feat: start C4PO with docker-compose

This commit is contained in:
nsm 2022-04-07 14:12:30 +02:00 committed by Cel
parent 40224635ab
commit e27d6005db
12 changed files with 69 additions and 107 deletions

23
c4po.sh
View File

@ -1,15 +1,5 @@
#!/bin/bash #!/bin/bash
baseDir=$(pwd) baseDir=$(pwd)
composeDir=$baseDir"/security-c4po-cfg"
keycloakVolume="security-c4po-cfg/volumes/keycloak/data/*"
mongoVolume="security-c4po-cfg/volumes/mongodb/data/*"
composeKeycloak=$baseDir"/security-c4po-cfg/kc/docker-compose.keycloak.yml"
composeDatabase=$baseDir"/security-c4po-cfg/mongodb/docker-compose.mongodb.yml"
composeFrontend=$baseDir"/security-c4po-cfg/frontend/docker-compose.frontend.yml"
composeBackend=$baseDir"/security-c4po-cfg/backend/docker-compose.backend.yml"
compose=$baseDir"/security-c4po-cfg/docker-compose.yml" compose=$baseDir"/security-c4po-cfg/docker-compose.yml"
echo -e " echo -e "
@ -24,24 +14,21 @@ ______| |______ |_____ |_____| | \_ __|__ | | _/_/_/ _/
echo "-------------CLEAN UP Container---------------" echo "-------------CLEAN UP Container---------------"
echo -e "\n" echo -e "\n"
rm -r ${keycloakVolume}
docker rm -f c4po-keycloak docker rm -f c4po-keycloak
docker rm -f c4po-keycloak-postgres #docker rm -f c4po-db ### toggle to clear database with every start ###
docker rm -f c4po-db
docker rm -f c4po-api docker rm -f c4po-api
docker rm -f c4po-angular docker rm -f c4po-angular
echo -e "\n" echo -e "\n"
echo "-----------------Start Build------------------" echo "-----------------Start Build------------------"
echo -e "\n" echo -e "\n"
echo " - Backend: " echo " - Backend: "
docker-compose -f ${composeBackend} build docker-compose -f ${compose} build c4po-api
echo -e "\n" echo -e "\n"
echo " - Frontend: " echo " - Frontend: "
docker-compose -f ${composeFrontend} build docker-compose -f ${compose} build c4po-angular
echo -e "\n" echo -e "\n"
# docker-compose -f ${compose} up
echo "------------Start Docker Container------------" echo "------------Start Docker Container------------"
echo -e "\n" echo -e "\n"
docker-compose -f ${composeKeycloak} -f ${composeDatabase} -f ${composeBackend} -f ${composeFrontend} up docker-compose -f ${compose} up
# docker-compose -f ${compose} up

View File

@ -66,7 +66,7 @@
</div> </div>
</div> </div>
<div *ngIf="projects$.getValue().length === 0 && loading$.getValue() === false" fxLayout="row" fxLayoutAlign="center center"> <div *ngIf="projects$.getValue() == null || projects$.getValue().length === 0 && loading$.getValue() === false" fxLayout="row" fxLayoutAlign="center center">
<p class="error-text"> <p class="error-text">
{{'project.overview.no.projects' | translate}} {{'project.overview.no.projects' | translate}}
</p> </p>

View File

@ -6,15 +6,12 @@ RUN mkdir /data
RUN chown security-c4po-api:security-c4po-api /data RUN chown security-c4po-api:security-c4po-api /data
USER security-c4po-api USER security-c4po-api
# GET CURRENT STAGE
ARG STAGE
ENV ENV_STAGE=$STAGE
# COPY PACKAGE INTO IMAGE # COPY PACKAGE INTO IMAGE
COPY ./build/libs/security-c4po-api-0.0.1-SNAPSHOT.jar / COPY ./build/libs/security-c4po-api-0.0.1-SNAPSHOT.jar /
USER security-c4po-api USER security-c4po-api
EXPOSE 8443 EXPOSE 8443
# RUN JAVA # WAIT FOR KEYCLOAK & RUN JAVA
COPY ./wait-for-keycloak.sh /
# CMD [ "java", "-jar", "security-c4po-api-0.0.1-SNAPSHOT.jar" ] # CMD [ "java", "-jar", "security-c4po-api-0.0.1-SNAPSHOT.jar" ]
ENTRYPOINT [ "java", "-jar", "-Dspring.profiles.active=${ENV_STAGE}", "security-c4po-api-0.0.1-SNAPSHOT.jar" ] ENTRYPOINT [ "./wait-for-keycloak.sh", "http://c4po-keycloak:8080/auth/realms/c4po_realm_local", "java", "-Dspring.profiles.active=${SPRING_PROFILES_ACTIVE}", "-jar", "security-c4po-api-0.0.1-SNAPSHOT.jar" ]

