Add a Secure SQL ChatBot demo

[sberyozkin]

Fixes #609.

The flow will look like this:

• Step 1:

  

• Step 2 (this page is only available to authenticated users, and the security identity is propagated to the WS connection once the user chooses a chatbot icon):

ContentRetriever can only be called if the user is authenticated:

I'd just like to look at some hardening updates at the Quarkus level with Martin and Michal to have some more security binding done, but overall it is looking not bad with the WS-Next security support.

Here are application.properties.

It is only HTTPS and WSS secure protocols.

I'll look at adding a custom WS Next HttpUpgradeCheck.

Perhaps an output Quardrail can be added as well

CC @geoand @cescoffier

[jmartisk]

Gonna try to run it today

[geoand]

Very cool @sberyozkin!

[sberyozkin]

@geoand @jmartisk I've added a custom WebSockets ticket scheme just to show what users can do to make what are already secure WSS upgrade requests even more secure, and updated README with a a more complete list of security considerations.

Next, I'll to tune some of the RAG code to take the user identity into account and the demo should be ready for review once it is done

[sberyozkin]

@jmartisk Jan, I did something similar to what is done in the secure fraud detection demo.

So, in addition to the Movies data support which was already available, a MovieWatcher DB is generated, where a registered movie watcher has a random preferred genre allocated.

Then, the Movie content retriever passes the genre preferred by the current user to the MovieSupport AI service which is asked to use this property to sort the movies...

Hopefully it is good enough to show how AI can use the user identity to support its work :-), have a look please

Thanks

[sberyozkin]

Also added a Logout support, missing movie watcher exception support, similarly to how it is done in the secure fraud detection demo...

I'm happy enough now with what this demo can show...

[quarkus-bot[bot]]

---

:waning_crescent_moon: This workflow status is outdated as a new workflow run has been triggered.

Status for workflow Build (on pull request)

This is the status report for running Build (on pull request) on commit 42ef0d8efa203e4901aa2d3725ddcae3b59329b4.

:white_check_mark: The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

[quarkus-bot[bot]]

---

:waning_crescent_moon: This workflow status is outdated as a new workflow run has been triggered.

Status for workflow Build (on pull request)

This is the status report for running Build (on pull request) on commit f7fd5e6da57db1b41225997f934c7d682aff2de7.

:white_check_mark: The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

[quarkus-bot[bot]]

---

:waning_crescent_moon: This workflow status is outdated as a new workflow run has been triggered.

Status for workflow Build (on pull request)

This is the status report for running Build (on pull request) on commit bb9d706cd992bd4dd413172b461258c84a24cb26.

:white_check_mark: The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

[sberyozkin]

@jmartisk Let me do a bit of formatting as I've reset the workspace and lost the formatting configuration, so a few sources have tabs impacting them. And a few typos in README

[sberyozkin]

Should be better now...

[quarkus-bot[bot]]

Status for workflow Build (on pull request)

This is the status report for running Build (on pull request) on commit 62c0836466f017caff9a0178b3154ef71e29a77f.

:white_check_mark: The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.