Create local containerized keycloak docker example, update README

Dockerfile

@@ -1,13 +1,15 @@
-# build image : `docker build -t brapicoordinatorselby/brapi-java-server ./`
-# run container (dev): `docker run --name=brapi-test-server --network=bridge -p 8081:8081 -d brapicoordinatorselby/brapi-java-server`
-# run container (prod): `docker run --name=brapi-test-server --restart always --network=brapi_net -d brapicoordinatorselby/brapi-java-server`
+# build image stack: `docker build -t docker-username/image-stack-name ./`
+# run container (dev): `docker run --name=brapi-test-server --network=bridge -p 8081:8081 -d docker-username/image-stack-name`
+# run container (prod): `docker run --name=brapi-test-server --restart always --network=brapi_net -d docker-username/image-stack-name`
 
 FROM adoptopenjdk/openjdk8
 
-EXPOSE 8080
+# 8080 - brapi app port | 5005 - brapi app debug port | 8008 - keycloak app port
+EXPOSE 8080 5005 8008
 
 RUN mkdir /home/brapi
 
 COPY target/brapi-Java-TestServer-0.1.0.jar src/main/resources/ /home/brapi/
 
-CMD java -cp "/home/brapi/:/home/brapi/brapi-Java-TestServer-0.1.0.jar" org.springframework.boot.loader.JarLauncher
+# Open up debug port on JVM
+CMD java -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=0.0.0.0:5005 -cp "/home/brapi/:/home/brapi/brapi-Java-TestServer-0.1.0.jar" org.springframework.boot.loader.JarLauncher

docker-compose-dev.yaml

@@ -0,0 +1,21 @@
+services:
+  brapi-java-server-v2:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    ports:
+      - "8080:8080"
+      - "5005:5005"
+    depends_on:
+      - brapi-db
+    volumes:
+      - .\src\main\resources\properties\application.properties:/home/brapi/properties/application.properties
+  brapi-db:
+    image: postgres:13
+    environment:
+      POSTGRES_USER: brapi
+      POSTGRES_PASSWORD: password
+    volumes:
+      - /var/lib/postgresql/data
+    ports:
+      - "5433:5432"

docker-compose-local-auth.yaml

@@ -0,0 +1,61 @@
+services:
+  brapi-java-server-v2:
+    build:
+      context: .
+      dockerfile: Dockerfile
+    ports:
+      - "8080:8080"
+      - "5005:5005"
+    depends_on:
+      - brapi-db
+    volumes:
+      - .\src\main\resources\properties\application.properties:/home/brapi/properties/application.properties
+  keycloak-brapi:
+    image: quay.io/keycloak/keycloak:latest
+    entrypoint: /opt/keycloak/bin/kc.sh start-dev
+    depends_on:
+      - keycloak-db
+    environment:
+      - KEYCLOAK_USER=admin
+      - KEYCLOAK_PASSWORD=admin
+      # The KC_HOSTNAME needs to be the same as the defined keycloak-brapi service in the compose file for a local setup.
+      # This allows the brapi app to talk to the keycloak container via the service name in the url, and sets up keycloak
+      # url defaults so that when brapi gets auth urls from keycloak it can still talk to it.
+      - KC_HOSTNAME=keycloak-brapi
+      - KC_DB=postgres
+      - KC_DB_URL=jdbc:postgresql://keycloak-db:5432/keycloak
+      - KC_DB_SCHEMA=public
+      - KC_DB_USERNAME=keycloak
+      - KC_DB_PASSWORD=password
+      - KC_HOSTNAME_STRICT=false
+      - KC_HOSTNAME_STRICT_HTTPS=false
+      - KC_HTTP_PORT=8008
+
+      - KC_LOG_LEVEL=info
+      - KC_METRICS_ENABLED=true
+      - KC_HEALTH_ENABLED=true
+      - KEYCLOAK_ADMIN=admin
+      - KEYCLOAK_ADMIN_PASSWORD=admin
+    ports:
+      - "8008:8008"
+  brapi-db:
+    image: postgres:13
+    environment:
+      POSTGRES_USER: brapi
+      POSTGRES_PASSWORD: password
+    volumes:
+      - brapi-data:/var/lib/postgresql/data
+    ports:
+      - "5433:5432"
+  keycloak-db:
+    image: postgres:13
+    volumes:
+      - keycloak-data:/var/lib/postgresql/data
+    environment:
+      POSTGRES_USER: keycloak
+      POSTGRES_PASSWORD: password
+    ports:
+      - "5434:5432"
+volumes:
+  keycloak-data:
+  brapi-data:

