diff --git a/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/StringTransformer.java b/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/StringTransformer.java
new file mode 100644
index 0000000000..ebd82e9105
--- /dev/null
+++ b/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/StringTransformer.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright Siemens AG, 2019. Part of the SW360 Portal Project.
+ *
+ * SPDX-License-Identifier: EPL-1.0
+ *
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ */
+package org.eclipse.sw360.rest.authserver;
+
+public class StringTransformer {
+
+ /**
+ * Depending on the first parameter this method returns:
+ *
+ * - null: null
+ * - String[] with at least one element: first element
+ * - String[] with no element: ""
+ * - other: string value of parameter
+ *
+ *
+ * @param object object to transform into a single string
+ *
+ * @return the transformed string
+ */
+ public static String transformIntoString(Object object) {
+ if(object == null) {
+ return null;
+ }
+
+ if(object instanceof String[]) {
+ if(((String[]) object).length > 0) {
+ return ((String[])object)[0];
+ } else {
+ return "";
+ }
+ }
+
+ return object.toString();
+ }
+}
\ No newline at end of file
diff --git a/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/client/rest/OAuthClientController.java b/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/client/rest/OAuthClientController.java
index 7c7e1d129b..540cbaff7c 100644
--- a/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/client/rest/OAuthClientController.java
+++ b/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/client/rest/OAuthClientController.java
@@ -73,13 +73,15 @@ public ResponseEntity createOrUpdateClient(@RequestBody OAuthClientResource c
}
} else {
clientEntity = new OAuthClientEntity();
- clientEntity.setId(UUID.randomUUID().toString().replace("-", ""));
+
+ // store entity to get a new id
+ repo.add(clientEntity);
+
clientEntity.setClientId(clientEntity.getId());
clientEntity.setClientSecret(UUID.randomUUID().toString());
}
updateClientEntityFromResource(clientEntity, clientResource);
-
repo.update(clientEntity);
return new ResponseEntity(
diff --git a/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/security/Sw360AuthorizationServerConfiguration.java b/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/security/Sw360AuthorizationServerConfiguration.java
index 113768fd88..1e36e416ce 100644
--- a/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/security/Sw360AuthorizationServerConfiguration.java
+++ b/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/security/Sw360AuthorizationServerConfiguration.java
@@ -80,12 +80,12 @@ public Sw360ClientDetailsService sw360ClientDetailsService() {
@Bean
public UserDetailsService userDetailsService() {
return new Sw360UserDetailsService(sw360UserDetailsProvider, sw360ClientDetailsService(),
- sw360UserAndClientAuthoritiesMerger());
+ sw360UserAndClientAuthoritiesCalculator());
}
@Bean
- public Sw360UserAndClientAuthoritiesMerger sw360UserAndClientAuthoritiesMerger() {
- return new Sw360UserAndClientAuthoritiesMerger();
+ public Sw360GrantedAuthoritiesCalculator sw360UserAndClientAuthoritiesCalculator() {
+ return new Sw360GrantedAuthoritiesCalculator();
}
@Bean
diff --git a/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/security/Sw360UserAndClientAuthoritiesMerger.java b/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/security/Sw360GrantedAuthoritiesCalculator.java
similarity index 60%
rename from rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/security/Sw360UserAndClientAuthoritiesMerger.java
rename to rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/security/Sw360GrantedAuthoritiesCalculator.java
index bc08ea684b..ddd430b193 100644
--- a/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/security/Sw360UserAndClientAuthoritiesMerger.java
+++ b/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/security/Sw360GrantedAuthoritiesCalculator.java
@@ -25,20 +25,20 @@
import static org.eclipse.sw360.rest.authserver.security.Sw360GrantedAuthority.READ;
/**
- * Class only offers one single but very important method. It can calculate the
- * correct intersection between user and client authorities! Therefore it has to
+ * This class offer helper methods to calculate the {@GrantedAuthority} for a user and/or client.
+ * In addition it can calculate the correct intersection between them! Therefore it has to
* know how to map the sw360 user groups on rest authorities. This logic is also
* centralized here implicitly.
