feat(spring-boot/run): add spring security & oauth2 modules (camunda#…

…4478) related to camunda#4451
hadoop835 · Aug 29, 2024 · 2368e55 · 2368e55
1 parent fbdd474
commit 2368e55
Show file tree

Hide file tree

Showing 19 changed files with 404 additions and 4 deletions.
diff --git a/bom/camunda-only-bom/pom.xml b/bom/camunda-only-bom/pom.xml
@@ -179,6 +179,11 @@
         <artifactId>camunda-bpm-spring-boot-starter-webapp</artifactId>
         <version>${project.version}</version>
       </dependency>
+      <dependency>
+        <groupId>org.camunda.bpm.springboot</groupId>
+        <artifactId>camunda-bpm-spring-boot-starter-security</artifactId>
+        <version>${project.version}</version>
+      </dependency>
       <dependency>
         <groupId>org.camunda.bpm.springboot</groupId>
         <artifactId>camunda-bpm-spring-boot-starter-webapp-ee</artifactId>

diff --git a/clients/java/client/pom.xml b/clients/java/client/pom.xml
@@ -14,7 +14,6 @@
   </parent>
 
   <properties>
-    <version.httpclient>5.3</version.httpclient>
     <engine.runtime>${project.build.directory}/camunda-tomcat</engine.runtime>
     <tomcat.runtime>${engine.runtime}/server/apache-tomcat-${version.tomcat}</tomcat.runtime>
     <http.port>${tomcat.connector.http.port}</http.port>
@@ -66,7 +65,7 @@
     <dependency>
       <groupId>org.apache.httpcomponents.client5</groupId>
       <artifactId>httpclient5</artifactId>
-      <version>${version.httpclient}</version>
+      <version>${version.httpclient5}</version>
     </dependency>
 
     <dependency>

diff --git a/distro/run/assembly/assembly.xml b/distro/run/assembly/assembly.xml
@@ -19,6 +19,13 @@
       </includes>
       <outputFileNameMapping>${artifact.artifactId}.${artifact.extension}</outputFileNameMapping>
     </dependencySet>
+    <dependencySet>
+      <outputDirectory>internal/oauth2/</outputDirectory>
+      <includes>
+        <include>org.camunda.bpm.run:camunda-bpm-run-modules-oauth2</include>
+      </includes>
+      <outputFileNameMapping>${artifact.artifactId}.${artifact.extension}</outputFileNameMapping>
+    </dependencySet>
     <dependencySet>
       <outputDirectory>internal/example/</outputDirectory>
       <includes>
@@ -122,6 +129,10 @@
       <directory>../modules/rest/target/dependency/</directory>
       <outputDirectory>internal/rest/</outputDirectory>
     </fileSet>
+    <fileSet>
+      <directory>../modules/oauth2/target/dependency/</directory>
+      <outputDirectory>internal/oauth2/</outputDirectory>
+    </fileSet>
     <!-- create empty resource folder -->
     <fileSet>
       <directory>resources/dummyResource</directory>

diff --git a/distro/run/assembly/pom.xml b/distro/run/assembly/pom.xml
@@ -49,6 +49,21 @@
       </exclusions>
     </dependency>
 
+    <!-- make sure this runs after the oauth2 module -->
+    <dependency>
+      <groupId>org.camunda.bpm.run</groupId>
+      <artifactId>camunda-bpm-run-modules-oauth2</artifactId>
+      <version>${project.version}</version>
+      <type>jar</type>
+      <exclusions>
+        <!-- we don't need any transitive dependencies -->
+        <exclusion>
+          <groupId>*</groupId>
+          <artifactId>*</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
+
     <dependency>
       <groupId>org.camunda.bpm.run</groupId>
       <artifactId>camunda-bpm-run-modules-example-invoice</artifactId>

diff --git a/distro/run/assembly/resources/run.bat b/distro/run/assembly/resources/run.bat
@@ -5,6 +5,7 @@ SET BASEDIR=%~dp0
 SET PARENTDIR=%BASEDIR%..\
 SET DEPLOYMENTDIR=%PARENTDIR%configuration/resources
 SET WEBAPPS_PATH=%BASEDIR%webapps
+SET OAUTH2_PATH=%BASEDIR%oauth2
 SET REST_PATH=%BASEDIR%rest
 SET EXAMPLE_PATH=%BASEDIR%example
 SET APPNAME=Camunda Run
@@ -79,6 +80,12 @@ IF [%~1]==[--webapps] (
   ECHO WebApps enabled
 )
 
+IF [%~1]==[--oauth2] (
+  SET optionalComponentChosen=true
+  SET classPath=%OAUTH2_PATH%,%classPath%
+  ECHO Spring Security OAuth2 enabled
+)
+
 IF [%~1]==[--rest] (
   SET optionalComponentChosen=true
   SET restChosen=true
@@ -152,6 +159,7 @@ ECHO Usage: run.bat [start^|stop] (options...)
 :ArgsHelp
 ECHO Options:
 ECHO   --webapps    - Enables the Camunda Platform Webapps
+ECHO   --oauth2     - Enables the Camunda Platform Spring Security OAuth2 integration
 ECHO   --rest       - Enables the REST API
 ECHO   --example    - Enables the example application
 ECHO   --production - Applies the production.yaml configuration file

diff --git a/distro/run/assembly/resources/run.sh b/distro/run/assembly/resources/run.sh
@@ -5,11 +5,13 @@ BASEDIR=$(dirname "$0")
 PARENTDIR=$(builtin cd "$BASEDIR/.."; pwd)
 DEPLOYMENT_DIR=$PARENTDIR/configuration/resources
 WEBAPPS_PATH=$BASEDIR/webapps/
+OAUTH2_PATH=$BASEDIR/oauth2/
 REST_PATH=$BASEDIR/rest/
 EXAMPLE_PATH=$BASEDIR/example
 PID_PATH=$BASEDIR/run.pid
 OPTIONS_HELP="Options:
   --webapps    - Enables the Camunda Platform Webapps
+  --oauth2     - Enables the Camunda Platform Spring Security OAuth2 integration
   --rest       - Enables the REST API
   --example    - Enables the example application
   --production - Applies the production.yaml configuration file
@@ -57,6 +59,10 @@ if [ "$1" = "start" ] ; then
                      classPath=$WEBAPPS_PATH,$classPath
                      echo WebApps enabled
                      ;;
+      --oauth2 )     optionalComponentChosen=true
+                     classPath=$OAUTH2_PATH,$classPath
+                     echo Spring Security OAuth2 enabled
+                     ;;
       --rest )       optionalComponentChosen=true
                      restChosen=true
                      classPath=$REST_PATH,$classPath
@@ -76,7 +82,10 @@ if [ "$1" = "start" ] ; then
       --help )       printf "%s" "$OPTIONS_HELP"
                      exit 0
                      ;;
-      * )            exit 1
+      * )            printf "Unexpected argument '%s'!" "$1"
+                     printf "%s" "$OPTIONS_HELP"
+                     exit 1
+                     ;;
     esac
     shift
   done

diff --git a/distro/run/modules/oauth2/pom.xml b/distro/run/modules/oauth2/pom.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <parent>
+    <groupId>org.camunda.bpm.run</groupId>
+    <artifactId>camunda-bpm-run-modules</artifactId>
+    <version>7.22.0-SNAPSHOT</version>
+    <relativePath>..</relativePath>
+  </parent>
+
+  <artifactId>camunda-bpm-run-modules-oauth2</artifactId>
+  <name>Camunda Platform - Run - Module Spring Security</name>
+  <packaging>jar</packaging>
+
+  <properties>
+    <!-- generate a bom of compile time dependencies for the license book.
+    Note: Every compile time dependency will end up in the license book. Please
+    declare only dependencies that are actually needed -->
+    <skip-third-party-bom>false</skip-third-party-bom>
+  </properties>
+
+  <dependencies>
+
+    <dependency>
+      <groupId>org.camunda.bpm.springboot</groupId>
+      <artifactId>camunda-bpm-spring-boot-starter-security</artifactId>
+    </dependency>
+
+  </dependencies>
+
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-dependency-plugin</artifactId>
+      </plugin>
+    </plugins>
+  </build>
+
+</project>
diff --git a/...da/bpm/spring/boot/starter/security/CamundaBpmSpringSecurityDisableAutoConfiguration.java b/...da/bpm/spring/boot/starter/security/CamundaBpmSpringSecurityDisableAutoConfiguration.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH
+ * under one or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information regarding copyright
+ * ownership. Camunda licenses this file to you under the Apache License,
+ * Version 2.0; you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.camunda.bpm.spring.boot.starter.security;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.web.SecurityFilterChain;
+
+public class CamundaBpmSpringSecurityDisableAutoConfiguration {
+
+  private static final Logger logger = LoggerFactory.getLogger(CamundaBpmSpringSecurityDisableAutoConfiguration.class);
+
+  @Bean
+  public SecurityFilterChain filterChainPermitAll(HttpSecurity http) throws Exception {
+    logger.info("Disabling Camunda Spring Security oauth2 integration");
+
+    http.authorizeHttpRequests(customizer -> customizer.anyRequest().permitAll())
+        .cors(AbstractHttpConfigurer::disable)
+        .csrf(AbstractHttpConfigurer::disable);
+    return http.build();
+  }
+
+}
diff --git a/...esources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/...esources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
@@ -0,0 +1 @@
+org.camunda.bpm.spring.boot.starter.security.CamundaBpmSpringSecurityDisableAutoConfiguration
diff --git a/distro/run/pom.xml b/distro/run/pom.xml
@@ -100,6 +100,7 @@
       </activation>
       <modules>
         <module>modules/webapps</module>
+        <module>modules/oauth2</module>
         <module>distro</module>
         <module>qa</module>
       </modules>

diff --git a/...un/qa/integration-tests/src/test/java/org/camunda/bpm/run/qa/ComponentAvailabilityIT.java b/...un/qa/integration-tests/src/test/java/org/camunda/bpm/run/qa/ComponentAvailabilityIT.java
@@ -57,7 +57,8 @@ public static Collection<Object[]> commands() {
       { new String[]{"--rest", "--example"}, true, false, true },
       { new String[]{"--webapps"}, false, true, false },
       { new String[]{"--rest", "--webapps"}, true, true, false },
-      { new String[]{"--rest", "--webapps", "--example"}, true, true, true }
+      { new String[]{"--rest", "--webapps", "--example"}, true, true, true },
+      { new String[]{"--rest", "--webapps", "--example", "--oauth2"}, true, true, true }
     });
   }
 

diff --git a/parent/pom.xml b/parent/pom.xml
@@ -43,6 +43,7 @@
     <version.xml.jaxb-impl4>4.0.5</version.xml.jaxb-impl4>
     <version.jakarta.xml.bind-api>4.0.2</version.jakarta.xml.bind-api>
     <version.httpclient>4.5.14</version.httpclient>
+    <version.httpclient5>5.3</version.httpclient5>
 
     <version.slf4j>1.7.26</version.slf4j>
     <version.logback>1.2.11</version.logback>

diff --git a/spring-boot-starter/pom.xml b/spring-boot-starter/pom.xml
@@ -37,6 +37,7 @@
       <modules>
         <module>starter</module>
         <module>starter-rest</module>
+        <module>starter-security</module>
         <module>starter-test</module>
         <module>starter-client/spring</module>
         <module>starter-client/spring-boot</module>
@@ -73,6 +74,7 @@
         <module>starter-qa</module>
         <module>starter</module>
         <module>starter-rest</module>
+        <module>starter-security</module>
         <module>starter-client/spring-boot</module>
         <module>starter-webapp-core</module>
       </modules>

diff --git a/spring-boot-starter/starter-security/pom.xml b/spring-boot-starter/starter-security/pom.xml
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <parent>
+    <groupId>org.camunda.bpm.springboot.project</groupId>
+    <artifactId>camunda-bpm-spring-boot-starter-root</artifactId>
+    <version>7.22.0-SNAPSHOT</version>
+  </parent>
+
+  <groupId>org.camunda.bpm.springboot</groupId>
+  <artifactId>camunda-bpm-spring-boot-starter-security</artifactId>
+  <name>Camunda Platform - Spring Boot Starter - Spring Security</name>
+
+  <dependencies>
+    <dependency>
+      <groupId>${project.groupId}</groupId>
+      <artifactId>camunda-bpm-spring-boot-starter</artifactId>
+      <version>${project.version}</version>
+      <scope>provided</scope>
+    </dependency>
+
+    <!-- spring security dependencies -->
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-security</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-oauth2-client</artifactId>
+    </dependency>
+
+    <dependency>
+      <groupId>${project.groupId}</groupId>
+      <artifactId>camunda-bpm-spring-boot-starter-rest</artifactId>
+      <version>${project.version}</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <artifactId>camunda-bpm-spring-boot-starter-test</artifactId>
+      <groupId>${project.groupId}</groupId>
+      <version>${project.version}</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.httpcomponents.client5</groupId>
+      <artifactId>httpclient5</artifactId>
+      <version>${version.httpclient5}</version>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>com.h2database</groupId>
+      <artifactId>h2</artifactId>
+      <scope>test</scope>
+    </dependency>
+  </dependencies>
+
+</project>
diff --git a/...r/starter-security/src/test/java/my/own/custom/spring/boot/project/SampleApplication.java b/...r/starter-security/src/test/java/my/own/custom/spring/boot/project/SampleApplication.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright Camunda Services GmbH and/or licensed to Camunda Services GmbH
+ * under one or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information regarding copyright
+ * ownership. Camunda licenses this file to you under the Apache License,
+ * Version 2.0; you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package my.own.custom.spring.boot.project;
+
+import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.SpringBootConfiguration;
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.test.web.client.TestRestTemplate;
+import org.springframework.boot.web.client.RestTemplateBuilder;
+import org.springframework.context.annotation.Bean;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
+
+@SpringBootConfiguration
+@EnableAutoConfiguration
+public class SampleApplication {
+
+  public static void main(String... args) {
+    SpringApplication.run(SampleApplication.class, args);
+  }
+
+  @Bean
+  public TestRestTemplate restTemplate(RestTemplateBuilder builder) {
+    builder.requestFactory(() -> {
+      var factory = new HttpComponentsClientHttpRequestFactory();
+      var httpClient = HttpClientBuilder.create().disableRedirectHandling().build();
+      factory.setHttpClient(httpClient);
+      return factory;
+    });
+    return new TestRestTemplate(builder);
+  }
+
+}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		org.camunda.bpm.spring.boot.starter.security.CamundaBpmSpringSecurityDisableAutoConfiguration