Skip to content

Commit

Permalink
refactor: replace authorization custom code with standard ff pipes (#393
Browse files Browse the repository at this point in the history
)

* new adapters which are handling authorization for each api have been added

* customcode related step has been removed from contributing file

* jwtPipe's has been replaced with the new pipe calling the authorization generator adapter for catalogiApi

* jwtPipe's has been replaced with the new pipe calling the authorization generator adapter for zakenApi

* jwtPipe's has been replaced with the new pipe calling the authorization generator adapter for documentenApi

* custom part in Parameter.java file removed. The whole file will be deleted later.

* update forward path names

* dummy commit to trigger ci

* typo

* update xmlSwitchPipe

* remove parameter.java

---------

Co-authored-by: Meric Akgul <meric@wearefrank.nl>
Co-authored-by: MLenterman <marcellenterman@hotmail.com>
  • Loading branch information
3 people authored Jun 25, 2024
1 parent b85182a commit 1d6671b
Showing 44 changed files with 587 additions and 2,882 deletions.
5 changes: 2 additions & 3 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
@@ -11,9 +11,8 @@ Execute the following steps when bumping the Frank!Framework version:
4. Replace the default value for `FF_VERSION` under `services.zaakbrug.build.args` in `docker-compose.zaakbrug.dev.yml` with the new tag. NOTE: Watch out to not replace the '-' in front of the tag: ${FF_VERSION:-<new tag>}
5. Replace the value of `ff.version` in `frank-runner.properties` with the new tag.
6. Start ZaakBrug with the `Frank!Runner` to automatically replace the `./src/main/configuration/<configuration-name>/FrankConfig.xsd` and `./src/main/configuration/FrankConfig.xsd` with the newer version. You can stop the Frank!Runner once the files are replaced. Note that currently the Frank!Runner will also add `FrankConfig.xsd` to the `.gitignore` file. Make sure to revert the change to `.gitignore`.
7. Check [GitHub - Frank!Framework - Parameter.java commit history](https://github.com/frankframework/frankframework/commits/master/core/src/main/java/org/frankframework/parameters/Parameter.java) for any changes to this class. The latest version of the source code of Parameter.java can be reached directly from master branch from [Github - Frank!Framework - Parameter.java source code](https://github.com/frankframework/frankframework/blob/master/core/src/main/java/org/frankframework/parameters/Parameter.java). If there are indeed changes, update the corresponding file under `./src/main/java/org/frankframework/...`. The `.java-orig` file content should be 1 on 1 equal to the new version on GitHub. Take care to not accidentally remove the intended customization of the code in the `.java` file.
8. Run the e2e testsuite by using the below Docker-Compose and configuration to validate the changes. You should only need `docker-compose -f ./docker-compose.zaakbrug.dev.yml -f ./docker-compose.openzaak.dev.yml up --build --force-recreate` for this. (TODO: Automate running of e2e tests in ci/cd).
9. Commit you changes on a branch with as message: `build(dependencies): bump f!f version to <new tag>`. Create a PR to have you changes merged to master.
7. Run the e2e testsuite by using the below Docker-Compose and configuration to validate the changes. You should only need `docker-compose -f ./docker-compose.zaakbrug.dev.yml -f ./docker-compose.openzaak.dev.yml up --build --force-recreate` for this. (TODO: Automate running of e2e tests in ci/cd).
8. Commit you changes on a branch with as message: `build(dependencies): bump f!f version to <new tag>`. Create a PR to have you changes merged to master.

# Testing with SoapUI

32 changes: 15 additions & 17 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -7,24 +7,22 @@ FROM docker.io/frankframework/frankframework:${FF_VERSION} as ff-base
COPY --chown=tomcat lib/server/* /usr/local/tomcat/lib/
COPY --chown=tomcat lib/webapp/* /usr/local/tomcat/webapps/ROOT/WEB-INF/lib/

# # Compile custom class
# FROM eclipse-temurin:17-jdk-jammy AS custom-code-builder

# Compile custom class
FROM eclipse-temurin:17-jdk-jammy AS custom-code-builder

# Copy dependencies
COPY --from=ff-base /usr/local/tomcat/lib/ /usr/local/tomcat/lib/
COPY --from=ff-base /usr/local/tomcat/webapps/ROOT /usr/local/tomcat/webapps/ROOT

# Copy custom class
COPY src/main/java /tmp/java
RUN mkdir /tmp/classes && \
javac \
/tmp/java/org/frankframework/parameters/Parameter.java \
-classpath "/usr/local/tomcat/webapps/ROOT/WEB-INF/lib/*:/usr/local/tomcat/lib/*" \
-verbose -d /tmp/classes
# # Copy dependencies
# COPY --from=ff-base /usr/local/tomcat/lib/ /usr/local/tomcat/lib/
# COPY --from=ff-base /usr/local/tomcat/webapps/ROOT /usr/local/tomcat/webapps/ROOT

# # Copy custom class
# COPY src/main/java /tmp/java
# RUN mkdir /tmp/classes && \
# javac \
# /tmp/java/org/frankframework/parameters/Parameter.java \
# -classpath "/usr/local/tomcat/webapps/ROOT/WEB-INF/lib/*:/usr/local/tomcat/lib/*" \
# -verbose -d /tmp/classes

FROM ff-base
# FROM ff-base

# Copy custom entrypoint script with added options
COPY --chown=tomcat docker/entrypoint.sh /scripts/entrypoint.sh
@@ -45,8 +43,8 @@ COPY --chown=tomcat src/main/configurations/ /opt/frank/configurations/
COPY --chown=tomcat src/main/resources/ /opt/frank/resources/
COPY --chown=tomcat src/test/testtool/ /opt/frank/testtool/

# Copy compiled custom class
COPY --from=custom-code-builder --chown=tomcat /tmp/classes/ /usr/local/tomcat/webapps/ROOT/WEB-INF/classes
# # Copy compiled custom class
# COPY --from=custom-code-builder --chown=tomcat /tmp/classes/ /usr/local/tomcat/webapps/ROOT/WEB-INF/classes

# Check if Frank! is still healthy
HEALTHCHECK --interval=15s --timeout=5s --start-period=30s --retries=60 \
10 changes: 8 additions & 2 deletions src/main/configurations/Translate/Configuration.xml
Original file line number Diff line number Diff line change
@@ -15,14 +15,17 @@
<!ENTITY GeefZaakdetails_Lv01 SYSTEM "./Configuration_GeefZaakdetails_Lv01.xml">
<!ENTITY GeefZaakdocumentbewerken_Di02 SYSTEM "./Configuration_GeefZaakdocumentbewerken_Di02.xml">
<!ENTITY GeefZaakdocumentLezen_Lv01 SYSTEM "./Configuration_GeefZaakdocumentLezen_Lv01.xml">
<!ENTITY GenerateAuthorizationHeaderForCatalogiApi SYSTEM "./Configuration_GenerateAuthorizationHeaderForCatalogiApi.xml">
<!ENTITY GenerateAuthorizationHeaderForDocumentenApi SYSTEM "./Configuration_GenerateAuthorizationHeaderForDocumentenApi.xml">
<!ENTITY GenerateAuthorizationHeaderForZakenApi SYSTEM "./Configuration_GenerateAuthorizationHeaderForZakenApi.xml">
<!ENTITY GenereerIdentificatieEmulator SYSTEM "./Configuration_GenereerIdentificatieEmulator.xml">
<!ENTITY GetBas64Inhoud SYSTEM "./Configuration_GetBas64Inhoud.xml">
<!ENTITY GetResultaatTypeByZaakTypeAndOmschrijving SYSTEM "./Configuration_GetResultaatTypeByZaakTypeAndOmschrijving.xml">
<!ENTITY GetResultatenByZaakUrl SYSTEM "./Configuration_GetResultatenByZaakUrl.xml">
<!ENTITY GetRolByZaakUrlAndRolTypeUrl SYSTEM "./Configuration_GetRolByZaakUrlAndRolTypeUrl.xml">
<!ENTITY GetRollenByBsn SYSTEM "./Configuration_GetRollenByBsn.xml">
<!ENTITY GetRolTypenByUrl SYSTEM "./Configuration_GetRolTypenByUrl.xml">
<!ENTITY GetRsinByGemeenteCode SYSTEM "./Configuration_GetRsinByGemeenteCode.xml">
<!ENTITY GetRolTypenByUrl SYSTEM "./Configuration_GetRolTypenByUrl.xml">
<!ENTITY GetRsinByGemeenteCode SYSTEM "./Configuration_GetRsinByGemeenteCode.xml">
<!ENTITY Zaken_GetZgwStatusByZaakUrl SYSTEM "./Configuration_Zaken_GetZgwStatusByZaakUrl.xml">
<!ENTITY GetStatusTypeByZaakTypeAndOmschrijving SYSTEM "./Configuration_GetStatusTypeByZaakTypeAndOmschrijving.xml">
<!ENTITY GetStatusTypes SYSTEM "./Configuration_GetStatusTypes.xml">
@@ -91,6 +94,9 @@
&GeefZaakdetails_Lv01;
&GeefZaakdocumentbewerken_Di02;
&GeefZaakdocumentLezen_Lv01;
&GenerateAuthorizationHeaderForCatalogiApi;
&GenerateAuthorizationHeaderForDocumentenApi;
&GenerateAuthorizationHeaderForZakenApi;
&GenereerIdentificatieEmulator;
&GetBas64Inhoud;
&GetResultaatTypeByZaakTypeAndOmschrijving;
Original file line number Diff line number Diff line change
@@ -14,20 +14,16 @@
<Exit name="EXCEPTION" state="ERROR"/>
</Exits>

<JwtPipe name="createJwt"
expirationTime="600"
storeResultInSessionKey="myToken"
ifParam="valueAuthType"
ifValue="Jwt"
>
<Param name="valueAuthType" value="${zaakbrug.zgw.zaken-api.auth-type}" />
<Param name="sharedSecret" pattern="{password}" authAlias="${zaakbrug.zgw.zaken-api.auth-alias}" hidden="true"/>
<Param name="client_id" pattern="{username}" authAlias="${zaakbrug.zgw.zaken-api.auth-alias}" hidden="true"/>
<Param name="user_id" pattern="{username}" authAlias="${zaakbrug.zgw.zaken-api.auth-alias}" hidden="true"/>
<Param name="user_reresentation" pattern="{username}" authAlias="${zaakbrug.zgw.zaken-api.auth-alias}" hidden="true"/>
<SenderPipe name="GetAuthorizationHeaderForZakenApi"
getInputFromFixedValue="&lt;dummy/&gt;">
<IbisLocalSender
name="GetAuthorizationHeaderForZakenApiSender"
javaListener="GenerateAuthorizationHeaderForZakenApi"
returnedSessionKeys="Error,Authorization">
</IbisLocalSender>
<Forward name="success" path="CallGetZgwRolType" />
<Forward name="exception" path="EXCEPTION" />
</JwtPipe>
</SenderPipe>

<SenderPipe
name="CallGetZgwRolType"
@@ -109,7 +105,7 @@
<Forward name="else" path="DeleteRol"/>
</XmlIfPipe>

<senderPipe
<SenderPipe
name="DeleteRol"
>
<HttpSender
@@ -120,14 +116,12 @@
>
<Param name="url" xpathExpression="Rollen/Rol/url"/>
<Param name="Accept-Crs" value="EPSG:4326"/>
<Param name="Authorization" sessionKey="originalMessage" xpathExpression="concat('Bearer ', $myToken)">
<Param name="myToken" sessionKey="myToken" defaultValue="@@zaken-api.jwt@@"/>
</Param>
<Param name="Authorization" sessionKey="Authorization" />
</HttpSender>

<Forward name="success" path="EXIT"/>
<Forward name="exception" path="ErrorJsonToXml" />
</senderPipe>
</SenderPipe>

<JsonPipe name="ErrorJsonToXml">
<Forward name="success" path="buildErrorMsg" />
Original file line number Diff line number Diff line change
@@ -14,20 +14,16 @@
<Exit name="EXCEPTION" state="ERROR" />
</Exits>

<JwtPipe name="createJwt"
expirationTime="600"
storeResultInSessionKey="myToken"
ifParam="valueAuthType"
ifValue="Jwt"
>
<Param name="valueAuthType" value="${zaakbrug.zgw.zaken-api.auth-type}" />
<Param name="sharedSecret" pattern="{password}" authAlias="${zaakbrug.zgw.zaken-api.auth-alias}" hidden="true"/>
<Param name="client_id" pattern="{username}" authAlias="${zaakbrug.zgw.zaken-api.auth-alias}" hidden="true"/>
<Param name="user_id" pattern="{username}" authAlias="${zaakbrug.zgw.zaken-api.auth-alias}" hidden="true"/>
<Param name="user_reresentation" pattern="{username}" authAlias="${zaakbrug.zgw.zaken-api.auth-alias}" hidden="true"/>
<Forward name="success" path="PostZgwZaakInformatieObjectSender" />
<Forward name="exception" path="EXCEPTION" />
</JwtPipe>
<SenderPipe name="GetAuthorizationHeaderForZakenApi"
getInputFromFixedValue="&lt;dummy/&gt;">
<IbisLocalSender
name="GetAuthorizationHeaderForZakenApiSender"
javaListener="GenerateAuthorizationHeaderForZakenApi"
returnedSessionKeys="Error,Authorization">
</IbisLocalSender>
<Forward name="success" path="PostZgwZaakInformatieObjectSender" />
<Forward name="exception" path="EXCEPTION" />
</SenderPipe>

