Merge pull request #53 from bcgov/feature/secureORDS

added ords auth
bcgov · Apr 24, 2023 · 825b817 · 825b817
2 parents 4e61caf + 1b64915
commit 825b817
Show file tree

Hide file tree

Showing 5 changed files with 47 additions and 5 deletions.
diff --git a/gitops/openshift/apps/jag-cdds/template/jag-cdds.yaml b/gitops/openshift/apps/jag-cdds/template/jag-cdds.yaml
@@ -120,6 +120,16 @@ objects:
                 secretKeyRef:
                   name: cdds-application-secrets
                   key: ORDS_HOST
+            - name: ORDS_USERNAME
+              valueFrom:
+                secretKeyRef:
+                  name: cdds-application-secrets
+                  key: ORDS_USERNAME
+            - name: ORDS_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: cdds-application-secrets
+                  key: ORDS_PASSWORD
             resources:
               limits:
                 cpu: 500m

diff --git a/pom.xml b/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.7.3</version>
+        <version>2.7.9</version>
         <relativePath/> <!-- lookup parent from repository -->
     </parent>
     <groupId>ca.bc.gov.open</groupId>
@@ -191,6 +191,22 @@
         </dependency>
     </dependencies>
 
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>org.yaml</groupId>
+                <artifactId>snakeyaml</artifactId>
+                <version>1.33</version>
+            </dependency>
+            <dependency>
+                <groupId>com.fasterxml.jackson.core</groupId>
+                <artifactId>jackson-core</artifactId>
+                <version>2.14.2</version>
+            </dependency>
+
+        </dependencies>
+    </dependencyManagement>
+
     <build>
         <finalName>cdds-application</finalName>
         <plugins>
@@ -311,7 +327,12 @@
                     </execution>
                 </executions>
             </plugin>
+            <plugin>
+                <groupId>org.owasp</groupId>
+                <artifactId>dependency-check-maven</artifactId>
+                <version>7.0.4</version>
+            </plugin>
         </plugins>
     </build>
 
-</project>
+</project>
diff --git a/src/main/java/ca/bc/gov/open/cdds/configuration/SoapConfig.java b/src/main/java/ca/bc/gov/open/cdds/configuration/SoapConfig.java
@@ -12,6 +12,8 @@
 import java.util.Map;
 import javax.xml.soap.SOAPMessage;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.web.client.RestTemplateBuilder;
 import org.springframework.boot.web.servlet.ServletRegistrationBean;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
@@ -40,14 +42,19 @@
 @Configuration
 @Slf4j
 public class SoapConfig extends WsConfigurerAdapter {
+    @Value("${cdds.username}")
+    private String username;
+
+    @Value("${cdds.password}")
+    private String password;
 
     public static final String SOAP_NAMESPACE = "http://courts.gov.bc.ca/xml/ns/cdds/v1";
 
     @Override
     public void addInterceptors(List<EndpointInterceptor> interceptors) {
         //      There are 2 versions of schemas to de couple model generation and request validation
         //      Suffix v means its a validation schema
-        var validatingInterceptor1 = interceptor1();
+        //        var validatingInterceptor1 = interceptor1();
         // interceptors.add(validatingInterceptor1);
     }
 
@@ -100,8 +107,8 @@ public ServletRegistrationBean<MessageDispatcherServlet> messageDispatcherServle
     }
 
     @Bean
-    public RestTemplate restTemplate() {
-        RestTemplate restTemplate = new RestTemplate();
+    public RestTemplate restTemplate(RestTemplateBuilder restTemplateBuilder) {
+        var restTemplate = restTemplateBuilder.basicAuthentication(username, password).build();
         restTemplate.getMessageConverters().add(0, createMappingJacksonHttpMessageConverter());
         return restTemplate;
     }

diff --git a/src/main/resources/application-test.yml b/src/main/resources/application-test.yml
@@ -5,3 +5,5 @@ security:
 cdds:
   host: http://127.0.0.1/
   namespace: ${CDDS_NAMESPACE}
+  username: ${BASIC_AUTH_USER}
+  password: ${BASIC_AUTH_PASS}
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -5,6 +5,8 @@ security:
 cdds:
   host: ${ORDS_HOST}
   namespace: ${CDDS_NAMESPACE}
+  username: ${ORDS_USERNAME}
+  password: ${ORDS_PASSWORD}
 management:
   trace:
     http: