Relocate sources and build georchestra dependencies

- fall back to Java 11. Georchestra modules won't build
with Java 17. Revisit and possibly fix upstream.

.github/workflows/codeql-analysis.yml

@@ -34,12 +34,14 @@ jobs:
     steps:
     - name: Checkout repository
       uses: actions/checkout@v3
+      with:
+        submodules: 'true'
 
     - name: "Setting up Java"
       uses: actions/setup-java@v2
       with:
         distribution: 'adopt'
-        java-version: '17'
+        java-version: '11'
         cache: 'maven'
 
     - name: Initialize CodeQL
@@ -52,3 +54,4 @@ jobs:
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@v2
+

.github/workflows/docker.yml

@@ -13,24 +13,29 @@ jobs:
     steps:
     - name: "Checking out"
       uses: actions/checkout@v3
+      with:
+        submodules: 'true'
 
     - name: "Setting up Java"
       uses: actions/setup-java@v2
       with:
         distribution: 'adopt'
-        java-version: '17'
+        java-version: '11'
         cache: 'maven'
 
-    - name: mvn clean test verify
-      run: ./mvnw clean test verify -ntp -T1C
+    - name: Build georchestra dependencies
+      run: ./mvnw -f georchestra/ clean install -pl :georchestra-ldap-account-management -am -DskipTests -P-all -ntp
+
+    - name: Build gateway
+      run: ./mvnw verify -pl :georchestra-gateway -ntp -T1C
 
     - name: Calculating docker image tag
       id: version
       run: echo ::set-output name=VERSION::$(echo $GITHUB_REF | cut -d / -f 3)
 
     - name: "Building a docker image"
       if: github.repository == 'georchestra/georchestra-gateway'
-      run: ./mvnw -DimageTag=${{ steps.version.outputs.VERSION }} spring-boot:build-image -ntp
+      run: ./mvnw -f gateway/ -DimageTag=${{ steps.version.outputs.VERSION }} spring-boot:build-image -ntp -DskipTests
 
     - name: "Logging in to docker.io"
       if: github.repository == 'georchestra/georchestra-gateway'

.mvn/jvm.config

@@ -0,0 +1,6 @@
+--add-exports jdk.compiler/com.sun.tools.javac.api=ALL-UNNAMED
+--add-exports jdk.compiler/com.sun.tools.javac.file=ALL-UNNAMED
+--add-exports jdk.compiler/com.sun.tools.javac.parser=ALL-UNNAMED
+--add-exports jdk.compiler/com.sun.tools.javac.tree=ALL-UNNAMED
+--add-exports jdk.compiler/com.sun.tools.javac.util=ALL-UNNAMED
+

