Examples security validation

Signed-off-by: Maxim Nesen <maxim.nesen@oracle.com>

examples/config/changes/conf/secrets/password

@@ -1 +1 @@
-^ery$ecretP&ssword
+changeit

examples/config/changes/src/main/java/io/helidon/examples/config/changes/OnChangeExample.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017, 2023 Oracle and/or its affiliates.
+ * Copyright (c) 2017, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -54,7 +54,7 @@ public void run() {
 
     private static void logSecrets(Config secrets) {
         LOGGER.info("Loaded secrets are u: " + secrets.get("username").asString().get()
-                            + ", p: " + secrets.get("password").asString().get());
+                            + ", p: " + secrets.get("changeit").asString().get());
     }
 
 }

examples/config/sources/conf/secrets/password

@@ -1 +1 @@
-^ery$ecretP&ssword
+changeit

examples/config/sources/src/main/java/io/helidon/examples/config/sources/DirectorySourceExample.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017, 2023 Oracle and/or its affiliates.
+ * Copyright (c) 2017, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -48,9 +48,9 @@ public static void main(String... args) {
         System.out.println("Username: " + username);
         assert username.equals("libor");
 
-        String password = secrets.get("password").asString().get();
+        String password = secrets.get("changeit").asString().get();
         System.out.println("Password: " + password);
-        assert password.equals("^ery$ecretP&ssword");
+        assert password.equals("changeit");
     }
 
 }

examples/dbclient/jdbc/README.md

@@ -31,7 +31,7 @@ Instructions for Oracle can be found here: https://github.com/oracle/docker-imag
 
 MySQL can be run as a docker container with the following command:
 ```
-docker run --rm --name mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=root -e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=password  mysql:5.7
+docker run --rm --name mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=root -e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=changeit  mysql:5.7
 ```
 
 

examples/dbclient/jdbc/src/main/resources/application.yaml

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2019, 2023 Oracle and/or its affiliates.
+# Copyright (c) 2019, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -38,10 +38,10 @@ db:
     # MySQL configuration
     #
     # docker run --rm --name mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=root \
-    #   -e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=password  mysql:5.7
+    #   -e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=changeit  mysql:5.7
 #    url: jdbc:mysql://127.0.0.1:3306/pokemon?useSSL=false
 #    username: user
-#    password: password
+#    password: changeit
 #    poolName: mysql
     #
     # Oracle configuration

examples/dbclient/jdbc/src/test/java/io/helidon/examples/dbclient/jdbc/PokemonServiceMySQLIT.java

@@ -35,7 +35,7 @@ class PokemonServiceMySQLIT extends AbstractPokemonServiceTest {
     @Container
     static MySQLContainer<?> container = new MySQLContainer<>("mysql:8.0.36")
             .withUsername("user")
-            .withPassword("password")
+            .withPassword("changeit")
             .withNetworkAliases("mysql")
             .withDatabaseName("pokemon");
 

examples/dbclient/jdbc/src/test/resources/application-mysql-test.yaml

@@ -25,7 +25,7 @@ db:
   source: jdbc
   connection:
     username: user
-    password: password
+    password: changeit
     poolName: mysql
     initializationFailTimeout: -1
     connectionTimeout: 2000

examples/dbclient/pokemons/README.md

@@ -67,7 +67,7 @@ For details, see http://www.h2database.com/html/cheatSheet.html
 MySQL:
 ```
 docker run --rm --name mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=root \
-       -e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=password  mysql:5.7
+       -e MYSQL_DATABASE=pokemon -e MYSQL_USER=user -e MYSQL_PASSWORD=changeit  mysql:5.7
 ```
 
 

examples/dbclient/pokemons/src/test/java/io/helidon/examples/dbclient/pokemons/PokemonServiceMySQLIT.java

