Refactor Maskinporten configuration and update dependencies

#deploy-altinn3-tilgang-service Refactor Maskinporten configuration to use properties and update application-local.yml with new credentials and URL. Implement WebFilter for OpenAPI configuration, modify GetAccessTokenCommand to return a token string, and enhance error logging in WebClientFilter. Additionally, disable Flyway migrations for local database configurations.
navikt · Nov 12, 2024 · 42eb5af · 42eb5af
1 parent 3e70034
commit 42eb5af
Show file tree

Hide file tree

Showing 8 changed files with 52 additions and 35 deletions.
diff --git a/...service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/MaskinportenConfig.java b/...service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/MaskinportenConfig.java
@@ -2,23 +2,22 @@
 
 import lombok.Getter;
 import lombok.NoArgsConstructor;
-import org.springframework.beans.factory.annotation.Value;
+import lombok.Setter;
+import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
 
-@Getter
-@Configuration
-@NoArgsConstructor
-public class MaskinportenConfig {
-
-    @Value("${MASKINPORTEN_CLIENT_ID}")
-    private String clientId;
+import static lombok.AccessLevel.PACKAGE;
 
-    @Value("${MASKINPORTEN_CLIENT_JWK}")
-    private String jwkPrivate;
 
-    @Value("${MASKINPORTEN_SCOPES}")
-    private String scope;
+@Configuration
+@ConfigurationProperties
+@NoArgsConstructor(access = PACKAGE)
+@Getter
+@Setter(PACKAGE)
+public class MaskinportenConfig {
 
-    @Value("${MASKINPORTEN_WELL_KNOWN_URL}")
-    private String wellKnownUrl;
-}
+    private String maskinportenClientId;
+    private String maskinportenClientJwk;
+    private String maskinportenScopes;
+    private String maskinportenWellKnownUrl;
+}
diff --git a/...gang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/OpenApiConfig.java b/...gang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/OpenApiConfig.java
@@ -13,10 +13,14 @@
 import java.util.Arrays;
 
 import no.nav.testnav.libs.reactivecore.config.ApplicationProperties;
+import org.springframework.web.server.ServerWebExchange;
+import org.springframework.web.server.WebFilter;
+import org.springframework.web.server.WebFilterChain;
+import reactor.core.publisher.Mono;
 
 
 @Configuration
-public class OpenApiConfig {
+public class OpenApiConfig implements WebFilter {
 
     @Bean
     public OpenAPI openApi(ApplicationProperties applicationProperties) {
@@ -46,4 +50,17 @@ public OpenAPI openApi(ApplicationProperties applicationProperties) {
                         )
                 );
     }
+
+    @Override
+    public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
+        if (exchange.getRequest().getURI().getPath().equals("/swagger")) {
+            return chain
+                    .filter(exchange.mutate()
+                            .request(exchange.getRequest()
+                                    .mutate().path("/swagger-ui.html").build())
+                            .build());
+        }
+
+        return chain.filter(exchange);
+    }
 }
diff --git a/...e/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AccessToken.java b/...e/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AccessToken.java
diff --git a/...java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/MaskinportenConsumer.java b/...java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/MaskinportenConsumer.java
@@ -12,7 +12,6 @@
 import no.nav.testnav.altinn3tilgangservice.config.MaskinportenConfig;
 import no.nav.testnav.altinn3tilgangservice.consumer.maskinporten.command.GetAccessTokenCommand;
 import no.nav.testnav.altinn3tilgangservice.consumer.maskinporten.command.GetWellKnownCommand;
-import no.nav.testnav.altinn3tilgangservice.consumer.maskinporten.dto.AccessToken;
 import org.springframework.stereotype.Component;
 import org.springframework.web.reactive.function.client.WebClient;
 import reactor.core.publisher.Mono;
@@ -36,23 +35,23 @@ public MaskinportenConsumer(MaskinportenConfig maskinportenConfig, WebClient.Bui
 
     public Mono<String> getAccessToken() {
 
-         return new GetWellKnownCommand(webClient, maskinportenConfig).call()
+        return new GetWellKnownCommand(webClient, maskinportenConfig).call()
                 .doOnNext(wellKnown -> log.info("Maskinporten wellKnown {}", wellKnown))
                 .flatMap(wellKnown -> new GetAccessTokenCommand(webClient, wellKnown,
                         createJwtClaims(wellKnown.issuer())).call())
-                .map(AccessToken::accessToken);
+                .doOnNext(response -> log.info("Hentet fra maskinporten {}", response));
     }
 
