From 42eb5af005487375e6e080c95037876cd02f9f22 Mon Sep 17 00:00:00 2001 From: "Kristen.Herum" Date: Tue, 12 Nov 2024 09:09:40 +0100 Subject: [PATCH] Refactor Maskinporten configuration and update dependencies #deploy-altinn3-tilgang-service Refactor Maskinporten configuration to use properties and update application-local.yml with new credentials and URL. Implement WebFilter for OpenAPI configuration, modify GetAccessTokenCommand to return a token string, and enhance error logging in WebClientFilter. Additionally, disable Flyway migrations for local database configurations. --- .../config/MaskinportenConfig.java | 29 +++++++++---------- .../config/OpenApiConfig.java | 19 +++++++++++- .../consumer/altinn/dto/AccessToken.java | 0 .../maskinporten/MaskinportenConsumer.java | 25 ++++++++-------- .../command/GetAccessTokenCommand.java | 7 ++--- .../command/GetWellKnownCommand.java | 2 +- .../domain/AccessToken.java | 0 .../reactivecore/utils/WebClientFilter.java | 5 +++- 8 files changed, 52 insertions(+), 35 deletions(-) create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AccessToken.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/domain/AccessToken.java diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/MaskinportenConfig.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/MaskinportenConfig.java index 263c0533f29..4632bbc4328 100644 --- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/MaskinportenConfig.java +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/MaskinportenConfig.java @@ -2,23 +2,22 @@ import lombok.Getter; import lombok.NoArgsConstructor; -import org.springframework.beans.factory.annotation.Value; +import lombok.Setter; +import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.context.annotation.Configuration; -@Getter -@Configuration -@NoArgsConstructor -public class MaskinportenConfig { - - @Value("${MASKINPORTEN_CLIENT_ID}") - private String clientId; +import static lombok.AccessLevel.PACKAGE; - @Value("${MASKINPORTEN_CLIENT_JWK}") - private String jwkPrivate; - @Value("${MASKINPORTEN_SCOPES}") - private String scope; +@Configuration +@ConfigurationProperties +@NoArgsConstructor(access = PACKAGE) +@Getter +@Setter(PACKAGE) +public class MaskinportenConfig { - @Value("${MASKINPORTEN_WELL_KNOWN_URL}") - private String wellKnownUrl; -} + private String maskinportenClientId; + private String maskinportenClientJwk; + private String maskinportenScopes; + private String maskinportenWellKnownUrl; +} \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/OpenApiConfig.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/OpenApiConfig.java index 556421eed34..5cd5983a7f9 100644 --- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/OpenApiConfig.java +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/config/OpenApiConfig.java @@ -13,10 +13,14 @@ import java.util.Arrays; import no.nav.testnav.libs.reactivecore.config.ApplicationProperties; +import org.springframework.web.server.ServerWebExchange; +import org.springframework.web.server.WebFilter; +import org.springframework.web.server.WebFilterChain; +import reactor.core.publisher.Mono; @Configuration -public class OpenApiConfig { +public class OpenApiConfig implements WebFilter { @Bean public OpenAPI openApi(ApplicationProperties applicationProperties) { @@ -46,4 +50,17 @@ public OpenAPI openApi(ApplicationProperties applicationProperties) { ) ); } + + @Override + public Mono filter(ServerWebExchange exchange, WebFilterChain chain) { + if (exchange.getRequest().getURI().getPath().equals("/swagger")) { + return chain + .filter(exchange.mutate() + .request(exchange.getRequest() + .mutate().path("/swagger-ui.html").build()) + .build()); + } + + return chain.filter(exchange); + } } \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AccessToken.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AccessToken.java new file mode 100644 index 00000000000..e69de29bb2d diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/MaskinportenConsumer.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/MaskinportenConsumer.java index beb815784dc..8ebec23a5f3 100644 --- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/MaskinportenConsumer.java +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/MaskinportenConsumer.java @@ -12,7 +12,6 @@ import no.nav.testnav.altinn3tilgangservice.config.MaskinportenConfig; import no.nav.testnav.altinn3tilgangservice.consumer.maskinporten.command.GetAccessTokenCommand; import no.nav.testnav.altinn3tilgangservice.consumer.maskinporten.command.GetWellKnownCommand; -import no.nav.testnav.altinn3tilgangservice.consumer.maskinporten.dto.AccessToken; import org.springframework.stereotype.Component; import org.springframework.web.reactive.function.client.WebClient; import reactor.core.publisher.Mono; @@ -36,23 +35,23 @@ public MaskinportenConsumer(MaskinportenConfig maskinportenConfig, WebClient.Bui public Mono getAccessToken() { - return new GetWellKnownCommand(webClient, maskinportenConfig).call() + return