Add OAuth to API calls #10

Added oauth support to the server. Upgraded quarkus version from 0.22 ->
0.28.

Change-Id: I6d09394c51c1b5337dc2eed547ceac272a815d3a
Signed-off-by: Martin Lowe <martin.lowe@eclipse-foundation.org>

.gitignore

@@ -2,7 +2,6 @@
 .project
 .classpath
 .settings/
-bin/
 
 # IntelliJ
 .idea
@@ -36,7 +35,9 @@ release.properties
 
 # Secrets config
 secret.properties
-secret.properties
+
+# Cert files
+config/*.crt
 
 #NodeJS
 node_modules/
\ No newline at end of file

README.md

@@ -23,7 +23,9 @@ This section will outline configuration values that need to be checked and updat
 1. Update `quarkus.mongodb.credentials.username` to be a known user with write permissions to MongoDB instance.
 1. Create a copy of `./config/sample.secret.properties` named `secret.properties` in a location of your choosing on the system, with the config folder in the project root being default configured. If changed, keep this path as it is needed to start the environment later.
 1. Update `quarkus.mongodb.credentials.password` to be the password for the MongoDB user in the newly created `secret.properties` file.
-1. By default, this application binds to port 8090. If port 8090 is occupied by another service, the value of `quarkus.http.port` can be modified to designate a different port.
+1. By default, this application binds to port 8090. If port 8090 is occupied by another service, the value of `quarkus.http.port` can be modified to designate a different port. 
+1. In order to protect endpoints for write operations, an introspection endpoint has been configured to validate OAuth tokens. This introspection endpoint should match the requirements set out by the OAuth group for such endpoints. The URL should be set in `quarkus.oauth2.introspection-url`.
+1. As part of the set up of this client, an OAuth client ID and secret need to be defined in the `secret.properties` file. These values should be set in `quarkus.oauth2.client-id` and `quarkus.oauth2.client-secret`. These are required for introspection to avoid token fishing attempts.
 
 If you are compiling from source, in order to properly pass tests in packaging, some additional set up sill need to be done. There are two options for setting up test variables for the project.
 
@@ -38,7 +40,7 @@ If you are compiling from source, in order to properly pass tests in packaging,
         - Build native & docker image  
     - Create a copy of `config/test.secret.properties` somewhere on the file system, with the config folder in the project root being default configured. If changed, keep this path as it is needed for compilations of the product.
 
-For users looking to build native images and docker files, an install of GraalVM is required to compile the image. Please retrieve the version **19.1.1** from the [GraalVM release page](https://github.com/oracle/graal/releases) for your given environment. Once installed, please ensure your `GRAAL_HOME`, `GRAALVM_HOME` are set to the installed directory, and the GraalVM `/bin` folder has been added to your `PATH`. Run `sudo gu install native-image` to retrieve imaging functionality from GitHub for GraalVM on Linux and MacOS based environments. 
+For users looking to build native images and docker files, an install of GraalVM is required to compile the image. Please retrieve the version **19.2.0** from the [GraalVM release page](https://github.com/oracle/graal/releases) for your given environment. Once installed, please ensure your `GRAAL_HOME`, `GRAALVM_HOME` are set to the installed directory, and the GraalVM `/bin` folder has been added to your `PATH`. Run `sudo gu install native-image` to retrieve imaging functionality from GitHub for GraalVM on Linux and MacOS based environments. 
 
 
 ## Build
@@ -57,16 +59,20 @@ For users looking to build native images and docker files, an install of GraalVM
     
 * Build native & docker image
 
-    $ mvn package -Pnative -Dnative-image.docker-build=true -Dconfig.secret.path=<full path to test secret file>
-    docker build -f src/main/docker/Dockerfile.native -t eclipse/mpc . --build-arg SECRET_LOCATION=/var/secret --build-arg LOCAL_SECRETS=config/secret.properties
-    docker run -i --rm -p 8080:8090 eclipse/mpc
-    
+```
+    $ mvn package -Pnative -Dnative-image.docker-build=true -Dconfig.secret.path=<full path to test secret file>  
+    docker build -f src/main/docker/Dockerfile.native -t eclipse/mpc . --build-arg SECRET_LOCATION=/var/secret --build-arg LOCAL_SECRETS=config/secret.properties  
+    docker run -i --rm -p 8080:8090 eclipse/mpc  
+```
+
 See https://quarkus.io for more information.  
 
 The property ` -Dconfig.secret.path` is added to each line as the location needs to be fed in at runtime where to find the secret properties data. By default, Quarkus includes surefire as part of its native imagine build plug-in, which needs the given path in order for the given packages to pass.
 
 The Docker build-arg `LOCAL_SECRETS` can be configured on the `docker build` command if the secrets file exists outside of the standard location of `config/secret.properties`. It has been set to the default value in the sample command for example purposes on usage.
 