*/
-public class Sw360UserAndClientAuthoritiesMerger {
+public class Sw360GrantedAuthoritiesCalculator {
private final Logger log = Logger.getLogger(this.getClass());
- public List mergeAuthoritiesOf(User user, ClientDetails clientDetails) {
+ public List generateFromUser(User user) {
List grantedAuthorities = new ArrayList<>();
+
grantedAuthorities.add(new SimpleGrantedAuthority(READ.getAuthority()));
-
- if (!Objects.isNull(user)) {
+ if(user != null) {
if (PermissionUtils.isUserAtLeast(Sw360AuthorizationServer.CONFIG_WRITE_ACCESS_USERGROUP, user)) {
grantedAuthorities.add(new SimpleGrantedAuthority(Sw360GrantedAuthority.WRITE.getAuthority()));
}
@@ -47,16 +47,27 @@ public List mergeAuthoritiesOf(User user, ClientDetails client
}
}
- if (!Objects.isNull(clientDetails)) {
- Set clientScopes = clientDetails.getScope();
+ return grantedAuthorities;
+ }
- log.debug("User " + user.email + " has authorities " + grantedAuthorities + " while used client "
- + clientDetails.getClientId() + " has scopes " + clientScopes
- + ". Setting intersection as granted authorities for access token!");
+ public List intersectWithClient(List grantedAuthorities, ClientDetails clientDetails) {
+ Set clientScopes = clientDetails.getScope();
- grantedAuthorities = grantedAuthorities.stream()
- .filter(ga -> clientScopes.contains(ga.toString()))
- .collect(Collectors.toList());
+ grantedAuthorities = grantedAuthorities.stream()
+ .filter(ga -> clientScopes.contains(ga.toString()))
+ .collect(Collectors.toList());
+
+ return grantedAuthorities;
+ }
+
+ public List mergedAuthoritiesOf(User user, ClientDetails clientDetails) {
+ List grantedAuthorities = generateFromUser(user);
+
+ if(clientDetails != null) {
+ log.debug("User " + user.email + " has authorities " + grantedAuthorities + " while used client "
+ + clientDetails.getClientId() + " has scopes " + clientDetails.getScope()
+ + ". Setting intersection as granted authorities for access token!");
+ grantedAuthorities = intersectWithClient(grantedAuthorities, clientDetails);
}
return grantedAuthorities;
diff --git a/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/security/Sw360UserDetailsService.java b/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/security/Sw360UserDetailsService.java
index 68872d5049..09a1fd1608 100644
--- a/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/security/Sw360UserDetailsService.java
+++ b/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/security/Sw360UserDetailsService.java
@@ -36,13 +36,13 @@ public class Sw360UserDetailsService implements UserDetailsService {
private Sw360ClientDetailsService clientProvider;
- private Sw360UserAndClientAuthoritiesMerger authoritiesMerger;
+ private Sw360GrantedAuthoritiesCalculator authoritiesCalculator;
public Sw360UserDetailsService(Sw360UserDetailsProvider userProvider, Sw360ClientDetailsService clientProvider,
- Sw360UserAndClientAuthoritiesMerger authoritiesMerger) {
+ Sw360GrantedAuthoritiesCalculator authoritiesMerger) {
this.userProvider = userProvider;
this.clientProvider = clientProvider;
- this.authoritiesMerger = authoritiesMerger;
+ this.authoritiesCalculator = authoritiesMerger;
}
@Override
@@ -63,7 +63,7 @@ public UserDetails loadUserByUsername(String username) throws UsernameNotFoundEx
if (clientDetails != null && user != null) {
result = new org.springframework.security.core.userdetails.User(user.getEmail(),
- "PreAuthenticatedPassword", authoritiesMerger.mergeAuthoritiesOf(user, clientDetails));
+ "PreAuthenticatedPassword", authoritiesCalculator.mergedAuthoritiesOf(user, clientDetails));
}
} catch (ClientRegistrationException e) {
log.warn("No valid client for id " + clientId + " could be found. It is possible that it is "
diff --git a/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/security/basicauth/Sw360LiferayAuthenticationProvider.java b/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/security/basicauth/Sw360LiferayAuthenticationProvider.java
index c58e32e1cc..2ef5aeb341 100644
--- a/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/security/basicauth/Sw360LiferayAuthenticationProvider.java
+++ b/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/security/basicauth/Sw360LiferayAuthenticationProvider.java
@@ -11,7 +11,7 @@
package org.eclipse.sw360.rest.authserver.security.basicauth;
import org.eclipse.sw360.datahandler.thrift.users.User;
-import org.eclipse.sw360.rest.authserver.security.Sw360UserAndClientAuthoritiesMerger;
+import org.eclipse.sw360.rest.authserver.security.Sw360GrantedAuthoritiesCalculator;
import org.eclipse.sw360.rest.authserver.security.Sw360UserDetailsProvider;
import org.apache.commons.lang.StringUtils;
@@ -43,7 +43,7 @@
* In addition it supports the special password grant flow of spring in
* retrieving information about the oauth client that has initiated the request
* and cutting the user authorities to those of the client in such case by using
- * the {@link Sw360UserAndClientAuthoritiesMerger}.
+ * the {@link Sw360GrantedAuthoritiesCalculator}.
*/
public class Sw360LiferayAuthenticationProvider implements AuthenticationProvider {
@@ -67,7 +67,7 @@ public class Sw360LiferayAuthenticationProvider implements AuthenticationProvide
private Sw360UserDetailsProvider sw360CustomHeaderUserDetailsProvider;
@Autowired
- private Sw360UserAndClientAuthoritiesMerger sw360UserAndClientAuthoritiesMerger;
+ private Sw360GrantedAuthoritiesCalculator sw360UserAndClientAuthoritiesCalculator;
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
@@ -85,7 +85,7 @@ public Authentication authenticate(Authentication authentication) throws Authent
if (!Objects.isNull(user)) {
ClientDetails clientDetails = extractClient(authentication);
return new UsernamePasswordAuthenticationToken(userIdentifier, password,
- sw360UserAndClientAuthoritiesMerger.mergeAuthoritiesOf(user, clientDetails));
+ sw360UserAndClientAuthoritiesCalculator.mergedAuthoritiesOf(user, clientDetails));
}
}
}
diff --git a/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/security/customheaderauth/Sw360CustomHeaderAuthenticationFilter.java b/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/security/customheaderauth/Sw360CustomHeaderAuthenticationFilter.java
index c3db2626d4..98abd8c9a6 100644
--- a/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/security/customheaderauth/Sw360CustomHeaderAuthenticationFilter.java
+++ b/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/security/customheaderauth/Sw360CustomHeaderAuthenticationFilter.java
@@ -90,6 +90,9 @@ public class Sw360CustomHeaderAuthenticationFilter extends GenericFilterBean {
@Value("${security.customheader.headername.intermediateauthstore:#{null}}")
private String customHeaderHeadernameIntermediateAuthStore;
+ @Value("${security.customheader.headername.enabled:#{false}}")
+ private boolean customHeaderEnabled;
+
private boolean active;
@Autowired
@@ -97,16 +100,29 @@ public class Sw360CustomHeaderAuthenticationFilter extends GenericFilterBean {
@PostConstruct
public void postSw360CustomHeaderAuthenticationFilterConstruction() {
+ if(!customHeaderEnabled) {
+ active = false;
+ log.info("AuthenticationFilter is NOT active!");
+ return;
+ }
+
+ log.info("NOTE: Custom Header Authentication is enabled with the following configuration: \n" +
+ " - email header : " + customHeaderHeadernameEmail + "\n" +
+ " - external id header: " + customHeaderHeadernameExtid + "\n" +
+ " - internal header : " + customHeaderHeadernameIntermediateAuthStore + "\n" +
+ "!!! BE SURE THAT THESE HEADRES ARE FILTERED BY YOUR PROXY! EACH CLIENT THAT IS ABLE TO SEND THESE HEADERS CAN LOG IN AS ANY PRINCIPAL !!!"
