search

CIRCABC / EUShare

CIRCABC Share is a simple file exchange tool developed by the European Commission
Other
3 stars 0 forks source link

readme

EUShare

EUShare is a file exchange tool from the European Commission. Its source code is published as open source software under the terms of the EUPL public license. The project distributes a servlet-based spring boot application server and an angular front end application.

Installation requirements

  1. Java 8
  2. MySQL 5.7
  3. Maven
  4. Maildev (https://www.npmjs.com/package/maildev)

Architecture overview

The application consists in three main artifacts the developper must maintain:

  1. A front-end application written in Angular, served by in a Spring boot application and hosted on a Tomcat server.
  2. A back-end application written in Java/Spring-Boot, hosted on a Tomcat server. The front-end communicates with the back-end using a Rest API.
  3. A Mysql database. The back-end communicates with the database using the Mysql driver.

The application also communicates with two external servers, which should be maintained by the operation teams:

  1. EULogin, a Single Sign-On Solution (SSO) maintained by DIGIT. This is the server a user is redirected to at login time. EULogin communicates with the front-end and the back-end using Open Id Connect Protocol (OIDC).
  2. A mail server. This is the server used to send EUSHARE's emails. Only the back-end interacts with this server using the SMTP protocol.

Finally, one more server is used for distributing EUSHARE. That is a load balancer a user is redirected to when accessing the application's URL. In order to differenciate the HTTP queries from the user to the back-end or to the front-end, all queries to the back-end start by /webservice.

<img src="architecture.png" alt="Markdown Monster icon" style="float: left; margin: 10px;" />

Quick start

The project contains three main folders.

To start developping:

  1. Run Ecas/EuLogin_ locally from /user_projects/domains/base_domain folder (https://localhost:7002/cas) 

    startWebLogic.cmd

  2. Setup Open Id Connect locally in EULogin:

    • Go to https://localhost:7002/cas/admin/tools/

    • Authenticate as the basic user created by ECAS jason.bourne@ec.europa.eu the development password is Password123. The development token (if needed) is 0123456789.

    • Register the back-end Open Id connect configuration at https://localhost:7002/cas/admin/tools/openidconnect/load. Prefer using the application for it, do not copy paste the JSON. The values to enter are the following, for each field:

      {
"application_type" : "web",
"client_name" : "EUSHARE_SERVER",
"contacts" : [ "your.email@ext.ec.europa.eu" ],
"default_acr_values" : [ "https://ecas.ec.europa.eu/loa/basic" ],
"default_id_token_max_age" : 46800,
"grant_types" : [ "authorization_code", "urn:ietf:params:oauth:grant-type:token-exchange" ],
"id_token_signed_response_alg" : "PS512",
"redirect_uris" : [ "http://localhost:8888/callback" ],
"response_types" : [ "code" ],
"scope" : "openid email profile phone hr authentication_factors",
"subject_type" : "public",
"tls_client_certificate_bound_access_tokens" : false,
"token_endpoint_auth_method" : "client_secret_basic"
}

    • EuLogin should now display the secret between EULogin and the backend which needs to be copy/pasted into server/src/main/resources/application.yaml for the value of spring-security-oauth2-resourceserver-opaquetokenclient-secret.

    • Now register the front-end Open Id connect configuration at https://localhost:7002/cas/admin/tools/openidconnect/load. Prefer using the application for it, do not copy paste the JSON. The values to enter are the following, for each field:

      
{
"application_type" : "native",
"client_name" : "EUSHARE_CLIENT",
"contacts" : [ "your.email@ext.ec.europa.eu" ],
"default_acr_values" : [ "https://ecas.ec.europa.eu/loa/basic" ],
"default_id_token_max_age" : 46800,
"grant_types" : [ "implicit", "urn:ietf:params:oauth:grant-type:jwt-bearer" ],
"id_token_signed_response_alg" : "PS512",
"redirect_uris" : [ "http://localhost:8080/callback" ],
"response_types" : [ "id_token" ],
"scope" : "openid email profile phone hr authentication_factors",
"subject_type" : "public",
"tls_client_certificate_bound_access_tokens" : false,
"token_endpoint_auth_method" : "none"
}

    • Go to https://localhost:7002/cas/admin/tools/showOpenIdConnectConfiguration.cgi this displays a similar JSON with additional values.

    • From the EUSHARE_CLIENT configuration, copy the "client_id" token value and paste it into client/angular/src/environments/environment.ts for the value of OIDC_CLIENTID.

    • From the EUSHARE_SERVER configuration, copy the __"client_id" token value and paste it into server/src/main/resources/application.yaml for the value of spring-security-oauth2-resourceserver-opaquetoken-client-id__

  3. Run Maildev locally (http://localhost:1080/#/)

    maildev

  4. Run and setup Mysql locally (mysql://localhost:3306)

    CREATE DATABASE eushare DEFAULT CHARACTER SET utf8;
CREATE USER 'eushare'@'%' IDENTIFIED BY 'eushare';
GRANT ALL PRIVILEGES ON eushare.* TO 'eushare'@'%';

  5. Run the front-end application from /client/angular folder (http://localhost:8080/)

    npm start

  6. Build the back-end application from /server folder

    mvn clean package

  7. Run the back-end application from /server folder (http://localhost:8888)

    java -jar target/eushareserver.war

You can now start using the application from http://localhost:8080/. Login using the existing user Jason Bourne. If you want to add more users, please refer to the Eulogin configuration files user_projects/domains/base_domain/classes/userDataBase.xml