Change Keycloak to force authentication on all paths. (#8)

Remove mediatype testing
redhat-composer-ai · Nov 24, 2024 · 00eb5e3 · 00eb5e3
1 parent a684b2f
commit 00eb5e3
Show file tree

Hide file tree

Showing 7 changed files with 16 additions and 16 deletions.
diff --git a/src/main/java/com/redhat/composer/api/AssistantAdminApi.java b/src/main/java/com/redhat/composer/api/AssistantAdminApi.java
@@ -11,7 +11,6 @@
 import com.redhat.composer.model.response.AssistantResponse;
 import com.redhat.composer.services.AssistantInfoService;
 
-import io.quarkus.security.Authenticated;
 import jakarta.inject.Inject;
 import jakarta.ws.rs.GET;
 import jakarta.ws.rs.POST;
@@ -21,7 +20,6 @@
  * Admin API for Creating and Managing Assistants.
  */
 @Path("/admin/assistant")
-@Authenticated
 public class AssistantAdminApi {
 
   @Inject

diff --git a/src/main/java/com/redhat/composer/api/AssistantApi.java b/src/main/java/com/redhat/composer/api/AssistantApi.java
@@ -5,7 +5,6 @@
 import com.redhat.composer.model.request.AssistantChatRequest;
 import com.redhat.composer.services.ChatBotService;
 
-import io.quarkus.security.Authenticated;
 import io.smallrye.mutiny.Multi;
 import jakarta.inject.Inject;
 import jakarta.ws.rs.Consumes;
@@ -17,7 +16,6 @@
  * Assistant API for Chatting using assistants.
  */
 @Path("/assistant/chat")
-@Authenticated
 public class AssistantApi {
 
   Logger log = Logger.getLogger(AssistantApi.class);

diff --git a/src/main/java/com/redhat/composer/api/ChatBotApi.java b/src/main/java/com/redhat/composer/api/ChatBotApi.java
@@ -5,7 +5,6 @@
 import com.redhat.composer.model.request.ChatBotRequest;
 import com.redhat.composer.services.ChatBotService;
 
-import io.quarkus.security.Authenticated;
 import io.smallrye.mutiny.Multi;
 import jakarta.inject.Inject;
 import jakarta.ws.rs.Consumes;
@@ -17,7 +16,6 @@
  * ChatBotAPI for Chatting using ChatBots.
  */
 @Path("/chatbot/chat")
-@Authenticated
 public class ChatBotApi {
 
   Logger log = Logger.getLogger(ChatBotApi.class);

diff --git a/src/main/java/com/redhat/composer/api/EmbeddingApi.java b/src/main/java/com/redhat/composer/api/EmbeddingApi.java
@@ -2,7 +2,6 @@
 
 import com.redhat.composer.services.EmbeddingService;
 
-import io.quarkus.security.Authenticated;
 import jakarta.inject.Inject;
 import jakarta.ws.rs.Consumes;
 import jakarta.ws.rs.POST;
@@ -15,15 +14,15 @@
  * Api For Testing Embedding.
  */
 @Path("/embedding")
-@Authenticated
 public class EmbeddingApi {
 
   @Inject
   EmbeddingService embeddingService;
 
   /**
    * Embedd a string.
-   * @param text the text to embedd
+   * 
+   * @param text          the text to embedd
    * @param embeddingType the type of embedding to use
    * @return the embedded string
    */

diff --git a/src/main/java/com/redhat/composer/api/LlmApi.java b/src/main/java/com/redhat/composer/api/LlmApi.java
@@ -1,7 +1,6 @@
 package com.redhat.composer.api;
 
 import org.jboss.logging.Logger;
-import org.jboss.resteasy.reactive.RestStreamElementType;
 
 import com.redhat.composer.config.llm.models.streaming.StreamingBaseModel;
 import com.redhat.composer.config.llm.models.streaming.StreamingModelFactory;
@@ -17,9 +16,7 @@
 import jakarta.inject.Inject;
 import jakarta.ws.rs.POST;
 import jakarta.ws.rs.Path;
-import jakarta.ws.rs.Produces;
 import jakarta.ws.rs.QueryParam;
-import jakarta.ws.rs.core.MediaType;
 
 /**
  * Api For Testing the LLM.

diff --git a/src/main/java/com/redhat/composer/api/VectorRetriverApi.java b/src/main/java/com/redhat/composer/api/VectorRetriverApi.java
@@ -1,15 +1,13 @@
 package com.redhat.composer.api;
 
 import java.util.List;
-import java.util.Map;
 
 import com.redhat.composer.model.request.RetrieverRequest;
 import com.redhat.composer.model.response.SourceResponse;
 import com.redhat.composer.services.RetrieveService;
 import com.redhat.composer.util.mappers.MapperUtil;
 
 import dev.langchain4j.rag.content.Content;
-import io.quarkus.security.Authenticated;
 import jakarta.inject.Inject;
 import jakarta.ws.rs.POST;
 import jakarta.ws.rs.Path;
@@ -19,7 +17,6 @@
  * Api For Testing Store Retrievers.
  */
 @Path("/retriver")
-@Authenticated
 public class VectorRetriverApi {
 
   @Inject

diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
@@ -91,10 +91,23 @@ disable.authorization=true
 quarkus.oidc.client-id=backend-service
 quarkus.oidc.credentials.secret=secret
 quarkus.oidc.tls.verification=none
+quarkus.oidc.application-type=web-app
+
+# Refreshes the token if it is expired
+quarkus.oidc.token.refresh-expired=true
+quarkus.oidc.authentication.session-age-extension=1440
+quarkus.oidc.authentication.java-script-auto-redirect=false
+
+# Enforces authentication on all paths (includes /q/dev-ui and /q/swagger)
+quarkus.http.auth.permission.authenticated.paths=/*
+quarkus.http.auth.permission.authenticated.policy=authenticated
 
 # Enable Policy Enforcement
 quarkus.keycloak.policy-enforcer.enable=true
 
 # Tell Dev Services for Keycloak to import the realm file
 # This property is not effective when running the application in JVM or native modes
-quarkus.keycloak.devservices.realm-path=quarkus-realm.json
+quarkus.keycloak.devservices.realm-path=quarkus-realm.json
+
+
+