     @SneakyThrows
     private String createJwtClaims(String audience) {
 
         var now = Instant.now();
-        var rsaKey = RSAKey.parse(maskinportenConfig.getJwkPrivate());
+        var rsaKey = RSAKey.parse(maskinportenConfig.getMaskinportenClientJwk());
         return createSignedJWT(rsaKey,
                 new JWTClaimsSet.Builder()
                         .audience(audience)
-                        .claim("scope", maskinportenConfig.getScope())
-                        .issuer(maskinportenConfig.getClientId())
+                        .claim("scope", maskinportenConfig.getMaskinportenScopes())
+                        .issuer(maskinportenConfig.getMaskinportenClientId())
                         .issueTime(Date.from(now))
                         .expirationTime(Date.from(now.plusSeconds(120)))
                         .jwtID(UUID.randomUUID().toString())
@@ -63,13 +62,13 @@ private String createJwtClaims(String audience) {
     @SneakyThrows
     private SignedJWT createSignedJWT(RSAKey rsaJwk, JWTClaimsSet claimsSet) {
 
-            var header = new JWSHeader.Builder(JWSAlgorithm.RS256)
-                    .keyID(rsaJwk.getKeyID())
-                    .type(JOSEObjectType.JWT);
-            var signedJWT = new SignedJWT(header.build(), claimsSet);
-            var signer = new RSASSASigner(rsaJwk.toPrivateKey());
-            signedJWT.sign(signer);
+        var header = new JWSHeader.Builder(JWSAlgorithm.RS256)
+                .keyID(rsaJwk.getKeyID())
+                .type(JOSEObjectType.JWT);
+        var signedJWT = new SignedJWT(header.build(), claimsSet);
+        var signer = new RSASSASigner(rsaJwk.toPrivateKey());
+        signedJWT.sign(signer);
 
-            return signedJWT;
+        return signedJWT;
     }
 }
diff --git a/...av/testnav/altinn3tilgangservice/consumer/maskinporten/command/GetAccessTokenCommand.java b/...av/testnav/altinn3tilgangservice/consumer/maskinporten/command/GetAccessTokenCommand.java
@@ -2,7 +2,6 @@
 
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import no.nav.testnav.altinn3tilgangservice.consumer.maskinporten.dto.AccessToken;
 import no.nav.testnav.altinn3tilgangservice.consumer.maskinporten.dto.WellKnown;
 import no.nav.testnav.libs.reactivecore.utils.WebClientFilter;
 import org.springframework.web.reactive.function.BodyInserters;
@@ -14,13 +13,13 @@
 
 @Slf4j
 @RequiredArgsConstructor
-public class GetAccessTokenCommand implements Callable<Mono<AccessToken>> {
+public class GetAccessTokenCommand implements Callable<Mono<String>> {
     private final WebClient webClient;
     private final WellKnown wellKnown;
     private final String assertion;
 
     @Override
-    public Mono<AccessToken> call() {
+    public Mono<String> call() {
 
         return webClient.post()
                 .uri(wellKnown.tokenEndpoint())
@@ -29,7 +28,7 @@ public Mono<AccessToken> call() {
                         .with("assertion", assertion)
                 )
                 .retrieve()
-                .bodyToMono(AccessToken.class)
+                .bodyToMono(String.class)
                 .doOnSuccess(value -> log.info("AccessToken hentet fra maskinporten."))
                 .doOnError(WebClientFilter::logErrorMessage)
                 .cache(Duration.ofSeconds(10L));

diff --git a/.../nav/testnav/altinn3tilgangservice/consumer/maskinporten/command/GetWellKnownCommand.java b/.../nav/testnav/altinn3tilgangservice/consumer/maskinporten/command/GetWellKnownCommand.java
@@ -22,7 +22,7 @@ public class GetWellKnownCommand implements Callable<Mono<WellKnown>> {
     public Mono<WellKnown> call() {
 
         return webClient.get()
-                .uri(maskinportenConfig.getWellKnownUrl())
+                .uri(maskinportenConfig.getMaskinportenWellKnownUrl())
                 .retrieve()
                 .bodyToMono(WellKnown.class)
                 .doOnSuccess(value -> log.info("WellKnown hentet for maskinporten."))

diff --git a/...ilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/domain/AccessToken.java b/...ilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/domain/AccessToken.java
diff --git a/libs/reactive-core/src/main/java/no/nav/testnav/libs/reactivecore/utils/WebClientFilter.java b/libs/reactive-core/src/main/java/no/nav/testnav/libs/reactivecore/utils/WebClientFilter.java
@@ -60,7 +60,10 @@ public static HttpStatus getStatus(Throwable throwable) {
 
     public static void logErrorMessage(Throwable throwable) {
 
-        if (!(throwable instanceof WebClientResponseException)) {
+        if ((throwable instanceof WebClientResponseException webClientResponseException)) {
+            log.error("%s, %s".formatted(throwable.getMessage(),
+                    webClientResponseException.getResponseBodyAsString()), throwable);
+        } else {
             log.error(throwable.getMessage(), throwable);
         }
     }