diff --git a/apps/brreg-stub/docker-compose.sql b/apps/brreg-stub/docker-compose.sql
new file mode 100644
index 00000000000..a1386159aed
--- /dev/null
+++ b/apps/brreg-stub/docker-compose.sql
@@ -0,0 +1,2 @@
+SELECT 'CREATE DATABASE "testnav-brregstub"'
+WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'testnav-brregstub')\gexec
\ No newline at end of file
diff --git a/apps/brreg-stub/docker-compose.yml b/apps/brreg-stub/docker-compose.yml
new file mode 100644
index 00000000000..f129389717a
--- /dev/null
+++ b/apps/brreg-stub/docker-compose.yml
@@ -0,0 +1,11 @@
+services:
+
+ postgresql:
+ image: postgres
+ network_mode: host
+ shm_size: 128mb
+ environment:
+ POSTGRES_PASSWORD: ""
+ POSTGRES_HOST_AUTH_METHOD: trust
+ volumes:
+ - ./docker-compose.sql:/docker-entrypoint-initdb.d/init.sql
\ No newline at end of file
diff --git a/apps/dolly-backend/docker-compose.yml b/apps/dolly-backend/docker-compose.yml
new file mode 100644
index 00000000000..dc1ab075853
--- /dev/null
+++ b/apps/dolly-backend/docker-compose.yml
@@ -0,0 +1,28 @@
+services:
+
+ cloud_sql_proxy:
+ image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.14.2
+ network_mode: host
+ command:
+ - "dolly-dev-ff83:europe-north1:testnav-dolly-backend-local"
+ - "--credentials-file=/application_default_credentials.json"
+ - "--run-connection-test"
+ volumes:
+ - type: bind
+ # Set a variable $DOLLY_APPLICATION_CREDENTIALS. We don't use
+ # GOOGLE_APPLICATION_CREDENTIALS, as this causes an extra step during login.
+ #
+ # - $HOME/.config/gcloud/application_default_credentials.json for Linux/macOS.
+ # - $APPDATA/gcloud/application_default_credentials.json for Windows.
+ source: $DOLLY_APPLICATION_CREDENTIALS
+ target: /application_default_credentials.json
+
+ opensearch:
+ image: opensearchproject/opensearch:latest
+ ports:
+ - "9200:9200"
+ - "9600:9600"
+ environment:
+ discovery.type: single-node
+ plugins.security.disabled: "true"
+ OPENSEARCH_INITIAL_ADMIN_PASSWORD: YLAgOm}rz#o6#Aq
\ No newline at end of file
diff --git a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/instdata/mapper/InstdataMappingStrategy.java b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/instdata/mapper/InstdataMappingStrategy.java
index 6cda125ebf8..29ca884349b 100644
--- a/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/instdata/mapper/InstdataMappingStrategy.java
+++ b/apps/dolly-backend/src/main/java/no/nav/dolly/bestilling/instdata/mapper/InstdataMappingStrategy.java
@@ -10,7 +10,6 @@
import no.nav.dolly.mapper.MappingStrategy;
import org.springframework.stereotype.Component;
-import static java.util.Objects.nonNull;
import static no.nav.dolly.domain.resultset.inst.TssEksternId.ADAMSTUEN_SYKEHJEM;
import static no.nav.dolly.domain.resultset.inst.TssEksternId.HELGELANDSSYKEHUSET_HF;
import static no.nav.dolly.domain.resultset.inst.TssEksternId.INDRE_OSTFOLD_FENGSEL;
@@ -29,12 +28,6 @@ public void mapAtoB(RsInstdata rsInstdata, Instdata instdata, MappingContext con
instdata.setNorskident((String) context.getProperty("ident"));
instdata.setRegistrertAv("Dolly");
- if (nonNull(rsInstdata.getForventetSluttdato())) {
- instdata.setSluttdato(rsInstdata.getForventetSluttdato().toLocalDate());
- }
- if (nonNull(rsInstdata.getFaktiskSluttdato())) {
- instdata.setSluttdato(rsInstdata.getFaktiskSluttdato().toLocalDate());
- }
instdata.setOppholdstype(nullcheckSetDefaultValue(rsInstdata.getKategori(),
decideKategori(instdata.getInstitusjonstype())).name());
instdata.setTssEksternId(nullcheckSetDefaultValue(instdata.getTssEksternId(),
diff --git a/apps/dolly-backend/src/main/java/no/nav/dolly/domain/resultset/inst/Instdata.java b/apps/dolly-backend/src/main/java/no/nav/dolly/domain/resultset/inst/Instdata.java
index 448e3f7e262..6fb96fb61d3 100644
--- a/apps/dolly-backend/src/main/java/no/nav/dolly/domain/resultset/inst/Instdata.java
+++ b/apps/dolly-backend/src/main/java/no/nav/dolly/domain/resultset/inst/Instdata.java
@@ -23,6 +23,7 @@ public class Instdata {
private LocalDate startdato;
private LocalDate sluttdato;
+ private LocalDate forventetSluttdato;
private String registrertAv;
}
diff --git a/apps/dolly-frontend/src/main/js/src/components/bestilling/sammendrag/kriterier/BestillingKriterieMapper.tsx b/apps/dolly-frontend/src/main/js/src/components/bestilling/sammendrag/kriterier/BestillingKriterieMapper.tsx
index 99670b44fbf..f7007ca852c 100644
--- a/apps/dolly-frontend/src/main/js/src/components/bestilling/sammendrag/kriterier/BestillingKriterieMapper.tsx
+++ b/apps/dolly-frontend/src/main/js/src/components/bestilling/sammendrag/kriterier/BestillingKriterieMapper.tsx
@@ -1722,6 +1722,7 @@ const mapInst = (bestillingData, data) => {
institusjonstype: i.institusjonstype,
varighet: i.varighet,
startdato: i.startdato,
+ forventetSluttdato: i.forventetSluttdato,
sluttdato: i.sluttdato,
})
})
@@ -1739,6 +1740,7 @@ const mapInst = (bestillingData, data) => {
obj('Institusjonstype', showLabel('institusjonstype', inst.institusjonstype)),
obj('Varighet', inst.varighet && showLabel('varighet', inst.varighet)),
obj('Startdato', formatDate(inst.startdato)),
+ obj('Forventet sluttdato', formatDate(inst.forventetSluttdato)),
obj('Sluttdato', formatDate(inst.sluttdato)),
])
})
diff --git a/apps/dolly-frontend/src/main/js/src/components/bestillingsveileder/stegVelger/steg/steg1/paneler/Institusjonsopphold.tsx b/apps/dolly-frontend/src/main/js/src/components/bestillingsveileder/stegVelger/steg/steg1/paneler/Institusjonsopphold.tsx
index e27f9d27424..5e56a522c17 100644
--- a/apps/dolly-frontend/src/main/js/src/components/bestillingsveileder/stegVelger/steg/steg1/paneler/Institusjonsopphold.tsx
+++ b/apps/dolly-frontend/src/main/js/src/components/bestillingsveileder/stegVelger/steg/steg1/paneler/Institusjonsopphold.tsx
@@ -33,6 +33,7 @@ InstitusjonsoppholdPanel.initialValues = ({ set, del, has }) => ({
{
institusjonstype: runningE2ETest() ? 'AS' : '',
startdato: runningE2ETest() ? new Date() : '',
+ forventetSluttdato: '',
sluttdato: '',
},
])
diff --git a/apps/dolly-frontend/src/main/js/src/components/fagsystem/inst/form/Form.tsx b/apps/dolly-frontend/src/main/js/src/components/fagsystem/inst/form/Form.tsx
index f5c031ba7a7..14f890c9eb0 100644
--- a/apps/dolly-frontend/src/main/js/src/components/fagsystem/inst/form/Form.tsx
+++ b/apps/dolly-frontend/src/main/js/src/components/fagsystem/inst/form/Form.tsx
@@ -15,6 +15,7 @@ import { useFormContext } from 'react-hook-form'
export const initialValues = {
institusjonstype: '',
startdato: '',
+ forventetSluttdato: '',
sluttdato: '',
}
export const instAttributt = 'instdata'
@@ -56,6 +57,12 @@ export const InstForm = () => {
excludeDates={excludeDates}
maxDate={maxDate}
/>
+
+
)}
diff --git a/apps/endringsmelding-service/src/main/resources/application.yml b/apps/endringsmelding-service/src/main/resources/application.yml
index ca9967a8b1f..d7cdb8c63fc 100644
--- a/apps/endringsmelding-service/src/main/resources/application.yml
+++ b/apps/endringsmelding-service/src/main/resources/application.yml
@@ -4,7 +4,7 @@ spring:
application:
version: application.version.todo #TODO Finn ut hvordan denne kan settes fra gradle
name: endringsmelding-service
- desciption: Tjeneste for å sende endringsmeldinger
+ description: Tjeneste for å sende endringsmeldinger
security:
oauth2:
resourceserver:
diff --git a/apps/oppsummeringsdokument-service/docker-compose.yml b/apps/oppsummeringsdokument-service/docker-compose.yml
new file mode 100644
index 00000000000..70976e5ec07
--- /dev/null
+++ b/apps/oppsummeringsdokument-service/docker-compose.yml
@@ -0,0 +1,11 @@
+services:
+
+ opensearch:
+ image: opensearchproject/opensearch:latest
+ ports:
+ - "9200:9200"
+ - "9600:9600"
+ environment:
+ discovery.type: single-node
+ plugins.security.disabled: "true"
+ OPENSEARCH_INITIAL_ADMIN_PASSWORD: YLAgOm}rz#o6#Aq
\ No newline at end of file
diff --git a/apps/oppsummeringsdokument-service/src/main/java/no/nav/testnav/apps/oppsummeringsdokumentservice/config/OpensearchConfig.java b/apps/oppsummeringsdokument-service/src/main/java/no/nav/testnav/apps/oppsummeringsdokumentservice/config/OpenSearchConfig.java
similarity index 95%
rename from apps/oppsummeringsdokument-service/src/main/java/no/nav/testnav/apps/oppsummeringsdokumentservice/config/OpensearchConfig.java
rename to apps/oppsummeringsdokument-service/src/main/java/no/nav/testnav/apps/oppsummeringsdokumentservice/config/OpenSearchConfig.java
index 3bbf79940de..5b23d339530 100644
--- a/apps/oppsummeringsdokument-service/src/main/java/no/nav/testnav/apps/oppsummeringsdokumentservice/config/OpensearchConfig.java
+++ b/apps/oppsummeringsdokument-service/src/main/java/no/nav/testnav/apps/oppsummeringsdokumentservice/config/OpenSearchConfig.java
@@ -12,7 +12,7 @@
@Profile("prod")
@Configuration
-public class OpensearchConfig extends AbstractOpenSearchConfiguration {
+public class OpenSearchConfig extends AbstractOpenSearchConfiguration {
@Value("${open.search.username}")
private String username;
diff --git a/apps/oppsummeringsdokument-service/src/main/java/no/nav/testnav/apps/oppsummeringsdokumentservice/config/OpenSearchLocalConfig.java b/apps/oppsummeringsdokument-service/src/main/java/no/nav/testnav/apps/oppsummeringsdokumentservice/config/OpenSearchLocalConfig.java
index f04ec573dc7..b83369e9649 100644
--- a/apps/oppsummeringsdokument-service/src/main/java/no/nav/testnav/apps/oppsummeringsdokumentservice/config/OpenSearchLocalConfig.java
+++ b/apps/oppsummeringsdokument-service/src/main/java/no/nav/testnav/apps/oppsummeringsdokumentservice/config/OpenSearchLocalConfig.java
@@ -1,6 +1,5 @@
package no.nav.testnav.apps.oppsummeringsdokumentservice.config;
-import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.opensearch.client.RestHighLevelClient;
import org.opensearch.data.client.orhlc.AbstractOpenSearchConfiguration;
@@ -9,13 +8,12 @@
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
-import org.springframework.data.elasticsearch.repository.config.EnableElasticsearchRepositories;
import java.time.Duration;
@Slf4j
@Configuration
-@Profile("dev")
+@Profile("local")
public class OpenSearchLocalConfig extends AbstractOpenSearchConfiguration {
@Value("${open.search.uri}")
diff --git a/apps/oppsummeringsdokument-service/src/main/java/no/nav/testnav/apps/oppsummeringsdokumentservice/config/SecurityConfig.java b/apps/oppsummeringsdokument-service/src/main/java/no/nav/testnav/apps/oppsummeringsdokumentservice/config/SecurityConfig.java
index e2ff569c353..880f7ce71f9 100644
--- a/apps/oppsummeringsdokument-service/src/main/java/no/nav/testnav/apps/oppsummeringsdokumentservice/config/SecurityConfig.java
+++ b/apps/oppsummeringsdokument-service/src/main/java/no/nav/testnav/apps/oppsummeringsdokumentservice/config/SecurityConfig.java
@@ -13,7 +13,7 @@
@EnableWebSecurity
@Configuration
-@Profile({ "prod", "dev" })
+@Profile({ "prod", "local" })
public class SecurityConfig {
@Bean
diff --git a/apps/organisasjon-forvalter/docker-compose.yml b/apps/organisasjon-forvalter/docker-compose.yml
new file mode 100644
index 00000000000..15dda33be52
--- /dev/null
+++ b/apps/organisasjon-forvalter/docker-compose.yml
@@ -0,0 +1,18 @@
+services:
+
+ cloud_sql_proxy:
+ image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.14.2
+ network_mode: host
+ command:
+ - "dolly-dev-ff83:europe-north1:testnav-organisasjon-forvalter-local"
+ - "--credentials-file=/application_default_credentials.json"
+ - "--run-connection-test"
+ volumes:
+ - type: bind
+ # Set a variable $DOLLY_APPLICATION_CREDENTIALS. We don't use
+ # GOOGLE_APPLICATION_CREDENTIALS, as this causes an extra step during login.
+ #
+ # - $HOME/.config/gcloud/application_default_credentials.json for Linux/macOS.
+ # - $APPDATA/gcloud/application_default_credentials.json for Windows.
+ source: $DOLLY_APPLICATION_CREDENTIALS
+ target: /application_default_credentials.json
\ No newline at end of file
diff --git a/apps/organisasjon-tilgang-service/src/main/resources/application.yml b/apps/organisasjon-tilgang-service/src/main/resources/application.yml
index 1d4c4dbdf0a..543d3d30f23 100644
--- a/apps/organisasjon-tilgang-service/src/main/resources/application.yml
+++ b/apps/organisasjon-tilgang-service/src/main/resources/application.yml
@@ -4,7 +4,7 @@ spring:
application:
version: application.version.todo
name: testnav-organisasjon-tilgang-service
- desciption: Tjeneste for hente og sette tilganger for orgnisasjoner
+ description: Tjeneste for hente og sette tilganger for orgnisasjoner
security:
oauth2:
resourceserver:
diff --git a/apps/pdl-forvalter/docker-compose.yml b/apps/pdl-forvalter/docker-compose.yml
new file mode 100644
index 00000000000..797d32042e7
--- /dev/null
+++ b/apps/pdl-forvalter/docker-compose.yml
@@ -0,0 +1,18 @@
+services:
+
+ cloud_sql_proxy:
+ image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.14.2
+ network_mode: host
+ command:
+ - "dolly-dev-ff83:europe-north1:testnav-pdl-forvalter-local"
+ - "--credentials-file=/application_default_credentials.json"
+ - "--run-connection-test"
+ volumes:
+ - type: bind
+ # Set a variable $DOLLY_APPLICATION_CREDENTIALS. We don't use
+ # GOOGLE_APPLICATION_CREDENTIALS, as this causes an extra step during login.
+ #
+ # - $HOME/.config/gcloud/application_default_credentials.json for Linux/macOS.
+ # - $APPDATA/gcloud/application_default_credentials.json for Windows.
+ source: $DOLLY_APPLICATION_CREDENTIALS
+ target: /application_default_credentials.json
\ No newline at end of file
diff --git a/apps/person-search-service/docker-compose.yml b/apps/person-search-service/docker-compose.yml
new file mode 100644
index 00000000000..70976e5ec07
--- /dev/null
+++ b/apps/person-search-service/docker-compose.yml
@@ -0,0 +1,11 @@
+services:
+
+ opensearch:
+ image: opensearchproject/opensearch:latest
+ ports:
+ - "9200:9200"
+ - "9600:9600"
+ environment:
+ discovery.type: single-node
+ plugins.security.disabled: "true"
+ OPENSEARCH_INITIAL_ADMIN_PASSWORD: YLAgOm}rz#o6#Aq
\ No newline at end of file
diff --git a/apps/person-search-service/src/main/java/no/nav/registre/testnorge/personsearchservice/config/SecurityConfig.java b/apps/person-search-service/src/main/java/no/nav/registre/testnorge/personsearchservice/config/SecurityConfig.java
index be570dd7772..3ec05c5b72c 100644
--- a/apps/person-search-service/src/main/java/no/nav/registre/testnorge/personsearchservice/config/SecurityConfig.java
+++ b/apps/person-search-service/src/main/java/no/nav/registre/testnorge/personsearchservice/config/SecurityConfig.java
@@ -12,7 +12,7 @@
@EnableWebSecurity
@Configuration
-@Profile({ "prod", "dev" })
+@Profile({ "prod", "local" })
public class SecurityConfig {
@Bean
diff --git a/apps/person-search-service/src/main/resources/application-local.yml b/apps/person-search-service/src/main/resources/application-local.yml
index 897ae1309cd..2ce8cadd46f 100644
--- a/apps/person-search-service/src/main/resources/application-local.yml
+++ b/apps/person-search-service/src/main/resources/application-local.yml
@@ -1,5 +1,6 @@
AZURE_APP_CLIENT_ID: ${sm://azure-app-client-id}
AZURE_APP_CLIENT_SECRET: ${sm://azure-app-client-secret}
+TOKEN_X_ISSUER: https://tokenx.dev-gcp.nav.cloud.nais.io
spring:
config:
diff --git a/apps/profil-api/src/main/java/no/nav/registre/testnorge/profil/service/AzureAdTokenService.java b/apps/profil-api/src/main/java/no/nav/registre/testnorge/profil/service/AzureAdTokenService.java
index 07cbc158beb..f262be55d05 100644
--- a/apps/profil-api/src/main/java/no/nav/registre/testnorge/profil/service/AzureAdTokenService.java
+++ b/apps/profil-api/src/main/java/no/nav/registre/testnorge/profil/service/AzureAdTokenService.java
@@ -1,6 +1,7 @@
package no.nav.registre.testnorge.profil.service;
import lombok.extern.slf4j.Slf4j;
+import no.nav.testnav.libs.securitycore.domain.azuread.AzureClientCredential;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
@@ -15,21 +16,19 @@
import no.nav.testnav.libs.securitycore.command.azuread.OnBehalfOfExchangeCommand;
import no.nav.testnav.libs.securitycore.domain.AccessToken;
-import no.nav.testnav.libs.securitycore.domain.azuread.AzureNavClientCredential;
-import no.nav.testnav.libs.securitycore.domain.azuread.ClientCredential;
import no.nav.testnav.libs.servletsecurity.action.GetAuthenticatedToken;
@Slf4j
@Service
public class AzureAdTokenService {
private final WebClient webClient;
- private final ClientCredential clientCredential;
+ private final AzureClientCredential clientCredential;
private final GetAuthenticatedToken getAuthenticatedToken;
public AzureAdTokenService(
@Value("${http.proxy:#{null}}") String proxyHost,
@Value("${AAD_ISSUER_URI}") String issuerUrl,
- AzureNavClientCredential clientCredential,
+ AzureClientCredential clientCredential,
GetAuthenticatedToken getAuthenticatedToken
) {
log.info("Init custom AzureAd token exchange.");
diff --git a/apps/profil-api/src/main/resources/application.yml b/apps/profil-api/src/main/resources/application.yml
index 9878c224663..4c9b6cac076 100644
--- a/apps/profil-api/src/main/resources/application.yml
+++ b/apps/profil-api/src/main/resources/application.yml
@@ -4,7 +4,7 @@ spring:
application:
version: application.version.todo #TODO Finn ut hvordan denne kan settes fra gradle
name: testnorge-profil-api
- desciption: API for hente ut profil fra Azure Ad
+ description: API for hente ut profil fra Azure Ad
cluster: dev-gcp
namespace: dolly
security:
diff --git a/apps/synt-vedtakshistorikk-service/src/main/resources/logback-spring.xml b/apps/synt-vedtakshistorikk-service/src/main/resources/logback-spring.xml
index 80fd9d94742..46bc34e5e7b 100644
--- a/apps/synt-vedtakshistorikk-service/src/main/resources/logback-spring.xml
+++ b/apps/synt-vedtakshistorikk-service/src/main/resources/logback-spring.xml
@@ -3,6 +3,7 @@
+ true
true
diff --git a/apps/tenor-search-service/src/main/resources/application.yml b/apps/tenor-search-service/src/main/resources/application.yml
index a8a87170a82..765f641ea55 100644
--- a/apps/tenor-search-service/src/main/resources/application.yml
+++ b/apps/tenor-search-service/src/main/resources/application.yml
@@ -3,7 +3,7 @@ spring:
application:
version: 1
name: testnav-tenor-search-service
- desciption: Tjeneste som formidler søk til Tenor testdata hos Skatteetaten
+ description: Tjeneste som formidler søk til Tenor testdata hos Skatteetaten
security:
oauth2:
resourceserver:
diff --git a/apps/testnav-ident-pool/README.md b/apps/testnav-ident-pool/README.md
index 5e48730185e..7276b546d44 100644
--- a/apps/testnav-ident-pool/README.md
+++ b/apps/testnav-ident-pool/README.md
@@ -7,5 +7,4 @@ Identer kan frigjøres og benyttes om igjen
## Lokal kjøring
* [Generelt.](../../docs/local_general.md)
* [Secret Manager.](../../docs/local_secretmanager.md)
-* [Lokal PostgreSQL.](../../docs/local_db.md)
diff --git a/apps/tps-messaging-service/docker-compose.mqsc b/apps/tps-messaging-service/docker-compose.mqsc
new file mode 100644
index 00000000000..4464c8fda19
--- /dev/null
+++ b/apps/tps-messaging-service/docker-compose.mqsc
@@ -0,0 +1,2 @@
+DEFINE CHANNEL('Q1_TESTNAV_TPS_MSG_S') CHLTYPE(SVRCONN) MCAUSER('app') REPLACE
+SET CHLAUTH('Q1_TESTNAV_TPS_MSG_S') TYPE(ADDRESSMAP) ADDRESS('*') USERSRC(CHANNEL) CHCKCLNT(REQUIRED) DESCR('Allows connection via APP channel') ACTION(REPLACE)
\ No newline at end of file
diff --git a/apps/tps-messaging-service/docker-compose.yml b/apps/tps-messaging-service/docker-compose.yml
new file mode 100644
index 00000000000..0e9c4d822a0
--- /dev/null
+++ b/apps/tps-messaging-service/docker-compose.yml
@@ -0,0 +1,16 @@
+services:
+
+ mq:
+ image: icr.io/ibm-messaging/mq:latest
+ environment:
+ LICENSE: accept
+ MQ_QMGR_NAME: QM1
+ MQ_APP_USER: app
+ MQ_APP_PASSWORD: passw0rd
+ MQ_ADMIN_USER: admin
+ MQ_ADMIN_PASSWORD: passw0rd
+ ports:
+ - "127.0.0.1:1414:1414"
+ - "127.0.0.1:9443:9443"
+ volumes:
+ - ./docker-compose.mqsc:/etc/mqm/20-config.mqsc
\ No newline at end of file
diff --git a/apps/tps-messaging-service/src/main/resources/application.yml b/apps/tps-messaging-service/src/main/resources/application.yml
index 56048e1677b..c36f3d7945a 100644
--- a/apps/tps-messaging-service/src/main/resources/application.yml
+++ b/apps/tps-messaging-service/src/main/resources/application.yml
@@ -15,7 +15,7 @@ spring:
aad:
issuer-uri: ${AAD_ISSUER_URI}/v2.0
jwk-set-uri: ${AAD_ISSUER_URI}/discovery/v2.0/keys
- accepted-audience: ${AZURE_APP_CLIENT_ID}, api:// ${AZURE_APP_CLIENT_ID}
+ accepted-audience: ${AZURE_APP_CLIENT_ID}, api://${AZURE_APP_CLIENT_ID}
springdoc:
swagger-ui:
diff --git a/apps/udi-stub/docker-compose.sql b/apps/udi-stub/docker-compose.sql
new file mode 100644
index 00000000000..8d652f93cba
--- /dev/null
+++ b/apps/udi-stub/docker-compose.sql
@@ -0,0 +1,2 @@
+SELECT 'CREATE DATABASE "testnav-udistub"'
+WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = 'testnav-udistub')\gexec
\ No newline at end of file
diff --git a/apps/udi-stub/docker-compose.yml b/apps/udi-stub/docker-compose.yml
new file mode 100644
index 00000000000..f129389717a
--- /dev/null
+++ b/apps/udi-stub/docker-compose.yml
@@ -0,0 +1,11 @@
+services:
+
+ postgresql:
+ image: postgres
+ network_mode: host
+ shm_size: 128mb
+ environment:
+ POSTGRES_PASSWORD: ""
+ POSTGRES_HOST_AUTH_METHOD: trust
+ volumes:
+ - ./docker-compose.sql:/docker-entrypoint-initdb.d/init.sql
\ No newline at end of file
diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/config/SecureOAuth2ServerToServerConfiguration.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/config/SecureOAuth2ServerToServerConfiguration.java
index af8a38815fe..a33272d758a 100644
--- a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/config/SecureOAuth2ServerToServerConfiguration.java
+++ b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/config/SecureOAuth2ServerToServerConfiguration.java
@@ -1,48 +1,35 @@
package no.nav.testnav.libs.reactivesecurity.config;
-import no.nav.testnav.libs.reactivesecurity.domain.AzureNavProxyClientCredential;
-import no.nav.testnav.libs.reactivesecurity.exchange.azuread.NavAzureAdTokenService;
-import no.nav.testnav.libs.reactivesecurity.properties.TrygdeetatenAzureAdResourceServerProperties;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Import;
-
-import java.util.List;
-
import no.nav.testnav.libs.reactivesecurity.action.GetAuthenticatedResourceServerType;
import no.nav.testnav.libs.reactivesecurity.action.GetAuthenticatedToken;
import no.nav.testnav.libs.reactivesecurity.action.GetAuthenticatedUserId;
-import no.nav.testnav.libs.reactivesecurity.domain.AzureTrygdeetatenClientCredential;
import no.nav.testnav.libs.reactivesecurity.exchange.TokenExchange;
-import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureAdTokenService;
-import no.nav.testnav.libs.reactivesecurity.exchange.azuread.TrygdeetatenAzureAdTokenService;
import no.nav.testnav.libs.reactivesecurity.exchange.tokenx.TokenXService;
import no.nav.testnav.libs.reactivesecurity.manager.JwtReactiveAuthenticationManager;
import no.nav.testnav.libs.reactivesecurity.properties.AzureAdResourceServerProperties;
import no.nav.testnav.libs.reactivesecurity.properties.ResourceServerProperties;
import no.nav.testnav.libs.reactivesecurity.properties.TokenxResourceServerProperties;
-import no.nav.testnav.libs.securitycore.domain.azuread.AzureNavClientCredential;
+import no.nav.testnav.libs.reactivesecurity.properties.TrygdeetatenAzureAdResourceServerProperties;
import no.nav.testnav.libs.securitycore.domain.tokenx.TokenXProperties;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
+
+import java.util.List;
@Configuration
@Import({
- AzureNavClientCredential.class,
TokenXService.class,
TokenxResourceServerProperties.class,
AzureAdResourceServerProperties.class,
TrygdeetatenAzureAdResourceServerProperties.class,
- AzureAdTokenService.class,
TokenExchange.class,
GetAuthenticatedUserId.class,
GetAuthenticatedResourceServerType.class,
GetAuthenticatedToken.class,
- TokenXProperties.class,
- AzureTrygdeetatenClientCredential.class,
- TrygdeetatenAzureAdTokenService.class,
- AzureNavProxyClientCredential.class,
- NavAzureAdTokenService.class
+ TokenXProperties.class
})
public class SecureOAuth2ServerToServerConfiguration {
diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/domain/AccessScopes.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/domain/AccessScopes.java
deleted file mode 100644
index e1a65ddd613..00000000000
--- a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/domain/AccessScopes.java
+++ /dev/null
@@ -1,26 +0,0 @@
-package no.nav.testnav.libs.reactivesecurity.domain;
-
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.List;
-
-
-public class AccessScopes {
- private final List scopes;
-
- public AccessScopes(List scopes) {
- this.scopes = scopes;
- }
-
- public AccessScopes(String... scopes) {
- this.scopes = Arrays.asList(scopes);
- }
-
- public AccessScopes(Scopeable scopeable) {
- this.scopes = Collections.singletonList(scopeable.toScope());
- }
-
- public List getScopes() {
- return scopes;
- }
-}
diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/domain/AzureNavProxyClientCredential.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/domain/AzureNavProxyClientCredential.java
deleted file mode 100644
index bd5d322fdeb..00000000000
--- a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/domain/AzureNavProxyClientCredential.java
+++ /dev/null
@@ -1,24 +0,0 @@
-package no.nav.testnav.libs.reactivesecurity.domain;
-
-import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.annotation.Configuration;
-
-import no.nav.testnav.libs.securitycore.domain.azuread.ClientCredential;
-
-@Getter
-@EqualsAndHashCode(callSuper = false)
-@Configuration
-public class AzureNavProxyClientCredential extends ClientCredential {
- private final String tokenEndpoint;
-
- public AzureNavProxyClientCredential(
- @Value("${AZURE_NAV_OPENID_CONFIG_TOKEN_ENDPOINT:#{null}}") String tokenEndpoint,
- @Value("${AZURE_NAV_APP_CLIENT_ID:#{null}}") String clientId,
- @Value("${AZURE_NAV_APP_CLIENT_SECRET:#{null}}") String clientSecret
- ) {
- super(clientId, clientSecret);
- this.tokenEndpoint = tokenEndpoint;
- }
-}
diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/domain/AzureTrygdeetatenClientCredential.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/domain/AzureTrygdeetatenClientCredential.java
deleted file mode 100644
index 5e69f2cccbe..00000000000
--- a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/domain/AzureTrygdeetatenClientCredential.java
+++ /dev/null
@@ -1,41 +0,0 @@
-package no.nav.testnav.libs.reactivesecurity.domain;
-
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.annotation.Configuration;
-
-import java.util.Objects;
-
-import no.nav.testnav.libs.securitycore.domain.azuread.ClientCredential;
-
-@Configuration
-public class AzureTrygdeetatenClientCredential extends ClientCredential {
- private final String tokenEndpoint;
-
- public AzureTrygdeetatenClientCredential(
- @Value("${AZURE_TRYGDEETATEN_OPENID_CONFIG_TOKEN_ENDPOINT:#{null}}") String tokenEndpoint,
- @Value("${AZURE_TRYGDEETATEN_APP_CLIENT_ID:#{null}}") String clientId,
- @Value("${AZURE_TRYGDEETATEN_APP_CLIENT_SECRET:#{null}}") String clientSecret
- ) {
- super(clientId, clientSecret);
- this.tokenEndpoint = tokenEndpoint;
- }
-
- public String getTokenEndpoint() {
- return tokenEndpoint;
- }
-
-
- @Override
- public boolean equals(Object o) {
- if (this == o) return true;
- if (o == null || getClass() != o.getClass()) return false;
- if (!super.equals(o)) return false;
- AzureTrygdeetatenClientCredential that = (AzureTrygdeetatenClientCredential) o;
- return Objects.equals(tokenEndpoint, that.tokenEndpoint);
- }
-
- @Override
- public int hashCode() {
- return Objects.hash(super.hashCode(), tokenEndpoint);
- }
-}
diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/domain/Scopeable.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/domain/Scopeable.java
deleted file mode 100644
index c901355f115..00000000000
--- a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/domain/Scopeable.java
+++ /dev/null
@@ -1,5 +0,0 @@
-package no.nav.testnav.libs.reactivesecurity.domain;
-
-public interface Scopeable {
- String toScope();
-}
diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/TokenServiceAutoConfiguration.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/TokenServiceAutoConfiguration.java
new file mode 100644
index 00000000000..007f512f24f
--- /dev/null
+++ b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/TokenServiceAutoConfiguration.java
@@ -0,0 +1,86 @@
+package no.nav.testnav.libs.reactivesecurity.exchange;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import no.nav.testnav.libs.reactivesecurity.action.GetAuthenticatedToken;
+import no.nav.testnav.libs.reactivesecurity.action.GetAuthenticatedUserId;
+import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureTokenService;
+import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureNavTokenService;
+import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureTrygdeetatenTokenService;
+import no.nav.testnav.libs.securitycore.domain.azuread.*;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.AutoConfiguration;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Primary;
+import org.springframework.context.annotation.Profile;
+import org.springframework.util.Assert;
+
+@AutoConfiguration(after = ClientCredentialAutoConfiguration.class)
+public class TokenServiceAutoConfiguration {
+
+ @Value("${HTTP_PROXY:#{null}}")
+ private String httpProxy;
+
+ @Primary
+ @Bean
+ @Profile("test")
+ AzureTokenService azureAdTokenServiceTest(
+ AzureClientCredential clientCredential,
+ GetAuthenticatedToken getAuthenticatedToken
+ ) {
+ return new AzureTokenService(null, null, clientCredential, getAuthenticatedToken);
+ }
+
+ @Bean
+ @ConditionalOnDollyApplicationConfiguredForAzure
+ @ConditionalOnMissingBean(AzureTokenService.class)
+ AzureTokenService azureAdTokenService(
+ @Value("${AAD_ISSUER_URI:#{null}}") String issuerUrl,
+ AzureClientCredential clientCredential,
+ GetAuthenticatedToken getAuthenticatedToken
+ ) {
+ Assert.notNull(issuerUrl, "AAD_ISSUER_URI must be set");
+ return new AzureTokenService(httpProxy, issuerUrl, clientCredential, getAuthenticatedToken);
+ }
+
+ @Primary
+ @Bean
+ @Profile("test")
+ AzureNavTokenService azureNavTokenServiceTest(
+ AzureNavClientCredential azureNavClientCredential
+ ) {
+ return new AzureNavTokenService(null, azureNavClientCredential);
+ }
+
+ @Bean
+ @ConditionalOnDollyApplicationConfiguredForNav
+ @ConditionalOnMissingBean(AzureNavTokenService.class)
+ AzureNavTokenService azureNavTokenService(
+ AzureNavClientCredential azureNavClientCredential
+ ) {
+ return new AzureNavTokenService(httpProxy, azureNavClientCredential);
+ }
+
+ @Primary
+ @Bean
+ @Profile("test")
+ AzureTrygdeetatenTokenService trygdeetatenAzureAdTokenServiceTest(
+ AzureTrygdeetatenClientCredential clientCredential,
+ GetAuthenticatedUserId getAuthenticatedUserId,
+ ObjectMapper objectMapper
+ ) {
+ return new AzureTrygdeetatenTokenService(null, clientCredential, getAuthenticatedUserId, objectMapper);
+ }
+
+ @Bean
+ @ConditionalOnDollyApplicationConfiguredForTrygdeetaten
+ @ConditionalOnMissingBean(AzureTrygdeetatenTokenService.class)
+ AzureTrygdeetatenTokenService trygdeetatenAzureAdTokenService(
+ AzureTrygdeetatenClientCredential clientCredential,
+ GetAuthenticatedUserId getAuthenticatedUserId,
+ ObjectMapper objectMapper
+ ) {
+ return new AzureTrygdeetatenTokenService(httpProxy, clientCredential, getAuthenticatedUserId, objectMapper);
+ }
+
+}
diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/NavAzureAdTokenService.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/AzureNavTokenService.java
similarity index 66%
rename from libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/NavAzureAdTokenService.java
rename to libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/AzureNavTokenService.java
index 2800db0654c..ea7001cafd8 100644
--- a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/NavAzureAdTokenService.java
+++ b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/AzureNavTokenService.java
@@ -1,12 +1,16 @@
package no.nav.testnav.libs.reactivesecurity.exchange.azuread;
import lombok.extern.slf4j.Slf4j;
-import no.nav.testnav.libs.reactivesecurity.domain.AzureNavProxyClientCredential;
-import org.springframework.beans.factory.annotation.Value;
+import no.nav.testnav.libs.reactivesecurity.exchange.TokenService;
+import no.nav.testnav.libs.securitycore.command.azuread.ClientCredentialExchangeCommand;
+import no.nav.testnav.libs.securitycore.domain.AccessToken;
+import no.nav.testnav.libs.securitycore.domain.ResourceServerType;
+import no.nav.testnav.libs.securitycore.domain.ServerProperties;
+import no.nav.testnav.libs.securitycore.domain.azuread.AzureNavClientCredential;
+import no.nav.testnav.libs.securitycore.domain.azuread.ClientCredential;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
import org.springframework.http.client.reactive.ReactorClientHttpConnector;
-import org.springframework.stereotype.Service;
import org.springframework.web.reactive.function.client.WebClient;
import reactor.core.publisher.Mono;
import reactor.netty.http.client.HttpClient;
@@ -14,45 +18,43 @@
import java.net.URI;
-import no.nav.testnav.libs.reactivesecurity.exchange.ExchangeToken;
-import no.nav.testnav.libs.securitycore.command.azuread.ClientCredentialExchangeCommand;
-import no.nav.testnav.libs.securitycore.domain.AccessToken;
-import no.nav.testnav.libs.securitycore.domain.ServerProperties;
-import no.nav.testnav.libs.securitycore.domain.azuread.ClientCredential;
-
@Slf4j
-@Service
-public class NavAzureAdTokenService implements ExchangeToken {
+public class AzureNavTokenService implements TokenService {
private final WebClient webClient;
private final ClientCredential clientCredential;
- public NavAzureAdTokenService(
- @Value("${http.proxy:#{null}}") String proxyHost,
- AzureNavProxyClientCredential azureNavProxyClientCredential
+ public AzureNavTokenService(
+ String proxyHost,
+ AzureNavClientCredential azureNavClientCredential
) {
- this.clientCredential = azureNavProxyClientCredential;
+ this.clientCredential = azureNavClientCredential;
log.info("Init AzureAd Nav token service.");
WebClient.Builder builder = WebClient
.builder()
- .baseUrl(azureNavProxyClientCredential.getTokenEndpoint())
+ .baseUrl(azureNavClientCredential.getTokenEndpoint())
.defaultHeader(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_FORM_URLENCODED_VALUE);
if (proxyHost != null) {
log.trace("Setter opp proxy host {} for Client Credentials", proxyHost);
var uri = URI.create(proxyHost);
HttpClient httpClient = HttpClient
- .create()
- .proxy(proxy -> proxy
- .type(ProxyProvider.Proxy.HTTP)
- .host(uri.getHost())
- .port(uri.getPort()));
+ .create()
+ .proxy(proxy -> proxy
+ .type(ProxyProvider.Proxy.HTTP)
+ .host(uri.getHost())
+ .port(uri.getPort()));
builder.clientConnector(new ReactorClientHttpConnector(httpClient));
}
this.webClient = builder.build();
}
+ @Override
+ public ResourceServerType getType() {
+ return ResourceServerType.AZURE_AD;
+ }
+
@Override
public Mono exchange(ServerProperties serverProperties) {
return new ClientCredentialExchangeCommand(
diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/AzureAdTokenService.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/AzureTokenService.java
similarity index 79%
rename from libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/AzureAdTokenService.java
rename to libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/AzureTokenService.java
index e65534dcfde..438dab7256a 100644
--- a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/AzureAdTokenService.java
+++ b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/AzureTokenService.java
@@ -9,15 +9,12 @@
import no.nav.testnav.libs.securitycore.domain.ResourceServerType;
import no.nav.testnav.libs.securitycore.domain.ServerProperties;
import no.nav.testnav.libs.securitycore.domain.Token;
-import no.nav.testnav.libs.securitycore.domain.azuread.AzureNavClientCredential;
+import no.nav.testnav.libs.securitycore.domain.azuread.AzureClientCredential;
import no.nav.testnav.libs.securitycore.domain.azuread.ClientCredential;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
import org.springframework.http.client.reactive.ReactorClientHttpConnector;
import org.springframework.security.access.AccessDeniedException;
-import org.springframework.stereotype.Service;
import org.springframework.web.reactive.function.client.WebClient;
import reactor.core.publisher.Mono;
import reactor.netty.http.client.HttpClient;
@@ -29,17 +26,15 @@
import static java.util.Objects.isNull;
@Slf4j
-@Service
-@ConditionalOnProperty("spring.security.oauth2.resourceserver.aad.issuer-uri")
-public class AzureAdTokenService implements TokenService {
+public class AzureTokenService implements TokenService {
private final WebClient webClient;
private final ClientCredential clientCredential;
private final GetAuthenticatedToken getAuthenticatedToken;
- public AzureAdTokenService(
- @Value("${http.proxy:#{null}}") String proxyHost,
- @Value("${AAD_ISSUER_URI}") String issuerUrl,
- AzureNavClientCredential azureNavClientCredential,
+ public AzureTokenService(
+ String proxyHost,
+ String issuerUrl,
+ AzureClientCredential azureClientCredential,
GetAuthenticatedToken getAuthenticatedToken
) {
log.info("Init AzureAd token exchange.");
@@ -53,17 +48,17 @@ public AzureAdTokenService(
log.trace("Setter opp proxy host {} for Client Credentials", proxyHost);
var uri = URI.create(proxyHost);
builder.clientConnector(new ReactorClientHttpConnector(
- HttpClient
- .create()
- .proxy(proxy -> proxy
- .type(ProxyProvider.Proxy.HTTP)
- .host(uri.getHost())
- .port(uri.getPort()))
+ HttpClient
+ .create()
+ .proxy(proxy -> proxy
+ .type(ProxyProvider.Proxy.HTTP)
+ .host(uri.getHost())
+ .port(uri.getPort()))
));
}
this.webClient = builder.build();
this.getAuthenticatedToken = getAuthenticatedToken;
- this.clientCredential = azureNavClientCredential;
+ this.clientCredential = azureClientCredential;
}
@Override
diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/TrygdeetatenAzureAdTokenService.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/AzureTrygdeetatenTokenService.java
similarity index 90%
rename from libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/TrygdeetatenAzureAdTokenService.java
rename to libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/AzureTrygdeetatenTokenService.java
index c1a8adb73b2..a6fae4111f7 100644
--- a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/TrygdeetatenAzureAdTokenService.java
+++ b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/exchange/azuread/AzureTrygdeetatenTokenService.java
@@ -4,17 +4,16 @@
import lombok.SneakyThrows;
import lombok.extern.slf4j.Slf4j;
import no.nav.testnav.libs.reactivesecurity.action.GetAuthenticatedUserId;
-import no.nav.testnav.libs.reactivesecurity.domain.AzureTrygdeetatenClientCredential;
-import no.nav.testnav.libs.reactivesecurity.exchange.ExchangeToken;
+import no.nav.testnav.libs.reactivesecurity.exchange.TokenService;
import no.nav.testnav.libs.securitycore.command.azuread.ClientCredentialExchangeCommand;
import no.nav.testnav.libs.securitycore.domain.AccessToken;
+import no.nav.testnav.libs.securitycore.domain.ResourceServerType;
import no.nav.testnav.libs.securitycore.domain.ServerProperties;
+import no.nav.testnav.libs.securitycore.domain.azuread.AzureTrygdeetatenClientCredential;
import no.nav.testnav.libs.securitycore.domain.azuread.ClientCredential;
-import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
import org.springframework.http.client.reactive.ReactorClientHttpConnector;
-import org.springframework.stereotype.Service;
import org.springframework.web.reactive.function.client.WebClient;
import reactor.core.publisher.Mono;
import reactor.netty.http.client.HttpClient;
@@ -29,8 +28,7 @@
import static java.util.Objects.nonNull;
@Slf4j
-@Service
-public class TrygdeetatenAzureAdTokenService implements ExchangeToken {
+public class AzureTrygdeetatenTokenService implements TokenService {
private final WebClient webClient;
private final ClientCredential clientCredential;
@@ -38,8 +36,8 @@ public class TrygdeetatenAzureAdTokenService implements ExchangeToken {
private final Map tokenCache;
private final GetAuthenticatedUserId getAuthenticatedUserId;
- public TrygdeetatenAzureAdTokenService(
- @Value("${http.proxy:#{null}}") String proxyHost,
+ public AzureTrygdeetatenTokenService(
+ String proxyHost,
AzureTrygdeetatenClientCredential azureTrygdeetatenClientCredential,
GetAuthenticatedUserId getAuthenticatedUserId,
ObjectMapper objectMapper) {
@@ -70,6 +68,11 @@ public TrygdeetatenAzureAdTokenService(
this.webClient = builder.build();
}
+ @Override
+ public ResourceServerType getType() {
+ return ResourceServerType.AZURE_AD;
+ }
+
@Override
public Mono exchange(ServerProperties serverProperties) {
diff --git a/libs/reactive-security/src/main/resources/META-INF/additional-spring-configuration-metadata.json b/libs/reactive-security/src/main/resources/META-INF/additional-spring-configuration-metadata.json
new file mode 100644
index 00000000000..2018d3e877b
--- /dev/null
+++ b/libs/reactive-security/src/main/resources/META-INF/additional-spring-configuration-metadata.json
@@ -0,0 +1,9 @@
+{
+ "properties": [
+ {
+ "name": "HTTP_PROXY",
+ "type": "java.lang.String",
+ "description": "Satt av NAIS i pod, hvis NAIS-manifestet har spec.webproxy."
+ }
+ ]
+}
\ No newline at end of file
diff --git a/libs/reactive-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/libs/reactive-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
new file mode 100644
index 00000000000..618cfd98c75
--- /dev/null
+++ b/libs/reactive-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
@@ -0,0 +1 @@
+no.nav.testnav.libs.reactivesecurity.exchange.TokenServiceAutoConfiguration
\ No newline at end of file
diff --git a/libs/reactive-session-security/src/main/java/no/nav/testnav/libs/reactivesessionsecurity/exchange/AzureAdTokenExchange.java b/libs/reactive-session-security/src/main/java/no/nav/testnav/libs/reactivesessionsecurity/exchange/AzureAdTokenExchange.java
index 3df7e1c9e9f..e3d73c62bd4 100644
--- a/libs/reactive-session-security/src/main/java/no/nav/testnav/libs/reactivesessionsecurity/exchange/AzureAdTokenExchange.java
+++ b/libs/reactive-session-security/src/main/java/no/nav/testnav/libs/reactivesessionsecurity/exchange/AzureAdTokenExchange.java
@@ -1,15 +1,13 @@
package no.nav.testnav.libs.reactivesessionsecurity.exchange;
-import com.fasterxml.jackson.databind.ObjectMapper;
import lombok.extern.slf4j.Slf4j;
import no.nav.testnav.libs.reactivesessionsecurity.resolver.TokenResolver;
import no.nav.testnav.libs.securitycore.command.azuread.OnBehalfOfExchangeCommand;
import no.nav.testnav.libs.securitycore.domain.AccessToken;
import no.nav.testnav.libs.securitycore.domain.ServerProperties;
-import no.nav.testnav.libs.securitycore.domain.azuread.AzureNavClientCredential;
+import no.nav.testnav.libs.securitycore.domain.azuread.AzureClientCredential;
import no.nav.testnav.libs.securitycore.domain.azuread.ClientCredential;
import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.annotation.Import;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
import org.springframework.stereotype.Service;
@@ -19,9 +17,6 @@
@Slf4j
@Service
-@Import({
- AzureNavClientCredential.class
-})
public class AzureAdTokenExchange implements ExchangeToken {
private final WebClient webClient;
private final TokenResolver tokenResolver;
@@ -30,7 +25,7 @@ public class AzureAdTokenExchange implements ExchangeToken {
public AzureAdTokenExchange(
@Value("${AAD_ISSUER_URI}") String issuerUrl,
TokenResolver tokenResolver,
- AzureNavClientCredential clientCredential) {
+ AzureClientCredential clientCredential) {
this.webClient = WebClient
.builder()
diff --git a/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/AzureClientCredential.java b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/AzureClientCredential.java
new file mode 100644
index 00000000000..ee581bc6c40
--- /dev/null
+++ b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/AzureClientCredential.java
@@ -0,0 +1,9 @@
+package no.nav.testnav.libs.securitycore.domain.azuread;
+
+public class AzureClientCredential extends ClientCredential {
+
+ AzureClientCredential(String tokenEndpoint, String clientId, String clientSecret) {
+ super(tokenEndpoint, clientId, clientSecret);
+ }
+
+}
\ No newline at end of file
diff --git a/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/AzureNavClientCredential.java b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/AzureNavClientCredential.java
index f7bbf72b012..01613b6bc6e 100644
--- a/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/AzureNavClientCredential.java
+++ b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/AzureNavClientCredential.java
@@ -1,16 +1,9 @@
package no.nav.testnav.libs.securitycore.domain.azuread;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.annotation.Configuration;
-
-@Configuration
public class AzureNavClientCredential extends ClientCredential {
- public AzureNavClientCredential(
- @Value("${AZURE_APP_CLIENT_ID:#{null}}") String clientId,
- @Value("${AZURE_APP_CLIENT_SECRET:#{null}}") String clientSecret
- ) {
- super(clientId, clientSecret);
+ AzureNavClientCredential(String tokenEndpoint, String clientId, String clientSecret) {
+ super(tokenEndpoint, clientId, clientSecret);
}
}
diff --git a/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/AzureTrygdeetatenClientCredential.java b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/AzureTrygdeetatenClientCredential.java
new file mode 100644
index 00000000000..0b454e37472
--- /dev/null
+++ b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/AzureTrygdeetatenClientCredential.java
@@ -0,0 +1,9 @@
+package no.nav.testnav.libs.securitycore.domain.azuread;
+
+public class AzureTrygdeetatenClientCredential extends ClientCredential {
+
+ AzureTrygdeetatenClientCredential(String tokenEndpoint, String clientId, String clientSecret) {
+ super(tokenEndpoint, clientId, clientSecret);
+ }
+
+}
diff --git a/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ClientCredential.java b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ClientCredential.java
index c1d621f8bbc..774eddf9cdb 100644
--- a/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ClientCredential.java
+++ b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ClientCredential.java
@@ -1,17 +1,46 @@
package no.nav.testnav.libs.securitycore.domain.azuread;
-import lombok.Data;
+import lombok.EqualsAndHashCode;
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+import org.springframework.util.StringUtils;
-@Data
+import static lombok.AccessLevel.PACKAGE;
+
+@RequiredArgsConstructor(access = PACKAGE)
+@Getter
+@EqualsAndHashCode
public class ClientCredential {
+
+ private final String tokenEndpoint;
private final String clientId;
private final String clientSecret;
@Override
public final String toString() {
- return "ClientCredential{" +
- "clientId=[HIDDEN]" +
- ", clientSecret=[HIDDEN]" +
- '}';
+ return "%s{tokenEndpoint=%s,clientId=[%s],clientSecret=[%s]}"
+ .formatted(
+ getClass().getSimpleName(),
+ tokenEndpoint,
+ maskClientId(clientId),
+ maskClientSecret(clientSecret)
+ );
+ }
+
+ private static String maskClientId(String clientId) {
+ if (!StringUtils.hasText(clientId) || clientId.length() <= 2) {
+ return clientId;
+ }
+ var firstChar = clientId.charAt(0);
+ var lastChar = clientId.charAt(clientId.length() - 1);
+ return firstChar + "*".repeat(clientId.length() - 2) + lastChar;
}
+
+ private static String maskClientSecret(String clientSecret) {
+ if (!StringUtils.hasText(clientSecret)) {
+ return clientSecret; // Return as is if null or empty
+ }
+ return "*".repeat(clientSecret.length());
+ }
+
}
diff --git a/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ClientCredentialAutoConfiguration.java b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ClientCredentialAutoConfiguration.java
new file mode 100644
index 00000000000..581db32964e
--- /dev/null
+++ b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ClientCredentialAutoConfiguration.java
@@ -0,0 +1,73 @@
+package no.nav.testnav.libs.securitycore.domain.azuread;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.AutoConfiguration;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Primary;
+import org.springframework.context.annotation.Profile;
+import org.springframework.util.Assert;
+
+@AutoConfiguration
+public class ClientCredentialAutoConfiguration {
+
+ private static final String TEST_TOKEN_ENDPOINT = "test-token-endpoint";
+ private static final String TEST_CLIENT_ID = "test-client-id";
+ private static final String TEST_CLIENT_SECRET = "test-client-secret";
+
+ @Primary
+ @Bean
+ @Profile("test")
+ AzureClientCredential azureClientCredentialTest() {
+ return new AzureClientCredential(TEST_TOKEN_ENDPOINT, TEST_CLIENT_ID, TEST_CLIENT_SECRET);
+ }
+
+ @Bean
+ @ConditionalOnDollyApplicationConfiguredForAzure
+ @ConditionalOnMissingBean(AzureClientCredential.class)
+ AzureClientCredential azureClientCredential(
+ @Value("${AAD_ISSUER_URI}") String azureTokenEndpoint, // TODO: Not currently used, AAD_ISSUER_URI is hardcoded elsewhere; should be refactored to use AZURE_OPENID_CONFIG_TOKEN_ENDPOINT instead.
+ @Value("${AZURE_APP_CLIENT_ID}") String azureClientId,
+ @Value("${AZURE_APP_CLIENT_SECRET}") String azureClientSecret
+ ) {
+
+ return new AzureClientCredential(azureTokenEndpoint, azureClientId, azureClientSecret);
+ }
+
+ @Primary
+ @Bean
+ @Profile("test")
+ AzureTrygdeetatenClientCredential azureTrygdeetatenClientCredentialTest() {
+ return new AzureTrygdeetatenClientCredential(TEST_TOKEN_ENDPOINT, TEST_CLIENT_ID, TEST_CLIENT_SECRET);
+ }
+
+ @Bean
+ @ConditionalOnDollyApplicationConfiguredForTrygdeetaten
+ @ConditionalOnMissingBean(AzureTrygdeetatenClientCredential.class)
+ AzureTrygdeetatenClientCredential azureTrygdeetatenClientCredential(
+ @Value("${AZURE_TRYGDEETATEN_OPENID_CONFIG_TOKEN_ENDPOINT}") String azureTrygdeetatenTokenEndpoint,
+ @Value("${AZURE_TRYGDEETATEN_APP_CLIENT_ID}") String azureTrygdeetatenClientId,
+ @Value("${AZURE_TRYGDEETATEN_APP_CLIENT_SECRET}") String azureTrygdeetatenClientSecret
+ ) {
+ return new AzureTrygdeetatenClientCredential(azureTrygdeetatenTokenEndpoint, azureTrygdeetatenClientId, azureTrygdeetatenClientSecret);
+ }
+
+ @Primary
+ @Bean
+ @Profile("test")
+ AzureNavClientCredential azureNavClientCredentialTest() {
+ return new AzureNavClientCredential(TEST_TOKEN_ENDPOINT, TEST_CLIENT_ID, TEST_CLIENT_SECRET);
+ }
+
+ @Bean
+ @ConditionalOnDollyApplicationConfiguredForNav
+ @ConditionalOnMissingBean(AzureNavClientCredential.class)
+ AzureNavClientCredential azureNavClientCredential(
+ @Value("${AZURE_NAV_OPENID_CONFIG_TOKEN_ENDPOINT}") String azureNavTokenEndpoint,
+ @Value("${AZURE_NAV_APP_CLIENT_ID}") String azureNavClientId,
+ @Value("${AZURE_NAV_APP_CLIENT_SECRET}") String azureNavClientSecret
+ ) {
+ return new AzureNavClientCredential(azureNavTokenEndpoint, azureNavClientId, azureNavClientSecret);
+ }
+
+}
diff --git a/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForAzure.java b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForAzure.java
new file mode 100644
index 00000000000..31c111db587
--- /dev/null
+++ b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForAzure.java
@@ -0,0 +1,54 @@
+package no.nav.testnav.libs.securitycore.domain.azuread;
+
+import org.springframework.boot.autoconfigure.condition.ConditionOutcome;
+import org.springframework.boot.autoconfigure.condition.SpringBootCondition;
+import org.springframework.context.annotation.ConditionContext;
+import org.springframework.context.annotation.Conditional;
+import org.springframework.core.type.AnnotatedTypeMetadata;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import java.util.Arrays;
+import java.util.List;
+
+import static org.springframework.util.StringUtils.hasText;
+
+/**
+ * Conditional that matches if the application is configured for Nav.
+ * Requires the following properties set:
+ *
+ * - AAD_ISSUER_URI
+ * - AZURE_APP_CLIENT_ID
+ * - AZURE_APP_CLIENT_SECRET
+ *
+ */
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.TYPE, ElementType.METHOD})
+@Conditional(OnDollyApplicationConfiguredForAzureCondition.class)
+public @interface ConditionalOnDollyApplicationConfiguredForAzure {
+}
+
+class OnDollyApplicationConfiguredForAzureCondition extends SpringBootCondition {
+
+ private static final List REQUIRED = Arrays.asList(
+ "AAD_ISSUER_URI",
+ "AZURE_APP_CLIENT_ID",
+ "AZURE_APP_CLIENT_SECRET"
+ );
+
+ @Override
+ public ConditionOutcome getMatchOutcome(ConditionContext context, AnnotatedTypeMetadata metadata
+ ) {
+ var env = context.getEnvironment();
+ var match = REQUIRED
+ .stream()
+ .allMatch(key -> hasText(env.getProperty(key)));
+ return new ConditionOutcome(
+ match,
+ match ? "Dolly configured for Azure" : "Dolly not configured for Azure - missing one or more required properties %s".formatted(REQUIRED)
+ );
+ }
+
+}
diff --git a/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForNav.java b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForNav.java
new file mode 100644
index 00000000000..71648d785e5
--- /dev/null
+++ b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForNav.java
@@ -0,0 +1,54 @@
+package no.nav.testnav.libs.securitycore.domain.azuread;
+
+import org.springframework.boot.autoconfigure.condition.ConditionOutcome;
+import org.springframework.boot.autoconfigure.condition.SpringBootCondition;
+import org.springframework.context.annotation.ConditionContext;
+import org.springframework.context.annotation.Conditional;
+import org.springframework.core.type.AnnotatedTypeMetadata;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import java.util.Arrays;
+import java.util.List;
+
+import static org.springframework.util.StringUtils.hasText;
+
+
+/**
+ * Conditional that matches if the application is configured for Nav.
+ * Requires the following properties set:
+ *
+ * - AZURE_NAV_OPENID_CONFIG_TOKEN_ENDPOINT
+ * - AZURE_NAV_APP_CLIENT_ID
+ * - AZURE_NAV_APP_CLIENT_SECRET
+ *
+ */
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.TYPE, ElementType.METHOD})
+@Conditional(OnDollyApplicationConfiguredForNavCondition.class)
+public @interface ConditionalOnDollyApplicationConfiguredForNav {
+}
+
+class OnDollyApplicationConfiguredForNavCondition extends SpringBootCondition {
+
+ private static final List REQUIRED = Arrays.asList(
+ "AZURE_NAV_OPENID_CONFIG_TOKEN_ENDPOINT",
+ "AZURE_NAV_APP_CLIENT_ID",
+ "AZURE_NAV_APP_CLIENT_SECRET"
+ );
+
+ @Override
+ public ConditionOutcome getMatchOutcome(ConditionContext context, AnnotatedTypeMetadata metadata
+ ) {
+ var env = context.getEnvironment();
+ var match = REQUIRED
+ .stream()
+ .allMatch(key -> hasText(env.getProperty(key)));
+ return new ConditionOutcome(
+ match,
+ match ? "Dolly configured for Nav" : "Dolly not configured for Nav - missing one or more required properties %s".formatted(REQUIRED)
+ );
+ }
+}
diff --git a/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForTrygdeetaten.java b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForTrygdeetaten.java
new file mode 100644
index 00000000000..029fef88932
--- /dev/null
+++ b/libs/security-core/src/main/java/no/nav/testnav/libs/securitycore/domain/azuread/ConditionalOnDollyApplicationConfiguredForTrygdeetaten.java
@@ -0,0 +1,54 @@
+package no.nav.testnav.libs.securitycore.domain.azuread;
+
+import org.springframework.boot.autoconfigure.condition.ConditionOutcome;
+import org.springframework.boot.autoconfigure.condition.SpringBootCondition;
+import org.springframework.context.annotation.ConditionContext;
+import org.springframework.context.annotation.Conditional;
+import org.springframework.core.type.AnnotatedTypeMetadata;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import java.util.Arrays;
+import java.util.List;
+
+import static org.springframework.util.StringUtils.hasText;
+
+
+/**
+ * Conditional that matches if the application is configured for Trygdeetaten.
+ * Requires the following properties set:
+ *
+ * - AZURE_TRYGDEETATEN_OPENID_CONFIG_TOKEN_ENDPOINT
+ * - AZURE_TRYGDEETATEN_APP_CLIENT_ID
+ * - AZURE_TRYGDEETATEN_APP_CLIENT_SECRET
+ *
+ */
+@Retention(RetentionPolicy.RUNTIME)
+@Target({ElementType.TYPE, ElementType.METHOD})
+@Conditional(OnDollyApplicationConfiguredForTrygdeetatenCondition.class)
+public @interface ConditionalOnDollyApplicationConfiguredForTrygdeetaten {
+}
+
+class OnDollyApplicationConfiguredForTrygdeetatenCondition extends SpringBootCondition {
+
+ private static final List REQUIRED = Arrays.asList(
+ "AZURE_TRYGDEETATEN_OPENID_CONFIG_TOKEN_ENDPOINT",
+ "AZURE_TRYGDEETATEN_APP_CLIENT_ID",
+ "AZURE_TRYGDEETATEN_APP_CLIENT_SECRET"
+ );
+
+ @Override
+ public ConditionOutcome getMatchOutcome(ConditionContext context, AnnotatedTypeMetadata metadata
+ ) {
+ var env = context.getEnvironment();
+ var match = REQUIRED
+ .stream()
+ .allMatch(key -> hasText(env.getProperty(key)));
+ return new ConditionOutcome(
+ match,
+ match ? "Dolly configured for Trygdeetaten" : "Dolly not configured for Trygdeetaten - missing one or more required properties %s".formatted(REQUIRED)
+ );
+ }
+}
diff --git a/libs/security-core/src/main/resources/META-INF/additional-spring-configuration-metadata.json b/libs/security-core/src/main/resources/META-INF/additional-spring-configuration-metadata.json
new file mode 100644
index 00000000000..bb1048cb6d6
--- /dev/null
+++ b/libs/security-core/src/main/resources/META-INF/additional-spring-configuration-metadata.json
@@ -0,0 +1,50 @@
+{
+ "properties": [
+ {
+ "name": "AZURE_APP_CLIENT_ID",
+ "type": "java.lang.String",
+ "description": "Satt av NAIS i pod. Se ClientCredentialConfig#azureNavClientCredential. Kan erstattes med ${sm://azure-app-client-id} for lokal kjøring."
+ },
+ {
+ "name": "AZURE_APP_CLIENT_SECRET",
+ "type": "java.lang.String",
+ "description": "Satt av NAIS i pod. Se ClientCredentialConfig#azureNavClientCredential. Kan erstattes med ${sm://azure-app-client-secret} for lokal kjøring."
+ },
+ {
+ "name": "AZURE_TRYGDEETATEN_OPENID_CONFIG_TOKEN_ENDPOINT",
+ "type": "java.lang.String",
+ "description": "Satt av NAIS i pod, fra en secret opprettet av en AzureAdApplication deployment (secretKeyPrefix: \"AZURE_TRYGDEETATEN\"). Hvis satt må også AZURE_TRYGDEETATEN_APP_CLIENT_ID og AZURE_TRYGDEETATEN_APP_CLIENT_SECRET være satt."
+ },
+ {
+ "name": "AZURE_TRYGDEETATEN_APP_CLIENT_ID",
+ "type": "java.lang.String",
+ "description": "Satt av NAIS i pod, fra en secret opprettet av en AzureAdApplication deployment (secretKeyPrefix: \"AZURE_TRYGDEETATEN\")."
+ },
+ {
+ "name": "AZURE_TRYGDEETATEN_APP_CLIENT_SECRET",
+ "type": "java.lang.String",
+ "description": "Satt av NAIS i pod, fra en secret opprettet av en AzureAdApplication deployment (secretKeyPrefix: \"AZURE_TRYGDEETATEN\")."
+ },
+ {
+ "name": "AZURE_NAV_OPENID_CONFIG_TOKEN_ENDPOINT",
+ "type": "java.lang.String",
+ "description": "Satt av NAIS i pod, fra en secret opprettet av en AzureAdApplication deployment (secretKeyPrefix: \"AZURE_NAV\"). Hvis satt må også AZURE_NAV_APP_CLIENT_ID og AZURE_NAV_APP_CLIENT_SECRET være satt."
+ },
+ {
+ "name": "AZURE_NAV_APP_CLIENT_ID",
+ "type": "java.lang.String",
+ "description": "Satt av NAIS i pod, fra en secret opprettet av en AzureAdApplication deployment (secretKeyPrefix: \"AZURE_NAV\")."
+ },
+ {
+ "name": "AZURE_NAV_APP_CLIENT_SECRET",
+ "type": "java.lang.String",
+ "description": "Satt av NAIS i pod, fra en secret opprettet av en AzureAdApplication deployment (secretKeyPrefix: \"AZURE_NAV\")."
