Skip to content

Latest commit

 

History

History
91 lines (74 loc) · 4.98 KB

README.md

File metadata and controls

91 lines (74 loc) · 4.98 KB

Maven Build Github Action Status REUSE status Quality Gate Status CII Best Practices Slack

CoMPAS SCL Data Service

Service to store and retrieve the SCL XML to a database.

In the standard configuration this component is using Quarkus to run and create a native image from it. The different parts of this repository can also be used separately in your own component to manage SCL XML Files in a database. The Service Layer can be used as Java component to manage them. For more information about the architecture go to documentation.

There are currently two database implementations available.

  • For more development information about the BaseX Implementation go to BaseX. (Profile activated by default.)
  • For more development information about the PostgreSQL Implementation go to PostgreSQL.

Note: When switching between implementation it's a good practise to first execute a maven clean to remove old dependencies from the target directory in the app module.

Common Environment variables

Below environment variable(s) can be used to configure which claims and information are used to fill the UserInfo response.

Environment variable Java Property Description Example
USERINFO_NAME_CLAIMNAME compas.userinfo.name.claimname The Name of the user logged in. name
USERINFO_WHO_CLAIMNAME compas.userinfo.who.claimname The Name of the user used in the Who History. name
USERINFO_SESSION_WARNING compas.userinfo.session.warning Number of minutes a Session Warning can be displayed. 20
USERINFO_SESSION_EXPIRES compas.userinfo.session.expires Number of minutes a Session Expires to display in Frontend. 30

Security

To use most of the endpoints the users needs to be authenticated using JWT in the authorization header. There are 4 environment variables that can be set in the container to configure the validation/processing of the JWT.

Environment variable Java Property Description Example
JWT_VERIFY_KEY smallrye.jwt.verify.key.location Location of certificates to verify the JWT. http://localhost:8089/auth/realms/compas/protocol/openid-connect/certs
JWT_VERIFY_ISSUER mp.jwt.verify.issuer The issuer of the JWT. http://localhost:8089/auth/realms/compas
JWT_VERIFY_CLIENT_ID mp.jwt.verify.audiences The Client ID that should be in the "aud" claim. scl-data-service
JWT_GROUPS_PATH smallrye.jwt.path.groups The JSON Path where to find the roles of the user. resource_access/scl-data-service/roles

The application uses the following list of roles. The fine-grained roles are built up of the types of SCL Files this service supports and the rights READ/CREATE/UPDATE/DElETE. This way the mapping of the roles to groups/users can be configured as needed.

  • ICD_CREATE
  • ICD_DELETE
  • ICD_READ
  • ICD_UPDATE
  • SCD_CREATE
  • SCD_DELETE
  • SCD_READ
  • SCD_UPDATE
  • SSD_CREATE
  • SSD_DELETE
  • SSD_READ
  • SSD_UPDATE
  • ISD_CREATE
  • ISD_DELETE
  • ISD_READ
  • ISD_UPDATE
  • CID_CREATE
  • CID_DELETE
  • CID_READ
  • CID_UPDATE
  • IID_CREATE
  • IID_DELETE
  • IID_READ
  • IID_UPDATE
  • SED_CREATE
  • SED_DELETE
  • SED_READ
  • SED_UPDATE
  • STD_CREATE
  • STD_DELETE
  • STD_READ
  • STD_UPDATE