+The Docker build-arg `GRAALVM_HOME` must be configured on the `docker build` command to properly import SSL certificate information into the native image. Without this, all calls to authenticate users will fail.
+
 ## Sample data
 
 For ease of use, a script has been created to load sample data into a MongoDB instance using Node JS and a running instance of the API. This script will load a large amount of listings into the running MongoDB using the API for use in testing different queries without having to retrieve real world data.

config/sample.secret.properties

 quarkus.mongodb.credentials.password=sample
+quarkus.oauth2.client-id=sample
 quarkus.oauth2.client-secret=sample
 
 eclipse.secret.token=123456789abcdefghijklmnopqrstuvwxyz
\ No newline at end of file

mvnw

-#!/bin/sh
-# ----------------------------------------------------------------------------
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements.  See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership.  The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License.  You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied.  See the License for the
-# specific language governing permissions and limitations
-# under the License.
-# ----------------------------------------------------------------------------
-
-# ----------------------------------------------------------------------------
-# Maven2 Start Up Batch script
-#
-# Required ENV vars:
-# ------------------
-#   JAVA_HOME - location of a JDK home dir
-#
-# Optional ENV vars
-# -----------------
-#   M2_HOME - location of maven2's installed home dir
-#   MAVEN_OPTS - parameters passed to the Java VM when running Maven
-#     e.g. to debug Maven itself, use
-#       set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
-#   MAVEN_SKIP_RC - flag to disable loading of mavenrc files
-# ----------------------------------------------------------------------------
-
-if [ -z "$MAVEN_SKIP_RC" ] ; then
-
-  if [ -f /etc/mavenrc ] ; then
-    . /etc/mavenrc
-  fi
-
-  if [ -f "$HOME/.mavenrc" ] ; then
-    . "$HOME/.mavenrc"
-  fi
-
-fi
-
-# OS specific support.  $var _must_ be set to either true or false.
-cygwin=false;
-darwin=false;
-mingw=false
-case "`uname`" in
-  CYGWIN*) cygwin=true ;;
-  MINGW*) mingw=true;;
-  Darwin*) darwin=true
-    # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home
-    # See https://developer.apple.com/library/mac/qa/qa1170/_index.html
-    if [ -z "$JAVA_HOME" ]; then
-      if [ -x "/usr/libexec/java_home" ]; then
-        export JAVA_HOME="`/usr/libexec/java_home`"
-      else
-        export JAVA_HOME="/Library/Java/Home"
-      fi
-    fi
-    ;;
-esac
-
-if [ -z "$JAVA_HOME" ] ; then
-  if [ -r /etc/gentoo-release ] ; then
-    JAVA_HOME=`java-config --jre-home`
-  fi
-fi
-
-if [ -z "$M2_HOME" ] ; then
-  ## resolve links - $0 may be a link to maven's home
-  PRG="$0"
-
-  # need this for relative symlinks
-  while [ -h "$PRG" ] ; do
-    ls=`ls -ld "$PRG"`
-    link=`expr "$ls" : '.*-> \(.*\)$'`
-    if expr "$link" : '/.*' > /dev/null; then
-      PRG="$link"
-    else
-      PRG="`dirname "$PRG"`/$link"
-    fi
-  done
-
-  saveddir=`pwd`
-
-  M2_HOME=`dirname "$PRG"`/..
-
-  # make it fully qualified
-  M2_HOME=`cd "$M2_HOME" && pwd`
-
-  cd "$saveddir"
-  # echo Using m2 at $M2_HOME
-fi
-
-# For Cygwin, ensure paths are in UNIX format before anything is touched
-if $cygwin ; then
-  [ -n "$M2_HOME" ] &&
-    M2_HOME=`cygpath --unix "$M2_HOME"`
-  [ -n "$JAVA_HOME" ] &&
-    JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
-  [ -n "$CLASSPATH" ] &&
-    CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
-fi
-
-# For Mingw, ensure paths are in UNIX format before anything is touched
-if $mingw ; then
-  [ -n "$M2_HOME" ] &&
-    M2_HOME="`(cd "$M2_HOME"; pwd)`"
-  [ -n "$JAVA_HOME" ] &&
-    JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
-fi
-
-if [ -z "$JAVA_HOME" ]; then
-  javaExecutable="`which javac`"
-  if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
-    # readlink(1) is not available as standard on Solaris 10.
-    readLink=`which readlink`
-    if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
-      if $darwin ; then
-        javaHome="`dirname \"$javaExecutable\"`"
-        javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
-      else
-        javaExecutable="`readlink -f \"$javaExecutable\"`"
-      fi
-      javaHome="`dirname \"$javaExecutable\"`"
-      javaHome=`expr "$javaHome" : '\(.*\)/bin'`
-      JAVA_HOME="$javaHome"
-      export JAVA_HOME
-    fi
-  fi
-fi
-
-if [ -z "$JAVACMD" ] ; then
-  if [ -n "$JAVA_HOME"  ] ; then
-    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
-      # IBM's JDK on AIX uses strange locations for the executables
-      JAVACMD="$JAVA_HOME/jre/sh/java"
-    else
-      JAVACMD="$JAVA_HOME/bin/java"
-    fi
-  else
-    JAVACMD="`which java`"
-  fi
-fi
-
-if [ ! -x "$JAVACMD" ] ; then
-  echo "Error: JAVA_HOME is not defined correctly." >&2
-  echo "  We cannot execute $JAVACMD" >&2
-  exit 1
-fi
-
-if [ -z "$JAVA_HOME" ] ; then
-  echo "Warning: JAVA_HOME environment variable is not set."
-fi
-
-CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher
-
-# traverses directory structure from process work directory to filesystem root
