[
{
"path": ".github/workflows/build.yml",
"content": "name: ACME Keycloak Build\n\non:\n push:\n branches: [ main ]\n pull_request:\n branches: [ main ]\n\njobs:\n build:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v2\n\n - name: Configure JDK 21\n uses: actions/setup-java@v1\n with:\n java-version: 21\n\n - name: Cache Maven packages\n uses: actions/cache@v1\n with:\n path: ~/.m2\n key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}\n restore-keys: ${{ runner.os }}-m2\n\n - name: Maven - verify\n run: mvn --batch-mode -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn verify --file pom.xml --settings maven-settings.xml\n\n - name: Maven - integration-test\n run: mvn --batch-mode -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn -Pwith-integration-tests test --file pom.xml --settings maven-settings.xml\n\n - name: Maven - build image\n run: mvn --batch-mode -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn -DskipTests io.fabric8:docker-maven-plugin:build --file pom.xml --settings maven-settings.xml"
},
{
"path": ".github/workflows/e2e-tests.yml",
"content": "name: Acme e2e Test CI\n\non:\n push:\n branches: [ main ]\n pull_request:\n branches: [ main ]\n\njobs:\n e2e-tests:\n runs-on: ubuntu-latest\n steps:\n - uses: actions/checkout@v2\n\n - name: Configure JDK 21\n uses: actions/setup-java@v1\n with:\n java-version: 21\n\n - name: Configure Node.js '18.x'\n uses: actions/setup-node@v1\n with:\n node-version: '18.x'\n\n - name: Prepare artifacts (e.g. extensions) for docker-compose stack\n run: mvn --batch-mode -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn -DskipTests verify --file pom.xml --settings maven-settings.xml -pl keycloak/extensions,keycloak/docker\n\n - name: Build the docker-compose stack\n run: |\n USER=\"$(id -u)\"\n GROUP=\"\"\n export USER\n export GROUP\n echo \"Running as ${USER}:${GROUP}\"\n java bin/envcheck.java\n touch deployments/local/dev/keycloakx/acme.test+1.pem\n java start.java --http --extensions=jar --keycloak=keycloakx --ci=github --detach\n\n - name: Show current containers\n run: |\n docker ps -a\n\n # - name: Check keycloak is reachable\n # run: docker run --network container:dev_acme-keycloak_1 --rm appropriate/curl -s --retry 15 --max-time 180 --retry-connrefused http://localhost:8080/auth/realms/acme-internal\n\n - name: Sleep\n uses: jakejarvis/wait-action@master\n with:\n time: '70s'\n\n - name: Check docker-compose stack\n if: ${{ always() }}\n run: |\n docker ps -a\n docker inspect dev-acme-keycloak-1\n docker logs --details dev-acme-keycloak-1\n\n - name: Run cypress tests\n working-directory: ./keycloak/e2e-tests\n # https://docs.cypress.io/guides/references/configuration#Timeouts\n run: |\n yarn install\n docker run --network container:dev-acme-keycloak-1 --rm -v \"${PWD}\":/e2e -w /e2e --entrypoint=cypress cypress/included:10.8.0 run --config pageLoadTimeout=70000,defaultCommandTimeout=10000,watchForFileChanges=false --env keycloak_host=http://localhost:8080\n\n - name: Archive testrun video\n if: ${{ always() }}\n uses: actions/upload-artifact@v2\n with:\n name: testrun-video\n path: ./keycloak/e2e-tests/cypress/videos/\n retention-days: 1\n\n - name: Shutdown the docker-compose stack\n if: ${{ always() }}\n run: java stop.java --skip=grafana\n"
},
{
"path": ".gitignore",
"content": "!testrun/.gitkeep\ntestrun/\n!run/.gitkeep\nrun/\ndeployments/local/dev/run/\n\ndeployments/local/cluster/haproxy-external-ispn/ispn/data/ispn-1/\ndeployments/local/cluster/haproxy-external-ispn/ispn/data/ispn-2/\n\ndeployments/local/clusterx/haproxy-external-ispn/ispn/data/ispn-1/\ndeployments/local/clusterx/haproxy-external-ispn/ispn/data/ispn-2/\n\n\n!deployments/local/cluster/run/.gitkeep\ndeployments/local/cluster/run/\n\n*.pem\n*-key.pem\n\nlocal.env\n\nmodule-thorntail.xml\n!scratch/.gitkeep\nscratch/\n*.jfr\n!keycloak/imex/.gitkeep\nkeycloak/imex/*\n\nconfig/stage/dev/tls/*.pem\nconfig/stage/dev/tls/*.p12\nconfig/stage/dev/tls/*.crt\nconfig/stage/dev/tls/*.key\n\n# Exclude cypress resources\nnode_modules\nsrc/test/e2e/cypress/reports\nsrc/test/e2e/cypress/videos\nsrc/test/e2e/cypress/screenshots\n\n# Created by https://www.gitignore.io/api/osx,java,maven,gradle,eclipse,intellij+all,visualstudiocode\n# Edit at https://www.gitignore.io/?templates=osx,java,maven,gradle,eclipse,intellij+all,visualstudiocode\n\n### Eclipse ###\n\n.metadata\ntmp/\n*.tmp\n*.bak\n*.swp\n*~.nib\nlocal.properties\n.settings/\n.loadpath\n.recommenders\n\n# External tool builders\n.externalToolBuilders/\n\n# Locally stored \"Eclipse launch configurations\"\n*.launch\n\n# PyDev specific (Python IDE for Eclipse)\n*.pydevproject\n\n# CDT-specific (C/C++ Development Tooling)\n.cproject\n\n# CDT- autotools\n.autotools\n\n# Java annotation processor (APT)\n.factorypath\n\n# PDT-specific (PHP Development Tools)\n.buildpath\n\n# sbteclipse plugin\n.target\n\n# Tern plugin\n.tern-project\n\n# TeXlipse plugin\n.texlipse\n\n# STS (Spring Tool Suite)\n.springBeans\n\n# Code Recommenders\n.recommenders/\n\n# Annotation Processing\n.apt_generated/\n\n# Scala IDE specific (Scala & Java development for Eclipse)\n.cache-main\n.scala_dependencies\n.worksheet\n\n### Eclipse Patch ###\n# Eclipse Core\n.project\n\n# JDT-specific (Eclipse Java Development Tools)\n.classpath\n\n# Annotation Processing\n.apt_generated\n\n.sts4-cache/\n\n### Intellij+all ###\n# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio and WebStorm\n# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839\n\n# User-specific stuff\n.idea/**/workspace.xml\n.idea/**/tasks.xml\n.idea/**/usage.statistics.xml\n.idea/**/dictionaries\n.idea/**/shelf\n\n# Generated files\n.idea/**/contentModel.xml\n\n# Sensitive or high-churn files\n.idea/**/dataSources/\n.idea/**/dataSources.ids\n.idea/**/dataSources.local.xml\n.idea/**/sqlDataSources.xml\n.idea/**/dynamic.xml\n.idea/**/uiDesigner.xml\n.idea/**/dbnavigator.xml\n\n# Gradle\n.idea/**/gradle.xml\n.idea/**/libraries\n\n# Gradle and Maven with auto-import\n# When using Gradle or Maven with auto-import, you should exclude module files,\n# since they will be recreated, and may cause churn. Uncomment if using\n# auto-import.\n# .idea/modules.xml\n# .idea/*.iml\n# .idea/modules\n\n# CMake\ncmake-build-*/\n\n# Mongo Explorer plugin\n.idea/**/mongoSettings.xml\n\n# File-based project format\n*.iws\n\n# IntelliJ\nout/\n\n# mpeltonen/sbt-idea plugin\n.idea_modules/\n\n# JIRA plugin\natlassian-ide-plugin.xml\n\n# Cursive Clojure plugin\n.idea/replstate.xml\n\n# Crashlytics plugin (for Android Studio and IntelliJ)\ncom_crashlytics_export_strings.xml\ncrashlytics.properties\ncrashlytics-build.properties\nfabric.properties\n\n# Editor-based Rest Client\n.idea/httpRequests\n\n# Android studio 3.1+ serialized cache file\n.idea/caches/build_file_checksums.ser\n\n### Intellij+all Patch ###\n# Ignores the whole .idea folder and all .iml files\n# See https://github.com/joeblau/gitignore.io/issues/186 and https://github.com/joeblau/gitignore.io/issues/360\n\n.idea/\n\n# Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-249601023\n\n*.iml\nmodules.xml\n.idea/misc.xml\n*.ipr\n\n# Sonarlint plugin\n .idea/sonarlint\n\n### Java ###\n# Compiled class file\n*.class\n\n# Log file\n*.log\n\n# BlueJ files\n*.ctxt\n\n# Mobile Tools for Java (J2ME)\n.mtj.tmp/\n\n# Package Files #\n*.jar\n!bin/opentelemetry-javaagent-*.jar\n*.war\n*.nar\n*.ear\n*.zip\n*.tar.gz\n*.rar\n\n# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml\nhs_err_pid*\n\n### Maven ###\ntarget/\npom.xml.tag\npom.xml.releaseBackup\npom.xml.versionsBackup\npom.xml.next\nrelease.properties\ndependency-reduced-pom.xml\nbuildNumber.properties\n.mvn/timing.properties\n.mvn/wrapper/maven-wrapper.jar\n\n### OSX ###\n# General\n.DS_Store\n.AppleDouble\n.LSOverride\n\n# Icon must end with two \\r\nIcon\n\n# Thumbnails\n._*\n\n# Files that might appear in the root of a volume\n.DocumentRevisions-V100\n.fseventsd\n.Spotlight-V100\n.TemporaryItems\n.Trashes\n.VolumeIcon.icns\n.com.apple.timemachine.donotpresent\n\n# Directories potentially created on remote AFP share\n.AppleDB\n.AppleDesktop\nNetwork Trash Folder\nTemporary Items\n.apdisk\n\n### VisualStudioCode ###\n.vscode/*\n!.vscode/settings.json\n!.vscode/tasks.json\n!.vscode/launch.json\n!.vscode/extensions.json\n\n### VisualStudioCode Patch ###\n# Ignore all local history of files\n.history\n\n### Gradle ###\n.gradle\nbuild/\n\n# Ignore Gradle GUI config\ngradle-app.setting\n\n# Avoid ignoring Gradle wrapper jar file (.jar files are usually ignored)\n!gradle-wrapper.jar\n\n# Cache of project\n.gradletasknamecache\n\n# # Work around https://youtrack.jetbrains.com/issue/IDEA-116898\n# gradle/wrapper/gradle-wrapper.properties\n\n### Gradle Patch ###\n**/build/\n\n# End of https://www.gitignore.io/api/osx,java,maven,gradle,eclipse,intellij+all,visualstudiocode\n\n\n# Created by https://www.toptal.com/developers/gitignore/api/node\n# Edit at https://www.toptal.com/developers/gitignore?templates=node\n\n### Node ###\n# Logs\nlogs\n*.log\nnpm-debug.log*\nyarn-debug.log*\nyarn-error.log*\nlerna-debug.log*\n\n# Diagnostic reports (https://nodejs.org/api/report.html)\nreport.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json\n\n# Runtime data\npids\n*.pid\n*.seed\n*.pid.lock\n\n# Directory for instrumented libs generated by jscoverage/JSCover\nlib-cov\n\n# Coverage directory used by tools like istanbul\ncoverage\n*.lcov\n\n# nyc test coverage\n.nyc_output\n\n# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)\n.grunt\n\n# Bower dependency directory (https://bower.io/)\nbower_components\n\n# node-waf configuration\n.lock-wscript\n\n# Compiled binary addons (https://nodejs.org/api/addons.html)\nbuild/Release\n\n# Dependency directories\nnode_modules/\njspm_packages/\n\n# TypeScript v1 declaration files\ntypings/\n\n# TypeScript cache\n*.tsbuildinfo\n\n# Optional npm cache directory\n.npm\n\n# Optional eslint cache\n.eslintcache\n\n# Optional stylelint cache\n.stylelintcache\n\n# Microbundle cache\n.rpt2_cache/\n.rts2_cache_cjs/\n.rts2_cache_es/\n.rts2_cache_umd/\n\n# Optional REPL history\n.node_repl_history\n\n# Output of 'npm pack'\n*.tgz\n\n# Yarn Integrity file\n.yarn-integrity\n\n# dotenv environment variables file\n.env\n.env.test\n.env*.local\n\n# parcel-bundler cache (https://parceljs.org/)\n.cache\n.parcel-cache\n\n# Next.js build output\n.next\n\n# Nuxt.js build / generate output\n.nuxt\ndist\n\n# Storybook build outputs\n.out\n.storybook-out\nstorybook-static\n\n# rollup.js default build output\ndist/\n\n# Gatsby files\n.cache/\n# Comment in the public line in if your project uses Gatsby and not Next.js\n# https://nextjs.org/blog/next-9-1#public-directory-support\n# public\n\n# vuepress build output\n.vuepress/dist\n\n# Serverless directories\n.serverless/\n\n# FuseBox cache\n.fusebox/\n\n# DynamoDB Local files\n.dynamodb/\n\n# TernJS port file\n.tern-port\n\n# Stores VSCode versions used for testing VSCode extensions\n.vscode-test\n\n# Temporary folders\ntmp/\ntemp/\n\n# End of https://www.toptal.com/developers/gitignore/api/node\n/apps/offline-session-client/data/\n/deployments/local/cluster/haproxy-external-ispn/ispn/data/sessions/\n"
},
{
"path": ".run/Acme Backend API Quarkus.run.xml",
"content": "\n \n \n \n \n \n \n \n \n \n true\n \n \n \n \n \n"
},
{
"path": ".run/Keycloak Remote.run.xml",
"content": "\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n"
},
{
"path": ".run/OfflineSessionClient (logout).run.xml",
"content": "\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n"
},
{
"path": ".run/OfflineSessionClient.run.xml",
"content": "\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n"
},
{
"path": ".run/acme-webapp-saml-node-express.run.xml",
"content": "\n \n \n \n \n \n \n \n \n \n \n \n \n \n"
},
{
"path": ".run/backend-api-micronaut.run.xml",
"content": "\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n"
},
{
"path": ".run/backend-api-springboot-reactive.run.xml",
"content": "\n \n \n \n \n \n \n \n \n \n"
},
{
"path": ".run/backend-api-springboot.run.xml",
"content": "\n \n \n \n \n \n \n \n \n \n"
},
{
"path": ".run/backend-api-springboot3.run.xml",
"content": "\n \n \n \n \n \n \n \n \n \n"
},
{
"path": ".run/frontend-webapp-springboot-otel.run.xml",
"content": "\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n"
},
{
"path": ".run/frontend-webapp-springboot.run.xml",
"content": "\n \n \n \n \n \n \n \n \n \n"
},
{
"path": ".run/frontend-webapp-springboot3.run.xml",
"content": "\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n"
},
{
"path": ".vscode/settings.json",
"content": "{\n \"java.compile.nullAnalysis.mode\": \"disabled\"\n}"
},
{
"path": "LICENSE",
"content": " Apache License\n Version 2.0, January 2004\n http://www.apache.org/licenses/\n\n TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION\n\n 1. Definitions.\n\n \"License\" shall mean the terms and conditions for use, reproduction,\n and distribution as defined by Sections 1 through 9 of this document.\n\n \"Licensor\" shall mean the copyright owner or entity authorized by\n the copyright owner that is granting the License.\n\n \"Legal Entity\" shall mean the union of the acting entity and all\n other entities that control, are controlled by, or are under common\n control with that entity. For the purposes of this definition,\n \"control\" means (i) the power, direct or indirect, to cause the\n direction or management of such entity, whether by contract or\n otherwise, or (ii) ownership of fifty percent (50%) or more of the\n outstanding shares, or (iii) beneficial ownership of such entity.\n\n \"You\" (or \"Your\") shall mean an individual or Legal Entity\n exercising permissions granted by this License.\n\n \"Source\" form shall mean the preferred form for making modifications,\n including but not limited to software source code, documentation\n source, and configuration files.\n\n \"Object\" form shall mean any form resulting from mechanical\n transformation or translation of a Source form, including but\n not limited to compiled object code, generated documentation,\n and conversions to other media types.\n\n \"Work\" shall mean the work of authorship, whether in Source or\n Object form, made available under the License, as indicated by a\n copyright notice that is included in or attached to the work\n (an example is provided in the Appendix below).\n\n \"Derivative Works\" shall mean any work, whether in Source or Object\n form, that is based on (or derived from) the Work and for which the\n editorial revisions, annotations, elaborations, or other modifications\n represent, as a whole, an original work of authorship. For the purposes\n of this License, Derivative Works shall not include works that remain\n separable from, or merely link (or bind by name) to the interfaces of,\n the Work and Derivative Works thereof.\n\n \"Contribution\" shall mean any work of authorship, including\n the original version of the Work and any modifications or additions\n to that Work or Derivative Works thereof, that is intentionally\n submitted to Licensor for inclusion in the Work by the copyright owner\n or by an individual or Legal Entity authorized to submit on behalf of\n the copyright owner. For the purposes of this definition, \"submitted\"\n means any form of electronic, verbal, or written communication sent\n to the Licensor or its representatives, including but not limited to\n communication on electronic mailing lists, source code control systems,\n and issue tracking systems that are managed by, or on behalf of, the\n Licensor for the purpose of discussing and improving the Work, but\n excluding communication that is conspicuously marked or otherwise\n designated in writing by the copyright owner as \"Not a Contribution.\"\n\n \"Contributor\" shall mean Licensor and any individual or Legal Entity\n on behalf of whom a Contribution has been received by Licensor and\n subsequently incorporated within the Work.\n\n 2. Grant of Copyright License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n copyright license to reproduce, prepare Derivative Works of,\n publicly display, publicly perform, sublicense, and distribute the\n Work and such Derivative Works in Source or Object form.\n\n 3. Grant of Patent License. Subject to the terms and conditions of\n this License, each Contributor hereby grants to You a perpetual,\n worldwide, non-exclusive, no-charge, royalty-free, irrevocable\n (except as stated in this section) patent license to make, have made,\n use, offer to sell, sell, import, and otherwise transfer the Work,\n where such license applies only to those patent claims licensable\n by such Contributor that are necessarily infringed by their\n Contribution(s) alone or by combination of their Contribution(s)\n with the Work to which such Contribution(s) was submitted. If You\n institute patent litigation against any entity (including a\n cross-claim or counterclaim in a lawsuit) alleging that the Work\n or a Contribution incorporated within the Work constitutes direct\n or contributory patent infringement, then any patent licenses\n granted to You under this License for that Work shall terminate\n as of the date such litigation is filed.\n\n 4. Redistribution. You may reproduce and distribute copies of the\n Work or Derivative Works thereof in any medium, with or without\n modifications, and in Source or Object form, provided that You\n meet the following conditions:\n\n (a) You must give any other recipients of the Work or\n Derivative Works a copy of this License; and\n\n (b) You must cause any modified files to carry prominent notices\n stating that You changed the files; and\n\n (c) You must retain, in the Source form of any Derivative Works\n that You distribute, all copyright, patent, trademark, and\n attribution notices from the Source form of the Work,\n excluding those notices that do not pertain to any part of\n the Derivative Works; and\n\n (d) If the Work includes a \"NOTICE\" text file as part of its\n distribution, then any Derivative Works that You distribute must\n include a readable copy of the attribution notices contained\n within such NOTICE file, excluding those notices that do not\n pertain to any part of the Derivative Works, in at least one\n of the following places: within a NOTICE text file distributed\n as part of the Derivative Works; within the Source form or\n documentation, if provided along with the Derivative Works; or,\n within a display generated by the Derivative Works, if and\n wherever such third-party notices normally appear. The contents\n of the NOTICE file are for informational purposes only and\n do not modify the License. You may add Your own attribution\n notices within Derivative Works that You distribute, alongside\n or as an addendum to the NOTICE text from the Work, provided\n that such additional attribution notices cannot be construed\n as modifying the License.\n\n You may add Your own copyright statement to Your modifications and\n may provide additional or different license terms and conditions\n for use, reproduction, or distribution of Your modifications, or\n for any such Derivative Works as a whole, provided Your use,\n reproduction, and distribution of the Work otherwise complies with\n the conditions stated in this License.\n\n 5. Submission of Contributions. Unless You explicitly state otherwise,\n any Contribution intentionally submitted for inclusion in the Work\n by You to the Licensor shall be under the terms and conditions of\n this License, without any additional terms or conditions.\n Notwithstanding the above, nothing herein shall supersede or modify\n the terms of any separate license agreement you may have executed\n with Licensor regarding such Contributions.\n\n 6. Trademarks. This License does not grant permission to use the trade\n names, trademarks, service marks, or product names of the Licensor,\n except as required for reasonable and customary use in describing the\n origin of the Work and reproducing the content of the NOTICE file.\n\n 7. Disclaimer of Warranty. Unless required by applicable law or\n agreed to in writing, Licensor provides the Work (and each\n Contributor provides its Contributions) on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or\n implied, including, without limitation, any warranties or conditions\n of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A\n PARTICULAR PURPOSE. You are solely responsible for determining the\n appropriateness of using or redistributing the Work and assume any\n risks associated with Your exercise of permissions under this License.\n\n 8. Limitation of Liability. In no event and under no legal theory,\n whether in tort (including negligence), contract, or otherwise,\n unless required by applicable law (such as deliberate and grossly\n negligent acts) or agreed to in writing, shall any Contributor be\n liable to You for damages, including any direct, indirect, special,\n incidental, or consequential damages of any character arising as a\n result of this License or out of the use or inability to use the\n Work (including but not limited to damages for loss of goodwill,\n work stoppage, computer failure or malfunction, or any and all\n other commercial damages or losses), even if such Contributor\n has been advised of the possibility of such damages.\n\n 9. Accepting Warranty or Additional Liability. While redistributing\n the Work or Derivative Works thereof, You may choose to offer,\n and charge a fee for, acceptance of support, warranty, indemnity,\n or other liability obligations and/or rights consistent with this\n License. However, in accepting such obligations, You may act only\n on Your own behalf and on Your sole responsibility, not on behalf\n of any other Contributor, and only if You agree to indemnify,\n defend, and hold each Contributor harmless for any liability\n incurred by, or claims asserted against, such Contributor by reason\n of your accepting any such warranty or additional liability.\n\n END OF TERMS AND CONDITIONS\n\n APPENDIX: How to apply the Apache License to your work.\n\n To apply the Apache License to your work, attach the following\n boilerplate notice, with the fields enclosed by brackets \"[]\"\n replaced with your own identifying information. (Don't include\n the brackets!) The text should be enclosed in the appropriate\n comment syntax for the file format. We also recommend that a\n file or class name and description of purpose be included on the\n same \"printed page\" as the copyright notice for easier\n identification within third-party archives.\n\n Copyright [yyyy] [name of copyright owner]\n\n Licensed under the Apache License, Version 2.0 (the \"License\");\n you may not use this file except in compliance with the License.\n You may obtain a copy of the License at\n\n http://www.apache.org/licenses/LICENSE-2.0\n\n Unless required by applicable law or agreed to in writing, software\n distributed under the License is distributed on an \"AS IS\" BASIS,\n WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n See the License for the specific language governing permissions and\n limitations under the License.\n"
},
{
"path": "apps/account-svc/.dockerignore",
"content": "*\n!target/*-runner\n!target/*-runner.jar\n!target/lib/*\n!target/quarkus-app/*"
},
{
"path": "apps/account-svc/.gitignore",
"content": "#Maven\ntarget/\npom.xml.tag\npom.xml.releaseBackup\npom.xml.versionsBackup\nrelease.properties\n.flattened-pom.xml\n\n# Eclipse\n.project\n.classpath\n.settings/\nbin/\n\n# IntelliJ\n.idea\n*.ipr\n*.iml\n*.iws\n\n# NetBeans\nnb-configuration.xml\n\n# Visual Studio Code\n.vscode\n.factorypath\n\n# OSX\n.DS_Store\n\n# Vim\n*.swp\n*.swo\n\n# patch\n*.orig\n*.rej\n\n# Local environment\n.env\n\n# Plugin directory\n/.quarkus/cli/plugins/\n"
},
{
"path": "apps/account-svc/.mvn/wrapper/.gitignore",
"content": "maven-wrapper.jar\n"
},
{
"path": "apps/account-svc/.mvn/wrapper/MavenWrapperDownloader.java",
"content": "/*\n * Licensed to the Apache Software Foundation (ASF) under one\n * or more contributor license agreements. See the NOTICE file\n * distributed with this work for additional information\n * regarding copyright ownership. The ASF licenses this file\n * to you under the Apache License, Version 2.0 (the\n * \"License\"); you may not use this file except in compliance\n * with the License. You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing,\n * software distributed under the License is distributed on an\n * \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n * KIND, either express or implied. See the License for the\n * specific language governing permissions and limitations\n * under the License.\n */\n\nimport java.io.IOException;\nimport java.io.InputStream;\nimport java.net.Authenticator;\nimport java.net.PasswordAuthentication;\nimport java.net.URL;\nimport java.nio.file.Files;\nimport java.nio.file.Path;\nimport java.nio.file.Paths;\nimport java.nio.file.StandardCopyOption;\n\npublic final class MavenWrapperDownloader {\n private static final String WRAPPER_VERSION = \"3.2.0\";\n\n private static final boolean VERBOSE = Boolean.parseBoolean(System.getenv(\"MVNW_VERBOSE\"));\n\n public static void main(String[] args) {\n log(\"Apache Maven Wrapper Downloader \" + WRAPPER_VERSION);\n\n if (args.length != 2) {\n System.err.println(\" - ERROR wrapperUrl or wrapperJarPath parameter missing\");\n System.exit(1);\n }\n\n try {\n log(\" - Downloader started\");\n final URL wrapperUrl = new URL(args[0]);\n final String jarPath = args[1].replace(\"..\", \"\"); // Sanitize path\n final Path wrapperJarPath = Paths.get(jarPath).toAbsolutePath().normalize();\n downloadFileFromURL(wrapperUrl, wrapperJarPath);\n log(\"Done\");\n } catch (IOException e) {\n System.err.println(\"- Error downloading: \" + e.getMessage());\n if (VERBOSE) {\n e.printStackTrace();\n }\n System.exit(1);\n }\n }\n\n private static void downloadFileFromURL(URL wrapperUrl, Path wrapperJarPath)\n throws IOException {\n log(\" - Downloading to: \" + wrapperJarPath);\n if (System.getenv(\"MVNW_USERNAME\") != null && System.getenv(\"MVNW_PASSWORD\") != null) {\n final String username = System.getenv(\"MVNW_USERNAME\");\n final char[] password = System.getenv(\"MVNW_PASSWORD\").toCharArray();\n Authenticator.setDefault(new Authenticator() {\n @Override\n protected PasswordAuthentication getPasswordAuthentication() {\n return new PasswordAuthentication(username, password);\n }\n });\n }\n try (InputStream inStream = wrapperUrl.openStream()) {\n Files.copy(inStream, wrapperJarPath, StandardCopyOption.REPLACE_EXISTING);\n }\n log(\" - Downloader complete\");\n }\n\n private static void log(String msg) {\n if (VERBOSE) {\n System.out.println(msg);\n }\n }\n\n}\n"
},
{
"path": "apps/account-svc/.mvn/wrapper/maven-wrapper.properties",
"content": "# Licensed to the Apache Software Foundation (ASF) under one\n# or more contributor license agreements. See the NOTICE file\n# distributed with this work for additional information\n# regarding copyright ownership. The ASF licenses this file\n# to you under the Apache License, Version 2.0 (the\n# \"License\"); you may not use this file except in compliance\n# with the License. You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing,\n# software distributed under the License is distributed on an\n# \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n# KIND, either express or implied. See the License for the\n# specific language governing permissions and limitations\n# under the License.\ndistributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.5/apache-maven-3.9.5-bin.zip\nwrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar\n"
},
{
"path": "apps/account-svc/README.md",
"content": "# account-svc\n\nMinimal quarkus backend for a custom remote user storage.\n"
},
{
"path": "apps/account-svc/mvnw",
