Conversation
Co-authored-by: Jorge Romero <jorge.romero.ext@boehringer-ingelheim.com>
Added project components module functionality for v0. --------- Co-authored-by: valeriuc <constantin.valeriu_tuguran.ext@boehringer-ingelheim.com>
This pull request introduces a new `core-contracts` module, which defines the core interfaces, data structures, and contract classes for API service modules. It also integrates this new module as a dependency into the `persistence` module. The changes lay the foundation for a modular, contract-driven architecture by specifying interfaces for API modules, authentication, policies, error handling, and persistence. The most important changes are: **Introduction of `core-contracts` module:** * Added a new Maven module `core-contracts` with its own `pom.xml`, specifying dependencies on Spring, Jackson, Lombok, and Jakarta Servlet API. **API and Policy Contracts:** * Defined core interfaces and data classes for API modules (`ApiModule`), API definitions (`ApiDefinition`), and policy evaluation (`PolicyEvaluator`, `PolicyRule`, `PolicyContext`, `PolicyTypes`). These provide a standardized contract for API registration, discovery, and policy enforcement. * **Authentication and Authorization:** * Introduced enums and logic for authentication types (`AuthType`) and authorization decisions (`AuthorizationDecision`), including a utility method for combining decisions. **Persistence Contracts:** * Added interfaces for data access to API definitions, clients, and policies (`ApiDefinitionDao`, `ClientDao`, `PolicyDao`), including read-only projections for client information **Error Handling:** * Introduced a simple `GatewayError` value class for standardized error representation in the core contracts. **Integration with Persistence Module:** * Updated `persistence/pom.xml` to add a dependency on the new `core-contracts` module, enabling the persistence layer to implement and use these contracts.
Add marketplace 2.0 external service, mocks for create/get component and fix REST paths. --------- Co-authored-by: zxBCN Valeriu_Tuguran,Constantin (IT EDP) EXTERNAL <constantin.valeriu_tuguran.ext@boehringer-ingelheim.com>
This pull request introduces a new modular security layer for the project by adding a `core-security` module. The changes implement a flexible policy-based authorization system integrated with Spring Security and Azure AD JWT authentication. The security configuration is now externalized, supporting public endpoints and dynamic policy evaluation for API requests. The main areas of change are the addition of new security components, policy evaluation infrastructure, and configuration updates. **Security configuration and integration:** - Added a new `core-security` module with its own `pom.xml`, including dependencies for Spring Security, OAuth2 resource server, and project contracts. - Introduced `SecurityConfig` and `SecurityProperties` to configure Spring Security, define public endpoints, and integrate JWT authentication with Azure AD. [[1]](diffhunk://#diff-89b518b29fa9ec1944351e69efbcdba71e422c3a60243639e380ba2b7fdf9969R1-R53) [[2]](diffhunk://#diff-a407cfaaee4141697d8cd945a003a242b17f4caf458d659f0f701b97cfdbb499R1-R20) - Updated `application.yaml` to configure OAuth2 resource server with Azure AD issuer and define public endpoints for health checks. **Policy-based authorization system:** - Implemented `PolicyAuthorizationManager`, `PolicyEngine`, and `PolicyService` to support dynamic, rule-based authorization decisions for API requests. These components resolve API definitions, retrieve relevant policies, and evaluate them to allow or deny access. [[1]](diffhunk://#diff-1330c45b35848910097a5c9083c330efbc5c978fdacbe80e768d6657573809beR1-R79) [[2]](diffhunk://#diff-81f467c5c53592ee3767530c780ef2142885ae1fcf0ddae78b68cebdc45b831bR1-R49) [[3]](diffhunk://#diff-c81749eb986f34aa144a64ef9d2e529ddb29c36d75a9c2f84d2815e038aa645dR1-R32) - Added `PolicyContextFactory` to build policy evaluation contexts from HTTP requests and JWT claims. **Policy evaluators:** - Added `AllowedClientsEvaluator` and `FlavorRestrictionEvaluator` as concrete policy evaluators, supporting client-based and request-body-based authorization rules, respectively. [[1]](diffhunk://#diff-abc0ee53c28626c12e7bebda566921b0cdf787cef038bed9d4fde7cfd0c1b923R1-R47) [[2]](diffhunk://#diff-512b30434a48bdd75e08d7bf935623cb31a354bb934066ad730cefd72735cd60R1-R54) **Authentication flow enforcement:** - Added `AuthTypeEnforcementFilter`, `AuthFlowResolver`, and `AuthFlowValidator` to ensure that only allowed authentication flows (e.g., OBO, client credentials) are accepted for each API, with flow-specific validation. [[1]](diffhunk://#diff-3cd26dad5f2149a5873f0b9e0a3dc21468cf1f84f949c18e353d6248185972e3R1-R75) [[2]](diffhunk://#diff-0b949f9f721cec94f4e91188177fa3b549be489ef1404e3530bd417aa638cbc0R1-R22) [[3]](diffhunk://#diff-34a386426c9c407d82e7e04c5dccbaaeec679c47d049077bedcae5d7d4e24fceR1-R11) --------- Co-authored-by: Angel Martinez <angelmp.mail@gmail.com>
