Skip to content
Snippets Groups Projects
Select Git revision
  • zhoufang/dev/403ErrMsg
  • zhoufang/release-1.2/updateSolstice
  • master default protected
  • github/fork/linkfang/zhoufang/release-1.2/issue337
  • revert-279-malowe/master/sync_sessions
  • release-1.2
  • release-1.1
  • staging
  • github/fork/linkfang/zhoufang/release-1.1/updateWGsJson
  • production
  • malowe/master/update_k8s_req_mem
  • v1.0.1
  • v1.0.0
  • v1.0-alpha
14 results
Christopher Guindon's avatar
Revert "Update README.md"
Christopher Guindon authored 
This reverts commit e9eb0031
b4bc723b
History
Christopher Guindon's avatar b4bc723b
History
Name Last commit Last update
.mvn/wrapper
.vscode
config
spec
src
.dockerignore
.gitignore
CODE_OF_CONDUCT.md
CONTRIBUTING.md
Jenkinsfile
LICENSE
Makefile
NOTICE.md
README.md
docker-compose.yml
mvnw
mvnw.cmd
netlify.toml
pom.xml
README.md

react-eclipsefdn-members

Netlify Status

Supported by our member organizations, the Eclipse Foundation provides our community with Intellectual Property, Mentorship, Marketing, Event and IT Services.

Getting Started

Before you start, please make sure you have yarn installed.

Once that's done, you can install dependencies, build assets and start a dev server:

yarn --cwd src/main/www
yarn --cwd src/main/www build
yarn --cwd src/main/www start
yarn --cwd src/main/www start-spec

The web app will run in the development mode. Open http://localhost:3000 to view it in the browser.

The page will reload if you make edits.
You will also see any lint errors in the console.

CSRF and API Security

Currently, the endpoints that can contain personal data of users have been secured by OIDC and CSRF. What this means for development in the front end is all requests will need to be performed with a legitimate Eclipse Foundation login and account for the CSRF header.

Pertaining to data posted to the API, there is no current automatic deletion policy enforced, and no current way in the UI to send a call to delete data. If you wish to delete this data, you will need to craft javascript within the site to take advantage of the session and CSRF headers, and manually make the call. More information on the form deletion endpoint can be seen in the OpenAPI spec under /spec/openapi.yml.

Additionally, when requesting any PII/form data, a CSRF token will need to be passed unless disabled on a development server. This token will live under the x-csrf-token header that is supplied on every request the user makes to the server, including the unprotected /csrf/ endpoint that is available. The token should be posted back to the server using the same header. This value will remain the same for the duration of the browser session.

^ Top

Running the project in included web server

Dependencies to run

  • Docker-compose
  • Maven
  • Java version 11

^ Top

Setup

As part of the set up, you will need to create a secret.properties file within the ./config folder and set up the secrets that are required to run the application. If named secret.properties, the file should be ignored by Github automatically, making it less risky that credentials are accidentally uploaded to a branch.

The fields required to run are the datasource and OIDC properties. The datasource properties should be a set of user credentials that can write to a local mariadb instance. Within that mariadb instance, a database should be created to contain the data used in development. Once created, a JDBC URL can now be formed for the new database. This URL should follow the pattern below, with port not always required (depending on your local setup and proxy settings). This will be set in the secret.properties file.

quarkus.datasource.jdbc.url = jdbc:mariadb://<host><:port?>/<databaseName>

Once this is set, set the quarkus.datasource.username and quarkus.datasource.password fields to the user with access to the given database in the secret.properties file.

The other half of secret configuration is setting up the OIDC credentials for connecting to a keycloak server. This server will require a realm to be set up for access. Using the name rem_realm is easiest as it requires no changes to the configuration to work.

The quarkus.oidc.auth-server-url property in the secret.properties file will need to be updated. The value set should be the public realm address for your server and realm. The rest of the endpoints will be taken care of by the wellknown endpoint available in Keycloak, and don't need to be configured. For the dockerized service, this should be set to your local IP address (note, not your public address). This can be retrieved from your IP configuration application and added in the format displayed in the sample.secret.properties file.

Inside that realm, create a client and update the quarkus.oidc.client-id property within the secret.properties file. Inside that client, open the settings and go to the credentials tab. The secret will need to be copied and set into the secret.properties file in the quarkus.oidc.credentials.client-secret.value property. For proper reading and usage of development data, 3 users should be created and added to the realm with the usernames user1, user2, and user3.

With these properties updated, the server should be able to start and authenticate properly. If the 3 users mentioned within the OIDC configuration section were added, the data should be accessible in a way that is comparable to how it would be in production.

As a side note, regeneration of the database on start along with the insertion of data into the database can be disabled for development environments by setting the following fields within src/main/resources/application.properties:

  1. Setting %dev.eclipse.dataloader.enabled to false. This property is what enables the Data bootstrap to load in mock data.
  2. Removing the %dev.quarkus.hibernate-orm.database.generation property or commenting it out. This is what resets the database to empty on start.