docker-compose.yaml

@@ -1,27 +1,27 @@
-version: '3'
-
 services:
+  # Update this image with whatever image you have access to
   brapi-java-server-v1:
     image: brapicoordinatorselby/brapi-java-server:v1
-    restart: unless-stopped
     depends_on:
       - postgres
     volumes:
       - /home/jenkins/brapi.org/brapi-test-server/properties/v1/application.properties:/home/brapi/properties/application.properties
   brapi-java-server-v2:
+    # Update this image with whatever image you have access to
     image: brapicoordinatorselby/brapi-java-server:v2
-    restart: unless-stopped
     depends_on:
       - postgres
     volumes:
+      # Update this path with the path your pipeline tool expects
       - /home/jenkins/brapi.org/brapi-test-server/properties/v2/application.properties:/home/brapi/properties/application.properties
   keycloak-brapi:
+    # Update this image with whatever keycloak image you have access to
     image: brapicoordinatorselby/brapi-keycloak:latest
-    restart: unless-stopped
     entrypoint: /opt/keycloak/bin/kc.sh start --optimized --proxy edge
     depends_on:
       - postgres
     environment:
+      # These vars will change depending on how you have configured your keycloak DB
       - KEYCLOAK_USER
       - KEYCLOAK_PASSWORD
       - KC_HOSTNAME=auth.brapi.org
@@ -31,8 +31,8 @@ services:
       - KC_DB_PASSWORD
   postgres:
     image: postgres:13
-    restart: unless-stopped
     volumes:
+      # Update this path with the path your pipeline tool expects
       - /home/jenkins/brapi.org/brapi-test-server/data:/var/lib/postgresql/data
 networks:
     default:

src/main/java/org/brapi/test/BrAPITestServer/auth/BrapiTestServerAuthConfig.java

@@ -15,6 +15,9 @@ public class BrapiTestServerAuthConfig extends WebSecurityConfigurerAdapter{
 
 	@Value( "${security.oidc_discovery_url}" )
 	private String oidcDiscoveryUrl;
+
+    @Value("${security.issuer_url}")
+    private String issuerUrl;
 
 	@Value( "${security.enabled:true}" )
 	private boolean authEnabled;
@@ -25,7 +28,10 @@ protected void configure(HttpSecurity http) throws Exception {
                 .anyRequest()
                 .permitAll().and() //TODO secure this
                 //.authenticated().and()
-                .addFilter(new BrapiTestServerJWTAuthFilter(authenticationManager(), oidcDiscoveryUrl, authEnabled))
+                .addFilter(new BrapiTestServerJWTAuthFilter(authenticationManager(),
+                        oidcDiscoveryUrl,
+                        issuerUrl,
+                        authEnabled))
                 // this disables session creation on Spring Security
                 .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
     }

src/main/java/org/brapi/test/BrAPITestServer/auth/BrapiTestServerJWTAuthFilter.java

@@ -40,12 +40,17 @@ public class BrapiTestServerJWTAuthFilter extends BasicAuthenticationFilter {
 	private static final Logger log = LoggerFactory.getLogger(BrapiTestServerJWTAuthFilter.class);
 	private static final List<String> ADMIN_IDS = Arrays.asList("dummyAdmin", "ps664@cornell.edu");
 
-	private String oidcDiscoveryUrl;
-	private boolean authEnabled;
-
-	public BrapiTestServerJWTAuthFilter(AuthenticationManager authManager, String oidcDiscoveryUrl, boolean authEnabled) {
+	private final String oidcDiscoveryUrl;
+	private final String issuerUrl;
+	private final boolean authEnabled;
+
+	public BrapiTestServerJWTAuthFilter(AuthenticationManager authManager,
+										String oidcDiscoveryUrl,
+										String issuerUrl,
+										boolean authEnabled) {
 		super(authManager);
 		this.oidcDiscoveryUrl = oidcDiscoveryUrl;
+		this.issuerUrl = issuerUrl;
 		this.authEnabled = authEnabled;
 	}
 
@@ -158,7 +163,7 @@ private AuthDetails validateOAuthToken(String token) throws GeneralSecurityExcep
 			RSAPublicKey pubKey = getPublicKey(oidcDiscoveryUrl);
 
 			Algorithm algorithm = Algorithm.RSA256(pubKey, null);
-			JWTVerifier verifier = JWT.require(algorithm).withIssuer("https://auth.brapi.org/realms/brapi")
+			JWTVerifier verifier = JWT.require(algorithm).withIssuer(issuerUrl)
 					.build();
 			DecodedJWT jwt = verifier.verify(token);
 

src/main/resources/application.properties.template

@@ -1,6 +1,7 @@
 server.port = 8080
 server.servlet.context-path=/brapi/v2
 
+
 spring.datasource.url=jdbc:postgresql://EXAMPLE:5432/EXAMPLE
 spring.datasource.username=EXAMPLE
 spring.datasource.password=EXAMPLE
@@ -17,4 +18,5 @@ spring.flyway.baselineOnMigrate=true
 
 spring.mvc.dispatch-options-request=true
 
-security.oidc_discovery_url=https://example.com/auth/.well-known/openid-configuration
+security.oidc_discovery_url=https://example.com/auth/.well-known/openid-configuration
+security.issuer_url=http://example.com/issuerurl