add security and swagger in inventory (#75)

.env.sample

@@ -7,7 +7,7 @@ POSTGRES_PORT=
 SERVER_PORT=
 
 # Swagger UI
-URLS=
+URLS=[{ url: 'http://localhost:8081/product/v3/api-docs', name: 'Product' }, { url: 'http://localhost:8082/inventory/v3/api-docs', name: 'Inventory' }]
 
 # Start all service when run docker compose up
 COMPOSE_FILE=docker-compose.yml
@@ -18,4 +18,9 @@ COMPOSE_FILE=docker-compose.yml
 # Product
 PRODUCT_DATASOURCE_URL=
 PRODUCT_DATA_USERNAME=
-PRODUCT_DATA_PASSWORD=
+PRODUCT_DATA_PASSWORD=
+
+# Inventory
+INVENTORY_DATASOURCE_URL=
+INVENTORY_DATA_USERNAME=
+INVENTORY_DATA_PASSWORD=

identity/themes/matcha/theme/matcha/login/login.ftl

@@ -19,11 +19,11 @@
                 }
             }
         </script>
+            <!--
             <div class="logomatcha">
-           <img class="logo" src="${url.resourcesPath}/img/matcha-logo.png" alt="matcha">
-        </div>
+                <img class="logo" src="${url.resourcesPath}/img/matcha-logo.png" alt="matcha">
+            </div> -->
     <#elseif section = "form">
-
         <div class="box-container d-flex justify-content-center align-item-center">
             <div>
                 <p class="application-name">Welcome to Matcha Store</p>

inventory/pom.xml

@@ -38,6 +38,10 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-data-jpa</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-validation</artifactId>

inventory/src/main/java/com/fjb/inventory/config/CorsConfig.java

@@ -0,0 +1,25 @@
+package com.fjb.inventory.config;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+public class CorsConfig {
+
+    @Value("${cors.allowed}")
+    private String corsAllowed;
+
+    @Bean
+    public WebMvcConfigurer corsConfigure() {
+        return new WebMvcConfigurer() {
+            @Override
+            public void addCorsMappings(CorsRegistry registry) {
+                registry.addMapping("/**").allowedMethods(corsAllowed)
+                    .allowedOrigins(corsAllowed).allowedHeaders(corsAllowed);
+            }
+        };
+    }
+}

inventory/src/main/java/com/fjb/inventory/config/SecurityConfig.java

@@ -0,0 +1,44 @@
+package com.fjb.inventory.config;
+
+import java.util.Collection;
+import java.util.Map;
+import java.util.stream.Collectors;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.convert.converter.Converter;
+import org.springframework.security.config.Customizer;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.oauth2.jwt.Jwt;
+import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
+import org.springframework.security.web.SecurityFilterChain;
+
+@Configuration
+public class SecurityConfig {
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+
+        return http
+                .authorizeHttpRequests(auth -> auth
+                        .anyRequest().permitAll())
+                .oauth2ResourceServer(oauth2 -> oauth2.jwt(Customizer.withDefaults()))
+                .build();
+    }
+
+    @Bean
+    public JwtAuthenticationConverter jwtAuthenticationConverterForKeycloak() {
+        Converter<Jwt, Collection<GrantedAuthority>> jwtGrantedAuthoritiesConverter = jwt -> {
+            Map<String, Collection<String>> realmAccess = jwt.getClaim("realm_access");
+            Collection<String> roles = realmAccess.get("roles");
+            return roles.stream()
+                    .map(role -> new SimpleGrantedAuthority("ROLE_" + role))
+                    .collect(Collectors.toList());
+        };
+
+        var jwtAuthenticationConverter = new JwtAuthenticationConverter();
+        jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(jwtGrantedAuthoritiesConverter);
+
+        return jwtAuthenticationConverter;
+    }
+}

inventory/src/main/java/com/fjb/inventory/config/SwaggerConfig.java

@@ -0,0 +1,32 @@
+package com.fjb.inventory.config;
+
+import io.swagger.v3.oas.annotations.OpenAPIDefinition;
+import io.swagger.v3.oas.annotations.enums.SecuritySchemeType;
+import io.swagger.v3.oas.annotations.info.Info;
+import io.swagger.v3.oas.annotations.security.OAuthFlow;
+import io.swagger.v3.oas.annotations.security.OAuthFlows;
+import io.swagger.v3.oas.annotations.security.OAuthScope;
+import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import io.swagger.v3.oas.annotations.security.SecurityScheme;
+import io.swagger.v3.oas.annotations.servers.Server;
+
+@OpenAPIDefinition(
+        info = @Info(
+                title = "Inventory Service API",
+                description = "Inventory API documentation",
+                version = "1.0"
+        ),
+        security = @SecurityRequirement(name = "oauth2_bearer"),
+        servers = {
+            @Server(url = "${server.servlet.context-path}",
+                description = "Default Server URL")
+            })
+@SecurityScheme(name = "oauth2_bearer", type = SecuritySchemeType.OAUTH2,
+        flows = @OAuthFlows(
+                authorizationCode = @OAuthFlow(
+                        authorizationUrl = "${springdoc.oauthflow.authorization-url}",
+                        tokenUrl = "${springdoc.oauthflow.token-url}",
+                        scopes = {@OAuthScope(name = "openid", description = "openid")
+                        })))
+public class SwaggerConfig {
+}

inventory/src/main/resources/application.yml

@@ -0,0 +1,43 @@
+spring:
+  application:
+    name: inventory
+  datasource:
+    url: ${INVENTORY_DATASOURCE_URL}
+    username: ${INVENTORY_DATA_USERNAME}
+    password: ${INVENTORY_DATA_PASSWORD}
+    driver-class-name: org.postgresql.Driver
+
+  jpa:
+    hibernate:
+      ddl-auto: update
+    show-sql: true
+    properties:
+      hibernate:
+        format_sql: false
+    database: postgresql
+    database-platform: org.hibernate.dialect.PostgreSQLDialect
+    open-in-view: false
+
+  security:
+    oauth2:
+      resourceserver:
+        jwt:
+          issuer-uri: http://localhost:8080/realms/Matcha
+springdoc:
+  oauthflow:
+    authorization-url: http://localhost:8080/realms/Matcha/protocol/openid-connect/auth
+    token-url: http://localhost:8080/realms/Matcha/protocol/openid-connect/token
+  swagger-ui:
+    oauth:
+      client-id: swagger
+      use-pkce-with-authorization-code-grant: true
+  packagesToScan: com.fjb.inventory
+  path: /swagger-ui
+
+server:
+  port: 8082
+  servlet:
+    context-path: /inventory
+cors:
+  allowed: "*"
+

sell-bff/src/main/resources/application.yaml

@@ -52,6 +52,13 @@ spring:
           filters:
             - RewritePath=/api/(?<segment>.*), /$\{segment}
             - TokenRelay=
+        - id: inventory
+          uri: http://localhost:8082
+          predicates:
+            - Path=/api/inventory/**
+          filters:
+            - RewritePath=/api/(?<segment>.*), /$\{segment}
+            - TokenRelay=
         - id: localhost
           uri: http://localhost:80
           predicates: