Feat: added TLS configuration

backend/src/main/java/org/eclipse/tractusx/puris/backend/common/edc/controller/EdcController.java

@@ -24,7 +24,10 @@
 import org.eclipse.tractusx.puris.backend.common.edc.logic.service.EdcAdapterService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
 
 import java.io.IOException;
 import java.util.List;
@@ -47,7 +50,6 @@ public class EdcController {
      * @return catalog of the requested edc.
      */
     @GetMapping("/catalog")
-    @CrossOrigin
     public ResponseEntity<String> getCatalog(@RequestParam String dspUrl) {
         try {
             var catalog = edcAdapter.getCatalog(dspUrl);
@@ -65,7 +67,6 @@ public ResponseEntity<String> getCatalog(@RequestParam String dspUrl) {
      * @return response from own EDC.
      */
     @GetMapping("/assets")
-    @CrossOrigin
     public ResponseEntity<String> getAssets(@RequestParam String assetId) {
         try {
             var result = edcAdapter.sendGetRequest(List.of("v3", "assets", assetId));

backend/src/main/java/org/eclipse/tractusx/puris/backend/common/security/SecurityConfig.java

@@ -21,6 +21,7 @@
 
 
 import lombok.AllArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import org.eclipse.tractusx.puris.backend.common.security.logic.ApiKeyAuthenticationFilter;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -31,14 +32,33 @@
 import org.springframework.security.config.http.SessionCreationPolicy;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.CorsConfigurationSource;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+
+import java.util.List;
 
 @Configuration
 @EnableWebSecurity
 @AllArgsConstructor
+@Slf4j
 public class SecurityConfig {
 
     private final ApiKeyAuthenticationFilter apiKeyAuthenticationFilter;
 
+    @Bean
+    public CorsConfigurationSource corsConfigurationSource() {
+        CorsConfiguration configuration = new CorsConfiguration();
+        configuration.setAllowedOrigins(List.of("*"));
+        configuration.setAllowedHeaders(List.of("*"));
+        configuration.setAllowedMethods(List.of("*"));
+
+        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+        source.registerCorsConfiguration("/**", configuration);
+
+        return source;
+    }
+
     /**
      * Configuration of API Key Authentication for all routes except docker
      */
@@ -59,6 +79,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
             )
             .cors(Customizer.withDefaults());
 
+
         http.addFilterBefore(apiKeyAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
 
         return http.build();

backend/src/main/java/org/eclipse/tractusx/puris/backend/controller/ExternalConnectorController.java

@@ -56,7 +56,6 @@ public ExternalConnectorController(ExternalConnectorService externalConnectorSer
      * @return the created connector, if it was created.
      */
     @PostMapping("create")
-    @CrossOrigin
     public ResponseEntity<ExternalConnector> createConnector(@RequestBody String content){
         try {
             var connector = MAPPER.readValue(content, ExternalConnector.class);
@@ -75,7 +74,6 @@ public ResponseEntity<ExternalConnector> createConnector(@RequestBody String con
      * @return list of all currently known external connectors.
      */
     @GetMapping("all")
-    @CrossOrigin
     public List<ExternalConnector> getAll() {
         return externalConnectorService.getAll();
     }

backend/src/main/java/org/eclipse/tractusx/puris/backend/controller/HealthController.java

@@ -21,7 +21,6 @@
 package org.eclipse.tractusx.puris.backend.controller;
 
 import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.CrossOrigin;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -39,9 +38,8 @@ public class HealthController {
      * @return 200 OK if healthy.
      */
     @GetMapping("/")
-    @CrossOrigin
     public ResponseEntity<?> getHealth() {
         return ResponseEntity.ok().build();
     }
 
-}
+}

backend/src/main/java/org/eclipse/tractusx/puris/backend/controller/OrderController.java

@@ -25,12 +25,13 @@
 import org.eclipse.tractusx.puris.backend.model.Order;
 import org.eclipse.tractusx.puris.backend.model.repo.OrderPositionRepository;
 import org.eclipse.tractusx.puris.backend.model.repo.OrderRepository;
-import java.util.List;
-import java.util.stream.Collectors;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 
+import java.util.List;
+import java.util.stream.Collectors;
+
 /**
  * Controller for creating and managing Orders/Call-offs.
  */
@@ -50,7 +51,6 @@ public class OrderController {
    * @return List of all orders.
    */
   @GetMapping("order")
-  @CrossOrigin
   public ResponseEntity<List<Order>> getAllOrders() {
     return ResponseEntity.ok(orderRepository.findAll());
   }
@@ -61,7 +61,6 @@ public ResponseEntity<List<Order>> getAllOrders() {
    * @return list of all orders where sent=true.
    */
   @GetMapping("orders/sent")
-  @CrossOrigin
   public ResponseEntity<List<Order>> getSentOrders() {
     return ResponseEntity.ok(
         orderRepository.findAll().stream().filter(Order::isSent).collect(Collectors.toList()));
@@ -73,7 +72,6 @@ public ResponseEntity<List<Order>> getSentOrders() {
    * @return list of all orders where sent=false.
    */
   @GetMapping("orders/pending")
-  @CrossOrigin
   public ResponseEntity<List<Order>> getNotSentOrder() {
     return ResponseEntity.ok(
         orderRepository.findAll().stream()
@@ -88,7 +86,6 @@ public ResponseEntity<List<Order>> getNotSentOrder() {
    * @return requested order or 404 not found.
    */
   @GetMapping("order/id/{id}")
-  @CrossOrigin
   public ResponseEntity<?> getOrder(@PathVariable String id) {
     var order = orderRepository.findByOrderId(id);
     if (order.isEmpty()) {
@@ -106,7 +103,6 @@ public ResponseEntity<?> getOrder(@PathVariable String id) {
    * @return OK if order was created, or information about why order could not be created.
    */
   @PostMapping("order")
-  @CrossOrigin
   public ResponseEntity<?> createOrder(@RequestBody String content) {
     try {
       var order = MAPPER.readValue(content, Order.class);
@@ -137,7 +133,6 @@ public ResponseEntity<?> createOrder(@RequestBody String content) {
    * @return OK or info why order could not be deleted.
    */
   @DeleteMapping("order")
-  @CrossOrigin
   public ResponseEntity<?> deleteOrder(@RequestParam String id) {
     var toDelete = orderRepository.findByOrderId(id);
     if (toDelete.isEmpty()) {

backend/src/main/java/org/eclipse/tractusx/puris/backend/masterdata/controller/MaterialController.java

@@ -46,7 +46,6 @@ public class MaterialController {
     private final ModelMapper modelMapper = new ModelMapper();
 
     @PostMapping
-    @CrossOrigin
     @Operation(description = "Creates a new Material entity with the data given in the request body. As a bare minimum, " +
         "it must contain a new, unique ownMaterialNumber.")
     @ApiResponses(value = {
@@ -80,7 +79,6 @@ public ResponseEntity<?> createMaterial(@RequestBody MaterialEntityDto materialD
     }
 
     @PutMapping
-    @CrossOrigin
     @Operation(description = "Updates an existing Material entity with the data given in the request body.")
     @ApiResponses(value = {
         @ApiResponse(responseCode = "200", description = "Update was accepted."),
@@ -113,7 +111,6 @@ public ResponseEntity<?> updateMaterial(@RequestBody MaterialEntityDto materialD
     }
 
     @GetMapping
-    @CrossOrigin
     @Operation(description = "Returns the requested Material dto, specified by the given ownMaterialNumber.")
     @ApiResponses(value = {
         @ApiResponse(responseCode = "200", description = "Returns the requested Material."),
@@ -131,7 +128,6 @@ public ResponseEntity<MaterialEntityDto> getMaterial(@Parameter(name = "ownMater
         return new ResponseEntity<>(dto, HttpStatusCode.valueOf(200));
     }
 
