search

tech-by-design / polyglot-prime

Primary monorepo for TechBD polyglot bespoke code
https://tech-by-design.github.io/polyglot-prime/
GNU Affero General Public License v3.0
1 stars 15 forks source link

Implement User and Role Management with GitHub IDs #15

Open shah opened 1 month ago

shah commented 1 month ago

We need to implement a user and role management system for our custom application using GitHub IDs. The system should read a configuration file (oauth2-github-authz.yml) stored in a private GitHub repository and use this file to manage user access and roles within a Spring Boot 3.3 application. Authentication (AuthN) will be handled by GitHub, while authorization (AuthZ) will be managed using Spring Authorization.

Consider the following dependencies for the pom.xml file:

Instructions

  1. Create Configuration File

    • Create a YAML file named oauth2-github-authz.yml in the private GitHub repository (github.com/tech-by-design/infrastructure-prime).

    • Structure the file as follows:

      users:
- gitHubId: johndoe
  name: John Doe
  tenantId: tenant123
  resources:
    sudomain1.techbd.org:
      roles:
         - ADMIN
         - USER
    sudomain2.techbd.org:
      roles:
         - USER
- gitHubId: janesmith
  name: Jane Smith
  tenantId: tenant456
  resources:
    sudomain1.techbd.org:
      roles:
         - ADMIN
         - USER
    sudomain2.techbd.org:
      roles:
         - USER
- gitHubId: bobjohnson
  name: Bob Johnson
  tenantId: tenant789
  resources:
    sudomain1.techbd.org:
      roles:
         - DEVELOPER
    sudomain2.techbd.org:
      roles:
         - ADMIN

  2. Read YAML File from GitHub

    • Use the GitHub API to access the YAML file from the repository.
    • Use Jackson to parse the YAML content. Refer to the Jackson Dataformat YAML documentation for details on how to configure and use Jackson for YAML parsing.

  3. Implement GitHub File Reader

    • Create a Java class to read the file content and parse the YAML data. Use the GitHub API to authenticate and fetch the file.
    • Use Jackson to map the YAML data to a Java object. Follow the Jackson Documentation for detailed instructions on how to configure and use the library.

  4. Configure Spring Security

  5. Local Environment Configuration

    • Modify the Spring Security configuration to disable login requirements and simulate a specific user and role when running in a local environment. Check the Spring Boot Profiles Documentation for instructions on how to manage different profiles.
    • Create a configuration class to define user details for the local environment.

  6. Service to Manage Users and Roles

    • Create a service to load and manage user data. Use the service to read the YAML file from GitHub and map the data to Java objects.
    • Implement methods to fetch user details based on roles.

References and Useful Links

Additional Notes

shah commented 2 weeks ago

@razakpm please see if this file is required and, if not, remove it and perform any other cleanup: hub-prime/src/main/java/org/techbd/service/http/NoAuthSecurityConfig.java.

razakpm commented 2 weeks ago

@shah NoAuthSecurityConfig.java is useful for testing locally because it disables the login requirements. I didn't use the existing profile like sandbox because it's necessary to test authentication in the sandbox environment too. Instead, I used a profile called localopen that allows developers to test the application quickly without authentication. I didn't set any default user or role since it's not confirmed yet, so I didn't complete the last task in this requirement. Also, the new update (reading roles based on resources is still pending in this issue).

razakpm commented 1 week ago

Added NoAuthSecurityConfig.java to test locally without Authentication, currently no default role.

shah commented 1 week ago

We should switch to using the GitHub Java SDK to access APIs instead of using our own custom HTTP calls.