@@ -34,7 +34,7 @@ public class PokemonServiceMySQLIT extends AbstractPokemonServiceTest {
     @Container
     static MySQLContainer<?> container = new MySQLContainer<>("mysql:8.0.36")
             .withUsername("user")
-            .withPassword("password")
+            .withPassword("changeit")
             .withNetworkAliases("mysql")
             .withDatabaseName("pokemon");
 

examples/dbclient/pokemons/src/test/resources/application-mysql-test.yaml

@@ -26,7 +26,7 @@ db:
   source: jdbc
   connection:
     username: user
-    password: password
+    password: changeit
     poolName: "mysql"
     initializationFailTimeout: -1
     connectionTimeout: 2000

examples/employee-app/src/main/java/io/helidon/examples/employee/EmployeeRepositoryImplDB.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2019, 2023 Oracle and/or its affiliates.
+ * Copyright (c) 2019, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -43,7 +43,7 @@ final class EmployeeRepositoryImplDB implements EmployeeRepository {
         String driver = "oracle.jdbc.driver.OracleDriver";
 
         String dbUserName = config.get("app.user").asString().orElse("sys as SYSDBA");
-        String dbUserPassword = config.get("app.password").asString().orElse("password");
+        String dbUserPassword = config.get("app.password").asString().orElse("changeit");
         String dbHostURL = config.get("app.hosturl").asString().orElse("localhost:1521/xe");
 
         try {

examples/microprofile/idcs/src/main/resources/application.yaml

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2018, 2023 Oracle and/or its affiliates.
+# Copyright (c) 2018, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -29,7 +29,7 @@ security:
     # This is a nice way to be able to override this with local properties or env-vars
     idcs-uri: "https://tenant-id.identity.oracle.com"
     idcs-client-id: "client-id"
-    idcs-client-secret: "client-secret"
+    idcs-client-secret: "changeit"
     # Used as a base for redirects back to us
     frontend-uri: "http://localhost:7987"
     proxy-host: "if you need proxy"

examples/microprofile/oci-tls-certificates/etc/unsupported-cert-tools/utils.sh

@@ -1,7 +1,7 @@
 #!/bin/bash -e
 
 #
-# Copyright (c) 2023 Oracle and/or its affiliates.
+# Copyright (c) 2023, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -39,7 +39,7 @@ prepareKeyToUpload() {
   # Extract server/client private key
   openssl pkcs12 -in "$KEYSTORE_FILE" \
     -nocerts \
-    -passin pass:password -passout pass:password \
+    -passin pass:changeit -passout pass:changeit \
     -out $PRIVATE_KEY_AS_PEM
 
   ## Upload server/client private key to vault
@@ -59,7 +59,7 @@ prepareKeyToUpload() {
   # If the RSA private key you want to import is in PEM format, convert it to DER:
   openssl pkcs8 -topk8 -nocrypt \
     -inform PEM -outform DER \
-    -passin pass:password -passout pass:password \
+    -passin pass:changeit -passout pass:changeit \
     -in $PRIVATE_KEY_AS_PEM -out $PRIVATE_KEY_AS_DER
 
   # Wrap RSA private key with the temporary AES key:

examples/microprofile/oidc/src/main/resources/application.yaml

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2019, 2022 Oracle and/or its affiliates.
+# Copyright (c) 2019, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -23,7 +23,7 @@ security:
     oidc-identity-uri: "https://tenant.some-server.com/oauth2/default"
     # when you create a new client in identity server configuration, you should get a client id and a client secret
     oidc-client-id: "some client id"
-    oidc-client-secret: "some client secret"
+    oidc-client-secret: "changeit"
     # issuer of the tokens - identity server specific (maybe even configurable)
     oidc-issuer: "https://tenant.some-server.com/oauth2/default"
     # audience of the tokens - identity server specific (usually configurable)

examples/microprofile/security/src/main/resources/application.yaml

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2018, 2020 Oracle and/or its affiliates.
+# Copyright (c) 2018, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -27,13 +27,13 @@ security:
       realm: "helidon"
       users:
       - login: "jack"
-        password: "password"
+        password: "changeit"
         roles: ["user", "admin"]
       - login: "jill"
-        password: "password"
+        password: "changeit"
         roles: ["user"]
       - login: "john"
-        password: "password"
+        password: "changeit"
   web-server:
     paths:
     - path: "/static-cp[/{*}]"

examples/microprofile/tls/src/main/resources/META-INF/microprofile-config.properties