+ );
+
if (StringUtils.isEmpty(customHeaderHeadernameEmail) || StringUtils.isEmpty(customHeaderHeadernameExtid)
|| StringUtils.isEmpty(customHeaderHeadernameIntermediateAuthStore)) {
- log.info("Filter is NOT active! If you want to activate it, please provide a complete configuration. "
+ log.info("AuthenticationFilter is NOT active due to incomplete configuration. "
+ "Needed config keys:\n"
+ "- security.customheader.headername.email\n"
+ "- security.customheader.headername.extid\n"
+ "- security.customheader.headername.intermediateauthstore");
active = false;
} else {
- log.info("Filter is active!");
+ log.info("AuthenticationFilter is active!");
active = true;
}
}
diff --git a/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/security/customheaderauth/Sw360CustomHeaderAuthenticationProvider.java b/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/security/customheaderauth/Sw360CustomHeaderAuthenticationProvider.java
index 11e89222e0..9172c79a38 100644
--- a/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/security/customheaderauth/Sw360CustomHeaderAuthenticationProvider.java
+++ b/rest/authorization-server/src/main/java/org/eclipse/sw360/rest/authserver/security/customheaderauth/Sw360CustomHeaderAuthenticationProvider.java
@@ -12,9 +12,10 @@
import org.eclipse.sw360.datahandler.permissions.PermissionUtils;
import org.eclipse.sw360.datahandler.thrift.users.User;
+import org.eclipse.sw360.rest.authserver.StringTransformer;
import org.eclipse.sw360.rest.authserver.Sw360AuthorizationServer;
import org.eclipse.sw360.rest.authserver.security.Sw360GrantedAuthority;
-import org.eclipse.sw360.rest.authserver.security.Sw360UserAndClientAuthoritiesMerger;
+import org.eclipse.sw360.rest.authserver.security.Sw360GrantedAuthoritiesCalculator;
import org.eclipse.sw360.rest.authserver.security.Sw360UserDetailsProvider;
import org.apache.commons.lang.StringUtils;
@@ -50,7 +51,7 @@
* client's scopes. The result will be the intersection between these two lists.
* Of course this is only done for an oauth request and not for normal ones
* (that have nothing to do with clients). And in fact he uses for this task the
- * {@link Sw360UserAndClientAuthoritiesMerger}.
+ * {@link Sw360GrantedAuthoritiesCalculator}.
*/
public class Sw360CustomHeaderAuthenticationProvider implements AuthenticationProvider {
@@ -59,6 +60,9 @@ public class Sw360CustomHeaderAuthenticationProvider implements AuthenticationPr
@Value("${security.customheader.headername.intermediateauthstore:#{null}}")
private String customHeaderHeadernameIntermediateAuthStore;
+ @Value("${security.customheader.headername.enabled:#{false}}")
+ private boolean customHeaderEnabled;
+
@Autowired
private Sw360UserDetailsProvider sw360CustomHeaderUserDetailsProvider;
@@ -66,12 +70,18 @@ public class Sw360CustomHeaderAuthenticationProvider implements AuthenticationPr
private ClientDetailsService clientDetailsService;
@Autowired
- private Sw360UserAndClientAuthoritiesMerger sw360UserAndClientAuthoritiesMerger;
+ private Sw360GrantedAuthoritiesCalculator sw360UserAndClientAuthoritiesCalculator;
private boolean active;
@PostConstruct
public void postSw360CustomHeaderAuthenticationProviderConstruction() {
+ if(!customHeaderEnabled) {
+ log.info("AuthenticationProvider is NOT active!");
+ active = false;
+ return;
+ }
+
if (StringUtils.isEmpty(customHeaderHeadernameIntermediateAuthStore)) {
log.warn("AuthenticationProvider is NOT active! Some configuration is missing. Needed config keys:\n"
+ "- security.customheader.headername.intermediateauthstore");
@@ -90,84 +100,66 @@ public boolean supports(Class authentication) {
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
- // check if the marker header of our filter is available
- if (authentication.getDetails() instanceof Map
- && ((Map) authentication.getDetails()).containsKey(customHeaderHeadernameIntermediateAuthStore)) {
- Map authDetails = ((Map) authentication.getDetails());
-
- // get user details
- String email = (String) authentication.getPrincipal();
- Object externalIds = authDetails.get(customHeaderHeadernameIntermediateAuthStore);
- String externalId;