gateway/pom.xml

@@ -0,0 +1,221 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>org.georchestra</groupId>
+    <artifactId>georchestra-gateway-parent</artifactId>
+    <version>${revision}</version>
+  </parent>
+  <artifactId>georchestra-gateway</artifactId>
+  <name>gateway</name>
+  <description>geOrchestra application gateway</description>
+  <properties>
+    <java.version>11</java.version>
+    <imageTag>${project.version}</imageTag>
+    <spring-boot.build-image.imageName>georchestra/gateway:${imageTag}</spring-boot.build-image.imageName>
+  </properties>
+  <dependencies>
+    <dependency>
+      <groupId>org.georchestra</groupId>
+      <artifactId>georchestra-ldap-account-management</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-oauth2-client</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-security</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-ldap</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.cloud</groupId>
+      <artifactId>spring-cloud-starter-gateway</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-actuator</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.projectlombok</groupId>
+      <artifactId>lombok</artifactId>
+      <optional>true</optional>
+    </dependency>
+    <dependency>
+      <!-- Annotation processor that generates metadata about classes annotated with @ConfigurationProperties. -->
+      <!-- This metadata is used by IDEs to provide auto-completion and documentation for the properties when editing application.properties 
+        and application.yaml -->
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-configuration-processor</artifactId>
+      <optional>true</optional>
+    </dependency>
+    <dependency>
+      <!-- Generates META-INF/spring-autoconfigure-metadata.properties for inclusion in the project's jar. -->
+      <!-- This file helps with startup time, but is not necessary for your app to function correctly. -->
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-autoconfigure-processor</artifactId>
+      <optional>true</optional>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-devtools</artifactId>
+      <scope>runtime</scope>
+      <optional>true</optional>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-test</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <!-- <dependency> -->
+    <!-- <groupId>org.springframework.security</groupId> -->
+    <!-- <artifactId>spring-security-test</artifactId> -->
+    <!-- <scope>test</scope> -->
+    <!-- </dependency> -->
+  </dependencies>
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>net.revelc.code.formatter</groupId>
+        <artifactId>formatter-maven-plugin</artifactId>
+        <executions>
+          <execution>
+            <goals>
+              <goal>${fmt.action}</goal>
+            </goals>
+          </execution>
+        </executions>
+        <inherited>true</inherited>
+        <configuration>
+          <skip>${fmt.skip}</skip>
+          <configFile>${maven.multiModuleProjectDirectory}/.mvn/formatter.xml</configFile>
+          <compilerSource>${java.version}</compilerSource>
+          <compilerCompliance>${java.version}</compilerCompliance>
+          <compilerTargetPlatform>${java.version}</compilerTargetPlatform>
+          <!-- Use Unix and Mac style line endings -->
+          <lineEnding>LF</lineEnding>
+          <encoding>UTF-8</encoding>
+          <skipJsFormatting>true</skipJsFormatting>
+          <skipCssFormatting>true</skipCssFormatting>
+          <skipHtmlFormatting>true</skipHtmlFormatting>
+          <skipJsonFormatting>true</skipJsonFormatting>
+          <skipXmlFormatting>true</skipXmlFormatting>
+          <skipJavaFormatting>false</skipJavaFormatting>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-enforcer-plugin</artifactId>
+        <executions>
+          <execution>
+            <id>enforce-maven-and-java</id>
+            <goals>
+              <goal>enforce</goal>
+            </goals>
+            <configuration>
+              <rules>
+                <requireJavaVersion>
+                  <version>[11,)</version>
+                </requireJavaVersion>
+                <requireMavenVersion>
+                  <version>[3.6.3,)</version>
+                </requireMavenVersion>
+              </rules>
+            </configuration>
+          </execution>
+        </executions>
+      </plugin>
+      <plugin>
+        <groupId>com.github.ekryd.sortpom</groupId>
+        <artifactId>sortpom-maven-plugin</artifactId>
+        <executions>
+          <execution>
+            <phase>verify</phase>
+            <goals>
+              <goal>${pom.fmt.action}</goal>
+            </goals>
+          </execution>
+        </executions>
+        <configuration>
+          <skip>${pom.fmt.skip}</skip>
+          <pomFile>pom.xml</pomFile>
+          <keepBlankLines>true</keepBlankLines>
+          <spaceBeforeCloseEmptyElement>false</spaceBeforeCloseEmptyElement>
+          <createBackupFile>false</createBackupFile>
+          <verifyFail>stop</verifyFail>
+          <verifyFailOn>strict</verifyFailOn>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>org.codehaus.mojo</groupId>
+        <artifactId>flatten-maven-plugin</artifactId>
+        <executions>
+          <execution>
+            <id>flatten</id>
+            <phase>process-resources</phase>
+            <goals>
+              <goal>flatten</goal>
+            </goals>
+          </execution>
+          <execution>
+            <id>flatten.clean</id>
+            <phase>clean</phase>
+            <goals>
+              <goal>clean</goal>
+            </goals>
+          </execution>
+        </executions>
+        <configuration>
+          <updatePomFile>true</updatePomFile>
+          <!--flattenMode>resolveCiFriendliesOnly</flattenMode -->
+          <flattenMode>oss</flattenMode>
+        </configuration>
+      </plugin>
+      <plugin>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-maven-plugin</artifactId>
+        <executions>
+          <execution>
+            <id>build-info</id>
+            <goals>
+              <goal>build-info</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build>
+
+  <profiles>
+    <profile>
+      <id>docker</id>
+      <activation>
+        <activeByDefault>false</activeByDefault>
+      </activation>
+      <build>
+        <plugins>
+          <plugin>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-maven-plugin</artifactId>
+            <executions>
+              <execution>
+                <id>build-image</id>
+                <goals>
+                  <goal>build-image</goal>
+                </goals>
+              </execution>
+            </executions>
+            <configuration>
+              <image>
+                <pullPolicy>IF_NOT_PRESENT</pullPolicy>
+              </image>
+            </configuration>
+          </plugin>
+        </plugins>
+      </build>
+    </profile>
+  </profiles>
+</project>

gateway/src/main/java/org/georchestra/gateway/filter/headers/providers/GeorchestraUserHeadersContributor.java

@@ -0,0 +1,71 @@
+/*
+ * Copyright (C) 2022 by the geOrchestra PSC
+ *
+ * This file is part of geOrchestra.
+ *
+ * geOrchestra is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free
+ * Software Foundation, either version 3 of the License, or (at your option)
+ * any later version.
+ *
+ * geOrchestra is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * geOrchestra.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.georchestra.gateway.filter.headers.providers;
+
+import java.util.List;
+import java.util.Optional;
+import java.util.function.Consumer;
+import java.util.stream.Collectors;
+
+import org.georchestra.gateway.filter.headers.HeaderContributor;
+import org.georchestra.gateway.model.GeorchestraTargetConfig;
+import org.georchestra.gateway.model.GeorchestraUsers;
+import org.georchestra.security.model.GeorchestraUser;
+import org.springframework.http.HttpHeaders;
+import org.springframework.web.server.ServerWebExchange;
+
+/**
+ * Contributes user-related {@literal sec-*} request headers.
+ * 
+ * <p>
+ * For any
+ * 
+ * @see GeorchestraUsers#resolve
+ * @see GeorchestraTargetConfig
+ */
+public class GeorchestraUserHeadersContributor extends HeaderContributor {
+
+	public @Override Consumer<HttpHeaders> prepare(ServerWebExchange exchange) {
+		return headers -> {
+			GeorchestraTargetConfig.getTarget(exchange)//
+					.map(GeorchestraTargetConfig::headers)//
+					.ifPresent(mappings -> {
+						Optional<GeorchestraUser> user = GeorchestraUsers.resolve(exchange);
+						add(headers, "sec-userid", mappings.getUserid(), user.map(GeorchestraUser::getId));
+						add(headers, "sec-username", mappings.getUsername(), user.map(GeorchestraUser::getUsername));
+						add(headers, "sec-org", mappings.getOrg(), user.map(GeorchestraUser::getOrganization));
+						add(headers, "sec-email", mappings.getEmail(), user.map(GeorchestraUser::getEmail));
+						add(headers, "sec-firstname", mappings.getFirstname(), user.map(GeorchestraUser::getFirstName));
+						add(headers, "sec-lastname", mappings.getLastname(), user.map(GeorchestraUser::getLastName));
+						add(headers, "sec-tel", mappings.getTel(), user.map(GeorchestraUser::getTelephoneNumber));
+
+						List<String> roles = user.map(GeorchestraUser::getRoles).orElse(List.of()).stream()
+								.map(r -> r.startsWith("ROLE_") ? r : "ROLE_" + r).collect(Collectors.toList());
+
+						add(headers, "sec-roles", mappings.getRoles(), roles);
+
+						add(headers, "sec-lastupdated", mappings.getLastUpdated(),
+								user.map(GeorchestraUser::getLastUpdated));
+						add(headers, "sec-address", mappings.getAddress(), user.map(GeorchestraUser::getPostalAddress));
+						add(headers, "sec-title", mappings.getTitle(), user.map(GeorchestraUser::getTitle));
+						add(headers, "sec-notes", mappings.getNotes(), user.map(GeorchestraUser::getNotes));
+					});
+		};
+	}
+}

src/main/java/org/georchestra/gateway/model/GeorchestraTargetConfig.java → gateway/src/main/java/org/georchestra/gateway/model/GeorchestraTargetConfig.java

@@ -35,13 +35,13 @@
 @Accessors(fluent = true, chain = true)
 public class GeorchestraTargetConfig {
 
-    static final String TARGET_CONFIG_KEY = GeorchestraTargetConfig.class.getCanonicalName() + ".target";
+    private static final String TARGET_CONFIG_KEY = GeorchestraTargetConfig.class.getCanonicalName() + ".target";
 
     private HeaderMappings headers;
     private List<RoleBasedAccessRule> accessRules;
 
     public static Optional<GeorchestraTargetConfig> getTarget(ServerWebExchange exchange) {
-        return Optional.ofNullable(exchange.getAttribute(TARGET_CONFIG_KEY)).map(GeorchestraTargetConfig.class::cast);
+        return Optional.ofNullable(exchange.getAttributes().get(TARGET_CONFIG_KEY)).map(GeorchestraTargetConfig.class::cast);
     }
 
     public static void setTarget(ServerWebExchange exchange, GeorchestraTargetConfig config) {

src/main/java/org/georchestra/gateway/model/GeorchestraUsers.java → gateway/src/main/java/org/georchestra/gateway/model/GeorchestraUsers.java

@@ -33,7 +33,7 @@ public class GeorchestraUsers {
     static final String GEORCHESTRA_USER_KEY = GeorchestraUsers.class.getCanonicalName();
 
     public static Optional<GeorchestraUser> resolve(ServerWebExchange exchange) {
-        return Optional.ofNullable(exchange.getAttribute(GEORCHESTRA_USER_KEY)).map(GeorchestraUser.class::cast);
+        return Optional.ofNullable(exchange.getAttributes().get(GEORCHESTRA_USER_KEY)).map(GeorchestraUser.class::cast);
     }
 
     public static ServerWebExchange store(@NonNull ServerWebExchange exchange, GeorchestraUser user) {