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2020 Oracle and/or its affiliates.
+# Copyright (c) 2020, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -20,9 +20,9 @@ server.host=0.0.0.0
 
 #Truststore setup
 server.tls.trust.keystore.resource.resource-path=server.p12
-server.tls.trust.keystore.passphrase=password
+server.tls.trust.keystore.passphrase=changeit
 server.tls.trust.keystore.trust-store=true
 
 #Keystore with private key and server certificate
 server.tls.private-key.keystore.resource.resource-path=server.p12
-server.tls.private-key.keystore.passphrase=password
+server.tls.private-key.keystore.passphrase=changeit

examples/security/basic-auth-with-static-content/README.md

@@ -23,9 +23,9 @@ Try the application:
 The application starts at the `8080` port
 ```shell
 curl http://localhost:8080/public
-curl -u "jill:password" http://localhost:8080/noRoles
-curl -u "john:password" http://localhost:8080/user
-curl -u "jack:password" http://localhost:8080/admin
-curl -v -u "john:password" http://localhost:8080/deny
-curl -u "jack:password" http://localhost:8080/noAuthn
+curl -u "jill:changeit" http://localhost:8080/noRoles
+curl -u "john:changeit" http://localhost:8080/user
+curl -u "jack:changeit" http://localhost:8080/admin
+curl -v -u "john:changeit" http://localhost:8080/deny
+curl -u "jack:changeit" http://localhost:8080/noAuthn
 ```

examples/security/basic-auth-with-static-content/src/main/java/io/helidon/examples/security/basicauth/BasicExampleBuilderMain.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020, 2023 Oracle and/or its affiliates.
+ * Copyright (c) 2020, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -42,9 +42,9 @@ public final class BasicExampleBuilderMain {
     private static final Map<String, MyUser> USERS = new HashMap<>();
 
     static {
-        USERS.put("jack", new MyUser("jack", "password".toCharArray(), Set.of("user", "admin")));
-        USERS.put("jill", new MyUser("jill", "password".toCharArray(), Set.of("user")));
-        USERS.put("john", new MyUser("john", "password".toCharArray(), Set.of()));
+        USERS.put("jack", new MyUser("jack", "changeit".toCharArray(), Set.of("user", "admin")));
+        USERS.put("jill", new MyUser("jill", "changeit".toCharArray(), Set.of("user")));
+        USERS.put("john", new MyUser("john", "changeit".toCharArray(), Set.of()));
     }
 
     private BasicExampleBuilderMain() {

examples/security/basic-auth-with-static-content/src/main/resources/application.yaml

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2020, 2023 Oracle and/or its affiliates.
+# Copyright (c) 2020, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -53,11 +53,11 @@ security:
         realm: "helidon"
         users:
           - login: "jack"
-            password: "${CLEAR=password}"
+            password: "${CLEAR=changeit}"
             roles: [ "user", "admin" ]
           - login: "jill"
-            password: "${CLEAR=password}"
+            password: "${CLEAR=changeit}"
             roles: [ "user" ]
           - login: "john"
-            password: "${CLEAR=password}"
+            password: "${CLEAR=changeit}"
             roles: [ ]

examples/security/basic-auth-with-static-content/src/test/java/io/helidon/examples/security/basicauth/BasicExampleTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2020, 2023 Oracle and/or its affiliates.
+ * Copyright (c) 2020, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -75,9 +75,9 @@ public void testNoRoles() {
         testNotAuthorized(uri);
 
         //Must be accessible with authentication - to everybody
-        testProtected(uri, "jack", "password", Set.of("admin", "user"), Set.of());
-        testProtected(uri, "jill", "password", Set.of("user"), Set.of("admin"));
-        testProtected(uri, "john", "password", Set.of(), Set.of("admin", "user"));
+        testProtected(uri, "jack", "changeit", Set.of("admin", "user"), Set.of());
+        testProtected(uri, "jill", "changeit", Set.of("user"), Set.of("admin"));
+        testProtected(uri, "john", "changeit", Set.of(), Set.of("admin", "user"));
     }
 
     @Test
@@ -87,9 +87,9 @@ public void testUserRole() {
         testNotAuthorized(uri);
 
         //Jack and Jill allowed (user role)
-        testProtected(uri, "jack", "password", Set.of("admin", "user"), Set.of());
-        testProtected(uri, "jill", "password", Set.of("user"), Set.of("admin"));
-        testProtectedDenied(uri, "john", "password");
+        testProtected(uri, "jack", "changeit", Set.of("admin", "user"), Set.of());
+        testProtected(uri, "jill", "changeit", Set.of("user"), Set.of("admin"));
+        testProtectedDenied(uri, "john", "changeit");
     }
 
     @Test
@@ -99,9 +99,9 @@ public void testAdminRole() {
         testNotAuthorized(uri);
 
         //Only jack is allowed - admin role...
-        testProtected(uri, "jack", "password", Set.of("admin", "user"), Set.of());
-        testProtectedDenied(uri, "jill", "password");
-        testProtectedDenied(uri, "john", "password");
+        testProtected(uri, "jack", "changeit", Set.of("admin", "user"), Set.of());
+        testProtectedDenied(uri, "jill", "changeit");
+        testProtectedDenied(uri, "john", "changeit");
     }
 
     @Test
@@ -111,9 +111,9 @@ public void testDenyRole() {
         testNotAuthorized(uri);
 
         // nobody has the correct role
-        testProtectedDenied(uri, "jack", "password");
-        testProtectedDenied(uri, "jill", "password");
-        testProtectedDenied(uri, "john", "password");
+        testProtectedDenied(uri, "jack", "changeit");
+        testProtectedDenied(uri, "jill", "changeit");
+        testProtectedDenied(uri, "john", "changeit");
     }
 
     @Test

examples/security/idcs-login/src/main/resources/application.yaml

@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2018, 2023 Oracle and/or its affiliates.
+# Copyright (c) 2018, 2024 Oracle and/or its affiliates.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -33,7 +33,7 @@ security:
     # This is a nice way to be able to override this with local properties or env-vars
     idcs-uri: "https://your-tenant-id.identity.oracle.com"
     idcs-client-id: "your-client-id"
-    idcs-client-secret: "${CLEAR=your-client-secret}"
+    idcs-client-secret: "${CLEAR=changeit}"
     proxy-host: ""
   providers:
   - abac:

examples/security/outbound-override/README.md

@@ -14,8 +14,8 @@ java -jar target/helidon-examples-security-outbound-override.jar
 Try the endpoints (port is random, shall be replaced accordingly):
 ```shell
 export PORT=35973
-curl -u "jack:password" http://localhost:${PORT}/propagate
-curl -u "jack:password" http://localhost:${PORT}/override
-curl -u "jill:anotherPassword" http://localhost:${PORT}/propagate
-curl -u "jill:anotherPassword" http://localhost:${PORT}/override
+curl -u "jack:changeit" http://localhost:${PORT}/propagate
+curl -u "jack:changeit" http://localhost:${PORT}/override
+curl -u "jill:changeit" http://localhost:${PORT}/propagate
+curl -u "jill:changeit" http://localhost:${PORT}/override
 ```

examples/security/outbound-override/src/main/java/io/helidon/security/examples/outbound/OverrideService.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2023 Oracle and/or its affiliates.
+ * Copyright (c) 2023, 2024 Oracle and/or its affiliates.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -49,7 +49,7 @@ private void override(ServerRequest req, ServerResponse res) {
 
         String result = client.get("http://localhost:" + server.port("backend") + "/hello")
                 .property(EndpointConfig.PROPERTY_OUTBOUND_ID, "jill")
-                .property(EndpointConfig.PROPERTY_OUTBOUND_SECRET, "anotherPassword")
+                .property(EndpointConfig.PROPERTY_OUTBOUND_SECRET, "changeit")
                 .requestEntity(String.class);
 
         res.send("You are: " + context.userName() + ", backend service returned: " + result + "\n");