"content": "#!/bin/sh\n# ----------------------------------------------------------------------------\n# Licensed to the Apache Software Foundation (ASF) under one\n# or more contributor license agreements. See the NOTICE file\n# distributed with this work for additional information\n# regarding copyright ownership. The ASF licenses this file\n# to you under the Apache License, Version 2.0 (the\n# \"License\"); you may not use this file except in compliance\n# with the License. You may obtain a copy of the License at\n#\n# http://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing,\n# software distributed under the License is distributed on an\n# \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n# KIND, either express or implied. See the License for the\n# specific language governing permissions and limitations\n# under the License.\n# ----------------------------------------------------------------------------\n\n# ----------------------------------------------------------------------------\n# Apache Maven Wrapper startup batch script, version 3.2.0\n#\n# Required ENV vars:\n# ------------------\n# JAVA_HOME - location of a JDK home dir\n#\n# Optional ENV vars\n# -----------------\n# MAVEN_OPTS - parameters passed to the Java VM when running Maven\n# e.g. to debug Maven itself, use\n# set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000\n# MAVEN_SKIP_RC - flag to disable loading of mavenrc files\n# ----------------------------------------------------------------------------\n\nif [ -z \"$MAVEN_SKIP_RC\" ] ; then\n\n if [ -f /usr/local/etc/mavenrc ] ; then\n . /usr/local/etc/mavenrc\n fi\n\n if [ -f /etc/mavenrc ] ; then\n . /etc/mavenrc\n fi\n\n if [ -f \"$HOME/.mavenrc\" ] ; then\n . \"$HOME/.mavenrc\"\n fi\n\nfi\n\n# OS specific support. $var _must_ be set to either true or false.\ncygwin=false;\ndarwin=false;\nmingw=false\ncase \"$(uname)\" in\n CYGWIN*) cygwin=true ;;\n MINGW*) mingw=true;;\n Darwin*) darwin=true\n # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home\n # See https://developer.apple.com/library/mac/qa/qa1170/_index.html\n if [ -z \"$JAVA_HOME\" ]; then\n if [ -x \"/usr/libexec/java_home\" ]; then\n JAVA_HOME=\"$(/usr/libexec/java_home)\"; export JAVA_HOME\n else\n JAVA_HOME=\"/Library/Java/Home\"; export JAVA_HOME\n fi\n fi\n ;;\nesac\n\nif [ -z \"$JAVA_HOME\" ] ; then\n if [ -r /etc/gentoo-release ] ; then\n JAVA_HOME=$(java-config --jre-home)\n fi\nfi\n\n# For Cygwin, ensure paths are in UNIX format before anything is touched\nif $cygwin ; then\n [ -n \"$JAVA_HOME\" ] &&\n JAVA_HOME=$(cygpath --unix \"$JAVA_HOME\")\n [ -n \"$CLASSPATH\" ] &&\n CLASSPATH=$(cygpath --path --unix \"$CLASSPATH\")\nfi\n\n# For Mingw, ensure paths are in UNIX format before anything is touched\nif $mingw ; then\n [ -n \"$JAVA_HOME\" ] && [ -d \"$JAVA_HOME\" ] &&\n JAVA_HOME=\"$(cd \"$JAVA_HOME\" || (echo \"cannot cd into $JAVA_HOME.\"; exit 1); pwd)\"\nfi\n\nif [ -z \"$JAVA_HOME\" ]; then\n javaExecutable=\"$(which javac)\"\n if [ -n \"$javaExecutable\" ] && ! [ \"$(expr \"\\\"$javaExecutable\\\"\" : '\\([^ ]*\\)')\" = \"no\" ]; then\n # readlink(1) is not available as standard on Solaris 10.\n readLink=$(which readlink)\n if [ ! \"$(expr \"$readLink\" : '\\([^ ]*\\)')\" = \"no\" ]; then\n if $darwin ; then\n javaHome=\"$(dirname \"\\\"$javaExecutable\\\"\")\"\n javaExecutable=\"$(cd \"\\\"$javaHome\\\"\" && pwd -P)/javac\"\n else\n javaExecutable=\"$(readlink -f \"\\\"$javaExecutable\\\"\")\"\n fi\n javaHome=\"$(dirname \"\\\"$javaExecutable\\\"\")\"\n javaHome=$(expr \"$javaHome\" : '\\(.*\\)/bin')\n JAVA_HOME=\"$javaHome\"\n export JAVA_HOME\n fi\n fi\nfi\n\nif [ -z \"$JAVACMD\" ] ; then\n if [ -n \"$JAVA_HOME\" ] ; then\n if [ -x \"$JAVA_HOME/jre/sh/java\" ] ; then\n # IBM's JDK on AIX uses strange locations for the executables\n JAVACMD=\"$JAVA_HOME/jre/sh/java\"\n else\n JAVACMD=\"$JAVA_HOME/bin/java\"\n fi\n else\n JAVACMD=\"$(\\unset -f command 2>/dev/null; \\command -v java)\"\n fi\nfi\n\nif [ ! -x \"$JAVACMD\" ] ; then\n echo \"Error: JAVA_HOME is not defined correctly.\" >&2\n echo \" We cannot execute $JAVACMD\" >&2\n exit 1\nfi\n\nif [ -z \"$JAVA_HOME\" ] ; then\n echo \"Warning: JAVA_HOME environment variable is not set.\"\nfi\n\n# traverses directory structure from process work directory to filesystem root\n# first directory with .mvn subdirectory is considered project base directory\nfind_maven_basedir() {\n if [ -z \"$1\" ]\n then\n echo \"Path not specified to find_maven_basedir\"\n return 1\n fi\n\n basedir=\"$1\"\n wdir=\"$1\"\n while [ \"$wdir\" != '/' ] ; do\n if [ -d \"$wdir\"/.mvn ] ; then\n basedir=$wdir\n break\n fi\n # workaround for JBEAP-8937 (on Solaris 10/Sparc)\n if [ -d \"${wdir}\" ]; then\n wdir=$(cd \"$wdir/..\" || exit 1; pwd)\n fi\n # end of workaround\n done\n printf '%s' \"$(cd \"$basedir\" || exit 1; pwd)\"\n}\n\n# concatenates all lines of a file\nconcat_lines() {\n if [ -f \"$1\" ]; then\n # Remove \\r in case we run on Windows within Git Bash\n # and check out the repository with auto CRLF management\n # enabled. Otherwise, we may read lines that are delimited with\n # \\r\\n and produce $'-Xarg\\r' rather than -Xarg due to word\n # splitting rules.\n tr -s '\\r\\n' ' ' < \"$1\"\n fi\n}\n\nlog() {\n if [ \"$MVNW_VERBOSE\" = true ]; then\n printf '%s\\n' \"$1\"\n fi\n}\n\nBASE_DIR=$(find_maven_basedir \"$(dirname \"$0\")\")\nif [ -z \"$BASE_DIR\" ]; then\n exit 1;\nfi\n\nMAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-\"$BASE_DIR\"}; export MAVEN_PROJECTBASEDIR\nlog \"$MAVEN_PROJECTBASEDIR\"\n\n##########################################################################################\n# Extension to allow automatically downloading the maven-wrapper.jar from Maven-central\n# This allows using the maven wrapper in projects that prohibit checking in binary data.\n##########################################################################################\nwrapperJarPath=\"$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar\"\nif [ -r \"$wrapperJarPath\" ]; then\n log \"Found $wrapperJarPath\"\nelse\n log \"Couldn't find $wrapperJarPath, downloading it ...\"\n\n if [ -n \"$MVNW_REPOURL\" ]; then\n wrapperUrl=\"$MVNW_REPOURL/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar\"\n else\n wrapperUrl=\"https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar\"\n fi\n while IFS=\"=\" read -r key value; do\n # Remove '\\r' from value to allow usage on windows as IFS does not consider '\\r' as a separator ( considers space, tab, new line ('\\n'), and custom '=' )\n safeValue=$(echo \"$value\" | tr -d '\\r')\n case \"$key\" in (wrapperUrl) wrapperUrl=\"$safeValue\"; break ;;\n esac\n done < \"$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.properties\"\n log \"Downloading from: $wrapperUrl\"\n\n if $cygwin; then\n wrapperJarPath=$(cygpath --path --windows \"$wrapperJarPath\")\n fi\n\n if command -v wget > /dev/null; then\n log \"Found wget ... using wget\"\n [ \"$MVNW_VERBOSE\" = true ] && QUIET=\"\" || QUIET=\"--quiet\"\n if [ -z \"$MVNW_USERNAME\" ] || [ -z \"$MVNW_PASSWORD\" ]; then\n wget $QUIET \"$wrapperUrl\" -O \"$wrapperJarPath\" || rm -f \"$wrapperJarPath\"\n else\n wget $QUIET --http-user=\"$MVNW_USERNAME\" --http-password=\"$MVNW_PASSWORD\" \"$wrapperUrl\" -O \"$wrapperJarPath\" || rm -f \"$wrapperJarPath\"\n fi\n elif command -v curl > /dev/null; then\n log \"Found curl ... using curl\"\n [ \"$MVNW_VERBOSE\" = true ] && QUIET=\"\" || QUIET=\"--silent\"\n if [ -z \"$MVNW_USERNAME\" ] || [ -z \"$MVNW_PASSWORD\" ]; then\n curl $QUIET -o \"$wrapperJarPath\" \"$wrapperUrl\" -f -L || rm -f \"$wrapperJarPath\"\n else\n curl $QUIET --user \"$MVNW_USERNAME:$MVNW_PASSWORD\" -o \"$wrapperJarPath\" \"$wrapperUrl\" -f -L || rm -f \"$wrapperJarPath\"\n fi\n else\n log \"Falling back to using Java to download\"\n javaSource=\"$MAVEN_PROJECTBASEDIR/.mvn/wrapper/MavenWrapperDownloader.java\"\n javaClass=\"$MAVEN_PROJECTBASEDIR/.mvn/wrapper/MavenWrapperDownloader.class\"\n # For Cygwin, switch paths to Windows format before running javac\n if $cygwin; then\n javaSource=$(cygpath --path --windows \"$javaSource\")\n javaClass=$(cygpath --path --windows \"$javaClass\")\n fi\n if [ -e \"$javaSource\" ]; then\n if [ ! -e \"$javaClass\" ]; then\n log \" - Compiling MavenWrapperDownloader.java ...\"\n (\"$JAVA_HOME/bin/javac\" \"$javaSource\")\n fi\n if [ -e \"$javaClass\" ]; then\n log \" - Running MavenWrapperDownloader.java ...\"\n (\"$JAVA_HOME/bin/java\" -cp .mvn/wrapper MavenWrapperDownloader \"$wrapperUrl\" \"$wrapperJarPath\") || rm -f \"$wrapperJarPath\"\n fi\n fi\n fi\nfi\n##########################################################################################\n# End of extension\n##########################################################################################\n\n# If specified, validate the SHA-256 sum of the Maven wrapper jar file\nwrapperSha256Sum=\"\"\nwhile IFS=\"=\" read -r key value; do\n case \"$key\" in (wrapperSha256Sum) wrapperSha256Sum=$value; break ;;\n esac\ndone < \"$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.properties\"\nif [ -n \"$wrapperSha256Sum\" ]; then\n wrapperSha256Result=false\n if command -v sha256sum > /dev/null; then\n if echo \"$wrapperSha256Sum $wrapperJarPath\" | sha256sum -c > /dev/null 2>&1; then\n wrapperSha256Result=true\n fi\n elif command -v shasum > /dev/null; then\n if echo \"$wrapperSha256Sum $wrapperJarPath\" | shasum -a 256 -c > /dev/null 2>&1; then\n wrapperSha256Result=true\n fi\n else\n echo \"Checksum validation was requested but neither 'sha256sum' or 'shasum' are available.\"\n echo \"Please install either command, or disable validation by removing 'wrapperSha256Sum' from your maven-wrapper.properties.\"\n exit 1\n fi\n if [ $wrapperSha256Result = false ]; then\n echo \"Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be compromised.\" >&2\n echo \"Investigate or delete $wrapperJarPath to attempt a clean download.\" >&2\n echo \"If you updated your Maven version, you need to update the specified wrapperSha256Sum property.\" >&2\n exit 1\n fi\nfi\n\nMAVEN_OPTS=\"$(concat_lines \"$MAVEN_PROJECTBASEDIR/.mvn/jvm.config\") $MAVEN_OPTS\"\n\n# For Cygwin, switch paths to Windows format before running java\nif $cygwin; then\n [ -n \"$JAVA_HOME\" ] &&\n JAVA_HOME=$(cygpath --path --windows \"$JAVA_HOME\")\n [ -n \"$CLASSPATH\" ] &&\n CLASSPATH=$(cygpath --path --windows \"$CLASSPATH\")\n [ -n \"$MAVEN_PROJECTBASEDIR\" ] &&\n MAVEN_PROJECTBASEDIR=$(cygpath --path --windows \"$MAVEN_PROJECTBASEDIR\")\nfi\n\n# Provide a \"standardized\" way to retrieve the CLI args that will\n# work with both Windows and non-Windows executions.\nMAVEN_CMD_LINE_ARGS=\"$MAVEN_CONFIG $*\"\nexport MAVEN_CMD_LINE_ARGS\n\nWRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain\n\n# shellcheck disable=SC2086 # safe args\nexec \"$JAVACMD\" \\\n $MAVEN_OPTS \\\n $MAVEN_DEBUG_OPTS \\\n -classpath \"$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar\" \\\n \"-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}\" \\\n ${WRAPPER_LAUNCHER} $MAVEN_CONFIG \"$@\"\n"
},
{
"path": "apps/account-svc/mvnw.cmd",
"content": "@REM ----------------------------------------------------------------------------\n@REM Licensed to the Apache Software Foundation (ASF) under one\n@REM or more contributor license agreements. See the NOTICE file\n@REM distributed with this work for additional information\n@REM regarding copyright ownership. The ASF licenses this file\n@REM to you under the Apache License, Version 2.0 (the\n@REM \"License\"); you may not use this file except in compliance\n@REM with the License. You may obtain a copy of the License at\n@REM\n@REM http://www.apache.org/licenses/LICENSE-2.0\n@REM\n@REM Unless required by applicable law or agreed to in writing,\n@REM software distributed under the License is distributed on an\n@REM \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n@REM KIND, either express or implied. See the License for the\n@REM specific language governing permissions and limitations\n@REM under the License.\n@REM ----------------------------------------------------------------------------\n\n@REM ----------------------------------------------------------------------------\n@REM Apache Maven Wrapper startup batch script, version 3.2.0\n@REM\n@REM Required ENV vars:\n@REM JAVA_HOME - location of a JDK home dir\n@REM\n@REM Optional ENV vars\n@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands\n@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending\n@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven\n@REM e.g. to debug Maven itself, use\n@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000\n@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files\n@REM ----------------------------------------------------------------------------\n\n@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'\n@echo off\n@REM set title of command window\ntitle %0\n@REM enable echoing by setting MAVEN_BATCH_ECHO to 'on'\n@if \"%MAVEN_BATCH_ECHO%\" == \"on\" echo %MAVEN_BATCH_ECHO%\n\n@REM set %HOME% to equivalent of $HOME\nif \"%HOME%\" == \"\" (set \"HOME=%HOMEDRIVE%%HOMEPATH%\")\n\n@REM Execute a user defined script before this one\nif not \"%MAVEN_SKIP_RC%\" == \"\" goto skipRcPre\n@REM check for pre script, once with legacy .bat ending and once with .cmd ending\nif exist \"%USERPROFILE%\\mavenrc_pre.bat\" call \"%USERPROFILE%\\mavenrc_pre.bat\" %*\nif exist \"%USERPROFILE%\\mavenrc_pre.cmd\" call \"%USERPROFILE%\\mavenrc_pre.cmd\" %*\n:skipRcPre\n\n@setlocal\n\nset ERROR_CODE=0\n\n@REM To isolate internal variables from possible post scripts, we use another setlocal\n@setlocal\n\n@REM ==== START VALIDATION ====\nif not \"%JAVA_HOME%\" == \"\" goto OkJHome\n\necho.\necho Error: JAVA_HOME not found in your environment. >&2\necho Please set the JAVA_HOME variable in your environment to match the >&2\necho location of your Java installation. >&2\necho.\ngoto error\n\n:OkJHome\nif exist \"%JAVA_HOME%\\bin\\java.exe\" goto init\n\necho.\necho Error: JAVA_HOME is set to an invalid directory. >&2\necho JAVA_HOME = \"%JAVA_HOME%\" >&2\necho Please set the JAVA_HOME variable in your environment to match the >&2\necho location of your Java installation. >&2\necho.\ngoto error\n\n@REM ==== END VALIDATION ====\n\n:init\n\n@REM Find the project base dir, i.e. the directory that contains the folder \".mvn\".\n@REM Fallback to current working directory if not found.\n\nset MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%\nIF NOT \"%MAVEN_PROJECTBASEDIR%\"==\"\" goto endDetectBaseDir\n\nset EXEC_DIR=%CD%\nset WDIR=%EXEC_DIR%\n:findBaseDir\nIF EXIST \"%WDIR%\"\\.mvn goto baseDirFound\ncd ..\nIF \"%WDIR%\"==\"%CD%\" goto baseDirNotFound\nset WDIR=%CD%\ngoto findBaseDir\n\n:baseDirFound\nset MAVEN_PROJECTBASEDIR=%WDIR%\ncd \"%EXEC_DIR%\"\ngoto endDetectBaseDir\n\n:baseDirNotFound\nset MAVEN_PROJECTBASEDIR=%EXEC_DIR%\ncd \"%EXEC_DIR%\"\n\n:endDetectBaseDir\n\nIF NOT EXIST \"%MAVEN_PROJECTBASEDIR%\\.mvn\\jvm.config\" goto endReadAdditionalConfig\n\n@setlocal EnableExtensions EnableDelayedExpansion\nfor /F \"usebackq delims=\" %%a in (\"%MAVEN_PROJECTBASEDIR%\\.mvn\\jvm.config\") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a\n@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%\n\n:endReadAdditionalConfig\n\nSET MAVEN_JAVA_EXE=\"%JAVA_HOME%\\bin\\java.exe\"\nset WRAPPER_JAR=\"%MAVEN_PROJECTBASEDIR%\\.mvn\\wrapper\\maven-wrapper.jar\"\nset WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain\n\nset WRAPPER_URL=\"https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar\"\n\nFOR /F \"usebackq tokens=1,2 delims==\" %%A IN (\"%MAVEN_PROJECTBASEDIR%\\.mvn\\wrapper\\maven-wrapper.properties\") DO (\n IF \"%%A\"==\"wrapperUrl\" SET WRAPPER_URL=%%B\n)\n\n@REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central\n@REM This allows using the maven wrapper in projects that prohibit checking in binary data.\nif exist %WRAPPER_JAR% (\n if \"%MVNW_VERBOSE%\" == \"true\" (\n echo Found %WRAPPER_JAR%\n )\n) else (\n if not \"%MVNW_REPOURL%\" == \"\" (\n SET WRAPPER_URL=\"%MVNW_REPOURL%/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar\"\n )\n if \"%MVNW_VERBOSE%\" == \"true\" (\n echo Couldn't find %WRAPPER_JAR%, downloading it ...\n echo Downloading from: %WRAPPER_URL%\n )\n\n powershell -Command \"&{\"^\n\t\t\"$webclient = new-object System.Net.WebClient;\"^\n\t\t\"if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {\"^\n\t\t\"$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');\"^\n\t\t\"}\"^\n\t\t\"[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%WRAPPER_URL%', '%WRAPPER_JAR%')\"^\n\t\t\"}\"\n if \"%MVNW_VERBOSE%\" == \"true\" (\n echo Finished downloading %WRAPPER_JAR%\n )\n)\n@REM End of extension\n\n@REM If specified, validate the SHA-256 sum of the Maven wrapper jar file\nSET WRAPPER_SHA_256_SUM=\"\"\nFOR /F \"usebackq tokens=1,2 delims==\" %%A IN (\"%MAVEN_PROJECTBASEDIR%\\.mvn\\wrapper\\maven-wrapper.properties\") DO (\n IF \"%%A\"==\"wrapperSha256Sum\" SET WRAPPER_SHA_256_SUM=%%B\n)\nIF NOT %WRAPPER_SHA_256_SUM%==\"\" (\n powershell -Command \"&{\"^\n \"$hash = (Get-FileHash \\\"%WRAPPER_JAR%\\\" -Algorithm SHA256).Hash.ToLower();\"^\n \"If('%WRAPPER_SHA_256_SUM%' -ne $hash){\"^\n \" Write-Output 'Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be compromised.';\"^\n \" Write-Output 'Investigate or delete %WRAPPER_JAR% to attempt a clean download.';\"^\n \" Write-Output 'If you updated your Maven version, you need to update the specified wrapperSha256Sum property.';\"^\n \" exit 1;\"^\n \"}\"^\n \"}\"\n if ERRORLEVEL 1 goto error\n)\n\n@REM Provide a \"standardized\" way to retrieve the CLI args that will\n@REM work with both Windows and non-Windows executions.\nset MAVEN_CMD_LINE_ARGS=%*\n\n%MAVEN_JAVA_EXE% ^\n %JVM_CONFIG_MAVEN_PROPS% ^\n %MAVEN_OPTS% ^\n %MAVEN_DEBUG_OPTS% ^\n -classpath %WRAPPER_JAR% ^\n \"-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%\" ^\n %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*\nif ERRORLEVEL 1 goto error\ngoto end\n\n:error\nset ERROR_CODE=1\n\n:end\n@endlocal & set ERROR_CODE=%ERROR_CODE%\n\nif not \"%MAVEN_SKIP_RC%\"==\"\" goto skipRcPost\n@REM check for post script, once with legacy .bat ending and once with .cmd ending\nif exist \"%USERPROFILE%\\mavenrc_post.bat\" call \"%USERPROFILE%\\mavenrc_post.bat\"\nif exist \"%USERPROFILE%\\mavenrc_post.cmd\" call \"%USERPROFILE%\\mavenrc_post.cmd\"\n:skipRcPost\n\n@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'\nif \"%MAVEN_BATCH_PAUSE%\"==\"on\" pause\n\nif \"%MAVEN_TERMINATE_CMD%\"==\"on\" exit %ERROR_CODE%\n\ncmd /C exit /B %ERROR_CODE%\n"
},
{
"path": "apps/account-svc/pom.xml",
"content": "\n\n 4.0.0\n com.thomasdarimont.training.keycloak\n account-svc\n 1.0-SNAPSHOT\n \n 3.11.0\n 21\n UTF-8\n UTF-8\n quarkus-bom\n io.quarkus.platform\n 3.5.3\n true\n 3.1.2\n \n \n \n \n ${quarkus.platform.group-id}\n ${quarkus.platform.artifact-id}\n ${quarkus.platform.version}\n pom\n import\n \n \n \n \n \n io.quarkus\n quarkus-resteasy\n \n \n io.quarkus\n quarkus-resteasy-jackson\n \n \n io.quarkus\n quarkus-arc\n \n \n io.quarkus\n quarkus-container-image-jib\n \n \n io.quarkus\n quarkus-junit5\n test\n \n \n org.projectlombok\n lombok\n 1.18.34\n true\n \n \n \n \n \n ${quarkus.platform.group-id}\n quarkus-maven-plugin\n ${quarkus.platform.version}\n true\n \n \n \n build\n generate-code\n generate-code-tests\n \n \n \n \n \n maven-compiler-plugin\n ${compiler-plugin.version}\n \n \n -parameters\n \n \n \n \n maven-surefire-plugin\n ${surefire-plugin.version}\n \n \n org.jboss.logmanager.LogManager\n ${maven.home}\n \n \n \n \n maven-failsafe-plugin\n ${surefire-plugin.version}\n \n \n \n integration-test\n verify\n \n \n \n ${project.build.directory}/${project.build.finalName}-runner\n org.jboss.logmanager.LogManager\n ${maven.home}\n \n \n \n \n \n \n \n \n \n native\n \n \n native\n \n \n \n false\n native\n \n \n \n\n"
},
{
"path": "apps/account-svc/src/main/docker/Dockerfile.jvm",
"content": "####\n# This Dockerfile is used in order to build a container that runs the Quarkus application in JVM mode\n#\n# Before building the container image run:\n#\n# ./mvnw package\n#\n# Then, build the image with:\n#\n# docker build -f src/main/docker/Dockerfile.jvm -t quarkus/account-svc-jvm .\n#\n# Then run the container using:\n#\n# docker run -i --rm -p 8080:8080 quarkus/account-svc-jvm\n#\n# If you want to include the debug port into your docker image\n# you will have to expose the debug port (default 5005 being the default) like this : EXPOSE 8080 5005.\n# Additionally you will have to set -e JAVA_DEBUG=true and -e JAVA_DEBUG_PORT=*:5005\n# when running the container\n#\n# Then run the container using :\n#\n# docker run -i --rm -p 8080:8080 quarkus/account-svc-jvm\n#\n# This image uses the `run-java.sh` script to run the application.\n# This scripts computes the command line to execute your Java application, and\n# includes memory/GC tuning.\n# You can configure the behavior using the following environment properties:\n# - JAVA_OPTS: JVM options passed to the `java` command (example: \"-verbose:class\")\n# - JAVA_OPTS_APPEND: User specified Java options to be appended to generated options\n# in JAVA_OPTS (example: \"-Dsome.property=foo\")\n# - JAVA_MAX_MEM_RATIO: Is used when no `-Xmx` option is given in JAVA_OPTS. This is\n# used to calculate a default maximal heap memory based on a containers restriction.\n# If used in a container without any memory constraints for the container then this\n# option has no effect. If there is a memory constraint then `-Xmx` is set to a ratio\n# of the container available memory as set here. The default is `50` which means 50%\n# of the available memory is used as an upper boundary. You can skip this mechanism by\n# setting this value to `0` in which case no `-Xmx` option is added.\n# - JAVA_INITIAL_MEM_RATIO: Is used when no `-Xms` option is given in JAVA_OPTS. This\n# is used to calculate a default initial heap memory based on the maximum heap memory.\n# If used in a container without any memory constraints for the container then this\n# option has no effect. If there is a memory constraint then `-Xms` is set to a ratio\n# of the `-Xmx` memory as set here. The default is `25` which means 25% of the `-Xmx`\n# is used as the initial heap size. You can skip this mechanism by setting this value\n# to `0` in which case no `-Xms` option is added (example: \"25\")\n# - JAVA_MAX_INITIAL_MEM: Is used when no `-Xms` option is given in JAVA_OPTS.\n# This is used to calculate the maximum value of the initial heap memory. If used in\n# a container without any memory constraints for the container then this option has\n# no effect. If there is a memory constraint then `-Xms` is limited to the value set\n# here. The default is 4096MB which means the calculated value of `-Xms` never will\n# be greater than 4096MB. The value of this variable is expressed in MB (example: \"4096\")\n# - JAVA_DIAGNOSTICS: Set this to get some diagnostics information to standard output\n# when things are happening. This option, if set to true, will set\n# `-XX:+UnlockDiagnosticVMOptions`. Disabled by default (example: \"true\").\n# - JAVA_DEBUG: If set remote debugging will be switched on. Disabled by default (example:\n# true\").\n# - JAVA_DEBUG_PORT: Port used for remote debugging. Defaults to 5005 (example: \"8787\").\n# - CONTAINER_CORE_LIMIT: A calculated core limit as described in\n# https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt. (example: \"2\")\n# - CONTAINER_MAX_MEMORY: Memory limit given to the container (example: \"1024\").\n# - GC_MIN_HEAP_FREE_RATIO: Minimum percentage of heap free after GC to avoid expansion.\n# (example: \"20\")\n# - GC_MAX_HEAP_FREE_RATIO: Maximum percentage of heap free after GC to avoid shrinking.\n# (example: \"40\")\n# - GC_TIME_RATIO: Specifies the ratio of the time spent outside the garbage collection.\n# (example: \"4\")\n# - GC_ADAPTIVE_SIZE_POLICY_WEIGHT: The weighting given to the current GC time versus\n# previous GC times. (example: \"90\")\n# - GC_METASPACE_SIZE: The initial metaspace size. (example: \"20\")\n# - GC_MAX_METASPACE_SIZE: The maximum metaspace size. (example: \"100\")\n# - GC_CONTAINER_OPTIONS: Specify Java GC to use. The value of this variable should\n# contain the necessary JRE command-line options to specify the required GC, which\n# will override the default of `-XX:+UseParallelGC` (example: -XX:+UseG1GC).\n# - HTTPS_PROXY: The location of the https proxy. (example: \"myuser@127.0.0.1:8080\")\n# - HTTP_PROXY: The location of the http proxy. (example: \"myuser@127.0.0.1:8080\")\n# - NO_PROXY: A comma separated lists of hosts, IP addresses or domains that can be\n# accessed directly. (example: \"foo.example.com,bar.example.com\")\n#\n###\nFROM registry.access.redhat.com/ubi8/openjdk-17:1.17\n\nENV LANGUAGE='en_US:en'\n\n\n# We make four distinct layers so if there are application changes the library layers can be re-used\nCOPY --chown=185 target/quarkus-app/lib/ /deployments/lib/\nCOPY --chown=185 target/quarkus-app/*.jar /deployments/\nCOPY --chown=185 target/quarkus-app/app/ /deployments/app/\nCOPY --chown=185 target/quarkus-app/quarkus/ /deployments/quarkus/\n\nEXPOSE 8080\nUSER 185\nENV JAVA_OPTS_APPEND=\"-Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager\"\nENV JAVA_APP_JAR=\"/deployments/quarkus-run.jar\"\n\nENTRYPOINT [ \"/opt/jboss/container/java/run/run-java.sh\" ]\n\n"
},
{
"path": "apps/account-svc/src/main/docker/Dockerfile.legacy-jar",
"content": "####\n# This Dockerfile is used in order to build a container that runs the Quarkus application in JVM mode\n#\n# Before building the container image run:\n#\n# ./mvnw package -Dquarkus.package.type=legacy-jar\n#\n# Then, build the image with:\n#\n# docker build -f src/main/docker/Dockerfile.legacy-jar -t quarkus/account-svc-legacy-jar .\n#\n# Then run the container using:\n#\n# docker run -i --rm -p 8080:8080 quarkus/account-svc-legacy-jar\n#\n# If you want to include the debug port into your docker image\n# you will have to expose the debug port (default 5005 being the default) like this : EXPOSE 8080 5005.\n# Additionally you will have to set -e JAVA_DEBUG=true and -e JAVA_DEBUG_PORT=*:5005\n# when running the container\n#\n# Then run the container using :\n#\n# docker run -i --rm -p 8080:8080 quarkus/account-svc-legacy-jar\n#\n# This image uses the `run-java.sh` script to run the application.\n# This scripts computes the command line to execute your Java application, and\n# includes memory/GC tuning.\n# You can configure the behavior using the following environment properties:\n# - JAVA_OPTS: JVM options passed to the `java` command (example: \"-verbose:class\")\n# - JAVA_OPTS_APPEND: User specified Java options to be appended to generated options\n# in JAVA_OPTS (example: \"-Dsome.property=foo\")\n# - JAVA_MAX_MEM_RATIO: Is used when no `-Xmx` option is given in JAVA_OPTS. This is\n# used to calculate a default maximal heap memory based on a containers restriction.\n# If used in a container without any memory constraints for the container then this\n# option has no effect. If there is a memory constraint then `-Xmx` is set to a ratio\n# of the container available memory as set here. The default is `50` which means 50%\n# of the available memory is used as an upper boundary. You can skip this mechanism by\n# setting this value to `0` in which case no `-Xmx` option is added.\n# - JAVA_INITIAL_MEM_RATIO: Is used when no `-Xms` option is given in JAVA_OPTS. This\n# is used to calculate a default initial heap memory based on the maximum heap memory.\n# If used in a container without any memory constraints for the container then this\n# option has no effect. If there is a memory constraint then `-Xms` is set to a ratio\n# of the `-Xmx` memory as set here. The default is `25` which means 25% of the `-Xmx`\n# is used as the initial heap size. You can skip this mechanism by setting this value\n# to `0` in which case no `-Xms` option is added (example: \"25\")\n# - JAVA_MAX_INITIAL_MEM: Is used when no `-Xms` option is given in JAVA_OPTS.\n# This is used to calculate the maximum value of the initial heap memory. If used in\n# a container without any memory constraints for the container then this option has\n# no effect. If there is a memory constraint then `-Xms` is limited to the value set\n# here. The default is 4096MB which means the calculated value of `-Xms` never will\n# be greater than 4096MB. The value of this variable is expressed in MB (example: \"4096\")\n# - JAVA_DIAGNOSTICS: Set this to get some diagnostics information to standard output\n# when things are happening. This option, if set to true, will set\n# `-XX:+UnlockDiagnosticVMOptions`. Disabled by default (example: \"true\").\n# - JAVA_DEBUG: If set remote debugging will be switched on. Disabled by default (example:\n# true\").\n# - JAVA_DEBUG_PORT: Port used for remote debugging. Defaults to 5005 (example: \"8787\").\n# - CONTAINER_CORE_LIMIT: A calculated core limit as described in\n# https://www.kernel.org/doc/Documentation/scheduler/sched-bwc.txt. (example: \"2\")\n# - CONTAINER_MAX_MEMORY: Memory limit given to the container (example: \"1024\").\n# - GC_MIN_HEAP_FREE_RATIO: Minimum percentage of heap free after GC to avoid expansion.\n# (example: \"20\")\n# - GC_MAX_HEAP_FREE_RATIO: Maximum percentage of heap free after GC to avoid shrinking.\n# (example: \"40\")\n# - GC_TIME_RATIO: Specifies the ratio of the time spent outside the garbage collection.\n# (example: \"4\")\n# - GC_ADAPTIVE_SIZE_POLICY_WEIGHT: The weighting given to the current GC time versus\n# previous GC times. (example: \"90\")\n# - GC_METASPACE_SIZE: The initial metaspace size. (example: \"20\")\n# - GC_MAX_METASPACE_SIZE: The maximum metaspace size. (example: \"100\")\n# - GC_CONTAINER_OPTIONS: Specify Java GC to use. The value of this variable should\n# contain the necessary JRE command-line options to specify the required GC, which\n# will override the default of `-XX:+UseParallelGC` (example: -XX:+UseG1GC).\n# - HTTPS_PROXY: The location of the https proxy. (example: \"myuser@127.0.0.1:8080\")\n# - HTTP_PROXY: The location of the http proxy. (example: \"myuser@127.0.0.1:8080\")\n# - NO_PROXY: A comma separated lists of hosts, IP addresses or domains that can be\n# accessed directly. (example: \"foo.example.com,bar.example.com\")\n#\n###\nFROM registry.access.redhat.com/ubi8/openjdk-17:1.17\n\nENV LANGUAGE='en_US:en'\n\n\nCOPY target/lib/* /deployments/lib/\nCOPY target/*-runner.jar /deployments/quarkus-run.jar\n\nEXPOSE 8080\nUSER 185\nENV JAVA_OPTS_APPEND=\"-Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager\"\nENV JAVA_APP_JAR=\"/deployments/quarkus-run.jar\"\n\nENTRYPOINT [ \"/opt/jboss/container/java/run/run-java.sh\" ]\n"
},
{
"path": "apps/account-svc/src/main/docker/Dockerfile.native",
"content": "####\n# This Dockerfile is used in order to build a container that runs the Quarkus application in native (no JVM) mode.\n#\n# Before building the container image run:\n#\n# ./mvnw package -Dnative\n#\n# Then, build the image with:\n#\n# docker build -f src/main/docker/Dockerfile.native -t quarkus/account-svc .\n#\n# Then run the container using:\n#\n# docker run -i --rm -p 8080:8080 quarkus/account-svc\n#\n###\nFROM registry.access.redhat.com/ubi8/ubi-minimal:8.8\nWORKDIR /work/\nRUN chown 1001 /work \\\n && chmod \"g+rwX\" /work \\\n && chown 1001:root /work\nCOPY --chown=1001:root target/*-runner /work/application\n\nEXPOSE 8080\nUSER 1001\n\nENTRYPOINT [\"./application\", \"-Dquarkus.http.host=0.0.0.0\"]\n"
},
{
"path": "apps/account-svc/src/main/docker/Dockerfile.native-micro",
"content": "####\n# This Dockerfile is used in order to build a container that runs the Quarkus application in native (no JVM) mode.\n# It uses a micro base image, tuned for Quarkus native executables.\n# It reduces the size of the resulting container image.\n# Check https://quarkus.io/guides/quarkus-runtime-base-image for further information about this image.\n#\n# Before building the container image run:\n#\n# ./mvnw package -Dnative\n#\n# Then, build the image with:\n#\n# docker build -f src/main/docker/Dockerfile.native-micro -t quarkus/account-svc .\n#\n# Then run the container using:\n#\n# docker run -i --rm -p 8080:8080 quarkus/account-svc\n#\n###\nFROM quay.io/quarkus/quarkus-micro-image:2.0\nWORKDIR /work/\nRUN chown 1001 /work \\\n && chmod \"g+rwX\" /work \\\n && chown 1001:root /work\nCOPY --chown=1001:root target/*-runner /work/application\n\nEXPOSE 8080\nUSER 1001\n\nENTRYPOINT [\"./application\", \"-Dquarkus.http.host=0.0.0.0\"]\n"
},
{
"path": "apps/account-svc/src/main/java/com/thomasdarimont/keycloak/training/accounts/User.java",
"content": "package com.thomasdarimont.keycloak.training.accounts;\n\nimport com.fasterxml.jackson.annotation.JsonIgnore;\nimport lombok.Data;\nimport lombok.NoArgsConstructor;\n\nimport java.util.List;\n\n@Data\n@NoArgsConstructor\npublic class User implements Cloneable {\n\n private String id;\n private String username;\n private String email;\n private boolean emailVerified;\n private String firstname;\n private String lastname;\n private String password;\n private boolean enabled;\n private long created;\n private List roles;\n\n public User(String id, String username, String password, String email, boolean emailVerified, String firstname, String lastname, boolean enabled, List roles) {\n this.id = id;\n this.username = username;\n this.email = email;\n this.emailVerified = emailVerified;\n this.firstname = firstname;\n this.lastname = lastname;\n this.password = password;\n this.enabled = enabled;\n this.created = System.currentTimeMillis();\n this.roles = roles;\n }\n\n @JsonIgnore\n public String getPassword() {\n return password;\n }\n}"
},
{
"path": "apps/account-svc/src/main/java/com/thomasdarimont/keycloak/training/accounts/UserRepository.java",
"content": "package com.thomasdarimont.keycloak.training.accounts;\n\nimport com.thomasdarimont.keycloak.training.accounts.UserResource.UserSearchInput;\nimport jakarta.inject.Singleton;\nimport lombok.extern.jbosslog.JBossLog;\n\nimport java.util.ArrayList;\nimport java.util.EnumSet;\nimport java.util.List;\nimport java.util.Optional;\nimport java.util.UUID;\nimport java.util.stream.Stream;\n\n@Singleton\n@JBossLog\nclass UserRepository {\n\n private static final List USERS = new ArrayList<>();\n\n public UserRepository() {\n USERS.add(newUser(\"1\", \"bugs\", \"password\", \"bugs.bunny@acme.com\", true, \"Bugs\", \"Bunny\", true, List.of(\"staff\")));\n USERS.add(newUser(\"2\", \"daffy\", \"password\", \"duffy.duck@acme.com\", true, \"Duffy\", \"Duck\", true, List.of(\"staff\")));\n USERS.add(newUser(\"3\", \"porky\", \"password\", \"porky.pig@acme.com\", false, \"Porky\", \"Pig\", false, List.of(\"staff\")));\n USERS.add(newUser(\"4\", \"taz\", \"password\", \"taz.devil@acme.com\", false, \"Taz\", \"Devil\", true, List.of(\"staff\")));\n USERS.add(newUser(\"5\", \"sylvester\", \"password\", \"sylvester.cat@acme.com\",false, \"Sylvester\", \"Cat\", false, List.of(\"staff\")));\n USERS.add(newUser(\"6\", \"marvin\", \"password\", \"marvin.martian@acme.com\", false, \"Marvin\", \"Martian\", false, List.of(\"staff\")));\n USERS.add(newUser(\"7\", \"wile\", \"password\", \"wile.e.coyote@acme.com\", false, \"Wile\", \"Coyote\", false, null));\n }\n\n private static User newUser(String idSeed, String username, String password, String email, boolean emailVerified, String firstname, String lastname, boolean enabled, List roles) {\n return new User(UUID.nameUUIDFromBytes(idSeed.getBytes()).toString(), username, password, email, emailVerified, firstname, lastname, enabled, roles);\n }\n\n public List findAll() {\n log.info(\"findAll\");\n return USERS;\n }\n\n public int count() {\n log.info(\"count\");\n return USERS.size();\n }\n\n public User findById(String id) {\n log.infof(\"findById id=%s\", id);\n return USERS.stream().filter(user -> user.getId().equalsIgnoreCase(id)).findFirst().orElse(null);\n }\n\n public User findByUsernameOrEmail(String username) {\n log.infof(\"findByUsernameOrEmail username=%s\", username);\n return getByUsername(username).or(() -> getByEmail(username)).orElse(null);\n }\n\n public Optional getByUsername(String username) {\n log.infof(\"getByUsername username=%s\", username);\n return USERS.stream().filter(user -> user.getUsername().equalsIgnoreCase(username)).findFirst();\n }\n\n public Optional getByEmail(String email) {\n log.infof(\"getByEmail email=%s\", email);\n return USERS.stream().filter(user -> user.getEmail().equalsIgnoreCase(email)).findFirst();\n }\n\n List findUsers(String query) {\n log.infof(\"findUsers query=%s\", query);\n return USERS.stream().filter(user -> query.equalsIgnoreCase(\"*\") || user.getUsername().contains(query) || user.getEmail().contains(query)).toList();\n }\n\n public boolean validatePassword(String id, String password) {\n log.infof(\"validatePassword id=%s password=%s\", id, password);\n return findById(id).getPassword().equals(password);\n }\n\n public boolean updatePassword(String id, String password) {\n log.infof(\"updatePassword id=%s password=%s\", id, password);\n findById(id).setPassword(password);\n return true;\n }\n\n public void createUser(User user) {\n log.infof(\"createUser user=%s\", user.toString());\n user.setId(UUID.randomUUID().toString());\n user.setCreated(System.currentTimeMillis());\n USERS.add(user);\n }\n\n public void updateUser(User user) {\n log.infof(\"updateUser user=%s\", user.toString());\n User existing = findByUsernameOrEmail(user.getUsername());\n existing.setEmail(user.getEmail());\n existing.setFirstname(user.getFirstname());\n existing.setLastname(user.getLastname());\n existing.setEnabled(user.isEnabled());\n }\n\n public boolean removeUser(String id) {\n log.infof(\"removeUser id=%s\", id);\n return USERS.removeIf(p -> p.getId().equals(id));\n }\n\n public List search(String search, Integer firstResult, Integer maxResults, EnumSet options) {\n log.infof(\"search search=%s firstResult=%s maxResults=%s options=%s\", search, firstResult, maxResults, options);\n return searchInternal(search, firstResult, maxResults, options).toList();\n }\n\n public int searchForCount(String search, Integer firstResult, Integer maxResults, EnumSet options) {\n log.infof(\"searchForCount search=%s firstResult=%s maxResults=%s options=%s\", search, firstResult, maxResults, options);\n return (int) searchInternal(search, firstResult, maxResults, options).count();\n }\n\n private static Stream searchInternal(String search, Integer firstResult, Integer maxResults, EnumSet options) {\n\n if (search == null) {\n return Stream.empty();\n }\n\n var exact = search.startsWith(\"'\") && search.endsWith(\"'\");\n var exactSearch = exact ? search.substring(1, search.length() - 1) : search;\n\n final String searchMode;\n if (exact) {\n searchMode = \"exact\";\n } else if (search.trim().equals(\"*\")) {\n searchMode = \"wildcard\";\n } else {\n searchMode = \"contains\";\n }\n\n log.infof(\"searchInternal search=%s firstResult=%s maxResults=%s options=%s searchMode=%s\", search, firstResult, maxResults, options, searchMode);\n\n Stream stream = USERS.stream() //\n .filter(u -> switch (searchMode) {\n case \"exact\" -> u.getUsername().equals(exactSearch) || u.getEmail().equals(exactSearch);\n case \"contains\" -> u.getUsername().contains(search) || u.getEmail().contains(search);\n default /* wildcard / null */ -> true;\n }) //\n .filter(user -> !user.getUsername().startsWith(\"service-account-\") || options.contains(UserSearchInput.UserSearchOption.INCLUDE_SERVICE_ACCOUNTS)) //\n ;\n\n if (firstResult != null) {\n stream = stream.skip(firstResult);\n }\n\n if (maxResults != null) {\n stream = stream.limit(maxResults);\n }\n\n return stream;\n }\n}\n"
},
{
"path": "apps/account-svc/src/main/java/com/thomasdarimont/keycloak/training/accounts/UserResource.java",
"content": "package com.thomasdarimont.keycloak.training.accounts;\n\nimport jakarta.ws.rs.Consumes;\nimport jakarta.ws.rs.GET;\nimport jakarta.ws.rs.POST;\nimport jakarta.ws.rs.Path;\nimport jakarta.ws.rs.PathParam;\nimport jakarta.ws.rs.Produces;\nimport jakarta.ws.rs.core.MediaType;\nimport lombok.Data;\nimport lombok.RequiredArgsConstructor;\nimport lombok.extern.jbosslog.JBossLog;\n\nimport java.util.EnumSet;\nimport java.util.List;\n\n@JBossLog\n@Path(\"/api/users\")\n@Consumes(MediaType.APPLICATION_JSON)\n@Produces(MediaType.APPLICATION_JSON)\n@RequiredArgsConstructor\npublic class UserResource {\n\n private final UserRepository users;\n\n @GET\n public List userList() {\n return users.findAll();\n }\n\n @GET\n @Path(\"{userId}\")\n public User userById(@PathParam(\"userId\") String userId) {\n return users.findById(userId);\n }\n\n\n @POST\n @Path(\"/lookup/username\")\n public User lookupUserByUsername(UserLookupInput search) {\n return users.getByUsername(search.getUsername()).orElse(null);\n }\n\n @POST\n @Path(\"/lookup/email\")\n public User lookupUserByEmail(UserLookupInput search) {\n return users.getByEmail(search.getEmail()).orElse(null);\n }\n\n @POST\n @Path(\"/{userId}/credentials/verify\")\n public VerifyCredentialsOutput verifyCredentials(@PathParam(\"userId\") String userId, VerifyCredentialsInput input) {\n VerifyCredentialsOutput output = verify(userId, input);\n log.infof(\"verifyCredentials output=%s\", output);\n return output;\n }\n\n @POST\n @Path(\"/search\")\n public UserSearchOutput searchUsers(UserSearchInput search) {\n\n if (search.getOptions().contains(UserSearchInput.UserSearchOption.COUNT_ONLY)) {\n int count = users.searchForCount(search.getSearch(), search.getFirstResult(), search.getMaxResults(), search.getOptions());\n return new UserSearchOutput(null, count);\n }\n\n var output = users.search(search.getSearch(), search.getFirstResult(), search.getMaxResults(), search.getOptions());\n log.infof(\"searchUsers output=%s\", output);\n return new UserSearchOutput(output, output.size());\n }\n\n private VerifyCredentialsOutput verify(String userId, VerifyCredentialsInput input) {\n return new VerifyCredentialsOutput(users.validatePassword(userId, input.getPassword()));\n }\n\n @Data\n public static class UserLookupInput {\n String username;\n\n String email;\n }\n\n @Data\n public static class UserSearchInput {\n\n private String search;\n private Integer firstResult;\n private Integer maxResults;\n\n private EnumSet options;\n\n public enum UserSearchOption {\n COUNT_ONLY, //\n\n INCLUDE_SERVICE_ACCOUNTS, //\n }\n }\n\n @Data\n public static class UserSearchOutput {\n\n private final List users;\n\n private final int count;\n }\n\n @Data\n public static class VerifyCredentialsInput {\n String password;\n }\n\n @Data\n public static class VerifyCredentialsOutput {\n private final boolean valid;\n }\n\n}\n"
},
{
"path": "apps/account-svc/src/main/resources/application.properties",
"content": "quarkus.container-image.build=true \nquarkus.container-image.group=training\nquarkus.container-image.name=account-svc\nquarkus.container-image.tag=latest\nquarkus.jib.ports=7070\nquarkus.http.port=7070\nquarkus.http.host=0.0.0.0"
},
{
"path": "apps/acme-account-console/index.html",
"content": "\n\n\n \n\n Acme Account Console\n\n \n\n\n\n\n
\n\n"
},
{
"path": "apps/backend-api-quarkus/src/main/resources/application.properties",
"content": "quarkus.http.port=4500\n\n# Allows access via host.docker.internal from container\nquarkus.http.host=0.0.0.0\n\nquarkus.http.ssl-port=4543\nquarkus.http.ssl.certificate.files=../../config/stage/dev/tls/acme.test+1.pem\nquarkus.http.ssl.certificate.key-files=../../config/stage/dev/tls/acme.test+1-key.pem\n\nquarkus.http.cors=true\nquarkus.http.cors.origins=https://apps.acme.test:4443\nquarkus.http.cors.headers=accept, origin, authorization, content-type, x-requested-with\nquarkus.http.cors.methods=GET,POST,OPTIONS\n\nquarkus.log.category.\"io.smallrye.jwt.auth.principal\".level=DEBUG\n\n# Note: If you need to fetch the certificate info from an https JWKS uri, then\n# you need to import the certificate of the acme.issuer.uri into your JVM truststore, e.g:\n# ~/.sdkman/candidates/java/11.0.11.hs-adpt/bin/keytool -import -noprompt -cacerts -storepass changeit -file config/stage/dev/tls/acme.test+1.pem\n\n# see https://quarkus.io/guides/security-jwt\nmp.jwt.verify.publickey.location=${acme.issuer.uri}/protocol/openid-connect/certs\nmp.jwt.verify.publickey.algorithm=RS256\nmp.jwt.verify.issuer=${acme.issuer.uri}\n\nacme.issuer.uri=https://id.acme.test:8443/auth/realms/acme-internal\n\n# see https://stackoverflow.com/questions/63347673/quarkus-native-image-load-a-pkcs12-file-at-runtime\nquarkus.native.enable-all-security-services=true\n\nquarkus.package.type=fast-jar"
},
{
"path": "apps/backend-api-rust-actix/.gitignore",
"content": "/target\n"
},
{
"path": "apps/backend-api-rust-actix/Cargo.toml",
"content": "[package]\nname = \"backend-api-rust-actix\"\nversion = \"0.1.0\"\nedition = \"2021\"\nauthors = [\"Thomas Darimont \"]\n\n# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html\n\n[dependencies]\nactix-web = { version = \"4.3.1\", features = [\"openssl\"] }\nactix-cors = \"0.6.4\"\nactix-4-jwt-auth = \"0.4.2\" # TODO update to 1.0.0\nopenssl = \"0.10.48\"\nserde = { version = \"1.0.159\", features = [\"derive\"] }\nserde_json = { version = \"1.0.95\" }\nchrono = \"0.4.24\"\nenv_logger = \"0.10.0\"\n\n[dev-dependencies]\n# cargo +nightly watch --quiet --clear --exec run\ncargo-watch = \"8.4.0\""
},
{
"path": "apps/backend-api-rust-actix/rustfmt.toml",
"content": "max_width = 120"
},
{
"path": "apps/backend-api-rust-actix/rustup-toolchain.toml",
"content": "[toolchain]\nchannel = \"nightly\""
},
{
"path": "apps/backend-api-rust-actix/src/api/me_info.rs",
"content": "use crate::middleware::jwt_auth::FoundClaims;\nuse actix_4_jwt_auth::AuthenticatedUser;\nuse actix_web::{get, HttpResponse};\nuse chrono::Utc;\nuse serde::Serialize;\n\n#[derive(Serialize)]\nstruct MeInfo {\n pub message: String,\n pub backend: String,\n pub datetime: String,\n}\n\n#[derive(Serialize)]\nstruct ErrorInfo {\n pub code: String,\n}\n\n#[get(\"/api/users/me\")]\npub async fn handle_me_info(user: AuthenticatedUser) -> HttpResponse {\n if !user.claims.has_scope(\"email\") {\n return HttpResponse::Forbidden().json(ErrorInfo {\n code: \"invalid_scope\".into(),\n });\n }\n\n let username = user.claims.preferred_username.unwrap_or(\"anonymous\".into());\n let obj = MeInfo {\n message: format!(\"Hello, {}!\", username),\n backend: \"rust-actix\".into(),\n datetime: Utc::now().to_string(),\n };\n HttpResponse::Ok().json(obj)\n}\n"
},
{
"path": "apps/backend-api-rust-actix/src/api/mod.rs",
"content": "pub mod me_info;\n"
},
{
"path": "apps/backend-api-rust-actix/src/config.rs",
"content": "use std::env;\npub struct Config {\n pub server_bind_addr: String,\n pub cert_location: String,\n pub key_location: String,\n pub oidc_issuer: String,\n pub allowed_cors_origin: String,\n pub log_level_default: String,\n}\n\nimpl Config {\n pub fn from_environment_with_defaults() -> Self {\n Self {\n server_bind_addr: env::var(\"SERVER_BIND_ADDRESS\").unwrap_or(\"127.0.0.1:4863\".into()),\n cert_location: env::var(\"CERT_LOCATION\").unwrap_or(\"../../config/stage/dev/tls/acme.test+1.pem\".into()),\n key_location: env::var(\"KEY_LOCATION\").unwrap_or(\"../../config/stage/dev/tls/acme.test+1-key.pem\".into()),\n oidc_issuer: env::var(\"OIDC_ISSUER\")\n .unwrap_or(\"https://id.acme.test:8443/auth/realms/acme-internal\".into()),\n allowed_cors_origin: env::var(\"ALLOWED_CORS_ORIGIN\").unwrap_or(\"https://apps.acme.test:4443\".into()),\n log_level_default: env::var(\"LOG_LEVEL_DEFAULT\").unwrap_or(\"info\".into()),\n }\n }\n}\n"
},
{
"path": "apps/backend-api-rust-actix/src/main.rs",
"content": "#![feature(decl_macro)]\n\nuse actix_web::middleware::Logger;\nuse actix_web::{App, HttpServer};\n\nmod api;\nmod config;\nmod middleware;\n\n#[actix_web::main]\nasync fn main() -> std::io::Result<()> {\n let config = config::Config::from_environment_with_defaults();\n\n env_logger::init_from_env(env_logger::Env::new().default_filter_or(&config.log_level_default));\n\n let ssl_acceptor_builder =\n middleware::ssl::create_ssl_acceptor_builder(&config.cert_location, &config.key_location);\n let oidc_jwt_validator = middleware::jwt_auth::create_oidc_jwt_validator(config.oidc_issuer).await;\n\n HttpServer::new(move || {\n let cors = middleware::cors::create_cors_config(config.allowed_cors_origin.clone());\n\n App::new()\n // see https://actix.rs/actix-web/actix_web/middleware/struct.Logger.html\n .wrap(Logger::new(\"%a \\\"%r\\\" %s %b \\\"%{Referer}i\\\" %T\"))\n .wrap(cors)\n .app_data(oidc_jwt_validator.clone())\n .service(api::me_info::handle_me_info)\n })\n .bind_openssl(config.server_bind_addr, ssl_acceptor_builder)?\n .run()\n .await\n}\n"
},
{
"path": "apps/backend-api-rust-actix/src/middleware/cors.rs",
"content": "use actix_cors::Cors;\nuse actix_web::http::header;\n\npub fn create_cors_config(allowed_origin: String) -> Cors {\n Cors::default()\n .allowed_origin_fn(move |header, _request| {\n return header.as_bytes().ends_with(allowed_origin.as_bytes());\n })\n .allowed_methods(vec![\"GET\", \"POST\"])\n .allowed_headers(vec![header::AUTHORIZATION, header::ACCEPT])\n .allowed_header(header::CONTENT_TYPE)\n .supports_credentials()\n .max_age(3600)\n}\n"
},
{
"path": "apps/backend-api-rust-actix/src/middleware/jwt_auth.rs",
"content": "use actix_4_jwt_auth::{OIDCValidator, OIDCValidatorConfig};\nuse actix_web::rt::task;\nuse serde::Deserialize;\nuse serde_json::Value;\nuse std::collections::BTreeMap as Map;\n\n#[derive(Debug, Deserialize)]\npub struct FoundClaims {\n pub iat: usize,\n pub exp: usize,\n pub iss: String,\n pub sub: String,\n pub scope: String,\n pub preferred_username: Option,\n\n #[serde(flatten)]\n pub other: Map,\n}\n\nimpl FoundClaims {\n pub fn has_scope(&self, scope: &str) -> bool {\n self.scope.split_ascii_whitespace().any(|s| s == scope)\n }\n}\n\npub async fn create_oidc_jwt_validator(issuer: String) -> OIDCValidatorConfig {\n task::spawn_blocking(move || {\n let validator = OIDCValidator::new_from_issuer(issuer.clone()).unwrap();\n OIDCValidatorConfig { issuer, validator }\n })\n .await\n .unwrap()\n}\n"
},
{
"path": "apps/backend-api-rust-actix/src/middleware/mod.rs",
"content": "pub mod cors;\npub mod jwt_auth;\npub mod ssl;\n"
},
{
"path": "apps/backend-api-rust-actix/src/middleware/ssl.rs",
"content": "use openssl::ssl::{SslAcceptor, SslAcceptorBuilder, SslFiletype, SslMethod};\n\npub fn create_ssl_acceptor_builder(cert_location: &str, key_location: &str) -> SslAcceptorBuilder {\n let mut builder = SslAcceptor::mozilla_intermediate(SslMethod::tls()).unwrap();\n builder.set_private_key_file(key_location, SslFiletype::PEM).unwrap();\n builder.set_certificate_chain_file(cert_location).unwrap();\n builder\n}\n"
},
{
"path": "apps/backend-api-rust-rocket/.gitignore",
"content": "/target\n.idea/\n.DS_Store\n"
},
{
"path": "apps/backend-api-rust-rocket/.run/Run backend-api-rust-rocket.run.xml",
"content": "\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n"
},
{
"path": "apps/backend-api-rust-rocket/Cargo.toml",
"content": "[package]\nname = \"backend-api-rust-rocket\"\nversion = \"0.1.0\"\nauthors = [\"Thomas Darimont \"]\nedition = \"2021\"\n\n[dependencies]\nserde = { version =\"1.0.157\", features = [\"derive\"]}\nlazy_static = \"1.4.0\"\nlog = \"0.4.17\"\nenv_logger = \"0.10.0\"\nchrono = \"0.4.24\"\njsonwebtoken = \"8.3.0\"\nrocket = { version = \"0.5.0-rc.2\", features = [\"tls\", \"json\", \"serde_json\"] }\nreqwest = { version = \"0.11.14\", features = [\"blocking\", \"json\"] }\n\n[dev-dependencies]\ncargo-watch = \"8.4.0\""
},
{
"path": "apps/backend-api-rust-rocket/README.md",
"content": "# Backend API with JWK authentication based on Rocket (Rust)\n\n## Features\n- Validate JWT issued by Keycloak\n- Validate JWT with JWK from JWKS endpoint\n- Periodically fetch a JWKS Keyset from Keycloak\n- Extract claims from JWT\n\n## Run\n\n```\nROCKET_PROFILE=debug cargo run\n```\n\nBrowse to: https://127.0.0.1:4853\n\n\nThis example is inspired by [maylukas/rust_jwk_example](https://github.com/maylukas/rust_jwk_example)"
},
{
"path": "apps/backend-api-rust-rocket/Rocket.toml",
"content": "# see https://rocket.rs/v0.5-rc/guide/configuration/#overview\n[debug]\naddress = \"127.0.0.1\"\nport = 4853\nworkers = 2\nkeep_alive = 5\nlog_level = \"normal\"\n\nlimits = { forms = 32768 }\n[debug.tls]\ncerts = \"../../config/stage/dev/tls/acme.test+1.pem\"\nkey = \"../../config/stage/dev/tls/acme.test+1-key.pem\"\n"
},
{
"path": "apps/backend-api-rust-rocket/rustfmt.toml",
"content": "edition = \"2021\""
},
{
"path": "apps/backend-api-rust-rocket/rustup-toolchain.toml",
"content": "[toolchain]\nchannel = \"nightly\""
},
{
"path": "apps/backend-api-rust-rocket/src/domain/mod.rs",
"content": "pub mod user;\n"
},
{
"path": "apps/backend-api-rust-rocket/src/domain/user.rs",
"content": "pub struct User {\n pub uid: String,\n pub username: String,\n pub email: String,\n // TODO add other claims\n // TODO add access token\n}\n"
},
{
"path": "apps/backend-api-rust-rocket/src/main.rs",
"content": "//#![feature(proc_macro_hygiene, decl_macro)]\n\n#[macro_use]\nextern crate rocket;\n\nuse rocket::routes;\nuse std::error::Error;\n\nuse crate::domain::user::User;\nuse crate::middleware::auth::jwt::JwtAuth;\nuse chrono::Utc;\nuse rocket::serde::json::Json;\nuse rocket::tokio::task::spawn_blocking;\n\nuse serde::Deserialize;\nuse serde::Serialize;\nuse crate::middleware::logging;\n\npub mod domain;\npub mod middleware;\npub mod support;\n\n#[derive(Serialize, Deserialize)]\npub struct MeInfo {\n pub message: String,\n pub backend: String,\n pub datetime: String,\n}\n\n#[options(\"/api/users/me\")]\nfn options_me_info() {}\n\n#[get(\"/api/users/me\")]\nfn get_me_info(user: User) -> Json {\n log::info!(\"Handle user info request. username={}\", &user.username);\n\n let info = MeInfo {\n datetime: Utc::now().to_string(),\n message: format!(\"Hello, {}!\", user.username),\n backend: String::from(\"rust-rocket\"),\n };\n\n Json(info)\n}\n\n#[rocket::main]\nasync fn main() -> Result<(), Box> {\n\n logging::init_logging();\n\n let auth = spawn_blocking(JwtAuth::new).await?;\n\n let _ = rocket::build()\n .attach(middleware::cors::Cors)\n .mount(\"/\", routes![get_me_info, options_me_info])\n .manage(auth)\n .launch()\n .await?;\n\n Ok(())\n}\n"
},
{
"path": "apps/backend-api-rust-rocket/src/middleware/auth/jwt/auth.rs",
"content": "use crate::middleware::auth::jwt::{fetch_jwks_keys, Claims, JwkKeys, JwtVerifier};\nuse crate::support::scheduling::use_repeating_job;\nuse jsonwebtoken::TokenData;\nuse std::sync::{Arc, Mutex};\nuse std::time::Duration;\nuse log;\n\ntype CleanupFn = Box;\n\npub struct JwtAuth {\n verifier: Arc>,\n cleanup: Mutex,\n}\n\nimpl Drop for JwtAuth {\n fn drop(&mut self) {\n // Stop the update thread when the updater is destructed\n let cleanup_fn = self.cleanup.lock().unwrap();\n cleanup_fn();\n }\n}\n\nimpl JwtAuth {\n pub fn new() -> JwtAuth {\n let jwk_key_result = fetch_jwks_keys();\n let jwk_keys: JwkKeys = match jwk_key_result {\n Ok(keys) => keys,\n Err(_) => {\n panic!(\"Unable to fetch jwt keys! Cannot verify user tokens! Shutting down...\")\n }\n };\n let verifier = Arc::new(Mutex::new(JwtVerifier::new(jwk_keys.keys)));\n\n let mut instance = JwtAuth {\n verifier,\n cleanup: Mutex::new(Box::new(|| {})),\n };\n\n instance.start_key_update();\n instance\n }\n\n pub fn verify(&self, token: &str) -> Option> {\n let verifier = self.verifier.lock().unwrap();\n verifier.verify(token)\n }\n\n fn start_key_update(&mut self) {\n let verifier_ref = Arc::clone(&self.verifier);\n\n let stop = use_repeating_job(move || match fetch_jwks_keys() {\n Ok(jwk_keys) => {\n let mut verifier = verifier_ref.lock().unwrap();\n verifier.set_keys(jwk_keys.keys);\n log::info!(\"Updated JWK keys. Next refresh will be in {:?}\", jwk_keys.validity);\n jwk_keys.validity\n }\n Err(_) => Duration::from_secs(10),\n });\n\n let mut cleanup = self.cleanup.lock().unwrap();\n *cleanup = stop;\n }\n}\n\nimpl Default for JwtAuth {\n fn default() -> Self {\n Self::new()\n }\n}\n"
},
{
"path": "apps/backend-api-rust-rocket/src/middleware/auth/jwt/claims.rs",
"content": "use rocket::serde::json::serde_json;\nuse std::collections::HashMap;\n\npub type Claims = HashMap;\n"
},
{
"path": "apps/backend-api-rust-rocket/src/middleware/auth/jwt/config.rs",
"content": "use crate::middleware;\n\n#[derive(Debug)]\npub struct JwtConfig {\n pub jwk_url: String,\n pub audience: String,\n // TODO ADD support for multiple issuers via HashSet\n pub issuer: String,\n}\n\npub fn get_config() -> JwtConfig {\n JwtConfig {\n jwk_url: middleware::expect_env_var(\n \"JWK_URL\",\n \"https://id.acme.test:8443/auth/realms/acme-internal/protocol/openid-connect/certs\",\n ),\n audience: middleware::expect_env_var(\"JWK_AUDIENCE\", \"app-minispa\"),\n issuer: middleware::expect_env_var(\n \"JWK_ISSUER\",\n \"https://id.acme.test:8443/auth/realms/acme-internal\",\n ),\n }\n}\n"
},
{
"path": "apps/backend-api-rust-rocket/src/middleware/auth/jwt/get_max_age.rs",
"content": "use reqwest::blocking::Response;\nuse reqwest::header::HeaderValue;\nuse std::time::Duration;\n\npub enum MaxAgeParseError {\n NoMaxAgeSpecified,\n NoCacheControlHeader,\n MaxAgeValueEmpty,\n NonNumericMaxAge,\n}\n\n// Determines the max age of an HTTP response\npub fn get_max_age(response: &Response) -> Result {\n let headers = response.headers();\n let header = headers.get(\"Cache-Control\");\n\n match header {\n Some(header_value) => parse_cache_control_header(header_value),\n None => Err(MaxAgeParseError::NoCacheControlHeader),\n }\n}\n\nfn parse_max_age_value(cache_control_value: &str) -> Result {\n let tokens: Vec<&str> = cache_control_value.split(',').collect();\n for token in tokens {\n let key_value: Vec<&str> = token.split('=').map(|s| s.trim()).collect();\n let key = key_value.first().unwrap();\n let val = key_value.get(1);\n\n if String::from(\"max-age\").eq(&key.to_lowercase()) {\n match val {\n Some(value) => {\n return Ok(Duration::from_secs(\n value\n .parse()\n .map_err(|_| MaxAgeParseError::NonNumericMaxAge)?,\n ))\n }\n None => return Err(MaxAgeParseError::MaxAgeValueEmpty),\n }\n }\n }\n Err(MaxAgeParseError::NoMaxAgeSpecified)\n}\n\nfn parse_cache_control_header(header_value: &HeaderValue) -> Result {\n match header_value.to_str() {\n Ok(string_value) => parse_max_age_value(string_value),\n Err(_) => Err(MaxAgeParseError::NoCacheControlHeader),\n }\n}\n"
},
{
"path": "apps/backend-api-rust-rocket/src/middleware/auth/jwt/jwks.rs",
"content": "use crate::middleware::auth::jwt;\nuse crate::middleware::auth::jwt::get_max_age::get_max_age;\nuse crate::middleware::auth::jwt::JwtConfig;\nuse serde::Deserialize;\nuse std::error::Error;\nuse std::time::Duration;\n\n#[derive(Debug, Deserialize)]\nstruct KeyResponse {\n keys: Vec,\n}\n\n#[derive(Debug, Deserialize, Eq, PartialEq)]\npub struct JwkKey {\n pub e: String,\n pub alg: String,\n pub kty: String,\n pub kid: String,\n pub n: String,\n}\n\n#[derive(Debug, Deserialize, Eq, PartialEq)]\npub struct JwkKeys {\n pub keys: Vec,\n pub validity: Duration,\n}\n\n// TODO make JWKS fetch FALLBACK_TIMEOUT configurable\nconst FALLBACK_TIMEOUT: Duration = Duration::from_secs(300);\n\npub fn fetch_keys_for_config(config: &JwtConfig) -> Result> {\n log::info!(\"Fetching JWKS Keys from URL={}\", &config.jwk_url);\n let http_response = reqwest::blocking::get::<>(&config.jwk_url).unwrap();\n let max_age = get_max_age(&http_response).unwrap_or(FALLBACK_TIMEOUT);\n let result = Ok(http_response.json::().unwrap());\n\n result.map(|res| JwkKeys {\n keys: res.keys,\n validity: max_age,\n })\n}\n\npub fn fetch_jwks_keys() -> Result> {\n return fetch_keys_for_config(&jwt::get_config());\n}\n"
},
{
"path": "apps/backend-api-rust-rocket/src/middleware/auth/jwt/mod.rs",
"content": "mod auth;\nmod claims;\nmod config;\nmod jwks;\nmod get_max_age;\nmod verifier;\n\npub use auth::*;\npub use claims::*;\npub use config::*;\npub use jwks::*;\npub use verifier::*;\n"
},
{
"path": "apps/backend-api-rust-rocket/src/middleware/auth/jwt/verifier.rs",
"content": "use crate::middleware::auth::jwt;\nuse crate::middleware::auth::jwt::claims::Claims;\nuse crate::middleware::auth::jwt::{JwkKey, JwtConfig};\nuse jsonwebtoken::decode_header;\nuse jsonwebtoken::TokenData;\nuse jsonwebtoken::{decode, Algorithm, DecodingKey, Validation};\nuse std::collections::HashMap;\nuse std::str::FromStr;\n\nenum VerificationError {\n InvalidSignature,\n UnknownKeyAlgorithm,\n}\n\n#[derive(Debug)]\npub struct JwtVerifier {\n keys: HashMap,\n config: JwtConfig,\n}\n\nfn keys_to_map(keys: Vec) -> HashMap {\n let mut keys_as_map = HashMap::new();\n for key in keys {\n keys_as_map.insert(String::clone(&key.kid), key);\n }\n keys_as_map\n}\n\nimpl JwtVerifier {\n pub fn new(keys: Vec) -> JwtVerifier {\n JwtVerifier {\n keys: keys_to_map(keys),\n config: jwt::get_config(),\n }\n }\n\n pub fn verify(&self, token: &str) -> Option> {\n let token_kid = match decode_header(token).map(|header| header.kid) {\n Ok(Some(header)) => header,\n _ => return None,\n };\n\n let jwk_key = match self.get_key(token_kid) {\n Some(key) => key,\n _ => return None,\n };\n\n match self.decode_token_with_key(jwk_key, token) {\n Ok(token_data) => Some(token_data),\n _ => None,\n }\n }\n\n pub fn set_keys(&mut self, keys: Vec) {\n self.keys = keys_to_map(keys);\n }\n\n fn get_key(&self, key_id: String) -> Option<&JwkKey> {\n self.keys.get(&key_id)\n }\n\n fn decode_token_with_key(\n &self,\n key: &JwkKey,\n token: &str,\n ) -> Result, VerificationError> {\n // TODO ensure that \"none\" algorithm cannot be used!\n let algorithm = match Algorithm::from_str(&key.alg) {\n Ok(alg) => alg,\n Err(_error) => return Err(VerificationError::UnknownKeyAlgorithm),\n };\n\n let mut validation = Validation::new(algorithm);\n // TODO make audience validation configurable (enable / disable)\n // TODO make allowed audience configurable\n // validation.set_audience(&[&self.middleware.audience]);\n\n // TODO adapt to support multiple issuers\n let mut issuers = std::collections::HashSet::new();\n issuers.insert(self.config.issuer.clone());\n validation.iss = Some(issuers);\n\n let key = DecodingKey::from_rsa_components(&key.n, &key.e).unwrap();\n decode::(token, &key, &validation)\n .map_err(|_| VerificationError::InvalidSignature)\n }\n}\n"
},
{
"path": "apps/backend-api-rust-rocket/src/middleware/auth/jwt_auth_request_guard.rs",
