UPDATE: app propertie

navikt · Nov 29, 2024 · d16ac82 · d16ac82
1 parent 836b9de
commit d16ac82
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 20 deletions.
diff --git a/...backend/polly-app/src/main/java/no/nav/data/common/security/azure/AzureTokenConsumer.java b/...backend/polly-app/src/main/java/no/nav/data/common/security/azure/AzureTokenConsumer.java
@@ -7,11 +7,14 @@
 import no.nav.data.common.exceptions.TokenExpiredException;
 import no.nav.data.common.security.dto.AccessTokenResponse;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
 import org.springframework.http.MediaType;
 import org.springframework.stereotype.Component;
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.util.MultiValueMap;
-import org.springframework.web.client.RestClient;
+import org.springframework.web.client.RestTemplate;
 
 import java.time.LocalDateTime;
 import java.util.Collections;
@@ -27,15 +30,15 @@
 @RequiredArgsConstructor
 public class AzureTokenConsumer {
 
-    private final RestClient azureRestClient;
+    private final RestTemplate azureRestClient;
 
-    @Value("${AZURE_APP_CLIENT_ID}")
+    @Value("${azure.activedirectory.client-id}")
     private String clientId;
 
-    @Value("${AZURE_APP_CLIENT_SECRET}")
+    @Value("${azure.activedirectory.client-secret}")
     private String clientSecret;
 
-    @Value("${AZURE_OPENID_CONFIG_TOKEN_ENDPOINT}")
+    @Value("${azure.activedirectory.openid-config-token-endpoint}")
     private String azureAdTokenEndpoint;
 
     private Map<String, Token> tokens = new HashMap<>();
@@ -73,22 +76,18 @@ private boolean shouldRefresh(LocalDateTime expiry) {
 
     private void updateToken(String scope) {
         var formParameters = formParameters(scope);
+        var headers = new HttpHeaders();
+        headers.setAccept(Collections.singletonList(APPLICATION_JSON));
+        headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
+        headers.setBasicAuth(clientId, clientSecret);
 
-        var response = azureRestClient.post()
-                .uri(azureAdTokenEndpoint)
-                .headers(httpHeaders -> {
-                    httpHeaders.setAccept(Collections.singletonList(APPLICATION_JSON));
-                    httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
-                    httpHeaders.setBasicAuth(clientId, clientSecret);
-                })
-                .body(formParameters)
-                .retrieve()
-                .body(AccessTokenResponse.class);
-
-        if (response != null) {
+
+        var response = azureRestClient.exchange(azureAdTokenEndpoint, HttpMethod.POST, new HttpEntity<>(formParameters, headers), AccessTokenResponse.class);
+
+        if (response.getBody() != null) {
             var token = Token.builder()
-                    .accessToken(response.getAccessToken())
-                    .expiry(now().plusSeconds(response.getExpiresIn()))
+                    .accessToken(response.getBody().getAccessToken())
+                    .expiry(now().plusSeconds(response.getBody().getExpiresIn()))
                     .build();
             tokens.put(scope, token);
         }

diff --git a/apps/backend/polly-app/src/main/resources/application-local.properties b/apps/backend/polly-app/src/main/resources/application-local.properties
@@ -12,4 +12,8 @@ DB_PASSWORD=password
 polly.aareg.projectId=projectId
 polly.aareg.datasetName=datasetName
 polly.aareg.tableName=tableName
-polly.aareg.bigquery.auth.projectId=projectTeamId
+polly.aareg.bigquery.auth.projectId=projectTeamId
+
+azure.activedirectory.client-id=local-id:client-id
+azure.activedirectory.client-secret=local-client-secret:client-secret
+azure.activedirectory.openid-config-token-endpoint=local-endpoint
diff --git a/apps/backend/polly-app/src/main/resources/application-test.properties b/apps/backend/polly-app/src/main/resources/application-test.properties
@@ -13,6 +13,9 @@ spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true
 #spring.jpa.show-sql=true
 #spring.jpa.properties.hibernate.format_sql=true
 
+azure.activedirectory.client-id=test-id:client-id
+azure.activedirectory.client-secret=test-client-secret:client-secret
+azure.activedirectory.openid-config-token-endpoint=test-endpoint
 nais.elector.path=localhost:${wiremock.server.port:8080}/elector
 behandlingsgrunnlag.distribute.rate.seconds=-1
 client.term-catalog.url=http://localhost:${wiremock.server.port:8080}/termcatalog

diff --git a/apps/backend/polly-app/src/main/resources/application.properties b/apps/backend/polly-app/src/main/resources/application.properties
@@ -49,6 +49,7 @@ management.prometheus.metrics.export.enabled=true
 # Security
 azure.activedirectory.client-id=${AZURE_APP_CLIENT_ID:client-id}
 azure.activedirectory.client-secret=${AZURE_APP_CLIENT_SECRET:client-secret}
+azure.activedirectory.openid-config-token-endpoint=${AZURE_OPENID_CONFIG_TOKEN_ENDPOINT}
 azure.activedirectory.well-known=${AZURE_APP_WELL_KNOWN_URL:https://login.microsoftonline.com/62366534-1ec3-4962-8869-9b5535279d0b/v2.0/.well-known/openid-configuration}
 azure.activedirectory.allowed-app-id-mappings=${AZURE_APP_PRE_AUTHORIZED_APPS:[{"clientId":"appId","name":"thisapp"},{"clientId":"appId2","name":"otherapp"}]}
 azure.activedirectory.mail-user=${AZURE_APP_MAIL_USER:mail-user}