^ Top

Running

To run the server as a local instance as a stack, you will need to compile the application first, which can be done through make compile-start. This takes care of all of the steps needed to cleanly build and rebuild the application from scratch. This will also run the stack with the packaged application.

^ Top

Docker

We include a docker-compose.yml file with this project to help you get started. This includes:

Generate Certs for HTTPS

, You will need to create a certificate in order to serve the Application on https. Make sure that the Common Name (e.g. server FQDN or YOUR name) is set to www.rem.docker.

make generate-cert

Update your Host file

We use jwilder/nginx-proxy as automated Nginx reverse proxy for our docker containers. So instead of having to lookup the port of a new service, you can simply remember it's internal dev hostname.

Different operating system, different file paths!

Windows: C:\Windows\System32\drivers\etc\hosts Linux / MacOS: /etc/hosts

# rem services

127.0.0.1 keycloak
127.0.0.1 api.rem.docker
127.0.0.1 www.rem.docker
127.0.0.1 nginx.rem.docker

Environment Variables

To use our docker-compose.yml file, create a .env file in the root of this project and insert your key/value pairs in the following format of KEY=VALUE. You must make sure to update the value of each variable:

REM_KEYCLOAK_USER=user_sample
REM_KEYCLOAK_PASSWORD=password_sample
REM_MYSQL_PASSWORD=password_sample
REM_POSTGRES_DB=keycloak_sample
REM_POSTGRES_USER=keycloak_sample
REM_POSTGRES_PASSWORD=password_sample

Once this initial setup is done, you can start these services with this command:

make compile-start

^ Top

KeyCloak Setup

Create a realm

Realm is a concept in Keycloak that refers to an object managing a set of users along with their credentials, roles and groups. To create a realm, visit Keycloak Admin Console, mouse hover where it says master and click on Add Realm, set the name to rem_realm and click create.

Create a user

To create a user, visit Keycloak Admin Console and click on Users in the left menu. Then press the Add User button and fill up the form with information about the user you wish to create.

To login as the user, you will need to set an initial password. To set a password, click on Credentials, then set a password via the Set Password form. You will need to enter it twice to confirm it. You will probably want to disable Temporary password by clicking on the ON button to turn that feature off.

Eclipse Foundation as an Identity Provider

It's possible to delegate authentication to third party identity providers with Keycloak. With this App, we want to leverage Eclipse Foundation OpenID Connect since we want our users to login with our standard login page. In order to do so, you will need a client_id/secret from us.

Assuming you have access to that already, please follow these steps to add the Eclipse Foundation as an Identity Provider.

  1. Click on Identity Providers in the left menu then click on Add provider.... Select OpenID Connect v1.0 from the dropdown menu.

  2. Populate the form with the following information:

Alias : eclipsefdn
Display Name: Eclipse Foundation
Sync Mode : Force (To make sure the user is updated each time they login)
Authorization URL: https://accounts.eclipse.org/oauth2/authorize
Token URL: https://accounts.eclipse.org/oauth2/token
Logout URL: https://accounts.eclipse.org/oauth2/revoke
User Info URL: https://accounts.eclipse.org/oauth2/UserInfo
Client Authentication: Client secret sent as post
Client ID: <CLIENT_ID>
Client Secret: <CLIENT_SECRET>
Default Scopes: openid profile email offline_access
  1. Finally, we want to configure Eclipse Foundation has the only authentication option. Click on Authentication in the left menu. Set Identity Provider Redirector to required and Forms to disabled. Finally, click on Actions and set eclipsefdn has the Default Identity Provider.

Client Configuration

Clients tab allows you to manage list of allowed applications.

To create a client, click on Clients in the left menu. You can set the client_id to rem_app and the Root URL to http://localhost:3000. Make sure that the Client Protocol is set to openid-connect and the Access Type is set to confidential.

^ Top

Contributing

  1. Fork the eclipsefdn/react-eclipsefdn-members repository
  2. Clone repository: git clone https://github.com/[your_github_username]/react-eclipsefdn-members.git
  3. Create your feature branch: git checkout -b my-new-feature
  4. Commit your changes: git commit -m 'Add some feature' -s
  5. Push feature branch: git push origin my-new-feature
  6. Submit a pull request

^ Top

Declared Project Licenses

This program and the accompanying materials are made available under the terms of the Eclipse Public License v. 2.0 which is available at http://www.eclipse.org/legal/epl-2.0.

SPDX-License-Identifier: EPL-2.0

^ Top

Bugs and feature requests

Have a bug or a feature request? Please search for existing and closed issues. If your problem or idea is not addressed yet, please open a new issue.

^ Top

Authors

Christopher Guindon (Eclipse Foundation)

Martin Lowe (Eclipse Foundation)

Zhou Fang (Eclipse Foundation)

^ Top

Trademarks

  • Eclipse® is a Trademark of the Eclipse Foundation, Inc.
  • Eclipse Foundation is a Trademark of the Eclipse Foundation, Inc.

^ Top

Copyright and license

Copyright 2021 the Eclipse Foundation, Inc. and the react-eclipsefdn-members authors. Code released under the Eclipse Public License Version 2.0 (EPL-2.0).

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent