eclipse-basyx · FrankSchnicke · Feb 23, 2024 · Feb 22, 2024 · Feb 22, 2024 · Feb 22, 2024
diff --git a/.../digitaltwin/basyx/aasenvironment/feature/authorization/TestAuthorizedAasEnvironment.java b/.../digitaltwin/basyx/aasenvironment/feature/authorization/TestAuthorizedAasEnvironment.java
@@ -33,6 +33,7 @@
 import java.util.Collection;
 import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse;
 import org.apache.hc.core5.http.Header;
+import org.apache.hc.core5.http.ParseException;
 import org.apache.hc.core5.http.message.BasicHeader;
 import org.eclipse.basyx.digitaltwin.aasenvironment.http.DummyAASEnvironmentComponent;
 import org.eclipse.basyx.digitaltwin.aasenvironment.http.TestAasEnvironmentHTTP;
@@ -69,6 +70,7 @@ public class TestAuthorizedAasEnvironment {
 	private static String clientId = "basyx-client-api";
 	private static AccessTokenProvider tokenProvider;
 	private static ConfigurableApplicationContext appContext;
+	private static String healthEndpointUrl = "http://127.0.0.1:8081/actuator/health";
 
 	@BeforeClass
 	public static void setUp() throws FileNotFoundException, IOException {
@@ -78,6 +80,16 @@ public static void setUp() throws FileNotFoundException, IOException {
 
 		addDummyElementsToRepositories();
 	}
+
+	@Test
+	public void healthEndpointWithoutAuthorization() throws IOException, ParseException {
+		String expectedHealthEndpointOutput = getStringFromFile("authorization/HealthOutput.json");
+
+		CloseableHttpResponse healthCheckResponse = BaSyxHttpTestUtils.executeGetOnURL(healthEndpointUrl);
+		assertEquals(HttpStatus.OK.value(), healthCheckResponse.getCode());
+
+		BaSyxHttpTestUtils.assertSameJSONContent(expectedHealthEndpointOutput, BaSyxHttpTestUtils.getResponseAsString(healthCheckResponse));
+	}
 
 	@Test
 	public void createSerializationWithCorrectRoleAndPermission() throws IOException {

diff --git a/...x.aasenvironment-feature-authorization/src/test/resources/authorization/HealthOutput.json b/...x.aasenvironment-feature-authorization/src/test/resources/authorization/HealthOutput.json
@@ -0,0 +1,3 @@
+{
+    "status": "UP"
+}
diff --git a/...gitaltwin/basyx/aasrepository/feature/authorization/AuthorizedAasRepositoryTestSuite.java b/...gitaltwin/basyx/aasrepository/feature/authorization/AuthorizedAasRepositoryTestSuite.java
@@ -37,6 +37,7 @@
 import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
 import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse;
 import org.apache.hc.client5.http.impl.classic.HttpClients;
+import org.apache.hc.core5.http.ParseException;
 import org.eclipse.digitaltwin.basyx.authorization.AccessTokenProvider;
 import org.eclipse.digitaltwin.basyx.authorization.DummyCredential;
 import org.eclipse.digitaltwin.basyx.authorization.DummyCredentialStore;
@@ -63,6 +64,7 @@ public class AuthorizedAasRepositoryTestSuite {
 	private static final String THUMBNAIL_FILE_PATH = "authorization/" + THUMBNAIL_FILE_NAME;
 	public static String authenticaltionServerTokenEndpoint = "http://localhost:9096/realms/BaSyx/protocol/openid-connect/token";
 	public static String aasRepositoryBaseUrl = "http://127.0.0.1:8087/shells";
+	public static String healthEndpointUrl = "http://127.0.0.1:8087/actuator/health";
 	public static String clientId = "basyx-client-api";
 	private static AccessTokenProvider tokenProvider;
 
@@ -72,6 +74,16 @@ public static void setUp() throws FileNotFoundException, IOException {
 
 		createAasOnRepositoryWithAuthorization(getAasJSONString(AAS_SIMPLE_1_JSON), getAdminAccessToken());
 	}
+
+	@Test
+	public void healthEndpointWithoutAuthorization() throws IOException, ParseException {
+		String expectedHealthEndpointOutput = getAasJSONString("authorization/HealthOutput.json");
+
+		CloseableHttpResponse healthCheckResponse = BaSyxHttpTestUtils.executeGetOnURL(healthEndpointUrl);
+		assertEquals(HttpStatus.OK.value(), healthCheckResponse.getCode());
+
+		BaSyxHttpTestUtils.assertSameJSONContent(expectedHealthEndpointOutput, BaSyxHttpTestUtils.getResponseAsString(healthCheckResponse));
+	}
 