View File

@ -1,12 +1,20 @@
package com.securityc4po.api.configuration.security package com.securityc4po.api.configuration.security
import org.springframework.beans.factory.annotation.Value
import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.ComponentScan import org.springframework.context.annotation.ComponentScan
import org.springframework.context.annotation.Configuration import org.springframework.context.annotation.Configuration
import org.springframework.context.annotation.Profile
import org.springframework.http.HttpMethod import org.springframework.http.HttpMethod
import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity
import org.springframework.security.config.web.server.ServerHttpSecurity import org.springframework.security.config.web.server.ServerHttpSecurity
import org.springframework.security.oauth2.core.OAuth2TokenValidator
import org.springframework.security.oauth2.jwt.Jwt
import org.springframework.security.oauth2.jwt.JwtValidators
import org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder
import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder
import org.springframework.security.oauth2.jwt.ReactiveJwtDecoders
import org.springframework.security.web.server.SecurityWebFilterChain import org.springframework.security.web.server.SecurityWebFilterChain
import org.springframework.web.cors.CorsConfiguration import org.springframework.web.cors.CorsConfiguration
@ -16,6 +24,12 @@ import org.springframework.web.cors.CorsConfiguration
@ComponentScan @ComponentScan
class WebSecurityConfiguration(private val userAccountDetailsService: UserAccountDetailsService) { class WebSecurityConfiguration(private val userAccountDetailsService: UserAccountDetailsService) {
@Value("\${external.issuer-uri}")
var externalIssuerUri: String? = null
@Value("\${spring.security.oauth2.resourceserver.jwt.issuer-uri}")
var internalIssuerUri: String? = null
@Bean @Bean
fun setSecurityWebFilterChains(http: ServerHttpSecurity): SecurityWebFilterChain { fun setSecurityWebFilterChains(http: ServerHttpSecurity): SecurityWebFilterChain {
http.cors().configurationSource { http.cors().configurationSource {
@ -28,19 +42,19 @@ class WebSecurityConfiguration(private val userAccountDetailsService: UserAccoun
this.addAllowedMethod(HttpMethod.PUT) this.addAllowedMethod(HttpMethod.PUT)
} }
} }
.and() .and()
.csrf() .csrf()
.disable() .disable()
.authorizeExchange() .authorizeExchange()
.pathMatchers(HttpMethod.GET, "/v1/projects/**").authenticated() .pathMatchers(HttpMethod.GET, "/v1/projects/**").authenticated()
.pathMatchers(HttpMethod.GET, "/v1/pentests/**").authenticated() .pathMatchers(HttpMethod.GET, "/v1/pentests/**").authenticated()
.pathMatchers("/actuator/**").permitAll() .pathMatchers("/actuator/**").permitAll()
.pathMatchers("/docs/SecurityC4PO.html").permitAll() .pathMatchers("/docs/SecurityC4PO.html").permitAll()
.anyExchange().authenticated() .anyExchange().authenticated()
.and() .and()
.oauth2ResourceServer() .oauth2ResourceServer()
.jwt() .jwt()
.jwtAuthenticationConverter(appuserJwtAuthenticationConverter()) .jwtAuthenticationConverter(appuserJwtAuthenticationConverter())
return http.build() return http.build()
} }
@ -48,4 +62,13 @@ class WebSecurityConfiguration(private val userAccountDetailsService: UserAccoun
fun appuserJwtAuthenticationConverter(): AppuserJwtAuthConverter { fun appuserJwtAuthenticationConverter(): AppuserJwtAuthConverter {
return AppuserJwtAuthConverter(userAccountDetailsService) return AppuserJwtAuthConverter(userAccountDetailsService)
} }
@Bean
@Profile("COMPOSE")
fun jwtDecoder(): ReactiveJwtDecoder {
val jwtDecoder = ReactiveJwtDecoders.fromIssuerLocation(internalIssuerUri) as NimbusReactiveJwtDecoder
val withIssuer: OAuth2TokenValidator<Jwt> = JwtValidators.createDefaultWithIssuer(externalIssuerUri)
jwtDecoder.setJwtValidator(withIssuer)
return jwtDecoder
}
} }