- if (externalIds != null && externalIds instanceof String[]) {
- externalId = ((String[]) externalIds)[0];
- } else {
- externalId = (String) externalIds;
- }
- User userDetails = sw360CustomHeaderUserDetailsProvider.provideUserDetails(email, externalId);
-
- List grantedAuthorities = new ArrayList<>();
- if (authentication instanceof UsernamePasswordAuthenticationToken) {
- // if we have a UsernamePasswordAuthenticationToken, then we have an OAuth
- // request in which case we only want to keep intersection of user authorities
- // and client scopes
- grantedAuthorities = handleOAuthAuthentication(authDetails, userDetails);
- } else {
- // if we have a PreAuthenticationToken (no other case possible, see supports()
- // method), then we have a normal REST request in which case we can grant all
- // authorities calculated from the user profile, so calculate user authorities
- grantedAuthorities = handleRestAuthentication(email, userDetails);
- }
-
- return new PreAuthenticatedAuthenticationToken(email, "N/A", grantedAuthorities);
+ if(!(authentication.getDetails() instanceof Map)) {
+ return null;
}
- return null;
+ // check if the marker header of our filter is available
+ if(!((Map) authentication.getDetails()).containsKey(customHeaderHeadernameIntermediateAuthStore)) {
+ return null;
+ }
+
+ User userDetails = getUserDetails(authentication);
+ List grantedAuthorities = calculateGrantedAuthorities(authentication, userDetails);
+
+ return new PreAuthenticatedAuthenticationToken(userDetails.getEmail(), "N/A", grantedAuthorities);
}
- private List handleOAuthAuthentication(Map authDetails, User userDetails) {
- List grantedAuthorities;
+ private User getUserDetails(Authentication authentication) {
+ String email = (String) authentication.getPrincipal();
+ Object externalIds = ((Map)authentication.getDetails()).get(customHeaderHeadernameIntermediateAuthStore);
+ String externalId = StringTransformer.transformIntoString(externalIds);
+
+ return sw360CustomHeaderUserDetailsProvider.provideUserDetails(email, externalId);
+ }
- Object clientIds = authDetails.get(OAuth2Utils.CLIENT_ID);
- String clientId;
- if (clientIds != null && clientIds instanceof String[]) {
- clientId = ((String[]) clientIds)[0];
+ private List calculateGrantedAuthorities(Authentication authentication, User userDetails) {
+ List grantedAuthorities = new ArrayList<>();
+
+ if (authentication instanceof UsernamePasswordAuthenticationToken) {
+ // if we have a UsernamePasswordAuthenticationToken, then we have an OAuth
+ // request in which case we only want to keep intersection of user authorities
+ // and client scopes
+ grantedAuthorities = handleOAuthAuthentication((Map) authentication.getDetails(), userDetails);
} else {
- clientId = (String) clientIds;
+ // if we have a PreAuthenticationToken (no other case possible, see supports()
+ // method), then we have a normal REST request in which case we can grant all
+ // authorities calculated from the user profile, so calculate user authorities
+ grantedAuthorities = handleRestAuthentication(userDetails.getEmail(), userDetails);
}
- ClientDetails clientDetails = null;
+ return grantedAuthorities;
+ }
+
+ private List handleOAuthAuthentication(Map authDetails, User userDetails) {
+ String clientId = StringTransformer.transformIntoString(authDetails.get(OAuth2Utils.CLIENT_ID));
try {
- clientDetails = clientDetailsService.loadClientByClientId(clientId);
+ ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
log.debug("Found client " + clientDetails + " for id " + clientId + " in authentication details.");
- grantedAuthorities = sw360UserAndClientAuthoritiesMerger.mergeAuthoritiesOf(userDetails,
- clientDetails);
+ return sw360UserAndClientAuthoritiesCalculator.mergedAuthoritiesOf(userDetails, clientDetails);
} catch (ClientRegistrationException e) {
log.warn("No valid client for id " + clientId + " could be found. It is possible that it is locked,"
+ " expired, disabled, or invalid for any other reason. So absolutely no authorities granted!");
- grantedAuthorities = new ArrayList<>();
+ return new ArrayList<>();
}
-
- return grantedAuthorities;
}
private List handleRestAuthentication(String email, User userDetails) {
- List grantedAuthorities = new ArrayList<>();
- grantedAuthorities.add(new SimpleGrantedAuthority(Sw360GrantedAuthority.READ.getAuthority()));
-
- if (userDetails != null) {
- if (PermissionUtils.isUserAtLeast(Sw360AuthorizationServer.CONFIG_WRITE_ACCESS_USERGROUP,
- userDetails)) {
- grantedAuthorities.add(new SimpleGrantedAuthority(Sw360GrantedAuthority.WRITE.getAuthority()));
- }
- if (PermissionUtils.isUserAtLeast(Sw360AuthorizationServer.CONFIG_ADMIN_ACCESS_USERGROUP,
- userDetails)) {
- grantedAuthorities.add(new SimpleGrantedAuthority(Sw360GrantedAuthority.ADMIN.getAuthority()));
- }
- }
+ List grantedAuthorities =
+ sw360UserAndClientAuthoritiesCalculator.generateFromUser(userDetails);
log.debug("User " + email + " has authorities " + grantedAuthorities
+ " which he will be granted during this request!");
diff --git a/rest/authorization-server/src/main/resources/application.yml b/rest/authorization-server/src/main/resources/application.yml
index 9c589b0c82..c0910d35ec 100644
--- a/rest/authorization-server/src/main/resources/application.yml
+++ b/rest/authorization-server/src/main/resources/application.yml
@@ -11,7 +11,7 @@ server:
port: 8090
couchdb:
- url: http://sw360couchdb:5984
+ url: http://localhost:5984
database: sw360oauthclients
# if your couchdb does not use authentication, pls just don't use the settings for username and password
#username:
@@ -31,6 +31,8 @@ sw360:
security:
customheader:
headername:
+ # You have to enable authorization by headers explicitly here
+ enabled: false
# Attention: please make sure that the proxy is removing there headers
# if they are coming from anywhere else then the authentication server
intermediateauthstore: custom-header-auth-marker
diff --git a/rest/authorization-server/src/test/java/org/eclipse/sw360/rest/authserver/IntegrationTestBase.java b/rest/authorization-server/src/test/java/org/eclipse/sw360/rest/authserver/IntegrationTestBase.java
index 28a1e5771e..c332750f79 100644
--- a/rest/authorization-server/src/test/java/org/eclipse/sw360/rest/authserver/IntegrationTestBase.java
+++ b/rest/authorization-server/src/test/java/org/eclipse/sw360/rest/authserver/IntegrationTestBase.java
@@ -22,7 +22,7 @@
import org.eclipse.sw360.rest.authserver.client.service.Sw360ClientDetailsService;
import org.eclipse.sw360.rest.authserver.security.Sw360GrantedAuthority;
import org.eclipse.sw360.rest.authserver.security.basicauth.Sw360LiferayAuthenticationProvider;
-
+import org.apache.commons.lang.StringUtils;
import org.apache.thrift.TException;
import org.junit.Before;
import org.junit.runner.RunWith;
@@ -59,7 +59,7 @@
@RunWith(SpringRunner.class)
@SpringBootTest(classes = Sw360AuthorizationServer.class, webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
-@ActiveProfiles({"dev"})
+@ActiveProfiles({"dev", "test"})
public abstract class IntegrationTestBase {
@Value("${local.server.port}")
@@ -216,6 +216,8 @@ protected JsonNode checkJwtClaims(String... expectedAuthority) throws IOExceptio
} else {
actualAuthorities.add(authoritiesJsonNode.asText());
}
+ System.out.println("ACTUAL: " + actualAuthorities);
+ System.out.println("EXPECTED: " + StringUtils.join(expectedAuthority, ", "));
assertThat(actualAuthorities, containsInAnyOrder(expectedAuthority));
return jwtClaimsJsonNode;
diff --git a/rest/authorization-server/src/test/resources/application-test.yml b/rest/authorization-server/src/test/resources/application-test.yml
new file mode 100644
index 0000000000..13adaeb79d
--- /dev/null
+++ b/rest/authorization-server/src/test/resources/application-test.yml
@@ -0,0 +1,14 @@
+#
+# Copyright Siemens AG, 2019. Part of the SW360 Portal Project.
+#
+# All rights reserved. This configuration file is provided to you under the
+# terms and conditions of the Eclipse Distribution License v1.0 which
+# accompanies this distribution, and is available at
+# http://www.eclipse.org/org/documents/edl-v10.php
+#
+
+security:
+ customheader:
+ headername:
+ # You have to enable authorization by headers explicitly here
+ enabled: true