-    @CrossOrigin
     @GetMapping("/all")
     @Operation(description = "Returns a list of all Materials and Products.")
     public ResponseEntity<List<MaterialEntityDto>> listMaterials() {

backend/src/main/java/org/eclipse/tractusx/puris/backend/masterdata/controller/MaterialPartnerRelationsController.java

@@ -51,7 +51,6 @@ public class MaterialPartnerRelationsController {
     private MaterialPartnerRelationService mprService;
 
     @PostMapping
-    @CrossOrigin
     @Operation(description = "Creates a new MaterialPartnerRelation with the given parameter data. " +
         "Please note that this is only possible, if the designated Material " +
         "and Partner entities have already been created before this request. ")
@@ -98,7 +97,6 @@ public ResponseEntity<?> createMaterialPartnerRelation(
     }
 
     @PutMapping
-    @CrossOrigin
     @Operation(description = "Updates an existing MaterialPartnerRelation. You have to specify the ownMaterialNumber and " +
         "the partnerBpnl. The other three parameters are genuinely optional. Provide them only if you want to change their values. ")
     @ApiResponses(value = {

backend/src/main/java/org/eclipse/tractusx/puris/backend/masterdata/controller/PartnerController.java

@@ -50,7 +50,6 @@ public class PartnerController {
     private PartnerService partnerService;
     private final ModelMapper modelMapper = new ModelMapper();
 
-    @CrossOrigin
     @PostMapping
     @Operation(description = "Creates a new Partner entity with the data given in the request body. Please note that no " +
         "UUID can be assigned to a Partner that wasn't created before. So the request body must not contain a UUID.")
@@ -89,7 +88,6 @@ public ResponseEntity<?> createPartner(@RequestBody PartnerDto partnerDto) {
     }
 
     @PutMapping("putAddress")
-    @CrossOrigin
     @Operation(description = "Updates an existing Partner by adding a new Address. If that Partner already has " +
         "an Address with the BPNA given in the request body, that existing Address will be overwritten. ")
     @ApiResponses(value = {
@@ -124,7 +122,6 @@ public ResponseEntity<?> addAddress(
     }
 
     @PutMapping("putSite")
-    @CrossOrigin
     @Operation(description = "Updates an existing Partner by adding a new Site. If that Partner already has " +
         "a Site with the BPNS given in the request body, that existing Site will be overwritten. ")
     @ApiResponses(value = {
@@ -159,8 +156,6 @@ public ResponseEntity<?> addSite(
         return new ResponseEntity<>(HttpStatusCode.valueOf(200));
     }
 
-
-    @CrossOrigin
     @GetMapping
     @Operation(description = "Returns the requested PartnerDto.")
     @ApiResponses(value = {
@@ -183,7 +178,6 @@ public ResponseEntity<PartnerDto> getPartner(
         }
     }
 
-    @CrossOrigin
     @GetMapping("/all")
     @Operation(description = "Returns a list of all Partners. ")
     public ResponseEntity<List<PartnerDto>> listPartners() {

backend/src/main/java/org/eclipse/tractusx/puris/backend/stock/controller/StockViewController.java

@@ -87,7 +87,6 @@ public class StockViewController {
     @Autowired
     private ModelMapper modelMapper;
 
-    @CrossOrigin
     @GetMapping("materials")
     @ResponseBody
     @Operation(description = "Returns a list of all materials (excluding products)")
@@ -98,7 +97,6 @@ public List<FrontendMaterialDto> getMaterials() {
             .collect(Collectors.toList());
     }
 
-    @CrossOrigin
     @GetMapping("materialnumbers-mapping")
     @ResponseBody
     @Operation(description = "Returns a mapping of all material numbers, that others partners are using" +
@@ -112,7 +110,6 @@ public Map<String, String> getMaterialNumbers(@RequestParam String ownMaterialNu
         return mprService.getBPNL_To_MaterialNumberMap(ownMaterialNumber);
     }
 