"content": "use crate::domain::user::User;\nuse crate::middleware::auth::jwt::JwtAuth;\nuse rocket::http::Status;\nuse rocket::outcome::Outcome;\nuse rocket::request;\nuse rocket::request::FromRequest;\nuse rocket::Request;\nuse rocket::State;\n\n#[derive(Debug)]\npub enum AuthError {\n InvalidJwt,\n NoAuthorizationHeader,\n MultipleKeysProvided,\n NoJwkVerifier,\n}\n\nfn get_token_from_header(header: &str) -> Option {\n let prefix_len = \"Bearer \".len();\n\n match header.len() {\n l if l < prefix_len => None,\n _ => Some(header[prefix_len..].to_string()),\n }\n}\n\nfn verify_token(token: &str, auth: &JwtAuth) -> request::Outcome {\n let verified_token = auth.verify(token);\n\n // TODO externalize claims to JWT User conversion\n let maybe_user = verified_token.map(|token| User {\n\n // TODO use more idiomatic value conversion here\n\n uid: token\n .claims\n .get(\"sub\")\n .unwrap()\n .as_str()\n .unwrap()\n .to_string(),\n username: token\n .claims\n .get(\"preferred_username\")\n .unwrap()\n .as_str()\n .unwrap()\n .to_string(),\n email: token\n .claims\n .get(\"email\")\n .unwrap()\n .as_str()\n .unwrap()\n .to_string(),\n });\n match maybe_user {\n Some(user) => Outcome::Success(user),\n None => Outcome::Failure((Status::BadRequest, AuthError::InvalidJwt)),\n }\n}\n\nfn parse_and_verify_auth_header(header: &str, auth: &JwtAuth) -> request::Outcome {\n let maybe_token = get_token_from_header(header);\n\n match maybe_token {\n Some(token) => verify_token(&token, auth),\n None => Outcome::Failure((Status::Unauthorized, AuthError::InvalidJwt)),\n }\n}\n\n#[rocket::async_trait]\nimpl<'r> FromRequest<'r> for User {\n type Error = AuthError;\n\n async fn from_request(request: &'r Request<'_>) -> request::Outcome {\n let auth_headers: Vec<_> = request.headers().get(\"Authorization\").collect();\n let configured_auth = request.guard::<&'r State>();\n\n match configured_auth.await {\n Outcome::Success(auth) => match auth_headers.len() {\n 0 => Outcome::Failure((Status::Unauthorized, AuthError::NoAuthorizationHeader)),\n 1 => parse_and_verify_auth_header(auth_headers[0], auth),\n _ => Outcome::Failure((Status::BadRequest, AuthError::MultipleKeysProvided)),\n },\n _ => Outcome::Failure((Status::InternalServerError, AuthError::NoJwkVerifier)),\n }\n }\n}\n\n#[cfg(test)]\nmod describe {\n #[test]\n fn test_extract_token() {\n let token = super::get_token_from_header(\"Bearer token_string\");\n assert_eq!(Some(\"token_string\".to_string()), token)\n }\n\n #[test]\n fn test_extract_token_too_short() {\n assert_eq!(None, super::get_token_from_header(&\"Bear\".to_string()));\n assert_eq!(None, super::get_token_from_header(&\"Bearer\".to_string()))\n }\n}\n"
},
{
"path": "apps/backend-api-rust-rocket/src/middleware/auth/mod.rs",
"content": "pub mod jwt;\nmod jwt_auth_request_guard;\npub use jwt_auth_request_guard::*;\n"
},
{
"path": "apps/backend-api-rust-rocket/src/middleware/cors/cors.rs",
"content": "use rocket::fairing::Fairing;\nuse rocket::fairing::Info;\nuse rocket::fairing::Kind;\nuse rocket::http::Header;\nuse rocket::Request;\nuse rocket::Response;\n\npub struct Cors;\n\n#[rocket::async_trait]\nimpl Fairing for Cors {\n fn info(&self) -> Info {\n Info {\n name: \"Attaching CORS headers to responses\",\n kind: Kind::Response,\n }\n }\n\n async fn on_response<'r>(&self, _request: &'r Request<'_>, response: &mut Response<'r>) {\n // TODO make cors configurable\n response.set_header(Header::new(\"Access-Control-Allow-Origin\", \"*\"));\n response.set_header(Header::new(\n \"Access-Control-Allow-Methods\",\n \"POST, GET, PATCH, OPTIONS\",\n ));\n response.set_header(Header::new(\"Access-Control-Allow-Headers\", \"*\"));\n response.set_header(Header::new(\"Access-Control-Allow-Credentials\", \"true\"));\n }\n}\n"
},
{
"path": "apps/backend-api-rust-rocket/src/middleware/cors/mod.rs",
"content": "pub mod cors;\n\npub use cors::*;\n"
},
{
"path": "apps/backend-api-rust-rocket/src/middleware/logging/logging.rs",
"content": "use chrono::Local;\nuse env_logger::Builder;\nuse log;\nuse log::LevelFilter;\nuse std::io::Write;\n\npub fn init_logging() {\n Builder::new()\n .format(|buf, record| {\n writeln!(buf,\n \"{} [{}] - {}\",\n Local::now().format(\"%Y-%m-%dT%H:%M:%S\"),\n record.level(),\n record.args()\n )\n })\n .filter(None, LevelFilter::Info)\n .init();\n}\n"
},
{
"path": "apps/backend-api-rust-rocket/src/middleware/logging/mod.rs",
"content": "pub mod logging;\n\npub use logging::*;\n"
},
{
"path": "apps/backend-api-rust-rocket/src/middleware/mod.rs",
"content": "use std::env;\n\npub mod auth;\npub mod cors;\npub mod logging;\n\n#[cfg(debug_assertions)]\npub fn expect_env_var(name: &str, default: &str) -> String {\n env::var(name).unwrap_or(String::from(default))\n}\n\n#[cfg(not(debug_assertions))]\npub fn expect_env_var(name: &str, _default: &str) -> String {\n return env::var(name).expect(&format!(\n \"Environment variable {name} is not defined\",\n name = name\n ));\n}\n"
},
{
"path": "apps/backend-api-rust-rocket/src/support/mod.rs",
"content": "pub mod scheduling;\n"
},
{
"path": "apps/backend-api-rust-rocket/src/support/scheduling/mod.rs",
"content": "pub mod use_repeating_job;\n\npub use use_repeating_job::*;\n"
},
{
"path": "apps/backend-api-rust-rocket/src/support/scheduling/use_repeating_job.rs",
"content": "use std::sync::mpsc::{self, TryRecvError};\nuse std::thread;\nuse std::time::Duration;\n\ntype Delay = Duration;\ntype Cancel = Box;\n\n// Runs a given closure as a repeating job until the cancel callback is invoked.\n// The jobs are run with a delay returned by the closure execution.\npub fn use_repeating_job(job: F) -> Cancel\nwhere\n F: Fn() -> Delay,\n F: Send + 'static,\n{\n let (shutdown_tx, shutdown_rx) = mpsc::channel();\n\n thread::spawn(move || loop {\n let delay = job();\n thread::sleep(delay);\n\n if let Ok(_) | Err(TryRecvError::Disconnected) = shutdown_rx.try_recv() {\n break;\n }\n });\n\n Box::new(move || {\n println!(\"Stopping...\");\n let _ = shutdown_tx.send(\"stop\");\n })\n}\n"
},
{
"path": "apps/backend-api-rust-rocket/tests/fetch_keys.rs",
"content": "use jwk_example::fetch_keys_for_config;\nuse jwk_example::JwkConfiguration;\nuse jwk_example::JwkKey;\n\nfn assert_is_valid_key(key: &JwkKey) {\n assert!(key.kid.len() > 0);\n assert!(key.n.len() > 0);\n assert!(key.e.len() > 0);\n assert!(key.kty.len() > 0);\n assert!(key.alg.len() > 0);\n}\n\n#[test]\nfn test_fetch_keys() {\n let config = JwkConfiguration {\n jwk_url: String::from(\"https://www.googleapis.com/service_accounts/v1/jwt/securetoken@system.gserviceaccount.com\"),\n audience: String::from(\"tracking-app-dev-271418\"),\n issuer: String::from(\"https://securetoken.google.com/tracking-app-dev-271418\")\n };\n let result = fetch_keys_for_config(&config).expect(\"Did not fetch keys\");\n assert_eq!(2, result.keys.len());\n assert_is_valid_key(result.keys.get(0).expect(\"\"));\n assert_is_valid_key(result.keys.get(1).expect(\"\"));\n}\n"
},
{
"path": "apps/backend-api-springboot/.gitignore",
"content": "HELP.md\ntarget/\n!.mvn/wrapper/maven-wrapper.jar\n!**/src/main/**/target/\n!**/src/test/**/target/\n\n### STS ###\n.apt_generated\n.classpath\n.factorypath\n.project\n.settings\n.springBeans\n.sts4-cache\n\n### IntelliJ IDEA ###\n.idea\n*.iws\n*.iml\n*.ipr\n\n### NetBeans ###\n/nbproject/private/\n/nbbuild/\n/dist/\n/nbdist/\n/.nb-gradle/\nbuild/\n!**/src/main/**/build/\n!**/src/test/**/build/\n\n### VS Code ###\n.vscode/\n"
},
{
"path": "apps/backend-api-springboot/.mvn/wrapper/MavenWrapperDownloader.java",
"content": "/*\n * Copyright 2007-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * https://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport java.net.*;\nimport java.io.*;\nimport java.nio.channels.*;\nimport java.util.Properties;\n\npublic class MavenWrapperDownloader {\n\n private static final String WRAPPER_VERSION = \"0.5.6\";\n /**\n * Default URL to download the maven-wrapper.jar from, if no 'downloadUrl' is provided.\n */\n private static final String DEFAULT_DOWNLOAD_URL = \"https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/\"\n + WRAPPER_VERSION + \"/maven-wrapper-\" + WRAPPER_VERSION + \".jar\";\n\n /**\n * Path to the maven-wrapper.properties file, which might contain a downloadUrl property to\n * use instead of the default one.\n */\n private static final String MAVEN_WRAPPER_PROPERTIES_PATH =\n \".mvn/wrapper/maven-wrapper.properties\";\n\n /**\n * Path where the maven-wrapper.jar will be saved to.\n */\n private static final String MAVEN_WRAPPER_JAR_PATH =\n \".mvn/wrapper/maven-wrapper.jar\";\n\n /**\n * Name of the property which should be used to override the default download url for the wrapper.\n */\n private static final String PROPERTY_NAME_WRAPPER_URL = \"wrapperUrl\";\n\n public static void main(String args[]) {\n System.out.println(\"- Downloader started\");\n File baseDirectory = new File(args[0]);\n System.out.println(\"- Using base directory: \" + baseDirectory.getAbsolutePath());\n\n // If the maven-wrapper.properties exists, read it and check if it contains a custom\n // wrapperUrl parameter.\n File mavenWrapperPropertyFile = new File(baseDirectory, MAVEN_WRAPPER_PROPERTIES_PATH);\n String url = DEFAULT_DOWNLOAD_URL;\n if(mavenWrapperPropertyFile.exists()) {\n FileInputStream mavenWrapperPropertyFileInputStream = null;\n try {\n mavenWrapperPropertyFileInputStream = new FileInputStream(mavenWrapperPropertyFile);\n Properties mavenWrapperProperties = new Properties();\n mavenWrapperProperties.load(mavenWrapperPropertyFileInputStream);\n url = mavenWrapperProperties.getProperty(PROPERTY_NAME_WRAPPER_URL, url);\n } catch (IOException e) {\n System.out.println(\"- ERROR loading '\" + MAVEN_WRAPPER_PROPERTIES_PATH + \"'\");\n } finally {\n try {\n if(mavenWrapperPropertyFileInputStream != null) {\n mavenWrapperPropertyFileInputStream.close();\n }\n } catch (IOException e) {\n // Ignore ...\n }\n }\n }\n System.out.println(\"- Downloading from: \" + url);\n\n File outputFile = new File(baseDirectory.getAbsolutePath(), MAVEN_WRAPPER_JAR_PATH);\n if(!outputFile.getParentFile().exists()) {\n if(!outputFile.getParentFile().mkdirs()) {\n System.out.println(\n \"- ERROR creating output directory '\" + outputFile.getParentFile().getAbsolutePath() + \"'\");\n }\n }\n System.out.println(\"- Downloading to: \" + outputFile.getAbsolutePath());\n try {\n downloadFileFromURL(url, outputFile);\n System.out.println(\"Done\");\n System.exit(0);\n } catch (Throwable e) {\n System.out.println(\"- Error downloading\");\n e.printStackTrace();\n System.exit(1);\n }\n }\n\n private static void downloadFileFromURL(String urlString, File destination) throws Exception {\n if (System.getenv(\"MVNW_USERNAME\") != null && System.getenv(\"MVNW_PASSWORD\") != null) {\n String username = System.getenv(\"MVNW_USERNAME\");\n char[] password = System.getenv(\"MVNW_PASSWORD\").toCharArray();\n Authenticator.setDefault(new Authenticator() {\n @Override\n protected PasswordAuthentication getPasswordAuthentication() {\n return new PasswordAuthentication(username, password);\n }\n });\n }\n URL website = new URL(urlString);\n ReadableByteChannel rbc;\n rbc = Channels.newChannel(website.openStream());\n FileOutputStream fos = new FileOutputStream(destination);\n fos.getChannel().transferFrom(rbc, 0, Long.MAX_VALUE);\n fos.close();\n rbc.close();\n }\n\n}\n"
},
{
"path": "apps/backend-api-springboot/.mvn/wrapper/maven-wrapper.properties",
"content": "distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.2/apache-maven-3.8.2-bin.zip\nwrapperUrl=https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar\n"
},
{
"path": "apps/backend-api-springboot/mvnw",
"content": "#!/bin/sh\n# ----------------------------------------------------------------------------\n# Licensed to the Apache Software Foundation (ASF) under one\n# or more contributor license agreements. See the NOTICE file\n# distributed with this work for additional information\n# regarding copyright ownership. The ASF licenses this file\n# to you under the Apache License, Version 2.0 (the\n# \"License\"); you may not use this file except in compliance\n# with the License. You may obtain a copy of the License at\n#\n# https://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing,\n# software distributed under the License is distributed on an\n# \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n# KIND, either express or implied. See the License for the\n# specific language governing permissions and limitations\n# under the License.\n# ----------------------------------------------------------------------------\n\n# ----------------------------------------------------------------------------\n# Maven Start Up Batch script\n#\n# Required ENV vars:\n# ------------------\n# JAVA_HOME - location of a JDK home dir\n#\n# Optional ENV vars\n# -----------------\n# M2_HOME - location of maven2's installed home dir\n# MAVEN_OPTS - parameters passed to the Java VM when running Maven\n# e.g. to debug Maven itself, use\n# set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000\n# MAVEN_SKIP_RC - flag to disable loading of mavenrc files\n# ----------------------------------------------------------------------------\n\nif [ -z \"$MAVEN_SKIP_RC\" ] ; then\n\n if [ -f /etc/mavenrc ] ; then\n . /etc/mavenrc\n fi\n\n if [ -f \"$HOME/.mavenrc\" ] ; then\n . \"$HOME/.mavenrc\"\n fi\n\nfi\n\n# OS specific support. $var _must_ be set to either true or false.\ncygwin=false;\ndarwin=false;\nmingw=false\ncase \"`uname`\" in\n CYGWIN*) cygwin=true ;;\n MINGW*) mingw=true;;\n Darwin*) darwin=true\n # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home\n # See https://developer.apple.com/library/mac/qa/qa1170/_index.html\n if [ -z \"$JAVA_HOME\" ]; then\n if [ -x \"/usr/libexec/java_home\" ]; then\n export JAVA_HOME=\"`/usr/libexec/java_home`\"\n else\n export JAVA_HOME=\"/Library/Java/Home\"\n fi\n fi\n ;;\nesac\n\nif [ -z \"$JAVA_HOME\" ] ; then\n if [ -r /etc/gentoo-release ] ; then\n JAVA_HOME=`java-config --jre-home`\n fi\nfi\n\nif [ -z \"$M2_HOME\" ] ; then\n ## resolve links - $0 may be a link to maven's home\n PRG=\"$0\"\n\n # need this for relative symlinks\n while [ -h \"$PRG\" ] ; do\n ls=`ls -ld \"$PRG\"`\n link=`expr \"$ls\" : '.*-> \\(.*\\)$'`\n if expr \"$link\" : '/.*' > /dev/null; then\n PRG=\"$link\"\n else\n PRG=\"`dirname \"$PRG\"`/$link\"\n fi\n done\n\n saveddir=`pwd`\n\n M2_HOME=`dirname \"$PRG\"`/..\n\n # make it fully qualified\n M2_HOME=`cd \"$M2_HOME\" && pwd`\n\n cd \"$saveddir\"\n # echo Using m2 at $M2_HOME\nfi\n\n# For Cygwin, ensure paths are in UNIX format before anything is touched\nif $cygwin ; then\n [ -n \"$M2_HOME\" ] &&\n M2_HOME=`cygpath --unix \"$M2_HOME\"`\n [ -n \"$JAVA_HOME\" ] &&\n JAVA_HOME=`cygpath --unix \"$JAVA_HOME\"`\n [ -n \"$CLASSPATH\" ] &&\n CLASSPATH=`cygpath --path --unix \"$CLASSPATH\"`\nfi\n\n# For Mingw, ensure paths are in UNIX format before anything is touched\nif $mingw ; then\n [ -n \"$M2_HOME\" ] &&\n M2_HOME=\"`(cd \"$M2_HOME\"; pwd)`\"\n [ -n \"$JAVA_HOME\" ] &&\n JAVA_HOME=\"`(cd \"$JAVA_HOME\"; pwd)`\"\nfi\n\nif [ -z \"$JAVA_HOME\" ]; then\n javaExecutable=\"`which javac`\"\n if [ -n \"$javaExecutable\" ] && ! [ \"`expr \\\"$javaExecutable\\\" : '\\([^ ]*\\)'`\" = \"no\" ]; then\n # readlink(1) is not available as standard on Solaris 10.\n readLink=`which readlink`\n if [ ! `expr \"$readLink\" : '\\([^ ]*\\)'` = \"no\" ]; then\n if $darwin ; then\n javaHome=\"`dirname \\\"$javaExecutable\\\"`\"\n javaExecutable=\"`cd \\\"$javaHome\\\" && pwd -P`/javac\"\n else\n javaExecutable=\"`readlink -f \\\"$javaExecutable\\\"`\"\n fi\n javaHome=\"`dirname \\\"$javaExecutable\\\"`\"\n javaHome=`expr \"$javaHome\" : '\\(.*\\)/bin'`\n JAVA_HOME=\"$javaHome\"\n export JAVA_HOME\n fi\n fi\nfi\n\nif [ -z \"$JAVACMD\" ] ; then\n if [ -n \"$JAVA_HOME\" ] ; then\n if [ -x \"$JAVA_HOME/jre/sh/java\" ] ; then\n # IBM's JDK on AIX uses strange locations for the executables\n JAVACMD=\"$JAVA_HOME/jre/sh/java\"\n else\n JAVACMD=\"$JAVA_HOME/bin/java\"\n fi\n else\n JAVACMD=\"`which java`\"\n fi\nfi\n\nif [ ! -x \"$JAVACMD\" ] ; then\n echo \"Error: JAVA_HOME is not defined correctly.\" >&2\n echo \" We cannot execute $JAVACMD\" >&2\n exit 1\nfi\n\nif [ -z \"$JAVA_HOME\" ] ; then\n echo \"Warning: JAVA_HOME environment variable is not set.\"\nfi\n\nCLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher\n\n# traverses directory structure from process work directory to filesystem root\n# first directory with .mvn subdirectory is considered project base directory\nfind_maven_basedir() {\n\n if [ -z \"$1\" ]\n then\n echo \"Path not specified to find_maven_basedir\"\n return 1\n fi\n\n basedir=\"$1\"\n wdir=\"$1\"\n while [ \"$wdir\" != '/' ] ; do\n if [ -d \"$wdir\"/.mvn ] ; then\n basedir=$wdir\n break\n fi\n # workaround for JBEAP-8937 (on Solaris 10/Sparc)\n if [ -d \"${wdir}\" ]; then\n wdir=`cd \"$wdir/..\"; pwd`\n fi\n # end of workaround\n done\n echo \"${basedir}\"\n}\n\n# concatenates all lines of a file\nconcat_lines() {\n if [ -f \"$1\" ]; then\n echo \"$(tr -s '\\n' ' ' < \"$1\")\"\n fi\n}\n\nBASE_DIR=`find_maven_basedir \"$(pwd)\"`\nif [ -z \"$BASE_DIR\" ]; then\n exit 1;\nfi\n\n##########################################################################################\n# Extension to allow automatically downloading the maven-wrapper.jar from Maven-central\n# This allows using the maven wrapper in projects that prohibit checking in binary data.\n##########################################################################################\nif [ -r \"$BASE_DIR/.mvn/wrapper/maven-wrapper.jar\" ]; then\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \"Found .mvn/wrapper/maven-wrapper.jar\"\n fi\nelse\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \"Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ...\"\n fi\n if [ -n \"$MVNW_REPOURL\" ]; then\n jarUrl=\"$MVNW_REPOURL/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar\"\n else\n jarUrl=\"https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar\"\n fi\n while IFS=\"=\" read key value; do\n case \"$key\" in (wrapperUrl) jarUrl=\"$value\"; break ;;\n esac\n done < \"$BASE_DIR/.mvn/wrapper/maven-wrapper.properties\"\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \"Downloading from: $jarUrl\"\n fi\n wrapperJarPath=\"$BASE_DIR/.mvn/wrapper/maven-wrapper.jar\"\n if $cygwin; then\n wrapperJarPath=`cygpath --path --windows \"$wrapperJarPath\"`\n fi\n\n if command -v wget > /dev/null; then\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \"Found wget ... using wget\"\n fi\n if [ -z \"$MVNW_USERNAME\" ] || [ -z \"$MVNW_PASSWORD\" ]; then\n wget \"$jarUrl\" -O \"$wrapperJarPath\"\n else\n wget --http-user=$MVNW_USERNAME --http-password=$MVNW_PASSWORD \"$jarUrl\" -O \"$wrapperJarPath\"\n fi\n elif command -v curl > /dev/null; then\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \"Found curl ... using curl\"\n fi\n if [ -z \"$MVNW_USERNAME\" ] || [ -z \"$MVNW_PASSWORD\" ]; then\n curl -o \"$wrapperJarPath\" \"$jarUrl\" -f\n else\n curl --user $MVNW_USERNAME:$MVNW_PASSWORD -o \"$wrapperJarPath\" \"$jarUrl\" -f\n fi\n\n else\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \"Falling back to using Java to download\"\n fi\n javaClass=\"$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java\"\n # For Cygwin, switch paths to Windows format before running javac\n if $cygwin; then\n javaClass=`cygpath --path --windows \"$javaClass\"`\n fi\n if [ -e \"$javaClass\" ]; then\n if [ ! -e \"$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class\" ]; then\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \" - Compiling MavenWrapperDownloader.java ...\"\n fi\n # Compiling the Java class\n (\"$JAVA_HOME/bin/javac\" \"$javaClass\")\n fi\n if [ -e \"$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class\" ]; then\n # Running the downloader\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \" - Running MavenWrapperDownloader.java ...\"\n fi\n (\"$JAVA_HOME/bin/java\" -cp .mvn/wrapper MavenWrapperDownloader \"$MAVEN_PROJECTBASEDIR\")\n fi\n fi\n fi\nfi\n##########################################################################################\n# End of extension\n##########################################################################################\n\nexport MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-\"$BASE_DIR\"}\nif [ \"$MVNW_VERBOSE\" = true ]; then\n echo $MAVEN_PROJECTBASEDIR\nfi\nMAVEN_OPTS=\"$(concat_lines \"$MAVEN_PROJECTBASEDIR/.mvn/jvm.config\") $MAVEN_OPTS\"\n\n# For Cygwin, switch paths to Windows format before running java\nif $cygwin; then\n [ -n \"$M2_HOME\" ] &&\n M2_HOME=`cygpath --path --windows \"$M2_HOME\"`\n [ -n \"$JAVA_HOME\" ] &&\n JAVA_HOME=`cygpath --path --windows \"$JAVA_HOME\"`\n [ -n \"$CLASSPATH\" ] &&\n CLASSPATH=`cygpath --path --windows \"$CLASSPATH\"`\n [ -n \"$MAVEN_PROJECTBASEDIR\" ] &&\n MAVEN_PROJECTBASEDIR=`cygpath --path --windows \"$MAVEN_PROJECTBASEDIR\"`\nfi\n\n# Provide a \"standardized\" way to retrieve the CLI args that will\n# work with both Windows and non-Windows executions.\nMAVEN_CMD_LINE_ARGS=\"$MAVEN_CONFIG $@\"\nexport MAVEN_CMD_LINE_ARGS\n\nWRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain\n\nexec \"$JAVACMD\" \\\n $MAVEN_OPTS \\\n -classpath \"$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar\" \\\n \"-Dmaven.home=${M2_HOME}\" \"-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}\" \\\n ${WRAPPER_LAUNCHER} $MAVEN_CONFIG \"$@\"\n"
},
{
"path": "apps/backend-api-springboot/mvnw.cmd",
"content": "@REM ----------------------------------------------------------------------------\n@REM Licensed to the Apache Software Foundation (ASF) under one\n@REM or more contributor license agreements. See the NOTICE file\n@REM distributed with this work for additional information\n@REM regarding copyright ownership. The ASF licenses this file\n@REM to you under the Apache License, Version 2.0 (the\n@REM \"License\"); you may not use this file except in compliance\n@REM with the License. You may obtain a copy of the License at\n@REM\n@REM https://www.apache.org/licenses/LICENSE-2.0\n@REM\n@REM Unless required by applicable law or agreed to in writing,\n@REM software distributed under the License is distributed on an\n@REM \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n@REM KIND, either express or implied. See the License for the\n@REM specific language governing permissions and limitations\n@REM under the License.\n@REM ----------------------------------------------------------------------------\n\n@REM ----------------------------------------------------------------------------\n@REM Maven Start Up Batch script\n@REM\n@REM Required ENV vars:\n@REM JAVA_HOME - location of a JDK home dir\n@REM\n@REM Optional ENV vars\n@REM M2_HOME - location of maven2's installed home dir\n@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands\n@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending\n@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven\n@REM e.g. to debug Maven itself, use\n@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000\n@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files\n@REM ----------------------------------------------------------------------------\n\n@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'\n@echo off\n@REM set title of command window\ntitle %0\n@REM enable echoing by setting MAVEN_BATCH_ECHO to 'on'\n@if \"%MAVEN_BATCH_ECHO%\" == \"on\" echo %MAVEN_BATCH_ECHO%\n\n@REM set %HOME% to equivalent of $HOME\nif \"%HOME%\" == \"\" (set \"HOME=%HOMEDRIVE%%HOMEPATH%\")\n\n@REM Execute a user defined script before this one\nif not \"%MAVEN_SKIP_RC%\" == \"\" goto skipRcPre\n@REM check for pre script, once with legacy .bat ending and once with .cmd ending\nif exist \"%HOME%\\mavenrc_pre.bat\" call \"%HOME%\\mavenrc_pre.bat\"\nif exist \"%HOME%\\mavenrc_pre.cmd\" call \"%HOME%\\mavenrc_pre.cmd\"\n:skipRcPre\n\n@setlocal\n\nset ERROR_CODE=0\n\n@REM To isolate internal variables from possible post scripts, we use another setlocal\n@setlocal\n\n@REM ==== START VALIDATION ====\nif not \"%JAVA_HOME%\" == \"\" goto OkJHome\n\necho.\necho Error: JAVA_HOME not found in your environment. >&2\necho Please set the JAVA_HOME variable in your environment to match the >&2\necho location of your Java installation. >&2\necho.\ngoto error\n\n:OkJHome\nif exist \"%JAVA_HOME%\\bin\\java.exe\" goto init\n\necho.\necho Error: JAVA_HOME is set to an invalid directory. >&2\necho JAVA_HOME = \"%JAVA_HOME%\" >&2\necho Please set the JAVA_HOME variable in your environment to match the >&2\necho location of your Java installation. >&2\necho.\ngoto error\n\n@REM ==== END VALIDATION ====\n\n:init\n\n@REM Find the project base dir, i.e. the directory that contains the folder \".mvn\".\n@REM Fallback to current working directory if not found.\n\nset MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%\nIF NOT \"%MAVEN_PROJECTBASEDIR%\"==\"\" goto endDetectBaseDir\n\nset EXEC_DIR=%CD%\nset WDIR=%EXEC_DIR%\n:findBaseDir\nIF EXIST \"%WDIR%\"\\.mvn goto baseDirFound\ncd ..\nIF \"%WDIR%\"==\"%CD%\" goto baseDirNotFound\nset WDIR=%CD%\ngoto findBaseDir\n\n:baseDirFound\nset MAVEN_PROJECTBASEDIR=%WDIR%\ncd \"%EXEC_DIR%\"\ngoto endDetectBaseDir\n\n:baseDirNotFound\nset MAVEN_PROJECTBASEDIR=%EXEC_DIR%\ncd \"%EXEC_DIR%\"\n\n:endDetectBaseDir\n\nIF NOT EXIST \"%MAVEN_PROJECTBASEDIR%\\.mvn\\jvm.config\" goto endReadAdditionalConfig\n\n@setlocal EnableExtensions EnableDelayedExpansion\nfor /F \"usebackq delims=\" %%a in (\"%MAVEN_PROJECTBASEDIR%\\.mvn\\jvm.config\") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a\n@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%\n\n:endReadAdditionalConfig\n\nSET MAVEN_JAVA_EXE=\"%JAVA_HOME%\\bin\\java.exe\"\nset WRAPPER_JAR=\"%MAVEN_PROJECTBASEDIR%\\.mvn\\wrapper\\maven-wrapper.jar\"\nset WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain\n\nset DOWNLOAD_URL=\"https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar\"\n\nFOR /F \"tokens=1,2 delims==\" %%A IN (\"%MAVEN_PROJECTBASEDIR%\\.mvn\\wrapper\\maven-wrapper.properties\") DO (\n IF \"%%A\"==\"wrapperUrl\" SET DOWNLOAD_URL=%%B\n)\n\n@REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central\n@REM This allows using the maven wrapper in projects that prohibit checking in binary data.\nif exist %WRAPPER_JAR% (\n if \"%MVNW_VERBOSE%\" == \"true\" (\n echo Found %WRAPPER_JAR%\n )\n) else (\n if not \"%MVNW_REPOURL%\" == \"\" (\n SET DOWNLOAD_URL=\"%MVNW_REPOURL%/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar\"\n )\n if \"%MVNW_VERBOSE%\" == \"true\" (\n echo Couldn't find %WRAPPER_JAR%, downloading it ...\n echo Downloading from: %DOWNLOAD_URL%\n )\n\n powershell -Command \"&{\"^\n\t\t\"$webclient = new-object System.Net.WebClient;\"^\n\t\t\"if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {\"^\n\t\t\"$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');\"^\n\t\t\"}\"^\n\t\t\"[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')\"^\n\t\t\"}\"\n if \"%MVNW_VERBOSE%\" == \"true\" (\n echo Finished downloading %WRAPPER_JAR%\n )\n)\n@REM End of extension\n\n@REM Provide a \"standardized\" way to retrieve the CLI args that will\n@REM work with both Windows and non-Windows executions.\nset MAVEN_CMD_LINE_ARGS=%*\n\n%MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% \"-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%\" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*\nif ERRORLEVEL 1 goto error\ngoto end\n\n:error\nset ERROR_CODE=1\n\n:end\n@endlocal & set ERROR_CODE=%ERROR_CODE%\n\nif not \"%MAVEN_SKIP_RC%\" == \"\" goto skipRcPost\n@REM check for post script, once with legacy .bat ending and once with .cmd ending\nif exist \"%HOME%\\mavenrc_post.bat\" call \"%HOME%\\mavenrc_post.bat\"\nif exist \"%HOME%\\mavenrc_post.cmd\" call \"%HOME%\\mavenrc_post.cmd\"\n:skipRcPost\n\n@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'\nif \"%MAVEN_BATCH_PAUSE%\" == \"on\" pause\n\nif \"%MAVEN_TERMINATE_CMD%\" == \"on\" exit %ERROR_CODE%\n\nexit /B %ERROR_CODE%\n"
},
{
"path": "apps/backend-api-springboot/pom.xml",
"content": "\n\n 4.0.0\n \n org.springframework.boot\n spring-boot-starter-parent\n 2.7.18\n \n \n com.example\n backend-api-springboot\n 0.0.1-SNAPSHOT\n backend-api-springboot\n backend-api-springboot\n \n 21\n 1.18.38\n \n \n \n org.springframework.boot\n spring-boot-starter-oauth2-resource-server\n \n \n org.springframework.boot\n spring-boot-starter-web\n \n \n org.springframework.boot\n spring-boot-devtools\n runtime\n true\n \n \n org.projectlombok\n lombok\n true\n \n \n org.springframework.boot\n spring-boot-starter-test\n test\n \n \n\n \n \n \n org.springframework.boot\n spring-boot-maven-plugin\n \n \n \n org.projectlombok\n lombok\n \n \n \n \n \n \n\n\n"
},
{
"path": "apps/backend-api-springboot/src/main/java/com/acme/backend/springboot/users/BackendApiSpringbootApp.java",
"content": "package com.acme.backend.springboot.users;\n\nimport org.springframework.boot.SpringApplication;\nimport org.springframework.boot.autoconfigure.SpringBootApplication;\nimport org.springframework.boot.context.properties.ConfigurationPropertiesScan;\n\n@SpringBootApplication\n@ConfigurationPropertiesScan\npublic class BackendApiSpringbootApp {\n\n\tpublic static void main(String[] args) {\n\t\tSpringApplication.run(BackendApiSpringbootApp.class, args);\n\t}\n\n}\n"
},
{
"path": "apps/backend-api-springboot/src/main/java/com/acme/backend/springboot/users/config/AcmeServiceProperties.java",
"content": "package com.acme.backend.springboot.users.config;\n\nimport lombok.Getter;\nimport lombok.Setter;\nimport org.springframework.boot.context.properties.ConfigurationProperties;\nimport org.springframework.stereotype.Component;\n\nimport java.util.List;\n\n@Getter\n@Setter\n@Component\n@ConfigurationProperties(prefix = \"acme\")\npublic class AcmeServiceProperties {\n\n private KeycloakJwtProperties jwt = new KeycloakJwtProperties();\n\n /**\n * Specifies JWT client ID, issuer URI and allowed audiences\n * for validation\n */\n @Getter\n @Setter\n public static class KeycloakJwtProperties {\n\n private String clientId;\n\n private String issuerUri;\n\n private List allowedAudiences;\n }\n\n}\n"
},
{
"path": "apps/backend-api-springboot/src/main/java/com/acme/backend/springboot/users/config/JwtSecurityConfig.java",
"content": "package com.acme.backend.springboot.users.config;\n\nimport com.acme.backend.springboot.users.support.keycloak.KeycloakGrantedAuthoritiesConverter;\nimport com.acme.backend.springboot.users.support.keycloak.KeycloakJwtAuthenticationConverter;\nimport org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;\nimport org.springframework.context.annotation.Bean;\nimport org.springframework.context.annotation.Configuration;\nimport org.springframework.core.convert.converter.Converter;\nimport org.springframework.security.core.GrantedAuthority;\nimport org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;\nimport org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator;\nimport org.springframework.security.oauth2.core.OAuth2TokenValidator;\nimport org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;\nimport org.springframework.security.oauth2.jwt.Jwt;\nimport org.springframework.security.oauth2.jwt.JwtDecoder;\nimport org.springframework.security.oauth2.jwt.JwtIssuerValidator;\nimport org.springframework.security.oauth2.jwt.JwtTimestampValidator;\nimport org.springframework.security.oauth2.jwt.NimbusJwtDecoder;\n\nimport java.util.ArrayList;\nimport java.util.Collection;\nimport java.util.List;\nimport java.util.Set;\n\n/**\n * Configures JWT handling (decoder and validator)\n */\n@Configuration\nclass JwtSecurityConfig {\n\n /**\n * Configures a decoder with the specified validators (validation key fetched from JWKS endpoint)\n *\n * @param validators validators for the given key\n * @param properties key properties (provides JWK location)\n * @return the decoder bean\n */\n @Bean\n JwtDecoder jwtDecoder(List> validators, OAuth2ResourceServerProperties properties) {\n\n NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder //\n .withJwkSetUri(properties.getJwt().getJwkSetUri()) //\n .jwsAlgorithms(algs -> algs.addAll(Set.of(SignatureAlgorithm.RS256, SignatureAlgorithm.ES256))) //\n .build();\n\n jwtDecoder.setJwtValidator(new DelegatingOAuth2TokenValidator<>(validators));\n\n return jwtDecoder;\n }\n\n /**\n * Configures the token validator. Specifies two additional validation constraints:\n *
\n * * Timestamp on the token is still valid\n * * The issuer is the expected entity\n *\n * @param properties JWT resource specification\n * @return token validator\n */\n @Bean\n OAuth2TokenValidator defaultTokenValidator(OAuth2ResourceServerProperties properties) {\n\n List> validators = new ArrayList<>();\n validators.add(new JwtTimestampValidator());\n validators.add(new JwtIssuerValidator(properties.getJwt().getIssuerUri()));\n\n return new DelegatingOAuth2TokenValidator<>(validators);\n }\n\n @Bean\n KeycloakJwtAuthenticationConverter keycloakJwtAuthenticationConverter(Converter> authoritiesConverter) {\n return new KeycloakJwtAuthenticationConverter(authoritiesConverter);\n }\n\n @Bean\n Converter> keycloakGrantedAuthoritiesConverter(GrantedAuthoritiesMapper authoritiesMapper, AcmeServiceProperties acmeServiceProperties) {\n String clientId = acmeServiceProperties.getJwt().getClientId();\n return new KeycloakGrantedAuthoritiesConverter(clientId, authoritiesMapper);\n }\n\n}\n"
},
{
"path": "apps/backend-api-springboot/src/main/java/com/acme/backend/springboot/users/config/MethodSecurityConfig.java",
"content": "package com.acme.backend.springboot.users.config;\n\nimport lombok.RequiredArgsConstructor;\nimport org.springframework.context.ApplicationContext;\nimport org.springframework.context.annotation.Bean;\nimport org.springframework.context.annotation.Configuration;\nimport org.springframework.security.access.PermissionEvaluator;\nimport org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;\nimport org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;\nimport org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;\nimport org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;\nimport org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;\nimport org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;\n\n\n/**\n * Enables security annotations via like {@link org.springframework.security.access.prepost.PreAuthorize} and\n * {@link org.springframework.security.access.prepost.PostAuthorize} annotations per-method.\n */\n@Configuration\n@RequiredArgsConstructor\n@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, proxyTargetClass = true)\nclass MethodSecurityConfig extends GlobalMethodSecurityConfiguration {\n\n private final ApplicationContext applicationContext;\n\n private final PermissionEvaluator permissionEvaluator;\n\n @Override\n protected MethodSecurityExpressionHandler createExpressionHandler() {\n\n DefaultMethodSecurityExpressionHandler expressionHandler = new DefaultMethodSecurityExpressionHandler();\n expressionHandler.setApplicationContext(applicationContext);\n expressionHandler.setPermissionEvaluator(permissionEvaluator);\n\n return expressionHandler;\n }\n\n @Bean\n GrantedAuthoritiesMapper keycloakAuthoritiesMapper() {\n\n SimpleAuthorityMapper mapper = new SimpleAuthorityMapper();\n mapper.setConvertToUpperCase(true);\n return mapper;\n }\n\n}"
},
{
"path": "apps/backend-api-springboot/src/main/java/com/acme/backend/springboot/users/config/WebSecurityConfig.java",
"content": "package com.acme.backend.springboot.users.config;\n\nimport com.acme.backend.springboot.users.support.access.AccessController;\nimport com.acme.backend.springboot.users.support.keycloak.KeycloakJwtAuthenticationConverter;\nimport lombok.RequiredArgsConstructor;\nimport org.springframework.context.annotation.Bean;\nimport org.springframework.context.annotation.Configuration;\nimport org.springframework.security.config.annotation.web.builders.HttpSecurity;\nimport org.springframework.security.config.annotation.web.configurers.CorsConfigurer;\nimport org.springframework.security.config.http.SessionCreationPolicy;\nimport org.springframework.security.web.SecurityFilterChain;\nimport org.springframework.web.cors.CorsConfiguration;\nimport org.springframework.web.cors.UrlBasedCorsConfigurationSource;\n\nimport java.util.List;\n\n/**\n * Configuration applied on all web endpoints defined for this\n * application. Any configuration on specific resources is applied\n * in addition to these global rules.\n */\n@Configuration\n@RequiredArgsConstructor\nclass WebSecurityConfig {\n\n private final KeycloakJwtAuthenticationConverter keycloakJwtAuthenticationConverter;\n\n /**\n * Configures basic security handler per HTTP session.\n *
\n *
\n *
Stateless session (no session kept server-side)
\n *
CORS set up
\n *
Require the role \"ACCESS\" for all api paths
\n *
JWT converted into Spring token
\n *
\n *\n * @param http security configuration\n * @throws Exception any error\n */\n @Bean\n public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {\n\n http.sessionManagement(smc -> {\n smc.sessionCreationPolicy(SessionCreationPolicy.STATELESS);\n });\n http.cors(this::configureCors);\n http.authorizeRequests(arc -> {\n // declarative route configuration\n // .mvcMatchers(\"/api\").hasAuthority(\"ROLE_ACCESS\")\n arc.mvcMatchers(\"/api/**\").access(\"@accessController.checkAccess()\");\n // add additional routes\n arc.anyRequest().fullyAuthenticated(); //\n });\n http.oauth2ResourceServer(arsc -> {\n arsc.jwt().jwtAuthenticationConverter(keycloakJwtAuthenticationConverter);\n });\n\n return http.build();\n }\n\n @Bean\n AccessController accessController() {\n return new AccessController();\n }\n\n /**\n * Configures CORS to allow requests from localhost:30000\n *\n * @param cors mutable cors configuration\n */\n protected void configureCors(CorsConfigurer cors) {\n\n UrlBasedCorsConfigurationSource defaultUrlBasedCorsConfigSource = new UrlBasedCorsConfigurationSource();\n CorsConfiguration corsConfiguration = new CorsConfiguration().applyPermitDefaultValues();\n corsConfiguration.addAllowedOrigin(\"https://apps.acme.test:4443\");\n List.of(\"GET\", \"POST\", \"PUT\", \"DELETE\").forEach(corsConfiguration::addAllowedMethod);\n defaultUrlBasedCorsConfigSource.registerCorsConfiguration(\"/api/**\", corsConfiguration);\n\n cors.configurationSource(req -> {\n\n CorsConfiguration config = new CorsConfiguration();\n\n config = config.combine(defaultUrlBasedCorsConfigSource.getCorsConfiguration(req));\n\n // check if request Header \"origin\" is in white-list -> dynamically generate cors config\n\n return config;\n });\n }\n}"
},
{
"path": "apps/backend-api-springboot/src/main/java/com/acme/backend/springboot/users/support/access/AccessController.java",
"content": "package com.acme.backend.springboot.users.support.access;\n\nimport lombok.extern.slf4j.Slf4j;\nimport org.springframework.security.core.Authentication;\nimport org.springframework.security.core.context.SecurityContextHolder;\nimport org.springframework.web.context.request.RequestContextHolder;\nimport org.springframework.web.context.request.ServletRequestAttributes;\n\n/**\n * Example for generic custom access checks on request level.\n */\n@Slf4j\npublic class AccessController {\n\n public boolean checkAccess() {\n\n Authentication auth = SecurityContextHolder.getContext().getAuthentication();\n ServletRequestAttributes requestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();\n\n log.info(\"Check access for username={} path={}\", auth.getName(), requestAttributes.getRequest().getRequestURI());\n\n return true;\n }\n}\n"
},
{
"path": "apps/backend-api-springboot/src/main/java/com/acme/backend/springboot/users/support/keycloak/KeycloakAudienceValidator.java",
"content": "package com.acme.backend.springboot.users.support.keycloak;\n\nimport lombok.RequiredArgsConstructor;\nimport org.springframework.security.oauth2.core.OAuth2Error;\nimport org.springframework.security.oauth2.core.OAuth2TokenValidator;\nimport org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;\nimport org.springframework.security.oauth2.jwt.Jwt;\nimport org.springframework.stereotype.Component;\n\n/**\n * Example class for custom audience (aud) or authorized party (azp) claim validations.\n */\n@Component\n@RequiredArgsConstructor\nclass KeycloakAudienceValidator implements OAuth2TokenValidator {\n\n private final OAuth2Error ERROR_INVALID_AUDIENCE = new OAuth2Error(\"invalid_token\", \"Invalid audience\", null);\n\n @Override\n public OAuth2TokenValidatorResult validate(Jwt jwt) {\n\n// String authorizedParty = jwt.getClaimAsString(\"azp\");\n//\n// if (!keycloakDataServiceProperties.getJwt().getAllowedAudiences().contains(authorizedParty)) {\n// return OAuth2TokenValidatorResult.failure(ERROR_INVALID_AUDIENCE);\n// }\n\n return OAuth2TokenValidatorResult.success();\n }\n}\n"
},
{
"path": "apps/backend-api-springboot/src/main/java/com/acme/backend/springboot/users/support/keycloak/KeycloakGrantedAuthoritiesConverter.java",
"content": "package com.acme.backend.springboot.users.support.keycloak;\n\nimport org.springframework.core.convert.converter.Converter;\nimport org.springframework.security.core.GrantedAuthority;\nimport org.springframework.security.core.authority.SimpleGrantedAuthority;\nimport org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;\nimport org.springframework.security.oauth2.jwt.Jwt;\nimport org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;\nimport org.springframework.util.CollectionUtils;\n\nimport java.util.ArrayList;\nimport java.util.Collection;\nimport java.util.Collections;\nimport java.util.List;\nimport java.util.Map;\nimport java.util.Set;\nimport java.util.stream.Collectors;\n\n/**\n * Allows to extract granted authorities from a given JWT. The authorities\n * are determined by combining the realm (overarching) and client (application-specific)\n * roles, and normalizing them (configure them to the default format).\n */\npublic class KeycloakGrantedAuthoritiesConverter implements Converter> {\n\n private static final Converter> JWT_SCOPE_GRANTED_AUTHORITIES_CONVERTER = new JwtGrantedAuthoritiesConverter();\n\n private final String clientId;\n\n private final GrantedAuthoritiesMapper authoritiesMapper;\n\n public KeycloakGrantedAuthoritiesConverter(String clientId, GrantedAuthoritiesMapper authoritiesMapper) {\n this.clientId = clientId;\n this.authoritiesMapper = authoritiesMapper;\n }\n\n @Override\n public Collection convert(Jwt jwt) {\n\n Collection authorities = mapKeycloakRolesToAuthorities( //\n getRealmRolesFrom(jwt), //\n getClientRolesFrom(jwt, clientId) //\n );\n\n Collection scopeAuthorities = JWT_SCOPE_GRANTED_AUTHORITIES_CONVERTER.convert(jwt);\n if(!CollectionUtils.isEmpty(scopeAuthorities)) {\n authorities.addAll(scopeAuthorities);\n }\n\n return authorities;\n }\n\n protected Collection mapKeycloakRolesToAuthorities(Set realmRoles, Set clientRoles) {\n\n List combinedAuthorities = new ArrayList<>();\n\n combinedAuthorities.addAll(authoritiesMapper.mapAuthorities(realmRoles.stream() //\n .map(SimpleGrantedAuthority::new) //\n .collect(Collectors.toList())));\n\n combinedAuthorities.addAll(authoritiesMapper.mapAuthorities(clientRoles.stream() //\n .map(SimpleGrantedAuthority::new) //\n .collect(Collectors.toList())));\n\n return combinedAuthorities;\n }\n\n protected Set getRealmRolesFrom(Jwt jwt) {\n\n Map realmAccess = jwt.getClaimAsMap(\"realm_access\");\n\n if (CollectionUtils.isEmpty(realmAccess)) {\n return Collections.emptySet();\n }\n\n @SuppressWarnings(\"unchecked\")\n Collection realmRoles = (Collection) realmAccess.get(\"roles\");\n if (CollectionUtils.isEmpty(realmRoles)) {\n return Collections.emptySet();\n }\n\n return realmRoles.stream().map(this::normalizeRole).collect(Collectors.toSet());\n }\n\n protected Set getClientRolesFrom(Jwt jwt, String clientId) {\n\n Map resourceAccess = jwt.getClaimAsMap(\"resource_access\");\n\n if (CollectionUtils.isEmpty(resourceAccess)) {\n return Collections.emptySet();\n }\n\n @SuppressWarnings(\"unchecked\")\n Map> clientAccess = (Map>) resourceAccess.get(clientId);\n if (CollectionUtils.isEmpty(clientAccess)) {\n return Collections.emptySet();\n }\n\n List clientRoles = clientAccess.get(\"roles\");\n if (CollectionUtils.isEmpty(clientRoles)) {\n return Collections.emptySet();\n }\n\n return clientRoles.stream().map(this::normalizeRole).collect(Collectors.toSet());\n }\n\n private String normalizeRole(String role) {\n return role.replace('-', '_');\n }\n}\n"
},
{
"path": "apps/backend-api-springboot/src/main/java/com/acme/backend/springboot/users/support/keycloak/KeycloakJwtAuthenticationConverter.java",
"content": "package com.acme.backend.springboot.users.support.keycloak;\n\nimport lombok.RequiredArgsConstructor;\nimport org.springframework.core.convert.converter.Converter;\nimport org.springframework.security.authentication.AbstractAuthenticationToken;\nimport org.springframework.security.core.GrantedAuthority;\nimport org.springframework.security.oauth2.jwt.Jwt;\nimport org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;\n\nimport java.util.Collection;\n\n/**\n * Converts a JWT into a Spring authentication token (by extracting\n * the username and roles from the claims of the token, delegating\n * to the {@link KeycloakGrantedAuthoritiesConverter})\n */\n@RequiredArgsConstructor\npublic class KeycloakJwtAuthenticationConverter implements Converter {\n\n private Converter> grantedAuthoritiesConverter;\n\n public KeycloakJwtAuthenticationConverter(Converter> grantedAuthoritiesConverter) {\n this.grantedAuthoritiesConverter = grantedAuthoritiesConverter;\n }\n\n @Override\n public JwtAuthenticationToken convert(Jwt jwt) {\n\n Collection authorities = grantedAuthoritiesConverter.convert(jwt);\n String username = getUsernameFrom(jwt);\n\n return new JwtAuthenticationToken(jwt, authorities, username);\n }\n\n protected String getUsernameFrom(Jwt jwt) {\n\n if (jwt.hasClaim(\"preferred_username\")) {\n return jwt.getClaimAsString(\"preferred_username\");\n }\n\n return jwt.getSubject();\n }\n}\n"
},
{
"path": "apps/backend-api-springboot/src/main/java/com/acme/backend/springboot/users/support/permissions/DefaultPermissionEvaluator.java",
"content": "package com.acme.backend.springboot.users.support.permissions;\n\nimport lombok.RequiredArgsConstructor;\nimport lombok.extern.slf4j.Slf4j;\nimport org.springframework.security.access.PermissionEvaluator;\nimport org.springframework.security.core.Authentication;\nimport org.springframework.stereotype.Component;\n\nimport java.io.Serializable;\n\n/**\n * Custom {@link PermissionEvaluator} for method level permission checks.\n *\n * @see com.acme.backend.springboot.users.config.MethodSecurityConfig\n */\n@Slf4j\n@Component\n@RequiredArgsConstructor\nclass DefaultPermissionEvaluator implements PermissionEvaluator {\n\n @Override\n public boolean hasPermission(Authentication auth, Object targetDomainObject, Object permission) {\n log.info(\"check permission user={} target={} permission={}\", auth.getName(), targetDomainObject, permission);\n\n // TODO implement sophisticated permission check here\n return true;\n }\n\n @Override\n public boolean hasPermission(Authentication auth, Serializable targetId, String targetType, Object permission) {\n DomainObjectReference dor = new DomainObjectReference(targetType, targetId.toString());\n return hasPermission(auth, dor, permission);\n }\n}\n"
},
{
"path": "apps/backend-api-springboot/src/main/java/com/acme/backend/springboot/users/support/permissions/DomainObjectReference.java",
"content": "package com.acme.backend.springboot.users.support.permissions;\n\nimport lombok.Data;\n\n/**\n * Defines a single domain object by a type and name to look up\n */\n@Data\npublic class DomainObjectReference {\n\n private final String type;\n\n private final String id;\n}\n"
},
{
"path": "apps/backend-api-springboot/src/main/java/com/acme/backend/springboot/users/web/UsersController.java",
"content": "package com.acme.backend.springboot.users.web;\n\nimport lombok.extern.slf4j.Slf4j;\nimport org.springframework.security.core.Authentication;\nimport org.springframework.web.bind.annotation.GetMapping;\nimport org.springframework.web.bind.annotation.RequestMapping;\nimport org.springframework.web.bind.annotation.RestController;\nimport org.springframework.web.context.request.ServletWebRequest;\n\nimport java.time.Instant;\nimport java.util.HashMap;\nimport java.util.Map;\n\n\n@Slf4j\n@RestController\n@RequestMapping(\"/api/users\")\nclass UsersController {\n\n @GetMapping(\"/me\")\n public Object me(ServletWebRequest request, Authentication authentication) {\n\n log.info(\"### Accessing {}\", request.getRequest().getRequestURI());\n\n Object username = authentication.getName();\n\n Map data = new HashMap<>();\n data.put(\"message\", \"Hello \" + username);\n data.put(\"backend\", \"Spring Boot\");\n data.put(\"datetime\", Instant.now());\n return data;\n }\n}\n\n"
},
{
"path": "apps/backend-api-springboot/src/main/resources/application.yml",
"content": "spring:\n jackson:\n serialization:\n write-dates-as-timestamps: false\n deserialization:\n # deals with single and multi-valued JWT claims\n accept-single-value-as-array: true\n security:\n oauth2:\n resourceserver:\n jwt:\n issuer-uri: ${acme.jwt.issuerUri}\n jwk-set-uri: ${acme.jwt.issuerUri}/protocol/openid-connect/certs\n# Use mock-service jwks-endpoint to obtain public key for testing\n# jwk-set-uri: http://localhost:9999/jwks\n\nacme:\n jwt:\n issuerUri: https://id.acme.test:8443/auth/realms/acme-internal\n\nserver:\n port: 4643\n ssl:\n enabled: true\n key-store: ../../config/stage/dev/tls/acme.test+1.p12\n key-store-password: changeit\n key-store-type: PKCS12\n error:\n include-stacktrace: never\n include-exception: false\n include-message: never"
},
{
"path": "apps/backend-api-springboot/src/test/java/com/acme/backend/springboot/users/BackendApiSpringbootAppTests.java",
"content": "package com.acme.backend.springboot.users;\n\nimport org.junit.jupiter.api.Test;\nimport org.springframework.boot.test.context.SpringBootTest;\n\n@SpringBootTest\nclass BackendApiSpringbootAppTests {\n\n\t@Test\n\tvoid contextLoads() {\n\t}\n\n}\n"
},
{
"path": "apps/backend-api-springboot-reactive/.gitignore",
"content": "HELP.md\ntarget/\n!.mvn/wrapper/maven-wrapper.jar\n!**/src/main/**/target/\n!**/src/test/**/target/\n\n### STS ###\n.apt_generated\n.classpath\n.factorypath\n.project\n.settings\n.springBeans\n.sts4-cache\n\n### IntelliJ IDEA ###\n.idea\n*.iws\n*.iml\n*.ipr\n\n### NetBeans ###\n/nbproject/private/\n/nbbuild/\n/dist/\n/nbdist/\n/.nb-gradle/\nbuild/\n!**/src/main/**/build/\n!**/src/test/**/build/\n\n### VS Code ###\n.vscode/\n"
},
{
"path": "apps/backend-api-springboot-reactive/.mvn/wrapper/maven-wrapper.properties",
"content": "distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.3/apache-maven-3.8.3-bin.zip\nwrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar\n"
},
{
"path": "apps/backend-api-springboot-reactive/mvnw",
"content": "#!/bin/sh\n# ----------------------------------------------------------------------------\n# Licensed to the Apache Software Foundation (ASF) under one\n# or more contributor license agreements. See the NOTICE file\n# distributed with this work for additional information\n# regarding copyright ownership. The ASF licenses this file\n# to you under the Apache License, Version 2.0 (the\n# \"License\"); you may not use this file except in compliance\n# with the License. You may obtain a copy of the License at\n#\n# https://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing,\n# software distributed under the License is distributed on an\n# \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n# KIND, either express or implied. See the License for the\n# specific language governing permissions and limitations\n# under the License.\n# ----------------------------------------------------------------------------\n\n# ----------------------------------------------------------------------------\n# Maven Start Up Batch script\n#\n# Required ENV vars:\n# ------------------\n# JAVA_HOME - location of a JDK home dir\n#\n# Optional ENV vars\n# -----------------\n# M2_HOME - location of maven2's installed home dir\n# MAVEN_OPTS - parameters passed to the Java VM when running Maven\n# e.g. to debug Maven itself, use\n# set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000\n# MAVEN_SKIP_RC - flag to disable loading of mavenrc files\n# ----------------------------------------------------------------------------\n\nif [ -z \"$MAVEN_SKIP_RC\" ] ; then\n\n if [ -f /usr/local/etc/mavenrc ] ; then\n . /usr/local/etc/mavenrc\n fi\n\n if [ -f /etc/mavenrc ] ; then\n . /etc/mavenrc\n fi\n\n if [ -f \"$HOME/.mavenrc\" ] ; then\n . \"$HOME/.mavenrc\"\n fi\n\nfi\n\n# OS specific support. $var _must_ be set to either true or false.\ncygwin=false;\ndarwin=false;\nmingw=false\ncase \"`uname`\" in\n CYGWIN*) cygwin=true ;;\n MINGW*) mingw=true;;\n Darwin*) darwin=true\n # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home\n # See https://developer.apple.com/library/mac/qa/qa1170/_index.html\n if [ -z \"$JAVA_HOME\" ]; then\n if [ -x \"/usr/libexec/java_home\" ]; then\n export JAVA_HOME=\"`/usr/libexec/java_home`\"\n else\n export JAVA_HOME=\"/Library/Java/Home\"\n fi\n fi\n ;;\nesac\n\nif [ -z \"$JAVA_HOME\" ] ; then\n if [ -r /etc/gentoo-release ] ; then\n JAVA_HOME=`java-config --jre-home`\n fi\nfi\n\nif [ -z \"$M2_HOME\" ] ; then\n ## resolve links - $0 may be a link to maven's home\n PRG=\"$0\"\n\n # need this for relative symlinks\n while [ -h \"$PRG\" ] ; do\n ls=`ls -ld \"$PRG\"`\n link=`expr \"$ls\" : '.*-> \\(.*\\)$'`\n if expr \"$link\" : '/.*' > /dev/null; then\n PRG=\"$link\"\n else\n PRG=\"`dirname \"$PRG\"`/$link\"\n fi\n done\n\n saveddir=`pwd`\n\n M2_HOME=`dirname \"$PRG\"`/..\n\n # make it fully qualified\n M2_HOME=`cd \"$M2_HOME\" && pwd`\n\n cd \"$saveddir\"\n # echo Using m2 at $M2_HOME\nfi\n\n# For Cygwin, ensure paths are in UNIX format before anything is touched\nif $cygwin ; then\n [ -n \"$M2_HOME\" ] &&\n M2_HOME=`cygpath --unix \"$M2_HOME\"`\n [ -n \"$JAVA_HOME\" ] &&\n JAVA_HOME=`cygpath --unix \"$JAVA_HOME\"`\n [ -n \"$CLASSPATH\" ] &&\n CLASSPATH=`cygpath --path --unix \"$CLASSPATH\"`\nfi\n\n# For Mingw, ensure paths are in UNIX format before anything is touched\nif $mingw ; then\n [ -n \"$M2_HOME\" ] &&\n M2_HOME=\"`(cd \"$M2_HOME\"; pwd)`\"\n [ -n \"$JAVA_HOME\" ] &&\n JAVA_HOME=\"`(cd \"$JAVA_HOME\"; pwd)`\"\nfi\n\nif [ -z \"$JAVA_HOME\" ]; then\n javaExecutable=\"`which javac`\"\n if [ -n \"$javaExecutable\" ] && ! [ \"`expr \\\"$javaExecutable\\\" : '\\([^ ]*\\)'`\" = \"no\" ]; then\n # readlink(1) is not available as standard on Solaris 10.\n readLink=`which readlink`\n if [ ! `expr \"$readLink\" : '\\([^ ]*\\)'` = \"no\" ]; then\n if $darwin ; then\n javaHome=\"`dirname \\\"$javaExecutable\\\"`\"\n javaExecutable=\"`cd \\\"$javaHome\\\" && pwd -P`/javac\"\n else\n javaExecutable=\"`readlink -f \\\"$javaExecutable\\\"`\"\n fi\n javaHome=\"`dirname \\\"$javaExecutable\\\"`\"\n javaHome=`expr \"$javaHome\" : '\\(.*\\)/bin'`\n JAVA_HOME=\"$javaHome\"\n export JAVA_HOME\n fi\n fi\nfi\n\nif [ -z \"$JAVACMD\" ] ; then\n if [ -n \"$JAVA_HOME\" ] ; then\n if [ -x \"$JAVA_HOME/jre/sh/java\" ] ; then\n # IBM's JDK on AIX uses strange locations for the executables\n JAVACMD=\"$JAVA_HOME/jre/sh/java\"\n else\n JAVACMD=\"$JAVA_HOME/bin/java\"\n fi\n else\n JAVACMD=\"`\\\\unset -f command; \\\\command -v java`\"\n fi\nfi\n\nif [ ! -x \"$JAVACMD\" ] ; then\n echo \"Error: JAVA_HOME is not defined correctly.\" >&2\n echo \" We cannot execute $JAVACMD\" >&2\n exit 1\nfi\n\nif [ -z \"$JAVA_HOME\" ] ; then\n echo \"Warning: JAVA_HOME environment variable is not set.\"\nfi\n\nCLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher\n\n# traverses directory structure from process work directory to filesystem root\n# first directory with .mvn subdirectory is considered project base directory\nfind_maven_basedir() {\n\n if [ -z \"$1\" ]\n then\n echo \"Path not specified to find_maven_basedir\"\n return 1\n fi\n\n basedir=\"$1\"\n wdir=\"$1\"\n while [ \"$wdir\" != '/' ] ; do\n if [ -d \"$wdir\"/.mvn ] ; then\n basedir=$wdir\n break\n fi\n # workaround for JBEAP-8937 (on Solaris 10/Sparc)\n if [ -d \"${wdir}\" ]; then\n wdir=`cd \"$wdir/..\"; pwd`\n fi\n # end of workaround\n done\n echo \"${basedir}\"\n}\n\n# concatenates all lines of a file\nconcat_lines() {\n if [ -f \"$1\" ]; then\n echo \"$(tr -s '\\n' ' ' < \"$1\")\"\n fi\n}\n\nBASE_DIR=`find_maven_basedir \"$(pwd)\"`\nif [ -z \"$BASE_DIR\" ]; then\n exit 1;\nfi\n\n##########################################################################################\n# Extension to allow automatically downloading the maven-wrapper.jar from Maven-central\n# This allows using the maven wrapper in projects that prohibit checking in binary data.\n##########################################################################################\nif [ -r \"$BASE_DIR/.mvn/wrapper/maven-wrapper.jar\" ]; then\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \"Found .mvn/wrapper/maven-wrapper.jar\"\n fi\nelse\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \"Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ...\"\n fi\n if [ -n \"$MVNW_REPOURL\" ]; then\n jarUrl=\"$MVNW_REPOURL/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar\"\n else\n jarUrl=\"https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar\"\n fi\n while IFS=\"=\" read key value; do\n case \"$key\" in (wrapperUrl) jarUrl=\"$value\"; break ;;\n esac\n done < \"$BASE_DIR/.mvn/wrapper/maven-wrapper.properties\"\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \"Downloading from: $jarUrl\"\n fi\n wrapperJarPath=\"$BASE_DIR/.mvn/wrapper/maven-wrapper.jar\"\n if $cygwin; then\n wrapperJarPath=`cygpath --path --windows \"$wrapperJarPath\"`\n fi\n\n if command -v wget > /dev/null; then\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \"Found wget ... using wget\"\n fi\n if [ -z \"$MVNW_USERNAME\" ] || [ -z \"$MVNW_PASSWORD\" ]; then\n wget \"$jarUrl\" -O \"$wrapperJarPath\" || rm -f \"$wrapperJarPath\"\n else\n wget --http-user=$MVNW_USERNAME --http-password=$MVNW_PASSWORD \"$jarUrl\" -O \"$wrapperJarPath\" || rm -f \"$wrapperJarPath\"\n fi\n elif command -v curl > /dev/null; then\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \"Found curl ... using curl\"\n fi\n if [ -z \"$MVNW_USERNAME\" ] || [ -z \"$MVNW_PASSWORD\" ]; then\n curl -o \"$wrapperJarPath\" \"$jarUrl\" -f\n else\n curl --user $MVNW_USERNAME:$MVNW_PASSWORD -o \"$wrapperJarPath\" \"$jarUrl\" -f\n fi\n\n else\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \"Falling back to using Java to download\"\n fi\n javaClass=\"$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java\"\n # For Cygwin, switch paths to Windows format before running javac\n if $cygwin; then\n javaClass=`cygpath --path --windows \"$javaClass\"`\n fi\n if [ -e \"$javaClass\" ]; then\n if [ ! -e \"$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class\" ]; then\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \" - Compiling MavenWrapperDownloader.java ...\"\n fi\n # Compiling the Java class\n (\"$JAVA_HOME/bin/javac\" \"$javaClass\")\n fi\n if [ -e \"$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class\" ]; then\n # Running the downloader\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \" - Running MavenWrapperDownloader.java ...\"\n fi\n (\"$JAVA_HOME/bin/java\" -cp .mvn/wrapper MavenWrapperDownloader \"$MAVEN_PROJECTBASEDIR\")\n fi\n fi\n fi\nfi\n##########################################################################################\n# End of extension\n##########################################################################################\n\nexport MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-\"$BASE_DIR\"}\nif [ \"$MVNW_VERBOSE\" = true ]; then\n echo $MAVEN_PROJECTBASEDIR\nfi\nMAVEN_OPTS=\"$(concat_lines \"$MAVEN_PROJECTBASEDIR/.mvn/jvm.config\") $MAVEN_OPTS\"\n\n# For Cygwin, switch paths to Windows format before running java\nif $cygwin; then\n [ -n \"$M2_HOME\" ] &&\n M2_HOME=`cygpath --path --windows \"$M2_HOME\"`\n [ -n \"$JAVA_HOME\" ] &&\n JAVA_HOME=`cygpath --path --windows \"$JAVA_HOME\"`\n [ -n \"$CLASSPATH\" ] &&\n CLASSPATH=`cygpath --path --windows \"$CLASSPATH\"`\n [ -n \"$MAVEN_PROJECTBASEDIR\" ] &&\n MAVEN_PROJECTBASEDIR=`cygpath --path --windows \"$MAVEN_PROJECTBASEDIR\"`\nfi\n\n# Provide a \"standardized\" way to retrieve the CLI args that will\n# work with both Windows and non-Windows executions.\nMAVEN_CMD_LINE_ARGS=\"$MAVEN_CONFIG $@\"\nexport MAVEN_CMD_LINE_ARGS\n\nWRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain\n\nexec \"$JAVACMD\" \\\n $MAVEN_OPTS \\\n $MAVEN_DEBUG_OPTS \\\n -classpath \"$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar\" \\\n \"-Dmaven.home=${M2_HOME}\" \\\n \"-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}\" \\\n ${WRAPPER_LAUNCHER} $MAVEN_CONFIG \"$@\"\n"
},
{
"path": "apps/backend-api-springboot-reactive/mvnw.cmd",
"content": "@REM ----------------------------------------------------------------------------\n@REM Licensed to the Apache Software Foundation (ASF) under one\n@REM or more contributor license agreements. See the NOTICE file\n@REM distributed with this work for additional information\n@REM regarding copyright ownership. The ASF licenses this file\n@REM to you under the Apache License, Version 2.0 (the\n@REM \"License\"); you may not use this file except in compliance\n@REM with the License. You may obtain a copy of the License at\n@REM\n@REM https://www.apache.org/licenses/LICENSE-2.0\n@REM\n@REM Unless required by applicable law or agreed to in writing,\n@REM software distributed under the License is distributed on an\n@REM \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n@REM KIND, either express or implied. See the License for the\n@REM specific language governing permissions and limitations\n@REM under the License.\n@REM ----------------------------------------------------------------------------\n\n@REM ----------------------------------------------------------------------------\n@REM Maven Start Up Batch script\n@REM\n@REM Required ENV vars:\n@REM JAVA_HOME - location of a JDK home dir\n@REM\n@REM Optional ENV vars\n@REM M2_HOME - location of maven2's installed home dir\n@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands\n@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending\n@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven\n@REM e.g. to debug Maven itself, use\n@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000\n@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files\n@REM ----------------------------------------------------------------------------\n\n@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'\n@echo off\n@REM set title of command window\ntitle %0\n@REM enable echoing by setting MAVEN_BATCH_ECHO to 'on'\n@if \"%MAVEN_BATCH_ECHO%\" == \"on\" echo %MAVEN_BATCH_ECHO%\n\n@REM set %HOME% to equivalent of $HOME\nif \"%HOME%\" == \"\" (set \"HOME=%HOMEDRIVE%%HOMEPATH%\")\n\n@REM Execute a user defined script before this one\nif not \"%MAVEN_SKIP_RC%\" == \"\" goto skipRcPre\n@REM check for pre script, once with legacy .bat ending and once with .cmd ending\nif exist \"%USERPROFILE%\\mavenrc_pre.bat\" call \"%USERPROFILE%\\mavenrc_pre.bat\" %*\nif exist \"%USERPROFILE%\\mavenrc_pre.cmd\" call \"%USERPROFILE%\\mavenrc_pre.cmd\" %*\n:skipRcPre\n\n@setlocal\n\nset ERROR_CODE=0\n\n@REM To isolate internal variables from possible post scripts, we use another setlocal\n@setlocal\n\n@REM ==== START VALIDATION ====\nif not \"%JAVA_HOME%\" == \"\" goto OkJHome\n\necho.\necho Error: JAVA_HOME not found in your environment. >&2\necho Please set the JAVA_HOME variable in your environment to match the >&2\necho location of your Java installation. >&2\necho.\ngoto error\n\n:OkJHome\nif exist \"%JAVA_HOME%\\bin\\java.exe\" goto init\n\necho.\necho Error: JAVA_HOME is set to an invalid directory. >&2\necho JAVA_HOME = \"%JAVA_HOME%\" >&2\necho Please set the JAVA_HOME variable in your environment to match the >&2\necho location of your Java installation. >&2\necho.\ngoto error\n\n@REM ==== END VALIDATION ====\n\n:init\n\n@REM Find the project base dir, i.e. the directory that contains the folder \".mvn\".\n@REM Fallback to current working directory if not found.\n\nset MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%\nIF NOT \"%MAVEN_PROJECTBASEDIR%\"==\"\" goto endDetectBaseDir\n\nset EXEC_DIR=%CD%\nset WDIR=%EXEC_DIR%\n:findBaseDir\nIF EXIST \"%WDIR%\"\\.mvn goto baseDirFound\ncd ..\nIF \"%WDIR%\"==\"%CD%\" goto baseDirNotFound\nset WDIR=%CD%\ngoto findBaseDir\n\n:baseDirFound\nset MAVEN_PROJECTBASEDIR=%WDIR%\ncd \"%EXEC_DIR%\"\ngoto endDetectBaseDir\n\n:baseDirNotFound\nset MAVEN_PROJECTBASEDIR=%EXEC_DIR%\ncd \"%EXEC_DIR%\"\n\n:endDetectBaseDir\n\nIF NOT EXIST \"%MAVEN_PROJECTBASEDIR%\\.mvn\\jvm.config\" goto endReadAdditionalConfig\n\n@setlocal EnableExtensions EnableDelayedExpansion\nfor /F \"usebackq delims=\" %%a in (\"%MAVEN_PROJECTBASEDIR%\\.mvn\\jvm.config\") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a\n@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%\n\n:endReadAdditionalConfig\n\nSET MAVEN_JAVA_EXE=\"%JAVA_HOME%\\bin\\java.exe\"\nset WRAPPER_JAR=\"%MAVEN_PROJECTBASEDIR%\\.mvn\\wrapper\\maven-wrapper.jar\"\nset WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain\n\nset DOWNLOAD_URL=\"https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar\"\n\nFOR /F \"usebackq tokens=1,2 delims==\" %%A IN (\"%MAVEN_PROJECTBASEDIR%\\.mvn\\wrapper\\maven-wrapper.properties\") DO (\n IF \"%%A\"==\"wrapperUrl\" SET DOWNLOAD_URL=%%B\n)\n\n@REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central\n@REM This allows using the maven wrapper in projects that prohibit checking in binary data.\nif exist %WRAPPER_JAR% (\n if \"%MVNW_VERBOSE%\" == \"true\" (\n echo Found %WRAPPER_JAR%\n )\n) else (\n if not \"%MVNW_REPOURL%\" == \"\" (\n SET DOWNLOAD_URL=\"%MVNW_REPOURL%/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar\"\n )\n if \"%MVNW_VERBOSE%\" == \"true\" (\n echo Couldn't find %WRAPPER_JAR%, downloading it ...\n echo Downloading from: %DOWNLOAD_URL%\n )\n\n powershell -Command \"&{\"^\n\t\t\"$webclient = new-object System.Net.WebClient;\"^\n\t\t\"if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {\"^\n\t\t\"$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');\"^\n\t\t\"}\"^\n\t\t\"[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')\"^\n\t\t\"}\"\n if \"%MVNW_VERBOSE%\" == \"true\" (\n echo Finished downloading %WRAPPER_JAR%\n )\n)\n@REM End of extension\n\n@REM Provide a \"standardized\" way to retrieve the CLI args that will\n@REM work with both Windows and non-Windows executions.\nset MAVEN_CMD_LINE_ARGS=%*\n\n%MAVEN_JAVA_EXE% ^\n %JVM_CONFIG_MAVEN_PROPS% ^\n %MAVEN_OPTS% ^\n %MAVEN_DEBUG_OPTS% ^\n -classpath %WRAPPER_JAR% ^\n \"-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%\" ^\n %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*\nif ERRORLEVEL 1 goto error\ngoto end\n\n:error\nset ERROR_CODE=1\n\n:end\n@endlocal & set ERROR_CODE=%ERROR_CODE%\n\nif not \"%MAVEN_SKIP_RC%\"==\"\" goto skipRcPost\n@REM check for post script, once with legacy .bat ending and once with .cmd ending\nif exist \"%USERPROFILE%\\mavenrc_post.bat\" call \"%USERPROFILE%\\mavenrc_post.bat\"\nif exist \"%USERPROFILE%\\mavenrc_post.cmd\" call \"%USERPROFILE%\\mavenrc_post.cmd\"\n:skipRcPost\n\n@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'\nif \"%MAVEN_BATCH_PAUSE%\"==\"on\" pause\n\nif \"%MAVEN_TERMINATE_CMD%\"==\"on\" exit %ERROR_CODE%\n\ncmd /C exit /B %ERROR_CODE%\n"
},
{
"path": "apps/backend-api-springboot-reactive/pom.xml",
"content": "\n\n 4.0.0\n \n org.springframework.boot\n spring-boot-starter-parent\n 2.7.14\n \n \n com.example\n backend-api-springboot-reactive\n 0.0.1-SNAPSHOT\n backend-api-springboot-reactive\n backend-api-springboot-reactive\n \n 17\n 1.18.38\n \n \n \n org.springframework.boot\n spring-boot-starter-oauth2-resource-server\n \n \n org.springframework.boot\n spring-boot-starter-webflux\n \n\n \n org.springframework.boot\n spring-boot-starter-actuator\n \n\n\n \n org.springframework.boot\n spring-boot-devtools\n runtime\n true\n \n \n org.projectlombok\n lombok\n true\n \n \n org.springframework.boot\n spring-boot-starter-test\n test\n \n \n io.projectreactor\n reactor-test\n test\n \n \n\n \n \n \n org.springframework.boot\n spring-boot-maven-plugin\n \n \n \n org.projectlombok\n lombok\n \n \n \n \n \n \n\n\n"
},
{
"path": "apps/backend-api-springboot-reactive/src/main/java/com/acme/backend/springreactive/BackendApiSpringbootReactiveApp.java",
"content": "package com.acme.backend.springreactive;\n\nimport org.springframework.boot.SpringApplication;\nimport org.springframework.boot.autoconfigure.SpringBootApplication;\n\n@SpringBootApplication\npublic class BackendApiSpringbootReactiveApp {\n\n public static void main(String[] args) {\n SpringApplication.run(BackendApiSpringbootReactiveApp.class, args);\n }\n\n}\n"
},
{
"path": "apps/backend-api-springboot-reactive/src/main/java/com/acme/backend/springreactive/config/AcmeServiceProperties.java",
"content": "package com.acme.backend.springreactive.config;\n\nimport lombok.Getter;\nimport lombok.Setter;\nimport org.springframework.boot.context.properties.ConfigurationProperties;\nimport org.springframework.stereotype.Component;\n\nimport java.util.List;\n\n@Getter\n@Setter\n@Component\n@ConfigurationProperties(prefix = \"acme\")\npublic class AcmeServiceProperties {\n\n private KeycloakJwtProperties jwt = new KeycloakJwtProperties();\n\n /**\n * Specifies JWT client ID, issuer URI and allowed audiences\n * for validation\n */\n @Getter\n @Setter\n public static class KeycloakJwtProperties {\n\n private String clientId;\n\n private String issuerUri;\n\n private List allowedAudiences;\n }\n\n}\n"
},
{
"path": "apps/backend-api-springboot-reactive/src/main/java/com/acme/backend/springreactive/config/JwtSecurityConfig.java",
"content": "package com.acme.backend.springreactive.config;\n\nimport com.acme.backend.springreactive.support.keycloak.KeycloakGrantedAuthoritiesConverter;\nimport com.acme.backend.springreactive.support.keycloak.KeycloakJwtAuthenticationConverter;\nimport org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;\nimport org.springframework.context.annotation.Bean;\nimport org.springframework.context.annotation.Configuration;\nimport org.springframework.core.convert.converter.Converter;\nimport org.springframework.security.core.GrantedAuthority;\nimport org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;\nimport org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator;\nimport org.springframework.security.oauth2.core.OAuth2TokenValidator;\nimport org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;\nimport org.springframework.security.oauth2.jwt.Jwt;\nimport org.springframework.security.oauth2.jwt.JwtIssuerValidator;\nimport org.springframework.security.oauth2.jwt.JwtTimestampValidator;\nimport org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder;\nimport org.springframework.security.oauth2.jwt.ReactiveJwtDecoder;\n\nimport java.util.ArrayList;\nimport java.util.Collection;\nimport java.util.List;\nimport java.util.Set;\n\n/**\n * Configures JWT handling (decoder and validator)\n */\n@Configuration\nclass JwtSecurityConfig {\n\n /**\n * Configures a decoder with the specified validators (validation key fetched from JWKS endpoint)\n *\n * @param validators validators for the given key\n * @param properties key properties (provides JWK location)\n * @return the decoder bean\n */\n @Bean\n ReactiveJwtDecoder jwtDecoder(List> validators, OAuth2ResourceServerProperties properties) {\n\n NimbusReactiveJwtDecoder jwtDecoder = NimbusReactiveJwtDecoder\n .withJwkSetUri(properties.getJwt().getJwkSetUri()) //\n .jwsAlgorithms(algs -> algs.addAll(Set.of(SignatureAlgorithm.RS256, SignatureAlgorithm.ES256)))\n .build();\n\n jwtDecoder.setJwtValidator(new DelegatingOAuth2TokenValidator<>(validators));\n\n return jwtDecoder;\n }\n\n /**\n * Configures the token validator. Specifies two additional validation constraints:\n *
\n * * Timestamp on the token is still valid\n * * The issuer is the expected entity\n *\n * @param properties JWT resource specification\n * @return token validator\n */\n @Bean\n OAuth2TokenValidator defaultTokenValidator(OAuth2ResourceServerProperties properties) {\n\n List> validators = new ArrayList<>();\n validators.add(new JwtTimestampValidator());\n validators.add(new JwtIssuerValidator(properties.getJwt().getIssuerUri()));\n\n return new DelegatingOAuth2TokenValidator<>(validators);\n }\n\n @Bean\n KeycloakJwtAuthenticationConverter keycloakJwtAuthenticationConverter(Converter> authoritiesConverter) {\n return new KeycloakJwtAuthenticationConverter(authoritiesConverter);\n }\n\n @Bean\n Converter> keycloakGrantedAuthoritiesConverter(GrantedAuthoritiesMapper authoritiesMapper, AcmeServiceProperties acmeServiceProperties) {\n String clientId = acmeServiceProperties.getJwt().getClientId();\n return new KeycloakGrantedAuthoritiesConverter(clientId, authoritiesMapper);\n }\n\n}\n"
},
{
"path": "apps/backend-api-springboot-reactive/src/main/java/com/acme/backend/springreactive/config/MethodSecurityConfig.java",
"content": "package com.acme.backend.springreactive.config;\n\nimport lombok.RequiredArgsConstructor;\nimport org.springframework.context.annotation.Bean;\nimport org.springframework.context.annotation.Configuration;\nimport org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;\nimport org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;\nimport org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;\n\n\n/**\n * Enables security annotations via like {@link org.springframework.security.access.prepost.PreAuthorize} and\n * {@link org.springframework.security.access.prepost.PostAuthorize} annotations per-method.\n */\n@Configuration\n@RequiredArgsConstructor\n@EnableReactiveMethodSecurity\nclass MethodSecurityConfig {\n\n @Bean\n GrantedAuthoritiesMapper keycloakAuthoritiesMapper() {\n\n SimpleAuthorityMapper mapper = new SimpleAuthorityMapper();\n mapper.setConvertToUpperCase(true);\n return mapper;\n }\n\n}"
},
{
"path": "apps/backend-api-springboot-reactive/src/main/java/com/acme/backend/springreactive/config/WebFluxConfig.java",
"content": "package com.acme.backend.springreactive.config;\n\nimport org.springframework.context.annotation.Configuration;\nimport org.springframework.web.reactive.config.CorsRegistry;\nimport org.springframework.web.reactive.config.EnableWebFlux;\nimport org.springframework.web.reactive.config.WebFluxConfigurer;\n\n@Configuration\n@EnableWebFlux\nclass WebFluxConfig implements WebFluxConfigurer {\n\n @Override\n public void addCorsMappings(CorsRegistry corsRegistry) {\n corsRegistry.addMapping(\"/api/**\")\n .allowedOrigins(\"https://apps.acme.test:4443\")\n .allowedMethods(\"GET\", \"POST\", \"PUT\", \"DELETE\")\n .maxAge(3600);\n }\n}\n"
},
{
"path": "apps/backend-api-springboot-reactive/src/main/java/com/acme/backend/springreactive/config/WebFluxRoutes.java",
"content": "package com.acme.backend.springreactive.config;\n\nimport com.acme.backend.springreactive.users.UserHandlers;\nimport org.springframework.context.annotation.Bean;\nimport org.springframework.context.annotation.Configuration;\nimport org.springframework.http.MediaType;\nimport org.springframework.web.reactive.function.server.RouterFunction;\nimport org.springframework.web.reactive.function.server.RouterFunctions;\nimport org.springframework.web.reactive.function.server.ServerResponse;\n\nimport static org.springframework.web.reactive.function.server.RequestPredicates.GET;\nimport static org.springframework.web.reactive.function.server.RequestPredicates.accept;\n\n@Configuration\nclass WebFluxRoutes {\n\n @Bean\n public RouterFunction route(UserHandlers userHandlers) {\n\n return RouterFunctions.route( //\n GET(\"/api/users/me\").and(accept(MediaType.APPLICATION_JSON)), userHandlers::me) //\n ;\n }\n}\n"
},
{
"path": "apps/backend-api-springboot-reactive/src/main/java/com/acme/backend/springreactive/config/WebSecurityConfig.java",
"content": "package com.acme.backend.springreactive.config;\n\nimport com.acme.backend.springreactive.support.keycloak.KeycloakJwtAuthenticationConverter;\nimport lombok.RequiredArgsConstructor;\nimport org.springframework.boot.actuate.autoconfigure.security.reactive.EndpointRequest;\nimport org.springframework.boot.autoconfigure.security.reactive.PathRequest;\nimport org.springframework.context.annotation.Bean;\nimport org.springframework.http.HttpMethod;\nimport org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;\nimport org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;\nimport org.springframework.security.config.web.server.ServerHttpSecurity;\nimport org.springframework.security.web.server.SecurityWebFilterChain;\n\n/**\n * Configuration applied on all web endpoints defined for this\n * application. Any configuration on specific resources is applied\n * in addition to these global rules.\n */\n@EnableWebFluxSecurity\n@EnableReactiveMethodSecurity\n@RequiredArgsConstructor\nclass WebSecurityConfig {\n\n private final KeycloakJwtAuthenticationConverter keycloakJwtAuthenticationConverter;\n\n /**\n * Configures basic security handler per HTTP session.\n *
\n *
\n *
JWT converted into Spring token
\n *
\n *\n * @param http security configuration\n */\n @Bean\n public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {\n\n http\n // csrf disabled for testing\n .csrf() //\n .disable() //\n .authorizeExchange() //\n // CORS requests\n .pathMatchers(HttpMethod.OPTIONS, \"/api/**\") //\n .permitAll() //\n .matchers(PathRequest.toStaticResources().atCommonLocations()) //\n .permitAll() //\n .matchers(EndpointRequest.to(\"health\")) //\n .permitAll() //\n .matchers(EndpointRequest.to(\"info\")) //\n .permitAll().matchers(EndpointRequest.toAnyEndpoint()) //\n .permitAll() //\n .anyExchange() //\n .authenticated() //\n\n .and() //\n // Enable OAuth2 Resource Server Support\n .oauth2ResourceServer() //\n // Enable custom JWT handling\n .jwt().jwtAuthenticationConverter(keycloakJwtAuthenticationConverter) //\n ;\n return http.build();\n }\n}"
},
{
"path": "apps/backend-api-springboot-reactive/src/main/java/com/acme/backend/springreactive/support/keycloak/KeycloakAudienceValidator.java",
"content": "package com.acme.backend.springreactive.support.keycloak;\n\nimport lombok.RequiredArgsConstructor;\nimport org.springframework.security.oauth2.core.OAuth2Error;\nimport org.springframework.security.oauth2.core.OAuth2TokenValidator;\nimport org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;\nimport org.springframework.security.oauth2.jwt.Jwt;\nimport org.springframework.stereotype.Component;\n\n/**\n * Example class for custom audience (aud) or authorized party (azp) claim validations.\n */\n@Component\n@RequiredArgsConstructor\nclass KeycloakAudienceValidator implements OAuth2TokenValidator {\n\n private final OAuth2Error ERROR_INVALID_AUDIENCE = new OAuth2Error(\"invalid_token\", \"Invalid audience\", null);\n\n @Override\n public OAuth2TokenValidatorResult validate(Jwt jwt) {\n\n// String authorizedParty = jwt.getClaimAsString(\"azp\");\n//\n// if (!keycloakDataServiceProperties.getJwt().getAllowedAudiences().contains(authorizedParty)) {\n// return OAuth2TokenValidatorResult.failure(ERROR_INVALID_AUDIENCE);\n// }\n\n return OAuth2TokenValidatorResult.success();\n }\n}\n"
},
{
"path": "apps/backend-api-springboot-reactive/src/main/java/com/acme/backend/springreactive/support/keycloak/KeycloakGrantedAuthoritiesConverter.java",
"content": "package com.acme.backend.springreactive.support.keycloak;\n\nimport org.springframework.core.convert.converter.Converter;\nimport org.springframework.security.core.GrantedAuthority;\nimport org.springframework.security.core.authority.SimpleGrantedAuthority;\nimport org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;\nimport org.springframework.security.oauth2.jwt.Jwt;\nimport org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;\nimport org.springframework.util.CollectionUtils;\n\nimport java.util.ArrayList;\nimport java.util.Collection;\nimport java.util.Collections;\nimport java.util.List;\nimport java.util.Map;\nimport java.util.Set;\nimport java.util.stream.Collectors;\n\n/**\n * Allows to extract granted authorities from a given JWT. The authorities\n * are determined by combining the realm (overarching) and client (application-specific)\n * roles, and normalizing them (configure them to the default format).\n */\npublic class KeycloakGrantedAuthoritiesConverter implements Converter> {\n\n private static final Converter> JWT_SCOPE_GRANTED_AUTHORITIES_CONVERTER = new JwtGrantedAuthoritiesConverter();\n\n private final String clientId;\n\n private final GrantedAuthoritiesMapper authoritiesMapper;\n\n public KeycloakGrantedAuthoritiesConverter(String clientId, GrantedAuthoritiesMapper authoritiesMapper) {\n this.clientId = clientId;\n this.authoritiesMapper = authoritiesMapper;\n }\n\n @Override\n public Collection convert(Jwt jwt) {\n\n Collection authorities = mapKeycloakRolesToAuthorities( //\n getRealmRolesFrom(jwt), //\n getClientRolesFrom(jwt, clientId) //\n );\n\n Collection scopeAuthorities = JWT_SCOPE_GRANTED_AUTHORITIES_CONVERTER.convert(jwt);\n if(!CollectionUtils.isEmpty(scopeAuthorities)) {\n authorities.addAll(scopeAuthorities);\n }\n\n return authorities;\n }\n\n protected Collection mapKeycloakRolesToAuthorities(Set realmRoles, Set clientRoles) {\n\n List combinedAuthorities = new ArrayList<>();\n\n combinedAuthorities.addAll(authoritiesMapper.mapAuthorities(realmRoles.stream() //\n .map(SimpleGrantedAuthority::new) //\n .collect(Collectors.toList())));\n\n combinedAuthorities.addAll(authoritiesMapper.mapAuthorities(clientRoles.stream() //\n .map(SimpleGrantedAuthority::new) //\n .collect(Collectors.toList())));\n\n return combinedAuthorities;\n }\n\n protected Set getRealmRolesFrom(Jwt jwt) {\n\n Map realmAccess = jwt.getClaimAsMap(\"realm_access\");\n\n if (CollectionUtils.isEmpty(realmAccess)) {\n return Collections.emptySet();\n }\n\n @SuppressWarnings(\"unchecked\")\n Collection realmRoles = (Collection) realmAccess.get(\"roles\");\n if (CollectionUtils.isEmpty(realmRoles)) {\n return Collections.emptySet();\n }\n\n return realmRoles.stream().map(this::normalizeRole).collect(Collectors.toSet());\n }\n\n protected Set getClientRolesFrom(Jwt jwt, String clientId) {\n\n Map resourceAccess = jwt.getClaimAsMap(\"resource_access\");\n\n if (CollectionUtils.isEmpty(resourceAccess)) {\n return Collections.emptySet();\n }\n\n @SuppressWarnings(\"unchecked\")\n Map> clientAccess = (Map>) resourceAccess.get(clientId);\n if (CollectionUtils.isEmpty(clientAccess)) {\n return Collections.emptySet();\n }\n\n List clientRoles = clientAccess.get(\"roles\");\n if (CollectionUtils.isEmpty(clientRoles)) {\n return Collections.emptySet();\n }\n\n return clientRoles.stream().map(this::normalizeRole).collect(Collectors.toSet());\n }\n\n private String normalizeRole(String role) {\n return role.replace('-', '_');\n }\n}\n"
},
{
"path": "apps/backend-api-springboot-reactive/src/main/java/com/acme/backend/springreactive/support/keycloak/KeycloakJwtAuthenticationConverter.java",
"content": "package com.acme.backend.springreactive.support.keycloak;\n\nimport lombok.RequiredArgsConstructor;\nimport org.springframework.core.convert.converter.Converter;\nimport org.springframework.security.authentication.AbstractAuthenticationToken;\nimport org.springframework.security.core.GrantedAuthority;\nimport org.springframework.security.oauth2.jwt.Jwt;\nimport org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;\nimport reactor.core.publisher.Mono;\n\nimport java.util.Collection;\n\n/**\n * Converts a JWT into a Spring authentication token (by extracting\n * the username and roles from the claims of the token, delegating\n * to the {@link KeycloakGrantedAuthoritiesConverter})\n */\n@RequiredArgsConstructor\npublic class KeycloakJwtAuthenticationConverter implements Converter> {\n\n private Converter> grantedAuthoritiesConverter;\n\n public KeycloakJwtAuthenticationConverter(Converter> grantedAuthoritiesConverter) {\n this.grantedAuthoritiesConverter = grantedAuthoritiesConverter;\n }\n\n @Override\n public Mono convert(Jwt jwt) {\n\n Collection authorities = grantedAuthoritiesConverter.convert(jwt);\n String username = getUsernameFrom(jwt);\n\n return Mono.just(new JwtAuthenticationToken(jwt, authorities, username));\n }\n\n protected String getUsernameFrom(Jwt jwt) {\n\n if (jwt.hasClaim(\"preferred_username\")) {\n return jwt.getClaimAsString(\"preferred_username\");\n }\n\n return jwt.getSubject();\n }\n}\n"
},
{
"path": "apps/backend-api-springboot-reactive/src/main/java/com/acme/backend/springreactive/users/UserHandlers.java",
"content": "package com.acme.backend.springreactive.users;\n\nimport lombok.extern.slf4j.Slf4j;\nimport org.springframework.stereotype.Component;\nimport org.springframework.web.reactive.function.server.ServerRequest;\nimport org.springframework.web.reactive.function.server.ServerResponse;\nimport reactor.core.publisher.Mono;\n\nimport java.time.Instant;\nimport java.util.HashMap;\n\n@Slf4j\n@Component\npublic class UserHandlers {\n\n public Mono me(ServerRequest request) {\n\n log.info(\"### Accessing {}\", request.uri());\n\n return request.principal().flatMap(auth -> {\n\n var username = auth.getName();\n var data = new HashMap();\n data.put(\"message\", \"Hello \" + username);\n data.put(\"backend\", \"Spring Boot Reactive\");\n data.put(\"datetime\", Instant.now());\n\n return ServerResponse.ok().bodyValue(data);\n });\n\n }\n}\n\n"
},
{
"path": "apps/backend-api-springboot-reactive/src/main/resources/application.yml",
"content": "spring:\n jackson:\n serialization:\n write-dates-as-timestamps: false\n deserialization:\n # deals with single and multi-valued JWT claims\n accept-single-value-as-array: true\n security:\n oauth2:\n resourceserver:\n jwt:\n issuer-uri: ${acme.jwt.issuerUri}\n jwk-set-uri: ${acme.jwt.issuerUri}/protocol/openid-connect/certs\n# Use mock-service jwks-endpoint to obtain public key for testing\n# jwk-set-uri: http://localhost:9999/jwks\n\nacme:\n jwt:\n issuerUri: https://id.acme.test:8443/auth/realms/acme-internal\n\nserver:\n port: 4943\n ssl:\n enabled: true\n key-store: ../../config/stage/dev/tls/acme.test+1.p12\n key-store-password: changeit\n key-store-type: PKCS12"
},
{
"path": "apps/backend-api-springboot-reactive/src/test/java/com/acme/backend/springreactive/BackendApiSpringbootReactiveAppTests.java",
"content": "package com.acme.backend.springreactive;\n\nimport org.junit.jupiter.api.Test;\nimport org.springframework.boot.test.context.SpringBootTest;\n\n@SpringBootTest\nclass BackendApiSpringbootReactiveAppTests {\n\n @Test\n void contextLoads() {\n }\n\n}\n"
},
{
"path": "apps/backend-api-springboot3/.gitignore",
"content": "HELP.md\ntarget/\n!.mvn/wrapper/maven-wrapper.jar\n!**/src/main/**/target/\n!**/src/test/**/target/\n\n### STS ###\n.apt_generated\n.classpath\n.factorypath\n.project\n.settings\n.springBeans\n.sts4-cache\n\n### IntelliJ IDEA ###\n.idea\n*.iws\n*.iml\n*.ipr\n\n### NetBeans ###\n/nbproject/private/\n/nbbuild/\n/dist/\n/nbdist/\n/.nb-gradle/\nbuild/\n!**/src/main/**/build/\n!**/src/test/**/build/\n\n### VS Code ###\n.vscode/\n"
},
{
"path": "apps/backend-api-springboot3/.mvn/wrapper/MavenWrapperDownloader.java",
"content": "/*\n * Copyright 2007-present the original author or authors.\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * https://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\nimport java.net.*;\nimport java.io.*;\nimport java.nio.channels.*;\nimport java.util.Properties;\n\npublic class MavenWrapperDownloader {\n\n private static final String WRAPPER_VERSION = \"0.5.6\";\n /**\n * Default URL to download the maven-wrapper.jar from, if no 'downloadUrl' is provided.\n */\n private static final String DEFAULT_DOWNLOAD_URL = \"https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/\"\n + WRAPPER_VERSION + \"/maven-wrapper-\" + WRAPPER_VERSION + \".jar\";\n\n /**\n * Path to the maven-wrapper.properties file, which might contain a downloadUrl property to\n * use instead of the default one.\n */\n private static final String MAVEN_WRAPPER_PROPERTIES_PATH =\n \".mvn/wrapper/maven-wrapper.properties\";\n\n /**\n * Path where the maven-wrapper.jar will be saved to.\n */\n private static final String MAVEN_WRAPPER_JAR_PATH =\n \".mvn/wrapper/maven-wrapper.jar\";\n\n /**\n * Name of the property which should be used to override the default download url for the wrapper.\n */\n private static final String PROPERTY_NAME_WRAPPER_URL = \"wrapperUrl\";\n\n public static void main(String args[]) {\n System.out.println(\"- Downloader started\");\n File baseDirectory = new File(args[0]);\n System.out.println(\"- Using base directory: \" + baseDirectory.getAbsolutePath());\n\n // If the maven-wrapper.properties exists, read it and check if it contains a custom\n // wrapperUrl parameter.\n File mavenWrapperPropertyFile = new File(baseDirectory, MAVEN_WRAPPER_PROPERTIES_PATH);\n String url = DEFAULT_DOWNLOAD_URL;\n if(mavenWrapperPropertyFile.exists()) {\n FileInputStream mavenWrapperPropertyFileInputStream = null;\n try {\n mavenWrapperPropertyFileInputStream = new FileInputStream(mavenWrapperPropertyFile);\n Properties mavenWrapperProperties = new Properties();\n mavenWrapperProperties.load(mavenWrapperPropertyFileInputStream);\n url = mavenWrapperProperties.getProperty(PROPERTY_NAME_WRAPPER_URL, url);\n } catch (IOException e) {\n System.out.println(\"- ERROR loading '\" + MAVEN_WRAPPER_PROPERTIES_PATH + \"'\");\n } finally {\n try {\n if(mavenWrapperPropertyFileInputStream != null) {\n mavenWrapperPropertyFileInputStream.close();\n }\n } catch (IOException e) {\n // Ignore ...\n }\n }\n }\n System.out.println(\"- Downloading from: \" + url);\n\n File outputFile = new File(baseDirectory.getAbsolutePath(), MAVEN_WRAPPER_JAR_PATH);\n if(!outputFile.getParentFile().exists()) {\n if(!outputFile.getParentFile().mkdirs()) {\n System.out.println(\n \"- ERROR creating output directory '\" + outputFile.getParentFile().getAbsolutePath() + \"'\");\n }\n }\n System.out.println(\"- Downloading to: \" + outputFile.getAbsolutePath());\n try {\n downloadFileFromURL(url, outputFile);\n System.out.println(\"Done\");\n System.exit(0);\n } catch (Throwable e) {\n System.out.println(\"- Error downloading\");\n e.printStackTrace();\n System.exit(1);\n }\n }\n\n private static void downloadFileFromURL(String urlString, File destination) throws Exception {\n if (System.getenv(\"MVNW_USERNAME\") != null && System.getenv(\"MVNW_PASSWORD\") != null) {\n String username = System.getenv(\"MVNW_USERNAME\");\n char[] password = System.getenv(\"MVNW_PASSWORD\").toCharArray();\n Authenticator.setDefault(new Authenticator() {\n @Override\n protected PasswordAuthentication getPasswordAuthentication() {\n return new PasswordAuthentication(username, password);\n }\n });\n }\n URL website = new URL(urlString);\n ReadableByteChannel rbc;\n rbc = Channels.newChannel(website.openStream());\n FileOutputStream fos = new FileOutputStream(destination);\n fos.getChannel().transferFrom(rbc, 0, Long.MAX_VALUE);\n fos.close();\n rbc.close();\n }\n\n}\n"
},
{
"path": "apps/backend-api-springboot3/.mvn/wrapper/maven-wrapper.properties",
"content": "distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.2/apache-maven-3.8.2-bin.zip\nwrapperUrl=https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar\n"
},
{
"path": "apps/backend-api-springboot3/mvnw",
"content": "#!/bin/sh\n# ----------------------------------------------------------------------------\n# Licensed to the Apache Software Foundation (ASF) under one\n# or more contributor license agreements. See the NOTICE file\n# distributed with this work for additional information\n# regarding copyright ownership. The ASF licenses this file\n# to you under the Apache License, Version 2.0 (the\n# \"License\"); you may not use this file except in compliance\n# with the License. You may obtain a copy of the License at\n#\n# https://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing,\n# software distributed under the License is distributed on an\n# \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n# KIND, either express or implied. See the License for the\n# specific language governing permissions and limitations\n# under the License.\n# ----------------------------------------------------------------------------\n\n# ----------------------------------------------------------------------------\n# Maven Start Up Batch script\n#\n# Required ENV vars:\n# ------------------\n# JAVA_HOME - location of a JDK home dir\n#\n# Optional ENV vars\n# -----------------\n# M2_HOME - location of maven2's installed home dir\n# MAVEN_OPTS - parameters passed to the Java VM when running Maven\n# e.g. to debug Maven itself, use\n# set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000\n# MAVEN_SKIP_RC - flag to disable loading of mavenrc files\n# ----------------------------------------------------------------------------\n\nif [ -z \"$MAVEN_SKIP_RC\" ] ; then\n\n if [ -f /etc/mavenrc ] ; then\n . /etc/mavenrc\n fi\n\n if [ -f \"$HOME/.mavenrc\" ] ; then\n . \"$HOME/.mavenrc\"\n fi\n\nfi\n\n# OS specific support. $var _must_ be set to either true or false.\ncygwin=false;\ndarwin=false;\nmingw=false\ncase \"`uname`\" in\n CYGWIN*) cygwin=true ;;\n MINGW*) mingw=true;;\n Darwin*) darwin=true\n # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home\n # See https://developer.apple.com/library/mac/qa/qa1170/_index.html\n if [ -z \"$JAVA_HOME\" ]; then\n if [ -x \"/usr/libexec/java_home\" ]; then\n export JAVA_HOME=\"`/usr/libexec/java_home`\"\n else\n export JAVA_HOME=\"/Library/Java/Home\"\n fi\n fi\n ;;\nesac\n\nif [ -z \"$JAVA_HOME\" ] ; then\n if [ -r /etc/gentoo-release ] ; then\n JAVA_HOME=`java-config --jre-home`\n fi\nfi\n\nif [ -z \"$M2_HOME\" ] ; then\n ## resolve links - $0 may be a link to maven's home\n PRG=\"$0\"\n\n # need this for relative symlinks\n while [ -h \"$PRG\" ] ; do\n ls=`ls -ld \"$PRG\"`\n link=`expr \"$ls\" : '.*-> \\(.*\\)$'`\n if expr \"$link\" : '/.*' > /dev/null; then\n PRG=\"$link\"\n else\n PRG=\"`dirname \"$PRG\"`/$link\"\n fi\n done\n\n saveddir=`pwd`\n\n M2_HOME=`dirname \"$PRG\"`/..\n\n # make it fully qualified\n M2_HOME=`cd \"$M2_HOME\" && pwd`\n\n cd \"$saveddir\"\n # echo Using m2 at $M2_HOME\nfi\n\n# For Cygwin, ensure paths are in UNIX format before anything is touched\nif $cygwin ; then\n [ -n \"$M2_HOME\" ] &&\n M2_HOME=`cygpath --unix \"$M2_HOME\"`\n [ -n \"$JAVA_HOME\" ] &&\n JAVA_HOME=`cygpath --unix \"$JAVA_HOME\"`\n [ -n \"$CLASSPATH\" ] &&\n CLASSPATH=`cygpath --path --unix \"$CLASSPATH\"`\nfi\n\n# For Mingw, ensure paths are in UNIX format before anything is touched\nif $mingw ; then\n [ -n \"$M2_HOME\" ] &&\n M2_HOME=\"`(cd \"$M2_HOME\"; pwd)`\"\n [ -n \"$JAVA_HOME\" ] &&\n JAVA_HOME=\"`(cd \"$JAVA_HOME\"; pwd)`\"\nfi\n\nif [ -z \"$JAVA_HOME\" ]; then\n javaExecutable=\"`which javac`\"\n if [ -n \"$javaExecutable\" ] && ! [ \"`expr \\\"$javaExecutable\\\" : '\\([^ ]*\\)'`\" = \"no\" ]; then\n # readlink(1) is not available as standard on Solaris 10.\n readLink=`which readlink`\n if [ ! `expr \"$readLink\" : '\\([^ ]*\\)'` = \"no\" ]; then\n if $darwin ; then\n javaHome=\"`dirname \\\"$javaExecutable\\\"`\"\n javaExecutable=\"`cd \\\"$javaHome\\\" && pwd -P`/javac\"\n else\n javaExecutable=\"`readlink -f \\\"$javaExecutable\\\"`\"\n fi\n javaHome=\"`dirname \\\"$javaExecutable\\\"`\"\n javaHome=`expr \"$javaHome\" : '\\(.*\\)/bin'`\n JAVA_HOME=\"$javaHome\"\n export JAVA_HOME\n fi\n fi\nfi\n\nif [ -z \"$JAVACMD\" ] ; then\n if [ -n \"$JAVA_HOME\" ] ; then\n if [ -x \"$JAVA_HOME/jre/sh/java\" ] ; then\n # IBM's JDK on AIX uses strange locations for the executables\n JAVACMD=\"$JAVA_HOME/jre/sh/java\"\n else\n JAVACMD=\"$JAVA_HOME/bin/java\"\n fi\n else\n JAVACMD=\"`which java`\"\n fi\nfi\n\nif [ ! -x \"$JAVACMD\" ] ; then\n echo \"Error: JAVA_HOME is not defined correctly.\" >&2\n echo \" We cannot execute $JAVACMD\" >&2\n exit 1\nfi\n\nif [ -z \"$JAVA_HOME\" ] ; then\n echo \"Warning: JAVA_HOME environment variable is not set.\"\nfi\n\nCLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher\n\n# traverses directory structure from process work directory to filesystem root\n# first directory with .mvn subdirectory is considered project base directory\nfind_maven_basedir() {\n\n if [ -z \"$1\" ]\n then\n echo \"Path not specified to find_maven_basedir\"\n return 1\n fi\n\n basedir=\"$1\"\n wdir=\"$1\"\n while [ \"$wdir\" != '/' ] ; do\n if [ -d \"$wdir\"/.mvn ] ; then\n basedir=$wdir\n break\n fi\n # workaround for JBEAP-8937 (on Solaris 10/Sparc)\n if [ -d \"${wdir}\" ]; then\n wdir=`cd \"$wdir/..\"; pwd`\n fi\n # end of workaround\n done\n echo \"${basedir}\"\n}\n\n# concatenates all lines of a file\nconcat_lines() {\n if [ -f \"$1\" ]; then\n echo \"$(tr -s '\\n' ' ' < \"$1\")\"\n fi\n}\n\nBASE_DIR=`find_maven_basedir \"$(pwd)\"`\nif [ -z \"$BASE_DIR\" ]; then\n exit 1;\nfi\n\n##########################################################################################\n# Extension to allow automatically downloading the maven-wrapper.jar from Maven-central\n# This allows using the maven wrapper in projects that prohibit checking in binary data.\n##########################################################################################\nif [ -r \"$BASE_DIR/.mvn/wrapper/maven-wrapper.jar\" ]; then\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \"Found .mvn/wrapper/maven-wrapper.jar\"\n fi\nelse\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \"Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ...\"\n fi\n if [ -n \"$MVNW_REPOURL\" ]; then\n jarUrl=\"$MVNW_REPOURL/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar\"\n else\n jarUrl=\"https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar\"\n fi\n while IFS=\"=\" read key value; do\n case \"$key\" in (wrapperUrl) jarUrl=\"$value\"; break ;;\n esac\n done < \"$BASE_DIR/.mvn/wrapper/maven-wrapper.properties\"\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \"Downloading from: $jarUrl\"\n fi\n wrapperJarPath=\"$BASE_DIR/.mvn/wrapper/maven-wrapper.jar\"\n if $cygwin; then\n wrapperJarPath=`cygpath --path --windows \"$wrapperJarPath\"`\n fi\n\n if command -v wget > /dev/null; then\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \"Found wget ... using wget\"\n fi\n if [ -z \"$MVNW_USERNAME\" ] || [ -z \"$MVNW_PASSWORD\" ]; then\n wget \"$jarUrl\" -O \"$wrapperJarPath\"\n else\n wget --http-user=$MVNW_USERNAME --http-password=$MVNW_PASSWORD \"$jarUrl\" -O \"$wrapperJarPath\"\n fi\n elif command -v curl > /dev/null; then\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \"Found curl ... using curl\"\n fi\n if [ -z \"$MVNW_USERNAME\" ] || [ -z \"$MVNW_PASSWORD\" ]; then\n curl -o \"$wrapperJarPath\" \"$jarUrl\" -f\n else\n curl --user $MVNW_USERNAME:$MVNW_PASSWORD -o \"$wrapperJarPath\" \"$jarUrl\" -f\n fi\n\n else\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \"Falling back to using Java to download\"\n fi\n javaClass=\"$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java\"\n # For Cygwin, switch paths to Windows format before running javac\n if $cygwin; then\n javaClass=`cygpath --path --windows \"$javaClass\"`\n fi\n if [ -e \"$javaClass\" ]; then\n if [ ! -e \"$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class\" ]; then\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \" - Compiling MavenWrapperDownloader.java ...\"\n fi\n # Compiling the Java class\n (\"$JAVA_HOME/bin/javac\" \"$javaClass\")\n fi\n if [ -e \"$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class\" ]; then\n # Running the downloader\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \" - Running MavenWrapperDownloader.java ...\"\n fi\n (\"$JAVA_HOME/bin/java\" -cp .mvn/wrapper MavenWrapperDownloader \"$MAVEN_PROJECTBASEDIR\")\n fi\n fi\n fi\nfi\n##########################################################################################\n# End of extension\n##########################################################################################\n\nexport MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-\"$BASE_DIR\"}\nif [ \"$MVNW_VERBOSE\" = true ]; then\n echo $MAVEN_PROJECTBASEDIR\nfi\nMAVEN_OPTS=\"$(concat_lines \"$MAVEN_PROJECTBASEDIR/.mvn/jvm.config\") $MAVEN_OPTS\"\n\n# For Cygwin, switch paths to Windows format before running java\nif $cygwin; then\n [ -n \"$M2_HOME\" ] &&\n M2_HOME=`cygpath --path --windows \"$M2_HOME\"`\n [ -n \"$JAVA_HOME\" ] &&\n JAVA_HOME=`cygpath --path --windows \"$JAVA_HOME\"`\n [ -n \"$CLASSPATH\" ] &&\n CLASSPATH=`cygpath --path --windows \"$CLASSPATH\"`\n [ -n \"$MAVEN_PROJECTBASEDIR\" ] &&\n MAVEN_PROJECTBASEDIR=`cygpath --path --windows \"$MAVEN_PROJECTBASEDIR\"`\nfi\n\n# Provide a \"standardized\" way to retrieve the CLI args that will\n# work with both Windows and non-Windows executions.\nMAVEN_CMD_LINE_ARGS=\"$MAVEN_CONFIG $@\"\nexport MAVEN_CMD_LINE_ARGS\n\nWRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain\n\nexec \"$JAVACMD\" \\\n $MAVEN_OPTS \\\n -classpath \"$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar\" \\\n \"-Dmaven.home=${M2_HOME}\" \"-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}\" \\\n ${WRAPPER_LAUNCHER} $MAVEN_CONFIG \"$@\"\n"
},
{
"path": "apps/backend-api-springboot3/mvnw.cmd",
"content": "@REM ----------------------------------------------------------------------------\n@REM Licensed to the Apache Software Foundation (ASF) under one\n@REM or more contributor license agreements. See the NOTICE file\n@REM distributed with this work for additional information\n@REM regarding copyright ownership. The ASF licenses this file\n@REM to you under the Apache License, Version 2.0 (the\n@REM \"License\"); you may not use this file except in compliance\n@REM with the License. You may obtain a copy of the License at\n@REM\n@REM https://www.apache.org/licenses/LICENSE-2.0\n@REM\n@REM Unless required by applicable law or agreed to in writing,\n@REM software distributed under the License is distributed on an\n@REM \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n@REM KIND, either express or implied. See the License for the\n@REM specific language governing permissions and limitations\n@REM under the License.\n@REM ----------------------------------------------------------------------------\n\n@REM ----------------------------------------------------------------------------\n@REM Maven Start Up Batch script\n@REM\n@REM Required ENV vars:\n@REM JAVA_HOME - location of a JDK home dir\n@REM\n@REM Optional ENV vars\n@REM M2_HOME - location of maven2's installed home dir\n@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands\n@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending\n@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven\n@REM e.g. to debug Maven itself, use\n@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000\n@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files\n@REM ----------------------------------------------------------------------------\n\n@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'\n@echo off\n@REM set title of command window\ntitle %0\n@REM enable echoing by setting MAVEN_BATCH_ECHO to 'on'\n@if \"%MAVEN_BATCH_ECHO%\" == \"on\" echo %MAVEN_BATCH_ECHO%\n\n@REM set %HOME% to equivalent of $HOME\nif \"%HOME%\" == \"\" (set \"HOME=%HOMEDRIVE%%HOMEPATH%\")\n\n@REM Execute a user defined script before this one\nif not \"%MAVEN_SKIP_RC%\" == \"\" goto skipRcPre\n@REM check for pre script, once with legacy .bat ending and once with .cmd ending\nif exist \"%HOME%\\mavenrc_pre.bat\" call \"%HOME%\\mavenrc_pre.bat\"\nif exist \"%HOME%\\mavenrc_pre.cmd\" call \"%HOME%\\mavenrc_pre.cmd\"\n:skipRcPre\n\n@setlocal\n\nset ERROR_CODE=0\n\n@REM To isolate internal variables from possible post scripts, we use another setlocal\n@setlocal\n\n@REM ==== START VALIDATION ====\nif not \"%JAVA_HOME%\" == \"\" goto OkJHome\n\necho.\necho Error: JAVA_HOME not found in your environment. >&2\necho Please set the JAVA_HOME variable in your environment to match the >&2\necho location of your Java installation. >&2\necho.\ngoto error\n\n:OkJHome\nif exist \"%JAVA_HOME%\\bin\\java.exe\" goto init\n\necho.\necho Error: JAVA_HOME is set to an invalid directory. >&2\necho JAVA_HOME = \"%JAVA_HOME%\" >&2\necho Please set the JAVA_HOME variable in your environment to match the >&2\necho location of your Java installation. >&2\necho.\ngoto error\n\n@REM ==== END VALIDATION ====\n\n:init\n\n@REM Find the project base dir, i.e. the directory that contains the folder \".mvn\".\n@REM Fallback to current working directory if not found.\n\nset MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%\nIF NOT \"%MAVEN_PROJECTBASEDIR%\"==\"\" goto endDetectBaseDir\n\nset EXEC_DIR=%CD%\nset WDIR=%EXEC_DIR%\n:findBaseDir\nIF EXIST \"%WDIR%\"\\.mvn goto baseDirFound\ncd ..\nIF \"%WDIR%\"==\"%CD%\" goto baseDirNotFound\nset WDIR=%CD%\ngoto findBaseDir\n\n:baseDirFound\nset MAVEN_PROJECTBASEDIR=%WDIR%\ncd \"%EXEC_DIR%\"\ngoto endDetectBaseDir\n\n:baseDirNotFound\nset MAVEN_PROJECTBASEDIR=%EXEC_DIR%\ncd \"%EXEC_DIR%\"\n\n:endDetectBaseDir\n\nIF NOT EXIST \"%MAVEN_PROJECTBASEDIR%\\.mvn\\jvm.config\" goto endReadAdditionalConfig\n\n@setlocal EnableExtensions EnableDelayedExpansion\nfor /F \"usebackq delims=\" %%a in (\"%MAVEN_PROJECTBASEDIR%\\.mvn\\jvm.config\") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a\n@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%\n\n:endReadAdditionalConfig\n\nSET MAVEN_JAVA_EXE=\"%JAVA_HOME%\\bin\\java.exe\"\nset WRAPPER_JAR=\"%MAVEN_PROJECTBASEDIR%\\.mvn\\wrapper\\maven-wrapper.jar\"\nset WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain\n\nset DOWNLOAD_URL=\"https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar\"\n\nFOR /F \"tokens=1,2 delims==\" %%A IN (\"%MAVEN_PROJECTBASEDIR%\\.mvn\\wrapper\\maven-wrapper.properties\") DO (\n IF \"%%A\"==\"wrapperUrl\" SET DOWNLOAD_URL=%%B\n)\n\n@REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central\n@REM This allows using the maven wrapper in projects that prohibit checking in binary data.\nif exist %WRAPPER_JAR% (\n if \"%MVNW_VERBOSE%\" == \"true\" (\n echo Found %WRAPPER_JAR%\n )\n) else (\n if not \"%MVNW_REPOURL%\" == \"\" (\n SET DOWNLOAD_URL=\"%MVNW_REPOURL%/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar\"\n )\n if \"%MVNW_VERBOSE%\" == \"true\" (\n echo Couldn't find %WRAPPER_JAR%, downloading it ...\n echo Downloading from: %DOWNLOAD_URL%\n )\n\n powershell -Command \"&{\"^\n\t\t\"$webclient = new-object System.Net.WebClient;\"^\n\t\t\"if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {\"^\n\t\t\"$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');\"^\n\t\t\"}\"^\n\t\t\"[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')\"^\n\t\t\"}\"\n if \"%MVNW_VERBOSE%\" == \"true\" (\n echo Finished downloading %WRAPPER_JAR%\n )\n)\n@REM End of extension\n\n@REM Provide a \"standardized\" way to retrieve the CLI args that will\n@REM work with both Windows and non-Windows executions.\nset MAVEN_CMD_LINE_ARGS=%*\n\n%MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% \"-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%\" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*\nif ERRORLEVEL 1 goto error\ngoto end\n\n:error\nset ERROR_CODE=1\n\n:end\n@endlocal & set ERROR_CODE=%ERROR_CODE%\n\nif not \"%MAVEN_SKIP_RC%\" == \"\" goto skipRcPost\n@REM check for post script, once with legacy .bat ending and once with .cmd ending\nif exist \"%HOME%\\mavenrc_post.bat\" call \"%HOME%\\mavenrc_post.bat\"\nif exist \"%HOME%\\mavenrc_post.cmd\" call \"%HOME%\\mavenrc_post.cmd\"\n:skipRcPost\n\n@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'\nif \"%MAVEN_BATCH_PAUSE%\" == \"on\" pause\n\nif \"%MAVEN_TERMINATE_CMD%\" == \"on\" exit %ERROR_CODE%\n\nexit /B %ERROR_CODE%\n"
},
{
"path": "apps/backend-api-springboot3/pom.xml",
"content": "\n\n 4.0.0\n \n org.springframework.boot\n spring-boot-starter-parent\n 3.4.7\n \n \n com.example\n backend-api-springboot3\n 0.0.1-SNAPSHOT\n backend-api-springboot3\n backend-api-springboot3\n \n 17\n \n \n \n org.springframework.boot\n spring-boot-starter-oauth2-resource-server\n \n \n org.springframework.boot\n spring-boot-starter-web\n \n\n \n org.springframework.boot\n spring-boot-devtools\n runtime\n true\n \n\n \n org.projectlombok\n lombok\n \n\n \n org.springframework.boot\n spring-boot-starter-test\n test\n \n \n\n \n \n \n org.springframework.boot\n spring-boot-maven-plugin\n \n \n \n \n \n spring-milestones\n Spring Milestones\n https://repo.spring.io/milestone\n \n false\n \n \n \n \n \n spring-milestones\n Spring Milestones\n https://repo.spring.io/milestone\n \n false\n \n \n \n\n\n"
},
{
"path": "apps/backend-api-springboot3/src/main/java/com/acme/backend/springboot/users/BackendApiSpringboot3App.java",
"content": "package com.acme.backend.springboot.users;\n\nimport org.springframework.boot.SpringApplication;\nimport org.springframework.boot.autoconfigure.SpringBootApplication;\nimport org.springframework.boot.context.properties.ConfigurationPropertiesScan;\n\n@SpringBootApplication\n@ConfigurationPropertiesScan\npublic class BackendApiSpringboot3App {\n\n\tpublic static void main(String[] args) {\n\t\tSpringApplication.run(BackendApiSpringboot3App.class, args);\n\t}\n\n}\n"
},
{
"path": "apps/backend-api-springboot3/src/main/java/com/acme/backend/springboot/users/config/AcmeServiceProperties.java",
"content": "package com.acme.backend.springboot.users.config;\n\nimport lombok.Getter;\nimport lombok.Setter;\nimport org.springframework.boot.context.properties.ConfigurationProperties;\nimport org.springframework.stereotype.Component;\n\nimport java.util.List;\n\n@Getter\n@Setter\n@Component\n@ConfigurationProperties(prefix = \"acme\")\npublic class AcmeServiceProperties {\n\n private KeycloakJwtProperties jwt = new KeycloakJwtProperties();\n\n /**\n * Specifies JWT client ID, issuer URI and allowed audiences\n * for validation\n */\n @Getter\n @Setter\n public static class KeycloakJwtProperties {\n\n private String clientId;\n\n private String issuerUri;\n\n private List allowedAudiences;\n }\n\n}\n"
},
{
"path": "apps/backend-api-springboot3/src/main/java/com/acme/backend/springboot/users/config/JwtSecurityConfig.java",
"content": "package com.acme.backend.springboot.users.config;\n\nimport com.acme.backend.springboot.users.support.keycloak.KeycloakGrantedAuthoritiesConverter;\nimport com.acme.backend.springboot.users.support.keycloak.KeycloakJwtAuthenticationConverter;\nimport org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;\nimport org.springframework.context.annotation.Bean;\nimport org.springframework.context.annotation.Configuration;\nimport org.springframework.core.convert.converter.Converter;\nimport org.springframework.security.core.GrantedAuthority;\nimport org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;\nimport org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator;\nimport org.springframework.security.oauth2.core.OAuth2TokenValidator;\nimport org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;\nimport org.springframework.security.oauth2.jwt.Jwt;\nimport org.springframework.security.oauth2.jwt.JwtDecoder;\nimport org.springframework.security.oauth2.jwt.JwtIssuerValidator;\nimport org.springframework.security.oauth2.jwt.JwtTimestampValidator;\nimport org.springframework.security.oauth2.jwt.NimbusJwtDecoder;\n\nimport java.util.ArrayList;\nimport java.util.Collection;\nimport java.util.List;\nimport java.util.Set;\n\n/**\n * Configures JWT handling (decoder and validator)\n */\n@Configuration\nclass JwtSecurityConfig {\n\n /**\n * Configures a decoder with the specified validators (validation key fetched from JWKS endpoint)\n *\n * @param validators validators for the given key\n * @param properties key properties (provides JWK location)\n * @return the decoder bean\n */\n @Bean\n JwtDecoder jwtDecoder(List> validators, OAuth2ResourceServerProperties properties) {\n\n NimbusJwtDecoder jwtDecoder = NimbusJwtDecoder //\n .withJwkSetUri(properties.getJwt().getJwkSetUri()) //\n .jwsAlgorithms(algs -> algs.addAll(Set.of(SignatureAlgorithm.RS256, SignatureAlgorithm.ES256))) //\n .build();\n\n jwtDecoder.setJwtValidator(new DelegatingOAuth2TokenValidator<>(validators));\n\n return jwtDecoder;\n }\n\n /**\n * Configures the token validator. Specifies two additional validation constraints:\n *
\n * * Timestamp on the token is still valid\n * * The issuer is the expected entity\n *\n * @param properties JWT resource specification\n * @return token validator\n */\n @Bean\n OAuth2TokenValidator defaultTokenValidator(OAuth2ResourceServerProperties properties) {\n\n List> validators = new ArrayList<>();\n validators.add(new JwtTimestampValidator());\n validators.add(new JwtIssuerValidator(properties.getJwt().getIssuerUri()));\n\n return new DelegatingOAuth2TokenValidator<>(validators);\n }\n\n @Bean\n KeycloakJwtAuthenticationConverter keycloakJwtAuthenticationConverter(Converter> authoritiesConverter) {\n return new KeycloakJwtAuthenticationConverter(authoritiesConverter);\n }\n\n @Bean\n Converter> keycloakGrantedAuthoritiesConverter(GrantedAuthoritiesMapper authoritiesMapper, AcmeServiceProperties acmeServiceProperties) {\n String clientId = acmeServiceProperties.getJwt().getClientId();\n return new KeycloakGrantedAuthoritiesConverter(clientId, authoritiesMapper);\n }\n\n}\n"
},
{
"path": "apps/backend-api-springboot3/src/main/java/com/acme/backend/springboot/users/config/MethodSecurityConfig.java",
"content": "package com.acme.backend.springboot.users.config;\n\nimport lombok.RequiredArgsConstructor;\nimport org.springframework.context.ApplicationContext;\nimport org.springframework.context.annotation.Bean;\nimport org.springframework.context.annotation.Configuration;\nimport org.springframework.security.access.PermissionEvaluator;\nimport org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;\nimport org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;\nimport org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;\nimport org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;\nimport org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;\n\n\n/**\n * Enables security annotations via like {@link org.springframework.security.access.prepost.PreAuthorize} and\n * {@link org.springframework.security.access.prepost.PostAuthorize} annotations per-method.\n */\n@Configuration\n@RequiredArgsConstructor\n@EnableMethodSecurity\nclass MethodSecurityConfig {\n\n private final ApplicationContext applicationContext;\n\n private final PermissionEvaluator permissionEvaluator;\n\n @Bean\n MethodSecurityExpressionHandler customMethodSecurityExpressionHandler() {\n\n var expressionHandler = new DefaultMethodSecurityExpressionHandler();\n expressionHandler.setApplicationContext(applicationContext);\n expressionHandler.setPermissionEvaluator(permissionEvaluator);\n return expressionHandler;\n }\n\n @Bean\n GrantedAuthoritiesMapper keycloakAuthoritiesMapper() {\n\n var mapper = new SimpleAuthorityMapper();\n mapper.setConvertToUpperCase(true);\n return mapper;\n }\n\n}"
},
{
"path": "apps/backend-api-springboot3/src/main/java/com/acme/backend/springboot/users/config/WebSecurityConfig.java",
"content": "package com.acme.backend.springboot.users.config;\n\nimport com.acme.backend.springboot.users.support.access.AccessController;\nimport com.acme.backend.springboot.users.support.keycloak.KeycloakJwtAuthenticationConverter;\nimport lombok.RequiredArgsConstructor;\nimport org.springframework.context.annotation.Bean;\nimport org.springframework.context.annotation.Configuration;\nimport org.springframework.security.config.annotation.web.builders.HttpSecurity;\nimport org.springframework.security.config.annotation.web.configurers.CorsConfigurer;\nimport org.springframework.security.config.http.SessionCreationPolicy;\nimport org.springframework.security.web.SecurityFilterChain;\nimport org.springframework.web.cors.CorsConfiguration;\nimport org.springframework.web.cors.UrlBasedCorsConfigurationSource;\n\nimport java.util.List;\n\n/**\n * Configuration applied on all web endpoints defined for this\n * application. Any configuration on specific resources is applied\n * in addition to these global rules.\n */\n@Configuration\n@RequiredArgsConstructor\nclass WebSecurityConfig {\n\n private final KeycloakJwtAuthenticationConverter keycloakJwtAuthenticationConverter;\n\n /**\n * Configures basic security handler per HTTP session.\n *
\n *
\n *
Stateless session (no session kept server-side)
\n *
CORS set up
\n *
Require the role \"ACCESS\" for all api paths
\n *
JWT converted into Spring token
\n *
\n *\n * @param http security configuration\n * @throws Exception any error\n */\n @Bean\n public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {\n\n http.sessionManagement(smc -> {\n smc.sessionCreationPolicy(SessionCreationPolicy.STATELESS);\n });\n http.cors(this::configureCors);\n http.authorizeHttpRequests(ahrc -> {\n // declarative route configuration\n // .mvcMatchers(\"/api\").hasAuthority(\"ROLE_ACCESS\")\n ahrc.requestMatchers(\"/api/**\").access(AccessController::checkAccess);\n // add additional routes\n ahrc.anyRequest().fullyAuthenticated(); //\n });\n http.oauth2ResourceServer(arsc -> {\n arsc.jwt(jc -> {\n jc.jwtAuthenticationConverter(keycloakJwtAuthenticationConverter);\n });\n });\n\n return http.build();\n }\n\n @Bean\n AccessController accessController() {\n return new AccessController();\n }\n\n /**\n * Configures CORS to allow requests from localhost:30000\n *\n * @param cors mutable cors configuration\n */\n protected void configureCors(CorsConfigurer cors) {\n\n UrlBasedCorsConfigurationSource defaultUrlBasedCorsConfigSource = new UrlBasedCorsConfigurationSource();\n CorsConfiguration corsConfiguration = new CorsConfiguration().applyPermitDefaultValues();\n corsConfiguration.addAllowedOrigin(\"https://apps.acme.test:4443\");\n List.of(\"GET\", \"POST\", \"PUT\", \"DELETE\").forEach(corsConfiguration::addAllowedMethod);\n defaultUrlBasedCorsConfigSource.registerCorsConfiguration(\"/api/**\", corsConfiguration);\n\n cors.configurationSource(req -> {\n\n CorsConfiguration config = new CorsConfiguration();\n\n config = config.combine(defaultUrlBasedCorsConfigSource.getCorsConfiguration(req));\n\n // check if request Header \"origin\" is in white-list -> dynamically generate cors config\n\n return config;\n });\n }\n}"
},
{
"path": "apps/backend-api-springboot3/src/main/java/com/acme/backend/springboot/users/support/access/AccessController.java",
"content": "package com.acme.backend.springboot.users.support.access;\n\nimport lombok.extern.slf4j.Slf4j;\nimport org.springframework.security.authorization.AuthorizationDecision;\nimport org.springframework.security.core.Authentication;\nimport org.springframework.security.web.access.intercept.RequestAuthorizationContext;\n\nimport java.util.function.Supplier;\n\n/**\n * Example for generic custom access checks on request level.\n */\n@Slf4j\npublic class AccessController {\n\n private static final AuthorizationDecision GRANTED = new AuthorizationDecision(true);\n private static final AuthorizationDecision DENIED = new AuthorizationDecision(false);\n\n public static AuthorizationDecision checkAccess(Supplier authentication, RequestAuthorizationContext requestContext) {\n\n var auth = authentication.get();\n log.info(\"Check access for username={} path={}\", auth.getName(), requestContext.getRequest().getRequestURI());\n\n return GRANTED;\n }\n}\n"
},
{
"path": "apps/backend-api-springboot3/src/main/java/com/acme/backend/springboot/users/support/keycloak/KeycloakAudienceValidator.java",
"content": "package com.acme.backend.springboot.users.support.keycloak;\n\nimport lombok.RequiredArgsConstructor;\nimport org.springframework.security.oauth2.core.OAuth2Error;\nimport org.springframework.security.oauth2.core.OAuth2TokenValidator;\nimport org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;\nimport org.springframework.security.oauth2.jwt.Jwt;\nimport org.springframework.stereotype.Component;\n\n/**\n * Example class for custom audience (aud) or authorized party (azp) claim validations.\n */\n@Component\n@RequiredArgsConstructor\nclass KeycloakAudienceValidator implements OAuth2TokenValidator {\n\n private final OAuth2Error ERROR_INVALID_AUDIENCE = new OAuth2Error(\"invalid_token\", \"Invalid audience\", null);\n\n @Override\n public OAuth2TokenValidatorResult validate(Jwt jwt) {\n\n// String authorizedParty = jwt.getClaimAsString(\"azp\");\n//\n// if (!keycloakDataServiceProperties.getJwt().getAllowedAudiences().contains(authorizedParty)) {\n// return OAuth2TokenValidatorResult.failure(ERROR_INVALID_AUDIENCE);\n// }\n\n return OAuth2TokenValidatorResult.success();\n }\n}\n"
},
{
"path": "apps/backend-api-springboot3/src/main/java/com/acme/backend/springboot/users/support/keycloak/KeycloakGrantedAuthoritiesConverter.java",
"content": "package com.acme.backend.springboot.users.support.keycloak;\n\nimport org.springframework.core.convert.converter.Converter;\nimport org.springframework.security.core.GrantedAuthority;\nimport org.springframework.security.core.authority.SimpleGrantedAuthority;\nimport org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;\nimport org.springframework.security.oauth2.jwt.Jwt;\nimport org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;\nimport org.springframework.util.CollectionUtils;\n\nimport java.util.ArrayList;\nimport java.util.Collection;\nimport java.util.Collections;\nimport java.util.List;\nimport java.util.Map;\nimport java.util.Set;\nimport java.util.stream.Collectors;\n\n/**\n * Allows to extract granted authorities from a given JWT. The authorities\n * are determined by combining the realm (overarching) and client (application-specific)\n * roles, and normalizing them (configure them to the default format).\n */\npublic class KeycloakGrantedAuthoritiesConverter implements Converter> {\n\n private static final Converter> JWT_SCOPE_GRANTED_AUTHORITIES_CONVERTER = new JwtGrantedAuthoritiesConverter();\n\n private final String clientId;\n\n private final GrantedAuthoritiesMapper authoritiesMapper;\n\n public KeycloakGrantedAuthoritiesConverter(String clientId, GrantedAuthoritiesMapper authoritiesMapper) {\n this.clientId = clientId;\n this.authoritiesMapper = authoritiesMapper;\n }\n\n @Override\n public Collection convert(Jwt jwt) {\n\n Collection authorities = mapKeycloakRolesToAuthorities( //\n getRealmRolesFrom(jwt), //\n getClientRolesFrom(jwt, clientId) //\n );\n\n Collection scopeAuthorities = JWT_SCOPE_GRANTED_AUTHORITIES_CONVERTER.convert(jwt);\n if(!CollectionUtils.isEmpty(scopeAuthorities)) {\n authorities.addAll(scopeAuthorities);\n }\n\n return authorities;\n }\n\n protected Collection mapKeycloakRolesToAuthorities(Set realmRoles, Set clientRoles) {\n\n List combinedAuthorities = new ArrayList<>();\n\n combinedAuthorities.addAll(authoritiesMapper.mapAuthorities(realmRoles.stream() //\n .map(SimpleGrantedAuthority::new) //\n .collect(Collectors.toList())));\n\n combinedAuthorities.addAll(authoritiesMapper.mapAuthorities(clientRoles.stream() //\n .map(SimpleGrantedAuthority::new) //\n .collect(Collectors.toList())));\n\n return combinedAuthorities;\n }\n\n protected Set getRealmRolesFrom(Jwt jwt) {\n\n Map realmAccess = jwt.getClaimAsMap(\"realm_access\");\n\n if (CollectionUtils.isEmpty(realmAccess)) {\n return Collections.emptySet();\n }\n\n @SuppressWarnings(\"unchecked\")\n Collection realmRoles = (Collection) realmAccess.get(\"roles\");\n if (CollectionUtils.isEmpty(realmRoles)) {\n return Collections.emptySet();\n }\n\n return realmRoles.stream().map(this::normalizeRole).collect(Collectors.toSet());\n }\n\n protected Set getClientRolesFrom(Jwt jwt, String clientId) {\n\n Map resourceAccess = jwt.getClaimAsMap(\"resource_access\");\n\n if (CollectionUtils.isEmpty(resourceAccess)) {\n return Collections.emptySet();\n }\n\n @SuppressWarnings(\"unchecked\")\n Map> clientAccess = (Map>) resourceAccess.get(clientId);\n if (CollectionUtils.isEmpty(clientAccess)) {\n return Collections.emptySet();\n }\n\n List clientRoles = clientAccess.get(\"roles\");\n if (CollectionUtils.isEmpty(clientRoles)) {\n return Collections.emptySet();\n }\n\n return clientRoles.stream().map(this::normalizeRole).collect(Collectors.toSet());\n }\n\n private String normalizeRole(String role) {\n return role.replace('-', '_');\n }\n}\n"
},
{
"path": "apps/backend-api-springboot3/src/main/java/com/acme/backend/springboot/users/support/keycloak/KeycloakJwtAuthenticationConverter.java",
"content": "package com.acme.backend.springboot.users.support.keycloak;\n\nimport lombok.RequiredArgsConstructor;\nimport org.springframework.core.convert.converter.Converter;\nimport org.springframework.security.authentication.AbstractAuthenticationToken;\nimport org.springframework.security.core.GrantedAuthority;\nimport org.springframework.security.oauth2.jwt.Jwt;\nimport org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;\n\nimport java.util.Collection;\n\n/**\n * Converts a JWT into a Spring authentication token (by extracting\n * the username and roles from the claims of the token, delegating\n * to the {@link KeycloakGrantedAuthoritiesConverter})\n */\n@RequiredArgsConstructor\npublic class KeycloakJwtAuthenticationConverter implements Converter {\n\n private Converter> grantedAuthoritiesConverter;\n\n public KeycloakJwtAuthenticationConverter(Converter> grantedAuthoritiesConverter) {\n this.grantedAuthoritiesConverter = grantedAuthoritiesConverter;\n }\n\n @Override\n public JwtAuthenticationToken convert(Jwt jwt) {\n\n Collection authorities = grantedAuthoritiesConverter.convert(jwt);\n String username = getUsernameFrom(jwt);\n\n return new JwtAuthenticationToken(jwt, authorities, username);\n }\n\n protected String getUsernameFrom(Jwt jwt) {\n\n if (jwt.hasClaim(\"preferred_username\")) {\n return jwt.getClaimAsString(\"preferred_username\");\n }\n\n return jwt.getSubject();\n }\n}\n"
},
{
"path": "apps/backend-api-springboot3/src/main/java/com/acme/backend/springboot/users/support/permissions/DefaultPermissionEvaluator.java",
"content": "package com.acme.backend.springboot.users.support.permissions;\n\nimport lombok.RequiredArgsConstructor;\nimport lombok.extern.slf4j.Slf4j;\nimport org.springframework.security.access.PermissionEvaluator;\nimport org.springframework.security.core.Authentication;\nimport org.springframework.stereotype.Component;\n\nimport java.io.Serializable;\n\n/**\n * Custom {@link PermissionEvaluator} for method level permission checks.\n *\n * @see com.acme.backend.springboot.users.config.MethodSecurityConfig\n */\n@Slf4j\n@Component\n@RequiredArgsConstructor\nclass DefaultPermissionEvaluator implements PermissionEvaluator {\n\n @Override\n public boolean hasPermission(Authentication auth, Object targetDomainObject, Object permission) {\n log.info(\"check permission user={} target={} permission={}\", auth.getName(), targetDomainObject, permission);\n\n // TODO implement sophisticated permission check here\n return true;\n }\n\n @Override\n public boolean hasPermission(Authentication auth, Serializable targetId, String targetType, Object permission) {\n DomainObjectReference dor = new DomainObjectReference(targetType, targetId.toString());\n return hasPermission(auth, dor, permission);\n }\n}\n"
},
{
"path": "apps/backend-api-springboot3/src/main/java/com/acme/backend/springboot/users/support/permissions/DomainObjectReference.java",
"content": "package com.acme.backend.springboot.users.support.permissions;\n\nimport lombok.Data;\n\n/**\n * Defines a single domain object by a type and name to look up\n */\n@Data\npublic class DomainObjectReference {\n\n private final String type;\n\n private final String id;\n}\n"
},
{
"path": "apps/backend-api-springboot3/src/main/java/com/acme/backend/springboot/users/web/UsersController.java",
"content": "package com.acme.backend.springboot.users.web;\n\nimport lombok.extern.slf4j.Slf4j;\nimport org.springframework.security.core.Authentication;\nimport org.springframework.web.bind.annotation.GetMapping;\nimport org.springframework.web.bind.annotation.RequestMapping;\nimport org.springframework.web.bind.annotation.RestController;\nimport org.springframework.web.context.request.ServletWebRequest;\n\nimport java.time.Instant;\nimport java.util.HashMap;\nimport java.util.Map;\n\n@Slf4j\n@RestController\n@RequestMapping(\"/api/users\")\nclass UsersController {\n\n @GetMapping(\"/me\")\n public Object me(ServletWebRequest request, Authentication authentication) {\n\n log.info(\"### Accessing {}\", request.getRequest().getRequestURI());\n\n Object username = authentication.getName();\n\n Map data = new HashMap<>();\n data.put(\"message\", \"Hello \" + username);\n data.put(\"backend\", \"Spring Boot 3\");\n data.put(\"datetime\", Instant.now());\n return data;\n }\n}\n\n"
},
{
"path": "apps/backend-api-springboot3/src/main/resources/application.yml",
"content": "spring:\n jackson:\n serialization:\n write-dates-as-timestamps: false\n deserialization:\n # deals with single and multi-valued JWT claims\n accept-single-value-as-array: true\n security:\n oauth2:\n resourceserver:\n jwt:\n issuer-uri: ${acme.jwt.issuerUri}\n jwk-set-uri: ${acme.jwt.issuerUri}/protocol/openid-connect/certs\n# Use mock-service jwks-endpoint to obtain public key for testing\n# jwk-set-uri: http://localhost:9999/jwks\n\nacme:\n jwt:\n issuerUri: https://id.acme.test:8443/auth/realms/acme-internal\n\nserver:\n port: 4623\n ssl:\n enabled: true\n key-store: ../../config/stage/dev/tls/acme.test+1.p12\n key-store-password: changeit\n key-store-type: PKCS12"
},
{
"path": "apps/backend-api-springboot3/src/test/java/com/acme/backend/springboot/users/BackendApiSpringboot3AppTests.java",
"content": "package com.acme.backend.springboot.users;\n\nimport org.junit.jupiter.api.Test;\nimport org.springframework.boot.test.context.SpringBootTest;\n\n@SpringBootTest\nclass BackendApiSpringboot3AppTests {\n\n\t@Test\n\tvoid contextLoads() {\n\t}\n\n}\n"
},
{
"path": "apps/bff-springboot/.gitignore",
"content": "HELP.md\ntarget/\n!.mvn/wrapper/maven-wrapper.jar\n!**/src/main/**/target/\n!**/src/test/**/target/\n\n### STS ###\n.apt_generated\n.classpath\n.factorypath\n.project\n.settings\n.springBeans\n.sts4-cache\n\n### IntelliJ IDEA ###\n.idea\n*.iws\n*.iml\n*.ipr\n\n### NetBeans ###\n/nbproject/private/\n/nbbuild/\n/dist/\n/nbdist/\n/.nb-gradle/\nbuild/\n!**/src/main/**/build/\n!**/src/test/**/build/\n\n### VS Code ###\n.vscode/\n"
},
{
"path": "apps/bff-springboot/.mvn/wrapper/maven-wrapper.properties",
"content": "distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.4/apache-maven-3.8.4-bin.zip\nwrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar\n"
},
{
"path": "apps/bff-springboot/mvnw",
"content": "#!/bin/sh\n# ----------------------------------------------------------------------------\n# Licensed to the Apache Software Foundation (ASF) under one\n# or more contributor license agreements. See the NOTICE file\n# distributed with this work for additional information\n# regarding copyright ownership. The ASF licenses this file\n# to you under the Apache License, Version 2.0 (the\n# \"License\"); you may not use this file except in compliance\n# with the License. You may obtain a copy of the License at\n#\n# https://www.apache.org/licenses/LICENSE-2.0\n#\n# Unless required by applicable law or agreed to in writing,\n# software distributed under the License is distributed on an\n# \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n# KIND, either express or implied. See the License for the\n# specific language governing permissions and limitations\n# under the License.\n# ----------------------------------------------------------------------------\n\n# ----------------------------------------------------------------------------\n# Maven Start Up Batch script\n#\n# Required ENV vars:\n# ------------------\n# JAVA_HOME - location of a JDK home dir\n#\n# Optional ENV vars\n# -----------------\n# M2_HOME - location of maven2's installed home dir\n# MAVEN_OPTS - parameters passed to the Java VM when running Maven\n# e.g. to debug Maven itself, use\n# set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000\n# MAVEN_SKIP_RC - flag to disable loading of mavenrc files\n# ----------------------------------------------------------------------------\n\nif [ -z \"$MAVEN_SKIP_RC\" ] ; then\n\n if [ -f /usr/local/etc/mavenrc ] ; then\n . /usr/local/etc/mavenrc\n fi\n\n if [ -f /etc/mavenrc ] ; then\n . /etc/mavenrc\n fi\n\n if [ -f \"$HOME/.mavenrc\" ] ; then\n . \"$HOME/.mavenrc\"\n fi\n\nfi\n\n# OS specific support. $var _must_ be set to either true or false.\ncygwin=false;\ndarwin=false;\nmingw=false\ncase \"`uname`\" in\n CYGWIN*) cygwin=true ;;\n MINGW*) mingw=true;;\n Darwin*) darwin=true\n # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home\n # See https://developer.apple.com/library/mac/qa/qa1170/_index.html\n if [ -z \"$JAVA_HOME\" ]; then\n if [ -x \"/usr/libexec/java_home\" ]; then\n export JAVA_HOME=\"`/usr/libexec/java_home`\"\n else\n export JAVA_HOME=\"/Library/Java/Home\"\n fi\n fi\n ;;\nesac\n\nif [ -z \"$JAVA_HOME\" ] ; then\n if [ -r /etc/gentoo-release ] ; then\n JAVA_HOME=`java-config --jre-home`\n fi\nfi\n\nif [ -z \"$M2_HOME\" ] ; then\n ## resolve links - $0 may be a link to maven's home\n PRG=\"$0\"\n\n # need this for relative symlinks\n while [ -h \"$PRG\" ] ; do\n ls=`ls -ld \"$PRG\"`\n link=`expr \"$ls\" : '.*-> \\(.*\\)$'`\n if expr \"$link\" : '/.*' > /dev/null; then\n PRG=\"$link\"\n else\n PRG=\"`dirname \"$PRG\"`/$link\"\n fi\n done\n\n saveddir=`pwd`\n\n M2_HOME=`dirname \"$PRG\"`/..\n\n # make it fully qualified\n M2_HOME=`cd \"$M2_HOME\" && pwd`\n\n cd \"$saveddir\"\n # echo Using m2 at $M2_HOME\nfi\n\n# For Cygwin, ensure paths are in UNIX format before anything is touched\nif $cygwin ; then\n [ -n \"$M2_HOME\" ] &&\n M2_HOME=`cygpath --unix \"$M2_HOME\"`\n [ -n \"$JAVA_HOME\" ] &&\n JAVA_HOME=`cygpath --unix \"$JAVA_HOME\"`\n [ -n \"$CLASSPATH\" ] &&\n CLASSPATH=`cygpath --path --unix \"$CLASSPATH\"`\nfi\n\n# For Mingw, ensure paths are in UNIX format before anything is touched\nif $mingw ; then\n [ -n \"$M2_HOME\" ] &&\n M2_HOME=\"`(cd \"$M2_HOME\"; pwd)`\"\n [ -n \"$JAVA_HOME\" ] &&\n JAVA_HOME=\"`(cd \"$JAVA_HOME\"; pwd)`\"\nfi\n\nif [ -z \"$JAVA_HOME\" ]; then\n javaExecutable=\"`which javac`\"\n if [ -n \"$javaExecutable\" ] && ! [ \"`expr \\\"$javaExecutable\\\" : '\\([^ ]*\\)'`\" = \"no\" ]; then\n # readlink(1) is not available as standard on Solaris 10.\n readLink=`which readlink`\n if [ ! `expr \"$readLink\" : '\\([^ ]*\\)'` = \"no\" ]; then\n if $darwin ; then\n javaHome=\"`dirname \\\"$javaExecutable\\\"`\"\n javaExecutable=\"`cd \\\"$javaHome\\\" && pwd -P`/javac\"\n else\n javaExecutable=\"`readlink -f \\\"$javaExecutable\\\"`\"\n fi\n javaHome=\"`dirname \\\"$javaExecutable\\\"`\"\n javaHome=`expr \"$javaHome\" : '\\(.*\\)/bin'`\n JAVA_HOME=\"$javaHome\"\n export JAVA_HOME\n fi\n fi\nfi\n\nif [ -z \"$JAVACMD\" ] ; then\n if [ -n \"$JAVA_HOME\" ] ; then\n if [ -x \"$JAVA_HOME/jre/sh/java\" ] ; then\n # IBM's JDK on AIX uses strange locations for the executables\n JAVACMD=\"$JAVA_HOME/jre/sh/java\"\n else\n JAVACMD=\"$JAVA_HOME/bin/java\"\n fi\n else\n JAVACMD=\"`\\\\unset -f command; \\\\command -v java`\"\n fi\nfi\n\nif [ ! -x \"$JAVACMD\" ] ; then\n echo \"Error: JAVA_HOME is not defined correctly.\" >&2\n echo \" We cannot execute $JAVACMD\" >&2\n exit 1\nfi\n\nif [ -z \"$JAVA_HOME\" ] ; then\n echo \"Warning: JAVA_HOME environment variable is not set.\"\nfi\n\nCLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher\n\n# traverses directory structure from process work directory to filesystem root\n# first directory with .mvn subdirectory is considered project base directory\nfind_maven_basedir() {\n\n if [ -z \"$1\" ]\n then\n echo \"Path not specified to find_maven_basedir\"\n return 1\n fi\n\n basedir=\"$1\"\n wdir=\"$1\"\n while [ \"$wdir\" != '/' ] ; do\n if [ -d \"$wdir\"/.mvn ] ; then\n basedir=$wdir\n break\n fi\n # workaround for JBEAP-8937 (on Solaris 10/Sparc)\n if [ -d \"${wdir}\" ]; then\n wdir=`cd \"$wdir/..\"; pwd`\n fi\n # end of workaround\n done\n echo \"${basedir}\"\n}\n\n# concatenates all lines of a file\nconcat_lines() {\n if [ -f \"$1\" ]; then\n echo \"$(tr -s '\\n' ' ' < \"$1\")\"\n fi\n}\n\nBASE_DIR=`find_maven_basedir \"$(pwd)\"`\nif [ -z \"$BASE_DIR\" ]; then\n exit 1;\nfi\n\n##########################################################################################\n# Extension to allow automatically downloading the maven-wrapper.jar from Maven-central\n# This allows using the maven wrapper in projects that prohibit checking in binary data.\n##########################################################################################\nif [ -r \"$BASE_DIR/.mvn/wrapper/maven-wrapper.jar\" ]; then\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \"Found .mvn/wrapper/maven-wrapper.jar\"\n fi\nelse\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \"Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ...\"\n fi\n if [ -n \"$MVNW_REPOURL\" ]; then\n jarUrl=\"$MVNW_REPOURL/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar\"\n else\n jarUrl=\"https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar\"\n fi\n while IFS=\"=\" read key value; do\n case \"$key\" in (wrapperUrl) jarUrl=\"$value\"; break ;;\n esac\n done < \"$BASE_DIR/.mvn/wrapper/maven-wrapper.properties\"\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \"Downloading from: $jarUrl\"\n fi\n wrapperJarPath=\"$BASE_DIR/.mvn/wrapper/maven-wrapper.jar\"\n if $cygwin; then\n wrapperJarPath=`cygpath --path --windows \"$wrapperJarPath\"`\n fi\n\n if command -v wget > /dev/null; then\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \"Found wget ... using wget\"\n fi\n if [ -z \"$MVNW_USERNAME\" ] || [ -z \"$MVNW_PASSWORD\" ]; then\n wget \"$jarUrl\" -O \"$wrapperJarPath\" || rm -f \"$wrapperJarPath\"\n else\n wget --http-user=$MVNW_USERNAME --http-password=$MVNW_PASSWORD \"$jarUrl\" -O \"$wrapperJarPath\" || rm -f \"$wrapperJarPath\"\n fi\n elif command -v curl > /dev/null; then\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \"Found curl ... using curl\"\n fi\n if [ -z \"$MVNW_USERNAME\" ] || [ -z \"$MVNW_PASSWORD\" ]; then\n curl -o \"$wrapperJarPath\" \"$jarUrl\" -f\n else\n curl --user $MVNW_USERNAME:$MVNW_PASSWORD -o \"$wrapperJarPath\" \"$jarUrl\" -f\n fi\n\n else\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \"Falling back to using Java to download\"\n fi\n javaClass=\"$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java\"\n # For Cygwin, switch paths to Windows format before running javac\n if $cygwin; then\n javaClass=`cygpath --path --windows \"$javaClass\"`\n fi\n if [ -e \"$javaClass\" ]; then\n if [ ! -e \"$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class\" ]; then\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \" - Compiling MavenWrapperDownloader.java ...\"\n fi\n # Compiling the Java class\n (\"$JAVA_HOME/bin/javac\" \"$javaClass\")\n fi\n if [ -e \"$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class\" ]; then\n # Running the downloader\n if [ \"$MVNW_VERBOSE\" = true ]; then\n echo \" - Running MavenWrapperDownloader.java ...\"\n fi\n (\"$JAVA_HOME/bin/java\" -cp .mvn/wrapper MavenWrapperDownloader \"$MAVEN_PROJECTBASEDIR\")\n fi\n fi\n fi\nfi\n##########################################################################################\n# End of extension\n##########################################################################################\n\nexport MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-\"$BASE_DIR\"}\nif [ \"$MVNW_VERBOSE\" = true ]; then\n echo $MAVEN_PROJECTBASEDIR\nfi\nMAVEN_OPTS=\"$(concat_lines \"$MAVEN_PROJECTBASEDIR/.mvn/jvm.config\") $MAVEN_OPTS\"\n\n# For Cygwin, switch paths to Windows format before running java\nif $cygwin; then\n [ -n \"$M2_HOME\" ] &&\n M2_HOME=`cygpath --path --windows \"$M2_HOME\"`\n [ -n \"$JAVA_HOME\" ] &&\n JAVA_HOME=`cygpath --path --windows \"$JAVA_HOME\"`\n [ -n \"$CLASSPATH\" ] &&\n CLASSPATH=`cygpath --path --windows \"$CLASSPATH\"`\n [ -n \"$MAVEN_PROJECTBASEDIR\" ] &&\n MAVEN_PROJECTBASEDIR=`cygpath --path --windows \"$MAVEN_PROJECTBASEDIR\"`\nfi\n\n# Provide a \"standardized\" way to retrieve the CLI args that will\n# work with both Windows and non-Windows executions.\nMAVEN_CMD_LINE_ARGS=\"$MAVEN_CONFIG $@\"\nexport MAVEN_CMD_LINE_ARGS\n\nWRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain\n\nexec \"$JAVACMD\" \\\n $MAVEN_OPTS \\\n $MAVEN_DEBUG_OPTS \\\n -classpath \"$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar\" \\\n \"-Dmaven.home=${M2_HOME}\" \\\n \"-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}\" \\\n ${WRAPPER_LAUNCHER} $MAVEN_CONFIG \"$@\"\n"
},
{
"path": "apps/bff-springboot/mvnw.cmd",
"content": "@REM ----------------------------------------------------------------------------\n@REM Licensed to the Apache Software Foundation (ASF) under one\n@REM or more contributor license agreements. See the NOTICE file\n@REM distributed with this work for additional information\n@REM regarding copyright ownership. The ASF licenses this file\n@REM to you under the Apache License, Version 2.0 (the\n@REM \"License\"); you may not use this file except in compliance\n@REM with the License. You may obtain a copy of the License at\n@REM\n@REM https://www.apache.org/licenses/LICENSE-2.0\n@REM\n@REM Unless required by applicable law or agreed to in writing,\n@REM software distributed under the License is distributed on an\n@REM \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY\n@REM KIND, either express or implied. See the License for the\n@REM specific language governing permissions and limitations\n@REM under the License.\n@REM ----------------------------------------------------------------------------\n\n@REM ----------------------------------------------------------------------------\n@REM Maven Start Up Batch script\n@REM\n@REM Required ENV vars:\n@REM JAVA_HOME - location of a JDK home dir\n@REM\n@REM Optional ENV vars\n@REM M2_HOME - location of maven2's installed home dir\n@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands\n@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending\n@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven\n@REM e.g. to debug Maven itself, use\n@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000\n@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files\n@REM ----------------------------------------------------------------------------\n\n@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'\n@echo off\n@REM set title of command window\ntitle %0\n@REM enable echoing by setting MAVEN_BATCH_ECHO to 'on'\n@if \"%MAVEN_BATCH_ECHO%\" == \"on\" echo %MAVEN_BATCH_ECHO%\n\n@REM set %HOME% to equivalent of $HOME\nif \"%HOME%\" == \"\" (set \"HOME=%HOMEDRIVE%%HOMEPATH%\")\n\n@REM Execute a user defined script before this one\nif not \"%MAVEN_SKIP_RC%\" == \"\" goto skipRcPre\n@REM check for pre script, once with legacy .bat ending and once with .cmd ending\nif exist \"%USERPROFILE%\\mavenrc_pre.bat\" call \"%USERPROFILE%\\mavenrc_pre.bat\" %*\nif exist \"%USERPROFILE%\\mavenrc_pre.cmd\" call \"%USERPROFILE%\\mavenrc_pre.cmd\" %*\n:skipRcPre\n\n@setlocal\n\nset ERROR_CODE=0\n\n@REM To isolate internal variables from possible post scripts, we use another setlocal\n@setlocal\n\n@REM ==== START VALIDATION ====\nif not \"%JAVA_HOME%\" == \"\" goto OkJHome\n\necho.\necho Error: JAVA_HOME not found in your environment. >&2\necho Please set the JAVA_HOME variable in your environment to match the >&2\necho location of your Java installation. >&2\necho.\ngoto error\n\n:OkJHome\nif exist \"%JAVA_HOME%\\bin\\java.exe\" goto init\n\necho.\necho Error: JAVA_HOME is set to an invalid directory. >&2\necho JAVA_HOME = \"%JAVA_HOME%\" >&2\necho Please set the JAVA_HOME variable in your environment to match the >&2\necho location of your Java installation. >&2\necho.\ngoto error\n\n@REM ==== END VALIDATION ====\n\n:init\n\n@REM Find the project base dir, i.e. the directory that contains the folder \".mvn\".\n@REM Fallback to current working directory if not found.\n\nset MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%\nIF NOT \"%MAVEN_PROJECTBASEDIR%\"==\"\" goto endDetectBaseDir\n\nset EXEC_DIR=%CD%\nset WDIR=%EXEC_DIR%\n:findBaseDir\nIF EXIST \"%WDIR%\"\\.mvn goto baseDirFound\ncd ..\nIF \"%WDIR%\"==\"%CD%\" goto baseDirNotFound\nset WDIR=%CD%\ngoto findBaseDir\n\n:baseDirFound\nset MAVEN_PROJECTBASEDIR=%WDIR%\ncd \"%EXEC_DIR%\"\ngoto endDetectBaseDir\n\n:baseDirNotFound\nset MAVEN_PROJECTBASEDIR=%EXEC_DIR%\ncd \"%EXEC_DIR%\"\n\n:endDetectBaseDir\n\nIF NOT EXIST \"%MAVEN_PROJECTBASEDIR%\\.mvn\\jvm.config\" goto endReadAdditionalConfig\n\n@setlocal EnableExtensions EnableDelayedExpansion\nfor /F \"usebackq delims=\" %%a in (\"%MAVEN_PROJECTBASEDIR%\\.mvn\\jvm.config\") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a\n@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%\n\n:endReadAdditionalConfig\n\nSET MAVEN_JAVA_EXE=\"%JAVA_HOME%\\bin\\java.exe\"\nset WRAPPER_JAR=\"%MAVEN_PROJECTBASEDIR%\\.mvn\\wrapper\\maven-wrapper.jar\"\nset WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain\n\nset DOWNLOAD_URL=\"https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar\"\n\nFOR /F \"usebackq tokens=1,2 delims==\" %%A IN (\"%MAVEN_PROJECTBASEDIR%\\.mvn\\wrapper\\maven-wrapper.properties\") DO (\n IF \"%%A\"==\"wrapperUrl\" SET DOWNLOAD_URL=%%B\n)\n\n@REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central\n@REM This allows using the maven wrapper in projects that prohibit checking in binary data.\nif exist %WRAPPER_JAR% (\n if \"%MVNW_VERBOSE%\" == \"true\" (\n echo Found %WRAPPER_JAR%\n )\n) else (\n if not \"%MVNW_REPOURL%\" == \"\" (\n SET DOWNLOAD_URL=\"%MVNW_REPOURL%/org/apache/maven/wrapper/maven-wrapper/3.1.0/maven-wrapper-3.1.0.jar\"\n )\n if \"%MVNW_VERBOSE%\" == \"true\" (\n echo Couldn't find %WRAPPER_JAR%, downloading it ...\n echo Downloading from: %DOWNLOAD_URL%\n )\n\n powershell -Command \"&{\"^\n\t\t\"$webclient = new-object System.Net.WebClient;\"^\n\t\t\"if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {\"^\n\t\t\"$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');\"^\n\t\t\"}\"^\n\t\t\"[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')\"^\n\t\t\"}\"\n if \"%MVNW_VERBOSE%\" == \"true\" (\n echo Finished downloading %WRAPPER_JAR%\n )\n)\n@REM End of extension\n\n@REM Provide a \"standardized\" way to retrieve the CLI args that will\n@REM work with both Windows and non-Windows executions.\nset MAVEN_CMD_LINE_ARGS=%*\n\n%MAVEN_JAVA_EXE% ^\n %JVM_CONFIG_MAVEN_PROPS% ^\n %MAVEN_OPTS% ^\n %MAVEN_DEBUG_OPTS% ^\n -classpath %WRAPPER_JAR% ^\n \"-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%\" ^\n %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*\nif ERRORLEVEL 1 goto error\ngoto end\n\n:error\nset ERROR_CODE=1\n\n:end\n@endlocal & set ERROR_CODE=%ERROR_CODE%\n\nif not \"%MAVEN_SKIP_RC%\"==\"\" goto skipRcPost\n@REM check for post script, once with legacy .bat ending and once with .cmd ending\nif exist \"%USERPROFILE%\\mavenrc_post.bat\" call \"%USERPROFILE%\\mavenrc_post.bat\"\nif exist \"%USERPROFILE%\\mavenrc_post.cmd\" call \"%USERPROFILE%\\mavenrc_post.cmd\"\n:skipRcPost\n\n@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'\nif \"%MAVEN_BATCH_PAUSE%\"==\"on\" pause\n\nif \"%MAVEN_TERMINATE_CMD%\"==\"on\" exit %ERROR_CODE%\n\ncmd /C exit /B %ERROR_CODE%\n"
},
{
"path": "apps/bff-springboot/pom.xml",
"content": "\n\n 4.0.0\n \n org.springframework.boot\n spring-boot-starter-parent\n 2.7.14\n \n \n com.github.thomasdarimont.keycloak\n bff-springboot\n 0.0.1-SNAPSHOT\n bff-springboot\n bff-springboot\n \n 17\n 1.18.38\n \n \n \n org.springframework.boot\n spring-boot-starter-oauth2-client\n \n \n org.springframework.boot\n spring-boot-starter-web\n \n\n \n org.springframework.boot\n spring-boot-starter-thymeleaf\n \n\n \n org.thymeleaf.extras\n thymeleaf-extras-springsecurity5\n \n\n \n org.springframework.boot\n spring-boot-starter-data-redis\n \n\n \n org.springframework.session\n spring-session-data-redis\n \n\n \n io.lettuce\n lettuce-core\n \n\n \n org.springframework.boot\n spring-boot-devtools\n runtime\n true\n \n \n io.micrometer\n micrometer-registry-prometheus\n runtime\n \n \n org.projectlombok\n lombok\n true\n \n \n org.springframework.boot\n spring-boot-starter-test\n test\n \n \n\n \n \n \n org.springframework.boot\n spring-boot-maven-plugin\n \n \n \n org.projectlombok\n lombok\n \n \n \n \n \n \n\n\n"
},
{
"path": "apps/bff-springboot/src/main/java/com/github/thomasdarimont/apps/bff/BffApp.java",
"content": "package com.github.thomasdarimont.apps.bff;\n\nimport org.springframework.boot.SpringApplication;\nimport org.springframework.boot.autoconfigure.SpringBootApplication;\n\n@SpringBootApplication\npublic class BffApp {\n\n public static void main(String[] args) {\n SpringApplication.run(BffApp.class, args);\n }\n\n}\n"
},
{
"path": "apps/bff-springboot/src/main/java/com/github/thomasdarimont/apps/bff/api/UsersResource.java",
"content": "package com.github.thomasdarimont.apps.bff.api;\n\nimport org.springframework.beans.factory.annotation.Qualifier;\nimport org.springframework.http.ResponseEntity;\nimport org.springframework.security.core.Authentication;\nimport org.springframework.security.oauth2.core.oidc.OidcUserInfo;\nimport org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;\nimport org.springframework.web.bind.annotation.GetMapping;\nimport org.springframework.web.bind.annotation.RequestMapping;\nimport org.springframework.web.bind.annotation.RestController;\nimport org.springframework.web.client.RestTemplate;\n\nimport java.util.LinkedHashMap;\nimport java.util.Map;\n\n@RestController\n@RequestMapping(\"/api/users\")\nclass UsersResource {\n\n private final RestTemplate oauthRestTemplate;\n\n public UsersResource(@Qualifier(\"oauth\") RestTemplate oauthRestTemplate) {\n this.oauthRestTemplate = oauthRestTemplate;\n }\n\n @GetMapping(\"/me\")\n public ResponseEntity