+ },
+ {
+ "name": "TOKEN_X_ISSUER",
+ "type": "java.net.URL",
+ "description": "Satt av NAIS i pod hvis NAIS-manifestet har spec.tokenx.enabled: true.",
+ "defaultValue": "https://tokenx.dev-gcp.nav.cloud.nais.io"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/libs/security-core/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/libs/security-core/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
new file mode 100644
index 00000000000..c752f84a7da
--- /dev/null
+++ b/libs/security-core/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
@@ -0,0 +1 @@
+no.nav.testnav.libs.securitycore.domain.azuread.ClientCredentialAutoConfiguration
\ No newline at end of file
diff --git a/libs/servlet-insecure-security/src/main/java/no/nav/testnav/libs/standalone/servletsecurity/config/InsecureJwtServerToServerConfiguration.java b/libs/servlet-insecure-security/src/main/java/no/nav/testnav/libs/standalone/servletsecurity/config/InsecureJwtServerToServerConfiguration.java
index bd9d9a9d193..7f12945ced7 100644
--- a/libs/servlet-insecure-security/src/main/java/no/nav/testnav/libs/standalone/servletsecurity/config/InsecureJwtServerToServerConfiguration.java
+++ b/libs/servlet-insecure-security/src/main/java/no/nav/testnav/libs/standalone/servletsecurity/config/InsecureJwtServerToServerConfiguration.java
@@ -1,6 +1,5 @@
package no.nav.testnav.libs.standalone.servletsecurity.config;
-import no.nav.testnav.libs.securitycore.domain.azuread.AzureNavClientCredential;
import no.nav.testnav.libs.standalone.servletsecurity.decoder.MultipleIssuersJwtDecoder;
import no.nav.testnav.libs.standalone.servletsecurity.exchange.AzureAdTokenService;
import no.nav.testnav.libs.standalone.servletsecurity.exchange.TokenExchange;
@@ -20,8 +19,7 @@
TokenXResourceServerProperties.class,
AzureAdResourceServerProperties.class,
TokenExchange.class,
- AzureAdTokenService.class,
- AzureNavClientCredential.class
+ AzureAdTokenService.class
})
public class InsecureJwtServerToServerConfiguration {
diff --git a/libs/servlet-insecure-security/src/main/java/no/nav/testnav/libs/standalone/servletsecurity/exchange/AzureAdTokenService.java b/libs/servlet-insecure-security/src/main/java/no/nav/testnav/libs/standalone/servletsecurity/exchange/AzureAdTokenService.java
index 00696ba6667..ed6e1851df4 100644
--- a/libs/servlet-insecure-security/src/main/java/no/nav/testnav/libs/standalone/servletsecurity/exchange/AzureAdTokenService.java
+++ b/libs/servlet-insecure-security/src/main/java/no/nav/testnav/libs/standalone/servletsecurity/exchange/AzureAdTokenService.java
@@ -4,7 +4,7 @@
import no.nav.testnav.libs.securitycore.command.azuread.ClientCredentialExchangeCommand;
import no.nav.testnav.libs.securitycore.domain.AccessToken;
import no.nav.testnav.libs.securitycore.domain.ServerProperties;
-import no.nav.testnav.libs.securitycore.domain.azuread.AzureNavClientCredential;
+import no.nav.testnav.libs.securitycore.domain.azuread.AzureClientCredential;
import no.nav.testnav.libs.securitycore.domain.azuread.ClientCredential;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpHeaders;
@@ -28,7 +28,7 @@ public class AzureAdTokenService implements ExchangeToken {
public AzureAdTokenService(
@Value("${http.proxy:#{null}}") String proxyHost,
@Value("${AAD_ISSUER_URI}") String issuerUrl,
- AzureNavClientCredential clientCredential
+ AzureClientCredential clientCredential
) {
log.info("Init AzureAd token exchange.");
WebClient.Builder builder = WebClient
diff --git a/libs/servlet-security/src/main/java/no/nav/testnav/libs/servletsecurity/config/SecureOAuth2ServerToServerConfiguration.java b/libs/servlet-security/src/main/java/no/nav/testnav/libs/servletsecurity/config/SecureOAuth2ServerToServerConfiguration.java
index 68477de2205..ffb286d1cfb 100644
--- a/libs/servlet-security/src/main/java/no/nav/testnav/libs/servletsecurity/config/SecureOAuth2ServerToServerConfiguration.java
+++ b/libs/servlet-security/src/main/java/no/nav/testnav/libs/servletsecurity/config/SecureOAuth2ServerToServerConfiguration.java
@@ -1,6 +1,5 @@
package no.nav.testnav.libs.servletsecurity.config;
-import no.nav.testnav.libs.securitycore.domain.azuread.AzureNavClientCredential;
import no.nav.testnav.libs.securitycore.domain.tokenx.TokenXProperties;
import no.nav.testnav.libs.servletsecurity.action.GetAuthenticatedId;
import no.nav.testnav.libs.servletsecurity.action.GetAuthenticatedResourceServerType;
@@ -24,7 +23,6 @@
@Configuration
@Import({
- AzureNavClientCredential.class,
TokenXResourceServerProperties.class,
AzureAdResourceServerProperties.class,
TokenXService.class,
diff --git a/libs/servlet-security/src/main/java/no/nav/testnav/libs/servletsecurity/exchange/AzureAdTokenService.java b/libs/servlet-security/src/main/java/no/nav/testnav/libs/servletsecurity/exchange/AzureAdTokenService.java
index f6323dcb5fc..27b304895b0 100644
--- a/libs/servlet-security/src/main/java/no/nav/testnav/libs/servletsecurity/exchange/AzureAdTokenService.java
+++ b/libs/servlet-security/src/main/java/no/nav/testnav/libs/servletsecurity/exchange/AzureAdTokenService.java
@@ -7,7 +7,7 @@
import no.nav.testnav.libs.securitycore.domain.ResourceServerType;
import no.nav.testnav.libs.securitycore.domain.ServerProperties;
import no.nav.testnav.libs.securitycore.domain.Token;
-import no.nav.testnav.libs.securitycore.domain.azuread.AzureNavClientCredential;
+import no.nav.testnav.libs.securitycore.domain.azuread.AzureClientCredential;
import no.nav.testnav.libs.securitycore.domain.azuread.ClientCredential;
import no.nav.testnav.libs.servletsecurity.action.GetAuthenticatedToken;
import org.springframework.beans.factory.annotation.Value;
@@ -34,7 +34,7 @@ public class AzureAdTokenService implements TokenService {
public AzureAdTokenService(
@Value("${http.proxy:#{null}}") String proxyHost,
@Value("${AAD_ISSUER_URI}") String issuerUrl,
- AzureNavClientCredential clientCredential,
+ AzureClientCredential clientCredential,
GetAuthenticatedToken getAuthenticatedToken
) {
log.info("Init AzureAd token exchange.");
diff --git a/proxies/aareg-proxy/src/main/java/no/nav/testnav/proxies/aareg/RouteLocatorConfig.java b/proxies/aareg-proxy/src/main/java/no/nav/testnav/proxies/aareg/RouteLocatorConfig.java
index ecf4395c3a7..fc35f5c2b8d 100644
--- a/proxies/aareg-proxy/src/main/java/no/nav/testnav/proxies/aareg/RouteLocatorConfig.java
+++ b/proxies/aareg-proxy/src/main/java/no/nav/testnav/proxies/aareg/RouteLocatorConfig.java
@@ -3,7 +3,7 @@
import no.nav.testnav.libs.reactiveproxy.config.SecurityConfig;
import no.nav.testnav.libs.reactiveproxy.filter.AddAuthenticationRequestGatewayFilterFactory;
import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration;
-import no.nav.testnav.libs.reactivesecurity.exchange.azuread.TrygdeetatenAzureAdTokenService;
+import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureTrygdeetatenTokenService;
import no.nav.testnav.libs.securitycore.domain.AccessToken;
import no.nav.testnav.libs.securitycore.domain.ServerProperties;
import org.springframework.cloud.gateway.filter.GatewayFilter;
@@ -32,7 +32,7 @@ public class RouteLocatorConfig {
@Bean
public RouteLocator customRouteLocator(
RouteLocatorBuilder builder,
- TrygdeetatenAzureAdTokenService tokenService,
+ AzureTrygdeetatenTokenService tokenService,
Consumers consumers) {
var routes = builder.routes();
@@ -50,7 +50,7 @@ public RouteLocator customRouteLocator(
return routes.build();
}
- private GatewayFilter getAuthenticationFilter(TrygdeetatenAzureAdTokenService tokenService, ServerProperties serverProperties) {
+ private GatewayFilter getAuthenticationFilter(AzureTrygdeetatenTokenService tokenService, ServerProperties serverProperties) {
return AddAuthenticationRequestGatewayFilterFactory
.bearerAuthenticationHeaderFilter(() -> tokenService
.exchange(serverProperties)
diff --git a/proxies/aareg-synt-services-proxy/src/main/resources/application.yml b/proxies/aareg-synt-services-proxy/src/main/resources/application.yml
index 42e48fd6556..daa83573144 100644
--- a/proxies/aareg-synt-services-proxy/src/main/resources/application.yml
+++ b/proxies/aareg-synt-services-proxy/src/main/resources/application.yml
@@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535
spring:
application:
name: aareg-synt-services-proxy
- desciption: Proxy for aareg-synt-services som legger på sikkerhet.
+ description: Proxy for aareg-synt-services som legger på sikkerhet.
security:
oauth2:
resourceserver:
diff --git a/proxies/altinn3-tilgang-proxy/src/main/resources/application.yml b/proxies/altinn3-tilgang-proxy/src/main/resources/application.yml
index 85818a36464..b15c0a9538d 100644
--- a/proxies/altinn3-tilgang-proxy/src/main/resources/application.yml
+++ b/proxies/altinn3-tilgang-proxy/src/main/resources/application.yml
@@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535
spring:
application:
name: testnav-altinn3-tilgang-proxy
- desciption: Proxy for altinn3-tilgang som legger på Entra ID token sikkerhet
+ description: Proxy for altinn3-tilgang som legger på Entra ID token sikkerhet
security:
oauth2:
resourceserver:
diff --git a/proxies/arbeidsplassencv-proxy/src/main/resources/application.yml b/proxies/arbeidsplassencv-proxy/src/main/resources/application.yml
index b639cc1088c..8502bac6bce 100644
--- a/proxies/arbeidsplassencv-proxy/src/main/resources/application.yml
+++ b/proxies/arbeidsplassencv-proxy/src/main/resources/application.yml
@@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535
spring:
application:
name: testnav-arbeidsplassencv-proxy
- desciption: Proxy for arbeidsplassencv, henter fra fakedings og signerer med tokenx
+ description: Proxy for arbeidsplassencv, henter fra fakedings og signerer med tokenx
security:
oauth2:
resourceserver:
diff --git a/proxies/arena-forvalteren-proxy/src/main/resources/application.yml b/proxies/arena-forvalteren-proxy/src/main/resources/application.yml
index 794459932cf..9e9ba088180 100644
--- a/proxies/arena-forvalteren-proxy/src/main/resources/application.yml
+++ b/proxies/arena-forvalteren-proxy/src/main/resources/application.yml
@@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535
spring:
application:
name: testnav-arena-forvalteren-proxy
- desciption: Proxy for arena-forvalteren som legger på sikkerhet.
+ description: Proxy for arena-forvalteren som legger på sikkerhet.
security:
oauth2:
resourceserver:
diff --git a/proxies/batch-adeo-proxy/src/main/resources/application.yml b/proxies/batch-adeo-proxy/src/main/resources/application.yml
index b3508b30109..0a0c0e11f2d 100644
--- a/proxies/batch-adeo-proxy/src/main/resources/application.yml
+++ b/proxies/batch-adeo-proxy/src/main/resources/application.yml
@@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535
spring:
application:
name: testnorge-batch-adeo-proxy
- desciption: Proxy for batch.adeo.no som legger på sikkerhet.
+ description: Proxy for batch.adeo.no som legger på sikkerhet.
security:
oauth2:
resourceserver:
diff --git a/proxies/brregstub-proxy/src/main/resources/application.yml b/proxies/brregstub-proxy/src/main/resources/application.yml
index c12d28aac67..95d8e31193b 100644
--- a/proxies/brregstub-proxy/src/main/resources/application.yml
+++ b/proxies/brregstub-proxy/src/main/resources/application.yml
@@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535
spring:
application:
name: testnav-brregstub-proxy
- desciption: Proxy for brregstub som legger på sikkerhet.
+ description: Proxy for brregstub som legger på sikkerhet.
security:
oauth2:
resourceserver:
diff --git a/proxies/dokarkiv-proxy/src/main/java/no/nav/testnav/proxies/dokarkivproxy/DokarkivProxyApplicationStarter.java b/proxies/dokarkiv-proxy/src/main/java/no/nav/testnav/proxies/dokarkivproxy/DokarkivProxyApplicationStarter.java
index bd4c514d485..437bce84a91 100644
--- a/proxies/dokarkiv-proxy/src/main/java/no/nav/testnav/proxies/dokarkivproxy/DokarkivProxyApplicationStarter.java
+++ b/proxies/dokarkiv-proxy/src/main/java/no/nav/testnav/proxies/dokarkivproxy/DokarkivProxyApplicationStarter.java
@@ -4,7 +4,7 @@
import no.nav.testnav.libs.reactiveproxy.config.SecurityConfig;
import no.nav.testnav.libs.reactiveproxy.filter.AddAuthenticationRequestGatewayFilterFactory;
import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration;
-import no.nav.testnav.libs.reactivesecurity.exchange.azuread.TrygdeetatenAzureAdTokenService;
+import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureTrygdeetatenTokenService;
import no.nav.testnav.libs.securitycore.domain.AccessToken;
import no.nav.testnav.libs.securitycore.domain.ServerProperties;
import no.nav.testnav.proxies.dokarkivproxy.config.Consumers;
@@ -35,7 +35,7 @@ public class DokarkivProxyApplicationStarter {
@Bean
public RouteLocator customRouteLocator(
RouteLocatorBuilder builder,
- TrygdeetatenAzureAdTokenService tokenService,
+ AzureTrygdeetatenTokenService tokenService,
Consumers consumers) {
var routes = builder.routes();
Arrays
diff --git a/proxies/dokarkiv-proxy/src/main/resources/application.yml b/proxies/dokarkiv-proxy/src/main/resources/application.yml
index 70d12c4d61d..54adda5c8c0 100644
--- a/proxies/dokarkiv-proxy/src/main/resources/application.yml
+++ b/proxies/dokarkiv-proxy/src/main/resources/application.yml
@@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535
spring:
application:
name: testnav-dokarkiv-proxy
- desciption: Proxy for dokarkiv som legger på sikkerhet og redirecter til riktig miljø..