-# first directory with .mvn subdirectory is considered project base directory
-find_maven_basedir() {
-
-  if [ -z "$1" ]
-  then
-    echo "Path not specified to find_maven_basedir"
-    return 1
-  fi
-
-  basedir="$1"
-  wdir="$1"
-  while [ "$wdir" != '/' ] ; do
-    if [ -d "$wdir"/.mvn ] ; then
-      basedir=$wdir
-      break
-    fi
-    # workaround for JBEAP-8937 (on Solaris 10/Sparc)
-    if [ -d "${wdir}" ]; then
-      wdir=`cd "$wdir/.."; pwd`
-    fi
-    # end of workaround
-  done
-  echo "${basedir}"
-}
-
-# concatenates all lines of a file
-concat_lines() {
-  if [ -f "$1" ]; then
-    echo "$(tr -s '\n' ' ' < "$1")"
-  fi
-}
-
-BASE_DIR=`find_maven_basedir "$(pwd)"`
-if [ -z "$BASE_DIR" ]; then
-  exit 1;
-fi
-
-##########################################################################################
-# Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
-# This allows using the maven wrapper in projects that prohibit checking in binary data.
-##########################################################################################
-if [ -r "$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" ]; then
-    if [ "$MVNW_VERBOSE" = true ]; then
-      echo "Found .mvn/wrapper/maven-wrapper.jar"
-    fi
-else
-    if [ "$MVNW_VERBOSE" = true ]; then
-      echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..."
-    fi
-    if [ -n "$MVNW_REPOURL" ]; then
-      jarUrl="$MVNW_REPOURL/io/takari/maven-wrapper/0.5.5/maven-wrapper-0.5.5.jar"
-    else
-      jarUrl="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.5/maven-wrapper-0.5.5.jar"
-    fi
-    while IFS="=" read key value; do
-      case "$key" in (wrapperUrl) jarUrl="$value"; break ;;
-      esac
-    done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties"
-    if [ "$MVNW_VERBOSE" = true ]; then
-      echo "Downloading from: $jarUrl"
-    fi
-    wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar"
-    if $cygwin; then
-      wrapperJarPath=`cygpath --path --windows "$wrapperJarPath"`
-    fi
-
-    if command -v wget > /dev/null; then
-        if [ "$MVNW_VERBOSE" = true ]; then
-          echo "Found wget ... using wget"
-        fi
-        if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
-            wget "$jarUrl" -O "$wrapperJarPath"
-        else
-            wget --http-user=$MVNW_USERNAME --http-password=$MVNW_PASSWORD "$jarUrl" -O "$wrapperJarPath"
-        fi
-    elif command -v curl > /dev/null; then
-        if [ "$MVNW_VERBOSE" = true ]; then
-          echo "Found curl ... using curl"
-        fi
-        if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
-            curl -o "$wrapperJarPath" "$jarUrl" -f
-        else
-            curl --user $MVNW_USERNAME:$MVNW_PASSWORD -o "$wrapperJarPath" "$jarUrl" -f
-        fi
-        
-    else
-        if [ "$MVNW_VERBOSE" = true ]; then
-          echo "Falling back to using Java to download"
-        fi
-        javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java"
-        # For Cygwin, switch paths to Windows format before running javac
-        if $cygwin; then
-          javaClass=`cygpath --path --windows "$javaClass"`
-        fi
-        if [ -e "$javaClass" ]; then
-            if [ ! -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
-                if [ "$MVNW_VERBOSE" = true ]; then
-                  echo " - Compiling MavenWrapperDownloader.java ..."
-                fi
-                # Compiling the Java class
-                ("$JAVA_HOME/bin/javac" "$javaClass")
-            fi
-            if [ -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
-                # Running the downloader
-                if [ "$MVNW_VERBOSE" = true ]; then
-                  echo " - Running MavenWrapperDownloader.java ..."
-                fi
-                ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$MAVEN_PROJECTBASEDIR")
-            fi
-        fi
-    fi
-fi
-##########################################################################################
-# End of extension
-##########################################################################################
-
-export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}
-if [ "$MVNW_VERBOSE" = true ]; then
-  echo $MAVEN_PROJECTBASEDIR
-fi
-MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
-
-# For Cygwin, switch paths to Windows format before running java
-if $cygwin; then
-  [ -n "$M2_HOME" ] &&
-    M2_HOME=`cygpath --path --windows "$M2_HOME"`
-  [ -n "$JAVA_HOME" ] &&
-    JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
-  [ -n "$CLASSPATH" ] &&
-    CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
-  [ -n "$MAVEN_PROJECTBASEDIR" ] &&
-    MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"`
-fi
-
-# Provide a "standardized" way to retrieve the CLI args that will
-# work with both Windows and non-Windows executions.
-MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@"
-export MAVEN_CMD_LINE_ARGS
-
-WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
-
-exec "$JAVACMD" \
-  $MAVEN_OPTS \
-  -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
-  "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
-  ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"

mvnw.cmd

-@REM ----------------------------------------------------------------------------
-@REM Licensed to the Apache Software Foundation (ASF) under one
-@REM or more contributor license agreements.  See the NOTICE file
-@REM distributed with this work for additional information
-@REM regarding copyright ownership.  The ASF licenses this file
-@REM to you under the Apache License, Version 2.0 (the
-@REM "License"); you may not use this file except in compliance
-@REM with the License.  You may obtain a copy of the License at
-@REM
-@REM    http://www.apache.org/licenses/LICENSE-2.0
-@REM
-@REM Unless required by applicable law or agreed to in writing,
-@REM software distributed under the License is distributed on an
-@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-@REM KIND, either express or implied.  See the License for the
-@REM specific language governing permissions and limitations
-@REM under the License.
-@REM ----------------------------------------------------------------------------
-
-@REM ----------------------------------------------------------------------------
-@REM Maven2 Start Up Batch script
-@REM
-@REM Required ENV vars:
-@REM JAVA_HOME - location of a JDK home dir
-@REM
-@REM Optional ENV vars
-@REM M2_HOME - location of maven2's installed home dir
-@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
-@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a key stroke before ending
-@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
-@REM     e.g. to debug Maven itself, use
-@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
-@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
-@REM ----------------------------------------------------------------------------
-
-@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
-@echo off
-@REM set title of command window
-title %0
-@REM enable echoing by setting MAVEN_BATCH_ECHO to 'on'
-@if "%MAVEN_BATCH_ECHO%" == "on"  echo %MAVEN_BATCH_ECHO%
-
-@REM set %HOME% to equivalent of $HOME
-if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
-
-@REM Execute a user defined script before this one
-if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
-@REM check for pre script, once with legacy .bat ending and once with .cmd ending
-if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat"
-if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd"
-:skipRcPre
-
-@setlocal
-
-set ERROR_CODE=0
-
-@REM To isolate internal variables from possible post scripts, we use another setlocal
-@setlocal
-
-@REM ==== START VALIDATION ====
-if not "%JAVA_HOME%" == "" goto OkJHome
-
-echo.
-echo Error: JAVA_HOME not found in your environment. >&2
-echo Please set the JAVA_HOME variable in your environment to match the >&2
-echo location of your Java installation. >&2
-echo.
-goto error
-
-:OkJHome
-if exist "%JAVA_HOME%\bin\java.exe" goto init
-
-echo.
-echo Error: JAVA_HOME is set to an invalid directory. >&2
-echo JAVA_HOME = "%JAVA_HOME%" >&2
-echo Please set the JAVA_HOME variable in your environment to match the >&2
-echo location of your Java installation. >&2
-echo.
-goto error
-
-@REM ==== END VALIDATION ====
-
-:init
-
-@REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
-@REM Fallback to current working directory if not found.
-
-set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
-IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
-
-set EXEC_DIR=%CD%
-set WDIR=%EXEC_DIR%
-:findBaseDir
-IF EXIST "%WDIR%"\.mvn goto baseDirFound
-cd ..
-IF "%WDIR%"=="%CD%" goto baseDirNotFound
-set WDIR=%CD%
-goto findBaseDir
-
-:baseDirFound
-set MAVEN_PROJECTBASEDIR=%WDIR%
-cd "%EXEC_DIR%"
-goto endDetectBaseDir
-
-:baseDirNotFound
-set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
-cd "%EXEC_DIR%"
-
-:endDetectBaseDir
-
-IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
-
-@setlocal EnableExtensions EnableDelayedExpansion
-for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
-@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
-
-:endReadAdditionalConfig
-
-SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
-set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
-set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
-
-set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.5/maven-wrapper-0.5.5.jar"
-
-FOR /F "tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
-    IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B
-)
-
-@REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
-@REM This allows using the maven wrapper in projects that prohibit checking in binary data.
-if exist %WRAPPER_JAR% (
-    if "%MVNW_VERBOSE%" == "true" (
-        echo Found %WRAPPER_JAR%
-    )
-) else (
-    if not "%MVNW_REPOURL%" == "" (
-        SET DOWNLOAD_URL="%MVNW_REPOURL%/io/takari/maven-wrapper/0.5.5/maven-wrapper-0.5.5.jar"
-    )
-    if "%MVNW_VERBOSE%" == "true" (
-        echo Couldn't find %WRAPPER_JAR%, downloading it ...
-        echo Downloading from: %DOWNLOAD_URL%
-    )
-
-    powershell -Command "&{"^
-		"$webclient = new-object System.Net.WebClient;"^
-		"if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^
-		"$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^
-		"}"^
-		"[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')"^
-		"}"
-    if "%MVNW_VERBOSE%" == "true" (
-        echo Finished downloading %WRAPPER_JAR%
-    )
-)
-@REM End of extension
-
-@REM Provide a "standardized" way to retrieve the CLI args that will
-@REM work with both Windows and non-Windows executions.
-set MAVEN_CMD_LINE_ARGS=%*
-
-%MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
-if ERRORLEVEL 1 goto error
-goto end
-
-:error
-set ERROR_CODE=1
-
-:end
-@endlocal & set ERROR_CODE=%ERROR_CODE%
-
-if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost
-@REM check for post script, once with legacy .bat ending and once with .cmd ending
-if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat"
-if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd"
-:skipRcPost
-
-@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
-if "%MAVEN_BATCH_PAUSE%" == "on" pause
-
-if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE%
-
-exit /B %ERROR_CODE%

