SEBSERV-313 for 1.3.4 patch

2022-06-21 10:12:07 +02:00 · 2022-06-21 10:12:07 +02:00 · e3c532faf4
commit e3c532faf4
parent 6ed3817bc4
6 changed files with 64 additions and 5 deletions
--- a/src/main/java/ch/ethz/seb/sebserver/webservice/WebserviceInfo.java
+++ b/src/main/java/ch/ethz/seb/sebserver/webservice/WebserviceInfo.java
@ -22,6 +22,7 @@ import org.apache.commons.lang3.BooleanUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.core.env.Environment;
 import org.springframework.stereotype.Service;
@ -72,6 +73,13 @@ public class WebserviceInfo {
    private final WebserviceInfoDAO webserviceInfoDAO;
    private boolean isMaster = false;

+    @Value("${sebserver.webservice.api.admin.accessTokenValiditySeconds:3600}")
+    private int adminAccessTokenValSec;
+    @Value("${sebserver.webservice.api.admin.refreshTokenValiditySeconds:-1}")
+    private int adminRefreshTokenValSec;
+    @Value("${sebserver.webservice.api.exam.accessTokenValiditySeconds:43200}")
+    private int examAPITokenValiditySeconds;
+
    public WebserviceInfo(
            final WebserviceInfoDAO webserviceInfoDAO,
            final Environment environment) {
@ -249,6 +257,18 @@ public class WebserviceInfo {
                .orElse(null);
    }

+    public int getAdminAccessTokenValSec() {
+        return this.adminAccessTokenValSec;
+    }
+
+    public int getAdminRefreshTokenValSec() {
+        return this.adminRefreshTokenValSec;
+    }
+
+    public int getExamAPITokenValiditySeconds() {
+        return this.examAPITokenValiditySeconds;
+    }
+
    @Override
    public String toString() {
        final StringBuilder builder = new StringBuilder();
--- a/src/main/java/ch/ethz/seb/sebserver/webservice/WebserviceInit.java
+++ b/src/main/java/ch/ethz/seb/sebserver/webservice/WebserviceInit.java
@ -150,6 +150,14 @@ public class WebserviceInit implements ApplicationListener<ApplicationReadyEvent
        SEBServerInit.INIT_LOGGER.info("---->");
        SEBServerInit.INIT_LOGGER.info("----> HTTP Scheme {}", this.webserviceInfo.getHttpScheme());
        SEBServerInit.INIT_LOGGER.info("---->");
+        SEBServerInit.INIT_LOGGER.info("----> Access-Tokens:");
+        SEBServerInit.INIT_LOGGER.info(
+                "----> admin API access token validity: " + this.webserviceInfo.getAdminAccessTokenValSec() + "s");
+        SEBServerInit.INIT_LOGGER.info(
+                "----> admin API refresh token validity: " + this.webserviceInfo.getAdminRefreshTokenValSec() + "s");
+        SEBServerInit.INIT_LOGGER.info(
+                "----> exam API access token validity: " + this.webserviceInfo.getExamAPITokenValiditySeconds() + "s");
+        SEBServerInit.INIT_LOGGER.info("----> ");
        SEBServerInit.INIT_LOGGER.info("----> Property Override Test: {}", this.webserviceInfo.getTestProperty());

        SEBServerInit.INIT_LOGGER.info("---->");
--- a/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/sebconfig/impl/ClientConfigServiceImpl.java
+++ b/src/main/java/ch/ethz/seb/sebserver/webservice/servicelayer/sebconfig/impl/ClientConfigServiceImpl.java
@ -169,6 +169,7 @@ public class ClientConfigServiceImpl implements ClientConfigService {
    private final WebserviceInfo webserviceInfo;
    private final CertificateDAO certificateDAO;
    private final long defaultPingInterval;
+    private final int examAPITokenValiditySeconds;

    protected ClientConfigServiceImpl(
            final SEBClientConfigDAO sebClientConfigDAO,
@ -178,7 +179,8 @@ public class ClientConfigServiceImpl implements ClientConfigService {
            final WebserviceInfo webserviceInfo,
            final CertificateDAO certificateDAO,
            @Qualifier(WebSecurityConfig.CLIENT_PASSWORD_ENCODER_BEAN_NAME) final PasswordEncoder clientPasswordEncoder,
-            @Value("${sebserver.webservice.api.exam.defaultPingInterval:1000}") final long defaultPingInterval) {
+            @Value("${sebserver.webservice.api.exam.defaultPingInterval:1000}") final long defaultPingInterval,
+            @Value("${sebserver.webservice.api.exam.accessTokenValiditySeconds:43200}") final int examAPITokenValiditySeconds) {

        this.sebClientConfigDAO = sebClientConfigDAO;
        this.clientCredentialService = clientCredentialService;
@ -188,6 +190,7 @@ public class ClientConfigServiceImpl implements ClientConfigService {
        this.webserviceInfo = webserviceInfo;
        this.certificateDAO = certificateDAO;
        this.defaultPingInterval = defaultPingInterval;
+        this.examAPITokenValiditySeconds = examAPITokenValiditySeconds;
    }

    @Override
@ -210,8 +213,8 @@ public class ClientConfigServiceImpl implements ClientConfigService {

                    baseClientDetails.setScope(Collections.emptySet());
                    baseClientDetails.setClientSecret(Utils.toString(pwd));
-                    baseClientDetails.setAccessTokenValiditySeconds(-1); // not expiring
-                    baseClientDetails.setRefreshTokenValiditySeconds(-1); // not expiring
+                    baseClientDetails.setAccessTokenValiditySeconds(this.examAPITokenValiditySeconds);
+                    baseClientDetails.setRefreshTokenValiditySeconds(-1); // not used, not expiring

                    if (log.isDebugEnabled()) {
                        log.debug("Created new BaseClientDetails for id: {}", clientName);
--- a/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/WebServiceSecurityConfig.java
+++ b/src/main/java/ch/ethz/seb/sebserver/webservice/weblayer/WebServiceSecurityConfig.java
@ -101,7 +101,7 @@ public class WebServiceSecurityConfig extends WebSecurityConfigurerAdapter {
    private Integer adminAccessTokenValSec;
    @Value("${sebserver.webservice.api.admin.refreshTokenValiditySeconds:-1}")
    private Integer adminRefreshTokenValSec;
-    @Value("${sebserver.webservice.api.exam.accessTokenValiditySeconds:3600}")
+    @Value("${sebserver.webservice.api.exam.accessTokenValiditySeconds:43200}")
    private Integer examAccessTokenValSec;

    @Lazy
--- a/src/main/resources/config/application-ws.properties
+++ b/src/main/resources/config/application-ws.properties
@ -61,7 +61,7 @@ sebserver.webservice.api.exam.config.init.prohibitedProcesses=config/initialProh
 sebserver.webservice.api.exam.endpoint=/exam-api
 sebserver.webservice.api.exam.endpoint.discovery=${sebserver.webservice.api.exam.endpoint}/discovery
 sebserver.webservice.api.exam.endpoint.v1=${sebserver.webservice.api.exam.endpoint}/v1
-sebserver.webservice.api.exam.accessTokenValiditySeconds=3600
+sebserver.webservice.api.exam.accessTokenValiditySeconds=43200
 sebserver.webservice.api.exam.event-handling-strategy=SINGLE_EVENT_STORE_STRATEGY
 sebserver.webservice.api.exam.enable-indicator-cache=true
 sebserver.webservice.api.pagination.maxPageSize=500
--- a/src/test/java/ch/ethz/seb/sebserver/webservice/integration/api/exam/ExamAPIAccessTokenRequestTest.java
+++ b/src/test/java/ch/ethz/seb/sebserver/webservice/integration/api/exam/ExamAPIAccessTokenRequestTest.java
@ -9,9 +9,18 @@
 package ch.ethz.seb.sebserver.webservice.integration.api.exam;

 import static org.junit.Assert.assertNotNull;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;

 import org.junit.Test;
+import org.springframework.boot.json.JacksonJsonParser;
+import org.springframework.http.MediaType;
 import org.springframework.test.context.jdbc.Sql;
+import org.springframework.test.web.servlet.ResultActions;
+import org.springframework.util.LinkedMultiValueMap;
+import org.springframework.util.MultiValueMap;

@Sql(scripts = { "classpath:schema-test.sql", "classpath:data-test.sql", "classpath:data-test-additional.sql" })
 public class ExamAPIAccessTokenRequestTest extends ExamAPIIntegrationTester {
@ -22,4 +31,23 @@ public class ExamAPIAccessTokenRequestTest extends ExamAPIIntegrationTester {
        assertNotNull(accessToken);
    }

+    @Test
+    public void testAccessTokenResponse() throws Exception {
+        final MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
+        params.add("grant_type", "client_credentials");
+        params.add("scope", "read write");
+
+        final ResultActions result = this.mockMvc.perform(post("/oauth/token")
+                .params(params)
+                .with(httpBasic("test", "test"))
+                .accept(MediaType.APPLICATION_JSON_VALUE))
+                .andExpect(status().isOk())
+                .andExpect(content().contentType(MediaType.APPLICATION_JSON_UTF8_VALUE));
+
+        final String resultString = result.andReturn().getResponse().getContentAsString();
+        final JacksonJsonParser jsonParser = new JacksonJsonParser();
+        final Object expiry = jsonParser.parseMap(resultString).get("expires_in");
+        assertNotNull(expiry);
+    }
+
 }