… to application yaml… (#16) This pull request makes significant improvements to the application's configuration, focusing on environment variable management, documentation, and flexibility for deployment in different environments. The main changes involve restructuring the `application.yaml` file to better organize configuration sections, enhance documentation, and ensure that sensitive or environment-specific values are supplied via environment variables. Additionally, there is a small fix in the `ProjectServiceImpl` class to align a configuration property key. **Configuration and Environment Management Improvements:** * Refactored `application.yaml` to consistently use environment variables for sensitive and environment-specific settings (e.g., database credentials, OAuth2 endpoints, external service URLs), improving security and deployment flexibility. * Enhanced inline documentation throughout `application.yaml` to clarify the purpose and usage of each configuration option, making onboarding and troubleshooting easier. [[1]](diffhunk://#diff-7f1ba62cb5d27efca72927e6323654ce62284153382d96af57c77893160b3fadR1-R103) [[2]](diffhunk://#diff-7f1ba62cb5d27efca72927e6323654ce62284153382d96af57c77893160b3fadL79-R163) [[3]](diffhunk://#diff-7f1ba62cb5d27efca72927e6323654ce62284153382d96af57c77893160b3fadL159-R228) [[4]](diffhunk://#diff-7f1ba62cb5d27efca72927e6323654ce62284153382d96af57c77893160b3fadR244-R246) [[5]](diffhunk://#diff-7f1ba62cb5d27efca72927e6323654ce62284153382d96af57c77893160b3fadR270-R279) * Added or expanded configuration sections for logging, Spring Boot infrastructure, security, actuator endpoints, OpenTelemetry, and external integrations (Ansible, OpenShift, Bitbucket, Projects Info Service), with detailed comments and improved defaulting via environment variables. [[1]](diffhunk://#diff-7f1ba62cb5d27efca72927e6323654ce62284153382d96af57c77893160b3fadR1-R103) [[2]](diffhunk://#diff-7f1ba62cb5d27efca72927e6323654ce62284153382d96af57c77893160b3fadL79-R163) [[3]](diffhunk://#diff-7f1ba62cb5d27efca72927e6323654ce62284153382d96af57c77893160b3fadL159-R228) [[4]](diffhunk://#diff-7f1ba62cb5d27efca72927e6323654ce62284153382d96af57c77893160b3fadR244-R246) [[5]](diffhunk://#diff-7f1ba62cb5d27efca72927e6323654ce62284153382d96af57c77893160b3fadR270-R279) **Code Consistency and Bug Fixes:** * Updated the property key in `ProjectServiceImpl.java` from `ldap.group.pattern` to `services.project.ldap.group.pattern` to match the new configuration structure, ensuring the correct value is injected.
#17) …ng and response mapping --------- Co-authored-by: Jorge Romero <jorge.romero.ext@boehringer-ingelheim.com>
Add Marketplace 2.0 client with config. --------- Co-authored-by: zxBCN Valeriu_Tuguran,Constantin (IT EDP) EXTERNAL <constantin.valeriu_tuguran.ext@boehringer-ingelheim.com> Co-authored-by: Angel Martinez <angelmp.mail@gmail.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Update marketplace deletion service and controller with tests. --------- Co-authored-by: zxBCN Valeriu_Tuguran,Constantin (IT EDP) EXTERNAL <constantin.valeriu_tuguran.ext@boehringer-ingelheim.com> Co-authored-by: Angel Martinez <angelmp.mail@gmail.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Fix special chars in the password by base64 encoding. --------- Co-authored-by: zxBCN Valeriu_Tuguran,Constantin (IT EDP) EXTERNAL <constantin.valeriu_tuguran.ext@boehringer-ingelheim.com>
Added possibility to register components by raising the registerOnly flag in the create component endpoint. This workflow calls to the Marketplace API 2.0 to register the component correctly. By default this flag is set to false, so the default component creation workflow is performed if this flag is not informed or set to false. --------- Co-authored-by: zxBCN Valeriu_Tuguran,Constantin (IT EDP) EXTERNAL <constantin.valeriu_tuguran.ext@boehringer-ingelheim.com> Co-authored-by: Angel Martinez <angelmp.mail@gmail.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
There was a bug when registering a project that it was returning ProjectAlreadyExistsException because it was not omitting checks in Jira, Bitbucket and Openshift. Code has been updated to only check in Collection when this flag is raised. It checks everything otherwise.
#36) …actor authentication token handling in MarketplaceServiceImpl to streamline authentication process. --------- Co-authored-by: Jorge Romero <jorge.romero.ext@boehringer-ingelheim.com>
|
| oauth2.authenticationManagerResolver(jwtIssuerAuthenticationManagerResolver) | ||
| ) | ||
| .headers(headers -> headers.frameOptions(frame -> frame.disable())) | ||
| .csrf(csrf -> csrf.disable()); |
| } | ||
| }; | ||
| SSLContext context = SSLContext.getInstance("TLS"); | ||
| context.init(null, trustAllCertificates, new java.security.SecureRandom()); |
| protected void prepareConnection(HttpURLConnection connection, String httpMethod) throws java.io.IOException { | ||
| if (connection instanceof HttpsURLConnection httpsConnection) { | ||
| httpsConnection.setSSLSocketFactory(socketFactory); | ||
| httpsConnection.setHostnameVerifier((hostname, session) -> true); |
📊 Static Analysis Summary🔍 Code Quality Checks
📦 Download detailed reports from the workflow artifacts. |
jorge-romero
approved these changes
Jul 1, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.



Release version 0.0.3