 	@Test
 	public void getAllAasWithCorrectRoleAndPermission() throws IOException {

diff --git a/...yx.aasrepository-feature-authorization/src/test/resources/authorization/HealthOutput.json b/...yx.aasrepository-feature-authorization/src/test/resources/authorization/HealthOutput.json
@@ -0,0 +1,3 @@
+{
+    "status": "UP"
+}
diff --git a/...rc/main/java/org/eclipse/digitaltwin/basyx/authorization/CommonSecurityConfiguration.java b/...rc/main/java/org/eclipse/digitaltwin/basyx/authorization/CommonSecurityConfiguration.java
@@ -0,0 +1,60 @@
+/*******************************************************************************
+ * Copyright (C) 2024 the Eclipse BaSyx Authors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * SPDX-License-Identifier: MIT
+ ******************************************************************************/
+
+package org.eclipse.digitaltwin.basyx.authorization;
+
+import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
+import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
+import org.springframework.security.web.SecurityFilterChain;
+
+/**
+ * Common configurations for security
+ * 
+ * @author danish
+ */
+@Configuration
+@ConditionalOnExpression("#{${" + CommonAuthorizationProperties.ENABLED_PROPERTY_KEY + ":false}}")
+public class CommonSecurityConfiguration {
+
+	@Bean
+	public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+		http.authorizeHttpRequests(authorize -> authorize.requestMatchers("/actuator/health/**").permitAll().anyRequest().authenticated())
+				.oauth2ResourceServer(oauth2 -> oauth2.jwt(jwt -> jwt.jwtAuthenticationConverter(jwtAuthenticationConverter())));
+
+		return http.build();
+	}
+
+	private JwtAuthenticationConverter jwtAuthenticationConverter() {
+		JwtAuthenticationConverter converter = new JwtAuthenticationConverter();
+		converter.setJwtGrantedAuthoritiesConverter(new JwtGrantedAuthoritiesConverter());
+
+		return converter;
+	}
+
+}
diff --git a/...tionrepository/feature/authorization/AuthorizedConceptDescriptionRepositoryTestSuite.java b/...tionrepository/feature/authorization/AuthorizedConceptDescriptionRepositoryTestSuite.java
@@ -33,6 +33,7 @@
 import java.net.URL;
 
 import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse;
+import org.apache.hc.core5.http.ParseException;
 import org.eclipse.digitaltwin.basyx.authorization.AccessTokenProvider;
 import org.eclipse.digitaltwin.basyx.authorization.DummyCredential;
 import org.eclipse.digitaltwin.basyx.authorization.DummyCredentialStore;
@@ -56,6 +57,7 @@ public class AuthorizedConceptDescriptionRepositoryTestSuite {
 	private static final String SPECIFIC_CONCEPT_DESCRIPTION_ID = "specificConceptDescriptionId";
 	public static String authenticaltionServerTokenEndpoint = "http://localhost:9096/realms/BaSyx/protocol/openid-connect/token";
 	public static String conceptDescriptionRepositoryBaseUrl = "http://127.0.0.1:8089";
+	public static String healthEndpointUrl = "http://127.0.0.1:8089/actuator/health";
 	public static String clientId = "basyx-client-api";
 	private static AccessTokenProvider tokenProvider;
 
@@ -65,6 +67,16 @@ public static void setUp() throws FileNotFoundException, IOException {
 
 		createConceptDescriptionOnRepositoryWithAuthorization(getConceptDescriptionJSONString(CONCEPT_DESCRIPTION_SIMPLE_1_JSON), getAdminAccessToken());
 	}
+
+	@Test
+	public void healthEndpointWithoutAuthorization() throws IOException, ParseException {
+		String expectedHealthEndpointOutput = getConceptDescriptionJSONString("authorization/HealthOutput.json");
+
+		CloseableHttpResponse healthCheckResponse = BaSyxHttpTestUtils.executeGetOnURL(healthEndpointUrl);
+		assertEquals(HttpStatus.OK.value(), healthCheckResponse.getCode());
+
+		BaSyxHttpTestUtils.assertSameJSONContent(expectedHealthEndpointOutput, BaSyxHttpTestUtils.getResponseAsString(healthCheckResponse));
+	}
 
 	@Test
 	public void getAllCDWithCorrectRoleAndPermission() throws IOException {

diff --git a/...iptionrepository-feature-authorization/src/test/resources/authorization/HealthOutput.json b/...iptionrepository-feature-authorization/src/test/resources/authorization/HealthOutput.json
@@ -0,0 +1,3 @@
+{
+    "status": "UP"
+}
diff --git a/...basyx/submodelrepository/feature/authorization/AuthorizedSubmodelRepositoryTestSuite.java b/...basyx/submodelrepository/feature/authorization/AuthorizedSubmodelRepositoryTestSuite.java
@@ -75,6 +75,7 @@ public class AuthorizedSubmodelRepositoryTestSuite {
 	public static String authenticaltionServerTokenEndpoint = "http://localhost:9096/realms/BaSyx/protocol/openid-connect/token";
 	public static String submodelRepositoryBaseUrl = "http://127.0.0.1:8088";
 	public static String clientId = "basyx-client-api";
+	public static String healthEndpointUrl = "http://127.0.0.1:8088/actuator/health";
 	private static AccessTokenProvider tokenProvider;
 	private static final String FILE_NAME = "BaSyx-Logo.png";
 
@@ -84,6 +85,16 @@ public static void setUp() throws FileNotFoundException, IOException {
 
 		createElementOnRepositoryWithAuthorization(createSubmodelRepositoryUrl(submodelRepositoryBaseUrl), getSubmodelJSONString(SUBMODEL_SIMPLE_1_JSON), getAdminAccessToken());
 	}
+
+	@Test
+	public void healthEndpointWithoutAuthorization() throws IOException, ParseException {
+		String expectedHealthEndpointOutput = getJSONValueAsString("authorization/HealthOutput.json");
+
+		CloseableHttpResponse healthCheckResponse = BaSyxHttpTestUtils.executeGetOnURL(healthEndpointUrl);
+		assertEquals(HttpStatus.OK.value(), healthCheckResponse.getCode());
+
+		BaSyxHttpTestUtils.assertSameJSONContent(expectedHealthEndpointOutput, BaSyxHttpTestUtils.getResponseAsString(healthCheckResponse));
+	}
 
 	@Test
 	public void getAllSubmodelsWithCorrectRoleAndPermission() throws IOException {

diff --git a/...bmodelrepository-feature-authorization/src/test/resources/authorization/HealthOutput.json b/...bmodelrepository-feature-authorization/src/test/resources/authorization/HealthOutput.json
@@ -0,0 +1,3 @@
+{
+    "status": "UP"
+}