<SenderPipe name="PostZgwZaakInformatieObjectSender" getInputFromSessionKey="originalMessage">
<Json2XmlInputValidator name="ValidatePost"
@@ -48,9 +44,7 @@
<Param name="Accept-Crs" value="EPSG:4326" />
<Param name="Accept" value="application/json" />
<Param name="Content-Crs" value="EPSG:4326" />
<Param name="Authorization" sessionKey="originalMessage" xpathExpression="concat('Bearer ', $myToken)">
<Param name="myToken" sessionKey="myToken" defaultValue="@@zaken-api.jwt@@"/>
</Param>
<Param name="Authorization" sessionKey="Authorization" />
</HttpSender>

<Forward name="success" path="JsonToXml" />
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
<Module xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="../FrankConfig.xsd">
<Adapter name="GenerateAuthorizationHeaderForCatalogiApi"
active="${GenerateAuthorizationHeaderForCatalogiApi.Active}"
description="">

<Receiver name="GenerateAuthorizationHeaderForCatalogiApi">
<JavaListener name="GenerateAuthorizationHeaderForCatalogiApi" returnedSessionKeys="Error,Authorization" />
</Receiver>

<Pipeline>
<Exits>
<Exit name="EXIT" state="SUCCESS" />
<Exit name="EXCEPTION" state="ERROR" />
</Exits>

<XmlSwitchPipe
name="CheckForAuthType"
xpathExpression="$valueAuthType"
>
<Param name="valueAuthType" value="${zaakbrug.zgw.catalogi-api.auth-type}"/>
<Forward name="jwt" path="createJwt"/>
<Forward name="basic" path="GetUserCredentialForBasicAuth"/>
<Forward name="value" path="CreateValueAuthorizationHeader"/>
</XmlSwitchPipe>

<!-- jwtTokenGeneratorPipe -->
<JwtPipe name="createJwt"
expirationTime="600"
storeResultInSessionKey="myToken"
authAlias="${zaakbrug.zgw.catalogi-api.auth-alias}">
<Param name="client_id" pattern="{username}" authAlias="${zaakbrug.zgw.catalogi-api.auth-alias}" hidden="true"/>
<Param name="user_id" pattern="{username}" authAlias="${zaakbrug.zgw.catalogi-api.auth-alias}" hidden="true"/>
<Param name="user_representation" pattern="{username}" authAlias="${zaakbrug.zgw.catalogi-api.auth-alias}" hidden="true"/>
<Forward name="success" path="CreateJwtAuthorizationHeader" />
<Forward name="exception" path="EXCEPTION" />
</JwtPipe>

<PutInSessionPipe name="CreateJwtAuthorizationHeader">
<Param name="Authorization" sessionKey="originalMessage" xpathExpression="concat('Bearer ', $myToken)">
<Param name="myToken" sessionKey="myToken"/>
</Param>
<Forward name="success" path="EXIT" />
<Forward name="exception" path="EXCEPTION" />
</PutInSessionPipe>

<PutInSessionPipe name="GetUserCredentialForBasicAuth">
<Param name="user_credential" xpathExpression="concat($username,':',$password)" hidden="true">
<Param name="username" pattern="{username}" authAlias="${zaakbrug.zgw.catalogi-api.auth-alias}" hidden="true"/>
<Param name="password" pattern="{password}" authAlias="${zaakbrug.zgw.catalogi-api.auth-alias}" hidden="true"/>
</Param>
<Forward name="success" path="CreateBasicAuthToken" />
</PutInSessionPipe>

<!-- basicTokenGeneratorPipe -->
<Base64Pipe name="CreateBasicAuthToken"
storeResultInSessionKey="myToken"
getInputFromSessionKey="user_credential">
<Forward name="success" path="CreateBasicAuthorizationHeader" />
<Forward name="exception" path="EXCEPTION" />
</Base64Pipe>

<PutInSessionPipe name="CreateBasicAuthorizationHeader">
<Param name="Authorization" sessionKey="originalMessage" xpathExpression="concat('Basic ', $myToken)">
<Param name="myToken" sessionKey="myToken"/>
</Param>
<Forward name="success" path="EXIT" />
<Forward name="exception" path="EXCEPTION" />
</PutInSessionPipe>

<!-- valueTokenGeneratorPipe -->
<PutInSessionPipe name="CreateValueAuthorizationHeader">
<Param name="Authorization" pattern="{password}" authAlias="${zaakbrug.zgw.catalogi-api.auth-alias}" hidden="true" />
<Forward name="success" path="EXIT" />
</PutInSessionPipe>
</Pipeline>
</Adapter>
</Module>
Loading

0 comments on commit 1d6671b

Please sign in to comment.