-
Notifications
You must be signed in to change notification settings - Fork 437
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #10560 from cBioPortal/fix-auth-integration
Fix auth integration
- Loading branch information
Showing
69 changed files
with
4,142 additions
and
1,141 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
name: Security integration tests | ||
on: [push, pull_request] | ||
jobs: | ||
build: | ||
name: Security integration tests | ||
runs-on: ubuntu-latest | ||
env: | ||
PORTAL_SOURCE_DIR: /home/runner/work/cbioportal/cbioportal/cbioportal | ||
PORTAL_COMPOSE_DIR: /home/runner/work/cbioportal/cbioportal/cbioportal-docker-compose | ||
PORTAL_INFO_DIR: /home/runner/work/cbioportal/cbioportal/portalInfo | ||
steps: | ||
- name: 'Checkout cbioportal repo' | ||
uses: actions/checkout@v2 | ||
with: | ||
path: ./cbioportal | ||
- name: 'Set up JDK 21' | ||
uses: oracle-actions/setup-java@v1 | ||
with: | ||
website: oracle.com | ||
release: 21 | ||
- name: 'Cache Maven packages' | ||
uses: actions/cache@v1 | ||
with: | ||
path: ~/.m2 | ||
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} | ||
restore-keys: ${{ runner.os }}-m2 | ||
- name: 'Add host.testcontainers.internal to /etc/hosts' | ||
run: | | ||
echo "127.0.0.1 host.testcontainers.internal" | sudo tee -a /etc/hosts | ||
- name: 'Copy Application.Properties' | ||
working-directory: ./cbioportal | ||
run: | | ||
cp src/main/resources/application.properties.EXAMPLE src/main/resources/application.properties | ||
- name: 'Run integration tests' | ||
working-directory: ./cbioportal | ||
run: | | ||
mvn verify -Pintegration-test |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
DOCKER_IMAGE_SESSION_SERVICE=cbioportal/session-service:0.6.1 | ||
DOCKER_IMAGE_MYSQL=mysql:8.1.0 | ||
DOCKER_IMAGE_KEYCLOAK=quay.io/keycloak/keycloak:23.0 | ||
DOCKER_IMAGE_MONGODB=mongo:4.2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,58 @@ | ||
# Tools for development | ||
|
||
In this folder is some additional configuration that can be useful for local development. None of this should be deployed directly to production | ||
|
||
# Set up keycloak for cBioPortal >v6 | ||
|
||
Requirements: | ||
- System runs docker (including docker compose) | ||
|
||
1. Run from the root of the repository: | ||
|
||
``` | ||
cd dev | ||
docker compose up -d | ||
``` | ||
|
||
2. (Option 1) Apply SAML2 configuration to _security.properties_ in cBioPortal: | ||
|
||
```properties | ||
authenticate=saml | ||
spring.security.saml2.relyingparty.registration.keycloak.assertingparty.metadata-uri=http://localhost:8084/realms/cbio/protocol/saml/descriptor | ||
spring.security.saml2.relyingparty.registration.keycloak.assertingparty.entity-id=http://localhost:8084/realms/cbio | ||
spring.security.saml2.relyingparty.registration.keycloak.entity-id=cbioportal | ||
spring.security.saml2.relyingparty.registration.keycloak.signing.credentials[0].certificate-location=classpath:/dev/security/signing-cert.pem | ||
spring.security.saml2.relyingparty.registration.keycloak.signing.credentials[0].private-key-location=classpath:/dev/security/signing-key.pem | ||
``` | ||
|
||
3. (Option 2) Apply OIDC configuration to _security.properties_ in cBioPortal: | ||
|
||
```properties | ||
authenticate=oauth2 | ||
spring.security.oauth2.client.registration.keycloak.redirect-uri=http://localhost:8080/login/oauth2/code/keycloak | ||
spring.security.oauth2.client.registration.keycloak.client-name=cbioportal_oauth2 | ||
spring.security.oauth2.client.registration.keycloak.client-id=cbioportal_oauth2 | ||
spring.security.oauth2.client.registration.keycloak.client-secret=client_secret | ||
spring.security.oauth2.client.registration.keycloak.authorization-grant-type=authorization_code | ||
spring.security.oauth2.client.registration.keycloak.client-authentication-method=client_secret_post | ||
spring.security.oauth2.client.registration.keycloak.scope=openid,email,roles | ||
spring.security.oauth2.client.provider.keycloak.issuer-uri=http://localhost:8084/realms/cbio | ||
spring.security.oauth2.client.provider.keycloak.user-name-attribute=email | ||
``` | ||
|
||
4. Set the following in _portal.properties_: | ||
|
||
```properties | ||
persistence.cache_type=no-cache | ||
session.service.url=http://localhost:5000/api/sessions/my_portal/ | ||
|
||
spring.datasource.url=jdbc:mysql://localhost:3306/cbioportal?useSSL=false&allowPublicKeyRetrieval=true | ||
spring.datasource.username=cbio_user | ||
spring.datasource.password=somepassword | ||
spring.jpa.database-platform=org.hibernate.dialect.MySQL5InnoDBDialect | ||
spring.datasource.driver-class-name=com.mysql.jdbc.Driver | ||
``` | ||
|
||
4. Start cBioPortal application on port 8080. The login credentials are `testuser:P@assword1`. | ||
|
||
⚠️ Warning: Do not use this directly for production use as it takes several shortcuts to get a quick keycloak instance up. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,57 @@ | ||
version: '3' | ||
|
||
services: | ||
cbioportal-database: | ||
restart: unless-stopped | ||
image: ${DOCKER_IMAGE_MYSQL} | ||
container_name: cbioportal-database | ||
environment: | ||
MYSQL_DATABASE: cbioportal | ||
MYSQL_USER: cbio_user | ||
MYSQL_PASSWORD: somepassword | ||
MYSQL_ROOT_PASSWORD: somepassword | ||
volumes: | ||
- $PWD/../src/main/resources/db-scripts/cgds.sql:/docker-entrypoint-initdb.d/cgds.sql:ro | ||
- $PWD/../src/test/resources/seed_mini.sql:/docker-entrypoint-initdb.d/seed.sql:ro | ||
ports: | ||
- 3306:3306 | ||
cbioportal-session: | ||
restart: unless-stopped | ||
image: ${DOCKER_IMAGE_SESSION_SERVICE} | ||
container_name: cbioportal-session | ||
environment: | ||
SERVER_PORT: 5000 | ||
JAVA_OPTS: -Dspring.data.mongodb.uri=mongodb://cbioportal-session-database:27017/session-service | ||
depends_on: | ||
- cbioportal-session-database | ||
ports: | ||
- 5000:5000 | ||
networks: | ||
- cbio-net | ||
cbioportal-session-database: | ||
restart: unless-stopped | ||
image: ${DOCKER_IMAGE_MONGODB} | ||
container_name: cbioportal-session-database | ||
environment: | ||
MONGO_INITDB_DATABASE: session-service | ||
networks: | ||
- cbio-net | ||
keycloak: | ||
restart: unless-stopped | ||
container_name: keycloak | ||
image: ${DOCKER_IMAGE_KEYCLOAK} | ||
volumes: | ||
- $PWD/../src/main/resources/dev/security/keycloak-configuration-generated.json:/opt/keycloak/data/import/realm.json:ro | ||
environment: | ||
- KC_HOSTNAME=localhost | ||
- KC_DB_USERNAME=keycloak | ||
- KC_DB_PASSWORD=password | ||
- KC_DB_DATABASE=keycloak | ||
- KEYCLOAK_ADMIN=admin | ||
- KEYCLOAK_ADMIN_PASSWORD=admin | ||
ports: | ||
- 8084:8080 | ||
command: start-dev --import-realm | ||
|
||
networks: | ||
cbio-net: |
Oops, something went wrong.