new GetWellKnownCommand(webClient, maskinportenConfig).call() .doOnNext(wellKnown -> log.info("Maskinporten wellKnown {}", wellKnown)) .flatMap(wellKnown -> new GetAccessTokenCommand(webClient, wellKnown, createJwtClaims(wellKnown.issuer())).call()) - .map(AccessToken::accessToken); + .doOnNext(response -> log.info("Hentet fra maskinporten {}", response)); } @SneakyThrows private String createJwtClaims(String audience) { var now = Instant.now(); - var rsaKey = RSAKey.parse(maskinportenConfig.getJwkPrivate()); + var rsaKey = RSAKey.parse(maskinportenConfig.getMaskinportenClientJwk()); return createSignedJWT(rsaKey, new JWTClaimsSet.Builder() .audience(audience) - .claim("scope", maskinportenConfig.getScope()) - .issuer(maskinportenConfig.getClientId()) + .claim("scope", maskinportenConfig.getMaskinportenScopes()) + .issuer(maskinportenConfig.getMaskinportenClientId()) .issueTime(Date.from(now)) .expirationTime(Date.from(now.plusSeconds(120))) .jwtID(UUID.randomUUID().toString()) @@ -63,13 +62,13 @@ private String createJwtClaims(String audience) { @SneakyThrows private SignedJWT createSignedJWT(RSAKey rsaJwk, JWTClaimsSet claimsSet) { - var header = new JWSHeader.Builder(JWSAlgorithm.RS256) - .keyID(rsaJwk.getKeyID()) - .type(JOSEObjectType.JWT); - var signedJWT = new SignedJWT(header.build(), claimsSet); - var signer = new RSASSASigner(rsaJwk.toPrivateKey()); - signedJWT.sign(signer); + var header = new JWSHeader.Builder(JWSAlgorithm.RS256) + .keyID(rsaJwk.getKeyID()) + .type(JOSEObjectType.JWT); + var signedJWT = new SignedJWT(header.build(), claimsSet); + var signer = new RSASSASigner(rsaJwk.toPrivateKey()); + signedJWT.sign(signer); - return signedJWT; + return signedJWT; } } diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/command/GetAccessTokenCommand.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/command/GetAccessTokenCommand.java index ea87d47f598..c4022d6f828 100644 --- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/command/GetAccessTokenCommand.java +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/command/GetAccessTokenCommand.java @@ -2,7 +2,6 @@ import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; -import no.nav.testnav.altinn3tilgangservice.consumer.maskinporten.dto.AccessToken; import no.nav.testnav.altinn3tilgangservice.consumer.maskinporten.dto.WellKnown; import no.nav.testnav.libs.reactivecore.utils.WebClientFilter; import org.springframework.web.reactive.function.BodyInserters; @@ -14,13 +13,13 @@ @Slf4j @RequiredArgsConstructor -public class GetAccessTokenCommand implements Callable> { +public class GetAccessTokenCommand implements Callable> { private final WebClient webClient; private final WellKnown wellKnown; private final String assertion; @Override - public Mono call() { + public Mono call() { return webClient.post() .uri(wellKnown.tokenEndpoint()) @@ -29,7 +28,7 @@ public Mono call() { .with("assertion", assertion) ) .retrieve() - .bodyToMono(AccessToken.class) + .bodyToMono(String.class) .doOnSuccess(value -> log.info("AccessToken hentet fra maskinporten.")) .doOnError(WebClientFilter::logErrorMessage) .cache(Duration.ofSeconds(10L)); diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/command/GetWellKnownCommand.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/command/GetWellKnownCommand.java index 9fc7d454719..610d47944ad 100644 --- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/command/GetWellKnownCommand.java +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/maskinporten/command/GetWellKnownCommand.java @@ -22,7 +22,7 @@ public class GetWellKnownCommand implements Callable> { public Mono call() { return webClient.get() - .uri(maskinportenConfig.getWellKnownUrl()) + .uri(maskinportenConfig.getMaskinportenWellKnownUrl()) .retrieve() .bodyToMono(WellKnown.class) .doOnSuccess(value -> log.info("WellKnown hentet for maskinporten.")) diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/domain/AccessToken.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/domain/AccessToken.java new file mode 100644 index 00000000000..e69de29bb2d diff --git a/libs/reactive-core/src/main/java/no/nav/testnav/libs/reactivecore/utils/WebClientFilter.java b/libs/reactive-core/src/main/java/no/nav/testnav/libs/reactivecore/utils/WebClientFilter.java index 83eac6dc0ec..870b7b817ae 100644 --- a/libs/reactive-core/src/main/java/no/nav/testnav/libs/reactivecore/utils/WebClientFilter.java +++ b/libs/reactive-core/src/main/java/no/nav/testnav/libs/reactivecore/utils/WebClientFilter.java @@ -60,7 +60,10 @@ public static HttpStatus getStatus(Throwable throwable) { public static void logErrorMessage(Throwable throwable) { - if (!(throwable instanceof WebClientResponseException)) { + if ((throwable instanceof WebClientResponseException webClientResponseException)) { + log.error("%s, %s".formatted(throwable.getMessage(), + webClientResponseException.getResponseBodyAsString()), throwable); + } else { log.error(throwable.getMessage(), throwable); } }