View File

@ -1,7 +1,7 @@
## IdentityProvider (Keycloak) ## ## IdentityProvider (Keycloak) ##
spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8888/auth/realms/c4po_realm_local spring.security.oauth2.resourceserver.jwt.issuer-uri=http://c4po-keycloak:8080/auth/realms/c4po_realm_local
keycloakhost=localhost keycloakhost=c4po-keycloak
keycloak.client.url=http://localhost:8888 keycloak.client.url=http://c4po-keycloak:8080
keycloak.client.realm.path=auth/realms/c4po_realm_local/ keycloak.client.realm.path=auth/realms/c4po_realm_local/
## Database (MONGODB) Config ## ## Database (MONGODB) Config ##

View File

@ -17,6 +17,7 @@ spring.data.mongodb.auto-index-creation=true
## IdentityProvider (Keycloak) ## ## IdentityProvider (Keycloak) ##
spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8080/auth/realms/c4po_realm_local spring.security.oauth2.resourceserver.jwt.issuer-uri=http://localhost:8080/auth/realms/c4po_realm_local
external.issuer-uri=http://localhost:8080/auth/realms/c4po_realm_local
keycloakhost=localhost keycloakhost=localhost
keycloak.client.url=http://localhost:8080 keycloak.client.url=http://localhost:8080
keycloak.client.realm.path=auth/realms/c4po_realm_local/ keycloak.client.realm.path=auth/realms/c4po_realm_local/

View File

@ -0,0 +1,17 @@
#!/bin/sh
# wait-for-keycloak.sh
set -e
host="$1"
shift
printf 'Waiting for keycloak...'
until $(curl --output /dev/null --silent --head --fail $host); do
printf '.'
sleep 4
done
printf '\nKeycloak is up and running - Starting C4PO API'
exec "$@"

View File

@ -1,15 +0,0 @@
version: '3.1'
services:
c4po-api:
build: '../../security-c4po-api'
image: security-c4po-api:latest
container_name: c4po-api
environment:
- SPRING_PROFILES_ACTIVE=COMPOSE
deploy:
resources:
limits:
memory: "1G"
ports:
- 8443:8443

View File

@ -1,10 +1,10 @@
version: '2' version: '2'
volumes: volumes:
c4po-keycloak-postgres:
c4po-db: c4po-db:
services: services:
# Database
c4po-db: c4po-db:
image: mongo:latest image: mongo:latest
container_name: c4po-db container_name: c4po-db
@ -39,7 +39,7 @@ services:
deploy: deploy:
resources: resources:
limits: limits:
memory: "1G" memory: "2G"
ports: ports:
- 4200:4200 - 4200:4200
networks: networks:
@ -56,7 +56,7 @@ services:
deploy: deploy:
resources: resources:
limits: limits:
memory: "1G" memory: "2G"
ports: ports:
- 8443:8443 - 8443:8443
networks: networks:

View File

@ -1,13 +0,0 @@
version: '3.1'
services:
c4po-angular:
build: '../../security-c4po-angular'
image: security-c4po-angular:latest
container_name: c4po-angular
deploy:
resources:
limits:
memory: "1G"
ports:
- 4200:4200

View File

@ -1,21 +0,0 @@
version: '3.1'
services:
c4po-keycloak:
container_name: c4po-keycloak
image: jboss/keycloak:11.0.3
volumes:
- ../cfg/c4po_realm_export.json:/tmp/c4po_realm_export.json
ports:
- 8888:8080
env_file:
- ../cfg/keycloak.env
c4po-keycloak-postgress:
container_name: c4po-keycloak-postgres
image: postgres:10.16-alpine
env_file:
- ../cfg/keycloakdb.env
ports:
- 5433:5432
volumes:
- ../volumes/keycloak/data:/var/lib/postgres/data

View File

@ -1,14 +0,0 @@
version: '3.1'
services:
c4po-db:
image: mongo:4.4.6
container_name: c4po-db
volumes:
- ../volumes/mongodb/data:/data/db
deploy:
resources:
limits:
memory: "1G"
ports:
- 27017:27017