-    @CrossOrigin
     @GetMapping("products")
     @ResponseBody
     @Operation(description = "Returns a list of all products (excluding materials)")
@@ -123,7 +120,6 @@ public List<FrontendMaterialDto> getProducts() {
             .collect(Collectors.toList());
     }
 
-    @CrossOrigin
     @GetMapping("product-stocks")
     @ResponseBody
     @Operation(description = "Returns a list of all product-stocks")
@@ -133,7 +129,6 @@ public List<ProductStockDto> getProductStocks() {
             .collect(Collectors.toList());
     }
 
-    @CrossOrigin
     @PostMapping("product-stocks")
     @ResponseBody
     @Operation(description = "Creates a new product-stock")
@@ -152,7 +147,6 @@ public ProductStockDto createProductStocks(@RequestBody ProductStockDto productS
         return convertToDto(createdProductStock);
     }
 
-    @CrossOrigin
     @PutMapping("product-stocks")
     @ResponseBody
     @Operation(description = "Updates an existing product-stock")
@@ -187,7 +181,6 @@ private ProductStock convertToEntity(ProductStockDto dto) {
         return productStock;
     }
 
-    @CrossOrigin
     @GetMapping("material-stocks")
     @ResponseBody
     @Operation(description = "Returns a list of all material-stocks")
@@ -199,7 +192,6 @@ public List<MaterialStockDto> getMaterialStocks() {
         return allMaterialStocks;
     }
 
-    @CrossOrigin
     @PostMapping("material-stocks")
     @ResponseBody
     @Operation(description = "Creates a new material-stock")
@@ -213,7 +205,6 @@ public MaterialStockDto createMaterialStocks(@RequestBody MaterialStockDto mater
         return convertToDto(createdMaterialStock);
     }
 
-    @CrossOrigin
     @PutMapping("material-stocks")
     @ResponseBody
     @Operation(description = "Updates an existing material-stock")
@@ -245,7 +236,6 @@ private MaterialStock convertToEntity(MaterialStockDto dto) {
         return stock;
     }
 
-    @CrossOrigin
     @GetMapping("partner-product-stocks")
     @ResponseBody
     @Operation(description = "Returns a list of all partner-product-stocks that refer to the given material number")
@@ -268,7 +258,6 @@ private PartnerProductStockDto convertToDto(PartnerProductStock entity) {
         return dto;
     }
 
-    @CrossOrigin
     @GetMapping("customer")
     @ResponseBody
     @Operation(description = "Returns a list of all Partners that are ordering the given material")
@@ -278,7 +267,6 @@ public List<PartnerDto> getCustomerPartnersOrderingMaterial(@RequestParam String
                 .collect(Collectors.toList());
     }
 
-    @CrossOrigin
     @GetMapping("update-partner-product-stock")
     @ResponseBody
     @Operation(description = "For the given material, all known suppliers will be requested to report their" +

backend/src/main/resources/application.properties

@@ -50,5 +50,13 @@ own.streetandnumber=${OWN_STREETANDNUMBER:Musterstrasse 35b}
 own.zipcodeandcity=${OWN_ZIPCODEANDCITY:77777 Musterhausen}
 own.country=${OWN_COUNTRY:Germany}
 
+server.ssl.enabled=false
+#server.port=8443
+#server.ssl.bundle=server
+#spring.ssl.bundle.jks.server.key.alias=application
+#spring.ssl.bundle.jks.server.keystore.location=file:ssl-certificates/application.p12
+#spring.ssl.bundle.jks.server.keystore.password=testtest
+#spring.ssl.bundle.jks.server.keystore.type=PKCS12
+
 # run with:
 # ./mvnw spring-boot:run -Dspring-boot.run.arguments=--spring.config.location="./src/main/resources/application.properties"