.openanalytics.containerproxy.model.spec.ContainerSpec;
 
@@ -46,7 +48,7 @@ public interface IAuthenticationBackend {
 	/**
 	 * Perform customization on the http level, such as filters and login forms.
 	 */
-	public void configureHttpSecurity(HttpSecurity http) throws Exception;
+	public void configureHttpSecurity(HttpSecurity http, AuthorizedUrl anyRequestConfigurer) throws Exception;
 
 	/**
 	 * Perform customization on the authentication manager level, such as authentication

src/main/java/eu/openanalytics/containerproxy/auth/impl/KerberosAuthenticationBackend.java

@@ -32,6 +32,7 @@
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -45,6 +46,7 @@
 import org.springframework.security.kerberos.web.authentication.SpnegoAuthenticationProcessingFilter;
 import org.springframework.security.kerberos.web.authentication.SpnegoEntryPoint;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+import org.springframework.context.annotation.Lazy;
 
 import eu.openanalytics.containerproxy.auth.IAuthenticationBackend;
 import eu.openanalytics.containerproxy.auth.impl.kerberos.KRBClientCacheRegistry;
@@ -62,6 +64,7 @@ public class KerberosAuthenticationBackend implements IAuthenticationBackend {
 	@Inject
 	Environment environment;
 
+	@Lazy
 	@Inject
 	AuthenticationManager authenticationManager;
 
@@ -79,7 +82,7 @@ public boolean hasAuthorization() {
 	}
 
 	@Override
-	public void configureHttpSecurity(HttpSecurity http) throws Exception {
+	public void configureHttpSecurity(HttpSecurity http, AuthorizedUrl anyRequestConfigurer) throws Exception {
 
 		SpnegoAuthenticationProcessingFilter filter = new SpnegoAuthenticationProcessingFilter();
 		filter.setAuthenticationManager(authenticationManager);

src/main/java/eu/openanalytics/containerproxy/auth/impl/KeycloakAuthenticationBackend.java

@@ -56,6 +56,7 @@
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.GrantedAuthority;
@@ -98,7 +99,7 @@ public boolean hasAuthorization() {
 	}
 
 	@Override
-	public void configureHttpSecurity(HttpSecurity http) throws Exception {
+	public void configureHttpSecurity(HttpSecurity http, AuthorizedUrl anyRequestConfigurer) throws Exception {
 		http.formLogin().disable();
 
 		http

src/main/java/eu/openanalytics/containerproxy/auth/impl/LDAPAuthenticationBackend.java

@@ -39,6 +39,7 @@
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
@@ -67,7 +68,7 @@ public boolean hasAuthorization() {
 	}
 
 	@Override
-	public void configureHttpSecurity(HttpSecurity http) throws Exception {
+	public void configureHttpSecurity(HttpSecurity http, AuthorizedUrl anyRequestConfigurer) throws Exception {
 		// Nothing to do.
 	}
 

src/main/java/eu/openanalytics/containerproxy/auth/impl/NoAuthenticationBackend.java

@@ -22,6 +22,7 @@
 
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl;
 
 import eu.openanalytics.containerproxy.auth.IAuthenticationBackend;
 
@@ -43,7 +44,7 @@ public boolean hasAuthorization() {
 	}
 
 	@Override
-	public void configureHttpSecurity(HttpSecurity http) throws Exception {
+	public void configureHttpSecurity(HttpSecurity http, AuthorizedUrl anyRequestConfigurer) throws Exception {
 		// Nothing to do.
 	}
 

src/main/java/eu/openanalytics/containerproxy/auth/impl/OpenIDAuthenticationBackend.java

@@ -34,6 +34,7 @@
 import org.springframework.core.env.Environment;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
@@ -87,13 +88,13 @@ public boolean hasAuthorization() {
 	}
 
 	@Override
-	public void configureHttpSecurity(HttpSecurity http) throws Exception {
+	public void configureHttpSecurity(HttpSecurity http, AuthorizedUrl anyRequestConfigurer) throws Exception {
 		ClientRegistrationRepository clientRegistrationRepo = createClientRepo();
 		authorizedClientService = new InMemoryOAuth2AuthorizedClientService(clientRegistrationRepo);
 
+		anyRequestConfigurer.authenticated();
+		
 		http
-			.authorizeRequests().anyRequest().authenticated()
-			.and()
 			.oauth2Login()
 				.loginPage("/login")
 				.clientRegistrationRepository(clientRegistrationRepo)

src/main/java/eu/openanalytics/containerproxy/auth/impl/SAMLAuthenticationBackend.java

@@ -23,6 +23,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl;
 import org.springframework.security.saml.SAMLAuthenticationProvider;
 import org.springframework.security.saml.SAMLEntryPoint;
 import org.springframework.security.saml.metadata.MetadataGeneratorFilter;
@@ -61,7 +62,7 @@ public boolean hasAuthorization() {
 	}
 
 	@Override
-	public void configureHttpSecurity(HttpSecurity http) throws Exception {
+	public void configureHttpSecurity(HttpSecurity http, AuthorizedUrl anyRequestConfigurer) throws Exception {
 		http
 			.exceptionHandling().authenticationEntryPoint(samlEntryPoint)
 		.and()

src/main/java/eu/openanalytics/containerproxy/auth/impl/SimpleAuthenticationBackend.java

@@ -28,6 +28,7 @@
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.authentication.configurers.provisioning.InMemoryUserDetailsManagerConfigurer;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.AuthorizedUrl;
 
 import eu.openanalytics.containerproxy.auth.IAuthenticationBackend;
 
@@ -53,7 +54,7 @@ public boolean hasAuthorization() {
 	}
 
 	@Override
-	public void configureHttpSecurity(HttpSecurity http) throws Exception {
+	public void configureHttpSecurity(HttpSecurity http, AuthorizedUrl anyRequestConfigurer) throws Exception {
 		// Nothing to do.
 	}