Merge pull request #6 from valtimo-platform/feature/endpoint-access

Feature/endpoint access

backend/app/src/main/resources/config/application.yml

@@ -7,8 +7,8 @@ spring:
     datasource:
         type: com.zaxxer.hikari.HikariDataSource
         driver-class-name: org.postgresql.Driver
-        url: jdbc:postgresql://localhost:54340/example-core-db
-        username: example
+        url: jdbc:postgresql://localhost:54320/gzac
+        username: gzac
         password: password
         hikari:
             auto-commit: false

backend/plugin/build.gradle

@@ -45,6 +45,9 @@ repositories {
 }
 
 dependencies {
+    implementation("org.springframework.security:spring-security-config")
+    implementation("org.springframework.security:spring-security-web")
+
     implementation "com.ritense.valtimo:core:${valtimoVersion}"
     implementation "com.ritense.valtimo:plugin-valtimo:${valtimoVersion}"
     implementation "com.ritense.valtimo:temporary-resource-storage:${valtimoVersion}"

backend/plugin/src/main/kotlin/com/ritense/valtimo/xential/autoconfiguration/XentialAutoConfiguration.kt

@@ -22,7 +22,9 @@ import com.ritense.valtimo.contract.authentication.UserManagementService
 import com.ritense.valtimo.contract.config.LiquibaseMasterChangeLogLocation
 import com.ritense.valtimo.xential.plugin.XentialPluginFactory
 import com.ritense.valtimo.xential.repository.XentialTokenRepository
+import com.ritense.valtimo.xential.security.config.XentialApiHttpSecurityConfigurer
 import com.ritense.valtimo.xential.service.DocumentGenerationService
+import com.ritense.valtimo.xential.web.rest.DocumentResource
 import com.ritense.valueresolver.ValueResolverService
 import com.ritense.zakenapi.ZaakUrlProvider
 import com.ritense.zakenapi.client.ZakenApiClient
@@ -32,6 +34,7 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean
 import org.springframework.boot.autoconfigure.domain.EntityScan
 import org.springframework.context.ApplicationEventPublisher
 import org.springframework.context.annotation.Bean
+import org.springframework.core.annotation.Order
 import org.springframework.data.jpa.repository.config.EnableJpaRepositories
 
 @AutoConfiguration
@@ -80,4 +83,17 @@ class XentialAutoConfiguration {
         valueResolverService,
         userManagementService
     )
+
+    @Bean
+    @ConditionalOnMissingBean(DocumentResource::class)
+    fun xentialDocumentResource(documentGenerationService: DocumentGenerationService): DocumentResource {
+        return DocumentResource(documentGenerationService)
+    }
+
+    @Bean
+    @Order(270)
+    @ConditionalOnMissingBean
+    fun xentialApiHttpSecurityConfigurer(): XentialApiHttpSecurityConfigurer {
+        return XentialApiHttpSecurityConfigurer()
+    }
 }

backend/plugin/src/main/kotlin/com/ritense/valtimo/xential/security/config/XentialApiHttpSecurityConfigurer.kt

@@ -0,0 +1,40 @@
+/*
+ * Copyright 2015-2024 Ritense BV, the Netherlands.
+ *
+ * Licensed under EUPL, Version 1.2 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.ritense.valtimo.xential.security.config
+
+import com.ritense.valtimo.contract.security.config.HttpConfigurerConfigurationException
+import com.ritense.valtimo.contract.security.config.HttpSecurityConfigurer
+import mu.KotlinLogging
+import org.springframework.http.HttpMethod
+import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher.antMatcher
+
+class XentialApiHttpSecurityConfigurer : HttpSecurityConfigurer {
+    override fun configure(http: HttpSecurity) {
+        try {
+            http.authorizeHttpRequests { requests ->
+                requests.requestMatchers(antMatcher(HttpMethod.POST,"/api/xential/v1/document")).permitAll()
+            }
+        } catch (e: Exception) {
+            throw HttpConfigurerConfigurationException(e)
+        }
+    }
+
+    companion object{
+        val logger = KotlinLogging.logger {  }
+    }
+}

backend/plugin/src/main/kotlin/com/ritense/valtimo/xential/web/rest/DocumentResource.kt

@@ -1,31 +1,30 @@
 package com.ritense.valtimo.xential.web.rest
 
-import com.fasterxml.jackson.databind.JsonNode
 import com.ritense.valtimo.contract.annotation.SkipComponentScan
 import com.ritense.valtimo.contract.domain.ValtimoMediaType
 import com.ritense.valtimo.xential.domain.DocumentCreatedMessage
 import com.ritense.valtimo.xential.service.DocumentGenerationService
-import org.springframework.http.ResponseEntity
-import org.springframework.web.bind.annotation.PathVariable
+import mu.KotlinLogging
 import org.springframework.web.bind.annotation.PostMapping
 import org.springframework.web.bind.annotation.RequestBody
 import org.springframework.web.bind.annotation.RequestMapping
-import org.springframework.web.bind.annotation.RequestParam
 import org.springframework.web.bind.annotation.RestController
-import java.util.UUID
 
 @RestController
 @SkipComponentScan
-@RequestMapping("/api/xential", produces = [ValtimoMediaType.APPLICATION_JSON_UTF8_VALUE])
+@RequestMapping("/api", produces = [ValtimoMediaType.APPLICATION_JSON_UTF8_VALUE])
 class DocumentResource(
     val documentGenerationService: DocumentGenerationService
 ) {
 
-    @PostMapping("/v1/document")
+    @PostMapping("/xential/v1/document")
     fun handleSubmission(
         @RequestBody message: DocumentCreatedMessage
     ) {
         documentGenerationService.onDocumentGenerated(message)
     }
 
+    companion object{
+        private val logger = KotlinLogging.logger {  }
+    }
 }