+ description: Proxy for dokarkiv som legger på sikkerhet og redirecter til riktig miljø..
security:
oauth2:
resourceserver:
diff --git a/proxies/ereg-proxy/src/main/resources/application.yml b/proxies/ereg-proxy/src/main/resources/application.yml
index 060d27ef767..ef711ef083a 100644
--- a/proxies/ereg-proxy/src/main/resources/application.yml
+++ b/proxies/ereg-proxy/src/main/resources/application.yml
@@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535
spring:
application:
name: testnav-ereg-proxy
- desciption: Proxy for ereg som legger på sikkerhet og redirecter til riktig miljø.
+ description: Proxy for ereg som legger på sikkerhet og redirecter til riktig miljø.
security:
oauth2:
resourceserver:
diff --git a/proxies/inntektstub-proxy/src/main/resources/application.yml b/proxies/inntektstub-proxy/src/main/resources/application.yml
index b7851322180..95e755ce129 100644
--- a/proxies/inntektstub-proxy/src/main/resources/application.yml
+++ b/proxies/inntektstub-proxy/src/main/resources/application.yml
@@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535
spring:
application:
name: testnav-inntektstub-proxy
- desciption: Proxy for inntektstub som legger på sikkerhet.
+ description: Proxy for inntektstub som legger på sikkerhet.
security:
oauth2:
resourceserver:
diff --git a/proxies/inst-proxy/src/main/java/no/nav/testnav/proxies/instproxy/InstProxyApplicationStarter.java b/proxies/inst-proxy/src/main/java/no/nav/testnav/proxies/instproxy/InstProxyApplicationStarter.java
index a41d02d6804..b20a8cf4b84 100644
--- a/proxies/inst-proxy/src/main/java/no/nav/testnav/proxies/instproxy/InstProxyApplicationStarter.java
+++ b/proxies/inst-proxy/src/main/java/no/nav/testnav/proxies/instproxy/InstProxyApplicationStarter.java
@@ -4,7 +4,7 @@
import no.nav.testnav.libs.reactiveproxy.config.SecurityConfig;
import no.nav.testnav.libs.reactiveproxy.filter.AddAuthenticationRequestGatewayFilterFactory;
import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration;
-import no.nav.testnav.libs.reactivesecurity.exchange.azuread.TrygdeetatenAzureAdTokenService;
+import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureTrygdeetatenTokenService;
import no.nav.testnav.libs.securitycore.domain.AccessToken;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@@ -28,7 +28,7 @@ public static void main(String[] args) {
@Bean
public RouteLocator customRouteLocator(
RouteLocatorBuilder builder,
- TrygdeetatenAzureAdTokenService tokenService,
+ AzureTrygdeetatenTokenService tokenService,
Consumers consumers
) {
var addAuthenticationHeaderDevFilter = AddAuthenticationRequestGatewayFilterFactory
diff --git a/proxies/kontoregister-person-proxy/src/main/java/no/nav/testnav/proxies/kontoregisterperson/KontoregisterProxyApplicationStarter.java b/proxies/kontoregister-person-proxy/src/main/java/no/nav/testnav/proxies/kontoregisterperson/KontoregisterProxyApplicationStarter.java
index db2525486aa..15761c53e32 100644
--- a/proxies/kontoregister-person-proxy/src/main/java/no/nav/testnav/proxies/kontoregisterperson/KontoregisterProxyApplicationStarter.java
+++ b/proxies/kontoregister-person-proxy/src/main/java/no/nav/testnav/proxies/kontoregisterperson/KontoregisterProxyApplicationStarter.java
@@ -4,7 +4,7 @@
import no.nav.testnav.libs.reactiveproxy.config.SecurityConfig;
import no.nav.testnav.libs.reactiveproxy.filter.AddAuthenticationRequestGatewayFilterFactory;
import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration;
-import no.nav.testnav.libs.reactivesecurity.exchange.azuread.TrygdeetatenAzureAdTokenService;
+import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureTrygdeetatenTokenService;
import no.nav.testnav.libs.securitycore.domain.AccessToken;
import no.nav.testnav.proxies.kontoregisterperson.config.Consumers;
import org.springframework.boot.SpringApplication;
@@ -29,7 +29,7 @@ public static void main(String[] args) {
@Bean
public RouteLocator customRouteLocator(
RouteLocatorBuilder builder,
- TrygdeetatenAzureAdTokenService tokenService,
+ AzureTrygdeetatenTokenService tokenService,
Consumers consumers
) {
var addAuthenticationHeaderDevFilter = AddAuthenticationRequestGatewayFilterFactory
diff --git a/proxies/kontoregister-person-proxy/src/main/resources/application.yml b/proxies/kontoregister-person-proxy/src/main/resources/application.yml
index 6c00b3b7101..1a9a7c4764f 100644
--- a/proxies/kontoregister-person-proxy/src/main/resources/application.yml
+++ b/proxies/kontoregister-person-proxy/src/main/resources/application.yml
@@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535
spring:
application:
name: testnav-kontoregister-person-proxy
- desciption: Proxy for sokos-kontoregister-person som legger på sikkerhet.
+ description: Proxy for sokos-kontoregister-person som legger på sikkerhet.
security:
oauth2:
resourceserver:
diff --git a/proxies/krrstub-proxy/src/main/java/no/nav/testnav/proxies/krrstubproxy/KrrstubProxyApplicationStarter.java b/proxies/krrstub-proxy/src/main/java/no/nav/testnav/proxies/krrstubproxy/KrrstubProxyApplicationStarter.java
index 84463fa8cdc..903712a2488 100644
--- a/proxies/krrstub-proxy/src/main/java/no/nav/testnav/proxies/krrstubproxy/KrrstubProxyApplicationStarter.java
+++ b/proxies/krrstub-proxy/src/main/java/no/nav/testnav/proxies/krrstubproxy/KrrstubProxyApplicationStarter.java
@@ -4,7 +4,7 @@
import no.nav.testnav.libs.reactiveproxy.config.SecurityConfig;
import no.nav.testnav.libs.reactiveproxy.filter.AddAuthenticationRequestGatewayFilterFactory;
import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration;
-import no.nav.testnav.libs.reactivesecurity.exchange.azuread.TrygdeetatenAzureAdTokenService;
+import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureTrygdeetatenTokenService;
import no.nav.testnav.libs.securitycore.domain.AccessToken;
import no.nav.testnav.proxies.krrstubproxy.config.Consumers;
import org.springframework.boot.SpringApplication;
@@ -29,7 +29,7 @@ public static void main(String[] args) {
@Bean
public RouteLocator customRouteLocator(
RouteLocatorBuilder builder,
- TrygdeetatenAzureAdTokenService tokenService,
+ AzureTrygdeetatenTokenService tokenService,
Consumers consumers
) {
var addAuthenticationHeaderDevFilter = AddAuthenticationRequestGatewayFilterFactory
diff --git a/proxies/krrstub-proxy/src/main/resources/application.yml b/proxies/krrstub-proxy/src/main/resources/application.yml
index f3100af5d9e..0316918759f 100644
--- a/proxies/krrstub-proxy/src/main/resources/application.yml
+++ b/proxies/krrstub-proxy/src/main/resources/application.yml
@@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535
spring:
application:
name: testnav-krrstub-proxy
- desciption: Proxy for krr-stub som legger på sikkerhet.
+ description: Proxy for krr-stub som legger på sikkerhet.
security:
oauth2:
resourceserver:
diff --git a/proxies/medl-proxy/src/main/java/no/nav/testnav/proxies/medlproxy/MedlProxyApplicationStarter.java b/proxies/medl-proxy/src/main/java/no/nav/testnav/proxies/medlproxy/MedlProxyApplicationStarter.java
index 52146c6cf38..fe56c5c9d10 100644
--- a/proxies/medl-proxy/src/main/java/no/nav/testnav/proxies/medlproxy/MedlProxyApplicationStarter.java
+++ b/proxies/medl-proxy/src/main/java/no/nav/testnav/proxies/medlproxy/MedlProxyApplicationStarter.java
@@ -4,7 +4,7 @@
import no.nav.testnav.libs.reactiveproxy.config.SecurityConfig;
import no.nav.testnav.libs.reactiveproxy.filter.AddAuthenticationRequestGatewayFilterFactory;
import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration;
-import no.nav.testnav.libs.reactivesecurity.exchange.azuread.TrygdeetatenAzureAdTokenService;
+import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureTrygdeetatenTokenService;
import no.nav.testnav.libs.securitycore.domain.AccessToken;
import no.nav.testnav.proxies.medlproxy.config.Consumers;
import org.springframework.boot.SpringApplication;
@@ -29,7 +29,7 @@ public static void main(String[] args) {
@Bean
public RouteLocator customRouteLocator(
RouteLocatorBuilder builder,
- TrygdeetatenAzureAdTokenService tokenService,
+ AzureTrygdeetatenTokenService tokenService,
Consumers consumers
) {
var addAuthenticationHeaderDevFilter = AddAuthenticationRequestGatewayFilterFactory
diff --git a/proxies/medl-proxy/src/main/resources/application.yml b/proxies/medl-proxy/src/main/resources/application.yml
index d4b194e21fa..733b6839ef3 100644
--- a/proxies/medl-proxy/src/main/resources/application.yml
+++ b/proxies/medl-proxy/src/main/resources/application.yml
@@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535
spring:
application:
name: testnav-medl-proxy
- desciption: Proxy for medl-stub som legger på sikkerhet.
+ description: Proxy for medl-stub som legger på sikkerhet.
security:
oauth2:
resourceserver:
diff --git a/proxies/norg2-proxy/src/main/resources/application.yml b/proxies/norg2-proxy/src/main/resources/application.yml
index 7d580bc2045..bc9ce452a8f 100644
--- a/proxies/norg2-proxy/src/main/resources/application.yml
+++ b/proxies/norg2-proxy/src/main/resources/application.yml
@@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535
spring:
application:
name: testnav-norg2-proxy
- desciption: Proxy for Norg2 som legger på sikkerhet.
+ description: Proxy for Norg2 som legger på sikkerhet.
security:
oauth2:
resourceserver:
diff --git a/proxies/pdl-proxy/src/main/java/no/nav/testnav/proxies/pdlproxy/PdlProxyApplicationStarter.java b/proxies/pdl-proxy/src/main/java/no/nav/testnav/proxies/pdlproxy/PdlProxyApplicationStarter.java
index 28d743293c1..b43200356c5 100644
--- a/proxies/pdl-proxy/src/main/java/no/nav/testnav/proxies/pdlproxy/PdlProxyApplicationStarter.java
+++ b/proxies/pdl-proxy/src/main/java/no/nav/testnav/proxies/pdlproxy/PdlProxyApplicationStarter.java
@@ -4,7 +4,7 @@
import no.nav.testnav.libs.reactiveproxy.config.SecurityConfig;
import no.nav.testnav.libs.reactiveproxy.filter.AddAuthenticationRequestGatewayFilterFactory;
import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration;
-import no.nav.testnav.libs.reactivesecurity.exchange.azuread.TrygdeetatenAzureAdTokenService;
+import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureTrygdeetatenTokenService;
import no.nav.testnav.libs.securitycore.domain.AccessToken;
import no.nav.testnav.libs.securitycore.domain.ServerProperties;
import no.nav.testnav.proxies.pdlproxy.config.Consumers;
@@ -36,7 +36,7 @@ public static void main(String[] args) {
@Bean
public RouteLocator customRouteLocator(RouteLocatorBuilder builder,
CredentialsHolder credentialsHolder,
- TrygdeetatenAzureAdTokenService tokenService,
+ AzureTrygdeetatenTokenService tokenService,
Consumers consumers) {
var addHendelselagerApiKeyAuthenticationHeader = AddAuthenticationRequestGatewayFilterFactory
.apiKeyAuthenticationHeaderFilter(credentialsHolder.hendelselagerApiKey());
@@ -62,7 +62,7 @@ private Function> createRoute(String segment, St
).uri(host);
}
- private Function> createRoute(ServerProperties serverProperties, TrygdeetatenAzureAdTokenService tokenService) {
+ private Function> createRoute(ServerProperties serverProperties, AzureTrygdeetatenTokenService tokenService) {
var segment = serverProperties.getName();
var host = serverProperties.getUrl();
var filter = AddAuthenticationRequestGatewayFilterFactory
diff --git a/proxies/pdl-proxy/src/main/resources/application-local.yml b/proxies/pdl-proxy/src/main/resources/application-local.yml
index ddc652232c4..97c5228e923 100644
--- a/proxies/pdl-proxy/src/main/resources/application-local.yml
+++ b/proxies/pdl-proxy/src/main/resources/application-local.yml
@@ -1,5 +1,8 @@
AZURE_APP_CLIENT_ID: ${sm://azure-app-client-id}
AZURE_APP_CLIENT_SECRET: ${sm://azure-app-client-secret}
+AZURE_TRYGDEETATEN_APP_CLIENT_ID: placeholder
+AZURE_TRYGDEETATEN_APP_CLIENT_SECRET: placeholder
+AZURE_TRYGDEETATEN_OPENID_CONFIG_TOKEN_ENDPOINT: http://localhost/placeholder
TOKEN_X_ISSUER: dummy
spring:
diff --git a/proxies/pdl-proxy/src/main/resources/application.yml b/proxies/pdl-proxy/src/main/resources/application.yml
index 0a8d4157349..853643daed8 100644
--- a/proxies/pdl-proxy/src/main/resources/application.yml
+++ b/proxies/pdl-proxy/src/main/resources/application.yml
@@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535
spring:
application:
name: testnav-pdl-proxy
- desciption: Proxy for pdl som legger på AzureAd sikkerhet og lager en sts token..
+ description: Proxy for pdl som legger på AzureAd sikkerhet og lager en sts token..
security:
oauth2:
resourceserver:
diff --git a/proxies/pdl-proxy/src/test/resources/application-test.yml b/proxies/pdl-proxy/src/test/resources/application-test.yml
index d77faa43b11..8c7464c31b9 100644
--- a/proxies/pdl-proxy/src/test/resources/application-test.yml
+++ b/proxies/pdl-proxy/src/test/resources/application-test.yml
@@ -1,14 +1,8 @@
-TOKEN_X_ISSUER: dummy
-
-sts:
- token:
- provider:
- username: dummy
- password: dummy
+TOKEN_X_ISSUER: placeholder
app:
elastic:
- username: dummy
- password: dummy
- hendelse.lager.api.key: dummy
- person.aktor.api.key: dummy
\ No newline at end of file
+ username: placeholder
+ password: placeholder
+ hendelse.lager.api.key: placeholder
+ person.aktor.api.key: placeholder
\ No newline at end of file
diff --git a/proxies/pensjon-testdata-facade-proxy/src/main/java/no/nav/testnav/proxies/pensjontestdatafacadeproxy/PensjonTestdataFacadeProxyApplicationStarter.java b/proxies/pensjon-testdata-facade-proxy/src/main/java/no/nav/testnav/proxies/pensjontestdatafacadeproxy/PensjonTestdataFacadeProxyApplicationStarter.java
index 5fbc526b869..229d0192ee8 100644
--- a/proxies/pensjon-testdata-facade-proxy/src/main/java/no/nav/testnav/proxies/pensjontestdatafacadeproxy/PensjonTestdataFacadeProxyApplicationStarter.java
+++ b/proxies/pensjon-testdata-facade-proxy/src/main/java/no/nav/testnav/proxies/pensjontestdatafacadeproxy/PensjonTestdataFacadeProxyApplicationStarter.java
@@ -4,7 +4,7 @@
import no.nav.testnav.libs.reactiveproxy.config.SecurityConfig;
import no.nav.testnav.libs.reactiveproxy.filter.AddAuthenticationRequestGatewayFilterFactory;
import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration;
-import no.nav.testnav.libs.reactivesecurity.exchange.azuread.TrygdeetatenAzureAdTokenService;
+import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureTrygdeetatenTokenService;
import no.nav.testnav.libs.securitycore.domain.AccessToken;
import no.nav.testnav.libs.securitycore.domain.ServerProperties;
import no.nav.testnav.proxies.pensjontestdatafacadeproxy.config.Consumers;
@@ -31,7 +31,7 @@ public class PensjonTestdataFacadeProxyApplicationStarter {
@Bean
public RouteLocator customRouteLocator(RouteLocatorBuilder builder,
- TrygdeetatenAzureAdTokenService tokenService,
+ AzureTrygdeetatenTokenService tokenService,
Consumers consumers) {
var routes = builder.routes();
Arrays
@@ -67,7 +67,7 @@ public RouteLocator customRouteLocator(RouteLocatorBuilder builder,
return routes.build();
}
- private GatewayFilter getAuthenticationFilter(TrygdeetatenAzureAdTokenService tokenService,
+ private GatewayFilter getAuthenticationFilter(AzureTrygdeetatenTokenService tokenService,
ServerProperties serverProperties) {
return AddAuthenticationRequestGatewayFilterFactory
.bearerAuthenticationHeaderFilter(
diff --git a/proxies/pensjon-testdata-facade-proxy/src/main/resources/application.yml b/proxies/pensjon-testdata-facade-proxy/src/main/resources/application.yml
index c614ed41395..3d4b23beb61 100644
--- a/proxies/pensjon-testdata-facade-proxy/src/main/resources/application.yml
+++ b/proxies/pensjon-testdata-facade-proxy/src/main/resources/application.yml
@@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535
spring:
application:
name: pensjon-testdata-facade-proxy
- desciption: Proxy for pensjon-testdata-facade som legger på sikkerhet.
+ description: Proxy for pensjon-testdata-facade som legger på sikkerhet.
security:
oauth2:
resourceserver:
diff --git a/proxies/saf-proxy/src/main/java/no/nav/testnav/proxies/safproxy/SafProxyApplicationStarter.java b/proxies/saf-proxy/src/main/java/no/nav/testnav/proxies/safproxy/SafProxyApplicationStarter.java
index e76df06ada6..53523c3045b 100644
--- a/proxies/saf-proxy/src/main/java/no/nav/testnav/proxies/safproxy/SafProxyApplicationStarter.java
+++ b/proxies/saf-proxy/src/main/java/no/nav/testnav/proxies/safproxy/SafProxyApplicationStarter.java
@@ -3,7 +3,7 @@
import no.nav.testnav.libs.reactivecore.config.CoreConfig;
import no.nav.testnav.libs.reactiveproxy.config.SecurityConfig;
import no.nav.testnav.libs.reactiveproxy.filter.AddAuthenticationRequestGatewayFilterFactory;
-import no.nav.testnav.libs.reactivesecurity.exchange.azuread.TrygdeetatenAzureAdTokenService;
+import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureTrygdeetatenTokenService;
import no.nav.testnav.libs.securitycore.domain.AccessToken;
import no.nav.testnav.libs.securitycore.domain.ServerProperties;
import org.springframework.boot.SpringApplication;
@@ -32,7 +32,7 @@ public class SafProxyApplicationStarter {
@Bean
public RouteLocator customRouteLocator(
RouteLocatorBuilder builder,
- TrygdeetatenAzureAdTokenService tokenService,
+ AzureTrygdeetatenTokenService tokenService,
Consumers consumers
) {
var routes = builder.routes();
diff --git a/proxies/saf-proxy/src/main/resources/application.yml b/proxies/saf-proxy/src/main/resources/application.yml
index 0efb4d0b49b..acd7c3e6046 100644
--- a/proxies/saf-proxy/src/main/resources/application.yml
+++ b/proxies/saf-proxy/src/main/resources/application.yml
@@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535
spring:
application:
name: testnav-saf-proxy
- desciption: Proxy for dokarkiv som legger på sikkerhet og redirecter til riktig miljø.
+ description: Proxy for dokarkiv som legger på sikkerhet og redirecter til riktig miljø.
security:
oauth2:
resourceserver:
diff --git a/proxies/sigrunstub-proxy/src/main/resources/application.yml b/proxies/sigrunstub-proxy/src/main/resources/application.yml
index 4e14eb4e948..27bfb2e6c35 100644
--- a/proxies/sigrunstub-proxy/src/main/resources/application.yml
+++ b/proxies/sigrunstub-proxy/src/main/resources/application.yml
@@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535
spring:
application:
name: testnav-sigrunstub-proxy
- desciption: Proxy for sigrunstub som legger på sikkerhet.
+ description: Proxy for sigrunstub som legger på sikkerhet.
security:
oauth2:
resourceserver:
diff --git a/proxies/skjermingsregister-proxy/src/main/java/no/nav/testnav/proxies/skjermingsregisterproxy/RouteLocatorConfig.java b/proxies/skjermingsregister-proxy/src/main/java/no/nav/testnav/proxies/skjermingsregisterproxy/RouteLocatorConfig.java
index 8841a328d7c..168a865ef67 100644
--- a/proxies/skjermingsregister-proxy/src/main/java/no/nav/testnav/proxies/skjermingsregisterproxy/RouteLocatorConfig.java
+++ b/proxies/skjermingsregister-proxy/src/main/java/no/nav/testnav/proxies/skjermingsregisterproxy/RouteLocatorConfig.java
@@ -3,7 +3,7 @@
import no.nav.testnav.libs.reactiveproxy.config.SecurityConfig;
import no.nav.testnav.libs.reactiveproxy.filter.AddAuthenticationRequestGatewayFilterFactory;
import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration;
-import no.nav.testnav.libs.reactivesecurity.exchange.azuread.TrygdeetatenAzureAdTokenService;
+import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureTrygdeetatenTokenService;
import no.nav.testnav.libs.securitycore.domain.AccessToken;
import org.springframework.cloud.gateway.filter.GatewayFilter;
import org.springframework.cloud.gateway.route.RouteLocator;
@@ -36,7 +36,7 @@ public RouteLocator customRouteLocator(
@Bean
GatewayFilter getAuthenticationFilter(
- TrygdeetatenAzureAdTokenService tokenService,
+ AzureTrygdeetatenTokenService tokenService,
Consumers consumers
) {
return AddAuthenticationRequestGatewayFilterFactory
diff --git a/proxies/sykemelding-proxy/src/main/java/no/nav/testnav/proxies/sykemeldingproxy/RouteLocatorConfig.java b/proxies/sykemelding-proxy/src/main/java/no/nav/testnav/proxies/sykemeldingproxy/RouteLocatorConfig.java
index fa2c69e5228..178db99692b 100644
--- a/proxies/sykemelding-proxy/src/main/java/no/nav/testnav/proxies/sykemeldingproxy/RouteLocatorConfig.java
+++ b/proxies/sykemelding-proxy/src/main/java/no/nav/testnav/proxies/sykemeldingproxy/RouteLocatorConfig.java
@@ -3,7 +3,7 @@
import no.nav.testnav.libs.reactiveproxy.config.SecurityConfig;
import no.nav.testnav.libs.reactiveproxy.filter.AddAuthenticationRequestGatewayFilterFactory;
import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration;
-import no.nav.testnav.libs.reactivesecurity.exchange.azuread.TrygdeetatenAzureAdTokenService;
+import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureTrygdeetatenTokenService;
import no.nav.testnav.libs.securitycore.domain.AccessToken;
import org.springframework.cloud.gateway.filter.GatewayFilter;
import org.springframework.cloud.gateway.route.RouteLocator;
@@ -36,7 +36,7 @@ public RouteLocator customRouteLocator(
@Bean
GatewayFilter getAuthenticationFilter(
- TrygdeetatenAzureAdTokenService tokenService,
+ AzureTrygdeetatenTokenService tokenService,
Consumers consumers
) {
return AddAuthenticationRequestGatewayFilterFactory
diff --git a/proxies/synthdata-meldekort-proxy/src/main/java/no/nav/testnav/proxies/synthdatameldekortproxy/SynthdataMeldekortProxyApplicationStarter.java b/proxies/synthdata-meldekort-proxy/src/main/java/no/nav/testnav/proxies/synthdatameldekortproxy/SynthdataMeldekortProxyApplicationStarter.java
index 88a92c6bedc..22778c6a03c 100644
--- a/proxies/synthdata-meldekort-proxy/src/main/java/no/nav/testnav/proxies/synthdatameldekortproxy/SynthdataMeldekortProxyApplicationStarter.java
+++ b/proxies/synthdata-meldekort-proxy/src/main/java/no/nav/testnav/proxies/synthdatameldekortproxy/SynthdataMeldekortProxyApplicationStarter.java
@@ -4,7 +4,7 @@
import no.nav.testnav.libs.reactiveproxy.config.SecurityConfig;
import no.nav.testnav.libs.reactiveproxy.filter.AddAuthenticationRequestGatewayFilterFactory;
import no.nav.testnav.libs.reactivesecurity.config.SecureOAuth2ServerToServerConfiguration;
-import no.nav.testnav.libs.reactivesecurity.exchange.azuread.NavAzureAdTokenService;
+import no.nav.testnav.libs.reactivesecurity.exchange.azuread.AzureNavTokenService;
import no.nav.testnav.libs.securitycore.domain.AccessToken;
import no.nav.testnav.proxies.synthdatameldekortproxy.config.Consumers;
import org.springframework.boot.SpringApplication;
@@ -29,7 +29,7 @@ public static void main(String[] args) {
@Bean
public RouteLocator customRouteLocator(
RouteLocatorBuilder builder,
- NavAzureAdTokenService tokenService,
+ AzureNavTokenService tokenService,
Consumers consumers
) {
var addAuthenticationHeaderFilter = AddAuthenticationRequestGatewayFilterFactory
diff --git a/proxies/synthdata-meldekort-proxy/src/main/resources/application.yml b/proxies/synthdata-meldekort-proxy/src/main/resources/application.yml
index 72804a26497..9764f8f0631 100644
--- a/proxies/synthdata-meldekort-proxy/src/main/resources/application.yml
+++ b/proxies/synthdata-meldekort-proxy/src/main/resources/application.yml
@@ -1,7 +1,7 @@
spring:
application:
name: testnav-synthdata-meldekort-proxy
- desciption: Proxy for synthdata-arena-meldekort som legger på sikkerhet.
+ description: Proxy for synthdata-arena-meldekort som legger på sikkerhet.
security:
oauth2:
resourceserver:
diff --git a/proxies/yrkesskade-proxy/src/main/resources/application.yml b/proxies/yrkesskade-proxy/src/main/resources/application.yml
index d184bab8be3..49de1dcebe7 100644
--- a/proxies/yrkesskade-proxy/src/main/resources/application.yml
+++ b/proxies/yrkesskade-proxy/src/main/resources/application.yml
@@ -3,7 +3,7 @@ AAD_ISSUER_URI: https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535
spring:
application:
name: testnav-pdl-proxy
- desciption: Proxy for pdl som legger på AzureAd sikkerhet og lager en sts token..
+ description: Proxy for pdl som legger på AzureAd sikkerhet og lager en sts token..
security:
oauth2:
resourceserver: