From b2d083ca6586877c036cdfcb8c5597fd2b859891 Mon Sep 17 00:00:00 2001 From: Andres LeonRangel Date: Sun, 10 Dec 2023 21:48:01 +1300 Subject: [PATCH] enables injection iof 1Password secrets Signed-off-by: Andres LeonRangel --- .env.tpl | 1 + README.md | 58 ++++++++++++++----- src/main/java/entity/LoginReply.java | 3 +- src/main/java/util/AuthenticateOpenLDAP.java | 12 ++-- .../java/attendance/student/TestStudent.java | 4 +- .../auth/ldap/TestLDAPAuthentication.java | 11 ++-- .../java/json/TestConversionJSON2Object.java | 1 - 7 files changed, 62 insertions(+), 28 deletions(-) diff --git a/.env.tpl b/.env.tpl index 5945e55..1d46bf3 100644 --- a/.env.tpl +++ b/.env.tpl @@ -1 +1,2 @@ # https://developer.1password.com/docs/cli/secrets-config-files/ +LDAP_ADMIN_PASS="op://Professional-IT Projects/multi-cloud-WebApp-Attendance/password" \ No newline at end of file diff --git a/README.md b/README.md index 08a34f5..05531be 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,8 @@ - [Attendance WebApp](#attendance-webapp) - [Introduction](#introduction) - - [Security warnings](#security-warnings) + - [GitHub Reports](#github-reports) + - [Security warnings](#security-warnings) + - [GitHub Vulnerability report](#github-vulnerability-report) - [Attendance WebApp Architecture (re-architected)](#attendance-webapp-architecture-re-architected) - [2018-Attendance WebApp high level Architecture](#2018-attendance-webapp-high-level-architecture) - [Attendance WebApp UI](#attendance-webapp-ui) @@ -10,15 +12,16 @@ - [Build WebApp](#build-webapp) - [Gradle Build Web Package](#gradle-build-web-package) - [Maven Build](#maven-build) - - [Package WebApp](#package-webapp) + - [Gradle Test suite](#gradle-test-suite) + - [Use 1Password CLI to inject the secrets](#use-1password-cli-to-inject-the-secrets) + - [Package/Run WebApp](#packagerun-webapp) - [Docker Image Build](#docker-image-build) - [Available Tomcat versions](#available-tomcat-versions) - - [Run WebApp](#run-webapp) + - [Execute WebApp](#execute-webapp) - [Container Execution](#container-execution) - [Docker execution](#docker-execution) - [Docker-compose](#docker-compose) - [Editing project diagrams](#editing-project-diagrams) - - [GitHub Vulnerability report](#github-vulnerability-report) # Attendance WebApp @@ -36,11 +39,14 @@ The idea is that you have a short timeframe to submit a random generated code by The application is a proof of concept for Service orientation and Service interoperability in the cloud -## Security warnings +## GitHub Reports +### Security warnings > Security Warnings to check GitHub found 2 vulnerabilities on aleon1220/multi-cloud-WebApp-Attendance's default branch (2 moderate). To find out more, visit: [This project security report](https://github.com/aleon1220/multi-cloud-WebApp-Attendance/security) +### GitHub Vulnerability report +https://github.com/aleon1220/multi-cloud-WebApp-Attendance/security/dependabot ## Attendance WebApp Architecture (re-architected) @@ -98,7 +104,30 @@ gradle clean build --console plain --warning-mode all ### Maven Build > maven has been deprecated and moved to [maven](./maven) -## Package WebApp +### Gradle Test suite +#### Use 1Password CLI to inject the secrets +- as a pre-requisite you must have access to the shared vault +- login in the CLI +```bash +# Linux Ubuntu tested 2023-12-10 +op signin +``` +- inject the secrets for testing Authentication property file +```bash +op inject -i token_auth.properties.tpl -o token_auth.properties +``` + +- inject the secrets for Testing property file +```bash +op inject -i secrets.env.tpl -o secrets.env +``` + +- inject the secrets for Testing docker-compose +```bash +op inject -i .env.tpl -o .env +``` + +## Package/Run WebApp ### Docker Image Build - Build the app image with Docker. Deploy .WAR file in Tomcat refer to https://hub.docker.com/_/tomcat @@ -111,7 +140,7 @@ Use the tag latest or a particular version e.g. aleon1220/soa:v2 or aleon1220/so - 7.0.109 = `TOMCAT_VERSION_DOCKER_TAG="7.0.109-jdk8-openjdk"` - 9.0.78 = `TOMCAT_VERSION_DOCKER_TAG="9.0.78-jre8"` -## Run WebApp +## Execute WebApp ### Container Execution #### Docker execution @@ -131,15 +160,15 @@ Run the tomcat server with the pre-built WAR web Archive file ```bash docker run -itd --publish 8080:8080 aleon1220/soa:latest ``` -- get the name of the running container in port 8888 +- get the name of the running container ``` bash -CONTAINER_NAME=$(docker container ls --all --filter publish=8888 --format "{{.Names}}") +CONTAINER_NAME=$(docker container ls --all --filter publish=8080 --format "{{.Names}}") ``` - Access the Docker container via CLI ```bash docker container exec -it $CONTAINER_NAME /bin/bash ``` -- The URl is URL:8888/Attendance-0.0.1 [AttendanceWebApp](http://localhost:8888/Attendance-0.0.1) +- The URl is URL:8080/Attendance-0.0.1 [AttendanceWebApp](http://localhost:8080/AttendanceWebApp) - clean up docker container environment ``` bash docker stop $(docker ps --quiet) @@ -147,7 +176,11 @@ docker rm $(docker container ls --all --quiet) ``` #### Docker-compose - +- inject the secrets for Testing docker-compose +```bash +op inject -i .env.tpl -o .env +``` +- single variable ```bash export LDAP_ADMIN_PASS=$(op read "op://uqbpxejq7gifvi6mg3c7xxokre/jvuj7juvlxlg7delckucvidqhi/password") ``` @@ -156,6 +189,3 @@ export LDAP_ADMIN_PASS=$(op read "op://uqbpxejq7gifvi6mg3c7xxokre/jvuj7juvlxlg7d - go to [diagrams.net](https://app.diagrams.net/?src=about) - open the file [project-diagrams.drawio](./project-diagrams.drawio) XML file with the diagrams - Explore > export images to convinience and update this README -## GitHub Vulnerability report - -https://github.com/aleon1220/multi-cloud-WebApp-Attendance/security/dependabot diff --git a/src/main/java/entity/LoginReply.java b/src/main/java/entity/LoginReply.java index a8fe9b1..7a7f253 100644 --- a/src/main/java/entity/LoginReply.java +++ b/src/main/java/entity/LoginReply.java @@ -33,10 +33,9 @@ public void setAuthenticationResult(AuthenticationResult authenticationResult) { this.authenticationResult = authenticationResult; } - @Override public String toString() { //return getClass()+"challenge"+challengeParameters+"data in authent"+authenticationResult.getIdToken(); - return getClass()+" Not obtaining really much"; + return getClass()+" Overriding method"; } } diff --git a/src/main/java/util/AuthenticateOpenLDAP.java b/src/main/java/util/AuthenticateOpenLDAP.java index 0757b3e..1d8572c 100644 --- a/src/main/java/util/AuthenticateOpenLDAP.java +++ b/src/main/java/util/AuthenticateOpenLDAP.java @@ -1,14 +1,16 @@ package util; -import com.unboundid.ldap.sdk.*; -import com.unboundid.util.ssl.SSLUtil; -import com.unboundid.util.ssl.TrustAllTrustManager; -import javax.net.ssl.SSLSocketFactory; +import com.unboundid.ldap.sdk.LDAPConnection; +import com.unboundid.ldap.sdk.LDAPException; +import com.unboundid.ldap.sdk.SearchResult; +import com.unboundid.ldap.sdk.SearchResultEntry; +import com.unboundid.ldap.sdk.SearchScope; public class AuthenticateOpenLDAP { public void openLDAPAdminSearch() { // LDAP connection parameters String ldapURL = "ldap://localhost"; + String ldapHost = "localhost"; String bindDN = "cn=admin,dc=my-company,dc=com"; String bindPassword = System.getenv("LDAP_ADMIN_PASS"); String baseDN = "dc=my-company,dc=com"; @@ -23,7 +25,7 @@ public void openLDAPAdminSearch() { // connection = new LDAPConnection(socketFactory, "localhost", 636); // For non-SSL connection - connection = new LDAPConnection("localhost", 389); + connection = new LDAPConnection(ldapHost, 389); connection.bind(bindDN, bindPassword); // Perform the search diff --git a/src/test/java/attendance/student/TestStudent.java b/src/test/java/attendance/student/TestStudent.java index be1a249..3127141 100644 --- a/src/test/java/attendance/student/TestStudent.java +++ b/src/test/java/attendance/student/TestStudent.java @@ -2,11 +2,13 @@ import javax.faces.bean.ManagedBean; -@ManagedBean +import org.junit.jupiter.api.Test; + public class TestStudent { private String name; + @Test public String sayHello() { if (name != null && !name.trim().equals("")) { return "Hello, " + name + "!"; diff --git a/src/test/java/auth/ldap/TestLDAPAuthentication.java b/src/test/java/auth/ldap/TestLDAPAuthentication.java index f486e57..2efb1ce 100644 --- a/src/test/java/auth/ldap/TestLDAPAuthentication.java +++ b/src/test/java/auth/ldap/TestLDAPAuthentication.java @@ -64,16 +64,17 @@ public void testMockOpenLDAPAdminSearch() throws LDAPSearchException { @Test public void testOpenLDAPAdminSearch_withOpenLDAP() { // Test parameters - String ldapURL = "ldap://localhost"; + String ldapURL = "ldap://localhost:389"; String ldapHost = "localhost"; int ldapPort = 389; String bindDN = "cn=admin,dc=my-company,dc=com"; - var bindPassword = "adminpassword"; + String bindPassword = System.getenv("LDAP_ADMIN_PASS"); + // var bindPassword = "adminpassword"; String baseDN = "dc=my-company,dc=com"; String searchFilter = "(objectClass=*)"; - // Connect to OpenLDAP - // Establishing a connection to the LDAP server + // Establish connection to OpenLDAP server + System.out.println("My variable value: " + bindPassword); try (LDAPConnection connection = new LDAPConnection(ldapHost, ldapPort, bindDN, bindPassword)) { System.out.println("Connected to the LDAP server."); @@ -96,7 +97,7 @@ public void testOpenLDAPAdminSearch_withOpenLDAP() { // Close connection connection.close(); } catch (LDAPException e) { - System.err.println("Error connecting to the LDAP server: " + e.getMessage()); + System.err.println("LDAP Error connecting: " + e.getMessage()); e.printStackTrace(); } diff --git a/src/test/java/json/TestConversionJSON2Object.java b/src/test/java/json/TestConversionJSON2Object.java index db3dac1..575f5a4 100644 --- a/src/test/java/json/TestConversionJSON2Object.java +++ b/src/test/java/json/TestConversionJSON2Object.java @@ -55,7 +55,6 @@ public static String readTokenFromProperties() { } catch (IOException ex) { ex.printStackTrace(); } - return jwtToken; } }