pom.xml

@@ -10,7 +10,7 @@
 	<properties>
 		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
 		<surefire-plugin.version>2.22.0</surefire-plugin.version>
-		<quarkus.version>0.22.0</quarkus.version>
+		<quarkus.version>0.28.0</quarkus.version>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<maven.compiler.source>1.8</maven.compiler.source>
 		<maven.compiler.target>1.8</maven.compiler.target>
@@ -51,6 +51,10 @@
 			<groupId>io.quarkus</groupId>
 			<artifactId>quarkus-mongodb-client</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>io.quarkus</groupId>
+			<artifactId>quarkus-undertow</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>io.quarkus</groupId>
 			<artifactId>quarkus-resteasy-jsonb</artifactId>
@@ -63,6 +67,10 @@
 			<groupId>io.quarkus</groupId>
 			<artifactId>quarkus-arc</artifactId>
 		</dependency>
+		<dependency>
+			<groupId>io.quarkus</groupId>
+			<artifactId>quarkus-elytron-security-oauth2</artifactId>
+		</dependency>
 		<dependency>
 			<groupId>org.jboss.logmanager</groupId>
 			<artifactId>jboss-logmanager</artifactId>
@@ -140,47 +148,14 @@
 	<profiles>
 		<profile>
 			<id>native</id>
+			<properties>
+				<quarkus.package.type>native</quarkus.package.type>
+			</properties>
 			<activation>
 				<property>
 					<name>native</name>
 				</property>
 			</activation>
-			<build>
-				<plugins>
-					<plugin>
-						<groupId>io.quarkus</groupId>
-						<artifactId>quarkus-maven-plugin</artifactId>
-						<version>${quarkus.version}</version>
-						<executions>
-							<execution>
-								<goals>
-									<goal>native-image</goal>
-								</goals>
-								<configuration>
-									<enableHttpUrlHandler>true</enableHttpUrlHandler>
-								</configuration>
-							</execution>
-						</executions>
-					</plugin>
-					<plugin>
-						<artifactId>maven-failsafe-plugin</artifactId>
-						<version>${surefire-plugin.version}</version>
-						<executions>
-							<execution>
-								<goals>
-									<goal>integration-test</goal>
-									<goal>verify</goal>
-								</goals>
-								<configuration>
-									<systemProperties>
-										<native.image.path>${project.build.directory}/${project.build.finalName}-runner</native.image.path>
-									</systemProperties>
-								</configuration>
-							</execution>
-						</executions>
-					</plugin>
-				</plugins>
-			</build>
 		</profile>
 		<profile>
 			<id>sonar-dev</id>

src/main/docker/Dockerfile.jvm

@@ -15,7 +15,27 @@
 #
 ###
 FROM fabric8/java-alpine-openjdk8-jre
-ENV JAVA_OPTIONS="-Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager"
+  
+## Where to source the cert file
+ARG LOCAL_CRT=config/local.crt
+ENV LOCAL_CRT ${LOCAL_CRT}
+
+## copy to a temp ssl dir for container usage
+WORKDIR /tmp
+RUN mkdir ssl
+COPY $LOCAL_CRT ssl/local.crt
+
+## Where to copy the secret file, default to tmp
+ARG SECRET_LOCATION=/tmp
+ENV SECRET_LOCATION ${SECRET_LOCATION}
+## Where to source the secret.properties file
+ARG LOCAL_SECRETS=config/secret.properties
+ENV LOCAL_SECRETS ${LOCAL_SECRETS}
+## Copy the secret.properties to the given location
+WORKDIR $SECRET_LOCATION
+COPY $LOCAL_SECRETS secret.properties
+
+ENV JAVA_OPTIONS="-Dquarkus.http.host=0.0.0.0 -Djava.util.logging.manager=org.jboss.logmanager.LogManager -Dconfig.secret.path=${SECRET_LOCATION}/secret.properties"
 ENV AB_ENABLED=jmx_exporter
 COPY target/lib/* /deployments/lib/
 COPY target/*-runner.jar /deployments/app.jar

src/main/docker/Dockerfile.native

@@ -7,25 +7,43 @@
 #
 # Then, build the image with:
 #
-# docker build -f src/main/docker/Dockerfile.native -t quarkus/sample .
+# docker build -f src/main/docker/Dockerfile.native -t eclipsefdn/mpc-api .
 #
 # Then run the container using:
 #
-# docker run -i --rm -p 8080:8080 quarkus/sample
+# docker run -i --rm -p 8090:8090 eclipsefdn/mpc-api
 #
 ###
+# Get a fresh copy of cacerts for truststore
+FROM quay.io/quarkus/ubi-quarkus-native-image:19.2.1 as nativebuilder
+RUN mkdir -p /tmp/ssl-libs/lib \
+  && cp /opt/graalvm/jre/lib/security/cacerts /tmp/ssl-libs \
+  && cp /opt/graalvm/jre/lib/amd64/libsunec.so /tmp/ssl-libs/lib/
+
 FROM registry.fedoraproject.org/fedora-minimal
+
+## Where to source the cert file
+ARG LOCAL_CRT=config/local.crt
+ENV LOCAL_CRT ${LOCAL_CRT}
+
+## copy to a temp ssl dir for container usage
+WORKDIR /tmp
+RUN mkdir ssl
+COPY $LOCAL_CRT ssl/local.crt
+
+## Where to copy the secret file, default to tmp
 ARG SECRET_LOCATION=/tmp
 ENV SECRET_LOCATION ${SECRET_LOCATION}
-
+## Where to source the secret.properties file
 ARG LOCAL_SECRETS=config/secret.properties
 ENV LOCAL_SECRETS ${LOCAL_SECRETS}
-
+## Copy the secret.properties to the given location
 WORKDIR $SECRET_LOCATION
 COPY $LOCAL_SECRETS secret.properties
 
 WORKDIR /work/
 COPY target/*-runner /work/application
+COPY --from=nativebuilder /tmp/ssl-libs/ /work/
 RUN chmod 775 /work
 EXPOSE 8080
-CMD ./application -Dquarkus.http.host=0.0.0.0 -Dconfig.secret.path=${SECRET_LOCATION}/secret.properties
+CMD ./application -Dquarkus.http.host=0.0.0.0 -Dconfig.secret.path=${SECRET_LOCATION}/secret.properties -Djavax.net.ssl.trustStore=/work/cacerts
\ No newline at end of file

src/main/java/org/eclipsefoundation/marketplace/helper/SortableHelper.java

@@ -15,11 +15,10 @@ import java.util.Objects;
 import java.util.Optional;
 import java.util.function.Function;
 
-import javax.json.bind.config.PropertyNamingStrategy;
-
-import org.eclipse.yasson.internal.model.customization.naming.LowerCaseWithUnderscoresStrategy;
 import org.eclipsefoundation.marketplace.model.SortableField;
 
+import com.fasterxml.jackson.databind.PropertyNamingStrategy.SnakeCaseStrategy;
+
 /**
  * Reflection based helper that reads in a type and reads annotations present on
  * class, drilling down into child types to generate paths to nested types for
@@ -31,7 +30,7 @@ public class SortableHelper {
 	private static final int MAX_DEPTH = 2;
 
 	// 
-	private static final PropertyNamingStrategy NAMING_STRATEGY = new LowerCaseWithUnderscoresStrategy();
+	private static final SnakeCaseStrategy NAMING_STRATEGY = new SnakeCaseStrategy();
 	// set up the internal conversion functions
 	private static final Map<Class<?>, Function<String, ?>> CONVERSION_FUNCTIONS = new HashMap<>();
 	static {
@@ -81,7 +80,7 @@ public class SortableHelper {
 		for (Field f : tgt.getDeclaredFields()) {
 			// create new container for field
 			Sortable<?> c = new Sortable<>(f.getType());
-			c.name = NAMING_STRATEGY.translateName(f.getName());
+			c.name = NAMING_STRATEGY.translate(f.getName());
 			c.path = c.name;
 
 			// if annotation exists, get values from it

src/main/java/org/eclipsefoundation/marketplace/resource/CacheResource.java

@@ -10,6 +10,7 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.Set;
 
+import javax.annotation.security.RolesAllowed;
 import javax.enterprise.inject.Instance;
 import javax.inject.Inject;
 import javax.ws.rs.DELETE;
@@ -33,6 +34,7 @@ import org.jboss.resteasy.annotations.jaxrs.PathParam;
  * @author Martin Lowe
  */
 @Path("/cache")
+@RolesAllowed("admin")
 @Produces(MediaType.APPLICATION_JSON)
 public class CacheResource {
 
@@ -43,10 +45,7 @@ public class CacheResource {
 	Instance<CachingService<?>> cacheServices;
 
 	@GET
-	public Response getActiveCacheEntries(@HeaderParam(RequestHeaderNames.ACCESS_TOKEN) String token) {
-		if (!this.token.equals(token)) {
-			return Response.status(Status.UNAUTHORIZED).build();
-		}
+	public Response getActiveCacheEntries() {
 		List<Set<String>> cacheEntries = new ArrayList<>();
 		for (CachingService<?> cs : cacheServices) {
 			cacheEntries.add(cs.getCacheKeys());
@@ -54,8 +53,8 @@ public class CacheResource {
 		return Response.ok(cacheEntries).build();
 	}
 
-	@Path("/{key}")
 	@DELETE
+	@Path("/{key}")
 	public Response removeCacheEntry(@PathParam("key") String key,
 			@HeaderParam(RequestHeaderNames.ACCESS_TOKEN) String token) {
 		if (!this.token.equals(token)) {
@@ -65,8 +64,8 @@ public class CacheResource {
 		return Response.ok().build();
 	}
 
-	@Path("/all")
 	@DELETE
+	@Path("/all")
 	public Response clearCaches(@HeaderParam(RequestHeaderNames.ACCESS_TOKEN) String token) {
 		if (!this.token.equals(token)) {
 			return Response.status(Status.UNAUTHORIZED).build();

src/main/java/org/eclipsefoundation/marketplace/resource/CatalogResource.java

@@ -10,6 +10,8 @@ import java.util.Arrays;
 import java.util.List;
 import java.util.Optional;
 
+import javax.annotation.security.PermitAll;
+import javax.annotation.security.RolesAllowed;
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
 import javax.ws.rs.Consumes;
@@ -58,6 +60,7 @@ public class CatalogResource {
 	DtoFilter<Catalog> dtoFilter;
 
 	@GET
+	@PermitAll
 	public Response select() {
 		MongoQuery<Catalog> q = new MongoQuery<>(params, dtoFilter, cachingService);
 		// retrieve the possible cached object
@@ -79,6 +82,7 @@ public class CatalogResource {
 	 * @return response for the browser
 	 */
 	@PUT
+	@RolesAllowed({ "marketplace_catalog_put", "marketplace_admin_access" })
 	public Response putCatalog(Catalog catalog) {
 		MongoQuery<Catalog> q = new MongoQuery<>(params, dtoFilter, cachingService);
 		// add the object, and await the result
@@ -89,8 +93,8 @@ public class CatalogResource {
 	}
 
 	/**
-	 * Endpoint for /catalogs/\<catalogId\> to retrieve a specific Catalog from
-	 * the database.
+	 * Endpoint for /catalogs/\<catalogId\> to retrieve a specific Catalog from the
+	 * database.
 	 * 
 	 * @param catalogId the Catalog ID
 	 * @return response for the browser
@@ -114,13 +118,14 @@ public class CatalogResource {
 	}
 
 	/**
-	 * Endpoint for /catalogs/\<catalogId\> to retrieve a specific Catalog from
-	 * the database.
+	 * Endpoint for /catalogs/\<catalogId\> to retrieve a specific Catalog from the
+	 * database.
 	 * 
 	 * @param catalogId the catalog ID
 	 * @return response for the browser
 	 */
 	@DELETE
+	@RolesAllowed({ "marketplace_catalog_delete", "marketplace_admin_access" })
 	@Path("/{catalogId}")
 	public Response delete(@PathParam("catalogId") String catalogId) {
 		params.addParam(UrlParameterNames.ID, catalogId);

src/main/java/org/eclipsefoundation/marketplace/resource/CategoryResource.java

@@ -10,6 +10,8 @@ import java.util.Arrays;
 import java.util.List;
 import java.util.Optional;
 
+import javax.annotation.security.PermitAll;
+import javax.annotation.security.RolesAllowed;
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
 import javax.ws.rs.Consumes;
@@ -58,6 +60,7 @@ public class CategoryResource {
 	DtoFilter<Category> dtoFilter;
 
 	@GET
+	@PermitAll
 	public Response select() {
 		MongoQuery<Category> q = new MongoQuery<>(params, dtoFilter, cachingService);
 		// retrieve the possible cached object
@@ -79,6 +82,7 @@ public class CategoryResource {
 	 * @return response for the browser
 	 */
 	@PUT
+	@RolesAllowed({"marketplace_category_put", "marketplace_admin_access"})
 	public Response putCategory(Category category) {
 		MongoQuery<Category> q = new MongoQuery<>(params, dtoFilter, cachingService);
 		// add the object, and await the result
@@ -121,6 +125,7 @@ public class CategoryResource {
 	 * @return response for the browser
 	 */
 	@DELETE
+	@RolesAllowed({ "marketplace_category_delete", "marketplace_admin_access" })
 	@Path("/{categoryId}")
 	public Response delete(@PathParam("categoryId") String categoryId) {
 		params.addParam(UrlParameterNames.ID, categoryId);

src/main/java/org/eclipsefoundation/marketplace/resource/ErrorReportResource.java

@@ -10,6 +10,8 @@ import java.util.Arrays;
 import java.util.List;
 import java.util.Optional;
 
+import javax.annotation.security.PermitAll;
+import javax.annotation.security.RolesAllowed;
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
 import javax.ws.rs.Consumes;
@@ -61,6 +63,7 @@ public class ErrorReportResource {
 	 * @return response for the browser
 	 */
 	@GET
+	@PermitAll
 	public Response select() {
 		MongoQuery<ErrorReport> q = new MongoQuery<>(params, dtoFilter, cachingService);
 		// retrieve the possible cached object
@@ -82,6 +85,7 @@ public class ErrorReportResource {
 	 * @return response for the browser
 	 */
 	@PUT
+	@RolesAllowed("error_put")
 	public Response putErrorReport(ErrorReport errorReport) {
 		MongoQuery<ErrorReport> q = new MongoQuery<>(params, dtoFilter, cachingService);
 
@@ -100,6 +104,7 @@ public class ErrorReportResource {
 	 * @return response for the browser
 	 */
 	@GET
+	@PermitAll
 	@Path("/{errorReportId}")
 	public Response select(@PathParam("errorReportId") String errorReportId) {
 		params.addParam(UrlParameterNames.ID, errorReportId);

src/main/java/org/eclipsefoundation/marketplace/resource/InstallResource.java

@@ -11,6 +11,8 @@ import java.util.Arrays;
 import java.util.List;
 import java.util.Optional;
 
+import javax.annotation.security.PermitAll;
+import javax.annotation.security.RolesAllowed;
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
 import javax.ws.rs.Consumes;
@@ -68,6 +70,7 @@ public class InstallResource {
 	 * @return response for the browser
 	 */
 	@GET
+	@PermitAll
 	@Path("/{listingId}")
 	public Response selectInstallMetrics(@PathParam("listingId") String listingId) {
 		wrapper.addParam(UrlParameterNames.ID, listingId);
@@ -93,6 +96,7 @@ public class InstallResource {
 	 * @return response for the browser
 	 */
 	@GET
+	@PermitAll
 	@Path("/{listingId}/{version}")
 	public Response selectInstallMetrics(@PathParam("listingId") String listingId,
 			@PathParam("version") String version) {
@@ -119,19 +123,19 @@ public class InstallResource {
 	 * @return response for the browser
 	 */
 	@POST
+	@RolesAllowed({ "marketplace_install_put", "marketplace_admin_access" })
 	@Path("/{listingId}/{version}")
 	public Response postInstallMetrics(@PathParam("listingId") String listingId, @PathParam("version") String version,
 			Install installDetails) {
 		Install record = null;
-		
+
 		// check that connection was opened by MPC, and check for install information
 		// from user agent
 		if (wrapper.getUserAgent().isValid()) {
 			record = wrapper.getUserAgent().generateInstallRecord();
 		} else if (wrapper.getUserAgent().isFromMPC()) {
 			if (installDetails == null) {
-				return new Error(Status.BAD_REQUEST, "Install data could not be read from request body")
-						.asResponse();
+				return new Error(Status.BAD_REQUEST, "Install data could not be read from request body").asResponse();
 			}
 			record = installDetails;
 		} else {

src/main/java/org/eclipsefoundation/marketplace/resource/ListingResource.java

@@ -13,6 +13,8 @@ import java.util.Arrays;
 import java.util.List;
 import java.util.Optional;
 
+import javax.annotation.security.PermitAll;
+import javax.annotation.security.RolesAllowed;
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
 import javax.ws.rs.Consumes;
@@ -69,6 +71,7 @@ public class ListingResource {
 	 * @return response for the browser
 	 */
 	@GET
+	@PermitAll
 	public Response select() {
 		MongoQuery<Listing> q = new MongoQuery<>(params, dtoFilter, cachingService);
 		// retrieve the possible cached object
@@ -90,6 +93,7 @@ public class ListingResource {
 	 * @return response for the browser
 	 */
 	@PUT
+	@RolesAllowed({ "marketplace_listing_put", "marketplace_admin_access" })
 	public Response putListing(Listing listing) {
 		MongoQuery<Listing> q = new MongoQuery<>(params, dtoFilter, cachingService);
 
@@ -108,6 +112,7 @@ public class ListingResource {
 	 * @return response for the browser
 	 */
 	@GET
+	@PermitAll
 	@Path("/{listingId}")
 	public Response select(@PathParam("listingId") String listingId) {
 		params.addParam(UrlParameterNames.ID, listingId);
@@ -124,7 +129,7 @@ public class ListingResource {
 		// return the results as a response
 		return Response.ok(cachedResults.get()).build();
 	}
-	
+
 	/**
 	 * Endpoint for /listing/\<listingId\> to delete a specific listing from the
 	 * database.
@@ -133,6 +138,7 @@ public class ListingResource {
 	 * @return response for the browser
 	 */
 	@DELETE
+	@RolesAllowed({ "marketplace_listing_delete", "marketplace_admin_access" })
 	@Path("/{listingId}")
 	public Response delete(@PathParam("listingId") String listingId) {
 		params.addParam(UrlParameterNames.ID, listingId);

src/main/java/org/eclipsefoundation/marketplace/resource/MarketResource.java

@@ -10,6 +10,8 @@ import java.util.Arrays;
 import java.util.List;
 import java.util.Optional;
 
+import javax.annotation.security.PermitAll;
+import javax.annotation.security.RolesAllowed;
 import javax.enterprise.context.RequestScoped;
 import javax.inject.Inject;
 import javax.ws.rs.Consumes;
@@ -57,7 +59,9 @@ public class MarketResource {
 	@Inject
 	DtoFilter<Market> dtoFilter;
 
+	
 	@GET
+	@PermitAll
 	public Response select() {
 		MongoQuery<Market> q = new MongoQuery<>(params, dtoFilter, cachingService);
 		// retrieve the possible cached object
@@ -79,6 +83,7 @@ public class MarketResource {
 	 * @return response for the browser
 	 */
 	@PUT
+	@RolesAllowed("market_put")
 	public Response putMarket(Market market) {
 		MongoQuery<Market> q = new MongoQuery<>(params, dtoFilter, cachingService);
 
@@ -97,6 +102,7 @@ public class MarketResource {
 	 * @return response for the browser
 	 */
 	@GET
+	@PermitAll
 	@Path("/{marketId}")
 	public Response select(@PathParam("marketId") String marketId) {
 		params.addParam(UrlParameterNames.ID, marketId);

src/main/resources/application.properties

+## OAUTH CONFIG
+quarkus.oauth2.enabled=true
+quarkus.oauth2.introspection-url=https://accounts.eclipse.org/oauth2/introspect
+
 ## LOGGER CONFIG
 quarkus.log.file.enable=true
 quarkus.log.file.level=DEBUG

src/test/java/org/eclipsefoundation/marketplace/service/impl/GuavaCachingServiceTest.java

@@ -14,7 +14,6 @@ import javax.ws.rs.core.UriInfo;
 
 import org.eclipsefoundation.marketplace.model.RequestWrapper;
 import org.eclipsefoundation.marketplace.model.RequestWrapperMock;
-import org.eclipsefoundation.marketplace.service.impl.GuavaCachingService;
 import org.jboss.resteasy.core.ResteasyContext;
 import org.jboss.resteasy.specimpl.ResteasyUriInfo;
 import org.junit.jupiter.api.Assertions;
@@ -42,6 +41,7 @@ public class GuavaCachingServiceTest {
 	public void pre() {
 		// inject empty objects into the Request context before creating a mock object
 		ResteasyContext.pushContext(UriInfo.class, new ResteasyUriInfo("",""));
+		
 		ResteasyContext.pushContext(HttpServletRequest.class, new HttpServletRequestImpl(null, null));
 		
 		this.sample = new RequestWrapperMock();

src/test/resources/application.properties

+## OAUTH CONFIG
+quarkus.oauth2.enabled=true
+quarkus.oauth2.introspection-url=https://accounts.php56.dev.docker/oauth2/introspect
+
 ## LOGGER CONFIG
 quarkus.log.file.enable=true
 quarkus.log.file.level=DEBUG